last executing test programs: 3.296574954s ago: executing program 3 (id=877): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x10, 0x5, &(0x7f0000000780)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, [@map_idx_val={0x18, 0x5, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0x94) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_int(r1, 0x29, 0x42, 0x0, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="a0010000100001000000000000000000fc010000000000000000000000000000ac1414bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000fc01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000ff07000002000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000001c001700000000000000000000000001003924ad324f0e4f410000004c001400636d61632861657329"], 0x1a0}}, 0x0) 2.450007635s ago: executing program 3 (id=890): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x14, 0x4, 0x1, 0x801, 0x0, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x48010) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/ipc\x00') (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, r1, 0x0) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) (async) r4 = socket$l2tp(0x2, 0x2, 0x73) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0x4, 0x4}, 0x6) (async) setsockopt$inet_opts(r4, 0x0, 0x1a, &(0x7f0000000780)="e9", 0x1) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'macsec0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5, 0x1184, 0x4}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_WINDOW={0x8, 0x5, 0x3}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async) setsockopt$bt_hci_HCI_TIME_STAMP(r2, 0x0, 0x3, &(0x7f0000000080)=0xf147, 0x4) (async) socket$nl_route(0x10, 0x3, 0x0) bind$inet(r4, &(0x7f0000000180)={0x2, 0x4e23, @private=0xa010100}, 0x10) (async) socket$pppl2tp(0x18, 0x1, 0x1) r6 = socket(0x14, 0x2, 0x4) setsockopt$inet_tcp_int(r6, 0x6, 0x1, &(0x7f0000000200)=0x4, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) (async) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0xd, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x0, 0x0, 0x0, 0x2000004, 0x0, 0x0, 0x1f00, 0x39, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x2, 0x200008, 0x5, 0x20000}, 0x10}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r7], 0x4c}}, 0x0) (async) r8 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async) ioctl$FS_IOC_RESVSP(r6, 0x4010618f, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x2}) (async) ioctl$BTRFS_IOC_GET_FEATURES(r1, 0x80189439, &(0x7f00000001c0)) 2.329317958s ago: executing program 4 (id=894): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x0, 0x0, 0x0, 0x5}, 0x94) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x4004) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000060000000000000000000000000000000000000000000000000000000000000a"], 0xb8}}, 0x10) 2.098209067s ago: executing program 4 (id=897): r0 = socket$isdn_base(0x22, 0x3, 0x0) ioctl$IMSETDEVNAME(r0, 0x80184947, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a74000000060a010400000000000000000200000048000480440001800a0001006d61746368000000340002800900010074696d65000000001c00030007682c020b7b37f27f5101007f51010049f4e34e860200eb08000240000000000900010073797a30000000000900020073797a32"], 0x9c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000000)={0x0, 0x1, "9b"}, &(0x7f0000000040)=0x9) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f00000000c0)={r3, 0x26, "e8e2f21448725de6f8224f6f88f179d7e62ff1dcbb084cbebee5740fe40dfc38cb5451745502"}, &(0x7f0000000100)=0x2e) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r4, &(0x7f0000000080), 0x0) 1.921640508s ago: executing program 4 (id=899): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x24, 0x1, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x7}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000084}, 0x44014) sendmsg$NFT_BATCH(r0, &(0x7f0000000580)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x202, 0x0, 0x0, {0x0, 0x0, 0x2}, @NFT_OBJECT_TUNNEL=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}}, @NFT_MSG_NEWCHAIN={0x68, 0x3, 0xa, 0x3, 0x0, 0x0, {0x5, 0x0, 0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x5}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_COUNTERS={0x34, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x8}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x7}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x8}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x3}]}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x3}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELFLOWTABLE={0x38, 0x18, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELOBJ={0x38, 0x14, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_OBJ_USERDATA={0x1c, 0x8, "6968f9d3a836f30bea4b4d1262a4739eccce3778215e4d89"}]}, @NFT_MSG_NEWSETELEM={0x15c, 0xc, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x9}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x134, 0x3, 0x0, 0x1, [{0xec, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0xde, 0x6, 0x1, 0x0, "5f4b1a075756a85e44daecc663306cbe49af43924a9f74ef39104783ec7576f453ba5cb5485741cb507f9ea90f793f2e116b1a734f628fddbd16211213d6e257dd5f42d5267eca8323f97bf2c32ca1d9c5574b5bf4e67cb0e08718e90182ec4c5b970b3ce185931154e67d2211c6044bd18c68dc7edb50421e77e8e238572d7bdc735fd303ec5ab831062e002ea19a43b7dc78e86cccf73f633ae365fb3ac42be57b8fcb94bcc7f8c8671273063e1cefb10534df59a5a562df1e59d0706d71bcae169ed453fe3b51c01c4cd5b6580efdb24800b0d15b29ac69ca"}, @NFTA_SET_ELEM_FLAGS={0x8}]}, {0x44, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x40, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VERDICT={0x28, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x1}, @NFTA_VERDICT_CODE={0x8}]}]}]}]}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x19c, 0x18, 0xa, 0x602, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFTA_FLOWTABLE_HOOK={0xec, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0xb8, 0x3, 0x0, 0x1, [{0x14, 0x1, 'ip6_vti0\x00'}, {0x14, 0x1, 'vlan0\x00'}, {0x14, 0x1, 'ip6tnl0\x00'}, {0x14, 0x1, 'dvmrp1\x00'}, {0x14, 0x1, 'ip6gretap0\x00'}, {0x14, 0x1, 'bridge0\x00'}, {0x14, 0x1, 'veth0_macvtap\x00'}, {0x14, 0x1, 'vcan0\x00'}, {0x14, 0x1, 'veth0_macvtap\x00'}]}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x9}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}, @NFTA_FLOWTABLE_HOOK={0x88, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'vcan0\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x40}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xcb3}, @NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'netpci0\x00'}, {0x14, 0x1, 'ip6erspan0\x00'}, {0x14, 0x1, 'sit0\x00'}, {0x14, 0x1, 'bridge_slave_0\x00'}]}]}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x438}, 0x1, 0x0, 0x0, 0x90}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f0000000100)={0x0, 'vlan0\x00', {}, 0x3}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCBRDELBR(r2, 0x89a1, &(0x7f0000000040)='pim6reg1\x00') sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYRESHEX=r0], 0x54}, 0x1, 0x0, 0x0, 0x40040}, 0x0) 1.686628116s ago: executing program 4 (id=904): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x4040040) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000100)) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r4, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) sendto$netrom(r4, 0x0, 0xfffffffffffffead, 0x0, &(0x7f0000000240)={{0x6, @rose}, [@bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a0500efffffff00000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021bc0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000900003808c000080080003400000000280000b807c000180090001006c617374"], 0x140}}, 0x0) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, 0x0, 0x9e) 1.446254456s ago: executing program 2 (id=907): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x0, 0x0, 0x0, 0x5}, 0x94) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x4004) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000070000000000000000000000000000000000000000000000000000000000000a"], 0xb8}}, 0x10) 1.370229598s ago: executing program 3 (id=910): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x7, 0x0, 0x0, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @map_idx, @jmp={0x5, 0x1, 0x3, 0x9, 0xb, 0x20}, @call={0x85, 0x0, 0x0, 0x13}]}, &(0x7f0000000040)='GPL\x00', 0x4}, 0x94) socket(0x2a, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x24000000) socket$netlink(0x10, 0x3, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0}, &(0x7f00000001c0), &(0x7f0000000300)=r1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x5, 0xe, 0x0, &(0x7f00000003c0)="000000000000000000000001e370", 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 1.314738347s ago: executing program 2 (id=911): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000040)="a2e44541fc90408224484c404222e1219a5195a883ce43aa40a3dda6ca7f9bca034f324c4eeeb305d252d7a96349cc03d84c7d80a0623aef", 0x38}, {&(0x7f0000000080)="f1b5341590799f48d1033ec349afa8d59f", 0x11}, {&(0x7f00000000c0)="9058a89fd4c14a1c8e17feac53cf6cb0d2ea10cd52cc37f3a4d795db459e70dbd7c229d7fe3ea76c7cc459cc3341cb784551e868", 0x34}, {&(0x7f0000000140)="bb7174ecae250faf46ed1dc64230f3099e33c4c8bf67d0e0bdc5921dc8a94e0a5e3e4b40248db390506cec9d33cc33303ef6e69297c5f3e531e58dee8634d6cc2b96e69bf97ef2cf07f828134e7be8e9c007681ce60e2b36cce07d2cdad6e2eaaab535e50c9eb4a159b5b814dbef2e7b350595598b3986e9a0610815caa751ee83f6258994a66d6ae90502d2891024", 0x8f}, {&(0x7f0000000200)="31b99e14055a8c6a6e2df8ad1e233cb200198f7684d4995d66fd1d184b8b0f585edeef72a4d7d2e28bbdfa1d3c9084eef49f75ae7f3a79aee2282e1c2ffdcd79d87af8a71ed918cd56a627a5c832cc2255cd6bd1e97fda05aecc73b7bce6af2d1c954db8ff631f09b5d04c527832ecb77996aeb9a54c80e8b7192f250051b37be460aea3b726134c7ab4068ce0a6b0781a1fd7016266d51c97d6e9188ed200a6e31ebc05c209bc8a1b565c9320a4129466334085a0e7c47f011565baa96654438d5d9a065e2a2c4ce037ed9152cc", 0xce}, {&(0x7f0000000300)="1e67fc1bdae68f7c72991662e9980690db17f9957c70ca8cb679f70b94c8ef1021160459b8b054dd6082c5b54b04e747b0b3cfbc70c3660a97c0a6d5bbdb1e6a9fd4ff9607ef93d9300616cc978b17a8f4761ac137b43206ceeba2c95834825d5c175aa3f9", 0x65}, {&(0x7f0000000380)="63e4eb55bf4557ce97c46a0c43731c9328692bad6f7ff1c225ba3bcafffbb31fec4faa730cdc0cc63373355185", 0x2d}], 0x7}, 0x4) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f0000000100)={0x0, 'vlan0\x00', {}, 0x3}) 1.22318902s ago: executing program 4 (id=912): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x6) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0) getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @remote, 0x34}]}, &(0x7f0000002100)=0x10) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r6, 0x84, 0x6c, 0x0, &(0x7f0000001080)) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) 1.181180143s ago: executing program 3 (id=913): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x5, &(0x7f0000000480)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x41, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[r1, 0xffffffffffffffff, r1, r1], 0x0, 0x10, 0xc}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, @remote, @empty, 0x7800, 0x80, 0xfffffffc, 0xdc67}}) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000740)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x5, [@struct={0x1, 0x2, 0x0, 0x4, 0x1, 0x4, [{0x0, 0x4, 0x9}, {0xc, 0x5, 0x7}]}]}, {0x0, [0x61, 0x2e, 0x5f]}}, &(0x7f0000000f40)=""/4089, 0x41, 0xff9, 0x1}, 0x20) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000040)={'syztnl1\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x7, 0x8, 0xe7, 0x3, 0x0, 0x1, 0x0, '\x00', r3, 0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0700000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000400000000200"/28], 0x48) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_TPROXY_REG_PORT={0x8, 0x3, 0x1, 0x0, 0x14}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc4}}, 0x0) 988.565814ms ago: executing program 2 (id=915): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5, 0x3, 0x1}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xe0}}, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="e40000000201010800000000000000000a000000d00001800c000280050001000000000014000180080001000000000008000200000000002c00018014000300ff01000000000000000000000000000114000400ff0100000000000000000000000000010c00028005000100000000004700028005000100010000000600034000000000060005"], 0xe4}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r4, &(0x7f0000000340)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, 0x8, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @bcast]}, 0x1c) r5 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'syztnl0\x00', &(0x7f0000000200)={'ip6gre0\x00', 0x0, 0x2f, 0x5, 0x1, 0xffffff7f, 0x32, @empty, @private0, 0x7, 0x20, 0x5, 0x9}}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000180)={r1, r6, 0x25, 0x12, @val=@netfilter={0x0, 0x1, 0x9c0d, 0x1}}, 0x20) sendmsg$SEG6_CMD_SETHMAC(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="080000001e996f2cec0904e66d72565085", @ANYRES16=r5, @ANYBLOB="01000000000000000000010000000500050000000000080004000000000005000600000000000800030001000000"], 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x20000001) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a70000000060a0b0400000000000000000200000044000480400001800a0001006d6174636800000030000280080002400000000118000300d660671f3e121710e8537c4c3060c6a41d106c720a0001006f776e65720000000900010073797a30000000000900020073797a32"], 0x98}}, 0x4048010) 764.332092ms ago: executing program 1 (id=916): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x9, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}, @volatile={0x0, 0x0, 0x0, 0x9, 0x3}, @func={0x7}, @restrict={0x1, 0x0, 0x0, 0xb, 0x1}, @float={0x3, 0x0, 0x0, 0x10, 0xc}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x5f, 0x0, 0x2e]}}, 0x0, 0x69, 0x0, 0x10000}, 0x28) r1 = socket$key(0xf, 0x3, 0x2) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) accept4$llc(r2, 0x0, 0x0, 0x80000) sendmsg$key(r1, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)={0x2, 0x6, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, [@sadb_sa={0x2}]}, 0x20}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0xd, 0x9, &(0x7f0000000680)=ANY=[@ANYBLOB="1808000000000000000000000000000085100000050000408500000088000000a7000000000002000000000000000000000000000000000095000000000000009500000000000000"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x34}, 0x94) 756.735612ms ago: executing program 0 (id=917): r0 = socket(0x40000000015, 0x5, 0x0) close(r0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000500)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000001100006a0a00ff00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c7d376238975d43a4505f80fc88943c4f0cf08e467b592f868e6cd1678f74e30a0e8c1bf176db2a6b2f01806fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872971c7c56f0979bd10b97163c1d6d0e196bf02f46c7953ab1abda45cbe8d0d26b506971431bb6b1fb46b2aa425833f8a98f7dc8f76b74635fc9f9de9ca3c0ec0cb9bf4e418d076df4c7df0a70f2bdf4000000000000b0c2940dd8e263aa743f7555193161f45346b1004006000000e1ffff8816326d7d25c32aac1c7d5b5be399f6609876b5887437a172fbc02a74135b29194e533583412dff048f0000000000000000b2728a0481e9f0da43bb6cfb851cd364ff19ffcafe3e64be033c9d2f002cc93c1c13caec04a347383420336bec88c24a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa209000000000000003ad3e328a100000000b515a1000000000000000eb2e9c15b6c8f6198282df27badac8500bc7d202e0990"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xffff0000, 0xe, 0x0, &(0x7f0000001a40)="2b206d074843b397737ea49da2aa", 0x0, 0x0, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x50) r2 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) 706.100458ms ago: executing program 2 (id=918): openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0xc0200, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x0) setsockopt$sock_int(r4, 0x1, 0x12, &(0x7f0000000280)=0xfffff908, 0x4) ppoll(&(0x7f0000000080)=[{r4, 0x2040}], 0x1, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', 0x0}) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000000)={r5, 0x1, 0x0, @local}, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$tun(r6, &(0x7f0000000000)=ANY=[], 0x38) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r6, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000100)=0x2) ioctl$PPPIOCGNPMODE(r2, 0xc008744c, &(0x7f0000000000)={0x2b, 0x1}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r7 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000000)={0x0, 0x300, &(0x7f0000000680)={&(0x7f0000000e80)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010800040000000000000b00000008000300", @ANYRES32=r8, @ANYBLOB="28005080140001004abee308000000aaae14574df400000005000200020000000800030004ac0f00"], 0x44}}, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x2000) 641.784358ms ago: executing program 3 (id=919): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) setsockopt$inet6_udp_encap(r2, 0x11, 0x68, &(0x7f0000000000)=0x5, 0x4) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f00000001c0)=0x2, 0x4) r3 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) setsockopt$packet_buf(r3, 0x107, 0xd, &(0x7f00000000c0)="cd9a1c231f1cd2501724059d7f9dd9bdbdef8c0e1f16923d3cf2cd788dca03a0258b382975dffa14434cf43e3013a60fe5bed28551819dd7a940cb2acf9faab479cac98a5603553d2d099a27f3d0d15ff1a8986470d95bd363a2993dc1af0679da1c4502be4e62e3be1a76f9f5a699e77f1fda82a5e74879bf45", 0x7a) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xfffa, 0xfff3}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8847}, @TCA_FLOWER_KEY_MPLS_BOS={0x5, 0x44, 0x6}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24004000) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000080)=0x4, 0x4) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) (async) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, 0x0, 0x0) (async) socket$netlink(0x10, 0x3, 0x0) (async) socket$inet6_udp(0xa, 0x2, 0x0) (async) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) (async) setsockopt$inet6_udp_encap(r2, 0x11, 0x68, &(0x7f0000000000)=0x5, 0x4) (async) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f00000001c0)=0x2, 0x4) (async) socket(0x2a, 0x2, 0x0) (async) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) (async) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) (async) setsockopt$packet_buf(r3, 0x107, 0xd, &(0x7f00000000c0)="cd9a1c231f1cd2501724059d7f9dd9bdbdef8c0e1f16923d3cf2cd788dca03a0258b382975dffa14434cf43e3013a60fe5bed28551819dd7a940cb2acf9faab479cac98a5603553d2d099a27f3d0d15ff1a8986470d95bd363a2993dc1af0679da1c4502be4e62e3be1a76f9f5a699e77f1fda82a5e74879bf45", 0x7a) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xfffa, 0xfff3}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8847}, @TCA_FLOWER_KEY_MPLS_BOS={0x5, 0x44, 0x6}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24004000) (async) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000080)=0x4, 0x4) (async) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async) 621.460936ms ago: executing program 0 (id=920): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0e000000040000000800000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYRESOCT=r2], 0x14}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xe, 0x0, &(0x7f0000000000)="43227504000000b32415f73227b2", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 570.166695ms ago: executing program 1 (id=921): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x0, 0x0, 0x0, 0x5}, 0x94) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x4004) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000080000000000000000000000000000000000000000000000000000000000000a"], 0xb8}}, 0x10) 531.787235ms ago: executing program 3 (id=922): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x4040040) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000100)) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r4, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) sendto$netrom(r4, 0x0, 0xfffffffffffffead, 0x0, &(0x7f0000000240)={{0x6, @rose}, [@bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a0500f4ffffff00000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021bc0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000900003808c000080080003400000000280000b807c000180090001006c617374"], 0x140}}, 0x0) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, 0x0, 0x9e) 493.780735ms ago: executing program 1 (id=923): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x7, 0x0, 0x0, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @map_idx, @jmp={0x5, 0x1, 0x3, 0x9, 0xb, 0x20}, @call={0x85, 0x0, 0x0, 0x13}]}, &(0x7f0000000040)='GPL\x00', 0x4}, 0x94) socket(0x2a, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x24000000) socket$netlink(0x10, 0x3, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0}, &(0x7f00000001c0), &(0x7f0000000300)=r1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x5, 0xe, 0x0, &(0x7f00000003c0)="000000000000000000000001e370", 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 391.242311ms ago: executing program 0 (id=924): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r1, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000700)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRES32=r3, @ANYBLOB="20000100", @ANYRES32=r5, @ANYBLOB="00000001e000030000000000000000000000000008"], 0x38}, 0x1, 0x0, 0x0, 0x880}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0xd4, 0x31, 0x107, 0xffffffff, 0xfffffffe, {0x1, 0x7c}, [@nested={0xbf, 0x3, 0x0, 0x1, [@generic="c177b4636651b9b82326c79b74cb709a08b5e6b4ca55e0fcf366a02a283c834b34ee54036a98ec7a10db9383a93b35689d0afa6a241622028a5bf904d37ee8183eb425f46e0e620a3d28f0c00f5e4dc59a940b4ca3dab48ca1cd3dd38d7fb1cb86d4d06a8703e9f601ec203e617fe303bc29841e855d15738e86aab176cbca6caa8f8f51cead720dc477becb2bff5a3f4f06e385289ab4d0cc04fdac51af2808ca5730ea984cddf8b84e154515610e8a6df88e9243c2820c048d7f"]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) sendmsg$SMC_PNETID_DEL(r6, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)={0x80, 0x0, 0x10, 0x70bd27, 0x25dfdbfe, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x80}, 0x1, 0x0, 0x0, 0x10}, 0x8041) 390.111632ms ago: executing program 1 (id=925): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1e, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8) r3 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_DELCHAIN={0x20, 0x5, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x40810, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000011}, 0x4000000) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, 0x0, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_int(r5, 0x0, 0x16, 0x0, &(0x7f00000001c0)=0x2) read(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000000)={0x3, 0x7, 0x4, 0xb49, 0x9}) sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x28}}, 0x0) close(0x3) syz_emit_ethernet(0x82, &(0x7f0000000240)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x2000000, @rand_addr, {[@lsrr={0x83, 0x3}, @rr={0x7, 0x3}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@multicast1=0xe0000089}, {@private}, {@local}, {@remote}, {@private}, {@dev}, {@private}]}]}}}}}}}, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}}) 282.160048ms ago: executing program 0 (id=926): sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="2841cf64dccc74cb1f8e691622c7fc9cdb025e193810341d74f12c8dfd50b4832fdb8f123be0bc1b2500d5ad6580281d17c89e500552d69d76b20efb8beb357bf9e0176e9cceffc72bb5888869da4e592ca4f0d7906a95b2fddb230534e6370d659a64fd1533c86caa1b275cf1379e4de0f694ebc5394027", @ANYRES16=0x0, @ANYBLOB="010000000000000000000100000008000100", @ANYRES32=0x0, @ANYBLOB="3c00028038000100240001006e6f746966795f70656572735f636f756e74000000000000000000000000000005000300030000000800040000000000"], 0x58}}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000003980)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x4a) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000900)=@mangle={'mangle\x00', 0x1f, 0x6, 0x450, 0x98, 0x2f8, 0x1a0, 0x1a0, 0x238, 0x3b8, 0x3b8, 0x3b8, 0x3b8, 0x3b8, 0x6, &(0x7f0000000080), {[{{@ip={@private=0xa010100, @local, 0xffffff00, 0x7f800000, 'syzkaller0\x00', 'gretap0\x00', {}, {0xff}, 0x6c, 0x1, 0x58}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00', 0x0, {0x2, 0xf5}}}, {{@ip={@empty, @empty, 0xffffff00, 0x0, 'gre0\x00', 'ip6_vti0\x00', {}, {}, 0x5c, 0x2, 0x50}, 0x0, 0xc8, 0x108, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@dccp={{0x30}, {[0x4e23, 0x4e22], [0x4e23, 0x4e22], 0x2, 0xa, 0xc94, 0x9}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x6, 0x2400, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2d}}, 0x4e23}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0xffffff00, 0xffffffff, 'tunl0\x00', 'macvtap0\x00', {}, {}, 0x62, 0x1, 0x12}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x8}}]}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x1, 0x1}}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xd}}]}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0x7}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b0) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="140100001400210200000000fcdbdf2502"], 0x114}], 0x1}, 0x0) 281.119075ms ago: executing program 2 (id=927): setsockopt(0xffffffffffffffff, 0x107, 0x1, &(0x7f00000001c0)="010000009700060000071a80010061cc", 0x10) (async, rerun: 64) close(0xffffffffffffffff) (rerun: 64) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async) r0 = socket$kcm(0x11, 0x200000000000003, 0x300) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) (async, rerun: 64) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) (async, rerun: 64) r4 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x3c}}, 0x0) (async) sendmsg$nl_route_sched(r4, 0x0, 0x0) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async, rerun: 32) bpf$MAP_CREATE(0x0, 0x0, 0x17) (rerun: 32) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) (async) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) (async, rerun: 32) r8 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r11 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r11, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x28, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x40}]}, 0x28}}, 0x0) r12 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r12, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r7, @ANYBLOB="05005b"], 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r3, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f00000003c0), 0x4) (async) recvmsg$kcm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000006c0), 0x60}, 0x0) r13 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r13, &(0x7f0000000040)={0xa, 0x4e1d, 0x1, @mcast1, 0x8}, 0x1c) (async) setsockopt$inet6_udp_int(r13, 0x11, 0x67, &(0x7f0000000000)=0x28, 0x4) 262.970634ms ago: executing program 4 (id=928): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r3 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x3c}}, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$kcm(0x2, 0x200000000000001, 0x106) setsockopt$sock_attach_bpf(r5, 0x6, 0x25, &(0x7f0000000040), 0x4) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, 0x0, 0x17) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r11 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r11, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16=r9, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r10, @ANYBLOB="04005b000600650040000000"], 0x28}}, 0x0) r12 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r12, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r7, @ANYBLOB="05005b"], 0x24}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010000000000000000000800000008000300", @ANYRES32=r1, @ANYBLOB="549e985055d8b34bd75cfb7734532fefd73438185ce6017af5f2577d6f057369e4f8be6d80e8e7412f6d6fbe05a1b6c4fc88927ec18a223e607cc4e73dfd3ace56a19fbd9fe842fa83a9100a972b68129547e0e7a0bac15ec1a3f85623d91130ebfc3dd80ece9df8d8d964da65b3f423a472f89535000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 212.761776ms ago: executing program 1 (id=929): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) pread64(r0, &(0x7f0000000480)=""/61, 0x3d, 0x7fffffffffffffff) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000000)) setsockopt$RDS_FREE_MR(0xffffffffffffffff, 0x114, 0x3, &(0x7f0000000080)={{0x1, 0xfffffffd}, 0x62}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0xa, &(0x7f00000000c0)=ANY=[@ANYBLOB="2daa6198ff070000f0bb7700000000000071101300000000001811000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000000008500000086000000a3058000000000009500000000000000"], &(0x7f0000000480)='syzkaller\x00', 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x63}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$FS_IOC_GETFSUUID(r1, 0x80111500, &(0x7f0000000040)) 154.26414ms ago: executing program 0 (id=930): r0 = socket(0x2, 0x80805, 0x0) r1 = socket(0x1e, 0x5, 0x0) setsockopt$inet6_tcp_int(r1, 0x10f, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000380)={r2, 0x5, 0x2, 0xde92}, &(0x7f00000003c0)=0x10) 153.439358ms ago: executing program 2 (id=931): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e961ed00fe41b0cd695", 0x20) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) writev(r2, &(0x7f0000000140)=[{&(0x7f0000000200)='F', 0x1}], 0x1) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000940)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd25, 0xa000, {0x0, 0x0, 0x0, r6, {0xe, 0x7}, {0x0, 0xfff1}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x4}, @TCA_FLOWER_KEY_ENC_OPTS={0x4}, @TCA_FLOWER_CLASSID={0x8, 0x1, {0x1, 0xe}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x0) r7 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) getsockopt$ax25_int(r7, 0x101, 0x6, 0x0, &(0x7f0000000000)) sendmmsg$alg(r1, &(0x7f00000021c0)=[{0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000100)="a92e81d0991808e33c2330164cf023df", 0xfffffc81}], 0x1, &(0x7f0000001040)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x880}], 0x1, 0x80001) recvmmsg(r1, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000001080)=""/4096, 0x1000}, {&(0x7f0000000640)=""/82, 0x52}], 0x2}, 0x40}], 0x1, 0x102, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="150a0000020100006111c400000000001800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94) 124.683462ms ago: executing program 1 (id=932): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000090000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x10) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000004480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004260000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r2, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}}, 0x0) r4 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c) recvmmsg$unix(r4, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000003100)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x400122a0, 0x0) sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvmsg(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000440)=""/219, 0xdb}], 0x1}, 0x40000000) ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0xf3, @bcast, @bpq0, 0x1, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @null, @null, @bcast, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) 0s ago: executing program 0 (id=933): r0 = socket$nl_route(0x10, 0x3, 0x0) (async) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) connect$802154_dgram(r1, &(0x7f0000000240)={0x24, @none={0x0, 0x1}}, 0x370a3e077a6d5772) sendmsg$nl_route(r0, &(0x7f0000002bc0)={0x0, 0x0, &(0x7f0000002b80)={&(0x7f0000002980)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0xc0, 0x1400}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'veth1_to_team\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000100}, 0x40004) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="540000001000030400000002fedbdf2500007400", @ANYRES32=r4, @ANYBLOB="0008000007500500340012800b00010062726964676500002400028005001900020000000c0023000f000000000000000c"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$GTP_CMD_DELPDP(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x44, 0x0, 0x20, 0x70bd2d, 0x25dfdbfd, {}, [@GTPA_LINK={0x8}, @GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FAMILY={0x5, 0xd, 0x2c}, @GTPA_LINK={0x8, 0x1, r4}, @GTPA_TID={0xc, 0x3, 0x3}]}, 0x44}, 0x1, 0x0, 0x0, 0x400c0}, 0x20040051) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.125' (ED25519) to the list of known hosts. [ 83.096694][ T5855] cgroup: Unknown subsys name 'net' [ 83.205516][ T5855] cgroup: Unknown subsys name 'cpuset' [ 83.214694][ T5855] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.925516][ T5855] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.730855][ T5885] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.739033][ T5885] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.746828][ T5885] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.753254][ T5877] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.755020][ T5885] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.768711][ T5881] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.769696][ T5885] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.776254][ T5877] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.790644][ T5881] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.792297][ T5884] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.805394][ T5881] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.806734][ T5886] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.821088][ T5884] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.829572][ T5886] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.836802][ T5881] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.837632][ T5884] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.849053][ T5881] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.854363][ T5884] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.858912][ T5881] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.865569][ T5886] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.873991][ T5881] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.883268][ T5886] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.889127][ T5881] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.902186][ T5188] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.927760][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.594763][ T5869] chnl_net:caif_netlink_parms(): no params data found [ 88.647939][ T5866] chnl_net:caif_netlink_parms(): no params data found [ 88.671849][ T5865] chnl_net:caif_netlink_parms(): no params data found [ 88.776982][ T5867] chnl_net:caif_netlink_parms(): no params data found [ 89.001524][ T5869] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.009149][ T5869] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.017352][ T5869] bridge_slave_0: entered allmulticast mode [ 89.024955][ T5869] bridge_slave_0: entered promiscuous mode [ 89.057949][ T5866] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.065356][ T5866] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.074523][ T5866] bridge_slave_0: entered allmulticast mode [ 89.082047][ T5866] bridge_slave_0: entered promiscuous mode [ 89.089714][ T5868] chnl_net:caif_netlink_parms(): no params data found [ 89.107891][ T5869] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.115193][ T5869] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.122961][ T5869] bridge_slave_1: entered allmulticast mode [ 89.130357][ T5869] bridge_slave_1: entered promiscuous mode [ 89.165466][ T5866] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.172687][ T5866] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.179921][ T5866] bridge_slave_1: entered allmulticast mode [ 89.188399][ T5866] bridge_slave_1: entered promiscuous mode [ 89.246097][ T5865] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.253705][ T5865] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.261126][ T5865] bridge_slave_0: entered allmulticast mode [ 89.268996][ T5865] bridge_slave_0: entered promiscuous mode [ 89.289730][ T5867] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.297106][ T5867] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.305431][ T5867] bridge_slave_0: entered allmulticast mode [ 89.313811][ T5867] bridge_slave_0: entered promiscuous mode [ 89.339268][ T5866] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.363073][ T5865] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.370288][ T5865] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.378079][ T5865] bridge_slave_1: entered allmulticast mode [ 89.386408][ T5865] bridge_slave_1: entered promiscuous mode [ 89.408841][ T5867] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.416152][ T5867] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.423960][ T5867] bridge_slave_1: entered allmulticast mode [ 89.431855][ T5867] bridge_slave_1: entered promiscuous mode [ 89.448401][ T5866] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.475376][ T5869] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.544465][ T5866] team0: Port device team_slave_0 added [ 89.553931][ T5869] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.580403][ T5865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.630384][ T5866] team0: Port device team_slave_1 added [ 89.653338][ T5865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.679646][ T5867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.689503][ T5868] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.697147][ T5868] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.704604][ T5868] bridge_slave_0: entered allmulticast mode [ 89.712571][ T5868] bridge_slave_0: entered promiscuous mode [ 89.736789][ T5869] team0: Port device team_slave_0 added [ 89.759045][ T5867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.768568][ T5868] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.776083][ T5868] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.783953][ T5868] bridge_slave_1: entered allmulticast mode [ 89.791207][ T5868] bridge_slave_1: entered promiscuous mode [ 89.812793][ T5869] team0: Port device team_slave_1 added [ 89.820428][ T5865] team0: Port device team_slave_0 added [ 89.871956][ T5866] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.878943][ T5866] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.905463][ T5866] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.919361][ T5866] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.926470][ T5866] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.953203][ T5866] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.953476][ T51] Bluetooth: hci2: command tx timeout [ 89.969772][ T5873] Bluetooth: hci0: command tx timeout [ 89.969780][ T5886] Bluetooth: hci4: command tx timeout [ 89.991124][ T5865] team0: Port device team_slave_1 added [ 90.013915][ T5868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.023459][ T51] Bluetooth: hci3: command tx timeout [ 90.023476][ T5873] Bluetooth: hci1: command tx timeout [ 90.039103][ T5868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.076670][ T5867] team0: Port device team_slave_0 added [ 90.085459][ T5867] team0: Port device team_slave_1 added [ 90.106406][ T5869] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.114175][ T5869] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.140747][ T5869] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.153761][ T5869] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.160777][ T5869] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.186829][ T5869] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.212658][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.219723][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.245712][ T5865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.286134][ T5868] team0: Port device team_slave_0 added [ 90.314206][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.321185][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.347937][ T5865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.375035][ T5868] team0: Port device team_slave_1 added [ 90.382116][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.389099][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.415293][ T5867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.428048][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.435567][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.461538][ T5867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.499595][ T5866] hsr_slave_0: entered promiscuous mode [ 90.507611][ T5866] hsr_slave_1: entered promiscuous mode [ 90.584008][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.591006][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.617249][ T5868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.665425][ T5869] hsr_slave_0: entered promiscuous mode [ 90.672225][ T5869] hsr_slave_1: entered promiscuous mode [ 90.678511][ T5869] debugfs: 'hsr0' already exists in 'hsr' [ 90.685253][ T5869] Cannot create hsr debugfs directory [ 90.722109][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.729089][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.755609][ T5868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.801033][ T5867] hsr_slave_0: entered promiscuous mode [ 90.807578][ T5867] hsr_slave_1: entered promiscuous mode [ 90.814153][ T5867] debugfs: 'hsr0' already exists in 'hsr' [ 90.819914][ T5867] Cannot create hsr debugfs directory [ 90.877272][ T5865] hsr_slave_0: entered promiscuous mode [ 90.883890][ T5865] hsr_slave_1: entered promiscuous mode [ 90.890080][ T5865] debugfs: 'hsr0' already exists in 'hsr' [ 90.895873][ T5865] Cannot create hsr debugfs directory [ 91.080754][ T5868] hsr_slave_0: entered promiscuous mode [ 91.097983][ T5868] hsr_slave_1: entered promiscuous mode [ 91.108582][ T5868] debugfs: 'hsr0' already exists in 'hsr' [ 91.116439][ T5868] Cannot create hsr debugfs directory [ 91.597667][ T5869] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 91.613091][ T5869] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 91.632551][ T5869] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 91.663764][ T5869] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 91.737729][ T5866] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.754258][ T5866] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.793560][ T5866] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 91.807172][ T5866] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 91.869367][ T5867] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.881122][ T5867] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.918936][ T5867] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.964184][ T9] cfg80211: failed to load regulatory.db [ 91.968442][ T5867] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.022399][ T51] Bluetooth: hci2: command tx timeout [ 92.022441][ T5873] Bluetooth: hci0: command tx timeout [ 92.027837][ T5886] Bluetooth: hci4: command tx timeout [ 92.069403][ T5865] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.101832][ T51] Bluetooth: hci1: command tx timeout [ 92.103019][ T5865] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.111469][ T51] Bluetooth: hci3: command tx timeout [ 92.125630][ T5865] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.136573][ T5865] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 92.241028][ T5869] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.261088][ T5868] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.276955][ T5868] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.289249][ T5868] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.315843][ T5866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.327773][ T5868] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.383709][ T5869] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.450640][ T3472] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.457988][ T3472] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.478310][ T5866] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.496587][ T3472] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.503738][ T3472] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.520381][ T5867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.544627][ T3472] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.551907][ T3472] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.584793][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.591989][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.636504][ T5867] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.664996][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.672180][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.713585][ T3505] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.720749][ T3505] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.868170][ T5867] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 92.910693][ T5865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.976768][ T5868] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.019896][ T5865] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.099787][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.107079][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.157308][ T5868] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.178220][ T992] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.185425][ T992] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.238196][ T3505] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.245428][ T3505] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.323438][ T3505] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.330602][ T3505] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.428152][ T5869] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.496182][ T5866] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.539079][ T5868] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 93.567391][ T5867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.661306][ T5869] veth0_vlan: entered promiscuous mode [ 93.748656][ T5869] veth1_vlan: entered promiscuous mode [ 93.807250][ T5866] veth0_vlan: entered promiscuous mode [ 93.828933][ T5867] veth0_vlan: entered promiscuous mode [ 93.849718][ T5866] veth1_vlan: entered promiscuous mode [ 93.897213][ T5867] veth1_vlan: entered promiscuous mode [ 93.923453][ T5869] veth0_macvtap: entered promiscuous mode [ 93.954493][ T5869] veth1_macvtap: entered promiscuous mode [ 93.970713][ T5866] veth0_macvtap: entered promiscuous mode [ 94.005269][ T5866] veth1_macvtap: entered promiscuous mode [ 94.048556][ T5865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.093534][ T5867] veth0_macvtap: entered promiscuous mode [ 94.103961][ T51] Bluetooth: hci2: command tx timeout [ 94.109422][ T51] Bluetooth: hci4: command tx timeout [ 94.117413][ T5886] Bluetooth: hci0: command tx timeout [ 94.120189][ T5868] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.139258][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.149016][ T5869] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.182304][ T5886] Bluetooth: hci1: command tx timeout [ 94.194303][ T51] Bluetooth: hci3: command tx timeout [ 94.205802][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.249399][ T3505] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.260995][ T3505] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.273303][ T5867] veth1_macvtap: entered promiscuous mode [ 94.282582][ T5869] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.306494][ T3505] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.335784][ T3505] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.407347][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.418511][ T3505] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.435240][ T3505] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.468166][ T3505] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.479393][ T3505] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.519860][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.580422][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.602930][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.603823][ T992] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.644999][ T992] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.656528][ T992] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.686126][ T992] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.700556][ T5868] veth0_vlan: entered promiscuous mode [ 94.768860][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.781828][ T5868] veth1_vlan: entered promiscuous mode [ 94.790471][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.802509][ T3472] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.814644][ T3472] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.868073][ T5865] veth0_vlan: entered promiscuous mode [ 94.907053][ T5865] veth1_vlan: entered promiscuous mode [ 94.915372][ T5866] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 94.957762][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.983307][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.061034][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.089499][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.100723][ T5868] veth0_macvtap: entered promiscuous mode [ 95.134786][ T5989] syz.1.2 uses obsolete (PF_INET,SOCK_PACKET) [ 95.154934][ T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.166486][ T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.177435][ T5868] veth1_macvtap: entered promiscuous mode [ 95.327498][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.340249][ T5865] veth0_macvtap: entered promiscuous mode [ 95.386231][ T5865] veth1_macvtap: entered promiscuous mode [ 95.426289][ T5994] syzkaller0: entered promiscuous mode [ 95.442983][ T5994] syzkaller0: entered allmulticast mode [ 95.466328][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.497895][ T5991] tipc: Started in network mode [ 95.505304][ T5991] tipc: Node identity 2ecf69135db5, cluster identity 4711 [ 95.513555][ T5991] tipc: Enabled bearer , priority 0 [ 95.528236][ T3448] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.550302][ T3448] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.564120][ T3448] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.651004][ T5999] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 95.687246][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.697353][ T5991] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 95.713603][ T3448] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.749188][ T5994] tipc: Resetting bearer [ 95.768424][ T6000] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6'. [ 95.818702][ T5990] tipc: Resetting bearer [ 95.833512][ T5990] tipc: Disabling bearer [ 95.918623][ T6004] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9'. [ 96.187339][ T51] Bluetooth: hci2: command tx timeout [ 96.193611][ T5886] Bluetooth: hci4: command tx timeout [ 96.193625][ T5873] Bluetooth: hci0: command tx timeout [ 96.271856][ T51] Bluetooth: hci1: command tx timeout [ 96.274119][ T5886] Bluetooth: hci3: command tx timeout [ 97.025990][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.049670][ T6018] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12'. [ 97.179357][ T3505] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.204699][ T3505] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.205412][ T6024] trusted_key: syz.0.14 sent an empty control message without MSG_MORE. [ 97.222343][ T3505] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.222491][ T3505] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.264003][ T6027] netlink: 40 bytes leftover after parsing attributes in process `syz.1.15'. [ 97.374841][ T3505] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.378871][ T6028] netlink: 'syz.3.16': attribute type 5 has an invalid length. [ 97.410276][ T3505] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.428345][ T6028] Zero length message leads to an empty skb [ 97.456235][ T6028] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.618039][ T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.638937][ T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.693334][ T6039] warning: `syz.1.18' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 97.757269][ T3472] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.770451][ T3472] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.931434][ T3472] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.939323][ T3472] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.166109][ T6048] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.174952][ T6048] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.280953][ T6048] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 98.297683][ T6048] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 98.439566][ T992] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.460476][ T992] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.479923][ T992] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.529323][ T992] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.635629][ T6063] netlink: 40 bytes leftover after parsing attributes in process `syz.1.24'. [ 98.689751][ T6069] netlink: 108 bytes leftover after parsing attributes in process `syz.4.5'. [ 98.717414][ T6063] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.24'. [ 98.733630][ T6069] netlink: 108 bytes leftover after parsing attributes in process `syz.4.5'. [ 98.738685][ T6064] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.25'. [ 98.754875][ T6069] netlink: 108 bytes leftover after parsing attributes in process `syz.4.5'. [ 99.305812][ T6089] (unnamed net_device) (uninitialized): option miimon: invalid value (18446744073709551585) [ 99.324231][ T6089] (unnamed net_device) (uninitialized): option miimon: allowed values 0 - 2147483647 [ 100.563759][ T6139] openvswitch: netlink: Tunnel attr 1327 out of range max 16 [ 100.882658][ T6153] __nla_validate_parse: 9 callbacks suppressed [ 100.882679][ T6153] netlink: 8 bytes leftover after parsing attributes in process `syz.0.53'. [ 100.940216][ T6157] netlink: 20 bytes leftover after parsing attributes in process `syz.0.53'. [ 100.953235][ T6156] netlink: 12 bytes leftover after parsing attributes in process `syz.1.56'. [ 100.981849][ T6153] netlink: 8 bytes leftover after parsing attributes in process `syz.0.53'. [ 101.073879][ T3505] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 101.102060][ T3505] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 101.110522][ T979] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 101.187826][ T6167] netlink: 12 bytes leftover after parsing attributes in process `syz.4.58'. [ 101.211537][ T979] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 101.251506][ T979] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 101.341920][ T6173] netlink: 108 bytes leftover after parsing attributes in process `syz.2.61'. [ 101.351611][ T6173] netlink: 108 bytes leftover after parsing attributes in process `syz.2.61'. [ 101.365297][ T6173] netlink: 108 bytes leftover after parsing attributes in process `syz.2.61'. [ 101.407835][ T6176] netlink: 12 bytes leftover after parsing attributes in process `syz.4.62'. [ 101.615527][ T6182] netlink: 52 bytes leftover after parsing attributes in process `syz.4.64'. [ 102.055173][ T6201] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 102.107383][ T6201] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 102.505482][ T6215] bridge: RTM_NEWNEIGH with invalid ether address [ 102.675242][ T36] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 102.729389][ T36] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 102.815151][ T992] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 102.837849][ T992] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 103.238719][ T6249] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.246575][ T6249] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.453493][ T6249] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 103.470359][ T6249] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 103.598266][ T3472] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.633201][ T3472] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.672718][ T3472] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.685585][ T3472] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.923819][ T6272] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 105.238489][ T6301] netlink: 'syz.1.108': attribute type 21 has an invalid length. [ 105.891097][ T6316] netlink: 'syz.1.115': attribute type 1 has an invalid length. [ 105.902240][ T6318] netlink: 'syz.2.116': attribute type 10 has an invalid length. [ 105.925089][ T6320] __nla_validate_parse: 8 callbacks suppressed [ 105.925109][ T6320] netlink: 28 bytes leftover after parsing attributes in process `syz.1.115'. [ 105.947047][ T6318] team0: Port device dummy0 added [ 106.003049][ T6316] bond1: entered promiscuous mode [ 106.008862][ T6316] 8021q: adding VLAN 0 to HW filter on device bond1 [ 106.137170][ T6329] netlink: 12 bytes leftover after parsing attributes in process `syz.2.119'. [ 106.396518][ T6332] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.404607][ T6332] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.490855][ T6346] netlink: 'syz.2.125': attribute type 6 has an invalid length. [ 106.515947][ T6346] netlink: 'syz.2.125': attribute type 1 has an invalid length. [ 106.527959][ T6346] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.125'. [ 106.626549][ T6332] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 106.640886][ T6332] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 106.778816][ T3472] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.813062][ T3472] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.845082][ T3472] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.887096][ T3472] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.153434][ T6365] syzkaller1: entered promiscuous mode [ 107.175135][ T6365] syzkaller1: entered allmulticast mode [ 107.350416][ T6373] netlink: 'syz.0.137': attribute type 1 has an invalid length. [ 107.365038][ T6377] netlink: 12 bytes leftover after parsing attributes in process `syz.2.135'. [ 107.589343][ T6382] netlink: 24 bytes leftover after parsing attributes in process `syz.0.139'. [ 107.988228][ T6404] netlink: 4 bytes leftover after parsing attributes in process `syz.0.146'. [ 108.329830][ T6417] netlink: 108 bytes leftover after parsing attributes in process `syz.3.149'. [ 108.355043][ T6416] netlink: 8 bytes leftover after parsing attributes in process `syz.0.151'. [ 108.416602][ T6417] netlink: 108 bytes leftover after parsing attributes in process `syz.3.149'. [ 108.491373][ T6417] netlink: 108 bytes leftover after parsing attributes in process `syz.3.149'. [ 108.850729][ T6435] tipc: Started in network mode [ 108.871443][ T6435] tipc: Node identity 2e5498fe8ff4, cluster identity 4711 [ 108.902488][ T6435] tipc: Enabled bearer , priority 0 [ 108.914746][ T6440] syzkaller0: entered promiscuous mode [ 108.920345][ T6440] syzkaller0: entered allmulticast mode [ 109.022848][ T6435] tipc: Resetting bearer [ 109.076578][ T6430] tipc: Resetting bearer [ 109.136971][ T6430] tipc: Disabling bearer [ 109.573061][ T6465] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.580896][ T6465] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.768962][ T6465] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 109.784867][ T6465] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 109.907172][ T3448] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.917528][ T3448] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.927506][ T3448] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.941631][ T3448] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.306653][ T6490] netlink: 'syz.2.177': attribute type 4 has an invalid length. [ 110.934372][ T6528] __nla_validate_parse: 9 callbacks suppressed [ 110.934392][ T6528] netlink: 108 bytes leftover after parsing attributes in process `syz.2.191'. [ 110.994463][ T6528] netlink: 108 bytes leftover after parsing attributes in process `syz.2.191'. [ 111.069096][ T6534] netlink: 28 bytes leftover after parsing attributes in process `syz.0.194'. [ 111.077885][ T6528] netlink: 108 bytes leftover after parsing attributes in process `syz.2.191'. [ 111.145370][ T6541] netlink: 'syz.4.196': attribute type 1 has an invalid length. [ 111.159940][ T6541] netlink: 172 bytes leftover after parsing attributes in process `syz.4.196'. [ 111.227612][ T6547] netlink: 12 bytes leftover after parsing attributes in process `syz.1.197'. [ 111.505294][ T6555] FAULT_INJECTION: forcing a failure. [ 111.505294][ T6555] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 111.540466][ T6555] CPU: 1 UID: 0 PID: 6555 Comm: syz.0.200 Not tainted syzkaller #0 PREEMPT(full) [ 111.540500][ T6555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 111.540520][ T6555] Call Trace: [ 111.540528][ T6555] [ 111.540537][ T6555] dump_stack_lvl+0x189/0x250 [ 111.540571][ T6555] ? __pfx____ratelimit+0x10/0x10 [ 111.540602][ T6555] ? __pfx_dump_stack_lvl+0x10/0x10 [ 111.540626][ T6555] ? __pfx__printk+0x10/0x10 [ 111.540653][ T6555] ? __might_fault+0xb0/0x130 [ 111.540693][ T6555] should_fail_ex+0x414/0x560 [ 111.540723][ T6555] _copy_from_user+0x2d/0xb0 [ 111.540747][ T6555] ___sys_sendmsg+0x158/0x2a0 [ 111.540772][ T6555] ? __pfx____sys_sendmsg+0x10/0x10 [ 111.540832][ T6555] ? __fget_files+0x2a/0x420 [ 111.540849][ T6555] ? __fget_files+0x3a0/0x420 [ 111.540879][ T6555] __x64_sys_sendmsg+0x19b/0x260 [ 111.540904][ T6555] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 111.540937][ T6555] ? __pfx_ksys_write+0x10/0x10 [ 111.540961][ T6555] ? rcu_is_watching+0x15/0xb0 [ 111.540987][ T6555] ? do_syscall_64+0xbe/0x3b0 [ 111.541010][ T6555] do_syscall_64+0xfa/0x3b0 [ 111.541027][ T6555] ? lockdep_hardirqs_on+0x9c/0x150 [ 111.541054][ T6555] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.541073][ T6555] ? clear_bhb_loop+0x60/0xb0 [ 111.541098][ T6555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.541117][ T6555] RIP: 0033:0x7f27ec18eba9 [ 111.541141][ T6555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.541165][ T6555] RSP: 002b:00007f27ed006038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 111.541186][ T6555] RAX: ffffffffffffffda RBX: 00007f27ec3d5fa0 RCX: 00007f27ec18eba9 [ 111.541201][ T6555] RDX: 0000000000040000 RSI: 00002000000006c0 RDI: 0000000000000003 [ 111.541214][ T6555] RBP: 00007f27ed006090 R08: 0000000000000000 R09: 0000000000000000 [ 111.541226][ T6555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.541242][ T6555] R13: 00007f27ec3d6038 R14: 00007f27ec3d5fa0 R15: 00007ffd46d7d4a8 [ 111.541271][ T6555] [ 111.819559][ T6562] netlink: 64 bytes leftover after parsing attributes in process `syz.4.203'. [ 111.872880][ T6568] netlink: 16 bytes leftover after parsing attributes in process `syz.3.204'. [ 111.937245][ T6572] netlink: 'syz.1.205': attribute type 2 has an invalid length. [ 112.070178][ T992] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.115941][ T992] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.173032][ T992] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.191609][ T992] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.282672][ T6580] netlink: 'syz.1.209': attribute type 4 has an invalid length. [ 112.313829][ T6586] netlink: 12 bytes leftover after parsing attributes in process `syz.4.212'. [ 112.438868][ T6591] netlink: 92 bytes leftover after parsing attributes in process `syz.3.216'. [ 112.495798][ T6596] FAULT_INJECTION: forcing a failure. [ 112.495798][ T6596] name failslab, interval 1, probability 0, space 0, times 1 [ 112.547883][ T6596] CPU: 1 UID: 0 PID: 6596 Comm: syz.4.217 Not tainted syzkaller #0 PREEMPT(full) [ 112.547912][ T6596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 112.547925][ T6596] Call Trace: [ 112.547934][ T6596] [ 112.547942][ T6596] dump_stack_lvl+0x189/0x250 [ 112.547972][ T6596] ? __pfx____ratelimit+0x10/0x10 [ 112.548003][ T6596] ? __pfx_dump_stack_lvl+0x10/0x10 [ 112.548027][ T6596] ? __pfx__printk+0x10/0x10 [ 112.548063][ T6596] ? __pfx___might_resched+0x10/0x10 [ 112.548087][ T6596] should_fail_ex+0x414/0x560 [ 112.548120][ T6596] should_failslab+0xa8/0x100 [ 112.548159][ T6596] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 112.548187][ T6596] ? __alloc_skb+0x112/0x2d0 [ 112.548211][ T6596] __alloc_skb+0x112/0x2d0 [ 112.548235][ T6596] netlink_sendmsg+0x5c6/0xb30 [ 112.548266][ T6596] ? __pfx_netlink_sendmsg+0x10/0x10 [ 112.548289][ T6596] ? aa_sock_msg_perm+0xf1/0x1d0 [ 112.548310][ T6596] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 112.548332][ T6596] ? __pfx_netlink_sendmsg+0x10/0x10 [ 112.548352][ T6596] __sock_sendmsg+0x219/0x270 [ 112.548385][ T6596] ____sys_sendmsg+0x505/0x830 [ 112.548414][ T6596] ? __pfx_____sys_sendmsg+0x10/0x10 [ 112.548448][ T6596] ? import_iovec+0x74/0xa0 [ 112.548475][ T6596] ___sys_sendmsg+0x21f/0x2a0 [ 112.548501][ T6596] ? __pfx____sys_sendmsg+0x10/0x10 [ 112.548564][ T6596] ? __fget_files+0x2a/0x420 [ 112.548590][ T6596] ? __fget_files+0x3a0/0x420 [ 112.548619][ T6596] __x64_sys_sendmsg+0x19b/0x260 [ 112.548645][ T6596] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 112.548678][ T6596] ? __pfx_ksys_write+0x10/0x10 [ 112.548702][ T6596] ? rcu_is_watching+0x15/0xb0 [ 112.548728][ T6596] ? do_syscall_64+0xbe/0x3b0 [ 112.548751][ T6596] do_syscall_64+0xfa/0x3b0 [ 112.548768][ T6596] ? lockdep_hardirqs_on+0x9c/0x150 [ 112.548797][ T6596] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.548817][ T6596] ? clear_bhb_loop+0x60/0xb0 [ 112.548841][ T6596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.548861][ T6596] RIP: 0033:0x7f35cbf8eba9 [ 112.548879][ T6596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.548896][ T6596] RSP: 002b:00007f35cce8d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 112.548916][ T6596] RAX: ffffffffffffffda RBX: 00007f35cc1d5fa0 RCX: 00007f35cbf8eba9 [ 112.548931][ T6596] RDX: 0000000000040000 RSI: 00002000000006c0 RDI: 0000000000000003 [ 112.548944][ T6596] RBP: 00007f35cce8d090 R08: 0000000000000000 R09: 0000000000000000 [ 112.548955][ T6596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.548967][ T6596] R13: 00007f35cc1d6038 R14: 00007f35cc1d5fa0 R15: 00007ffe40df2598 [ 112.548999][ T6596] [ 112.825644][ T6604] netlink: 'syz.3.219': attribute type 2 has an invalid length. [ 112.946342][ T6612] !€ÿ: renamed from bond_slave_0 [ 113.640117][ T6653] netlink: 'syz.2.235': attribute type 3 has an invalid length. [ 113.678576][ T6654] netlink: 'syz.0.234': attribute type 1 has an invalid length. [ 114.078293][ T6667] pim6reg1: entered promiscuous mode [ 114.083955][ T6667] pim6reg1: entered allmulticast mode [ 114.139618][ T6671] veth1_macvtap: left promiscuous mode [ 114.151595][ T6671] macsec0: entered promiscuous mode [ 114.157073][ T6671] macsec0: entered allmulticast mode [ 114.219490][ T6672] vlan2: entered promiscuous mode [ 114.266472][ T6679] veth1_macvtap: entered promiscuous mode [ 114.272772][ T6679] veth1_macvtap: entered allmulticast mode [ 114.285908][ T6679] macsec0: left promiscuous mode [ 114.296030][ T6679] macsec0: left allmulticast mode [ 114.305135][ T6679] veth1_macvtap: left allmulticast mode [ 114.484663][ T6697] FAULT_INJECTION: forcing a failure. [ 114.484663][ T6697] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 114.510014][ T6697] CPU: 1 UID: 0 PID: 6697 Comm: syz.2.251 Not tainted syzkaller #0 PREEMPT(full) [ 114.510043][ T6697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 114.510056][ T6697] Call Trace: [ 114.510064][ T6697] [ 114.510073][ T6697] dump_stack_lvl+0x189/0x250 [ 114.510103][ T6697] ? __pfx____ratelimit+0x10/0x10 [ 114.510134][ T6697] ? __pfx_dump_stack_lvl+0x10/0x10 [ 114.510157][ T6697] ? __pfx__printk+0x10/0x10 [ 114.510185][ T6697] ? __might_fault+0xb0/0x130 [ 114.510225][ T6697] should_fail_ex+0x414/0x560 [ 114.510264][ T6697] _copy_from_iter+0x1de/0x1790 [ 114.510294][ T6697] ? rcu_is_watching+0x15/0xb0 [ 114.510315][ T6697] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 114.510345][ T6697] ? __pfx__copy_from_iter+0x10/0x10 [ 114.510368][ T6697] ? __build_skb_around+0x257/0x3e0 [ 114.510392][ T6697] ? netlink_sendmsg+0x642/0xb30 [ 114.510414][ T6697] ? skb_put+0x11b/0x210 [ 114.510439][ T6697] netlink_sendmsg+0x6b2/0xb30 [ 114.510468][ T6697] ? __pfx_netlink_sendmsg+0x10/0x10 [ 114.510491][ T6697] ? aa_sock_msg_perm+0xf1/0x1d0 [ 114.510513][ T6697] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 114.510534][ T6697] ? __pfx_netlink_sendmsg+0x10/0x10 [ 114.510554][ T6697] __sock_sendmsg+0x219/0x270 [ 114.510585][ T6697] ____sys_sendmsg+0x505/0x830 [ 114.510613][ T6697] ? __pfx_____sys_sendmsg+0x10/0x10 [ 114.510645][ T6697] ? import_iovec+0x74/0xa0 [ 114.510671][ T6697] ___sys_sendmsg+0x21f/0x2a0 [ 114.510695][ T6697] ? __pfx____sys_sendmsg+0x10/0x10 [ 114.510746][ T6697] ? __fget_files+0x2a/0x420 [ 114.510760][ T6697] ? __fget_files+0x3a0/0x420 [ 114.510783][ T6697] __x64_sys_sendmsg+0x19b/0x260 [ 114.510803][ T6697] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 114.510830][ T6697] ? __pfx_ksys_write+0x10/0x10 [ 114.510849][ T6697] ? rcu_is_watching+0x15/0xb0 [ 114.510869][ T6697] ? do_syscall_64+0xbe/0x3b0 [ 114.510888][ T6697] do_syscall_64+0xfa/0x3b0 [ 114.510902][ T6697] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.510925][ T6697] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.510941][ T6697] ? clear_bhb_loop+0x60/0xb0 [ 114.510960][ T6697] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.510975][ T6697] RIP: 0033:0x7f5621f8eba9 [ 114.510991][ T6697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.511004][ T6697] RSP: 002b:00007f5622dc1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 114.511023][ T6697] RAX: ffffffffffffffda RBX: 00007f56221d5fa0 RCX: 00007f5621f8eba9 [ 114.511035][ T6697] RDX: 0000000000040000 RSI: 00002000000006c0 RDI: 0000000000000003 [ 114.511044][ T6697] RBP: 00007f5622dc1090 R08: 0000000000000000 R09: 0000000000000000 [ 114.511054][ T6697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.511064][ T6697] R13: 00007f56221d6038 R14: 00007f56221d5fa0 R15: 00007ffccf986218 [ 114.511090][ T6697] [ 114.899652][ T6706] FAULT_INJECTION: forcing a failure. [ 114.899652][ T6706] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 114.935658][ T6706] CPU: 0 UID: 0 PID: 6706 Comm: syz.1.254 Not tainted syzkaller #0 PREEMPT(full) [ 114.935685][ T6706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 114.935697][ T6706] Call Trace: [ 114.935706][ T6706] [ 114.935715][ T6706] dump_stack_lvl+0x189/0x250 [ 114.935745][ T6706] ? __pfx____ratelimit+0x10/0x10 [ 114.935777][ T6706] ? __pfx_dump_stack_lvl+0x10/0x10 [ 114.935801][ T6706] ? __pfx__printk+0x10/0x10 [ 114.935830][ T6706] ? __might_fault+0xb0/0x130 [ 114.935872][ T6706] should_fail_ex+0x414/0x560 [ 114.935904][ T6706] _copy_from_user+0x2d/0xb0 [ 114.935929][ T6706] ___sys_sendmsg+0x158/0x2a0 [ 114.935963][ T6706] ? __pfx____sys_sendmsg+0x10/0x10 [ 114.936025][ T6706] ? __fget_files+0x2a/0x420 [ 114.936042][ T6706] ? __fget_files+0x3a0/0x420 [ 114.936071][ T6706] __x64_sys_sendmsg+0x19b/0x260 [ 114.936097][ T6706] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 114.936130][ T6706] ? __pfx_ksys_write+0x10/0x10 [ 114.936154][ T6706] ? rcu_is_watching+0x15/0xb0 [ 114.936180][ T6706] ? do_syscall_64+0xbe/0x3b0 [ 114.936203][ T6706] do_syscall_64+0xfa/0x3b0 [ 114.936220][ T6706] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.936249][ T6706] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.936269][ T6706] ? clear_bhb_loop+0x60/0xb0 [ 114.936293][ T6706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.936311][ T6706] RIP: 0033:0x7f3e4018eba9 [ 114.936329][ T6706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.936345][ T6706] RSP: 002b:00007f3e410a4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 114.936365][ T6706] RAX: ffffffffffffffda RBX: 00007f3e403d5fa0 RCX: 00007f3e4018eba9 [ 114.936380][ T6706] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003 [ 114.936392][ T6706] RBP: 00007f3e410a4090 R08: 0000000000000000 R09: 0000000000000000 [ 114.936404][ T6706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.936415][ T6706] R13: 00007f3e403d6038 R14: 00007f3e403d5fa0 R15: 00007ffde827d018 [ 114.936449][ T6706] [ 115.436771][ T6716] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.444743][ T6716] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.468564][ T6735] FAULT_INJECTION: forcing a failure. [ 115.468564][ T6735] name failslab, interval 1, probability 0, space 0, times 0 [ 115.504577][ T6735] CPU: 0 UID: 0 PID: 6735 Comm: syz.1.266 Not tainted syzkaller #0 PREEMPT(full) [ 115.504606][ T6735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 115.504624][ T6735] Call Trace: [ 115.504632][ T6735] [ 115.504641][ T6735] dump_stack_lvl+0x189/0x250 [ 115.504672][ T6735] ? __pfx____ratelimit+0x10/0x10 [ 115.504704][ T6735] ? __pfx_dump_stack_lvl+0x10/0x10 [ 115.504729][ T6735] ? __pfx__printk+0x10/0x10 [ 115.504760][ T6735] ? __pfx___might_resched+0x10/0x10 [ 115.504780][ T6735] ? fs_reclaim_acquire+0x7d/0x100 [ 115.504816][ T6735] should_fail_ex+0x414/0x560 [ 115.504850][ T6735] should_failslab+0xa8/0x100 [ 115.504883][ T6735] __kmalloc_noprof+0xcb/0x4f0 [ 115.504910][ T6735] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 115.504944][ T6735] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 115.504979][ T6735] genl_family_rcv_msg_doit+0xb8/0x300 [ 115.505013][ T6735] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 115.505049][ T6735] ? apparmor_capable+0x137/0x1b0 [ 115.505076][ T6735] ? bpf_lsm_capable+0x9/0x20 [ 115.505104][ T6735] ? security_capable+0x7e/0x2e0 [ 115.505142][ T6735] genl_rcv_msg+0x60e/0x790 [ 115.505181][ T6735] ? __pfx_genl_rcv_msg+0x10/0x10 [ 115.505204][ T6735] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 115.505227][ T6735] ? __pfx_nl80211_new_key+0x10/0x10 [ 115.505251][ T6735] ? __pfx_nl80211_post_doit+0x10/0x10 [ 115.505292][ T6735] netlink_rcv_skb+0x208/0x470 [ 115.505322][ T6735] ? __lock_acquire+0xab9/0xd20 [ 115.505353][ T6735] ? __pfx_genl_rcv_msg+0x10/0x10 [ 115.505379][ T6735] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 115.505433][ T6735] ? down_read+0x1ad/0x2e0 [ 115.505458][ T6735] genl_rcv+0x28/0x40 [ 115.505480][ T6735] netlink_unicast+0x82c/0x9e0 [ 115.505519][ T6735] ? __pfx_netlink_unicast+0x10/0x10 [ 115.505550][ T6735] ? netlink_sendmsg+0x642/0xb30 [ 115.505567][ T6735] ? skb_put+0x11b/0x210 [ 115.505592][ T6735] netlink_sendmsg+0x805/0xb30 [ 115.505623][ T6735] ? __pfx_netlink_sendmsg+0x10/0x10 [ 115.505646][ T6735] ? aa_sock_msg_perm+0xf1/0x1d0 [ 115.505668][ T6735] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 115.505690][ T6735] ? __pfx_netlink_sendmsg+0x10/0x10 [ 115.505710][ T6735] __sock_sendmsg+0x219/0x270 [ 115.505743][ T6735] ____sys_sendmsg+0x505/0x830 [ 115.505773][ T6735] ? __pfx_____sys_sendmsg+0x10/0x10 [ 115.505807][ T6735] ? import_iovec+0x74/0xa0 [ 115.505836][ T6735] ___sys_sendmsg+0x21f/0x2a0 [ 115.505862][ T6735] ? __pfx____sys_sendmsg+0x10/0x10 [ 115.505928][ T6735] ? __fget_files+0x2a/0x420 [ 115.505946][ T6735] ? __fget_files+0x3a0/0x420 [ 115.505976][ T6735] __x64_sys_sendmsg+0x19b/0x260 [ 115.506004][ T6735] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 115.506038][ T6735] ? __pfx_ksys_write+0x10/0x10 [ 115.506063][ T6735] ? rcu_is_watching+0x15/0xb0 [ 115.506090][ T6735] ? do_syscall_64+0xbe/0x3b0 [ 115.506115][ T6735] do_syscall_64+0xfa/0x3b0 [ 115.506132][ T6735] ? lockdep_hardirqs_on+0x9c/0x150 [ 115.506161][ T6735] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.506189][ T6735] ? clear_bhb_loop+0x60/0xb0 [ 115.506214][ T6735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.506233][ T6735] RIP: 0033:0x7f3e4018eba9 [ 115.506251][ T6735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.506268][ T6735] RSP: 002b:00007f3e410a4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 115.506289][ T6735] RAX: ffffffffffffffda RBX: 00007f3e403d5fa0 RCX: 00007f3e4018eba9 [ 115.506305][ T6735] RDX: 0000000000040000 RSI: 00002000000006c0 RDI: 0000000000000003 [ 115.506317][ T6735] RBP: 00007f3e410a4090 R08: 0000000000000000 R09: 0000000000000000 [ 115.506330][ T6735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 115.506341][ T6735] R13: 00007f3e403d6038 R14: 00007f3e403d5fa0 R15: 00007ffde827d018 [ 115.506375][ T6735] [ 115.925816][ T6737] netlink: 'syz.3.265': attribute type 4 has an invalid length. [ 115.987458][ T6740] netlink: 'syz.3.265': attribute type 4 has an invalid length. [ 116.001161][ T6716] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 116.011196][ T6739] __nla_validate_parse: 19 callbacks suppressed [ 116.011217][ T6739] netlink: 12 bytes leftover after parsing attributes in process `syz.1.267'. [ 116.019774][ T6716] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 116.255999][ T36] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.292957][ T36] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.326804][ T36] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.392386][ T36] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.486464][ T6758] netlink: 12 bytes leftover after parsing attributes in process `syz.1.274'. [ 116.489055][ T6754] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 116.552405][ T6754] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 116.729404][ T6767] netlink: 12 bytes leftover after parsing attributes in process `syz.3.278'. [ 116.757278][ T6761] netlink: 24 bytes leftover after parsing attributes in process `syz.0.273'. [ 116.774797][ T6771] FAULT_INJECTION: forcing a failure. [ 116.774797][ T6771] name failslab, interval 1, probability 0, space 0, times 0 [ 116.850577][ T6771] CPU: 1 UID: 0 PID: 6771 Comm: syz.1.279 Not tainted syzkaller #0 PREEMPT(full) [ 116.850607][ T6771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 116.850619][ T6771] Call Trace: [ 116.850627][ T6771] [ 116.850636][ T6771] dump_stack_lvl+0x189/0x250 [ 116.850667][ T6771] ? __pfx____ratelimit+0x10/0x10 [ 116.850698][ T6771] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.850722][ T6771] ? __pfx__printk+0x10/0x10 [ 116.850757][ T6771] ? __pfx___might_resched+0x10/0x10 [ 116.850776][ T6771] ? fs_reclaim_acquire+0x7d/0x100 [ 116.850812][ T6771] should_fail_ex+0x414/0x560 [ 116.850844][ T6771] should_failslab+0xa8/0x100 [ 116.850877][ T6771] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 116.850906][ T6771] ? __alloc_skb+0x112/0x2d0 [ 116.850931][ T6771] __alloc_skb+0x112/0x2d0 [ 116.850954][ T6771] netlink_ack+0x146/0xa50 [ 116.850982][ T6771] ? __pfx_genl_rcv_msg+0x10/0x10 [ 116.851005][ T6771] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 116.851027][ T6771] ? __pfx_nl80211_post_doit+0x10/0x10 [ 116.851067][ T6771] netlink_rcv_skb+0x28c/0x470 [ 116.851102][ T6771] ? __lock_acquire+0xab9/0xd20 [ 116.851133][ T6771] ? __pfx_genl_rcv_msg+0x10/0x10 [ 116.851159][ T6771] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 116.851211][ T6771] ? down_read+0x1ad/0x2e0 [ 116.851240][ T6771] genl_rcv+0x28/0x40 [ 116.851260][ T6771] netlink_unicast+0x82c/0x9e0 [ 116.851297][ T6771] ? __pfx_netlink_unicast+0x10/0x10 [ 116.851326][ T6771] ? netlink_sendmsg+0x642/0xb30 [ 116.851341][ T6771] ? skb_put+0x11b/0x210 [ 116.851365][ T6771] netlink_sendmsg+0x805/0xb30 [ 116.851393][ T6771] ? __pfx_netlink_sendmsg+0x10/0x10 [ 116.851415][ T6771] ? aa_sock_msg_perm+0xf1/0x1d0 [ 116.851437][ T6771] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 116.851459][ T6771] ? __pfx_netlink_sendmsg+0x10/0x10 [ 116.851479][ T6771] __sock_sendmsg+0x219/0x270 [ 116.851510][ T6771] ____sys_sendmsg+0x505/0x830 [ 116.851537][ T6771] ? __pfx_____sys_sendmsg+0x10/0x10 [ 116.851570][ T6771] ? import_iovec+0x74/0xa0 [ 116.851598][ T6771] ___sys_sendmsg+0x21f/0x2a0 [ 116.851624][ T6771] ? __pfx____sys_sendmsg+0x10/0x10 [ 116.851709][ T6771] ? __fget_files+0x2a/0x420 [ 116.851726][ T6771] ? __fget_files+0x3a0/0x420 [ 116.851756][ T6771] __x64_sys_sendmsg+0x19b/0x260 [ 116.851783][ T6771] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 116.851817][ T6771] ? __pfx_ksys_write+0x10/0x10 [ 116.851842][ T6771] ? rcu_is_watching+0x15/0xb0 [ 116.851869][ T6771] ? do_syscall_64+0xbe/0x3b0 [ 116.851893][ T6771] do_syscall_64+0xfa/0x3b0 [ 116.851911][ T6771] ? lockdep_hardirqs_on+0x9c/0x150 [ 116.851941][ T6771] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.851961][ T6771] ? clear_bhb_loop+0x60/0xb0 [ 116.851986][ T6771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.852005][ T6771] RIP: 0033:0x7f3e4018eba9 [ 116.852024][ T6771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.852040][ T6771] RSP: 002b:00007f3e410a4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 116.852061][ T6771] RAX: ffffffffffffffda RBX: 00007f3e403d5fa0 RCX: 00007f3e4018eba9 [ 116.852076][ T6771] RDX: 0000000000040000 RSI: 00002000000006c0 RDI: 0000000000000003 [ 116.852097][ T6771] RBP: 00007f3e410a4090 R08: 0000000000000000 R09: 0000000000000000 [ 116.852109][ T6771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 116.852121][ T6771] R13: 00007f3e403d6038 R14: 00007f3e403d5fa0 R15: 00007ffde827d018 [ 116.852154][ T6771] [ 117.493455][ T6793] netlink: 108 bytes leftover after parsing attributes in process `syz.1.285'. [ 117.503128][ T6793] netlink: 108 bytes leftover after parsing attributes in process `syz.1.285'. [ 117.512285][ T6793] netlink: 108 bytes leftover after parsing attributes in process `syz.1.285'. [ 117.633109][ T6804] netlink: 12 bytes leftover after parsing attributes in process `syz.0.290'. [ 117.833646][ T6816] netlink: 12 bytes leftover after parsing attributes in process `syz.0.292'. [ 117.877651][ T6813] netlink: 64 bytes leftover after parsing attributes in process `syz.1.295'. [ 117.889012][ T6813] netlink: 'syz.1.295': attribute type 1 has an invalid length. [ 117.947601][ T6813] vlan2: entered allmulticast mode [ 117.969741][ T6813] veth1: entered allmulticast mode [ 118.056372][ T13] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 118.094415][ T13] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 118.151872][ T13] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 118.181416][ T13] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 118.270429][ T6835] FAULT_INJECTION: forcing a failure. [ 118.270429][ T6835] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 118.284160][ T6830] IPVS: set_ctl: invalid protocol: 58 172.20.20.170:20000 [ 118.292699][ T6835] CPU: 1 UID: 0 PID: 6835 Comm: syz.0.304 Not tainted syzkaller #0 PREEMPT(full) [ 118.292726][ T6835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 118.292738][ T6835] Call Trace: [ 118.292747][ T6835] [ 118.292764][ T6835] dump_stack_lvl+0x189/0x250 [ 118.292793][ T6835] ? __pfx____ratelimit+0x10/0x10 [ 118.292823][ T6835] ? __pfx_dump_stack_lvl+0x10/0x10 [ 118.292847][ T6835] ? __pfx__printk+0x10/0x10 [ 118.292875][ T6835] ? __might_fault+0xb0/0x130 [ 118.292915][ T6835] should_fail_ex+0x414/0x560 [ 118.292947][ T6835] _copy_from_iter+0x1de/0x1790 [ 118.292976][ T6835] ? rcu_is_watching+0x15/0xb0 [ 118.292997][ T6835] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 118.293026][ T6835] ? __pfx__copy_from_iter+0x10/0x10 [ 118.293049][ T6835] ? __build_skb_around+0x257/0x3e0 [ 118.293073][ T6835] ? netlink_sendmsg+0x642/0xb30 [ 118.293090][ T6835] ? skb_put+0x11b/0x210 [ 118.293113][ T6835] netlink_sendmsg+0x6b2/0xb30 [ 118.293142][ T6835] ? __pfx_netlink_sendmsg+0x10/0x10 [ 118.293165][ T6835] ? aa_sock_msg_perm+0xf1/0x1d0 [ 118.293187][ T6835] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 118.293208][ T6835] ? __pfx_netlink_sendmsg+0x10/0x10 [ 118.293228][ T6835] __sock_sendmsg+0x219/0x270 [ 118.293260][ T6835] ____sys_sendmsg+0x505/0x830 [ 118.293289][ T6835] ? __pfx_____sys_sendmsg+0x10/0x10 [ 118.293321][ T6835] ? import_iovec+0x74/0xa0 [ 118.293348][ T6835] ___sys_sendmsg+0x21f/0x2a0 [ 118.293372][ T6835] ? __pfx____sys_sendmsg+0x10/0x10 [ 118.293434][ T6835] ? __fget_files+0x2a/0x420 [ 118.293451][ T6835] ? __fget_files+0x3a0/0x420 [ 118.293480][ T6835] __x64_sys_sendmsg+0x19b/0x260 [ 118.293511][ T6835] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 118.293544][ T6835] ? __pfx_ksys_write+0x10/0x10 [ 118.293569][ T6835] ? rcu_is_watching+0x15/0xb0 [ 118.293594][ T6835] ? do_syscall_64+0xbe/0x3b0 [ 118.293617][ T6835] do_syscall_64+0xfa/0x3b0 [ 118.293634][ T6835] ? lockdep_hardirqs_on+0x9c/0x150 [ 118.293663][ T6835] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.293682][ T6835] ? clear_bhb_loop+0x60/0xb0 [ 118.293706][ T6835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.293725][ T6835] RIP: 0033:0x7f27ec18eba9 [ 118.293743][ T6835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.293766][ T6835] RSP: 002b:00007f27ed006038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 118.293787][ T6835] RAX: ffffffffffffffda RBX: 00007f27ec3d5fa0 RCX: 00007f27ec18eba9 [ 118.293801][ T6835] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003 [ 118.293813][ T6835] RBP: 00007f27ed006090 R08: 0000000000000000 R09: 0000000000000000 [ 118.293825][ T6835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.293836][ T6835] R13: 00007f27ec3d6038 R14: 00007f27ec3d5fa0 R15: 00007ffd46d7d4a8 [ 118.293868][ T6835] [ 118.982721][ T6860] FAULT_INJECTION: forcing a failure. [ 118.982721][ T6860] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 119.038121][ T6860] CPU: 1 UID: 0 PID: 6860 Comm: syz.1.309 Not tainted syzkaller #0 PREEMPT(full) [ 119.038151][ T6860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 119.038163][ T6860] Call Trace: [ 119.038172][ T6860] [ 119.038181][ T6860] dump_stack_lvl+0x189/0x250 [ 119.038219][ T6860] ? __pfx____ratelimit+0x10/0x10 [ 119.038250][ T6860] ? __pfx_dump_stack_lvl+0x10/0x10 [ 119.038274][ T6860] ? __pfx__printk+0x10/0x10 [ 119.038317][ T6860] should_fail_ex+0x414/0x560 [ 119.038350][ T6860] _copy_to_user+0x31/0xb0 [ 119.038377][ T6860] simple_read_from_buffer+0xe1/0x170 [ 119.038413][ T6860] proc_fail_nth_read+0x1b3/0x220 [ 119.038438][ T6860] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 119.038464][ T6860] ? rw_verify_area+0x2a6/0x4d0 [ 119.038489][ T6860] ? __lock_acquire+0xab9/0xd20 [ 119.038517][ T6860] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 119.038542][ T6860] vfs_read+0x200/0xa30 [ 119.038568][ T6860] ? fdget_pos+0x247/0x320 [ 119.038590][ T6860] ? __pfx___mutex_lock+0x10/0x10 [ 119.038611][ T6860] ? __pfx_vfs_read+0x10/0x10 [ 119.038639][ T6860] ? __fget_files+0x2a/0x420 [ 119.038693][ T6860] ? __fget_files+0x3a0/0x420 [ 119.038708][ T6860] ? __fget_files+0x2a/0x420 [ 119.038732][ T6860] ksys_read+0x145/0x250 [ 119.038761][ T6860] ? __pfx_ksys_read+0x10/0x10 [ 119.038784][ T6860] ? rcu_is_watching+0x15/0xb0 [ 119.038811][ T6860] ? do_syscall_64+0xbe/0x3b0 [ 119.038835][ T6860] do_syscall_64+0xfa/0x3b0 [ 119.038853][ T6860] ? lockdep_hardirqs_on+0x9c/0x150 [ 119.038883][ T6860] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.038903][ T6860] ? clear_bhb_loop+0x60/0xb0 [ 119.038928][ T6860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.038955][ T6860] RIP: 0033:0x7f3e4018d5bc [ 119.038983][ T6860] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 119.038999][ T6860] RSP: 002b:00007f3e410a4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 119.039025][ T6860] RAX: ffffffffffffffda RBX: 00007f3e403d5fa0 RCX: 00007f3e4018d5bc [ 119.039040][ T6860] RDX: 000000000000000f RSI: 00007f3e410a40a0 RDI: 0000000000000004 [ 119.039052][ T6860] RBP: 00007f3e410a4090 R08: 0000000000000000 R09: 0000000000000000 [ 119.039064][ T6860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 119.039076][ T6860] R13: 00007f3e403d6038 R14: 00007f3e403d5fa0 R15: 00007ffde827d018 [ 119.039109][ T6860] [ 119.450113][ T6869] netlink: 'syz.4.313': attribute type 83 has an invalid length. [ 119.505422][ T6881] FAULT_INJECTION: forcing a failure. [ 119.505422][ T6881] name failslab, interval 1, probability 0, space 0, times 0 [ 119.518368][ T6881] CPU: 1 UID: 0 PID: 6881 Comm: syz.1.317 Not tainted syzkaller #0 PREEMPT(full) [ 119.518394][ T6881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 119.518405][ T6881] Call Trace: [ 119.518413][ T6881] [ 119.518421][ T6881] dump_stack_lvl+0x189/0x250 [ 119.518449][ T6881] ? __pfx____ratelimit+0x10/0x10 [ 119.518479][ T6881] ? __pfx_dump_stack_lvl+0x10/0x10 [ 119.518503][ T6881] ? __pfx__printk+0x10/0x10 [ 119.518534][ T6881] ? __pfx___might_resched+0x10/0x10 [ 119.518553][ T6881] ? fs_reclaim_acquire+0x7d/0x100 [ 119.518589][ T6881] should_fail_ex+0x414/0x560 [ 119.518621][ T6881] should_failslab+0xa8/0x100 [ 119.518651][ T6881] __kmalloc_noprof+0xcb/0x4f0 [ 119.518676][ T6881] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 119.518708][ T6881] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 119.518740][ T6881] genl_family_rcv_msg_doit+0xb8/0x300 [ 119.518773][ T6881] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 119.518808][ T6881] ? apparmor_capable+0x137/0x1b0 [ 119.518836][ T6881] ? bpf_lsm_capable+0x9/0x20 [ 119.518862][ T6881] ? security_capable+0x7e/0x2e0 [ 119.518900][ T6881] genl_rcv_msg+0x60e/0x790 [ 119.518932][ T6881] ? __pfx_genl_rcv_msg+0x10/0x10 [ 119.518963][ T6881] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 119.518985][ T6881] ? __pfx_nl80211_set_station+0x10/0x10 [ 119.519009][ T6881] ? __pfx_nl80211_post_doit+0x10/0x10 [ 119.519041][ T6881] netlink_rcv_skb+0x208/0x470 [ 119.519066][ T6881] ? __lock_acquire+0xab9/0xd20 [ 119.519092][ T6881] ? __pfx_genl_rcv_msg+0x10/0x10 [ 119.519113][ T6881] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 119.519154][ T6881] ? down_read+0x1ad/0x2e0 [ 119.519173][ T6881] genl_rcv+0x28/0x40 [ 119.519190][ T6881] netlink_unicast+0x82c/0x9e0 [ 119.519221][ T6881] ? __pfx_netlink_unicast+0x10/0x10 [ 119.519246][ T6881] ? netlink_sendmsg+0x642/0xb30 [ 119.519259][ T6881] ? skb_put+0x11b/0x210 [ 119.519278][ T6881] netlink_sendmsg+0x805/0xb30 [ 119.519301][ T6881] ? __pfx_netlink_sendmsg+0x10/0x10 [ 119.519319][ T6881] ? aa_sock_msg_perm+0xf1/0x1d0 [ 119.519337][ T6881] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 119.519354][ T6881] ? __pfx_netlink_sendmsg+0x10/0x10 [ 119.519371][ T6881] __sock_sendmsg+0x219/0x270 [ 119.519397][ T6881] ____sys_sendmsg+0x505/0x830 [ 119.519420][ T6881] ? __pfx_____sys_sendmsg+0x10/0x10 [ 119.519446][ T6881] ? import_iovec+0x74/0xa0 [ 119.519469][ T6881] ___sys_sendmsg+0x21f/0x2a0 [ 119.519489][ T6881] ? __pfx____sys_sendmsg+0x10/0x10 [ 119.519540][ T6881] ? __fget_files+0x2a/0x420 [ 119.519555][ T6881] ? __fget_files+0x3a0/0x420 [ 119.519579][ T6881] __x64_sys_sendmsg+0x19b/0x260 [ 119.519601][ T6881] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 119.519638][ T6881] ? rcu_is_watching+0x15/0xb0 [ 119.519665][ T6881] ? trace_sys_enter+0x25/0x100 [ 119.519702][ T6881] do_syscall_64+0xfa/0x3b0 [ 119.519721][ T6881] ? lockdep_hardirqs_on+0x9c/0x150 [ 119.519750][ T6881] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.519770][ T6881] ? clear_bhb_loop+0x60/0xb0 [ 119.519796][ T6881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.519816][ T6881] RIP: 0033:0x7f3e4018eba9 [ 119.519835][ T6881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.519851][ T6881] RSP: 002b:00007f3e410a4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 119.519872][ T6881] RAX: ffffffffffffffda RBX: 00007f3e403d5fa0 RCX: 00007f3e4018eba9 [ 119.519886][ T6881] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003 [ 119.519898][ T6881] RBP: 00007f3e410a4090 R08: 0000000000000000 R09: 0000000000000000 [ 119.519910][ T6881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 119.519921][ T6881] R13: 00007f3e403d6038 R14: 00007f3e403d5fa0 R15: 00007ffde827d018 [ 119.519962][ T6881] [ 119.955511][ T36] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 119.994075][ T13] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 120.004068][ T13] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 120.015146][ T13] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 120.206213][ T6898] netlink: 'syz.1.322': attribute type 2 has an invalid length. [ 120.215870][ T6900] FAULT_INJECTION: forcing a failure. [ 120.215870][ T6900] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 120.240959][ T6900] CPU: 1 UID: 0 PID: 6900 Comm: syz.4.325 Not tainted syzkaller #0 PREEMPT(full) [ 120.240983][ T6900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 120.240993][ T6900] Call Trace: [ 120.240999][ T6900] [ 120.241007][ T6900] dump_stack_lvl+0x189/0x250 [ 120.241032][ T6900] ? __pfx____ratelimit+0x10/0x10 [ 120.241057][ T6900] ? __pfx_dump_stack_lvl+0x10/0x10 [ 120.241077][ T6900] ? __pfx__printk+0x10/0x10 [ 120.241100][ T6900] ? __might_fault+0xb0/0x130 [ 120.241132][ T6900] should_fail_ex+0x414/0x560 [ 120.241158][ T6900] _copy_from_user+0x2d/0xb0 [ 120.241179][ T6900] ___sys_sendmsg+0x158/0x2a0 [ 120.241201][ T6900] ? __pfx____sys_sendmsg+0x10/0x10 [ 120.241255][ T6900] ? __fget_files+0x2a/0x420 [ 120.241270][ T6900] ? __fget_files+0x3a0/0x420 [ 120.241294][ T6900] __x64_sys_sendmsg+0x19b/0x260 [ 120.241315][ T6900] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 120.241343][ T6900] ? __pfx_ksys_write+0x10/0x10 [ 120.241364][ T6900] ? rcu_is_watching+0x15/0xb0 [ 120.241386][ T6900] ? do_syscall_64+0xbe/0x3b0 [ 120.241406][ T6900] do_syscall_64+0xfa/0x3b0 [ 120.241423][ T6900] ? lockdep_hardirqs_on+0x9c/0x150 [ 120.241450][ T6900] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.241470][ T6900] ? clear_bhb_loop+0x60/0xb0 [ 120.241493][ T6900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.241512][ T6900] RIP: 0033:0x7f35cbf8eba9 [ 120.241529][ T6900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.241545][ T6900] RSP: 002b:00007f35cce8d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 120.241565][ T6900] RAX: ffffffffffffffda RBX: 00007f35cc1d5fa0 RCX: 00007f35cbf8eba9 [ 120.241579][ T6900] RDX: 0000000000000000 RSI: 0000200000003700 RDI: 0000000000000003 [ 120.241590][ T6900] RBP: 00007f35cce8d090 R08: 0000000000000000 R09: 0000000000000000 [ 120.241602][ T6900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.241613][ T6900] R13: 00007f35cc1d6038 R14: 00007f35cc1d5fa0 R15: 00007ffe40df2598 [ 120.241653][ T6900] [ 120.774323][ T6923] FAULT_INJECTION: forcing a failure. [ 120.774323][ T6923] name failslab, interval 1, probability 0, space 0, times 0 [ 120.805764][ T6923] CPU: 1 UID: 0 PID: 6923 Comm: syz.0.333 Not tainted syzkaller #0 PREEMPT(full) [ 120.805793][ T6923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 120.805806][ T6923] Call Trace: [ 120.805815][ T6923] [ 120.805824][ T6923] dump_stack_lvl+0x189/0x250 [ 120.805853][ T6923] ? __pfx____ratelimit+0x10/0x10 [ 120.805884][ T6923] ? __pfx_dump_stack_lvl+0x10/0x10 [ 120.805908][ T6923] ? __pfx__printk+0x10/0x10 [ 120.805942][ T6923] ? __pfx___might_resched+0x10/0x10 [ 120.805961][ T6923] ? fs_reclaim_acquire+0x7d/0x100 [ 120.805999][ T6923] should_fail_ex+0x414/0x560 [ 120.806032][ T6923] should_failslab+0xa8/0x100 [ 120.806064][ T6923] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 120.806094][ T6923] ? __alloc_skb+0x112/0x2d0 [ 120.806118][ T6923] __alloc_skb+0x112/0x2d0 [ 120.806143][ T6923] netlink_ack+0x146/0xa50 [ 120.806171][ T6923] ? __pfx_genl_rcv_msg+0x10/0x10 [ 120.806194][ T6923] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 120.806217][ T6923] ? __pfx_nl80211_post_doit+0x10/0x10 [ 120.806258][ T6923] netlink_rcv_skb+0x28c/0x470 [ 120.806287][ T6923] ? __lock_acquire+0xab9/0xd20 [ 120.806317][ T6923] ? __pfx_genl_rcv_msg+0x10/0x10 [ 120.806344][ T6923] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 120.806397][ T6923] ? down_read+0x1ad/0x2e0 [ 120.806421][ T6923] genl_rcv+0x28/0x40 [ 120.806443][ T6923] netlink_unicast+0x82c/0x9e0 [ 120.806482][ T6923] ? __pfx_netlink_unicast+0x10/0x10 [ 120.806513][ T6923] ? netlink_sendmsg+0x642/0xb30 [ 120.806530][ T6923] ? skb_put+0x11b/0x210 [ 120.806555][ T6923] netlink_sendmsg+0x805/0xb30 [ 120.806585][ T6923] ? __pfx_netlink_sendmsg+0x10/0x10 [ 120.806609][ T6923] ? aa_sock_msg_perm+0xf1/0x1d0 [ 120.806631][ T6923] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 120.806661][ T6923] ? __pfx_netlink_sendmsg+0x10/0x10 [ 120.806681][ T6923] __sock_sendmsg+0x219/0x270 [ 120.806714][ T6923] ____sys_sendmsg+0x505/0x830 [ 120.806743][ T6923] ? __pfx_____sys_sendmsg+0x10/0x10 [ 120.806781][ T6923] ? import_iovec+0x74/0xa0 [ 120.806809][ T6923] ___sys_sendmsg+0x21f/0x2a0 [ 120.806835][ T6923] ? __pfx____sys_sendmsg+0x10/0x10 [ 120.806900][ T6923] ? __fget_files+0x2a/0x420 [ 120.806917][ T6923] ? __fget_files+0x3a0/0x420 [ 120.806948][ T6923] __x64_sys_sendmsg+0x19b/0x260 [ 120.806974][ T6923] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 120.807008][ T6923] ? __pfx_ksys_write+0x10/0x10 [ 120.807033][ T6923] ? rcu_is_watching+0x15/0xb0 [ 120.807060][ T6923] ? do_syscall_64+0xbe/0x3b0 [ 120.807084][ T6923] do_syscall_64+0xfa/0x3b0 [ 120.807102][ T6923] ? lockdep_hardirqs_on+0x9c/0x150 [ 120.807131][ T6923] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.807151][ T6923] ? clear_bhb_loop+0x60/0xb0 [ 120.807177][ T6923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.807196][ T6923] RIP: 0033:0x7f27ec18eba9 [ 120.807214][ T6923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.807230][ T6923] RSP: 002b:00007f27ed006038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 120.807252][ T6923] RAX: ffffffffffffffda RBX: 00007f27ec3d5fa0 RCX: 00007f27ec18eba9 [ 120.807267][ T6923] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003 [ 120.807279][ T6923] RBP: 00007f27ed006090 R08: 0000000000000000 R09: 0000000000000000 [ 120.807291][ T6923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.807303][ T6923] R13: 00007f27ec3d6038 R14: 00007f27ec3d5fa0 R15: 00007ffd46d7d4a8 [ 120.807335][ T6923] [ 121.416108][ T6935] __nla_validate_parse: 9 callbacks suppressed [ 121.416130][ T6935] netlink: 12 bytes leftover after parsing attributes in process `syz.4.338'. [ 121.444260][ T6938] FAULT_INJECTION: forcing a failure. [ 121.444260][ T6938] name failslab, interval 1, probability 0, space 0, times 0 [ 121.457295][ T6938] CPU: 1 UID: 0 PID: 6938 Comm: syz.2.339 Not tainted syzkaller #0 PREEMPT(full) [ 121.457321][ T6938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 121.457333][ T6938] Call Trace: [ 121.457341][ T6938] [ 121.457350][ T6938] dump_stack_lvl+0x189/0x250 [ 121.457378][ T6938] ? __pfx____ratelimit+0x10/0x10 [ 121.457408][ T6938] ? __pfx_dump_stack_lvl+0x10/0x10 [ 121.457432][ T6938] ? __pfx__printk+0x10/0x10 [ 121.457465][ T6938] ? __pfx___might_resched+0x10/0x10 [ 121.457489][ T6938] should_fail_ex+0x414/0x560 [ 121.457522][ T6938] should_failslab+0xa8/0x100 [ 121.457554][ T6938] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 121.457582][ T6938] ? __alloc_skb+0x112/0x2d0 [ 121.457605][ T6938] __alloc_skb+0x112/0x2d0 [ 121.457629][ T6938] netlink_sendmsg+0x5c6/0xb30 [ 121.457659][ T6938] ? __pfx_netlink_sendmsg+0x10/0x10 [ 121.457682][ T6938] ? aa_sock_msg_perm+0xf1/0x1d0 [ 121.457704][ T6938] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 121.457726][ T6938] ? __pfx_netlink_sendmsg+0x10/0x10 [ 121.457746][ T6938] __sock_sendmsg+0x219/0x270 [ 121.457777][ T6938] ____sys_sendmsg+0x505/0x830 [ 121.457806][ T6938] ? __pfx_____sys_sendmsg+0x10/0x10 [ 121.457847][ T6938] ? import_iovec+0x74/0xa0 [ 121.457875][ T6938] ___sys_sendmsg+0x21f/0x2a0 [ 121.457899][ T6938] ? __pfx____sys_sendmsg+0x10/0x10 [ 121.457959][ T6938] ? __fget_files+0x2a/0x420 [ 121.457975][ T6938] ? __fget_files+0x3a0/0x420 [ 121.458002][ T6938] __x64_sys_sendmsg+0x19b/0x260 [ 121.458027][ T6938] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 121.458060][ T6938] ? __pfx_ksys_write+0x10/0x10 [ 121.458083][ T6938] ? rcu_is_watching+0x15/0xb0 [ 121.458108][ T6938] ? do_syscall_64+0xbe/0x3b0 [ 121.458133][ T6938] do_syscall_64+0xfa/0x3b0 [ 121.458149][ T6938] ? lockdep_hardirqs_on+0x9c/0x150 [ 121.458179][ T6938] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.458199][ T6938] ? clear_bhb_loop+0x60/0xb0 [ 121.458223][ T6938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.458242][ T6938] RIP: 0033:0x7f5621f8eba9 [ 121.458260][ T6938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 121.458276][ T6938] RSP: 002b:00007f5622dc1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 121.458298][ T6938] RAX: ffffffffffffffda RBX: 00007f56221d5fa0 RCX: 00007f5621f8eba9 [ 121.458312][ T6938] RDX: 0000000000000000 RSI: 0000200000003700 RDI: 0000000000000003 [ 121.458324][ T6938] RBP: 00007f5622dc1090 R08: 0000000000000000 R09: 0000000000000000 [ 121.458337][ T6938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 121.458348][ T6938] R13: 00007f56221d6038 R14: 00007f56221d5fa0 R15: 00007ffccf986218 [ 121.458380][ T6938] [ 121.801133][ T6941] netlink: 'syz.2.342': attribute type 21 has an invalid length. [ 121.810106][ T6941] IPv6: NLM_F_CREATE should be specified when creating new route [ 121.822914][ T6941] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 121.830386][ T6941] IPv6: NLM_F_CREATE should be set when creating new route [ 121.837848][ T6941] IPv6: NLM_F_CREATE should be set when creating new route [ 121.845149][ T6941] IPv6: NLM_F_CREATE should be set when creating new route [ 121.880270][ T6944] ve: renamed from veth0_vlan [ 122.034408][ T6953] netlink: 8 bytes leftover after parsing attributes in process `syz.2.347'. [ 122.088719][ T6953] netlink: 4 bytes leftover after parsing attributes in process `syz.2.347'. [ 122.136008][ T6961] netlink: 8 bytes leftover after parsing attributes in process `syz.2.347'. [ 122.158742][ T6961] netlink: 4 bytes leftover after parsing attributes in process `syz.2.347'. [ 122.265860][ T6968] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 122.273595][ T6968] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 122.354285][ T6968] netlink: 14 bytes leftover after parsing attributes in process `syz.1.352'. [ 122.387907][ T6968] mac80211_hwsim hwsim3 wlan1: left promiscuous mode [ 122.396373][ T6977] netlink: 12 bytes leftover after parsing attributes in process `syz.3.356'. [ 122.406100][ T6968] mac80211_hwsim hwsim3 wlan1: left allmulticast mode [ 122.420570][ T6975] bridge_slave_0: left allmulticast mode [ 122.427315][ T6975] bridge_slave_0: left promiscuous mode [ 122.437198][ T6975] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.456182][ T6975] bridge_slave_1: left allmulticast mode [ 122.462719][ T6975] bridge_slave_1: left promiscuous mode [ 122.468685][ T6975] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.485213][ T6975] bond0: (slave bond_slave_0): Releasing backup interface [ 122.496697][ T6975] bond0: (slave bond_slave_1): Releasing backup interface [ 122.507891][ T6975] team0: Port device team_slave_0 removed [ 122.516910][ T6975] team0: Port device team_slave_1 removed [ 122.523367][ T6975] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 122.533412][ T6975] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 122.697555][ T6990] netlink: 'syz.4.360': attribute type 29 has an invalid length. [ 122.722657][ T6990] netlink: 'syz.4.360': attribute type 29 has an invalid length. [ 122.748090][ T6990] netlink: 596 bytes leftover after parsing attributes in process `syz.4.360'. [ 122.852994][ T6997] FAULT_INJECTION: forcing a failure. [ 122.852994][ T6997] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 122.885943][ T6998] netlink: 8 bytes leftover after parsing attributes in process `syz.4.364'. [ 122.914971][ T6997] CPU: 1 UID: 0 PID: 6997 Comm: syz.2.363 Not tainted syzkaller #0 PREEMPT(full) [ 122.915001][ T6997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 122.915013][ T6997] Call Trace: [ 122.915021][ T6997] [ 122.915030][ T6997] dump_stack_lvl+0x189/0x250 [ 122.915060][ T6997] ? __pfx____ratelimit+0x10/0x10 [ 122.915091][ T6997] ? __pfx_dump_stack_lvl+0x10/0x10 [ 122.915114][ T6997] ? __pfx__printk+0x10/0x10 [ 122.915157][ T6997] should_fail_ex+0x414/0x560 [ 122.915191][ T6997] _copy_to_user+0x31/0xb0 [ 122.915227][ T6997] simple_read_from_buffer+0xe1/0x170 [ 122.915263][ T6997] proc_fail_nth_read+0x1b3/0x220 [ 122.915292][ T6997] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 122.915319][ T6997] ? rw_verify_area+0x2a6/0x4d0 [ 122.915345][ T6997] ? __lock_acquire+0xab9/0xd20 [ 122.915372][ T6997] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 122.915397][ T6997] vfs_read+0x200/0xa30 [ 122.915423][ T6997] ? fdget_pos+0x247/0x320 [ 122.915445][ T6997] ? __pfx___mutex_lock+0x10/0x10 [ 122.915465][ T6997] ? __pfx_vfs_read+0x10/0x10 [ 122.915500][ T6997] ? __fget_files+0x2a/0x420 [ 122.915523][ T6997] ? __fget_files+0x3a0/0x420 [ 122.915539][ T6997] ? __fget_files+0x2a/0x420 [ 122.915567][ T6997] ksys_read+0x145/0x250 [ 122.915596][ T6997] ? __pfx_ksys_read+0x10/0x10 [ 122.915619][ T6997] ? rcu_is_watching+0x15/0xb0 [ 122.915645][ T6997] ? do_syscall_64+0xbe/0x3b0 [ 122.915669][ T6997] do_syscall_64+0xfa/0x3b0 [ 122.915686][ T6997] ? lockdep_hardirqs_on+0x9c/0x150 [ 122.915715][ T6997] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.915733][ T6997] ? clear_bhb_loop+0x60/0xb0 [ 122.915758][ T6997] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.915777][ T6997] RIP: 0033:0x7f5621f8d5bc [ 122.915796][ T6997] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 122.915812][ T6997] RSP: 002b:00007f5622dc1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 122.915833][ T6997] RAX: ffffffffffffffda RBX: 00007f56221d5fa0 RCX: 00007f5621f8d5bc [ 122.915847][ T6997] RDX: 000000000000000f RSI: 00007f5622dc10a0 RDI: 0000000000000008 [ 122.915858][ T6997] RBP: 00007f5622dc1090 R08: 0000000000000000 R09: 0000000000000000 [ 122.915870][ T6997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.915881][ T6997] R13: 00007f56221d6038 R14: 00007f56221d5fa0 R15: 00007ffccf986218 [ 122.915914][ T6997] [ 122.980192][ T7008] netlink: 12 bytes leftover after parsing attributes in process `syz.3.368'. [ 123.209690][ T9] IPVS: starting estimator thread 0... [ 123.265457][ T7001] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.277377][ T7001] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.291023][ T7001] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 123.323711][ T7019] IPVS: using max 25 ests per chain, 60000 per kthread [ 123.336883][ T7024] tipc: Failed to obtain node identity [ 123.343446][ T7024] tipc: Enabling of bearer rejected, failed to enable media [ 123.828762][ T7071] netlink: 'syz.1.382': attribute type 10 has an invalid length. [ 123.872896][ T7071] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 123.984267][ T7071] tipc: Started in network mode [ 123.989207][ T7071] tipc: Node identity d6403e112bfa, cluster identity 4711 [ 124.012056][ T7071] tipc: Enabled bearer , priority 0 [ 124.032754][ T7086] syzkaller0: entered promiscuous mode [ 124.038284][ T7086] syzkaller0: entered allmulticast mode [ 124.080789][ T7071] tipc: Resetting bearer [ 124.107040][ T7065] tipc: Resetting bearer [ 124.145371][ T7065] tipc: Disabling bearer [ 124.740960][ T7124] netlink: 'syz.3.399': attribute type 8 has an invalid length. [ 124.774388][ T7126] netlink: 'syz.1.398': attribute type 7 has an invalid length. [ 124.787155][ T7126] netlink: 'syz.1.398': attribute type 8 has an invalid length. [ 125.522259][ T7170] syzkaller1: entered promiscuous mode [ 125.546890][ T7170] syzkaller1: entered allmulticast mode [ 126.019115][ T7198] FAULT_INJECTION: forcing a failure. [ 126.019115][ T7198] name failslab, interval 1, probability 0, space 0, times 0 [ 126.053975][ T7198] CPU: 1 UID: 0 PID: 7198 Comm: syz.0.424 Not tainted syzkaller #0 PREEMPT(full) [ 126.054002][ T7198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 126.054014][ T7198] Call Trace: [ 126.054022][ T7198] [ 126.054031][ T7198] dump_stack_lvl+0x189/0x250 [ 126.054060][ T7198] ? __pfx____ratelimit+0x10/0x10 [ 126.054089][ T7198] ? __pfx_dump_stack_lvl+0x10/0x10 [ 126.054112][ T7198] ? __pfx__printk+0x10/0x10 [ 126.054145][ T7198] ? __pfx___might_resched+0x10/0x10 [ 126.054163][ T7198] ? fs_reclaim_acquire+0x7d/0x100 [ 126.054198][ T7198] should_fail_ex+0x414/0x560 [ 126.054231][ T7198] should_failslab+0xa8/0x100 [ 126.054262][ T7198] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 126.054289][ T7198] ? __alloc_skb+0x112/0x2d0 [ 126.054319][ T7198] __alloc_skb+0x112/0x2d0 [ 126.054342][ T7198] netlink_ack+0x146/0xa50 [ 126.054370][ T7198] ? __pfx_genl_rcv_msg+0x10/0x10 [ 126.054391][ T7198] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 126.054414][ T7198] ? __pfx_nl80211_post_doit+0x10/0x10 [ 126.054452][ T7198] netlink_rcv_skb+0x28c/0x470 [ 126.054480][ T7198] ? __lock_acquire+0xab9/0xd20 [ 126.054509][ T7198] ? __pfx_genl_rcv_msg+0x10/0x10 [ 126.054533][ T7198] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 126.054584][ T7198] ? down_read+0x1ad/0x2e0 [ 126.054607][ T7198] genl_rcv+0x28/0x40 [ 126.054628][ T7198] netlink_unicast+0x82c/0x9e0 [ 126.054665][ T7198] ? __pfx_netlink_unicast+0x10/0x10 [ 126.054693][ T7198] ? netlink_sendmsg+0x642/0xb30 [ 126.054708][ T7198] ? skb_put+0x11b/0x210 [ 126.054731][ T7198] netlink_sendmsg+0x805/0xb30 [ 126.054758][ T7198] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.054781][ T7198] ? aa_sock_msg_perm+0xf1/0x1d0 [ 126.054802][ T7198] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 126.054823][ T7198] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.054842][ T7198] __sock_sendmsg+0x219/0x270 [ 126.054873][ T7198] ____sys_sendmsg+0x505/0x830 [ 126.054902][ T7198] ? __pfx_____sys_sendmsg+0x10/0x10 [ 126.054939][ T7198] ? import_iovec+0x74/0xa0 [ 126.054966][ T7198] ___sys_sendmsg+0x21f/0x2a0 [ 126.054991][ T7198] ? __pfx____sys_sendmsg+0x10/0x10 [ 126.055071][ T7198] ? __fget_files+0x2a/0x420 [ 126.055088][ T7198] ? __fget_files+0x3a0/0x420 [ 126.055117][ T7198] __x64_sys_sendmsg+0x19b/0x260 [ 126.055144][ T7198] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 126.055178][ T7198] ? __pfx_ksys_write+0x10/0x10 [ 126.055202][ T7198] ? rcu_is_watching+0x15/0xb0 [ 126.055229][ T7198] ? do_syscall_64+0xbe/0x3b0 [ 126.055252][ T7198] do_syscall_64+0xfa/0x3b0 [ 126.055270][ T7198] ? lockdep_hardirqs_on+0x9c/0x150 [ 126.055299][ T7198] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.055325][ T7198] ? clear_bhb_loop+0x60/0xb0 [ 126.055350][ T7198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.055370][ T7198] RIP: 0033:0x7f27ec18eba9 [ 126.055388][ T7198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.055404][ T7198] RSP: 002b:00007f27ed006038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 126.055425][ T7198] RAX: ffffffffffffffda RBX: 00007f27ec3d5fa0 RCX: 00007f27ec18eba9 [ 126.055440][ T7198] RDX: 0000000000000000 RSI: 0000200000003700 RDI: 0000000000000003 [ 126.055453][ T7198] RBP: 00007f27ed006090 R08: 0000000000000000 R09: 0000000000000000 [ 126.055465][ T7198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 126.055476][ T7198] R13: 00007f27ec3d6038 R14: 00007f27ec3d5fa0 R15: 00007ffd46d7d4a8 [ 126.055510][ T7198] [ 126.490430][ T7204] netlink: 'syz.3.427': attribute type 5 has an invalid length. [ 126.572025][ T7206] netlink: 'syz.0.428': attribute type 3 has an invalid length. [ 126.672346][ T7214] __nla_validate_parse: 13 callbacks suppressed [ 126.672365][ T7214] netlink: 100 bytes leftover after parsing attributes in process `syz.4.430'. [ 126.740485][ T7219] tipc: Started in network mode [ 126.780033][ T7219] tipc: Node identity a255ecbdd757, cluster identity 4711 [ 126.816657][ T7219] tipc: Enabled bearer , priority 0 [ 126.832829][ T7226] syzkaller0: entered promiscuous mode [ 126.842116][ T7226] syzkaller0: entered allmulticast mode [ 126.857231][ T7225] netdevsim netdevsim1 ÿÿÿÿÿÿ: renamed from netdevsim0 [ 126.897988][ T7218] tipc: Resetting bearer [ 126.909735][ T7212] tipc: Resetting bearer [ 126.936438][ T7212] tipc: Disabling bearer [ 127.637297][ T7272] FAULT_INJECTION: forcing a failure. [ 127.637297][ T7272] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 127.637556][ T7276] netlink: 132 bytes leftover after parsing attributes in process `syz.4.452'. [ 127.659833][ T7272] CPU: 1 UID: 0 PID: 7272 Comm: syz.1.454 Not tainted syzkaller #0 PREEMPT(full) [ 127.659860][ T7272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 127.659872][ T7272] Call Trace: [ 127.659880][ T7272] [ 127.659889][ T7272] dump_stack_lvl+0x189/0x250 [ 127.659917][ T7272] ? __pfx____ratelimit+0x10/0x10 [ 127.659947][ T7272] ? __pfx_dump_stack_lvl+0x10/0x10 [ 127.659971][ T7272] ? __pfx__printk+0x10/0x10 [ 127.660014][ T7272] should_fail_ex+0x414/0x560 [ 127.660046][ T7272] _copy_to_user+0x31/0xb0 [ 127.660073][ T7272] simple_read_from_buffer+0xe1/0x170 [ 127.660107][ T7272] proc_fail_nth_read+0x1b3/0x220 [ 127.660133][ T7272] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 127.660156][ T7272] ? rw_verify_area+0x2a6/0x4d0 [ 127.660181][ T7272] ? __lock_acquire+0xab9/0xd20 [ 127.660208][ T7272] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 127.660243][ T7272] vfs_read+0x200/0xa30 [ 127.660267][ T7272] ? fdget_pos+0x247/0x320 [ 127.660289][ T7272] ? __pfx___mutex_lock+0x10/0x10 [ 127.660309][ T7272] ? __pfx_vfs_read+0x10/0x10 [ 127.660336][ T7272] ? __fget_files+0x2a/0x420 [ 127.660358][ T7272] ? __fget_files+0x3a0/0x420 [ 127.660374][ T7272] ? __fget_files+0x2a/0x420 [ 127.660400][ T7272] ksys_read+0x145/0x250 [ 127.660429][ T7272] ? __pfx_ksys_read+0x10/0x10 [ 127.660452][ T7272] ? rcu_is_watching+0x15/0xb0 [ 127.660477][ T7272] ? do_syscall_64+0xbe/0x3b0 [ 127.660500][ T7272] do_syscall_64+0xfa/0x3b0 [ 127.660518][ T7272] ? lockdep_hardirqs_on+0x9c/0x150 [ 127.660548][ T7272] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.660568][ T7272] ? clear_bhb_loop+0x60/0xb0 [ 127.660593][ T7272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.660613][ T7272] RIP: 0033:0x7f3e4018d5bc [ 127.660631][ T7272] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 127.660647][ T7272] RSP: 002b:00007f3e410a4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 127.660666][ T7272] RAX: ffffffffffffffda RBX: 00007f3e403d5fa0 RCX: 00007f3e4018d5bc [ 127.660680][ T7272] RDX: 000000000000000f RSI: 00007f3e410a40a0 RDI: 0000000000000004 [ 127.660692][ T7272] RBP: 00007f3e410a4090 R08: 0000000000000000 R09: 0000000000000000 [ 127.660704][ T7272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 127.660715][ T7272] R13: 00007f3e403d6038 R14: 00007f3e403d5fa0 R15: 00007ffde827d018 [ 127.660748][ T7272] [ 128.133284][ T7292] syzkaller1: entered promiscuous mode [ 128.138844][ T7292] syzkaller1: entered allmulticast mode [ 128.225772][ T7297] netlink: 108 bytes leftover after parsing attributes in process `syz.1.460'. [ 128.240499][ T7297] netlink: 108 bytes leftover after parsing attributes in process `syz.1.460'. [ 128.284110][ T7297] netlink: 108 bytes leftover after parsing attributes in process `syz.1.460'. [ 128.707951][ T7324] netlink: 'syz.3.469': attribute type 9 has an invalid length. [ 128.724675][ T7324] netlink: 'syz.3.469': attribute type 9 has an invalid length. [ 128.765032][ T7326] netlink: 12 bytes leftover after parsing attributes in process `syz.0.474'. [ 129.019647][ T7345] netlink: 108 bytes leftover after parsing attributes in process `syz.2.478'. [ 129.021997][ T7336] sctp: failed to load transform for md5: -2 [ 129.039253][ T7345] netlink: 108 bytes leftover after parsing attributes in process `syz.2.478'. [ 129.059576][ T7345] netlink: 108 bytes leftover after parsing attributes in process `syz.2.478'. [ 129.315402][ T7364] netlink: 'syz.4.485': attribute type 12 has an invalid length. [ 129.323735][ T7364] netlink: 132 bytes leftover after parsing attributes in process `syz.4.485'. [ 129.393211][ T7366] netlink: 'syz.4.487': attribute type 11 has an invalid length. [ 129.488555][ T7375] veth0: entered promiscuous mode [ 129.582627][ T7365] veth0: left promiscuous mode [ 130.610206][ T7447] netlink: 'syz.1.510': attribute type 23 has an invalid length. [ 130.641832][ T7448] netlink: 'syz.3.509': attribute type 3 has an invalid length. [ 130.901792][ T7458] netem: change failed [ 131.165406][ T7479] netlink: 'syz.1.523': attribute type 1 has an invalid length. [ 131.255905][ T7487] netlink: 'syz.2.525': attribute type 30 has an invalid length. [ 131.470636][ T7496] bond1 (unregistering): Released all slaves [ 131.659543][ T7514] vlan2: entered promiscuous mode [ 131.667494][ T7514] erspan0: entered promiscuous mode [ 131.705900][ T7518] netlink: 'syz.3.537': attribute type 5 has an invalid length. [ 132.037507][ T7534] __nla_validate_parse: 42 callbacks suppressed [ 132.037529][ T7534] netlink: 28 bytes leftover after parsing attributes in process `syz.3.545'. [ 132.117720][ T7541] netlink: 'syz.0.546': attribute type 4 has an invalid length. [ 132.166300][ T7541] netlink: 4 bytes leftover after parsing attributes in process `syz.0.546'. [ 132.224716][ T7546] netlink: 4 bytes leftover after parsing attributes in process `syz.1.547'. [ 132.238264][ T7546] syz.1.547 uses old SIOCAX25GETINFO [ 132.436145][ T7558] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 1 [ 132.457771][ T7558] netlink: 25 bytes leftover after parsing attributes in process `syz.1.553'. [ 132.920390][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.928377][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.735782][ T7601] openvswitch: netlink: Actions may not be safe on all matching packets [ 133.778244][ T7605] netlink: 'syz.0.571': attribute type 30 has an invalid length. [ 133.908490][ T7614] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0001 with DS=0x2 [ 134.006795][ T7614] netlink: 'syz.4.575': attribute type 6 has an invalid length. [ 134.221506][ T7633] netlink: 108 bytes leftover after parsing attributes in process `syz.0.580'. [ 134.230979][ T7633] netlink: 108 bytes leftover after parsing attributes in process `syz.0.580'. [ 134.250824][ T7633] netlink: 108 bytes leftover after parsing attributes in process `syz.0.580'. [ 134.323357][ T7642] openvswitch: netlink: Missing valid actions attribute. [ 134.334632][ T7642] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 134.433923][ T7650] netlink: 10 bytes leftover after parsing attributes in process `syz.1.586'. [ 134.499174][ T7656] netlink: 10 bytes leftover after parsing attributes in process `syz.1.586'. [ 134.896491][ T7676] netlink: 36 bytes leftover after parsing attributes in process `syz.0.589'. [ 135.417856][ T7708] netlink: 'syz.0.599': attribute type 5 has an invalid length. [ 135.456386][ T7711] hsr0 speed is unknown, defaulting to 1000 [ 135.469699][ T7711] hsr0 speed is unknown, defaulting to 1000 [ 135.485528][ T7711] hsr0 speed is unknown, defaulting to 1000 [ 135.527166][ T7711] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 135.541212][ T7717] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 135.658686][ T7711] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 135.713598][ T7711] hsr0 speed is unknown, defaulting to 1000 [ 135.723075][ T7711] hsr0 speed is unknown, defaulting to 1000 [ 135.733017][ T7711] hsr0 speed is unknown, defaulting to 1000 [ 135.754941][ T7711] hsr0 speed is unknown, defaulting to 1000 [ 135.765168][ T7711] hsr0 speed is unknown, defaulting to 1000 [ 136.024967][ T7736] netlink: 'syz.4.607': attribute type 4 has an invalid length. [ 136.228858][ T7758] netlink: zone id is out of range [ 136.238609][ T7758] netlink: zone id is out of range [ 136.244024][ T7758] netlink: zone id is out of range [ 136.249293][ T7758] netlink: zone id is out of range [ 136.259979][ T7758] netlink: zone id is out of range [ 136.317083][ T7758] netlink: zone id is out of range [ 136.338602][ T7758] netlink: zone id is out of range [ 136.695049][ T7792] netlink: 'syz.0.621': attribute type 30 has an invalid length. [ 137.411947][ T7829] __nla_validate_parse: 14 callbacks suppressed [ 137.411968][ T7829] netlink: 108 bytes leftover after parsing attributes in process `syz.2.634'. [ 137.443313][ T7829] netlink: 108 bytes leftover after parsing attributes in process `syz.2.634'. [ 137.463952][ T7829] netlink: 108 bytes leftover after parsing attributes in process `syz.2.634'. [ 137.630126][ T7842] netlink: 8 bytes leftover after parsing attributes in process `syz.1.638'. [ 137.849444][ T7848] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (32767) [ 137.873571][ T7848] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255 [ 137.907141][ T7853] netlink: 'syz.2.643': attribute type 6 has an invalid length. [ 137.963988][ T7853] netlink: 'syz.2.643': attribute type 6 has an invalid length. [ 138.156960][ T7867] netlink: 'syz.2.648': attribute type 12 has an invalid length. [ 138.232787][ T7864] Bluetooth: MGMT ver 1.23 [ 138.310819][ T7880] netlink: 'syz.0.652': attribute type 10 has an invalid length. [ 138.320123][ T7880] veth0_vlan: entered allmulticast mode [ 138.326678][ T7880] veth0_vlan: left promiscuous mode [ 138.333500][ T7880] veth0_vlan: entered promiscuous mode [ 138.348471][ T7880] team0: Device veth0_vlan failed to register rx_handler [ 138.388777][ T7882] netlink: 108 bytes leftover after parsing attributes in process `syz.4.651'. [ 138.403770][ T7882] netlink: 108 bytes leftover after parsing attributes in process `syz.4.651'. [ 138.421206][ T7882] netlink: 108 bytes leftover after parsing attributes in process `syz.4.651'. [ 138.830160][ T7898] netlink: 'syz.4.658': attribute type 1 has an invalid length. [ 138.869950][ T7898] 8021q: adding VLAN 0 to HW filter on device bond2 [ 138.894254][ T7898] bond2: (slave geneve2): making interface the new active one [ 138.903924][ T7898] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 138.913356][ T7040] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.928606][ T7903] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 138.942660][ T7040] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.951688][ T7040] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.966849][ T7903] netlink: 'syz.2.659': attribute type 10 has an invalid length. [ 138.968475][ T7040] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.986103][ T7903] mac80211_hwsim hwsim9 wlan1: left allmulticast mode [ 139.018588][ T7903] team0: Port device dummy0 removed [ 139.033699][ T7903] bridge_slave_0: left allmulticast mode [ 139.046256][ T7903] bridge_slave_0: left promiscuous mode [ 139.064855][ T7903] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.080800][ T7903] bridge_slave_1: left allmulticast mode [ 139.101700][ T7903] bridge_slave_1: left promiscuous mode [ 139.112679][ T7903] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.196091][ T7903] bond0: (slave bond_slave_0): Releasing backup interface [ 139.230620][ T7903] bond0: (slave bond_slave_1): Releasing backup interface [ 139.273972][ T7903] team0: Port device team_slave_0 removed [ 139.313115][ T7903] team0: Port device team_slave_1 removed [ 139.319361][ T7903] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 139.337972][ T7912] can: request_module (can-proto-0) failed. [ 139.354120][ T7903] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 139.490511][ T7922] pim6reg1: entered promiscuous mode [ 139.501504][ T7922] pim6reg1: entered allmulticast mode [ 139.511063][ T7925] netlink: 'syz.0.665': attribute type 1 has an invalid length. [ 139.538881][ T7925] netlink: 184 bytes leftover after parsing attributes in process `syz.0.665'. [ 139.568656][ T7925] netlink: 40 bytes leftover after parsing attributes in process `syz.0.665'. [ 139.584421][ T7931] netlink: 60 bytes leftover after parsing attributes in process `syz.0.665'. [ 139.615879][ T7931] unsupported nlmsg_type 40 [ 139.893789][ T7943] veth3: entered allmulticast mode [ 139.998283][ T7955] team0: Device wireguard0 is of different type [ 140.247486][ T7965] netlink: 'syz.1.674': attribute type 30 has an invalid length. [ 140.815998][ T7992] tun0: tun_chr_ioctl cmd 1074025675 [ 140.829813][ T7992] tun0: persist disabled [ 141.030651][ T8009] netlink: 'syz.4.689': attribute type 3 has an invalid length. [ 141.057160][ T8010] netlink: 'syz.4.689': attribute type 3 has an invalid length. [ 141.100589][ T8009] netlink: 'syz.4.689': attribute type 58 has an invalid length. [ 141.207335][ T8022] gretap0: entered promiscuous mode [ 141.255096][ T8022] pimreg: entered allmulticast mode [ 141.290564][ T8022] 0ªî{X¹¦: renamed from gretap0 [ 141.327562][ T8022] 0ªî{X¹¦: left promiscuous mode [ 141.336688][ T8022] 0ªî{X¹¦: entered allmulticast mode [ 141.348892][ T8022] net_ratelimit: 220 callbacks suppressed [ 141.348912][ T8022] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 141.486600][ T8035] 8021q: VLANs not supported on syzkaller1 [ 141.937210][ T8060] netlink: 'syz.4.705': attribute type 33 has an invalid length. [ 142.085425][ T8072] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:0 [ 142.264824][ T8075] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:20003 [ 142.714319][ T8114] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 142.943749][ T8136] __nla_validate_parse: 16 callbacks suppressed [ 142.943771][ T8136] netlink: 12 bytes leftover after parsing attributes in process `syz.3.728'. [ 143.544366][ T8146] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 143.888480][ T8191] netlink: 'syz.3.746': attribute type 33 has an invalid length. [ 143.911549][ T8191] netlink: 152 bytes leftover after parsing attributes in process `syz.3.746'. [ 144.008115][ T8192] netlink: 'syz.2.745': attribute type 16 has an invalid length. [ 144.045085][ T8198] netlink: 72 bytes leftover after parsing attributes in process `syz.3.748'. [ 144.046601][ T8192] netlink: 'syz.2.745': attribute type 17 has an invalid length. [ 144.230068][ T8192] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.243388][ T8192] 8021q: adding VLAN 0 to HW filter on device team0 [ 144.295554][ T8192] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 144.391794][ T8217] netlink: 8 bytes leftover after parsing attributes in process `syz.4.752'. [ 144.401766][ T8217] netlink: 'syz.4.752': attribute type 30 has an invalid length. [ 144.497147][ T7046] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.528351][ T8223] netlink: 72 bytes leftover after parsing attributes in process `syz.3.756'. [ 144.564980][ T992] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.601365][ T992] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.658981][ T992] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.789008][ T8234] netlink: 4 bytes leftover after parsing attributes in process `syz.3.758'. [ 145.129456][ T8262] netlink: 4 bytes leftover after parsing attributes in process `syz.3.765'. [ 145.212732][ T8256] netlink: 24 bytes leftover after parsing attributes in process `syz.3.765'. [ 145.226851][ T8266] netlink: 9 bytes leftover after parsing attributes in process `syz.0.766'. [ 145.286094][ T8266] gretap0: entered promiscuous mode [ 145.790845][ T8294] netlink: 'syz.2.779': attribute type 83 has an invalid length. [ 145.905299][ T8298] dvmrp0: entered allmulticast mode [ 145.916205][ T8298] dvmrp0: left allmulticast mode [ 146.075467][ T8306] bridge2: entered allmulticast mode [ 146.461004][ T8322] bridge1: entered promiscuous mode [ 146.466576][ T8322] bridge1: entered allmulticast mode [ 146.612326][ T8329] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 146.705534][ T8333] netlink: 20 bytes leftover after parsing attributes in process `syz.2.792'. [ 146.732576][ T8333] netlink: 'syz.2.792': attribute type 7 has an invalid length. [ 147.341868][ T8372] tipc: Enabled bearer , priority 0 [ 147.432407][ T8376] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 147.466571][ T8372] tipc: Disabling bearer [ 147.490186][ T8378] syzkaller1: entered promiscuous mode [ 147.514835][ T8378] syzkaller1: entered allmulticast mode [ 148.010909][ T8414] __nla_validate_parse: 7 callbacks suppressed [ 148.010928][ T8414] netlink: 4 bytes leftover after parsing attributes in process `syz.4.819'. [ 148.098927][ T8420] netlink: 'syz.0.822': attribute type 12 has an invalid length. [ 148.216454][ T8424] netlink: 28 bytes leftover after parsing attributes in process `syz.1.823'. [ 148.350504][ T8431] netlink: 8 bytes leftover after parsing attributes in process `syz.0.826'. [ 148.374144][ T8434] netlink: 8 bytes leftover after parsing attributes in process `syz.0.826'. [ 148.558450][ T8440] geneve2: entered promiscuous mode [ 148.568124][ T8440] geneve2: entered allmulticast mode [ 148.575508][ T992] netdevsim netdevsim1 ÿÿÿÿÿÿ: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.612363][ T992] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.628020][ T992] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.657373][ T992] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.722667][ T8444] netlink: 28 bytes leftover after parsing attributes in process `syz.3.833'. [ 148.749747][ T8444] netlink: 'syz.3.833': attribute type 7 has an invalid length. [ 148.766749][ T8444] netlink: 'syz.3.833': attribute type 8 has an invalid length. [ 148.785749][ T8444] netlink: 4 bytes leftover after parsing attributes in process `syz.3.833'. [ 148.880167][ T8451] tipc: Enabled bearer , priority 0 [ 148.909202][ T8451] syzkaller0: entered promiscuous mode [ 148.929257][ T8451] syzkaller0: entered allmulticast mode [ 148.970910][ T8451] tipc: Resetting bearer [ 148.974197][ T8453] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 148.994678][ T8450] tipc: Resetting bearer [ 149.019510][ T8450] tipc: Disabling bearer [ 149.106141][ T8457] netlink: 28 bytes leftover after parsing attributes in process `syz.0.837'. [ 149.196392][ T8459] FAULT_INJECTION: forcing a failure. [ 149.196392][ T8459] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 149.234568][ T8462] netlink: 'syz.0.839': attribute type 3 has an invalid length. [ 149.257984][ T8459] CPU: 1 UID: 0 PID: 8459 Comm: syz.2.838 Not tainted syzkaller #0 PREEMPT(full) [ 149.258011][ T8459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 149.258024][ T8459] Call Trace: [ 149.258032][ T8459] [ 149.258041][ T8459] dump_stack_lvl+0x189/0x250 [ 149.258072][ T8459] ? __pfx____ratelimit+0x10/0x10 [ 149.258103][ T8459] ? __pfx_dump_stack_lvl+0x10/0x10 [ 149.258127][ T8459] ? __pfx__printk+0x10/0x10 [ 149.258169][ T8459] should_fail_ex+0x414/0x560 [ 149.258201][ T8459] _copy_to_user+0x31/0xb0 [ 149.258228][ T8459] simple_read_from_buffer+0xe1/0x170 [ 149.258261][ T8459] proc_fail_nth_read+0x1b3/0x220 [ 149.258288][ T8459] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 149.258315][ T8459] ? rw_verify_area+0x2a6/0x4d0 [ 149.258339][ T8459] ? __lock_acquire+0xab9/0xd20 [ 149.258365][ T8459] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 149.258389][ T8459] vfs_read+0x200/0xa30 [ 149.258413][ T8459] ? fdget_pos+0x247/0x320 [ 149.258433][ T8459] ? __pfx___mutex_lock+0x10/0x10 [ 149.258453][ T8459] ? __pfx_vfs_read+0x10/0x10 [ 149.258481][ T8459] ? __fget_files+0x2a/0x420 [ 149.258503][ T8459] ? __fget_files+0x3a0/0x420 [ 149.258519][ T8459] ? __fget_files+0x2a/0x420 [ 149.258545][ T8459] ksys_read+0x145/0x250 [ 149.258573][ T8459] ? __pfx_ksys_read+0x10/0x10 [ 149.258596][ T8459] ? rcu_is_watching+0x15/0xb0 [ 149.258621][ T8459] ? do_syscall_64+0xbe/0x3b0 [ 149.258641][ T8459] do_syscall_64+0xfa/0x3b0 [ 149.258659][ T8459] ? lockdep_hardirqs_on+0x9c/0x150 [ 149.258688][ T8459] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.258707][ T8459] ? clear_bhb_loop+0x60/0xb0 [ 149.258731][ T8459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.258750][ T8459] RIP: 0033:0x7f5621f8d5bc [ 149.258768][ T8459] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 149.258784][ T8459] RSP: 002b:00007f5622dc1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 149.258805][ T8459] RAX: ffffffffffffffda RBX: 00007f56221d5fa0 RCX: 00007f5621f8d5bc [ 149.258819][ T8459] RDX: 000000000000000f RSI: 00007f5622dc10a0 RDI: 0000000000000005 [ 149.258831][ T8459] RBP: 00007f5622dc1090 R08: 0000000000000000 R09: 0000000000000000 [ 149.258843][ T8459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 149.258854][ T8459] R13: 00007f56221d6038 R14: 00007f56221d5fa0 R15: 00007ffccf986218 [ 149.258887][ T8459] [ 149.513142][ T8467] netlink: 'syz.0.842': attribute type 1 has an invalid length. [ 149.530793][ T8468] netlink: 152 bytes leftover after parsing attributes in process `syz.0.842'. [ 149.540896][ T8468] block nbd0: not configured, cannot reconfigure [ 149.725143][ T8481] netlink: 24 bytes leftover after parsing attributes in process `syz.1.848'. [ 149.827558][ T8484] netlink: 28 bytes leftover after parsing attributes in process `syz.1.849'. [ 150.115438][ T8504] netlink: 'syz.4.855': attribute type 11 has an invalid length. [ 150.260215][ T8509] openvswitch: netlink: EtherType 50a is less than min 600 [ 150.444640][ T8519] netlink: 'syz.1.860': attribute type 5 has an invalid length. [ 151.145351][ T992] netdevsim netdevsim1 ÿÿÿÿÿÿ: unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.233271][ T8547] netlink: 'syz.1.870': attribute type 1 has an invalid length. [ 151.247776][ T992] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.403899][ T8550] bond3: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 151.417792][ T8550] bond3: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 151.429601][ T8550] bond3: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode [ 151.456730][ T992] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.466481][ T992] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.485510][ T8551] bond3: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 151.498506][ T8551] bond3: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 151.729183][ T8569] team0: Device vti0 is up. Set it down before adding it as a team port [ 152.076820][ T8585] netem: incorrect gi model size [ 152.103756][ T8585] netem: change failed [ 152.884664][ T8644] Driver unsupported XDP return value 0 on prog (id 142) dev N/A, expect packet loss! [ 153.372533][ T8665] openvswitch: netlink: ct_state flags 0000ee01 unsupported [ 153.438002][ T8666] __nla_validate_parse: 14 callbacks suppressed [ 153.438021][ T8666] netlink: 108 bytes leftover after parsing attributes in process `syz.4.904'. [ 153.459204][ T8666] netlink: 108 bytes leftover after parsing attributes in process `syz.4.904'. [ 153.471111][ T8666] netlink: 108 bytes leftover after parsing attributes in process `syz.4.904'. [ 153.737158][ T8682] netlink: 12 bytes leftover after parsing attributes in process `syz.1.908'. [ 153.877398][ T8695] netlink: 24 bytes leftover after parsing attributes in process `syz.4.912'. [ 154.096184][ T8707] netlink: 44 bytes leftover after parsing attributes in process `syz.2.915'. [ 154.111180][ T8707] netlink: 43 bytes leftover after parsing attributes in process `syz.2.915'. [ 154.137764][ T8711] netlink: 'syz.1.914': attribute type 1 has an invalid length. [ 154.147818][ T8707] netlink: 'syz.2.915': attribute type 5 has an invalid length. [ 154.156496][ T8707] netlink: 43 bytes leftover after parsing attributes in process `syz.2.915'. [ 154.336557][ T8718] batadv_slave_0: entered promiscuous mode [ 154.549279][ T8716] batadv_slave_0: left promiscuous mode [ 154.630787][ T8736] netlink: 'syz.0.924': attribute type 3 has an invalid length. [ 154.647874][ T8737] netlink: 108 bytes leftover after parsing attributes in process `syz.3.922'. [ 154.690278][ T8737] netlink: 108 bytes leftover after parsing attributes in process `syz.3.922'. [ 154.991745][ C1] ================================================================== [ 154.999876][ C1] BUG: KASAN: slab-use-after-free in __xfrm_state_delete+0x696/0xca0 [ 155.007979][ C1] Write of size 8 at addr ffff888057b499b0 by task ksoftirqd/1/23 [ 155.015826][ C1] [ 155.018183][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) [ 155.018209][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 155.018223][ C1] Call Trace: [ 155.018231][ C1] [ 155.018239][ C1] dump_stack_lvl+0x189/0x250 [ 155.018269][ C1] ? __virt_addr_valid+0x1c8/0x5c0 [ 155.018296][ C1] ? rcu_is_watching+0x15/0xb0 [ 155.018316][ C1] ? __kasan_check_byte+0x12/0x40 [ 155.018345][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.018368][ C1] ? rcu_is_watching+0x15/0xb0 [ 155.018387][ C1] ? lock_release+0x4b/0x3e0 [ 155.018420][ C1] ? __virt_addr_valid+0x1c8/0x5c0 [ 155.018445][ C1] ? __virt_addr_valid+0x4a5/0x5c0 [ 155.018472][ C1] print_report+0xca/0x240 [ 155.018491][ C1] ? __xfrm_state_delete+0x696/0xca0 [ 155.018510][ C1] kasan_report+0x118/0x150 [ 155.018540][ C1] ? __xfrm_state_delete+0x696/0xca0 [ 155.018563][ C1] __xfrm_state_delete+0x696/0xca0 [ 155.018589][ C1] xfrm_timer_handler+0x18f/0xa00 [ 155.018619][ C1] ? __pfx_xfrm_timer_handler+0x10/0x10 [ 155.018637][ C1] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 155.018666][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 155.018697][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 155.018725][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 155.018757][ C1] ? __pfx_xfrm_timer_handler+0x10/0x10 [ 155.018776][ C1] ? __pfx_xfrm_timer_handler+0x10/0x10 [ 155.018794][ C1] __hrtimer_run_queues+0x529/0xc60 [ 155.018824][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 155.018842][ C1] ? read_tsc+0x9/0x20 [ 155.018870][ C1] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 155.018894][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 155.018916][ C1] handle_softirqs+0x283/0x870 [ 155.018937][ C1] ? run_ksoftirqd+0x9b/0x100 [ 155.018962][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 155.018983][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 155.019004][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 155.019023][ C1] run_ksoftirqd+0x9b/0x100 [ 155.019045][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 155.019072][ C1] smpboot_thread_fn+0x53f/0xa60 [ 155.019092][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 155.019116][ C1] kthread+0x70e/0x8a0 [ 155.019142][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 155.019162][ C1] ? __pfx_kthread+0x10/0x10 [ 155.019205][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 155.019233][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 155.019263][ C1] ? __pfx_kthread+0x10/0x10 [ 155.019289][ C1] ret_from_fork+0x3fc/0x770 [ 155.019311][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 155.019335][ C1] ? __switch_to_asm+0x39/0x70 [ 155.019362][ C1] ? __switch_to_asm+0x33/0x70 [ 155.019389][ C1] ? __pfx_kthread+0x10/0x10 [ 155.019415][ C1] ret_from_fork_asm+0x1a/0x30 [ 155.019451][ C1] [ 155.019459][ C1] [ 155.292798][ C1] Allocated by task 7071: [ 155.297126][ C1] kasan_save_track+0x3e/0x80 [ 155.301818][ C1] __kasan_slab_alloc+0x6c/0x80 [ 155.306680][ C1] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 155.312149][ C1] xfrm_state_alloc+0x24/0x2f0 [ 155.316914][ C1] __find_acq_core+0x8a7/0x1c00 [ 155.321763][ C1] xfrm_find_acq+0x78/0xa0 [ 155.326180][ C1] xfrm_alloc_userspi+0x6b3/0xc90 [ 155.331231][ C1] xfrm_user_rcv_msg+0x7a0/0xab0 [ 155.336190][ C1] netlink_rcv_skb+0x208/0x470 [ 155.341066][ C1] xfrm_netlink_rcv+0x79/0x90 [ 155.345775][ C1] netlink_unicast+0x82c/0x9e0 [ 155.350559][ C1] netlink_sendmsg+0x805/0xb30 [ 155.355333][ C1] __sock_sendmsg+0x219/0x270 [ 155.360021][ C1] ____sys_sendmsg+0x505/0x830 [ 155.364920][ C1] ___sys_sendmsg+0x21f/0x2a0 [ 155.369603][ C1] __x64_sys_sendmsg+0x19b/0x260 [ 155.374559][ C1] do_syscall_64+0xfa/0x3b0 [ 155.379089][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.385170][ C1] [ 155.387509][ C1] Freed by task 979: [ 155.391401][ C1] kasan_save_track+0x3e/0x80 [ 155.396093][ C1] kasan_save_free_info+0x46/0x50 [ 155.401124][ C1] __kasan_slab_free+0x5b/0x80 [ 155.405903][ C1] kmem_cache_free+0x18f/0x400 [ 155.410764][ C1] xfrm_state_gc_task+0x52d/0x6b0 [ 155.415795][ C1] process_scheduled_works+0xae1/0x17b0 [ 155.421347][ C1] worker_thread+0x8a0/0xda0 [ 155.425948][ C1] kthread+0x70e/0x8a0 [ 155.430040][ C1] ret_from_fork+0x3fc/0x770 [ 155.434639][ C1] ret_from_fork_asm+0x1a/0x30 [ 155.439417][ C1] [ 155.441744][ C1] The buggy address belongs to the object at ffff888057b49980 [ 155.441744][ C1] which belongs to the cache xfrm_state of size 928 [ 155.455714][ C1] The buggy address is located 48 bytes inside of [ 155.455714][ C1] freed 928-byte region [ffff888057b49980, ffff888057b49d20) [ 155.469449][ C1] [ 155.472054][ C1] The buggy address belongs to the physical page: [ 155.478475][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888057b49540 pfn:0x57b48 [ 155.488546][ C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 155.497055][ C1] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 155.504614][ C1] page_type: f5(slab) [ 155.508608][ C1] raw: 00fff00000000040 ffff8881426e0dc0 dead000000000122 0000000000000000 [ 155.517198][ C1] raw: ffff888057b49540 00000000800f000c 00000000f5000000 0000000000000000 [ 155.525784][ C1] head: 00fff00000000040 ffff8881426e0dc0 dead000000000122 0000000000000000 [ 155.534545][ C1] head: ffff888057b49540 00000000800f000c 00000000f5000000 0000000000000000 [ 155.543307][ C1] head: 00fff00000000002 ffffea00015ed201 00000000ffffffff 00000000ffffffff [ 155.551980][ C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 155.560653][ C1] page dumped because: kasan: bad access detected [ 155.567074][ C1] page_owner tracks the page as allocated [ 155.572788][ C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6161, tgid 6160 (syz.4.58), ts 101130483501, free_ts 100914955713 [ 155.591899][ C1] post_alloc_hook+0x240/0x2a0 [ 155.596682][ C1] get_page_from_freelist+0x21e4/0x22c0 [ 155.602330][ C1] __alloc_frozen_pages_noprof+0x181/0x370 [ 155.608141][ C1] alloc_pages_mpol+0x232/0x4a0 [ 155.613093][ C1] allocate_slab+0x8a/0x370 [ 155.617601][ C1] ___slab_alloc+0xbeb/0x1420 [ 155.622293][ C1] kmem_cache_alloc_noprof+0x283/0x3c0 [ 155.627758][ C1] xfrm_state_alloc+0x24/0x2f0 [ 155.632527][ C1] xfrm_add_sa+0x17d1/0x4070 [ 155.637120][ C1] xfrm_user_rcv_msg+0x7a0/0xab0 [ 155.642065][ C1] netlink_rcv_skb+0x208/0x470 [ 155.646848][ C1] xfrm_netlink_rcv+0x79/0x90 [ 155.651536][ C1] netlink_unicast+0x82c/0x9e0 [ 155.656309][ C1] netlink_sendmsg+0x805/0xb30 [ 155.661073][ C1] __sock_sendmsg+0x219/0x270 [ 155.665751][ C1] ____sys_sendmsg+0x505/0x830 [ 155.670517][ C1] page last free pid 6152 tgid 6149 stack trace: [ 155.677019][ C1] __free_frozen_pages+0xbc4/0xd30 [ 155.682169][ C1] __put_partials+0x156/0x1a0 [ 155.686847][ C1] put_cpu_partial+0x17c/0x250 [ 155.691617][ C1] __slab_free+0x2d5/0x3c0 [ 155.696041][ C1] qlist_free_all+0x97/0x140 [ 155.700635][ C1] kasan_quarantine_reduce+0x148/0x160 [ 155.706107][ C1] __kasan_slab_alloc+0x22/0x80 [ 155.710966][ C1] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 155.716435][ C1] alloc_empty_file+0x55/0x1d0 [ 155.721205][ C1] path_openat+0x107/0x3830 [ 155.725713][ C1] do_filp_open+0x1fa/0x410 [ 155.730223][ C1] do_sys_openat2+0x121/0x1c0 [ 155.734994][ C1] __x64_sys_openat+0x138/0x170 [ 155.739848][ C1] do_syscall_64+0xfa/0x3b0 [ 155.744357][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.750257][ C1] [ 155.752609][ C1] Memory state around the buggy address: [ 155.758236][ C1] ffff888057b49880: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 155.766301][ C1] ffff888057b49900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 155.774367][ C1] >ffff888057b49980: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 155.782433][ C1] ^ [ 155.788062][ C1] ffff888057b49a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 155.796126][ C1] ffff888057b49a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 155.804188][ C1] ================================================================== [ 155.812351][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 155.819578][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) [ 155.828808][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 155.838900][ C1] Call Trace: [ 155.842208][ C1] [ 155.845170][ C1] dump_stack_lvl+0x99/0x250 [ 155.849802][ C1] ? __asan_memcpy+0x40/0x70 [ 155.854437][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.859680][ C1] ? __pfx__printk+0x10/0x10 [ 155.864319][ C1] vpanic+0x281/0x750 [ 155.868340][ C1] ? __pfx_print_hex_dump+0x10/0x10 [ 155.873562][ C1] ? __pfx_vpanic+0x10/0x10 [ 155.878081][ C1] ? irqentry_exit+0x74/0x90 [ 155.882687][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 155.887986][ C1] panic+0xb9/0xc0 [ 155.891715][ C1] ? __pfx_panic+0x10/0x10 [ 155.896140][ C1] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 155.902129][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 155.908466][ C1] ? __xfrm_state_delete+0x696/0xca0 [ 155.913756][ C1] check_panic_on_warn+0x89/0xb0 [ 155.918704][ C1] ? __xfrm_state_delete+0x696/0xca0 [ 155.924275][ C1] end_report+0x78/0x160 [ 155.928549][ C1] kasan_report+0x129/0x150 [ 155.933073][ C1] ? __xfrm_state_delete+0x696/0xca0 [ 155.938373][ C1] __xfrm_state_delete+0x696/0xca0 [ 155.943497][ C1] xfrm_timer_handler+0x18f/0xa00 [ 155.948539][ C1] ? __pfx_xfrm_timer_handler+0x10/0x10 [ 155.954087][ C1] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 155.960023][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 155.965234][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 155.971143][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 155.977484][ C1] ? __pfx_xfrm_timer_handler+0x10/0x10 [ 155.983125][ C1] ? __pfx_xfrm_timer_handler+0x10/0x10 [ 155.988671][ C1] __hrtimer_run_queues+0x529/0xc60 [ 155.993882][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 155.999631][ C1] ? read_tsc+0x9/0x20 [ 156.003721][ C1] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 156.009553][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 156.014681][ C1] handle_softirqs+0x283/0x870 [ 156.019454][ C1] ? run_ksoftirqd+0x9b/0x100 [ 156.024139][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 156.029431][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 156.034470][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 156.039505][ C1] run_ksoftirqd+0x9b/0x100 [ 156.044837][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 156.050137][ C1] smpboot_thread_fn+0x53f/0xa60 [ 156.055083][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 156.060207][ C1] kthread+0x70e/0x8a0 [ 156.064474][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 156.069951][ C1] ? __pfx_kthread+0x10/0x10 [ 156.074556][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 156.079772][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 156.084988][ C1] ? __pfx_kthread+0x10/0x10 [ 156.089599][ C1] ret_from_fork+0x3fc/0x770 [ 156.094393][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 156.099691][ C1] ? __switch_to_asm+0x39/0x70 [ 156.104557][ C1] ? __switch_to_asm+0x33/0x70 [ 156.109334][ C1] ? __pfx_kthread+0x10/0x10 [ 156.114038][ C1] ret_from_fork_asm+0x1a/0x30 [ 156.118932][ C1] [ 156.122323][ C1] Kernel Offset: disabled [ 156.126660][ C1] Rebooting in 86400 seconds..