last executing test programs: 7.350366408s ago: executing program 2 (id=3010): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0x2, 0x2}, @TCA_FQ_QUANTUM={0x2, 0x2}]}}]}, 0x48}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r3) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r5, 0x0) recvmsg(r5, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x10000) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x20, r4, 0xd7b825ccd16be7b5, 0x70bd29, 0x25dfdbfb, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20004810}, 0x2000c800) socket$nl_route(0x10, 0x3, 0x0) (async) socket$inet6_udp(0xa, 0x2, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00'}) (async) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0x2, 0x2}, @TCA_FQ_QUANTUM={0x2, 0x2}]}}]}, 0x48}}, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r3) (async) socket$inet6_mptcp(0xa, 0x1, 0x106) (async) listen(r5, 0x0) (async) recvmsg(r5, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x10000) (async) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x20, r4, 0xd7b825ccd16be7b5, 0x70bd29, 0x25dfdbfb, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20004810}, 0x2000c800) (async) 7.097556571s ago: executing program 2 (id=3014): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="31cf5eeb62e049a8483f4886c763152f172877b0f6405b86b92d6b8ab6df0694eb3a1326727ec315556680578b43c70919e699c298871d143fd9b210e7b73d88d4609283383eccdf5c9da7b0ca1bea022dba0ec1ffc85172594c75f41b9930486f63d027b9bec9aaa0f92ca706b2a0d5067b7074d63f1dcf19a034676777b1baedf2b2f0bf3aab429cf52b6b50bd93eb71260a387796d9c5", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001b80)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000020000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c7d376238975d43a4505f80fc88943c4f0cf08e467b592f868ee30a0e8c1bf176db2a6b2feb4b6fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872971c7c56f0979bd10b97163c1d6d0e1946c79521b1abda45cbe8d0d26b5069f8a98f7dc8f76b74635fc9f9de9ca3c00cb9bf4e418d07fa22f0610a70f2bdf4000000000000b0c2940dd8e263aa743f7555193161f45346b1004006000000e1ffff8816326d7d25c32aac1c7d5b5be399f6609876b5887437a172fbc02a74067529194e533583412dff048f0000000000000000b2728a0481e9f0da43bb6cfb851cd364ff19ffcafe3e64be033c9d2f002cc93c1c13caec04a347383420336bec88c24a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa2c6e94bd0339454c13ad3e328a100000000b515a1000000000000000eb2e9c15b6c8f6198282df27badac8507bc7d202e0990e0"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000711237000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) r1 = socket$kcm(0x2, 0x1, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f0000000100)={r1}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0x100, 0x9, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0x8, r2}, 0x38) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r2}, 0x38) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r3}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 6.878235346s ago: executing program 2 (id=3017): r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="7a0af8ff75257075bfa100000000000007010000f9ffffffb702000005000000bf130000000000008500000006000000b7000000000000009500000000000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b257183fa3bcd48666d1ddd73f3047d248df061222193165274bc7f2382f6cda4bfdd45be583823c0f09601f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000000db453620ce7243d1aebd00000000000000005839c77edf2d34b12cd48a0c20fb7dd843267e0331759f4ec6b5b0af58e604f4942eb613eff289026d5045ef76d7d864409eb2dcc718a09f4886afc26abba34635d0e8b54bc76be40d435aa8b5202db761014b1b999a12df6bee431a666100"/296], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x2800000002000000, 0xe, 0x55, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", &(0x7f0000000380)=""/85, 0x7300, 0x4000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x4}, 0x28) r3 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000200), 0x12) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r6, @ANYBLOB="0c000280f5"], 0x24}}, 0x0) setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f0000000000)={0xffffffffffffffff, 0x8, 0x5, 0x8, @vifc_lcl_ifindex=r6, @rand_addr=0x64010102}, 0x10) r7 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r7, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r7, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmmsg$inet(r7, &(0x7f0000000e80)=[{{&(0x7f0000000140)={0x2, 0x4e24, @private=0xa010102}, 0x10, &(0x7f00000002c0)=[{&(0x7f00000001c0)="39ff4a825d98fe514cb7b9ced7122e418137cf9c100a8f49013c1f0eaa593a", 0x1f}], 0x1, &(0x7f0000000300)=[@ip_ttl={{0x14, 0x0, 0x2, 0x5}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x9}}], 0x30}}, {{&(0x7f0000000340)={0x2, 0x4e22, @loopback}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000380)="e91cc81a7bdd71fb91469230d298805f60332f55c64dc04a5451402a89aac05bafff9e27af90d26512fc2c5474cdaa6455aa1b251310b3d1452851e0aef6970cb2ecdd70e41c0c07c8e3e5a2c74473ccfc8c98ae940f40701205a9355c62a25f7e3179e5d90df04b8375e26a360d74eb9b56b90550ec86eb20b7a20f254f3ece4cb51ea921ff4b9a3e4dfeb1b0b9069eb321c6f348c663a311fc6b15571606aa8e", 0xa1}, {&(0x7f00000004c0)="400692c82ceb1d15927a31a85dc7ab5727acd4f09ec2906ab7b84fc051de8f77c35eb439531df14a15f01e26f25407ef12149e39a99b49d9177b15287a4c3b4ea09845b237e1099f622b3c23e06e5907761bc84183c5f7ae508ded9b0919edf31d23f3b3e95b738d9c9b4db48dbbd40a223dd987909eb3cdd173a646fd0cd836e4bef959d3143f25240a4de3d4ab01ee4efd5044f5e2c1daae2b77f7b288519843", 0xa1}, {&(0x7f0000000580)="05ed4290e91a518aac4114659b9e938f4b36036d3abf216bc0f7fd06ef00343fa7da4c10481efb05c308a0768a5ce48224b13d852018e240285ffef27000cae2429559d530", 0x45}, {&(0x7f0000000600)="6f4833a47d70019917e62ca12ae39421ac754781f8e7b455d654003e68a922590fc33ca9716bf22d86ea6bff499dfc71d547a0b4138dbea1e4cb2425da49dd34618e6be458b1f74cdc50baa7a0cb8441e5b2decb33795fa90fe489c7859aeb19059ac38a4a624933432d3bbcec28e4f619fceb88fba093ad1c39f6381792e0135d6e12a5a692aef1e032cc0947e19140b07f6f7a2a5b3c230aee37b21e1e2a6015d51f077866f6c8f6e31ecf6e25466cf17f043c83641b7210fea4af33230a936f95a9b905200ccda4313424ae8fbc3ba6745b90430c9a24d6dd67d606bb1e829eef4cc454af4b8990e704d5ba087aaa05622f50075dc2f77f", 0xf9}], 0x4}}, {{&(0x7f0000000740)={0x2, 0x4e24, @broadcast}, 0x10, &(0x7f0000000ac0)=[{&(0x7f0000000780)="7607cbc74119e54db817c08a77c97cfd89f3e69db091ae4524dc913957c75b808a5da10a09a18a89a816b761b676a36855a10cbe8897c78e4df1a19978df5886da4a74181829e97f388de3a44c3599da016b61a66a3863aca62692961c71a67afae1dd8c457abaaa3b0390dd2b761e6142ce361dd142bec5541335cf913170ada4adf0665332f2ede5d6035acb020fd17ce1fa", 0x93}, {&(0x7f0000000840)="94b86f828fc994e6bf53c84f2d3446a5ac5023c09fbd182daa008381faab4826db4b867b584ca59e3807acf53c21bf13ad5c89c7dcf9d3f62917bfd1bffb434af67b7f7ece1c942bc389aa3849ad011c8f772631834d091e9dd00c28df08ec4e5606517e4e57a1b8d9412cb4ddcac32fc03bdcc86f2669d8fc4c235f221c51ed5afab2", 0x83}, {&(0x7f0000000900)="19c300806bc4b308097088ab4b13dcc679fea1a790d27b9c10cdaa2b0033729be4db27e0ed76baeefeb1f7c681bef26b7cba75b25c0b7fda1187711c23b6fde53d641cc67c2c4ff6c817adab2d9f0d46ebf2c6", 0x53}, {&(0x7f0000000980)="8b00e5553df654ad6e830bb16189608b6c338fa78a5f7a68a0f47075fd95d27ef7ce9bb4c05ed13e87faa6a752c9791cad7ea7ec367383a2fbee72a4ca491b4ee9194e4c3f6fdb6e23e8f05c5be5bc6fa9dfa16223c7d4821bebfac2d82f40c3881d", 0x62}, {&(0x7f0000000a00)="bf022f598beab328f62106b2513cf3c966f5a9da0b409e19fa3cc957730d17f1ae7e9e977915ff02bba07b4d2675ddce5a43d4e369cab2b67ef05fd8e75d32c56af4e2e87cf40e0a3171d2efdf58f862b68af5605078efa06756727fd18ba860d5709fc2274f09e6a57c4bdbf647162fda7c07913592632d2e9140413826e9f57c", 0x81}], 0x5, &(0x7f0000000b40)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @local, @local}}}], 0x20}}, {{&(0x7f0000000b80)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000000c80)=[{&(0x7f0000000bc0)="765cd287bed8650e467350045b6d94a270dee60c0b0e25f9ae1ab62b6d4af4cb5735d7501b0119d3c9fcd8e047970ff78433f9ebb5e2d42f40825335dbc318b70b99dd9a15381860181fc52bf8da2e9308f77b736c4b4e5f0fbe9eb4f38d7b21602778da0951ac1d6b6f7cdd3029db4f27096795058a258dfa85a5d81c6cbad5d1ab38e984736ff1", 0x88}], 0x1, &(0x7f0000000cc0)=[@ip_retopts={{0x6c, 0x0, 0x7, {[@lsrr={0x83, 0xf, 0x43, [@empty, @multicast2, @remote]}, @timestamp_addr={0x44, 0x24, 0xe1, 0x1, 0x7, [{@remote, 0x8002}, {@loopback, 0x9}, {@multicast2}, {@dev={0xac, 0x14, 0x14, 0x37}, 0x9}]}, @ra={0x94, 0x4}, @timestamp_addr={0x44, 0x1c, 0x2e, 0x1, 0x5, [{@loopback, 0x1}, {@local, 0x9}, {@empty, 0x9}]}, @timestamp={0x44, 0x8, 0x6a, 0x0, 0xf, [0x1]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @private=0xa010101, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x80}}, @ip_retopts={{0x94, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x2c, 0xea, 0x3, 0x6, [{@rand_addr=0x64010100, 0x9}, {@multicast1, 0x66fb}, {@rand_addr=0x64010100}, {@private=0xa010102, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3a}, 0x401}]}, @rr={0x7, 0x1b, 0xee, [@broadcast, @multicast2, @broadcast, @multicast1, @rand_addr=0x64010101, @loopback]}, @lsrr={0x83, 0x7, 0xd7, [@dev={0xac, 0x14, 0x14, 0x44}]}, @timestamp_prespec={0x44, 0x34, 0x8a, 0x3, 0x0, [{@multicast1, 0x9}, {@empty, 0x100}, {@rand_addr=0x64010101, 0x307}, {@broadcast}, {@dev={0xac, 0x14, 0x14, 0x1c}, 0x4}, {@multicast2, 0x2}]}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x9}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xa1}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x2}}], 0x188}}], 0x4, 0x200408d5) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r8) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000f80), 0x28a400, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x44, r9, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x0, 0x42}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_SETUP={0x10, 0x70, [@NL80211_MESH_SETUP_AUTH_PROTOCOL={0x5, 0x8, 0x2}, @NL80211_MESH_SETUP_USERSPACE_MPM={0x4}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x2004010) 6.59518717s ago: executing program 2 (id=3022): r0 = socket(0x8, 0x2, 0x7f) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000080)=0x1000a1, 0x4) sendmsg$nl_route(r0, &(0x7f0000000040)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x8000000, 0x0, {}, [@NHA_GROUP_TYPE={0x6}, @NHA_ENCAP={0x10, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0xc, 0x1, [{0x7f, 0x0, 0x1}, {0x200}]}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4804}, 0x0) 6.438452557s ago: executing program 2 (id=3026): r0 = socket$inet6(0xa, 0x5, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000040)={0x3, 'veth1_to_batadv\x00', {0x4}, 0x7}) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r1) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x30, r2, 0x607, 0x70bd27, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x30}}, 0x4008000) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2c}}}, 0x1c) r3 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) 6.057097832s ago: executing program 2 (id=3028): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r0, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @loopback}, 0x10) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r1, 0x0, 0x33, &(0x7f0000000000)=0x80001000, 0x4) connect$inet(r1, &(0x7f0000000080)={0x2, 0xce24, @local}, 0x10) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = epoll_create1(0x0) r4 = epoll_create1(0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000100)={0xa000000d}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000400)={0xa}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f00000003c0)={0x1008}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x16, 0x2, 0x8, 0x2, 0x9e8, 0x1, 0xfffffff2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x1}, 0x50) bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r6}, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x15, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000ffffff7f000000000d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000181b0000", @ANYRES32=r7, @ANYBLOB="000000000081165c00182a00"/28, @ANYRES32, @ANYBLOB="0000000003000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000017d004462700000000000000007110260000000000950000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x90) r8 = socket$inet(0x2, 0x4000000000000001, 0x0) r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f00000016c0)={'gretap0\x00', &(0x7f0000000080)=@ethtool_link_settings={0x4d, 0xfffffff9, 0x6, 0x7, 0x7f, 0xb2, 0x7, 0xf9, 0x68, 0x6, [0x3, 0x9, 0xffff7fff, 0x4, 0x8, 0x80, 0x8000]}}) r10 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000240)={'vxcan1\x00', 0x0}) bind$can_j1939(r10, &(0x7f0000000180)={0x1d, r11, 0x0, {0x0, 0x0, 0x1}, 0x2}, 0x18) sendmsg$nl_xfrm(r2, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000580)=@polexpire={0x290, 0x1b, 0x10, 0x70bd26, 0x25dfdbfd, {{{@in6=@private1, @in=@rand_addr=0x64010101, 0x4e24, 0x3, 0x4e23, 0x200, 0xa, 0x180, 0x0, 0x6c, r11, 0xee01}, {0x741, 0x8c, 0x8, 0x0, 0x1a6e, 0x0, 0x80000001, 0x2}, {0x9, 0x1, 0x7, 0x3}, 0x9, 0x6e6bb9, 0x1, 0x1, 0x2, 0x2}, 0x2}, [@sec_ctx={0x41, 0x8, {0x3d, 0x8, 0x1, 0x8, 0x35, "00462fef0f5bab97cb56f499076c138640ac9af74fdb9ae3489d72a5f9a8b9344caaf80a11a64dab1257c1aa1613c39d63e570c80c"}}, @extra_flags={0x8, 0x18, 0xcfe}, @tfcpad={0x8, 0x16, 0xb}, @srcaddr={0x14, 0xd, @in6=@private0}, @XFRMA_SET_MARK={0x8, 0x1d, 0x1}, @address_filter={0x28, 0x1a, {@in6=@loopback, @in=@loopback, 0xa, 0x7, 0x3}}, @algo_aead={0x138, 0x12, {{'aegis128-aesni\x00'}, 0x760, 0x100, "0b1bd8b42f7394127f831336e48ec7d29e1238eda85176096f82cded13edb308b27940903929ae455accbefb9b1f43da341084007a0d88c0d3fd6748ec01d5606c4657ad34e8eabcc157a1500cbdfbaff1008e79b4f7e77b071afde38266322def70923fc71377ab9efacd97d404982a9b7678654e6f1693f54d75a52ceed20c18de6331d9c3f13606e44189436b5eec4344abb3053e4a63c40f7e16e036bcb6dceb5482489e0c77a8fa9f44824e1a8bb7b54f0e5b1e1aa22588422f748f8cc8458e52783fed72695c33132c14677936700078f08932070171ac846d9f9d5edfc683bc1c4500b8e32917d4e2"}}]}, 0x290}, 0x1, 0x0, 0x0, 0x40040}, 0x4040090) sendmsg$nl_xfrm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newsa={0xfc, 0x10, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@multicast1, 0x0, 0x0, 0xfffc, 0x0, 0xa}, {@in=@local, 0x0, 0x3c}, @in6=@private1, {0xfffffffffffffffd, 0x0, 0xeebc, 0x0, 0x0, 0x80000000000002, 0x0, 0x10000000000000}, {0x3, 0x1}, {}, 0x70bd2c, 0xffffffff, 0x2}, [@policy_type={0xa}]}, 0xfc}}, 0x4854) r12 = socket$l2tp(0x2, 0x2, 0x73) connect$l2tp(r12, &(0x7f0000000000)={0x2, 0x0, @empty, 0x4}, 0x10) 1.714324347s ago: executing program 4 (id=3085): syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="e6180000", @ANYRES16=r0, @ANYBLOB="000227bd7000ffdbdf250600000008000300", @ANYRES32=r3, @ANYBLOB="05005300010000000500530000000000050053000100000008000500050000000a00e8000802110000010000280017800400020004000300040005000400060004000300040006000400040004000600040003001400178004000100040006000400030004000300280017800400010004000100040002000400030004000100040004000400060004000100040001001000178004000300040005000400010005005300010000001c00e700bf9edbf6a5de870a23d593beb90159385ebf0cda76a2aaad0500530001000000"], 0xe8}, 0x1, 0x0, 0x0, 0x1}, 0x20008081) socket$inet6(0xa, 0x800000000000002, 0x0) (async) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=@getnexthop={0x18, 0x76, 0xb0d, 0x4000, 0x0, {0x3}}, 0x18}, 0x1, 0x0, 0x0, 0x24000001}, 0x0) sendmsg$NL80211_CMD_START_AP(r1, &(0x7f0000000500)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x4000140}, 0xc, &(0x7f00000004c0)={&(0x7f0000000580)={0x8c, r0, 0x100, 0x70bd27, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_HE_BSS_COLOR={0x8, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_PARTIAL={0x4}]}, @NL80211_ATTR_HIDDEN_SSID={0x8, 0x7e, 0x2}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}], @crypto_settings=[@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0xfbfb}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0xea8bcc52e68c4cbb}, @NL80211_ATTR_CIPHER_SUITE_GROUP={0x8, 0x4a, 0xfac0a}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0xf8}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x2}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_AKM_SUITES={0x24, 0x4c, [0xfac12, 0xfac04, 0xfac0a, 0xfac07, 0x0, 0xfac09, 0xfac07, 0xfac0f]}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}], @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x81}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x4000090) setsockopt$inet6_udp_int(r4, 0x11, 0x67, &(0x7f0000000180)=0x7, 0x4) (async) setsockopt$inet6_udp_int(r4, 0x11, 0x67, &(0x7f0000000180)=0x7, 0x4) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x4e25, 0x2, @mcast1, 0x7}, 0x1c) write(r4, &(0x7f0000000200)="89", 0xffe3) (async) write(r4, &(0x7f0000000200)="89", 0xffe3) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) r9 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="31c7863639080000003120dcd9f724000000", @ANYRES16=r8, @ANYBLOB="010000000000000000000f00000008000300", @ANYRES32=r7, @ANYBLOB="08003c0004000000"], 0x24}}, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000003c0)={'bridge0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000003c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=@bridge_delneigh={0x1c, 0x1d, 0xf07, 0x0, 0x0, {0x7, 0x0, 0x0, r11, 0x8, 0x7a}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000001}, 0x0) setsockopt$inet6_mreq(r9, 0x29, 0x1c, &(0x7f0000000440)={@ipv4={'\x00', '\xff\xff', @local}, r11}, 0x14) (async) setsockopt$inet6_mreq(r9, 0x29, 0x1c, &(0x7f0000000440)={@ipv4={'\x00', '\xff\xff', @local}, r11}, 0x14) 1.517869249s ago: executing program 4 (id=3089): socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r0, 0x0, 0x800) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000000c0)) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) (async) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'bond0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x10}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18}}}]}, 0x48}}, 0x4c080) (async) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x10}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18}}}]}, 0x48}}, 0x4c080) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000140)={'wg2\x00', 0x0}) socket$igmp(0x2, 0x3, 0x2) (async) r7 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'bond0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r8}, 0x90) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x1, @ANYBLOB="000000000000000000000000000000000000000064bb6be529bd28f9ddda696cd9505c62758cffb2bbd0871914fa1e3c2f534abf94f6403f5e86bc3532e8c1a88e44d37eab1323a2efb8a28ab3c7c70c7586be0ac1c9927963f7", @ANYRES32=r8, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r9 = socket$netlink(0x10, 0x3, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) (async) r11 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r12, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x49, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r12, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000002c0)) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000002c0)={'batadv0\x00', 0x0}) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000440)={0x0, @dev}, &(0x7f00000004c0)=0xc) (async) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000440)={0x0, @dev}, &(0x7f00000004c0)=0xc) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000500)={'vxcan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f00000006c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000680)={&(0x7f0000000540)={0x110, 0x0, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x841}, 0x24008041) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="1800000024"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) r16 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x2, 0x2, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r16, &(0x7f0000000080), &(0x7f0000000200)=""/176}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000380)={r16, &(0x7f0000000300), &(0x7f0000000340)=""/55}, 0x20) r17 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r17, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010002000020fedbdf252500000008000300", @ANYRES32=r18, @ANYBLOB="080026006c09000009000700f4ae834f730000000a0006"], 0x58}, 0x1, 0x0, 0x0, 0x20040040}, 0x0) 1.34886342s ago: executing program 4 (id=3092): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@ipv4_newnexthop={0x1c, 0x68, 0xefce5d6aba1cf00f, 0x70bd28, 0x0, {}, [@NHA_FDB={0x4}]}, 0x1c}}, 0x0) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x8}, [@ldst={0x6, 0x3, 0x0, 0x0, 0xa}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) (async, rerun: 32) r1 = socket(0x10, 0x3, 0x0) (async) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010002000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000058000000090a010400000000000000000100000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000041c000980100002800c00018008000140000000020800014000000003"], 0x364}}, 0x0) (async) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_CMP_OP={0x8}, @NFTA_CMP_DATA={0xc, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "ef"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xf}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xcc}}, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x42000200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000540)={0x2cc, 0x0, 0x4, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x1a4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x3d, 0x4, {'gcm(aes)\x00', 0x15, "31eca4c21cd5c7e439bb0690f0c60bc73d0421e9e5"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x1}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0xc8, 0x3, "a83eae8cee7381828c218a65149c3671c3ef6bb98173cfb1267b290bfe05f649f51a3827396cfdc7a8ea7eef2f922fea0829bb97d45a3e3f810ec6d08e2c9954a6ea46e576965aab062ca540ce66e29e5faf113908f6408bca3c8e31fc2186f20869e51fc6c49fa59b0b6d36b9afcc83025db73b960a1e5da6f657612a225f52bb1fe8ab0dfbd7413d0933ca89fd32bb9b792d3efd6ecbaa8c5b06e63549b12e930acb254169b065800f69445f646a2358d3fafe6e79b9b7efa144c3ab63bf72c2dc7bf0"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0x79, 0x3, "10b8e455082f2fd5184d70b4eafe7250f37c0cfba2417e33ec167e6988f807fd7c85bd17d349ea0b3a6eaf51f5039a87fb34bee009f2c90887eb1c0c55161d0d0b2c27e876490f1aabcfffc6548b83c9f6c4d56512d7722cf9772e2d1ddf8faa8e279afc85ebe9d3885d34f2906dd99d067377672f"}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_NET={0x28, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x80}]}, @TIPC_NLA_BEARER={0xc8, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x11}}}, {0x14, 0x2, @in={0x2, 0x4e20, @broadcast}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @broadcast}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x0, @empty, 0x8}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}]}, @TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x2cc}, 0x1, 0x0, 0x0, 0x80}, 0xf22f62d32ac9a856) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f00000002c0), r5) sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="c8010000", @ANYRES16=r6, @ANYBLOB="0100000000000000000001000000060006000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5426c010880f4000080060005000180000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce851400040002000000ac1414aa00000000000000008c00098028000080060001000a00000014000200ff020000000000000000000000000001050003000000000028000080060001000a000000140002000000000000000000000000000000000105000300030000001c000080060001000a00da0008000200e0f4ff0105000300000000001c000080060001000200000008000200ac141400050003000000000074000080200004000a004e2200000000fc0000000000000000000000000000000400000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080003000100000024000200cde20bc0d9b90ac13642d7b66459dd9db5e20b4b16d3d23f2cb03a8aa417dce6080007000000000014000200776730"], 0x1c8}}, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001e00000085000000a000000095"], &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async, rerun: 32) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={0x0}}, 0x0) (rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) (async) r8 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl(r8, 0x8b2c, &(0x7f0000000040)) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r7, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000200)="12cdde26e7c496e99a9cf8625ec9", 0x0, 0x1000, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) r9 = socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000080)={@random="2f094301cbe5", @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "12109b", 0x10, 0x3a, 0x0, @empty, @mcast2, {[], @ni={0x8c, 0x0, 0x0, 0x4, 0xad, 0x689}}}}}}, 0x0) (async) sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000880)=@newlink={0x5c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ip6vti={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VTI_LOCAL={0x14, 0x4, @mcast1}]}}}, @IFLA_IFNAME={0x14, 0x3, 'geneve1\x00'}]}, 0x5c}}, 0x0) (async, rerun: 64) r10 = socket$key(0xf, 0x3, 0x2) (rerun: 64) sendmsg$key(r10, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x2, 0x10, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4e24, 0xf59c, @mcast1, 0x1}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x9}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e20, 0x7, @dev={0xfe, 0x80, '\x00', 0xb}, 0x7fff}}, @sadb_key={0x2, 0x8, 0x10, 0x0, '4-'}]}, 0x80}, 0x1, 0x7}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newlink={0x3c, 0x10, 0x401, 0x10000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1bf7b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gre={{0x8}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_REMOTE={0x8, 0x7, @multicast1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4080}, 0x0) 1.214205025s ago: executing program 4 (id=3095): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r2, &(0x7f0000000400)={&(0x7f0000000100)={0x24, @long={0x3, 0x2, {0xaaaaaaaaaaaa0302}}}, 0x14, &(0x7f0000000300)={&(0x7f0000000240)="97832eeeac1abc764fc6415c1ed79f6166920ecd5209cf9d2097391f0a4aa78b5633149ab74ac0639d1f661fa5bd01f95f3cc0e7fc2d3561a01f33ddbf4f440551ad4602f8b1332cdad8064d8332fff58028e1b521da790277db0eec8ca2585973599b9ffe0e773a6c27f55dabd15d62dbcea922e747b1377332b24be5f1f28e46d6caa27c7807fb15196516ad9bf824fdeed6586e7256dff83d60530f3defb212172e57c830af1ceaa5c3aad76459d5f914e7", 0xb3}, 0x1, 0x0, 0x0, 0x20010004}, 0x5000) (async) sendmsg$802154_dgram(r2, &(0x7f0000000400)={&(0x7f0000000100)={0x24, @long={0x3, 0x2, {0xaaaaaaaaaaaa0302}}}, 0x14, &(0x7f0000000300)={&(0x7f0000000240)="97832eeeac1abc764fc6415c1ed79f6166920ecd5209cf9d2097391f0a4aa78b5633149ab74ac0639d1f661fa5bd01f95f3cc0e7fc2d3561a01f33ddbf4f440551ad4602f8b1332cdad8064d8332fff58028e1b521da790277db0eec8ca2585973599b9ffe0e773a6c27f55dabd15d62dbcea922e747b1377332b24be5f1f28e46d6caa27c7807fb15196516ad9bf824fdeed6586e7256dff83d60530f3defb212172e57c830af1ceaa5c3aad76459d5f914e7", 0xb3}, 0x1, 0x0, 0x0, 0x20010004}, 0x5000) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$sock_attach_bpf(r3, 0x84, 0x22, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(r3, 0x84, 0x2, &(0x7f0000000440)={0x2, 0x3ff, 0x1, 0x3}, 0x8) (async) setsockopt$inet_sctp6_SCTP_INITMSG(r3, 0x84, 0x2, &(0x7f0000000440)={0x2, 0x3ff, 0x1, 0x3}, 0x8) socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) (async) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) syz_genetlink_get_family_id$gtp(&(0x7f0000000140), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) (async) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r8, @ANYBLOB="08002600ad1600004000330010000000080211000000080211000000080211000001000000000000010001002d1a40000b0000000000000000040003000b0000000600500000000304006c"], 0x68}}, 0x0) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)={0x50, r9, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_BSSID={0xa, 0xf5, @random="418cb04d5101"}, @NL80211_ATTR_BSSID={0xa}, @NL80211_ATTR_IE={0x4}, @NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x2}, @NL80211_ATTR_SCHED_SCAN_MATCH={0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x20, 0x7, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40080}, 0x4000) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) 1.118257122s ago: executing program 1 (id=3096): r0 = socket$inet6(0xa, 0x80001, 0x1) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000007a40)=[{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000100)="d27e096c28b61f97670f283a7de80ecc00bacc33bd8a94d2dc0db0cc", 0x1c}], 0x1, 0x0, 0x0, 0x80}], 0x1, 0x4004041) recvmmsg(r2, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000240)=""/13, 0xd}, {&(0x7f0000000340)=""/15, 0xf}], 0x2}, 0xd}], 0x1, 0x40010120, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000100)={0x9, {{0xa, 0x4e21, 0xfdd0, @ipv4={'\x00', '\xff\xff', @remote}, 0x80000001}}}, 0x88) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000040)={0x5, {{0xa, 0x4e21, 0x4042, @mcast1, 0x6}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000005c0)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) 1.118001627s ago: executing program 0 (id=3097): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000080)={0x0, 0xd6a}, 0x8) (async, rerun: 64) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000006c0), r2) sendmsg$IEEE802154_LIST_PHY(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x14, r3, 0x1203}, 0x14}}, 0x0) 974.712166ms ago: executing program 3 (id=3098): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x660, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x64c, 0x1, [@m_tunnel_key={0x58, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x1, 0x0, 0x4}, 0x2}}]}, {0xc, 0x6, "0bebc2a1b74f6a70"}, {0xc}, {0xc}}}, @m_sample={0xe0, 0x19, 0x0, 0x0, {{0xb}, {0x9c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x101, 0x1, 0xffffffffffffffff, 0x4, 0x6dcc}}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x6, 0xfffffff9, 0x2, 0x6, 0x3}}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x1c9, 0x0, 0x7, 0xb841, 0x9}}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x1e}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x5}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x1f3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x3}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x5, 0x84, 0x8, 0x14000000, 0x4}}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x1ed, 0x1, 0x0, 0x1, 0x8}}]}, {0x19, 0x6, "2fa23ca24b437151b07ce453d0c1654b751517cc3d"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_gact={0xbc, 0x4, 0x0, 0x0, {{0x9}, {0x58, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1642, 0x1}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x2492, 0x1}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x1338, 0x6}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x113, 0x20000000}}, @TCA_GACT_PARMS={0x18, 0x2, {0x5, 0x9, 0x7, 0x6, 0x7}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x12ef, 0x3}}]}, {0x3c, 0x6, "a13500a922de1cc65277bdaf5eea103b7db122a9626cf94ce6e9321012a9e77f522d59814966f87c14c5b6872049f9cf38386f94233e7b50"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ctinfo={0x170, 0x13, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0xffff}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x9}, @TCA_CTINFO_ACT={0x18, 0x3, {0x7, 0x5, 0x3, 0x6, 0xfffffffd}}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0xfff}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x6}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x1000}]}, {0x102, 0x6, "0af04ac66e03649626ba30f036f67b228be67420dafd5108530575cb67e80456e9860900bd4d9de2c9eed61c830dfabe41f5ca945b8a5b350d946786614fbc0c831ec30249d24716bfca04b7b2268da7b7db0b026f7f20159d150ea61188c838fe38f5f8b3b303520d96c6320831a8b4951f21bd8261d6ec0ff946c5521149c5c29f5b268d9e770aaf03d9a495d5f3415592ad901718379c40d493d46c296fa743fe7140766a458860c1688580043509428a1ce1236d8018e897e33c5736baca6d4aaf877688b85db52fe3f16e1b0c90002b7380ac68fc2a28aaf7c20b130b4083ef7d3a94dbfb830b945e95cd74587be6dcc16064b21b58119f5ce1bc72"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_csum={0x160, 0x1d, 0x0, 0x0, {{0x9}, {0x74, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xd34, 0x6, 0x6, 0xc, 0x7}, 0x2f}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0xb3df, 0x5, 0x1, 0x0, 0xffffff00}, 0x3b}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0xfffffff8, 0x6, 0x0, 0x5, 0xa}, 0x19}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x7f, 0x0, 0x20000000, 0x80, 0x5}, 0x15}}]}, {0xc2, 0x6, "da146719e7bfe61ddc9c317f6c5420b5ad24fbcd64f5184fec5633666752685b4fefafea1d250f25762fddbc602dad8178940cd5a545d5d6a4b81e5ad2e5ba3067fe2e2b144a1341a2bfe1f83203582f53ed9dfa2471a59d8dba7a657ba363e18659cc8e72653e628816c5b83e5e485435468c96c9801471bf1f2b0ccb5589be409eadfe6cf34ce9327609718078603b66705fb34b303d6aaf8098f7311d439801616fa53db786054034dc191a076df0dfd8ecccd54c8edb184e493fa8e9"}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_csum={0x184, 0x12, 0x0, 0x0, {{0x9}, {0x58, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xc0, 0x6, 0x1, 0x18c, 0xfffffff7}, 0x6}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x3, 0x147, 0x1, 0x3, 0xd}, 0x6c}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x200, 0x5, 0x10000000, 0x80000001, 0x5}, 0x3a}}]}, {0x101, 0x6, "bc45871e9c01b0fc29a330daed43269c267f85aaa466d1e36d33a630a7805d5626f7a4c121599ad03e46f852dd5e13dfde2933c39a2b3715a582b360677d7eeb7b412b6af1c2f41e5f8ac91d5ea7a08aefae80fce2e5e8cef8761b9f278138727cf5902437bb1594ad22a76c46656745a31e863de6f1555e4463994cdcbe7f3419844aeab7d18b58d782c109cf8afe63a13ff968f6b8e8e1ecdf5b04e480ff2cf80b2152fc3f862fec5dd055fc6990a2f38850e3f99b128ee046e5d2ef7aab6bee0d1ffb75028e6c9f50955dc0c77a9a05cb957588badf0e28500f278703bc0d2b4cc513c0dc5b26f99e198fd9ebfe931460f42c3374d8f14bd8d48933"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0x660}, 0x1, 0x0, 0x0, 0x4}, 0x0) 914.040424ms ago: executing program 1 (id=3099): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100002e0001b7b70000000000000001"], 0x114}], 0x1}, 0x0) recvmmsg(r1, &(0x7f0000006b40)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x40000000, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000078000000030a01030000000000000000050000000900010073797a300000000008000540000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000140003007465616d5f736c6176655f3000000000080001400000000114000000020a090100000000000000000000000014000000110001"], 0xd4}, 0x1, 0x0, 0x0, 0x4}, 0x4000010) 754.232699ms ago: executing program 0 (id=3100): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016004163d25a80648c2594f91d24fc60", 0x14}], 0x1}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a70000000060a010400000000000000000200000044000480400001800e000100627974656f726465720000002c000280080001400000000108000240000000000800044000000002080003400000000008000540000000080900010073797a30000000000900020073797a32"], 0x98}}, 0x0) 753.68556ms ago: executing program 3 (id=3101): r0 = socket(0x10, 0x3, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a80)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="953a04"], 0x24}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x2, 0x0, 0x3, 0x1, 0x0, 0x2f}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) recvmmsg$unix(r0, &(0x7f0000002a40)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f00000008c0)=""/200, 0xc8}, {&(0x7f0000000640)=""/249, 0xf9}, {&(0x7f0000004480)=""/4098, 0x1002}, {&(0x7f00000007c0)=""/97, 0x61}, {&(0x7f00000001c0)=""/104, 0x68}, {&(0x7f0000000300)=""/25, 0x19}, {&(0x7f0000000540)=""/130, 0x82}, {&(0x7f00000009c0)=""/133, 0x85}], 0x8}}], 0x1, 0x2080, 0x0) write(r0, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14) 688.079365ms ago: executing program 1 (id=3102): socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_sctp(0x2, 0x1, 0x84) socket$phonet_pipe(0x23, 0x5, 0x2) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket(0x10, 0x803, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @mcast2, 0x6}, 0x1c) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000000000000000000000000000000000001fe8000000002000000000000000000bb00000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff0000800000200000fcffffffffffffff0000000000000000000a00000000000004000000000000000200000000000008000000000000000001010202000000004400050000000000000000000000000000000000000000003c00000002000000ffffffff000000000000000000000000060000000401"], 0xfc}}, 0x0) setsockopt$inet6_udp_int(r3, 0x11, 0x1, &(0x7f0000000080), 0x4) r5 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000400)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000}, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xc, 0x4, &(0x7f0000000140)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x8a}]}, &(0x7f0000000280)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4800000010000104000000000100000000000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012800b000100697036746e6c00001800028014000300ff"], 0x48}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x70, 0x10, 0x401, 0x0, 0x100, {0x0, 0x0, 0x0, r6, 0x100, 0x306c}, [@IFLA_LINKINFO={0x50, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x40, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x3}, @IFLA_IPTUN_ENCAP_LIMIT={0x5, 0x6, 0x1}, @IFLA_IPTUN_FLOWINFO={0x8, 0x7, 0x100}, @IFLA_IPTUN_ENCAP_LIMIT={0x5, 0x6, 0x7}, @IFLA_IPTUN_FWMARK={0x8, 0x14, 0x4}]}}}]}, 0x70}}, 0xeb64d656001f6f32) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, &(0x7f0000000940)="0484976326fa1335224dd1be05ae491cce2aaf24df91d0") sendmsg$nl_route(r0, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)=@ipv6_delroute={0x24, 0x19, 0x400, 0x70bd28, 0x25dfdbfb, {0xa, 0x10, 0x14, 0x8, 0x3, 0x1, 0xfe, 0x3, 0x100}, [@RTA_PRIORITY={0x8, 0x6, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x4010}, 0x40000) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)) r7 = socket$netlink(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r7, 0x10e, 0x4, 0x0, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r8, 0x0, 0x7f}, 0x18) socket$inet6(0xa, 0x3, 0x3c) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) 680.252257ms ago: executing program 4 (id=3103): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r3) sendmsg$IEEE802154_ADD_IFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000002100000009001f00706879f529000000050020"], 0x28}}, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r6) sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r8) r9 = socket$unix(0x1, 0x5, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000002c0)=ANY=[@ANYBLOB="180000006a0001000000000000009c39c743"], 0x18}}, 0x0) sendmsg$NLBL_MGMT_C_VERSION(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x2c, 0x0, 0x4, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x2}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x40}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4800) r11 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="09180000000000000000010000000800020002000000080001"], 0x24}}, 0x0) sendmsg$netlink(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="140100001f000504000000000000000005"], 0x114}], 0x1}, 0x0) r12 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)=@newqdisc={0x464, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r13, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x438, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0x5, 0x2, 0x3, 0x9, 0x3, 0x4, 0x9a8, 0x9, 0x9, 0x6, 0x9, 0x9c5c, 0x7, 0x7, 0x7, 0x0, 0xffff59d7, 0x7e6, 0x6, 0x4, 0x9, 0x0, 0x10, 0x1, 0x5, 0x1, 0x9, 0x7, 0x6, 0x0, 0x9, 0x7, 0xc16e, 0x2000005, 0x1000001, 0x8, 0x6, 0x7f, 0x4, 0x0, 0x3, 0x1b7, 0xc7, 0x7, 0x3e5, 0xfffffffb, 0x57c, 0x9, 0x4, 0x5, 0x1, 0x6, 0x664, 0x31, 0x4, 0x1000, 0x5148, 0x2, 0x8, 0x9, 0x6, 0xfffff109, 0x1, 0x10, 0xcdd, 0x0, 0xb0a, 0x3, 0x81, 0x40, 0x0, 0xfffffffa, 0xb, 0x0, 0x3, 0x5, 0x5, 0xcb6f, 0x2, 0x6, 0x8, 0x80000001, 0x5105, 0x6, 0xac1f, 0x4, 0x3, 0x6, 0x6, 0xffffffff, 0x5, 0x1, 0x5fa, 0x4, 0x2, 0x0, 0x1, 0x401, 0x9, 0xffff, 0x2, 0xc, 0x705, 0x2, 0x8, 0x7, 0x7, 0x575, 0xa, 0x8001, 0x1e96, 0x4, 0x2, 0x9, 0x2a36, 0xfffffffa, 0x1, 0xb0f, 0x6, 0x7, 0x3, 0x8, 0x1000, 0xfffffffc, 0x3, 0x0, 0x6, 0x44, 0x0, 0x0, 0x81, 0x2, 0x7, 0x1, 0x7fffffff, 0xd73a, 0x8, 0x98, 0x4, 0x8, 0x0, 0x7, 0x8, 0x8, 0x6, 0x10001, 0x8, 0x1ec0, 0xffff51dd, 0x4, 0xfffffff5, 0x58f2, 0x8001, 0x9, 0x7, 0x7, 0xfffffff8, 0x7, 0x88d, 0x0, 0x3, 0x1, 0xa, 0x8, 0x1e03, 0x4, 0x5, 0xd, 0x0, 0x3, 0x4, 0x5, 0x8, 0xfff, 0x7, 0x8000, 0x7fff, 0x7fff, 0x6, 0xa7, 0x0, 0x8001, 0xfff, 0xffff329c, 0x4, 0x1, 0x1, 0x5, 0x2, 0xfffffeff, 0x57f4, 0x1000, 0x3, 0x6, 0x6, 0x640, 0x848, 0xfffffe01, 0x6, 0x6e2, 0x18, 0xfffffff8, 0xb3, 0x1, 0x5, 0x6, 0x3, 0x9, 0x5, 0x0, 0x0, 0x1, 0x7, 0xffffff94, 0x9, 0x8, 0x1ff, 0x6, 0x0, 0x7fffffff, 0x200, 0x80000001, 0x4a41, 0x2, 0x6, 0x2, 0xffffffff, 0xdeb, 0x3, 0x1, 0xfffffffb, 0x5, 0x6, 0x2, 0x3, 0xf, 0x5, 0xffffffff, 0x7, 0x2, 0x200, 0x13b9, 0x7, 0x400, 0x30000, 0x3, 0xa23, 0x1, 0x400, 0x40, 0x0, 0x8, 0x4, 0xd]}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x808, 0x7f, 0x9}, 0x1, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x464}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r12, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r13, {}, {0x2, 0xb}, {0xa, 0x8}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x44840) ioctl$SIOCSIFHWADDR(r8, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYRES8=r5, @ANYRES8=r14, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r14, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES64=0x0, @ANYRES32=r1, @ANYRESHEX=r1, @ANYRES8=r14], 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x38, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r14}, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x6}]}, 0x38}}, 0x0) 555.951052ms ago: executing program 3 (id=3104): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_LBT_MODE(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="04000000", @ANYRES16=r1, @ANYBLOB="00012dbd7000ffdbdf25120000000c00060002000000020000000c000600030000000300000008000300", @ANYRES32=0x0, @ANYBLOB="0500130001000000"], 0x3c}}, 0x40000) r2 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000040)={0x1d, r3, 0x8000000000000003}, 0x18) r4 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r5, {}, {0xffff, 0xffff}, {0x2, 0x6}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x0, 0x2, 0x0, 0x8, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}]}}]}, 0x8c}}, 0x0) sendmmsg$inet6(r2, &(0x7f0000007200)=[{{0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f0000000140)="e5", 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x4004000) 555.562605ms ago: executing program 0 (id=3105): r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$netlink(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000080)={0xe0, 0x10, 0x509, 0x0, 0x0, "", [@generic="6f6d8864d22a3f2ffaa46c88bc", @typed={0xa9, 0x0, 0x0, 0x0, @binary="2b0e13e735a3184f123d6da2f1acfac0ee2dd2b184b27db1f302de337c0004060000000000bf852c8986626691b01b2d44e4ce28712828bdda0a9423debbb86f9dba4a2dba4dbe076c28282900c446a567de243ab0d67683f7bb11c9cab3b3eed8a8bef4ff1631aa78acefca03c1a66db4424a8ba100022db228bb7b5eb5100e434db5dd5e995aa0912086d9f4606d2e4cc898739222c5d3a83cb6b707f3336336ebb7d681"}, @nested={0x14, 0x0, 0x0, 0x1, [@typed={0xd, 0x0, 0x0, 0x0, @binary="cfe7336f91087ba18b"}]}]}, 0xe0}], 0x1}, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000008c0)=ANY=[@ANYBLOB="18000000122f01"], 0x18}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) 495.755466ms ago: executing program 0 (id=3106): ioctl$F2FS_IOC_ABORT_ATOMIC_WRITE(0xffffffffffffffff, 0xf505, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000100)=@nat={'nat\x00', 0x19, 0x4, 0x538, [0x2000000001c0, 0x0, 0x0, 0x2000000003ec, 0x20000000056a], 0x0, &(0x7f0000000000), &(0x7f00000001c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{0x9, 0x4, 0x201, 'virt_wifi0\x00', 'nicvf0\x00', 'veth1\x00', 'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, [0x0, 0x0, 0x0, 0x88be912537912e12, 0x0, 0xff], @broadcast, [0xff, 0xff, 0xff, 0xff, 0x0, 0xff], 0x6e, 0xde, 0x116, [], [@arpreply={'arpreply\x00', 0x10, {{@remote, 0xfffffffffffffffd}}}, @snat={'snat\x00', 0x10, {{@empty, 0xfffffffffffffffd}}}], @snat={'snat\x00', 0x10, {{@multicast, 0x1}}}}, {0x3, 0x0, 0x88f8, 'bridge0\x00', 'tunl0\x00', 'veth1_to_team\x00', 'batadv0\x00', @empty, [0xff, 0xff, 0xff], @broadcast, [0xff, 0xff, 0x0, 0xff, 0xff], 0x6e, 0x6e, 0xe6, [], [], @common=@nflog={'nflog\x00', 0x50, {{0x40, 0xeb, 0xfff7, 0x0, 0x0, "3a1502d9f99fabce4614e191a09780617eeec5f1ffac86f656a0434ae20ebe7acf595c4ddffbe68c5227b9cc5323479db6fe517d43b65b575378e23e4f095aa9"}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffc, 0x1, [{0x3, 0x71, 0x0, 'pimreg0\x00', 'netpci0\x00', 'wg0\x00', 'wg2\x00', @broadcast, [0x0, 0x0, 0x0, 0x0, 0xff], @local, [0xff], 0x9e, 0xd6, 0x14e, [@vlan={{'vlan\x00', 0x0, 0x8}, {{0x1, 0x1, 0x809b, 0x1}}}], [@snat={'snat\x00', 0x10, {{@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x12}, 0xfffffffffffffffe}}}], @common=@nflog={'nflog\x00', 0x50, {{0x6, 0x3, 0x7f, 0x0, 0x0, "904d818697c8065c0c6d3f76580ef5e6168f8f0ef1fc37f9128807b065f4252bd99a57024688243bf7165fa31ee8511ecef6e1a2f0569dab1c185d6d3eb17ec0"}}}}]}, {0x0, '\x00', 0x3, 0xffffffffffffffff, 0x1, [{0x3, 0x0, 0x9, 'vxcan1\x00', 'pimreg\x00', 'vlan0\x00', 'pimreg0\x00', @local, [], @remote, [0xff, 0xff, 0xff, 0xff], 0x6e, 0xde, 0x12e, [], [@snat={'snat\x00', 0x10, {{@random="9870d85afc5b", 0xfffffffffffffffd}}}, @snat={'snat\x00', 0x10, {{@random="b8f51996e143", 0xfffffffffffffffd}}}], @common=@log={'log\x00', 0x28, {{0x2, "31ddc6ac38fa7f1b205a671374ee80af2207ebdb70d2d140fed5c2918997", 0x3272c81736fb7340}}}}]}, {0x0, '\x00', 0x4, 0xfffffffffffffffe}]}, 0x5b0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000003e000701fcfffff7f2dbdff6037c00000400ed6c5f1fb436800c000180"], 0x24}, 0x1, 0x0, 0x0, 0x480d0}, 0xc000) 440.785822ms ago: executing program 1 (id=3107): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x40, 0x6, 0x8}, 0x48) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, 0x2, 0x1, 0x201, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x4}, @CTA_FILTER={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x0) 334.43524ms ago: executing program 1 (id=3108): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x70, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0xe59bca127d8580ac, 0xc574450d1af3b5bc}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x24, 0x5, 0x0, 0x1, [@IFLA_BRPORT_MULTICAST_ROUTER={0x5, 0x19, 0x2}, @IFLA_BRPORT_GROUP_FWD_MASK={0x6, 0x1f, 0xd5}, @IFLA_BRPORT_LEARNING={0x5}, @IFLA_BRPORT_MCAST_FLOOD={0x5, 0x1b, 0x1}]}}}, @IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}]}, 0x70}, 0x1, 0x0, 0x0, 0x20044010}, 0x4040) r1 = socket$inet6(0xa, 0x3, 0x5) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4) 333.601646ms ago: executing program 3 (id=3109): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x0, 0x4, @remote, 0x7}, 0x1c) connect$pppl2tp(r1, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x6, @private0}}}, 0x3a) connect$inet6(r0, &(0x7f0000000480)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_IPV6_DSTOPTS(r3, 0x29, 0x3b, &(0x7f0000000080)={0xc}, 0x8) shutdown(r3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r4) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x54, r5, 0x1, 0x70bd28, 0x25dfdbfe, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8}, {0x6, 0x11, 0x7}, {0x8, 0x15, 0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4800) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e27, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x7a, &(0x7f0000000340)={r6, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'veth0_to_batadv\x00', 0x0}) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="00020000000000001c0012800b0001006d616373656300000c00028005000f000100000008000500", @ANYRES32=r8, @ANYBLOB="43de6abd3c421e4b8069a00ff12449197cfb6f71a4867d1a52be4d773a2450737c438ac4810de211405558d15a61baad169b4d1a55cfc64f41b056e0a7cf8a4f6a4a93e5a88ad211506fd2ce136a50cab6526295186b636364bebca83ccccc99f1497f54617858783dca02cc0ef8eb2f4112016dc63c6ddb1b5d1af1df5f04acfdc8345aedb18a8eb9b5a6984b7913b400"], 0x44}}, 0x4000000) r10 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r10, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r10, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) shutdown(r10, 0x1) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x20, @broadcast}, 0x1, 0x1}}, 0x50) sendto(r2, 0x0, 0x0, 0x4008044, 0x0, 0x0) 331.025993ms ago: executing program 0 (id=3110): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="240000002d000100000000000000000008000c00", @ANYRES32], 0x24}], 0x1, 0x0, 0x0, 0x2000000}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r1, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000500)={0x24, 0x2, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0xe, 0x6, 'ftp-20000\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x2}, 0x0) 160.396512ms ago: executing program 3 (id=3111): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) 154.865181ms ago: executing program 0 (id=3112): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22}, 0x48) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000140)={0x0, 0x2, "0ef9"}, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)="a17abd7c18cf849b288a9ccf2f6cd01576a60e6a75d6095b906da81195ee210632ff5cdbe4df675c43a84cd27a40c1d374c2dd354d30bcd60c2a2b860f008238d717d6cf0b4e0ac29adfbbbc393abeb74c65354f62d5", 0x0, 0x800}, 0x38) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="180800ec0c00000000000000000000001801000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x0) r3 = socket$igmp6(0xa, 0x3, 0x2) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}}) write$tun(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) r5 = socket(0x1, 0x3, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={r1, &(0x7f0000000380), &(0x7f00000003c0)=@tcp=r5, 0x3}, 0x20) socket(0xf, 0x3, 0x6) setsockopt$MRT_TABLE(0xffffffffffffffff, 0x0, 0xcf, &(0x7f0000000100), 0x4) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002900)={0x14, 0x2a, 0x1, 0x0, 0x25dfdbfc, {0x1, 0x0, 0x2c00}}, 0x14}, 0x1, 0x3000000, 0x0, 0x800}, 0x8080) socket$nl_generic(0x10, 0x3, 0x10) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22}, 0x48) (async) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000140)={0x0, 0x2, "0ef9"}, 0x0) (async) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)="a17abd7c18cf849b288a9ccf2f6cd01576a60e6a75d6095b906da81195ee210632ff5cdbe4df675c43a84cd27a40c1d374c2dd354d30bcd60c2a2b860f008238d717d6cf0b4e0ac29adfbbbc393abeb74c65354f62d5", 0x0, 0x800}, 0x38) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) (async) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="180800ec0c00000000000000000000001801000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x0) (async) socket$igmp6(0xa, 0x3, 0x2) (async) socket$kcm(0x2, 0xa, 0x2) (async) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}}) (async) write$tun(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) (async) socket(0x1, 0x3, 0x0) (async) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={r1, &(0x7f0000000380), &(0x7f00000003c0)=@tcp=r5, 0x3}, 0x20) (async) socket(0xf, 0x3, 0x6) (async) setsockopt$MRT_TABLE(0xffffffffffffffff, 0x0, 0xcf, &(0x7f0000000100), 0x4) (async) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002900)={0x14, 0x2a, 0x1, 0x0, 0x25dfdbfc, {0x1, 0x0, 0x2c00}}, 0x14}, 0x1, 0x3000000, 0x0, 0x800}, 0x8080) (async) 2.493097ms ago: executing program 3 (id=3113): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={0x1, 0x58, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) sendmsg$nl_route_sched_retired(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=@newqdisc={0x6c, 0x24, 0x523, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xfff1, 0xc}, {0xffe0, 0xfff3}, {0x10, 0x1}}, [@q_dsmark={{0xb}, {0x24, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x28}, @TCA_DSMARK_INDICES={0x6, 0x1, 0xa}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x2}]}}, @q_dsmark={{0xb}, {0xc, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x8}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20004800}, 0x4000840) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x5c, 0x30, 0x1, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x0, 0x20000000}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) 427.898µs ago: executing program 4 (id=3114): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x56, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x88}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) 0s ago: executing program 1 (id=3115): setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, &(0x7f0000000000), 0x4) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x8011) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000200000000000000000073012b000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0x90) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) setsockopt$inet6_tcp_int(r2, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r2, 0x29, 0x3b, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r3, 0x0) write$cgroup_int(r3, &(0x7f0000000380)=0x1e6771d1, 0x12) setsockopt$inet6_int(r2, 0x29, 0x4b, &(0x7f0000000080)=0x49e1, 0x4) sendto$inet6(r2, 0x0, 0x0, 0x800, 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001b00)=@newtfilter={0x860, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x7}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x82c, 0x2, [@TCA_FW_POLICE={0x828, 0x2, [@TCA_POLICE_RATE={0x404, 0x2, [0x3ff, 0x80000000, 0x7, 0x5, 0x8, 0x3, 0x60, 0x8, 0x6, 0x8, 0x524, 0x2, 0x7fffffff, 0x6, 0x9, 0x401, 0x1ff, 0x6, 0x4, 0x1, 0x9b4, 0x0, 0x8, 0x29, 0x5, 0x4, 0x8, 0x2, 0x8, 0x8, 0xd, 0x7, 0x7, 0xe0c, 0x3, 0xffffffff, 0x0, 0x1, 0xc6a3, 0x7fb, 0x4, 0x9, 0xed7, 0x400, 0x8, 0x9, 0x5, 0x9, 0xcc6, 0x9, 0x33, 0x0, 0x55ac, 0x9ad5, 0x10000, 0x1, 0x0, 0xfffffff9, 0x1, 0x3ff, 0x1, 0x3, 0x4, 0x1, 0xb9, 0x3, 0x6, 0x9, 0x81, 0x6, 0x9, 0x2, 0x4, 0x5, 0x10, 0x6, 0x40, 0xffffffff, 0x7, 0x10, 0x9, 0x7, 0x7ff, 0x35d2, 0x7fffffff, 0x0, 0xffff, 0x4, 0x6, 0x80, 0x2, 0x5, 0xffffffcb, 0x7, 0xc3cc, 0x5, 0x1000, 0x15c, 0x800, 0x1, 0x0, 0x2, 0x1, 0x1, 0x6, 0x800, 0x5, 0xe, 0x400, 0x0, 0x3, 0x0, 0x3, 0x8, 0x40, 0x6, 0xff, 0x2, 0x1, 0x2, 0x9, 0x1, 0x169e, 0x8, 0x5, 0x9, 0xc, 0x893, 0xcb9, 0x7, 0x0, 0x2, 0x6, 0x10, 0x5, 0x5, 0x22b, 0xff, 0x49, 0x6, 0x8, 0x1000, 0x1, 0x9, 0x9, 0x8, 0x1, 0x80000001, 0x9592, 0xd, 0x5, 0x0, 0x0, 0x3, 0x8001, 0xfff, 0xc7, 0x1, 0x6, 0x7, 0x5, 0x0, 0x81, 0xb62e, 0x2c7, 0xa000, 0x8, 0x3ff, 0x8001, 0x4, 0x3, 0x8, 0xf8, 0x0, 0xffffff21, 0x8, 0x8b8, 0x8, 0x11c, 0x5562, 0x1, 0x8, 0x7, 0x0, 0x4, 0x8, 0x4, 0x7b, 0x2, 0x0, 0x1000, 0xbe8, 0x1000, 0x1, 0x1, 0xea98, 0x1, 0x52b, 0x7, 0x7, 0x8, 0x3, 0x0, 0x3d, 0x1, 0x4, 0x2, 0x80000000, 0x0, 0x9, 0x6, 0x2, 0xd6, 0x4, 0x3, 0x3, 0x8001, 0x8, 0x80000000, 0x4, 0x9c9, 0xc, 0x7f, 0x4000000, 0x616c, 0x3fe00000, 0x9ec5, 0x3, 0x2, 0x3ff, 0x0, 0x0, 0xc3ee, 0x100, 0xc2, 0x8000, 0xe916, 0x53, 0x0, 0x5, 0x9, 0xb, 0x6, 0x5, 0x1817ab1b, 0xffff0000, 0x9, 0x6a000000, 0x8, 0x3, 0x9, 0x6b, 0x3, 0x8, 0x100, 0x5]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x7}, @TCA_POLICE_RESULT={0x8, 0x5, 0x8}, @TCA_POLICE_RESULT={0x8, 0x5, 0xc26}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x1, 0x1000, 0x1, 0x0, 0x32, 0x0, 0x9, 0x4, 0xff, 0x9, 0xc6354e9a, 0x8, 0x3, 0x5, 0x0, 0xe22, 0x2, 0x3, 0x1, 0x5, 0x14, 0x20, 0xa25, 0x18e, 0xfffffecc, 0x10000, 0x6, 0x2, 0x7, 0x10002, 0x7ff, 0x3ff, 0xfaa3, 0x0, 0x3, 0x8, 0xfffffffb, 0x401, 0x0, 0xb99, 0x2, 0x7, 0x6, 0x2, 0xc, 0x94, 0x8, 0x9e, 0x57, 0x6, 0x7, 0x1, 0x31, 0x2, 0x3, 0xc, 0xfffff800, 0x8001, 0xc, 0x4, 0x6, 0xfffffffb, 0x7, 0x7f, 0xc0000, 0xffffffff, 0x6fa, 0xfff, 0x8, 0x5, 0xf32a, 0x5, 0x1ff, 0x0, 0x10000, 0x7, 0x90, 0x1, 0x0, 0xdc05, 0x6, 0x7, 0x4, 0xffff31a7, 0x3, 0x7, 0x8, 0x7ff, 0x0, 0x7, 0x2, 0xffffffff, 0x6, 0x1, 0x0, 0x2, 0xffff5fcb, 0xfffffffb, 0x60, 0x4, 0x7ff, 0x8, 0xffff3de3, 0x4, 0x6, 0x4, 0x4, 0x8, 0xe, 0x3, 0x3, 0x49fcc199, 0x7, 0x3, 0x5, 0x800, 0x3, 0x0, 0x100, 0x10001, 0x85a, 0x3, 0x2, 0x4, 0xdc06, 0x5, 0x5, 0x17, 0x8, 0x2, 0xe, 0x8, 0x89, 0x200, 0x5, 0x5, 0x4, 0x8, 0x7, 0xfffffff7, 0x60, 0x8f45, 0x0, 0xe, 0x7fffffff, 0x6, 0xffff, 0x1ad, 0x1, 0x2, 0xffff, 0xb4f9, 0x9, 0x6, 0xd7b4, 0x20000000, 0x0, 0x2, 0x3, 0xffff, 0x2, 0x8, 0x2, 0xde, 0x4, 0x100, 0x80000001, 0xffffff7f, 0x7fffffff, 0x5, 0x2, 0x5c74, 0xe, 0x8, 0x1ff800, 0x50000, 0x4, 0x8, 0x7fffffff, 0x5, 0x6, 0xf8a, 0x9, 0x7, 0x2, 0x40, 0xffff0001, 0x1, 0x10000, 0xffffd1a6, 0x3, 0x1, 0x1, 0xbf5b, 0xb2c, 0x0, 0xfff, 0x80, 0x5, 0x16d, 0x1000, 0xd6c, 0x5, 0xd9, 0x2, 0xfffffffb, 0x2410, 0x1, 0xffff, 0x5, 0xffffffff, 0x4, 0x1, 0xea3, 0x5, 0xff, 0x51ce814, 0xb39, 0x7, 0xd11, 0x7fff0000, 0x7b9ab29b, 0x1, 0xa1, 0x8, 0x2, 0x89, 0x7, 0x5, 0x0, 0x4, 0x3, 0x3, 0x5, 0x8, 0x5e, 0x80, 0x9, 0xff, 0x3, 0x4, 0x200, 0x291, 0x4, 0x4, 0xd, 0x0, 0x3, 0x2, 0x1, 0x1, 0x5, 0x7ff, 0x2, 0x5c, 0x9]}]}]}}, @TCA_RATE={0x6, 0x5, {0x7, 0xb3}}]}, 0x860}, 0x1, 0x0, 0x0, 0x84}, 0x8000) bind$alg(0xffffffffffffffff, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000400)="159f865967b6a60521a275536960d598e963c4b3f2c61dd4127989bf78bfce83", 0x20) r8 = accept$alg(0xffffffffffffffff, 0x0, 0x0) recvmmsg(r8, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/86, 0x56}], 0x1}, 0x8}, {{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000500)=""/195, 0xc3}], 0x1}, 0x31}], 0x2, 0x0, 0x0) getsockopt$PNPIPE_HANDLE(r5, 0x113, 0x3, &(0x7f0000000200), &(0x7f0000000340)=0x4) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB="800000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000003b005000128009000100766c616e000000004000028006000100000000000c00020000000000000000000c00020000000000000000001c0004800c00060004000000000800000a0001"], 0x80}, 0x1, 0xba01}, 0x0) kernel console output (not intermixed with test programs): 55447][ T9985] netlink: 'syz.4.1149': attribute type 21 has an invalid length. [ 203.872345][ T9987] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1148'. [ 203.887956][ T9985] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1149'. [ 203.915954][ T9987] hsr_slave_0: left promiscuous mode [ 203.936307][ T9987] hsr_slave_1: left promiscuous mode [ 203.938368][ T9989] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1150'. [ 203.987679][ T9996] netlink: 'syz.3.1152': attribute type 39 has an invalid length. [ 204.070428][ T9985] netlink: 'syz.4.1149': attribute type 5 has an invalid length. [ 204.082089][ T9985] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1149'. [ 204.255377][T10003] syzkaller1: entered promiscuous mode [ 204.269026][T10004] IPVS: wlc: FWM 3 0x00000003 - no destination available [ 204.277798][T10003] syzkaller1: entered allmulticast mode [ 204.294891][T10004] dvmrp0: entered allmulticast mode [ 204.426553][T10004] dvmrp0: left allmulticast mode [ 204.439202][T10007] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1157'. [ 204.529692][T10007] bond4: option use_carrier: invalid value (4) [ 204.546753][T10007] bond4 (unregistering): Released all slaves [ 205.049012][T10024] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1164'. [ 205.060573][T10024] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1164'. [ 205.091582][T10024] netlink: 'syz.4.1164': attribute type 5 has an invalid length. [ 205.101339][T10024] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1164'. [ 205.248540][T10040] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1170'. [ 205.266173][T10042] netlink: 'syz.4.1171': attribute type 6 has an invalid length. [ 205.305049][T10043] netlink: 'syz.4.1171': attribute type 6 has an invalid length. [ 205.644502][T10058] netlink: 'syz.3.1178': attribute type 29 has an invalid length. [ 205.680369][T10058] netlink: 'syz.3.1178': attribute type 29 has an invalid length. [ 206.237247][T10092] netlink: 'syz.3.1187': attribute type 1 has an invalid length. [ 206.260233][T10091] openvswitch: netlink: Tunnel attr 114 out of range max 16 [ 206.347099][T10092] 8021q: adding VLAN 0 to HW filter on device bond5 [ 206.484734][T10100] bond5: (slave veth3): Enslaving as an active interface with a down link [ 206.591972][T10092] veth5: entered promiscuous mode [ 206.609334][T10092] bond5: (slave veth5): Enslaving as an active interface with a down link [ 206.678986][T10106] vlan2: entered allmulticast mode [ 206.688917][T10106] bond5: entered allmulticast mode [ 206.700048][T10106] bond5: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 207.397679][T10143] tipc: Enabling of bearer rejected, failed to enable media [ 207.431536][T10133] lo speed is unknown, defaulting to 1000 [ 207.446029][T10133] lo speed is unknown, defaulting to 1000 [ 207.455752][T10133] hsr0 speed is unknown, defaulting to 1000 [ 207.686458][T10143] syzkaller0: entered promiscuous mode [ 207.692244][T10143] syzkaller0: entered allmulticast mode [ 208.487057][T10188] ip6gre2: entered allmulticast mode [ 208.502260][T10192] __nla_validate_parse: 6 callbacks suppressed [ 208.502279][T10192] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1213'. [ 208.518425][T10192] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1213'. [ 208.687624][T10196] lo speed is unknown, defaulting to 1000 [ 208.701873][T10196] lo speed is unknown, defaulting to 1000 [ 208.756387][T10204] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1215'. [ 208.897293][T10196] hsr0 speed is unknown, defaulting to 1000 [ 209.100126][T10224] netlink: 212316 bytes leftover after parsing attributes in process `syz.0.1221'. [ 209.236350][T10230] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 210.091623][T10262] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1233'. [ 210.152433][T10262] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1233'. [ 210.260269][T10273] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1233'. [ 210.751651][T10305] validate_nla: 3 callbacks suppressed [ 210.751670][T10305] netlink: 'syz.0.1243': attribute type 1 has an invalid length. [ 211.192982][T10324] IPVS: stopping master sync thread 6533 ... [ 211.244012][T10327] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1248'. [ 211.470800][T10330] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.512021][T10330] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1249'. [ 211.522325][T10335] lo speed is unknown, defaulting to 1000 [ 211.554747][T10335] lo speed is unknown, defaulting to 1000 [ 211.583844][T10335] hsr0 speed is unknown, defaulting to 1000 [ 211.638297][T10253] Bluetooth: hci1: command 0x0406 tx timeout [ 211.644690][T10253] Bluetooth: hci2: command 0x0406 tx timeout [ 211.650756][T10253] Bluetooth: hci3: command 0x0406 tx timeout [ 211.658096][T10253] Bluetooth: hci0: command 0x0406 tx timeout [ 211.819471][T10353] FAULT_INJECTION: forcing a failure. [ 211.819471][T10353] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 211.836201][T10353] CPU: 1 UID: 0 PID: 10353 Comm: syz.1.1258 Not tainted syzkaller #0 PREEMPT(full) [ 211.836230][T10353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 211.836250][T10353] Call Trace: [ 211.836258][T10353] [ 211.836267][T10353] dump_stack_lvl+0x189/0x250 [ 211.836298][T10353] ? __pfx____ratelimit+0x10/0x10 [ 211.836321][T10353] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.836346][T10353] ? __pfx__printk+0x10/0x10 [ 211.836375][T10353] ? __might_fault+0xb0/0x130 [ 211.836417][T10353] should_fail_ex+0x414/0x560 [ 211.836454][T10353] _copy_from_user+0x2d/0xb0 [ 211.836483][T10353] __sys_sendto+0x25c/0x520 [ 211.836510][T10353] ? __pfx___sys_sendto+0x10/0x10 [ 211.836531][T10353] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 211.836569][T10353] ? __fget_files+0x3a0/0x420 [ 211.836600][T10353] ? ksys_write+0x22a/0x250 [ 211.836631][T10353] ? __pfx_ksys_write+0x10/0x10 [ 211.836666][T10353] ? rcu_is_watching+0x15/0xb0 [ 211.836700][T10353] __x64_sys_sendto+0xde/0x100 [ 211.836726][T10353] do_syscall_64+0xfa/0x3b0 [ 211.836747][T10353] ? lockdep_hardirqs_on+0x9c/0x150 [ 211.836767][T10353] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.836786][T10353] ? clear_bhb_loop+0x60/0xb0 [ 211.836809][T10353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.836828][T10353] RIP: 0033:0x7f713c78eec9 [ 211.836850][T10353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.836884][T10353] RSP: 002b:00007f713d647038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 211.836916][T10353] RAX: ffffffffffffffda RBX: 00007f713c9e5fa0 RCX: 00007f713c78eec9 [ 211.836932][T10353] RDX: 0000000000000036 RSI: 0000200000000580 RDI: 0000000000000003 [ 211.836944][T10353] RBP: 00007f713d647090 R08: 0000200000000440 R09: 0000000000000014 [ 211.836958][T10353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.836970][T10353] R13: 00007f713c9e6038 R14: 00007f713c9e5fa0 R15: 00007fffe9c7fc68 [ 211.837003][T10353] [ 212.051597][T10355] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1259'. [ 212.337421][T10369] netlink: 'syz.3.1264': attribute type 1 has an invalid length. [ 212.776071][T10386] FAULT_INJECTION: forcing a failure. [ 212.776071][T10386] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 212.799957][T10386] CPU: 1 UID: 0 PID: 10386 Comm: syz.0.1270 Not tainted syzkaller #0 PREEMPT(full) [ 212.799985][T10386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 212.799997][T10386] Call Trace: [ 212.800005][T10386] [ 212.800014][T10386] dump_stack_lvl+0x189/0x250 [ 212.800044][T10386] ? __pfx____ratelimit+0x10/0x10 [ 212.800065][T10386] ? __pfx_dump_stack_lvl+0x10/0x10 [ 212.800089][T10386] ? __pfx__printk+0x10/0x10 [ 212.800128][T10386] should_fail_ex+0x414/0x560 [ 212.800163][T10386] _copy_to_user+0x31/0xb0 [ 212.800192][T10386] simple_read_from_buffer+0xe1/0x170 [ 212.800226][T10386] proc_fail_nth_read+0x1b3/0x220 [ 212.800253][T10386] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 212.800279][T10386] ? rw_verify_area+0x2a6/0x4d0 [ 212.800304][T10386] ? __lock_acquire+0xab9/0xd20 [ 212.800331][T10386] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 212.800356][T10386] vfs_read+0x1fd/0xa30 [ 212.800381][T10386] ? fdget_pos+0x247/0x320 [ 212.800403][T10386] ? __pfx___mutex_lock+0x10/0x10 [ 212.800427][T10386] ? __pfx_vfs_read+0x10/0x10 [ 212.800455][T10386] ? __fget_files+0x2a/0x420 [ 212.800477][T10386] ? __fget_files+0x3a0/0x420 [ 212.800494][T10386] ? __fget_files+0x2a/0x420 [ 212.800522][T10386] ksys_read+0x145/0x250 [ 212.800551][T10386] ? __pfx_ksys_read+0x10/0x10 [ 212.800590][T10386] ? rcu_is_watching+0x15/0xb0 [ 212.800617][T10386] ? do_syscall_64+0xbe/0x3b0 [ 212.800646][T10386] do_syscall_64+0xfa/0x3b0 [ 212.800669][T10386] ? lockdep_hardirqs_on+0x9c/0x150 [ 212.800691][T10386] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.800712][T10386] ? clear_bhb_loop+0x60/0xb0 [ 212.800738][T10386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.800759][T10386] RIP: 0033:0x7fe9e098d8dc [ 212.800777][T10386] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 212.800823][T10386] RSP: 002b:00007fe9e177d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 212.800845][T10386] RAX: ffffffffffffffda RBX: 00007fe9e0be5fa0 RCX: 00007fe9e098d8dc [ 212.800861][T10386] RDX: 000000000000000f RSI: 00007fe9e177d0a0 RDI: 0000000000000006 [ 212.800874][T10386] RBP: 00007fe9e177d090 R08: 0000000000000000 R09: 0000000000000014 [ 212.800887][T10386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.800899][T10386] R13: 00007fe9e0be6038 R14: 00007fe9e0be5fa0 R15: 00007ffcb6df8aa8 [ 212.800934][T10386] [ 212.845255][T10392] netlink: 'syz.2.1272': attribute type 1 has an invalid length. [ 213.053922][T10392] netlink: 'syz.2.1272': attribute type 2 has an invalid length. [ 213.074485][T10392] netlink: 'syz.2.1272': attribute type 1 has an invalid length. [ 213.274667][T10402] netlink: 'syz.2.1276': attribute type 3 has an invalid length. [ 213.363607][T10409] netlink: 'syz.0.1279': attribute type 4 has an invalid length. [ 213.530575][T10419] netlink: 'syz.4.1283': attribute type 2 has an invalid length. [ 213.824036][T10441] __nla_validate_parse: 9 callbacks suppressed [ 213.824057][T10441] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1288'. [ 213.851105][T10436] : entered promiscuous mode [ 214.256901][T10410] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 214.302586][T10463] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1295'. [ 214.305955][T10461] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1296'. [ 214.432366][T10468] IPVS: Unknown mcast interface: dvmrp0 [ 214.465317][T10467] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1298'. [ 214.678495][T10479] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1302'. [ 214.872140][T10488] netlink: 1284 bytes leftover after parsing attributes in process `syz.1.1302'. [ 214.972961][T10490] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1303'. [ 215.100103][T10490] netlink: 'syz.0.1303': attribute type 9 has an invalid length. [ 215.392848][ T5878] Bluetooth: hci0: command 0x0406 tx timeout [ 215.404067][T10502] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048) [ 215.641578][ T5878] block nbd1: Receive control failed (result -107) [ 215.683545][T10508] nbd1: detected capacity change from 0 to 63 [ 215.692365][T10512] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1312'. [ 215.715069][ T6535] block nbd1: Dead connection, failed to find a fallback [ 215.879082][T10522] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1317'. [ 215.993528][T10525] IPVS: wlc: FWM 3 0x00000003 - no destination available [ 216.017953][ C0] IPVS: wlc: FWM 3 0x00000003 - no destination available [ 216.039021][T10526] netlink: 'syz.1.1318': attribute type 10 has an invalid length. [ 216.059718][T10529] tipc: Enabling of bearer rejected, already enabled [ 216.375603][T10547] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1325'. [ 216.438865][T10544] veth7: entered allmulticast mode [ 216.441477][T10552] netlink: 'syz.1.1329': attribute type 1 has an invalid length. [ 216.514506][T10556] block nbd2: Unsupported socket: shutdown callout must be supported. [ 216.664875][T10552] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 216.703274][T10558] veth5: entered promiscuous mode [ 216.926038][T10577] tipc: Enabling of bearer rejected, already enabled [ 217.311393][T10596] ip6gre0: Master is either lo or non-ether device [ 217.526133][T10608] batadv0: entered allmulticast mode [ 217.587442][T10610] openvswitch: netlink: nsh attr 8196 is out of range max 3 [ 217.626477][T10610] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 217.648128][T10611] openvswitch: netlink: nsh attr 8196 is out of range max 3 [ 217.713725][T10611] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 218.181680][T10638] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 219.329880][T10696] __nla_validate_parse: 17 callbacks suppressed [ 219.329902][T10696] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1377'. [ 219.390357][T10691] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1377'. [ 219.412076][T10698] netlink: zone id is out of range [ 219.443881][T10691] netlink: 124 bytes leftover after parsing attributes in process `syz.4.1377'. [ 219.454810][T10698] netlink: zone id is out of range [ 219.459967][T10698] netlink: zone id is out of range [ 219.622868][T10707] sctp: [Deprecated]: syz.1.1384 (pid 10707) Use of int in maxseg socket option. [ 219.622868][T10707] Use struct sctp_assoc_value instead [ 219.880014][T10720] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1388'. [ 219.926284][T10720] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1388'. [ 220.156765][T10736] netlink: 'syz.1.1391': attribute type 21 has an invalid length. [ 220.181453][T10742] IPVS: set_ctl: invalid protocol: 20 0.0.0.0:256 [ 220.688234][ T30] audit: type=1800 audit(1759340772.809:3): pid=10769 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1403" name="memory.events" dev="tmpfs" ino=1476 res=0 errno=0 [ 220.737988][T10769] team0: Device vti0 is up. Set it down before adding it as a team port [ 220.752366][T10767] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1401'. [ 220.784619][T10774] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1404'. [ 220.797818][T10774] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1404'. [ 220.811276][T10778] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1402'. [ 220.817221][T10774] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1404'. [ 220.821606][T10778] 0ªî{X¹¦: renamed from gretap0 (while UP) [ 220.860818][T10778] 0ªî{X¹¦: entered allmulticast mode [ 220.888852][T10778] net_ratelimit: 13 callbacks suppressed [ 220.888871][T10778] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 221.357855][T10802] chnl_net:caif_netlink_parms(): no params data found [ 221.423395][T10800] Unsupported xt match [ 221.423414][T10800] unable to load match [ 222.757928][T10854] IPVS: set_ctl: invalid protocol: 51 127.0.0.1:20000 [ 223.408538][T10894] syzkaller1: entered promiscuous mode [ 223.468687][T10894] syzkaller1: entered allmulticast mode [ 223.785753][T10916] netlink: 'syz.3.1449': attribute type 11 has an invalid length. [ 224.143963][T10942] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 224.237108][T10946] netlink: 'syz.3.1458': attribute type 1 has an invalid length. [ 224.247562][T10946] netlink: 'syz.3.1458': attribute type 1 has an invalid length. [ 224.252864][T10944] netdevsim netdevsim0: Firmware load for '..' refused, path contains '..' component [ 224.362240][T10949] tipc: Enabling of bearer rejected, already enabled [ 224.695798][T10971] __nla_validate_parse: 37 callbacks suppressed [ 224.695820][T10971] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1465'. [ 224.837285][T10971] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1465'. [ 224.847821][T10971] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1465'. [ 225.742481][T11037] xfrm1: entered allmulticast mode [ 226.027480][T11060] netlink: 'syz.4.1488': attribute type 1 has an invalid length. [ 226.045356][T11060] netlink: 'syz.4.1488': attribute type 1 has an invalid length. [ 226.069034][T11060] netlink: 'syz.4.1488': attribute type 2 has an invalid length. [ 226.077953][T11060] netlink: 'syz.4.1488': attribute type 2 has an invalid length. [ 226.086427][T11060] netlink: 'syz.4.1488': attribute type 1 has an invalid length. [ 226.098444][T11060] netlink: 'syz.4.1488': attribute type 1 has an invalid length. [ 226.123544][T11060] netlink: 'syz.4.1488': attribute type 1 has an invalid length. [ 226.149187][T11054] bond4: entered promiscuous mode [ 226.154515][T11054] bond4: entered allmulticast mode [ 226.161767][T11054] 8021q: adding VLAN 0 to HW filter on device bond4 [ 226.515618][T11084] netlink: 'syz.0.1498': attribute type 1 has an invalid length. [ 226.578209][T11084] bond3: entered promiscuous mode [ 226.587303][T11084] 8021q: adding VLAN 0 to HW filter on device bond3 [ 226.620717][T11088] bond3: (slave bridge1): making interface the new active one [ 226.630104][T11088] bridge1: entered promiscuous mode [ 226.650411][T11088] bond3: (slave bridge1): Enslaving as an active interface with an up link [ 226.930875][T11092] pim6reg: entered allmulticast mode [ 226.944412][T11092] pim6reg: left allmulticast mode [ 227.158794][T11100] lo speed is unknown, defaulting to 1000 [ 227.166799][T11100] lo speed is unknown, defaulting to 1000 [ 227.180677][T11100] hsr0 speed is unknown, defaulting to 1000 [ 227.190739][T11104] veth0: entered promiscuous mode [ 227.259289][T11106] bond4 (unregistering): Released all slaves [ 227.288320][T11104] veth0: left promiscuous mode [ 227.337460][T11113] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1507'. [ 227.510186][T11121] veth1_macvtap: left promiscuous mode [ 227.531570][T11121] team0: Device veth1_macvtap failed to register rx_handler [ 228.011416][T11162] sctp: [Deprecated]: syz.3.1521 (pid 11162) Use of struct sctp_assoc_value in delayed_ack socket option. [ 228.011416][T11162] Use struct sctp_sack_info instead [ 228.079768][T11167] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1523'. [ 228.254559][T11177] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1525'. [ 228.276542][T11180] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1525'. [ 228.556472][T11201] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1531'. [ 228.596747][T11201] netlink: 26 bytes leftover after parsing attributes in process `syz.0.1531'. [ 228.686684][T11201] 8021q: adding VLAN 0 to HW filter on device team0 [ 228.733915][T11201] bond0: (slave team0): Enslaving as an active interface with an up link [ 228.771788][T11216] erspan0: entered promiscuous mode [ 228.857275][T11216] erspan0: entered allmulticast mode [ 228.995006][T11235] netlink: 'syz.2.1537': attribute type 11 has an invalid length. [ 229.026864][T11235] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1537'. [ 229.126294][T11244] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 229.221952][T11248] tipc: Enabling of bearer rejected, failed to enable media [ 229.468942][T11263] bridge1: entered allmulticast mode [ 230.154202][T11298] geneve2: entered promiscuous mode [ 230.165846][T11298] geneve2: entered allmulticast mode [ 230.180921][ T6688] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.219408][ T6688] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.258411][ T6688] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.292951][ T1016] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.324335][T11304] __nla_validate_parse: 2 callbacks suppressed [ 230.324355][T11304] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1561'. [ 230.608099][T11319] bond6: Unable to set down delay as MII monitoring is disabled [ 230.627873][T11319] bond6 (unregistering): Released all slaves [ 230.821043][T11332] tipc: Enabling of bearer rejected, failed to enable media [ 230.865907][T11333] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1570'. [ 230.933557][T11333] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1570'. [ 231.062407][T11346] sock: sock_timestamping_bind_phc: sock not bind to device [ 231.086461][T11351] lo: entered promiscuous mode [ 231.091743][T11351] validate_nla: 6 callbacks suppressed [ 231.091763][T11351] netlink: 'syz.2.1576': attribute type 2 has an invalid length. [ 231.124579][T11351] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 231.164410][T11353] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1577'. [ 231.398525][T11368] tc_dump_action: action bad kind [ 231.442284][T11370] tc_dump_action: action bad kind [ 231.539700][T11375] netlink: 'syz.2.1585': attribute type 5 has an invalid length. [ 231.544644][T11376] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1583'. [ 231.560993][T11375] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1585'. [ 231.647087][T11378] netlink: 'syz.3.1587': attribute type 2 has an invalid length. [ 231.667021][T11378] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1587'. [ 231.679599][T11378] nbd: must specify a device to reconfigure [ 231.690140][T11380] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1586'. [ 231.754292][T11382] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1586'. [ 231.778988][T11380] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1586'. [ 233.279966][T11469] tipc: Enabled bearer , priority 13 [ 233.464683][T11484] tipc: Enabled bearer , priority 10 [ 234.720914][T11553] dvmrp0: entered allmulticast mode [ 234.880621][T11561] openvswitch: netlink: Actions may not be safe on all matching packets [ 234.923253][T11561] netlink: 'syz.2.1636': attribute type 10 has an invalid length. [ 234.978077][T11570] netlink: 'syz.2.1636': attribute type 1 has an invalid length. [ 235.000164][T11570] netlink: 'syz.2.1636': attribute type 2 has an invalid length. [ 235.013526][T11570] netlink: 'syz.2.1636': attribute type 1 has an invalid length. [ 235.038112][T11576] 0ªî{X¹¦: entered promiscuous mode [ 235.054411][T11569] 1ªî{X¹¦: renamed from 30ªî{X¹¦ [ 235.080668][T11569] 1ªî{X¹¦: left promiscuous mode [ 235.092110][T11569] 1ªî{X¹¦: entered allmulticast mode [ 235.104378][T11569] A link change request failed with some changes committed already. Interface 31ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 235.136941][T11579] tipc: Enabling of bearer rejected, already enabled [ 235.422596][T11598] tipc: Enabling of bearer rejected, failed to enable media [ 235.451064][T11603] __nla_validate_parse: 3 callbacks suppressed [ 235.451082][T11603] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1652'. [ 235.472392][T11598] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1649'. [ 235.484177][T11601] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1652'. [ 235.549677][T11611] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1650'. [ 235.554970][T11610] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1653'. [ 236.011586][T11635] nftables ruleset with unbound chain [ 236.084964][T11639] raw_sendmsg: syz.0.1661 forgot to set AF_INET. Fix it! [ 236.411106][T11656] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1669'. [ 236.429624][T11656] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1669'. [ 236.495530][T11657] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1667'. [ 236.662978][T11668] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 236.685369][T11668] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 236.711007][T11668] gretap1: entered promiscuous mode [ 236.722070][T11668] gretap1: entered allmulticast mode [ 236.738937][T11675] veth1_to_bond: entered allmulticast mode [ 236.759297][T11671] netlink: 146780 bytes leftover after parsing attributes in process `syz.0.1674'. [ 236.820927][T11675] veth1_to_bond: left allmulticast mode [ 236.910943][T11690] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1677'. [ 236.967938][T11690] !: renamed from dummy0 [ 237.121533][T11704] nbd: must specify at least one socket [ 237.191395][T11712] netlink: 'syz.3.1683': attribute type 21 has an invalid length. [ 237.224930][T11712] netlink: 'syz.3.1683': attribute type 22 has an invalid length. [ 237.247878][T11712] netlink: 'syz.3.1683': attribute type 23 has an invalid length. [ 237.256270][T11712] netlink: 'syz.3.1683': attribute type 25 has an invalid length. [ 237.271652][T11712] netlink: 'syz.3.1683': attribute type 26 has an invalid length. [ 237.820899][T11752] sctp: [Deprecated]: syz.0.1697 (pid 11752) Use of int in max_burst socket option deprecated. [ 237.820899][T11752] Use struct sctp_assoc_value instead [ 238.167789][T11773] netlink: 'syz.3.1702': attribute type 8 has an invalid length. [ 238.256561][T11782] !€ÿ: renamed from bond_slave_0 [ 238.347637][T11785] netlink: 'syz.4.1706': attribute type 11 has an invalid length. [ 238.402230][T11789] netlink: 'syz.0.1708': attribute type 11 has an invalid length. [ 238.443139][T11789] netlink: 'syz.0.1708': attribute type 5 has an invalid length. [ 238.579876][T11798] sit0: entered promiscuous mode [ 238.585487][T11798] netlink: 'syz.1.1712': attribute type 1 has an invalid length. [ 238.651434][T11806] sctp: [Deprecated]: syz.4.1711 (pid 11806) Use of int in maxseg socket option. [ 238.651434][T11806] Use struct sctp_assoc_value instead [ 239.278947][T11847] syzkaller0: entered promiscuous mode [ 239.284994][T11847] syzkaller0: entered allmulticast mode [ 239.772309][T11878] FAULT_INJECTION: forcing a failure. [ 239.772309][T11878] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 239.794077][T11878] CPU: 0 UID: 0 PID: 11878 Comm: syz.4.1738 Not tainted syzkaller #0 PREEMPT(full) [ 239.794117][T11878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 239.794135][T11878] Call Trace: [ 239.794143][T11878] [ 239.794151][T11878] dump_stack_lvl+0x189/0x250 [ 239.794181][T11878] ? __pfx____ratelimit+0x10/0x10 [ 239.794202][T11878] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.794225][T11878] ? __pfx__printk+0x10/0x10 [ 239.794252][T11878] ? __might_fault+0xb0/0x130 [ 239.794291][T11878] should_fail_ex+0x414/0x560 [ 239.794326][T11878] _copy_from_user+0x2d/0xb0 [ 239.794353][T11878] kstrtouint_from_user+0xc4/0x170 [ 239.794377][T11878] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 239.794416][T11878] proc_fail_nth_write+0x88/0x200 [ 239.794439][T11878] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 239.794468][T11878] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 239.794492][T11878] vfs_write+0x27e/0xb30 [ 239.794537][T11878] ? __pfx_vfs_write+0x10/0x10 [ 239.794566][T11878] ? __fget_files+0x2a/0x420 [ 239.794587][T11878] ? __fget_files+0x3a0/0x420 [ 239.794602][T11878] ? __fget_files+0x2a/0x420 [ 239.794629][T11878] ksys_write+0x145/0x250 [ 239.794659][T11878] ? __pfx_ksys_write+0x10/0x10 [ 239.794683][T11878] ? rcu_is_watching+0x15/0xb0 [ 239.794710][T11878] ? do_syscall_64+0xbe/0x3b0 [ 239.794737][T11878] do_syscall_64+0xfa/0x3b0 [ 239.794758][T11878] ? lockdep_hardirqs_on+0x9c/0x150 [ 239.794779][T11878] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.794798][T11878] ? clear_bhb_loop+0x60/0xb0 [ 239.794823][T11878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.794842][T11878] RIP: 0033:0x7f9934d8d97f [ 239.794857][T11878] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 239.794874][T11878] RSP: 002b:00007f9932ff6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 239.794893][T11878] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9934d8d97f [ 239.794907][T11878] RDX: 0000000000000001 RSI: 00007f9932ff60a0 RDI: 0000000000000004 [ 239.794918][T11878] RBP: 00007f9932ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 239.794930][T11878] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 239.794942][T11878] R13: 00007f9934fe6038 R14: 00007f9934fe5fa0 R15: 00007fff5e056a38 [ 239.794975][T11878] [ 240.336480][T11901] bridge_slave_1: default FDB implementation only supports local addresses [ 240.432348][T11906] ip6gre1: entered allmulticast mode [ 240.501915][T11903] A link change request failed with some changes committed already. Interface teql0 may have been left with an inconsistent configuration, please check. [ 240.564190][T11917] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 240.673165][ T5876] Bluetooth: hci4: command 0x0405 tx timeout [ 240.687751][T11918] netlink: 'syz.1.1752': attribute type 21 has an invalid length. [ 240.696532][T11918] netlink: 'syz.1.1752': attribute type 22 has an invalid length. [ 240.714515][T11918] __nla_validate_parse: 27 callbacks suppressed [ 240.714534][T11918] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1752'. [ 240.838923][T11938] tipc: Trying to set illegal importance in message [ 241.106263][T11935] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1760'. [ 241.174588][T11956] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 241.279108][T11962] syzkaller1: entered promiscuous mode [ 241.290845][T11962] syzkaller1: entered allmulticast mode [ 241.309398][T11961] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1766'. [ 241.337810][T11962] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1766'. [ 241.445409][T11961] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1766'. [ 241.447746][T11971] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1769'. [ 241.476765][T11971] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1769'. [ 241.568914][T11982] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1771'. [ 241.714480][T11989] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1776'. [ 241.735892][T11989] openvswitch: netlink: Actions may not be safe on all matching packets [ 241.809626][T11999] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1779'. [ 242.334986][T12030] syzkaller1: entered promiscuous mode [ 242.347290][T12030] syzkaller1: entered allmulticast mode [ 242.429552][T12043] validate_nla: 5 callbacks suppressed [ 242.429571][T12043] netlink: 'syz.2.1786': attribute type 4 has an invalid length. [ 242.449821][T12030] svc: failed to register nfsdv3 RPC service (errno 111). [ 242.463455][T12041] erspan0: mtu less than device minimum [ 242.528784][T12030] svc: failed to register nfsaclv3 RPC service (errno 111). [ 242.713935][T12054] bridge_slave_0: invalid flags given to default FDB implementation [ 244.055489][T12060] IPVS: Error connecting to the multicast addr [ 244.233095][T12074] syzkaller1: entered promiscuous mode [ 244.238625][T12074] syzkaller1: entered allmulticast mode [ 244.418754][T12091] netlink: 'syz.3.1805': attribute type 11 has an invalid length. [ 244.686084][T12106] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 244.849701][T12106] netlink: 'syz.1.1810': attribute type 11 has an invalid length. [ 245.019832][T12118] syzkaller0: entered promiscuous mode [ 245.027999][T12118] syzkaller0: entered allmulticast mode [ 246.626145][T12158] __nla_validate_parse: 9 callbacks suppressed [ 246.626167][T12158] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1826'. [ 246.666410][T12158] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1826'. [ 246.689295][T12158] netlink: 'syz.4.1826': attribute type 11 has an invalid length. [ 246.720519][ T1016] netdevsim netdevsim4 netdevsim0: set [0, 1] type 1 family 0 port 8472 - 0 [ 246.776742][ T1016] netdevsim netdevsim4 netdevsim1: set [0, 1] type 1 family 0 port 8472 - 0 [ 246.809027][ T1016] netdevsim netdevsim4 netdevsim2: set [0, 1] type 1 family 0 port 8472 - 0 [ 246.837636][ T1016] netdevsim netdevsim4 netdevsim3: set [0, 1] type 1 family 0 port 8472 - 0 [ 247.070279][T12188] netlink: 'syz.0.1836': attribute type 10 has an invalid length. [ 247.117677][T12188] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1836'. [ 247.137681][T12188] dummy0: entered promiscuous mode [ 247.146782][T12188] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 247.170980][T12203] netlink: 'syz.3.1837': attribute type 10 has an invalid length. [ 247.186476][T12203] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1837'. [ 247.334805][T12203] team0: Port device geneve0 added [ 247.835320][T12256] sctp: [Deprecated]: syz.0.1852 (pid 12256) Use of int in max_burst socket option deprecated. [ 247.835320][T12256] Use struct sctp_assoc_value instead [ 247.968137][T12261] netlink: 'syz.2.1854': attribute type 10 has an invalid length. [ 247.985845][T12261] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 248.002794][T12261] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 248.151133][T12271] netlink: 'syz.2.1857': attribute type 32 has an invalid length. [ 248.159194][T12271] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1857'. [ 248.189937][T12271] bond8: option coupled_control: invalid value (32) [ 248.198435][T12271] bond8 (unregistering): Released all slaves [ 248.360028][T12282] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1859'. [ 248.370633][T12282] netlink: 'syz.2.1859': attribute type 1 has an invalid length. [ 248.413549][T12282] bond8: entered promiscuous mode [ 248.419028][T12282] 8021q: adding VLAN 0 to HW filter on device bond8 [ 248.431532][T12285] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1859'. [ 248.442123][T12286] netlink: 'syz.4.1860': attribute type 1 has an invalid length. [ 248.497566][T12286] openvswitch: netlink: Duplicate or invalid key (type 0). [ 248.505428][T12286] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 248.527847][T12286] bond8: (slave vxcan3): The slave device specified does not support setting the MAC address [ 248.539952][T12286] bond8: (slave vxcan3): Error -95 calling set_mac_address [ 248.584987][T12292] bond8: (slave bridge0): Enslaving as an active interface with a down link [ 248.619917][T12286] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1860'. [ 248.636409][T12286] gretap3: entered promiscuous mode [ 248.641834][T12286] gretap3: entered allmulticast mode [ 248.926544][T12312] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1866'. [ 249.262800][T12334] netlink: 165 bytes leftover after parsing attributes in process `syz.0.1874'. [ 249.505312][T12347] veth1: entered allmulticast mode [ 250.112287][T12387] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 250.147809][T12393] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 250.570962][T12420] netlink: 'syz.2.1901': attribute type 2 has an invalid length. [ 250.627780][T12425] tipc: Enabling of bearer rejected, media not registered [ 250.685776][T12428] netlink: 'syz.3.1904': attribute type 1 has an invalid length. [ 250.790475][T12432] tipc: Enabled bearer , priority 0 [ 250.816915][T12431] tipc: Enabling of bearer rejected, already enabled [ 250.838068][T12431] syzkaller0: entered promiscuous mode [ 250.843932][T12431] syzkaller0: entered allmulticast mode [ 250.869332][T12431] tipc: Resetting bearer [ 250.902467][T12430] tipc: Resetting bearer [ 250.952557][T12430] tipc: Disabling bearer [ 250.996539][T12446] syzkaller1: entered promiscuous mode [ 251.002101][T12446] syzkaller1: entered allmulticast mode [ 251.119895][T12455] veth0: entered promiscuous mode [ 251.142505][T12455] veth0 (unregistering): left promiscuous mode [ 251.576885][T12475] syzkaller1: entered promiscuous mode [ 251.582901][T12475] syzkaller1: entered allmulticast mode [ 252.219537][T12494] tipc: Enabled bearer , priority 0 [ 252.230473][T12494] syzkaller0: entered promiscuous mode [ 252.237662][T12494] syzkaller0: entered allmulticast mode [ 253.056686][ C1] syzkaller0: tun_net_xmit 90 [ 253.061472][ C1] syzkaller0: tun_net_xmit 90 [ 253.110627][T12496] tipc: Resetting bearer [ 253.120111][T12496] syzkaller0: tun_net_xmit 90 [ 253.124900][T12496] syzkaller0: tun_net_xmit 90 [ 253.137792][T12493] tipc: Resetting bearer [ 253.170122][T12493] tipc: Disabling bearer [ 253.212845][T12502] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 253.246133][T12499] syzkaller1: entered promiscuous mode [ 253.260450][T12499] syzkaller1: entered allmulticast mode [ 253.965890][T12553] netlink: 'syz.2.1948': attribute type 30 has an invalid length. [ 254.094551][T12563] __nla_validate_parse: 9 callbacks suppressed [ 254.094571][T12563] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1953'. [ 254.152527][T12563] vlan2: entered allmulticast mode [ 254.161449][T12563] bridge0: entered allmulticast mode [ 254.216853][T12569] netlink: 'syz.1.1955': attribute type 11 has an invalid length. [ 254.373774][T12576] netlink: 788 bytes leftover after parsing attributes in process `syz.1.1958'. [ 254.430130][T12580] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.1960'. [ 254.454417][T12579] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1959'. [ 254.489506][T12579] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1959'. [ 254.595704][T12594] syz.4.1963 uses old SIOCAX25GETINFO [ 254.778534][T12608] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1968'. [ 254.814275][T12608] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1968'. [ 254.848082][T12608] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1968'. [ 254.862227][T12608] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1968'. [ 254.876409][T12613] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1970'. [ 255.394940][T12651] netlink: 'syz.0.1980': attribute type 6 has an invalid length. [ 255.403494][T12651] netlink: 'syz.0.1980': attribute type 5 has an invalid length. [ 255.411340][T12647] netlink: 'syz.0.1980': attribute type 6 has an invalid length. [ 255.434880][T12647] netlink: 'syz.0.1980': attribute type 5 has an invalid length. [ 255.516851][T12657] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 255.592160][T12668] netlink: 'syz.1.1990': attribute type 1 has an invalid length. [ 255.640026][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.705499][T12668] 8021q: adding VLAN 0 to HW filter on device bond5 [ 255.750612][T12672] pim6reg1: entered promiscuous mode [ 255.787315][T12672] pim6reg1: entered allmulticast mode [ 255.848845][T12668] bond5: (slave gretap2): making interface the new active one [ 255.893058][T12668] bond5: (slave gretap2): Enslaving as an active interface with an up link [ 255.902001][T12689] netlink: 'syz.3.1995': attribute type 13 has an invalid length. [ 255.925126][T12668] syz.1.1990 (12668) used greatest stack depth: 17464 bytes left [ 255.982327][T12686] workqueue: Failed to create a rescuer kthread for wq "bond9": -EINTR [ 256.067777][T12689] bridge0: port 3(syz_tun) entered blocking state [ 256.082732][T12689] bridge0: port 3(syz_tun) entered forwarding state [ 256.089691][T12689] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.096917][T12689] bridge0: port 2(bridge_slave_1) entered forwarding state [ 256.119245][T12689] 8021q: adding VLAN 0 to HW filter on device team0 [ 256.137708][T12689] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 256.972716][ T30] audit: type=1107 audit(1759340809.079:4): pid=12752 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='ê1ã›|\W¤ZbÒ#Å,h»&ø¸ËÆy ;®BéÞ>Áo5T³|z§Ý †áµAÛày1öìÒôÁ“hL£ó!”ŠØNIŠ°o¸†¦ER5UvÛ [ 256.972716][ T30] Ùö2 ÛS: –NŒyÎÚt‘ò’å‡UõŒi©ÿtnRc…\çŒ1bJ°L*h)ú{#ŽÅÆärál£nj& #RÎ]í)%¥±o»ìèòÅyDKÔ$ gó%4[Ü7@â>&RcF}㘑o8¤}·ÌîWwñ' [ 257.073707][T12762] netlink: 'syz.3.2015': attribute type 1 has an invalid length. [ 257.123144][T12762] bond7: (slave vxcan9): The slave device specified does not support setting the MAC address [ 257.155122][T12762] bond7: (slave vxcan9): Error -95 calling set_mac_address [ 257.309391][T12767] vlan2: entered allmulticast mode [ 257.340106][T12767] bridge0: entered promiscuous mode [ 257.364560][T12767] bridge0: left promiscuous mode [ 257.379101][T12767] bond7: (slave vlan2): making interface the new active one [ 257.396997][T12767] bridge0: entered promiscuous mode [ 257.407274][T12767] bond7: (slave vlan2): Enslaving as an active interface with an up link [ 257.700144][T12795] pim6reg527: entered allmulticast mode [ 258.064366][T12821] openvswitch: netlink: IPv6 tunnel dst address is zero [ 258.179217][T12832] tipc: Can't bind to reserved service type 0 [ 258.860784][T12876] IPVS: set_ctl: invalid protocol: 8 100.1.1.0:20002 [ 259.377315][T12917] __nla_validate_parse: 47 callbacks suppressed [ 259.377336][T12917] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2060'. [ 259.408337][T12915] netlink: 'syz.1.2059': attribute type 1 has an invalid length. [ 259.439419][T12915] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2059'. [ 259.473036][T12920] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2060'. [ 259.497309][T12917] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 259.517140][T12924] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 259.548596][T12917] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 259.678230][T12935] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2066'. [ 260.343372][T12974] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2076'. [ 260.553999][T12991] netlink: 5636 bytes leftover after parsing attributes in process `syz.1.2081'. [ 260.573647][T12993] netlink: 'syz.4.2084': attribute type 1 has an invalid length. [ 260.699030][T13000] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2086'. [ 260.718773][T12997] tipc: New replicast peer: 0.0.0.0 [ 260.765721][T12997] tipc: Enabled bearer , priority 10 [ 260.863799][T12997] veth3: entered promiscuous mode [ 260.880104][T12997] bond9: (slave veth3): Enslaving as a backup interface with a down link [ 260.998154][T13015] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2091'. [ 261.088778][T13013] netlink: 'syz.1.2090': attribute type 14 has an invalid length. [ 261.426581][T13048] bond4: Removing last arp target with arp_interval on [ 261.549585][T13059] netlink: 'syz.4.2104': attribute type 3 has an invalid length. [ 261.758804][T13071] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2102'. [ 261.882732][ T5870] tipc: Node number set to 3758096386 [ 261.928717][T13059] netlink: 'syz.4.2104': attribute type 3 has an invalid length. [ 262.115511][T13077] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2106'. [ 262.129288][T13082] netlink: 'syz.4.2108': attribute type 1 has an invalid length. [ 262.436674][T13099] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 262.656201][T13111] netlink: 'syz.4.2116': attribute type 1 has an invalid length. [ 262.680560][T13111] netlink: 'syz.4.2116': attribute type 1 has an invalid length. [ 262.737765][T13111] netlink: 'syz.4.2116': attribute type 2 has an invalid length. [ 262.812245][T13124] netlink: 'syz.1.2120': attribute type 1 has an invalid length. [ 263.148656][T13144] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 282.025101][T13174] __nla_validate_parse: 9 callbacks suppressed [ 282.025122][T13174] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2129'. [ 282.041460][T13179] FAULT_INJECTION: forcing a failure. [ 282.041460][T13179] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 282.079047][T13183] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2130'. [ 282.090010][T13181] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2132'. [ 282.098226][T13179] CPU: 0 UID: 0 PID: 13179 Comm: syz.2.2131 Not tainted syzkaller #0 PREEMPT(full) [ 282.098257][T13179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 282.098289][T13179] Call Trace: [ 282.098300][T13179] [ 282.098310][T13179] dump_stack_lvl+0x189/0x250 [ 282.098344][T13179] ? __pfx____ratelimit+0x10/0x10 [ 282.098370][T13179] ? __pfx_dump_stack_lvl+0x10/0x10 [ 282.098402][T13179] ? __pfx__printk+0x10/0x10 [ 282.098434][T13179] ? __might_fault+0xb0/0x130 [ 282.098480][T13179] should_fail_ex+0x414/0x560 [ 282.098519][T13179] _copy_from_user+0x2d/0xb0 [ 282.098549][T13179] ___sys_sendmsg+0x158/0x2a0 [ 282.098583][T13179] ? __pfx____sys_sendmsg+0x10/0x10 [ 282.098654][T13179] ? __fget_files+0x2a/0x420 [ 282.098673][T13179] ? __fget_files+0x3a0/0x420 [ 282.098705][T13179] __x64_sys_sendmsg+0x19b/0x260 [ 282.098737][T13179] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 282.098776][T13179] ? __pfx_ksys_write+0x10/0x10 [ 282.098804][T13179] ? rcu_is_watching+0x15/0xb0 [ 282.098832][T13179] ? do_syscall_64+0xbe/0x3b0 [ 282.098863][T13179] do_syscall_64+0xfa/0x3b0 [ 282.098887][T13179] ? lockdep_hardirqs_on+0x9c/0x150 [ 282.098909][T13179] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.098931][T13179] ? clear_bhb_loop+0x60/0xb0 [ 282.098958][T13179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.098978][T13179] RIP: 0033:0x7fbbe018eec9 [ 282.098995][T13179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.099017][T13179] RSP: 002b:00007fbbe0ffa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 282.099039][T13179] RAX: ffffffffffffffda RBX: 00007fbbe03e5fa0 RCX: 00007fbbe018eec9 [ 282.099053][T13179] RDX: 0000000004000000 RSI: 0000200000000340 RDI: 0000000000000004 [ 282.099066][T13179] RBP: 00007fbbe0ffa090 R08: 0000000000000000 R09: 0000000000000000 [ 282.099079][T13179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 282.099093][T13179] R13: 00007fbbe03e6038 R14: 00007fbbe03e5fa0 R15: 00007ffc30a050d8 [ 282.099130][T13179] [ 282.315636][T13189] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2132'. [ 282.330309][T13187] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2135'. [ 282.382696][T13183] bond6: option use_carrier: invalid value (4) [ 282.394926][T13183] bond6 (unregistering): Released all slaves [ 282.608239][T13204] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 282.629012][T13201] syzkaller0: entered promiscuous mode [ 282.655629][T13201] syzkaller0: entered allmulticast mode [ 282.738988][T13211] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2141'. [ 282.789569][T13216] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2143'. [ 282.804545][T13209] tipc: Enabling of bearer rejected, already enabled [ 282.968431][T13225] FAULT_INJECTION: forcing a failure. [ 282.968431][T13225] name failslab, interval 1, probability 0, space 0, times 0 [ 283.021582][T13225] CPU: 1 UID: 0 PID: 13225 Comm: syz.2.2144 Not tainted syzkaller #0 PREEMPT(full) [ 283.021610][T13225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 283.021621][T13225] Call Trace: [ 283.021629][T13225] [ 283.021637][T13225] dump_stack_lvl+0x189/0x250 [ 283.021666][T13225] ? __pfx____ratelimit+0x10/0x10 [ 283.021687][T13225] ? __pfx_dump_stack_lvl+0x10/0x10 [ 283.021710][T13225] ? __pfx__printk+0x10/0x10 [ 283.021742][T13225] ? __pfx___might_resched+0x10/0x10 [ 283.021766][T13225] should_fail_ex+0x414/0x560 [ 283.021799][T13225] should_failslab+0xa8/0x100 [ 283.021828][T13225] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 283.021856][T13225] ? __alloc_skb+0x112/0x2d0 [ 283.021881][T13225] __alloc_skb+0x112/0x2d0 [ 283.021906][T13225] netlink_sendmsg+0x5c6/0xb30 [ 283.021937][T13225] ? __pfx_netlink_sendmsg+0x10/0x10 [ 283.021971][T13225] ? aa_sock_msg_perm+0xf1/0x1d0 [ 283.021992][T13225] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 283.022013][T13225] ? __pfx_netlink_sendmsg+0x10/0x10 [ 283.022035][T13225] __sock_sendmsg+0x21c/0x270 [ 283.022067][T13225] ____sys_sendmsg+0x505/0x830 [ 283.022097][T13225] ? __pfx_____sys_sendmsg+0x10/0x10 [ 283.022129][T13225] ? import_iovec+0x74/0xa0 [ 283.022158][T13225] ___sys_sendmsg+0x21f/0x2a0 [ 283.022185][T13225] ? __pfx____sys_sendmsg+0x10/0x10 [ 283.022244][T13225] ? __fget_files+0x2a/0x420 [ 283.022260][T13225] ? __fget_files+0x3a0/0x420 [ 283.022287][T13225] __x64_sys_sendmsg+0x19b/0x260 [ 283.022314][T13225] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 283.022348][T13225] ? __pfx_ksys_write+0x10/0x10 [ 283.022371][T13225] ? rcu_is_watching+0x15/0xb0 [ 283.022395][T13225] ? do_syscall_64+0xbe/0x3b0 [ 283.022420][T13225] do_syscall_64+0xfa/0x3b0 [ 283.022441][T13225] ? lockdep_hardirqs_on+0x9c/0x150 [ 283.022460][T13225] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.022495][T13225] ? clear_bhb_loop+0x60/0xb0 [ 283.022519][T13225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.022539][T13225] RIP: 0033:0x7fbbe018eec9 [ 283.022556][T13225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.022574][T13225] RSP: 002b:00007fbbe0ffa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 283.022596][T13225] RAX: ffffffffffffffda RBX: 00007fbbe03e5fa0 RCX: 00007fbbe018eec9 [ 283.022615][T13225] RDX: 0000000004000000 RSI: 0000200000000340 RDI: 0000000000000004 [ 283.022627][T13225] RBP: 00007fbbe0ffa090 R08: 0000000000000000 R09: 0000000000000000 [ 283.022639][T13225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 283.022651][T13225] R13: 00007fbbe03e6038 R14: 00007fbbe03e5fa0 R15: 00007ffc30a050d8 [ 283.022682][T13225] [ 283.312526][T13235] validate_nla: 2 callbacks suppressed [ 283.312545][T13235] netlink: 'syz.1.2149': attribute type 1 has an invalid length. [ 283.327028][T13235] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2149'. [ 283.415963][T13230] tipc: Enabled bearer , priority 10 [ 283.644826][T13248] netlink: 'syz.2.2151': attribute type 1 has an invalid length. [ 283.675324][T13248] netlink: 160 bytes leftover after parsing attributes in process `syz.2.2151'. [ 284.370662][T13284] netlink: 'syz.2.2158': attribute type 2 has an invalid length. [ 284.393588][T13284] netlink: 'syz.2.2158': attribute type 8 has an invalid length. [ 284.407033][T13284] netlink: 1148 bytes leftover after parsing attributes in process `syz.2.2158'. [ 284.663163][T13296] netlink: 'syz.0.2164': attribute type 29 has an invalid length. [ 284.672240][T13296] netlink: 'syz.0.2164': attribute type 29 has an invalid length. [ 285.031433][T13325] sctp: [Deprecated]: syz.2.2172 (pid 13325) Use of struct sctp_assoc_value in delayed_ack socket option. [ 285.031433][T13325] Use struct sctp_sack_info instead [ 285.039676][T13322] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 285.090912][T13328] netlink: 'syz.3.2173': attribute type 5 has an invalid length. [ 285.643325][T13354] openvswitch: netlink: nsh attribute has 2 unknown bytes. [ 285.650192][T13356] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 285.874925][T13365] netlink: 'syz.4.2183': attribute type 29 has an invalid length. [ 286.068786][T13380] netlink: 'syz.0.2188': attribute type 11 has an invalid length. [ 286.130402][T13381] netlink: 'syz.0.2188': attribute type 11 has an invalid length. [ 286.408834][T13391] syzkaller1: entered promiscuous mode [ 286.429873][T13391] syzkaller1: entered allmulticast mode [ 287.380411][T13455] __nla_validate_parse: 11 callbacks suppressed [ 287.380432][T13455] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2212'. [ 287.385389][T13457] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2213'. [ 287.539363][T13455] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2212'. [ 287.787637][T13477] netlink: 1284 bytes leftover after parsing attributes in process `syz.4.2217'. [ 287.847086][T13472] delete_channel: no stack [ 287.963891][T13484] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 288.092249][T13487] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2220'. [ 288.135958][T13489] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2221'. [ 288.321166][T13499] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2224'. [ 288.351909][T13504] vlan2: entered allmulticast mode [ 288.371568][T13506] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2224'. [ 288.385034][T13505] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2224'. [ 288.408250][T13504] bridge_slave_0: entered allmulticast mode [ 288.597334][T13518] FAULT_INJECTION: forcing a failure. [ 288.597334][T13518] name failslab, interval 1, probability 0, space 0, times 0 [ 288.654069][T13518] CPU: 1 UID: 0 PID: 13518 Comm: syz.2.2227 Not tainted syzkaller #0 PREEMPT(full) [ 288.654097][T13518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 288.654109][T13518] Call Trace: [ 288.654118][T13518] [ 288.654126][T13518] dump_stack_lvl+0x189/0x250 [ 288.654175][T13518] ? __pfx____ratelimit+0x10/0x10 [ 288.654205][T13518] ? __pfx_dump_stack_lvl+0x10/0x10 [ 288.654229][T13518] ? __pfx__printk+0x10/0x10 [ 288.654264][T13518] ? __pfx___might_resched+0x10/0x10 [ 288.654283][T13518] ? fs_reclaim_acquire+0x7d/0x100 [ 288.654324][T13518] should_fail_ex+0x414/0x560 [ 288.654362][T13518] should_failslab+0xa8/0x100 [ 288.654395][T13518] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 288.654426][T13518] ? __alloc_skb+0x112/0x2d0 [ 288.654470][T13518] __alloc_skb+0x112/0x2d0 [ 288.654496][T13518] netlink_ack+0x146/0xa50 [ 288.654515][T13518] ? __pfx_genl_rcv_msg+0x10/0x10 [ 288.654541][T13518] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 288.654569][T13518] ? __pfx_nl80211_post_doit+0x10/0x10 [ 288.654598][T13518] ? __asan_memcpy+0x40/0x70 [ 288.654620][T13518] ? __pfx_ref_tracker_free+0x10/0x10 [ 288.654649][T13518] netlink_rcv_skb+0x28c/0x470 [ 288.654667][T13518] ? __lock_acquire+0xab9/0xd20 [ 288.654697][T13518] ? __pfx_genl_rcv_msg+0x10/0x10 [ 288.654726][T13518] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 288.654768][T13518] ? down_read+0x1ad/0x2e0 [ 288.654797][T13518] genl_rcv+0x28/0x40 [ 288.654821][T13518] netlink_unicast+0x82c/0x9e0 [ 288.654863][T13518] ? __pfx_netlink_unicast+0x10/0x10 [ 288.654896][T13518] ? netlink_sendmsg+0x642/0xb30 [ 288.654916][T13518] ? skb_put+0x11b/0x210 [ 288.654943][T13518] netlink_sendmsg+0x805/0xb30 [ 288.654976][T13518] ? __pfx_netlink_sendmsg+0x10/0x10 [ 288.655002][T13518] ? aa_sock_msg_perm+0xf1/0x1d0 [ 288.655024][T13518] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 288.655047][T13518] ? __pfx_netlink_sendmsg+0x10/0x10 [ 288.655069][T13518] __sock_sendmsg+0x21c/0x270 [ 288.655103][T13518] ____sys_sendmsg+0x505/0x830 [ 288.655139][T13518] ? __pfx_____sys_sendmsg+0x10/0x10 [ 288.655176][T13518] ? import_iovec+0x74/0xa0 [ 288.655213][T13518] ___sys_sendmsg+0x21f/0x2a0 [ 288.655240][T13518] ? __pfx____sys_sendmsg+0x10/0x10 [ 288.655305][T13518] ? __fget_files+0x2a/0x420 [ 288.655322][T13518] ? __fget_files+0x3a0/0x420 [ 288.655351][T13518] __x64_sys_sendmsg+0x19b/0x260 [ 288.655380][T13518] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 288.655416][T13518] ? __pfx_ksys_write+0x10/0x10 [ 288.655441][T13518] ? rcu_is_watching+0x15/0xb0 [ 288.655467][T13518] ? do_syscall_64+0xbe/0x3b0 [ 288.655494][T13518] do_syscall_64+0xfa/0x3b0 [ 288.655515][T13518] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.655537][T13518] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.655557][T13518] ? clear_bhb_loop+0x60/0xb0 [ 288.655582][T13518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.655600][T13518] RIP: 0033:0x7fbbe018eec9 [ 288.655618][T13518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 288.655635][T13518] RSP: 002b:00007fbbe0ffa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 288.655656][T13518] RAX: ffffffffffffffda RBX: 00007fbbe03e5fa0 RCX: 00007fbbe018eec9 [ 288.655671][T13518] RDX: 0000000004000000 RSI: 0000200000000340 RDI: 0000000000000004 [ 288.655684][T13518] RBP: 00007fbbe0ffa090 R08: 0000000000000000 R09: 0000000000000000 [ 288.655696][T13518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 288.655707][T13518] R13: 00007fbbe03e6038 R14: 00007fbbe03e5fa0 R15: 00007ffc30a050d8 [ 288.655740][T13518] [ 289.335073][T13534] validate_nla: 2 callbacks suppressed [ 289.335096][T13534] netlink: 'syz.1.2234': attribute type 83 has an invalid length. [ 289.434645][ T5934] hsr0 speed is unknown, defaulting to 1000 [ 289.647539][T13549] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2239'. [ 290.257234][T13582] netlink: 'syz.2.2250': attribute type 29 has an invalid length. [ 290.267632][T13582] netlink: 'syz.2.2250': attribute type 29 has an invalid length. [ 290.609937][T13595] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 290.875939][T13611] netlink: 'syz.4.2262': attribute type 26 has an invalid length. [ 290.889675][T13611] netlink: 'syz.4.2262': attribute type 26 has an invalid length. [ 291.009017][T13616] 1ªî{X¹¦: entered promiscuous mode [ 291.015126][T13616] 1ªî{X¹¦: left allmulticast mode [ 291.962186][ T5878] block nbd2: Receive control failed (result -32) [ 292.682993][T13701] __nla_validate_parse: 13 callbacks suppressed [ 292.683012][T13701] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2289'. [ 292.870738][T13704] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2291'. [ 292.893688][T13705] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 293.005593][T13704] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 293.239887][T13722] dvmrp0: entered allmulticast mode [ 293.627420][T13731] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2296'. [ 293.722903][T13740] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2299'. [ 293.754594][T13743] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2300'. [ 293.852317][T13740] lo: left promiscuous mode [ 293.969050][T13750] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 294.030300][T13757] syzkaller1: entered promiscuous mode [ 294.036700][T13757] syzkaller1: entered allmulticast mode [ 294.055104][T13757] netlink: 'syz.2.2303': attribute type 1 has an invalid length. [ 294.063085][T13757] netlink: 'syz.2.2303': attribute type 11 has an invalid length. [ 294.070922][T13757] netlink: 220 bytes leftover after parsing attributes in process `syz.2.2303'. [ 294.321029][T13780] vlan2: entered promiscuous mode [ 294.327567][T13780] bridge0: entered promiscuous mode [ 294.408368][T13760] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2308'. [ 294.488956][T13790] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2313'. [ 294.516219][T13789] netlink: 'syz.3.2314': attribute type 1 has an invalid length. [ 294.758730][T13801] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2318'. [ 294.785103][T13801] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2318'. [ 294.858314][T13809] block nbd3: Unsupported socket: shutdown callout must be supported. [ 294.871461][T13809] netlink: 'syz.1.2321': attribute type 15 has an invalid length. [ 315.461791][T13823] __nla_validate_parse: 4 callbacks suppressed [ 315.461825][T13823] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2326'. [ 315.515951][T13823] netlink: 'syz.0.2326': attribute type 58 has an invalid length. [ 315.540277][T13823] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2326'. [ 315.638963][T13834] pim6reg: entered allmulticast mode [ 315.651808][T13832] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2332'. [ 315.672540][T13834] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2333'. [ 315.704795][T13839] gretap0: entered allmulticast mode [ 315.801141][T13847] netlink: 'syz.1.2336': attribute type 1 has an invalid length. [ 316.087598][T13854] 8021q: adding VLAN 0 to HW filter on device bond7 [ 316.098476][T13854] bond6: (slave bond7): making interface the new active one [ 316.109102][T13854] bond6: (slave bond7): Enslaving as an active interface with an up link [ 316.145545][T13847] bond6: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 316.158784][T13847] bond6: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 316.184088][T13861] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2339'. [ 316.341310][T13871] pim6reg1: entered promiscuous mode [ 316.354152][T13868] netlink: 'syz.0.2341': attribute type 1 has an invalid length. [ 316.372979][T13871] pim6reg1: entered allmulticast mode [ 316.393878][ T30] audit: type=1800 audit(1759340868.509:5): pid=13873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2343" name="memory.events" dev="tmpfs" ino=2250 res=0 errno=0 [ 316.488406][ T30] audit: type=1804 audit(1759340868.609:6): pid=13880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2343" name="/newroot/440/memory.events" dev="tmpfs" ino=2250 res=1 errno=0 [ 316.534196][T13874] bond5 (unregistering): Released all slaves [ 316.560283][T13883] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2344'. [ 316.599419][T13877] ip6tnl2: entered promiscuous mode [ 316.607170][T13877] ip6tnl2: entered allmulticast mode [ 316.754194][T13890] netlink: 'syz.2.2348': attribute type 1 has an invalid length. [ 316.798196][T13890] 8021q: adding VLAN 0 to HW filter on device bond10 [ 316.820094][T13896] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2350'. [ 316.843579][T13894] bond10: (slave geneve2): making interface the new active one [ 316.853298][T13894] bond10: (slave geneve2): Enslaving as an active interface with an up link [ 317.004270][T13908] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2353'. [ 317.019545][T13910] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2353'. [ 317.028625][T13896] syz.0.2350 (13896) used greatest stack depth: 16712 bytes left [ 317.080398][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.351870][T13936] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2360'. [ 318.082472][T13986] bond11: option arp_validate: mode dependency failed, not supported in mode balance-alb(6) [ 318.109296][T13986] bond11 (unregistering): Released all slaves [ 318.247834][T13995] netlink: 'syz.2.2380': attribute type 5 has an invalid length. [ 318.257363][T13995] netlink: 'syz.2.2380': attribute type 5 has an invalid length. [ 318.566718][T14012] tipc: Enabling of bearer rejected, failed to enable media [ 318.708488][T14015] x_tables: ip_tables: udp match: only valid for protocol 17 [ 319.157532][ T9051] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 319.172440][ T9051] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 319.183208][ T6015] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 319.244268][ T5941] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 319.268675][T14054] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 319.295565][T14054] bond8: left promiscuous mode [ 319.622903][ T43] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 319.746213][ T5934] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 320.042823][ T43] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 320.120597][T14078] netlink: 'syz.0.2410': attribute type 1 has an invalid length. [ 320.190098][T14078] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address [ 320.202433][T14078] bond5: (slave vxcan3): Error -95 calling set_mac_address [ 320.292709][T14096] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 320.361599][T14096] netlink: 'syz.3.2415': attribute type 9 has an invalid length. [ 320.391256][T14094] vlan3: entered allmulticast mode [ 320.416451][T14094] bridge0: entered allmulticast mode [ 320.427618][T14094] bond5: (slave vlan3): Error -34 calling dev_set_mtu [ 320.499212][T14106] __nla_validate_parse: 21 callbacks suppressed [ 320.499234][T14106] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2417'. [ 320.519713][T14106] netlink: 'syz.2.2417': attribute type 1 has an invalid length. [ 320.528378][T14106] netlink: 228 bytes leftover after parsing attributes in process `syz.2.2417'. [ 320.780859][T14120] netlink: 'syz.3.2422': attribute type 1 has an invalid length. [ 321.139892][T14147] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 321.151645][T14147] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 321.168200][T14147] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 321.176295][T14147] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 321.486055][T14167] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2437'. [ 321.513057][T14167] netlink: 'syz.3.2437': attribute type 1 has an invalid length. [ 321.531532][T14167] netlink: 'syz.3.2437': attribute type 2 has an invalid length. [ 321.623351][T14176] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 321.719279][T14180] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2438'. [ 321.734798][T14180] geneve0: entered promiscuous mode [ 321.742560][T14180] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2438'. [ 322.150960][T14205] veth1_to_bond: entered allmulticast mode [ 322.169981][T14209] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2447'. [ 322.183606][T14209] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2447'. [ 322.228810][T14209] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2447'. [ 322.230365][ T59] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 322.237842][T14209] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2447'. [ 322.269180][T14217] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2446'. [ 322.373005][T14217] bond0: (slave bond_slave_1): Releasing backup interface [ 322.410173][T14217] veth1_to_bond (unregistering): left allmulticast mode [ 322.447563][ T59] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 322.466542][ T59] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 322.489032][ T59] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 323.072828][ C0] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 323.153915][T14257] veth0: entered promiscuous mode [ 323.172030][T14261] tipc: Invalid UDP bearer configuration [ 323.172086][T14261] tipc: Enabling of bearer rejected, failed to enable media [ 323.202200][T14256] veth0: left promiscuous mode [ 323.242376][T14259] tipc: Bearer : already 2 bearers with priority 10 [ 323.250654][T14262] xt_l2tp: invalid flags combination: 0 [ 323.267946][T14259] tipc: Bearer : trying with adjusted priority [ 323.306593][T14259] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 323.500430][T14274] netlink: 'syz.4.2466': attribute type 1 has an invalid length. [ 323.691367][T14283] netlink: 'syz.2.2471': attribute type 1 has an invalid length. [ 323.827132][T14289] macvlan0: entered promiscuous mode [ 323.832719][T14289] macvlan0: entered allmulticast mode [ 323.843255][T14289] bond11: entered promiscuous mode [ 323.852384][T14289] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 323.870209][T14289] bond11: left promiscuous mode [ 324.606886][T14347] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 325.337371][T14395] syzkaller1: entered promiscuous mode [ 325.343077][T14395] syzkaller1: entered allmulticast mode [ 325.970523][T14415] __nla_validate_parse: 5 callbacks suppressed [ 325.970541][T14415] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2508'. [ 326.149120][T14425] C: renamed from lo (while UP) [ 326.165639][T14425] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 326.195659][T14427] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2512'. [ 326.240521][T14430] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2513'. [ 326.333889][T14431] lo speed is unknown, defaulting to 1000 [ 326.356726][T14431] hsr0 speed is unknown, defaulting to 1000 [ 326.747358][T14448] sctp: [Deprecated]: syz.0.2517 (pid 14448) Use of int in max_burst socket option deprecated. [ 326.747358][T14448] Use struct sctp_assoc_value instead [ 326.772136][T14449] IPVS: Unknown mcast interface: vcan0 [ 326.843477][T14453] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2515'. [ 327.089530][T14460] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2520'. [ 327.187735][T14471] sch_tbf: burst 8 is lower than device ip6tnl0 mtu (1452) ! [ 327.326187][T14481] lo: entered allmulticast mode [ 327.338738][T14481] lo: left allmulticast mode [ 327.347638][T14483] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2528'. [ 327.415667][T14483] bond8 (unregistering): Released all slaves [ 327.606835][T14505] netlink: 'syz.2.2533': attribute type 25 has an invalid length. [ 327.715825][T14516] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2535'. [ 327.786928][T14514] lo speed is unknown, defaulting to 1000 [ 327.849386][T14514] hsr0 speed is unknown, defaulting to 1000 [ 327.922041][T14530] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 328.212398][T14546] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2544'. [ 328.300187][T14550] netlink: 'syz.1.2541': attribute type 1 has an invalid length. [ 328.583217][T14559] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2548'. [ 328.929169][T14581] bridge5: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms) [ 328.985605][T14587] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2556'. [ 329.112335][T14594] lo speed is unknown, defaulting to 1000 [ 329.117187][T14598] tipc: Enabled bearer , priority 0 [ 329.125030][T14594] hsr0 speed is unknown, defaulting to 1000 [ 329.126062][T14598] syzkaller0: entered promiscuous mode [ 329.137383][T14598] syzkaller0: entered allmulticast mode [ 329.222259][T14603] tipc: Resetting bearer [ 329.354111][T14608] rdma_rxe: rxe_newlink: failed to add vxcan1 [ 329.364161][T14608] rdma_rxe: rxe_newlink: failed to add vxcan1 [ 329.476559][T14616] vlan3: entered allmulticast mode [ 329.843773][T14633] netlink: 'syz.2.2570': attribute type 1 has an invalid length. [ 329.852203][T14633] netlink: 'syz.2.2570': attribute type 1 has an invalid length. [ 329.878905][T14633] tipc: Enabled bearer , priority 0 [ 329.886868][T14633] syzkaller0: entered promiscuous mode [ 329.897664][T14633] syzkaller0: entered allmulticast mode [ 329.923949][T14633] tipc: Resetting bearer [ 329.931431][T14595] tipc: Resetting bearer [ 329.965708][T14595] tipc: Disabling bearer [ 329.977349][T14632] tipc: Resetting bearer [ 330.009983][T14632] tipc: Disabling bearer [ 330.107708][T14642] rdma_rxe: rxe_newlink: failed to add bond0 [ 330.201365][T14644] syzkaller1: entered promiscuous mode [ 330.210477][T14644] syzkaller1: entered allmulticast mode [ 330.243349][T14644] syzkaller1: left promiscuous mode [ 330.259276][T14644] syzkaller1: left allmulticast mode [ 330.406513][T14652] netlink: 'syz.4.2580': attribute type 4 has an invalid length. [ 330.469922][T14657] netlink: 'syz.1.2579': attribute type 21 has an invalid length. [ 330.637278][T14661] sch_tbf: burst 4398 is lower than device lo mtu (11337746) ! [ 330.901416][ T2945] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 2816 - 0 [ 330.928575][ T2945] netdevsim netdevsim4 netdevsim0: unset [0, 1] type 1 family 0 port 8472 - 0 [ 330.975126][ T2945] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.985507][T14682] __nla_validate_parse: 9 callbacks suppressed [ 330.985524][T14682] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2587'. [ 331.017543][T14685] siw: device registration error -23 [ 331.079924][T14680] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2583'. [ 331.112727][T14682] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2587'. [ 331.152778][ C0] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 331.160876][ T2945] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 2816 - 0 [ 331.212351][ T2945] netdevsim netdevsim4 netdevsim1: unset [0, 1] type 1 family 0 port 8472 - 0 [ 331.227434][ T2945] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.239486][ T2945] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 2816 - 0 [ 331.251192][ T2945] netdevsim netdevsim4 netdevsim2: unset [0, 1] type 1 family 0 port 8472 - 0 [ 331.265720][ T2945] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.280623][ T2945] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 2816 - 0 [ 331.308298][ T2945] netdevsim netdevsim4 netdevsim3: unset [0, 1] type 1 family 0 port 8472 - 0 [ 331.318826][ T2945] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.475444][T14713] netlink: 'syz.3.2595': attribute type 3 has an invalid length. [ 331.480531][T14717] netlink: 'syz.2.2596': attribute type 1 has an invalid length. [ 331.507629][T14717] netlink: 'syz.2.2596': attribute type 2 has an invalid length. [ 331.520169][T14717] netlink: 1172 bytes leftover after parsing attributes in process `syz.2.2596'. [ 331.577439][T14720] veth0_virt_wifi: renamed from veth1_vlan [ 331.748136][T14736] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2600'. [ 331.757252][T14736] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2600'. [ 332.072526][T14752] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2606'. [ 332.434063][T14783] netlink: 'syz.3.2613': attribute type 1 has an invalid length. [ 332.434710][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 332.474877][T14783] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2613'. [ 332.627045][T14799] bond0: (slave rose0): Error: Device can not be enslaved while up [ 332.897053][T14807] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2622'. [ 333.206974][T14814] lo speed is unknown, defaulting to 1000 [ 333.222074][T14814] hsr0 speed is unknown, defaulting to 1000 [ 333.315928][T14826] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 333.338311][T14829] FAULT_INJECTION: forcing a failure. [ 333.338311][T14829] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 333.362535][T14829] CPU: 1 UID: 0 PID: 14829 Comm: syz.0.2630 Not tainted syzkaller #0 PREEMPT(full) [ 333.362564][T14829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 333.362582][T14829] Call Trace: [ 333.362589][T14829] [ 333.362597][T14829] dump_stack_lvl+0x189/0x250 [ 333.362628][T14829] ? __pfx____ratelimit+0x10/0x10 [ 333.362651][T14829] ? __pfx_dump_stack_lvl+0x10/0x10 [ 333.362676][T14829] ? __pfx__printk+0x10/0x10 [ 333.362704][T14829] ? __might_fault+0xb0/0x130 [ 333.362743][T14829] should_fail_ex+0x414/0x560 [ 333.362780][T14829] _copy_from_user+0x2d/0xb0 [ 333.362809][T14829] ___sys_sendmsg+0x158/0x2a0 [ 333.362838][T14829] ? __pfx____sys_sendmsg+0x10/0x10 [ 333.362902][T14829] ? __fget_files+0x2a/0x420 [ 333.362919][T14829] ? __fget_files+0x3a0/0x420 [ 333.362949][T14829] __x64_sys_sendmsg+0x19b/0x260 [ 333.362979][T14829] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 333.363016][T14829] ? __pfx_ksys_write+0x10/0x10 [ 333.363041][T14829] ? rcu_is_watching+0x15/0xb0 [ 333.363068][T14829] ? do_syscall_64+0xbe/0x3b0 [ 333.363097][T14829] do_syscall_64+0xfa/0x3b0 [ 333.363119][T14829] ? lockdep_hardirqs_on+0x9c/0x150 [ 333.363140][T14829] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.363160][T14829] ? clear_bhb_loop+0x60/0xb0 [ 333.363184][T14829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.363202][T14829] RIP: 0033:0x7fe9e098eec9 [ 333.363219][T14829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 333.363234][T14829] RSP: 002b:00007fe9e177d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 333.363262][T14829] RAX: ffffffffffffffda RBX: 00007fe9e0be5fa0 RCX: 00007fe9e098eec9 [ 333.363275][T14829] RDX: 0000000004000000 RSI: 0000200000000340 RDI: 0000000000000004 [ 333.363287][T14829] RBP: 00007fe9e177d090 R08: 0000000000000000 R09: 0000000000000000 [ 333.363299][T14829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 333.363311][T14829] R13: 00007fe9e0be6038 R14: 00007fe9e0be5fa0 R15: 00007ffcb6df8aa8 [ 333.363340][T14829] [ 333.716087][T14843] netlink: 'syz.2.2633': attribute type 1 has an invalid length. [ 333.818337][T14847] ip6tnl3: entered promiscuous mode [ 333.831225][T14847] ip6tnl3: entered allmulticast mode [ 333.893880][T14846] bond8: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-xor(2) [ 333.934702][T14846] bond8 (unregistering): Released all slaves [ 334.165677][T14871] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2640'. [ 334.188056][T14871] bond0: entered promiscuous mode [ 334.210048][T14873] FAULT_INJECTION: forcing a failure. [ 334.210048][T14873] name failslab, interval 1, probability 0, space 0, times 0 [ 334.242876][T14873] CPU: 1 UID: 0 PID: 14873 Comm: syz.3.2642 Not tainted syzkaller #0 PREEMPT(full) [ 334.242905][T14873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 334.242917][T14873] Call Trace: [ 334.242924][T14873] [ 334.242933][T14873] dump_stack_lvl+0x189/0x250 [ 334.242962][T14873] ? __pfx____ratelimit+0x10/0x10 [ 334.242985][T14873] ? __pfx_dump_stack_lvl+0x10/0x10 [ 334.243009][T14873] ? __pfx__printk+0x10/0x10 [ 334.243043][T14873] ? __pfx___might_resched+0x10/0x10 [ 334.243067][T14873] should_fail_ex+0x414/0x560 [ 334.243102][T14873] should_failslab+0xa8/0x100 [ 334.243133][T14873] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 334.243161][T14873] ? __alloc_skb+0x112/0x2d0 [ 334.243187][T14873] __alloc_skb+0x112/0x2d0 [ 334.243214][T14873] netlink_sendmsg+0x5c6/0xb30 [ 334.243246][T14873] ? __pfx_netlink_sendmsg+0x10/0x10 [ 334.243272][T14873] ? aa_sock_msg_perm+0xf1/0x1d0 [ 334.243294][T14873] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 334.243323][T14873] ? __pfx_netlink_sendmsg+0x10/0x10 [ 334.243345][T14873] __sock_sendmsg+0x21c/0x270 [ 334.243397][T14873] ____sys_sendmsg+0x505/0x830 [ 334.243430][T14873] ? __pfx_____sys_sendmsg+0x10/0x10 [ 334.243474][T14873] ? import_iovec+0x74/0xa0 [ 334.243507][T14873] ___sys_sendmsg+0x21f/0x2a0 [ 334.243536][T14873] ? __pfx____sys_sendmsg+0x10/0x10 [ 334.243604][T14873] ? __fget_files+0x2a/0x420 [ 334.243622][T14873] ? __fget_files+0x3a0/0x420 [ 334.243652][T14873] __x64_sys_sendmsg+0x19b/0x260 [ 334.243682][T14873] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 334.243720][T14873] ? __pfx_ksys_write+0x10/0x10 [ 334.243744][T14873] ? rcu_is_watching+0x15/0xb0 [ 334.243771][T14873] ? do_syscall_64+0xbe/0x3b0 [ 334.243796][T14873] do_syscall_64+0xfa/0x3b0 [ 334.243818][T14873] ? lockdep_hardirqs_on+0x9c/0x150 [ 334.243840][T14873] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.243860][T14873] ? clear_bhb_loop+0x60/0xb0 [ 334.243885][T14873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.243904][T14873] RIP: 0033:0x7f44db78eec9 [ 334.243923][T14873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 334.243942][T14873] RSP: 002b:00007f44dc58d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 334.243964][T14873] RAX: ffffffffffffffda RBX: 00007f44db9e5fa0 RCX: 00007f44db78eec9 [ 334.243979][T14873] RDX: 0000000004000000 RSI: 0000200000000340 RDI: 0000000000000004 [ 334.243993][T14873] RBP: 00007f44dc58d090 R08: 0000000000000000 R09: 0000000000000000 [ 334.244005][T14873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 334.244017][T14873] R13: 00007f44db9e6038 R14: 00007f44db9e5fa0 R15: 00007ffed2e335c8 [ 334.244052][T14873] [ 334.246474][T14871] bond0: left promiscuous mode [ 334.611164][T14892] netlink: 'syz.0.2647': attribute type 3 has an invalid length. [ 334.877694][T14906] netlink: 'syz.2.2652': attribute type 21 has an invalid length. [ 334.881962][T14909] tipc: Enabling of bearer rejected, already enabled [ 334.900599][T14907] tipc: Enabling of bearer rejected, already enabled [ 335.410972][T14944] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 335.421399][T14944] team0: Device macvtap1 is already an upper device of the team interface [ 335.528225][T14952] FAULT_INJECTION: forcing a failure. [ 335.528225][T14952] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 335.541556][T14952] CPU: 0 UID: 0 PID: 14952 Comm: syz.3.2667 Not tainted syzkaller #0 PREEMPT(full) [ 335.541583][T14952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 335.541595][T14952] Call Trace: [ 335.541603][T14952] [ 335.541611][T14952] dump_stack_lvl+0x189/0x250 [ 335.541638][T14952] ? __pfx____ratelimit+0x10/0x10 [ 335.541660][T14952] ? __pfx_dump_stack_lvl+0x10/0x10 [ 335.541682][T14952] ? __pfx__printk+0x10/0x10 [ 335.541709][T14952] ? __might_fault+0xb0/0x130 [ 335.541747][T14952] should_fail_ex+0x414/0x560 [ 335.541780][T14952] _copy_from_iter+0x1de/0x1790 [ 335.541810][T14952] ? rcu_is_watching+0x15/0xb0 [ 335.541830][T14952] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 335.541855][T14952] ? __pfx__copy_from_iter+0x10/0x10 [ 335.541878][T14952] ? __build_skb_around+0x257/0x3e0 [ 335.541903][T14952] ? netlink_sendmsg+0x642/0xb30 [ 335.541923][T14952] ? skb_put+0x11b/0x210 [ 335.541946][T14952] netlink_sendmsg+0x6b2/0xb30 [ 335.541976][T14952] ? __pfx_netlink_sendmsg+0x10/0x10 [ 335.542001][T14952] ? aa_sock_msg_perm+0xf1/0x1d0 [ 335.542022][T14952] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 335.542042][T14952] ? __pfx_netlink_sendmsg+0x10/0x10 [ 335.542071][T14952] __sock_sendmsg+0x21c/0x270 [ 335.542105][T14952] ____sys_sendmsg+0x505/0x830 [ 335.542135][T14952] ? __pfx_____sys_sendmsg+0x10/0x10 [ 335.542167][T14952] ? import_iovec+0x74/0xa0 [ 335.542194][T14952] ___sys_sendmsg+0x21f/0x2a0 [ 335.542220][T14952] ? __pfx____sys_sendmsg+0x10/0x10 [ 335.542280][T14952] ? __fget_files+0x2a/0x420 [ 335.542297][T14952] ? __fget_files+0x3a0/0x420 [ 335.542324][T14952] __x64_sys_sendmsg+0x19b/0x260 [ 335.542352][T14952] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 335.542386][T14952] ? __pfx_ksys_write+0x10/0x10 [ 335.542409][T14952] ? rcu_is_watching+0x15/0xb0 [ 335.542433][T14952] ? do_syscall_64+0xbe/0x3b0 [ 335.542459][T14952] do_syscall_64+0xfa/0x3b0 [ 335.542479][T14952] ? lockdep_hardirqs_on+0x9c/0x150 [ 335.542499][T14952] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.542521][T14952] ? clear_bhb_loop+0x60/0xb0 [ 335.542544][T14952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.542562][T14952] RIP: 0033:0x7f44db78eec9 [ 335.542578][T14952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.542594][T14952] RSP: 002b:00007f44dc58d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 335.542612][T14952] RAX: ffffffffffffffda RBX: 00007f44db9e5fa0 RCX: 00007f44db78eec9 [ 335.542626][T14952] RDX: 0000000004000000 RSI: 0000200000000340 RDI: 0000000000000004 [ 335.542638][T14952] RBP: 00007f44dc58d090 R08: 0000000000000000 R09: 0000000000000000 [ 335.542649][T14952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 335.542660][T14952] R13: 00007f44db9e6038 R14: 00007f44db9e5fa0 R15: 00007ffed2e335c8 [ 335.542690][T14952] [ 335.903185][T14950] unsupported nla_type 27400 [ 335.932920][T14961] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 335.940701][T14961] IPv6: NLM_F_CREATE should be set when creating new route [ 335.948019][T14961] IPv6: NLM_F_CREATE should be set when creating new route [ 335.955396][T14961] IPv6: NLM_F_CREATE should be set when creating new route [ 335.963903][T14961] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 336.136255][T14972] netlink: 'syz.0.2676': attribute type 1 has an invalid length. [ 336.170563][T14972] __nla_validate_parse: 2 callbacks suppressed [ 336.170580][T14972] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2676'. [ 336.427903][T14995] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 336.444075][T14995] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 336.501419][T14999] netlink: 'syz.2.2685': attribute type 1 has an invalid length. [ 336.583644][T15016] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 336.695825][T15018] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2688'. [ 337.264158][T15041] tipc: Enabled bearer , priority 0 [ 337.310963][T15041] syzkaller0: entered promiscuous mode [ 337.321723][T15041] syzkaller0: entered allmulticast mode [ 337.361316][T15042] tipc: Resetting bearer [ 337.383537][T15050] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2696'. [ 337.424992][T15050] netlink: 'syz.4.2696': attribute type 1 has an invalid length. [ 337.445629][T15050] netlink: 'syz.4.2696': attribute type 3 has an invalid length. [ 337.457002][T15055] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2697'. [ 337.472744][T15050] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2696'. [ 337.496477][T15059] netlink: 4368 bytes leftover after parsing attributes in process `syz.4.2696'. [ 337.569339][T15041] tipc: Resetting bearer [ 337.602400][T15041] tipc: Disabling bearer [ 337.646669][T15058] netlink: 'syz.0.2698': attribute type 4 has an invalid length. [ 337.663737][T15058] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2698'. [ 337.691816][T15065] bridge1: entered allmulticast mode [ 337.856333][T15071] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2702'. [ 337.906675][T15076] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2702'. [ 337.997929][T15082] tipc: Enabling of bearer rejected, already enabled [ 338.217889][T15099] openvswitch: netlink: Missing key (keys=40, expected=80) [ 338.336710][ T12] tipc: Subscription rejected, illegal request [ 338.376205][T15107] Unsupported ieee802154 address type: 0 [ 338.855255][T15148] netlink: 'syz.1.2727': attribute type 21 has an invalid length. [ 338.917854][T15148] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2727'. [ 339.506448][ T5878] Bluetooth: hci4: link tx timeout [ 339.512165][ T5878] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 339.523467][ T5876] Bluetooth: hci4: link tx timeout [ 339.528661][ T5876] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 339.808475][T15194] netlink: 'syz.0.2743': attribute type 1 has an invalid length. [ 339.909230][T15194] 8021q: adding VLAN 0 to HW filter on device bond6 [ 339.946420][T15200] bond6: (slave veth5): Enslaving as an active interface with a down link [ 340.049221][T15205] bond6: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 340.068529][T15214] netlink: 'syz.1.2749': attribute type 1 has an invalid length. [ 340.077982][T15214] netlink: 'syz.1.2749': attribute type 1 has an invalid length. [ 340.094097][T15214] netlink: 'syz.1.2749': attribute type 2 has an invalid length. [ 340.982049][ T30] audit: type=1800 audit(1759340893.099:7): pid=15274 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2769" name="memory.events" dev="tmpfs" ino=2668 res=0 errno=0 [ 341.007559][T15266] bond8: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 341.040250][ T30] audit: type=1804 audit(1759340893.099:8): pid=15274 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2769" name="/newroot/522/memory.events" dev="tmpfs" ino=2668 res=1 errno=0 [ 341.065172][T15266] bond8 (unregistering): Released all slaves [ 341.385563][T15298] vlan0: entered promiscuous mode [ 341.390938][T15298] vlan0: entered allmulticast mode [ 341.396652][T15298] veth0_vlan: entered allmulticast mode [ 341.512372][T15305] netlink: 'syz.0.2775': attribute type 1 has an invalid length. [ 341.520849][T15305] netlink: 'syz.0.2775': attribute type 4 has an invalid length. [ 341.529126][T15305] __nla_validate_parse: 11 callbacks suppressed [ 341.529143][T15305] netlink: 9422 bytes leftover after parsing attributes in process `syz.0.2775'. [ 341.554540][ T5876] Bluetooth: hci4: command 0x0405 tx timeout [ 341.758837][T15312] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2778'. [ 341.826595][T15314] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2779'. [ 341.838895][T15314] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2779'. [ 341.856406][T15314] 0ªî{X¹¦: entered promiscuous mode [ 341.865957][T15314] 0ªî{X¹¦: left promiscuous mode [ 341.956469][T15316] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 341.969402][T15316] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2780'. [ 342.150211][T15322] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2782'. [ 342.163188][T15308] netlink: 'syz.0.2777': attribute type 11 has an invalid length. [ 342.171564][T15308] netlink: 'syz.0.2777': attribute type 4 has an invalid length. [ 342.174146][T15322] netlink: 1 bytes leftover after parsing attributes in process `syz.3.2782'. [ 342.219051][T15308] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2777'. [ 342.249748][T15325] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2782'. [ 342.276020][T15322] xt_policy: neither incoming nor outgoing policy selected [ 342.295087][T15325] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2782'. [ 342.713271][T15356] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 342.768852][T15360] ieee802154 phy0 wpan0: encryption failed: -22 [ 343.340300][T15400] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 343.664404][ T2945] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 343.680089][ T2945] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 343.770741][T15430] IPVS: set_ctl: invalid protocol: 46 172.20.20.187:20001 [ 343.780700][T15431] netlink: 'syz.4.2818': attribute type 1 has an invalid length. [ 344.170306][T15456] openvswitch: netlink: IPv4 tun info is not correct [ 344.171574][T15457] openvswitch: netlink: IPv4 tun info is not correct [ 345.037912][T15515] netlink: 'syz.3.2844': attribute type 21 has an invalid length. [ 345.051124][T15515] netlink: 'syz.3.2844': attribute type 4 has an invalid length. [ 345.064837][T15515] netlink: 'syz.3.2844': attribute type 5 has an invalid length. [ 345.085797][T15515] netlink: 'syz.3.2844': attribute type 21 has an invalid length. [ 345.090820][T15517] Unknown options in mask b7f2 [ 345.096728][T15518] netlink: 'syz.3.2844': attribute type 21 has an invalid length. [ 345.111694][T15515] netlink: 'syz.3.2844': attribute type 4 has an invalid length. [ 345.122157][T15515] netlink: 'syz.3.2844': attribute type 5 has an invalid length. [ 345.136986][T15518] netlink: 'syz.3.2844': attribute type 4 has an invalid length. [ 345.158353][T15518] netlink: 'syz.3.2844': attribute type 5 has an invalid length. [ 345.582111][T15537] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 345.866541][ T2945] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 345.892989][ T2945] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 346.059597][ T5876] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 346.080982][ T5876] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 346.099401][ T5876] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 346.108871][ T5876] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 346.117560][ T5876] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 346.228611][T15550] lo speed is unknown, defaulting to 1000 [ 346.377687][ T2945] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 346.422281][T15550] hsr0 speed is unknown, defaulting to 1000 [ 346.435476][T15566] unknown channel width for channel at 909000KHz? [ 346.474827][T15575] netlink: 'syz.4.2864': attribute type 4 has an invalid length. [ 346.513071][ C0] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 346.610211][ T2945] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 346.729174][ T2945] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 346.835662][ T2945] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 347.203758][T15550] chnl_net:caif_netlink_parms(): no params data found [ 347.739106][ T2945] dvmrp0 (unregistering): left allmulticast mode [ 347.798457][ T2945] bond3 (unregistering): (slave bridge1): Releasing backup interface [ 347.807906][ T2945] bridge1 (unregistering): left promiscuous mode [ 348.192896][ T5876] Bluetooth: hci5: command tx timeout [ 348.272024][ T2945] bond0 (unregistering): (slave team0): Releasing backup interface [ 348.283086][ T2945] bond0 (unregistering): Released all slaves [ 348.298396][ T2945] bond1 (unregistering): Released all slaves [ 348.387634][ T2945] bond2 (unregistering): Released all slaves [ 348.472044][ T2945] bond3 (unregistering): Released all slaves [ 348.487152][ T2945] bond4 (unregistering): Released all slaves [ 348.500666][ T2945] bond5 (unregistering): Released all slaves [ 348.587182][ T2945] bond6 (unregistering): (slave veth5): Releasing active interface [ 348.598437][ T2945] bond6 (unregistering): (slave veth0_to_bond): Releasing active interface [ 348.609035][ T2945] bond6 (unregistering): Released all slaves [ 348.674183][T15630] workqueue: Failed to create a rescuer kthread for wq "bond13": -EINTR [ 348.755027][T15550] bridge0: port 1(bridge_slave_0) entered blocking state [ 348.791036][T15550] bridge0: port 1(bridge_slave_0) entered disabled state [ 348.833516][T15550] bridge_slave_0: entered allmulticast mode [ 348.854545][T15550] bridge_slave_0: entered promiscuous mode [ 348.901083][T15550] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.952697][T15550] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.002871][T15550] bridge_slave_1: entered allmulticast mode [ 349.031262][T15550] bridge_slave_1: entered promiscuous mode [ 349.137994][ T2945] tipc: Disabling bearer [ 349.159942][ T2945] tipc: Disabling bearer [ 349.179384][ T2945] tipc: Disabling bearer [ 349.203596][ T2945] tipc: Left network mode [ 349.274850][T15550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 349.346264][T15550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 349.382560][ T2945] IPVS: stopping master sync thread 8562 ... [ 349.668230][T15550] team0: Port device team_slave_0 added [ 349.810755][T15550] team0: Port device team_slave_1 added [ 350.002367][T15550] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 350.028584][T15550] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 350.085483][T15550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 350.148110][T15715] __nla_validate_parse: 20 callbacks suppressed [ 350.148143][T15715] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2900'. [ 350.171904][T15713] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 350.195247][ T2945] veth1_macvtap: left promiscuous mode [ 350.211160][T15718] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2901'. [ 350.220768][ T2945] veth0_macvtap: left promiscuous mode [ 350.227640][ T2945] veth1_vlan: left promiscuous mode [ 350.233166][ T2945] veth0_vlan: left promiscuous mode [ 350.258882][T15721] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2899'. [ 350.273163][ T5876] Bluetooth: hci5: command tx timeout [ 350.315375][T15726] validate_nla: 1 callbacks suppressed [ 350.315394][T15726] netlink: 'syz.1.2899': attribute type 32 has an invalid length. [ 350.328988][T15726] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2899'. [ 350.384427][ T2945] pimreg (unregistering): left allmulticast mode [ 350.982126][T15550] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 350.990351][T15550] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 351.016746][T15550] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 351.105282][T15726] bond8: option coupled_control: invalid value (20) [ 351.120379][T15726] bond8 (unregistering): Released all slaves [ 351.205979][T15734] netlink: 'syz.4.2903': attribute type 1 has an invalid length. [ 351.237868][T15734] netlink: 'syz.4.2903': attribute type 3 has an invalid length. [ 351.262902][T15734] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2903'. [ 351.287794][T15734] NCSI netlink: No device for ifindex 0 [ 351.347355][T15550] hsr_slave_0: entered promiscuous mode [ 351.350281][T15742] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 351.371162][T15550] hsr_slave_1: entered promiscuous mode [ 351.379758][T15550] debugfs: 'hsr0' already exists in 'hsr' [ 351.390447][T15550] Cannot create hsr debugfs directory [ 351.403251][T15742] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2906'. [ 351.508722][T15744] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2907'. [ 351.740019][T15757] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2911'. [ 351.827786][T15763] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2914'. [ 351.949854][T15769] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2915'. [ 351.970070][T15768] netlink: 'syz.2.2917': attribute type 11 has an invalid length. [ 352.166199][ T2945] IPVS: stop unused estimator thread 0... [ 352.183225][T15779] netlink: 'syz.2.2920': attribute type 11 has an invalid length. [ 352.353553][ T5876] Bluetooth: hci5: command tx timeout [ 352.429001][T15795] bond8: Unable to set up delay as MII monitoring is disabled [ 352.465464][T15795] bond8 (unregistering): Released all slaves [ 352.719152][T15550] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 352.739895][T15550] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 352.751495][T15550] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 352.799745][T15550] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 352.966384][T15838] netlink: 'syz.1.2933': attribute type 1 has an invalid length. [ 352.967853][T15550] 8021q: adding VLAN 0 to HW filter on device bond0 [ 352.994864][T15550] 8021q: adding VLAN 0 to HW filter on device team0 [ 353.002257][T15838] netlink: 'syz.1.2933': attribute type 2 has an invalid length. [ 353.062050][T15850] netlink: set zone limit has 8 unknown bytes [ 353.102615][ T6183] bridge0: port 1(bridge_slave_0) entered blocking state [ 353.109860][ T6183] bridge0: port 1(bridge_slave_0) entered forwarding state [ 353.125595][T15853] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 353.154435][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 353.161603][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 353.394934][T15550] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 353.438802][T15550] veth0_vlan: entered promiscuous mode [ 353.451537][T15550] veth1_vlan: entered promiscuous mode [ 353.485327][T15550] veth0_macvtap: entered promiscuous mode [ 353.497216][T15550] veth1_macvtap: entered promiscuous mode [ 353.518418][T15550] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 353.535521][T15550] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 353.550688][ T2945] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.564988][ T2945] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.676474][ T2945] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.696303][ T2945] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.808545][T15866] netlink: 'syz.1.2939': attribute type 32 has an invalid length. [ 353.854125][T15879] openvswitch: netlink: IP tunnel dst address not specified [ 353.862241][T15875] tipc: Enabled bearer , priority 0 [ 353.938078][T15875] tipc: Disabling bearer [ 353.961360][ T9053] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 353.976826][ T9053] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.050683][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 354.072454][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.097983][T15887] netlink: 'syz.4.2945': attribute type 1 has an invalid length. [ 354.107601][T15889] netlink: 'syz.4.2945': attribute type 1 has an invalid length. [ 354.432814][ T5878] Bluetooth: hci5: command tx timeout [ 354.758974][T15911] gtp0: entered promiscuous mode [ 354.773364][T15911] gtp0: entered allmulticast mode [ 354.968256][ T5865] bridge0: port 3(syz_tun) entered disabled state [ 355.015828][ T5865] syz_tun (unregistering): left allmulticast mode [ 355.034701][ T5865] syz_tun (unregistering): left promiscuous mode [ 355.057919][ T5868] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 355.061351][ T5865] bridge0: port 3(syz_tun) entered disabled state [ 355.076537][ T5868] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 355.084815][ T5868] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 355.097929][ T5868] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 355.114645][ T5868] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 355.334801][T15930] hsr0 speed is unknown, defaulting to 1000 [ 355.675460][T15930] chnl_net:caif_netlink_parms(): no params data found [ 355.938972][T15930] bridge0: port 1(bridge_slave_0) entered blocking state [ 355.947199][T15930] bridge0: port 1(bridge_slave_0) entered disabled state [ 355.958920][T15930] bridge_slave_0: entered allmulticast mode [ 355.968720][T15930] bridge_slave_0: entered promiscuous mode [ 355.978970][T15930] bridge0: port 2(bridge_slave_1) entered blocking state [ 355.990380][T15930] bridge0: port 2(bridge_slave_1) entered disabled state [ 356.005732][T15930] bridge_slave_1: entered allmulticast mode [ 356.015768][T15930] bridge_slave_1: entered promiscuous mode [ 356.181266][T15930] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 356.195229][T15930] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 356.287012][T15930] team0: Port device team_slave_0 added [ 356.298145][T15930] team0: Port device team_slave_1 added [ 356.326928][T15992] netlink: 'syz.4.2978': attribute type 5 has an invalid length. [ 356.364200][T15930] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 356.371677][T15930] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 356.398427][T15930] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 356.428250][T15930] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 356.436861][T15994] __nla_validate_parse: 8 callbacks suppressed [ 356.436877][T15994] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2979'. [ 356.439317][T15930] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 356.453859][T15994] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 356.481162][T15930] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 356.501650][T15995] netlink: 14544 bytes leftover after parsing attributes in process `syz.4.2978'. [ 356.517748][ T5868] Bluetooth: hci5: command 0x0405 tx timeout [ 356.617465][T15930] hsr_slave_0: entered promiscuous mode [ 356.628180][T15930] hsr_slave_1: entered promiscuous mode [ 356.634688][T15930] debugfs: 'hsr0' already exists in 'hsr' [ 356.640561][T15930] Cannot create hsr debugfs directory [ 356.770794][T16005] netlink: 'syz.4.2983': attribute type 19 has an invalid length. [ 356.795215][T16005] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2983'. [ 356.827217][T16005] netlink: 'syz.4.2983': attribute type 19 has an invalid length. [ 356.849644][T16005] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2983'. [ 356.967128][T15930] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 356.988069][T15930] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.026886][T16019] veth0: entered promiscuous mode [ 357.072167][T15930] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 357.106326][T15930] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.149210][T16017] veth0: left promiscuous mode [ 357.154842][ T5876] Bluetooth: hci0: command tx timeout [ 357.205093][T15930] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 357.243962][T15930] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.357961][T15930] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 357.382750][T15930] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.516958][T16055] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2998'. [ 357.644212][T16057] netdevsim netdevsim2: Direct firmware load for /.€ failed with error -2 [ 357.656002][T15930] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 357.669511][T16057] netdevsim netdevsim2: Falling back to sysfs fallback for: /.€ [ 357.679087][T15930] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 357.703278][T15930] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 357.727364][T15930] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 357.766242][T16062] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3000'. [ 357.809613][T16062] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 357.823844][T16062] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 358.019895][T15930] 8021q: adding VLAN 0 to HW filter on device bond0 [ 358.082178][T15930] 8021q: adding VLAN 0 to HW filter on device team0 [ 358.117493][ T2945] bridge0: port 1(bridge_slave_0) entered blocking state [ 358.124683][ T2945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 358.165814][ T2945] bridge0: port 2(bridge_slave_1) entered blocking state [ 358.173012][ T2945] bridge0: port 2(bridge_slave_1) entered forwarding state [ 358.553721][T16094] netlink: 'syz.4.3008': attribute type 10 has an invalid length. [ 358.728574][T15930] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 358.775886][T15930] veth0_vlan: entered promiscuous mode [ 358.788267][T15930] veth1_vlan: entered promiscuous mode [ 358.950254][T15930] veth0_macvtap: entered promiscuous mode [ 359.008256][T16123] netlink: 'syz.4.3015': attribute type 29 has an invalid length. [ 359.030733][T16123] netlink: 'syz.4.3015': attribute type 29 has an invalid length. [ 359.075643][T15930] veth1_macvtap: entered promiscuous mode [ 359.097370][T16123] netlink: 500 bytes leftover after parsing attributes in process `syz.4.3015'. [ 359.142040][T15930] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 359.186216][T16127] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3017'. [ 359.230557][T15930] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 359.239045][ T5876] Bluetooth: hci0: command tx timeout [ 359.284466][ T2945] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 359.301115][ T2945] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 359.389776][ T2945] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 359.412400][ T2945] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 359.496190][T16139] tipc: Started in network mode [ 359.504262][T16139] tipc: Node identity ac14140f, cluster identity 4711 [ 359.512292][T16139] tipc: New replicast peer: 255.255.255.255 [ 359.520635][T16139] tipc: Enabled bearer , priority 10 [ 359.540093][T16140] tipc: Enabling of bearer rejected, already enabled [ 359.583607][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 359.588557][T16153] netlink: 112 bytes leftover after parsing attributes in process `syz.1.3024'. [ 359.612101][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 359.734038][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 359.754588][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 360.642669][ T5967] tipc: Node number set to 2886997007 [ 360.793529][T16194] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3034'. [ 360.927449][T16204] netlink: 'syz.4.3038': attribute type 8 has an invalid length. [ 361.219606][T16215] netlink: 'syz.1.3042': attribute type 10 has an invalid length. [ 361.258502][ T5868] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 361.268720][ T5868] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 361.277108][ T5868] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 361.287017][ T5868] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 361.295335][ T5868] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 361.313408][ T5868] Bluetooth: hci0: command tx timeout [ 361.454845][T16226] netlink: 'syz.4.3045': attribute type 1 has an invalid length. [ 361.486767][T16229] __nla_validate_parse: 2 callbacks suppressed [ 361.486786][T16229] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3043'. [ 361.572854][T16226] bond11 (unregistering): Released all slaves [ 361.629314][T16230] ip6tnl3: entered promiscuous mode [ 361.639538][T16230] ip6tnl3: entered allmulticast mode [ 361.665104][T16219] hsr0 speed is unknown, defaulting to 1000 [ 361.732840][T16233] block nbd3: server does not support multiple connections per device. [ 361.743970][T16233] block nbd3: shutting down sockets [ 361.914184][T16249] Bluetooth: MGMT ver 1.23 [ 362.208769][T16219] chnl_net:caif_netlink_parms(): no params data found [ 362.233608][T16253] netlink: 'syz.0.3050': attribute type 21 has an invalid length. [ 362.272755][T16253] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3050'. [ 362.318247][T16253] netlink: 'syz.0.3050': attribute type 4 has an invalid length. [ 362.345281][T16253] netlink: 'syz.0.3050': attribute type 5 has an invalid length. [ 362.352449][T16256] netlink: 'syz.0.3050': attribute type 21 has an invalid length. [ 362.362788][T16253] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3050'. [ 362.390045][T16256] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3050'. [ 362.398175][T16274] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 362.464979][T16280] netlink: 'syz.1.3055': attribute type 16 has an invalid length. [ 362.485058][T16280] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3055'. [ 362.516072][T16256] netlink: 'syz.0.3050': attribute type 4 has an invalid length. [ 362.525870][T16256] netlink: 'syz.0.3050': attribute type 5 has an invalid length. [ 362.548709][T16276] netlink: 'syz.1.3055': attribute type 1 has an invalid length. [ 362.552328][T16256] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3050'. [ 362.572235][T16285] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3058'. [ 362.659115][T16285] 8021q: adding VLAN 0 to HW filter on device bond11 [ 362.715350][T16291] tun0: tun_chr_ioctl cmd 1074025675 [ 362.720847][T16291] tun0: persist disabled [ 362.755882][T16219] bridge0: port 1(bridge_slave_0) entered blocking state [ 362.765959][T16219] bridge0: port 1(bridge_slave_0) entered disabled state [ 362.773610][T16219] bridge_slave_0: entered allmulticast mode [ 362.789725][T16219] bridge_slave_0: entered promiscuous mode [ 362.815980][T16285] bond11: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 362.852195][T16219] bridge0: port 2(bridge_slave_1) entered blocking state [ 362.876374][T16219] bridge0: port 2(bridge_slave_1) entered disabled state [ 362.887211][T16219] bridge_slave_1: entered allmulticast mode [ 362.895006][T16219] bridge_slave_1: entered promiscuous mode [ 362.961339][T16309] FAULT_INJECTION: forcing a failure. [ 362.961339][T16309] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 362.982775][T16311] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3064'. [ 363.007581][T16309] CPU: 1 UID: 0 PID: 16309 Comm: syz.3.3063 Not tainted syzkaller #0 PREEMPT(full) [ 363.007618][T16309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 363.007636][T16309] Call Trace: [ 363.007663][T16309] [ 363.007678][T16309] dump_stack_lvl+0x189/0x250 [ 363.007727][T16309] ? __pfx____ratelimit+0x10/0x10 [ 363.007751][T16309] ? __pfx_dump_stack_lvl+0x10/0x10 [ 363.007776][T16309] ? __pfx__printk+0x10/0x10 [ 363.007807][T16309] ? __might_fault+0xb0/0x130 [ 363.007850][T16309] should_fail_ex+0x414/0x560 [ 363.007887][T16309] _copy_from_user+0x2d/0xb0 [ 363.007917][T16309] ___sys_sendmsg+0x158/0x2a0 [ 363.007956][T16309] ? __pfx____sys_sendmsg+0x10/0x10 [ 363.008031][T16309] ? __fget_files+0x2a/0x420 [ 363.008050][T16309] ? __fget_files+0x3a0/0x420 [ 363.008081][T16309] __x64_sys_sendmsg+0x19b/0x260 [ 363.008113][T16309] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 363.008161][T16309] ? __pfx_ksys_write+0x10/0x10 [ 363.008185][T16309] ? rcu_is_watching+0x15/0xb0 [ 363.008211][T16309] ? do_syscall_64+0xbe/0x3b0 [ 363.008238][T16309] do_syscall_64+0xfa/0x3b0 [ 363.008259][T16309] ? lockdep_hardirqs_on+0x9c/0x150 [ 363.008280][T16309] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 363.008300][T16309] ? clear_bhb_loop+0x60/0xb0 [ 363.008324][T16309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 363.008344][T16309] RIP: 0033:0x7f66a958eec9 [ 363.008362][T16309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 363.008380][T16309] RSP: 002b:00007f66aa3ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 363.008402][T16309] RAX: ffffffffffffffda RBX: 00007f66a97e5fa0 RCX: 00007f66a958eec9 [ 363.008417][T16309] RDX: 0000000002004010 RSI: 0000200000000180 RDI: 0000000000000003 [ 363.008430][T16309] RBP: 00007f66aa3ef090 R08: 0000000000000000 R09: 0000000000000000 [ 363.008442][T16309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 363.008454][T16309] R13: 00007f66a97e6038 R14: 00007f66a97e5fa0 R15: 00007fffbb4b44e8 [ 363.008487][T16309] [ 363.044386][T16313] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3065'. [ 363.190966][T16321] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3065'. [ 363.250876][T16219] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 363.315387][ T5868] Bluetooth: hci1: command tx timeout [ 363.380545][T16313] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 363.392906][ T5868] Bluetooth: hci0: command tx timeout [ 363.418936][T16313] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 363.429905][T16313] gretap1: entered promiscuous mode [ 363.435468][T16313] gretap1: entered allmulticast mode [ 363.452126][T16219] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 363.488288][T16326] netlink: 'syz.4.3068': attribute type 4 has an invalid length. [ 363.702403][T16219] team0: Port device team_slave_0 added [ 363.727945][T16219] team0: Port device team_slave_1 added [ 363.875715][T16219] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 363.884182][T16219] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 363.921211][T16219] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 363.961107][T16219] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 363.970826][T16219] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 364.008410][T16219] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 364.232345][T16219] hsr_slave_0: entered promiscuous mode [ 364.239861][T16219] hsr_slave_1: entered promiscuous mode [ 364.246677][T16219] debugfs: 'hsr0' already exists in 'hsr' [ 364.252529][T16219] Cannot create hsr debugfs directory [ 364.719469][T16219] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 364.750769][T16219] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.875960][T16219] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 364.912809][T16219] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.170678][T16219] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 365.199170][T16219] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.320841][T16219] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 365.339311][T16219] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.379948][T16428] tipc: Enabled bearer , priority 0 [ 365.390066][T16421] syzkaller0: entered promiscuous mode [ 365.393083][ T5868] Bluetooth: hci1: command tx timeout [ 365.395856][T16421] syzkaller0: entered allmulticast mode [ 365.424903][T16421] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) ! [ 365.458556][T16421] tipc: Resetting bearer [ 365.717305][T16420] tipc: Resetting bearer [ 365.761153][T16420] tipc: Disabling bearer [ 365.787357][T16219] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 365.835155][T16219] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 365.874184][T16219] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 365.939502][T16219] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 366.103638][T16470] IPv6: sit2: Disabled Multicast RS [ 366.111018][T16470] sit2: entered allmulticast mode [ 366.180136][T16467] veth3: entered promiscuous mode [ 366.216312][T16468] 8021q: VLANs not supported on ipvlan1 [ 366.318248][ T59] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 366.331110][ T59] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 366.348623][ T59] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 366.366250][ T59] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 366.391384][T16219] 8021q: adding VLAN 0 to HW filter on device bond0 [ 366.438352][T16219] 8021q: adding VLAN 0 to HW filter on device team0 [ 366.465773][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 366.472969][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 366.505859][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 366.513096][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 366.538701][T16492] __nla_validate_parse: 13 callbacks suppressed [ 366.538721][T16492] netlink: 112 bytes leftover after parsing attributes in process `syz.0.3123'. [ 366.791922][T16219] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 366.847804][T16219] veth0_vlan: entered promiscuous mode [ 366.865949][T16219] veth1_vlan: entered promiscuous mode [ 366.896302][T16219] veth0_macvtap: entered promiscuous mode [ 366.907319][T16219] veth1_macvtap: entered promiscuous mode [ 366.928540][T16219] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 366.946313][T16219] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 366.962020][ T6183] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.971574][ T6183] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.987884][ T9053] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.999736][ T9053] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 367.068944][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 367.077081][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 367.111879][ T9051] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 367.120199][ T9051] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 367.171722][T16502] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 367.472865][ T5868] Bluetooth: hci1: command tx timeout [ 369.552766][ T5868] Bluetooth: hci1: command tx timeout [ 369.554421][ T31] INFO: task udevd:6535 blocked for more than 143 seconds. [ 369.566024][ T31] Not tainted syzkaller #0 [ 369.570975][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 369.579688][ T31] task:udevd state:D stack:23192 pid:6535 tgid:6535 ppid:1 task_flags:0x400140 flags:0x00004002 [ 369.591676][ T31] Call Trace: [ 369.595197][ T31] [ 369.598140][ T31] __schedule+0x1798/0x4cc0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=-1 (errno 104: Connection reset by peer) [ 369.602884][ T31] ? blk_mq_flush_plug_list+0x41f/0x550 [ 369.608731][ T31] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 369.614889][ T31] ? __lock_acquire+0xab9/0xd20 [ 369.621799][ T31] ? __pfx___schedule+0x10/0x10 [ 369.627139][ T31] ? schedule+0x91/0x360 [ 369.631410][ T31] schedule+0x165/0x360 [ 369.635668][ T31] schedule_timeout+0x12b/0x270 [ 369.640547][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 369.646184][ T31] ? __pfx_process_timeout+0x10/0x10 [ 369.651496][ T31] ? prepare_to_wait_event+0x437/0x480 [ 369.682934][ T31] nbd_queue_rq+0x662/0xf10 [ 369.687512][ T31] ? __pfx_nbd_queue_rq+0x10/0x10 [ 369.742949][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [ 369.749109][ T31] blk_mq_dispatch_rq_list+0x4bd/0x1900 [ 369.812827][ T31] ? sbitmap_find_bit+0x47f/0x520 [ 369.818046][ T31] ? __pfx_blk_mq_dispatch_rq_list+0x10/0x10 [ 369.852620][ T31] ? __blk_mq_alloc_driver_tag+0x2e7/0x6e0 [ 369.858522][ T31] __blk_mq_sched_dispatch_requests+0xda4/0x1570 [ 369.892925][ T31] ? __pfx___blk_mq_sched_dispatch_requests+0x10/0x10 [ 369.899762][ T31] ? blk_mq_run_hw_queue+0x31f/0x4f0 [ 369.917489][ T31] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 369.937432][ T31] ? blk_mq_run_hw_queue+0x31f/0x4f0 [ 369.952599][ T31] blk_mq_run_hw_queue+0x348/0x4f0 [ 369.957772][ T31] blk_mq_dispatch_list+0xd0c/0xe00 [ 369.987536][ T31] ? bdev_count_inflight+0x1cf/0x210 [ 369.993380][ T31] ? blk_mq_dispatch_list+0x1e0/0xe00 [ 369.998796][ T31] ? __pfx_blk_mq_dispatch_list+0x10/0x10 [ 370.023001][ T31] ? rcu_is_watching+0x15/0xb0 [ 370.027836][ T31] blk_mq_flush_plug_list+0x469/0x550 [ 370.053250][ T31] ? blk_add_rq_to_plug+0x300/0x450 [ 370.058530][ T31] ? blk_mq_submit_bio+0x1912/0x2440 [ 370.087747][ T31] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 370.093783][ T31] __blk_flush_plug+0x3d3/0x4b0 [ 370.098659][ T31] ? __pfx___blk_flush_plug+0x10/0x10 [ 370.122883][ T31] __submit_bio+0x2d3/0x5a0 [ 370.127467][ T31] ? ktime_get+0x3e/0x1f0 [ 370.142938][ T31] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 370.149235][ T31] ? __pfx___submit_bio+0x10/0x10 [ 370.177565][ T31] ? blk_cgroup_bio_start+0x59d/0x640 [ 370.185228][ T31] ? bio_associate_blkg+0x6d/0x230 [ 370.190381][ T31] submit_bio_noacct_nocheck+0x4ab/0xb50 [ 370.212617][ T31] ? bio_associate_blkg+0x6d/0x230 [ 370.217792][ T31] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 370.232899][ T31] ? submit_bio_noacct+0xd6f/0x1a50 [ 370.256216][ T31] block_read_full_folio+0x599/0x830 [ 370.261568][ T31] ? __pfx_blkdev_get_block+0x10/0x10 [ 370.282802][ T31] filemap_read_folio+0x117/0x380 [ 370.287896][ T31] ? __pfx_blkdev_read_folio+0x10/0x10 [ 370.303044][ T31] ? __pfx_filemap_read_folio+0x10/0x10 [ 370.308661][ T31] do_read_cache_folio+0x350/0x590 [ 370.323930][ T31] ? __pfx_blkdev_read_folio+0x10/0x10 [ 370.329451][ T31] read_part_sector+0xb6/0x2b0 [ 370.334318][ T31] adfspart_check_ICS+0xa4/0xa50 [ 370.342131][ T31] ? snprintf+0xda/0x120 [ 370.346916][ T31] ? __pfx_adfspart_check_ICS+0x10/0x10 [ 370.352792][ T31] bdev_disk_changed+0x75c/0x14b0 [ 370.357898][ T31] ? __pfx_bdev_disk_changed+0x10/0x10 [ 370.363893][ T31] ? wait_on_inode+0xc0/0x230 [ 370.368610][ T31] blkdev_get_whole+0x380/0x510 [ 370.373822][ T31] bdev_open+0x31e/0xd30 [ 370.378103][ T31] blkdev_open+0x457/0x600 [ 370.382538][ T31] ? __pfx_blkdev_open+0x10/0x10 [ 370.387524][ T31] do_dentry_open+0x950/0x13f0 [ 370.392300][ T31] vfs_open+0x3b/0x340 [ 370.396496][ T31] ? path_openat+0x2ecd/0x3830 [ 370.401309][ T31] path_openat+0x2ee5/0x3830 [ 370.406455][ T31] ? arch_stack_walk+0xfc/0x150 [ 370.411352][ T31] ? stack_depot_save_flags+0x40/0x860 [ 370.417075][ T31] ? __pfx_path_openat+0x10/0x10 [ 370.422054][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.428234][ T31] do_filp_open+0x1fa/0x410 [ 370.433037][ T31] ? __lock_acquire+0xab9/0xd20 [ 370.437913][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 370.444862][ T31] ? _raw_spin_unlock+0x28/0x50 [ 370.449761][ T31] ? alloc_fd+0x64c/0x6c0 [ 370.454141][ T31] do_sys_openat2+0x121/0x1c0 [ 370.458823][ T31] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 370.464665][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 370.469895][ T31] ? rcu_is_watching+0x15/0xb0 [ 370.474768][ T31] __x64_sys_openat+0x138/0x170 [ 370.479654][ T31] do_syscall_64+0xfa/0x3b0 [ 370.484380][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.490465][ T31] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 370.497118][ T31] ? clear_bhb_loop+0x60/0xb0 [ 370.501808][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.507811][ T31] RIP: 0033:0x7f70448a7407 [ 370.512222][ T31] RSP: 002b:00007ffd941526c0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 370.520751][ T31] RAX: ffffffffffffffda RBX: 00007f7044f43880 RCX: 00007f70448a7407 [ 370.529047][ T31] RDX: 00000000000a0800 RSI: 000055be09511cb0 RDI: ffffffffffffff9c [ 370.537078][ T31] RBP: 000055be094b7910 R08: 0000000000000000 R09: 0000000000000000 [ 370.546727][ T31] R10: 0000000000000000 R11: 0000000000000202 R12: 000055be094cae20 [ 370.555145][ T31] R13: 000055be094c5190 R14: 0000000000000000 R15: 000055be094cae20 [ 370.563274][ T31] [ 370.566372][ T31] [ 370.566372][ T31] Showing all locks held in the system: [ 370.574365][ T31] 1 lock held by khungtaskd/31: [ 370.586842][ T31] #0: ffffffff8e13a0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 370.632066][ T31] 3 locks held by kworker/1:1/43: [ 370.638215][ T31] 2 locks held by getty/5624: [ 370.648231][ T31] #0: ffff88803322b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 370.658856][ T31] #1: ffffc900036c42f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 370.674292][ T31] 3 locks held by syz-executor/5880: [ 370.679610][ T31] #0: ffff888076bacdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 370.692443][ T31] #1: ffff888076bac0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 370.708728][ T31] #2: ffffffff8f69f0a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 370.720189][ T31] 5 locks held by syz-executor/5881: [ 370.730890][ T31] #0: ffff88807a178dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 370.749178][ T31] #1: ffff88807a1780b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 370.760091][ T31] #2: ffffffff8f69f0a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 370.775357][ T31] #3: ffff8881404a7b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 370.786140][ T31] #4: ffffffff8e13fb78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 [ 370.813807][ T31] 3 locks held by kworker/0:7/5985: [ 370.833357][ T31] #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 370.850190][ T31] #1: ffffc90004587bc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 370.882605][ T31] #2: ffffffff8e13fb78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 [ 370.902651][ T31] 3 locks held by udevd/6535: [ 370.907378][ T31] #0: ffff888024fc3358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 [ 370.932660][ T31] #1: ffff888024737110 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x31f/0x4f0 [ 370.942242][ T31] #2: ffff8880250551f8 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc8/0xf10 [ 370.953373][ T31] 1 lock held by syz-executor/15550: [ 370.958695][ T31] 3 locks held by syz-executor/15930: [ 370.964658][ T31] #0: ffff8880226b4dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 370.974674][ T31] #1: ffff8880226b40b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 370.984442][ T31] #2: ffffffff8f69f0a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 371.002653][ T31] 1 lock held by syz-executor/16219: [ 371.008016][ T31] [ 371.010356][ T31] ============================================= [ 371.010356][ T31] [ 371.027843][ T31] NMI backtrace for cpu 1 [ 371.027868][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 371.027890][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 371.027902][ T31] Call Trace: [ 371.027910][ T31] [ 371.027918][ T31] dump_stack_lvl+0x189/0x250 [ 371.027950][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 371.027975][ T31] ? __pfx__printk+0x10/0x10 [ 371.028016][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 371.028049][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 371.028081][ T31] ? __pfx__printk+0x10/0x10 [ 371.028113][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 371.028147][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 371.028180][ T31] watchdog+0xf93/0xfe0 [ 371.028220][ T31] ? watchdog+0x1de/0xfe0 [ 371.028254][ T31] kthread+0x70e/0x8a0 [ 371.028282][ T31] ? __pfx_watchdog+0x10/0x10 [ 371.028309][ T31] ? __pfx_kthread+0x10/0x10 [ 371.028335][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 371.028354][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 371.028373][ T31] ? __pfx_kthread+0x10/0x10 [ 371.028399][ T31] ret_from_fork+0x439/0x7d0 [ 371.028423][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 371.028450][ T31] ? __switch_to_asm+0x39/0x70 [ 371.028474][ T31] ? __switch_to_asm+0x33/0x70 [ 371.028498][ T31] ? __pfx_kthread+0x10/0x10 [ 371.028524][ T31] ret_from_fork_asm+0x1a/0x30 [ 371.028566][ T31] [ 371.028575][ T31] Sending NMI from CPU 1 to CPUs 0: [ 371.187375][ C0] NMI backtrace for cpu 0 [ 371.187392][ C0] CPU: 0 UID: 0 PID: 59 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT(full) [ 371.187411][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 371.187423][ C0] Workqueue: bat_events batadv_nc_worker [ 371.187454][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xa/0x110 [ 371.187473][ C0] Code: c3 cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 41 57 <41> 56 41 54 53 48 83 e4 e0 48 83 ec 60 48 89 f3 49 89 fe 65 48 8b [ 371.187488][ C0] RSP: 0018:ffffc9000210f848 EFLAGS: 00000046 [ 371.187502][ C0] RAX: 0000000000000000 RBX: ffff888032881828 RCX: 0000000000000001 [ 371.187513][ C0] RDX: 0000000000000001 RSI: 0000000000000802 RDI: ffffffff99d82140 [ 371.187524][ C0] RBP: ffffc9000210f850 R08: 0000000000000003 R09: 0000000000000004 [ 371.187535][ C0] R10: dffffc0000000000 R11: fffff52000421ee8 R12: ffff888074a90bb0 [ 371.187547][ C0] R13: ffff888074a90b98 R14: dffffc0000000000 R15: 1ffff1100e952175 [ 371.187560][ C0] FS: 0000000000000000(0000) GS:ffff888125c12000(0000) knlGS:0000000000000000 [ 371.187573][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 371.187585][ C0] CR2: 000056508c2394d8 CR3: 000000000df36000 CR4: 00000000003526f0 [ 371.187600][ C0] Call Trace: [ 371.187606][ C0] [ 371.187613][ C0] debug_object_activate+0x2e2/0x420 [ 371.187644][ C0] __mod_timer+0xa4f/0xf30 [ 371.187672][ C0] queue_delayed_work_on+0x18b/0x280 [ 371.187690][ C0] ? __pfx_batadv_nc_fwd_flush+0x10/0x10 [ 371.187709][ C0] ? __pfx_queue_delayed_work_on+0x10/0x10 [ 371.187727][ C0] ? batadv_nc_process_nc_paths+0xba/0x3a0 [ 371.187744][ C0] ? __msecs_to_jiffies+0x1e/0x50 [ 371.187767][ C0] ? batadv_nc_worker+0x4f8/0x610 [ 371.187793][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 371.187811][ C0] process_scheduled_works+0xae1/0x17b0 [ 371.187841][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 371.187866][ C0] worker_thread+0x8a0/0xda0 [ 371.187896][ C0] kthread+0x70e/0x8a0 [ 371.187918][ C0] ? __pfx_worker_thread+0x10/0x10 [ 371.187934][ C0] ? __pfx_kthread+0x10/0x10 [ 371.187956][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 371.187971][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 371.187988][ C0] ? __pfx_kthread+0x10/0x10 [ 371.188008][ C0] ret_from_fork+0x439/0x7d0 [ 371.188027][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 371.188046][ C0] ? __switch_to_asm+0x39/0x70 [ 371.188068][ C0] ? __switch_to_asm+0x33/0x70 [ 371.188088][ C0] ? __pfx_kthread+0x10/0x10 [ 371.188109][ C0] ret_from_fork_asm+0x1a/0x30 [ 371.188150][ C0] [ 371.216133][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 371.216159][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 371.216183][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 371.216203][ T31] Call Trace: [ 371.216213][ T31] [ 371.216223][ T31] dump_stack_lvl+0x99/0x250 [ 371.483981][ T31] ? __asan_memcpy+0x40/0x70 [ 371.488566][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 371.493774][ T31] ? __pfx__printk+0x10/0x10 [ 371.498387][ T31] vpanic+0x281/0x750 [ 371.502406][ T31] ? __pfx_vpanic+0x10/0x10 [ 371.506926][ T31] ? preempt_schedule+0xae/0xc0 [ 371.511780][ T31] ? preempt_schedule_common+0x83/0xd0 [ 371.517258][ T31] panic+0xb9/0xc0 [ 371.521004][ T31] ? __pfx_panic+0x10/0x10 [ 371.525421][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 371.530813][ T31] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 371.536985][ T31] watchdog+0xfd2/0xfe0 [ 371.541148][ T31] ? watchdog+0x1de/0xfe0 [ 371.545480][ T31] kthread+0x70e/0x8a0 [ 371.549546][ T31] ? __pfx_watchdog+0x10/0x10 [ 371.554216][ T31] ? __pfx_kthread+0x10/0x10 [ 371.558801][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 371.563992][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 371.569188][ T31] ? __pfx_kthread+0x10/0x10 [ 371.573822][ T31] ret_from_fork+0x439/0x7d0 [ 371.578428][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 371.583535][ T31] ? __switch_to_asm+0x39/0x70 [ 371.588295][ T31] ? __switch_to_asm+0x33/0x70 [ 371.593054][ T31] ? __pfx_kthread+0x10/0x10 [ 371.597658][ T31] ret_from_fork_asm+0x1a/0x30 [ 371.602452][ T31] [ 371.605824][ T31] Kernel Offset: disabled [ 371.610150][ T31] Rebooting in 86400 seconds..