last executing test programs: 2.413398781s ago: executing program 1 (id=9248): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000001080)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4) recvmmsg(r0, &(0x7f0000003fc0)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000340)=ANY=[], 0x8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 2.132224933s ago: executing program 2 (id=9256): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x12, 0x4, 0x4, 0x12}, 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r1, &(0x7f0000000840), &(0x7f0000004880)=@udp=r0}, 0x20) ioctl$int_in(r0, 0x5452, &(0x7f00000000c0)=0x14f) recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000480)=""/149, 0x95}], 0x1}, 0x22) 1.575398896s ago: executing program 3 (id=9267): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160\x00'}, 0x4c) r1 = accept4(r0, 0x0, 0x0, 0x0) pipe(&(0x7f00000045c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000a00)=[{&(0x7f0000000c80)="2f5fc304", 0x4}], 0x1, 0x8) splice(r2, 0x0, r1, 0x0, 0x8000, 0x0) 1.514068839s ago: executing program 3 (id=9269): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e005", 0x26}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a0", 0xca}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 1.476270347s ago: executing program 1 (id=9270): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000400)="c7a6", 0x2}], 0x1}, 0x24048811) recvmsg$unix(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x40000001) sendmsg$inet(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000b00)='>', 0x1}], 0x1}, 0x20000040) setsockopt$sock_attach_bpf(r0, 0x1, 0x10, &(0x7f0000001280), 0x4) recvmsg$unix(r0, &(0x7f00000009c0)={0x0, 0x0, 0x0}, 0x40000042) 1.419608294s ago: executing program 4 (id=9271): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 1.418940563s ago: executing program 3 (id=9272): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000a00)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[], 0x118}, 0x1, 0x0, 0x0, 0x8000}, 0x48000) recvmmsg$unix(r1, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000002a00)=""/4090, 0xffa}], 0x1}}], 0x1, 0x10000, 0x0) 1.36054984s ago: executing program 1 (id=9273): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000340)=@gcm_128={{0x304}, "8a92a8a32f80a9b4", "3f9d7569f19c819956d6eaf1a469d953", '\x00', "c42c5eed3edba6d0"}, 0x28) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000300)=@gcm_128={{0x304}, "2dc3fa5474cf6690", "50822f66b97a105f5b00d8edc5151b4a", "b2356f41", "06b950e7846e2394"}, 0x1f) 1.301424034s ago: executing program 0 (id=9274): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000000180)="d2cf4071eedf8b7b757ad2e20539519ec6afbc267e1742fa0baeb3a05c4375108461", 0x22}, {&(0x7f0000002440)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ccba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e0132269c182e5d0186448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a31933e40cff645d93afca045741f99af1cba5b3b6dd6c2edd5e6c4505ae594aa23cbc8a143512180028d9b3984a2517ac9a15154460ff0f654df3f8cf1c13455cb5f440a67de7a6dad269c76e2625c35222985a47aa3b920d97dea05c43bc937361d33781f8057097ca11a9d90eea3d8ae56f0e57f3a6f32f8786e165305301a3d86367337d2651a27b8c222f349491648ba165a6ed9a1e5e5397a1ee963651c2d9c79d6d5b34941375b6b53abcc7882c4e57a63de2e32c30e41030f24ae6efee9e3446eab3b5407cc20f581095dde95241e3853c4864ea7ecd07888956d9375b9ef74be4454d7693b53ed6bd0644cd93945b2eb35a6ac7c34aa11facf27ca4463e2bb1eef7126a982f0de190d54bd6f6c2c9fecf37053894f4b8001fa9902cb9544f8394c96faa2767c0af169cf7c3e0c", 0x21f}], 0x2}}], 0x1, 0x4000001) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000fef000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f00000002c0)=""/4096, 0x1000, 0x0, 0x0}, &(0x7f0000000100)=0x40) 1.301263162s ago: executing program 4 (id=9275): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f0000000040)=0x8, 0x4) recvmmsg(r0, &(0x7f0000003500)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 1.271220864s ago: executing program 1 (id=9276): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000b93760000000000000000000000000000000000000000000200000000000000010000000000000044000500ac141400000000000000000000000000000000003c"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040000) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="c400000019000100fcffffff00000000ac14142c000000000000000000000000fe8000000000000000000000000000aa4e2200004e2400000a00006000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000104000000000010feffffffffffffff0400004000000000feffffffffffffff1a00000000000000fffffffffffffffffeffffffffffffff7a0000000000000005000000000000000000000000000000ff7f0000000000000b000000000000000100"], 0xc4}}, 0x8044) sendto$inet6(r0, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c) 1.222704508s ago: executing program 2 (id=9277): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000001c0)=0x2, 0x4) connect$inet(r0, &(0x7f00000006c0)={0x2, 0x4, @dev}, 0x10) sendmmsg$inet(r0, &(0x7f0000006080)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000240)="673cf6f999e4", 0x6}], 0x1}}, {{0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000640)="c85b0a", 0x3}], 0x1}}], 0x2, 0x40080) recvmmsg(r0, &(0x7f0000001080)=[{{0x0, 0x0, 0x0}, 0x80}], 0x1, 0x10002, 0x0) 1.149441442s ago: executing program 1 (id=9278): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="6103064b0202818102cea102"], 0xc) 1.149257649s ago: executing program 4 (id=9279): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000300)={0x0, 0x3}, 0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7c, &(0x7f00000000c0), &(0x7f0000000180)=0x8) 1.122461831s ago: executing program 2 (id=9280): socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x0, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0x80000}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x4}}}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4008085}, 0x20040000) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1], 0x90}}, 0x0) 1.046986122s ago: executing program 4 (id=9281): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xffe0}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x2, 0x4}}}]}, 0x3c}}, 0x4000010) sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 977.664862ms ago: executing program 2 (id=9282): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="80000000", @ANYRES16=r3, @ANYBLOB="010026bd7000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="0600cd000000000059003300802009000802110000010802110000005050505050505f00ff"], 0x80}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 970.747208ms ago: executing program 4 (id=9283): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='contention_end\x00', r0, 0x0, 0x4}, 0x18) r1 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r1, 0x0) accept4(r1, 0x0, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x7, 0x0, 0x0) 531.803314ms ago: executing program 3 (id=9284): unshare(0x22020600) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x15, 0x301, 0x0, 0x0, {0x1}}, 0x14}}, 0x0) read(r0, &(0x7f0000000080)=""/186, 0xba) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000044000701fcffff7c00000c0004"], 0x20}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) 409.752242ms ago: executing program 0 (id=9285): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) connect$inet(r0, &(0x7f00000006c0)={0x2, 0x0, @dev}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000000700)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000200)="e647f8c4dc935c2243790d3b957d276dc04f77fb8ea704f31a85eeb9fcc6976ff8", 0x21}], 0x1}}], 0x1, 0x40408c1) recvmmsg(r0, &(0x7f00000098c0)=[{{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f00000015c0)=""/32, 0x20}, {0x0, 0x3c}], 0x2}, 0x80}], 0x1, 0x10002, 0x0) 409.471381ms ago: executing program 0 (id=9286): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x1c, 0x2, [@TCA_PIE_TUPDATE={0x8, 0x3, 0x400}, @TCA_PIE_LIMIT={0x8, 0x2, 0xad3}, @TCA_PIE_BETA={0x8, 0x5, 0x19}]}}]}, 0x48}}, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 353.270464ms ago: executing program 0 (id=9287): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r1, 0x0, 0x10000008ebc, 0x0) write(r3, &(0x7f00000001c0)="b4", 0x1) splice(r0, 0x0, r3, 0x0, 0x25a5, 0x0) 242.969002ms ago: executing program 1 (id=9288): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0xf8}}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0) 230.328949ms ago: executing program 2 (id=9289): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, 0x0}], 0x1, 0x4) recvmmsg$unix(r1, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000001c0)=""/227, 0xe3}], 0x1}}], 0x1, 0x10001, 0x0) 230.139512ms ago: executing program 3 (id=9290): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmsg$alg(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0xe}], 0x18, 0x4000041}, 0x300400d4) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r1) 22.240372ms ago: executing program 0 (id=9291): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2, 0x1}}, 0x2e) getsockopt(r2, 0x111, 0x1, 0x0, &(0x7f0000000080)) 21.882072ms ago: executing program 0 (id=9292): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="4000000010000305000000000007000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000100000180012800e0001007769726567756172640000000400028008000a00", @ANYRES32=r2], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0) 19.905517ms ago: executing program 2 (id=9293): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'caif0\x00'}) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={0xffffffffffffffff, 0x53, 0xd, 0x9}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H\x00\x00\x00'], 0x48}, 0x1, 0x0, 0x0, 0x20004810}, 0x0) sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0) 19.511997ms ago: executing program 3 (id=9294): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) 0s ago: executing program 4 (id=9295): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newlink={0x70, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x50483}, [@IFLA_LINKINFO={0x50, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x40, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @mcast1}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e23}, @IFLA_IPTUN_FLAGS={0x8, 0x8, 0x17}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @empty}]}}}]}, 0x70}, 0x1, 0x0, 0x0, 0x9005}, 0x0) sendmmsg$inet(r0, &(0x7f0000000880)=[{{&(0x7f0000000580)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880) kernel console output (not intermixed with test programs): 16 bytes leftover after parsing attributes in process `syz.3.2349'. [ 209.892615][T10891] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2357'. [ 210.583468][T10924] netlink: 'syz.2.2373': attribute type 10 has an invalid length. [ 210.619024][T10924] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2373'. [ 210.719989][T10924] team0: Port device geneve0 added [ 210.882919][T10940] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2381'. [ 210.909350][T10940] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2381'. [ 211.166130][T10951] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 212.448449][T11017] __nla_validate_parse: 2 callbacks suppressed [ 212.448472][T11017] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2415'. [ 212.597792][T11027] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 212.826864][T11038] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2424'. [ 212.874339][T11038] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 213.043154][T11048] netlink: 'syz.4.2430': attribute type 2 has an invalid length. [ 213.250266][T11059] netlink: 'syz.0.2433': attribute type 1 has an invalid length. [ 213.662974][T11076] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2441'. [ 213.699090][T11076] netlink: 184 bytes leftover after parsing attributes in process `syz.4.2441'. [ 214.150068][T11098] netlink: 'syz.3.2451': attribute type 32 has an invalid length. [ 214.192740][T11101] netlink: 'syz.0.2452': attribute type 1 has an invalid length. [ 214.485110][T11112] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2456'. [ 217.013049][T11231] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2502'. [ 217.055446][T11231] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2502'. [ 217.184090][ T5158] Bluetooth: hci4: command 0x0406 tx timeout [ 217.184115][ T5848] Bluetooth: hci3: command 0x0406 tx timeout [ 217.184175][ T5848] Bluetooth: hci1: command 0x0406 tx timeout [ 217.192462][ T5158] Bluetooth: hci2: command 0x0406 tx timeout [ 218.198430][T11291] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2527'. [ 218.365026][T11301] netlink: 'syz.3.2531': attribute type 21 has an invalid length. [ 218.379393][T11301] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2531'. [ 218.893958][T11327] syz.0.2545 uses old SIOCAX25GETINFO [ 218.915110][T11330] netlink: 'syz.4.2546': attribute type 11 has an invalid length. [ 218.975640][T11330] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2546'. [ 219.317663][T11353] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2558'. [ 219.651792][T11371] openvswitch: netlink: Actions may not be safe on all matching packets [ 219.737622][T11376] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2570'. [ 219.778362][T11376] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2570'. [ 219.845470][T11381] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2571'. [ 220.115519][T11397] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2579'. [ 220.306225][T11406] netlink: 'syz.4.2583': attribute type 2 has an invalid length. [ 220.477866][T11416] netlink: 'syz.2.2589': attribute type 2 has an invalid length. [ 220.683276][T11427] C: renamed from lo (while UP) [ 220.703908][T11429] netlink: 'syz.3.2594': attribute type 13 has an invalid length. [ 220.721036][T11429] lo: entered promiscuous mode [ 220.772329][T11429] lo: entered allmulticast mode [ 220.799533][T11429] tunl0: entered promiscuous mode [ 220.825842][T11429] tunl0: entered allmulticast mode [ 220.863355][T11429] gre0: entered promiscuous mode [ 220.902160][T11429] gre0: entered allmulticast mode [ 220.982408][T11429] gretap0: entered promiscuous mode [ 221.000657][T11429] gretap0: entered allmulticast mode [ 221.014074][T11429] gretap0: refused to change device tx_queue_len [ 221.038224][T11429] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 221.611901][T11472] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2616'. [ 222.640254][T11527] delete_channel: no stack [ 223.591416][T11584] openvswitch: netlink: IP tunnel dst address not specified [ 223.678400][T11586] netlink: 'syz.0.2672': attribute type 1 has an invalid length. [ 223.686383][T11586] netlink: 'syz.0.2672': attribute type 1 has an invalid length. [ 224.202361][T11615] netlink: 'syz.4.2687': attribute type 1 has an invalid length. [ 224.709233][T11634] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 224.929087][T11646] netlink: 'syz.0.2701': attribute type 64 has an invalid length. [ 224.952766][T11646] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2701'. [ 225.333597][T11658] netlink: 'syz.4.2708': attribute type 7 has an invalid length. [ 225.640372][T11665] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2711'. [ 225.681591][T11665] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2711'. [ 225.726366][T11671] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 225.733769][T11671] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 225.786890][T11665] veth3: entered allmulticast mode [ 225.888109][T11679] openvswitch: netlink: Key type 85 is out of range max 32 [ 226.003784][T11683] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 226.558045][T11714] netlink: 'syz.3.2736': attribute type 8 has an invalid length. [ 226.743899][T11724] (unnamed net_device) (uninitialized): option arp_interval: mode dependency failed, not supported in mode 802.3ad(4) [ 226.762111][T11726] netlink: 'syz.4.2741': attribute type 10 has an invalid length. [ 226.877787][T11726] bond0: (slave geneve1): Enslaving as an active interface with an up link [ 227.239471][T11751] netlink: 'syz.4.2754': attribute type 2 has an invalid length. [ 227.272557][T11751] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2754'. [ 227.475689][T11763] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2760'. [ 227.690636][T11772] nbd: couldn't find a device at index -373156329 [ 227.817499][T11775] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 228.040748][T11791] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2772'. [ 228.477179][T11809] netlink: 'syz.4.2780': attribute type 1 has an invalid length. [ 228.518559][T11809] netlink: 'syz.4.2780': attribute type 1 has an invalid length. [ 228.578385][T11816] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2783'. [ 228.617861][T11816] hsr_slave_0: left promiscuous mode [ 228.638359][T11816] hsr_slave_1: left promiscuous mode [ 228.789312][T11823] netlink: zone id is out of range [ 228.795479][T11825] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 228.806823][T11823] netlink: del zone limit has 4 unknown bytes [ 229.439590][T11856] netlink: 'syz.2.2800': attribute type 1 has an invalid length. [ 229.467238][T11856] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2800'. [ 229.508081][T11856] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2800'. [ 229.859924][T11881] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2810'. [ 230.883378][T11934] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2837'. [ 230.929419][T11934] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 230.968312][T11934] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 231.760858][T11980] delete_channel: no stack [ 231.781911][T11983] siw: device registration error -23 [ 232.144175][T12008] openvswitch: netlink: Flow actions attr not present in new flow. [ 232.346666][T12018] : renamed from hsr0 (while UP) [ 232.644739][T12035] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2887'. [ 233.511488][T12084] netlink: 'syz.0.2912': attribute type 4 has an invalid length. [ 233.790134][T12098] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2918'. [ 234.646744][T12145] netlink: 172 bytes leftover after parsing attributes in process `syz.1.2937'. [ 234.927865][T12165] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 235.641231][T12202] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 235.773415][T12209] unsupported nla_type 52263 [ 236.195761][T12229] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2971'. [ 236.226702][T12231] netlink: 10 bytes leftover after parsing attributes in process `syz.0.2972'. [ 237.057438][T12278] netlink: 'syz.3.2994': attribute type 2 has an invalid length. [ 237.522765][T12302] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 237.899065][T12323] netlink: 'syz.0.3017': attribute type 4 has an invalid length. [ 238.674889][T12358] sctp: [Deprecated]: syz.3.3035 (pid 12358) Use of struct sctp_assoc_value in delayed_ack socket option. [ 238.674889][T12358] Use struct sctp_sack_info instead [ 238.921702][T12368] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 238.956424][T12368] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 239.317961][T12386] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3049'. [ 239.553347][T12396] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3054'. [ 239.588082][T12396] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3054'. [ 239.792878][T12411] netlink: 'syz.4.3060': attribute type 4 has an invalid length. [ 239.811483][T12414] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 240.051858][T12426] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3068'. [ 240.710985][T12462] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3082'. [ 240.731557][T12461] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3084'. [ 240.899488][T12471] netlink: zone id is out of range [ 240.974558][T12478] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 240.982312][T12478] IPv6: NLM_F_CREATE should be set when creating new route [ 241.240132][T12494] netlink: 'syz.2.3098': attribute type 1 has an invalid length. [ 241.257742][T12494] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3098'. [ 241.423860][T12504] netlink: 'syz.2.3105': attribute type 1 has an invalid length. [ 241.443625][T12504] netlink: 'syz.2.3105': attribute type 2 has an invalid length. [ 241.596710][T12515] netlink: 45 bytes leftover after parsing attributes in process `syz.2.3109'. [ 242.158532][T12544] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 242.476733][T12564] netlink: 'syz.1.3134': attribute type 10 has an invalid length. [ 242.562697][T12571] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3136'. [ 242.826616][T12588] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3146'. [ 243.140699][T12605] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3154'. [ 243.253369][T12612] netlink: 'syz.1.3156': attribute type 7 has an invalid length. [ 243.288501][T12612] netlink: 'syz.1.3156': attribute type 8 has an invalid length. [ 243.404493][T12620] netlink: 'syz.2.3162': attribute type 21 has an invalid length. [ 243.429856][T12620] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3162'. [ 243.590756][T12630] netlink: 'syz.3.3166': attribute type 2 has an invalid length. [ 243.632912][T12630] netlink: 'syz.3.3166': attribute type 1 has an invalid length. [ 243.841688][T12645] ieee802154 phy0 wpan0: encryption failed: -22 [ 244.238052][T12668] netlink: 'syz.3.3186': attribute type 21 has an invalid length. [ 244.249491][T12668] IPv6: NLM_F_CREATE should be specified when creating new route [ 244.257451][T12668] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 244.264898][T12668] IPv6: NLM_F_CREATE should be set when creating new route [ 244.272521][T12668] IPv6: NLM_F_CREATE should be set when creating new route [ 244.279884][T12668] IPv6: NLM_F_CREATE should be set when creating new route [ 244.346585][T12674] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate. [ 244.571609][T12686] bond0: option ad_select: unable to set because the bond device is up [ 244.814394][T12700] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 244.880335][T12707] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 245.198625][T12725] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3214'. [ 245.218421][T12727] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3215'. [ 245.752146][T12761] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3232'. [ 245.769551][T12761] (unnamed net_device) (uninitialized): option xmit_hash_policy: invalid value (64) [ 246.065983][T12780] netlink: 'syz.1.3240': attribute type 5 has an invalid length. [ 246.071734][T12774] netlink: 'syz.2.3238': attribute type 10 has an invalid length. [ 246.104099][T12774] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.112345][T12774] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.151165][T12774] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.158609][T12774] bridge0: port 2(bridge_slave_1) entered forwarding state [ 246.166370][T12774] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.173741][T12774] bridge0: port 1(bridge_slave_0) entered forwarding state [ 246.188923][T12774] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 246.333193][T12793] openvswitch: netlink: Missing key (keys=40, expected=100) [ 246.346274][T12791] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3246'. [ 246.504404][T12796] bridge2: the hash_elasticity option has been deprecated and is always 16 [ 247.330509][T12843] syz.2.3265: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 247.456080][T12843] CPU: 0 UID: 0 PID: 12843 Comm: syz.2.3265 Not tainted 6.16.0-syzkaller-06610-g4eabe4cc0958 #0 PREEMPT(full) [ 247.456113][T12843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 247.456134][T12843] Call Trace: [ 247.456144][T12843] [ 247.456158][T12843] dump_stack_lvl+0x189/0x250 [ 247.456193][T12843] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.456216][T12843] ? __pfx__printk+0x10/0x10 [ 247.456244][T12843] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 247.456269][T12843] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 247.456296][T12843] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 247.456323][T12843] warn_alloc+0x214/0x310 [ 247.456346][T12843] ? stack_depot_save_flags+0x40/0x900 [ 247.456374][T12843] ? __pfx_warn_alloc+0x10/0x10 [ 247.456399][T12843] ? kasan_save_track+0x4f/0x80 [ 247.456429][T12843] ? xskq_create+0x56/0x170 [ 247.456456][T12843] ? xsk_init_queue+0xb0/0x110 [ 247.456480][T12843] ? xsk_setsockopt+0x4dc/0x8d0 [ 247.456502][T12843] ? do_sock_setsockopt+0x179/0x1b0 [ 247.456522][T12843] ? __x64_sys_setsockopt+0x13f/0x1b0 [ 247.456541][T12843] ? do_syscall_64+0xfa/0x3b0 [ 247.456571][T12843] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.456611][T12843] __vmalloc_node_range_noprof+0x125/0x12f0 [ 247.456668][T12843] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 247.456698][T12843] ? __kasan_kmalloc+0x93/0xb0 [ 247.456735][T12843] vmalloc_user_noprof+0xad/0xf0 [ 247.456756][T12843] ? xskq_create+0xbf/0x170 [ 247.456787][T12843] xskq_create+0xbf/0x170 [ 247.456819][T12843] xsk_init_queue+0xb0/0x110 [ 247.456849][T12843] xsk_setsockopt+0x4dc/0x8d0 [ 247.456878][T12843] ? __pfx_xsk_setsockopt+0x10/0x10 [ 247.456906][T12843] ? __pfx_aa_sk_perm+0x10/0x10 [ 247.456938][T12843] ? aa_sock_opt_perm+0x74/0x110 [ 247.456969][T12843] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 247.456994][T12843] ? __pfx_xsk_setsockopt+0x10/0x10 [ 247.457022][T12843] do_sock_setsockopt+0x179/0x1b0 [ 247.457050][T12843] __x64_sys_setsockopt+0x13f/0x1b0 [ 247.457078][T12843] do_syscall_64+0xfa/0x3b0 [ 247.457109][T12843] ? lockdep_hardirqs_on+0x9c/0x150 [ 247.457139][T12843] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.457160][T12843] ? clear_bhb_loop+0x60/0xb0 [ 247.457185][T12843] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.457206][T12843] RIP: 0033:0x7f943498eb69 [ 247.457235][T12843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.457254][T12843] RSP: 002b:00007f94357a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 247.457278][T12843] RAX: ffffffffffffffda RBX: 00007f9434bb5fa0 RCX: 00007f943498eb69 [ 247.457294][T12843] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 247.457307][T12843] RBP: 00007f9434a11df1 R08: 0000000000000004 R09: 0000000000000000 [ 247.457320][T12843] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 247.457333][T12843] R13: 0000000000000000 R14: 00007f9434bb5fa0 R15: 00007ffdf4069038 [ 247.457367][T12843] [ 247.457382][T12843] Mem-Info: [ 247.838217][T12843] active_anon:5070 inactive_anon:0 isolated_anon:0 [ 247.838217][T12843] active_file:1119 inactive_file:39887 isolated_file:0 [ 247.838217][T12843] unevictable:768 dirty:161 writeback:0 [ 247.838217][T12843] slab_reclaimable:10971 slab_unreclaimable:99392 [ 247.838217][T12843] mapped:29092 shmem:1374 pagetables:1168 [ 247.838217][T12843] sec_pagetables:0 bounce:0 [ 247.838217][T12843] kernel_misc_reclaimable:0 [ 247.838217][T12843] free:1326539 free_pcp:15444 free_cma:0 [ 247.928947][T12843] Node 0 active_anon:20280kB inactive_anon:0kB active_file:4476kB inactive_file:159344kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:116368kB dirty:644kB writeback:0kB shmem:3960kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12076kB pagetables:4508kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 247.945014][T12865] openvswitch: netlink: nsh attr 0 has unexpected len 1 expected 0 [ 248.038316][T12843] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 248.124428][T12843] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 248.214203][T12843] lowmem_reserve[]: 0 2500 2502 2502 2502 [ 248.258419][T12843] Node 0 DMA32 free:1395496kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:20276kB inactive_anon:0kB active_file:4476kB inactive_file:157516kB unevictable:1536kB writepending:728kB present:3129332kB managed:2560292kB mlocked:0kB bounce:0kB free_pcp:41160kB local_pcp:21368kB free_cma:0kB [ 248.367590][T12843] lowmem_reserve[]: 0 0 1 1 1 [ 248.374395][T12843] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1828kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 248.471343][T12843] lowmem_reserve[]: 0 0 0 0 0 [ 248.476703][T12843] Node 1 Normal free:3896056kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:20992kB local_pcp:14464kB free_cma:0kB [ 248.607330][T12843] lowmem_reserve[]: 0 0 0 0 0 [ 248.634406][T12843] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 248.673241][T12843] Node 0 DMA32: 386*4kB (UME) 338*8kB (UME) 25*16kB (UM) 383*32kB (UM) 139*64kB (U) 58*128kB (UM) 56*256kB (UM) 41*512kB (UM) 22*1024kB (UM) 7*2048kB (M) 315*4096kB (UM) = 1395656kB [ 248.727603][T12843] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 248.773192][T12843] Node 1 Normal: 194*4kB (UE) 48*8kB (UME) 39*16kB (UME) 94*32kB (UME) 29*64kB (UME) 4*128kB (UME) 5*256kB (UME) 3*512kB (ME) 1*1024kB (M) 1*2048kB (E) 948*4096kB (M) = 3896056kB [ 248.836198][T12843] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 248.878290][T12843] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 248.918236][T12843] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 248.928041][T12843] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 248.975864][T12843] 42376 total pagecache pages [ 248.981038][T12843] 0 pages in swap cache [ 248.985245][T12843] Free swap = 124996kB [ 248.990055][T12843] Total swap = 124996kB [ 249.000433][T12843] 2097051 pages RAM [ 249.003091][T12910] netlink: 'syz.1.3295': attribute type 1 has an invalid length. [ 249.012441][T12843] 0 pages HighMem/MovableOnly [ 249.017376][T12843] 424872 pages reserved [ 249.049612][T12843] 0 pages cma reserved [ 249.064483][T12912] netlink: 'syz.3.3296': attribute type 29 has an invalid length. [ 249.078317][T12912] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3296'. [ 249.806044][T12951] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3313'. [ 249.848868][T12955] netlink: 'syz.2.3312': attribute type 1 has an invalid length. [ 249.868921][T12955] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3312'. [ 249.922548][T12961] netlink: 'syz.0.3316': attribute type 39 has an invalid length. [ 250.226231][T12972] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3320'. [ 250.558705][T12988] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3326'. [ 251.041366][T13005] 8021q: adding VLAN 0 to HW filter on device bond2 [ 251.424955][T13037] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3350'. [ 251.632304][T13048] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3356'. [ 251.664481][T13048] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3356'. [ 252.057666][T13073] netlink: 'syz.4.3369': attribute type 1 has an invalid length. [ 253.028449][T13126] netlink: 'syz.0.3390': attribute type 4 has an invalid length. [ 253.451882][T13148] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3399'. [ 253.879675][T13164] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3406'. [ 253.916354][T13164] tc_dump_action: action bad kind [ 253.968281][T13168] delete_channel: no stack [ 254.154508][T13175] netlink: 'syz.1.3412': attribute type 7 has an invalid length. [ 254.295864][T13175] : entered promiscuous mode [ 254.558505][T13191] netlink: ct family unspecified [ 254.576302][T13191] openvswitch: netlink: Actions may not be safe on all matching packets [ 254.825415][T13208] netlink: 164 bytes leftover after parsing attributes in process `syz.4.3424'. [ 254.858976][T13208] netlink: 164 bytes leftover after parsing attributes in process `syz.4.3424'. [ 254.896174][T13208] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3424'. [ 254.947205][T13214] netlink: 'syz.3.3426': attribute type 1 has an invalid length. [ 254.956724][T13217] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3427'. [ 255.365930][T13238] lo: left promiscuous mode [ 255.376105][T13238] lo: left allmulticast mode [ 255.406930][T13238] tunl0: left promiscuous mode [ 255.421716][T13238] tunl0: left allmulticast mode [ 255.449679][T13238] gre0: left promiscuous mode [ 255.457746][T13238] gre0: left allmulticast mode [ 255.588501][T13238] gretap0: left promiscuous mode [ 255.595927][T13238] gretap0: left allmulticast mode [ 255.631975][T13238] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 255.885601][T13238] syz.3.3437 (13238) used greatest stack depth: 18872 bytes left [ 256.162641][T13277] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate. [ 256.678845][T13306] netlink: 144 bytes leftover after parsing attributes in process `syz.4.3463'. [ 256.948440][T13322] netlink: 808 bytes leftover after parsing attributes in process `syz.3.3473'. [ 257.047717][T13331] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3477'. [ 257.078576][T13331] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3477'. [ 257.507367][T13356] netlink: 144 bytes leftover after parsing attributes in process `syz.0.3488'. [ 257.558897][T13359] pim6reg: entered allmulticast mode [ 258.272995][T13402] netlink: 'syz.0.3512': attribute type 1 has an invalid length. [ 258.294560][T13402] netlink: 228 bytes leftover after parsing attributes in process `syz.0.3512'. [ 258.642500][T13425] netlink: 216 bytes leftover after parsing attributes in process `syz.3.3523'. [ 258.909837][T13439] netdevsim netdevsim3: Firmware load for './file0/../file0' refused, path contains '..' component [ 259.028571][T13445] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3533'. [ 259.082319][T13451] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3536'. [ 260.136279][T13510] netlink: 'syz.2.3564': attribute type 11 has an invalid length. [ 260.590812][T13534] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-xor(2) [ 260.875797][T13547] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3582'. [ 260.888422][T13547] netlink: 'syz.0.3582': attribute type 3 has an invalid length. [ 261.182602][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.015847][T13615] netlink: 'syz.2.3611': attribute type 7 has an invalid length. [ 262.032007][T13617] netlink: 'syz.3.3612': attribute type 7 has an invalid length. [ 262.067862][T13617] __nla_validate_parse: 5 callbacks suppressed [ 262.067884][T13617] netlink: 140 bytes leftover after parsing attributes in process `syz.3.3612'. [ 262.113884][T13623] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 262.432116][T13637] netlink: 220 bytes leftover after parsing attributes in process `syz.1.3621'. [ 263.008339][T13668] netlink: 'syz.0.3636': attribute type 11 has an invalid length. [ 263.016313][T13668] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3636'. [ 263.049035][T13673] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3635'. [ 263.240882][T13682] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 263.284057][T13685] netlink: 300 bytes leftover after parsing attributes in process `syz.2.3643'. [ 263.836549][T13717] dvmrp0: entered allmulticast mode [ 263.881744][T13721] netlink: 'syz.0.3657': attribute type 10 has an invalid length. [ 263.961693][T13721] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 264.417166][T13751] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3672'. [ 264.665817][T13763] netlink: 'syz.1.3678': attribute type 10 has an invalid length. [ 264.725845][T13763] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.770302][T13763] bridge_slave_1: left allmulticast mode [ 264.776249][T13763] bridge_slave_1: left promiscuous mode [ 264.799622][T13763] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.822429][T13763] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 264.931241][T13777] netlink: 'syz.2.3684': attribute type 1 has an invalid length. [ 265.169053][T13793] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3694'. [ 265.416462][T13807] lo: entered promiscuous mode [ 265.448599][T13807] netlink: 'syz.0.3699': attribute type 2 has an invalid length. [ 265.456495][T13807] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 267.193404][T13917] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3753'. [ 267.222291][T13917] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3753'. [ 267.248940][T13917] netlink: 31 bytes leftover after parsing attributes in process `syz.0.3753'. [ 267.287540][T13917] netlink: 'syz.0.3753': attribute type 3 has an invalid length. [ 267.307866][T13917] netlink: 'syz.0.3753': attribute type 2 has an invalid length. [ 267.338334][T13917] netlink: 31 bytes leftover after parsing attributes in process `syz.0.3753'. [ 267.557402][T13939] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3766'. [ 267.752042][T13951] ieee802154 phy1 wpan1: encryption failed: -22 [ 267.926443][T13956] netlink: 'syz.4.3772': attribute type 13 has an invalid length. [ 268.077287][T13965] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3778'. [ 268.104335][T13956] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 268.362858][T13983] netlink: 'syz.3.3787': attribute type 10 has an invalid length. [ 268.748456][T14006] netlink: 'syz.2.3796': attribute type 11 has an invalid length. [ 268.788299][T14006] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3796'. [ 268.846709][T14009] erspan0: entered promiscuous mode [ 268.869300][T14009] erspan0: entered allmulticast mode [ 268.988393][T14017] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3801'. [ 269.028288][T14017] netlink: 'syz.3.3801': attribute type 1 has an invalid length. [ 269.037735][T14020] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 269.059812][T14017] netlink: 'syz.3.3801': attribute type 1 has an invalid length. [ 269.082612][T14017] netlink: 'syz.3.3801': attribute type 2 has an invalid length. [ 269.103460][T14017] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3801'. [ 269.759505][T14061] C: renamed from team_slave_0 (while UP) [ 269.804186][T14061] netlink: 'syz.1.3819': attribute type 1 has an invalid length. [ 269.834499][T14061] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 269.999506][T14073] sctp: [Deprecated]: syz.2.3824 (pid 14073) Use of int in maxseg socket option. [ 269.999506][T14073] Use struct sctp_assoc_value instead [ 270.468314][T14094] netlink: 'syz.0.3834': attribute type 2 has an invalid length. [ 270.653831][T14101] netlink: 'syz.2.3837': attribute type 1 has an invalid length. [ 270.679096][T14101] netlink: 15 bytes leftover after parsing attributes in process `syz.2.3837'. [ 271.381675][T14146] netlink: 'syz.0.3860': attribute type 30 has an invalid length. [ 272.251556][T14199] xfrm2: entered allmulticast mode [ 272.688491][T14227] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 272.924817][T14241] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 272.965896][T14241] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 272.976226][T14241] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 273.005463][T14247] __nla_validate_parse: 1 callbacks suppressed [ 273.005487][T14247] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3909'. [ 273.037386][T14247] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3909'. [ 273.888460][T14297] netlink: 'syz.4.3933': attribute type 1 has an invalid length. [ 273.908353][T14297] netlink: 228 bytes leftover after parsing attributes in process `syz.4.3933'. [ 273.934368][T14297] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3933'. [ 274.136944][T14312] netlink: 156 bytes leftover after parsing attributes in process `syz.2.3940'. [ 274.197298][T14312] netlink: 156 bytes leftover after parsing attributes in process `syz.2.3940'. [ 274.219288][T14313] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3942'. [ 274.408483][T14322] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3948'. [ 274.537786][T14331] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3951'. [ 274.639095][T14335] netlink: 'syz.4.3953': attribute type 5 has an invalid length. [ 274.711267][T14341] netlink: 240 bytes leftover after parsing attributes in process `syz.0.3956'. [ 274.799769][T14345] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048) [ 275.819073][T14401] ieee802154 phy1 wpan1: encryption failed: -22 [ 276.105663][T14417] netlink: 'syz.2.3994': attribute type 3 has an invalid length. [ 276.537057][T14442] openvswitch: netlink: Tunnel attr 303 out of range max 16 [ 276.552874][T14443] netlink: 'syz.0.4007': attribute type 6 has an invalid length. [ 276.806476][T14453] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 277.280459][T14479] IPVS: length: 157 != 24 [ 277.776048][T14506] IPv6: Can't replace route, no match found [ 278.331672][T14534] macvlan0: entered promiscuous mode [ 278.337434][T14534] macvlan0: entered allmulticast mode [ 280.035906][T14630] __nla_validate_parse: 4 callbacks suppressed [ 280.035927][T14630] netlink: 260 bytes leftover after parsing attributes in process `syz.0.4095'. [ 280.616598][T14668] netlink: 116 bytes leftover after parsing attributes in process `syz.3.4114'. [ 280.722228][T14671] netlink: 'syz.4.4116': attribute type 12 has an invalid length. [ 280.752809][T14671] netlink: 132 bytes leftover after parsing attributes in process `syz.4.4116'. [ 281.259600][T14705] netlink: 'syz.1.4132': attribute type 1 has an invalid length. [ 281.289659][T14705] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4132'. [ 281.368092][T14710] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4136'. [ 281.505084][T14717] openvswitch: netlink: Flow key attribute not present in set flow. [ 281.849189][T14739] netlink: 'syz.2.4149': attribute type 1 has an invalid length. [ 281.857011][T14739] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4149'. [ 281.898833][T14739] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4149'. [ 282.003661][T14749] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4155'. [ 282.527599][T14779] netlink: 'syz.0.4169': attribute type 24 has an invalid length. [ 282.596265][T14782] openvswitch: netlink: IP tunnel dst address not specified [ 282.618929][T14784] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551614) [ 282.653741][T14784] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647 [ 282.687996][T14787] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.4173'. [ 283.365890][T14832] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4195'. [ 284.686027][T14899] netlink: 'syz.0.4229': attribute type 2 has an invalid length. [ 284.743775][T14899] netlink: 'syz.0.4229': attribute type 1 has an invalid length. [ 284.779171][T14905] netlink: 'syz.1.4231': attribute type 25 has an invalid length. [ 285.317712][T14937] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 285.627528][T14954] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 285.980734][T14978] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 286.128202][T14984] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4267'. [ 286.491898][T15006] 8021q: adding VLAN 0 to HW filter on device ipvlan0 [ 287.525256][T15062] Bluetooth: MGMT ver 1.23 [ 287.643004][T15067] netlink: 76 bytes leftover after parsing attributes in process `syz.0.4307'. [ 287.701804][T15067] nbd: illegal input index -8454144 [ 288.524829][T15117] netlink: 'syz.3.4331': attribute type 1 has an invalid length. [ 288.551470][T15117] netlink: 216 bytes leftover after parsing attributes in process `syz.3.4331'. [ 288.976942][T15143] netlink: 'syz.4.4344': attribute type 1 has an invalid length. [ 289.000918][T15143] netlink: 236 bytes leftover after parsing attributes in process `syz.4.4344'. [ 289.246623][T15157] netlink: 'syz.3.4350': attribute type 1 has an invalid length. [ 289.473332][T15154] "syz.0.4349" (15154) uses obsolete ecb(arc4) skcipher [ 290.054290][T15199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4369'. [ 290.077420][T15199] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4369'. [ 290.086743][T15199] netlink: 'syz.2.4369': attribute type 5 has an invalid length. [ 290.197188][T15206] netlink: 'syz.1.4372': attribute type 1 has an invalid length. [ 290.377449][T15219] Zero length message leads to an empty skb [ 290.752045][ T30] audit: type=1107 audit(1754357917.116:2): pid=15238 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='ً5%UA٠0ltݕ/ 6򊨊' [ 290.910434][T15246] netlink: 'syz.2.4392': attribute type 62 has an invalid length. [ 290.968375][ T9] IPVS: starting estimator thread 0... [ 290.976942][T15248] IPVS: ip_vs_edit_dest(): server weight less than zero [ 291.090910][T15252] IPVS: using max 24 ests per chain, 57600 per kthread [ 291.109720][T15257] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4397'. [ 291.545269][T15279] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 291.879628][T15299] block nbd0: not configured, cannot reconfigure [ 292.850296][T15358] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4446'. [ 292.911758][T15358] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4446'. [ 293.168761][T15377] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4454'. [ 293.806077][T15412] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4473'. [ 293.843270][T15412] netlink: 5 bytes leftover after parsing attributes in process `syz.2.4473'. [ 294.465411][T15459] netlink: 'syz.1.4494': attribute type 1 has an invalid length. [ 294.479681][T15459] netlink: 184 bytes leftover after parsing attributes in process `syz.1.4494'. [ 294.490139][T15459] netlink: 'syz.1.4494': attribute type 1 has an invalid length. [ 295.023763][T15491] netlink: 'syz.2.4509': attribute type 1 has an invalid length. [ 295.473271][T15519] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4523'. [ 295.792472][T15536] vcan0: entered allmulticast mode [ 296.860575][ T51] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 297.191995][T15615] netlink: 10 bytes leftover after parsing attributes in process `syz.4.4569'. [ 297.210367][T15614] netlink: 'syz.1.4567': attribute type 2 has an invalid length. [ 297.229098][T15614] netlink: 188 bytes leftover after parsing attributes in process `syz.1.4567'. [ 297.537455][T15632] openvswitch: netlink: VXLAN extension message has 1 unknown bytes. [ 299.578451][T15735] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4617'. [ 299.630279][T15740] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4617'. [ 299.649660][T15740] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4617'. [ 300.429048][T15773] syz.4.4633 (15773) used obsolete PPPIOCDETACH ioctl [ 300.706564][T15789] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 301.403114][T15828] bridge_slave_0: left allmulticast mode [ 301.417529][T15828] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.455370][T15828] bridge_slave_1: left allmulticast mode [ 301.479177][T15828] bridge_slave_1: left promiscuous mode [ 301.485306][T15828] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.592763][T15828] bond0: (slave bond_slave_0): Releasing backup interface [ 301.621259][T15828] bond0: (slave bond_slave_1): Releasing backup interface [ 301.632149][T15843] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 301.651164][T15828] team0: Port device team_slave_0 removed [ 301.674991][T15828] team0: Port device team_slave_1 removed [ 301.686878][T15828] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 301.697426][T15828] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 301.712886][T15828] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 301.729667][T15828] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 301.807546][T15828] bond0: (slave wlan1): Releasing backup interface [ 302.500541][T15884] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4686'. [ 302.532802][T15884] openvswitch: netlink: Unknown nsh attribute 0 [ 302.562044][T15884] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 303.018545][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 303.120853][T15921] netlink: 'syz.0.4702': attribute type 1 has an invalid length. [ 303.144006][T15921] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 303.810459][T15957] netlink: 'syz.3.4720': attribute type 7 has an invalid length. [ 303.848574][T15961] netlink: 'syz.0.4723': attribute type 58 has an invalid length. [ 303.859650][T15961] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4723'. [ 303.923431][T15964] netlink: 100 bytes leftover after parsing attributes in process `syz.3.4724'. [ 304.119187][T15973] netlink: 'syz.4.4728': attribute type 11 has an invalid length. [ 304.625056][T16006] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4744'. [ 304.822987][T16016] veth0_to_bond: entered allmulticast mode [ 304.962681][T16023] tipc: Enabling not permitted [ 304.978403][T16023] tipc: Enabling of bearer rejected, failed to enable media [ 305.550122][T16049] TCP: TCP_TX_DELAY enabled [ 305.724747][T16058] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4769'. [ 305.910353][T16062] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.033814][T16062] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.156371][T16062] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.264775][T16062] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.410049][ T3499] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.456423][ T3499] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.489766][ T3499] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.514607][ T13] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.532938][T16088] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4781'. [ 306.701379][T16092] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4784'. [ 307.459782][T16135] netlink: 104 bytes leftover after parsing attributes in process `syz.2.4805'. [ 308.205820][T16164] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4819'. [ 308.660327][T16183] bridge0: entered promiscuous mode [ 308.676099][T16183] macsec1: entered promiscuous mode [ 309.100925][T16210] nbd: must specify at least one socket [ 309.138717][T16214] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4842'. [ 309.153067][T16213] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 309.167380][T16213] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 309.172012][T16214] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4842'. [ 309.201723][T16214] netlink: 'syz.4.4842': attribute type 14 has an invalid length. [ 309.212107][T16214] netlink: 'syz.4.4842': attribute type 13 has an invalid length. [ 309.302674][T16218] netlink: 14 bytes leftover after parsing attributes in process `syz.1.4844'. [ 309.814055][T16247] Bluetooth: MGMT ver 1.23 [ 309.826913][T16249] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4860'. [ 310.173968][T16268] netlink: 'syz.4.4869': attribute type 142 has an invalid length. [ 310.352846][T16277] pim6reg: entered allmulticast mode [ 310.384801][T16277] pim6reg: left allmulticast mode [ 310.510492][T16285] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave [ 310.568259][T16285] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1) [ 311.453991][T16330] sctp: [Deprecated]: syz.3.4898 (pid 16330) Use of int in maxseg socket option. [ 311.453991][T16330] Use struct sctp_assoc_value instead [ 311.635626][T16336] netlink: 'syz.3.4901': attribute type 29 has an invalid length. [ 312.016295][T16357] pim6reg: entered allmulticast mode [ 312.171212][T16368] netlink: 'syz.3.4915': attribute type 1 has an invalid length. [ 312.241356][T16368] netlink: 232 bytes leftover after parsing attributes in process `syz.3.4915'. [ 312.265745][T16368] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4915'. [ 312.593402][T16390] netlink: 'syz.0.4922': attribute type 1 has an invalid length. [ 312.637555][T16390] netlink: 'syz.0.4922': attribute type 3 has an invalid length. [ 312.659138][T16390] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4922'. [ 312.709139][T16390] NCSI netlink: No device for ifindex 131080 [ 312.762376][T16395] tipc: Started in network mode [ 312.807654][T16395] tipc: Node identity aaaaaaaaaa33, cluster identity 4711 [ 312.835208][T16395] tipc: Enabled bearer , priority 12 [ 313.230949][T16424] Bluetooth: MGMT ver 1.23 [ 313.446766][T16436] IPVS: length: 8 != 1152 [ 313.519597][T16438] netlink: 165 bytes leftover after parsing attributes in process `syz.1.4944'. [ 313.949851][ T44] tipc: Node number set to 10070698 [ 314.037786][T16472] netlink: 'syz.1.4960': attribute type 6 has an invalid length. [ 314.068582][T16472] netlink: 'syz.1.4960': attribute type 6 has an invalid length. [ 314.330725][T16486] netlink: 212404 bytes leftover after parsing attributes in process `syz.4.4966'. [ 314.557132][T16498] netlink: 'syz.2.4972': attribute type 1 has an invalid length. [ 314.992745][T16525] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 315.305265][T16543] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 315.489691][T16553] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4997'. [ 315.986973][T16583] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5012'. [ 316.075153][T16587] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5015'. [ 316.104841][T16587] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5015'. [ 316.417107][T16606] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 317.162969][T16653] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.5047'. [ 317.259174][T16657] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5051'. [ 317.392895][T16664] netlink: 'syz.1.5053': attribute type 27 has an invalid length. [ 317.398390][T16668] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5054'. [ 318.044582][T16704] IPVS: Error connecting to the multicast addr [ 318.562721][T16733] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5085'. [ 318.640255][T16738] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5087'. [ 318.799712][T16745] nbd: must specify a device to reconfigure [ 318.812363][T16747] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5091'. [ 319.067915][T16763] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 319.088334][T16763] bond0: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 319.104039][T16763] bond0: (slave ipvlan2): Error -95 calling set_mac_address [ 319.366731][T16779] tipc: Enabling of bearer rejected, failed to enable media [ 319.991628][T16812] tipc: Enabling of bearer rejected, failed to enable media [ 320.616829][T16846] x_tables: ip_tables: MARK.2 target: invalid size 8 (kernel) != (user) 16 [ 321.303851][T16882] netlink: 'syz.1.5155': attribute type 11 has an invalid length. [ 321.566774][T16895] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 321.636035][T16899] __nla_validate_parse: 1 callbacks suppressed [ 321.636058][T16899] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.5164'. [ 321.715003][T16899] openvswitch: netlink: Port -8 exceeds max allowable 65535 [ 322.574522][T16953] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5188'. [ 322.605629][T16953] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5188'. [ 322.628716][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.850071][T16968] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5195'. [ 322.904698][T16969] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 324.006611][T17036] tipc: Enabling of bearer rejected, media not registered [ 324.427266][T17064] sctp: [Deprecated]: syz.3.5239 (pid 17064) Use of int in max_burst socket option deprecated. [ 324.427266][T17064] Use struct sctp_assoc_value instead [ 324.457061][T17068] netlink: 'syz.0.5240': attribute type 2 has an invalid length. [ 324.589926][T17072] netlink: 'syz.2.5243': attribute type 3 has an invalid length. [ 325.831451][T17143] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5276'. [ 326.119335][T17156] netlink: 'syz.3.5282': attribute type 2 has an invalid length. [ 326.218422][ T51] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 326.597690][T17177] netlink: 'syz.3.5292': attribute type 1 has an invalid length. [ 326.606770][T17177] netlink: 'syz.3.5292': attribute type 3 has an invalid length. [ 326.619951][T17177] netlink: 224 bytes leftover after parsing attributes in process `syz.3.5292'. [ 326.920625][ T44] IPVS: starting estimator thread 0... [ 326.931930][T17191] IPVS: ip_vs_add_dest(): server weight less than zero [ 327.048740][T17195] IPVS: using max 24 ests per chain, 57600 per kthread [ 327.880193][T17248] RDS: rds_bind could not find a transport for 400:0:1200:0:1030:0:ffff:ffff, load rds_tcp or rds_rdma? [ 327.971721][T17250] netlink: 104 bytes leftover after parsing attributes in process `syz.2.5327'. [ 328.057556][T17252] netlink: 'syz.2.5328': attribute type 2 has an invalid length. [ 328.090456][T17252] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5328'. [ 328.791043][T17291] netlink: 240 bytes leftover after parsing attributes in process `syz.0.5347'. [ 329.970987][T17364] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5382'. [ 330.079371][T17368] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 330.086863][T17368] IPv6: NLM_F_CREATE should be set when creating new route [ 330.095245][T17368] IPv6: NLM_F_CREATE should be set when creating new route [ 330.102554][T17368] IPv6: NLM_F_CREATE should be set when creating new route [ 330.147560][T17368] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 330.559465][T17387] bridge: RTM_NEWNEIGH with unconfigured vlan 3 on bridge0 [ 331.252647][T17424] bridge_slave_0: default FDB implementation only supports local addresses [ 331.265980][T17426] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5411'. [ 331.279727][T17426] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5411'. [ 331.290680][T17426] netlink: 'syz.4.5411': attribute type 12 has an invalid length. [ 331.317344][T17426] netlink: 'syz.4.5411': attribute type 11 has an invalid length. [ 331.740024][T17450] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5421'. [ 331.751769][T17450] netlink: 'syz.4.5421': attribute type 30 has an invalid length. [ 331.764110][T17451] netlink: 104 bytes leftover after parsing attributes in process `syz.2.5422'. [ 331.828612][T17450] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5421'. [ 332.377340][T17484] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5435'. [ 334.736376][T17611] pimreg3: entered allmulticast mode [ 335.092876][T17635] netlink: 'syz.3.5497': attribute type 1 has an invalid length. [ 335.128422][T17635] netlink: 220 bytes leftover after parsing attributes in process `syz.3.5497'. [ 335.170175][T17635] netlink: 'syz.3.5497': attribute type 1 has an invalid length. [ 335.335550][T17642] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 335.763769][ T5931] IPVS: starting estimator thread 0... [ 335.858268][T17660] IPVS: using max 26 ests per chain, 62400 per kthread [ 336.282600][T17689] ieee802154 phy1 wpan1: encryption failed: -22 [ 338.106618][T17786] openvswitch: netlink: Unknown key attributes 2 [ 338.117189][T17788] netlink: 'syz.0.5566': attribute type 1 has an invalid length. [ 338.154370][T17788] netlink: 236 bytes leftover after parsing attributes in process `syz.0.5566'. [ 338.375579][T17800] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5574'. [ 338.413328][T17800] openvswitch: netlink: nsh attribute has 2338 unknown bytes. [ 338.446554][T17800] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 338.670056][T17812] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 338.676980][T17811] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 338.692465][T17812] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 338.733998][T17812] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 338.753091][T17812] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 338.902533][T17816] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5582'. [ 339.470282][T17850] netlink: 'syz.3.5598': attribute type 2 has an invalid length. [ 339.490038][T17850] netlink: 1184 bytes leftover after parsing attributes in process `syz.3.5598'. [ 339.806265][T17870] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 340.009598][T17882] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5615'. [ 340.027713][T17886] netlink: 'syz.3.5617': attribute type 1 has an invalid length. [ 340.071822][T17886] netlink: 144 bytes leftover after parsing attributes in process `syz.3.5617'. [ 340.098303][T17886] netlink: 'syz.3.5617': attribute type 1 has an invalid length. [ 340.122552][T17886] netlink: 'syz.3.5617': attribute type 2 has an invalid length. [ 340.159322][T17886] netlink: 64 bytes leftover after parsing attributes in process `syz.3.5617'. [ 340.208375][T17895] x_tables: ip_tables: udp match: only valid for protocol 17 [ 340.349137][T17904] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5624'. [ 340.843236][T17931] netlink: 96 bytes leftover after parsing attributes in process `syz.3.5639'. [ 340.894179][T17931] vlan2: entered allmulticast mode [ 340.910496][T17931] gretap0: entered allmulticast mode [ 341.182736][T17951] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5648'. [ 341.552954][T17973] netlink: 'syz.1.5659': attribute type 32 has an invalid length. [ 341.571655][T17973] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5659'. [ 341.593551][T17973] (unnamed net_device) (uninitialized): Setting coupled_control to off (0) [ 341.695301][T17980] tipc: Started in network mode [ 341.718479][T17980] tipc: Node identity , cluster identity 4711 [ 341.743840][T17980] tipc: Failed to obtain node identity [ 341.750072][T17980] tipc: Enabling of bearer rejected, failed to enable media [ 341.843357][T17986] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5665'. [ 342.706288][T18036] bridge0: port 1(veth0_to_bridge) entered blocking state [ 342.738739][T18036] bridge0: port 1(veth0_to_bridge) entered disabled state [ 342.765143][T18036] veth0_to_bridge: entered allmulticast mode [ 342.787118][T18036] veth0_to_bridge: entered promiscuous mode [ 342.804512][T18039] Bluetooth: MGMT ver 1.23 [ 342.828872][T18036] bridge0: port 1(veth0_to_bridge) entered blocking state [ 342.836367][T18036] bridge0: port 1(veth0_to_bridge) entered forwarding state [ 343.325576][T18061] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 343.484208][T18066] vlan1: entered allmulticast mode [ 343.508209][T18066] veth0_vlan: entered allmulticast mode [ 343.716237][T18073] netlink: 'syz.3.5708': attribute type 1 has an invalid length. [ 343.772054][T18073] netlink: 'syz.3.5708': attribute type 2 has an invalid length. [ 343.823993][T18073] netlink: 1172 bytes leftover after parsing attributes in process `syz.3.5708'. [ 344.759601][T18135] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5739'. [ 344.858638][ T5857] Bluetooth: hci2: command 0x0406 tx timeout [ 344.865176][ T51] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 345.068837][T18157] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5748'. [ 345.435810][T18176] netlink: 'syz.1.5757': attribute type 1 has an invalid length. [ 345.444220][T18176] netlink: 208 bytes leftover after parsing attributes in process `syz.1.5757'. [ 345.453805][T18176] netlink: 'syz.1.5757': attribute type 1 has an invalid length. [ 345.462277][T18176] netlink: 'syz.1.5757': attribute type 2 has an invalid length. [ 345.819372][T18200] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5769'. [ 346.532849][T18240] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5785'. [ 346.727241][T18248] team0: Device xfrm1 is up. Set it down before adding it as a team port [ 347.175776][T18277] pimreg: left allmulticast mode [ 347.186012][T18277] vlan1: left allmulticast mode [ 347.210247][T18277] veth0_vlan: left allmulticast mode [ 348.428756][T18349] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5834'. [ 348.457357][T18349] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5834'. [ 348.467772][T18352] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5835'. [ 348.467948][T18352] openvswitch: netlink: Invalid MD length 0 for MD type 0 [ 348.467982][T18352] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 349.155842][T18389] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5853'. [ 349.171267][T18390] openvswitch: netlink: IPv6 tunnel dst address is zero [ 349.287787][T18394] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5857'. [ 349.928561][T18436] netlink: 'syz.0.5876': attribute type 3 has an invalid length. [ 350.610036][T18476] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5893'. [ 350.653686][T18476] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 350.675278][T18476] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 351.068876][T18503] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 352.353394][T18568] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 352.970871][T18605] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5957'. [ 352.984991][T18607] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_team, syncid = 4, id = 0 [ 354.192057][T18672] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5988'. [ 354.382797][T18683] tipc: Failed to obtain node identity [ 354.398588][T18683] tipc: Enabling of bearer rejected, failed to enable media [ 354.827263][T18710] netlink: 256 bytes leftover after parsing attributes in process `syz.2.6008'. [ 354.856079][T18710] unsupported nlmsg_type 40 [ 355.053291][T18723] : entered promiscuous mode [ 355.083259][T18727] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6015'. [ 355.405025][T18746] netlink: 104 bytes leftover after parsing attributes in process `syz.2.6023'. [ 356.685501][T18818] netlink: 'syz.0.6059': attribute type 1 has an invalid length. [ 357.076736][T18836] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6068'. [ 357.099944][T18838] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6069'. [ 357.111113][T18838] netlink: 176 bytes leftover after parsing attributes in process `syz.4.6069'. [ 357.138784][T18838] netlink: 'syz.4.6069': attribute type 5 has an invalid length. [ 357.659829][T18869] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.6085'. [ 357.720036][T18872] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6086'. [ 357.763239][T18872] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6086'. [ 358.216943][T18902] net veth1_virt_wifi .: renamed from virt_wifi0 [ 358.403017][T18913] netlink: 'syz.2.6105': attribute type 3 has an invalid length. [ 358.420927][T18913] netlink: 766 bytes leftover after parsing attributes in process `syz.2.6105'. [ 358.671810][T18927] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6113'. [ 359.201464][T18957] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6127'. [ 359.411822][T18969] sctp: [Deprecated]: syz.4.6133 (pid 18969) Use of struct sctp_assoc_value in delayed_ack socket option. [ 359.411822][T18969] Use struct sctp_sack_info instead [ 359.434926][T18969] sctp: [Deprecated]: syz.4.6133 (pid 18969) Use of struct sctp_assoc_value in delayed_ack socket option. [ 359.434926][T18969] Use struct sctp_sack_info instead [ 360.125919][T19010] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6150'. [ 360.160751][T19010] openvswitch: netlink: nsh attr 8196 is out of range max 3 [ 360.175888][T19010] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 360.688174][T19041] xt_socket: unknown flags 0x50 [ 360.765007][ T44] IPVS: starting estimator thread 0... [ 360.862897][T19049] IPVS: using max 33 ests per chain, 79200 per kthread [ 363.908488][T19195] __nla_validate_parse: 3 callbacks suppressed [ 363.908510][T19195] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6235'. [ 364.234838][T19215] netlink: 'syz.0.6244': attribute type 1 has an invalid length. [ 364.884222][T19255] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6264'. [ 365.666183][T19288] team0: Device wireguard0 is up. Set it down before adding it as a team port [ 366.100035][T19319] bond4: entered promiscuous mode [ 366.108776][T19319] bond4: entered allmulticast mode [ 366.121608][T19319] 8021q: adding VLAN 0 to HW filter on device bond4 [ 366.243764][T19319] bond4 (unregistering): Released all slaves [ 366.273429][T19322] bond0: (slave bridge0): Releasing backup interface [ 366.282604][T19322] bridge0: port 2(bridge_slave_1) entered disabled state [ 366.290227][T19322] bridge0: port 1(bridge_slave_0) entered disabled state [ 366.330581][T19322] bridge_slave_0: left allmulticast mode [ 366.336573][T19322] bridge_slave_0: left promiscuous mode [ 366.343592][T19322] bridge0: port 1(bridge_slave_0) entered disabled state [ 366.361022][T19322] bridge_slave_1: left allmulticast mode [ 366.367139][T19322] bridge_slave_1: left promiscuous mode [ 366.375013][T19322] bridge0: port 2(bridge_slave_1) entered disabled state [ 366.401845][T19322] bond0: (slave bond_slave_0): Releasing backup interface [ 366.432252][T19322] bond0: (slave bond_slave_1): Releasing backup interface [ 366.463382][T19322] team0: Port device team_slave_0 removed [ 366.500239][T19322] team0: Port device team_slave_1 removed [ 366.508782][T19322] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 366.516731][T19322] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 366.527175][T19322] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 366.535079][T19322] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 366.582870][T19322] team0: Port device geneve0 removed [ 367.175727][T19358] netlink: 'syz.0.6310': attribute type 29 has an invalid length. [ 367.186583][T19358] netlink: 'syz.0.6310': attribute type 29 has an invalid length. [ 367.221778][T19358] netlink: 'syz.0.6310': attribute type 29 has an invalid length. [ 367.253040][T19358] netlink: 'syz.0.6310': attribute type 29 has an invalid length. [ 367.602672][T19378] netem: change failed [ 368.684894][T19418] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6340'. [ 368.975147][T19435] netlink: 'syz.2.6349': attribute type 18 has an invalid length. [ 368.983066][T19438] netlink: 'syz.0.6347': attribute type 83 has an invalid length. [ 369.451671][T19462] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6360'. [ 369.484945][T19462] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 369.972981][ T51] block nbd0: Receive control failed (result -32) [ 370.130303][T19490] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6374'. [ 371.690359][ T3499] bond0: (slave bond_slave_0): link status definitely down, disabling slave [ 371.758897][T19574] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6414'. [ 372.001612][T19587] openvswitch: netlink: IP tunnel dst address not specified [ 372.383655][T19606] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6430'. [ 372.653663][T19618] openvswitch: netlink: VXLAN extension message has 3 unknown bytes. [ 372.990571][T19635] netlink: 340 bytes leftover after parsing attributes in process `syz.2.6443'. [ 373.191728][T19642] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6447'. [ 373.283673][T19648] veth0: entered promiscuous mode [ 373.289727][T19647] veth0: left promiscuous mode [ 374.687825][T19732] netlink: 'syz.2.6490': attribute type 8 has an invalid length. [ 374.771994][T19737] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6493'. [ 374.803455][T19737] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6493'. [ 374.937245][T19746] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6496'. [ 375.220684][T19757] netlink: 'syz.3.6502': attribute type 1 has an invalid length. [ 375.247066][T19757] netlink: 'syz.3.6502': attribute type 4 has an invalid length. [ 375.292202][T19757] netlink: 192 bytes leftover after parsing attributes in process `syz.3.6502'. [ 375.393721][T19763] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6504'. [ 376.195459][T19795] netlink: 'syz.1.6518': attribute type 4 has an invalid length. [ 376.420512][T19806] sctp: [Deprecated]: syz.1.6522 (pid 19806) Use of struct sctp_assoc_value in delayed_ack socket option. [ 376.420512][T19806] Use struct sctp_sack_info instead [ 376.429604][T19810] netlink: 104 bytes leftover after parsing attributes in process `syz.2.6524'. [ 377.709713][T19864] netlink: 'syz.4.6549': attribute type 2 has an invalid length. [ 377.718806][T19864] netlink: 84 bytes leftover after parsing attributes in process `syz.4.6549'. [ 377.814894][T19870] netlink: 160 bytes leftover after parsing attributes in process `syz.3.6552'. [ 377.984649][T19877] C: entered promiscuous mode [ 377.989702][T19877] team_slave_1: entered promiscuous mode [ 378.005583][T19877] macsec1: entered allmulticast mode [ 378.015096][T19877] team0: entered allmulticast mode [ 378.021064][T19877] C: entered allmulticast mode [ 378.026200][T19877] team_slave_1: entered allmulticast mode [ 378.037950][T19877] team0: left allmulticast mode [ 378.044032][T19877] C: left allmulticast mode [ 378.051112][T19877] team_slave_1: left allmulticast mode [ 378.057123][T19877] C: left promiscuous mode [ 378.061804][T19877] team_slave_1: left promiscuous mode [ 378.101275][T19848] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 378.220405][T19884] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6559'. [ 378.368619][T19894] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6563'. [ 378.408350][T19898] sctp: [Deprecated]: syz.0.6566 (pid 19898) Use of struct sctp_assoc_value in delayed_ack socket option. [ 378.408350][T19898] Use struct sctp_sack_info instead [ 378.425561][T19900] xfrm3: entered promiscuous mode [ 378.443211][T19900] xfrm3: entered allmulticast mode [ 378.458291][ T51] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 378.462534][ T5839] Bluetooth: hci2: command 0x0406 tx timeout [ 378.785201][T19917] netlink: 'syz.3.6573': attribute type 11 has an invalid length. [ 379.029441][ T5839] Bluetooth: hci4: command 0x0406 tx timeout [ 379.777058][T19975] netem: invalid attributes len -24 [ 379.786731][T19975] netem: change failed [ 382.236985][T20085] __nla_validate_parse: 7 callbacks suppressed [ 382.237005][T20085] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6649'. [ 382.395481][T20097] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6656'. [ 383.482604][T20147] netlink: 104 bytes leftover after parsing attributes in process `syz.4.6679'. [ 383.724794][T20157] bond0: option mode: unable to set because the bond device has slaves [ 384.831477][T20220] netlink: 'syz.4.6713': attribute type 8 has an invalid length. [ 385.441479][T20255] netlink: 'syz.4.6729': attribute type 4 has an invalid length. [ 385.471345][T20256] tipc: Started in network mode [ 385.479347][T20256] tipc: Node identity ac14140f, cluster identity 4711 [ 385.486936][T20256] tipc: New replicast peer: 255.255.255.255 [ 385.522628][T20256] tipc: Enabled bearer , priority 10 [ 385.547083][T20261] af_packet: tpacket_rcv: packet too big, clamped from 112 to 4294967272. macoff=96 [ 385.617854][T20265] netlink: 284 bytes leftover after parsing attributes in process `syz.0.6734'. [ 386.628334][ T44] tipc: Node number set to 2886997007 [ 386.895449][T20329] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6761'. [ 386.911148][T20329] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6761'. [ 386.920386][T20329] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6761'. [ 387.485427][ C1] vcan0: j1939_tp_rxtimer: 0xffff88806d97cc00: rx timeout, send abort [ 387.495707][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88806d97cc00: 0x2fe01: (3) A timeout occurred and this is the connection abort to close the session. [ 387.766878][T20378] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6784'. [ 388.028389][T20391] netlink: 165 bytes leftover after parsing attributes in process `syz.1.6790'. [ 388.930149][T20446] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6813'. [ 389.388779][T20471] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6825'. [ 389.480419][T20474] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6827'. [ 389.638761][T20485] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6833'. [ 389.824796][T20496] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6838'. [ 389.844221][T20496] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6838'. [ 390.233990][T20517] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6848'. [ 390.294427][T20521] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6849'. [ 390.631472][T20535] IPVS: persistence engine module ip_vs_pe_ not found [ 391.476427][T20587] C: entered promiscuous mode [ 391.481660][T20587] team_slave_1: entered promiscuous mode [ 392.111139][T20625] netlink: 'syz.2.6898': attribute type 1 has an invalid length. [ 392.176244][T20625] netlink: 'syz.2.6898': attribute type 2 has an invalid length. [ 392.479537][T20648] tap0: tun_chr_ioctl cmd 1074025678 [ 392.494355][T20648] tap0: group set to 0 [ 392.734460][T20667] netlink: 'syz.2.6918': attribute type 33 has an invalid length. [ 392.747603][T20667] (unnamed net_device) (uninitialized): option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0) [ 392.857889][T20673] __nla_validate_parse: 12 callbacks suppressed [ 392.857911][T20673] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6921'. [ 392.882242][T20673] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6921'. [ 392.896703][T20673] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6921'. [ 393.273341][T20693] dvmrp0: entered allmulticast mode [ 393.290428][T20697] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6933'. [ 393.315121][T20700] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6934'. [ 393.326121][T20698] dvmrp0: left allmulticast mode [ 393.459431][T20704] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.6936'. [ 393.854642][T20728] openvswitch: netlink: Multiple metadata blocks provided [ 393.871493][T20730] netlink: 'syz.1.6949': attribute type 1 has an invalid length. [ 393.879630][T20730] netlink: 172 bytes leftover after parsing attributes in process `syz.1.6949'. [ 393.968516][T20732] netlink: 104 bytes leftover after parsing attributes in process `syz.3.6950'. [ 394.041467][T20734] openvswitch: netlink: Multiple metadata blocks provided [ 394.529675][T20754] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6960'. [ 394.557272][T20759] netlink: 176 bytes leftover after parsing attributes in process `syz.2.6964'. [ 394.588382][T20759] ip6gretap0: entered promiscuous mode [ 396.242160][T20861] bridge0: port 1(bridge_slave_0) entered disabled state [ 396.317024][T20868] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 397.772181][T20956] tipc: Started in network mode [ 397.798939][T20956] tipc: Node identity ac14140f, cluster identity 4711 [ 397.806047][T20956] tipc: New replicast peer: 255.255.255.255 [ 397.879307][T20956] tipc: Enabled bearer , priority 10 [ 397.967911][T20967] __nla_validate_parse: 13 callbacks suppressed [ 397.967932][T20967] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7061'. [ 398.722023][T21012] netlink: 68 bytes leftover after parsing attributes in process `syz.2.7081'. [ 398.998181][ T925] tipc: Node number set to 2886997007 [ 399.023310][T21028] netlink: 'syz.4.7087': attribute type 39 has an invalid length. [ 399.353631][T21040] macvlan0: left promiscuous mode [ 399.370145][T21040] macvlan0: left allmulticast mode [ 399.568356][T21054] netlink: 'syz.3.7100': attribute type 1 has an invalid length. [ 399.585040][T21054] netlink: 'syz.3.7100': attribute type 4 has an invalid length. [ 399.628273][T21054] netlink: 188 bytes leftover after parsing attributes in process `syz.3.7100'. [ 399.648284][T21054] NCSI netlink: No device for ifindex 458760 [ 399.882052][T21064] block nbd1: server does not support multiple connections per device. [ 399.913572][T21064] block nbd1: shutting down sockets [ 400.164232][T21083] syz.3.7116: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 400.188823][T21083] CPU: 0 UID: 0 PID: 21083 Comm: syz.3.7116 Not tainted 6.16.0-syzkaller-06610-g4eabe4cc0958 #0 PREEMPT(full) [ 400.188858][T21083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 400.188877][T21083] Call Trace: [ 400.188887][T21083] [ 400.188901][T21083] dump_stack_lvl+0x189/0x250 [ 400.188934][T21083] ? __pfx_dump_stack_lvl+0x10/0x10 [ 400.188958][T21083] ? __pfx__printk+0x10/0x10 [ 400.188985][T21083] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 400.189011][T21083] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 400.189038][T21083] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 400.189066][T21083] warn_alloc+0x214/0x310 [ 400.189089][T21083] ? stack_depot_save_flags+0x40/0x900 [ 400.189116][T21083] ? __pfx_warn_alloc+0x10/0x10 [ 400.189141][T21083] ? kasan_save_track+0x4f/0x80 [ 400.189172][T21083] ? xskq_create+0x56/0x170 [ 400.189202][T21083] ? xsk_init_queue+0xb0/0x110 [ 400.189228][T21083] ? xsk_setsockopt+0x4dc/0x8d0 [ 400.189254][T21083] ? do_sock_setsockopt+0x179/0x1b0 [ 400.189274][T21083] ? __x64_sys_setsockopt+0x13f/0x1b0 [ 400.189293][T21083] ? do_syscall_64+0xfa/0x3b0 [ 400.189325][T21083] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.189357][T21083] __vmalloc_node_range_noprof+0x125/0x12f0 [ 400.189413][T21083] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 400.189439][T21083] ? xskq_create+0x56/0x170 [ 400.189471][T21083] ? __kasan_kmalloc+0x93/0xb0 [ 400.189515][T21083] vmalloc_user_noprof+0xad/0xf0 [ 400.189537][T21083] ? xskq_create+0xbf/0x170 [ 400.189568][T21083] xskq_create+0xbf/0x170 [ 400.189602][T21083] xsk_init_queue+0xb0/0x110 [ 400.189635][T21083] xsk_setsockopt+0x4dc/0x8d0 [ 400.189667][T21083] ? __pfx_xsk_setsockopt+0x10/0x10 [ 400.189697][T21083] ? __pfx_aa_sk_perm+0x10/0x10 [ 400.189730][T21083] ? aa_sock_opt_perm+0x74/0x110 [ 400.189762][T21083] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 400.189787][T21083] ? __pfx_xsk_setsockopt+0x10/0x10 [ 400.189817][T21083] do_sock_setsockopt+0x179/0x1b0 [ 400.189844][T21083] __x64_sys_setsockopt+0x13f/0x1b0 [ 400.189874][T21083] do_syscall_64+0xfa/0x3b0 [ 400.189905][T21083] ? lockdep_hardirqs_on+0x9c/0x150 [ 400.189935][T21083] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.189958][T21083] ? clear_bhb_loop+0x60/0xb0 [ 400.189985][T21083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.190006][T21083] RIP: 0033:0x7f969c58eb69 [ 400.190027][T21083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 400.190047][T21083] RSP: 002b:00007f969d3e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 400.190073][T21083] RAX: ffffffffffffffda RBX: 00007f969c7b5fa0 RCX: 00007f969c58eb69 [ 400.190092][T21083] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 400.190105][T21083] RBP: 00007f969c611df1 R08: 0000000000000004 R09: 0000000000000000 [ 400.190119][T21083] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 400.190133][T21083] R13: 0000000000000000 R14: 00007f969c7b5fa0 R15: 00007ffef69caf78 [ 400.190168][T21083] [ 400.190182][T21083] Mem-Info: [ 400.258396][T21086] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7114'. [ 400.285441][T21083] active_anon:8642 inactive_anon:0 isolated_anon:0 [ 400.285441][T21083] active_file:1153 inactive_file:39949 isolated_file:0 [ 400.285441][T21083] unevictable:768 dirty:273 writeback:0 [ 400.285441][T21083] slab_reclaimable:11702 slab_unreclaimable:114989 [ 400.285441][T21083] mapped:29090 shmem:1387 pagetables:1175 [ 400.285441][T21083] sec_pagetables:0 bounce:0 [ 400.285441][T21083] kernel_misc_reclaimable:0 [ 400.285441][T21083] free:1304731 free_pcp:15543 free_cma:0 [ 400.570323][T21083] Node 0 active_anon:34768kB inactive_anon:0kB active_file:4612kB inactive_file:159592kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:116460kB dirty:1092kB writeback:0kB shmem:4012kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12096kB pagetables:4636kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 400.675689][T21083] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 400.778632][T21083] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 400.862550][T21083] lowmem_reserve[]: 0 2500 2502 2502 2502 [ 400.873726][T21083] Node 0 DMA32 free:1307744kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:34620kB inactive_anon:0kB active_file:4612kB inactive_file:157764kB unevictable:1536kB writepending:1092kB present:3129332kB managed:2560292kB mlocked:0kB bounce:0kB free_pcp:40648kB local_pcp:19752kB free_cma:0kB [ 400.934996][T21083] lowmem_reserve[]: 0 0 1 1 1 [ 400.940270][T21083] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1828kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 400.972989][T21083] lowmem_reserve[]: 0 0 0 0 0 [ 400.998519][T21106] netlink: 36 bytes leftover after parsing attributes in process `syz.1.7126'. [ 401.007807][T21083] Node 1 Normal free:3895804kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:21240kB local_pcp:6560kB free_cma:0kB [ 401.098009][T21083] lowmem_reserve[]: 0 0 0 0 0 [ 401.117825][T21083] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 401.184810][ T13] wlan0: Trigger new scan to find an IBSS to join [ 401.196867][T21114] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 401.199186][T21083] Node 0 DMA32: 234*4kB (UM) 167*8kB (UE) 322*16kB (UM) 361*32kB (UM) 181*64kB (UM) 36*128kB (UME) 61*256kB (UME) 39*512kB (UME) 12*1024kB (U) 0*2048kB 299*4096kB (UM) = 1307744kB [ 401.267282][T21083] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 401.308044][T21083] Node 1 Normal: 193*4kB (UE) 48*8kB (UME) 39*16kB (UME) 93*32kB (UME) 30*64kB (UME) 4*128kB (UME) 5*256kB (UME) 3*512kB (ME) 1*1024kB (M) 1*2048kB (E) 948*4096kB (M) = 3896084kB [ 401.367125][T21123] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.7133'. [ 401.372233][T21083] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 401.420858][T21083] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 401.446429][T21083] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 401.466803][T21083] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 401.478159][T21083] 42485 total pagecache pages [ 401.488197][T21083] 0 pages in swap cache [ 401.496519][T21083] Free swap = 124996kB [ 401.584044][T21083] Total swap = 124996kB [ 401.592309][T21083] 2097051 pages RAM [ 401.596257][T21083] 0 pages HighMem/MovableOnly [ 401.624329][T21083] 424872 pages reserved [ 401.642390][T21083] 0 pages cma reserved [ 401.691248][T21136] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.7139'. [ 401.866205][T21145] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7143'. [ 402.364112][T21175] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7157'. [ 403.105349][ T30] audit: type=1107 audit(1754358029.466:3): pid=21218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 403.410118][T21234] netlink: 'syz.3.7184': attribute type 1 has an invalid length. [ 403.520313][T21234] netlink: 212 bytes leftover after parsing attributes in process `syz.3.7184'. [ 403.532269][T21234] netlink: 'syz.3.7184': attribute type 1 has an invalid length. [ 404.228632][ T3499] wlan0: Trigger new scan to find an IBSS to join [ 404.272803][T21266] sctp: [Deprecated]: syz.3.7198 (pid 21266) Use of int in max_burst socket option deprecated. [ 404.272803][T21266] Use struct sctp_assoc_value instead [ 404.297952][T21269] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7200'. [ 404.365939][T21272] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7201'. [ 404.472701][T21276] bridge0: port 2(bridge_slave_1) entered disabled state [ 404.480663][T21276] bridge0: port 1(bridge_slave_0) entered disabled state [ 404.734105][T21293] netlink: 14 bytes leftover after parsing attributes in process `syz.0.7211'. [ 404.832878][T21293] bond0 (unregistering): Released all slaves [ 404.914239][T21303] netlink: 2 bytes leftover after parsing attributes in process `syz.2.7217'. [ 405.124080][T21314] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 405.144060][T21314] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 405.233418][T21313] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7222'. [ 405.843933][T21356] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7239'. [ 405.873302][T21356] netlink: 10 bytes leftover after parsing attributes in process `syz.2.7239'. [ 406.521149][T21394] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7257'. [ 406.718422][T21408] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7264'. [ 406.790240][T21410] bridge_slave_0: entered promiscuous mode [ 407.253046][T21431] netlink: 'syz.0.7276': attribute type 83 has an invalid length. [ 407.263252][ T3499] wlan0: Creating new IBSS network, BSSID 66:cc:53:22:e8:31 [ 407.515802][T21451] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 408.616906][T21506] netlink: 'syz.3.7309': attribute type 1 has an invalid length. [ 408.639103][T21506] __nla_validate_parse: 1 callbacks suppressed [ 408.639124][T21506] netlink: 172 bytes leftover after parsing attributes in process `syz.3.7309'. [ 408.682439][T21511] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7312'. [ 408.868952][T21519] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7316'. [ 408.905649][T21519] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7316'. [ 409.806806][T21579] netlink: 40 bytes leftover after parsing attributes in process `syz.0.7345'. [ 410.180830][T21597] netlink: 40 bytes leftover after parsing attributes in process `syz.1.7355'. [ 410.776881][T21634] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 411.288600][T21664] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7387'. [ 411.585033][T21682] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7395'. [ 412.237666][T21717] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7411'. [ 412.601217][T21736] bridge: RTM_NEWNEIGH with invalid state 0x8 [ 412.834689][T21739] syz.3.7419 (21739) used greatest stack depth: 17864 bytes left [ 412.851866][T21748] netlink: 152064 bytes leftover after parsing attributes in process `syz.1.7423'. [ 412.881963][T21748] netlink: zone id is out of range [ 412.902565][T21748] netlink: zone id is out of range [ 412.918281][T21748] netlink: zone id is out of range [ 412.937269][T21748] netlink: zone id is out of range [ 412.942846][T21748] netlink: zone id is out of range [ 412.959979][T21748] netlink: zone id is out of range [ 412.966815][T21748] netlink: zone id is out of range [ 412.977003][T21748] netlink: zone id is out of range [ 412.988314][T21748] netlink: zone id is out of range [ 413.003455][T21748] netlink: zone id is out of range [ 413.979076][T21809] __nla_validate_parse: 2 callbacks suppressed [ 413.979097][T21809] netlink: 40 bytes leftover after parsing attributes in process `syz.2.7453'. [ 414.283915][T21819] tap0: tun_chr_ioctl cmd 1074025676 [ 414.322768][T21819] tap0: owner set to 0 [ 414.415321][T21830] netlink: 576 bytes leftover after parsing attributes in process `syz.0.7462'. [ 414.764605][T21846] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7470'. [ 415.480593][T21877] netlink: 'syz.1.7484': attribute type 83 has an invalid length. [ 415.692041][T21888] netlink: 104 bytes leftover after parsing attributes in process `syz.2.7491'. [ 415.886309][T21901] ip6gre0: Master is either lo or non-ether device [ 415.912849][T21900] tap0: tun_chr_ioctl cmd 1074025677 [ 415.924848][T21900] tap0: linktype set to 65534 [ 415.955552][T21905] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.7498'. [ 416.309875][T21919] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7503'. [ 416.334057][T21919] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7503'. [ 416.813561][T21944] netlink: 'syz.0.7516': attribute type 1 has an invalid length. [ 417.024653][T21956] netlink: 'syz.2.7521': attribute type 6 has an invalid length. [ 417.051151][T21956] netlink: 'syz.2.7521': attribute type 6 has an invalid length. [ 417.207422][T21967] bridge_slave_0: invalid flags given to default FDB implementation [ 417.470092][T21980] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.7532'. [ 417.505518][T21983] sctp: [Deprecated]: syz.0.7533 (pid 21983) Use of int in maxseg socket option. [ 417.505518][T21983] Use struct sctp_assoc_value instead [ 417.988694][T22008] netlink: 48 bytes leftover after parsing attributes in process `syz.1.7546'. [ 418.749868][T22056] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7570'. [ 419.646487][T22112] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.7595'. [ 419.713076][T22107] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7592'. [ 419.738761][T22107] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7592'. [ 420.315948][T22151] netlink: 'syz.4.7613': attribute type 2 has an invalid length. [ 420.392223][T22143] bridge_slave_1: entered allmulticast mode [ 420.532539][T22164] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7619'. [ 420.562952][T22164] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7619'. [ 420.656689][T22166] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7621'. [ 420.973517][ T5839] block nbd1: Receive control failed (result -32) [ 421.052972][T22194] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7633'. [ 421.350572][T22206] netlink: 'syz.1.7639': attribute type 5 has an invalid length. [ 421.504245][T22216] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 421.932561][T22243] netlink: 'syz.0.7658': attribute type 1 has an invalid length. [ 421.942735][T22243] netlink: 172 bytes leftover after parsing attributes in process `syz.0.7658'. [ 422.076282][T22251] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7661'. [ 422.112971][T22251] vlan3: entered allmulticast mode [ 422.122627][T22251] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode [ 422.362311][T22266] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7668'. [ 423.255435][T22311] vxcan1: tx address claim with dlc 1 [ 423.270076][T22313] net_ratelimit: 220 callbacks suppressed [ 423.270099][T22313] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 423.339211][T22309] nbd2: detected capacity change from 0 to 549764202496 [ 423.352291][ T5857] block nbd2: Receive control failed (result -32) [ 423.352796][T22299] block nbd2: Send control failed (result -32) [ 423.389209][T22299] block nbd2: Request send failed, requeueing [ 423.425467][ T11] block nbd2: Dead connection, failed to find a fallback [ 423.437205][ T11] block nbd2: shutting down sockets [ 423.443961][ T11] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 423.455497][ T11] Buffer I/O error on dev nbd2, logical block 0, async page read [ 423.464713][T22299] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 423.475210][T22299] Buffer I/O error on dev nbd2, logical block 0, async page read [ 423.484978][T22299] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 423.494923][T22299] Buffer I/O error on dev nbd2, logical block 0, async page read [ 423.503268][T22299] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 423.512696][T22299] Buffer I/O error on dev nbd2, logical block 0, async page read [ 423.520769][T22299] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 423.531025][T22299] Buffer I/O error on dev nbd2, logical block 0, async page read [ 423.539293][T22299] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 423.548869][T22299] Buffer I/O error on dev nbd2, logical block 0, async page read [ 423.556952][T22299] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 423.566549][T22299] Buffer I/O error on dev nbd2, logical block 0, async page read [ 423.575042][T22299] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 423.584461][T22299] Buffer I/O error on dev nbd2, logical block 0, async page read [ 423.592891][T22299] ldm_validate_partition_table(): Disk read failed. [ 423.605159][T22299] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 423.614482][T22299] Buffer I/O error on dev nbd2, logical block 0, async page read [ 423.627029][T22299] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 423.637526][T22299] Buffer I/O error on dev nbd2, logical block 0, async page read [ 423.647005][T22299] Dev nbd2: unable to read RDB block 0 [ 423.653625][T22299] nbd2: unable to read partition table [ 423.677500][T22299] ldm_validate_partition_table(): Disk read failed. [ 423.693970][T22299] Dev nbd2: unable to read RDB block 0 [ 423.709212][T22299] nbd2: unable to read partition table [ 423.871391][T22326] netlink: 'syz.1.7694': attribute type 10 has an invalid length. [ 424.541344][ T5857] Bluetooth: hci4: command 0x0406 tx timeout [ 425.612585][T22430] veth0: entered promiscuous mode [ 425.629480][T22429] veth0: left promiscuous mode [ 425.843287][T22440] __nla_validate_parse: 6 callbacks suppressed [ 425.843310][T22440] netlink: 256 bytes leftover after parsing attributes in process `syz.3.7748'. [ 426.402458][T22467] team0: No ports can be present during mode change [ 427.620138][T22514] netlink: 56 bytes leftover after parsing attributes in process `syz.0.7780'. [ 427.868593][T22519] netlink: 'syz.4.7785': attribute type 11 has an invalid length. [ 427.982002][ T5839] Bluetooth: hci4: command 0x0406 tx timeout [ 428.533479][T22561] netlink: 284 bytes leftover after parsing attributes in process `syz.2.7803'. [ 428.593393][T22563] smc: net device bond0 applied user defined pnetid SYZ0 [ 428.602346][T22563] smc: net device bond0 erased user defined pnetid SYZ0 [ 429.156194][T22593] netlink: 10 bytes leftover after parsing attributes in process `syz.0.7819'. [ 429.286161][ C0] vcan0: j1939_tp_rxtimer: 0xffff88806a1a6800: rx timeout, send abort [ 429.294748][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88806a1a6800: 0x2fe01: (3) A timeout occurred and this is the connection abort to close the session. [ 430.066229][T22626] netem: change failed [ 431.263672][T22704] netlink: 76 bytes leftover after parsing attributes in process `syz.1.7861'. [ 431.431891][T22714] netlink: 'syz.2.7865': attribute type 1 has an invalid length. [ 431.451287][T22714] netlink: 224 bytes leftover after parsing attributes in process `syz.2.7865'. [ 431.875265][T22738] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.181388][T22809] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7900'. [ 434.168962][T22859] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7915'. [ 434.187090][T22859] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7915'. [ 434.202992][T22859] 8021q: VLANs not supported on wg1 [ 434.815860][T22894] netlink: 'syz.4.7928': attribute type 6 has an invalid length. [ 435.066697][T22905] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7932'. [ 435.329940][T22916] openvswitch: netlink: IP tunnel TTL not specified. [ 435.456385][T22923] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7938'. [ 435.545390][T22926] netlink: 'syz.1.7939': attribute type 28 has an invalid length. [ 435.584230][T22926] netlink: 'syz.1.7939': attribute type 3 has an invalid length. [ 435.604829][T22926] netlink: 132 bytes leftover after parsing attributes in process `syz.1.7939'. [ 435.998954][T22949] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7947'. [ 436.025803][T22952] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 436.033230][T22952] IPv6: NLM_F_CREATE should be set when creating new route [ 436.040793][T22952] IPv6: NLM_F_CREATE should be set when creating new route [ 436.089976][T22952] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 436.233505][T22957] netlink: 203516 bytes leftover after parsing attributes in process `syz.0.7949'. [ 436.275112][T22957] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16) [ 436.315389][T22957] openvswitch: netlink: Duplicate key (type 0). [ 436.440999][T22970] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 436.906092][T22991] tipc: Started in network mode [ 436.921645][T22991] tipc: Node identity ac1414aa, cluster identity 4711 [ 436.933850][T22991] tipc: Enabled bearer , priority 10 [ 437.427434][T23020] netlink: 104 bytes leftover after parsing attributes in process `syz.1.7971'. [ 437.638375][T23028] blkio.reset_stats is deprecated [ 437.838503][T23042] netlink: 'syz.4.7980': attribute type 83 has an invalid length. [ 437.887819][T23045] netlink: 'syz.0.7983': attribute type 21 has an invalid length. [ 437.904855][T23045] netlink: 128 bytes leftover after parsing attributes in process `syz.0.7983'. [ 437.926864][T23045] netlink: 'syz.0.7983': attribute type 4 has an invalid length. [ 437.943879][T23045] netlink: 'syz.0.7983': attribute type 5 has an invalid length. [ 437.971450][T23051] netlink: 'syz.0.7983': attribute type 21 has an invalid length. [ 438.002926][T23045] netlink: 3 bytes leftover after parsing attributes in process `syz.0.7983'. [ 438.038078][T23051] netlink: 128 bytes leftover after parsing attributes in process `syz.0.7983'. [ 438.048703][ T5972] tipc: Node number set to 2886997162 [ 438.099710][T23051] netlink: 'syz.0.7983': attribute type 4 has an invalid length. [ 438.143065][T23051] netlink: 'syz.0.7983': attribute type 5 has an invalid length. [ 438.167917][T23051] netlink: 3 bytes leftover after parsing attributes in process `syz.0.7983'. [ 438.772206][T23094] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7997'. [ 438.852277][T23096] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7999'. [ 439.214579][T23114] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8007'. [ 439.308632][T23118] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8007'. [ 440.613342][T23143] tipc: Enabled bearer , priority 24 [ 440.650180][ T12] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 440.688706][ T12] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 440.698142][ T13] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 440.707149][ T13] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 440.786227][ T13] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 440.815846][ T13] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 440.832819][ T13] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 440.864823][ T13] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 441.571575][T23208] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8032'. [ 442.210539][T23235] sctp: [Deprecated]: syz.2.8039 (pid 23235) Use of int in max_burst socket option. [ 442.210539][T23235] Use struct sctp_assoc_value instead [ 443.152342][T23286] netlink: 'syz.0.8060': attribute type 17 has an invalid length. [ 443.165088][T23286] __nla_validate_parse: 1 callbacks suppressed [ 443.165111][T23286] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8060'. [ 443.189345][T23286] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8060'. [ 443.527657][T23306] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8071'. [ 443.792902][T23319] netlink: 'syz.3.8077': attribute type 29 has an invalid length. [ 443.812471][T23321] sctp: [Deprecated]: syz.2.8078 (pid 23321) Use of struct sctp_assoc_value in delayed_ack socket option. [ 443.812471][T23321] Use struct sctp_sack_info instead [ 443.825447][T23319] netlink: 'syz.3.8077': attribute type 29 has an invalid length. [ 443.845500][T23319] netlink: 500 bytes leftover after parsing attributes in process `syz.3.8077'. [ 444.079472][T23332] macvlan0: entered allmulticast mode [ 444.115562][T23332] veth1_vlan: entered allmulticast mode [ 444.126141][T23332] veth1_vlan: left allmulticast mode [ 444.215701][T23332] macvlan0 (unregistering): left allmulticast mode [ 445.666551][T23422] netlink: 68 bytes leftover after parsing attributes in process `syz.4.8123'. [ 445.685302][T23422] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8123'. [ 445.784152][T23429] syzkaller1: entered promiscuous mode [ 445.813365][T23429] syzkaller1: entered allmulticast mode [ 445.895691][T23435] sctp: [Deprecated]: syz.4.8129 (pid 23435) Use of struct sctp_assoc_value in delayed_ack socket option. [ 445.895691][T23435] Use struct sctp_sack_info instead [ 446.149400][T23449] syzkaller1: entered promiscuous mode [ 446.155202][T23449] syzkaller1: entered allmulticast mode [ 446.206326][T23453] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8137'. [ 446.520708][T23467] netlink: 'syz.1.8141': attribute type 4 has an invalid length. [ 447.182100][T23505] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 447.231163][T23494] syzkaller1: entered promiscuous mode [ 447.236927][T23494] syzkaller1: entered allmulticast mode [ 447.592131][T23526] netlink: 68 bytes leftover after parsing attributes in process `syz.1.8159'. [ 447.746831][T23534] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8165'. [ 447.791033][T23534] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode active-backup(1) [ 447.952383][T23543] netlink: 36 bytes leftover after parsing attributes in process `syz.2.8168'. [ 448.691908][T23583] vxcan1: tx drop: invalid sa for name 0x0000000000000001 [ 449.549120][T23622] netlink: 'syz.2.8197': attribute type 10 has an invalid length. [ 450.765762][T23681] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8224'. [ 452.232755][T23768] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8261'. [ 452.261335][T23768] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8261'. [ 452.346334][ T12] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 452.365375][T23774] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8264'. [ 452.388449][ T12] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 452.446872][ T12] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 452.473546][ T12] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 452.561737][T23782] pim6reg1: entered promiscuous mode [ 452.579364][T23782] pim6reg1: entered allmulticast mode [ 452.646405][T23784] bond0: entered promiscuous mode [ 452.688568][T23784] bond_slave_0: entered promiscuous mode [ 452.694725][T23784] bond_slave_1: entered promiscuous mode [ 452.708771][T23784] geneve1: entered promiscuous mode [ 453.131683][T23818] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8283'. [ 453.392441][T23826] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 453.514165][T23835] siw: device registration error -23 [ 454.307042][T23874] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8307'. [ 454.352812][T23874] vcan0 (unregistering): left allmulticast mode [ 454.362859][T23878] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.8309'. [ 454.733950][T23899] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8318'. [ 454.748645][T23899] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8318'. [ 455.065922][T23914] syzkaller1: entered promiscuous mode [ 455.084561][T23914] syzkaller1: entered allmulticast mode [ 455.125355][T23918] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 455.385092][T23930] syzkaller1: entered promiscuous mode [ 455.394176][T23930] syzkaller1: entered allmulticast mode [ 455.516686][T23938] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.8337'. [ 455.934475][T23961] syzkaller1: entered promiscuous mode [ 455.944928][T23961] syzkaller1: entered allmulticast mode [ 456.130664][T23965] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 456.227429][T23968] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 456.227750][T23152] IPVS: starting estimator thread 0... [ 456.338538][T23974] IPVS: using max 27 ests per chain, 64800 per kthread [ 456.409486][T23981] sctp: [Deprecated]: syz.1.8355 (pid 23981) Use of struct sctp_assoc_value in delayed_ack socket option. [ 456.409486][T23981] Use struct sctp_sack_info instead [ 457.293594][T24030] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8376'. [ 457.500907][T24040] syzkaller1: entered promiscuous mode [ 457.515773][T24040] syzkaller1: entered allmulticast mode [ 457.670743][T24052] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8385'. [ 458.171871][T24073] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 458.191218][T24073] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.369952][T24073] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 458.392021][T24073] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.443915][T24095] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8403'. [ 458.605796][T24073] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 458.645076][T24073] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.767978][T24073] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 458.785701][T24073] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.854813][T24113] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8411'. [ 458.887809][T24113] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8411'. [ 458.902265][T24113] netlink: 50 bytes leftover after parsing attributes in process `syz.2.8411'. [ 458.950963][T24115] netlink: 156 bytes leftover after parsing attributes in process `syz.1.8412'. [ 459.034529][ T1158] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 459.071179][ T1158] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.087576][ T1158] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 459.109498][ T1158] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.138553][T12166] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 459.157244][T12166] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.202504][T12166] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 459.212073][T12166] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.225315][T24123] unknown channel width for channel at 909000KHz? [ 459.235358][T24123] unknown channel width for channel at 909000KHz? [ 459.243019][T24123] unknown channel width for channel at 909000KHz? [ 459.887235][T24161] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 4032 [ 460.663692][T24204] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8454'. [ 460.682752][T24204] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8454'. [ 460.689170][T24206] netlink: 14560 bytes leftover after parsing attributes in process `syz.3.8455'. [ 460.875925][T24214] veth0: entered promiscuous mode [ 460.892034][T24213] veth0: left promiscuous mode [ 461.058890][T24219] batadv_slave_1: entered promiscuous mode [ 461.082479][T24219] batadv_slave_1: left promiscuous mode [ 462.327424][T24289] netlink: 'syz.3.8495': attribute type 10 has an invalid length. [ 462.347790][T24289] team0: Port device dummy0 added [ 462.357830][T24289] netlink: 'syz.3.8495': attribute type 10 has an invalid length. [ 462.374019][T24289] team0: Port device dummy0 removed [ 462.383777][T24289] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 462.539212][T24295] __nla_validate_parse: 5 callbacks suppressed [ 462.539230][T24295] netlink: 88 bytes leftover after parsing attributes in process `syz.3.8498'. [ 462.903113][T24303] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 34 [ 463.440776][T24331] openvswitch: netlink: IPv4 tun info is not correct [ 463.701734][T24343] netlink: 'syz.3.8518': attribute type 4 has an invalid length. [ 463.937032][T24354] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8523'. [ 463.954577][T24354] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8523'. [ 463.979108][T24354] netlink: 'syz.3.8523': attribute type 6 has an invalid length. [ 464.013354][T24357] pim6reg1: entered promiscuous mode [ 464.022448][T24357] pim6reg1: entered allmulticast mode [ 464.249401][T24368] netlink: 'syz.3.8528': attribute type 29 has an invalid length. [ 464.262691][T24368] netlink: 'syz.3.8528': attribute type 29 has an invalid length. [ 464.280670][T24368] netlink: 500 bytes leftover after parsing attributes in process `syz.3.8528'. [ 464.601483][T24386] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8538'. [ 464.612286][T24386] netlink: 'syz.2.8538': attribute type 7 has an invalid length. [ 464.621156][T24386] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8538'. [ 464.705934][T24390] veth0: entered promiscuous mode [ 464.714940][T24389] veth0: left promiscuous mode [ 465.319381][T24428] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.8556'. [ 465.369273][T24429] team0: No ports can be present during mode change [ 466.338202][T24489] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 466.358686][T24489] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 466.383572][T24489] gretap1: entered promiscuous mode [ 466.399870][T24489] gretap1: entered allmulticast mode [ 466.464008][T24494] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8589'. [ 466.527600][T24497] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8591'. [ 466.666078][T24505] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 466.736309][T24508] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8597'. [ 467.473656][T24552] veth0: entered promiscuous mode [ 467.480439][T24551] veth0: left promiscuous mode [ 468.007895][T24584] netlink: 'syz.1.8630': attribute type 11 has an invalid length. [ 468.059298][ T5839] Bluetooth: hci4: command 0x0406 tx timeout [ 469.422670][T24647] sctp: [Deprecated]: syz.4.8663 (pid 24647) Use of int in max_burst socket option deprecated. [ 469.422670][T24647] Use struct sctp_assoc_value instead [ 469.712941][T24663] netlink: 'syz.0.8668': attribute type 10 has an invalid length. [ 469.770245][T24665] netlink: 'syz.0.8668': attribute type 10 has an invalid length. [ 469.797958][T24663] team0: Port device dummy0 added [ 469.846645][T24666] tipc: Resetting bearer [ 470.114291][T24666] tipc: Disabling bearer [ 470.170107][T24665] team0: Port device dummy0 removed [ 470.429392][T24679] syzkaller1: entered promiscuous mode [ 470.435283][T24679] syzkaller1: entered allmulticast mode [ 470.447526][T24682] team_slave_0: entered allmulticast mode [ 471.857191][T24743] syzkaller1: entered promiscuous mode [ 471.876800][T24743] syzkaller1: entered allmulticast mode [ 472.323404][T24763] vlan3: entered allmulticast mode [ 472.341944][T24763] veth1: entered allmulticast mode [ 472.842919][T24786] __nla_validate_parse: 2 callbacks suppressed [ 472.842940][T24786] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8718'. [ 472.860525][T24784] syzkaller1: entered promiscuous mode [ 472.866057][T24784] syzkaller1: entered allmulticast mode [ 472.993105][T24786] netlink: 'syz.2.8718': attribute type 1 has an invalid length. [ 473.001331][T24786] netlink: 'syz.2.8718': attribute type 2 has an invalid length. [ 474.870632][T24847] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 475.037321][T24847] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 475.137952][T24847] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 475.178974][T24858] netlink: 'syz.0.8749': attribute type 39 has an invalid length. [ 475.326957][T24847] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 475.619385][ T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 475.653615][T24869] netlink: 44 bytes leftover after parsing attributes in process `syz.0.8753'. [ 475.668433][T12166] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 475.703696][T24871] netlink: 44 bytes leftover after parsing attributes in process `syz.0.8753'. [ 475.732077][T12166] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 475.808542][ T13] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 476.015436][T24884] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8757'. [ 476.622694][T24915] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8771'. [ 476.653205][T24915] netlink: 'syz.0.8771': attribute type 7 has an invalid length. [ 476.673430][T24915] netlink: 'syz.0.8771': attribute type 8 has an invalid length. [ 476.701358][T24915] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8771'. [ 476.753536][T24915] gretap0: entered promiscuous mode [ 476.771700][T24915] batadv_slave_1: entered promiscuous mode [ 476.795448][T24915] gretap0: left promiscuous mode [ 476.805528][T24925] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.8775'. [ 476.817534][T24915] batadv_slave_1: left promiscuous mode [ 477.695488][T24972] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8795'. [ 477.708455][T24972] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8795'. [ 477.847820][T24981] syzkaller1: entered promiscuous mode [ 477.854170][T24981] syzkaller1: entered allmulticast mode [ 478.078941][T24993] netlink: 'syz.3.8805': attribute type 1 has an invalid length. [ 478.087064][T24993] netlink: 'syz.3.8805': attribute type 10 has an invalid length. [ 478.095693][T24993] netlink: 'syz.3.8805': attribute type 4 has an invalid length. [ 478.104791][T24993] netlink: 136 bytes leftover after parsing attributes in process `syz.3.8805'. [ 478.386185][T25004] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8810'. [ 478.398845][T25004] netlink: 'syz.3.8810': attribute type 7 has an invalid length. [ 478.406735][T25004] netlink: 'syz.3.8810': attribute type 8 has an invalid length. [ 478.420961][T25004] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8810'. [ 478.439556][T25004] gretap0: entered promiscuous mode [ 478.446590][T25004] batadv_slave_1: entered promiscuous mode [ 478.453783][T25004] erspan0: entered promiscuous mode [ 478.461982][T25004] debugfs: 'hsr0' already exists in 'hsr' [ 478.468003][T25004] Cannot create hsr debugfs directory [ 478.875306][T25024] netlink: 348 bytes leftover after parsing attributes in process `syz.3.8818'. [ 479.380632][T25051] netlink: 'syz.3.8830': attribute type 9 has an invalid length. [ 479.436095][T25051] netlink: 'syz.3.8830': attribute type 9 has an invalid length. [ 479.948609][T25082] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8844'. [ 479.976159][T25082] gtp1: entered promiscuous mode [ 480.028177][T25082] gtp1: entered allmulticast mode [ 480.444255][T25113] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8856'. [ 480.477441][T25113] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8856'. [ 480.534950][T25116] syzkaller1: entered promiscuous mode [ 480.554861][T25116] syzkaller1: entered allmulticast mode [ 482.085642][T25191] syzkaller1: entered promiscuous mode [ 482.092314][T25191] syzkaller1: entered allmulticast mode [ 482.463674][T25201] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8897'. [ 483.019897][T25227] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.8909'. [ 485.185117][T25237] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 485.211068][T25265] tipc: Started in network mode [ 485.216453][T25265] tipc: Node identity ac14142f, cluster identity 4711 [ 485.224592][T25265] tipc: New replicast peer: 0.0.0.0 [ 485.230426][T25265] tipc: Enabled bearer , priority 10 [ 485.237388][T25268] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00aa [ 485.747331][T25294] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8935'. [ 486.215674][T25317] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.8946'. [ 486.313107][T25321] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8949'. [ 486.348937][T23152] tipc: Node number set to 2886997039 [ 486.358923][T25324] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.8947'. [ 486.736220][T25342] syzkaller1: entered promiscuous mode [ 486.750581][T25342] syzkaller1: entered allmulticast mode [ 487.394248][T25379] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8974'. [ 488.144960][T25419] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8991'. [ 488.401370][T25432] validate_nla: 1 callbacks suppressed [ 488.401394][T25432] netlink: 'syz.2.8998': attribute type 1 has an invalid length. [ 489.536053][T25487] sock: sock_set_timeout: `syz.4.9012' (pid 25487) tries to set negative timeout [ 489.907089][T25499] syzkaller1: entered promiscuous mode [ 489.948342][T25499] syzkaller1: entered allmulticast mode [ 490.153464][T25515] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.9024'. [ 490.169541][T25518] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 490.294896][T25522] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.9026'. [ 490.379595][T25526] syzkaller1: entered promiscuous mode [ 490.385179][T25526] syzkaller1: entered allmulticast mode [ 490.814130][T25550] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9038'. [ 490.830211][T25550] netlink: 'syz.4.9038': attribute type 7 has an invalid length. [ 490.840561][T25550] netlink: 'syz.4.9038': attribute type 8 has an invalid length. [ 490.853012][T25550] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9038'. [ 491.490600][T25584] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.9054'. [ 491.726480][T25594] netlink: 44 bytes leftover after parsing attributes in process `syz.1.9059'. [ 491.741380][T25594] netlink: 44 bytes leftover after parsing attributes in process `syz.1.9059'. [ 491.929617][T25605] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.9064'. [ 491.990352][T25608] netlink: 'syz.1.9066': attribute type 12 has an invalid length. [ 492.013296][T25608] netlink: 'syz.1.9066': attribute type 29 has an invalid length. [ 492.023491][T25608] netlink: 148 bytes leftover after parsing attributes in process `syz.1.9066'. [ 492.033276][T25608] netlink: 51 bytes leftover after parsing attributes in process `syz.1.9066'. [ 492.239754][T25621] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9072'. [ 492.251402][T25619] pim6reg1: entered promiscuous mode [ 492.256762][T25619] pim6reg1: entered allmulticast mode [ 492.814551][T25637] netlink: 'syz.2.9080': attribute type 13 has an invalid length. [ 492.837977][T25637] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9080'. [ 492.872652][T25637] netlink: 'syz.2.9080': attribute type 13 has an invalid length. [ 494.065054][ T3499] nci: nci_rsp_packet: unknown rsp opcode 0x26 [ 495.066227][T25757] netlink: 'syz.4.9127': attribute type 15 has an invalid length. [ 495.076467][T25757] netlink: 'syz.4.9127': attribute type 15 has an invalid length. [ 495.330093][T25768] netlink: 'syz.3.9131': attribute type 14 has an invalid length. [ 495.347031][T25768] netlink: 'syz.3.9131': attribute type 14 has an invalid length. [ 495.898415][ T5857] Bluetooth: hci4: command 0x0406 tx timeout [ 495.954356][T25805] pim6reg1: entered promiscuous mode [ 495.960399][T25805] pim6reg1: entered allmulticast mode [ 496.432734][T25823] __nla_validate_parse: 9 callbacks suppressed [ 496.432758][T25823] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9154'. [ 497.595280][ T30] audit: type=1800 audit(1754358123.956:4): pid=25873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.9176" name="memory.events" dev="tmpfs" ino=9148 res=0 errno=0 [ 497.787221][T25891] veth0: entered promiscuous mode [ 497.797311][T25891] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9185'. [ 497.893536][T25891] veth0 (unregistering): left promiscuous mode [ 498.136974][T25904] netlink: 'syz.1.9191': attribute type 12 has an invalid length. [ 498.145278][T25904] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9191'. [ 498.148922][T25905] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9192'. [ 498.175338][ T12] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 498.184903][T25904] netlink: 'syz.1.9191': attribute type 12 has an invalid length. [ 498.186669][T25905] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9192'. [ 498.194988][ T12] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 498.211569][T25904] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9191'. [ 498.224609][ T12] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 498.417520][ T3499] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0x4 [ 499.369638][ T3499] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 499.607724][T25960] netlink: 'syz.2.9212': attribute type 10 has an invalid length. [ 499.618144][T25960] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9212'. [ 499.631440][T25960] dummy0: entered promiscuous mode [ 499.639713][T25960] bridge0: port 1(dummy0) entered blocking state [ 499.646626][T25960] bridge0: port 1(dummy0) entered disabled state [ 499.656677][T25960] dummy0: entered allmulticast mode [ 500.230153][T25977] syzkaller1: entered promiscuous mode [ 500.235844][T25977] syzkaller1: entered allmulticast mode [ 500.873655][T26012] netlink: 'syz.2.9233': attribute type 4 has an invalid length. [ 501.784725][T26036] syzkaller1: entered promiscuous mode [ 501.825891][T26036] syzkaller1: entered allmulticast mode [ 502.196699][T26067] ip6gre3: entered allmulticast mode [ 502.672033][T26091] netlink: 32 bytes leftover after parsing attributes in process `syz.3.9264'. [ 502.683354][T26091] netlink: 32 bytes leftover after parsing attributes in process `syz.3.9264'. [ 502.739896][T26093] netlink: 'syz.3.9265': attribute type 4 has an invalid length. [ 502.796221][T26095] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 503.164721][T26115] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9276'. [ 503.323085][T26129] netlink: 28 bytes leftover after parsing attributes in process `syz.2.9280'. [ 503.333001][T26129] netlink: 'syz.2.9280': attribute type 7 has an invalid length. [ 503.342626][T26129] netlink: 'syz.2.9280': attribute type 8 has an invalid length. [ 503.351629][T26129] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9280'. [ 503.364302][T12162] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 504.101200][T26141] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9284'. [ 504.467042][T26163] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9293'. [ 504.477149][T26163] chnl_net:caif_netlink_parms(): no params data found [ 504.503261][T26164] netlink: 'syz.0.9292': attribute type 1 has an invalid length. [ 609.228001][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 609.234813][ C1] rcu: 1-...!: (10499 ticks this GP) idle=99cc/1/0x4000000000000000 softirq=92031/92031 fqs=772 [ 609.246704][ C1] rcu: (t=10500 jiffies g=81201 q=1466 ncpus=2) [ 609.253245][ C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 8933 jiffies! g81201 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 609.265585][ C1] rcu: Possible timer handling issue on cpu=0 timer-softirq=34464 [ 609.273508][ C1] rcu: rcu_preempt kthread starved for 8934 jiffies! g81201 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 [ 609.285000][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 609.295026][ C1] rcu: RCU grace-period kthread stack dump: [ 609.300943][ C1] task:rcu_preempt state:I stack:27408 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 609.313056][ C1] Call Trace: [ 609.316357][ C1] [ 609.319337][ C1] __schedule+0x1737/0x4d30 [ 609.324084][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 609.329767][ C1] ? schedule+0x165/0x360 [ 609.334140][ C1] ? __lock_acquire+0xab9/0xd20 [ 609.339392][ C1] ? __pfx___schedule+0x10/0x10 [ 609.344378][ C1] ? schedule+0x91/0x360 [ 609.348688][ C1] schedule+0x165/0x360 [ 609.352889][ C1] schedule_timeout+0x12b/0x270 [ 609.357797][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 609.363196][ C1] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 609.369349][ C1] ? __pfx_process_timeout+0x10/0x10 [ 609.374689][ C1] ? prepare_to_swait_event+0x341/0x380 [ 609.380364][ C1] rcu_gp_fqs_loop+0x301/0x1540 [ 609.385410][ C1] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 609.391702][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 609.397029][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 609.402843][ C1] ? finish_swait+0xcd/0x1f0 [ 609.407637][ C1] rcu_gp_kthread+0x99/0x390 [ 609.412461][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 609.417736][ C1] ? __kthread_parkme+0x7b/0x200 [ 609.422792][ C1] ? __kthread_parkme+0x1a1/0x200 [ 609.428058][ C1] kthread+0x70e/0x8a0 [ 609.432167][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 609.437413][ C1] ? __pfx_kthread+0x10/0x10 [ 609.442341][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 609.448044][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 609.453475][ C1] ? __pfx_kthread+0x10/0x10 [ 609.458189][ C1] ret_from_fork+0x3fc/0x770 [ 609.462827][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 609.468001][ C1] ? __switch_to_asm+0x39/0x70 [ 609.472796][ C1] ? __switch_to_asm+0x33/0x70 [ 609.478035][ C1] ? __pfx_kthread+0x10/0x10 [ 609.482690][ C1] ret_from_fork_asm+0x1a/0x30 [ 609.487698][ C1] [ 609.490956][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 609.497636][ C1] Sending NMI from CPU 1 to CPUs 0: [ 609.502969][ C0] NMI backtrace for cpu 0 [ 609.502992][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-syzkaller-06610-g4eabe4cc0958 #0 PREEMPT(full) [ 609.503014][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 609.503026][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 609.503057][ C0] Code: 53 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 6f 18 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 609.503074][ C0] RSP: 0000:ffffc900000077b8 EFLAGS: 00000246 [ 609.503092][ C0] RAX: ffffffff81722d2d RBX: 0000000000000003 RCX: ffffffff8de950c0 [ 609.503105][ C0] RDX: 0000000000000100 RSI: ffffffff8d9792c8 RDI: ffffffff8be30a00 [ 609.503118][ C0] RBP: ffffc90000007890 R08: ffffffff8fa07bf7 R09: 1ffffffff1f40f7e [ 609.503131][ C0] R10: dffffc0000000000 R11: fffffbfff1f40f7f R12: dffffc0000000000 [ 609.503144][ C0] R13: 0000000000000200 R14: 0000000000000003 R15: 1ffff92000000efc [ 609.503156][ C0] FS: 0000000000000000(0000) GS:ffff888125c80000(0000) knlGS:0000000000000000 [ 609.503170][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 609.503182][ C0] CR2: 00007fe6b27fb814 CR3: 000000000df38000 CR4: 00000000003526f0 [ 609.503198][ C0] Call Trace: [ 609.503208][ C0] [ 609.503215][ C0] kvm_wait+0x232/0x290 [ 609.503239][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 609.503266][ C0] ? __pfx_kvm_wait+0x10/0x10 [ 609.503294][ C0] __pv_queued_spin_lock_slowpath+0x7bf/0xb60 [ 609.503328][ C0] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 609.503360][ C0] ? __lock_acquire+0xab9/0xd20 [ 609.503389][ C0] queued_spin_lock_slowpath+0x43/0x50 [ 609.503412][ C0] do_raw_spin_lock+0x21f/0x290 [ 609.503434][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 609.503461][ C0] __xfrm_state_delete+0xba/0xca0 [ 609.503490][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 609.503510][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 609.503535][ C0] xfrm_timer_handler+0x18f/0xa00 [ 609.503576][ C0] ? __pfx_xfrm_timer_handler+0x10/0x10 [ 609.503606][ C0] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 609.503631][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 609.503696][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 609.503720][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 609.503748][ C0] ? __pfx_xfrm_timer_handler+0x10/0x10 [ 609.503775][ C0] ? __pfx_xfrm_timer_handler+0x10/0x10 [ 609.503802][ C0] __hrtimer_run_queues+0x52c/0xc60 [ 609.503842][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 609.503876][ C0] ? read_tsc+0x9/0x20 [ 609.503901][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 609.503939][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 609.503959][ C0] handle_softirqs+0x283/0x870 [ 609.503989][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 609.504020][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 609.504050][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 609.504074][ C0] __irq_exit_rcu+0xca/0x1f0 [ 609.504101][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 609.504134][ C0] irq_exit_rcu+0x9/0x30 [ 609.504159][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 609.504184][ C0] [ 609.504190][ C0] [ 609.504197][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 609.504217][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 609.504242][ C0] Code: 53 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 6f 18 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 609.504258][ C0] RSP: 0000:ffffffff8de07d80 EFLAGS: 000002c2 [ 609.504273][ C0] RAX: 7a718433915ae500 RBX: ffffffff81969b18 RCX: 7a718433915ae500 [ 609.504287][ C0] RDX: 0000000000000001 RSI: ffffffff8d9792c8 RDI: ffffffff8be30a00 [ 609.504300][ C0] RBP: ffffffff8de07eb8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb [ 609.504314][ C0] R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8fa07bf0 [ 609.504327][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a18 [ 609.504341][ C0] ? do_idle+0x1e8/0x510 [ 609.504376][ C0] default_idle+0x13/0x20 [ 609.504392][ C0] default_idle_call+0x74/0xb0 [ 609.504409][ C0] do_idle+0x1e8/0x510 [ 609.504434][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 609.504457][ C0] ? __pfx_do_idle+0x10/0x10 [ 609.504490][ C0] ? do_idle+0x10/0x510 [ 609.504520][ C0] cpu_startup_entry+0x44/0x60 [ 609.504548][ C0] rest_init+0x2de/0x300 [ 609.504567][ C0] start_kernel+0x3a9/0x410 [ 609.504600][ C0] x86_64_start_reservations+0x24/0x30 [ 609.504621][ C0] x86_64_start_kernel+0x143/0x1c0 [ 609.504650][ C0] common_startup_64+0x13e/0x147 [ 609.504683][ C0] [ 609.504966][ C1] CPU: 1 UID: 0 PID: 26153 Comm: syz.1.9288 Not tainted 6.16.0-syzkaller-06610-g4eabe4cc0958 #0 PREEMPT(full) [ 609.504987][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 609.504997][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x37/0x70 [ 609.505020][ C1] Code: 08 00 9a 92 65 8b 15 68 4f da 10 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 3c 16 00 00 00 74 2c 8b 91 18 16 00 00 <83> fa 02 75 21 48 8b 91 20 16 00 00 48 8b 32 48 8d 7e 01 8b 89 1c [ 609.505033][ C1] RSP: 0018:ffffc900042cf0d8 EFLAGS: 00000246 [ 609.505046][ C1] RAX: ffffffff8a1815d2 RBX: 000000000100007f RCX: ffff888022aa8000 [ 609.505058][ C1] RDX: 0000000000000002 RSI: 000000001e000000 RDI: 000000000100007f [ 609.505068][ C1] RBP: ffffc900042cf230 R08: 0000000000000000 R09: ffffffff8a1813c0 [ 609.505078][ C1] R10: dffffc0000000000 R11: fffff52000859e0c R12: dffffc0000000000 [ 609.505090][ C1] R13: ffff88806d800000 R14: 000000001e000000 R15: ffffc900042cf6a0 [ 609.505102][ C1] FS: 00007fee229d46c0(0000) GS:ffff888125d80000(0000) knlGS:0000000000000000 [ 609.505116][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 609.505126][ C1] CR2: 0000001b3091cff8 CR3: 000000002848c000 CR4: 00000000003526f0 [ 609.505140][ C1] Call Trace: [ 609.505146][ C1] [ 609.505151][ C1] xfrm_alloc_spi+0x4b2/0xf30 [ 609.505170][ C1] ? xfrm_alloc_spi+0x2a0/0xf30 [ 609.505202][ C1] ? __pfx_xfrm_alloc_spi+0x10/0x10 [ 609.505219][ C1] ? xfrm_find_acq+0x87/0xa0 [ 609.505331][ C1] xfrm_alloc_userspi+0x70b/0xc90 [ 609.505358][ C1] ? __pfx_aa_get_newest_label+0x10/0x10 [ 609.505391][ C1] ? apparmor_capable+0x137/0x1b0 [ 609.505406][ C1] ? __pfx_xfrm_alloc_userspi+0x10/0x10 [ 609.505429][ C1] ? __nla_parse+0x40/0x60 [ 609.505451][ C1] xfrm_user_rcv_msg+0x7a3/0xab0 [ 609.505476][ C1] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 609.505493][ C1] ? bpf_trace_run2+0x322/0x4b0 [ 609.505551][ C1] ? rcu_is_watching+0x15/0xb0 [ 609.505578][ C1] ? trace_contention_end+0x39/0x120 [ 609.505596][ C1] ? __mutex_lock+0x335/0x1340 [ 609.505625][ C1] netlink_rcv_skb+0x205/0x470 [ 609.505652][ C1] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 609.505705][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 609.505810][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 609.505840][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 609.505867][ C1] xfrm_netlink_rcv+0x79/0x90 [ 609.505892][ C1] netlink_unicast+0x82c/0x9e0 [ 609.505922][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 609.505947][ C1] ? netlink_sendmsg+0x642/0xb30 [ 609.505968][ C1] ? skb_put+0x11b/0x210 [ 609.505987][ C1] netlink_sendmsg+0x805/0xb30 [ 609.506019][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 609.506046][ C1] ? aa_sock_msg_perm+0x94/0x160 [ 609.506069][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 609.506088][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 609.506112][ C1] __sock_sendmsg+0x21c/0x270 [ 609.506136][ C1] ____sys_sendmsg+0x505/0x830 [ 609.506158][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 609.506183][ C1] ? import_iovec+0x74/0xa0 [ 609.506208][ C1] ___sys_sendmsg+0x21f/0x2a0 [ 609.506227][ C1] ? __pfx____sys_sendmsg+0x10/0x10 [ 609.506274][ C1] ? __fget_files+0x2a/0x420 [ 609.506289][ C1] ? __fget_files+0x3a0/0x420 [ 609.506313][ C1] __x64_sys_sendmsg+0x19b/0x260 [ 609.506332][ C1] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 609.506358][ C1] ? rcu_is_watching+0x15/0xb0 [ 609.506387][ C1] ? do_syscall_64+0xbe/0x3b0 [ 609.506415][ C1] do_syscall_64+0xfa/0x3b0 [ 609.506437][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 609.506459][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.506475][ C1] ? clear_bhb_loop+0x60/0xb0 [ 609.506494][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.506510][ C1] RIP: 0033:0x7fee21b8eb69 [ 609.506528][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 609.506543][ C1] RSP: 002b:00007fee229d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 609.506560][ C1] RAX: ffffffffffffffda RBX: 00007fee21db5fa0 RCX: 00007fee21b8eb69 [ 609.506572][ C1] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000041 [ 609.506583][ C1] RBP: 00007fee21c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 609.506593][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 609.506602][ C1] R13: 0000000000000000 R14: 00007fee21db5fa0 R15: 00007ffcf3c8a688 [ 609.506627][ C1]