last executing test programs: 2.070682937s ago: executing program 3 (id=8778): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000340)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "2431d0edd9b36cb74d7df7671eacf04be3b08353efa3641776f56c7556fd3713097bd0072577bc6fefb4cdc9e94e420b0ea4fbc5b07a32056eff5e6c42784b46ddab72b1b8fc87f208ad6db80d8dfe25"}, 0xd8) listen(r0, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x0, 0x0, @mcast2, 0x3}}, 0x0, 0x0, 0x20, 0x0, "aeb81d8ee3a82d67eea9e5bdf2247481041a5b9cddbc936efc471c56ae3d5f6945d296a285858a891a3b4e7bff572ef69992da867f406182d70f47773434b8349435f2ad628d62a3b45bb98872fb1900"}, 0xd8) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000540)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a066f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0effeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1) 1.756541601s ago: executing program 3 (id=8784): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0xe00, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002e00090027097000000000220400000008000c"], 0x28}, 0x1, 0x0, 0x0, 0x42804}, 0x0) 1.710674969s ago: executing program 0 (id=8785): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e961ed00fe41b0cd695", 0x20) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000021c0)=[{0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000100)="a92e81d0991808e33c2330164cf023df", 0xfffffc81}], 0x1, &(0x7f0000001040)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x880}], 0x1, 0x80001) recvmmsg(r1, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000200)=""/23, 0x17}], 0x1}, 0x10000}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001080)=""/4096, 0x1000}], 0x1}, 0x6d6}], 0x2, 0x102, 0x0) 1.486576869s ago: executing program 3 (id=8789): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x1}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@delqdisc={0x24, 0x25, 0x1, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x7, 0x984c778fb4d07813}, {0xb, 0xb}, {0x2, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) 1.376125602s ago: executing program 3 (id=8792): r0 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10) listen(r0, 0x9) r1 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r1, &(0x7f00000000c0)="ab", 0xfffd, 0xc1, &(0x7f0000000280)={0x2, 0x4e22, @loopback}, 0x10) readv(r0, &(0x7f0000000900)=[{&(0x7f0000000b00)=""/172, 0xac}], 0x1) 1.278456627s ago: executing program 1 (id=8793): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000004c0)=[{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000006c0)="171abdb5d25446463f74d3740a70f6e0249ca79eab57d2457df5837189a49908877dae500632174ccde67b0070c8bb46c63d478881c92de1d95dcc82811ba3e4d049aa70572e323a9b76d3fe56fc785245e3dd4eb6fd1d435e39120b3c45", 0x5e}], 0x1, 0x0, 0x0, 0x1}], 0x1, 0x44854) recvmsg(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000200)=""/92, 0x5c}], 0x1}, 0x40) 1.2234108s ago: executing program 1 (id=8794): pipe(&(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x1) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$sock_int(r2, 0x1, 0x200000010, &(0x7f0000000040)=0x9, 0x65) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 1.116352754s ago: executing program 1 (id=8795): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-aes-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x890}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1) 778.383071ms ago: executing program 0 (id=8796): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) close(0x3) sendmsg$NFC_CMD_FW_DOWNLOAD(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000640)={0x24, r2, 0x101, 0x70bd25, 0x25dfdbfb, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}, @NFC_ATTR_FIRMWARE_NAME={0x5, 0x14, '\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x2400c040) 707.897521ms ago: executing program 0 (id=8797): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0x2c}, 0x94) r1 = socket$inet6(0xa, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'bond_slave_1\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2, 0x25, 0x0, @val=@tcx={@void, @value=r0}}, 0x1c) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14080, 0x10000}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r0}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20004040}, 0x0) 630.966914ms ago: executing program 0 (id=8798): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x82, 0x0, 0x0, 0x0, 0x33, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in=@broadcast, {}, {0x0, 0x0, 0x0, 0xfffffffffffffffd}, {}, 0x0, 0x0, 0x2}}}, 0xf8}}, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="f4060000", @ANYRES16, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32, @ANYBLOB="d50633"], 0x6f4}}, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) 513.148691ms ago: executing program 0 (id=8800): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @remote, 0x15, 0x3, 'wrr\x00', 0x1, 0x4, 0x72}, 0x2c) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x4, 0x0}, 0x4e20, 0x3, 'sh\x00', 0xb, 0x323b, 0x3a}, {@remote, 0x4e23, 0x2, 0xa4a, 0x12d60, 0x12d5c}}, 0x44) r2 = socket(0x2, 0x80805, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@remote, 0x4e20, 0x2, 0xcd}}, 0x44) 501.349494ms ago: executing program 4 (id=8802): r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000dc0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000040)=0x3) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 414.520199ms ago: executing program 0 (id=8803): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r1, &(0x7f0000000000)={0x27}, 0x74) sendmmsg$unix(r1, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0xfdef}, {0x0}], 0x2}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000600)='z', 0xfdef}], 0x1}}], 0x3, 0x0) ppoll(&(0x7f0000000140)=[{r1, 0x200}, {r0, 0x421}], 0x2, 0x0, 0x0, 0x0) 414.379996ms ago: executing program 3 (id=8804): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba", 0x10}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f00000000c0)=""/11, 0xb}, {&(0x7f00000001c0)=""/22, 0x16}], 0x2}, 0x40) 398.053214ms ago: executing program 2 (id=8805): r0 = syz_init_net_socket$ax25(0x3, 0x5, 0xca) bind$ax25(r0, &(0x7f0000000280)={{0x3, @default}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @default, @null]}, 0x48) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040), 0x10) r2 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r2, &(0x7f0000000080), 0x10) close(0x4) 385.399842ms ago: executing program 3 (id=8806): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001540)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000004e00)=[{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000cc0)='\r', 0x1}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) read$alg(r1, &(0x7f0000000440)=""/204, 0xcc) 370.061584ms ago: executing program 4 (id=8807): sendmsg$MPTCP_PM_CMD_SET_FLAGS(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000126bd700000dcdf250700000005fe018008000700", @ANYBLOB='\b'], 0x28}, 0x1, 0x0, 0x0, 0x10000}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000280)={'team0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="10010000", @ANYRES16=r1, @ANYBLOB="050427bd7000fedbdf250100000008000100", @ANYRES32=r2, @ANYBLOB="f400028061000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000500030003000000080004"], 0x110}, 0x1, 0x0, 0x0, 0x4000401}, 0x2404c080) 267.799629ms ago: executing program 2 (id=8808): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x2000000, 0xd, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b9", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0xb2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010000000"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r1}, &(0x7f00000004c0), &(0x7f0000000500)=r0}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1, 0xffffffffffffffff}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000643200007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007041af64090aac40d6600000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) 266.569735ms ago: executing program 4 (id=8809): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e22, 0xb7, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x1e) setsockopt$inet6_tcp_TLS_RX(r0, 0x11a, 0x2, &(0x7f0000000140)=@gcm_256={{0x304}, "47979475354e1c6a", "5b14fbd0745630523b823174aae472928f45b99817f536a724d7dc84d9b97caa", "b0068987", "8fc8d5997c727a2f"}, 0x38) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x304}, "dce02de9d7bd466b", "72e64b3892cb7025848c9f40363cf916", "cfff3c66", "e2b768b4bb9e0d9b"}, 0x28) 258.552826ms ago: executing program 2 (id=8810): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41000, 0x1a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x4, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) getsockopt$llc_int(r0, 0x10c, 0x6, 0x0, &(0x7f0000000080)) 195.711241ms ago: executing program 1 (id=8811): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x4}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xac}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "12ad"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 194.329631ms ago: executing program 2 (id=8812): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000040c0)=[{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000280)="816154c6e71d9c750363f342744911ca45e32f393e977df3b37b8f315e8271e2", 0x20}, {&(0x7f0000002780)="1412db33722627433eac166190a979b24a252d244af8b27292b4576fc3b3806e0347778024e08aeabd5095bcb6435b0784bc039c894fdbad65262479b27ec7824d174849499dfdd7339b8a7aa1af2aa9354c0987bfc33778c11962190161c89b", 0x60}], 0x2, &(0x7f0000000540)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x40088d5}], 0x1, 0x40) recvmmsg(r1, &(0x7f0000000980)=[{{0x0, 0x0, 0x0}, 0x7fff}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000840)=""/116, 0x74}, {&(0x7f00000003c0)=""/129, 0x81}], 0x2}, 0x9}], 0x2, 0x10000, 0x0) 169.668084ms ago: executing program 4 (id=8813): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e0001821501f63ed02a170000000000000000000000000a006030"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060", @ANYRESOCT], 0xb8}}, 0x20040014) sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="b80000001300e9990500000000000000fc000000000000000000000000000000fc00000000000000000000000000000000000000000000000a003000"], 0xb8}}, 0x4000) 130.381159ms ago: executing program 2 (id=8814): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x808000}, 0x8) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) getsockopt$bt_hci(r0, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) 82.599013ms ago: executing program 1 (id=8815): unshare(0x6020400) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f00000005c0)='cpu.stat\x00', 0x275a, 0x0) unshare(0x22020400) close(r1) 79.401968ms ago: executing program 4 (id=8816): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x4a, 0x0, 0x0) r1 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000340)={0x60, r1, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r2}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000431}, 0x4040084) 39.541587ms ago: executing program 2 (id=8817): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @erspan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ERSPAN_HWID={0x6, 0x18, 0x2}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x5}, 0x0) socket$kcm(0xa, 0x3, 0x87) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd120000000000140000006000000003088700fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef) 36.390769ms ago: executing program 1 (id=8818): sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000380)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf670000000000001507"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r0, 0x4010744d, &(0x7f0000000180)) 0s ago: executing program 4 (id=8819): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a030200000000000000000200fffd0900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001000000000000000700"], 0x68}}, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000020a010200000000000000000a0000060900010073797a310000000008000240000000018c000000020a010100000000000000000000000369000600e62807258a6d38caf4cb1d7a776a7a05e57912414e63207c5e61d47bb4016b21bd5593b033b0968722f2f0f4818a1a13fbb43e79d0ae674d071c0164df9d3701cc15211300766b6ebe326ada9e49cca5c2a07460e46e35eabfb48a4cd2cd83790d7e705b010000000900010073797a31000000001c000000090a030000000000000000000a00000208000c4004"], 0xf8}, 0x1, 0x0, 0x0, 0x2000c814}, 0x4000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000004000ffff0900010073797a30000000000900020073797a3100000000140003800800014000000000"], 0x138}, 0x1, 0x0, 0x0, 0x20040855}, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd0002800800"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) kernel console output (not intermixed with test programs): 303] ipt_ECN: cannot use operation on non-tcp rule [ 162.053018][T10307] netlink: 'syz.4.2118': attribute type 3 has an invalid length. [ 162.096878][T10307] netlink: 'syz.4.2118': attribute type 1 has an invalid length. [ 162.370608][T10326] netlink: 'syz.2.2126': attribute type 28 has an invalid length. [ 162.393869][T10326] netlink: 'syz.2.2126': attribute type 3 has an invalid length. [ 162.719494][T10342] bond2: Removing last arp target with arp_interval on [ 162.743713][T10347] netlink: 'syz.3.2138': attribute type 12 has an invalid length. [ 163.670462][T10411] ip6t_srh: unknown srh match flags 4000 [ 163.934770][T10431] __nla_validate_parse: 10 callbacks suppressed [ 163.934790][T10431] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2179'. [ 164.223751][T10445] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2186'. [ 164.690884][T10472] sctp: [Deprecated]: syz.4.2198 (pid 10472) Use of struct sctp_assoc_value in delayed_ack socket option. [ 164.690884][T10472] Use struct sctp_sack_info instead [ 165.908671][T10551] nbd: couldn't find a device at index 1048580 [ 166.052808][T10560] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 166.255356][T10575] netlink: 'syz.1.2249': attribute type 1 has an invalid length. [ 168.139297][T10697] ip6t_rpfilter: unknown options [ 168.312530][T10706] gre1: entered promiscuous mode [ 168.533667][T10724] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 168.949595][T10748] netlink: 'syz.1.2333': attribute type 13 has an invalid length. [ 169.200866][T10762] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 169.216942][T10764] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2343'. [ 169.472870][T10780] xt_TPROXY: Can be used only with -p tcp or -p udp [ 169.814141][T10803] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2363'. [ 170.138125][T10822] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2372'. [ 170.200090][T10822] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2372'. [ 170.251757][T10830] netlink: 'syz.3.2376': attribute type 1 has an invalid length. [ 170.726773][T10857] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2390'. [ 171.459969][T10902] netlink: 'syz.4.2411': attribute type 21 has an invalid length. [ 171.480880][T10902] IPv6: NLM_F_CREATE should be specified when creating new route [ 171.640451][T10915] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2417'. [ 171.675828][T10915] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2417'. [ 171.677753][T10918] xt_TCPMSS: Only works on TCP SYN packets [ 172.035244][T10941] netlink: 'syz.1.2430': attribute type 7 has an invalid length. [ 172.073330][T10941] netlink: 'syz.1.2430': attribute type 8 has an invalid length. [ 172.577925][T10973] RDS: rds_bind could not find a transport for ::ffff:172.30.0.2, load rds_tcp or rds_rdma? [ 172.755941][T10984] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2451'. [ 173.052015][T11002] netlink: 'syz.2.2460': attribute type 1 has an invalid length. [ 173.069994][T11002] netlink: 476 bytes leftover after parsing attributes in process `syz.2.2460'. [ 173.110289][T11002] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.2460'. [ 173.212632][T11012] netlink: 'syz.3.2466': attribute type 1 has an invalid length. [ 173.359137][T11020] netlink: 'syz.1.2470': attribute type 8 has an invalid length. [ 173.675702][T11040] openvswitch: netlink: EtherType 50a is less than min 600 [ 174.183244][T11074] netlink: 'syz.4.2495': attribute type 2 has an invalid length. [ 174.204548][T11076] netlink: 'syz.2.2497': attribute type 2 has an invalid length. [ 174.293527][T11082] netlink: 'syz.3.2500': attribute type 1 has an invalid length. [ 174.486659][T11095] netlink: 'syz.0.2504': attribute type 6 has an invalid length. [ 175.324501][T11150] __nla_validate_parse: 5 callbacks suppressed [ 175.324522][T11150] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2533'. [ 175.370164][T11150] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2533'. [ 175.768679][T11182] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2547'. [ 176.003548][T11192] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 176.034214][T11192] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 176.126059][T11201] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2554'. [ 176.234245][T11207] openvswitch: netlink: Unexpected mask (mask=4000040, allowed=10048) [ 176.693573][T11235] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2569'. [ 177.127187][T11264] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 177.228254][T11267] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2581'. [ 177.421462][T11280] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2585'. [ 177.597830][T11293] xt_CT: You must specify a L4 protocol and not use inversions on it [ 177.899924][T11309] bond3: option arp_interval: mode dependency failed, not supported in mode 802.3ad(4) [ 177.935061][T11309] bond3 (unregistering): Released all slaves [ 178.419895][T11342] validate_nla: 1 callbacks suppressed [ 178.419917][T11342] netlink: 'syz.1.2609': attribute type 1 has an invalid length. [ 178.465604][T11345] netlink: 'syz.0.2611': attribute type 9 has an invalid length. [ 178.473010][T11342] netlink: 'syz.1.2609': attribute type 2 has an invalid length. [ 178.481332][T11342] netlink: 'syz.1.2609': attribute type 1 has an invalid length. [ 178.550082][T11350] netlink: 'syz.2.2612': attribute type 1 has an invalid length. [ 178.581136][T11350] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2612'. [ 178.682807][T11355] netlink: 'syz.0.2615': attribute type 2 has an invalid length. [ 178.725740][T11355] netlink: 'syz.0.2615': attribute type 11 has an invalid length. [ 178.736427][T11355] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2615'. [ 178.849890][T11364] xt_hashlimit: invalid interval [ 179.112889][T11383] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2626'. [ 179.169496][T11386] x_tables: ip6_tables: NETMAP.0 target: invalid size 40 (kernel) != (user) 0 [ 179.827552][T11428] openvswitch: netlink: IP tunnel dst address not specified [ 180.673204][T11474] __nla_validate_parse: 6 callbacks suppressed [ 180.673225][T11474] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2669'. [ 180.702769][T11476] netlink: 'syz.0.2670': attribute type 1 has an invalid length. [ 181.208714][T11504] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 181.392525][T11513] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2688'. [ 181.531552][T11521] netlink: 'syz.0.2691': attribute type 3 has an invalid length. [ 181.715085][T11531] sock: sock_timestamping_bind_phc: sock not bind to device [ 182.231177][T11565] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2712'. [ 182.554353][T11585] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 182.809019][T11601] openvswitch: netlink: Missing key (keys=40, expected=80) [ 184.561987][T11704] xt_ecn: cannot match TCP bits for non-tcp packets [ 185.636549][T11768] SET target dimension over the limit! [ 185.898954][T11791] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2822'. [ 186.372689][T11822] netlink: 'syz.3.2838': attribute type 1 has an invalid length. [ 186.571594][T11834] tipc: Can't bind to reserved service type 1 [ 186.698744][T11842] netlink: 404 bytes leftover after parsing attributes in process `syz.2.2849'. [ 187.114050][T11869] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2862'. [ 187.123230][T11869] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2862'. [ 187.459774][T11893] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2872'. [ 187.810754][T11917] netlink: 'syz.0.2886': attribute type 23 has an invalid length. [ 188.002128][T11925] openvswitch: netlink: Unexpected mask (mask=40040, allowed=10048) [ 188.103228][T11929] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains [ 188.225055][T11937] netlink: 'syz.1.2896': attribute type 12 has an invalid length. [ 188.801225][T11970] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2913'. [ 189.135067][T11991] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2922'. [ 189.165754][T11991] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2922'. [ 189.733764][T12029] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2941'. [ 189.898690][T12036] dvmrp0: entered allmulticast mode [ 189.969159][T12043] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2948'. [ 190.024083][T12047] netlink: 'syz.0.2950': attribute type 1 has an invalid length. [ 190.331278][T12067] netlink: 'syz.1.2960': attribute type 21 has an invalid length. [ 190.500402][T12077] netlink: 'syz.3.2964': attribute type 21 has an invalid length. [ 190.756774][T12094] netlink: 'syz.4.2969': attribute type 2 has an invalid length. [ 190.977971][T12109] netlink: 'syz.2.2978': attribute type 1 has an invalid length. [ 190.997171][T12109] __nla_validate_parse: 4 callbacks suppressed [ 190.997190][T12109] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2978'. [ 191.013656][T12109] netlink: 658 bytes leftover after parsing attributes in process `syz.2.2978'. [ 191.022829][T12109] netlink: 1 bytes leftover after parsing attributes in process `syz.2.2978'. [ 191.417442][T12132] IPv6: sit2: Disabled Multicast RS [ 191.485180][T12140] netlink: 'syz.2.2993': attribute type 4 has an invalid length. [ 191.516649][T12140] netlink: 17 bytes leftover after parsing attributes in process `syz.2.2993'. [ 191.545107][T12144] rdma_rxe: rxe_newlink: failed to add vxcan1 [ 192.009776][T12176] netlink: 'syz.1.3010': attribute type 1 has an invalid length. [ 192.141437][T12183] xt_SECMARK: invalid mode: 9 [ 192.311460][T12194] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3018'. [ 192.667400][T12216] ipt_REJECT: TCP_RESET invalid for non-tcp [ 193.082989][T12244] netlink: 'syz.1.3045': attribute type 1 has an invalid length. [ 193.116165][T12244] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3045'. [ 193.385957][T12264] netlink: 'syz.0.3053': attribute type 3 has an invalid length. [ 193.833472][T12287] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3067'. [ 194.085344][T12302] netlink: 'syz.1.3073': attribute type 1 has an invalid length. [ 194.279508][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.410022][T12318] openvswitch: netlink: IP tunnel dst address not specified [ 194.703555][T12338] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3090'. [ 195.042009][T12357] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 195.097774][T12360] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3102'. [ 195.131281][T12362] netlink: 'syz.1.3103': attribute type 1 has an invalid length. [ 195.242324][T12368] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3105'. [ 195.267292][T12370] netlink: 'syz.0.3107': attribute type 11 has an invalid length. [ 195.750994][T12399] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 195.869737][T12402] bond1: Unable to set down delay as MII monitoring is disabled [ 195.886786][T12402] bond1 (unregistering): Released all slaves [ 196.152879][T12418] bond1: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 196.240850][T12418] bond1 (unregistering): Released all slaves [ 196.346567][ T5830] Bluetooth: hci4: command 0x0406 tx timeout [ 196.352660][ T5827] Bluetooth: hci3: command 0x0406 tx timeout [ 196.352680][ T5841] Bluetooth: hci1: command 0x0401 tx timeout [ 196.358767][ T5827] Bluetooth: hci2: command 0x0406 tx timeout [ 196.364865][ T5839] Bluetooth: hci0: command 0x080f tx timeout [ 197.350071][T12497] openvswitch: netlink: IP tunnel dst address not specified [ 197.715097][T12517] netlink: 7064 bytes leftover after parsing attributes in process `syz.4.3167'. [ 197.736124][T12517] openvswitch: netlink: Missing key (keys=40, expected=100) [ 197.848849][T12528] x_tables: duplicate underflow at hook 1 [ 197.898629][T12532] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.3176'. [ 197.913962][T12532] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 198.053156][ T5895] IPVS: starting estimator thread 0... [ 198.143574][T12541] IPVS: using max 33 ests per chain, 79200 per kthread [ 198.597513][T12578] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3197'. [ 198.623761][T12578] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3197'. [ 198.811538][T12591] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3205'. [ 198.818894][T12593] xt_addrtype: ipv6 BLACKHOLE matching not supported [ 199.033468][T12603] netlink: 'syz.0.3211': attribute type 21 has an invalid length. [ 199.053724][T12605] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only [ 199.231456][T12618] netlink: 'syz.3.3218': attribute type 2 has an invalid length. [ 199.707895][T12648] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3230'. [ 199.748726][T12648] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3230'. [ 200.173689][T12675] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 200.213633][T12675] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 200.734345][T12710] netlink: 256 bytes leftover after parsing attributes in process `syz.1.3258'. [ 201.213422][T12742] C: renamed from lo [ 201.251188][T12742] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 201.274843][T12744] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3277'. [ 203.201700][T12866] bond3: option resend_igmp: invalid value (32767) [ 203.283758][T12866] bond3: option resend_igmp: allowed values 0 - 255 [ 203.322044][T12875] netlink: 'syz.3.3333': attribute type 20 has an invalid length. [ 203.336467][T12866] bond3 (unregistering): Released all slaves [ 203.347292][T12875] IPv6: NLM_F_CREATE should be specified when creating new route [ 204.182056][T12932] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 204.337042][T12945] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3367'. [ 204.356523][T12948] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3368'. [ 204.797399][T12976] x_tables: arp_tables: NFQUEUE target: not valid for this family [ 204.984095][T12989] openvswitch: netlink: IP tunnel dst address not specified [ 205.115164][T12998] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3393'. [ 205.160551][T13001] openvswitch: netlink: Tunnel attr 16 has unexpected len 20 expected 0 [ 205.231227][T13008] xt_CT: You must specify a L4 protocol and not use inversions on it [ 205.398290][T13019] netlink: 'syz.1.3403': attribute type 2 has an invalid length. [ 205.453751][T13019] netlink: 'syz.1.3403': attribute type 3 has an invalid length. [ 205.466347][T13019] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3403'. [ 205.507249][T13023] netlink: 'syz.2.3405': attribute type 11 has an invalid length. [ 205.540711][T13023] netlink: 228 bytes leftover after parsing attributes in process `syz.2.3405'. [ 205.628078][T13032] SET target dimension over the limit! [ 205.887706][T13048] netlink: 'syz.0.3414': attribute type 21 has an invalid length. [ 205.915369][T13048] netlink: 'syz.0.3414': attribute type 1 has an invalid length. [ 206.177483][T13068] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3424'. [ 206.332088][T13078] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3429'. [ 206.341342][T13078] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3429'. [ 206.479965][T13087] xt_cgroup: path and classid specified [ 206.893482][T13118] netlink: 'syz.1.3448': attribute type 1 has an invalid length. [ 206.963540][T13122] openvswitch: netlink: Key 6 has unexpected len 16 expected 2 [ 207.197950][T13139] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3458'. [ 207.262865][T13139] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 207.280997][T13139] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 207.297167][T13139] bond0 (unregistering): Released all slaves [ 207.382533][T13148] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3464'. [ 207.411489][T13148] netlink: 'syz.0.3464': attribute type 1 has an invalid length. [ 207.443464][T13150] netlink: 'syz.4.3465': attribute type 9 has an invalid length. [ 207.489170][T13153] netlink: 'syz.2.3468': attribute type 21 has an invalid length. [ 207.523425][T13153] IPv6: NLM_F_CREATE should be specified when creating new route [ 207.531582][T13153] netlink: 'syz.2.3468': attribute type 1 has an invalid length. [ 207.609757][T13160] xt_socket: unknown flags 0x50 [ 207.776460][T13170] netlink: 'syz.4.3475': attribute type 3 has an invalid length. [ 207.956687][T13184] bridge0: port 3(gretap0) entered blocking state [ 207.980012][T13184] bridge0: port 3(gretap0) entered disabled state [ 207.998112][T13184] gretap0: entered allmulticast mode [ 208.006874][T13184] gretap0: entered promiscuous mode [ 208.016502][T13184] bridge0: port 3(gretap0) entered blocking state [ 208.023228][T13184] bridge0: port 3(gretap0) entered forwarding state [ 208.409968][T13208] bond3: option xmit_hash_policy: invalid value (64) [ 208.444871][T13208] bond3 (unregistering): Released all slaves [ 209.703670][T13302] IPv6: NLM_F_REPLACE set, but no existing node found! [ 209.834354][T13304] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 209.873459][T13304] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 210.073512][T13320] __nla_validate_parse: 4 callbacks suppressed [ 210.073540][T13320] netlink: 220 bytes leftover after parsing attributes in process `syz.0.3549'. [ 210.468875][T13345] netlink: 516 bytes leftover after parsing attributes in process `syz.4.3561'. [ 210.533063][T13348] validate_nla: 1 callbacks suppressed [ 210.533083][T13348] netlink: 'syz.1.3562': attribute type 12 has an invalid length. [ 211.202695][T13392] netlink: 'syz.3.3584': attribute type 12 has an invalid length. [ 211.365020][T13409] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3593'. [ 211.497217][T13415] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 211.729384][T13431] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 211.873704][T13440] netlink: 'syz.4.3608': attribute type 1 has an invalid length. [ 211.974051][T13448] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3612'. [ 212.318895][T13470] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 212.349296][T13473] x_tables: unsorted entry at hook 3 [ 212.399930][T13474] netlink: 'syz.0.3625': attribute type 1 has an invalid length. [ 212.478691][T13480] netlink: 'syz.4.3628': attribute type 1 has an invalid length. [ 212.547687][T13487] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 212.608581][T13490] netlink: 'syz.1.3634': attribute type 64 has an invalid length. [ 212.839659][T13507] netlink: 184 bytes leftover after parsing attributes in process `syz.2.3642'. [ 212.942263][T13508] openvswitch: netlink: ERSPAN option length err (len 256, max 255). [ 213.267084][T13531] xt_hashlimit: overflow, try lower: 3/0 [ 213.290061][T13534] mac80211_hwsim hwsim6 ÿ: renamed from wlan1 (while UP) [ 213.628887][T13557] Unsupported ieee802154 address type: 0 [ 213.872947][T13574] netdevsim netdevsim1: Direct firmware load for .. @ failed with error -2 [ 213.901388][T13574] netdevsim netdevsim1: Falling back to sysfs fallback for: .. @ [ 214.310930][T13605] nft_compat: unsupported protocol 0 [ 214.553616][T13620] netlink: 'syz.4.3697': attribute type 10 has an invalid length. [ 214.580270][T13620] team0: Device ipvlan1 is up. Set it down before adding it as a team port [ 214.770055][T13634] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3703'. [ 214.819980][T13634] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3703'. [ 214.961082][T13649] netlink: 'syz.1.3712': attribute type 24 has an invalid length. [ 215.043874][T13652] bridge2: entered promiscuous mode [ 215.056000][T13652] bridge2: entered allmulticast mode [ 215.169373][T13660] netlink: 'syz.1.3717': attribute type 10 has an invalid length. [ 215.190079][T13660] bridge_slave_1: left allmulticast mode [ 215.203986][T13660] bridge_slave_1: left promiscuous mode [ 215.209901][T13660] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.285534][T13660] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 215.530376][T13681] openvswitch: netlink: IP tunnel dst address not specified [ 215.826865][T13705] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3737'. [ 215.835820][T13706] sctp: [Deprecated]: syz.1.3740 (pid 13706) Use of int in maxseg socket option. [ 215.835820][T13706] Use struct sctp_assoc_value instead [ 216.185535][T13731] netlink: 'syz.2.3750': attribute type 10 has an invalid length. [ 216.330996][T13734] bridge4: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 216.367355][T13740] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 216.395939][T13740] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 216.433460][T13740] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 216.454478][T13740] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 216.483493][T13740] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 216.505608][T13740] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 217.246017][T13749] netlink: 'syz.2.3761': attribute type 3 has an invalid length. [ 217.476725][T13763] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3768'. [ 217.560641][T13768] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3771'. [ 217.645380][T13775] net_ratelimit: 11775 callbacks suppressed [ 217.645401][T13775] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 218.067966][T13807] ipt_rpfilter: unknown options [ 218.395075][T13829] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3800'. [ 218.410003][T13830] xt_ecn: cannot match TCP bits for non-tcp packets [ 218.520170][T13835] netlink: 14 bytes leftover after parsing attributes in process `syz.3.3803'. [ 219.076076][T13873] bond2: Unable to set peer notification delay as MII monitoring is disabled [ 219.109094][T13873] bond2 (unregistering): Released all slaves [ 219.794723][T13924] openvswitch: netlink: Key type 30 is not supported [ 219.942466][T13932] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3853'. [ 219.966497][T13936] openvswitch: netlink: IP tunnel dst address not specified [ 219.973469][T13932] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3853'. [ 220.217812][T13950] wg1 speed is unknown, defaulting to 1000 [ 220.339632][T13957] bond0: option arp_validate: mode dependency failed, not supported in mode balance-alb(6) [ 220.415377][T13957] bond0 (unregistering): Released all slaves [ 220.541020][T13972] xt_cgroup: xt_cgroup: no path or classid specified [ 220.794114][T13980] Illegal XDP return value 2564228123 on prog (id 241) dev N/A, expect packet loss! [ 220.943451][T13993] netlink: 'syz.0.3877': attribute type 15 has an invalid length. [ 221.521799][T14025] xt_l2tp: v2 doesn't support IP mode [ 221.643438][T14031] netlink: 116 bytes leftover after parsing attributes in process `syz.4.3896'. [ 222.812568][T14100] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 222.850137][T14103] netlink: 'syz.1.3930': attribute type 3 has an invalid length. [ 222.860972][T14104] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3932'. [ 222.889520][T14106] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3933'. [ 223.150000][T14120] x_tables: unsorted underflow at hook 1 [ 223.179845][T14125] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3942'. [ 223.236556][T14128] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3944'. [ 223.273842][T14128] netlink: 50 bytes leftover after parsing attributes in process `syz.2.3944'. [ 223.297015][T14128] netlink: 50 bytes leftover after parsing attributes in process `syz.2.3944'. [ 223.820528][T14165] netdevsim netdevsim1: Firmware load for './file0/../file0' refused, path contains '..' component [ 224.016320][T14180] netlink: 'syz.3.3968': attribute type 39 has an invalid length. [ 224.166695][T14180] hsr_slave_1 (unregistering): left promiscuous mode [ 224.640055][T14220] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3989'. [ 224.748080][T14225] netlink: 'syz.1.3991': attribute type 21 has an invalid length. [ 224.766393][T14225] netlink: 152 bytes leftover after parsing attributes in process `syz.1.3991'. [ 224.877245][T14235] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 225.015356][T14244] ÿÿÿÿÿÿ: renamed from virt_wifi0 [ 225.179630][T14254] netlink: 'syz.1.4005': attribute type 7 has an invalid length. [ 225.333022][T14263] netlink: 'syz.1.4010': attribute type 7 has an invalid length. [ 225.366044][T14263] netlink: 140 bytes leftover after parsing attributes in process `syz.1.4010'. [ 225.528183][T14276] netlink: 'syz.1.4017': attribute type 12 has an invalid length. [ 225.620442][T14276] bond1: option primary_reselect: invalid value (255) [ 225.730919][T14276] bond1 (unregistering): Released all slaves [ 225.800024][T14296] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 226.232306][T14322] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 226.353450][T14330] tc_dump_action: action bad kind [ 226.505416][T14340] netlink: 'syz.1.4049': attribute type 75 has an invalid length. [ 226.747082][T14356] netlink: 'syz.2.4056': attribute type 3 has an invalid length. [ 227.038856][T14376] netlink: 'syz.2.4066': attribute type 9 has an invalid length. [ 227.086799][T14376] netlink: 'syz.2.4066': attribute type 6 has an invalid length. [ 227.378571][T14399] __nla_validate_parse: 1 callbacks suppressed [ 227.378593][T14399] netlink: 9172 bytes leftover after parsing attributes in process `syz.1.4077'. [ 227.776846][T14427] netlink: 1024 bytes leftover after parsing attributes in process `syz.3.4091'. [ 227.881428][T14437] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4094'. [ 228.210989][T14459] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4105'. [ 228.351637][T14463] validate_nla: 2 callbacks suppressed [ 228.351657][T14463] netlink: 'syz.3.4107': attribute type 2 has an invalid length. [ 228.599792][T14485] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4118'. [ 228.614227][T14483] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 228.634308][T14485] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4118'. [ 228.692850][T14491] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 228.831825][T14499] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4126'. [ 229.064099][T14512] netlink: 120 bytes leftover after parsing attributes in process `syz.4.4131'. [ 229.090249][T14512] netlink: 'syz.4.4131': attribute type 1 has an invalid length. [ 229.117303][T14512] netlink: 64 bytes leftover after parsing attributes in process `syz.4.4131'. [ 229.135925][T14519] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4132'. [ 229.380935][T14536] netlink: 'syz.1.4143': attribute type 2 has an invalid length. [ 229.487398][T14543] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 229.524642][T14543] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 229.563478][T14543] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 229.720512][T14558] macvlan0: entered promiscuous mode [ 230.443578][T14608] netlink: 'syz.3.4177': attribute type 1 has an invalid length. [ 230.473680][T14608] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 230.607135][T14619] netlink: 'syz.1.4185': attribute type 29 has an invalid length. [ 230.649348][T14619] netlink: 'syz.1.4185': attribute type 29 has an invalid length. [ 231.090972][T14652] netlink: 'syz.3.4201': attribute type 32 has an invalid length. [ 231.517964][T14677] raw_sendmsg: syz.3.4212 forgot to set AF_INET. Fix it! [ 232.060511][T14704] netlink: 'syz.1.4226': attribute type 2 has an invalid length. [ 232.353930][T14720] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 232.389623][T14724] netlink: 'syz.0.4235': attribute type 33 has an invalid length. [ 233.006920][T14764] netlink: 'syz.1.4256': attribute type 1 has an invalid length. [ 233.701689][T14806] __nla_validate_parse: 6 callbacks suppressed [ 233.701707][T14806] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4276'. [ 233.720465][T14806] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4276'. [ 233.733705][T14806] netlink: 'syz.2.4276': attribute type 14 has an invalid length. [ 233.742215][T14806] netlink: 'syz.2.4276': attribute type 13 has an invalid length. [ 233.913466][T14818] netlink: 'syz.4.4282': attribute type 1 has an invalid length. [ 233.921244][T14818] netlink: 96 bytes leftover after parsing attributes in process `syz.4.4282'. [ 233.963412][T14818] netlink: 'syz.4.4282': attribute type 1 has an invalid length. [ 233.971597][T14818] netlink: 'syz.4.4282': attribute type 8 has an invalid length. [ 233.982249][T14818] netlink: 606 bytes leftover after parsing attributes in process `syz.4.4282'. [ 234.383684][T14852] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4300'. [ 234.513950][T14852] bond2: Invalid ad_actor_system MAC address. [ 234.544444][T14852] bond2: option ad_actor_system: invalid value (1) [ 234.566105][T14852] bond2 (unregistering): Released all slaves [ 234.597874][T14866] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.4304'. [ 234.891328][T14889] netlink: 'syz.2.4316': attribute type 1 has an invalid length. [ 234.900630][T14889] nbd: error processing sock list [ 235.039389][T14894] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4318'. [ 235.060453][T14896] tipc: Started in network mode [ 235.070148][T14896] tipc: Node identity , cluster identity 4711 [ 235.079087][T14896] tipc: Failed to set node id, please configure manually [ 235.089469][T14896] tipc: Enabling of bearer rejected, failed to enable media [ 235.379387][T14909] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4325'. [ 235.402963][ T1164] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 235.411264][ T1164] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 235.423749][ T5895] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 235.850050][T14927] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4334'. [ 235.861292][T14927] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4334'. [ 235.995425][ T5895] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 236.425024][ T42] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 236.665140][T14979] Zero length message leads to an empty skb [ 236.745879][ T5840] Bluetooth: hci4: command 0x0406 tx timeout [ 236.781021][T14987] netlink: 'syz.2.4359': attribute type 10 has an invalid length. [ 236.792783][T14987] team0: Device vxcan1 is of different type [ 237.306732][T15027] netlink: 'syz.1.4378': attribute type 2 has an invalid length. [ 237.314822][T15027] netlink: 'syz.1.4378': attribute type 1 has an invalid length. [ 237.800674][T15055] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 238.133835][T15082] netlink: 'syz.4.4405': attribute type 12 has an invalid length. [ 238.815869][T15121] __nla_validate_parse: 7 callbacks suppressed [ 238.815924][T15121] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4424'. [ 239.153224][T15145] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4437'. [ 239.215697][T15148] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4438'. [ 239.463562][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 239.581000][T15175] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4451'. [ 239.591557][T15173] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4450'. [ 239.629446][T15173] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4450'. [ 239.977770][T15203] netlink: 'syz.2.4465': attribute type 1 has an invalid length. [ 240.086496][T15208] ieee802154 phy1 wpan1: encryption failed: -22 [ 240.114827][T15209] netlink: 168 bytes leftover after parsing attributes in process `syz.2.4467'. [ 240.216485][T15212] netlink: 104 bytes leftover after parsing attributes in process `syz.3.4470'. [ 240.530218][T15238] netlink: 'syz.4.4482': attribute type 3 has an invalid length. [ 240.931833][T15259] tipc: Failed to obtain node identity [ 240.953438][T15259] tipc: Enabling of bearer rejected, failed to enable media [ 241.140174][T15267] pim6reg: entered allmulticast mode [ 241.174947][T15267] pim6reg: left allmulticast mode [ 241.203424][T15271] netlink: 'syz.2.4496': attribute type 1 has an invalid length. [ 241.766402][T15309] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 241.793692][ T5880] IPVS: starting estimator thread 0... [ 241.883364][T15311] IPVS: using max 36 ests per chain, 86400 per kthread [ 242.415462][T15361] netlink: 10 bytes leftover after parsing attributes in process `syz.1.4538'. [ 242.428312][T15359] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4535'. [ 242.755160][T15383] netlink: 'syz.0.4551': attribute type 11 has an invalid length. [ 242.770828][T15384] nbd: must specify a size in bytes for the device [ 243.292482][T15425] IPVS: ip_vs_add_dest(): server weight less than zero [ 243.303432][ T55] IPVS: starting estimator thread 0... [ 243.403372][T15426] IPVS: using max 36 ests per chain, 86400 per kthread [ 243.949349][T15472] __nla_validate_parse: 4 callbacks suppressed [ 243.949368][T15472] netlink: 68 bytes leftover after parsing attributes in process `syz.4.4588'. [ 244.426830][T15502] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4605'. [ 244.442552][T15507] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4606'. [ 244.790873][T15531] vlan2: entered promiscuous mode [ 244.803109][T15531] geneve1: entered promiscuous mode [ 244.808936][T15533] netlink: 212 bytes leftover after parsing attributes in process `syz.2.4617'. [ 244.816066][T15531] vlan2: entered allmulticast mode [ 244.832171][T15531] geneve1: entered allmulticast mode [ 244.983234][T15541] IPv6: NLM_F_CREATE should be specified when creating new route [ 245.010407][T15541] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4621'. [ 245.087112][T15549] IPv6: NLM_F_CREATE should be specified when creating new route [ 246.663871][ T5840] Bluetooth: hci4: command 0x0406 tx timeout [ 246.706453][T15647] netlink: 59 bytes leftover after parsing attributes in process `syz.1.4673'. [ 246.764821][T15651] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4675'. [ 247.045193][T15669] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4684'. [ 247.353518][T15690] tipc: Enabling of bearer rejected, media not registered [ 248.023457][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 248.434119][T15776] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 249.106315][T15819] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4756'. [ 249.591678][T15850] Bluetooth: MGMT ver 1.23 [ 249.890432][T15870] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4782'. [ 250.080841][T15883] sit1: entered promiscuous mode [ 250.091905][T15883] sit1: entered allmulticast mode [ 251.158770][T15955] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.4823'. [ 251.250387][T15960] netlink: 256 bytes leftover after parsing attributes in process `syz.3.4825'. [ 251.283964][T15960] netlink: 'syz.3.4825': attribute type 9 has an invalid length. [ 252.059690][T16017] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4854'. [ 252.142027][T16020] macvlan0: entered promiscuous mode [ 252.222364][T16027] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4859'. [ 252.258270][T16029] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4860'. [ 252.639839][T16063] nbd: socks must be embedded in a SOCK_ITEM attr [ 252.957315][T16088] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4885'. [ 253.543760][ T5837] Bluetooth: hci0: command 0x080f tx timeout [ 253.565622][T16130] netlink: 'syz.2.4905': attribute type 25 has an invalid length. [ 253.869859][T16152] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4918'. [ 254.121851][T16168] tipc: Started in network mode [ 254.132691][T16168] tipc: Node identity 0104000000000000cc, cluster identity 4711 [ 254.153187][T16173] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4926'. [ 255.021800][T16234] netlink: 'syz.2.4956': attribute type 10 has an invalid length. [ 255.048206][T16233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 255.263596][T16251] tipc: Enabling of bearer rejected, failed to enable media [ 255.358990][T16259] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4968'. [ 255.399254][T16261] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 255.676913][T16277] xt_l2tp: missing protocol rule (udp|l2tpip) [ 255.709061][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.751890][T16280] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 255.856005][T16287] netlink: 64 bytes leftover after parsing attributes in process `syz.1.4981'. [ 256.151567][T16306] netlink: 'syz.0.4992': attribute type 1 has an invalid length. [ 256.487046][T16331] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5004'. [ 257.121036][T16375] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5025'. [ 257.132679][T16375] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5025'. [ 257.293119][T16390] netlink: 52 bytes leftover after parsing attributes in process `syz.1.5030'. [ 257.544341][T16408] netlink: 'syz.0.5041': attribute type 2 has an invalid length. [ 257.835796][T16432] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5052'. [ 257.982239][T16439] Cannot find add_set index 46338 as target [ 258.002218][T16442] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5057'. [ 258.012939][T16442] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5057'. [ 258.363981][T16468] IPVS: ip_vs_edit_dest(): server weight less than zero [ 258.374379][ T24] IPVS: starting estimator thread 0... [ 258.463400][T16470] IPVS: using max 31 ests per chain, 74400 per kthread [ 258.474957][T16478] Bluetooth: MGMT ver 1.23 [ 259.309233][T16542] netlink: 'syz.1.5104': attribute type 3 has an invalid length. [ 259.471163][T16552] netlink: 'syz.0.5109': attribute type 1 has an invalid length. [ 259.480028][T16552] netlink: 'syz.0.5109': attribute type 3 has an invalid length. [ 259.490458][T16552] __nla_validate_parse: 4 callbacks suppressed [ 259.490475][T16552] netlink: 172 bytes leftover after parsing attributes in process `syz.0.5109'. [ 259.506462][T16552] NCSI netlink: No device for ifindex 813332851 [ 259.572287][T16560] delete_channel: no stack [ 259.922359][ T1164] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 259.941408][ T1164] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 259.959471][ T1164] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 259.980216][ T1164] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 260.030926][T16584] netlink: 100 bytes leftover after parsing attributes in process `syz.0.5124'. [ 260.101116][T16586] Bluetooth: MGMT ver 1.23 [ 261.506896][T16680] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5173'. [ 261.517921][T16680] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5173'. [ 261.526882][T16680] netlink: 'syz.3.5173': attribute type 12 has an invalid length. [ 261.538801][T16680] netlink: 'syz.3.5173': attribute type 11 has an invalid length. [ 261.781661][T16699] Bluetooth: MGMT ver 1.23 [ 262.585960][T16764] netlink: 'syz.3.5211': attribute type 23 has an invalid length. [ 262.686214][T16772] netlink: 'syz.4.5214': attribute type 3 has an invalid length. [ 262.989871][T16790] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5225'. [ 263.012795][T16790] netlink: 176 bytes leftover after parsing attributes in process `syz.2.5225'. [ 263.023140][T16790] netlink: 'syz.2.5225': attribute type 5 has an invalid length. [ 263.172945][T16809] netlink: 272 bytes leftover after parsing attributes in process `syz.3.5233'. [ 263.640463][T16845] xt_l2tp: unknown flags: 10 [ 263.690789][T16849] team0: Device gtp1 is up. Set it down before adding it as a team port [ 263.836808][T16857] netlink: zone id is out of range [ 263.841971][T16857] netlink: zone id is out of range [ 263.870958][T16857] netlink: zone id is out of range [ 263.877248][T16857] netlink: zone id is out of range [ 263.882515][T16857] netlink: zone id is out of range [ 263.890781][T16857] netlink: zone id is out of range [ 263.896375][T16857] netlink: zone id is out of range [ 263.902915][T16857] netlink: zone id is out of range [ 263.943028][T16857] netlink: zone id is out of range [ 263.951051][T16857] netlink: zone id is out of range [ 264.215919][T16883] pim6reg527: entered allmulticast mode [ 264.847265][T16922] netlink: 'syz.3.5287': attribute type 3 has an invalid length. [ 264.873463][T16922] netlink: 'syz.3.5287': attribute type 1 has an invalid length. [ 264.893007][T16922] netlink: 204 bytes leftover after parsing attributes in process `syz.3.5287'. [ 265.123457][T16943] netlink: 'syz.1.5297': attribute type 2 has an invalid length. [ 265.303480][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 265.650363][T16982] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 265.695168][T16985] netlink: 52 bytes leftover after parsing attributes in process `syz.0.5317'. [ 265.753140][T16985] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5317'. [ 265.794171][T16985] netlink: 52 bytes leftover after parsing attributes in process `syz.0.5317'. [ 265.813452][T16985] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5317'. [ 265.822443][T16985] netlink: 52 bytes leftover after parsing attributes in process `syz.0.5317'. [ 266.010691][T17003] rdma_op ffff88802a5aa1f0 conn xmit_rdma 0000000000000000 [ 266.380782][T17033] netlink: 'syz.4.5343': attribute type 1 has an invalid length. [ 266.568549][T17046] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5349'. [ 266.873859][T17065] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5359'. [ 267.512641][T17110] netlink: 'syz.2.5379': attribute type 1 has an invalid length. [ 267.523579][T17110] netlink: 216 bytes leftover after parsing attributes in process `syz.2.5379'. [ 268.292919][T17166] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 268.324998][T17166] bond0 (unregistering): Released all slaves [ 268.811193][T17207] netlink: 148 bytes leftover after parsing attributes in process `syz.0.5425'. [ 268.910565][T17212] netlink: 'syz.1.5429': attribute type 11 has an invalid length. [ 269.258848][T17236] syz.2.5441 (17236) used greatest stack depth: 17472 bytes left [ 269.422559][T17254] sctp: [Deprecated]: syz.2.5448 (pid 17254) Use of int in maxseg socket option. [ 269.422559][T17254] Use struct sctp_assoc_value instead [ 270.571235][T17344] __nla_validate_parse: 1 callbacks suppressed [ 270.571255][T17344] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5492'. [ 270.724367][T17354] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5499'. [ 270.771924][T17354] bridge0: entered promiscuous mode [ 270.794755][T17354] macsec1: entered promiscuous mode [ 270.800361][T17354] macsec1: entered allmulticast mode [ 270.811573][T17354] bridge0: entered allmulticast mode [ 270.823626][T17364] netlink: 'syz.2.5502': attribute type 4 has an invalid length. [ 270.832834][T17354] bridge0: port 3(macsec1) entered blocking state [ 270.844200][T17354] bridge0: port 3(macsec1) entered disabled state [ 270.877441][T17354] bridge0: left allmulticast mode [ 270.882687][T17354] bridge0: left promiscuous mode [ 271.089162][T17380] netlink: 'syz.0.5511': attribute type 3 has an invalid length. [ 271.367353][T17396] netlink: 'syz.1.5518': attribute type 10 has an invalid length. [ 271.386569][T17396] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 271.396274][T17396] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 271.430750][T17400] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5520'. [ 271.449863][T17396] netlink: 'syz.1.5518': attribute type 10 has an invalid length. [ 271.465832][T17396] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5518'. [ 271.485833][T17396] batadv0: entered promiscuous mode [ 271.495715][T17396] batadv0: entered allmulticast mode [ 271.516837][T17404] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5522'. [ 271.533995][T17396] bond0: (slave batadv0): Releasing backup interface [ 271.566597][T17396] bridge0: port 2(batadv0) entered blocking state [ 271.583797][T17396] bridge0: port 2(batadv0) entered disabled state [ 271.604913][T17408] netlink: 'syz.2.5524': attribute type 1 has an invalid length. [ 271.826756][ T13] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 271.836367][ T13] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 271.870437][T17424] netlink: 640 bytes leftover after parsing attributes in process `syz.3.5531'. [ 271.890212][T17424] net_ratelimit: 134 callbacks suppressed [ 271.890232][T17424] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 272.016329][T17437] netlink: 'syz.3.5538': attribute type 32 has an invalid length. [ 272.033152][T17437] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5538'. [ 272.075011][T17437] bond3: Setting coupled_control to off (0) [ 272.899801][T17500] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 273.057953][T17504] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5570'. [ 273.480113][T17523] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5579'. [ 273.497703][T17509] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.505443][T17509] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.775421][T17509] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 274.073369][T17546] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5590'. [ 275.558936][T17660] : entered promiscuous mode [ 275.787294][ T29] audit: type=1800 audit(1776213233.401:2): pid=17678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.5655" name="memory.events" dev="tmpfs" ino=5850 res=0 errno=0 [ 275.873375][ T29] audit: type=1804 audit(1776213233.421:3): pid=17678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.5655" name="/newroot/1165/memory.events" dev="tmpfs" ino=5850 res=1 errno=0 [ 276.157185][T17706] __nla_validate_parse: 3 callbacks suppressed [ 276.157206][T17706] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5669'. [ 276.294595][T17716] xt_l2tp: wrong L2TP version: 0 [ 276.934915][T17760] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5695'. [ 277.265992][T17782] netlink: 'syz.3.5706': attribute type 8 has an invalid length. [ 277.287262][T17782] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5706'. [ 277.306670][T17782] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.315236][T17782] bridge0: port 1(0¾x9ÿ) entered disabled state [ 277.444042][T17788] bridge0: port 3(veth0_to_bridge) entered blocking state [ 277.461364][T17788] bridge0: port 3(veth0_to_bridge) entered disabled state [ 277.481505][T17788] veth0_to_bridge: entered allmulticast mode [ 277.496461][T17788] veth0_to_bridge: entered promiscuous mode [ 277.622486][T17794] pim6reg: entered allmulticast mode [ 278.327549][T17844] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5735'. [ 278.346630][T17848] openvswitch: netlink: Missing valid actions attribute. [ 278.352092][T17844] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5735'. [ 278.396126][T17848] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 278.597621][T17864] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5746'. [ 278.615528][T17868] netlink: 'syz.1.5747': attribute type 25 has an invalid length. [ 279.383159][T17917] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5769'. [ 279.874851][T17950] netlink: 'syz.1.5782': attribute type 11 has an invalid length. [ 279.933495][T17958] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5786'. [ 280.064074][T17965] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5789'. [ 280.761141][T18015] netlink: 7060 bytes leftover after parsing attributes in process `syz.2.5809'. [ 281.071622][T18038] sock: sock_timestamping_bind_phc: sock not bind to device [ 281.547879][ T29] audit: type=1107 audit(1776213239.161:4): pid=18072 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='Ù‹5ž÷Œ•%èÍUýAÊÃËÙ ë0ä™l…t¿Ý•/Öÿ Ž6òŠ¨Šç›' [ 281.563524][T18076] openvswitch: netlink: Invalid MD length 0 for MD type 0 [ 281.606375][T18076] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 281.956796][T18102] vlan1: entered allmulticast mode [ 282.234114][T18120] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5852'. [ 282.373629][T18132] tipc: Enabling of bearer rejected, failed to enable media [ 282.561124][T18147] netlink: 104 bytes leftover after parsing attributes in process `syz.3.5864'. [ 282.914385][T18170] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5870'. [ 283.513623][T18214] tipc: Invalid UDP bearer configuration [ 283.513674][T18214] tipc: Enabling of bearer rejected, failed to enable media [ 284.133859][T18252] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5905'. [ 284.147427][T18254] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5906'. [ 284.203554][T18254] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5906'. [ 284.494423][T18276] netlink: 'syz.3.5914': attribute type 1 has an invalid length. [ 285.186798][T18325] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5936'. [ 285.200669][T18324] delete_channel: no stack [ 285.330204][T18329] wg1 speed is unknown, defaulting to 1000 [ 285.479610][T18344] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5944'. [ 285.932539][T18371] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5957'. [ 285.944996][T18371] netlink: 'syz.0.5957': attribute type 5 has an invalid length. [ 285.952824][T18371] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5957'. [ 286.129447][T18380] RDS: rds_bind could not find a transport for 400:0:1200:0:1030:0:ffff:ffff, load rds_tcp or rds_rdma? [ 286.635625][T18417] netlink: 'syz.4.5976': attribute type 3 has an invalid length. [ 287.176995][T18456] netlink: 'syz.2.5997': attribute type 18 has an invalid length. [ 288.895430][T18556] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 288.916469][T18556] tipc: Enabled bearer , priority 10 [ 289.401510][T18594] netlink: 'syz.1.6063': attribute type 29 has an invalid length. [ 289.423173][T18594] netlink: 'syz.1.6063': attribute type 29 has an invalid length. [ 289.515234][T18599] : entered promiscuous mode [ 289.635735][T18612] __nla_validate_parse: 1 callbacks suppressed [ 289.635756][T18612] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6070'. [ 289.796213][T18622] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.6076'. [ 290.047583][ T5895] tipc: Node number set to 3439591424 [ 290.269346][T18659] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6094'. [ 290.412851][T18670] tipc: Enabling not permitted [ 290.418979][T18670] tipc: Enabling of bearer rejected, failed to enable media [ 290.800989][T18697] vlan1: entered promiscuous mode [ 290.811053][T18697] bridge0: entered promiscuous mode [ 291.111077][T18717] netlink: 'syz.4.6122': attribute type 10 has an invalid length. [ 291.534657][T18746] netlink: 100 bytes leftover after parsing attributes in process `syz.3.6137'. [ 292.403135][T18814] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6166'. [ 292.597004][T18828] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6170'. [ 292.621696][T18828] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6170'. [ 293.207745][T18868] nftables ruleset with unbound set [ 293.502926][T18889] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6194'. [ 293.559041][T18892] netlink: 'syz.0.6199': attribute type 83 has an invalid length. [ 293.973166][T18928] netlink: 64 bytes leftover after parsing attributes in process `syz.1.6214'. [ 294.404689][T18958] sctp: [Deprecated]: syz.4.6229 (pid 18958) Use of int in maxseg socket option. [ 294.404689][T18958] Use struct sctp_assoc_value instead [ 294.564933][T18968] netlink: 'syz.2.6233': attribute type 1 has an invalid length. [ 294.572715][T18968] netlink: 'syz.2.6233': attribute type 7 has an invalid length. [ 294.612942][T18968] netlink: 'syz.2.6233': attribute type 8 has an invalid length. [ 294.622624][T18968] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6233'. [ 294.711376][T18981] netlink: 64 bytes leftover after parsing attributes in process `syz.0.6240'. [ 295.097292][T19013] netlink: 'syz.2.6254': attribute type 9 has an invalid length. [ 295.178004][T19018] netlink: 190972 bytes leftover after parsing attributes in process `syz.0.6257'. [ 295.887203][T19062] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 295.898130][T19062] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 295.898160][T19061] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6278'. [ 296.124146][T19075] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6283'. [ 296.173464][T19079] sctp: [Deprecated]: syz.4.6286 (pid 19079) Use of int in max_burst socket option deprecated. [ 296.173464][T19079] Use struct sctp_assoc_value instead [ 296.496656][T19106] tap0: tun_chr_ioctl cmd 1074025676 [ 296.502106][T19106] tap0: owner set to 0 [ 296.831335][T19130] netlink: 100 bytes leftover after parsing attributes in process `syz.4.6310'. [ 297.259902][T19160] block nbd1: Unsupported socket: should be TCP or UNIX. [ 297.346524][T19167] ipvlan2: entered allmulticast mode [ 297.351889][T19167] batadv_slave_1: entered allmulticast mode [ 297.392188][T19167] batman_adv: batadv0: Adding interface: ipvlan2 [ 297.410487][T19167] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 297.437284][T19167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.449111][T19167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.460309][T19167] batman_adv: batadv0: Interface activated: ipvlan2 [ 297.960227][T19207] vcan0: tx address claim with dest, not broadcast [ 298.151332][T19221] netlink: 'syz.2.6351': attribute type 1 has an invalid length. [ 298.162074][T19221] netlink: 'syz.2.6351': attribute type 7 has an invalid length. [ 298.171583][T19221] netlink: 'syz.2.6351': attribute type 8 has an invalid length. [ 298.179822][T19221] netlink: 208 bytes leftover after parsing attributes in process `syz.2.6351'. [ 298.190246][T19221] NCSI netlink: No device for ifindex 65584 [ 298.337560][T19235] netlink: 52 bytes leftover after parsing attributes in process `syz.3.6357'. [ 298.472291][T19244] netlink: 88 bytes leftover after parsing attributes in process `syz.2.6362'. [ 298.481755][T19241] netlink: 'syz.0.6360': attribute type 83 has an invalid length. [ 298.600251][T19253] netlink: 92 bytes leftover after parsing attributes in process `syz.4.6365'. [ 298.667729][T19255] netlink: 108 bytes leftover after parsing attributes in process `syz.0.6367'. [ 298.704991][T19263] IPv6: NLM_F_REPLACE set, but no existing node found! [ 299.048728][T19288] ipvlan3: entered allmulticast mode [ 299.054468][T19288] syz_tun: entered allmulticast mode [ 299.266278][T19302] bond0: entered promiscuous mode [ 299.282233][T19302] bond_slave_0: entered promiscuous mode [ 299.292095][T19302] bond_slave_1: entered promiscuous mode [ 299.300390][T19302] bond0: left promiscuous mode [ 299.306398][T19302] bond_slave_0: left promiscuous mode [ 299.312083][T19302] bond_slave_1: left promiscuous mode [ 299.863685][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 301.185648][T19442] __nla_validate_parse: 4 callbacks suppressed [ 301.185667][T19442] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6454'. [ 301.228185][T19442] block nbd1: Unsupported socket: should be TCP or UNIX. [ 301.609306][T19472] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6467'. [ 301.627146][T19473] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6468'. [ 301.638738][T19472] bridge0: port 3(gretap0) entered disabled state [ 301.645478][T19472] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.653290][T19472] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.936795][T19494] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 302.583063][T19538] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6497'. [ 302.867124][T19559] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6507'. [ 302.925909][T19564] netlink: 36 bytes leftover after parsing attributes in process `syz.1.6508'. [ 303.160426][T19584] netem: incorrect ge model size [ 303.169974][T19584] netem: change failed [ 303.178262][T19586] netlink: 'syz.0.6519': attribute type 29 has an invalid length. [ 303.216879][T19588] netlink: 212340 bytes leftover after parsing attributes in process `syz.1.6520'. [ 303.229775][T19590] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6522'. [ 303.233743][T19586] netlink: 'syz.0.6519': attribute type 29 has an invalid length. [ 303.250825][T19588] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 303.262768][T19590] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6522'. [ 303.278365][T19590] netlink: 2 bytes leftover after parsing attributes in process `syz.4.6522'. [ 303.299974][T19586] netlink: 'syz.0.6519': attribute type 29 has an invalid length. [ 303.337478][T19586] netlink: 'syz.0.6519': attribute type 29 has an invalid length. [ 303.351326][T19586] netlink: 'syz.0.6519': attribute type 29 has an invalid length. [ 303.363144][T19586] netlink: 'syz.0.6519': attribute type 29 has an invalid length. [ 303.373593][T19586] netlink: 'syz.0.6519': attribute type 29 has an invalid length. [ 303.630416][T19616] netlink: 'syz.2.6533': attribute type 3 has an invalid length. [ 303.639722][T19616] netlink: 'syz.2.6533': attribute type 3 has an invalid length. [ 303.645366][T19617] gretap0: entered promiscuous mode [ 303.695923][T19617] gretap0: left promiscuous mode [ 304.713503][T19689] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 305.055422][T19719] blkio.reset_stats is deprecated [ 305.671107][T19765] netlink: zone id is out of range [ 305.680305][T19764] netlink: set zone limit has 4 unknown bytes [ 305.689055][T19765] netlink: zone id is out of range [ 306.259462][T19807] gtp1: entered promiscuous mode [ 306.268193][T19807] gtp1: entered allmulticast mode [ 306.299999][T19809] __nla_validate_parse: 11 callbacks suppressed [ 306.300021][T19809] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6622'. [ 306.843948][T19854] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6644'. [ 306.853995][T19854] netlink: 60 bytes leftover after parsing attributes in process `syz.4.6644'. [ 306.863031][T19854] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6644'. [ 307.707324][T19900] batman_adv: batadv0: Adding interface: dummy0 [ 307.726239][T19900] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 307.763143][T19900] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 307.993680][T19918] netlink: 64 bytes leftover after parsing attributes in process `syz.2.6673'. [ 308.636129][T19955] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6691'. [ 308.645557][T19955] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6691'. [ 308.831076][T19967] netlink: 'syz.4.6698': attribute type 83 has an invalid length. [ 309.219164][T19997] netlink: 104 bytes leftover after parsing attributes in process `syz.4.6709'. [ 309.343004][T20006] netlink: 'syz.0.6714': attribute type 1 has an invalid length. [ 309.568392][T20023] syz.2.6723: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 309.605284][T20023] CPU: 0 UID: 0 PID: 20023 Comm: syz.2.6723 Not tainted syzkaller #0 PREEMPT(full) [ 309.605313][T20023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 309.605332][T20023] Call Trace: [ 309.605340][T20023] [ 309.605349][T20023] dump_stack_lvl+0xe8/0x150 [ 309.605393][T20023] warn_alloc+0x249/0x340 [ 309.605420][T20023] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 309.605452][T20023] ? __pfx_warn_alloc+0x10/0x10 [ 309.605483][T20023] ? kasan_save_track+0x4f/0x80 [ 309.605511][T20023] ? kasan_save_track+0x3e/0x80 [ 309.605531][T20023] ? __kasan_kmalloc+0x93/0xb0 [ 309.605553][T20023] ? __kmalloc_cache_noprof+0x31c/0x660 [ 309.605576][T20023] ? xskq_create+0x56/0x170 [ 309.605601][T20023] ? xsk_setsockopt+0x54c/0x990 [ 309.605622][T20023] ? do_sock_setsockopt+0x17c/0x1b0 [ 309.605647][T20023] ? __x64_sys_setsockopt+0x13d/0x1b0 [ 309.605672][T20023] ? do_syscall_64+0x14d/0xf80 [ 309.605705][T20023] __vmalloc_node_range_noprof+0x132/0x1730 [ 309.605762][T20023] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 309.605793][T20023] ? __kasan_kmalloc+0x93/0xb0 [ 309.605823][T20023] vmalloc_user_noprof+0xad/0xe0 [ 309.605846][T20023] ? xskq_create+0xbf/0x170 [ 309.605873][T20023] xskq_create+0xbf/0x170 [ 309.605901][T20023] xsk_init_queue+0x8a/0xe0 [ 309.605929][T20023] xsk_setsockopt+0x54c/0x990 [ 309.605956][T20023] ? __pfx_xsk_setsockopt+0x10/0x10 [ 309.605980][T20023] ? __pfx_aa_sk_perm+0x10/0x10 [ 309.606015][T20023] ? aa_sock_opt_perm+0xff/0x1a0 [ 309.606038][T20023] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 309.606062][T20023] ? __pfx_xsk_setsockopt+0x10/0x10 [ 309.606087][T20023] do_sock_setsockopt+0x17c/0x1b0 [ 309.606119][T20023] __x64_sys_setsockopt+0x13d/0x1b0 [ 309.606151][T20023] do_syscall_64+0x14d/0xf80 [ 309.606178][T20023] ? trace_irq_disable+0x3b/0x150 [ 309.606196][T20023] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.606217][T20023] ? clear_bhb_loop+0x40/0x90 [ 309.606247][T20023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.606266][T20023] RIP: 0033:0x7f306459c819 [ 309.606290][T20023] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 309.606308][T20023] RSP: 002b:00007f30654bf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 309.606330][T20023] RAX: ffffffffffffffda RBX: 00007f3064815fa0 RCX: 00007f306459c819 [ 309.606345][T20023] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 309.606358][T20023] RBP: 00007f3064632c91 R08: 0000000000000004 R09: 0000000000000000 [ 309.606371][T20023] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 309.606384][T20023] R13: 00007f3064816038 R14: 00007f3064815fa0 R15: 00007ffd21e35c18 [ 309.606418][T20023] [ 309.607615][T20023] Mem-Info: [ 309.891707][T20023] active_anon:5440 inactive_anon:0 isolated_anon:0 [ 309.891707][T20023] active_file:3086 inactive_file:40026 isolated_file:0 [ 309.891707][T20023] unevictable:768 dirty:354 writeback:0 [ 309.891707][T20023] slab_reclaimable:11871 slab_unreclaimable:100842 [ 309.891707][T20023] mapped:29193 shmem:1360 pagetables:3422 [ 309.891707][T20023] sec_pagetables:0 bounce:0 [ 309.891707][T20023] kernel_misc_reclaimable:0 [ 309.891707][T20023] free:1322961 free_pcp:11343 free_cma:0 [ 309.951246][T20023] Node 0 active_anon:21756kB inactive_anon:0kB active_file:12344kB inactive_file:159900kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:116736kB dirty:1412kB writeback:0kB shmem:3900kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12196kB pagetables:13408kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 309.986641][T20023] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 310.023036][T20023] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 310.098626][T20023] lowmem_reserve[]: 0 2492 2493 2493 2493 [ 310.110927][T20023] Node 0 DMA32 free:1338720kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB free_highatomic:0KB active_anon:21756kB inactive_anon:0kB active_file:12344kB inactive_file:159900kB unevictable:1536kB writepending:1412kB zspages:0kB present:3129332kB managed:2552564kB mlocked:0kB bounce:0kB free_pcp:43852kB local_pcp:22776kB free_cma:0kB [ 310.147133][T20023] lowmem_reserve[]: 0 0 0 0 0 [ 310.152086][T20023] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 310.184212][T20023] lowmem_reserve[]: 0 0 0 0 0 [ 310.189035][T20023] Node 1 Normal free:3937712kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:2012kB local_pcp:0kB free_cma:0kB [ 310.247414][T20023] lowmem_reserve[]: 0 0 0 0 0 [ 310.270653][T20023] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 310.302553][T20023] Node 0 DMA32: 4975*4kB (UME) 3980*8kB (UME) 1794*16kB (UME) 331*32kB (UME) 721*64kB (UM) 647*128kB (UE) 457*256kB (UME) 287*512kB (UME) 95*1024kB (UE) 12*2048kB (UME) 179*4096kB (UM) = 1338972kB [ 310.326124][T20023] Node 0 Normal: [ 310.369365][T20053] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.6737'. [ 310.383774][T20023] 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 310.420770][T20023] Node 1 Normal: 0*4kB 2*8kB (UM) 2*16kB (UM) 2*32kB (UM) 1*64kB (M) 2*128kB (UM) 2*256kB (M) 3*512kB (UM) 1*1024kB (M) 1*2048kB (U) 960*4096kB (M) = 3937712kB [ 310.441787][T20023] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 310.521682][T20023] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 310.532839][T20023] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 310.547385][T20023] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 310.559211][T20063] netlink: 'syz.0.6742': attribute type 2 has an invalid length. [ 310.569741][T20023] 44467 total pagecache pages [ 310.574743][T20023] 0 pages in swap cache [ 310.660697][T20023] Free swap = 124996kB [ 310.683770][T20023] Total swap = 124996kB [ 310.688076][T20023] 2097051 pages RAM [ 310.691896][T20023] 0 pages HighMem/MovableOnly [ 310.735006][T20023] 427077 pages reserved [ 310.739213][T20023] 0 pages cma reserved [ 310.954756][T20092] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6756'. [ 312.123026][T20165] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.6790'. [ 312.447701][T20189] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6800'. [ 312.458435][T20189] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6800'. [ 312.689158][T20205] tap0: tun_chr_ioctl cmd 1074025678 [ 312.694835][T20205] tap0: group set to 0 [ 312.881668][T20218] netlink: 'syz.4.6815': attribute type 12 has an invalid length. [ 312.892828][T20218] netlink: 'syz.4.6815': attribute type 29 has an invalid length. [ 312.918485][T20218] netlink: 148 bytes leftover after parsing attributes in process `syz.4.6815'. [ 312.943816][T20218] netlink: 59 bytes leftover after parsing attributes in process `syz.4.6815'. [ 314.056920][T20307] netlink: 'syz.2.6861': attribute type 12 has an invalid length. [ 314.072045][T20305] netlink: 196 bytes leftover after parsing attributes in process `syz.4.6858'. [ 314.084888][T20307] netlink: 190972 bytes leftover after parsing attributes in process `syz.2.6861'. [ 314.712767][T20358] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check. [ 314.776579][T20361] netlink: 'syz.1.6885': attribute type 2 has an invalid length. [ 314.784615][T20361] netlink: 'syz.1.6885': attribute type 2 has an invalid length. [ 314.793103][T20361] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6885'. [ 314.977761][T20377] veth0: entered promiscuous mode [ 314.984669][T20376] veth0: left promiscuous mode [ 315.131180][T20388] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.6897'. [ 315.190897][T20391] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6899'. [ 315.304486][T20399] xt_hashlimit: size too large, truncated to 1048576 [ 315.355220][T20402] –: renamed from vxcan1 [ 315.521806][T20410] netlink: 'syz.0.6907': attribute type 1 has an invalid length. [ 315.530411][T20410] netlink: 'syz.0.6907': attribute type 2 has an invalid length. [ 315.540502][T20410] netlink: 'syz.0.6907': attribute type 1 has an invalid length. [ 315.553828][T20410] netlink: 'syz.0.6907': attribute type 3 has an invalid length. [ 316.147611][T20451] Bluetooth: hci1: too big key_count value 32778 [ 316.207726][T20455] block nbd1: Unsupported socket: should be TCP or UNIX. [ 316.667185][T20490] IPv6: NLM_F_CREATE should be specified when creating new route [ 317.152022][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.422516][T20549] __nla_validate_parse: 6 callbacks suppressed [ 317.422536][T20549] netlink: 64 bytes leftover after parsing attributes in process `syz.2.6975'. [ 317.538189][T20556] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6978'. [ 317.683972][T20569] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6984'. [ 317.942885][T20586] netlink: 92 bytes leftover after parsing attributes in process `syz.3.6993'. [ 317.977739][T20586] netlink: 'syz.3.6993': attribute type 1 has an invalid length. [ 318.113190][T20596] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6998'. [ 318.128070][T20596] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6998'. [ 318.142949][T20599] netlink: 'syz.0.7000': attribute type 8 has an invalid length. [ 318.163469][T20599] sch_fq: defrate 0 ignored. [ 318.174486][T20596] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6998'. [ 318.677716][T20634] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7015'. [ 319.168647][T20666] bond0 (unregistering): Released all slaves [ 319.488715][T20691] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7041'. [ 319.760867][T20704] netlink: 'syz.3.7045': attribute type 10 has an invalid length. [ 320.239200][T20714] netlink: 104 bytes leftover after parsing attributes in process `syz.1.7050'. [ 320.755130][T20740] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 320.761160][T20740] syzkaller1: linktype set to 823 [ 321.707637][T20805] hsr_slave_0: left promiscuous mode [ 323.340025][T20914] __nla_validate_parse: 9 callbacks suppressed [ 323.340047][T20914] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7140'. [ 323.479751][T20926] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.7146'. [ 323.911137][T20957] netlink: 'syz.3.7162': attribute type 4 has an invalid length. [ 324.454032][T20997] netlink: 'syz.2.7180': attribute type 1 has an invalid length. [ 324.480670][T20997] netlink: 96 bytes leftover after parsing attributes in process `syz.2.7180'. [ 324.520811][T20997] netlink: 'syz.2.7180': attribute type 1 has an invalid length. [ 324.539000][T20997] netlink: 'syz.2.7180': attribute type 8 has an invalid length. [ 324.548604][T20997] netlink: 582 bytes leftover after parsing attributes in process `syz.2.7180'. [ 324.658875][T21011] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 325.532864][T21063] team0: No ports can be present during mode change [ 325.667483][T21076] netlink: 104 bytes leftover after parsing attributes in process `syz.2.7219'. [ 325.787062][T21082] netlink: 'syz.2.7222': attribute type 25 has an invalid length. [ 325.812444][T21082] netlink: 'syz.2.7222': attribute type 28 has an invalid length. [ 326.088246][T21097] netlink: 232 bytes leftover after parsing attributes in process `syz.1.7228'. [ 326.140593][T21099] IPv6: Can't replace route, no match found [ 326.181385][T21099] IPv6: Can't replace route, no match found [ 326.242073][T21106] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7233'. [ 326.545705][T21131] netlink: 'syz.4.7246': attribute type 1 has an invalid length. [ 326.557165][T21131] netlink: 'syz.4.7246': attribute type 3 has an invalid length. [ 326.573786][T21131] netlink: 'syz.4.7246': attribute type 7 has an invalid length. [ 326.581898][T21131] netlink: 'syz.4.7246': attribute type 8 has an invalid length. [ 326.590437][T21131] netlink: 184 bytes leftover after parsing attributes in process `syz.4.7246'. [ 326.600110][T21131] NCSI netlink: No device for ifindex 131092 [ 326.741330][T21144] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7252'. [ 327.024100][T21160] h: entered promiscuous mode [ 327.035472][T21162] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7261'. [ 327.094987][T21164] netlink: 'syz.1.7262': attribute type 4 has an invalid length. [ 328.442205][T21261] netlink: 'syz.4.7308': attribute type 83 has an invalid length. [ 329.115497][T21307] __nla_validate_parse: 3 callbacks suppressed [ 329.115511][T21307] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7328'. [ 329.171145][T21309] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7329'. [ 329.341585][T21318] netlink: 'syz.2.7332': attribute type 33 has an invalid length. [ 329.381850][T21318] bond0: option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0) [ 329.401870][T21318] bond0 (unregistering): Released all slaves [ 329.488569][T21328] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7336'. [ 329.594744][T21334] netlink: 'syz.0.7339': attribute type 3 has an invalid length. [ 329.828328][T21344] tipc: Started in network mode [ 329.857978][T21344] tipc: Node identity ac14140f, cluster identity 4711 [ 329.893916][T21344] tipc: New replicast peer: 172.20.20.187 [ 329.900398][T21344] tipc: Enabled bearer , priority 10 [ 330.479114][T21392] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7366'. [ 330.774544][T21417] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7378'. [ 331.024739][ T42] tipc: Node number set to 2886997007 [ 331.593917][T21469] nbd1: detected capacity change from 0 to 127 [ 331.608608][ T5837] block nbd1: Receive control failed (result -32) [ 331.638431][T21478] block nbd1: Dead connection, failed to find a fallback [ 331.670751][T21484] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7410'. [ 331.673873][T21478] block nbd1: shutting down sockets [ 331.679935][T21484] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7410'. [ 331.700363][T21483] netlink: 'syz.4.7411': attribute type 5 has an invalid length. [ 331.730817][T21478] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 331.762132][T21478] Buffer I/O error on dev nbd1, logical block 0, async page read [ 331.790175][T21478] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 331.827135][T21478] Buffer I/O error on dev nbd1, logical block 1, async page read [ 331.844570][T21478] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 331.878155][T21478] Buffer I/O error on dev nbd1, logical block 2, async page read [ 331.906729][T21478] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 331.926723][T21478] Buffer I/O error on dev nbd1, logical block 3, async page read [ 331.953483][T21478] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 331.973452][T21478] Buffer I/O error on dev nbd1, logical block 0, async page read [ 331.981288][T21478] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 332.003944][T21478] Buffer I/O error on dev nbd1, logical block 1, async page read [ 332.022154][T21478] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 332.039554][T21478] Buffer I/O error on dev nbd1, logical block 2, async page read [ 332.050657][T21478] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 332.076319][T21478] Buffer I/O error on dev nbd1, logical block 3, async page read [ 332.079128][T21507] netlink: 'syz.4.7423': attribute type 1 has an invalid length. [ 332.113949][T21478] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 332.124069][T21507] netlink: 'syz.4.7423': attribute type 2 has an invalid length. [ 332.131914][T21507] netlink: 'syz.4.7423': attribute type 1 has an invalid length. [ 332.133311][T21478] Buffer I/O error on dev nbd1, logical block 0, async page read [ 332.155977][T21478] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 332.191063][T21478] Buffer I/O error on dev nbd1, logical block 1, async page read [ 332.214673][T21478] ldm_validate_partition_table(): Disk read failed. [ 332.236302][T21478] Dev nbd1: unable to read RDB block 0 [ 332.253550][T21478] nbd1: unable to read partition table [ 332.257487][T21514] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7427'. [ 332.278633][T21478] ldm_validate_partition_table(): Disk read failed. [ 332.302405][T21478] Dev nbd1: unable to read RDB block 0 [ 332.322772][T21478] nbd1: unable to read partition table [ 332.348809][T21522] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.7428'. [ 332.901754][T21558] netlink: 'syz.2.7447': attribute type 83 has an invalid length. [ 333.374279][T21574] nbd2: detected capacity change from 0 to 63 [ 333.385161][ T5840] block nbd2: Receive control failed (result -32) [ 333.388969][ T5837] block nbd2: Receive control failed (result -32) [ 333.403626][T21478] block nbd2: Send control failed (result -32) [ 333.410053][T21478] block nbd2: Request send failed, requeueing [ 333.426366][ T1727] block nbd2: Dead connection, failed to find a fallback [ 333.434690][ T1727] block nbd2: shutting down sockets [ 333.441560][T21478] ldm_validate_partition_table(): Disk read failed. [ 333.449186][T21478] Dev nbd2: unable to read RDB block 0 [ 333.456328][T21478] nbd2: unable to read partition table [ 333.468055][T21588] netlink: 'syz.1.7460': attribute type 8 has an invalid length. [ 333.484992][T21478] ldm_validate_partition_table(): Disk read failed. [ 333.507774][T21478] Dev nbd2: unable to read RDB block 0 [ 333.525993][T21478] nbd2: unable to read partition table [ 333.542144][T21592] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7462'. [ 334.004628][T21624] netlink: 'syz.0.7475': attribute type 21 has an invalid length. [ 334.012564][T21624] netlink: 'syz.0.7475': attribute type 4 has an invalid length. [ 334.037943][T21624] netlink: 'syz.0.7475': attribute type 5 has an invalid length. [ 334.084376][T21624] netlink: 'syz.0.7475': attribute type 21 has an invalid length. [ 334.177396][T21638] __nla_validate_parse: 8 callbacks suppressed [ 334.177410][T21638] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7483'. [ 334.581686][T21664] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7495'. [ 334.677016][T21673] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7500'. [ 335.326716][T21720] tun0: tun_chr_ioctl cmd 1074025675 [ 335.337914][T21720] tun0: persist disabled [ 335.927324][T21762] tipc: Started in network mode [ 335.940401][T21762] tipc: Node identity ac14140f, cluster identity 4711 [ 335.964955][T21762] tipc: New replicast peer: 255.255.255.255 [ 335.971697][T21762] tipc: Enabled bearer , priority 10 [ 335.997049][T21766] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7541'. [ 336.142414][T21779] netlink: 40 bytes leftover after parsing attributes in process `syz.2.7544'. [ 336.318188][T21790] xt_hashlimit: size too large, truncated to 1048576 [ 336.372780][T21792] xt_hashlimit: size too large, truncated to 1048576 [ 336.526277][T21804] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 336.695560][T21812] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7562'. [ 336.774440][T21812] macvtap1: entered promiscuous mode [ 336.782594][T21812] vlan0: entered promiscuous mode [ 336.800547][T21812] macvtap1: entered allmulticast mode [ 336.819507][T21812] vlan0: entered allmulticast mode [ 336.826536][T21812] veth0_vlan: entered allmulticast mode [ 336.939612][T21824] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7568'. [ 337.041197][T21830] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7572'. [ 337.093425][ T42] tipc: Node number set to 2886997007 [ 337.118436][ T5840] block nbd3: Receive control failed (result -32) [ 337.121036][T21832] tipc: Started in network mode [ 337.153095][T21832] tipc: Node identity ac14140f, cluster identity 4711 [ 337.164806][T21832] tipc: Enabled bearer , priority 10 [ 337.172806][T21837] netlink: 168 bytes leftover after parsing attributes in process `syz.0.7573'. [ 337.331136][T21849] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.7577'. [ 337.681086][T21877] macvlan0: left promiscuous mode [ 338.283594][ T5887] tipc: Node number set to 2886997007 [ 338.627787][T21944] syzkaller1: entered promiscuous mode [ 338.634106][T21944] syzkaller1: entered allmulticast mode [ 339.223941][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.233148][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.257540][T21980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.267194][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.316531][T21980] validate_nla: 2 callbacks suppressed [ 339.316550][T21980] netlink: 'syz.2.7641': attribute type 2 has an invalid length. [ 339.363387][T21980] netlink: 'syz.2.7641': attribute type 2 has an invalid length. [ 339.544895][ T61] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.553988][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.704381][ T5837] Bluetooth: hci4: command 0x0406 tx timeout [ 339.994082][T22018] __nla_validate_parse: 4 callbacks suppressed [ 339.994103][T22018] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7659'. [ 340.263483][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 340.272078][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 340.536525][ T5820] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 340.614612][ T5820] CPU: 1 UID: 0 PID: 5820 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 340.614640][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 340.614651][ T5820] Call Trace: [ 340.614658][ T5820] [ 340.614666][ T5820] dump_stack_lvl+0xe8/0x150 [ 340.614694][ T5820] dump_header+0xd3/0x4c0 [ 340.614717][ T5820] oom_kill_process+0x3ab/0x970 [ 340.614740][ T5820] out_of_memory+0x106c/0x1410 [ 340.614757][ T5820] ? percpu_ref_put+0x19/0x180 [ 340.614781][ T5820] ? __pfx___mutex_lock+0x10/0x10 [ 340.614812][ T5820] ? __pfx_out_of_memory+0x10/0x10 [ 340.614829][ T5820] ? do_raw_spin_unlock+0xf5/0x210 [ 340.614859][ T5820] try_charge_memcg+0xc53/0x1560 [ 340.614898][ T5820] ? __pfx_try_charge_memcg+0x10/0x10 [ 340.614931][ T5820] ? mem_cgroup_swapin_charge_folio+0x36/0x4d0 [ 340.614958][ T5820] ? mem_cgroup_swapin_charge_folio+0x36/0x4d0 [ 340.614999][ T5820] mem_cgroup_swapin_charge_folio+0x2e3/0x4d0 [ 340.615023][ T5820] __swap_cache_prepare_and_add+0xe8/0x760 [ 340.615055][ T5820] ? page_rmappable_folio+0x9a/0x170 [ 340.615087][ T5820] swap_cache_alloc_folio+0xf1/0x240 [ 340.615116][ T5820] swap_cluster_readahead+0x369/0x690 [ 340.615141][ T5820] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 340.615173][ T5820] ? get_vma_policy+0x27b/0x3c0 [ 340.615198][ T5820] swapin_readahead+0x196/0xc50 [ 340.615229][ T5820] ? __pfx_swapin_readahead+0x10/0x10 [ 340.615249][ T5820] ? swap_table_get+0x1e/0x260 [ 340.615272][ T5820] ? swap_table_get+0x1e/0x260 [ 340.615294][ T5820] ? swap_table_get+0x1e/0x260 [ 340.615319][ T5820] ? swap_table_get+0x216/0x260 [ 340.615343][ T5820] ? swap_cache_get_folio+0x513/0x520 [ 340.615380][ T5820] do_swap_page+0x56f/0x5a20 [ 340.615422][ T5820] ? do_swap_page+0x127/0x5a20 [ 340.615443][ T5820] ? __pfx_do_swap_page+0x10/0x10 [ 340.615464][ T5820] ? __pte_offset_map+0x1ae/0x240 [ 340.615484][ T5820] ? pte_offset_map_rw_nolock+0xea/0x160 [ 340.615527][ T5820] handle_mm_fault+0x12d2/0x3310 [ 340.615565][ T5820] ? handle_mm_fault+0xee/0x3310 [ 340.615599][ T5820] ? __pfx_handle_mm_fault+0x10/0x10 [ 340.615626][ T5820] ? lock_vma_under_rcu+0x45a/0x500 [ 340.615673][ T5820] do_user_addr_fault+0xa73/0x1340 [ 340.615711][ T5820] ? rcu_is_watching+0x15/0xb0 [ 340.615736][ T5820] ? trace_page_fault_user+0x84/0x210 [ 340.615760][ T5820] exc_page_fault+0x6a/0xc0 [ 340.615784][ T5820] asm_exc_page_fault+0x26/0x30 [ 340.615801][ T5820] RIP: 0033:0x7fc75615d04e [ 340.615818][ T5820] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 340.615831][ T5820] RSP: 002b:00007ffdd570faf8 EFLAGS: 00010246 [ 340.615846][ T5820] RAX: 0000000000000000 RBX: 0000555589ba9500 RCX: 00007fc75615d04e [ 340.615858][ T5820] RDX: 00007ffdd570fb50 RSI: 0000000000000000 RDI: 0000000000000000 [ 340.615869][ T5820] RBP: 00007ffdd570fbbc R08: 0000000000000000 R09: 0000000000000000 [ 340.615898][ T5820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 340.615909][ T5820] R13: 00000000000927c0 R14: 0000000000052eda R15: 00007ffdd570fc10 [ 340.615940][ T5820] [ 340.621558][ T5820] memory: usage 307200kB, limit 307200kB, failcnt 562 [ 340.808807][T22048] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 340.946281][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 340.986716][ T5820] memory+swap: usage 307332kB, limit 9007199254740988kB, failcnt 0 [ 340.995172][ T5820] kmem: usage 307128kB, limit 9007199254740988kB, failcnt 0 [ 341.002595][ T5820] Memory cgroup stats for /syz1: [ 341.002834][ T5820] cache 8192 [ 341.012180][ T5820] rss 24576 [ 341.053490][ T5820] rss_huge 0 [ 341.056744][ T5820] shmem 0 [ 341.059704][ T5820] mapped_file 8192 [ 341.120248][ T5820] dirty 0 [ 341.133176][ T5820] writeback 0 [ 341.137518][ T5820] workingset_refault_anon 9 [ 341.153910][ T5820] workingset_refault_file 0 [ 341.158466][ T5820] swap 163840 [ 341.161852][ T5820] swapcached 237568 [ 341.193447][T22055] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7674'. [ 341.207654][ T5820] pgpgin 58743 [ 341.211122][ T5820] pgpgout 58732 [ 341.231309][ T5820] pgfault 162328 [ 341.300779][ T5820] pgmajfault 7 [ 341.309832][ T5820] inactive_anon 4096 [ 341.323515][ T5820] active_anon 32768 [ 341.327386][ T5820] inactive_file 8192 [ 341.334061][T22059] netlink: 168 bytes leftover after parsing attributes in process `syz.2.7676'. [ 341.337482][ T5820] active_file 0 [ 341.381137][ T5820] unevictable 0 [ 341.389562][ T5820] hierarchical_memory_limit 314572800 [ 341.408456][ T5820] hierarchical_memsw_limit 9223372036854771712 [ 341.425885][ T5820] total_cache 8192 [ 341.429654][ T5820] total_rss 24576 [ 341.466461][ T5820] total_rss_huge 0 [ 341.470229][ T5820] total_shmem 0 [ 341.483884][ T5820] total_mapped_file 8192 [ 341.503106][ T5820] total_dirty 0 [ 341.517882][ T5820] total_writeback 0 [ 341.529539][ T5820] total_workingset_refault_anon 9 [ 341.553424][ T5820] total_workingset_refault_file 0 [ 341.568442][ T5820] total_swap 163840 [ 341.585344][ T5820] total_swapcached 237568 [ 341.596449][ T5820] total_pgpgin 58743 [ 341.606992][ T5820] total_pgpgout 58732 [ 341.631065][ T5820] total_pgfault 162328 [ 341.645647][ T5820] total_pgmajfault 7 [ 341.658539][ T5820] total_inactive_anon 4096 [ 341.694089][ T5820] total_active_anon 32768 [ 341.707788][ T5820] total_inactive_file 8192 [ 341.722537][ T5820] total_active_file 0 [ 341.727585][ T5820] total_unevictable 0 [ 341.731582][ T5820] anon_cost 0 [ 341.746255][ T5820] file_cost 0 [ 341.754160][ T5820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.7628,pid=21951,uid=0 [ 341.785448][T22071] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7681'. [ 341.804227][ T5820] Memory cgroup out of memory: OOM victim 21951 (syz.1.7628) is already exiting. Skip killing the task [ 341.929937][T22071] netlink: 65011 bytes leftover after parsing attributes in process `syz.2.7681'. [ 342.239948][T22089] syzkaller1: entered promiscuous mode [ 342.265881][T22089] syzkaller1: entered allmulticast mode [ 342.918169][T22124] bridge0: port 3(gretap0) entered blocking state [ 342.924851][T22124] bridge0: port 3(gretap0) entered listening state [ 342.931639][T22124] bridge0: port 2(bridge_slave_1) entered blocking state [ 342.938843][T22124] bridge0: port 2(bridge_slave_1) entered listening state [ 342.946279][T22124] bridge0: port 1(bridge_slave_0) entered blocking state [ 342.953484][T22124] bridge0: port 1(bridge_slave_0) entered listening state [ 342.987224][T22131] netlink: 'syz.4.7708': attribute type 2 has an invalid length. [ 343.011716][T22131] netlink: 'syz.4.7708': attribute type 2 has an invalid length. [ 343.124137][T22136] veth0: entered promiscuous mode [ 343.133813][T22133] veth0: left promiscuous mode [ 344.423386][ C1] net_ratelimit: 17 callbacks suppressed [ 344.423406][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 344.438077][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 344.664089][ T1164] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 344.672526][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 344.754183][T22240] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7758'. [ 344.795631][T22240] gtp0: entered promiscuous mode [ 344.814015][T22240] gtp0: entered allmulticast mode [ 344.874732][T22245] netlink: 207952 bytes leftover after parsing attributes in process `syz.3.7759'. [ 344.950904][T22250] syzkaller1: entered promiscuous mode [ 344.966889][T22250] syzkaller1: entered allmulticast mode [ 344.996402][T22253] sctp: [Deprecated]: syz.1.7763 (pid 22253) Use of struct sctp_assoc_value in delayed_ack socket option. [ 344.996402][T22253] Use struct sctp_sack_info instead [ 345.167524][ T29] audit: type=1800 audit(1776213302.781:5): pid=22259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.7766" name="memory.events" dev="tmpfs" ino=7392 res=0 errno=0 [ 345.278043][T22270] geneve2: entered promiscuous mode [ 345.296242][ T13] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 56193 - 0 [ 345.315257][T22273] batadv_slave_1: entered promiscuous mode [ 345.321332][ T13] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 56193 - 0 [ 345.332669][ T13] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 56193 - 0 [ 345.351053][T22272] batadv_slave_1: left promiscuous mode [ 345.357804][ T13] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 56193 - 0 [ 345.358319][T22276] netlink: 'syz.1.7772': attribute type 63 has an invalid length. [ 345.430656][T22280] netlink: 'syz.1.7772': attribute type 63 has an invalid length. [ 345.463502][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.472096][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.644041][ T1164] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.653228][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.954175][T22321] netlink: 207952 bytes leftover after parsing attributes in process `syz.2.7793'. [ 346.483869][T22356] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 346.492414][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 346.600904][T22364] netlink: 'syz.1.7815': attribute type 17 has an invalid length. [ 346.626005][T22364] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7815'. [ 346.664199][T22364] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7815'. [ 346.698045][T22364] gretap0: entered promiscuous mode [ 346.789253][T22364] gretap0: left promiscuous mode [ 347.008561][T22387] netlink: 'syz.1.7826': attribute type 1 has an invalid length. [ 347.045778][T22387] netlink: 88 bytes leftover after parsing attributes in process `syz.1.7826'. [ 347.105352][T22387] netlink: 1 bytes leftover after parsing attributes in process `syz.1.7826'. [ 347.128038][T22387] netlink: 'syz.1.7826': attribute type 1 has an invalid length. [ 347.136265][T22387] netlink: 634 bytes leftover after parsing attributes in process `syz.1.7826'. [ 348.170863][T22474] netlink: 'syz.3.7863': attribute type 2 has an invalid length. [ 348.270608][T22479] netlink: 156 bytes leftover after parsing attributes in process `syz.3.7865'. [ 348.330764][T22484] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7867'. [ 348.360364][T22484] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 348.392332][T22484] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 348.419133][T22490] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7868'. [ 348.942906][T22527] netlink: 'syz.4.7886': attribute type 1 has an invalid length. [ 349.272081][T22550] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7898'. [ 349.378545][T22553] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 349.623377][ C1] net_ratelimit: 8 callbacks suppressed [ 349.623397][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 349.637789][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 349.863731][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 349.873123][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 350.663511][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 350.672102][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 351.249978][T22665] netlink: 'syz.4.7949': attribute type 1 has an invalid length. [ 351.289478][T22667] netlink: 'syz.2.7951': attribute type 4 has an invalid length. [ 351.313541][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 351.786449][T22700] __nla_validate_parse: 3 callbacks suppressed [ 351.786470][T22700] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.7967'. [ 351.977681][T22711] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.7972'. [ 352.773036][T22759] syzkaller1: entered promiscuous mode [ 352.783518][T22759] syzkaller1: entered allmulticast mode [ 352.844114][T22765] syzkaller1: entered promiscuous mode [ 352.849787][T22765] syzkaller1: entered allmulticast mode [ 353.037429][T22776] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8000'. [ 353.059020][T22778] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8002'. [ 353.665894][T22822] netlink: 27 bytes leftover after parsing attributes in process `syz.0.8023'. [ 353.677678][T22823] syzkaller1: entered promiscuous mode [ 353.683499][T22823] syzkaller1: entered allmulticast mode [ 354.061042][T22845] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 354.100961][T22849] af_packet: tpacket_rcv: packet too big, clamped from 39 to 4294967272. macoff=96 [ 354.118665][T22847] macvtap1: entered promiscuous mode [ 354.124477][T22847] macvtap1: entered allmulticast mode [ 354.130150][T22847] veth1_vlan: entered allmulticast mode [ 354.151816][T22851] macvtap2: entered promiscuous mode [ 354.159890][T22851] macvtap2: entered allmulticast mode [ 354.288479][T22857] syzkaller1: entered promiscuous mode [ 354.304302][T22857] syzkaller1: entered allmulticast mode [ 354.314182][T22857] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 324 [ 354.315417][T22859] sctp: [Deprecated]: syz.3.8040 (pid 22859) Use of struct sctp_assoc_value in delayed_ack socket option. [ 354.315417][T22859] Use struct sctp_sack_info instead [ 354.637779][T22880] nbd: couldn't find a device at index 0 [ 354.817444][T22891] gre0: entered promiscuous mode [ 354.825950][T22891] gre0: entered allmulticast mode [ 354.959178][T22899] syzkaller1: entered promiscuous mode [ 354.974440][T22899] syzkaller1: entered allmulticast mode [ 355.026435][T22908] netlink: 36 bytes leftover after parsing attributes in process `syz.1.8061'. [ 355.174077][T22916] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8064'. [ 355.184890][T22916] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8064'. [ 355.615759][T22943] netlink: 212340 bytes leftover after parsing attributes in process `syz.3.8079'. [ 355.643416][T22943] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 355.767155][T22947] team0: Port device gretap2 added [ 356.146436][T22973] nbd: couldn't find a device at index 0 [ 356.699259][T23016] netlink: 'syz.1.8111': attribute type 11 has an invalid length. [ 356.838863][T23022] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8117'. [ 356.865978][T23022] netlink: 'syz.4.8117': attribute type 7 has an invalid length. [ 356.874549][T23022] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8117'. [ 356.975938][T23034] netlink: 27 bytes leftover after parsing attributes in process `syz.4.8122'. [ 357.235435][T23053] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 357.455003][T23061] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8135'. [ 357.599479][T23067] netlink: 56 bytes leftover after parsing attributes in process `syz.3.8138'. [ 358.250957][T23111] sctp: [Deprecated]: syz.0.8157 (pid 23111) Use of int in max_burst socket option deprecated. [ 358.250957][T23111] Use struct sctp_assoc_value instead [ 358.597195][T23131] pim6reg1: entered promiscuous mode [ 358.605695][T23131] pim6reg1: entered allmulticast mode [ 358.980646][T23157] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8181'. [ 359.632426][T23200] netlink: 88 bytes leftover after parsing attributes in process `syz.2.8201'. [ 359.792744][T23210] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8206'. [ 359.805210][T23210] netlink: 'syz.0.8206': attribute type 7 has an invalid length. [ 359.813925][T23210] netlink: 'syz.0.8206': attribute type 8 has an invalid length. [ 359.822701][T23210] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8206'. [ 360.118423][T23230] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8216'. [ 360.138653][T23230] ipvlan2: entered allmulticast mode [ 360.144720][T23230] syz_tun: entered allmulticast mode [ 360.569592][T23254] netlink: 'syz.4.8226': attribute type 4 has an invalid length. [ 360.814846][T23273] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 361.339182][T23303] syzkaller1: entered promiscuous mode [ 361.352254][T23303] syzkaller1: entered allmulticast mode [ 361.872352][T23342] __nla_validate_parse: 6 callbacks suppressed [ 361.872372][T23342] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8268'. [ 362.438972][T23373] netlink: 64 bytes leftover after parsing attributes in process `syz.3.8283'. [ 362.606143][T23382] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 362.610348][T23384] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8288'. [ 362.612340][T23382] syzkaller1: Refused to change device type [ 362.724516][T23388] netlink: 'syz.3.8290': attribute type 19 has an invalid length. [ 362.732664][T23388] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8290'. [ 362.745706][T23388] netlink: 'syz.3.8290': attribute type 19 has an invalid length. [ 362.758862][T23388] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8290'. [ 362.991924][T23402] xt_hashlimit: size too large, truncated to 1048576 [ 363.392018][T23423] netlink: 'syz.2.8306': attribute type 21 has an invalid length. [ 363.414275][T23423] netlink: 'syz.2.8306': attribute type 22 has an invalid length. [ 363.425714][T23423] netlink: 'syz.2.8306': attribute type 23 has an invalid length. [ 363.434484][T23423] netlink: 'syz.2.8306': attribute type 25 has an invalid length. [ 363.442895][T23423] netlink: 'syz.2.8306': attribute type 26 has an invalid length. [ 363.451642][T23423] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8306'. [ 363.804678][T23445] syzkaller1: entered promiscuous mode [ 363.810199][T23445] syzkaller1: entered allmulticast mode [ 364.109232][T23461] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8323'. [ 364.409782][T23480] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 364.615272][T23493] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8338'. [ 365.018769][T23511] netlink: 'syz.0.8346': attribute type 51 has an invalid length. [ 365.031300][T23511] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 365.038878][T23511] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 365.047317][T23511] batman_adv: batadv0: Removing interface: dummy0 [ 365.164556][T23517] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8350'. [ 365.244106][T23521] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8353'. [ 365.473447][T23538] netlink: 'syz.3.8360': attribute type 15 has an invalid length. [ 365.499832][ T13] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0 [ 365.514011][T23538] netlink: 'syz.3.8360': attribute type 15 has an invalid length. [ 365.523959][ T13] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0 [ 365.545390][ T13] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0 [ 365.582129][ T13] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0 [ 365.814544][T23562] gretap1: entered promiscuous mode [ 365.833529][T23562] batman_adv: batadv0: Adding interface: gretap1 [ 365.853576][T23562] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500. [ 365.914137][T23562] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active [ 366.279615][T23587] veth1_vlan (unregistering): left allmulticast mode [ 366.468196][T23597] 8021q: adding VLAN 0 to HW filter on device bond2 [ 366.855844][T23617] "syz.2.8389" (23617) uses obsolete ecb(arc4) skcipher [ 366.870877][T23630] vcan0: tx drop: invalid da for name 0x0000000000000008 [ 366.928343][T23633] IPv6: sit1: Disabled Multicast RS [ 367.145888][T23650] __nla_validate_parse: 3 callbacks suppressed [ 367.145907][T23650] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8403'. [ 367.162892][T23650] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8403'. [ 367.257858][T23656] gretap0: left allmulticast mode [ 367.271320][T23656] gretap0: left promiscuous mode [ 367.279054][T23656] bridge0: port 3(gretap0) entered disabled state [ 367.299583][T23656] bridge_slave_0: left promiscuous mode [ 367.307387][T23656] bridge0: port 1(bridge_slave_0) entered disabled state [ 367.320523][T23656] bridge_slave_1: left allmulticast mode [ 367.330220][T23656] bridge0: port 2(bridge_slave_1) entered disabled state [ 367.351035][T23663] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8407'. [ 367.356591][T23656] team0: Port device team_slave_0 removed [ 367.380082][T23656] team0: Port device team_slave_1 removed [ 367.391223][T23656] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 367.399108][T23656] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 367.407920][T23656] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 367.416001][T23656] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 367.425309][T23656] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 367.444753][T23661] team0: No ports can be present during mode change [ 367.513354][ T42] syz1: Port: 1 Link DOWN [ 367.635288][T23669] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8412'. [ 368.019241][T23691] validate_nla: 3 callbacks suppressed [ 368.019261][T23691] netlink: 'syz.4.8420': attribute type 29 has an invalid length. [ 368.058455][T23691] netlink: 'syz.4.8420': attribute type 29 has an invalid length. [ 368.074724][T23691] netlink: 500 bytes leftover after parsing attributes in process `syz.4.8420'. [ 368.318870][T23715] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8429'. [ 369.024360][T23740] bridge0: port 2(bridge_slave_1) entered disabled state [ 369.031910][T23740] bridge0: port 1(bridge_slave_0) entered disabled state [ 369.112916][T23754] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8446'. [ 369.430054][T23740] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 369.465377][T23740] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 369.845194][T23758] syzkaller1: entered promiscuous mode [ 369.857653][T23758] syzkaller1: entered allmulticast mode [ 369.865229][ T13] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.874649][ T13] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.885148][ T13] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.895968][ T13] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.970671][T23765] netlink: 104 bytes leftover after parsing attributes in process `syz.4.8449'. [ 370.252958][T23788] netlink: 207952 bytes leftover after parsing attributes in process `syz.4.8460'. [ 371.059462][T23849] syzkaller1: entered promiscuous mode [ 371.071629][T23849] syzkaller1: entered allmulticast mode [ 371.084167][T23853] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8486'. [ 371.482801][T23881] netlink: 'syz.4.8499': attribute type 1 has an invalid length. [ 371.559813][T23881] bond4: entered promiscuous mode [ 371.566023][T23881] 8021q: adding VLAN 0 to HW filter on device bond4 [ 371.633169][T23887] bond4: (slave bridge5): making interface the new active one [ 371.693879][T23887] bridge5: entered promiscuous mode [ 371.702983][T23887] bond4: (slave bridge5): Enslaving as an active interface with an up link [ 372.180072][T23930] syzkaller1: entered promiscuous mode [ 372.187003][T23930] syzkaller1: entered allmulticast mode [ 372.449581][T23955] __nla_validate_parse: 3 callbacks suppressed [ 372.449599][T23955] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8528'. [ 372.662186][T23969] syzkaller0: entered allmulticast mode [ 372.678013][T23969] syzkaller0 (unregistering): left allmulticast mode [ 372.746899][T23976] netlink: 'syz.0.8536': attribute type 14 has an invalid length. [ 372.754919][T23976] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8536'. [ 372.772563][ T61] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 372.781647][T23976] netlink: 'syz.0.8536': attribute type 14 has an invalid length. [ 372.783384][ T61] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 372.789650][T23976] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8536'. [ 372.800344][ T61] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 372.837390][ T61] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 372.935567][T23982] veth0: entered promiscuous mode [ 372.951089][T23982] veth0: left promiscuous mode [ 372.956930][T23984] netlink: 'syz.0.8539': attribute type 12 has an invalid length. [ 372.967585][T23984] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8539'. [ 372.977581][T23984] netlink: 'syz.0.8539': attribute type 12 has an invalid length. [ 372.985891][T23984] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8539'. [ 373.463580][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 374.278239][T24047] netlink: 27 bytes leftover after parsing attributes in process `syz.3.8565'. [ 374.835090][T24060] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8570'. [ 374.892449][T24060] 8021q: adding VLAN 0 to HW filter on device bond0 [ 375.993131][T24084] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8579'. [ 376.020772][T24082] netlink: 'syz.1.8578': attribute type 1 has an invalid length. [ 376.029650][T24086] ref_ctr_offset mismatch. inode: 0x82 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6 [ 376.037731][T24088] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.8581'. [ 376.063585][T24088] netlink: Conntrack attr has 4 unknown bytes [ 376.277907][T24104] tls_set_device_offload_rx: netdev not found [ 376.496227][ T5840] block nbd5: Receive control failed (result -107) [ 376.533647][T24116] nbd5: detected capacity change from 0 to 127 [ 376.562929][T24125] block nbd5: Dead connection, failed to find a fallback [ 376.583080][T24125] block nbd5: shutting down sockets [ 376.590990][T24125] blk_print_req_error: 286 callbacks suppressed [ 376.591008][T24125] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 376.623350][T24125] buffer_io_error: 286 callbacks suppressed [ 376.623368][T24125] Buffer I/O error on dev nbd5, logical block 0, async page read [ 376.654410][T24125] I/O error, dev nbd5, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 376.684133][T24125] Buffer I/O error on dev nbd5, logical block 1, async page read [ 376.692852][T24125] I/O error, dev nbd5, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 376.733796][T24125] Buffer I/O error on dev nbd5, logical block 2, async page read [ 376.741983][T24125] I/O error, dev nbd5, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 376.772114][T24125] Buffer I/O error on dev nbd5, logical block 3, async page read [ 376.796247][T24125] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 376.823454][T24125] Buffer I/O error on dev nbd5, logical block 0, async page read [ 376.838908][T24125] I/O error, dev nbd5, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 376.862985][T24125] Buffer I/O error on dev nbd5, logical block 1, async page read [ 376.877811][T24125] I/O error, dev nbd5, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 376.900830][T24125] Buffer I/O error on dev nbd5, logical block 2, async page read [ 376.923843][T24125] I/O error, dev nbd5, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 376.934747][T24125] Buffer I/O error on dev nbd5, logical block 3, async page read [ 376.942737][T24125] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 376.953875][T24125] Buffer I/O error on dev nbd5, logical block 0, async page read [ 376.975126][T24125] I/O error, dev nbd5, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 376.987293][T24125] Buffer I/O error on dev nbd5, logical block 1, async page read [ 377.000089][T24125] ldm_validate_partition_table(): Disk read failed. [ 377.011743][T24125] Dev nbd5: unable to read RDB block 0 [ 377.020759][T24125] nbd5: unable to read partition table [ 377.041657][T24125] ldm_validate_partition_table(): Disk read failed. [ 377.054389][T24125] Dev nbd5: unable to read RDB block 0 [ 377.074328][T24125] nbd5: unable to read partition table [ 377.322631][T24164] netlink: 'syz.1.8605': attribute type 9 has an invalid length. [ 377.374552][T24164] netlink: 'syz.1.8605': attribute type 11 has an invalid length. [ 377.494937][T24164] netlink: 'syz.1.8605': attribute type 12 has an invalid length. [ 377.512357][T24164] netlink: 210020 bytes leftover after parsing attributes in process `syz.1.8605'. [ 377.650262][T24177] nbd: couldn't find a device at index 0 [ 377.772910][ T29] audit: type=1800 audit(1776213335.381:6): pid=24181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.8613" name=4996AE17DFFC2E43C8174B54B620636894AAACF28FF62616363C70A440AEC4014CAF28C0ADC04308 dev="tmpfs" ino=8906 res=0 errno=0 [ 378.109009][T24197] netlink: 'syz.4.8622': attribute type 7 has an invalid length. [ 378.128242][T24197] netlink: 'syz.4.8622': attribute type 7 has an invalid length. [ 378.307081][T24206] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8625'. [ 378.333620][T24206] netlink: 'syz.0.8625': attribute type 6 has an invalid length. [ 378.341407][T24206] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8625'. [ 378.377046][T24206] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8625'. [ 378.438145][T24206] netlink: 'syz.0.8625': attribute type 6 has an invalid length. [ 378.446427][T24206] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8625'. [ 378.588978][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.126457][T24251] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 380.155219][ T1164] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 380.178822][ T1164] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.205665][ T1164] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 56193 - 0 [ 380.232956][T24260] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.8643'. [ 380.243417][ T1164] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 380.269005][ T1164] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.278986][ T1164] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 56193 - 0 [ 380.312793][ T1164] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 380.322906][ T1164] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.332053][ T1164] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 56193 - 0 [ 380.342337][ T1164] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 380.358598][ T1164] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.390751][ T1164] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 56193 - 0 [ 380.602006][T24281] pim6reg1: entered promiscuous mode [ 380.617843][T24281] pim6reg1: entered allmulticast mode [ 380.826577][T24299] bond3: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 380.846401][T24299] bond3: (slave lo): Enslaving as an active interface with an up link [ 380.855487][T24299] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 380.885638][T24302] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8661'. [ 381.071658][T24313] netlink: 'syz.2.8665': attribute type 9 has an invalid length. [ 381.082235][T24313] netlink: 'syz.2.8665': attribute type 11 has an invalid length. [ 381.109361][T24313] netlink: 'syz.2.8665': attribute type 12 has an invalid length. [ 381.132578][T24313] netlink: 210020 bytes leftover after parsing attributes in process `syz.2.8665'. [ 381.150263][T24319] netlink: 140 bytes leftover after parsing attributes in process `syz.1.8667'. [ 381.166606][T24313] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8665'. [ 381.373172][T24332] netlink: 'syz.0.8671': attribute type 7 has an invalid length. [ 381.392780][T24332] erspan0: entered promiscuous mode [ 381.399459][T24332] gretap0: entered promiscuous mode [ 381.409142][T24332] hsr1: Slave A (erspan0) is not up; please bring it up to get a fully working HSR network [ 381.419538][T24332] hsr1: Slave B (gretap0) is not up; please bring it up to get a fully working HSR network [ 381.706061][T24350] netlink: 'syz.3.8676': attribute type 1 has an invalid length. [ 382.055569][T24371] syzkaller1: entered promiscuous mode [ 382.061304][T24371] syzkaller1: entered allmulticast mode [ 382.284099][T24386] netlink: 'syz.4.8693': attribute type 9 has an invalid length. [ 382.292113][T24386] netlink: 'syz.4.8693': attribute type 11 has an invalid length. [ 382.301217][T24386] netlink: 'syz.4.8693': attribute type 12 has an invalid length. [ 382.525663][T24403] __nla_validate_parse: 8 callbacks suppressed [ 382.525684][T24403] netlink: 1363 bytes leftover after parsing attributes in process `syz.4.8701'. [ 382.625284][T24406] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 382.879851][T24418] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 383.387382][T24436] syzkaller1: entered promiscuous mode [ 383.392970][T24436] syzkaller1: entered allmulticast mode [ 383.857844][T24459] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8724'. [ 383.900185][T24459] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8724'. [ 383.974039][T24459] netlink: 'syz.4.8724': attribute type 15 has an invalid length. [ 384.009258][T24454] gtp0: left promiscuous mode [ 384.022532][T24454] bridge2: left promiscuous mode [ 384.029711][T24454] vlan2: left promiscuous mode [ 384.038250][T24454] geneve1: left promiscuous mode [ 384.047155][T24454] gtp1: left promiscuous mode [ 384.064621][T24454] vlan0: left allmulticast mode [ 384.069616][T24454] veth0_vlan: left allmulticast mode [ 384.075632][T24454] vlan0: left promiscuous mode [ 384.081009][T24454] macvtap1: left promiscuous mode [ 384.102444][ T151] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 384.112233][ T151] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.121915][ T151] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 384.162195][ T151] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.201530][ T151] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 384.211599][T24459] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8724'. [ 384.220866][ T151] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.230341][T24459] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8724'. [ 384.240545][ T151] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 384.245658][T24464] netlink: 'syz.0.8726': attribute type 9 has an invalid length. [ 384.250226][ T151] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.270665][ T151] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 256 - 0 [ 384.279887][ T151] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 256 - 0 [ 384.293510][T24464] netlink: 210020 bytes leftover after parsing attributes in process `syz.0.8726'. [ 384.309689][ T151] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 256 - 0 [ 384.314280][T24464] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8726'. [ 384.329068][ T151] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 256 - 0 [ 384.359924][T24466] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8727'. [ 384.809311][T24481] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8734'. [ 384.991279][T24493] netlink: 207952 bytes leftover after parsing attributes in process `syz.1.8739'. [ 385.472959][ T12] netdevsim netdevsim4 netdevsim0: set [0, 1] type 1 family 0 port 8472 - 0 [ 385.490789][ T12] netdevsim netdevsim4 netdevsim1: set [0, 1] type 1 family 0 port 8472 - 0 [ 385.516945][ T12] netdevsim netdevsim4 netdevsim2: set [0, 1] type 1 family 0 port 8472 - 0 [ 385.538222][ T12] netdevsim netdevsim4 netdevsim3: set [0, 1] type 1 family 0 port 8472 - 0 [ 385.662436][T24541] veth0: entered promiscuous mode [ 385.673013][T24541] veth0 (unregistering): left promiscuous mode [ 386.236207][T24574] validate_nla: 7 callbacks suppressed [ 386.236226][T24574] netlink: 'syz.3.8772': attribute type 1 has an invalid length. [ 386.402494][T24578] bond4: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 386.469949][T24578] bond4: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 386.564874][T24578] bond4: (slave ip6gre1): making interface the new active one [ 386.620661][T24578] bond4: (slave ip6gre1): Enslaving as an active interface with an up link [ 387.763006][T24654] trusted_key: syz.1.8795 sent an empty control message without MSG_MORE. [ 388.142134][T24664] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 388.237444][T24666] __nla_validate_parse: 11 callbacks suppressed [ 388.237465][T24666] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.8798'. [ 388.485796][T24683] netlink: 33 bytes leftover after parsing attributes in process `syz.4.8807'. [ 388.498909][T24683] netlink: 140 bytes leftover after parsing attributes in process `syz.4.8807'. [ 388.508601][T24683] netlink: 33 bytes leftover after parsing attributes in process `syz.4.8807'. [ 388.775549][T24703] team0: No ports can be present during mode change [ 388.824423][T24705] [ 388.826797][T24705] ====================================================== [ 388.834081][T24705] WARNING: possible circular locking dependency detected [ 388.841122][T24705] syzkaller #0 Not tainted [ 388.845530][T24705] ------------------------------------------------------ [ 388.852541][T24705] syz.1.8818/24705 is trying to acquire lock: [ 388.858619][T24705] ffffffff8e883760 (fs_reclaim){+.+.}-{0:0}, at: prepare_alloc_pages+0x152/0x650 [ 388.867769][T24705] [ 388.867769][T24705] but task is already holding lock: [ 388.875130][T24705] ffff888028913440 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x36/0x340 [ 388.884700][T24705] [ 388.884700][T24705] which lock already depends on the new lock. [ 388.884700][T24705] [ 388.895092][T24705] [ 388.895092][T24705] the existing dependency chain (in reverse order) is: [ 388.904092][T24705] [ 388.904092][T24705] -> #7 (&mm->mmap_lock){++++}-{4:4}: [ 388.911739][T24705] __might_fault+0xcb/0x130 [ 388.916938][T24705] _copy_from_iter+0x100/0x1670 [ 388.922330][T24705] tcp_sendmsg_locked+0x2151/0x5490 [ 388.928055][T24705] tcp_sendmsg+0x2f/0x50 [ 388.932903][T24705] sock_write_iter+0x406/0x4f0 [ 388.938188][T24705] vfs_write+0x61d/0xb90 [ 388.942944][T24705] ksys_write+0x150/0x270 [ 388.947801][T24705] do_syscall_64+0x14d/0xf80 [ 388.952912][T24705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.959441][T24705] [ 388.959441][T24705] -> #6 (sk_lock-AF_INET){+.+.}-{0:0}: [ 388.967078][T24705] lock_sock_nested+0x48/0x100 [ 388.972426][T24705] inet_shutdown+0x6a/0x390 [ 388.977451][T24705] nbd_mark_nsock_dead+0x2e9/0x560 [ 388.983080][T24705] recv_work+0x1c7f/0x1d90 [ 388.988009][T24705] process_scheduled_works+0xb6e/0x18c0 [ 388.994249][T24705] worker_thread+0xa53/0xfc0 [ 388.999361][T24705] kthread+0x388/0x470 [ 389.003947][T24705] ret_from_fork+0x51e/0xb90 [ 389.009059][T24705] ret_from_fork_asm+0x1a/0x30 [ 389.014342][T24705] [ 389.014342][T24705] -> #5 (&nsock->tx_lock){+.+.}-{4:4}: [ 389.021987][T24705] __mutex_lock+0x19f/0x1300 [ 389.027099][T24705] nbd_queue_rq+0x37b/0x1100 [ 389.032211][T24705] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 389.038287][T24705] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 389.045245][T24705] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 389.051832][T24705] blk_mq_run_hw_queue+0x348/0x4f0 [ 389.057900][T24705] blk_mq_dispatch_list+0xd16/0xe10 [ 389.063635][T24705] blk_mq_flush_plug_list+0x48d/0x570 [ 389.069525][T24705] __blk_flush_plug+0x3ed/0x4d0 [ 389.074895][T24705] __submit_bio+0x28d/0x580 [ 389.079912][T24705] submit_bio_noacct_nocheck+0x2f4/0xa70 [ 389.086055][T24705] block_read_full_folio+0x599/0x830 [ 389.091863][T24705] filemap_read_folio+0x137/0x3b0 [ 389.097923][T24705] do_read_cache_folio+0x358/0x590 [ 389.103549][T24705] read_part_sector+0xb6/0x2b0 [ 389.108825][T24705] adfspart_check_ICS+0xa5/0xa40 [ 389.114272][T24705] bdev_disk_changed+0x7ba/0x1550 [ 389.119804][T24705] blkdev_get_whole+0x380/0x510 [ 389.125342][T24705] bdev_open+0x31e/0xd30 [ 389.130103][T24705] blkdev_open+0x470/0x610 [ 389.135040][T24705] do_dentry_open+0x785/0x14e0 [ 389.140324][T24705] vfs_open+0x3b/0x340 [ 389.144941][T24705] path_openat+0x2e08/0x3860 [ 389.150056][T24705] do_file_open+0x23e/0x4a0 [ 389.155156][T24705] do_sys_openat2+0x113/0x200 [ 389.160384][T24705] __x64_sys_openat+0x138/0x170 [ 389.165752][T24705] do_syscall_64+0x14d/0xf80 [ 389.171128][T24705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.177536][T24705] [ 389.177536][T24705] -> #4 (&cmd->lock){+.+.}-{4:4}: [ 389.184739][T24705] __mutex_lock+0x19f/0x1300 [ 389.189868][T24705] nbd_queue_rq+0xc6/0x1100 [ 389.194908][T24705] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 389.200969][T24705] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 389.207814][T24705] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 389.214318][T24705] blk_mq_run_hw_queue+0x348/0x4f0 [ 389.219958][T24705] blk_mq_dispatch_list+0xd16/0xe10 [ 389.225671][T24705] blk_mq_flush_plug_list+0x48d/0x570 [ 389.231557][T24705] __blk_flush_plug+0x3ed/0x4d0 [ 389.236950][T24705] __submit_bio+0x28d/0x580 [ 389.241995][T24705] submit_bio_noacct_nocheck+0x2f4/0xa70 [ 389.248144][T24705] block_read_full_folio+0x599/0x830 [ 389.254035][T24705] filemap_read_folio+0x137/0x3b0 [ 389.259575][T24705] do_read_cache_folio+0x358/0x590 [ 389.265209][T24705] read_part_sector+0xb6/0x2b0 [ 389.270517][T24705] adfspart_check_ICS+0xa5/0xa40 [ 389.276139][T24705] bdev_disk_changed+0x7ba/0x1550 [ 389.281673][T24705] blkdev_get_whole+0x380/0x510 [ 389.287038][T24705] bdev_open+0x31e/0xd30 [ 389.291816][T24705] blkdev_open+0x470/0x610 [ 389.296746][T24705] do_dentry_open+0x785/0x14e0 [ 389.302121][T24705] vfs_open+0x3b/0x340 [ 389.306794][T24705] path_openat+0x2e08/0x3860 [ 389.311893][T24705] do_file_open+0x23e/0x4a0 [ 389.316907][T24705] do_sys_openat2+0x113/0x200 [ 389.322100][T24705] __x64_sys_openat+0x138/0x170 [ 389.327464][T24705] do_syscall_64+0x14d/0xf80 [ 389.332568][T24705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.339146][T24705] [ 389.339146][T24705] -> #3 (set->srcu){.+.+}-{0:0}: [ 389.346261][T24705] __synchronize_srcu+0xca/0x300 [ 389.351736][T24705] elevator_switch+0x1e8/0x7a0 [ 389.357010][T24705] elevator_change+0x2cc/0x450 [ 389.362289][T24705] elevator_set_default+0x36c/0x430 [ 389.368020][T24705] blk_register_queue+0x366/0x430 [ 389.373558][T24705] __add_disk+0x677/0xd50 [ 389.378500][T24705] add_disk_fwnode+0xfb/0x480 [ 389.383696][T24705] nbd_dev_add+0x72c/0xb50 [ 389.388623][T24705] nbd_init+0x168/0x1f0 [ 389.393296][T24705] do_one_initcall+0x250/0x8d0 [ 389.398574][T24705] do_initcall_level+0x104/0x190 [ 389.404023][T24705] do_initcalls+0x59/0xa0 [ 389.408866][T24705] kernel_init_freeable+0x2a6/0x3e0 [ 389.414661][T24705] kernel_init+0x1d/0x1d0 [ 389.419498][T24705] ret_from_fork+0x51e/0xb90 [ 389.424598][T24705] ret_from_fork_asm+0x1a/0x30 [ 389.429875][T24705] [ 389.429875][T24705] -> #2 (&q->elevator_lock){+.+.}-{4:4}: [ 389.437684][T24705] __mutex_lock+0x19f/0x1300 [ 389.442790][T24705] elevator_change+0x1b3/0x450 [ 389.448094][T24705] elevator_set_none+0xb5/0x140 [ 389.453456][T24705] blk_mq_update_nr_hw_queues+0x5e7/0x1a60 [ 389.459861][T24705] nbd_start_device+0x17f/0xb10 [ 389.465220][T24705] nbd_genl_connect+0x165b/0x1cf0 [ 389.470753][T24705] genl_family_rcv_msg_doit+0x22a/0x330 [ 389.476825][T24705] genl_rcv_msg+0x61c/0x7a0 [ 389.481841][T24705] netlink_rcv_skb+0x232/0x4b0 [ 389.487114][T24705] genl_rcv+0x28/0x40 [ 389.491637][T24705] netlink_unicast+0x80f/0x9b0 [ 389.496907][T24705] netlink_sendmsg+0x813/0xb40 [ 389.502183][T24705] ____sys_sendmsg+0x972/0x9f0 [ 389.507460][T24705] ___sys_sendmsg+0x2a5/0x360 [ 389.512650][T24705] __x64_sys_sendmsg+0x1bd/0x2a0 [ 389.518100][T24705] do_syscall_64+0x14d/0xf80 [ 389.523207][T24705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.529618][T24705] [ 389.529618][T24705] -> #1 (&q->q_usage_counter(io)#51){++++}-{0:0}: [ 389.538219][T24705] blk_alloc_queue+0x546/0x680 [ 389.543495][T24705] __blk_mq_alloc_disk+0x197/0x390 [ 389.549131][T24705] nbd_dev_add+0x499/0xb50 [ 389.554061][T24705] nbd_init+0x168/0x1f0 [ 389.558730][T24705] do_one_initcall+0x250/0x8d0 [ 389.564013][T24705] do_initcall_level+0x104/0x190 [ 389.569484][T24705] do_initcalls+0x59/0xa0 [ 389.574351][T24705] kernel_init_freeable+0x2a6/0x3e0 [ 389.580075][T24705] kernel_init+0x1d/0x1d0 [ 389.584934][T24705] ret_from_fork+0x51e/0xb90 [ 389.590130][T24705] ret_from_fork_asm+0x1a/0x30 [ 389.595446][T24705] [ 389.595446][T24705] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 389.602738][T24705] __lock_acquire+0x15a5/0x2cf0 [ 389.608113][T24705] lock_acquire+0xf0/0x2e0 [ 389.613070][T24705] fs_reclaim_acquire+0x71/0x100 [ 389.618518][T24705] prepare_alloc_pages+0x152/0x650 [ 389.624229][T24705] __alloc_frozen_pages_noprof+0x12f/0x380 [ 389.630633][T24705] alloc_pages_mpol+0x232/0x4a0 [ 389.635998][T24705] alloc_pages_noprof+0xa8/0x1a0 [ 389.641560][T24705] pte_alloc_one+0x22/0x370 [ 389.646778][T24705] do_pte_missing+0x12c2/0x3490 [ 389.652291][T24705] handle_mm_fault+0x1bec/0x3310 [ 389.658264][T24705] do_user_addr_fault+0x75b/0x1340 [ 389.664090][T24705] exc_page_fault+0x6a/0xc0 [ 389.669135][T24705] asm_exc_page_fault+0x26/0x30 [ 389.674583][T24705] __get_user_4+0x14/0x20 [ 389.679516][T24705] ppp_ioctl+0x59b/0x1b30 [ 389.684356][T24705] __se_sys_ioctl+0xfc/0x170 [ 389.689462][T24705] do_syscall_64+0x14d/0xf80 [ 389.694575][T24705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.700981][T24705] [ 389.700981][T24705] other info that might help us debug this: [ 389.700981][T24705] [ 389.711191][T24705] Chain exists of: [ 389.711191][T24705] fs_reclaim --> sk_lock-AF_INET --> &mm->mmap_lock [ 389.711191][T24705] [ 389.723715][T24705] Possible unsafe locking scenario: [ 389.723715][T24705] [ 389.731238][T24705] CPU0 CPU1 [ 389.736605][T24705] ---- ---- [ 389.741957][T24705] rlock(&mm->mmap_lock); [ 389.746380][T24705] lock(sk_lock-AF_INET); [ 389.753325][T24705] lock(&mm->mmap_lock); [ 389.760171][T24705] lock(fs_reclaim); [ 389.764145][T24705] [ 389.764145][T24705] *** DEADLOCK *** [ 389.764145][T24705] [ 389.772271][T24705] 2 locks held by syz.1.8818/24705: [ 389.777448][T24705] #0: ffffffff8f387088 (ppp_mutex){+.+.}-{4:4}, at: ppp_ioctl+0xdf/0x1b30 [ 389.786062][T24705] #1: ffff888028913440 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x36/0x340 [ 389.795977][T24705] [ 389.795977][T24705] stack backtrace: [ 389.801861][T24705] CPU: 0 UID: 0 PID: 24705 Comm: syz.1.8818 Not tainted syzkaller #0 PREEMPT(full) [ 389.801879][T24705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 389.801892][T24705] Call Trace: [ 389.801898][T24705] [ 389.801905][T24705] dump_stack_lvl+0xe8/0x150 [ 389.801927][T24705] print_circular_bug+0x2e1/0x300 [ 389.801953][T24705] check_noncircular+0x12e/0x150 [ 389.801978][T24705] __lock_acquire+0x15a5/0x2cf0 [ 389.801998][T24705] ? __lock_acquire+0x6b5/0x2cf0 [ 389.802019][T24705] ? __lock_acquire+0x6b5/0x2cf0 [ 389.802039][T24705] ? __lock_acquire+0x6b5/0x2cf0 [ 389.802059][T24705] lock_acquire+0xf0/0x2e0 [ 389.802077][T24705] ? prepare_alloc_pages+0x152/0x650 [ 389.802097][T24705] ? unwind_next_frame+0xa5/0x23c0 [ 389.802122][T24705] fs_reclaim_acquire+0x71/0x100 [ 389.802139][T24705] ? prepare_alloc_pages+0x152/0x650 [ 389.802156][T24705] prepare_alloc_pages+0x152/0x650 [ 389.802177][T24705] __alloc_frozen_pages_noprof+0x12f/0x380 [ 389.802199][T24705] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 389.802219][T24705] ? __pfx_policy_nodemask+0x10/0x10 [ 389.802238][T24705] ? kernel_text_address+0xa5/0xe0 [ 389.802255][T24705] ? __kernel_text_address+0xd/0x30 [ 389.802271][T24705] ? unwind_get_return_address+0x4d/0x90 [ 389.802295][T24705] alloc_pages_mpol+0x232/0x4a0 [ 389.802316][T24705] alloc_pages_noprof+0xa8/0x1a0 [ 389.802337][T24705] pte_alloc_one+0x22/0x370 [ 389.802359][T24705] do_pte_missing+0x12c2/0x3490 [ 389.802384][T24705] handle_mm_fault+0x1bec/0x3310 [ 389.802412][T24705] ? handle_mm_fault+0xee/0x3310 [ 389.802437][T24705] ? __pfx_handle_mm_fault+0x10/0x10 [ 389.802467][T24705] ? lock_mm_and_find_vma+0xa7/0x340 [ 389.802485][T24705] do_user_addr_fault+0x75b/0x1340 [ 389.802510][T24705] exc_page_fault+0x6a/0xc0 [ 389.802532][T24705] asm_exc_page_fault+0x26/0x30 [ 389.802549][T24705] RIP: 0010:__get_user_4+0x14/0x20 [ 389.802568][T24705] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 389.802582][T24705] RSP: 0018:ffffc9000215fd78 EFLAGS: 00050287 [ 389.802595][T24705] RAX: 000000110e22fff6 RBX: ffff88807c198000 RCX: 0000000000000046 [ 389.802607][T24705] RDX: 00007ffffffff000 RSI: ffffffff8e16d26f RDI: ffffffff8c27d580 [ 389.802618][T24705] RBP: ffffc9000215fea8 R08: ffffffff8216855f R09: ffff888028913440 [ 389.802635][T24705] R10: 00000000c004743e R11: 0000000000000002 R12: 00000000c004743e [ 389.802645][T24705] R13: ffff88807c1980f0 R14: ffff888088b3d340 R15: 1ffff11011167a73 [ 389.802659][T24705] ? __might_fault+0xaf/0x130 [ 389.802677][T24705] ppp_ioctl+0x59b/0x1b30 [ 389.802698][T24705] ? __pfx_ppp_ioctl+0x10/0x10 [ 389.802717][T24705] ? __fget_files+0x2a/0x420 [ 389.802730][T24705] ? __fget_files+0x3a0/0x420 [ 389.802742][T24705] ? __fget_files+0x2a/0x420 [ 389.802756][T24705] ? bpf_lsm_file_ioctl+0x9/0x20 [ 389.802776][T24705] ? __pfx_ppp_ioctl+0x10/0x10 [ 389.802793][T24705] __se_sys_ioctl+0xfc/0x170 [ 389.802813][T24705] do_syscall_64+0x14d/0xf80 [ 389.802832][T24705] ? trace_irq_disable+0x3b/0x150 [ 389.802846][T24705] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.802860][T24705] ? clear_bhb_loop+0x40/0x90 [ 389.802877][T24705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.802891][T24705] RIP: 0033:0x7fc75619c819 [ 389.802905][T24705] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 389.802918][T24705] RSP: 002b:00007fc756ff3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 389.802933][T24705] RAX: ffffffffffffffda RBX: 00007fc756415fa0 RCX: 00007fc75619c819 [ 389.802944][T24705] RDX: 000000110e22fff6 RSI: 00000000c004743e RDI: 0000000000000003 [ 389.802954][T24705] RBP: 00007fc756232c91 R08: 0000000000000000 R09: 0000000000000000 [ 389.802964][T24705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 389.802973][T24705] R13: 00007fc756416038 R14: 00007fc756415fa0 R15: 00007ffdd570f818 [ 389.802990][T24705] [ 390.203897][T24678] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 390.215874][T24678] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 390.230877][T24709] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.8819'.