last executing test programs: 2.032066881s ago: executing program 0 (id=1218): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x2, 0x0, 0x0, {0x0, 0x0, 0x0, 0x4}}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x40, 0x2, [@TCA_BASIC_EMATCHES={0x3c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x1c, 0x2, 0x0, 0x0, {{0x0, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc}, @TCA_EM_META_RVALUE={0x4}]}}]}]}]}}]}, 0x70}}, 0x0) 1.891296042s ago: executing program 0 (id=1221): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020047b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r1}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000003280)=ANY=[@ANYBLOB="140000001000010000000000000000030000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000020900010073797a30000000000900030073797a3200000000240b0000060a010400000000000000000100000008000b4000000000fc0a048028000180080001006c6f67001c0002800e00024073797a6b616c6c65720000000800054000000008d00a01800e000100696d6d656469617465000000bc0a0280640002804c0002800900020073797a32000000000900020073797a310000000008000180fffffffc0900020073797a31000000000800034000009c920900020073797a300000000008000180ffffffff14000280080003400000000808000180fffffffb0800014000000002080001400000000b500002804b000100fa62d7ba9ceeacf9aa4f832b78f35731f355d63e192a72aef5e68a05d1b806151b6bd1e2d74abafd383790ad363fdc1b7766748630b48f9beefdb33c86d5835a470b5ffd20d7e9006c0102805c00028008000180fffffffe0900020073797a30000000000900020073797a320000000008000180ffffffff0900020073797a320000000008000180fffffffd0900020073797a310000000008000180fffffffc0800034000000e5628000280080003400000000608000340000000070900020073797a320000000008000180fffffffe540002800900020073797a320000000008000180fffffffe0800034000000000080003400000000008000340000000090900020073797a310000000008000180fffffffe080003400000800108000180fffffffd8e000100818ce881ff18470752e86442e8b77ddcfc7a4c87f05cd36147be26c85cc854cc117db1906007a5a8c298f4724c8c743d46ec7f3ba478d9dfb10bbe9e4fdfc2188d62db9bb1364fed383fe0b0c3fbbab83959470cb0ffb14765c32f10b54d99531d04caaf264214997543a1c63637d9a3a20b7ce9312e545626eb375c88462c198f35cf8a11616de4fa0c000098020280eb00010099c8e680eb4d0e7f78e1fb62226ae541d997c8cb51c5ebd0bb7e2730b61310dcd7525807288a7ad8c00f6aa230a1d1b876ddb0e188384e7c79cd8af94a02451a04d8f116bde38077da45650d82bdd1767b03e3f35bc4a5769e659d8cdb6d9d9d717c78b50f6b3ac899b07a9eaf2c989654de7d6609299bad01ca1f3fa8b6229a6c69627a07f627880e902231b20368f3ae64fd12fc37afeb95f14a4dc3d0bc5f6e2afd0fc8ef6982054cffa703ee1376654019ad6d2add9052c5d2f2e0ba3318f931b2c5f2dcce5cbca6093c64d23b64e2f2061da3dd5983644280de22d592b63b5d7f6b571beb005400010041bbc64da6bacaad1bebec23352accccbca40d6ba87943f82df945bf4ccc5250a0c2b2cb13793380f424b280bfb960885af6df4afa26efa8fcd7a1243389ef3fcf1d709f775a9cd1dfb2b84fd03e5d70f800010001950b7c0ec30534e476b721ba6e82d03078fe63b683918ecbbb9c339c8cdd63689339ac43acd5973f4aac8720a98d18e13b98e11e291f3f3621ed29c717639f84bdd28810da6ae30538775f15e00133741e9de3f96f69ab363752fa962b3c71041ba1e463a91d782a968d9febb648b66e71a6827c53b3be014b785f61c4fd46fef00658f64cdd465edb61ba4c5f00849b2935c485da99a38489ecc29837433ac5446c3922d73153fd8fb2368a5ce4201760ca6778f570b7fcb38be633a02d57c5884b6bcbaf3bc28ca7686edb5d59e1b823a8f0f5ff788625995d51c16413783c6290a9714bd4dcbd2a388139f3e46f69916f335c0002800900020073797a3000000000080003400000000908000180000000000900020073797a3000000000080003400000000808000180fffffffd080003400000000408000340fffffff908000180fffffffb0800034000000003a80002801c000280080003400000020008000340fffffff508000340000000001400028008000340000000050800034000000007720001001c2cce526d2ee30fb33f426450278cb35ac06b1cef15fefc26b5c17a8c9251bed316fccb5588f2e071fc355537fcf458cf14217f16ce4c12a4b559f3e807c94c6cc4f418baebc6024b74b9dbc5ef66dbbe91812ea247db80670c101ed494f105ad9c09b4eaf8d5c133b46a311c1a00001c0302802000028008000180fffffffc0900020073797a320000000008000340000000035c00028008000180fffffffc08000180fffffffc08000180fffffffb0900020073797a300000000008000340000000060900020073797a30000000000900020073797a31000000000900020073797a310000000008000180fffffffbf6000100330e5af714359ac9da33381a13071148dbe4293800e6be0290efbb549850cda132ca27a55553fd77c3067504c4596086f4001f53d49e8111395ebccb983c6b04735a58ab2617dfc62123b09c8dc5a47154667414dc28e8369829764b2e3cc23303a882890bad6d3a70d9e15701ec8c4c15a46d38c9ed6bc8658f8a45a02083f563324a27c649bab7cbcb485c289bd8df0a040128df6891ab48095977e0463f8e3ed7ba6df976ee30768954dfeb3f08c942b2c9384aa0b78baf92ecf5e4d73788afb1bc5a8f7c4b454897cd8bcac7f19cdd949fac66756da3b9311e13362eee317df853f6bc7e4638eb145a1484d3780e09b50000c8000100d5c1e4159bf770e02e6e1ebe911d7513709588175328d2e11f2ebf3f6967c49bedcb2a5459a45272bb8084e3bb55ea7a80166d97ec16457ed7d2a834d9aafdb2a54110ddc7975eaeda4f897ec7d533c27df0ce5ff92cfedadc67fff850ee5d07822d72b27af229d17ad2f8d802ae40d98f373e348a04b4f0270c71f82319de3a0331f165204896e0e448cf7ea0f8eb32a312fda6716f72f0234742fe6708ad0adf587ea21d94b8c8f5080028dda1e21d3d9ac82d8edd12941631b72b692ecc262d6ae12393000100c56deda494a09379df59bad8f0f17376b307ce49571034af728b1c4bf694e3b91406b976944238ab36ccaf40e3d92952ba87aa27af6353a82868c9508577a1b6a349fce75b3e4952b04b9527f496b5555e6db110dec07430b01446635eff12f136dbcb54fd4dc90b02e1bc6488ed74efd9eeb1b6de6e2a234f6c323df5c28a0352d03b34ee4f64ab614078125aa3cc0048000280080003400000000c08000340000000010900020073797a310000000008000180fffffffd0800034000008000080003400000dc5b08000180fffffffc08000180fffffffb2c0202804b000100cece2d8ff50c68c1060c2e691ddc50c6d87b46b4e5f6695010163d98bac2d9d7693cff0ec1e2107f58d3c305c78e5a596df92f1dbe80793dce5424be9e7951890023db7d0b9b2700e5000100f46e4b21dd4b92221713eece21b0e3bfb3fe995725eca78713a8d11ac82a6aefeeeab4720bd136479523ccafa34771afedeafc55275842bb7adb37ff3c93b19d9d5139f8b67ee81e380faa9506e6c8e5956cf7efc9828438d340b1bf747ec7f9b12eb2f8c31049c1fc37e8f28812ea0aadd0caa7e32f6bb4b2b7a4473e5fa876c87bf285a503660ea12a0cfff6863a87c64ea83c31e737e278edcad77cb964828c7049d335e25156fd4d1c2faada6a8363794fe487155fbfd7c2e1b8504d4a744357734f51fca0426ffe929280df27411f8a90a067b285e970fa1e403722ae91dd000000f400010073e22ba6603d1c92836887468b100c2dc430efeb2ef19c66bd0582fe94df7b5a20292fdfbd2009980dbf9651685f7713bfb0f42583e452670f29e2cabf848fcdcb7a2067f0b257efd7dc927e540584b08f026e14be231afa797e36410d8ad6cbced8c5d2cce2f5a8b75713e57b3161b5b4ce78f283bf59a04f90bc1c5a4371abed0124c621ecb51b6166ad39f14216c09456232b7ea8dd7058bbbeae8b1c13df7ffa1515a359309683421d783f4fb00547cb06b3f974e65f28397c2c16675436a414b6e28d61800c35bdc05f9837e14491ce0fa7c0fbf6f61dd8f7eceac62373ed913de212a188ad5fa12d0eab8a0b440900010073797a30"], 0xb98}, 0x1, 0x0, 0x0, 0x20000000}, 0x44804) 1.878358617s ago: executing program 1 (id=1222): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00"/13], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181200", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000500)='kfree\x00', r3}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r2}, &(0x7f0000000000), &(0x7f00000005c0)=r3}, 0x20) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 1.790566652s ago: executing program 1 (id=1224): setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000001640)=ANY=[@ANYBLOB="0002020100000008ff"], 0x18) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xff}, 0x7}, 0x1c) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b10000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) writev(0xffffffffffffffff, &(0x7f0000001240)=[{&(0x7f0000000100)="88", 0x1}, {&(0x7f0000000040)="ca37f0927601c80f7eb285b036f865ded0d27517f5cbe3dfbcbfb5cae62125f9475020317214250a9f7d18b2bd57af93b6740ff3906d00ba82b7aba9b1eb49f7ba1aced5f8bdfa92b0208f2b859d6c3506c8c19b058c05944b6d6a", 0x5b}, {&(0x7f0000000140)="487c5ae0a5441cb6709f2a2a579711fc9a6db32890b050371e514bcd09d7bba0954816fe7312367a25a1da96b280fb81e4782cefb497c32294f230a1bb02a1166299689e2b5d206331f530b4962e0ef623b4dd3dd719546b4763781e6b1752eac770ecc23fc1217cd2a4e3b1900cbbd1ac23e0522cc9930699bead1809e6f9a0f2aafab03915edfc1242a90a058c734903ff99bdb8be6e1bca74f8b15718960bb3cd6e020a63e5dab6d030e572edab5756013450b4bea1101ebe518a5e0ff50c269d1854b843be8e22bfb69a11fa5d0f4ef9656a459c1da1f8d7088f4495bbe2e55907f077a461c9e1592af44a0975a773fe8e1e420576fb77c47c4a16ec4bc5d1924b8340040e0f676089579f7bba52db510d94bc33ced7e1589de0743d6acecfdd35422a90e9d79212f1fe3ab84fc3283ae65e9b0266db3f2f38efeec2896a008be7e8a7c159571b8b1f2ad06aceca0110deb17f7aaa9ae8e3c7437f295d7b21a39e03a5814ad79685dd0a521087245d7a897e352abf977e71e9145477b3597d4098ea9ef98d4267fa0bf4ef41c6cd4d5a31afd335ca77e873b9561e0153e1854d848603b0bff8012abe433c7b63ca1a656b015c5e760d143ff55e50f5935baa806e0e556e6973b36f2e1a57ddb8480f8a6ef9ba49c4fbcda4c2fa8751e35a80a248823321a646fcb45310fe66a6ebaf3ae0736cdb437d1cd97c5aa52fb766033d357eb0b8073f0af67601fa4ce5b0a3a264c19b36cff2ee241f3f21869cdf4c23a12ec62f47f4e280d6b69331941a6285524435bbfde99114ca9da7eca398bbe255b43493c0606df050c71b7460f6a00653a984ac4d5fec66f989281f8516465cf083f69c301a3a130d1fdb9125f8e8d4cc2eb4f5b96829e253e6e20eb01d6d7479fd916ca4e43859089b9550f997d2a92f4d82621c2134989cc6f790572866b5f85d0cf399fc6c18284f852df77695628a5ba0581c065b79482a5b8f652b3a0727abc37dda48b1f7f0856b0cc7407e8ad29bd8e875023160883800517daaf3093aa80ea845d73d76afc786fa9ae6591a5f0040a23d70baf466aa2895715ab81d3cead752b5f94d4cbeef4750860d68378eea3d52c826fd5c80d510f0590b4dbbf61c045ac4f2b2a4be30397f96ebd8b28ee7cbe4d03fcceb101b4b4e1479746976c9e99785de43bc0915a61d941697490197baaa8e3724e93a66b4663a3188eb8993ad93bbb5c075be9804e271616853f0acb7c5731272d7f4815c465ff5d51d17f7be9dcc4b7b1be08e9f32d1d95853d214fff747e4137148f75e1fbaf922b992d60edbb937ac53c26d31c55a5839446778d7b68e81df335ca779e3a8191a34662fdcea30b38c38849b3ae2b4c3a5c4865dd6821559ba9a0c45fd1e66448017757194652bdcfd3c557779c71ecb0524b90eddd91f2d4af7cdcec8d9dc1f33dea062b1ff9a3e9b7937a2268c608cbf241f99484d5fca3943ab0fe4daab308ed646e359a6c57b952c76d8b2c9386996bbb5b166c9559296749e46811cda168d2134c208712acdf41ffb0f81f239c3b354dde3a42d15a1b7bf16af445d849754cdc8b14fc2ea992e9beb34b39916ddd4ecad24ca7d85a9dae0b4e01fa0c2be840981b6dcfeb95592498d87b3f160c27b28624db2bc875e6046b8887a43ca8dbbad0806a7bf57b5d46338636cbe155bff756316835c3ba69e", 0x4b9}], 0x3) 1.67519006s ago: executing program 1 (id=1225): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2, 0x0, 0x1000000000000}, 0x18) sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) 1.180415631s ago: executing program 0 (id=1232): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$nfc_llcp(r0, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "750538d1ee602ec4802a04ea7cdcd151bb2cd9893bc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec275000386e7d95f0669b740a5418d69d0", 0x10000000000001}, 0x60) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r1, &(0x7f0000000080)={0x27, 0x0, 0x200000, 0x6, 0x0, 0x6, "feff31d1ee602ec4802a04e87bdcd151bb2cd9893bc31f80718336476a020c8be6d7f81cd81e8275000386e7d95f0669b744a5414779d000", 0x8}, 0x60) 1.180318842s ago: executing program 4 (id=1233): syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2, 0xffff}}}}}}}, 0x0) 1.126882857s ago: executing program 1 (id=1235): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r0}, 0x18) r1 = socket$inet(0x2, 0x3, 0x30) getsockopt$inet_mreqsrc(r1, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000080)=0x2c) 1.072609428s ago: executing program 0 (id=1236): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000008c0)="d800000018007b29e00212ba0d8105040a601800fe0f040b067c55a1bc000900b80006990600000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ccd40dd601edef3d93452a92307ff0ff0e97031e9f05e9f16e9cb500"/216, 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0) 1.039978244s ago: executing program 1 (id=1237): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000280)='sched_switch\x00', r0, 0x0, 0x4}, 0x18) socket$packet(0x11, 0x2, 0x300) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x140, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) 1.022741653s ago: executing program 2 (id=1239): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) unshare(0x68040200) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000015c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021241300001e0a05010000000000000000070000000900020073797a31000000000900010073797a3000000000f8120380300000802c000180250001007bb0c03ce8ed22d039cce454fd98ae614b08a9f3d4ddf1f742d55995afac076948000000c41200800c00054000000000000000000c00054000000000000000000c00044000000000000000000c00044000000000000000000600064019d200000900090073797a3200000000c8010180380002800900020073797a300000000008000340000000000900020073797a300000000008000340000000000900020073797a30000000003c0002800900020073797a320000000008000180000000000800018000000000080003400000000008000180000000000900020073797a3100000000380002800900020073797a300000000008000180000000000900020073797a320000000008000340000000000900020073797a32000000002400028008000180000000000900020073797a32000000000900020073797a3000000000f3000100a6117a78b9e48d6dd9ad86fc2c54547cbee98c24f4b972c82722771febf3e388f9b3907852ee4adbd95ca25deb487ac3d49d3716931979f6bbf2b8cdcc0bc37f27a54709a59c31c01c5544b11cb9c6ca800d7f23c3cc5237458188f26a04c78ad8dfd3b13e958558dc3b7f0f4cfc16c4fd23e11b25bd23b195b64166e0c3a8ab3ebbd2ead4abf745bcf4d4b0610521d7ec52023ed38c7f9fb1cbab6a9d87c96fd783ff63f9483766557291fcc41f17c423550c1e965a66e30631b271db96cccb68bf8c91656e894ef46a296974170da742b0d13d665f0f2e80d3590b3dc637851b6e7b0adc59ab874ce337a258bc4300080003"], 0x13a8}}, 0x0) 1.012266286s ago: executing program 4 (id=1240): r0 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33) recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000002840)=""/4079, 0xfef}], 0x1}, 0x102) 916.533009ms ago: executing program 0 (id=1241): r0 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ipvlan0\x00', 0x0}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000340)='kfree\x00', r2, 0x0, 0x200000000}, 0x18) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c000000100003052cbd7000fedbdf2500000020", @ANYRES32=0x0, @ANYBLOB="0000000000080400240012800b0001006d61637365630000140002800500060000000000050007000000000008000500", @ANYRES32=r1], 0x4c}}, 0x0) 893.866757ms ago: executing program 1 (id=1242): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2f, &(0x7f0000000000)=0x1, 0x4) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e21, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={r2}, 0x8) 870.484701ms ago: executing program 3 (id=1243): bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000200)='kfree\x00', r0, 0x0, 0x9}, 0x18) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x40) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001000)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0x0, 0x3}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x50}, 0x0) 870.279956ms ago: executing program 4 (id=1244): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18) splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0) write(r1, &(0x7f0000000240)="94", 0x1) vmsplice(r4, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7c8926dc6acd0ae6c178054e95986faff9544de5fc4c30adf404da41181a77466ac5075905ea5f50134fdd517a957fe2ee59b61f9fe8d7aabe595ea23de2723e437af0423a56686a4c2d957be1a0ab922fbbd3cb1d8c6ab0d58440a327c8eb05d445b4ac5f20abe449e4084f8b996268d0564f67980d3ed3479e0edfe5cec7b4f89bface391c9c4c58ad123b91c33173c72326d1df18804a9ea20f9ece48f784d8ca2318e3d2b316666b5dfb7295c4915989d5bcb120e8fedaa97b93a137c256ce4", 0x20013644}, {&(0x7f0000013680)="c578381bf5113dad8319d9ea5294285ae9a90384ce23866477bef9de4399237d8b3522c9c194e71edaf3332a2f169682f9d8fa271683d4d441b710409e506333e0c3b64e52e8720734b6787f4a84f5bebb046649c6c697d978affd349031b2cd874c7a8961a586a9f2d62f945e7a5bf2f5f7a31684c0503704881d2578a2a98ac3ef4e4a4b0dcdb70db735d5c1652eed3848b2dd4131bb0eb7cfadfaf5", 0x9d}], 0x2, 0x0) tee(r0, r4, 0x8f5, 0x0) write(r2, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x48) 709.430752ms ago: executing program 0 (id=1245): getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000900)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x9, 0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0xffffffff}]}}]}, 0x38}}, 0x4048000) 620.652998ms ago: executing program 3 (id=1246): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = socket(0x2, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f00000001c0)=[{0x30, 0x3, 0x51, 0xfffff034}, {0x6, 0x4, 0x6, 0x6}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 581.44344ms ago: executing program 4 (id=1247): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x2, 0x0, 0x0, {0x0, 0x0, 0x0, 0x4}}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x40, 0x2, [@TCA_BASIC_EMATCHES={0x3c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x1c, 0x2, 0x0, 0x0, {{0x0, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc}, @TCA_EM_META_RVALUE={0x4}]}}]}]}]}}]}, 0x70}}, 0x0) 558.327634ms ago: executing program 3 (id=1248): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4a0, 0x1e8, 0xffffffff, 0xffffffff, 0x1e8, 0xffffffff, 0x3d0, 0xffffffff, 0xffffffff, 0x3d0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@remote, @loopback, [0xff, 0xff, 0xff, 0xff], [0xff000000, 0xff, 0xff], 'team_slave_0\x00', 'netdevsim0\x00', {}, {0xff}, 0x29, 0x3, 0x0, 0x60}, 0x0, 0x1a0, 0x1e8, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x4, 0x7a3, 0x6, 'snmp_trap\x00', {0x369bc443}}}}, {{@ipv6={@remote, @local, [0xffffff00, 0xffffffff, 0x0, 0xffffff00], [0xffffffff, 0xffffff00, 0xffffffff, 0xff000000], 'netpci0\x00', 'bridge_slave_1\x00', {}, {0xff}, 0x2b, 0x2, 0x5, 0x5}, 0x0, 0x1c8, 0x1e8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x29, 0x1, 0x1, 'syz0\x00'}}, @inet=@rpfilter={{0x28}, {0x1c}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x500) 470.381519ms ago: executing program 4 (id=1249): unshare(0x24020400) r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x26, &(0x7f0000000040)=0x7f, 0x4) 414.151034ms ago: executing program 2 (id=1250): syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2, 0xffff}}}}}}}, 0x0) 366.076408ms ago: executing program 2 (id=1251): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x9) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000008c0)="d800000018007b29e00212ba0d8105040a601800fe0f040b067c55a1bc000900b80006990600000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ccd40dd601edef3d93452a92307ff0ff0e97031e9f05e9f16e9cb500"/216, 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0) 352.925719ms ago: executing program 3 (id=1252): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x20ffe, 0x0, 0x0, 0x40f00, 0xac, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0xfffffffffffffffc}, 0x18) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x401, 0xfffffffe, 0x0, 0xffffffff}, 0x10) close(r1) 308.81109ms ago: executing program 2 (id=1253): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x2, 0xfffffe81, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="070000000400000008"], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00'}, 0x18) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000040000e41300050003030000000a0000005dc000000000010800020005000000140006"], 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x4040000) 220.668424ms ago: executing program 4 (id=1254): socket$packet(0x11, 0xa, 0x300) socket$packet(0x11, 0xa, 0x300) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x9}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="070000000400000080"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x8, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000700000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='kmem_cache_free\x00', r2}, 0x18) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="219a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 208.758788ms ago: executing program 3 (id=1255): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0b00000008000000020000000400000005"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0x2f9, 0x403d87c21de2ff3f, &(0x7f0000000040)="b90103606989068c3c270040f0832f9e0ff008001fffffe1ffff86dd632f080686dd00017f020001be", 0x0, 0x104, 0x6000000000000000, 0x0, 0xfeb9, &(0x7f0000000400)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7"}, 0x28) 201.687197ms ago: executing program 2 (id=1265): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x2, 0xfffffe81, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="070000000400000008"], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00'}, 0x18) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000040000e41300050003030000000a0000005dc000000000010800020005000000140006"], 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x4040000) 1.004752ms ago: executing program 3 (id=1256): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x28, r1, 0xc4fc9e906872338b, 0x70bd2a, 0x25dfdbfe, {{0x15}, {@void, @val={0xc, 0x99, {0xc7, 0x3a}}}}, [@NL80211_ATTR_TID_CONFIG={0x8, 0x11d, 0x0, 0x1, [{0x4}]}]}, 0x28}}, 0x20040000) 0s ago: executing program 2 (id=1257): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x31}}, 0x2}}, 0x2e) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e22, @loopback}, 0x2, 0x4}}, 0x26) ioctl$PPPIOCGL2TPSTATS(r2, 0x8004745a, &(0x7f0000005280)) kernel console output (not intermixed with test programs): with an up link [ 74.078832][ T5831] team0: Port device team_slave_0 added [ 74.097753][ T5825] team0: Port device team_slave_0 added [ 74.103766][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 74.117357][ T5831] team0: Port device team_slave_1 added [ 74.135577][ T5825] team0: Port device team_slave_1 added [ 74.168660][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.176025][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.183388][ T5833] bridge_slave_0: entered allmulticast mode [ 74.190673][ T5833] bridge_slave_0: entered promiscuous mode [ 74.255090][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.262229][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.269919][ T5833] bridge_slave_1: entered allmulticast mode [ 74.277332][ T5833] bridge_slave_1: entered promiscuous mode [ 74.295620][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.302548][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 74.304042][ T5827] Bluetooth: hci0: command tx timeout [ 74.328971][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.347057][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.354060][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 74.380161][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.383986][ T5827] Bluetooth: hci1: command tx timeout [ 74.398346][ T5820] hsr_slave_0: entered promiscuous mode [ 74.404813][ T5820] hsr_slave_1: entered promiscuous mode [ 74.411673][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.418826][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 74.444905][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.509924][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.517060][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 74.543611][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.556993][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.574722][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.622803][ T5827] Bluetooth: hci2: command tx timeout [ 74.687749][ T5833] team0: Port device team_slave_0 added [ 74.698610][ T5825] hsr_slave_0: entered promiscuous mode [ 74.704413][ T5827] Bluetooth: hci3: command tx timeout [ 74.710567][ T5825] hsr_slave_1: entered promiscuous mode [ 74.716723][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 74.722488][ T5825] Cannot create hsr debugfs directory [ 74.757190][ T5833] team0: Port device team_slave_1 added [ 74.789344][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.796561][ T5827] Bluetooth: hci4: command tx timeout [ 74.796698][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.809514][ T5836] bridge_slave_0: entered allmulticast mode [ 74.817050][ T5836] bridge_slave_0: entered promiscuous mode [ 74.839744][ T5831] hsr_slave_0: entered promiscuous mode [ 74.846349][ T5831] hsr_slave_1: entered promiscuous mode [ 74.853354][ T5831] debugfs: 'hsr0' already exists in 'hsr' [ 74.859090][ T5831] Cannot create hsr debugfs directory [ 74.895608][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.903177][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.910417][ T5836] bridge_slave_1: entered allmulticast mode [ 74.917591][ T5836] bridge_slave_1: entered promiscuous mode [ 74.935682][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.942801][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 74.968779][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.016587][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.024873][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 75.050786][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.096898][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.137312][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.228315][ T5836] team0: Port device team_slave_0 added [ 75.264546][ T5836] team0: Port device team_slave_1 added [ 75.285467][ T5833] hsr_slave_0: entered promiscuous mode [ 75.291671][ T5833] hsr_slave_1: entered promiscuous mode [ 75.298234][ T5833] debugfs: 'hsr0' already exists in 'hsr' [ 75.304004][ T5833] Cannot create hsr debugfs directory [ 75.360266][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.367630][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 75.393623][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.443512][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.450474][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 75.476858][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.631883][ T5836] hsr_slave_0: entered promiscuous mode [ 75.640165][ T5836] hsr_slave_1: entered promiscuous mode [ 75.647029][ T5836] debugfs: 'hsr0' already exists in 'hsr' [ 75.652896][ T5836] Cannot create hsr debugfs directory [ 75.658666][ T5820] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.682160][ T5820] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.709148][ T5820] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.744724][ T5820] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.883209][ T5825] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 75.893751][ T5825] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 75.904811][ T5825] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 75.926092][ T5825] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 76.024852][ T5831] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 76.048066][ T5831] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 76.064394][ T5831] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 76.078366][ T5831] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 76.160995][ T5833] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 76.175928][ T5833] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 76.197006][ T5833] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 76.211502][ T5833] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 76.259900][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.341289][ T5836] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 76.352585][ T5836] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 76.365382][ T5836] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 76.376747][ T5836] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 76.383595][ T5827] Bluetooth: hci0: command tx timeout [ 76.403805][ T5820] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.434759][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.462801][ T5827] Bluetooth: hci1: command tx timeout [ 76.471745][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.479032][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.520573][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.527753][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.575001][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.617262][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.624366][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.634037][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.641119][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.665240][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.703592][ T5827] Bluetooth: hci2: command tx timeout [ 76.704713][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.731441][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.748692][ T5820] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 76.772011][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.779165][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.788571][ T5827] Bluetooth: hci3: command tx timeout [ 76.810755][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.838962][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.846127][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.857273][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.864481][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.873039][ T5827] Bluetooth: hci4: command tx timeout [ 76.885268][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.906083][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.913231][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.995224][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.082102][ T1113] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.089302][ T1113] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.103661][ T1113] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.110749][ T1113] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.227053][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.287345][ T5836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.426544][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.509264][ T5820] veth0_vlan: entered promiscuous mode [ 77.568081][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.586605][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.614505][ T5820] veth1_vlan: entered promiscuous mode [ 77.640607][ T5825] veth0_vlan: entered promiscuous mode [ 77.681356][ T5825] veth1_vlan: entered promiscuous mode [ 77.709057][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.720593][ T5831] veth0_vlan: entered promiscuous mode [ 77.745392][ T5820] veth0_macvtap: entered promiscuous mode [ 77.768144][ T5831] veth1_vlan: entered promiscuous mode [ 77.787447][ T5820] veth1_macvtap: entered promiscuous mode [ 77.845627][ T5833] veth0_vlan: entered promiscuous mode [ 77.857516][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.908561][ T5825] veth0_macvtap: entered promiscuous mode [ 77.920329][ T5831] veth0_macvtap: entered promiscuous mode [ 77.935733][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.944901][ T5833] veth1_vlan: entered promiscuous mode [ 77.953611][ T5825] veth1_macvtap: entered promiscuous mode [ 77.979043][ T5831] veth1_macvtap: entered promiscuous mode [ 78.008448][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.019219][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.037579][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.046390][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.060336][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.078264][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.097431][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.118772][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.136944][ T63] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.148456][ T63] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.176599][ T63] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.186098][ T63] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.200583][ T63] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.217495][ T5833] veth0_macvtap: entered promiscuous mode [ 78.236576][ T63] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.247429][ T63] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.275726][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.289280][ T5833] veth1_macvtap: entered promiscuous mode [ 78.350609][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.360947][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.402268][ T5836] veth0_vlan: entered promiscuous mode [ 78.422511][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.442346][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.460266][ T5836] veth1_vlan: entered promiscuous mode [ 78.466098][ T5827] Bluetooth: hci0: command tx timeout [ 78.476500][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.498082][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.509878][ T50] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.519878][ T50] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.543180][ T5827] Bluetooth: hci1: command tx timeout [ 78.549557][ T50] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.559678][ T50] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.569784][ T1105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.578080][ T1105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.621267][ T1105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.635299][ T1105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.662066][ T5836] veth0_macvtap: entered promiscuous mode [ 78.710440][ T5820] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 78.738785][ T5920] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.749906][ T5920] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.766669][ T5836] veth1_macvtap: entered promiscuous mode [ 78.783855][ T5827] Bluetooth: hci2: command tx timeout [ 78.811826][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.847665][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.851824][ T1105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.863465][ T5827] Bluetooth: hci3: command tx timeout [ 78.867136][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.896407][ T1105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.943609][ T5827] Bluetooth: hci4: command tx timeout [ 78.962425][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.004541][ T5938] tipc: Started in network mode [ 79.009501][ T5938] tipc: Node identity 0299a56bf5f3, cluster identity 4711 [ 79.018953][ T5938] tipc: Enabled bearer , priority 0 [ 79.027064][ T5920] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.056736][ T5938] syzkaller0: entered promiscuous mode [ 79.061437][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.063175][ T5938] syzkaller0: entered allmulticast mode [ 79.085385][ T5920] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.092471][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.119857][ T5920] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.157272][ T5920] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.209836][ T5937] tipc: Resetting bearer [ 79.214201][ T5947] netlink: 'syz.2.3': attribute type 1 has an invalid length. [ 79.279287][ T5949] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6'. [ 79.298952][ T5937] tipc: Disabling bearer [ 79.326285][ T5950] gretap1: entered allmulticast mode [ 79.367849][ T5949] team0: entered promiscuous mode [ 79.373064][ T5949] team_slave_0: entered promiscuous mode [ 79.378896][ T5949] team_slave_1: entered promiscuous mode [ 79.386854][ T5949] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 79.396454][ T5949] team0: left promiscuous mode [ 79.403835][ T5949] team_slave_0: left promiscuous mode [ 79.427089][ T5949] team_slave_1: left promiscuous mode [ 79.749743][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.798721][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.831424][ T5976] syz.1.9 uses obsolete (PF_INET,SOCK_PACKET) [ 79.859236][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.873698][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.973491][ T5978] bond1: option lacp_active: invalid value (7) [ 79.992213][ T5978] bond1 (unregistering): Released all slaves [ 80.470819][ T5997] syz_tun: entered allmulticast mode [ 80.546860][ T52] Bluetooth: hci0: command tx timeout [ 80.626233][ T52] Bluetooth: hci1: command tx timeout [ 80.687199][ T6005] Cannot find set identified by id 0 to match [ 80.864979][ T52] Bluetooth: hci2: command tx timeout [ 80.943308][ T52] Bluetooth: hci3: command tx timeout [ 81.026158][ T52] Bluetooth: hci4: command tx timeout [ 81.466073][ T6022] syzkaller0: entered promiscuous mode [ 81.472894][ T6022] syzkaller0: entered allmulticast mode [ 81.524965][ T43] cfg80211: failed to load regulatory.db [ 81.555203][ T6024] warning: `syz.1.23' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 81.580431][ T6026] Driver unsupported XDP return value 0 on prog (id 15) dev N/A, expect packet loss! [ 81.587876][ T6027] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 81.606399][ T6024] netlink: 'syz.1.23': attribute type 11 has an invalid length. [ 81.627549][ T6024] netlink: 244 bytes leftover after parsing attributes in process `syz.1.23'. [ 81.738052][ T6026] netlink: 48 bytes leftover after parsing attributes in process `syz.4.24'. [ 82.016755][ T6040] netlink: 4 bytes leftover after parsing attributes in process `syz.1.25'. [ 82.197865][ T6040] bridge_slave_1: left allmulticast mode [ 82.221735][ T6040] bridge_slave_1: left promiscuous mode [ 82.274694][ T6040] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.436691][ T6040] bridge_slave_0: left allmulticast mode [ 82.472715][ T6040] bridge_slave_0: left promiscuous mode [ 82.484335][ T6040] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.706633][ T6067] netlink: 12 bytes leftover after parsing attributes in process `syz.0.29'. [ 83.103747][ T52] Bluetooth: hci4: command 0x0405 tx timeout [ 83.409160][ T6092] nbd: socks must be embedded in a SOCK_ITEM attr [ 83.838242][ T6112] netlink: 12 bytes leftover after parsing attributes in process `syz.2.37'. [ 83.894762][ T6112] bridge0: entered promiscuous mode [ 83.939302][ T6103] netlink: 48 bytes leftover after parsing attributes in process `syz.2.37'. [ 83.966710][ T6103] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 84.554348][ T6141] xt_HMARK: spi-set and port-set can't be combined [ 84.970784][ T6155] syzkaller1: entered promiscuous mode [ 84.988400][ T6155] syzkaller1: entered allmulticast mode [ 85.033898][ T6159] netlink: 36 bytes leftover after parsing attributes in process `syz.0.46'. [ 85.312113][ T6143] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 85.737842][ T6192] netlink: 'syz.3.56': attribute type 10 has an invalid length. [ 85.896531][ T6192] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.913998][ T6192] bond0: (slave team0): Enslaving as an active interface with an up link [ 86.633499][ T5827] Bluetooth: hci0: command 0x080f tx timeout [ 86.937058][ T6235] netlink: 8 bytes leftover after parsing attributes in process `syz.0.67'. [ 87.140911][ T6237] bond1 (unregistering): Released all slaves [ 87.246726][ T6252] syzkaller1: entered promiscuous mode [ 87.262362][ T6252] syzkaller1: entered allmulticast mode [ 87.326418][ T6252] netlink: 8 bytes leftover after parsing attributes in process `syz.1.69'. [ 87.393689][ T6261] netlink: 200 bytes leftover after parsing attributes in process `syz.3.71'. [ 87.419776][ T6261] netlink: 200 bytes leftover after parsing attributes in process `syz.3.71'. [ 87.442051][ T6261] netlink: 200 bytes leftover after parsing attributes in process `syz.3.71'. [ 87.453763][ T6261] netlink: 200 bytes leftover after parsing attributes in process `syz.3.71'. [ 87.463701][ T6261] netlink: 200 bytes leftover after parsing attributes in process `syz.3.71'. [ 87.475453][ T6261] netlink: 200 bytes leftover after parsing attributes in process `syz.3.71'. [ 87.482889][ T6270] netlink: 4 bytes leftover after parsing attributes in process `syz.3.71'. [ 87.610447][ T6274] netlink: 'syz.4.73': attribute type 4 has an invalid length. [ 87.678605][ T6273] netlink: 'syz.4.73': attribute type 4 has an invalid length. [ 88.036889][ T6281] Bluetooth: hci4: Opcode 0x0401 failed: -4 [ 88.236533][ T6291] netlink: 'syz.1.79': attribute type 1 has an invalid length. [ 88.471681][ T6314] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 88.614518][ T6307] bond1 (unregistering): Released all slaves [ 88.724302][ T6321] syzkaller0: entered promiscuous mode [ 88.738161][ T6321] syzkaller0: entered allmulticast mode [ 89.086473][ T6339] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 89.511521][ T6354] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 89.684341][ T6350] bond0: (slave bond_slave_0): Releasing backup interface [ 89.740351][ T6350] bond0: (slave bond_slave_1): Releasing backup interface [ 89.814334][ T6350] team0: Port device team_slave_0 removed [ 89.847997][ T6350] team0: Port device team_slave_1 removed [ 89.856870][ T6350] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 89.864452][ T6350] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 89.876739][ T6350] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 89.885075][ T6350] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 89.897243][ T6350] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 89.933739][ T6360] veth0: entered promiscuous mode [ 89.944334][ T6349] veth0: left promiscuous mode [ 89.984092][ T5827] Bluetooth: hci4: command 0x0405 tx timeout [ 90.074267][ T6381] __nla_validate_parse: 33 callbacks suppressed [ 90.074285][ T6381] netlink: 8 bytes leftover after parsing attributes in process `syz.3.101'. [ 90.704742][ T5891] IPVS: starting estimator thread 0... [ 90.803284][ T6409] IPVS: using max 25 ests per chain, 60000 per kthread [ 90.957153][ T6415] netlink: 8 bytes leftover after parsing attributes in process `syz.2.109'. [ 90.969818][ T6364] infiniband !yz!: set active [ 90.986473][ T6417] netlink: 20 bytes leftover after parsing attributes in process `syz.4.110'. [ 90.997738][ T6364] infiniband !yz!: added team_slave_0 [ 91.006037][ T6364] !yz!: rxe_create_cq: returned err = -12 [ 91.012057][ T6364] infiniband !yz!: Couldn't create ib_mad CQ [ 91.023808][ T6415] netlink: 12 bytes leftover after parsing attributes in process `syz.2.109'. [ 91.031925][ T6364] infiniband !yz!: Couldn't open port 1 [ 91.117302][ T6364] RDS/IB: !yz!: added [ 91.145892][ T6364] smc: adding ib device !yz! with port count 1 [ 91.152183][ T6364] smc: ib device !yz! port 1 has no pnetid [ 91.283295][ T6426] netlink: 30308 bytes leftover after parsing attributes in process `syz.4.113'. [ 91.307512][ T6426] netlink: 30308 bytes leftover after parsing attributes in process `syz.4.113'. [ 91.666188][ T6446] Zero length message leads to an empty skb [ 91.694208][ T6447] netlink: 8 bytes leftover after parsing attributes in process `syz.3.118'. [ 91.723111][ T6447] gretap0: entered promiscuous mode [ 91.836625][ T6453] netlink: 20 bytes leftover after parsing attributes in process `syz.2.120'. [ 91.885650][ T6451] netlink: 16 bytes leftover after parsing attributes in process `syz.1.121'. [ 91.896036][ T6453] netlink: 16 bytes leftover after parsing attributes in process `syz.2.120'. [ 92.471906][ T6476] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 92.749222][ T6486] sctp: [Deprecated]: syz.2.131 (pid 6486) Use of int in maxseg socket option. [ 92.749222][ T6486] Use struct sctp_assoc_value instead [ 92.932984][ T6488] nbd1: detected capacity change from 0 to 127 [ 92.965241][ T6488] nbd: couldn't find a device at index 0 [ 93.615631][ T6496] tc_dump_action: action bad kind [ 93.642135][ T5827] block nbd1: Receive control failed (result -104) [ 94.315398][ T6526] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 94.916357][ T6556] TCP: tcp_parse_options: Illegal window scaling value 254 > 14 received [ 94.952706][ T52] Bluetooth: hci4: command 0x0405 tx timeout [ 95.022938][ T52] Bluetooth: hci1: command tx timeout [ 95.201890][ T6560] __nla_validate_parse: 8 callbacks suppressed [ 95.201906][ T6560] netlink: 8 bytes leftover after parsing attributes in process `syz.0.152'. [ 96.072518][ T6584] netlink: 666 bytes leftover after parsing attributes in process `syz.0.158'. [ 96.106363][ T6593] netlink: 'syz.3.159': attribute type 17 has an invalid length. [ 96.240806][ T6593] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 96.284699][ T6591] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 96.306236][ T97] block nbd1: Connection timed out, retrying (0/1 alive) [ 96.314198][ T97] block nbd1: Connection timed out, retrying (0/1 alive) [ 96.322414][ T97] block nbd1: Connection timed out, retrying (0/1 alive) [ 96.329776][ T97] block nbd1: Connection timed out, retrying (0/1 alive) [ 96.337204][ T97] block nbd1: Dead connection, failed to find a fallback [ 96.344832][ T97] block nbd1: shutting down sockets [ 96.350330][ T97] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 96.360047][ T97] Buffer I/O error on dev nbd1, logical block 3, async page read [ 96.368489][ T97] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 96.377928][ T97] Buffer I/O error on dev nbd1, logical block 2, async page read [ 96.385905][ T97] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 96.395036][ T97] Buffer I/O error on dev nbd1, logical block 1, async page read [ 96.409688][ T97] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 96.418888][ T97] Buffer I/O error on dev nbd1, logical block 0, async page read [ 96.428150][ T5828] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 96.452688][ T5828] Buffer I/O error on dev nbd1, logical block 0, async page read [ 96.477346][ T5828] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 96.521680][ T5828] Buffer I/O error on dev nbd1, logical block 1, async page read [ 96.554259][ T5828] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 96.580300][ T5828] Buffer I/O error on dev nbd1, logical block 2, async page read [ 96.610424][ T5828] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 96.660712][ T5828] Buffer I/O error on dev nbd1, logical block 3, async page read [ 96.673062][ T6610] netlink: 12 bytes leftover after parsing attributes in process `syz.1.162'. [ 96.690599][ T6611] netlink: 220 bytes leftover after parsing attributes in process `syz.4.164'. [ 96.693072][ T5828] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 96.742057][ T6605] netlink: 'syz.0.163': attribute type 1 has an invalid length. [ 96.785911][ T5828] Buffer I/O error on dev nbd1, logical block 0, async page read [ 96.812384][ T5828] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 96.859073][ T5828] Buffer I/O error on dev nbd1, logical block 1, async page read [ 96.885323][ T5828] ldm_validate_partition_table(): Disk read failed. [ 96.905641][ T5828] Dev nbd1: unable to read RDB block 0 [ 96.914047][ T5828] nbd1: unable to read partition table [ 96.924377][ T6614] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.932364][ T6614] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.955887][ T5828] ldm_validate_partition_table(): Disk read failed. [ 96.971412][ T5828] Dev nbd1: unable to read RDB block 0 [ 96.996385][ T5828] nbd1: unable to read partition table [ 97.021427][ T50] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 97.023146][ T52] Bluetooth: hci4: command 0x0405 tx timeout [ 97.029586][ T50] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 97.044561][ T10] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 97.108756][ T6621] : renamed from bond_slave_0 [ 97.257187][ T6628] xt_l2tp: unknown flags: 51 [ 97.322825][ T5891] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 97.615564][ T5891] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 97.869500][ T6636] netlink: 104 bytes leftover after parsing attributes in process `syz.4.170'. [ 98.349718][ T6648] netlink: 'syz.2.171': attribute type 13 has an invalid length. [ 98.385642][ T6648] netlink: 'syz.2.171': attribute type 17 has an invalid length. [ 98.705027][ T6648] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.712198][ T6648] bridge0: port 2(bridge_slave_1) entered listening state [ 98.719666][ T6648] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.726958][ T6648] bridge0: port 1(bridge_slave_0) entered listening state [ 98.816826][ T6648] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.838550][ T6648] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 99.219111][ T6662] Bluetooth: MGMT ver 1.23 [ 99.249748][ T6660] netlink: 8 bytes leftover after parsing attributes in process `syz.4.173'. [ 99.359119][ T6668] netlink: 8 bytes leftover after parsing attributes in process `syz.0.175'. [ 99.396164][ T6668] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.403799][ T6668] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.022867][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 101.106738][ T6721] netlink: 16 bytes leftover after parsing attributes in process `syz.3.185'. [ 101.170506][ T6722] sctp: [Deprecated]: syz.3.185 (pid 6722) Use of int in maxseg socket option. [ 101.170506][ T6722] Use struct sctp_assoc_value instead [ 101.551023][ T6719] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 101.587198][ T6719] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 101.770866][ T6729] netlink: 'syz.1.187': attribute type 15 has an invalid length. [ 101.949880][ T6736] netlink: 8 bytes leftover after parsing attributes in process `syz.0.189'. [ 102.141061][ T6736] bond2: option updelay: invalid value (18446744073709551607) [ 102.165279][ T6742] netlink: 'syz.3.191': attribute type 1 has an invalid length. [ 102.173272][ T6736] bond2: option updelay: allowed values 0 - 2147483647 [ 102.192140][ T6736] bond2 (unregistering): Released all slaves [ 102.266247][ T6741] netlink: 30308 bytes leftover after parsing attributes in process `syz.2.192'. [ 102.282736][ T6741] netlink: 30308 bytes leftover after parsing attributes in process `syz.2.192'. [ 102.304312][ T6742] 8021q: adding VLAN 0 to HW filter on device bond2 [ 102.329079][ T6747] bond2: (slave ip6gretap1): making interface the new active one [ 102.465583][ T6747] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 102.687321][ T6750] veth3: entered promiscuous mode [ 102.737292][ T6750] bond2: (slave veth3): Enslaving as an active interface with a down link [ 102.779796][ T6742] erspan0: entered allmulticast mode [ 102.837272][ T6742] bond2: (slave erspan0): Enslaving as an active interface with an up link [ 102.919260][ T6747] bond2: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 103.010575][ T6759] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.155913][ T6759] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.167001][ T6768] netlink: 76 bytes leftover after parsing attributes in process `syz.0.197'. [ 103.247768][ T6759] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.507545][ T6759] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.709432][ T6791] netlink: 8 bytes leftover after parsing attributes in process `syz.3.202'. [ 103.752014][ T1113] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.776349][ T1113] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.820563][ T1113] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.862728][ T50] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.010846][ T6799] xt_hashlimit: max too large, truncated to 1048576 [ 104.265535][ T6803] vlan2: entered allmulticast mode [ 104.283340][ T6803] hsr_slave_1: entered allmulticast mode [ 104.294825][ T6804] netlink: 24 bytes leftover after parsing attributes in process `syz.4.204'. [ 104.442467][ T6804] bond1: entered promiscuous mode [ 104.471350][ T6804] 8021q: adding VLAN 0 to HW filter on device bond1 [ 104.825495][ T6804] bond1 (unregistering): Released all slaves [ 104.963924][ T6804] netlink: 24 bytes leftover after parsing attributes in process `syz.4.204'. [ 105.075518][ T6804] bond1: entered promiscuous mode [ 105.093124][ T6804] 8021q: adding VLAN 0 to HW filter on device bond1 [ 105.320082][ T6804] bond1 (unregistering): Released all slaves [ 106.277380][ T6828] netlink: 84 bytes leftover after parsing attributes in process `syz.0.209'. [ 106.316534][ T6833] netlink: 'syz.1.210': attribute type 1 has an invalid length. [ 107.296181][ T6865] netlink: 30308 bytes leftover after parsing attributes in process `syz.1.219'. [ 107.306108][ T6865] netlink: 30308 bytes leftover after parsing attributes in process `syz.1.219'. [ 107.362861][ T6870] tipc: Started in network mode [ 107.418167][ T6870] tipc: Node identity 2253537654cc, cluster identity 4711 [ 107.510823][ T6870] tipc: Enabled bearer , priority 0 [ 107.556518][ T6860] tipc: Resetting bearer [ 107.794219][ T6857] tipc: Disabling bearer [ 107.874549][ T6880] netlink: 12 bytes leftover after parsing attributes in process `syz.0.222'. [ 108.004525][ T6883] netlink: 30308 bytes leftover after parsing attributes in process `syz.1.223'. [ 108.052778][ T6883] netlink: 30308 bytes leftover after parsing attributes in process `syz.1.223'. [ 108.249322][ T6889] netlink: 24 bytes leftover after parsing attributes in process `syz.1.226'. [ 108.276969][ T6890] netlink: 'syz.1.226': attribute type 1 has an invalid length. [ 108.277801][ T6886] syzkaller0: entered promiscuous mode [ 108.290429][ T6886] syzkaller0: entered allmulticast mode [ 108.734841][ T6909] netlink: 20 bytes leftover after parsing attributes in process `syz.1.230'. [ 109.022817][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 109.154667][ T5828] udevd[5828]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 109.291485][ T6938] netlink: 36 bytes leftover after parsing attributes in process `syz.4.235'. [ 110.206966][ T6949] netlink: 'syz.2.236': attribute type 12 has an invalid length. [ 110.250071][ T6949] netlink: 'syz.2.236': attribute type 4 has an invalid length. [ 110.525787][ T6952] FAULT_INJECTION: forcing a failure. [ 110.525787][ T6952] name failslab, interval 1, probability 0, space 0, times 1 [ 110.539254][ T6952] CPU: 1 UID: 0 PID: 6952 Comm: syz.4.237 Not tainted syzkaller #0 PREEMPT(full) [ 110.539277][ T6952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 110.539294][ T6952] Call Trace: [ 110.539301][ T6952] [ 110.539309][ T6952] dump_stack_lvl+0x189/0x250 [ 110.539342][ T6952] ? __pfx____ratelimit+0x10/0x10 [ 110.539362][ T6952] ? __pfx_dump_stack_lvl+0x10/0x10 [ 110.539384][ T6952] ? __pfx__printk+0x10/0x10 [ 110.539407][ T6952] ? __lock_acquire+0xab9/0xd20 [ 110.539430][ T6952] should_fail_ex+0x414/0x560 [ 110.539459][ T6952] should_failslab+0xa8/0x100 [ 110.539478][ T6952] kmem_cache_alloc_noprof+0x74/0x6e0 [ 110.539501][ T6952] ? skb_clone+0x212/0x3a0 [ 110.539524][ T6952] skb_clone+0x212/0x3a0 [ 110.539546][ T6952] __netlink_deliver_tap+0x404/0x850 [ 110.539584][ T6952] ? netlink_deliver_tap+0x2e/0x1b0 [ 110.539610][ T6952] netlink_deliver_tap+0x19c/0x1b0 [ 110.539635][ T6952] netlink_unicast+0x7fa/0x9e0 [ 110.539666][ T6952] ? __pfx_netlink_unicast+0x10/0x10 [ 110.539696][ T6952] ? netlink_sendmsg+0x642/0xb30 [ 110.539709][ T6952] ? skb_put+0x11b/0x210 [ 110.539737][ T6952] netlink_sendmsg+0x805/0xb30 [ 110.539763][ T6952] ? __pfx_netlink_sendmsg+0x10/0x10 [ 110.539780][ T6952] ? trace_irq_disable+0x37/0x110 [ 110.539796][ T6952] ? aa_sock_msg_perm+0xf1/0x1d0 [ 110.539821][ T6952] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 110.539842][ T6952] ? __pfx_netlink_sendmsg+0x10/0x10 [ 110.539859][ T6952] __sock_sendmsg+0x21c/0x270 [ 110.539884][ T6952] ____sys_sendmsg+0x52d/0x830 [ 110.539907][ T6952] ? __pfx_____sys_sendmsg+0x10/0x10 [ 110.539934][ T6952] ? import_iovec+0x74/0xa0 [ 110.539957][ T6952] ___sys_sendmsg+0x21f/0x2a0 [ 110.539977][ T6952] ? __pfx____sys_sendmsg+0x10/0x10 [ 110.540032][ T6952] ? __fget_files+0x2a/0x420 [ 110.540047][ T6952] ? __fget_files+0x3a0/0x420 [ 110.540074][ T6952] __sys_sendmmsg+0x227/0x430 [ 110.540097][ T6952] ? __pfx___sys_sendmmsg+0x10/0x10 [ 110.540124][ T6952] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 110.540164][ T6952] ? ksys_write+0x22a/0x250 [ 110.540198][ T6952] __x64_sys_sendmmsg+0xa0/0xc0 [ 110.540218][ T6952] do_syscall_64+0xfa/0xfa0 [ 110.540237][ T6952] ? lockdep_hardirqs_on+0x9c/0x150 [ 110.540256][ T6952] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.540273][ T6952] ? clear_bhb_loop+0x60/0xb0 [ 110.540294][ T6952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.540310][ T6952] RIP: 0033:0x7fabbcf8efc9 [ 110.540330][ T6952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.540344][ T6952] RSP: 002b:00007fabbde0c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 110.540363][ T6952] RAX: ffffffffffffffda RBX: 00007fabbd1e5fa0 RCX: 00007fabbcf8efc9 [ 110.540376][ T6952] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004 [ 110.540387][ T6952] RBP: 00007fabbde0c090 R08: 0000000000000000 R09: 0000000000000000 [ 110.540398][ T6952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 110.540408][ T6952] R13: 00007fabbd1e6038 R14: 00007fabbd1e5fa0 R15: 00007ffd7172b148 [ 110.540440][ T6952] [ 110.850780][ T6952] netlink: 30308 bytes leftover after parsing attributes in process `syz.4.237'. [ 111.339306][ T6963] tipc: Failed to remove unknown binding: 66,1,1/0:4122727454/4122727456 [ 111.389201][ T6963] tipc: Failed to remove unknown binding: 66,1,1/0:4122727454/4122727456 [ 112.579843][ T7000] FAULT_INJECTION: forcing a failure. [ 112.579843][ T7000] name failslab, interval 1, probability 0, space 0, times 0 [ 112.603991][ T7000] CPU: 1 UID: 0 PID: 7000 Comm: syz.0.249 Not tainted syzkaller #0 PREEMPT(full) [ 112.604014][ T7000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 112.604024][ T7000] Call Trace: [ 112.604031][ T7000] [ 112.604039][ T7000] dump_stack_lvl+0x189/0x250 [ 112.604066][ T7000] ? __pfx____ratelimit+0x10/0x10 [ 112.604086][ T7000] ? __pfx_dump_stack_lvl+0x10/0x10 [ 112.604108][ T7000] ? __pfx__printk+0x10/0x10 [ 112.604131][ T7000] ? __pfx___might_resched+0x10/0x10 [ 112.604155][ T7000] should_fail_ex+0x414/0x560 [ 112.604184][ T7000] should_failslab+0xa8/0x100 [ 112.604203][ T7000] kmem_cache_alloc_node_noprof+0x77/0x710 [ 112.604227][ T7000] ? __alloc_skb+0x112/0x2d0 [ 112.604256][ T7000] __alloc_skb+0x112/0x2d0 [ 112.604283][ T7000] netlink_ack+0x146/0xa50 [ 112.604305][ T7000] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 112.604327][ T7000] ? ref_tracker_free+0x63a/0x7d0 [ 112.604344][ T7000] ? __asan_memcpy+0x40/0x70 [ 112.604365][ T7000] ? __pfx_ref_tracker_free+0x10/0x10 [ 112.604391][ T7000] netlink_rcv_skb+0x28c/0x470 [ 112.604415][ T7000] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 112.604439][ T7000] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 112.604480][ T7000] ? netlink_deliver_tap+0x2e/0x1b0 [ 112.604512][ T7000] netlink_unicast+0x82f/0x9e0 [ 112.604543][ T7000] ? __pfx_netlink_unicast+0x10/0x10 [ 112.604567][ T7000] ? netlink_sendmsg+0x642/0xb30 [ 112.604581][ T7000] ? skb_put+0x11b/0x210 [ 112.604608][ T7000] netlink_sendmsg+0x805/0xb30 [ 112.604633][ T7000] ? __pfx_netlink_sendmsg+0x10/0x10 [ 112.604653][ T7000] ? aa_sock_msg_perm+0xf1/0x1d0 [ 112.604678][ T7000] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 112.604694][ T7000] ? __pfx_netlink_sendmsg+0x10/0x10 [ 112.604711][ T7000] __sock_sendmsg+0x21c/0x270 [ 112.604736][ T7000] ____sys_sendmsg+0x52d/0x830 [ 112.604759][ T7000] ? __pfx_____sys_sendmsg+0x10/0x10 [ 112.604786][ T7000] ? import_iovec+0x74/0xa0 [ 112.604810][ T7000] ___sys_sendmsg+0x21f/0x2a0 [ 112.604830][ T7000] ? __pfx____sys_sendmsg+0x10/0x10 [ 112.604882][ T7000] ? __fget_files+0x2a/0x420 [ 112.604898][ T7000] ? __fget_files+0x3a0/0x420 [ 112.604924][ T7000] __sys_sendmmsg+0x227/0x430 [ 112.604946][ T7000] ? __pfx___sys_sendmmsg+0x10/0x10 [ 112.604972][ T7000] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 112.605012][ T7000] ? ksys_write+0x22a/0x250 [ 112.605036][ T7000] ? __pfx_ksys_write+0x10/0x10 [ 112.605064][ T7000] __x64_sys_sendmmsg+0xa0/0xc0 [ 112.605083][ T7000] do_syscall_64+0xfa/0xfa0 [ 112.605102][ T7000] ? lockdep_hardirqs_on+0x9c/0x150 [ 112.605121][ T7000] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.605138][ T7000] ? clear_bhb_loop+0x60/0xb0 [ 112.605159][ T7000] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.605176][ T7000] RIP: 0033:0x7fbc6b18efc9 [ 112.605192][ T7000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.605205][ T7000] RSP: 002b:00007fbc6bfbd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 112.605224][ T7000] RAX: ffffffffffffffda RBX: 00007fbc6b3e5fa0 RCX: 00007fbc6b18efc9 [ 112.605236][ T7000] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004 [ 112.605248][ T7000] RBP: 00007fbc6bfbd090 R08: 0000000000000000 R09: 0000000000000000 [ 112.605258][ T7000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.605268][ T7000] R13: 00007fbc6b3e6038 R14: 00007fbc6b3e5fa0 R15: 00007ffc51b40c88 [ 112.605298][ T7000] [ 112.605581][ T7000] __nla_validate_parse: 3 callbacks suppressed [ 112.605592][ T7000] netlink: 30308 bytes leftover after parsing attributes in process `syz.0.249'. [ 112.963326][ T7000] netlink: 30308 bytes leftover after parsing attributes in process `syz.0.249'. [ 113.012974][ T7013] IPVS: sync thread started: state = BACKUP, mcast_ifn = wg2, syncid = 3, id = 0 [ 113.117940][ T7020] tipc: Can't bind to reserved service type 1 [ 113.432501][ T7023] netlink: 8 bytes leftover after parsing attributes in process `syz.3.253'. [ 113.770583][ T7032] netlink: 8 bytes leftover after parsing attributes in process `syz.0.256'. [ 113.888296][ T7040] netlink: 16 bytes leftover after parsing attributes in process `syz.2.258'. [ 113.888739][ T7041] netlink: 16 bytes leftover after parsing attributes in process `syz.2.258'. [ 113.947059][ T7040] netlink: 12 bytes leftover after parsing attributes in process `syz.2.258'. [ 113.952826][ T7041] netlink: 12 bytes leftover after parsing attributes in process `syz.2.258'. [ 114.029520][ T7040] macvlan0: entered allmulticast mode [ 114.045824][ T7040] veth1_vlan: entered allmulticast mode [ 114.346517][ T7049] netlink: 30308 bytes leftover after parsing attributes in process `syz.2.260'. [ 114.360890][ T7049] netlink: 30308 bytes leftover after parsing attributes in process `syz.2.260'. [ 114.957423][ T7067] netlink: 'syz.0.264': attribute type 4 has an invalid length. [ 115.492195][ T7084] FAULT_INJECTION: forcing a failure. [ 115.492195][ T7084] name failslab, interval 1, probability 0, space 0, times 0 [ 115.518718][ T7084] CPU: 1 UID: 0 PID: 7084 Comm: syz.4.270 Not tainted syzkaller #0 PREEMPT(full) [ 115.518742][ T7084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 115.518752][ T7084] Call Trace: [ 115.518759][ T7084] [ 115.518767][ T7084] dump_stack_lvl+0x189/0x250 [ 115.518793][ T7084] ? __pfx____ratelimit+0x10/0x10 [ 115.518814][ T7084] ? __pfx_dump_stack_lvl+0x10/0x10 [ 115.518836][ T7084] ? __pfx__printk+0x10/0x10 [ 115.518851][ T7084] ? __sock_sendmsg+0x21c/0x270 [ 115.518872][ T7084] ? __x64_sys_sendmmsg+0xa0/0xc0 [ 115.518889][ T7084] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.518915][ T7084] should_fail_ex+0x414/0x560 [ 115.518944][ T7084] should_failslab+0xa8/0x100 [ 115.518964][ T7084] kmem_cache_alloc_noprof+0x74/0x6e0 [ 115.518988][ T7084] ? skb_clone+0x212/0x3a0 [ 115.519011][ T7084] skb_clone+0x212/0x3a0 [ 115.519033][ T7084] __netlink_deliver_tap+0x404/0x850 [ 115.519071][ T7084] ? netlink_deliver_tap+0x2e/0x1b0 [ 115.519096][ T7084] netlink_deliver_tap+0x19c/0x1b0 [ 115.519122][ T7084] netlink_sendskb+0x68/0x140 [ 115.519148][ T7084] netlink_unicast+0x397/0x9e0 [ 115.519167][ T7084] ? __asan_memcpy+0x40/0x70 [ 115.519202][ T7084] ? __pfx_netlink_unicast+0x10/0x10 [ 115.519231][ T7084] netlink_rcv_skb+0x28c/0x470 [ 115.519255][ T7084] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 115.519280][ T7084] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 115.519324][ T7084] ? netlink_deliver_tap+0x2e/0x1b0 [ 115.519356][ T7084] netlink_unicast+0x82f/0x9e0 [ 115.519388][ T7084] ? __pfx_netlink_unicast+0x10/0x10 [ 115.519412][ T7084] ? netlink_sendmsg+0x642/0xb30 [ 115.519426][ T7084] ? skb_put+0x11b/0x210 [ 115.519454][ T7084] netlink_sendmsg+0x805/0xb30 [ 115.519480][ T7084] ? __pfx_netlink_sendmsg+0x10/0x10 [ 115.519500][ T7084] ? aa_sock_msg_perm+0xf1/0x1d0 [ 115.519523][ T7084] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 115.519538][ T7084] ? __pfx_netlink_sendmsg+0x10/0x10 [ 115.519554][ T7084] __sock_sendmsg+0x21c/0x270 [ 115.519579][ T7084] ____sys_sendmsg+0x52d/0x830 [ 115.519598][ T7084] ? __pfx_____sys_sendmsg+0x10/0x10 [ 115.519625][ T7084] ? import_iovec+0x74/0xa0 [ 115.519648][ T7084] ___sys_sendmsg+0x21f/0x2a0 [ 115.519671][ T7084] ? __pfx____sys_sendmsg+0x10/0x10 [ 115.519721][ T7084] ? __fget_files+0x2a/0x420 [ 115.519737][ T7084] ? __fget_files+0x3a0/0x420 [ 115.519763][ T7084] __sys_sendmmsg+0x227/0x430 [ 115.519783][ T7084] ? __pfx___sys_sendmmsg+0x10/0x10 [ 115.519806][ T7084] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 115.519841][ T7084] ? ksys_write+0x22a/0x250 [ 115.519865][ T7084] ? __pfx_ksys_write+0x10/0x10 [ 115.519893][ T7084] __x64_sys_sendmmsg+0xa0/0xc0 [ 115.519912][ T7084] do_syscall_64+0xfa/0xfa0 [ 115.519929][ T7084] ? lockdep_hardirqs_on+0x9c/0x150 [ 115.519948][ T7084] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.519965][ T7084] ? clear_bhb_loop+0x60/0xb0 [ 115.519990][ T7084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.520010][ T7084] RIP: 0033:0x7fabbcf8efc9 [ 115.520026][ T7084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.520039][ T7084] RSP: 002b:00007fabbde0c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 115.520057][ T7084] RAX: ffffffffffffffda RBX: 00007fabbd1e5fa0 RCX: 00007fabbcf8efc9 [ 115.520068][ T7084] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004 [ 115.520078][ T7084] RBP: 00007fabbde0c090 R08: 0000000000000000 R09: 0000000000000000 [ 115.520088][ T7084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 115.520098][ T7084] R13: 00007fabbd1e6038 R14: 00007fabbd1e5fa0 R15: 00007ffd7172b148 [ 115.520128][ T7084] [ 115.996027][ T7089] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 116.239819][ T7099] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.305455][ T7100] IPv6: sit1: Disabled Multicast RS [ 116.394921][ T7099] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.520507][ T7099] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.592399][ T7099] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.661885][ T7112] openvswitch: netlink: Missing key (keys=40, expected=80) [ 116.808860][ T50] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.851874][ T50] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.899302][ T50] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.996995][ T50] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.027153][ T7129] netlink: 'syz.3.282': attribute type 2 has an invalid length. [ 117.077659][ T7129] bridge0: port 3(netdevsim2) entered blocking state [ 117.101305][ T7129] bridge0: port 3(netdevsim2) entered disabled state [ 117.115793][ T7129] netdevsim netdevsim3 netdevsim2: entered allmulticast mode [ 117.126017][ T7129] netdevsim netdevsim3 netdevsim2: entered promiscuous mode [ 117.174451][ T7129] bridge0: port 3(netdevsim2) entered blocking state [ 117.181302][ T7129] bridge0: port 3(netdevsim2) entered forwarding state [ 117.199641][ T7134] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 117.660949][ T7153] __nla_validate_parse: 9 callbacks suppressed [ 117.660966][ T7153] netlink: 30308 bytes leftover after parsing attributes in process `syz.1.289'. [ 117.731378][ T7153] netlink: 30308 bytes leftover after parsing attributes in process `syz.1.289'. [ 117.818671][ T7160] bridge_slave_0: left allmulticast mode [ 117.912415][ T7160] bridge_slave_0: left promiscuous mode [ 117.943123][ T7160] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.971825][ T7160] bridge_slave_1: left allmulticast mode [ 117.981724][ T7160] bridge_slave_1: left promiscuous mode [ 117.999876][ T7160] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.049726][ T7160] bond0: (slave bond_slave_0): Releasing backup interface [ 118.105986][ T7182] ieee802154 phy0 wpan0: encryption failed: -22 [ 118.113744][ T7160] bond0: (slave bond_slave_1): Releasing backup interface [ 118.160150][ T7160] team0: Port device team_slave_0 removed [ 118.187084][ T7160] team0: Port device team_slave_1 removed [ 118.203713][ T7160] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 118.211747][ T7160] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 118.244529][ T7160] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 118.261947][ T7160] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 118.289954][ T7160] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 118.685986][ T7193] xt_CT: You must specify a L4 protocol and not use inversions on it [ 118.699739][ T7193] netlink: 4384 bytes leftover after parsing attributes in process `syz.1.297'. [ 118.739400][ T7193] veth1_macvtap: left promiscuous mode [ 120.781054][ T7226] dummy0: mtu less than device minimum [ 121.032863][ T7232] netlink: 48 bytes leftover after parsing attributes in process `syz.3.307'. [ 121.079116][ T12] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 121.099972][ T12] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 121.141073][ T12] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 121.152796][ T12] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 121.520138][ T7247] bond0: entered promiscuous mode [ 121.525263][ T7247] bond_slave_0: entered promiscuous mode [ 121.531130][ T7247] bond_slave_1: entered promiscuous mode [ 121.562867][ T7247] team0: entered promiscuous mode [ 121.572746][ T7247] team_slave_0: entered promiscuous mode [ 121.584579][ T7247] team_slave_1: entered promiscuous mode [ 121.604511][ T7247] batadv0: entered promiscuous mode [ 121.625951][ T7247] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 121.971712][ T7252] netlink: 30308 bytes leftover after parsing attributes in process `syz.3.313'. [ 122.021128][ T7252] netlink: 30308 bytes leftover after parsing attributes in process `syz.3.313'. [ 122.057004][ T7257] netlink: 8 bytes leftover after parsing attributes in process `syz.1.315'. [ 122.176913][ T7261] FAULT_INJECTION: forcing a failure. [ 122.176913][ T7261] name failslab, interval 1, probability 0, space 0, times 0 [ 122.192772][ T7261] CPU: 1 UID: 0 PID: 7261 Comm: syz.2.316 Not tainted syzkaller #0 PREEMPT(full) [ 122.192819][ T7261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 122.192841][ T7261] Call Trace: [ 122.192857][ T7261] [ 122.192873][ T7261] dump_stack_lvl+0x189/0x250 [ 122.192904][ T7261] ? __pfx_dump_stack_lvl+0x10/0x10 [ 122.192941][ T7261] should_fail_ex+0x414/0x560 [ 122.192965][ T7261] should_failslab+0xa8/0x100 [ 122.192980][ T7261] kmem_cache_alloc_noprof+0x74/0x6e0 [ 122.192998][ T7261] ? skb_clone+0x212/0x3a0 [ 122.193017][ T7261] skb_clone+0x212/0x3a0 [ 122.193034][ T7261] __netlink_deliver_tap+0x404/0x850 [ 122.193063][ T7261] ? netlink_deliver_tap+0x2e/0x1b0 [ 122.193085][ T7261] netlink_deliver_tap+0x19c/0x1b0 [ 122.193106][ T7261] netlink_unicast+0x7fa/0x9e0 [ 122.193132][ T7261] ? __pfx_netlink_unicast+0x10/0x10 [ 122.193152][ T7261] ? netlink_sendmsg+0x642/0xb30 [ 122.193163][ T7261] ? skb_put+0x11b/0x210 [ 122.193184][ T7261] netlink_sendmsg+0x805/0xb30 [ 122.193204][ T7261] ? __pfx_netlink_sendmsg+0x10/0x10 [ 122.193219][ T7261] ? aa_sock_msg_perm+0xf1/0x1d0 [ 122.193240][ T7261] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 122.193252][ T7261] ? __pfx_netlink_sendmsg+0x10/0x10 [ 122.193265][ T7261] __sock_sendmsg+0x21c/0x270 [ 122.193285][ T7261] ____sys_sendmsg+0x52d/0x830 [ 122.193304][ T7261] ? __pfx_____sys_sendmsg+0x10/0x10 [ 122.193326][ T7261] ? import_iovec+0x74/0xa0 [ 122.193346][ T7261] ___sys_sendmsg+0x21f/0x2a0 [ 122.193361][ T7261] ? __pfx____sys_sendmsg+0x10/0x10 [ 122.193411][ T7261] ? __might_fault+0xb0/0x130 [ 122.193435][ T7261] __sys_sendmmsg+0x227/0x430 [ 122.193453][ T7261] ? __pfx___sys_sendmmsg+0x10/0x10 [ 122.193486][ T7261] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 122.193519][ T7261] ? ksys_write+0x22a/0x250 [ 122.193539][ T7261] ? __pfx_ksys_write+0x10/0x10 [ 122.193561][ T7261] __x64_sys_sendmmsg+0xa0/0xc0 [ 122.193578][ T7261] do_syscall_64+0xfa/0xfa0 [ 122.193593][ T7261] ? lockdep_hardirqs_on+0x9c/0x150 [ 122.193610][ T7261] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.193626][ T7261] ? clear_bhb_loop+0x60/0xb0 [ 122.193646][ T7261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.193660][ T7261] RIP: 0033:0x7f79adb8efc9 [ 122.193676][ T7261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.193689][ T7261] RSP: 002b:00007f79ae96d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 122.193706][ T7261] RAX: ffffffffffffffda RBX: 00007f79adde5fa0 RCX: 00007f79adb8efc9 [ 122.193717][ T7261] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004 [ 122.193728][ T7261] RBP: 00007f79ae96d090 R08: 0000000000000000 R09: 0000000000000000 [ 122.193738][ T7261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 122.193748][ T7261] R13: 00007f79adde6038 R14: 00007f79adde5fa0 R15: 00007ffcba2fd958 [ 122.193779][ T7261] [ 122.193801][ T7261] netlink: 30308 bytes leftover after parsing attributes in process `syz.2.316'. [ 122.226320][ T7268] netlink: 12 bytes leftover after parsing attributes in process `syz.3.318'. [ 122.271008][ T7261] netlink: 30308 bytes leftover after parsing attributes in process `syz.2.316'. [ 122.895710][ T5822] IPVS: starting estimator thread 0... [ 122.983633][ T7287] IPVS: using max 29 ests per chain, 69600 per kthread [ 123.060247][ T7289] netlink: 12 bytes leftover after parsing attributes in process `syz.4.324'. [ 123.074472][ T7291] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 123.198962][ T7292] veth5: entered promiscuous mode [ 123.742871][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 124.015233][ T7312] netlink: 'syz.0.330': attribute type 1 has an invalid length. [ 124.055219][ T7315] gretap1: entered allmulticast mode [ 124.073975][ T7315] bond2: (slave gretap1): making interface the new active one [ 124.084787][ T7315] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 124.273654][ T7325] netlink: 8 bytes leftover after parsing attributes in process `syz.3.333'. [ 124.558754][ T7329] netlink: 8 bytes leftover after parsing attributes in process `syz.1.335'. [ 124.568877][ T7329] netlink: 14 bytes leftover after parsing attributes in process `syz.1.335'. [ 124.605049][ T7329] bond0 (unregistering): Released all slaves [ 124.666568][ T5883] hid-generic 0005:0007:0008.0001: unknown main item tag 0x0 [ 124.710482][ T5883] hid-generic 0005:0007:0008.0001: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 124.935079][ T7336] netlink: 4 bytes leftover after parsing attributes in process `syz.0.337'. [ 124.941080][ T7334] fido_id[7334]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory [ 125.081881][ T7342] netlink: 12 bytes leftover after parsing attributes in process `syz.0.338'. [ 125.105761][ T7342] ¾x9ÿ: renamed from bridge_slave_0 (while UP) [ 125.127361][ T7341] syzkaller1: entered allmulticast mode [ 125.311411][ T7356] batman_adv: batadv0: Adding interface: ip6gretap1 [ 125.361654][ T7356] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 125.462832][ T7356] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active [ 125.561378][ T7370] netlink: 52 bytes leftover after parsing attributes in process `syz.4.346'. [ 125.683230][ T7381] veth1_to_bond: entered promiscuous mode [ 125.684784][ T5822] IPVS: starting estimator thread 0... [ 125.691329][ T7378] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 125.751201][ T7386] netlink: 32 bytes leftover after parsing attributes in process `syz.2.349'. [ 125.772072][ T7378] netlink: 'syz.3.344': attribute type 13 has an invalid length. [ 125.822807][ T7384] IPVS: using max 31 ests per chain, 74400 per kthread [ 126.028567][ T7402] netlink: 8 bytes leftover after parsing attributes in process `syz.0.354'. [ 126.105185][ T7378] bridge0: port 3(netdevsim2) entered disabled state [ 126.112150][ T7378] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.119854][ T7378] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.255646][ T7417] openvswitch: netlink: Key type 31 is not supported [ 126.269618][ T7378] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 126.295797][ T7378] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 126.680478][ T63] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.713724][ T63] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.797456][ T63] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.816899][ T63] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.405697][ T7451] netlink: 'syz.3.362': attribute type 30 has an invalid length. [ 127.520881][ T7459] netlink: 4 bytes leftover after parsing attributes in process `syz.2.365'. [ 127.857191][ T7484] sctp: [Deprecated]: syz.3.369 (pid 7484) Use of struct sctp_assoc_value in delayed_ack socket option. [ 127.857191][ T7484] Use struct sctp_sack_info instead [ 127.970634][ T7484] smc: net device bond0 applied user defined pnetid SYZ2 [ 128.121402][ T7484] smc: removing net device bond0 with user defined pnetid SYZ2 [ 128.130635][ T7484] bond0 (unregistering): left promiscuous mode [ 128.137602][ T7484] bond_slave_0: left promiscuous mode [ 128.144280][ T7484] bond_slave_1: left promiscuous mode [ 128.149910][ T7484] team0: left promiscuous mode [ 128.155263][ T7484] team_slave_0: left promiscuous mode [ 128.160920][ T7484] team_slave_1: left promiscuous mode [ 128.171900][ T7484] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 128.184796][ T7484] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 128.195431][ T7484] bond0 (unregistering): (slave team0): Releasing backup interface [ 128.206347][ T7484] bond0 (unregistering): Released all slaves [ 128.233824][ T7494] __nla_validate_parse: 2 callbacks suppressed [ 128.233837][ T7494] netlink: 4 bytes leftover after parsing attributes in process `syz.0.371'. [ 128.516900][ T7503] ip6tnl1: entered promiscuous mode [ 128.865011][ C0] bridge0: port 1(bridge_slave_0) entered learning state [ 128.873002][ C0] bridge0: port 2(bridge_slave_1) entered learning state [ 128.911311][ T7507] tipc: Enabling of bearer rejected, failed to enable media [ 128.934028][ T7516] netlink: 36 bytes leftover after parsing attributes in process `syz.2.377'. [ 129.695979][ T7536] netlink: 30308 bytes leftover after parsing attributes in process `syz.0.380'. [ 129.707485][ T7536] netlink: 30308 bytes leftover after parsing attributes in process `syz.0.380'. [ 129.855345][ T7538] --map-set only usable from mangle table [ 130.215648][ T7552] netlink: 8 bytes leftover after parsing attributes in process `syz.2.385'. [ 130.236209][ T7547] macsec2: entered promiscuous mode [ 130.249976][ T7547] bridge0: entered promiscuous mode [ 130.250895][ T7552] netlink: 4 bytes leftover after parsing attributes in process `syz.2.385'. [ 130.266165][ T7547] bridge0: port 4(macsec2) entered blocking state [ 130.274952][ T7547] bridge0: port 4(macsec2) entered disabled state [ 130.281706][ T7547] macsec2: entered allmulticast mode [ 130.291439][ T7547] bridge0: entered allmulticast mode [ 130.321947][ T7547] macsec2: left allmulticast mode [ 130.327052][ T7547] bridge0: left allmulticast mode [ 130.333732][ T7547] bridge0: left promiscuous mode [ 130.399764][ T7552] netlink: 8 bytes leftover after parsing attributes in process `syz.2.385'. [ 130.430648][ T7552] netlink: 4 bytes leftover after parsing attributes in process `syz.2.385'. [ 130.611828][ T7555] netlink: 'syz.2.386': attribute type 1 has an invalid length. [ 130.622942][ T7557] netlink: 8 bytes leftover after parsing attributes in process `syz.3.387'. [ 131.308988][ T7573] netlink: 30308 bytes leftover after parsing attributes in process `syz.4.392'. [ 131.534129][ T7583] netlink: 'syz.4.394': attribute type 3 has an invalid length. [ 132.221987][ T7606] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 132.388289][ T7612] FAULT_INJECTION: forcing a failure. [ 132.388289][ T7612] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 132.430931][ T7612] CPU: 0 UID: 0 PID: 7612 Comm: syz.4.402 Not tainted syzkaller #0 PREEMPT(full) [ 132.430953][ T7612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 132.430962][ T7612] Call Trace: [ 132.430973][ T7612] [ 132.430982][ T7612] dump_stack_lvl+0x189/0x250 [ 132.431009][ T7612] ? __pfx____ratelimit+0x10/0x10 [ 132.431029][ T7612] ? __pfx_dump_stack_lvl+0x10/0x10 [ 132.431051][ T7612] ? __pfx__printk+0x10/0x10 [ 132.431070][ T7612] ? __might_fault+0xb0/0x130 [ 132.431103][ T7612] should_fail_ex+0x414/0x560 [ 132.431138][ T7612] _copy_from_iter+0x1de/0x1790 [ 132.431159][ T7612] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 132.431185][ T7612] ? policy_nodemask+0x27c/0x720 [ 132.431201][ T7612] ? __pfx__copy_from_iter+0x10/0x10 [ 132.431226][ T7612] ? set_page_refcounted+0xa0/0x1e0 [ 132.431244][ T7612] ? page_copy_sane+0x4e/0x280 [ 132.431272][ T7612] copy_page_from_iter+0xdd/0x170 [ 132.431296][ T7612] tun_get_user+0x1d7b/0x3e90 [ 132.431324][ T7612] ? tun_get_user+0x6f6/0x3e90 [ 132.431352][ T7612] ? aa_file_perm+0x44d/0x1550 [ 132.431369][ T7612] ? __pfx_tun_get_user+0x10/0x10 [ 132.431388][ T7612] ? _parse_integer_limit+0x1ae/0x1f0 [ 132.431422][ T7612] ? __lock_acquire+0xab9/0xd20 [ 132.431447][ T7612] ? ref_tracker_alloc+0x318/0x460 [ 132.431462][ T7612] ? __lock_acquire+0xab9/0xd20 [ 132.431481][ T7612] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 132.431503][ T7612] ? tun_get+0x1c/0x2f0 [ 132.431527][ T7612] ? tun_get+0x1c/0x2f0 [ 132.431550][ T7612] ? tun_get+0x1c/0x2f0 [ 132.431574][ T7612] tun_chr_write_iter+0x113/0x200 [ 132.431597][ T7612] vfs_write+0x5c9/0xb30 [ 132.431625][ T7612] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 132.431646][ T7612] ? __pfx_vfs_write+0x10/0x10 [ 132.431679][ T7612] ? __fget_files+0x2a/0x420 [ 132.431707][ T7612] ksys_write+0x145/0x250 [ 132.431732][ T7612] ? __pfx_ksys_write+0x10/0x10 [ 132.431760][ T7612] ? do_syscall_64+0xbe/0xfa0 [ 132.431784][ T7612] do_syscall_64+0xfa/0xfa0 [ 132.431804][ T7612] ? lockdep_hardirqs_on+0x9c/0x150 [ 132.431824][ T7612] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.431841][ T7612] ? clear_bhb_loop+0x60/0xb0 [ 132.431862][ T7612] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.431879][ T7612] RIP: 0033:0x7fabbcf8da7f [ 132.431896][ T7612] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 132.431911][ T7612] RSP: 002b:00007fabbde0c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 132.431930][ T7612] RAX: ffffffffffffffda RBX: 00007fabbd1e5fa0 RCX: 00007fabbcf8da7f [ 132.431944][ T7612] RDX: 000000000000002a RSI: 0000200000000080 RDI: 00000000000000c8 [ 132.431955][ T7612] RBP: 00007fabbde0c090 R08: 0000000000000000 R09: 0000000000000000 [ 132.431967][ T7612] R10: 000000000000002a R11: 0000000000000293 R12: 0000000000000001 [ 132.431977][ T7612] R13: 00007fabbd1e6038 R14: 00007fabbd1e5fa0 R15: 00007ffd7172b148 [ 132.432008][ T7612] [ 132.762559][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.808251][ T7622] syzkaller0: entered promiscuous mode [ 132.813848][ T7622] syzkaller0: entered allmulticast mode [ 133.067070][ T7638] 8021q: VLANs not supported on nlmon0 [ 133.693366][ T7671] __nla_validate_parse: 6 callbacks suppressed [ 133.693384][ T7671] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.419'. [ 133.743550][ T7666] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.419'. [ 133.832535][ T7676] netlink: 30308 bytes leftover after parsing attributes in process `syz.3.421'. [ 133.851536][ T7675] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 133.876877][ T7676] netlink: 30308 bytes leftover after parsing attributes in process `syz.3.421'. [ 133.902328][ T7676] FAULT_INJECTION: forcing a failure. [ 133.902328][ T7676] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 133.942932][ T7676] CPU: 0 UID: 0 PID: 7676 Comm: syz.3.421 Not tainted syzkaller #0 PREEMPT(full) [ 133.942955][ T7676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 133.942964][ T7676] Call Trace: [ 133.942972][ T7676] [ 133.942980][ T7676] dump_stack_lvl+0x189/0x250 [ 133.943008][ T7676] ? __pfx____ratelimit+0x10/0x10 [ 133.943028][ T7676] ? __pfx_dump_stack_lvl+0x10/0x10 [ 133.943051][ T7676] ? __pfx__printk+0x10/0x10 [ 133.943070][ T7676] ? __might_fault+0xb0/0x130 [ 133.943103][ T7676] should_fail_ex+0x414/0x560 [ 133.943134][ T7676] _copy_from_user+0x2d/0xb0 [ 133.943156][ T7676] kstrtouint_from_user+0xc4/0x170 [ 133.943178][ T7676] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 133.943215][ T7676] proc_fail_nth_write+0x88/0x200 [ 133.943237][ T7676] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 133.943264][ T7676] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 133.943287][ T7676] vfs_write+0x27e/0xb30 [ 133.943320][ T7676] ? __pfx_vfs_write+0x10/0x10 [ 133.943352][ T7676] ? __fget_files+0x2a/0x420 [ 133.943374][ T7676] ? __fget_files+0x3a0/0x420 [ 133.943389][ T7676] ? __fget_files+0x2a/0x420 [ 133.943416][ T7676] ksys_write+0x145/0x250 [ 133.943442][ T7676] ? __pfx_ksys_write+0x10/0x10 [ 133.943469][ T7676] ? do_syscall_64+0xbe/0xfa0 [ 133.943493][ T7676] do_syscall_64+0xfa/0xfa0 [ 133.943512][ T7676] ? lockdep_hardirqs_on+0x9c/0x150 [ 133.943532][ T7676] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.943549][ T7676] ? clear_bhb_loop+0x60/0xb0 [ 133.943571][ T7676] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.943588][ T7676] RIP: 0033:0x7fb08a18da7f [ 133.943603][ T7676] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 133.943617][ T7676] RSP: 002b:00007fb08b085030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 133.943636][ T7676] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb08a18da7f [ 133.943647][ T7676] RDX: 0000000000000001 RSI: 00007fb08b0850a0 RDI: 0000000000000005 [ 133.943657][ T7676] RBP: 00007fb08b085090 R08: 0000000000000000 R09: 0000000000000000 [ 133.943667][ T7676] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 133.943677][ T7676] R13: 00007fb08a3e6038 R14: 00007fb08a3e5fa0 R15: 00007ffdd2cf4858 [ 133.943708][ T7676] [ 134.240511][ T7685] netlink: 8 bytes leftover after parsing attributes in process `syz.1.426'. [ 134.774351][ T7711] xt_CT: No such helper "syz0" [ 134.830017][ T7710] netlink: 8 bytes leftover after parsing attributes in process `syz.3.433'. [ 135.003640][ T7725] netlink: 8 bytes leftover after parsing attributes in process `syz.1.435'. [ 135.808844][ T7743] pim6reg1: entered promiscuous mode [ 135.823848][ T7743] pim6reg1: entered allmulticast mode [ 135.965697][ T7750] netlink: 8 bytes leftover after parsing attributes in process `syz.1.440'. [ 135.977798][ T7750] netlink: 24 bytes leftover after parsing attributes in process `syz.1.440'. [ 135.994636][ T7750] netlink: 8 bytes leftover after parsing attributes in process `syz.1.440'. [ 136.716819][ T7784] can: request_module (can-proto-0) failed. [ 137.192968][ T7366] netdevsim netdevsim4 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 137.201352][ T7366] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.231535][ T7366] netdevsim netdevsim4 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 137.255977][ T7366] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.271793][ T7366] netdevsim netdevsim4 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 137.311731][ T7366] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.444203][ T7810] netlink: 'syz.3.453': attribute type 1 has an invalid length. [ 137.561508][ T7806] : entered promiscuous mode [ 137.580390][ T7366] netdevsim netdevsim4 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 137.597571][ T7366] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.697601][ T7810] smc: adding net device bond0 with user defined pnetid SYZ2 [ 137.708637][ T7810] bond0: entered promiscuous mode [ 137.714698][ T7810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.750814][ T7817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.759056][ T7817] bond0: (slave gre1): The slave device specified does not support setting the MAC address [ 137.785714][ T7817] bond0: (slave gre1): Setting fail_over_mac to active for active-backup mode [ 137.798742][ T7817] bond0: (slave gre1): Opening slave failed [ 137.857179][ T7828] IPVS: length: 47 != 24 [ 137.871547][ T7828] team0: Device gtp0 is of different type [ 138.031011][ T7839] netlink: 'syz.3.459': attribute type 10 has an invalid length. [ 138.114309][ T7843] netlink: 'syz.1.460': attribute type 1 has an invalid length. [ 138.196738][ T7843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.258430][ T7852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.266296][ T7852] bond0: (slave vxcan3): The slave device specified does not support setting the MAC address [ 138.284400][ T7852] bond0: (slave vxcan3): Error -95 calling set_mac_address [ 138.336747][ T7849] syz.0.462: vmalloc error: size 33558528, failed to allocated page array size 65544, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 138.355248][ T7849] CPU: 0 UID: 0 PID: 7849 Comm: syz.0.462 Not tainted syzkaller #0 PREEMPT(full) [ 138.355271][ T7849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 138.355280][ T7849] Call Trace: [ 138.355287][ T7849] [ 138.355294][ T7849] dump_stack_lvl+0x189/0x250 [ 138.355322][ T7849] ? __pfx_dump_stack_lvl+0x10/0x10 [ 138.355342][ T7849] ? __pfx__printk+0x10/0x10 [ 138.355357][ T7849] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 138.355374][ T7849] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 138.355394][ T7849] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 138.355418][ T7849] warn_alloc+0x214/0x310 [ 138.355447][ T7849] ? __pfx_warn_alloc+0x10/0x10 [ 138.355481][ T7849] ? __get_vm_area_node+0x28f/0x300 [ 138.355504][ T7849] ? xskq_create+0xbf/0x170 [ 138.355526][ T7849] __vmalloc_node_range_noprof+0x690/0x12d0 [ 138.355590][ T7849] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 138.355618][ T7849] ? __kasan_kmalloc+0x93/0xb0 [ 138.355649][ T7849] vmalloc_user_noprof+0xad/0xf0 [ 138.355672][ T7849] ? xskq_create+0xbf/0x170 [ 138.355692][ T7849] xskq_create+0xbf/0x170 [ 138.355714][ T7849] xsk_init_queue+0xb0/0x110 [ 138.355736][ T7849] xsk_setsockopt+0x57b/0x8d0 [ 138.355757][ T7849] ? __pfx_xsk_setsockopt+0x10/0x10 [ 138.355779][ T7849] ? __pfx_aa_sk_perm+0x10/0x10 [ 138.355803][ T7849] ? aa_sock_opt_perm+0xff/0x1b0 [ 138.355832][ T7849] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 138.355848][ T7849] ? __pfx_xsk_setsockopt+0x10/0x10 [ 138.355868][ T7849] do_sock_setsockopt+0x17c/0x1b0 [ 138.355890][ T7849] __x64_sys_setsockopt+0x13f/0x1b0 [ 138.355913][ T7849] do_syscall_64+0xfa/0xfa0 [ 138.355933][ T7849] ? lockdep_hardirqs_on+0x9c/0x150 [ 138.355953][ T7849] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.355970][ T7849] ? clear_bhb_loop+0x60/0xb0 [ 138.355991][ T7849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.356008][ T7849] RIP: 0033:0x7fbc6b18efc9 [ 138.356025][ T7849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.356039][ T7849] RSP: 002b:00007fbc6bf9c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 138.356057][ T7849] RAX: ffffffffffffffda RBX: 00007fbc6b3e6090 RCX: 00007fbc6b18efc9 [ 138.356070][ T7849] RDX: 0000000000000003 RSI: 000000000000011b RDI: 0000000000000006 [ 138.356080][ T7849] RBP: 00007fbc6b211f91 R08: 0000000000000004 R09: 0000000000000000 [ 138.356091][ T7849] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 138.356102][ T7849] R13: 00007fbc6b3e6128 R14: 00007fbc6b3e6090 R15: 00007ffc51b40c88 [ 138.356133][ T7849] [ 138.356147][ T7849] Mem-Info: [ 138.623906][ T7849] active_anon:6086 inactive_anon:0 isolated_anon:0 [ 138.623906][ T7849] active_file:3143 inactive_file:39925 isolated_file:0 [ 138.623906][ T7849] unevictable:768 dirty:73 writeback:0 [ 138.623906][ T7849] slab_reclaimable:10984 slab_unreclaimable:142639 [ 138.623906][ T7849] mapped:35620 shmem:1358 pagetables:1187 [ 138.623906][ T7849] sec_pagetables:0 bounce:0 [ 138.623906][ T7849] kernel_misc_reclaimable:0 [ 138.623906][ T7849] free:1280694 free_pcp:18119 free_cma:0 [ 138.669506][ T7849] Node 0 active_anon:24344kB inactive_anon:0kB active_file:12572kB inactive_file:159496kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:142480kB dirty:292kB writeback:0kB shmem:3896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12908kB pagetables:4600kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 138.671400][ T7843] veth3: entered promiscuous mode [ 138.701647][ T7849] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 138.701722][ T7849] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 138.701788][ T7849] lowmem_reserve[]: 0 2505 2505 2505 2505 [ 138.701827][ T7849] Node 0 DMA32 free:1219492kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24344kB inactive_anon:0kB active_file:12572kB inactive_file:159496kB unevictable:1536kB writepending:292kB zspages:0kB present:3129332kB managed:2565192kB mlocked:0kB bounce:0kB free_pcp:51844kB local_pcp:25276kB free_cma:0kB [ 138.701882][ T7849] lowmem_reserve[]: 0 0 0 0 0 [ 138.701923][ T7849] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 138.701972][ T7849] lowmem_reserve[]: 0 0 0 0 [ 138.788955][ T7843] bond0: (slave veth3): Enslaving as an active interface with a down link [ 138.843106][ T7849] 0 [ 138.843130][ T7849] Node 1 Normal free:3887924kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:20624kB local_pcp:14916kB free_cma:0kB [ 138.843185][ T7849] lowmem_reserve[]: 0 0 0 0 0 [ 138.843225][ T7849] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 138.961501][ T7849] Node 0 DMA32: 85*4kB (ME) 92*8kB (M) 87*16kB (ME) 269*32kB (UME) 154*64kB (UM) 105*128kB (UME) 59*256kB (UM) 45*512kB (UME) 26*1024kB (UM) 9*2048kB (UM) 269*4096kB (UM) = 1219396kB [ 138.980895][ T7849] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 138.994103][ T7849] Node 1 Normal: 225*4kB (UME) 62*8kB (UME) 50*16kB (UME) 85*32kB (UME) 26*64kB (UME) 5*128kB (UME) 3*256kB (UM) 4*512kB (UME) 1*1024kB (M) 1*2048kB (E) 946*4096kB (M) = 3887924kB [ 139.061717][ T7849] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 139.082685][ T7849] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 139.101298][ T7849] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 139.116755][ T7849] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 139.138030][ T7849] 44423 total pagecache pages [ 139.142966][ T7849] 0 pages in swap cache [ 139.147246][ T7849] Free swap = 124996kB [ 139.151584][ T7849] Total swap = 124996kB [ 139.171830][ T7849] 2097051 pages RAM [ 139.176353][ T7849] 0 pages HighMem/MovableOnly [ 139.181028][ T7849] 424111 pages reserved [ 139.203035][ T7849] 0 pages cma reserved [ 139.583805][ T981] hid-generic 0005:16BF:5505.0002: unknown main item tag 0x0 [ 139.606032][ T981] hid-generic 0005:16BF:5505.0002: unknown main item tag 0x0 [ 139.663780][ T981] hid-generic 0005:16BF:5505.0002: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa [ 139.904949][ T7903] __nla_validate_parse: 10 callbacks suppressed [ 139.904966][ T7903] netlink: 12 bytes leftover after parsing attributes in process `syz.2.472'. [ 141.255226][ T7961] netlink: 6 bytes leftover after parsing attributes in process `syz.3.479'. [ 141.295140][ T7961] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 141.333394][ T7967] netlink: 232 bytes leftover after parsing attributes in process `syz.0.483'. [ 141.406945][ T7970] syzkaller0: entered promiscuous mode [ 141.413271][ T7976] netlink: 8 bytes leftover after parsing attributes in process `syz.1.485'. [ 141.426578][ T7970] syzkaller0: entered allmulticast mode [ 141.481768][ T7970] IPv6: NLM_F_CREATE should be specified when creating new route [ 141.502137][ T7970] IPv6: sit2: Disabled Multicast RS [ 141.569897][ T7984] netlink: 28 bytes leftover after parsing attributes in process `syz.0.487'. [ 141.770526][ T7989] netlink: 12 bytes leftover after parsing attributes in process `syz.4.489'. [ 141.821498][ T7991] ip6tnl1: entered promiscuous mode [ 141.853866][ T7991] ip6tnl1: entered allmulticast mode [ 141.877104][ T7991] team0: Device ip6tnl1 is of different type [ 142.017339][ T8001] pimreg: entered allmulticast mode [ 142.286228][ T8017] tipc: Enabling of bearer rejected, failed to enable media [ 142.497929][ T8026] syzkaller1: entered promiscuous mode [ 142.541614][ T8026] syzkaller1: entered allmulticast mode [ 142.672305][ T8017] netlink: 2 bytes leftover after parsing attributes in process `syz.3.499'. [ 142.690311][ T8031] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 142.788511][ T8038] netlink: 2 bytes leftover after parsing attributes in process `syz.2.503'. [ 143.054664][ T8048] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 143.092711][ T30] audit: type=1107 audit(1761405725.447:2): pid=8050 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 143.114161][ T8051] netlink: 8 bytes leftover after parsing attributes in process `syz.2.506'. [ 143.884218][ T8074] netlink: 'syz.0.510': attribute type 2 has an invalid length. [ 143.891976][ T8074] netlink: 'syz.0.510': attribute type 8 has an invalid length. [ 143.900342][ T8074] netlink: 132 bytes leftover after parsing attributes in process `syz.0.510'. [ 144.057011][ T8078] syzkaller0: entered promiscuous mode [ 144.062519][ T8078] syzkaller0: entered allmulticast mode [ 144.203124][ T8083] Àÿ: renamed from team_slave_1 (while UP) [ 144.484547][ T8098] xt_bpf: check failed: parse error [ 144.538637][ T8099] netlink: 'syz.2.516': attribute type 22 has an invalid length. [ 144.600692][ T50] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.600818][ T8099] netlink: 'syz.2.516': attribute type 22 has an invalid length. [ 144.615925][ T50] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.649917][ T50] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.674976][ T8103] trusted_key: syz.3.518 sent an empty control message without MSG_MORE. [ 144.683783][ T50] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.986420][ T8125] __nla_validate_parse: 7 callbacks suppressed [ 144.986437][ T8125] netlink: 48 bytes leftover after parsing attributes in process `syz.0.525'. [ 145.254709][ T8136] netlink: 'syz.3.529': attribute type 29 has an invalid length. [ 145.270263][ T8136] netlink: 4 bytes leftover after parsing attributes in process `syz.3.529'. [ 145.468360][ T8151] netlink: 2 bytes leftover after parsing attributes in process `syz.3.532'. [ 146.083565][ T8159] netlink: 'syz.2.534': attribute type 10 has an invalid length. [ 146.108508][ T8159] netlink: 40 bytes leftover after parsing attributes in process `syz.2.534'. [ 146.256435][ T8159] team0: Port device geneve0 added [ 146.318605][ T8165] tipc: Started in network mode [ 146.328456][ T8165] tipc: Node identity ac14140f, cluster identity 4711 [ 146.372966][ T8165] tipc: New replicast peer: 255.255.255.255 [ 146.379659][ T8165] tipc: Enabled bearer , priority 10 [ 146.873667][ T8193] netlink: 4 bytes leftover after parsing attributes in process `syz.0.545'. [ 146.961042][ T8203] netlink: 40 bytes leftover after parsing attributes in process `syz.2.544'. [ 147.006972][ T7365] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 147.039997][ T7365] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 147.066088][ T7365] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 147.092991][ T7365] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 147.343007][ T8211] tipc: Started in network mode [ 147.352777][ T8211] tipc: Node identity f22eb1800a9, cluster identity 4711 [ 147.365416][ T8211] tipc: Enabled bearer , priority 0 [ 147.395535][ T8211] tipc: Resetting bearer [ 147.461777][ T8210] tipc: Disabling bearer [ 147.503378][ T7418] tipc: Node number set to 2886997007 [ 147.593560][ T8225] Can't find ip_set type hash:ip$mec [ 147.762170][ T8235] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 147.923498][ T8238] netlink: 8 bytes leftover after parsing attributes in process `syz.2.556'. [ 148.336464][ T8246] netlink: 'syz.2.556': attribute type 12 has an invalid length. [ 148.996612][ T8276] xt_CT: No such helper "snmp_trap" [ 149.064528][ T8280] netlink: 8 bytes leftover after parsing attributes in process `syz.0.561'. [ 149.081419][ T8286] sctp: [Deprecated]: syz.2.563 (pid 8286) Use of int in maxseg socket option. [ 149.081419][ T8286] Use struct sctp_assoc_value instead [ 149.577089][ T8301] netlink: 4 bytes leftover after parsing attributes in process `syz.0.569'. [ 149.725388][ T8306] netlink: 4 bytes leftover after parsing attributes in process `syz.4.570'. [ 150.016879][ T8315] netlink: 'syz.0.572': attribute type 11 has an invalid length. [ 150.042213][ T8319] netlink: 12 bytes leftover after parsing attributes in process `syz.4.574'. [ 150.172554][ T8325] netlink: 8 bytes leftover after parsing attributes in process `syz.3.575'. [ 150.239719][ T8329] netlink: 'syz.4.577': attribute type 4 has an invalid length. [ 150.280407][ T8331] netlink: 12 bytes leftover after parsing attributes in process `syz.2.576'. [ 150.343881][ T8338] netlink: 28 bytes leftover after parsing attributes in process `syz.1.578'. [ 150.355077][ T8338] netlink: 28 bytes leftover after parsing attributes in process `syz.1.578'. [ 150.373158][ T8338] netlink: 'syz.1.578': attribute type 4 has an invalid length. [ 150.397281][ T8340] netlink: 'syz.2.576': attribute type 4 has an invalid length. [ 150.431321][ T8336] netlink: 'syz.2.576': attribute type 4 has an invalid length. [ 151.025507][ T8342] netlink: 'syz.4.580': attribute type 159 has an invalid length. [ 151.622876][ T8389] netlink: 'syz.2.587': attribute type 10 has an invalid length. [ 151.663616][ T8389] netlink: 40 bytes leftover after parsing attributes in process `syz.2.587'. [ 151.775554][ T8389] dummy0: entered promiscuous mode [ 151.817571][ T8389] bridge0: port 3(dummy0) entered blocking state [ 151.841118][ T8389] bridge0: port 3(dummy0) entered disabled state [ 151.862925][ T8389] dummy0: entered allmulticast mode [ 151.881894][ T8389] bridge0: port 3(dummy0) entered blocking state [ 151.888385][ T8389] bridge0: port 3(dummy0) entered listening state [ 151.896855][ T8401] netlink: 4 bytes leftover after parsing attributes in process `syz.0.592'. [ 151.992974][ T8401] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 152.022837][ T8401] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 152.329885][ T8424] netlink: 8 bytes leftover after parsing attributes in process `syz.1.596'. [ 152.391728][ T8425] netlink: 8 bytes leftover after parsing attributes in process `syz.1.596'. [ 152.702430][ T8444] netlink: 'syz.1.601': attribute type 1 has an invalid length. [ 152.730828][ T8444] netlink: 'syz.1.601': attribute type 1 has an invalid length. [ 152.755385][ T8444] netlink: 'syz.1.601': attribute type 2 has an invalid length. [ 152.776929][ T8444] netlink: 'syz.1.601': attribute type 2 has an invalid length. [ 152.984168][ T8468] netlink: 156 bytes leftover after parsing attributes in process `syz.1.605'. [ 153.017083][ T8468] netlink: zone id is out of range [ 153.035647][ T8468] netlink: zone id is out of range [ 153.369562][ T8485] Cannot find add_set index 0 as target [ 153.487393][ T8495] 8021q: adding VLAN 0 to HW filter on device bond4 [ 153.585630][ T8495] 8021q: adding VLAN 0 to HW filter on device bond4 [ 153.628120][ T8505] SET target dimension over the limit! [ 153.643492][ T8495] bond4: (slave geneve2): making interface the new active one [ 153.661216][ T8495] bond4: (slave geneve2): Enslaving as an active interface with an up link [ 153.689252][ T7365] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 20004 - 0 [ 153.771434][ T8505] 8021q: adding VLAN 0 to HW filter on device bond1 [ 153.852729][ T7365] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 20004 - 0 [ 153.870245][ T7365] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 20004 - 0 [ 153.894553][ T7365] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 20004 - 0 [ 153.935698][ T8476] syz.4.606 (8476) used greatest stack depth: 17832 bytes left [ 154.121649][ T8533] syz_tun: entered allmulticast mode [ 154.128383][ T8533] unsupported nlmsg_type 40 [ 154.139062][ T8532] syz_tun: left allmulticast mode [ 154.417312][ T8546] IPVS: rr: SCTP 172.20.20.187:0 - no destination available [ 155.080092][ T8584] __nla_validate_parse: 6 callbacks suppressed [ 155.080108][ T8584] netlink: 36 bytes leftover after parsing attributes in process `syz.1.627'. [ 155.125938][ T8570] netlink: 4 bytes leftover after parsing attributes in process `syz.1.627'. [ 155.147606][ T8592] 8021q: adding VLAN 0 to HW filter on device bond3 [ 155.318435][ T8602] validate_nla: 9 callbacks suppressed [ 155.318451][ T8602] netlink: 'syz.2.632': attribute type 1 has an invalid length. [ 155.337314][ T8589] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link [ 155.396396][ T8598] tipc: Enabled bearer , priority 0 [ 155.419578][ T8604] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 155.422315][ T8602] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 155.463918][ T8607] syzkaller0: entered promiscuous mode [ 155.502740][ T8607] syzkaller0: entered allmulticast mode [ 155.609943][ T8619] netlink: 32 bytes leftover after parsing attributes in process `syz.1.635'. [ 155.761587][ T8624] netlink: 8 bytes leftover after parsing attributes in process `syz.1.635'. [ 156.396892][ T8588] tipc: Resetting bearer [ 156.468262][ T8588] tipc: Disabling bearer [ 156.766847][ T8641] netlink: 36 bytes leftover after parsing attributes in process `syz.2.637'. [ 156.803177][ T8646] netlink: 12 bytes leftover after parsing attributes in process `syz.1.638'. [ 156.842701][ T8648] Cannot find add_set index 2 as target [ 156.967554][ T8656] netlink: 388 bytes leftover after parsing attributes in process `syz.0.640'. [ 157.091191][ T8663] netlink: 64 bytes leftover after parsing attributes in process `syz.0.640'. [ 157.545647][ T8676] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 157.690874][ T8678] netlink: 4 bytes leftover after parsing attributes in process `syz.4.643'. [ 157.699898][ T8678] netlink: 7 bytes leftover after parsing attributes in process `syz.4.643'. [ 158.106916][ T8709] netlink: 'syz.0.648': attribute type 13 has an invalid length. [ 158.114788][ T8709] netlink: 'syz.0.648': attribute type 17 has an invalid length. [ 158.276767][ T8709] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.284013][ T8709] bridge0: port 2(bridge_slave_1) entered listening state [ 158.291393][ T8709] bridge0: port 1(1¾x9ÿ) entered blocking state [ 158.297907][ T8709] bridge0: port 1(1¾x9ÿ) entered listening state [ 158.360353][ T8709] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 158.408966][ T8713] vlan2: entered allmulticast mode [ 158.414635][ T8713] dummy0: entered allmulticast mode [ 158.942735][ C0] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.950015][ C0] bridge0: topology change detected, propagating [ 158.956823][ C0] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.964073][ C0] bridge0: topology change detected, propagating [ 160.243022][ T8757] __nla_validate_parse: 2 callbacks suppressed [ 160.243037][ T8757] netlink: 24 bytes leftover after parsing attributes in process `syz.3.659'. [ 160.355532][ T8758] sch_tbf: burst 88 is lower than device veth11 mtu (1514) ! [ 160.376466][ T8757] netlink: 4 bytes leftover after parsing attributes in process `syz.3.659'. [ 160.716443][ T8777] netlink: 8 bytes leftover after parsing attributes in process `syz.3.665'. [ 160.761879][ T8777] netlink: 8 bytes leftover after parsing attributes in process `syz.3.665'. [ 161.108359][ T8798] netlink: 8 bytes leftover after parsing attributes in process `syz.0.670'. [ 161.144022][ T8800] netlink: 12 bytes leftover after parsing attributes in process `syz.3.671'. [ 161.189751][ T8800] bridge0: port 4(batadv1) entered blocking state [ 161.207719][ T8800] bridge0: port 4(batadv1) entered disabled state [ 161.244083][ T8800] batadv1: entered allmulticast mode [ 161.263879][ T8800] batadv1: entered promiscuous mode [ 161.281965][ T8809] netlink: 76 bytes leftover after parsing attributes in process `syz.2.669'. [ 161.457528][ T8811] macvlan2: entered promiscuous mode [ 161.675941][ T50] tipc: Subscription rejected, illegal request [ 161.682894][ T6873] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 161.692238][ T6873] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 161.711711][ T8825] netlink: 28 bytes leftover after parsing attributes in process `syz.4.675'. [ 161.724232][ T8825] netlink: 28 bytes leftover after parsing attributes in process `syz.4.675'. [ 161.739676][ T8836] netlink: 68 bytes leftover after parsing attributes in process `syz.0.677'. [ 161.819542][ T8836] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.826812][ T8836] bridge0: port 1(1¾x9ÿ) entered disabled state [ 162.055770][ T8836] gretap1: left allmulticast mode [ 162.063515][ T8836] ip6tnl1: left promiscuous mode [ 162.095070][ T8837] geneve3: entered promiscuous mode [ 162.106253][ T12] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 162.122690][ T12] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.146424][ T12] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20002 - 0 [ 162.171189][ T12] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 162.191831][ T12] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.209788][ T12] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20002 - 0 [ 162.230704][ T8854] hsr_slave_0: left promiscuous mode [ 162.237463][ T8854] hsr_slave_1: left promiscuous mode [ 162.261219][ T12] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 162.290917][ T12] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.325152][ T12] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20002 - 0 [ 162.352184][ T12] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 162.385709][ T12] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.413167][ T12] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20002 - 0 [ 162.522980][ T8857] bond4: invalid ARP target 0.0.0.0 specified for addition [ 162.543439][ T8857] bond4: option arp_ip_target: invalid value (0) [ 162.556197][ T8857] bond4 (unregistering): Released all slaves [ 164.069641][ T8920] tipc: Enabled bearer , priority 0 [ 164.083666][ T8920] syzkaller0: entered promiscuous mode [ 164.093078][ T8920] syzkaller0: entered allmulticast mode [ 164.394701][ T8919] tipc: Resetting bearer [ 164.490171][ T8919] tipc: Disabling bearer [ 164.724714][ T8946] ip6gre1: entered allmulticast mode [ 165.766942][ T8959] netlink: 'syz.1.697': attribute type 4 has an invalid length. [ 165.880750][ T8961] __nla_validate_parse: 72 callbacks suppressed [ 165.880768][ T8961] netlink: 16 bytes leftover after parsing attributes in process `syz.4.698'. [ 166.301160][ T8984] 8021q: adding VLAN 0 to HW filter on device bond1 [ 166.354925][ T8988] netlink: 8 bytes leftover after parsing attributes in process `syz.0.705'. [ 166.410002][ T8984] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 166.446018][ T8986] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 166.472151][ T8986] bond1: (slave macvlan3): Enslaving as a backup interface with a down link [ 166.992131][ T9004] syzkaller1: entered promiscuous mode [ 167.012830][ T9004] syzkaller1: entered allmulticast mode [ 167.439101][ T9025] netlink: 20 bytes leftover after parsing attributes in process `syz.0.713'. [ 167.648344][ T9034] tipc: Enabled bearer , priority 0 [ 167.666217][ T9034] syzkaller0: entered promiscuous mode [ 167.674173][ T9034] syzkaller0: entered allmulticast mode [ 167.737207][ T9034] netlink: 136 bytes leftover after parsing attributes in process `syz.2.717'. [ 167.913259][ T9032] tipc: Resetting bearer [ 167.951284][ T9032] tipc: Disabling bearer [ 168.074605][ T9047] vlan2: entered promiscuous mode [ 168.091879][ T9047] macvlan1: entered promiscuous mode [ 168.327629][ T9054] netlink: 'syz.2.721': attribute type 96 has an invalid length. [ 168.546256][ T9065] netlink: 12 bytes leftover after parsing attributes in process `syz.2.724'. [ 168.788601][ T9071] netlink: 28 bytes leftover after parsing attributes in process `syz.0.728'. [ 168.895758][ T9078] netlink: 40 bytes leftover after parsing attributes in process `syz.1.726'. [ 168.970192][ T9080] netlink: 12 bytes leftover after parsing attributes in process `syz.0.729'. [ 169.093619][ T9082] netlink: 'syz.3.731': attribute type 1 has an invalid length. [ 169.297322][ T9089] tipc: Enabled bearer , priority 0 [ 169.305066][ T9089] syzkaller0: entered promiscuous mode [ 169.310550][ T9089] syzkaller0: entered allmulticast mode [ 169.361885][ T981] IPVS: starting estimator thread 0... [ 169.371787][ T9089] tipc: Resetting bearer [ 169.450024][ T9089] tipc: Disabling bearer [ 169.472340][ T9093] syzkaller1: entered promiscuous mode [ 169.490569][ T9090] IPVS: using max 30 ests per chain, 72000 per kthread [ 169.501824][ T9093] syzkaller1: entered allmulticast mode [ 169.685624][ T9110] netlink: 356 bytes leftover after parsing attributes in process `syz.4.733'. [ 169.711681][ T9110] netlink: 'syz.4.733': attribute type 2 has an invalid length. [ 169.800219][ T9102] netlink: 32 bytes leftover after parsing attributes in process `syz.1.737'. [ 170.407948][ T9149] IPVS: set_ctl: invalid protocol: 46 172.20.20.170:20003 [ 170.442319][ T9145] netlink: 'syz.0.746': attribute type 11 has an invalid length. [ 170.450367][ T9145] netlink: 'syz.0.746': attribute type 11 has an invalid length. [ 170.461772][ T9150] netlink: 'syz.0.746': attribute type 11 has an invalid length. [ 170.470550][ T9150] netlink: 'syz.0.746': attribute type 11 has an invalid length. [ 170.813356][ T9158] dummy0: left allmulticast mode [ 170.820078][ T9158] bridge0: port 3(dummy0) entered disabled state [ 170.837546][ T9158] bridge_slave_0: left allmulticast mode [ 170.844475][ T9158] bridge_slave_0: left promiscuous mode [ 170.851590][ T9158] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.870755][ T9158] bridge_slave_1: left allmulticast mode [ 170.876696][ T9158] bridge_slave_1: left promiscuous mode [ 170.883932][ T9158] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.900362][ T9158] bond0: (slave bond_slave_0): Releasing backup interface [ 170.924816][ T9158] bond0: (slave bond_slave_1): Releasing backup interface [ 170.965855][ T9158] team0: Port device team_slave_0 removed [ 170.981981][ T9158] team0: Port device 52Àÿ removed [ 170.994419][ T9158] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 171.001823][ T9158] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 171.012563][ T9158] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 171.020157][ T9158] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 171.062395][ T9158] team0: Port device geneve0 removed [ 171.103791][ T9162] vlan0: entered promiscuous mode [ 171.109481][ T9143] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 171.138551][ T9162] team0: Port device vlan0 added [ 171.658169][ T9194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.976491][ T9194] syzkaller0: entered promiscuous mode [ 171.991185][ T9194] syzkaller0: entered allmulticast mode [ 172.157723][ T9211] __nla_validate_parse: 3 callbacks suppressed [ 172.157740][ T9211] netlink: 4 bytes leftover after parsing attributes in process `syz.3.766'. [ 173.699095][ T9221] netlink: 8 bytes leftover after parsing attributes in process `syz.3.769'. [ 173.789457][ T9223] tipc: Enabled bearer , priority 0 [ 173.900587][ T9223] tipc: Resetting bearer [ 173.996575][ T9222] tipc: Disabling bearer [ 174.175288][ T9240] ipvlan2: entered promiscuous mode [ 175.012044][ T9276] netlink: 'syz.2.779': attribute type 10 has an invalid length. [ 175.060022][ T9276] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.083053][ T9276] bond0: (slave team0): Enslaving as an active interface with an up link [ 175.815297][ T9311] netlink: 8 bytes leftover after parsing attributes in process `syz.3.790'. [ 176.780447][ T9341] macvtap0: entered promiscuous mode [ 176.791328][ T9341] macvtap0: left promiscuous mode [ 176.977730][ T9359] sctp: [Deprecated]: syz.0.807 (pid 9359) Use of struct sctp_assoc_value in delayed_ack socket option. [ 176.977730][ T9359] Use struct sctp_sack_info instead [ 177.034831][ T9361] netlink: 8 bytes leftover after parsing attributes in process `syz.1.808'. [ 177.313477][ T9377] netlink: 12 bytes leftover after parsing attributes in process `syz.0.816'. [ 177.342907][ T9377] netlink: 12 bytes leftover after parsing attributes in process `syz.0.816'. [ 177.516490][ T9386] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 177.751885][ T9394] netlink: 12 bytes leftover after parsing attributes in process `syz.1.823'. [ 177.967298][ T9403] netlink: 4 bytes leftover after parsing attributes in process `syz.4.828'. [ 178.067910][ T9390] netlink: 14 bytes leftover after parsing attributes in process `syz.2.824'. [ 179.193316][ T9444] netlink: 16 bytes leftover after parsing attributes in process `syz.2.845'. [ 180.030440][ T9486] netlink: 4 bytes leftover after parsing attributes in process `syz.3.863'. [ 180.084388][ T9486] netlink: 12 bytes leftover after parsing attributes in process `syz.3.863'. [ 180.297661][ T9493] syzkaller0: entered promiscuous mode [ 180.303215][ T9493] syzkaller0: entered allmulticast mode [ 180.633556][ T9510] netlink: 3 bytes leftover after parsing attributes in process `syz.4.873'. [ 180.653021][ T9510] 0ªX¹¦À: renamed from caif0 [ 180.673679][ T9510] 0ªX¹¦À: entered allmulticast mode [ 180.678899][ T9510] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 180.845496][ T9520] netlink: 60 bytes leftover after parsing attributes in process `syz.2.877'. [ 181.000613][ T9525] bridge2: entered promiscuous mode [ 181.019751][ T9527] netlink: 'syz.2.880': attribute type 2 has an invalid length. [ 181.230180][ T9462] syz.0.854: vmalloc error: size 10485760, failed to allocated page array size 20480, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 181.256902][ T9462] CPU: 0 UID: 0 PID: 9462 Comm: syz.0.854 Not tainted syzkaller #0 PREEMPT(full) [ 181.256927][ T9462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 181.256942][ T9462] Call Trace: [ 181.256949][ T9462] [ 181.256957][ T9462] dump_stack_lvl+0x189/0x250 [ 181.256999][ T9462] ? __pfx_dump_stack_lvl+0x10/0x10 [ 181.257024][ T9462] ? __pfx__printk+0x10/0x10 [ 181.257043][ T9462] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 181.257068][ T9462] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 181.257093][ T9462] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 181.257119][ T9462] warn_alloc+0x214/0x310 [ 181.257152][ T9462] ? __pfx_warn_alloc+0x10/0x10 [ 181.257188][ T9462] ? __get_vm_area_node+0x28f/0x300 [ 181.257217][ T9462] ? hash_netport4_resize+0x235/0x1b60 [ 181.257247][ T9462] __vmalloc_node_range_noprof+0x690/0x12d0 [ 181.257271][ T9462] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.257313][ T9462] ? alloc_pages_mpol+0x3cd/0x4a0 [ 181.257333][ T9462] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 181.257370][ T9462] ? rcu_is_watching+0x15/0xb0 [ 181.257395][ T9462] ? hash_netport4_resize+0x235/0x1b60 [ 181.257417][ T9462] __kvmalloc_node_noprof+0x674/0x910 [ 181.257444][ T9462] ? hash_netport4_resize+0x235/0x1b60 [ 181.257476][ T9462] hash_netport4_resize+0x235/0x1b60 [ 181.257496][ T9462] ? hash_netport4_uadt+0xc97/0xf30 [ 181.257523][ T9462] ? __pfx_hash_netport4_add+0x10/0x10 [ 181.257543][ T9462] ? __pfx_hash_netport4_uadt+0x10/0x10 [ 181.257574][ T9462] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 181.257606][ T9462] call_ad+0x44e/0xb00 [ 181.257640][ T9462] ? __pfx_call_ad+0x10/0x10 [ 181.257680][ T9462] ? __nla_parse+0x40/0x60 [ 181.257704][ T9462] ip_set_ad+0x791/0x930 [ 181.257738][ T9462] ? __pfx_ip_set_ad+0x10/0x10 [ 181.257805][ T9462] nfnetlink_rcv_msg+0xb4d/0x1130 [ 181.257831][ T9462] ? nfnetlink_rcv_msg+0x20d/0x1130 [ 181.257875][ T9462] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 181.257929][ T9462] ? __lock_acquire+0xab9/0xd20 [ 181.257963][ T9462] netlink_rcv_skb+0x208/0x470 [ 181.257991][ T9462] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 181.258017][ T9462] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 181.258057][ T9462] ? bpf_lsm_capable+0x9/0x20 [ 181.258078][ T9462] ? security_capable+0x7e/0x2e0 [ 181.258109][ T9462] nfnetlink_rcv+0x282/0x2590 [ 181.258137][ T9462] ? is_bpf_text_address+0x26/0x2b0 [ 181.258164][ T9462] ? __kernel_text_address+0xd/0x40 [ 181.258190][ T9462] ? unwind_get_return_address+0x4d/0x90 [ 181.258211][ T9462] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 181.258234][ T9462] ? arch_stack_walk+0xfc/0x150 [ 181.258269][ T9462] ? stack_trace_save+0x9c/0xe0 [ 181.258292][ T9462] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 181.258316][ T9462] ? stack_depot_save_flags+0x40/0x860 [ 181.258356][ T9462] ? __lock_acquire+0xab9/0xd20 [ 181.258401][ T9462] ? __lock_acquire+0xab9/0xd20 [ 181.258430][ T9462] ? netlink_deliver_tap+0x2e/0x1b0 [ 181.258464][ T9462] ? netlink_deliver_tap+0x2e/0x1b0 [ 181.258499][ T9462] netlink_unicast+0x82f/0x9e0 [ 181.258534][ T9462] ? __pfx_netlink_unicast+0x10/0x10 [ 181.258561][ T9462] ? netlink_sendmsg+0x642/0xb30 [ 181.258576][ T9462] ? skb_put+0x11b/0x210 [ 181.258607][ T9462] netlink_sendmsg+0x805/0xb30 [ 181.258635][ T9462] ? __pfx_netlink_sendmsg+0x10/0x10 [ 181.258656][ T9462] ? aa_sock_msg_perm+0xf1/0x1d0 [ 181.258684][ T9462] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 181.258701][ T9462] ? __pfx_netlink_sendmsg+0x10/0x10 [ 181.258718][ T9462] __sock_sendmsg+0x21c/0x270 [ 181.258745][ T9462] ____sys_sendmsg+0x505/0x830 [ 181.258769][ T9462] ? __pfx_____sys_sendmsg+0x10/0x10 [ 181.258797][ T9462] ? import_iovec+0x74/0xa0 [ 181.258824][ T9462] ___sys_sendmsg+0x21f/0x2a0 [ 181.258847][ T9462] ? __pfx____sys_sendmsg+0x10/0x10 [ 181.258905][ T9462] ? __fget_files+0x2a/0x420 [ 181.258922][ T9462] ? __fget_files+0x3a0/0x420 [ 181.258951][ T9462] __x64_sys_sendmsg+0x19b/0x260 [ 181.258973][ T9462] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 181.259010][ T9462] ? do_syscall_64+0xbe/0xfa0 [ 181.259036][ T9462] do_syscall_64+0xfa/0xfa0 [ 181.259056][ T9462] ? lockdep_hardirqs_on+0x9c/0x150 [ 181.259078][ T9462] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.259096][ T9462] ? clear_bhb_loop+0x60/0xb0 [ 181.259118][ T9462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.259136][ T9462] RIP: 0033:0x7fbc6b18efc9 [ 181.259161][ T9462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.259177][ T9462] RSP: 002b:00007fbc6bfbd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 181.259196][ T9462] RAX: ffffffffffffffda RBX: 00007fbc6b3e5fa0 RCX: 00007fbc6b18efc9 [ 181.259210][ T9462] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000009 [ 181.259222][ T9462] RBP: 00007fbc6b211f91 R08: 0000000000000000 R09: 0000000000000000 [ 181.259233][ T9462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 181.259243][ T9462] R13: 00007fbc6b3e6038 R14: 00007fbc6b3e5fa0 R15: 00007ffc51b40c88 [ 181.259276][ T9462] [ 181.259283][ T9462] Mem-Info: [ 181.761713][ T9462] active_anon:4825 inactive_anon:0 isolated_anon:0 [ 181.761713][ T9462] active_file:3143 inactive_file:39950 isolated_file:0 [ 181.761713][ T9462] unevictable:768 dirty:222 writeback:0 [ 181.761713][ T9462] slab_reclaimable:11527 slab_unreclaimable:159220 [ 181.761713][ T9462] mapped:29303 shmem:1358 pagetables:1209 [ 181.761713][ T9462] sec_pagetables:0 bounce:0 [ 181.761713][ T9462] kernel_misc_reclaimable:0 [ 181.761713][ T9462] free:1267655 free_pcp:15892 free_cma:0 [ 181.808270][ T9462] Node 0 active_anon:19244kB inactive_anon:0kB active_file:12572kB inactive_file:159596kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:117212kB dirty:888kB writeback:0kB shmem:3896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12752kB pagetables:4624kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 181.841093][ T9462] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 181.876552][ T9462] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 181.913408][ T9462] lowmem_reserve[]: 0 2505 2505 2505 2505 [ 181.919923][ T9462] Node 0 DMA32 free:1169548kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:19244kB inactive_anon:0kB active_file:12572kB inactive_file:159596kB unevictable:1536kB writepending:888kB zspages:0kB present:3129332kB managed:2565192kB mlocked:0kB bounce:0kB free_pcp:41716kB local_pcp:22896kB free_cma:0kB [ 181.959758][ T9462] lowmem_reserve[]: 0 0 0 0 0 [ 181.964659][ T9462] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 181.997132][ T9462] lowmem_reserve[]: 0 0 0 0 0 [ 182.001872][ T9462] Node 1 Normal free:3888452kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:20236kB local_pcp:14956kB free_cma:0kB [ 182.067827][ T9462] lowmem_reserve[]: 0 0 0 0 0 [ 182.072584][ T9462] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 182.115211][ T9462] Node 0 DMA32: 789*4kB (UME) 471*8kB (UME) 310*16kB (UME) 573*32kB (UME) 175*64kB (UME) 107*128kB (UM) 70*256kB (UME) 54*512kB (UME) 32*1024kB (UM) 4*2048kB (ME) 251*4096kB (UM) = 1169740kB [ 182.177824][ T9462] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 182.191538][ T9462] Node 1 Normal: 227*4kB (UME) 63*8kB (UME) 50*16kB (UME) 93*32kB (UME) 30*64kB (UME) 5*128kB (UME) 3*256kB (UM) 4*512kB (UME) 1*1024kB (M) 1*2048kB (E) 946*4096kB (M) = 3888452kB [ 182.218457][ T9462] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 182.231300][ T9462] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 182.249576][ T9462] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 182.261280][ T9462] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 182.271292][ T9462] 44447 total pagecache pages [ 182.283371][ T9558] bond0: (slave team0): Releasing backup interface [ 182.300122][ T9462] 0 pages in swap cache [ 182.312846][ T9462] Free swap = 124996kB [ 182.321606][ T9462] Total swap = 124996kB [ 182.333840][ T9462] 2097051 pages RAM [ 182.342214][ T9462] 0 pages HighMem/MovableOnly [ 182.349540][ T9462] 424111 pages reserved [ 182.357200][ T9462] 0 pages cma reserved [ 182.358714][ T9558] team0: Port device vlan0 removed [ 182.619545][ T9581] macvtap0: entered promiscuous mode [ 182.627296][ T9581] macvtap0: left promiscuous mode [ 182.653010][ T9583] netlink: 'syz.0.907': attribute type 3 has an invalid length. [ 182.759741][ T9590] netlink: 28 bytes leftover after parsing attributes in process `syz.2.910'. [ 182.770062][ T9590] netlink: 8 bytes leftover after parsing attributes in process `syz.2.910'. [ 182.807980][ T9590] netlink: 28 bytes leftover after parsing attributes in process `syz.2.910'. [ 182.819336][ T9590] netlink: 8 bytes leftover after parsing attributes in process `syz.2.910'. [ 182.845836][ T9595] netlink: 32 bytes leftover after parsing attributes in process `syz.0.913'. [ 182.912160][ T9599] netlink: 'syz.2.916': attribute type 2 has an invalid length. [ 183.002911][ T9605] netlink: 8 bytes leftover after parsing attributes in process `syz.1.918'. [ 183.150673][ T9613] netlink: 60 bytes leftover after parsing attributes in process `syz.1.921'. [ 183.422078][ T9633] netlink: 4 bytes leftover after parsing attributes in process `syz.1.931'. [ 183.435750][ T9630] netlink: 20 bytes leftover after parsing attributes in process `syz.2.929'. [ 183.523632][ T9638] netlink: 4 bytes leftover after parsing attributes in process `syz.2.933'. [ 184.134524][ T9674] IPv6: Can't replace route, no match found [ 184.446966][ T9694] ksmbd: Unknown IPC event: 4, ignore. [ 185.103060][ T9745] tipc: Enabled bearer , priority 10 [ 185.768227][ T9762] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 185.861432][ T9765] IPv6: NLM_F_CREATE should be specified when creating new route [ 186.224156][ T7418] tipc: Node number set to 1990153078 [ 186.280764][ T9791] tipc: Enabled bearer , priority 0 [ 186.306623][ T9788] tipc: Resetting bearer [ 187.282755][ T5892] tipc: Node number set to 4173246848 [ 188.398366][ T9788] tipc: Disabling bearer [ 188.415120][ T9797] pim6reg1: entered promiscuous mode [ 188.420572][ T9797] pim6reg1: entered allmulticast mode [ 188.793291][ T9850] IPv6: Can't replace route, no match found [ 189.204856][ T9876] __nla_validate_parse: 17 callbacks suppressed [ 189.204872][ T9876] netlink: 232 bytes leftover after parsing attributes in process `syz.4.1026'. [ 189.484201][ T9888] netlink: 'syz.4.1032': attribute type 13 has an invalid length. [ 189.818707][ T30] audit: type=1107 audit(1761405772.187:3): pid=9904 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 189.874045][ T9911] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1042'. [ 190.118389][ T9924] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1046'. [ 190.941742][ T9952] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1061'. [ 190.981260][ T9955] netlink: 'syz.1.1062': attribute type 1 has an invalid length. [ 191.062238][ T9959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1062'. [ 191.185979][ T9955] 8021q: adding VLAN 0 to HW filter on device bond1 [ 191.226419][ T9967] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1066'. [ 191.252774][ T9967] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1066'. [ 191.439181][ T9977] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 191.577194][ T9981] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1075'. [ 191.594986][ T9983] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1076'. [ 191.678292][ T9959] bond1 (unregistering): Released all slaves [ 192.321804][T10016] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1090'. [ 192.465776][T10021] macvtap0: entered promiscuous mode [ 192.499428][T10021] macvtap0: left promiscuous mode [ 193.269810][T10063] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 193.417876][T10065] 0ªî{X¹¦: renamed from gretap0 [ 193.468826][T10065] 0ªî{X¹¦: entered allmulticast mode [ 193.506919][T10065] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 193.933829][T10087] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 195.053311][T10112] ip6gre2: entered promiscuous mode [ 195.058729][T10112] ip6gre2: entered allmulticast mode [ 195.074699][ T6873] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 195.106452][ T5822] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 195.114202][ T6873] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 195.142593][T10119] tipc: Enabled bearer , priority 0 [ 195.176536][T10115] syzkaller0: entered promiscuous mode [ 195.182016][T10115] syzkaller0: entered allmulticast mode [ 195.197610][T10123] IPv6: Can't replace route, no match found [ 195.290551][T10119] __nla_validate_parse: 4 callbacks suppressed [ 195.290568][T10119] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1134'. [ 195.322280][T10115] tipc: Resetting bearer [ 195.329797][T10130] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1139'. [ 195.346701][T10131] netlink: 'syz.3.1141': attribute type 6 has an invalid length. [ 195.363852][T10131] netlink: 176 bytes leftover after parsing attributes in process `syz.3.1141'. [ 195.364039][T10114] tipc: Resetting bearer [ 195.380801][T10127] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 195.400281][T10114] tipc: Disabling bearer [ 195.424690][T10125] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 195.434259][T10130] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1139'. [ 195.452512][T10125] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 195.624201][ T5822] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 195.794995][T10150] IPv6: Can't replace route, no match found [ 195.813080][T10148] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1149'. [ 195.929349][T10158] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 196.085298][T10168] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1158'. [ 196.143277][ T5822] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 196.233404][T10094] Bluetooth: hci3: command 0x0406 tx timeout [ 196.239509][T10094] Bluetooth: hci0: command 0x080f tx timeout [ 196.242998][ T5823] Bluetooth: hci1: command 0x0406 tx timeout [ 196.246088][T10094] Bluetooth: hci2: command 0x0406 tx timeout [ 196.298260][T10178] IPv6: Can't replace route, no match found [ 196.377907][T10184] syz_tun: entered allmulticast mode [ 196.505197][T10189] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1165'. [ 196.621090][T10194] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1169'. [ 196.630311][T10194] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1169'. [ 196.639446][T10194] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1169'. [ 196.648849][T10194] netlink: 'syz.0.1169': attribute type 6 has an invalid length. [ 196.876767][T10204] IPVS: Error connecting to the multicast addr [ 197.172349][T10218] sch_tbf: burst 6 is lower than device ip6gre0 mtu (1448) ! [ 197.300907][T10226] ksmbd: Unknown IPC event: 3, ignore. [ 198.216614][T10230] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 198.267447][T10265] netlink: 'syz.0.1201': attribute type 1 has an invalid length. [ 198.376029][T10265] 8021q: adding VLAN 0 to HW filter on device bond4 [ 198.491642][T10270] bond4 (unregistering): Released all slaves [ 198.520747][T10275] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 198.750322][T10284] ksmbd: Unknown IPC event: 3, ignore. [ 199.182782][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 200.311857][T10351] __nla_validate_parse: 21 callbacks suppressed [ 200.311875][T10351] netlink: 4268 bytes leftover after parsing attributes in process `syz.2.1239'. [ 200.359543][T10351] netlink: 4268 bytes leftover after parsing attributes in process `syz.2.1239'. [ 200.378412][T10357] sctp: [Deprecated]: syz.1.1242 (pid 10357) Use of struct sctp_assoc_value in delayed_ack socket option. [ 200.378412][T10357] Use struct sctp_sack_info instead [ 200.656014][T10366] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1247'. [ 200.666420][T10366] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1247'. [ 200.689340][T10369] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 200.829875][T10375] IPv6: Can't replace route, no match found [ 200.887521][T10377] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1253'. [ 201.042966][T10383] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1265'. [ 201.076928][T10361] sch_fq: defrate 4294967295 ignored. [ 201.185151][ T5892] ================================================================== [ 201.193245][ T5892] BUG: KASAN: slab-use-after-free in br_switchdev_fdb_notify+0x30b/0x3e0 [ 201.201675][ T5892] Read of size 8 at addr ffff8880309c3808 by task kworker/0:5/5892 [ 201.209565][ T5892] [ 201.211891][ T5892] CPU: 0 UID: 0 PID: 5892 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) [ 201.211914][ T5892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 201.211926][ T5892] Workqueue: events_long br_fdb_cleanup [ 201.211955][ T5892] Call Trace: [ 201.211962][ T5892] [ 201.211970][ T5892] dump_stack_lvl+0x189/0x250 [ 201.211993][ T5892] ? __kasan_check_byte+0x12/0x40 [ 201.212018][ T5892] ? __pfx_dump_stack_lvl+0x10/0x10 [ 201.212040][ T5892] ? lock_release+0x4b/0x3e0 [ 201.212059][ T5892] ? __virt_addr_valid+0x4a5/0x5c0 [ 201.212083][ T5892] print_report+0xca/0x240 [ 201.212103][ T5892] ? br_switchdev_fdb_notify+0x30b/0x3e0 [ 201.212124][ T5892] kasan_report+0x118/0x150 [ 201.212142][ T5892] ? br_switchdev_fdb_notify+0x30b/0x3e0 [ 201.212167][ T5892] br_switchdev_fdb_notify+0x30b/0x3e0 [ 201.212190][ T5892] ? __pfx_br_switchdev_fdb_notify+0x10/0x10 [ 201.212214][ T5892] ? rht_lock+0x114/0x220 [ 201.212229][ T5892] ? rht_lock+0xff/0x220 [ 201.212250][ T5892] fdb_notify+0x89/0x160 [ 201.212274][ T5892] fdb_delete+0xdcf/0x1060 [ 201.212301][ T5892] ? fdb_delete+0x359/0x1060 [ 201.212326][ T5892] ? __pfx_fdb_delete+0x10/0x10 [ 201.212352][ T5892] ? br_fdb_cleanup+0x270/0x4d0 [ 201.212376][ T5892] br_fdb_cleanup+0x2aa/0x4d0 [ 201.212400][ T5892] ? br_fdb_cleanup+0xb1/0x4d0 [ 201.212422][ T5892] ? process_scheduled_works+0x9ef/0x17b0 [ 201.212441][ T5892] process_scheduled_works+0xae1/0x17b0 [ 201.212472][ T5892] ? __pfx_process_scheduled_works+0x10/0x10 [ 201.212498][ T5892] worker_thread+0x8a0/0xda0 [ 201.212517][ T5892] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 201.212540][ T5892] ? __kthread_parkme+0x7b/0x200 [ 201.212563][ T5892] kthread+0x711/0x8a0 [ 201.212585][ T5892] ? __pfx_worker_thread+0x10/0x10 [ 201.212602][ T5892] ? __pfx_kthread+0x10/0x10 [ 201.212622][ T5892] ? _raw_spin_unlock_irq+0x23/0x50 [ 201.212638][ T5892] ? lockdep_hardirqs_on+0x9c/0x150 [ 201.212654][ T5892] ? __pfx_kthread+0x10/0x10 [ 201.212674][ T5892] ret_from_fork+0x4bc/0x870 [ 201.212692][ T5892] ? __pfx_ret_from_fork+0x10/0x10 [ 201.212711][ T5892] ? __switch_to_asm+0x39/0x70 [ 201.212726][ T5892] ? __switch_to_asm+0x33/0x70 [ 201.212739][ T5892] ? __pfx_kthread+0x10/0x10 [ 201.212759][ T5892] ret_from_fork_asm+0x1a/0x30 [ 201.212781][ T5892] [ 201.212787][ T5892] [ 201.435556][ T5892] Allocated by task 5831: [ 201.439862][ T5892] kasan_save_track+0x3e/0x80 [ 201.444526][ T5892] __kasan_kmalloc+0x93/0xb0 [ 201.449104][ T5892] __kmalloc_cache_noprof+0x3d5/0x6f0 [ 201.454462][ T5892] new_nbp+0x188/0x440 [ 201.458512][ T5892] br_add_if+0x283/0xeb0 [ 201.462733][ T5892] do_set_master+0x533/0x6d0 [ 201.467303][ T5892] do_setlink+0xcf0/0x41c0 [ 201.471696][ T5892] rtnl_newlink+0x1619/0x1c80 [ 201.476357][ T5892] rtnetlink_rcv_msg+0x7cf/0xb70 [ 201.481279][ T5892] netlink_rcv_skb+0x208/0x470 [ 201.486027][ T5892] netlink_unicast+0x82f/0x9e0 [ 201.490773][ T5892] netlink_sendmsg+0x805/0xb30 [ 201.495516][ T5892] __sock_sendmsg+0x21c/0x270 [ 201.500180][ T5892] __sys_sendto+0x3bd/0x520 [ 201.504678][ T5892] __x64_sys_sendto+0xde/0x100 [ 201.509436][ T5892] do_syscall_64+0xfa/0xfa0 [ 201.513925][ T5892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.519803][ T5892] [ 201.522109][ T5892] Freed by task 16: [ 201.525892][ T5892] kasan_save_track+0x3e/0x80 [ 201.530555][ T5892] __kasan_save_free_info+0x46/0x50 [ 201.535733][ T5892] __kasan_slab_free+0x5c/0x80 [ 201.540483][ T5892] kfree+0x19a/0x6d0 [ 201.544365][ T5892] kobject_put+0x22b/0x480 [ 201.548767][ T5892] rcu_core+0xcab/0x1770 [ 201.552987][ T5892] handle_softirqs+0x286/0x870 [ 201.557730][ T5892] __irq_exit_rcu+0xca/0x1f0 [ 201.562301][ T5892] irq_exit_rcu+0x9/0x30 [ 201.566523][ T5892] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 201.572134][ T5892] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 201.578095][ T5892] [ 201.580399][ T5892] Last potentially related work creation: [ 201.586090][ T5892] kasan_save_stack+0x3e/0x60 [ 201.590750][ T5892] kasan_record_aux_stack+0xbd/0xd0 [ 201.595928][ T5892] call_rcu+0x157/0x9c0 [ 201.600064][ T5892] br_del_if+0x143/0x1e0 [ 201.604287][ T5892] do_set_master+0x312/0x6d0 [ 201.608886][ T5892] do_setlink+0xcf0/0x41c0 [ 201.613282][ T5892] rtnl_newlink+0x14ad/0x1c80 [ 201.617942][ T5892] rtnetlink_rcv_msg+0x7cf/0xb70 [ 201.622862][ T5892] netlink_rcv_skb+0x208/0x470 [ 201.627607][ T5892] netlink_unicast+0x82f/0x9e0 [ 201.632350][ T5892] netlink_sendmsg+0x805/0xb30 [ 201.637090][ T5892] __sock_sendmsg+0x21c/0x270 [ 201.641746][ T5892] ____sys_sendmsg+0x505/0x830 [ 201.646490][ T5892] ___sys_sendmsg+0x21f/0x2a0 [ 201.651146][ T5892] __x64_sys_sendmsg+0x19b/0x260 [ 201.656062][ T5892] do_syscall_64+0xfa/0xfa0 [ 201.660547][ T5892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.666427][ T5892] [ 201.668728][ T5892] The buggy address belongs to the object at ffff8880309c3800 [ 201.668728][ T5892] which belongs to the cache kmalloc-1k of size 1024 [ 201.682757][ T5892] The buggy address is located 8 bytes inside of [ 201.682757][ T5892] freed 1024-byte region [ffff8880309c3800, ffff8880309c3c00) [ 201.696444][ T5892] [ 201.698750][ T5892] The buggy address belongs to the physical page: [ 201.705148][ T5892] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880309c3800 pfn:0x309c0 [ 201.715188][ T5892] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 201.723662][ T5892] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 201.732139][ T5892] page_type: f5(slab) [ 201.736099][ T5892] raw: 00fff00000000240 ffff88801a026dc0 ffffea00016a5a10 ffffea000081cc10 [ 201.744661][ T5892] raw: ffff8880309c3800 0000000000100009 00000000f5000000 0000000000000000 [ 201.753228][ T5892] head: 00fff00000000240 ffff88801a026dc0 ffffea00016a5a10 ffffea000081cc10 [ 201.761878][ T5892] head: ffff8880309c3800 0000000000100009 00000000f5000000 0000000000000000 [ 201.770528][ T5892] head: 00fff00000000003 ffffea0000c27001 00000000ffffffff 00000000ffffffff [ 201.779177][ T5892] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 201.787822][ T5892] page dumped because: kasan: bad access detected [ 201.794219][ T5892] page_owner tracks the page as allocated [ 201.799914][ T5892] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5836, tgid 5836 (syz-executor), ts 73643295331, free_ts 73612523606 [ 201.821257][ T5892] post_alloc_hook+0x240/0x2a0 [ 201.826014][ T5892] get_page_from_freelist+0x2365/0x2440 [ 201.831540][ T5892] __alloc_frozen_pages_noprof+0x181/0x370 [ 201.837323][ T5892] alloc_pages_mpol+0x232/0x4a0 [ 201.842152][ T5892] allocate_slab+0x96/0x3a0 [ 201.846635][ T5892] ___slab_alloc+0xe94/0x18a0 [ 201.851292][ T5892] __slab_alloc+0x65/0x100 [ 201.855686][ T5892] __kmalloc_cache_noprof+0x411/0x6f0 [ 201.861044][ T5892] br_vlan_init+0x54/0x1b0 [ 201.865441][ T5892] br_dev_init+0x65/0x490 [ 201.869752][ T5892] register_netdevice+0x6bf/0x1ae0 [ 201.874847][ T5892] br_dev_newlink+0x6a/0x140 [ 201.879416][ T5892] rtnl_newlink_create+0x310/0xb00 [ 201.884506][ T5892] rtnl_newlink+0x16e4/0x1c80 [ 201.889170][ T5892] rtnetlink_rcv_msg+0x7cf/0xb70 [ 201.894092][ T5892] netlink_rcv_skb+0x208/0x470 [ 201.898844][ T5892] page last free pid 5820 tgid 5820 stack trace: [ 201.905147][ T5892] __free_frozen_pages+0xbc4/0xd30 [ 201.910247][ T5892] __slab_free+0x2e7/0x390 [ 201.914645][ T5892] qlist_free_all+0x97/0x140 [ 201.919216][ T5892] kasan_quarantine_reduce+0x148/0x160 [ 201.924666][ T5892] __kasan_slab_alloc+0x22/0x80 [ 201.929515][ T5892] __kmalloc_cache_noprof+0x36f/0x6f0 [ 201.934870][ T5892] kobject_uevent_env+0x27c/0x8c0 [ 201.939882][ T5892] __kobject_del+0xd2/0x300 [ 201.944372][ T5892] kobject_put+0x243/0x480 [ 201.948772][ T5892] netdev_queue_update_kobjects+0x5db/0x6c0 [ 201.954649][ T5892] netif_set_real_num_tx_queues+0x299/0xa60 [ 201.960522][ T5892] veth_newlink+0x7de/0xa60 [ 201.965013][ T5892] rtnl_newlink_create+0x310/0xb00 [ 201.970107][ T5892] rtnl_newlink+0x16e4/0x1c80 [ 201.974767][ T5892] rtnetlink_rcv_msg+0x7cf/0xb70 [ 201.979690][ T5892] netlink_rcv_skb+0x208/0x470 [ 201.984439][ T5892] [ 201.986742][ T5892] Memory state around the buggy address: [ 201.992350][ T5892] ffff8880309c3700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 202.000389][ T5892] ffff8880309c3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 202.008434][ T5892] >ffff8880309c3800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 202.016486][ T5892] ^ [ 202.020801][ T5892] ffff8880309c3880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 202.028844][ T5892] ffff8880309c3900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 202.036973][ T5892] ================================================================== [ 202.045153][ T5892] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 202.052359][ T5892] CPU: 0 UID: 0 PID: 5892 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) [ 202.061716][ T5892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 202.071758][ T5892] Workqueue: events_long br_fdb_cleanup [ 202.077305][ T5892] Call Trace: [ 202.080569][ T5892] [ 202.083486][ T5892] dump_stack_lvl+0x99/0x250 [ 202.088069][ T5892] ? __asan_memcpy+0x40/0x70 [ 202.092647][ T5892] ? __pfx_dump_stack_lvl+0x10/0x10 [ 202.097839][ T5892] ? __pfx__printk+0x10/0x10 [ 202.102418][ T5892] vpanic+0x237/0x6d0 [ 202.106389][ T5892] ? __pfx_vpanic+0x10/0x10 [ 202.110883][ T5892] panic+0xb9/0xc0 [ 202.114594][ T5892] ? __pfx_panic+0x10/0x10 [ 202.118996][ T5892] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 202.124871][ T5892] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 202.130747][ T5892] ? br_switchdev_fdb_notify+0x30b/0x3e0 [ 202.136366][ T5892] check_panic_on_warn+0x89/0xb0 [ 202.141295][ T5892] ? br_switchdev_fdb_notify+0x30b/0x3e0 [ 202.146915][ T5892] end_report+0x78/0x160 [ 202.151141][ T5892] kasan_report+0x129/0x150 [ 202.155714][ T5892] ? br_switchdev_fdb_notify+0x30b/0x3e0 [ 202.161337][ T5892] br_switchdev_fdb_notify+0x30b/0x3e0 [ 202.166780][ T5892] ? __pfx_br_switchdev_fdb_notify+0x10/0x10 [ 202.172749][ T5892] ? rht_lock+0x114/0x220 [ 202.177060][ T5892] ? rht_lock+0xff/0x220 [ 202.181289][ T5892] fdb_notify+0x89/0x160 [ 202.185695][ T5892] fdb_delete+0xdcf/0x1060 [ 202.190100][ T5892] ? fdb_delete+0x359/0x1060 [ 202.194679][ T5892] ? __pfx_fdb_delete+0x10/0x10 [ 202.199519][ T5892] ? br_fdb_cleanup+0x270/0x4d0 [ 202.204357][ T5892] br_fdb_cleanup+0x2aa/0x4d0 [ 202.209025][ T5892] ? br_fdb_cleanup+0xb1/0x4d0 [ 202.213784][ T5892] ? process_scheduled_works+0x9ef/0x17b0 [ 202.219578][ T5892] process_scheduled_works+0xae1/0x17b0 [ 202.225116][ T5892] ? __pfx_process_scheduled_works+0x10/0x10 [ 202.231088][ T5892] worker_thread+0x8a0/0xda0 [ 202.235663][ T5892] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 202.241975][ T5892] ? __kthread_parkme+0x7b/0x200 [ 202.246901][ T5892] kthread+0x711/0x8a0 [ 202.250964][ T5892] ? __pfx_worker_thread+0x10/0x10 [ 202.256062][ T5892] ? __pfx_kthread+0x10/0x10 [ 202.260647][ T5892] ? _raw_spin_unlock_irq+0x23/0x50 [ 202.265831][ T5892] ? lockdep_hardirqs_on+0x9c/0x150 [ 202.271015][ T5892] ? __pfx_kthread+0x10/0x10 [ 202.275592][ T5892] ret_from_fork+0x4bc/0x870 [ 202.280170][ T5892] ? __pfx_ret_from_fork+0x10/0x10 [ 202.285267][ T5892] ? __switch_to_asm+0x39/0x70 [ 202.290014][ T5892] ? __switch_to_asm+0x33/0x70 [ 202.294762][ T5892] ? __pfx_kthread+0x10/0x10 [ 202.299347][ T5892] ret_from_fork_asm+0x1a/0x30 [ 202.304101][ T5892] [ 202.307238][ T5892] Kernel Offset: disabled [ 202.311539][ T5892] Rebooting in 86400 seconds..