last executing test programs: 2.118646825s ago: executing program 0 (id=7709): r0 = socket$kcm(0xa, 0x3, 0x87) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) socket$nl_route(0x10, 0x3, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r4, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0x6, 0x3}, 0x1c) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r7 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r7, &(0x7f0000000240)="800000800000210ee7decd7a00000000", 0x10, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r6, 0x1, 0xd8, 0x6, @broadcast}, 0x14) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000740)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000000000000000000000000000000000001fe8000000000000000000000000000bb00000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000009a5ab6e10c00000000000000040000000000000000000000000000000000000000000000ffffffffffffffff000000000020000000000000000000000000000000000000000a000000000000feffffffff7f40000200000000000008000000000000000001000000000000004400050000000000000000000000000000000000000000003c00000002000000ffffffff0002000000000000000000000600000004"], 0xfc}}, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0x7, @dev={0xfe, 0x80, '\x00', 0x28}, 0x0, 0x1}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="ef616b4d", 0x4}], 0x1}, 0x4040810) 1.869205372s ago: executing program 1 (id=7713): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, 0x0, 0x40) 1.868284783s ago: executing program 4 (id=7714): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00', @ANYRES32=0x1, @ANYBLOB="fcffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r1}, &(0x7f0000000280), &(0x7f0000000340)=r2}, 0x20) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r2, r4, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x16, &(0x7f00000006c0)=ANY=[@ANYBLOB="aaaaaaaaf24205d97a2f9e0a88470001c81181900060e8b186df38c95804f2370f509c487d301fca679ab87bd25a0455384992468641f173c0a07ef24f14e8773657ffaeb53e3e1294b5d8803b5a1eac8cf043d543c6b30aea6cd091896f4039b37c19508530f595eca96b3f8f8c60c61e8649d35ffe5c97ca"], 0x0) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x2, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x6}, {0xffff, 0xffff}, {0xe, 0xffe0}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0xfffffffb}, @TCA_FQ_PIE_ALPHA={0x8, 0x5, 0x4}]}}]}, 0x44}}, 0x400c) r8 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r8, 0x0, 0x0, 0x4098884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) r9 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r9, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101}) sendto$inet6(r8, 0x0, 0x0, 0x0, 0x0, 0x0) r10 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r10, 0x0, 0x18, &(0x7f0000000080)=0x200, 0x4) bind$inet6(r10, &(0x7f0000000000)={0xa, 0x0, 0x6, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x7}, 0x1c) socket$unix(0x1, 0x5, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x4, 0xa}, {}, {0xb}}, [@filter_kind_options=@f_bpf={{0x8}, {0x1c, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x3}, @TCA_BPF_CLASSID={0x8, 0x3, {0x1, 0x9}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x8858}, 0x40000) 1.771855709s ago: executing program 0 (id=7716): unshare(0x6a040000) 1.76327085s ago: executing program 1 (id=7717): socket$packet(0x11, 0x2, 0x300) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0) write$tun(r0, &(0x7f0000000080)={@val={0x8, 0x800}, @val={0x7, 0x3, 0x3, 0x2, 0x18}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x4, 0x28, 0x0, 0x0, 0x8, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, {{0x8100, 0x88a8, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x20, 0x5}}}}, 0x36) 1.683389935s ago: executing program 3 (id=7719): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791018000000000063000000000000009500050000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x26, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x23) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) syz_emit_ethernet(0xaf, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xa1, 0x4, 0x0, 0x0, 0x73, 0x0, @private, @multicast1}, {0x4e20, 0xffff, 0x8d, 0x0, @opaque="b4e1fa95765798262e83e352be7290daa680842f452c30d6843ee7dcce1682a338848cde35b72a6259f080b611ec951e601467dd381201b1a8402587b51fe0ecbb44d049159db7957b28fbe8c64d72d611c9fd925a63a17d293d4874869f579b49a172a01db8e3c1ca14d62f67b63c9d73042381663f9da046b3dfb5d4a86fd5252a292979"}}}}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@ipv4_delrule={0x40, 0x21, 0x400, 0x70bd26, 0x25dfdbfe, {0x2, 0x14, 0x20, 0x0, 0x5, 0x0, 0x0, 0x8, 0x14}, [@FRA_SRC={0x8, 0x2, @broadcast}, @FRA_GENERIC_POLICY=@FRA_SUPPRESS_IFGROUP={0x8, 0xd, 0x4}, @FRA_SRC={0x8, 0x2, @multicast2}, @FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x6}]}, 0x40}}, 0x0) r2 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r2, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10) connect$llc(r2, &(0x7f0000000240)={0x1a, 0x20, 0x0, 0x9, 0x2, 0x2, @remote}, 0x10) r3 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r3, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010200000000000000006700000008000300", @ANYRES32=r7, @ANYBLOB="0800c300741300000800c400010000000400c5"], 0x30}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r4, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200438}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)={0x2c, r5, 0x20, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_HE_BSS_COLOR={0xc, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_PARTIAL={0x4}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}]}, @NL80211_ATTR_PRIVACY={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000010}, 0x80) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@gettfilter={0x3c, 0x2e, 0x100, 0x70bc25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x10, 0xfff1}, {0xe, 0xf}, {0x8, 0xffff}}, [{0x8, 0xb, 0x5}, {0x8, 0xb, 0x9}, {0x8, 0xb, 0xc0e}]}, 0x3c}}, 0x0) r9 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) r10 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r10, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x10) sendmsg$nl_route(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000001a00010000000000000000001c14000000230000"], 0x1c}}, 0x4050) sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000010c0)=@newlink={0x134, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r11}, [@IFLA_AF_SPEC={0x114, 0x1a, 0x0, 0x1, [@AF_INET={0x40, 0x2, 0x0, 0x1, {0x3c, 0x1, 0x0, 0x1, [{0x8, 0x21}, {0x8, 0x18}, {0x8, 0x3}, {0x8, 0x9}, {0x8, 0xc}, {0x8, 0x12}, {0x8, 0x1f}]}}, @AF_INET6={0x6c, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @private1}, @IFLA_INET6_TOKEN={0x14, 0x7, @dev}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_TOKEN={0x14, 0x7, @private2}, @IFLA_INET6_ADDR_GEN_MODE={0x5}]}, @AF_BRIDGE={0x4}, @AF_MPLS={0x4}, @AF_INET6={0x2c, 0xa, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE={0x0, 0x8, 0x1}, @IFLA_INET6_TOKEN={0x14, 0x7, @mcast1}]}, @AF_INET={0x28, 0x2, 0x0, 0x1, {0x24, 0x1, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}]}}, @AF_MPLS={0xfffffe85}, @AF_BRIDGE={0x4}]}]}, 0x134}}, 0x0) 1.680474761s ago: executing program 4 (id=7720): r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0xfffffffffffffdbc, 0x2, {{0x1, 0xd, 0x0, 0x9, 0x8}, 0x6, 0x1, 0x1, 0x4, 0x8, 0xe, 0x7, 0x1d, 0x3, 0x9, {0xa2d6, 0x200, 0xb, 0x40, 0x2, 0x1ff}}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x20004804) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x4, 0x5}, {}, {0x7, 0x5}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0xd, 0x0, 0x9, 0x3}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20048081}, 0xc0) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r8) socket$nl_route(0x10, 0x3, 0x0) r9 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r9, &(0x7f00000000c0)={&(0x7f0000000840)=@xdp={0x2c, 0x7, r10, 0x3e}, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)='\x00@', 0x2}], 0x1}, 0x4) 1.507658803s ago: executing program 3 (id=7721): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000180)=@hci={0x1f, 0x0, 0x5}, 0x80, &(0x7f00000013c0)=[{&(0x7f0000001240)="27050200340f3c000600002fb96dbcf706067a3e170000005f45f491bdd54ec5ff1144ee162fd4b8bf7256da82f601102c21880b00000000010040570000000600000000000000805db18fc083", 0x4d}, {&(0x7f0000001400)="1c393502dda1a67d93b1ceccbe972c4fef9c33ecf2d824f3a33513f45f472bbdc8e3a2275f2587f0da0b3ae419bed996116448f90d113ce98aa985f379d729430858f5cb9a668a1800bf2354b3a064fe1833de518580a3080d7f4cc2406e071138439e1566dd17983ee153ab672f362d3292e24a9952f18ec3d8b37bb3391096c1d4442a754899299321c03cbcfb98a26994b2a072c2b9d9c70d619545e5f61b050e40166d2ff57dcc008f24fd5339e7bc21e25863f80d2487c30b6bf781608a31d68e9319ab1712d8f5bdde849c040417c864cbfd3923dcb9fc6bdc2ea53334184b03efcb631dc68f0a7b6e13eea4b80d4237120e32932ca4e2b50bad0a35496d36a191d91f03b477b9587bc0ba489932e34f819fa1524ebad53a3d94b46c6aeff4f42fa067729fbb2862c09d337a75e0c8429d4bfe0dee2e1e23e8c22787178600ecca135623731e4701f35bd4e7c936a8ee274120e7662328a5aba1161b05889b045696721c79bff0547efe051f3c5de77fdd3c77afd41a1a7747a982b7efb013c9d6bac7d3ad1f9b7c3a5a1448b35696f03bca1c875e346edc55b7a271c3e5f3c0df72c8e4d7cccfa2e9b598f0ae06efbc1a5d5bd91aed6b32deccf7755cef50fab72633c802533b9d94f17f9be978f2514c47671575ee528fbdddc6194328e605e4d10e293756d20eb8a545f2bfe48df5d1d98a270458392a0a57647dcb8ee005e78877a072d12d0429b9b9957a695c3289b4a59469691115e6ba204181708b9d1ae47418ed594b8128f20c100f5485a84e60d73ab818da73fab78caf42afd1f89cdb29dfdd6676c55ea00d35321bc4878170c62b056b4e03ae556ac804026cabcbc8e79e7a18f2f56442cd650aa2bc88f62ebb65bfafd3e5b4c62ac2e720ff0fdf03c46889df55ff91058319c953f90cd6e7f7b15d56a58ff6128357510c4c618aa25434881d58c39092969ba1f7c444465f16d1f2561991e357bda928f2a50422f774f318fb41169a0d0324a8efd19b940a17c28cda06b750cd02155dbdbd1dc695e190a997ae8f4bb8766983d8db8678a78ae8f044b868549e9c60f7ce25a36300ce07f304e75d285e914b3aec703969df969b2736dd99fcab1944c751f8ef4c34cbb86d5f27ef9982be245949d5579b540750d1eac428b0cd2541295b577573b27e9ecac3934987e85b44bc85e6e307cf6f5683bf1c817369d556a368bc5560a1737aa2bec3cac4689e04fbe851ed4b6c1a355950522f8918af3855fe97ec285da15a20e8119483e7419fa2b0639d5add10b396a8033ec2b98d9a9fca3fc4202d0a6bcfa55798eacafa4c8efafb73a2ab89bb58b0c20364a6ad9c233dfb1bdbb87b8f91e3ab9790e876f906107183419aa7480e327388c01dc5f2d5bcb8a7565cddc4e1275741116416b66bf3adf9e7e31c3fc518740446ed2a394e7699baf9408c62b4c0e7a11dec8f4a67e78a3f00bedae9f55f36c52a1fd4ee3a8be7285f9ca898ee63d3718a7c4603bcb9a24537b34a41a6c0eee4cc609b014d3f4fb928aa7e3fa7a4f97dcef5c0e526b650284ffeda82f603ed9ea1eb6627d29d8bcd6c7e6fe128b1c4463b24fe50c0ff9a46090635dde4b4d4a984e5a91f7486856cd2bf85088fa4d27b219628be8cdba7004d00985a73fb5b0b4b0f96844e73a8ff7884bdee1a0d6e62decfeebfb56351c135e6580fd61ea806ee5592fe4ffba5c73b8a4a04d44aa52645320cb73fe0c5f14a971d3b3f64c85f5ebaab5e1a061f5186050230286331048e43368e45cfc88e8f4d0d3b1b86b64d5394bc68c2b754389b3c18a45c1edb0496dd88cb3113bbdf1a0f127eb8cd52caf8da95b83d0decad3775b2f2e43776d0d32d447cdd0b267b32775e3473f51a233f8c91a4c07ad669da1844f3d9554f399d43ca1eda29c5c761b3936f845f0c4d1c6a56b8b34b5ab3291e06cd86de6116fc3236a11343d6f4ad02199717054ac1f15471c5a2b8efe67bd4bea33c0ca36e2c4209026849de21c1da1057f353cc824947d75119e4501b98cb9e621d0644e3f4a75353093557afcee7da41ad368fe1cbb426922772b9b262a861fbce9ae86d6e8c5a8de6a1e8f03456c0a354277a2f3ff46a62b6d6cdee4febf23e2350f94b47a05a4d0e7da37a2e97b899d92ca1f3bd1cded5588593e8bb99b9dce0731fa1174de14b63be2bf7e424f870551f213fab437aac092c2e9798959fa3616465e2b36fd49cc9af902d47debec02558c036ed991f1a3895b37cd70f3c405cca362c885542fd976e73be4cf7580a0c4d5a9527c77c189573e3be07ed15472f6b012939abb5be9f3e8a5b720307fb2dbca48b35d121702cfb6b3690559b08fbeb77d53d37582d7f44fe269ac51665632bf070cfc7445741b70306cb3f19b7fbecd19a78092dfd086a0da019734d95660ba4e5ce5bcf25f09403c32e3ec902f3717cca0eca05e791c2b8c2b8988645afa2446d5218abce136c0dbbafb95e4f4727a29cc567b3f73d5dbc1aeee746653a7f5c445add24a9c1b67d1bfeec85d2a6478e80c3acdb9439aa46c8cf14a98ffa89790ef7a94b3146088566812e28ccbafb466772b7fbb98dcf1e792eb6d0de0829c3c49c5ecdeea3e80017324a0fe724565c4e7a242764e9012442cae44b57c7121889c044be05b5eca70efb649bb528e751f072af93ae2c5053fdce196cce158136f904cf64f2cb8becc2d024f5ec32a38d78b87a4dfe7c53769dadef890efd160eb662cedb18a756aed83edfb9efbbb3648eb399e61f80077e64b95eae9d17083aed05cfc2e148621e36be1f41d373c721a11804fce269c688b0c647d6e1083e336d1f7f90a7a080a8010000000000000070af5c1a1418f28dce95c01052a314a9ebe39cb9cddb8e7855e58c4a636b7f6250ecad312ede18664c03d92e330935295a35ea3e0306f25ca971300f782ae2f6e79a513732d22ef9b9bc41d17df3352a855cdd19b18f5abd6e6420f4f42f01750a64f6acdb6b46622fafebe3e913c64a1a6a59f980e97deae0dc83c12ccae6b430d7a28f21c3e0e38b32f3d5f1d44927fc34ed5c9ddb5be8eb936dbdcd327b63ea69d86c2da15cb834a18ee51a44f2da7b11d79486942fd04eade92fe5d93342970ca4cc73861b15facf97e9c53c15488c5630b17b9364c58652cfa6de0918327498ba8d6120d3be9139c51a6e9017525772397529ddd4fd1905614fd1cc7f1370a577ad10ec9ea742f9aedc5ccb1cf8590eaf770b3f74af21f5119ac238e82e92c83321b06f106530abbbd321c3e1dc948accdc21a586ff37253ad1d0c5bfb51541f876be1b6e4f490046204b9edfe9a9721b9019a495d1efed10d4570f4c75ac56aa862f738b46cfe8899f6d92e862611b35be8931a2460dc646ed332b3046baf48613bbb543f4abda22d3d62a484665ba5bbf8fec1bb199b430a6e96cfad417a1644cc5f7f640004836c60f15a174eb7eb1750a71a141549f393c7d88b8729a33f841f7f8f2bd03dccaaa825f2e29105f6b4c11ac8e06bb3be9dfdecce66294a0be9dbc5f40123644fcac59ed0c968eb62fb14d111e900ad1c038f17d5471ab088f704de7db35753f818f55669a76e621b29d975253d177791e1434644a81b2b8bc4c8e147961b4f1b7f3e225571fecb10906957791b27d35a89e3ce84c91a2dc60aee460d8f41eb7b5e171516ef34d8c7dbbc8122cdeffa51b5a393d2cae7f69826d342d4d81b58ca7ddb0e688a15b39a00ef1aed5db337d1ab87e86f835663a4968c8bf5afd7cf80549f42588d9b8ea04ff3d9eac2b8ffd1155a504230103a68bd8b3c416a10d76cee236442a68393896587bc66c01a5f7f411325578d023d7619a89d0bcbbacae99b925fb72994e1ef4240cddad2294a56bec6d6243b95b04345c215bd48a3aa89786ba39b4d2f5015d8bd038c32a7b0eb02a4eb5a640371d9b4af540eb99a1e26547cc214da21e9538754a802972411a0bf41670e143ad65f665e96d9bdf27a82b9aa7992ad1d3815f9a56a746eefa6f7e1913b6e3e859b2cc7797adcae825b7aad17c11e66597042c327a6473489a9664c5ce0ff8b1ecfb691daa0bd50c17f4597826553686bc2ee08eaca8dd6f77c626691699141a698e5b517e02130587ee503c7b5f638cbf32166b0d4ebe9222b6c9d50fb3db9d1ab060c31aabeef52cd51e5cf485eecc741e37a47c4996068f1d4b25f182b9d7bee4bec5cb070d3cea2f9762a41bb8d9ec5896ebcb2b17ca82f29bcce456412d8ed531afda50d259fcb7794216b6a9a873b6c3c4493c0c6d3e6a4f81f3b40dcc745a4e2383c678c472b1d5bf3ff02992bfe893a5bc96824039da1ee3cf8593e7d616d62f6e3c3e2c4e0cc58d5445998cf5b1c91c2468b2571b118709668efbbe72911f1bfa96b97c32f71cd7071f4c729e88631a89b53dd4bae6ef9c4ed082916e267479195599e9871b26b92c6885ded29f990070fddc4d8535088ddc70d6e83f797b6fa2260a92602eb90800000001cb7394f0c90fb5913b2f8d8d24c8f1056920e1facbe643dd49d8983b277da7282a986c28d5468aed9a4730579a20346d35f78b6bd2cacb4b9237fbfb0b7a2314105ff3b074a0e340b904e715e99c501e1435c15eaa262893c2883c90f26d2ff91792d46e4d867b62570e0d1e4739b8ac4fff8f778960de1ae40d4c85c51e1c47040bb2caeaf0c71dbb67c30715b8c14d6921831d7678522eeed29444df421ee206ca3be20d1b5fd2d2baf832f097fef590290eea77f8f3ed00b39841421b61f1c0d01def54bec0348be2216a8dad60838f3ad3595a744edeb6202dbcbd9c73a126a79cbefa43c7db0493103c2aa8fecb5cde1773ad0cdd03f5b0cfb0270642a96a9e14d116e9140501df48cdbf725611b398eb2b9e93f8da49e601099e0b2e880a95525b5f3f2edd74ae9d664a1f2e932493b61634ab53a1e2f3bf56add0a7f09c16853814b03a4212b9a0119420948da26bb171b288a66a2f0a4063754c2910512aa1cead69b94b498b5d4c44ce0a4aaa7855ee1a3b7ca738756a00a435062ccb86a40cc01f666d372f323e087ef5db2bc2d17ed1f72db12c52ca6723ce92ada6ff0c4f498d42d4218a9f799a216facb7377a1532e0755b894bfc0ee99a4072ac54ee5727846631574f348bf650e7d54b0ef3a1b5cc8233e660a2615bb7401f6c23e08ff0ddb488b9d504fc42508449b8fdd70afb387016e8c9206482c334f37d26fa3bdb6063f8147db9363e22c4b43b89ba0f68d06646fc1eb74fec0be4f59a17b274e0db67b2c0398250da219c9caf7e0f6cb1f828b6f89a67cacfd0fe0132bd943a1410f8d8d7eb819bc783b8e66a1786285e1e429b71ccc22f7f4c216001375c7a816719e29abc98652b6752923132256cb5f0470223e2c685c9ebf635e316a12b35a429160d1c7688dbc3edcb1af64032177e41def01696e7100bbe102ae1b68a44b50c484b23164ab0387c3e23b8a5f80d3acb04da71744115ab6e1a9f233cad000000000000", 0xf44}], 0x2}, 0x9cdc2384056f48b8) 1.424881383s ago: executing program 1 (id=7722): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') unshare(0x6a040000) bind$netlink(0xffffffffffffffff, 0x0, 0x0) unshare(0x400) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffd}, 0x18) sendmsg$NFC_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000300)={0xfc, 0x0, 0x800, 0x70bd25, 0x25dfdbfe, {}, [@NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x8}, @NFC_ATTR_VENDOR_DATA={0x72, 0x1f, "b82256bad31186178cf02bc6b4b059bb5073cfb20db40794b77ff5e2fd87a93eb7e4fd36396d2795f7ea888a34618efeb42c8b2b1f392f88f3bf1ed0d6b57f9994c5ca4224022d8b4d282de1255da8cba7c61cd2a2c177dcc5e8071a64fbfb690b3012daf3e9d7aab279962639de"}, @NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x1}, @NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x2}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_VENDOR_SUBCMD={0x8, 0x1e, 0x7ff}, @NFC_ATTR_VENDOR_SUBCMD={0x8, 0x1e, 0x7}, @NFC_ATTR_VENDOR_DATA={0xf, 0x1f, "d58cecb62bee6e66beeb13"}, @NFC_ATTR_VENDOR_DATA={0x31, 0x1f, "7278d550b0a8c366422e6e23e68d024da1af59de18a5f9633ca542592a6a151bc52b65ec457eeb8b6166a436bc"}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000}, 0x4000010) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) close(0xffffffffffffffff) socket$can_raw(0x1d, 0x3, 0x1) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) socket$unix(0x1, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newtaction={0x18, 0x30, 0x1, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x6a00}, [{0x4}]}, 0x18}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8, 0x0, 0x3}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffffb}, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002880)={0x34, r5, 0x625, 0x0, 0x82, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_MESH_ID={0x4}, @NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES={0x5, 0x8, 0x9}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000004}, 0x40) sendmsg$NL80211_CMD_GET_KEY(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x38, r5, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x3, 0x71}}}}, [@NL80211_ATTR_KEY_SEQ={0x10, 0xa, "7f2c21a892a6247f80a5b250"}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0x4}]}, 0x38}}, 0x10) r7 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/net\x00') sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x3c, r7, 0x1, 0x0, 0x0, {0x3}, [@GTPA_LINK={0x8}, @GTPA_VERSION={0x8}, @GTPA_PEER_ADDRESS={0x8, 0x4, @remote}, @GTPA_NET_NS_FD={0x8, 0x7, r8}, @GTPA_MS_ADDRESS={0x8, 0x5, @multicast2}]}, 0x3c}}, 0x0) 1.31507674s ago: executing program 3 (id=7723): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, 0x0, 0x0) 1.280966928s ago: executing program 2 (id=7724): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0x2c}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f00005d3000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x5ec37000) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000080)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x2f, 0x5, 0x0, 0x6, 0x0, @ipv4={'\x00', '\xff\xff', @local}, @mcast2, 0x8, 0x8000, 0x3, 0x5}}) mmap(&(0x7f000086a000/0x2000)=nil, 0x2000, 0x2000003, 0x11, r2, 0x2000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x5, [@var={0x2, 0x0, 0x0, 0x11, 0x4, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x8, 0x2}, @var={0x2, 0x0, 0x0, 0xe, 0x3}]}, {0x0, [0x0, 0x61, 0x5f]}}, 0x0, 0x55}, 0x28) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x2, 0x2000000000032, 0xffffffffffffffff, 0x0) 1.198549077s ago: executing program 3 (id=7725): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, 0x0, 0x8000) write$tun(r0, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x7, 0x3, 0x3, 0x802, 0x14}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x4, 0x29, 0x0, 0x0, 0x6, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast=0xfffffffb}, {{0x100, 0x88a8, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x20, 0x5}, {"cb"}}}}, 0x37) 1.197509521s ago: executing program 4 (id=7726): socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0x29, 0x2, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000280)={@broadcast, @multicast1, 0x0, "7ea97ddb2ac127ffa5b7216fe75ebaa2855a422a8bf8ec7caf003751804500", 0x0, 0x0, 0x4, 0xfffffffe}, 0x3c) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r2, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) 1.13695666s ago: executing program 2 (id=7727): bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kfree\x00'}, 0x18) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010200"/18, @ANYRES32=r2, @ANYBLOB="10005a800c0000800400020004000100"], 0x2c}, 0x1, 0x0, 0x0, 0x4810}, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet6_sctp(0xa, 0x5, 0x84) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r5, r4, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000000)=ANY=[], 0x0) 1.108128146s ago: executing program 0 (id=7728): setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'macvlan0\x00', 0x0}) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x1d, r0}, 0x10, &(0x7f00000005c0)={&(0x7f0000000140)=@can={{0x3}, 0x3, 0x3, 0x0, 0x0, "8e9f5a50be1f3a9b"}, 0x10}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 1.016682709s ago: executing program 2 (id=7729): getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x84, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000", @ANYRES32], 0x4c}}, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f00000090c0)=[{{&(0x7f00000002c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x1, 0x0) 851.790297ms ago: executing program 0 (id=7730): r0 = socket$nl_route(0x10, 0x3, 0x0) unshare(0x8020100) getsockopt$netlink(r0, 0x10e, 0x7, 0x0, &(0x7f0000000000)) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x60, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {0x10}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x401}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x50}]}]}, 0x60}}, 0x2) socket$inet_mptcp(0x2, 0x1, 0x106) 843.45765ms ago: executing program 2 (id=7731): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4801, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 831.217473ms ago: executing program 4 (id=7732): socket$packet(0x11, 0x2, 0x300) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, 0x0, 0x0) 761.573446ms ago: executing program 0 (id=7733): r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$inet_buf(r0, 0x0, 0x4, 0x0, 0x12) r1 = socket$key(0xf, 0x3, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000fbffffff850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bca2000000000000a6020000f8ffffffb70300008a000000b704000000000000850000003300000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r3, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) sendmsg$key(r1, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="020900032600000000000000fedbdf2502000a00030000001000000000000000080108000802000061ca637b994c131f7d61752edaed98fa84c30ef794c00b03380d24c368811cddb9ce1318919e0ffbf4b497bc66f77ce87034c082e47d5d53ad40b01972303f84d30000000000000002000b000700000000800000000000000e000800100300008f65d29e73849f122f18c2f6e9b353af8fc8ef6953e15f53d1ec8b1355e06a2ce35cfbe68185d3802f644115e144c43914c4e56c355566965c5d8d96151550c1ea53bfafa4d851fb2ffc5ec1e86bb3c38ddffb7ef3e9c0d516daad3d2f1db076b951000000000000010014000400000002000100000004d2050cfa030000004005001a00fe880000000000000000000000000101fe8000000000000000000002000000bb2b001404"], 0x130}}, 0x800) 642.609899ms ago: executing program 0 (id=7734): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10) socket$tipc(0x1e, 0x5, 0x0) syz_init_net_socket$llc(0x1a, 0x801, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/5, 0x214000, 0x800}, 0x20) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000180)=0x800, 0x4) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000040)=0x20000, 0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000400)={'dummy0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ppoll(&(0x7f0000000500)=[{r4}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) 634.885726ms ago: executing program 2 (id=7735): socket$inet_tcp(0x2, 0x1, 0x0) socket$kcm(0x29, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x3, 0x4, 0x4, 0x9, 0x0, 0x1}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) socket$rxrpc(0x21, 0x2, 0xa) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$kcm(0xf, 0x3, 0x2) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) socket$inet6(0xa, 0x3, 0x3c) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe(&(0x7f0000000480)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c0000002000010000000000000000000a80140900000007000001"], 0x4c}}, 0x40000) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet_mptcp(0x2, 0x1, 0x106) socket$inet_sctp(0x2, 0x5, 0x84) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xf, 0x4, 0x8, 0x1}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x15, 0xe, &(0x7f0000001440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000001800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x6}, 0x94) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000540)={0x0, 0x1f, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002606e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r4], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 594.501636ms ago: executing program 3 (id=7736): r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0xfffffffffffffdbc, 0x2, {{0x1, 0xd, 0x0, 0x9, 0x8}, 0x6, 0x1, 0x1, 0x4, 0x8, 0xe, 0x7, 0x1d, 0x3, 0x9, {0xa2d6, 0x200, 0xb, 0x40, 0x2, 0x1ff}}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x20004804) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x4, 0x5}, {}, {0x7, 0x5}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0xd, 0x0, 0x9, 0x3}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20048081}, 0xc0) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r8) socket$nl_route(0x10, 0x3, 0x0) r9 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r9, &(0x7f00000000c0)={&(0x7f0000000840)=@xdp={0x2c, 0x7, r10, 0x3e}, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)='\x00@', 0x2}], 0x1}, 0x4) 509.414816ms ago: executing program 1 (id=7737): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4020000}, 0x40) 343.972232ms ago: executing program 2 (id=7738): unshare(0x6a040000) 277.491468ms ago: executing program 1 (id=7739): bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kfree\x00'}, 0x18) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010200"/18, @ANYRES32=r2, @ANYBLOB="10005a800c0000800400020004000100"], 0x2c}, 0x1, 0x0, 0x0, 0x4810}, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet6_sctp(0xa, 0x5, 0x84) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r5, r4, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000000)=ANY=[], 0x0) 179.152127ms ago: executing program 4 (id=7740): getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x84, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000", @ANYRES32], 0x4c}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000400)={{{@in=@empty, @in=@empty, 0x0, 0x0, 0x0, 0xfffd, 0xa, 0x20, 0x30, 0x4}, {}, {}, 0x0, 0x0, 0x1, 0x0, 0x3}, {{@in6=@remote, 0x0, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x3}}, 0xe8) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000090c0)=[{{&(0x7f00000002c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x1, 0x0) 100.55816ms ago: executing program 1 (id=7741): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) pwrite64(r0, &(0x7f0000000200)="72d5cf028867cb5552cf8edfb96d9f39e4702882ffa841779c399b5af6e40707469819940335703f03cd23e302201b85d11c383b17fcf7c52104a37a94e814904d1b5f731c4d55f4e85fdd0cd3102b174878302de7ca50ff5efda6", 0x5b, 0x0) r2 = socket$netlink(0x10, 0x3, 0x8000000004) getsockopt$SO_TIMESTAMP(r2, 0x1, 0x3f, 0x0, &(0x7f0000000340)) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvmmsg(r0, &(0x7f0000002d40)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000002f00)=""/130, 0x82}], 0x1}, 0xfffffffd}], 0x1, 0x2120, 0x0) connect$l2tp(r1, &(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x3}, 0x10) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_init_net_socket$ax25(0x3, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='devices.list\x00', 0x275a, 0x0) write$cgroup_subtree(r4, &(0x7f0000000200)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0) unshare(0x24020400) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58) syz_genetlink_get_family_id$ieee802154(&(0x7f00000006c0), 0xffffffffffffffff) bind$alg(r5, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'rfc3686(ctr-aes-aesni)\x00'}, 0x58) bind$bt_l2cap(r3, &(0x7f00000021c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0xe) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000440)={0x500, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02"], 0x30}, 0x19}, 0x0) 556.878µs ago: executing program 4 (id=7742): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$can_raw(r0, &(0x7f0000000000)={&(0x7f0000000200), 0x10, &(0x7f00000003c0)={&(0x7f0000000080)=@can={{0x3, 0x1, 0x0, 0x1}, 0x0, 0x1, 0x0, 0x0, "1d97ee3d10e02311"}, 0x10}, 0x2, 0x0, 0x0, 0x20000004}, 0x10044009) 0s ago: executing program 3 (id=7743): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000500), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000040000e41300050003030000000a0000005dc000000000010800020005000000140006"], 0x4c}, 0x1, 0x0, 0x20, 0x8004}, 0x4040000) kernel console output (not intermixed with test programs): nd3 (unregistering): Released all slaves [ 675.777925][T25489] ip6gre3: entered promiscuous mode [ 675.820619][T25489] ip6gre3: entered allmulticast mode [ 675.831232][T25495] wg1 speed is unknown, defaulting to 1000 [ 675.876815][T25495] wg1 speed is unknown, defaulting to 1000 [ 675.889102][T25495] lo speed is unknown, defaulting to 1000 [ 675.982975][T25518] bond0: Caught tx_queue_len zero misconfig [ 676.628217][T25550] netlink: 'syz.0.6203': attribute type 1 has an invalid length. [ 676.718304][ T5843] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 676.738033][ T5843] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 676.748419][ T5843] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 676.766131][T25550] xt_TCPMSS: Only works on TCP SYN packets [ 676.766389][ T5843] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 676.781670][ T5843] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 676.939389][T25555] wg1 speed is unknown, defaulting to 1000 [ 676.982874][T25555] wg1 speed is unknown, defaulting to 1000 [ 677.001048][T25555] lo speed is unknown, defaulting to 1000 [ 677.093132][T25570] netlink: 'syz.2.6209': attribute type 10 has an invalid length. [ 677.181322][T25570] bond0: (slave dummy0): Releasing backup interface [ 677.198009][T25570] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 677.207263][T25570] team0: Failed to send options change via netlink (err -105) [ 677.215070][T25570] team0: Port device dummy0 added [ 677.304102][T15604] syz_tun (unregistering): left allmulticast mode [ 677.718559][T25603] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 677.786483][T25555] chnl_net:caif_netlink_parms(): no params data found [ 677.854924][T25610] __nla_validate_parse: 12 callbacks suppressed [ 677.854945][T25610] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6219'. [ 677.920526][T25612] netlink: 128 bytes leftover after parsing attributes in process `syz.2.6219'. [ 677.945048][T25612] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 678.079091][T25625] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6222'. [ 678.119401][T25555] bridge0: port 1(bridge_slave_0) entered blocking state [ 678.128539][T25555] bridge0: port 1(bridge_slave_0) entered disabled state [ 678.135969][T25555] bridge_slave_0: entered allmulticast mode [ 678.146542][T25555] bridge_slave_0: entered promiscuous mode [ 678.157105][T25623] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6223'. [ 678.207114][T25555] bridge0: port 2(bridge_slave_1) entered blocking state [ 678.216256][T25555] bridge0: port 2(bridge_slave_1) entered disabled state [ 678.235440][T25555] bridge_slave_1: entered allmulticast mode [ 678.261798][T25555] bridge_slave_1: entered promiscuous mode [ 678.292990][T25633] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6222'. [ 678.333301][T25629] netlink: 96 bytes leftover after parsing attributes in process `syz.0.6224'. [ 678.396125][T25625] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 678.442605][T25555] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 678.478717][T25555] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 678.559373][T25625] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 678.678824][T25646] FAULT_INJECTION: forcing a failure. [ 678.678824][T25646] name failslab, interval 1, probability 0, space 0, times 0 [ 678.693949][T25646] CPU: 1 UID: 0 PID: 25646 Comm: syz.2.6229 Not tainted syzkaller #0 PREEMPT(full) [ 678.693980][T25646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 678.693995][T25646] Call Trace: [ 678.694005][T25646] [ 678.694015][T25646] dump_stack_lvl+0xe8/0x150 [ 678.694051][T25646] should_fail_ex+0x414/0x560 [ 678.694093][T25646] should_failslab+0xa8/0x100 [ 678.694123][T25646] __kmalloc_cache_noprof+0x84/0x700 [ 678.694149][T25646] ? nfc_genl_rcv_nl_event+0xa8/0x2e0 [ 678.694182][T25646] ? blocking_notifier_call_chain+0x54/0x90 [ 678.694216][T25646] nfc_genl_rcv_nl_event+0xa8/0x2e0 [ 678.694255][T25646] notifier_call_chain+0x19d/0x3a0 [ 678.694309][T25646] blocking_notifier_call_chain+0x6a/0x90 [ 678.694341][T25646] netlink_release+0x1214/0x1aa0 [ 678.694383][T25646] ? netlink_release+0x101/0x1aa0 [ 678.694418][T25646] ? __pfx_netlink_release+0x10/0x10 [ 678.694448][T25646] ? down_write+0x162/0x1f0 [ 678.694479][T25646] ? __pfx_down_write+0x10/0x10 [ 678.694508][T25646] ? locks_remove_posix+0x381/0x630 [ 678.694548][T25646] sock_close+0xc3/0x240 [ 678.694591][T25646] ? __pfx_sock_close+0x10/0x10 [ 678.694624][T25646] __fput+0x44c/0xa70 [ 678.694667][T25646] fput_close_sync+0x113/0x220 [ 678.694698][T25646] ? __pfx_fput_close_sync+0x10/0x10 [ 678.694742][T25646] __x64_sys_close+0x7f/0x110 [ 678.694775][T25646] do_syscall_64+0xec/0xf80 [ 678.694802][T25646] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.694824][T25646] ? trace_irq_disable+0x37/0x100 [ 678.694852][T25646] ? clear_bhb_loop+0x60/0xb0 [ 678.694880][T25646] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.694902][T25646] RIP: 0033:0x7fd8f098e3aa [ 678.694922][T25646] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 43 91 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 a3 91 02 00 8b 44 24 [ 678.694942][T25646] RSP: 002b:00007fd8f17a0f90 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 678.694965][T25646] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 00007fd8f098e3aa [ 678.694981][T25646] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 678.694996][T25646] RBP: 000000000000000e R08: 0000000000000000 R09: 0000000000000000 [ 678.695009][T25646] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 678.695022][T25646] R13: 00007fd8f0be6128 R14: 00007fd8f0be6090 R15: 00007ffe4e535338 [ 678.695059][T25646] [ 678.788938][T25625] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 678.863511][ T5841] Bluetooth: hci5: command tx timeout [ 679.007592][T25555] team0: Port device team_slave_0 added [ 679.016587][T25555] team0: Port device team_slave_1 added [ 679.077675][T25625] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.151302][T25555] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 679.166906][T25555] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 679.226385][T25555] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 679.248575][T25555] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 679.282909][T25555] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 679.313445][T25555] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 679.373013][T25643] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6228'. [ 679.412518][T25555] hsr_slave_0: entered promiscuous mode [ 679.419206][T25555] hsr_slave_1: entered promiscuous mode [ 679.425940][T25555] debugfs: 'hsr0' already exists in 'hsr' [ 679.433226][T25555] Cannot create hsr debugfs directory [ 679.450205][T25658] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6228'. [ 679.459221][T25658] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6228'. [ 679.479026][ T3421] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.572521][ T7648] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.666451][ T7648] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.676540][T25665] netlink: 96 bytes leftover after parsing attributes in process `syz.0.6234'. [ 679.714761][ T7648] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.311888][T25680] xfrm0: entered promiscuous mode [ 680.327401][T25680] xfrm0: entered allmulticast mode [ 680.745670][T25690] netlink: 'syz.2.6242': attribute type 12 has an invalid length. [ 680.921508][T25555] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 680.944703][T25555] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 680.979998][ T5841] Bluetooth: hci5: command tx timeout [ 680.994987][T25555] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 681.017944][T25555] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 681.317321][T25555] 8021q: adding VLAN 0 to HW filter on device bond0 [ 681.373051][T25555] 8021q: adding VLAN 0 to HW filter on device team0 [ 681.400686][ T3421] bridge0: port 1(bridge_slave_0) entered blocking state [ 681.408016][ T3421] bridge0: port 1(bridge_slave_0) entered forwarding state [ 681.463618][ T3421] bridge0: port 2(bridge_slave_1) entered blocking state [ 681.470965][ T3421] bridge0: port 2(bridge_slave_1) entered forwarding state [ 681.559157][T25712] syz_tun: left allmulticast mode [ 681.717027][T25720] syz_tun: entered allmulticast mode [ 681.915052][T25728] netlink: 'syz.0.6251': attribute type 13 has an invalid length. [ 682.107985][T25555] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 682.224751][T25555] veth0_vlan: entered promiscuous mode [ 682.247106][T25555] veth1_vlan: entered promiscuous mode [ 682.325989][T25555] veth0_macvtap: entered promiscuous mode [ 682.358941][T25555] veth1_macvtap: entered promiscuous mode [ 682.407165][T25555] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 682.443693][T25555] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 682.551211][ T7650] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.588877][ T7650] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.633219][ T7650] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.658461][ T7650] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.915446][T25742] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 682.964428][ T7654] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 683.000437][ T7654] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 683.052852][T25747] __nla_validate_parse: 4 callbacks suppressed [ 683.052872][T25747] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6258'. [ 683.068412][ T5841] Bluetooth: hci5: command tx timeout [ 683.081275][T25742] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 683.108434][ T3421] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 683.126290][ T3421] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 683.168238][T25742] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 683.203605][T25755] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6263'. [ 683.248266][T25755] vlan2: entered promiscuous mode [ 683.264740][T25755] bridge0: entered promiscuous mode [ 683.287325][ T982] IPVS: starting estimator thread 0... [ 683.338837][T25742] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 683.409784][T25762] IPVS: using max 28 ests per chain, 67200 per kthread [ 683.526298][T25769] netlink: 'syz.0.6267': attribute type 4 has an invalid length. [ 683.603429][T25769] netlink: 'syz.0.6267': attribute type 4 has an invalid length. [ 683.835359][T25769] bridge0: port 2(bridge_slave_1) entered disabled state [ 683.843182][T25769] bridge0: port 1(bridge_slave_0) entered disabled state [ 684.040638][T25769] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 684.069308][T25769] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 684.470842][ T7654] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 684.494326][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 684.505131][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 684.514109][T24244] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 684.520612][ T7654] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 684.552516][T24244] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 684.574657][T24244] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 684.587608][ T7654] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 684.623063][T25782] netlink: 116 bytes leftover after parsing attributes in process `syz.1.6271'. [ 684.641542][ T7654] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 684.719425][T25787] geneve2: entered promiscuous mode [ 684.727533][T25787] geneve2: entered allmulticast mode [ 684.742481][ T7654] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.787021][ T7654] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.823744][T25786] wg1 speed is unknown, defaulting to 1000 [ 684.827764][T23386] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.884493][T25786] wg1 speed is unknown, defaulting to 1000 [ 684.887379][T23386] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.927459][T25786] lo speed is unknown, defaulting to 1000 [ 684.954889][T25784] wg1 speed is unknown, defaulting to 1000 [ 685.028008][T25784] wg1 speed is unknown, defaulting to 1000 [ 685.091641][T15933] syz_tun (unregistering): left allmulticast mode [ 685.117474][T25784] lo speed is unknown, defaulting to 1000 [ 685.140357][ C1] bridge0: port 3(dummy0) entered learning state [ 685.148322][ T5841] Bluetooth: hci5: command tx timeout [ 685.694756][T25807] netlink: 27 bytes leftover after parsing attributes in process `syz.4.6278'. [ 685.871410][T25819] netlink: 'syz.3.6281': attribute type 6 has an invalid length. [ 686.388175][T25821] dummy0: entered promiscuous mode [ 686.420774][T25821] macsec1: entered promiscuous mode [ 686.426555][T25821] macsec1: entered allmulticast mode [ 686.432104][T25821] dummy0: entered allmulticast mode [ 686.513557][T25821] dummy0: left allmulticast mode [ 686.519326][T25821] dummy0: left promiscuous mode [ 686.546769][T25828] ip6tnl1: entered promiscuous mode [ 686.552490][T25828] ip6tnl1: entered allmulticast mode [ 686.604878][T25784] chnl_net:caif_netlink_parms(): no params data found [ 686.661954][ T5841] Bluetooth: hci0: command tx timeout [ 686.713748][ T7652] bridge_slave_1: left allmulticast mode [ 686.719463][ T7652] bridge_slave_1: left promiscuous mode [ 686.726580][ T7652] bridge0: port 2(bridge_slave_1) entered disabled state [ 686.762054][ T7652] bridge_slave_0: left allmulticast mode [ 686.778365][ T7652] bridge_slave_0: left promiscuous mode [ 686.785082][ T7652] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.770883][ T7652] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 687.781604][ T7652] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 687.791931][ T7652] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 687.801619][ T7652] bond0 (unregistering): Released all slaves [ 687.817225][ T7652] bond1 (unregistering): Released all slaves [ 687.894708][T25843] A link change request failed with some changes committed already. Interface hsr0 may have been left with an inconsistent configuration, please check. [ 687.958868][ T7652] tipc: Left network mode [ 688.067909][T25861] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6292'. [ 688.112835][T25784] bridge0: port 1(bridge_slave_0) entered blocking state [ 688.147328][T25784] bridge0: port 1(bridge_slave_0) entered disabled state [ 688.172770][T25784] bridge_slave_0: entered allmulticast mode [ 688.209030][T25784] bridge_slave_0: entered promiscuous mode [ 688.216647][T25867] netlink: 68 bytes leftover after parsing attributes in process `syz.4.6294'. [ 688.251002][T25784] bridge0: port 2(bridge_slave_1) entered blocking state [ 688.258196][T25784] bridge0: port 2(bridge_slave_1) entered disabled state [ 688.276420][T25784] bridge_slave_1: entered allmulticast mode [ 688.286736][T25784] bridge_slave_1: entered promiscuous mode [ 688.412874][T25875] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 688.554437][T25784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 688.590562][T25862] wg1 speed is unknown, defaulting to 1000 [ 688.633228][T25881] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6297'. [ 688.671097][T25784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 688.697935][T25862] wg1 speed is unknown, defaulting to 1000 [ 688.740394][ T5841] Bluetooth: hci0: command tx timeout [ 688.774274][T25862] lo speed is unknown, defaulting to 1000 [ 688.836426][T25784] team0: Port device team_slave_0 added [ 688.861392][T25884] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6297'. [ 688.871122][T25883] wg1 speed is unknown, defaulting to 1000 [ 688.894198][T25784] team0: Port device team_slave_1 added [ 688.942232][T25883] wg1 speed is unknown, defaulting to 1000 [ 688.988494][T25889] bridge0: port 1(bridge_slave_0) entered disabled state [ 689.009638][T25883] lo speed is unknown, defaulting to 1000 [ 689.033146][T25784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 689.048628][T25784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 689.104770][T25784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 689.128720][T25784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 689.136056][T25784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 689.168886][T25784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 689.185200][ T7652] hsr_slave_0: left promiscuous mode [ 689.270541][ T7652] hsr_slave_1: left promiscuous mode [ 689.280661][ T7652] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 689.793409][ T7652] team0 (unregistering): Port device team_slave_1 removed [ 689.836238][ T7652] team0 (unregistering): Port device team_slave_0 removed [ 690.112537][ T7652] team0 (unregistering): Port device dummy0 removed [ 690.323985][T16157] lo speed is unknown, defaulting to 1000 [ 690.324564][T25896] syzkaller0: entered promiscuous mode [ 690.329804][T16157] infiniband syz1: ib_query_port failed (-19) [ 690.342879][T25896] syzkaller0: entered allmulticast mode [ 690.517239][T25915] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6304'. [ 690.542656][T25915] FAULT_INJECTION: forcing a failure. [ 690.542656][T25915] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 690.566768][T25917] xt_hashlimit: max too large, truncated to 1048576 [ 690.573905][T25915] CPU: 1 UID: 0 PID: 25915 Comm: syz.3.6304 Not tainted syzkaller #0 PREEMPT(full) [ 690.573936][T25915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 690.573950][T25915] Call Trace: [ 690.573959][T25915] [ 690.573968][T25915] dump_stack_lvl+0xe8/0x150 [ 690.574003][T25915] should_fail_ex+0x414/0x560 [ 690.574042][T25915] _copy_from_user+0x2d/0xb0 [ 690.574071][T25915] ___sys_sendmsg+0x158/0x2a0 [ 690.574104][T25915] ? __pfx____sys_sendmsg+0x10/0x10 [ 690.574130][T25915] ? __lock_acquire+0x6b6/0x2cf0 [ 690.574199][T25915] __sys_sendmmsg+0x227/0x430 [ 690.574231][T25915] ? __pfx___sys_sendmmsg+0x10/0x10 [ 690.574255][T25915] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 690.574302][T25915] ? ksys_write+0x22a/0x250 [ 690.574322][T25915] ? __pfx_ksys_write+0x10/0x10 [ 690.574349][T25915] __x64_sys_sendmmsg+0xa0/0xc0 [ 690.574380][T25915] do_syscall_64+0xec/0xf80 [ 690.574405][T25915] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 690.574426][T25915] ? trace_irq_disable+0x37/0x100 [ 690.574463][T25915] ? clear_bhb_loop+0x60/0xb0 [ 690.574488][T25915] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 690.574510][T25915] RIP: 0033:0x7f4587d8f749 [ 690.574529][T25915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 690.574549][T25915] RSP: 002b:00007f4588b71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 690.574571][T25915] RAX: ffffffffffffffda RBX: 00007f4587fe5fa0 RCX: 00007f4587d8f749 [ 690.574587][T25915] RDX: 000000000000fdef RSI: 00002000000020c0 RDI: 0000000000000006 [ 690.574601][T25915] RBP: 00007f4588b71090 R08: 0000000000000000 R09: 0000000000000000 [ 690.574614][T25915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 690.574625][T25915] R13: 00007f4587fe6038 R14: 00007f4587fe5fa0 R15: 00007fff986ff798 [ 690.574659][T25915] [ 690.807729][T25784] hsr_slave_0: entered promiscuous mode [ 690.821076][ T5841] Bluetooth: hci0: command tx timeout [ 690.828075][T25784] hsr_slave_1: entered promiscuous mode [ 690.841699][T25784] debugfs: 'hsr0' already exists in 'hsr' [ 690.847618][T25784] Cannot create hsr debugfs directory [ 690.852408][T25919] netlink: 'syz.1.6306': attribute type 10 has an invalid length. [ 690.868765][T25919] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 690.906879][ T1299] aoe: packet could not be sent on bond0. consider increasing tx_queue_len [ 691.355797][T25939] FAULT_INJECTION: forcing a failure. [ 691.355797][T25939] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 691.397663][T25939] CPU: 0 UID: 0 PID: 25939 Comm: syz.4.6314 Not tainted syzkaller #0 PREEMPT(full) [ 691.397692][T25939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 691.397705][T25939] Call Trace: [ 691.397713][T25939] [ 691.397722][T25939] dump_stack_lvl+0xe8/0x150 [ 691.397753][T25939] should_fail_ex+0x414/0x560 [ 691.397790][T25939] _copy_from_iter+0x1cd/0x1630 [ 691.397813][T25939] ? rcu_is_watching+0x15/0xb0 [ 691.397838][T25939] ? trace_kmem_cache_alloc+0x1f/0xb0 [ 691.397867][T25939] ? kmem_cache_alloc_node_noprof+0x48c/0x720 [ 691.397898][T25939] ? kmalloc_reserve+0xbd/0x290 [ 691.397923][T25939] ? __pfx__copy_from_iter+0x10/0x10 [ 691.397953][T25939] ? netlink_sendmsg+0x642/0xb30 [ 691.397980][T25939] ? skb_put+0x11b/0x210 [ 691.398007][T25939] netlink_sendmsg+0x6b2/0xb30 [ 691.398045][T25939] ? __pfx_netlink_sendmsg+0x10/0x10 [ 691.398078][T25939] ? aa_sock_msg_perm+0xf1/0x1b0 [ 691.398115][T25939] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 691.398133][T25939] ? __pfx_netlink_sendmsg+0x10/0x10 [ 691.398164][T25939] __sock_sendmsg+0x21c/0x270 [ 691.398198][T25939] ____sys_sendmsg+0x505/0x820 [ 691.398229][T25939] ? __pfx_____sys_sendmsg+0x10/0x10 [ 691.398263][T25939] ? import_iovec+0x74/0xa0 [ 691.398291][T25939] ___sys_sendmsg+0x21f/0x2a0 [ 691.398319][T25939] ? __pfx____sys_sendmsg+0x10/0x10 [ 691.398377][T25939] ? __fget_files+0x2a/0x420 [ 691.398402][T25939] ? __fget_files+0x3a0/0x420 [ 691.398436][T25939] __x64_sys_sendmsg+0x19b/0x260 [ 691.398464][T25939] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 691.398500][T25939] ? __pfx_ksys_write+0x10/0x10 [ 691.398530][T25939] do_syscall_64+0xec/0xf80 [ 691.398555][T25939] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 691.398573][T25939] ? trace_irq_disable+0x37/0x100 [ 691.398599][T25939] ? clear_bhb_loop+0x60/0xb0 [ 691.398621][T25939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 691.398640][T25939] RIP: 0033:0x7eff7cd8f749 [ 691.398657][T25939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 691.398675][T25939] RSP: 002b:00007eff7dcb7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 691.398697][T25939] RAX: ffffffffffffffda RBX: 00007eff7cfe5fa0 RCX: 00007eff7cd8f749 [ 691.398712][T25939] RDX: 000000000000c050 RSI: 0000200000000cc0 RDI: 0000000000000003 [ 691.398725][T25939] RBP: 00007eff7dcb7090 R08: 0000000000000000 R09: 0000000000000000 [ 691.398738][T25939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 691.398750][T25939] R13: 00007eff7cfe6038 R14: 00007eff7cfe5fa0 R15: 00007ffebe9d1e18 [ 691.398781][T25939] [ 691.815252][T25948] netlink: 48 bytes leftover after parsing attributes in process `syz.0.6316'. [ 692.144263][T25959] tipc: Started in network mode [ 692.149292][T25959] tipc: Node identity ea745b0c4cf8, cluster identity 4711 [ 692.158475][T25959] tipc: Enabled bearer , priority 0 [ 692.263751][T25959] syzkaller0: entered promiscuous mode [ 692.269412][T25959] syzkaller0: entered allmulticast mode [ 692.275833][T25959] tipc: Resetting bearer [ 692.332080][T25957] tipc: Resetting bearer [ 692.637977][T25980] netlink: 'syz.3.6326': attribute type 3 has an invalid length. [ 693.253260][T25994] netlink: 212360 bytes leftover after parsing attributes in process `syz.4.6331'. [ 693.322071][T25995] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6331'. [ 694.127556][T25957] tipc: Disabling bearer [ 694.152399][ T794] tipc: Node number set to 2794216204 [ 694.167940][T25988] netlink: 308 bytes leftover after parsing attributes in process `syz.3.6328'. [ 694.181511][T25988] netlink: 308 bytes leftover after parsing attributes in process `syz.3.6328'. [ 694.237613][T26001] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6332'. [ 694.306386][T26004] IPv6: addrconf: prefix option has invalid lifetime [ 694.319433][T26005] RDS: rds_bind could not find a transport for ::ffff:10.1.1.2, load rds_tcp or rds_rdma? [ 694.367644][T26006] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6332'. [ 694.385635][T26001] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.416465][T26008] netlink: 'syz.0.6333': attribute type 21 has an invalid length. [ 694.537407][T26001] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.639932][T25784] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 694.729972][T26001] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.750380][T25784] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 694.765094][T25784] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 694.807947][T26001] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.845449][T25784] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 694.868766][T26027] netlink: 1084 bytes leftover after parsing attributes in process `syz.3.6339'. [ 694.883800][T26027] lo: Caught tx_queue_len zero misconfig [ 695.033167][T23386] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.084308][T23386] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.138035][T23386] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.181904][ T7652] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.312776][T25784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 695.375912][T25784] 8021q: adding VLAN 0 to HW filter on device team0 [ 695.443173][T24423] bridge0: port 1(bridge_slave_0) entered blocking state [ 695.450429][T24423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 695.564316][T24423] bridge0: port 2(bridge_slave_1) entered blocking state [ 695.571570][T24423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 695.672790][T26048] wg1 speed is unknown, defaulting to 1000 [ 695.737407][T26048] wg1 speed is unknown, defaulting to 1000 [ 695.985685][T25784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 696.193178][T25784] veth0_vlan: entered promiscuous mode [ 696.214439][T25784] veth1_vlan: entered promiscuous mode [ 696.298284][T25784] veth0_macvtap: entered promiscuous mode [ 696.313195][T25784] veth1_macvtap: entered promiscuous mode [ 696.417008][T25784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 696.453210][T25784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 696.496448][T24423] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.576951][T24423] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.649451][T24423] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.694545][T24423] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.749482][T26082] netlink: 'syz.4.6350': attribute type 10 has an invalid length. [ 696.774448][T26082] netlink: 228 bytes leftover after parsing attributes in process `syz.4.6350'. [ 696.849048][T26082] x_tables: duplicate underflow at hook 2 [ 696.990286][T26087] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6353'. [ 697.072199][ T1328] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 697.083258][ T1328] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 697.219315][T26093] tipc: Can't bind to reserved service type 0 [ 697.274801][ T7652] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 697.293362][ T7652] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 697.312799][T26085] netlink: 1372 bytes leftover after parsing attributes in process `syz.3.6352'. [ 697.316137][ T30] audit: type=1804 audit(1768578716.404:11): pid=26095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.6356" name="/newroot/61/cgroup.controllers" dev="tmpfs" ino=324 res=1 errno=0 [ 697.391709][ T30] audit: type=1800 audit(1768578716.444:12): pid=26095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6356" name="cgroup.controllers" dev="tmpfs" ino=324 res=0 errno=0 [ 698.910615][T26142] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6372'. [ 698.924903][T26143] syz_tun: entered allmulticast mode [ 698.950639][T26138] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6375'. [ 698.960760][T26138] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6375'. [ 699.158372][T26153] Cannot find add_set index 2 as target [ 699.417720][T26163] FAULT_INJECTION: forcing a failure. [ 699.417720][T26163] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 699.434827][T26163] CPU: 0 UID: 0 PID: 26163 Comm: syz.4.6382 Not tainted syzkaller #0 PREEMPT(full) [ 699.434861][T26163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 699.434875][T26163] Call Trace: [ 699.434884][T26163] [ 699.434893][T26163] dump_stack_lvl+0xe8/0x150 [ 699.434927][T26163] should_fail_ex+0x414/0x560 [ 699.434967][T26163] _copy_from_user+0x2d/0xb0 [ 699.434995][T26163] kstrtouint_from_user+0xc4/0x170 [ 699.435021][T26163] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 699.435062][T26163] proc_fail_nth_write+0x88/0x200 [ 699.435085][T26163] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 699.435115][T26163] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 699.435139][T26163] vfs_write+0x27e/0xb30 [ 699.435171][T26163] ? __pfx_vfs_write+0x10/0x10 [ 699.435194][T26163] ? __fget_files+0x2a/0x420 [ 699.435226][T26163] ? __fget_files+0x3a0/0x420 [ 699.435251][T26163] ? __fget_files+0x2a/0x420 [ 699.435288][T26163] ksys_write+0x145/0x250 [ 699.435313][T26163] ? __pfx_ksys_write+0x10/0x10 [ 699.435330][T26163] ? fput+0xa0/0xd0 [ 699.435380][T26163] do_syscall_64+0xec/0xf80 [ 699.435407][T26163] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 699.435427][T26163] ? trace_irq_disable+0x37/0x100 [ 699.435454][T26163] ? clear_bhb_loop+0x60/0xb0 [ 699.435480][T26163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 699.435501][T26163] RIP: 0033:0x7eff7cd8e1ff [ 699.435520][T26163] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 699.435539][T26163] RSP: 002b:00007eff7dcb7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 699.435561][T26163] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007eff7cd8e1ff [ 699.435576][T26163] RDX: 0000000000000001 RSI: 00007eff7dcb70a0 RDI: 0000000000000004 [ 699.435589][T26163] RBP: 00007eff7dcb7090 R08: 0000000000000000 R09: 0000000000000000 [ 699.435602][T26163] R10: 0000200000000040 R11: 0000000000000293 R12: 0000000000000001 [ 699.435617][T26163] R13: 00007eff7cfe6038 R14: 00007eff7cfe5fa0 R15: 00007ffebe9d1e18 [ 699.435653][T26163] [ 699.859371][T26172] smc: net device hsr0 applied user defined pnetid SYZ2 [ 700.004578][T26177] syzkaller0: entered promiscuous mode [ 700.010734][T26177] syzkaller0: entered allmulticast mode [ 700.033365][T26177] 0: reclassify loop, rule prio 0, protocol 800 [ 700.041964][T26178] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6388'. [ 700.308042][T26188] bridge0: port 1(bridge_slave_0) entered blocking state [ 700.315352][T26188] bridge0: port 1(bridge_slave_0) entered forwarding state [ 700.333898][T26188] bridge0: port 1(bridge_slave_0) entered disabled state [ 700.356903][T26188] bridge0: port 2(bridge_slave_1) entered disabled state [ 700.688877][T26198] syz_tun: entered allmulticast mode [ 701.051705][T26219] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6400'. [ 701.555396][T26211] bond0: (slave dummy0): Releasing backup interface [ 701.587355][T26211] bridge_slave_0: left allmulticast mode [ 701.608694][T26211] bridge_slave_0: left promiscuous mode [ 701.629913][T26211] bridge0: port 1(bridge_slave_0) entered disabled state [ 701.688564][T26211] bridge_slave_1: left allmulticast mode [ 701.699759][T26211] bridge_slave_1: left promiscuous mode [ 701.727209][T26211] bridge0: port 2(bridge_slave_1) entered disabled state [ 701.800833][T26211] bond0: (slave bond_slave_0): Releasing backup interface [ 701.866903][T26211] bond0: (slave bond_slave_1): Releasing backup interface [ 701.894335][T26211] team0: Port device team_slave_0 removed [ 701.930360][T26211] team0: Port device team_slave_1 removed [ 701.942528][T26248] netlink: 104 bytes leftover after parsing attributes in process `syz.3.6411'. [ 701.952373][T26211] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 701.985043][T26211] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 702.003952][T26211] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 702.068015][T26251] netlink: 88 bytes leftover after parsing attributes in process `syz.3.6412'. [ 702.407210][T26266] netlink: 'syz.0.6420': attribute type 2 has an invalid length. [ 702.440780][T26268] netlink: 'syz.0.6420': attribute type 2 has an invalid length. [ 703.033897][T26295] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6426'. [ 703.250520][T26298] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6428'. [ 703.378358][T26300] ipvlan2: entered promiscuous mode [ 703.410796][T26300] bridge0: port 3(ipvlan2) entered blocking state [ 703.439899][T26300] bridge0: port 3(ipvlan2) entered disabled state [ 703.446741][T26300] ipvlan2: entered allmulticast mode [ 703.481803][T26300] bridge0: entered allmulticast mode [ 703.499224][T26300] ipvlan2: left allmulticast mode [ 703.518484][T26300] bridge0: left allmulticast mode [ 703.540810][T26305] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6432'. [ 703.715818][T26313] netlink: 'syz.0.6435': attribute type 1 has an invalid length. [ 703.765738][T26313] 8021q: adding VLAN 0 to HW filter on device bond1 [ 703.856302][T26313] vlan2: entered promiscuous mode [ 703.861618][T26313] bond1: entered promiscuous mode [ 703.866852][T26313] vlan2: entered allmulticast mode [ 703.873089][T26313] bond1: entered allmulticast mode [ 703.880297][T26322] netlink: 'syz.2.6438': attribute type 6 has an invalid length. [ 704.004084][T26329] __nla_validate_parse: 1 callbacks suppressed [ 704.004104][T26329] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6441'. [ 704.056328][T26333] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6441'. [ 704.165365][T26338] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6443'. [ 704.210929][T26342] xt_hashlimit: size too large, truncated to 1048576 [ 704.222635][T26338] vlan2: entered promiscuous mode [ 704.237143][T26338] bridge0: entered promiscuous mode [ 704.388872][T26352] pim6reg: entered allmulticast mode [ 704.580238][T26345] pim6reg: left allmulticast mode [ 704.692471][T26358] syzkaller1: entered promiscuous mode [ 704.700725][T26358] syzkaller1: entered allmulticast mode [ 704.744183][T26365] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6451'. [ 704.764226][T26365] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6451'. [ 704.785856][T26367] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6453'. [ 704.896324][T26368] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6453'. [ 704.961706][T26373] tipc: Started in network mode [ 704.975290][T26373] tipc: Node identity eac62e2f9496, cluster identity 4711 [ 704.989891][T26373] tipc: Enabled bearer , priority 0 [ 704.999918][T26376] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6456'. [ 705.030780][T26373] syzkaller0: entered promiscuous mode [ 705.036308][T26373] syzkaller0: entered allmulticast mode [ 705.097245][T26378] netlink: 96 bytes leftover after parsing attributes in process `syz.2.6457'. [ 705.239374][T26372] tipc: Resetting bearer [ 705.293624][T26372] tipc: Disabling bearer [ 705.328807][T26388] netlink: 'syz.1.6460': attribute type 9 has an invalid length. [ 705.336754][T26388] netlink: 'syz.1.6460': attribute type 11 has an invalid length. [ 705.347155][T26388] netlink: 'syz.1.6460': attribute type 12 has an invalid length. [ 705.392307][T26388] netlink: 210020 bytes leftover after parsing attributes in process `syz.1.6460'. [ 705.575738][T26398] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 705.645874][T26404] ip6tnl2: entered allmulticast mode [ 706.119449][T26423] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 706.634346][T26440] Bluetooth: MGMT ver 1.23 [ 707.387525][T26469] netlink: 'syz.0.6481': attribute type 13 has an invalid length. [ 707.460921][T26468] block nbd3: server does not support multiple connections per device. [ 707.471088][T26468] block nbd3: shutting down sockets [ 707.907386][T26491] netlink: 'syz.0.6491': attribute type 10 has an invalid length. [ 707.942838][T26491] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 708.270594][T26512] netlink: 'syz.4.6499': attribute type 10 has an invalid length. [ 708.304232][T26512] team0: Port device dummy0 added [ 708.330180][T26512] netlink: 'syz.4.6499': attribute type 10 has an invalid length. [ 708.483863][T26520] netlink: 'syz.3.6503': attribute type 39 has an invalid length. [ 708.555831][T26523] netlink: 'syz.0.6504': attribute type 10 has an invalid length. [ 708.575835][T26523] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 708.766952][T26531] syzkaller0: entered promiscuous mode [ 708.773655][T26531] syzkaller0: entered allmulticast mode [ 709.119195][T26548] __nla_validate_parse: 7 callbacks suppressed [ 709.119216][T26548] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6513'. [ 710.615350][T26538] ip6erspan0: entered allmulticast mode [ 710.813081][T26565] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6516'. [ 710.826695][T26562] 8021q: VLANs not supported on caif0 [ 710.848138][T26567] netlink: 76 bytes leftover after parsing attributes in process `syz.4.6517'. [ 710.858927][T26562] tunl0: Caught tx_queue_len zero misconfig [ 710.871965][T26569] FAULT_INJECTION: forcing a failure. [ 710.871965][T26569] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 710.886900][T26569] CPU: 1 UID: 0 PID: 26569 Comm: syz.1.6516 Not tainted syzkaller #0 PREEMPT(full) [ 710.886931][T26569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 710.886946][T26569] Call Trace: [ 710.886955][T26569] [ 710.886965][T26569] dump_stack_lvl+0xe8/0x150 [ 710.886999][T26569] should_fail_ex+0x414/0x560 [ 710.887040][T26569] _copy_from_user+0x2d/0xb0 [ 710.887069][T26569] ___sys_sendmsg+0x158/0x2a0 [ 710.887102][T26569] ? __pfx____sys_sendmsg+0x10/0x10 [ 710.887128][T26569] ? __lock_acquire+0x6b6/0x2cf0 [ 710.887206][T26569] __sys_sendmmsg+0x227/0x430 [ 710.887240][T26569] ? __pfx___sys_sendmmsg+0x10/0x10 [ 710.887265][T26569] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 710.887332][T26569] ? ksys_write+0x22a/0x250 [ 710.887356][T26569] ? __pfx_ksys_write+0x10/0x10 [ 710.887383][T26569] __x64_sys_sendmmsg+0xa0/0xc0 [ 710.887413][T26569] do_syscall_64+0xec/0xf80 [ 710.887439][T26569] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 710.887460][T26569] ? trace_irq_disable+0x37/0x100 [ 710.887495][T26569] ? clear_bhb_loop+0x60/0xb0 [ 710.887521][T26569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 710.887541][T26569] RIP: 0033:0x7f7aa0b8f749 [ 710.887561][T26569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 710.887580][T26569] RSP: 002b:00007f7aa1ad3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 710.887603][T26569] RAX: ffffffffffffffda RBX: 00007f7aa0de6090 RCX: 00007f7aa0b8f749 [ 710.887619][T26569] RDX: 000000000000fdef RSI: 00002000000020c0 RDI: 0000000000000006 [ 710.887634][T26569] RBP: 00007f7aa1ad3090 R08: 0000000000000000 R09: 0000000000000000 [ 710.887648][T26569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 710.887661][T26569] R13: 00007f7aa0de6128 R14: 00007f7aa0de6090 R15: 00007ffe880f7a68 [ 710.887696][T26569] [ 711.626297][T26582] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6523'. [ 711.877975][T26586] team_slave_0: Caught tx_queue_len zero misconfig [ 712.071303][T26605] 8021q: VLANs not supported on caif0 [ 712.326844][T26623] xt_hashlimit: Unknown mode mask 300, kernel too old? [ 712.526150][T26634] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6538'. [ 713.157082][T26645] netlink: 'syz.0.6542': attribute type 10 has an invalid length. [ 713.165211][T26645] netlink: 224 bytes leftover after parsing attributes in process `syz.0.6542'. [ 713.228344][T26612] lec:lec_atm_close: lec0: Shut down! [ 713.324162][T26650] netlink: 'syz.3.6544': attribute type 2 has an invalid length. [ 713.370341][T26650] netlink: 'syz.3.6544': attribute type 1 has an invalid length. [ 713.623484][T26663] 8021q: VLANs not supported on caif0 [ 713.715398][T26665] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6548'. [ 713.735947][ T7645] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 713.736165][T26665] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6548'. [ 713.761690][ T7645] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 713.774328][T26669] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6548'. [ 713.812050][ T7645] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 713.812550][T26669] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6548'. [ 713.831739][ T7645] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 714.265550][T26692] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 714.388778][T26690] syzkaller0: entered promiscuous mode [ 714.408813][T26690] syzkaller0: entered allmulticast mode [ 714.522674][T26705] FAULT_INJECTION: forcing a failure. [ 714.522674][T26705] name failslab, interval 1, probability 0, space 0, times 0 [ 714.554057][T26705] CPU: 0 UID: 0 PID: 26705 Comm: syz.2.6560 Not tainted syzkaller #0 PREEMPT(full) [ 714.554077][T26705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 714.554087][T26705] Call Trace: [ 714.554092][T26705] [ 714.554099][T26705] dump_stack_lvl+0xe8/0x150 [ 714.554122][T26705] should_fail_ex+0x414/0x560 [ 714.554152][T26705] should_failslab+0xa8/0x100 [ 714.554171][T26705] __kmalloc_noprof+0xdf/0x800 [ 714.554185][T26705] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 714.554208][T26705] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 714.554229][T26705] genl_start+0x180/0x6c0 [ 714.554244][T26705] ? netlink_lookup+0x30/0x200 [ 714.554268][T26705] __netlink_dump_start+0x469/0x7e0 [ 714.554294][T26705] genl_family_rcv_msg_dumpit+0x1e7/0x2c0 [ 714.554313][T26705] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 714.554328][T26705] ? genl_get_cmd+0x67f/0x910 [ 714.554347][T26705] ? __pfx_genl_start+0x10/0x10 [ 714.554360][T26705] ? __pfx_genl_dumpit+0x10/0x10 [ 714.554374][T26705] ? __pfx_genl_done+0x10/0x10 [ 714.554390][T26705] ? __lock_acquire+0x6b6/0x2cf0 [ 714.554412][T26705] genl_rcv_msg+0x5da/0x790 [ 714.554432][T26705] ? __pfx_genl_rcv_msg+0x10/0x10 [ 714.554467][T26705] ? __pfx_ieee802154_llsec_dump_devs+0x10/0x10 [ 714.554514][T26705] netlink_rcv_skb+0x208/0x470 [ 714.554547][T26705] ? __pfx_genl_rcv_msg+0x10/0x10 [ 714.554564][T26705] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 714.554582][T26705] ? genl_rcv+0x19/0x40 [ 714.554609][T26705] ? down_read+0x274/0x2e0 [ 714.554627][T26705] ? genl_rcv+0xd/0x40 [ 714.554643][T26705] genl_rcv+0x28/0x40 [ 714.554656][T26705] netlink_unicast+0x82f/0x9e0 [ 714.554681][T26705] ? __pfx_netlink_unicast+0x10/0x10 [ 714.554701][T26705] ? netlink_sendmsg+0x642/0xb30 [ 714.554720][T26705] ? skb_put+0x11b/0x210 [ 714.554740][T26705] netlink_sendmsg+0x805/0xb30 [ 714.554768][T26705] ? __pfx_netlink_sendmsg+0x10/0x10 [ 714.554791][T26705] ? aa_sock_msg_perm+0xf1/0x1b0 [ 714.554811][T26705] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 714.554823][T26705] ? __pfx_netlink_sendmsg+0x10/0x10 [ 714.554845][T26705] __sock_sendmsg+0x21c/0x270 [ 714.554871][T26705] ____sys_sendmsg+0x505/0x820 [ 714.554898][T26705] ? __pfx_____sys_sendmsg+0x10/0x10 [ 714.554923][T26705] ? import_iovec+0x74/0xa0 [ 714.554943][T26705] ___sys_sendmsg+0x21f/0x2a0 [ 714.554963][T26705] ? __pfx____sys_sendmsg+0x10/0x10 [ 714.555008][T26705] ? __fget_files+0x2a/0x420 [ 714.555025][T26705] ? __fget_files+0x3a0/0x420 [ 714.555050][T26705] __x64_sys_sendmsg+0x19b/0x260 [ 714.555071][T26705] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 714.555096][T26705] ? __pfx_ksys_write+0x10/0x10 [ 714.555118][T26705] do_syscall_64+0xec/0xf80 [ 714.555136][T26705] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 714.555150][T26705] ? trace_irq_disable+0x37/0x100 [ 714.555168][T26705] ? clear_bhb_loop+0x60/0xb0 [ 714.555185][T26705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 714.555198][T26705] RIP: 0033:0x7fcaff38f749 [ 714.555212][T26705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 714.555224][T26705] RSP: 002b:00007fcb0028e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 714.555239][T26705] RAX: ffffffffffffffda RBX: 00007fcaff5e5fa0 RCX: 00007fcaff38f749 [ 714.555250][T26705] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004 [ 714.555259][T26705] RBP: 00007fcb0028e090 R08: 0000000000000000 R09: 0000000000000000 [ 714.555268][T26705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 714.555276][T26705] R13: 00007fcaff5e6038 R14: 00007fcaff5e5fa0 R15: 00007ffeaeef8368 [ 714.555299][T26705] [ 715.221417][ C1] bridge0: port 3(dummy0) entered forwarding state [ 715.227977][ C1] bridge0: topology change detected, propagating [ 715.422615][T26720] FAULT_INJECTION: forcing a failure. [ 715.422615][T26720] name failslab, interval 1, probability 0, space 0, times 0 [ 715.436781][T26720] CPU: 0 UID: 0 PID: 26720 Comm: syz.3.6565 Not tainted syzkaller #0 PREEMPT(full) [ 715.436810][T26720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 715.436822][T26720] Call Trace: [ 715.436831][T26720] [ 715.436840][T26720] dump_stack_lvl+0xe8/0x150 [ 715.436870][T26720] should_fail_ex+0x414/0x560 [ 715.436907][T26720] should_failslab+0xa8/0x100 [ 715.436936][T26720] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 715.436981][T26720] ? __alloc_skb+0x190/0x720 [ 715.437002][T26720] ? __alloc_skb+0x1d5/0x720 [ 715.437040][T26720] ? __local_bh_enable_ip+0xd0/0x130 [ 715.437071][T26720] ? __alloc_skb+0x190/0x720 [ 715.437096][T26720] __alloc_skb+0x1d5/0x720 [ 715.437117][T26720] ? netlink_autobind+0xdb/0x300 [ 715.437146][T26720] ? netlink_autobind+0x2c2/0x300 [ 715.437181][T26720] netlink_sendmsg+0x5c6/0xb30 [ 715.437231][T26720] ? __pfx_netlink_sendmsg+0x10/0x10 [ 715.437263][T26720] ? aa_sock_msg_perm+0xf1/0x1b0 [ 715.437291][T26720] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 715.437309][T26720] ? __pfx_netlink_sendmsg+0x10/0x10 [ 715.437339][T26720] __sock_sendmsg+0x21c/0x270 [ 715.437372][T26720] ____sys_sendmsg+0x505/0x820 [ 715.437403][T26720] ? __pfx_____sys_sendmsg+0x10/0x10 [ 715.437437][T26720] ? import_iovec+0x74/0xa0 [ 715.437464][T26720] ___sys_sendmsg+0x21f/0x2a0 [ 715.437491][T26720] ? __pfx____sys_sendmsg+0x10/0x10 [ 715.437548][T26720] ? __fget_files+0x2a/0x420 [ 715.437569][T26720] ? __fget_files+0x3a0/0x420 [ 715.437601][T26720] __x64_sys_sendmsg+0x19b/0x260 [ 715.437627][T26720] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 715.437659][T26720] ? __pfx_ksys_write+0x10/0x10 [ 715.437694][T26720] do_syscall_64+0xec/0xf80 [ 715.437717][T26720] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.437736][T26720] ? trace_irq_disable+0x37/0x100 [ 715.437759][T26720] ? clear_bhb_loop+0x60/0xb0 [ 715.437781][T26720] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.437799][T26720] RIP: 0033:0x7f4587d8f749 [ 715.437817][T26720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 715.437833][T26720] RSP: 002b:00007f4588b71038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 715.437853][T26720] RAX: ffffffffffffffda RBX: 00007f4587fe5fa0 RCX: 00007f4587d8f749 [ 715.437867][T26720] RDX: 0000000020004000 RSI: 00002000000011c0 RDI: 0000000000000004 [ 715.437879][T26720] RBP: 00007f4588b71090 R08: 0000000000000000 R09: 0000000000000000 [ 715.437891][T26720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 715.437902][T26720] R13: 00007f4587fe6038 R14: 00007f4587fe5fa0 R15: 00007fff986ff798 [ 715.437932][T26720] [ 716.864989][T26706] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 716.886249][T26712] bridge0: port 2(bridge_slave_1) entered disabled state [ 716.895412][T26712] bridge0: port 1(bridge_slave_0) entered disabled state [ 716.960362][T26721] __nla_validate_parse: 3 callbacks suppressed [ 716.960385][T26721] netlink: 84 bytes leftover after parsing attributes in process `syz.4.6564'. [ 716.990621][T26725] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 717.041545][T26732] netlink: 'syz.2.6568': attribute type 4 has an invalid length. [ 717.079772][T26732] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6568'. [ 717.598638][T26751] netlink: 72 bytes leftover after parsing attributes in process `syz.2.6575'. [ 717.608005][T26751] netlink: 72 bytes leftover after parsing attributes in process `syz.2.6575'. [ 717.617274][T26762] netlink: 'syz.1.6578': attribute type 23 has an invalid length. [ 718.014502][T26781] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6582'. [ 718.243198][T26793] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6586'. [ 718.361867][T26800] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6589'. [ 718.395758][T26798] wg1 speed is unknown, defaulting to 1000 [ 718.403516][T26798] wg1 speed is unknown, defaulting to 1000 [ 718.468604][T26805] syz_tun: entered allmulticast mode [ 718.505859][T26804] syz_tun: left allmulticast mode [ 718.736020][T26819] syzkaller1: entered promiscuous mode [ 718.770405][T26819] syzkaller1: entered allmulticast mode [ 718.867864][T26825] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6596'. [ 718.892180][T26825] FAULT_INJECTION: forcing a failure. [ 718.892180][T26825] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 718.929814][T26825] CPU: 1 UID: 0 PID: 26825 Comm: syz.0.6596 Not tainted syzkaller #0 PREEMPT(full) [ 718.929845][T26825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 718.929859][T26825] Call Trace: [ 718.929871][T26825] [ 718.929880][T26825] dump_stack_lvl+0xe8/0x150 [ 718.929913][T26825] should_fail_ex+0x414/0x560 [ 718.929954][T26825] _copy_from_user+0x2d/0xb0 [ 718.929982][T26825] ___sys_sendmsg+0x158/0x2a0 [ 718.930015][T26825] ? __pfx____sys_sendmsg+0x10/0x10 [ 718.930041][T26825] ? __lock_acquire+0x6b6/0x2cf0 [ 718.930115][T26825] __sys_sendmmsg+0x227/0x430 [ 718.930151][T26825] ? __pfx___sys_sendmmsg+0x10/0x10 [ 718.930177][T26825] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 718.930230][T26825] ? ksys_write+0x22a/0x250 [ 718.930254][T26825] ? __pfx_ksys_write+0x10/0x10 [ 718.930282][T26825] __x64_sys_sendmmsg+0xa0/0xc0 [ 718.930313][T26825] do_syscall_64+0xec/0xf80 [ 718.930340][T26825] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 718.930361][T26825] ? trace_irq_disable+0x37/0x100 [ 718.930390][T26825] ? clear_bhb_loop+0x60/0xb0 [ 718.930417][T26825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 718.930438][T26825] RIP: 0033:0x7f014e98f749 [ 718.930483][T26825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 718.930502][T26825] RSP: 002b:00007f014f782038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 718.930534][T26825] RAX: ffffffffffffffda RBX: 00007f014ebe5fa0 RCX: 00007f014e98f749 [ 718.930552][T26825] RDX: 000000000000fdef RSI: 00002000000020c0 RDI: 0000000000000006 [ 718.930566][T26825] RBP: 00007f014f782090 R08: 0000000000000000 R09: 0000000000000000 [ 718.930580][T26825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 718.930593][T26825] R13: 00007f014ebe6038 R14: 00007f014ebe5fa0 R15: 00007ffed1e4ce18 [ 718.930627][T26825] [ 719.400446][T26841] xt_hashlimit: Unknown mode mask 4000, kernel too old? [ 719.979934][T26880] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 720.285333][T26893] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6620'. [ 720.676876][T26906] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 720.746213][T26909] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6624'. [ 720.760150][T26912] 0ªî{X¹¦: renamed from gretap0 (while UP) [ 720.775878][T26912] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 720.920352][T26906] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 721.041678][T26924] vlan3: entered promiscuous mode [ 721.084733][T26906] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 721.145577][T26927] ipvlan2: entered promiscuous mode [ 721.161493][T26927] bridge0: port 3(ipvlan2) entered blocking state [ 721.168207][T26927] bridge0: port 3(ipvlan2) entered disabled state [ 721.176874][T26927] ipvlan2: entered allmulticast mode [ 721.182437][T26927] bridge0: entered allmulticast mode [ 721.195504][T26927] ipvlan2: left allmulticast mode [ 721.205365][T26927] bridge0: left allmulticast mode [ 721.261873][T26906] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 721.478861][ T3421] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 721.597900][ T7644] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 721.646281][ T6756] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 721.701834][ T6756] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.030736][T26965] lo: Caught tx_queue_len zero misconfig [ 722.111725][T26974] netlink: 'syz.4.6646': attribute type 1 has an invalid length. [ 722.132920][T26974] __nla_validate_parse: 3 callbacks suppressed [ 722.134566][T26974] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6646'. [ 722.159135][T26977] netlink: 80 bytes leftover after parsing attributes in process `syz.3.6651'. [ 722.261143][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 722.290433][T26985] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6651'. [ 722.342756][T26989] Bluetooth: MGMT ver 1.23 [ 722.351791][T26979] wg1 speed is unknown, defaulting to 1000 [ 722.379099][T26988] geneve2: entered promiscuous mode [ 722.397058][T26979] wg1 speed is unknown, defaulting to 1000 [ 722.466306][T26988] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6653'. [ 722.512296][T26994] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6653'. [ 722.563808][T26991] netem: incorrect ge model size [ 722.569365][T26991] netem: change failed [ 722.914366][T27011] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6658'. [ 723.232738][T27020] vxcan1: entered promiscuous mode [ 723.242042][T27020] team0: Device vxcan1 is of different type [ 723.428930][T27029] syzkaller0: entered promiscuous mode [ 723.437881][T27029] syzkaller0: entered allmulticast mode [ 723.466840][T27029] 0: reclassify loop, rule prio 0, protocol 800 [ 723.754592][T27038] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 723.806108][T27042] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6669'. [ 723.815668][T27042] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6669'. [ 723.839222][T27042] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for erspan1 [ 723.861402][T27042] erspan1: entered allmulticast mode [ 724.712096][T27071] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6677'. [ 724.884483][T27073] syzkaller0: entered promiscuous mode [ 724.890413][T27073] syzkaller0: entered allmulticast mode [ 725.018002][T27079] netlink: 104 bytes leftover after parsing attributes in process `syz.1.6681'. [ 725.279149][T27089] mac80211_hwsim hwsim99 wlan1: entered allmulticast mode [ 725.337868][T27089] team0: Port device dummy0 removed [ 725.356360][T27089] bridge_slave_0: left allmulticast mode [ 725.363250][T27089] bridge_slave_0: left promiscuous mode [ 725.369116][T27089] bridge0: port 1(bridge_slave_0) entered disabled state [ 725.402960][T27089] bridge_slave_1: left allmulticast mode [ 725.412473][T27089] bridge_slave_1: left promiscuous mode [ 725.419155][T27089] bridge0: port 2(bridge_slave_1) entered disabled state [ 725.438015][T27089] bond0: (slave bond_slave_0): Releasing backup interface [ 725.456059][T27097] netlink: 'syz.4.6686': attribute type 10 has an invalid length. [ 725.489554][T27089] bond0: (slave bond_slave_1): Releasing backup interface [ 725.546959][T27089] team0: Port device team_slave_0 removed [ 725.609050][T27089] team0: Port device team_slave_1 removed [ 725.635069][T27089] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 725.663669][T27089] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 725.674044][T27089] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 725.681638][T27089] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 725.695117][T27089] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 725.730700][T27097] mac80211_hwsim hwsim99 wlan1: left allmulticast mode [ 725.746429][T27097] 8021q: adding VLAN 0 to HW filter on device bond0 [ 725.758607][T27097] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 725.790128][T27114] tipc: Started in network mode [ 725.795100][T27114] tipc: Node identity 8a31314c1b83, cluster identity 4711 [ 725.827327][T27114] tipc: Enabled bearer , priority 0 [ 725.985017][T27114] tipc: Disabling bearer [ 726.178294][T27129] syzkaller0: entered promiscuous mode [ 726.187489][T27129] syzkaller0: entered allmulticast mode [ 726.205403][T27125] xt_CT: No such helper "snmp_trap" [ 727.152720][T27168] syzkaller0: entered promiscuous mode [ 727.159141][T27168] syzkaller0: entered allmulticast mode [ 727.168621][T27168] 0: reclassify loop, rule prio 0, protocol 800 [ 727.255048][T27171] wg1 speed is unknown, defaulting to 1000 [ 727.264812][T27171] wg1 speed is unknown, defaulting to 1000 [ 727.438809][T27183] __nla_validate_parse: 3 callbacks suppressed [ 727.438827][T27183] netlink: 68 bytes leftover after parsing attributes in process `syz.2.6720'. [ 727.473122][T27180] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6718'. [ 727.812904][T27190] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6722'. [ 728.372682][T27214] netlink: 68 bytes leftover after parsing attributes in process `syz.4.6731'. [ 729.278776][T27228] xt_hashlimit: max too large, truncated to 1048576 [ 729.288474][T27228] xt_CT: You must specify a L4 protocol and not use inversions on it [ 731.243729][T27270] wg1 speed is unknown, defaulting to 1000 [ 731.287898][T27270] wg1 speed is unknown, defaulting to 1000 [ 731.333476][T27279] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6754'. [ 731.334368][T27263] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6749'. [ 731.413018][T27279] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.530385][T27283] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6754'. [ 731.592145][T27279] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.795012][T27297] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6759'. [ 731.804985][T27299] x_tables: unsorted entry at hook 3 [ 731.845562][T27279] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.954209][T27300] wg1 speed is unknown, defaulting to 1000 [ 731.980497][T27279] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 732.030911][T27300] wg1 speed is unknown, defaulting to 1000 [ 732.203723][ T7654] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 732.263173][T27314] syzkaller0: entered promiscuous mode [ 732.271774][T27314] syzkaller0: entered allmulticast mode [ 732.346537][ T7654] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 732.384326][ T7654] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 732.427567][T27319] netlink: 56 bytes leftover after parsing attributes in process `syz.3.6766'. [ 732.456233][ T3421] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 732.619019][T27328] xt_hashlimit: max too large, truncated to 1048576 [ 732.712193][T27328] xt_CT: You must specify a L4 protocol and not use inversions on it [ 732.756663][T27341] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6772'. [ 732.898018][T27348] netlink: 'syz.3.6774': attribute type 2 has an invalid length. [ 732.935353][T27348] : entered promiscuous mode [ 732.984193][T27358] syzkaller0: entered promiscuous mode [ 732.990108][T27358] syzkaller0: entered allmulticast mode [ 733.008948][T27359] netlink: 'syz.3.6774': attribute type 6 has an invalid length. [ 733.154479][T27362] syzkaller1: entered promiscuous mode [ 733.161599][T27362] syzkaller1: entered allmulticast mode [ 733.556584][T27366] netlink: 'syz.2.6780': attribute type 1 has an invalid length. [ 733.620068][T27366] netlink: 15542 bytes leftover after parsing attributes in process `syz.2.6780'. [ 733.676185][T27374] netlink: 144 bytes leftover after parsing attributes in process `syz.1.6783'. [ 733.743808][T27376] netlink: 52 bytes leftover after parsing attributes in process `syz.0.6785'. [ 733.772281][T27378] netlink: 68 bytes leftover after parsing attributes in process `syz.2.6786'. [ 733.933324][T27382] syzkaller0: entered promiscuous mode [ 733.943473][T27382] syzkaller0: entered allmulticast mode [ 734.327421][T27406] netlink: 'syz.1.6796': attribute type 7 has an invalid length. [ 734.342291][T27406] netlink: 'syz.1.6796': attribute type 8 has an invalid length. [ 734.357965][T27412] netlink: 'syz.1.6796': attribute type 7 has an invalid length. [ 734.401738][T27412] netlink: 'syz.1.6796': attribute type 8 has an invalid length. [ 734.584405][T27415] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6798'. [ 734.866887][T27418] gre0: entered promiscuous mode [ 734.879138][T27418] gre0: entered allmulticast mode [ 735.235986][T27424] syzkaller0: entered promiscuous mode [ 735.241750][T27424] syzkaller0: entered allmulticast mode [ 735.304962][T27424] tipc: Enabled bearer , priority 0 [ 735.352763][T27423] tipc: Resetting bearer [ 735.402875][T27423] tipc: Disabling bearer [ 735.424759][T27439] syzkaller0: entered promiscuous mode [ 735.430576][T27439] syzkaller0: entered allmulticast mode [ 735.475430][T27438] syzkaller0: entered promiscuous mode [ 735.490072][T27438] syzkaller0: entered allmulticast mode [ 736.169327][T27458] netlink: 'syz.0.6815': attribute type 2 has an invalid length. [ 736.180160][T27458] netlink: 'syz.0.6815': attribute type 1 has an invalid length. [ 736.228046][T27458] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6815'. [ 736.278965][T27458] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6815'. [ 736.315504][T27464] syz_tun: entered allmulticast mode [ 736.486581][T27475] netlink: 52 bytes leftover after parsing attributes in process `syz.0.6822'. [ 736.610549][T27479] block nbd3: server does not support multiple connections per device. [ 736.639987][T27479] block nbd3: shutting down sockets [ 736.692709][T27495] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6828'. [ 737.287398][T27531] syz_tun: left allmulticast mode [ 737.374002][T27532] wg1 speed is unknown, defaulting to 1000 [ 737.411807][T27532] wg1 speed is unknown, defaulting to 1000 [ 737.438148][T27537] netlink: 'syz.1.6846': attribute type 10 has an invalid length. [ 737.471652][T27537] bond0: (slave dummy0): Releasing backup interface [ 737.494609][T27537] team0: Port device dummy0 added [ 737.524055][T27543] team0: Port device dummy0 removed [ 737.541729][T27543] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 737.797873][T27552] __nla_validate_parse: 4 callbacks suppressed [ 737.797893][T27552] netlink: 96 bytes leftover after parsing attributes in process `syz.2.6849'. [ 737.965791][T27555] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6850'. [ 738.557177][T27580] validate_nla: 1 callbacks suppressed [ 738.557198][T27580] netlink: 'syz.3.6861': attribute type 10 has an invalid length. [ 738.601985][T27580] team0: Failed to send options change via netlink (err -105) [ 738.617053][T27580] team0: Port device dummy0 added [ 738.630033][T27582] netlink: 'syz.2.6862': attribute type 29 has an invalid length. [ 738.643466][T27582] netlink: 'syz.2.6862': attribute type 29 has an invalid length. [ 738.882199][T27593] syzkaller0: entered promiscuous mode [ 738.887749][T27593] syzkaller0: entered allmulticast mode [ 739.018809][T27603] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6868'. [ 739.212377][T27606] netlink: 5 bytes leftover after parsing attributes in process `syz.0.6871'. [ 739.234573][T27606] 0ªî{X¹¦: renamed from gretap0 [ 739.245051][T27606] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 739.307884][T27615] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6873'. [ 739.328678][T27617] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6873'. [ 739.879115][T27627] syzkaller0: entered promiscuous mode [ 739.918483][T27627] syzkaller0: entered allmulticast mode [ 739.979346][T27637] tipc: Enabled bearer , priority 0 [ 739.996564][T27621] tipc: Resetting bearer [ 740.105018][T27621] tipc: Disabling bearer [ 740.150752][T27639] erspan0: entered promiscuous mode [ 740.520155][T27665] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 740.567154][T27666] syzkaller0: entered promiscuous mode [ 740.591909][T27666] syzkaller0: entered allmulticast mode [ 740.799145][T27681] netlink: 'syz.2.6890': attribute type 282 has an invalid length. [ 740.837707][T27681] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6890'. [ 740.864746][T27681] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6890'. [ 740.874304][T27681] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6890'. [ 740.884592][T27681] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6890'. [ 740.937469][T27690] xt_CT: You must specify a L4 protocol and not use inversions on it [ 741.054175][T27696] vlan2: entered promiscuous mode [ 741.060597][T27696] bridge0: entered promiscuous mode [ 741.414105][T27710] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 741.506832][T27713] netlink: 'syz.1.6902': attribute type 4 has an invalid length. [ 742.291976][T27735] netlink: 'syz.4.6912': attribute type 10 has an invalid length. [ 743.277861][T27748] wg1 speed is unknown, defaulting to 1000 [ 743.308693][T27748] wg1 speed is unknown, defaulting to 1000 [ 743.668696][ T30] audit: type=1800 audit(1768578762.764:13): pid=27774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.6921" name="memory.events" dev="tmpfs" ino=984 res=0 errno=0 [ 743.686376][T27775] FAULT_INJECTION: forcing a failure. [ 743.686376][T27775] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 743.719641][ T30] audit: type=1804 audit(1768578762.794:14): pid=27774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.6921" name="/newroot/192/memory.events" dev="tmpfs" ino=984 res=1 errno=0 [ 743.743681][T27775] CPU: 1 UID: 0 PID: 27775 Comm: syz.1.6922 Not tainted syzkaller #0 PREEMPT(full) [ 743.743712][T27775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 743.743725][T27775] Call Trace: [ 743.743735][T27775] [ 743.743744][T27775] dump_stack_lvl+0xe8/0x150 [ 743.743795][T27775] should_fail_ex+0x414/0x560 [ 743.743836][T27775] _copy_to_user+0x31/0xb0 [ 743.743867][T27775] simple_read_from_buffer+0xe1/0x170 [ 743.743899][T27775] proc_fail_nth_read+0x1b3/0x220 [ 743.743926][T27775] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 743.743953][T27775] ? rw_verify_area+0x2a6/0x4d0 [ 743.743987][T27775] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 743.744012][T27775] vfs_read+0x200/0xa30 [ 743.744032][T27775] ? fdget_pos+0x247/0x320 [ 743.744065][T27775] ? __pfx___mutex_lock+0x10/0x10 [ 743.744095][T27775] ? __pfx_vfs_read+0x10/0x10 [ 743.744127][T27775] ? __fget_files+0x2a/0x420 [ 743.744159][T27775] ? __fget_files+0x3a0/0x420 [ 743.744186][T27775] ? __fget_files+0x2a/0x420 [ 743.744223][T27775] ksys_read+0x145/0x250 [ 743.744247][T27775] ? __pfx_ksys_read+0x10/0x10 [ 743.744265][T27775] ? fput+0xa0/0xd0 [ 743.744306][T27775] do_syscall_64+0xec/0xf80 [ 743.744333][T27775] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 743.744355][T27775] ? trace_irq_disable+0x37/0x100 [ 743.744384][T27775] ? clear_bhb_loop+0x60/0xb0 [ 743.744411][T27775] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 743.744432][T27775] RIP: 0033:0x7f7aa0b8e15c [ 743.744452][T27775] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 743.744471][T27775] RSP: 002b:00007f7aa1af4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 743.744495][T27775] RAX: ffffffffffffffda RBX: 00007f7aa0de5fa0 RCX: 00007f7aa0b8e15c [ 743.744512][T27775] RDX: 000000000000000f RSI: 00007f7aa1af40a0 RDI: 0000000000000004 [ 743.744526][T27775] RBP: 00007f7aa1af4090 R08: 0000000000000000 R09: 0000000000000000 [ 743.744539][T27775] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 743.744553][T27775] R13: 00007f7aa0de6038 R14: 00007f7aa0de5fa0 R15: 00007ffe880f7a68 [ 743.744586][T27775] [ 744.021833][T27782] netem: incorrect ge model size [ 744.027183][T27782] netem: change failed [ 744.207494][T27793] __nla_validate_parse: 54 callbacks suppressed [ 744.207515][T27793] netlink: 6 bytes leftover after parsing attributes in process `syz.0.6928'. [ 744.223650][T27793] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 744.288758][T27797] netlink: 'syz.2.6930': attribute type 23 has an invalid length. [ 744.369004][T27802] ip6gre1: entered promiscuous mode [ 744.376501][T27802] ip6gre1: entered allmulticast mode [ 744.707777][T27812] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6935'. [ 744.747151][T27814] FAULT_INJECTION: forcing a failure. [ 744.747151][T27814] name failslab, interval 1, probability 0, space 0, times 0 [ 744.766095][T27814] CPU: 0 UID: 0 PID: 27814 Comm: syz.0.6937 Not tainted syzkaller #0 PREEMPT(full) [ 744.766125][T27814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 744.766139][T27814] Call Trace: [ 744.766148][T27814] [ 744.766158][T27814] dump_stack_lvl+0xe8/0x150 [ 744.766191][T27814] should_fail_ex+0x414/0x560 [ 744.766231][T27814] should_failslab+0xa8/0x100 [ 744.766269][T27814] kmem_cache_alloc_noprof+0x88/0x710 [ 744.766303][T27814] ? skb_clone+0x212/0x3a0 [ 744.766337][T27814] skb_clone+0x212/0x3a0 [ 744.766365][T27814] ? netlink_trim+0x166/0x2c0 [ 744.766395][T27814] netlink_trim+0x17d/0x2c0 [ 744.766425][T27814] netlink_broadcast_filtered+0xd6/0x1000 [ 744.766457][T27814] ? nla_put+0xd0/0x150 [ 744.766489][T27814] ? nfnl_pernet+0x23/0x240 [ 744.766516][T27814] ? nfnl_pernet+0x23/0x240 [ 744.766546][T27814] ? __pfx_netlink_broadcast_filtered+0x10/0x10 [ 744.766575][T27814] ? nfnl_pernet+0x23/0x240 [ 744.766602][T27814] ? nfnl_pernet+0x23/0x240 [ 744.766632][T27814] nlmsg_notify+0xf0/0x1a0 [ 744.766668][T27814] nf_tables_commit+0x9357/0xa350 [ 744.766713][T27814] ? nft_pernet+0x23/0x240 [ 744.766749][T27814] ? __pfx_nf_tables_commit+0x10/0x10 [ 744.766770][T27814] ? nft_pernet+0x23/0x240 [ 744.766794][T27814] ? nft_pernet+0x23/0x240 [ 744.766815][T27814] ? nft_pernet+0x23/0x240 [ 744.766846][T27814] ? nft_trans_commit_list_add_tail+0x179/0x520 [ 744.766878][T27814] ? nft_flush_table+0xd06/0xea0 [ 744.766912][T27814] ? nf_tables_deltable+0x674/0xe10 [ 744.766942][T27814] ? __pfx_nf_tables_deltable+0x10/0x10 [ 744.766987][T27814] nfnetlink_rcv+0x1ac9/0x2590 [ 744.767053][T27814] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 744.767130][T27814] ? netlink_deliver_tap+0x2e/0x1b0 [ 744.767163][T27814] ? netlink_deliver_tap+0x2e/0x1b0 [ 744.767210][T27814] netlink_unicast+0x82f/0x9e0 [ 744.767247][T27814] ? __pfx_netlink_unicast+0x10/0x10 [ 744.767284][T27814] ? netlink_sendmsg+0x642/0xb30 [ 744.767314][T27814] ? skb_put+0x11b/0x210 [ 744.767343][T27814] netlink_sendmsg+0x805/0xb30 [ 744.767386][T27814] ? __pfx_netlink_sendmsg+0x10/0x10 [ 744.767421][T27814] ? aa_sock_msg_perm+0xf1/0x1b0 [ 744.767453][T27814] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 744.767473][T27814] ? __pfx_netlink_sendmsg+0x10/0x10 [ 744.767506][T27814] __sock_sendmsg+0x21c/0x270 [ 744.767544][T27814] ____sys_sendmsg+0x505/0x820 [ 744.767579][T27814] ? __pfx_____sys_sendmsg+0x10/0x10 [ 744.767616][T27814] ? import_iovec+0x74/0xa0 [ 744.767648][T27814] ___sys_sendmsg+0x21f/0x2a0 [ 744.767680][T27814] ? __pfx____sys_sendmsg+0x10/0x10 [ 744.767747][T27814] ? __fget_files+0x2a/0x420 [ 744.767773][T27814] ? __fget_files+0x3a0/0x420 [ 744.767812][T27814] __x64_sys_sendmsg+0x19b/0x260 [ 744.767844][T27814] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 744.767883][T27814] ? __pfx_ksys_write+0x10/0x10 [ 744.767917][T27814] do_syscall_64+0xec/0xf80 [ 744.767944][T27814] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 744.767965][T27814] ? trace_irq_disable+0x37/0x100 [ 744.768022][T27814] ? clear_bhb_loop+0x60/0xb0 [ 744.768067][T27814] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 744.768089][T27814] RIP: 0033:0x7f014e98f749 [ 744.768109][T27814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 744.768129][T27814] RSP: 002b:00007f014f782038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 744.768154][T27814] RAX: ffffffffffffffda RBX: 00007f014ebe5fa0 RCX: 00007f014e98f749 [ 744.768171][T27814] RDX: 000000000000c050 RSI: 0000200000000cc0 RDI: 0000000000000003 [ 744.768185][T27814] RBP: 00007f014f782090 R08: 0000000000000000 R09: 0000000000000000 [ 744.768198][T27814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 744.768211][T27814] R13: 00007f014ebe6038 R14: 00007f014ebe5fa0 R15: 00007ffed1e4ce18 [ 744.768246][T27814] [ 745.538457][T27832] syzkaller0: entered promiscuous mode [ 745.553608][T27832] syzkaller0: entered allmulticast mode [ 745.596361][T27840] netlink: 'syz.2.6947': attribute type 10 has an invalid length. [ 745.613830][T27840] team0: Failed to send options change via netlink (err -105) [ 745.621941][T27840] team0: Port device dummy0 added [ 745.723579][T27847] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains [ 745.745735][T27832] macvtap1: entered promiscuous mode [ 745.751357][T27832] macvtap1: entered allmulticast mode [ 745.756772][T27832] bridge0: entered allmulticast mode [ 745.804728][T27832] bridge0: port 3(macvtap1) entered blocking state [ 745.819094][T27832] bridge0: port 3(macvtap1) entered disabled state [ 745.848167][T27832] bridge0: left allmulticast mode [ 746.035542][T27855] sctp: [Deprecated]: syz.2.6951 (pid 27855) Use of struct sctp_assoc_value in delayed_ack socket option. [ 746.035542][T27855] Use struct sctp_sack_info instead [ 746.572240][T27884] netlink: 'syz.1.6960': attribute type 5 has an invalid length. [ 746.592105][T27884] netlink: 'syz.1.6960': attribute type 5 has an invalid length. [ 746.600317][T27884] netlink: 'syz.1.6960': attribute type 5 has an invalid length. [ 746.601154][T27885] wg1 speed is unknown, defaulting to 1000 [ 746.609149][T27884] netlink: 'syz.1.6960': attribute type 5 has an invalid length. [ 746.623994][T27884] netlink: 'syz.1.6960': attribute type 5 has an invalid length. [ 746.628690][T27885] wg1 speed is unknown, defaulting to 1000 [ 746.636716][T27884] netlink: 'syz.1.6960': attribute type 5 has an invalid length. [ 746.646672][T27884] netlink: 'syz.1.6960': attribute type 5 has an invalid length. [ 746.654892][T27884] netlink: 'syz.1.6960': attribute type 5 has an invalid length. [ 746.762239][T27889] syzkaller0: entered promiscuous mode [ 746.768017][T27889] syzkaller0: entered allmulticast mode [ 746.981939][T27893] 8021q: VLANs not supported on caif0 [ 747.267251][T27899] ip6tnl0: Caught tx_queue_len zero misconfig [ 747.323533][T27897] netlink: 96 bytes leftover after parsing attributes in process `syz.2.6966'. [ 747.405007][T27903] ipvlan2: entered promiscuous mode [ 747.417627][T27909] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6969'. [ 747.437694][T27903] bridge0: port 3(ipvlan2) entered blocking state [ 747.448296][T27903] bridge0: port 3(ipvlan2) entered disabled state [ 747.465851][T27903] ipvlan2: entered allmulticast mode [ 747.504337][T27903] bridge0: entered allmulticast mode [ 747.515821][T27903] ipvlan2: left allmulticast mode [ 747.526876][T27903] bridge0: left allmulticast mode [ 747.571854][T27909] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 747.620120][T27912] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6969'. [ 747.798384][T27909] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 747.954903][T27909] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 747.995920][T27927] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6973'. [ 748.080113][T27909] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 748.315901][ T1328] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 748.370522][ T7645] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 748.404129][ T7645] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 748.422035][ T7645] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 748.799064][T27956] netlink: 120 bytes leftover after parsing attributes in process `syz.2.6984'. [ 748.826653][T27959] syzkaller1: entered promiscuous mode [ 748.832835][T27959] syzkaller1: entered allmulticast mode [ 749.048528][T27969] xfrm0: entered promiscuous mode [ 749.056684][T27969] xfrm0: entered allmulticast mode [ 749.611610][T28000] mac80211_hwsim hwsim108 ªªªªª;: renamed from wlan0 (while UP) [ 749.721798][T28004] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7005'. [ 749.757563][T28006] wg1 speed is unknown, defaulting to 1000 [ 749.771539][T28006] wg1 speed is unknown, defaulting to 1000 [ 749.829627][T28004] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7005'. [ 749.863087][T28004] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 750.330661][T28024] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7011'. [ 751.190864][T28044] netlink: 112 bytes leftover after parsing attributes in process `syz.4.7016'. [ 751.200974][T28042] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7015'. [ 751.242530][T28044] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7016'. [ 751.418092][T28052] validate_nla: 26 callbacks suppressed [ 751.418114][T28052] netlink: 'syz.2.7019': attribute type 5 has an invalid length. [ 751.734643][T28057] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 751.744369][T28057] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 751.781888][T28068] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 751.795451][T28042] netlink: 104 bytes leftover after parsing attributes in process `syz.3.7015'. [ 751.963309][T28075] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 752.286440][T28086] netlink: 36 bytes leftover after parsing attributes in process `syz.3.7031'. [ 752.345991][ T1299] aoe: packet could not be sent on bond0. consider increasing tx_queue_len [ 752.363617][T28082] wg1 speed is unknown, defaulting to 1000 [ 752.394729][T28082] wg1 speed is unknown, defaulting to 1000 [ 752.973652][T28102] sctp: [Deprecated]: syz.2.7035 (pid 28102) Use of int in maxseg socket option. [ 752.973652][T28102] Use struct sctp_assoc_value instead [ 753.116888][T28107] netlink: 'syz.0.7037': attribute type 5 has an invalid length. [ 753.133050][T28107] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.7037'. [ 753.217314][T28105] wg1 speed is unknown, defaulting to 1000 [ 753.298837][T28105] wg1 speed is unknown, defaulting to 1000 [ 753.353842][T28113] netlink: 44 bytes leftover after parsing attributes in process `syz.4.7040'. [ 753.918364][T28122] 8021q: adding VLAN 0 to HW filter on device bond1 [ 753.966223][T28141] vxcan1: entered promiscuous mode [ 753.987488][T28141] team0: Port device vxcan1 added [ 754.247416][T28151] gre0: entered promiscuous mode [ 754.253341][T28151] gre0: entered allmulticast mode [ 754.450941][T28162] pimreg: tun_chr_ioctl cmd 1074025680 [ 754.700495][T28171] syz_tun: entered allmulticast mode [ 754.966587][T28181] __nla_validate_parse: 5 callbacks suppressed [ 754.966610][T28181] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7066'. [ 755.012038][T28181] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7066'. [ 755.138575][T28176] netlink: 'syz.4.7063': attribute type 58 has an invalid length. [ 755.161929][T28176] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7063'. [ 755.218178][T28184] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7063'. [ 755.301903][T28188] syzkaller0: entered promiscuous mode [ 755.307447][T28188] syzkaller0: entered allmulticast mode [ 755.453280][T28194] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7071'. [ 755.695236][T28203] netlink: 25 bytes leftover after parsing attributes in process `syz.4.7073'. [ 755.712250][T28203] gretap0: entered allmulticast mode [ 755.927101][T28218] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7078'. [ 756.109438][T28227] : entered promiscuous mode [ 756.133694][T28231] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7081'. [ 756.155837][T28229] gre0: left promiscuous mode [ 756.197749][T28229] xfrm0: left promiscuous mode [ 756.219113][T28229] ip6gre1: left promiscuous mode [ 756.242819][T28231] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.313713][T28240] FAULT_INJECTION: forcing a failure. [ 756.313713][T28240] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 756.328323][T28240] CPU: 1 UID: 0 PID: 28240 Comm: syz.4.7084 Not tainted syzkaller #0 PREEMPT(full) [ 756.328351][T28240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 756.328363][T28240] Call Trace: [ 756.328372][T28240] [ 756.328380][T28240] dump_stack_lvl+0xe8/0x150 [ 756.328412][T28240] should_fail_ex+0x414/0x560 [ 756.328450][T28240] _copy_from_user+0x2d/0xb0 [ 756.328476][T28240] ___sys_recvmsg+0x12e/0x510 [ 756.328508][T28240] ? __pfx____sys_recvmsg+0x10/0x10 [ 756.328539][T28240] ? __fget_files+0x2a/0x420 [ 756.328593][T28240] do_recvmmsg+0x307/0x770 [ 756.328627][T28240] ? __pfx_do_recvmmsg+0x10/0x10 [ 756.328666][T28240] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 756.328708][T28240] __x64_sys_recvmmsg+0x190/0x240 [ 756.328738][T28240] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 756.328776][T28240] do_syscall_64+0xec/0xf80 [ 756.328800][T28240] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.328819][T28240] ? trace_irq_disable+0x37/0x100 [ 756.328845][T28240] ? clear_bhb_loop+0x60/0xb0 [ 756.328868][T28240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.328888][T28240] RIP: 0033:0x7eff7cd8f749 [ 756.328905][T28240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 756.328933][T28240] RSP: 002b:00007eff7dc96038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 756.328954][T28240] RAX: ffffffffffffffda RBX: 00007eff7cfe6090 RCX: 00007eff7cd8f749 [ 756.328969][T28240] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000008 [ 756.328982][T28240] RBP: 00007eff7dc96090 R08: 0000000000000000 R09: 0000000000000000 [ 756.328995][T28240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 756.329008][T28240] R13: 00007eff7cfe6128 R14: 00007eff7cfe6090 R15: 00007ffebe9d1e18 [ 756.329039][T28240] [ 756.519791][T28236] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7081'. [ 756.649379][T28231] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.768221][T28231] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.821025][T28255] netlink: 'syz.4.7091': attribute type 1 has an invalid length. [ 756.873149][T28259] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7093'. [ 756.904428][T28255] 8021q: adding VLAN 0 to HW filter on device bond1 [ 756.921020][T28260] vlan2: entered promiscuous mode [ 756.926208][T28260] bond1: entered promiscuous mode [ 756.931694][T28260] vlan2: entered allmulticast mode [ 756.937009][T28260] bond1: entered allmulticast mode [ 756.946023][T28231] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.998534][T28255] bond1: (slave gretap1): making interface the new active one [ 757.009997][T28255] gretap1: entered promiscuous mode [ 757.035017][T28255] gretap1: entered allmulticast mode [ 757.049693][T28255] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 757.146533][T28262] 8021q: adding VLAN 0 to HW filter on device bond0 [ 757.156409][T28262] 8021q: adding VLAN 0 to HW filter on device team0 [ 757.194475][T28262] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 757.256259][ T3421] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.285370][ T3421] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.317767][ T3421] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.357462][ T3421] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.441695][T28275] wg1 speed is unknown, defaulting to 1000 [ 757.451959][T28275] wg1 speed is unknown, defaulting to 1000 [ 758.071272][T28275] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 758.136468][T28297] netlink: 'syz.4.7105': attribute type 7 has an invalid length. [ 758.150839][T28297] netlink: 'syz.4.7105': attribute type 8 has an invalid length. [ 758.228436][T28299] wg1 speed is unknown, defaulting to 1000 [ 758.271714][T28299] wg1 speed is unknown, defaulting to 1000 [ 758.897244][T28307] syz_tun: left allmulticast mode [ 759.051213][T28319] wg1 speed is unknown, defaulting to 1000 [ 759.072418][T28319] wg1 speed is unknown, defaulting to 1000 [ 759.153758][T28324] bridge0: port 2(bridge_slave_1) entered blocking state [ 759.161140][T28324] bridge0: port 2(bridge_slave_1) entered listening state [ 759.168566][T28324] bridge0: port 1(bridge_slave_0) entered blocking state [ 759.175786][T28324] bridge0: port 1(bridge_slave_0) entered listening state [ 759.198129][T28324] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 759.438156][T28339] gre0: entered promiscuous mode [ 759.443818][T28339] gre0: entered allmulticast mode [ 759.724369][T28344] wg1 speed is unknown, defaulting to 1000 [ 759.771423][T28344] wg1 speed is unknown, defaulting to 1000 [ 760.424923][ T794] IPVS: starting estimator thread 0... [ 760.497719][T28371] team0: Device vxcan1 is of different type [ 760.520376][T28369] IPVS: using max 25 ests per chain, 60000 per kthread [ 760.843604][T28381] wg1 speed is unknown, defaulting to 1000 [ 760.865654][T28381] wg1 speed is unknown, defaulting to 1000 [ 761.011030][T28383] __nla_validate_parse: 22 callbacks suppressed [ 761.011049][T28383] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7128'. [ 761.192264][T28388] wg1 speed is unknown, defaulting to 1000 [ 761.206495][T28388] wg1 speed is unknown, defaulting to 1000 [ 761.515493][T28405] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7138'. [ 761.699112][T28408] wg1 speed is unknown, defaulting to 1000 [ 761.706764][T28412] netlink: 40 bytes leftover after parsing attributes in process `syz.4.7142'. [ 761.737483][T28408] wg1 speed is unknown, defaulting to 1000 [ 761.821197][T28420] netlink: 'syz.2.7141': attribute type 10 has an invalid length. [ 761.902168][T28421] netlink: 'syz.0.7143': attribute type 2 has an invalid length. [ 761.923189][T28425] netlink: 'syz.4.7145': attribute type 32 has an invalid length. [ 761.944647][T28421] netlink: 216 bytes leftover after parsing attributes in process `syz.0.7143'. [ 761.949764][T28425] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7145'. [ 762.083085][T28425] bond2: option coupled_control: invalid value (116) [ 762.093106][T28425] bond2 (unregistering): Released all slaves [ 762.132702][T28435] team0: Caught tx_queue_len zero misconfig [ 762.270066][T28440] netlink: 'syz.2.7148': attribute type 10 has an invalid length. [ 762.375462][T28440] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 762.419837][T28440] team0: Port device dummy0 removed [ 762.455731][T28440] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 763.116049][T28481] netlink: 'syz.1.7162': attribute type 10 has an invalid length. [ 763.166779][T28486] netlink: 'syz.1.7162': attribute type 10 has an invalid length. [ 763.210776][T28481] bond0: (slave dummy0): Releasing backup interface [ 763.285131][T28481] team0: Port device dummy0 added [ 763.369092][T28486] team0: Port device dummy0 removed [ 763.432983][T28486] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 763.483976][T28495] xt_hashlimit: max too large, truncated to 1048576 [ 763.511462][T28495] xt_CT: You must specify a L4 protocol and not use inversions on it [ 763.747698][T28501] netlink: 52 bytes leftover after parsing attributes in process `syz.3.7167'. [ 763.949042][T28512] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7170'. [ 764.198143][T28526] netlink: 48 bytes leftover after parsing attributes in process `syz.0.7176'. [ 764.446874][T28519] netlink: 'syz.3.7171': attribute type 30 has an invalid length. [ 764.503309][T28519] bond1: option arp_missed_max: invalid value (0) [ 764.509949][T28519] bond1: option arp_missed_max: allowed values 1 - 255 [ 764.534070][T28519] bond1 (unregistering): Released all slaves [ 764.629378][T28540] syzkaller0: entered promiscuous mode [ 764.635739][T28540] syzkaller0: entered allmulticast mode [ 764.885298][T28545] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7180'. [ 764.906530][T28547] netlink: 'syz.0.7181': attribute type 23 has an invalid length. [ 764.981278][T28545] netlink: 56 bytes leftover after parsing attributes in process `syz.4.7180'. [ 765.310646][T28563] netlink: 'syz.3.7189': attribute type 2 has an invalid length. [ 765.442014][T28575] nbd: must specify a device to reconfigure [ 765.518335][T28574] syzkaller1: entered promiscuous mode [ 765.542266][T28574] syzkaller1: entered allmulticast mode [ 765.572468][T28582] netlink: 'syz.0.7190': attribute type 10 has an invalid length. [ 765.660131][T28587] FAULT_INJECTION: forcing a failure. [ 765.660131][T28587] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 765.663421][T28582] team0: Device ipvlan1 failed to register rx_handler [ 765.681203][T28587] CPU: 1 UID: 0 PID: 28587 Comm: syz.4.7194 Not tainted syzkaller #0 PREEMPT(full) [ 765.681235][T28587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 765.681250][T28587] Call Trace: [ 765.681261][T28587] [ 765.681271][T28587] dump_stack_lvl+0xe8/0x150 [ 765.681315][T28587] should_fail_ex+0x414/0x560 [ 765.681364][T28587] _copy_from_user+0x2d/0xb0 [ 765.681394][T28587] ___sys_sendmsg+0x158/0x2a0 [ 765.681428][T28587] ? __pfx____sys_sendmsg+0x10/0x10 [ 765.681499][T28587] ? __fget_files+0x2a/0x420 [ 765.681528][T28587] ? __fget_files+0x3a0/0x420 [ 765.681569][T28587] __x64_sys_sendmsg+0x19b/0x260 [ 765.681608][T28587] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 765.681649][T28587] ? __pfx_ksys_write+0x10/0x10 [ 765.681685][T28587] do_syscall_64+0xec/0xf80 [ 765.681714][T28587] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.681736][T28587] ? trace_irq_disable+0x37/0x100 [ 765.681767][T28587] ? clear_bhb_loop+0x60/0xb0 [ 765.681794][T28587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.681817][T28587] RIP: 0033:0x7eff7cd8f749 [ 765.681839][T28587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 765.681860][T28587] RSP: 002b:00007eff7dcb7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 765.681886][T28587] RAX: ffffffffffffffda RBX: 00007eff7cfe5fa0 RCX: 00007eff7cd8f749 [ 765.681903][T28587] RDX: 0000000000000010 RSI: 0000200000000280 RDI: 0000000000000003 [ 765.681919][T28587] RBP: 00007eff7dcb7090 R08: 0000000000000000 R09: 0000000000000000 [ 765.681934][T28587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 765.681948][T28587] R13: 00007eff7cfe6038 R14: 00007eff7cfe5fa0 R15: 00007ffebe9d1e18 [ 765.681986][T28587] [ 765.899073][T28575] openvswitch: netlink: Flow actions attr not present in new flow. [ 765.948344][T28586] bridge0: entered promiscuous mode [ 765.957593][T28586] macsec1: entered promiscuous mode [ 765.992558][T28586] bridge0: port 3(macsec1) entered blocking state [ 765.999333][T28586] bridge0: port 3(macsec1) entered disabled state [ 766.007588][T28586] macsec1: entered allmulticast mode [ 766.013205][T28586] bridge0: entered allmulticast mode [ 766.020431][T28589] netlink: 'syz.4.7196': attribute type 10 has an invalid length. [ 766.041612][T28586] macsec1: left allmulticast mode [ 766.063819][T28586] bridge0: left allmulticast mode [ 766.075830][T28586] bridge0: left promiscuous mode [ 766.136229][T28598] __nla_validate_parse: 8 callbacks suppressed [ 766.136265][T28598] netlink: 36 bytes leftover after parsing attributes in process `syz.3.7198'. [ 766.162862][T28589] team0: Device dummy0 is of different type [ 766.327758][T28606] netlink: 48 bytes leftover after parsing attributes in process `syz.1.7200'. [ 766.362030][T28607] syzkaller0: entered promiscuous mode [ 766.367835][T28607] syzkaller0: entered allmulticast mode [ 766.598824][T28613] wg1 speed is unknown, defaulting to 1000 [ 766.657685][T28613] wg1 speed is unknown, defaulting to 1000 [ 766.736927][T28630] batadv_slave_1: entered promiscuous mode [ 766.744088][T28629] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7209'. [ 766.765967][T28630] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7208'. [ 766.775647][T28618] wg1 speed is unknown, defaulting to 1000 [ 766.807718][T28630] netlink: 212116 bytes leftover after parsing attributes in process `syz.2.7208'. [ 766.830234][T28618] wg1 speed is unknown, defaulting to 1000 [ 766.908178][T28641] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7208'. [ 767.239293][T28627] batadv_slave_1: left promiscuous mode [ 767.550866][T28656] validate_nla: 1 callbacks suppressed [ 767.550886][T28656] netlink: 'syz.2.7212': attribute type 1 has an invalid length. [ 767.579832][T28657] netlink: 244 bytes leftover after parsing attributes in process `syz.2.7212'. [ 767.589178][T28656] netlink: 76 bytes leftover after parsing attributes in process `syz.2.7212'. [ 767.690606][T28659] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7213'. [ 767.788504][T28663] syzkaller0: entered promiscuous mode [ 767.794306][T28663] syzkaller0: entered allmulticast mode [ 768.199921][T28682] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7218'. [ 768.291357][T28682] vlan0: entered promiscuous mode [ 768.303758][T28682] bridge0: entered promiscuous mode [ 768.562684][T28694] syz_tun: entered allmulticast mode [ 768.601606][T28693] syz_tun: left allmulticast mode [ 769.324076][ T5843] Bluetooth: hci5: link tx timeout [ 769.389881][ T5843] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 769.438992][T28729] syzkaller0: entered promiscuous mode [ 769.445202][T28729] syzkaller0: entered allmulticast mode [ 769.707404][T28740] tipc: Enabled bearer , priority 0 [ 769.744790][T28740] tipc: Disabling bearer [ 769.785025][T28745] IPv6: addrconf: prefix option has invalid lifetime [ 769.787506][T28664] Bluetooth: hci4: command 0x0406 tx timeout [ 769.798240][T28664] Bluetooth: hci2: command 0x0405 tx timeout [ 770.012545][T28756] syz_tun: entered allmulticast mode [ 770.041205][T28755] syz_tun: left allmulticast mode [ 770.202519][T28766] IPv6: NLM_F_CREATE should be specified when creating new route [ 770.857137][T28806] ip6tnl0: Caught tx_queue_len zero misconfig [ 770.982170][T28814] syz_tun: entered allmulticast mode [ 771.153193][T28823] __nla_validate_parse: 9 callbacks suppressed [ 771.153214][T28823] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7268'. [ 771.360457][T28827] ÿ: entered allmulticast mode [ 771.460478][T24244] Bluetooth: hci5: command 0x0406 tx timeout [ 771.770641][T28849] netlink: 5 bytes leftover after parsing attributes in process `syz.3.7279'. [ 771.827638][T28849] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 771.852947][T28852] netlink: 48 bytes leftover after parsing attributes in process `syz.0.7280'. [ 771.974677][T28854] 8021q: VLANs not supported on caif0 [ 772.674612][T28860] xfrm0: entered promiscuous mode [ 772.690841][T28860] xfrm0: entered allmulticast mode [ 772.881645][T28877] tipc: Enabling of bearer rejected, failed to enable media [ 773.183481][T28890] netlink: 48 bytes leftover after parsing attributes in process `syz.4.7292'. [ 773.285527][T28893] 8021q: VLANs not supported on caif0 [ 773.378005][T28898] macsec1: entered promiscuous mode [ 773.403339][T28898] bridge0: port 1(macsec1) entered blocking state [ 773.416784][T28898] bridge0: port 1(macsec1) entered disabled state [ 773.429222][T28898] macsec1: entered allmulticast mode [ 773.442610][T28898] bridge0: entered allmulticast mode [ 773.462145][T28898] macsec1: left allmulticast mode [ 773.474521][T28898] bridge0: left allmulticast mode [ 774.028189][T28920] netlink: 40 bytes leftover after parsing attributes in process `syz.2.7303'. [ 774.106391][T28920] wg1 speed is unknown, defaulting to 1000 [ 774.121612][T28920] wg1 speed is unknown, defaulting to 1000 [ 774.250919][T28926] syzkaller0: entered promiscuous mode [ 774.287026][T28926] syzkaller0: entered allmulticast mode [ 774.424458][T28936] netlink: 104 bytes leftover after parsing attributes in process `syz.3.7308'. [ 774.764974][T28934] wg1 speed is unknown, defaulting to 1000 [ 774.802584][T28934] wg1 speed is unknown, defaulting to 1000 [ 774.827490][T28951] netlink: 'syz.3.7316': attribute type 3 has an invalid length. [ 774.841837][T28951] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7316'. [ 774.923858][T28957] netlink: 104 bytes leftover after parsing attributes in process `syz.0.7320'. [ 775.030039][T28961] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7321'. [ 775.044975][T28961] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7321'. [ 775.508599][T28934] wg1 speed is unknown, defaulting to 1000 [ 775.516784][T28934] wg1 speed is unknown, defaulting to 1000 [ 775.854722][T28981] xt_hashlimit: max too large, truncated to 1048576 [ 775.980627][T28981] xt_CT: You must specify a L4 protocol and not use inversions on it [ 776.001016][T28985] netlink: 'syz.0.7326': attribute type 23 has an invalid length. [ 776.340241][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 776.592885][T28999] __nla_validate_parse: 2 callbacks suppressed [ 776.592904][T28999] netlink: 48 bytes leftover after parsing attributes in process `syz.0.7331'. [ 776.651258][T29000] netlink: 5 bytes leftover after parsing attributes in process `syz.3.7332'. [ 776.665475][T29000] 0ªî{X¹¦: renamed from gretap0 (while UP) [ 776.674800][T29000] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 776.706430][T28999] netlink: 'syz.0.7331': attribute type 7 has an invalid length. [ 776.921041][T29013] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 777.030024][T29012] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7335'. [ 777.104821][T29023] 8021q: VLANs not supported on caif0 [ 777.362320][T29038] netlink: 'syz.3.7344': attribute type 15 has an invalid length. [ 777.421943][T29038] netlink: 'syz.3.7344': attribute type 3 has an invalid length. [ 777.854499][T29066] gre0: left promiscuous mode [ 777.871209][T29066] gre0: left allmulticast mode [ 777.917101][T29066] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 778.266319][T29086] netlink: 96 bytes leftover after parsing attributes in process `syz.4.7357'. [ 778.314019][T29088] netlink: 76 bytes leftover after parsing attributes in process `syz.3.7358'. [ 778.327457][T29088] syzkaller0: entered promiscuous mode [ 778.334211][T29088] syzkaller0: entered allmulticast mode [ 778.586648][T29100] gre0: left promiscuous mode [ 778.603108][T29100] gre0: left allmulticast mode [ 778.608718][T29100] gretap0: left allmulticast mode [ 778.695794][T29100] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 779.014523][T29119] xt_limit: Overflow, try lower: 271964/0 [ 779.041335][T29119] netlink: 25 bytes leftover after parsing attributes in process `syz.2.7369'. [ 779.134801][T29119] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7369'. [ 779.300125][T29135] IPv6: addrconf: prefix option has invalid lifetime [ 779.343922][T29136] netlink: 156 bytes leftover after parsing attributes in process `syz.2.7375'. [ 779.363011][T29136] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7375'. [ 779.526388][T29142] netlink: 'syz.4.7380': attribute type 13 has an invalid length. [ 779.549278][T29144] IPVS: set_ctl: invalid protocol: 58 172.20.20.170:20001 [ 779.591339][T29146] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7382'. [ 779.796049][T29156] netlink: 'syz.1.7385': attribute type 1 has an invalid length. [ 780.123605][ T12] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 780.133048][ T12] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 780.154589][ T12] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 780.180280][ T12] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 780.492550][T29176] dvmrp12: entered allmulticast mode [ 780.509228][T29175] dvmrp12: left allmulticast mode [ 780.637328][T29185] 8021q: VLANs not supported on caif0 [ 780.815688][T29198] netlink: 'syz.3.7402': attribute type 10 has an invalid length. [ 780.846793][T29198] netlink: 'syz.3.7402': attribute type 10 has an invalid length. [ 780.859002][T29198] team0: Port device dummy0 removed [ 780.869724][T29198] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 781.219784][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 781.228296][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 781.236787][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 781.245399][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 781.253858][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 781.262303][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 781.442833][T29232] 8021q: VLANs not supported on caif0 [ 781.449352][T29232] tunl0: Caught tx_queue_len zero misconfig [ 781.555505][T29234] wg1 speed is unknown, defaulting to 1000 [ 781.602016][T29234] wg1 speed is unknown, defaulting to 1000 [ 781.774889][T29190] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 782.076789][T29243] __nla_validate_parse: 11 callbacks suppressed [ 782.076811][T29243] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7411'. [ 782.379382][T29257] bond2: option arp_validate: invalid value (18446744073491447809) [ 782.439370][T29257] bond2 (unregistering): Released all slaves [ 782.497822][T29268] net_ratelimit: 111 callbacks suppressed [ 782.497841][T29268] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 782.522558][T29270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7417'. [ 782.591134][T29270] macvlan2: entered promiscuous mode [ 782.599019][T29270] macvlan2: entered allmulticast mode [ 782.604879][T29270] mac80211_hwsim hwsim112 wlan0: entered allmulticast mode [ 782.631985][T29262] netlink: 'syz.3.7418': attribute type 1 has an invalid length. [ 782.688415][T29262] bond1: entered promiscuous mode [ 782.710596][T29262] 8021q: adding VLAN 0 to HW filter on device bond1 [ 782.747779][T29272] syzkaller0: entered promiscuous mode [ 782.753761][T29272] syzkaller0: entered allmulticast mode [ 782.792294][T29262] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7418'. [ 782.817326][T29262] bond1: entered allmulticast mode [ 782.837636][T29272] tipc: Enabled bearer , priority 0 [ 782.853671][T29271] tipc: Resetting bearer [ 782.925604][T29271] tipc: Disabling bearer [ 783.125842][T29294] nbd: must specify a size in bytes for the device [ 783.187291][T29300] sctp: [Deprecated]: syz.4.7428 (pid 29300) Use of struct sctp_assoc_value in delayed_ack socket option. [ 783.187291][T29300] Use struct sctp_sack_info instead [ 783.242710][T29305] netlink: 'syz.1.7429': attribute type 10 has an invalid length. [ 783.253317][T29305] bond0: (slave dummy0): Releasing backup interface [ 783.283031][T29305] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 783.305853][T29309] netlink: 56 bytes leftover after parsing attributes in process `syz.0.7431'. [ 783.317350][T29305] team0: Failed to send options change via netlink (err -105) [ 783.341194][T29305] team0: Port device dummy0 added [ 783.498742][T29315] veth0: Caught tx_queue_len zero misconfig [ 783.540144][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 783.597420][T29323] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input14 [ 783.661647][T29328] netlink: 'syz.3.7438': attribute type 23 has an invalid length. [ 783.790757][T29334] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7439'. [ 783.868753][T29334] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 783.947071][T29347] nlmon0: Master is either lo or non-ether device [ 783.969607][T29352] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7439'. [ 784.004838][T29334] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 784.078609][T29355] netlink: 'syz.4.7446': attribute type 1 has an invalid length. [ 784.094960][T29355] netlink: 224 bytes leftover after parsing attributes in process `syz.4.7446'. [ 784.122665][T29334] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 784.158497][T29356] macsec2: entered promiscuous mode [ 784.170260][T29356] bridge0: port 3(macsec2) entered blocking state [ 784.190506][T29356] bridge0: port 3(macsec2) entered disabled state [ 784.198884][T29361] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7448'. [ 784.208449][T29356] macsec2: entered allmulticast mode [ 784.223328][T29356] bridge0: entered allmulticast mode [ 784.235459][T29363] xt_hashlimit: max too large, truncated to 1048576 [ 784.245521][T29356] macsec2: left allmulticast mode [ 784.251107][T29356] bridge0: left allmulticast mode [ 784.270336][T29363] xt_CT: You must specify a L4 protocol and not use inversions on it [ 784.295304][T29334] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 784.416504][T26709] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 784.445452][T26709] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 784.469247][T26709] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 784.480456][T29372] netlink: 'syz.4.7454': attribute type 13 has an invalid length. [ 784.496474][T26709] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 784.537785][T29374] xt_CT: You must specify a L4 protocol and not use inversions on it [ 784.579615][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 784.721348][T29382] netlink: 'syz.1.7459': attribute type 13 has an invalid length. [ 784.743671][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 785.139694][T24244] Bluetooth: hci1: command 0x0406 tx timeout [ 785.762008][T29382] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 785.816214][T29382] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 786.259938][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 786.354320][T26709] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.389147][T26709] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.436099][T26709] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.472043][T26709] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.559270][T29425] wg1 speed is unknown, defaulting to 1000 [ 786.575649][T29432] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7469'. [ 786.589438][T29425] wg1 speed is unknown, defaulting to 1000 [ 787.178229][T29448] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7471'. [ 787.901634][T29465] netlink: 5 bytes leftover after parsing attributes in process `syz.3.7476'. [ 787.920108][T29465] 1ªî{X¹¦: renamed from 30ªî{X¹¦ (while UP) [ 787.947438][T29468] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7478'. [ 787.962300][T29465] 1ªî{X¹¦: entered allmulticast mode [ 787.970248][T29465] A link change request failed with some changes committed already. Interface 31ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 787.996699][T29468] vlan3: entered promiscuous mode [ 788.522216][T29489] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7480'. [ 788.571988][T29489] bridge3: entered allmulticast mode [ 788.624517][T29489] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7480'. [ 788.819415][T29495] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7488'. [ 788.869405][T29495] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7488'. [ 788.978083][T29495] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7488'. [ 789.030975][T29495] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7488'. [ 789.169991][T29512] block nbd3: server does not support multiple connections per device. [ 789.179016][T29512] block nbd3: shutting down sockets [ 789.400256][T29523] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7495'. [ 789.459691][ C0] bridge0: port 1(bridge_slave_0) entered learning state [ 789.467081][ C0] bridge0: port 2(bridge_slave_1) entered learning state [ 789.521395][T29523] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 789.566223][T29526] netlink: 'syz.1.7497': attribute type 3 has an invalid length. [ 789.613061][T29523] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 789.854814][T29531] netlink: 'syz.1.7499': attribute type 1 has an invalid length. [ 789.916177][T29531] netlink: 'syz.1.7499': attribute type 1 has an invalid length. [ 790.001144][T29536] vxcan2: entered allmulticast mode [ 790.454604][T29567] netlink: 'syz.3.7512': attribute type 13 has an invalid length. [ 790.576498][T29567] 1ªî{X¹¦: refused to change device tx_queue_len [ 790.583866][T29567] A link change request failed with some changes committed already. Interface 31ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 790.773295][T29580] netlink: 'syz.3.7516': attribute type 2 has an invalid length. [ 791.704311][T29625] netlink: 'syz.2.7539': attribute type 10 has an invalid length. [ 791.760605][T29629] syzkaller1: entered promiscuous mode [ 791.778897][T29629] syzkaller1: entered allmulticast mode [ 791.784980][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 791.833966][T29633] ip6gre2: entered promiscuous mode [ 791.839245][T29633] ip6gre2: entered allmulticast mode [ 791.862786][ T7648] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 791.872701][ T7648] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 791.881748][T29633] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 791.900407][ T5949] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 792.073396][T29646] vlan3: entered promiscuous mode [ 792.089827][T29646] bond0: entered promiscuous mode [ 792.101620][T29646] dummy0: entered promiscuous mode [ 792.119865][T29646] mac80211_hwsim hwsim95 wlan1: entered promiscuous mode [ 792.169988][ T5949] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 792.243093][T29653] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 792.745744][T29688] __nla_validate_parse: 9 callbacks suppressed [ 792.745771][T29688] netlink: 56 bytes leftover after parsing attributes in process `syz.0.7565'. [ 792.900548][ T5949] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 793.207493][T29719] vcan1: entered promiscuous mode [ 793.242804][T29722] sock: sock_timestamping_bind_phc: sock not bind to device [ 793.253142][T29720] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7579'. [ 793.502418][T29736] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7587'. [ 793.773747][T29753] syzkaller0: entered promiscuous mode [ 793.809715][T29753] syzkaller0: entered allmulticast mode [ 793.933860][T29766] netlink: 1080 bytes leftover after parsing attributes in process `syz.2.7600'. [ 794.447112][T29794] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7614'. [ 794.650916][T29809] syzkaller1: entered promiscuous mode [ 794.658965][T29809] syzkaller1: entered allmulticast mode [ 794.987975][T29822] syzkaller0: entered promiscuous mode [ 795.000807][T29822] syzkaller0: entered allmulticast mode [ 795.161066][T29828] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 8, id = 0 [ 795.167941][T29827] IPVS: stopping backup sync thread 29828 ... [ 795.502279][T29836] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7629'. [ 795.607892][T29846] netlink: 207992 bytes leftover after parsing attributes in process `syz.1.7633'. [ 795.622217][T29846] netlink: 'syz.1.7633': attribute type 1 has an invalid length. [ 795.631183][T29846] netlink: 224 bytes leftover after parsing attributes in process `syz.1.7633'. [ 795.789674][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 795.801801][T29850] netlink: 'syz.0.7635': attribute type 10 has an invalid length. [ 795.825095][T29850] bond0: (slave dummy0): Releasing backup interface [ 795.832503][T29850] bond0: (slave dummy0): the permanent HWaddr of slave - aa:aa:aa:aa:aa:24 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 795.853411][T29850] dummy0: left promiscuous mode [ 795.860881][T24423] wlan1: Trigger new scan to find an IBSS to join [ 795.882925][T29850] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 795.892851][T29850] team0: Failed to send options change via netlink (err -105) [ 795.900573][T29850] team0: Port device dummy0 added [ 796.138572][T29863] netlink: 48 bytes leftover after parsing attributes in process `syz.1.7639'. [ 796.193055][T29865] syzkaller0: entered promiscuous mode [ 796.198602][T29865] syzkaller0: entered allmulticast mode [ 796.264740][T29867] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7641'. [ 796.476682][T29881] 8021q: VLANs not supported on caif0 [ 797.137735][T29912] wg1 speed is unknown, defaulting to 1000 [ 797.318695][T29912] wg1 speed is unknown, defaulting to 1000 [ 797.796136][T29944] macsec2: entered promiscuous mode [ 797.802473][T29944] bridge0: port 3(macsec2) entered blocking state [ 797.810687][T29944] bridge0: port 3(macsec2) entered disabled state [ 797.818652][T29944] macsec2: entered allmulticast mode [ 797.824746][T29944] bridge0: entered allmulticast mode [ 797.853065][T29944] macsec2: left allmulticast mode [ 797.864563][T29944] bridge0: left allmulticast mode [ 798.000335][T29954] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 798.121618][T29963] netlink: 'syz.2.7672': attribute type 10 has an invalid length. [ 798.146759][T29963] bond0: (slave dummy0): Releasing backup interface [ 798.165844][T29963] team0: Port device dummy0 added [ 798.175861][T29963] netlink: 'syz.2.7672': attribute type 10 has an invalid length. [ 798.210206][T29963] team0: Port device dummy0 removed [ 798.216964][T29965] __nla_validate_parse: 1 callbacks suppressed [ 798.216983][T29965] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7671'. [ 798.233896][T29965] netlink: 100 bytes leftover after parsing attributes in process `syz.1.7671'. [ 798.254551][T29963] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 798.821561][ T6757] wlan1: Trigger new scan to find an IBSS to join [ 799.072587][T29995] netlink: 76 bytes leftover after parsing attributes in process `syz.2.7683'. [ 799.212878][T30005] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7685'. [ 799.232965][T30005] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 799.381090][T30012] netlink: 207992 bytes leftover after parsing attributes in process `syz.2.7689'. [ 799.417608][T30012] netlink: 'syz.2.7689': attribute type 1 has an invalid length. [ 799.436040][T30012] netlink: 224 bytes leftover after parsing attributes in process `syz.2.7689'. [ 799.450653][T30016] 8021q: VLANs not supported on caif0 [ 799.537141][T30017] tipc: Enabled bearer , priority 0 [ 799.582907][T30020] syzkaller0: entered promiscuous mode [ 799.625127][T30020] syzkaller0: entered allmulticast mode [ 799.715631][T30017] tipc: Resetting bearer [ 799.769967][T30013] tipc: Resetting bearer [ 799.834427][T30013] tipc: Disabling bearer [ 799.852206][T30025] tipc: Enabled bearer , priority 0 [ 799.863106][T30028] syzkaller0: entered promiscuous mode [ 799.868741][T30028] syzkaller0: entered allmulticast mode [ 799.951248][T30037] syzkaller0: entered promiscuous mode [ 799.960356][T30037] syzkaller0: entered allmulticast mode [ 800.003003][T30025] tipc: Resetting bearer [ 800.048179][T30023] tipc: Resetting bearer [ 800.120711][T30023] tipc: Disabling bearer [ 800.308977][T30053] wg1 speed is unknown, defaulting to 1000 [ 800.317639][T30053] wg1 speed is unknown, defaulting to 1000 [ 800.364380][T30059] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input15 [ 800.424898][T30058] wg1 speed is unknown, defaulting to 1000 [ 800.457668][T30058] wg1 speed is unknown, defaulting to 1000 [ 801.271972][T30100] netlink: 207952 bytes leftover after parsing attributes in process `syz.3.7719'. [ 801.285522][T30100] netlink: 64 bytes leftover after parsing attributes in process `syz.3.7719'. [ 801.298198][T30100] netlink: 64 bytes leftover after parsing attributes in process `syz.3.7719'. [ 801.331343][T30095] wg1 speed is unknown, defaulting to 1000 [ 801.353899][T30095] wg1 speed is unknown, defaulting to 1000 [ 801.361362][T30103] netlink: 76 bytes leftover after parsing attributes in process `syz.4.7720'. [ 801.684426][T30111] netlink: 'syz.1.7722': attribute type 4 has an invalid length. [ 801.693827][T30113] wg1 speed is unknown, defaulting to 1000 [ 801.706390][T30113] wg1 speed is unknown, defaulting to 1000 [ 801.860705][ T7645] wlan1: Trigger new scan to find an IBSS to join [ 801.942353][T30136] syz_tun: entered allmulticast mode [ 801.966156][T30119] syz_tun: left allmulticast mode [ 802.020599][T30124] syzkaller1: entered promiscuous mode [ 802.026134][T30124] syzkaller1: entered allmulticast mode [ 802.487033][T30148] syzkaller1: entered promiscuous mode [ 802.499752][T30148] syzkaller1: entered allmulticast mode [ 802.716819][T30166] wg1 speed is unknown, defaulting to 1000 [ 802.724766][T30166] wg1 speed is unknown, defaulting to 1000 [ 802.832683][ T1328] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 802.932789][ C1] ------------[ cut here ]------------ [ 802.938346][ C1] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0x0 with flags 0x0 [ 802.948246][ C1] WARNING: net/mac80211/rate.c:406 at __rate_control_send_low+0x524/0x800, CPU#1: syz-executor/24242 [ 802.959185][ C1] Modules linked in: [ 802.963117][ C1] CPU: 1 UID: 0 PID: 24242 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 802.972692][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 802.982793][ C1] RIP: 0010:__rate_control_send_low+0x5bb/0x800 [ 802.989065][ C1] Code: ff 4c 8b 7c 24 08 48 8b 44 24 38 0f b6 04 28 84 c0 0f 85 d3 01 00 00 41 8b 0f 4c 89 f7 48 8b 74 24 18 44 8b 44 24 2c 45 89 e9 <67> 48 0f b9 3a 4c 8b 74 24 30 e9 81 fe ff ff 44 89 f9 80 e1 07 80 [ 803.008744][ C1] RSP: 0018:ffffc90000a08858 EFLAGS: 00010246 [ 803.014882][ C1] RAX: 0000000000000000 RBX: 000000000000000c RCX: 0000000000000000 [ 803.022889][ C1] RDX: 00000000ffffffff RSI: 0000000000000000 RDI: ffffffff8f92f8c0 [ 803.030902][ C1] RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000 [ 803.038910][ C1] R10: 0000000000000004 R11: 0000000000000100 R12: ffff88801ab21668 [ 803.046929][ C1] R13: 0000000000000000 R14: ffffffff8f92f8c0 R15: ffff888062b2b138 [ 803.054937][ C1] FS: 000055558900b500(0000) GS:ffff888125f1c000(0000) knlGS:0000000000000000 [ 803.063897][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 803.070524][ C1] CR2: 0000200000000040 CR3: 0000000037f04000 CR4: 00000000003526f0 [ 803.078548][ C1] Call Trace: [ 803.081886][ C1] [ 803.084791][ C1] rate_control_send_low+0x1a7/0x7b0 [ 803.090166][ C1] rate_control_get_rate+0x20b/0x5d0 [ 803.095542][ C1] ieee80211_beacon_get_finish+0x39a/0x6c0 [ 803.101450][ C1] ? __pfx_ieee80211_beacon_get_finish+0x10/0x10 [ 803.107853][ C1] ? __ieee80211_beacon_get+0xce1/0x1880 [ 803.113580][ C1] __ieee80211_beacon_get+0xd3d/0x1880 [ 803.119097][ C1] ? __ieee80211_beacon_get+0x36/0x1880 [ 803.124742][ C1] ieee80211_beacon_get_tim+0xb4/0x2b0 [ 803.130296][ C1] ? __lock_acquire+0x6b6/0x2cf0 [ 803.135280][ C1] ? __pfx_ieee80211_beacon_get_tim+0x10/0x10 [ 803.141440][ C1] mac80211_hwsim_beacon_tx+0x3c5/0x870 [ 803.147031][ C1] __iterate_interfaces+0x2ab/0x590 [ 803.152315][ C1] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 803.158430][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 803.165705][ C1] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 803.171856][ C1] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 803.178932][ C1] mac80211_hwsim_beacon+0xbb/0x180 [ 803.184225][ C1] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 803.190109][ C1] __hrtimer_run_queues+0x51c/0xc30 [ 803.195376][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 803.201176][ C1] ? read_tsc+0x9/0x20 [ 803.205307][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 803.210495][ C1] handle_softirqs+0x22b/0x7c0 [ 803.215299][ C1] ? __irq_exit_rcu+0x60/0x150 [ 803.220127][ C1] __irq_exit_rcu+0x60/0x150 [ 803.224757][ C1] irq_exit_rcu+0x9/0x30 [ 803.229030][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 803.234733][ C1] [ 803.237700][ C1] [ 803.240693][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 803.246729][ C1] RIP: 0010:lock_release+0x5/0x3b0 [ 803.251915][ C1] Code: 00 e9 70 fe ff ff 41 be 2f 00 00 00 e9 0e ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 <41> 57 41 56 41 55 41 54 53 48 83 ec 30 49 89 f5 49 89 fe 65 48 8b [ 803.271588][ C1] RSP: 0018:ffffc90003507670 EFLAGS: 00000293 [ 803.277786][ C1] RAX: ffffffff820c3a1f RBX: ffffffff820c3981 RCX: ffff8880268a5b80 [ 803.285938][ C1] RDX: 0000000000000000 RSI: ffffffff820c3981 RDI: ffffffff8e062460 [ 803.293986][ C1] RBP: ffffc90003507830 R08: ffffffff820c3981 R09: ffffffff8e062460 [ 803.302026][ C1] R10: ffffc90003507780 R11: fffff520006a0ef5 R12: ffff88807c6db280 [ 803.310074][ C1] R13: dffffc0000000000 R14: ffff888037d6d408 R15: 0000000000000020 [ 803.318090][ C1] ? copy_page_range+0x251/0x11d0 [ 803.323203][ C1] ? copy_page_range+0x251/0x11d0 [ 803.328275][ C1] ? copy_page_range+0x2ef/0x11d0 [ 803.333464][ C1] ? copy_page_range+0x251/0x11d0 [ 803.338543][ C1] copy_page_range+0x2fe/0x11d0 [ 803.343500][ C1] ? dup_mmap+0xe65/0x1b80 [ 803.347992][ C1] ? __pfx_copy_page_range+0x10/0x10 [ 803.353371][ C1] ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10 [ 803.360217][ C1] dup_mmap+0xf4a/0x1b80 [ 803.364562][ C1] ? __pfx_dup_mmap+0x10/0x10 [ 803.369284][ C1] ? copy_mm+0x131/0x4b0 [ 803.373714][ C1] copy_mm+0x13c/0x4b0 [ 803.377836][ C1] copy_process+0x165d/0x3950 [ 803.382621][ C1] ? copy_process+0x915/0x3950 [ 803.387445][ C1] ? __pfx_copy_process+0x10/0x10 [ 803.392553][ C1] ? count_memcg_event_mm+0x21/0x260 [ 803.397893][ C1] kernel_clone+0x21e/0x820 [ 803.402594][ C1] ? __pfx_kernel_clone+0x10/0x10 [ 803.407694][ C1] __x64_sys_clone+0x18b/0x1e0 [ 803.412562][ C1] ? __pfx___x64_sys_clone+0x10/0x10 [ 803.417914][ C1] ? do_user_addr_fault+0xc85/0x1380 [ 803.423278][ C1] do_syscall_64+0xec/0xf80 [ 803.427829][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 803.433968][ C1] ? trace_irq_disable+0x37/0x100 [ 803.439066][ C1] ? clear_bhb_loop+0x60/0xb0 [ 803.443828][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 803.449845][ C1] RIP: 0033:0x7f4587d85e93 [ 803.454326][ C1] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 803.474099][ C1] RSP: 002b:00007fff986ffa18 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 803.482597][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4587d85e93 [ 803.490661][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 803.498775][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 803.506818][ C1] R10: 000055558900b7d0 R11: 0000000000000246 R12: 0000000000000000 [ 803.514862][ C1] R13: 00000000000927c0 R14: 00000000000c3f2a R15: 00007fff986ffbb0 [ 803.522926][ C1] [ 803.525988][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 803.533296][ C1] CPU: 1 UID: 0 PID: 24242 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 803.542873][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 803.552966][ C1] Call Trace: [ 803.556278][ C1] [ 803.559152][ C1] vpanic+0x1e0/0x670 [ 803.563186][ C1] panic+0xb9/0xc0 [ 803.566950][ C1] ? __pfx_panic+0x10/0x10 [ 803.571458][ C1] __warn+0x317/0x4b0 [ 803.575492][ C1] ? __rate_control_send_low+0x524/0x800 [ 803.581176][ C1] ? __rate_control_send_low+0x524/0x800 [ 803.586850][ C1] __report_bug+0x288/0x500 [ 803.591391][ C1] ? unwind_get_return_address+0x4d/0x90 [ 803.597067][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 803.603275][ C1] ? __rate_control_send_low+0x524/0x800 [ 803.608966][ C1] ? __pfx___report_bug+0x10/0x10 [ 803.614039][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 803.619462][ C1] ? stack_trace_save+0x21/0xe0 [ 803.624451][ C1] report_bug_entry+0x19a/0x290 [ 803.629347][ C1] ? __rate_control_send_low+0x5bb/0x800 [ 803.635035][ C1] ? __rate_control_send_low+0x5c0/0x800 [ 803.640713][ C1] handle_bug+0xca/0x200 [ 803.645004][ C1] exc_invalid_op+0x1a/0x50 [ 803.649553][ C1] asm_exc_invalid_op+0x1a/0x20 [ 803.654438][ C1] RIP: 0010:__rate_control_send_low+0x5bb/0x800 [ 803.660720][ C1] Code: ff 4c 8b 7c 24 08 48 8b 44 24 38 0f b6 04 28 84 c0 0f 85 d3 01 00 00 41 8b 0f 4c 89 f7 48 8b 74 24 18 44 8b 44 24 2c 45 89 e9 <67> 48 0f b9 3a 4c 8b 74 24 30 e9 81 fe ff ff 44 89 f9 80 e1 07 80 [ 803.680369][ C1] RSP: 0018:ffffc90000a08858 EFLAGS: 00010246 [ 803.686497][ C1] RAX: 0000000000000000 RBX: 000000000000000c RCX: 0000000000000000 [ 803.694502][ C1] RDX: 00000000ffffffff RSI: 0000000000000000 RDI: ffffffff8f92f8c0 [ 803.702524][ C1] RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000 [ 803.710539][ C1] R10: 0000000000000004 R11: 0000000000000100 R12: ffff88801ab21668 [ 803.718548][ C1] R13: 0000000000000000 R14: ffffffff8f92f8c0 R15: ffff888062b2b138 [ 803.726579][ C1] ? __rate_control_send_low+0x58d/0x800 [ 803.732273][ C1] rate_control_send_low+0x1a7/0x7b0 [ 803.737610][ C1] rate_control_get_rate+0x20b/0x5d0 [ 803.742944][ C1] ieee80211_beacon_get_finish+0x39a/0x6c0 [ 803.748838][ C1] ? __pfx_ieee80211_beacon_get_finish+0x10/0x10 [ 803.755327][ C1] ? __ieee80211_beacon_get+0xce1/0x1880 [ 803.761015][ C1] __ieee80211_beacon_get+0xd3d/0x1880 [ 803.766520][ C1] ? __ieee80211_beacon_get+0x36/0x1880 [ 803.772117][ C1] ieee80211_beacon_get_tim+0xb4/0x2b0 [ 803.777648][ C1] ? __lock_acquire+0x6b6/0x2cf0 [ 803.782636][ C1] ? __pfx_ieee80211_beacon_get_tim+0x10/0x10 [ 803.788770][ C1] mac80211_hwsim_beacon_tx+0x3c5/0x870 [ 803.794372][ C1] __iterate_interfaces+0x2ab/0x590 [ 803.799668][ C1] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 803.805794][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 803.813041][ C1] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 803.819161][ C1] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 803.826245][ C1] mac80211_hwsim_beacon+0xbb/0x180 [ 803.831500][ C1] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 803.837349][ C1] __hrtimer_run_queues+0x51c/0xc30 [ 803.842625][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 803.848401][ C1] ? read_tsc+0x9/0x20 [ 803.852540][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 803.857712][ C1] handle_softirqs+0x22b/0x7c0 [ 803.862528][ C1] ? __irq_exit_rcu+0x60/0x150 [ 803.867341][ C1] __irq_exit_rcu+0x60/0x150 [ 803.872066][ C1] irq_exit_rcu+0x9/0x30 [ 803.876352][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 803.882023][ C1] [ 803.884971][ C1] [ 803.888191][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 803.894193][ C1] RIP: 0010:lock_release+0x5/0x3b0 [ 803.899332][ C1] Code: 00 e9 70 fe ff ff 41 be 2f 00 00 00 e9 0e ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 <41> 57 41 56 41 55 41 54 53 48 83 ec 30 49 89 f5 49 89 fe 65 48 8b [ 803.918969][ C1] RSP: 0018:ffffc90003507670 EFLAGS: 00000293 [ 803.925062][ C1] RAX: ffffffff820c3a1f RBX: ffffffff820c3981 RCX: ffff8880268a5b80 [ 803.933143][ C1] RDX: 0000000000000000 RSI: ffffffff820c3981 RDI: ffffffff8e062460 [ 803.941304][ C1] RBP: ffffc90003507830 R08: ffffffff820c3981 R09: ffffffff8e062460 [ 803.949296][ C1] R10: ffffc90003507780 R11: fffff520006a0ef5 R12: ffff88807c6db280 [ 803.957287][ C1] R13: dffffc0000000000 R14: ffff888037d6d408 R15: 0000000000000020 [ 803.965288][ C1] ? copy_page_range+0x251/0x11d0 [ 803.970350][ C1] ? copy_page_range+0x251/0x11d0 [ 803.975409][ C1] ? copy_page_range+0x2ef/0x11d0 [ 803.980459][ C1] ? copy_page_range+0x251/0x11d0 [ 803.985507][ C1] copy_page_range+0x2fe/0x11d0 [ 803.990399][ C1] ? dup_mmap+0xe65/0x1b80 [ 803.994854][ C1] ? __pfx_copy_page_range+0x10/0x10 [ 804.000168][ C1] ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10 [ 804.006952][ C1] dup_mmap+0xf4a/0x1b80 [ 804.011244][ C1] ? __pfx_dup_mmap+0x10/0x10 [ 804.015937][ C1] ? copy_mm+0x131/0x4b0 [ 804.020222][ C1] copy_mm+0x13c/0x4b0 [ 804.024328][ C1] copy_process+0x165d/0x3950 [ 804.029039][ C1] ? copy_process+0x915/0x3950 [ 804.033842][ C1] ? __pfx_copy_process+0x10/0x10 [ 804.038891][ C1] ? count_memcg_event_mm+0x21/0x260 [ 804.044209][ C1] kernel_clone+0x21e/0x820 [ 804.048739][ C1] ? __pfx_kernel_clone+0x10/0x10 [ 804.053799][ C1] __x64_sys_clone+0x18b/0x1e0 [ 804.058591][ C1] ? __pfx___x64_sys_clone+0x10/0x10 [ 804.063916][ C1] ? do_user_addr_fault+0xc85/0x1380 [ 804.069413][ C1] do_syscall_64+0xec/0xf80 [ 804.073943][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 804.080025][ C1] ? trace_irq_disable+0x37/0x100 [ 804.085260][ C1] ? clear_bhb_loop+0x60/0xb0 [ 804.089959][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 804.095868][ C1] RIP: 0033:0x7f4587d85e93 [ 804.100302][ C1] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 804.119951][ C1] RSP: 002b:00007fff986ffa18 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 804.128410][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4587d85e93 [ 804.136417][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 804.144403][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 804.152475][ C1] R10: 000055558900b7d0 R11: 0000000000000246 R12: 0000000000000000 [ 804.160475][ C1] R13: 00000000000927c0 R14: 00000000000c3f2a R15: 00007fff986ffbb0 [ 804.168665][ C1] [ 804.172404][ C1] Kernel Offset: disabled [ 804.176825][ C1] Rebooting in 86400 seconds..