last executing test programs: 7.801735992s ago: executing program 3 (id=5923): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a300000000034000000030a010100000000000000000700000009000b0073797a31000000000900010073797a300000000008000a400000000414000000020a05"], 0x90}}, 0x0) 7.462997108s ago: executing program 3 (id=5926): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@local, 0x800, 0x0, 0x0, 0x9, 0x0, 0x4}, 0x20) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) r2 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r1, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB], 0x36) connect$phonet_pipe(0xffffffffffffffff, &(0x7f0000000500)={0x23, 0xc0, 0x57, 0x80}, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r4, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r5, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x56, r5}) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000340)={@private1, 0x1c, r5}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000003000000010000000000000802000000060000000000000201000000002e00c5479bcd82093611da6a5817964a21b3e636e7394bd3967c9b2b5735f6c06eadb654e7af6c77bd0a2a1e3e495fe714ed2d3477403511df489952846bf6a51fef76236e8d1e2108f97d25b0393f96e968a57ec08cf7c8e0c904ff53521ab41627134e30989ec91c959c8a36b0c3ed24ff1b3d067e8d7b099be95c6cc5d4b640adec36f5393231beebf1cc48ae006e18c3a8b6628af75d4dd7"], 0x0, 0x33, 0x0, 0x1}, 0x28) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x380000, @rand_addr=' \x01\x00'}, 0x1c) 6.497849172s ago: executing program 3 (id=5942): r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x408, 0x298, 0x168, 0x0, 0x0, 0x200, 0x370, 0x370, 0x370, 0x370, 0x370, 0x6, 0x0, {[{{@ip={@multicast1, @dev={0xac, 0x14, 0x14, 0x13}, 0xff, 0xff000000, 'pim6reg1\x00', 'bridge_slave_0\x00', {}, {0xff}, 0x88, 0x3}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x298}}, {{@ip={@private=0xa010100, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00', {}, {0xff}}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x0, [0x0, 0x0, 0x0, 0x2, 0x4, 0x11000000]}}}}, {{@uncond, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@private=0xa010102, @multicast1, 0x0, 0xffffff00, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xb0, 0xd8, 0x0, {0x200000000000000}, [@common=@set={{0x40}, {{0x3, [0x2, 0x0, 0x2, 0x4, 0x3, 0x3]}}}]}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x468) 6.341582262s ago: executing program 3 (id=5945): r0 = socket$netlink(0x10, 0x3, 0x0) (async, rerun: 64) writev(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000280)="3986c2d48cf8c83702fb70f5a5a23d944bacc4a2db953e112d8eb30c9201b8152738018f166c52b74cf381b67e42b52177e60cbb6161cd623a34e4af8c089e872072820fffc518e02191ca97f0430f39d4136e3131afea10b8ea1c08160b29a97555e91176ae7370f726717842cf76a06a4092a0b6987feb0aeb79dd84035c6eb2e2", 0x82}], 0x1) (async, rerun: 64) writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000300)='0', 0x1}], 0x1) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x4}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0xb6) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000280)={'macsec0\x00', 0x3}) 6.193260664s ago: executing program 3 (id=5946): getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000080), 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={r0, r1, 0x0, 0x2, &(0x7f00000000c0)='~\x00'}, 0x30) ioctl$FS_IOC_READ_VERITY_METADATA(r1, 0xc0286687, &(0x7f0000001140)={0x3, 0x7fff, 0x1000, &(0x7f0000000140)=""/4096}) getsockname$llc(0xffffffffffffffff, &(0x7f0000001180), &(0x7f00000011c0)=0x10) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000001200)={0x4}, 0x4) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000001240)={0x0, @in={{0x2, 0x4e24, @rand_addr=0x64010102}}}, &(0x7f0000001300)=0x84) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000001340)={r3}, &(0x7f0000001380)=0x8) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000013c0)='./cgroup/syz1\x00', 0x200002, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000001400)='memory.swap.current\x00', 0x0, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r5, 0x660c) r6 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000001440)={0xe}) ioctl$PPPIOCGNPMODE(r5, 0xc008744c, &(0x7f0000001480)={0x29, 0x1}) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000001600)={r5, &(0x7f00000014c0)="74e8ebdf157f94273ef8709e652637c748a041e32498ab41634d90bce8844d3958669a6cbc5243e6bb8e1ffc3e465eecc14624a6e03498a1fe896f3f06c848bf2750324c8c3e29515b2a5902c6311fc8d7e15f2fc4e78d6d56538b30e3dacf16f2f1edcd97b5c578961a276e9cd8d2b486a61dc04c473fb611357381c3407362d2f956960c1c434aed76e738960a8b9b94c011e3a55095d82cbb25a62a957f1e7e0377099c20b4106b3f7159584447907320b1f9a995f8c75bd9f9db28c7a4a40814cde18fe51412e4a847d4990ad678dddd6e4f1d5e284b4df11882ed1d4eac887dc81675a86d91d1545dde94c2be9d20976980fdbf", &(0x7f00000015c0)=""/64}, 0x20) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000001700)={&(0x7f0000001640)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000016c0)={&(0x7f0000001680)={0x40, 0x0, 0x1, 0x801, 0x0, 0x0, {}, [@CTA_TUPLE_MASTER={0x2c, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010101}, {0x8, 0x2, @rand_addr=0x64010100}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x800c080}, 0x1) socket$kcm(0x29, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r2, 0x84, 0x65, &(0x7f0000001740)=[@in={0x2, 0x4e22, @loopback}, @in6={0xa, 0x4e22, 0x5994, @private0, 0x8}, @in6={0xa, 0x4e24, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}, 0x4}, @in6={0xa, 0x4e21, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}], 0x64) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000018c0)={&(0x7f00000017c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7f, 0x7f, 0x9, [@datasec={0x7, 0x5, 0x0, 0xf, 0x3, [{0x3, 0x1, 0x1}, {0x4, 0x94, 0x6}, {0x1, 0x9, 0x9}, {0x1, 0x9, 0x8}, {0x1, 0x1, 0x5}], "0f745d"}, @const={0xe, 0x0, 0x0, 0xa, 0x4}, @typedef={0x8, 0x0, 0x0, 0x8, 0x4}, @int={0x5, 0x0, 0x0, 0x1, 0x0, 0xc, 0x0, 0x6a}, @ptr={0x10, 0x0, 0x0, 0x2, 0x3}]}, {0x0, [0x61, 0x0, 0x2e, 0x71, 0x61, 0x5f, 0x2e]}}, &(0x7f0000001880), 0xa1, 0x0, 0x1, 0x9}, 0x28) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000001900)=@assoc_value={r3, 0x2}, &(0x7f0000001940)=0x8) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r5, 0x84, 0x1a, &(0x7f0000001980)={r7, 0x32, "964ed69980d017d4b7c05d40da0403bd00da6a7b07dd739e3405ac3d0d87c105b7e5539fec884cdd3bf035c341a5a3d29b3c"}, &(0x7f00000019c0)=0x3a) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r8, 0x84, 0x7c, &(0x7f0000001a00)={r9, 0x5, 0x968}, 0x8) socket$nl_netfilter(0x10, 0x3, 0xc) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001a80), r5) sendmsg$NL80211_CMD_SET_REG(r5, &(0x7f0000001c00)={&(0x7f0000001a40)={0x10, 0x0, 0x0, 0x64dda89bf1197ce1}, 0xc, &(0x7f0000001bc0)={&(0x7f0000001ac0)={0xe8, r10, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x3e}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_RULES={0x9c, 0x22, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x2}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x3}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x7}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x1ff}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xfffffffe}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x7fffffff}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xd}, @NL80211_ATTR_DFS_CAC_TIME={0x8}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x4}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x10000}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x9}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x180000}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0xffffffff}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x4}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x6}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x5}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x7}]}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}]}, 0xe8}, 0x1, 0x0, 0x0, 0x20000000}, 0x4800) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000001d80)={&(0x7f0000001c80)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x30, 0x0, 0x24, 0x70bd25, 0x25dfdbff, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1d}, @SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x19}}]}, 0x30}, 0x1, 0x0, 0x0, 0x41}, 0x40000) 5.964423446s ago: executing program 3 (id=5951): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a300000000034000000030a010100001400000000000100000009000b0073797a31000000000900010073797a300000000008000a400000000414000000020a05"], 0x90}}, 0x0) 2.858903821s ago: executing program 2 (id=5978): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0a00000001000000dd00000009"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020205d0af8ff00000000bea100000000000007010000f8ffffffb702000008000000b7030000ffee0000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x74, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000001020018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2.729303303s ago: executing program 2 (id=5979): r0 = socket$inet6(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.time\x00', 0x26e1, 0x0) openat$cgroup_int(r1, &(0x7f0000000280)='memory.min\x00', 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000fcffffff850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="19000000040000000800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x8, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18000040f9030000000000000800000091114f0000000900fcffffffffffffff3d278db94b4e4a110f0c5cda572084c35c99659bd13c7f3fabf8d47dc953aef48b2613f237ed972911cb4b1c98939991118288dbe762efe266a230473c36cadcff3190b8ffbe98bc159f265bf03070207a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r3}, &(0x7f0000000080), &(0x7f00000000c0)=r2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r3, &(0x7f0000000280), &(0x7f0000000000)=""/10, 0x2}, 0x20) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r4) sendmsg$NL80211_CMD_REQ_SET_REG(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x1c, r5, 0x1, 0x70bd25, 0x25dfdbff, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}]}, 0x1c}}, 0x200040c0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000580)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_MPATH(r1, &(0x7f00000006c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000680)={&(0x7f00000005c0)={0x40, r5, 0x4, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x5, 0x54}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}]}, 0x40}, 0x1, 0x0, 0x0, 0x4090}, 0x1) r7 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000100)={0x3, 0x1000}, 0x4) setsockopt$packet_int(r7, 0x107, 0xa, &(0x7f00000003c0)=0x2, 0x4) setsockopt$packet_rx_ring(r7, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c) socket$inet6_mptcp(0xa, 0x1, 0x106) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x48}, 0x94) syz_emit_ethernet(0x68, &(0x7f0000005a40)={@multicast, @random="6076b5cad4f6", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "75e700", 0x32, 0x3a, 0x0, @rand_addr=' \x01\x00', @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "a3579e", 0x0, 0x2b, 0x0, @mcast1, @remote, [], "6be2"}}}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1e, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="180200000000000000000000fdffffff85000000b500000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYRESOCT=0x0, @ANYRESHEX=r4, @ANYRES64=r3, @ANYRESOCT, @ANYRES16=r4, @ANYRES32, @ANYRES64=r0], &(0x7f00000002c0)='GPL\x00', 0x1000000, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x5, 0xe, 0x0, &(0x7f0000000800)="fc5cc41c490704289349a8af1d251d89c0d4553c9f0662eef8f0b0d10f0e71d92fd3a9dd186eabf5d492e36a05b8c2eda7734d4bc6062ce2dae32d726de2c8aaf74312df4c6a7cafd4e7414875227a2fabd6040c51c128ed1ea021e1b77dbee099bdd6597c8112f988f5f22b03f21f7ef95d9fd497fe74fbc5a53c4556b47e62a36d7dfd02d2d1bfe7ca318021bae1ddd2a12d38527edea1302edd080b2678c1dacf39", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x7c) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0x7}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x1, 0x0, 0x7ffffffc}, 0x0, 0x0) 2.490873595s ago: executing program 4 (id=5982): openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="11000000040000000400000005"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000000200)={'syztnl0\x00', 0x0, 0x2f, 0x7, 0x66, 0x1000, 0x11, @remote, @loopback, 0x8, 0x1, 0x2, 0x3}}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x58, 0x58, 0x4, [@type_tag={0x5, 0x0, 0x0, 0x12, 0x2}, @struct={0xe, 0x4, 0x0, 0x4, 0x1, 0x7, [{0x0, 0x4, 0x6}, {0x4, 0x3, 0x3}, {0x10000, 0x3, 0x80000001}, {0x6, 0x3, 0x3}]}, @var={0x5, 0x0, 0x0, 0xe, 0x5}]}, {0x0, [0x30, 0x2e]}}, &(0x7f0000000340), 0x74, 0x0, 0x1, 0x1, 0x10000}, 0x28) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000440)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{}, &(0x7f00000004c0), &(0x7f0000000540)='%ps \x00'}, 0x20) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000600)={0x1b, 0x0, 0x0, 0x3ff, 0x0, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{0x1}, &(0x7f0000000680), &(0x7f00000006c0)}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000007c0)={{}, &(0x7f0000000740), &(0x7f0000000780)='%pB \x00'}, 0x20) r2 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000079104800000000006104000000000000"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000300)=ANY=[@ANYRES16=0x0, @ANYRES32, @ANYBLOB="81be7edd5b1702aef10805e4e435253acca870d819bcf0b49aa23ecb8cd8c1d9396048eca55f61232951786e880d74b8de1c257cd055f46ca8b87dc4093b053da7c81efa69518c4bce9853dd027040872e4c951a5e468ffeadeed057f67c68c06a5909b75a469a37680ff33ead10ba57f50a29b1bc80f1c2ce642492722bce33d5d7806c6a753920c08372c8839d1de31dfc4dc7845297ea8effe009973751f761a6d03b6ca9900de7fa83c22b3a6eff5ad4ad", @ANYRES32=0x0, @ANYRES32], 0x50) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) ioctl$FS_IOC_READ_VERITY_METADATA(r3, 0xc0286687, &(0x7f0000000280)={0x3, 0x10001, 0x77, &(0x7f0000000180)=""/119}) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r4, 0x0, 0xd}, 0x18) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r6, 0x0, 0x484, &(0x7f00000000c0)=""/24, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESOCT=r4], 0x10) sendmsg$netlink(r2, &(0x7f0000007d80)={0x0, 0x0, &(0x7f0000007d00)=[{&(0x7f0000000b00)=ANY=[@ANYBLOB="140000006a0015"], 0x14}], 0x1}, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000080)=ANY=[@ANYRES32=r5], 0x40}}, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r7 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_buf(r7, 0x0, 0x29, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x4c, &(0x7f0000000000), 0x4) 2.24505073s ago: executing program 4 (id=5983): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000fe850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000030000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x25dfdbfe, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xd, 0x2, 0x0, 0x8}}, @TCA_CT_ACTION={0x6, 0x3, 0x14}]}, {0x1f}, {0xc}, {0xc}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000000"], 0xb0}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="e00000000a06010100000000000000000300000908000940800000010900020073797a310000000005000100070000000800094000000005880008800c000780080009"], 0x13a}, 0x1, 0x0, 0x0, 0x4800}, 0x48080) 1.991688574s ago: executing program 4 (id=5986): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x40090) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a50000000060a010400000000000000000a0000010900010073797a31000000001800048014000180090001006d61737100000000040002800900020073797a3200000000"], 0x78}, 0x1, 0x0, 0xff38, 0x4000850}, 0x24000840) 1.868310319s ago: executing program 4 (id=5987): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x8, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x21}}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8004}, 0x94) 1.844304206s ago: executing program 2 (id=5988): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0xf, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000006000000000000002e01000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) syz_init_net_socket$rose(0xb, 0x5, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f00000000c0)=@gcm_128={{}, "bbb564910f3ca2d3", "daa361339c0bec758947cbc19350d466", "65e494b2", "875a617870038c6d"}, 0x28) pwritev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f00000000c0)='e', 0x1}], 0x1, 0x2, 0x1) setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x58) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b34, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="36400000260091"], 0xfe33) unshare(0x20000400) bpf$PROG_LOAD(0x5, 0x0, 0x0) unshare(0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) r4 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @broadcast, 0x4e21, 0x3, 'fo\x00', 0x11, 0x3240, 0x3a}, {@loopback, 0x4e23, 0x4, 0xc3, 0x12d5c, 0x12d5c}}, 0x44) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8) r6 = accept4$inet(r3, &(0x7f0000000180)={0x2, 0x0, @empty}, &(0x7f00000002c0)=0x10, 0x800) setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000380)={0x33, @multicast2, 0x4e23, 0x1, 'none\x00', 0x30, 0x3, 0x25}, 0x2c) r7 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x7}], 0x1c) sendmmsg$inet6(r5, &(0x7f0000000640)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x2, @loopback, 0x3}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000300)="06", 0x1}], 0x1}}], 0x1, 0x3404c8d4) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r5, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES16=r5, @ANYRES16=r7], 0x1000f) 1.795719124s ago: executing program 4 (id=5989): r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r0, 0x800442d3, &(0x7f0000000000)={0xfffffa65, 0x4, 0x71e0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}, 'wg1\x00'}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000a00), 0xffffffffffffffff) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000c80)={0x1c, r2, 0x411, 0x70bd2d, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000080850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000001c0)={'sit0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1, 0xa}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8090}, 0x4) r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000440), r1) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r1, &(0x7f0000000580)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x34, r8, 0x0, 0x70bd2b, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_OUT_KEY_ID={0x4}, @NL802154_ATTR_SEC_OUT_LEVEL={0x8, 0x2a, 0x4}, @NL802154_ATTR_SEC_OUT_LEVEL={0x8, 0x2a, 0x7}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}]}, 0x34}, 0x1, 0x0, 0x0, 0x4002810}, 0x10) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f00000009c0)=ANY=[@ANYRES32=r5], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x100, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) bind$alg(r10, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x31) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, 0x0, 0x0) r11 = accept4(r10, 0x0, 0x0, 0x0) sendmmsg$alg(r11, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0) syz_emit_ethernet(0xfdef, &(0x7f0000000140)={@random="5b1a033f2511", @remote, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x4578, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x10, 0x0, 0x0, "fdcdae25a7a296872a8a5290e48e30acf8afc7e67d70a62c979cefa10a0028bd", "ae0000000000000000e400", {"35f3c07eeca4a20a9858ac1500", "63081fe8fe001a08ed082ad7121d696f"}}}}}}}, 0x0) recvmsg(r11, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/73, 0x49}, {&(0x7f0000000200)=""/83, 0x53}], 0x3a}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r9, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000000)) 1.597639444s ago: executing program 0 (id=5991): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r1, 0x0, 0x14, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001800110101000000000000000a0080000002000800000000040008"], 0x20}, 0x1, 0x0, 0x0, 0x44845}, 0x4) sendmmsg(r2, &(0x7f0000000780)=[{{&(0x7f0000000040)=@phonet={0x23, 0x6, 0x3, 0xd}, 0x80, &(0x7f00000004c0)=[{&(0x7f00000000c0)="2976ff5a48ceebd7fc3cfeb8490933", 0xf}, {&(0x7f0000000100)="524e52a6778e0bab1a3e4daac0f3fed42f74cad472b71ec9e7415b93d139d75474dac71add4e009d0cb2f22e4f80c0ec7e2867318a9d32a062c5ba795464b661c186d96a0e3bee5ec97b57524a395122f4e0d42b7076f8ec6ce1197e4cf6a0a9", 0x60}, {&(0x7f0000000200)="db9df2c4c403fe9a9a9690e1dbd75503caa41bdd0f073f029f21b070f22be1f143795d484f1d2631dfbd19eeab3425cdd226b9639c81515829c2e6714a8b40a3fdb7b875db81f4451379fcc6d2e4bd27009afd9124c4d9d4ee5706717bab8593b0b4b90ff74f173d8767eb9477e6c4002149847038f93a1e3c1c05183480731e126ff8a65ab3755aeb19eb1c652ab978801919e9399d9d5086bfce42696812ad049ca08ba49417f32d908ed534d02360f03a4434462fe3", 0xb7}, {&(0x7f00000002c0)="4ec7f0550d62929b39f00f3b9906eddbe62f730ef4837123a2d8e52b66669dc08e102efeff705d8f3ea1b60e24a5fc380d9f911cacef6409228425de24945e1bede36e0102", 0x45}, {&(0x7f0000000340)="cc605556f6f6c35df64b49c2517d3043b421cb1f0da89710dd87275dcf5dee35d97e0d1b633d8dc8b8ae27060f03e106b2d248785cbbba52dbb66b9bf4f79c25aa3521ba833ac14a23a84415ecb3ed32c98b887643dc11ef131389315e21ca463e7d89b364c98dfe0d72f533adc2dc63a82d68137f41faf3f9678fcea624c0095e55379dab4c89c9526f1afa4381d14cc3ae5be20e5357f2843dde92ec1ef990e2dc5e8b2b21", 0xa6}, {&(0x7f0000000180)="2e4a69f4cfd459a5673d101edf490ad2539c38eb0bcbeef6c6bc968511e8ff458bfc2bde4f1fa3d24e7cf335bb2932b117be582d4db5743819bb41299ee1", 0x3e}, {&(0x7f0000000400)}, {&(0x7f0000000440)="ce5c348b7ba06f582dd8ca496df1e06e5367f214ce9e632bcf555219c113e2ccd6b288c4954797b289c8fc354bc0238a6c5b7f44512d7d113bf817d0ca0550c400e88b687ae0d3", 0x47}], 0x8, &(0x7f0000000540)=[{0x108, 0x110, 0x8, "119cc3d0ae06f3a3fdab4b701f67131d97a102d40186b8eaccca0accc850dff78d8f8611de73a2d0eeeade3528c5e6244e85c9b504ea3d6f009dd725f03b3aacf74b8f455fff13e2a49cb59b794b7a6cfad689f6d50f6f3a9cfa5b9d413889c29e2f502821cd54b957219bb9edb8f62207a037601a792534bad9cffca5838e699cb6554da647349f4a3a61380d544f5e2ebff7b4c22dee177a0b6f49f1bf174a2c01f14e20d4144f174277d0ae66ce5d71b75992b05daff0536d22364c6afcc0300fb76285be67a07e3e14415e8dab275afd811edd14a419091720455e72ec78d4d0e19ea064af2ba859b4a7fb8ffd58297d94e3af"}, {0x30, 0x112, 0x81, "890578d2159f900f351c9d448334a11aefc1582ecaf3d612ffad8b40c533"}], 0x138}}, {{&(0x7f0000000680)=@sco={0x1f, @none}, 0x80, &(0x7f0000000740)=[{&(0x7f0000000700)="8e1b88fd0c0501c2ad9c2ea8ee5129f84bb93c235e9f64326ae90642cca2ec9606acdb06f7ed0df570a84affb1daca4d4090ac", 0x33}], 0x1}}], 0x2, 0x40c4) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x8, [@var={0x4, 0x0, 0x0, 0xe, 0x2}, @enum={0x6}]}, {0x0, [0x0, 0x0, 0x0, 0x5f, 0x2e, 0x5f]}}, 0x0, 0x3c}, 0x28) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x1, @ANYBLOB="9d00"/20, @ANYRES32, @ANYRES32=0xffffffffffffffff, @ANYBLOB="0500000002"], 0x50) syz_genetlink_get_family_id$ethtool(&(0x7f0000000a40), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYRESDEC=r3, @ANYRES16=r0, @ANYRES16=0x0, @ANYRESDEC=r4, @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x400c084}, 0x2004c0a0) 1.543045237s ago: executing program 0 (id=5992): socket$inet(0xa, 0x801, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_buf(r1, 0x6, 0x1f, &(0x7f0000000280)='\x00', 0x1) setsockopt$sock_int(r1, 0x1, 0x28, &(0x7f0000000080)=0x3, 0x4) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r2) getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0) close(r3) r4 = socket$kcm(0x10, 0x2, 0x4) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000100)=0x0) ioctl$sock_FIOSETOWN(r4, 0x8901, &(0x7f00000001c0)=r5) write$cgroup_pid(r3, &(0x7f0000000200)=r5, 0x12) ioctl$SIOCSIFHWADDR(r3, 0x8b0f, &(0x7f0000000000)={'virt_wifi0\x00', @random='4\x00'}) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffcdb, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18) socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000000)=ANY=[@ANYRES32=r7, @ANYRES32=0x0], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x40004) 1.235058526s ago: executing program 0 (id=5994): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0x4}, 0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x2c, &(0x7f0000000040)=[@in6={0xa, 0x0, 0x0, @mcast2, 0xfffffffb}, @in={0x2, 0x4e20, @remote}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f00000003c0)={0x125, 0x8005, 0x1000, 0xa03f, r1}, &(0x7f0000000400)=0x10) (async) mmap(&(0x7f00005f2000/0x3000)=nil, 0x3000, 0x3000006, 0x11, r0, 0xffffc000) (async) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000880)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf2000000000000007000000080000003d0301000000000095000000000000006916000000000000bf67000000000000170600000fff0100670600004e000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f3d2401000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9755ba08508460b603daf5a7d1dbdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a6538b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c51231422bb8fab4d4d897db2c544c0ec50b8eac8c63d2b1cd06a39702bd547f5ebaa6954f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ffa78b02af242f8ee5476d4ef7a6f0c4704403b9bad2b648e90f89c54ca2d6b792beb3302600ff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564b8f8a621483fb2a5ff221e0d831d64759d17b8c59d0f2b06e7f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d545741fbbbea3e47b1750f272980087b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adfff3f6daed3cdfee7de13ad4f90"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x37}, 0x94) 1.179016034s ago: executing program 0 (id=5996): r0 = socket$inet6(0xa, 0x2, 0x3a) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x9}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x9}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x58}}, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000000)={0x6, 0x0, 0xa, 0x4, 0x0}, &(0x7f0000000040)=0x10) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000080)={r2, 0x7}, &(0x7f00000000c0)=0x8) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) recvmmsg(r3, &(0x7f000000a1c0)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x8020, 0x0) sendmsg$802154_dgram(r3, &(0x7f000000b8c0)={&(0x7f000000b800)={0x24, @long={0x3, 0xffff, {0xaaaaaaaaaaaa0102}}}, 0x14, &(0x7f000000b880)={0x0}, 0x1, 0x0, 0x0, 0x20000011}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x80) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r10, {0x3}, {}, {0x2, 0x1}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40098}, 0x4000000) sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0x8, 0xfff1}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x400dc}, 0x4020080) r11 = socket$netlink(0x10, 0x3, 0x0) r12 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x34, 0x28, 0x300, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r13, {0xffff, 0xfff3}, {0xffff, 0xfff3}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r14 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_TX_POWER(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r14, 0x400, 0x6, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x24}}, 0x811) r15 = socket$netlink(0x10, 0x3, 0x0) r16 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r16, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r15, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@newqdisc={0x2c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x7, 0x1}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0xa1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4c80d}, 0x4000000) sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x2}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000100)="8000102e7577d401", 0x8}], 0x1, &(0x7f0000000440)=[@dstopts_2292={{0x30, 0x29, 0x32, {0x0, 0x2, '\x00', [@hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0xfe, 0x0}}}]}}}], 0x30}}], 0x1, 0x4c0c0) 1.021723374s ago: executing program 1 (id=5997): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1f, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x7b}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0xa6}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x43, &(0x7f0000000100)={0x0, 0xea60}, 0x10) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000280)=ANY=[@ANYRESOCT, @ANYRES32, @ANYBLOB="d020000000000000000000000000de96f0a8df4b2f52d87a1bdd719b43429e4eb344307f61eb442beda5d5f6d69c3ec37fe6c63a3f22be4a024a852be21a07ecd565731f4bf90000000000000000004d41613481265a27ef98faf696ed52d71f080765b9b7677445150bcd45fd2310d7769bccc25db540ce946c0403676ac7d17ad2124472ba201ee071e96f24aa6170eace60921c45cceb691f63cbc9756f9a4d1ad9a159e5fd5b53cfef4a82a7e7dc804bf7807213668fdd941f759533e9e625b48d23629f2d0f1c856084ac2f13c4185b", @ANYRES16, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000ea55a4a75a9e68defad385e7018aab11673cefd9431b4765a973e87040bda3211382"], 0x50) socket$inet_udp(0x2, 0x2, 0x0) bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8) 1.020977133s ago: executing program 1 (id=5998): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x8, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x21}}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x85ff}, 0x94) 976.609169ms ago: executing program 1 (id=5999): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="20000000051401002abd7000fcdbdf250800010000000000080007"], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x4000010) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$gtp(&(0x7f00000020c0), r2) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x101, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, @in={0x2, 0x4e21, @empty}], 0x2c) sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000002200)={0x0, 0x0, &(0x7f00000021c0)={&(0x7f0000002140)={0x38, r3, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_LINK={0x8}, @GTPA_FLOW={0x6, 0x6, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x80) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@call={0x85, 0x0, 0x0, 0x11}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r5, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 949.396767ms ago: executing program 2 (id=6000): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0f000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000100000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000080000000500000000000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x40, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x238}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 851.92996ms ago: executing program 4 (id=6001): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x101801, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r3, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) r4 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req={0x2, 0xb, 0x187700, 0x4}, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x6c0800, 0x0) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r5 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_int(r5, 0x29, 0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$PNPIPE_INITSTATE(0xffffffffffffffff, 0x113, 0x4, &(0x7f0000000100)=0x1, 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f00000003c0)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@loopback, 0x0, 0x0, 0xffff, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0x0, @in6=@empty, 0x0, 0x0, 0x1, 0x3}}, 0xe8) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback, 0x2}, 0x1c) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1200000036000000040010000200000000000000e9205b172f39a0d4d01f91f53ce1fca52780eedb441cf91687eed2ce32b6b69e72e8b4cb81", @ANYRES32, @ANYBLOB='\t\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r6, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000380)=r2}, 0x20) r8 = socket$inet6(0xa, 0x3, 0x81) setsockopt$inet6_MCAST_LEAVE_GROUP(r8, 0x29, 0x2d, &(0x7f0000001840)={0x3, {{0xa, 0x4e20, 0x2, @rand_addr=' \x01\x00', 0x106}}}, 0x88) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r7, &(0x7f00000001c0), 0x0}, 0x20) ioctl$RFKILL_IOCTL_NOINPUT(0xffffffffffffffff, 0x5201) write$rfkill(r1, &(0x7f0000000000)={0x5, 0x0, 0x3, 0xfc}, 0x8) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) 777.662918ms ago: executing program 1 (id=6002): socket$inet6_tcp(0xa, 0x1, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') unshare(0x6a040000) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0xffe3, &(0x7f0000000100)=[@in={0x2, 0xce24, @multicast2}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f00000000c0), 0x4) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x2004c080, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000200)={0x1, [0x0]}, &(0x7f0000000080)=0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x11, 0x30}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000}, 0x70) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000008c0)={r1, 0x10, "83cd73d913625563f3877450d9e218b0"}, &(0x7f0000000340)=0x18) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000580)={r2, 0xb0, "f3663f226195d6a79015bb7b7734e7b5cd0fc5ae73f19549a5265d3f7c2a59f3fb838ee4d0db19a76405a931228efc4b93af18c6e336e5a45f297f041dd5ede1bdfe7bc61efad3ea56471ee3dad245d2d70ee8205fc9d7f6587693b9feac0f83e9d3fd5512fdb2fe2946983477dc88dcc14f570e427ecdf20f78715deb4abf1f0a99766f9cc11615a9eabcb77f2c56270cae48f1f9ab9b4bc26c1d1e1db331e246a97c555caf9d90a9d4c53d954970d3"}, &(0x7f0000000000)=0xb8) 777.136557ms ago: executing program 2 (id=6003): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, &(0x7f0000000280)=0x3, 0x4) 736.709942ms ago: executing program 2 (id=6004): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$key(0xf, 0x3, 0x2) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r3, 0x401, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}]}, 0x1c}}, 0x0) write$nci(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="210302070302e50512c71dcc80b3c4f576ebda506287a4ebf7e50102"], 0x1c) sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, 0x0, 0x4000850) sendmsg$NET_DM_CMD_START(0xffffffffffffffff, 0x0, 0x10044002) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000009c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x76a9bba1a690db0f, 0x0, 0x0, {0xa, 0x0, 0x2005}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x3cb140bb}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0xff80, &(0x7f0000000000)=@framed={{0x18, 0x8}, [@tail_call={{}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$kcm(0xa, 0x922000000003, 0x11) ioctl$FAT_IOCTL_GET_VOLUME_ID(r5, 0x80047213, &(0x7f0000000040)) sendmsg$kcm(r5, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x3, @loopback, 0x1, 0xfffffffe}, 0x80, 0x0}, 0x0) 221.853462ms ago: executing program 1 (id=6005): bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x30, 0x7, 0x6, 0x101, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x6}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x4006001}, 0x20000080) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, 0x0, 0x0) (async) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) (async) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async, rerun: 64) write$tun(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="000086dd02000a0000008d0000006c2c6eab00033a"], 0x7e) (async, rerun: 64) r4 = socket$nl_route(0x10, 0x3, 0x0) (async) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x3e1343, 0x0) r5 = epoll_create1(0x0) poll(&(0x7f0000000040)=[{r5, 0x200}], 0x1, 0xdb3) (async, rerun: 64) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000100)) shutdown(r6, 0x0) epoll_wait(r5, &(0x7f0000000000)=[{}], 0x1, 0x101) (async) epoll_ctl$EPOLL_CTL_MOD(r5, 0x3, r4, &(0x7f0000000140)={0x2000200b}) (async, rerun: 32) socket(0x10, 0x803, 0x0) (rerun: 32) 145.654776ms ago: executing program 0 (id=6006): socket$packet(0x11, 0x3, 0x300) r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x7ff, 0x1fb, 0x1, 0x2}, 0x1c) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000018", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b70400000000000085000000330000009500000010000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r3, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000004c0)={r4, 0x0, &(0x7f0000000400)=""/154}, 0x20) 100.657166ms ago: executing program 0 (id=6007): r0 = accept4(0xffffffffffffffff, &(0x7f0000000140)=@rc, &(0x7f0000000040)=0x80, 0x80800) ioctl$PPPIOCGFLAGS(r0, 0x8004745a, &(0x7f00000000c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x9, 0x4, &(0x7f0000000800)=ANY=[@ANYBLOB="b402000000000000fffffeffffffffff85000000ba0000009500000000000000160c3721f57db80475db0049e65237ed59e250a2d1b75ec0639207427e6f024fbacd9e5c62ddc30cfa97c78e792589e6903702745e0e00634fd554d3197baa004dac2920c39989d63f2e59965b4431376e464b593aa60c3ca21406de0cf966ce8dad07d7474116703004fb9d68599eaf549aae23f98c555995f48fac75370a1005285d287b8df31130c20fbce5e7df7c8e9fccab6c9660b1e6f6accdb4fbad0231d9fd0dcd73587cf2568e0c0046d1520122e6f2bb5fe6f49bfd33dbd13afbc20281db84d9eda92dc154410dc971ad151a79f80d1c5cfc385efff2478d69d11137585d4674399cf0b2655fb6eccf2884316da510443c30742dd8740d8ad344cf74780d3b9ffb8723e8fc7540662a9b25e6bcca"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0xb0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000740)=""/165, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f00000000c0)={0xfff9, 0x8}, 0x8) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@ipv4_newroute={0xb4, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0x90, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x8c, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_GENEVE={0x88, 0x1, 0x0, 0x1, @LWTUNNEL_IP_OPT_GENEVE_DATA={0x84, 0x3, "45f03ddbd8b1f0ce25722d4fbc2e219f0e7e099d8e96fb9e1684b3ce5ba5138c09001b3c370e0000f51028ce0cbae0c106000000dd6838a3000000000000e5814569a5cf5112d5b196a9c9326e7d09000000000000004746eb87728981a233c35a7342faa6e4498148f4a10f2550faf137e52138d7f6529db04dfb0000130000"}}}}]}, 0xb4}}, 0x0) r4 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r2, 0x0, 0x2d, 0x0, @val=@perf_event={0xa}}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, r4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0) r6 = bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0) bpf$LINK_DETACH(0x22, &(0x7f0000000040)=r6, 0x4) sendto$inet6(r1, &(0x7f0000000580)="81", 0x1, 0xc001, &(0x7f0000000280)={0xa, 0x0, 0x0, @loopback, 0x81}, 0x1c) r7 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r7, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @mcast1, 0x3}}}, 0x32) connect$inet6(r1, &(0x7f0000000500)={0xa, 0x4e21, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8ce3}, 0x1c) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) r8 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r8, 0x1, 0x25, &(0x7f0000000200)=0x691a, 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) 0s ago: executing program 1 (id=6008): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e24, 0x1, @private0, 0x1}}}, &(0x7f0000000040)=0x84) getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000080)={r2, 0x3, 0xffff, 0x8001}, &(0x7f00000001c0)=0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18010000000000000000000000000000850000002e00000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$SIOCSIFHWADDR(r0, 0x8923, &(0x7f00000000c0)={'virt_wifi0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newlink={0x44, 0x10, 0x44b, 0xffffffff, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x1840, 0x10000}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STATS_ENABLED={0x5, 0x2a, 0x1}, @IFLA_BR_MCAST_IGMP_VERSION={0x5, 0x2b, 0x35}]}}}]}, 0x44}}, 0x0) kernel console output (not intermixed with test programs): 5 has an invalid length. [ 469.678006][T20637] vlan2: entered promiscuous mode [ 469.826153][T20646] SET target dimension over the limit! [ 470.054690][T20660] FAULT_INJECTION: forcing a failure. [ 470.054690][T20660] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 470.095969][T20660] CPU: 1 UID: 0 PID: 20660 Comm: syz.4.4658 Not tainted syzkaller #0 PREEMPT(full) [ 470.095998][T20660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 470.096011][T20660] Call Trace: [ 470.096020][T20660] [ 470.096029][T20660] dump_stack_lvl+0x189/0x250 [ 470.096054][T20660] ? __pfx____ratelimit+0x10/0x10 [ 470.096078][T20660] ? __pfx_dump_stack_lvl+0x10/0x10 [ 470.096099][T20660] ? __pfx__printk+0x10/0x10 [ 470.096119][T20660] ? __might_fault+0xb0/0x130 [ 470.096157][T20660] should_fail_ex+0x414/0x560 [ 470.096192][T20660] _copy_from_user+0x2d/0xb0 [ 470.096211][T20660] ___sys_sendmsg+0x158/0x2a0 [ 470.096239][T20660] ? __pfx____sys_sendmsg+0x10/0x10 [ 470.096299][T20660] ? __fget_files+0x2a/0x420 [ 470.096316][T20660] ? __fget_files+0x3a0/0x420 [ 470.096351][T20660] __x64_sys_sendmsg+0x19b/0x260 [ 470.096376][T20660] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 470.096406][T20660] ? __pfx_ksys_write+0x10/0x10 [ 470.096433][T20660] ? do_syscall_64+0xbe/0xfa0 [ 470.096461][T20660] do_syscall_64+0xfa/0xfa0 [ 470.096484][T20660] ? lockdep_hardirqs_on+0x9c/0x150 [ 470.096505][T20660] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.096522][T20660] ? clear_bhb_loop+0x60/0xb0 [ 470.096543][T20660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.096560][T20660] RIP: 0033:0x7f85da18eec9 [ 470.096577][T20660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 470.096594][T20660] RSP: 002b:00007f85db01a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 470.096613][T20660] RAX: ffffffffffffffda RBX: 00007f85da3e6090 RCX: 00007f85da18eec9 [ 470.096627][T20660] RDX: 0000000030048009 RSI: 0000200000000000 RDI: 0000000000000003 [ 470.096640][T20660] RBP: 00007f85db01a090 R08: 0000000000000000 R09: 0000000000000000 [ 470.096652][T20660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 470.096663][T20660] R13: 00007f85da3e6128 R14: 00007f85da3e6090 R15: 00007ffde1d13da8 [ 470.096694][T20660] [ 470.320536][T20652] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.391810][T20670] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4663'. [ 470.408386][T20670] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4663'. [ 470.509065][T20652] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.527185][T20667] netlink: 'syz.3.4661': attribute type 4 has an invalid length. [ 470.616347][ T5926] net_ratelimit: 5 callbacks suppressed [ 470.616367][ T5926] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 470.617162][T20652] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.696471][ T5948] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 470.722424][T20678] wg1 speed is unknown, defaulting to 1000 [ 470.770139][T20652] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.102285][T12304] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.133500][ T12] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.164089][ T12] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.178817][T20696] FAULT_INJECTION: forcing a failure. [ 471.178817][T20696] name failslab, interval 1, probability 0, space 0, times 0 [ 471.202235][T20696] CPU: 0 UID: 0 PID: 20696 Comm: syz.4.4669 Not tainted syzkaller #0 PREEMPT(full) [ 471.202261][T20696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 471.202272][T20696] Call Trace: [ 471.202279][T20696] [ 471.202288][T20696] dump_stack_lvl+0x189/0x250 [ 471.202313][T20696] ? __pfx____ratelimit+0x10/0x10 [ 471.202334][T20696] ? __pfx_dump_stack_lvl+0x10/0x10 [ 471.202354][T20696] ? __pfx__printk+0x10/0x10 [ 471.202379][T20696] ? __pfx___might_resched+0x10/0x10 [ 471.202400][T20696] ? fs_reclaim_acquire+0x7d/0x100 [ 471.202431][T20696] should_fail_ex+0x414/0x560 [ 471.202458][T20696] should_failslab+0xa8/0x100 [ 471.202482][T20696] kmem_cache_alloc_noprof+0x74/0x6e0 [ 471.202508][T20696] ? alloc_empty_file+0x55/0x1d0 [ 471.202534][T20696] alloc_empty_file+0x55/0x1d0 [ 471.202556][T20696] alloc_file_pseudo+0x13d/0x210 [ 471.202576][T20696] ? security_inode_alloc+0x39/0x330 [ 471.202604][T20696] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 471.202624][T20696] ? evm_inode_alloc_security+0x40/0xb0 [ 471.202644][T20696] ? security_inode_alloc+0xd5/0x330 [ 471.202681][T20696] sock_alloc_file+0xb8/0x2e0 [ 471.202713][T20696] do_accept+0x34b/0x680 [ 471.202737][T20696] ? __pfx_do_accept+0x10/0x10 [ 471.202779][T20696] __sys_accept4+0x11c/0x1c0 [ 471.202801][T20696] ? __pfx___sys_accept4+0x10/0x10 [ 471.202820][T20696] ? __pfx_ksys_write+0x10/0x10 [ 471.202853][T20696] __x64_sys_accept+0x7d/0x90 [ 471.202872][T20696] do_syscall_64+0xfa/0xfa0 [ 471.202893][T20696] ? lockdep_hardirqs_on+0x9c/0x150 [ 471.202916][T20696] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.202935][T20696] ? clear_bhb_loop+0x60/0xb0 [ 471.202956][T20696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.202975][T20696] RIP: 0033:0x7f85da18eec9 [ 471.202993][T20696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 471.203009][T20696] RSP: 002b:00007f85db01a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 471.203030][T20696] RAX: ffffffffffffffda RBX: 00007f85da3e6090 RCX: 00007f85da18eec9 [ 471.203044][T20696] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000007 [ 471.203058][T20696] RBP: 00007f85db01a090 R08: 0000000000000000 R09: 0000000000000000 [ 471.203069][T20696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 471.203080][T20696] R13: 00007f85da3e6128 R14: 00007f85da3e6090 R15: 00007ffde1d13da8 [ 471.203122][T20696] [ 471.446584][ T12] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.653613][ T5926] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 471.847638][T20714] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4674'. [ 471.861652][T20714] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4674'. [ 472.159499][T20730] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4682'. [ 472.492471][T20749] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4687'. [ 472.522669][T20749] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4687'. [ 472.578952][T20751] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4688'. [ 472.607144][T20753] SET target dimension over the limit! [ 472.610648][T20751] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4688'. [ 472.683883][T20755] netlink: 'syz.0.4690': attribute type 1 has an invalid length. [ 472.698740][ T5926] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 472.728910][T20762] FAULT_INJECTION: forcing a failure. [ 472.728910][T20762] name failslab, interval 1, probability 0, space 0, times 0 [ 472.741997][T20762] CPU: 0 UID: 0 PID: 20762 Comm: syz.1.4691 Not tainted syzkaller #0 PREEMPT(full) [ 472.742023][T20762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 472.742034][T20762] Call Trace: [ 472.742042][T20762] [ 472.742050][T20762] dump_stack_lvl+0x189/0x250 [ 472.742076][T20762] ? __pfx____ratelimit+0x10/0x10 [ 472.742099][T20762] ? __pfx_dump_stack_lvl+0x10/0x10 [ 472.742118][T20762] ? __pfx__printk+0x10/0x10 [ 472.742143][T20762] ? __pfx___might_resched+0x10/0x10 [ 472.742167][T20762] should_fail_ex+0x414/0x560 [ 472.742192][T20762] should_failslab+0xa8/0x100 [ 472.742209][T20762] kmem_cache_alloc_noprof+0x74/0x6e0 [ 472.742234][T20762] ? security_file_alloc+0x34/0x330 [ 472.742259][T20762] security_file_alloc+0x34/0x330 [ 472.742281][T20762] init_file+0x93/0x2f0 [ 472.742306][T20762] alloc_empty_file+0x6e/0x1d0 [ 472.742325][T20762] alloc_file_pseudo+0x13d/0x210 [ 472.742346][T20762] ? security_inode_alloc+0x39/0x330 [ 472.742373][T20762] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 472.742392][T20762] ? evm_inode_alloc_security+0x40/0xb0 [ 472.742413][T20762] ? security_inode_alloc+0xd5/0x330 [ 472.742449][T20762] sock_alloc_file+0xb8/0x2e0 [ 472.742481][T20762] do_accept+0x34b/0x680 [ 472.742506][T20762] ? __pfx_do_accept+0x10/0x10 [ 472.742544][T20762] __sys_accept4+0x11c/0x1c0 [ 472.742566][T20762] ? __pfx___sys_accept4+0x10/0x10 [ 472.742585][T20762] ? __pfx_ksys_write+0x10/0x10 [ 472.742616][T20762] __x64_sys_accept+0x7d/0x90 [ 472.742636][T20762] do_syscall_64+0xfa/0xfa0 [ 472.742656][T20762] ? lockdep_hardirqs_on+0x9c/0x150 [ 472.742675][T20762] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.742691][T20762] ? clear_bhb_loop+0x60/0xb0 [ 472.742710][T20762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.742725][T20762] RIP: 0033:0x7f950078eec9 [ 472.742740][T20762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 472.742755][T20762] RSP: 002b:00007f95016a4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 472.742773][T20762] RAX: ffffffffffffffda RBX: 00007f95009e6090 RCX: 00007f950078eec9 [ 472.742786][T20762] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000007 [ 472.742797][T20762] RBP: 00007f95016a4090 R08: 0000000000000000 R09: 0000000000000000 [ 472.742807][T20762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 472.742817][T20762] R13: 00007f95009e6128 R14: 00007f95009e6090 R15: 00007ffe0a7437e8 [ 472.742843][T20762] [ 472.754725][T20755] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4690'. [ 472.799724][ T5846] Bluetooth: hci5: command 0x0406 tx timeout [ 473.055184][T20755] macvlan2: entered promiscuous mode [ 473.060808][T20755] macvlan2: entered allmulticast mode [ 473.067962][T20755] bond7: entered promiscuous mode [ 473.074004][T20755] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 473.084204][T20755] bond7: left promiscuous mode [ 473.139466][T20771] tipc: Enabled bearer , priority 0 [ 473.149022][T20771] mac80211_hwsim hwsim28 syzkaller0: entered promiscuous mode [ 473.164818][T20771] mac80211_hwsim hwsim28 syzkaller0: entered allmulticast mode [ 473.173235][T20771] tipc: Resetting bearer [ 473.189388][T20771] tipc: Resetting bearer [ 473.226288][T20774] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4695'. [ 473.245988][T20776] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4696'. [ 473.310680][T20780] netlink: 'syz.0.4698': attribute type 3 has an invalid length. [ 473.357960][T20782] netlink: 'syz.2.4699': attribute type 13 has an invalid length. [ 473.380127][T20782] netlink: 'syz.2.4699': attribute type 17 has an invalid length. [ 473.392974][T20782] bridge0: port 2(bridge_slave_1) entered blocking state [ 473.400226][T20782] bridge0: port 2(bridge_slave_1) entered listening state [ 473.407648][T20782] bridge0: port 1(bridge_slave_0) entered blocking state [ 473.414828][T20782] bridge0: port 1(bridge_slave_0) entered listening state [ 473.428611][T20782] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 473.533567][T20793] SET target dimension over the limit! [ 473.598480][T20797] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 473.636432][T20799] netlink: 'syz.0.4706': attribute type 1 has an invalid length. [ 473.731622][T20799] macvlan2: entered promiscuous mode [ 473.741087][T20799] macvlan2: entered allmulticast mode [ 473.749573][T20799] bond8: entered promiscuous mode [ 473.755468][T20799] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 473.767155][T20799] bond8: left promiscuous mode [ 473.828157][T12303] tipc: Resetting bearer [ 474.188588][T20832] SET target dimension over the limit! [ 474.396150][T20847] netlink: 'syz.4.4722': attribute type 1 has an invalid length. [ 474.476873][T20847] macvlan3: entered promiscuous mode [ 474.482331][T20847] macvlan3: entered allmulticast mode [ 474.489557][T20847] bond10: entered promiscuous mode [ 474.495860][T20847] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 474.506461][T20847] bond10: left promiscuous mode [ 474.771495][T20858] 8021q: adding VLAN 0 to HW filter on device bond11 [ 475.424719][ C0] bridge0: port 2(bridge_slave_1) entered learning state [ 475.493398][ C0] bridge0: port 1(bridge_slave_0) entered learning state [ 476.031906][T20873] wg1 speed is unknown, defaulting to 1000 [ 476.328734][T20898] netlink: 'syz.1.4736': attribute type 1 has an invalid length. [ 476.481360][T20898] macvlan2: entered promiscuous mode [ 476.487203][T20898] macvlan2: entered allmulticast mode [ 476.494255][T20898] bond6: entered promiscuous mode [ 476.500188][T20898] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 476.512798][T20898] bond6: left promiscuous mode [ 477.226173][T20941] tap0: tun_chr_ioctl cmd 1074025677 [ 477.244087][T20941] tap0: linktype set to 804 [ 477.408246][T20956] netlink: 'syz.3.4757': attribute type 10 has an invalid length. [ 477.420564][T20956] team0: Cannot enslave team device to itself [ 477.467820][T20957] netlink: 'syz.4.4758': attribute type 4 has an invalid length. [ 477.493356][ C0] bridge0: port 2(bridge_slave_1) entered forwarding state [ 477.500739][ C0] bridge0: topology change detected, propagating [ 477.510239][T20957] netlink: 'syz.4.4758': attribute type 4 has an invalid length. [ 477.573360][ C0] bridge0: port 1(bridge_slave_0) entered forwarding state [ 477.580680][ C0] bridge0: topology change detected, propagating [ 477.658588][T20972] __nla_validate_parse: 11 callbacks suppressed [ 477.658608][T20972] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4764'. [ 477.674153][T20972] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4764'. [ 477.959651][T20984] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4767'. [ 478.033110][T20989] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4769'. [ 478.046234][T20989] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4769'. [ 478.056882][T20989] lo: entered allmulticast mode [ 478.114048][T20987] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4767'. [ 478.165230][T20991] tipc: Enabled bearer , priority 0 [ 478.193533][T20991] syzkaller0: entered promiscuous mode [ 478.199134][T20991] syzkaller0: entered allmulticast mode [ 478.244316][T20993] netlink: 'syz.0.4771': attribute type 39 has an invalid length. [ 478.308882][T20995] bridge16: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms) [ 478.326136][T20996] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4771'. [ 478.348005][T20996] netlink: 43 bytes leftover after parsing attributes in process `syz.0.4771'. [ 478.379676][T20996] netlink: 'syz.0.4771': attribute type 5 has an invalid length. [ 478.387522][T20996] netlink: 43 bytes leftover after parsing attributes in process `syz.0.4771'. [ 478.409857][T20997] tipc: Resetting bearer [ 478.425435][T20990] tipc: Resetting bearer [ 478.448228][T20990] tipc: Disabling bearer [ 478.524450][T21002] pim6reg: entered allmulticast mode [ 478.540151][T21002] pim6reg: left allmulticast mode [ 478.594170][T21004] sch_tbf: burst 0 is lower than device tunl0 mtu (61406) ! [ 478.793903][T21017] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4779'. [ 479.008383][T21033] netlink: 'syz.1.4782': attribute type 13 has an invalid length. [ 479.034519][T21033] netlink: 'syz.1.4782': attribute type 17 has an invalid length. [ 479.467459][T21033] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 479.493482][T21026] netlink: 'syz.4.4781': attribute type 6 has an invalid length. [ 479.560278][T21055] vlan3: entered promiscuous mode [ 479.657291][T21028] wg1 speed is unknown, defaulting to 1000 [ 479.964146][T21064] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 480.318370][T21084] SET target dimension over the limit! [ 480.469801][T21099] tipc: Resetting bearer [ 480.697939][T21105] dvmrp8: entered allmulticast mode [ 480.812488][T21105] wg1 speed is unknown, defaulting to 1000 [ 481.252710][T21139] vlan3: entered promiscuous mode [ 481.504471][T21152] wg1 speed is unknown, defaulting to 1000 [ 481.766711][T21162] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 481.973470][ T5840] Bluetooth: hci0: command tx timeout [ 482.205144][T21177] wg1 speed is unknown, defaulting to 1000 [ 482.652275][T21209] lo: left allmulticast mode [ 482.663603][T21209] dvmrp8: left allmulticast mode [ 482.731491][T21182] __nla_validate_parse: 10 callbacks suppressed [ 482.731513][T21182] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4827'. [ 483.160212][T21229] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 483.190669][T21229] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.387331][T21229] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 483.400093][T21229] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.515375][T21245] bridge17: entered allmulticast mode [ 483.571635][T21251] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 483.579117][T21251] IPv6: NLM_F_CREATE should be set when creating new route [ 483.597739][T21229] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 483.612397][T21229] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.777753][T21229] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 483.789265][T21229] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.936766][T21256] wg1 speed is unknown, defaulting to 1000 [ 483.996198][T12301] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 484.020143][T12301] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.095843][T12301] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 484.135399][T12301] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.179417][T21265] netlink: 35 bytes leftover after parsing attributes in process `syz.3.4851'. [ 484.205434][T12301] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 484.214634][T12301] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.249239][T21265] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4851'. [ 484.263774][T21265] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4851'. [ 484.328992][T12301] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 484.352160][T12301] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.482255][T21274] SET target dimension over the limit! [ 484.609538][T21277] netlink: 136 bytes leftover after parsing attributes in process `syz.1.4856'. [ 484.642205][T21279] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4857'. [ 484.656361][T21277] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4856'. [ 484.891559][T21282] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4858'. [ 485.019524][T21289] syzkaller1: entered promiscuous mode [ 485.033017][T21289] syzkaller1: entered allmulticast mode [ 485.322230][T21304] netlink: 'syz.0.4864': attribute type 10 has an invalid length. [ 485.330622][T21304] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4864'. [ 485.397830][T21304] team0: Port device geneve0 added [ 485.404038][T21306] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4863'. [ 485.429045][T12304] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.490107][T12304] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.505490][T12304] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.541820][T12304] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.606231][T21309] netlink: 'syz.0.4865': attribute type 9 has an invalid length. [ 485.703159][T21314] SET target dimension over the limit! [ 485.913031][T21323] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 486.051918][T21329] netlink: 'syz.0.4873': attribute type 11 has an invalid length. [ 486.129296][T21332] tipc: Cannot configure node identity twice [ 486.136238][T21332] tipc: Cannot configure node identity twice [ 486.710429][T21369] netlink: 'syz.4.4885': attribute type 1 has an invalid length. [ 486.979127][T21380] netlink: 'syz.4.4889': attribute type 7 has an invalid length. [ 487.036684][T21380] netlink: 'syz.4.4889': attribute type 1 has an invalid length. [ 487.135963][T21394] netlink: 'syz.4.4895': attribute type 5 has an invalid length. [ 487.187668][T21395] syzkaller1: entered promiscuous mode [ 487.193519][T21395] syzkaller1: entered allmulticast mode [ 487.217407][T21395] syzkaller1: left promiscuous mode [ 487.231138][T21395] syzkaller1: left allmulticast mode [ 487.353712][T21398] netlink: 'syz.4.4896': attribute type 21 has an invalid length. [ 487.455416][T21401] wg1 speed is unknown, defaulting to 1000 [ 487.809604][T21416] __nla_validate_parse: 8 callbacks suppressed [ 487.809617][T21416] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4902'. [ 487.961714][T21419] wg1 speed is unknown, defaulting to 1000 [ 487.996301][T21423] netlink: 'syz.3.4903': attribute type 1 has an invalid length. [ 488.078989][T21429] gretap1: entered allmulticast mode [ 488.089198][T21429] bond8: (slave gretap1): making interface the new active one [ 488.098414][T21429] bond8: (slave gretap1): Enslaving as an active interface with an up link [ 488.146522][ T5846] Bluetooth: hci3: command 0x0406 tx timeout [ 488.367081][T21443] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4911'. [ 488.411432][T21446] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4913'. [ 488.561633][T21454] netlink: 'syz.2.4915': attribute type 1 has an invalid length. [ 488.606344][T21454] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4915'. [ 488.682255][T21454] macvlan2: entered promiscuous mode [ 488.699708][T21454] macvlan2: entered allmulticast mode [ 488.710414][T21454] bond12: entered promiscuous mode [ 488.716978][T21454] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 488.729277][T21454] bond12: left promiscuous mode [ 489.031804][T21480] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4924'. [ 489.043495][T21481] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4922'. [ 489.052688][T21481] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4922'. [ 489.075129][T21477] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 489.234433][T21489] FAULT_INJECTION: forcing a failure. [ 489.234433][T21489] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 489.252066][T21489] CPU: 0 UID: 0 PID: 21489 Comm: syz.3.4930 Not tainted syzkaller #0 PREEMPT(full) [ 489.252095][T21489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 489.252108][T21489] Call Trace: [ 489.252117][T21489] [ 489.252126][T21489] dump_stack_lvl+0x189/0x250 [ 489.252153][T21489] ? __pfx____ratelimit+0x10/0x10 [ 489.252177][T21489] ? __pfx_dump_stack_lvl+0x10/0x10 [ 489.252197][T21489] ? __pfx__printk+0x10/0x10 [ 489.252230][T21489] should_fail_ex+0x414/0x560 [ 489.252259][T21489] _copy_to_user+0x31/0xb0 [ 489.252280][T21489] simple_read_from_buffer+0xe1/0x170 [ 489.252314][T21489] proc_fail_nth_read+0x1b3/0x220 [ 489.252341][T21489] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 489.252368][T21489] ? rw_verify_area+0x2a6/0x4d0 [ 489.252393][T21489] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 489.252418][T21489] vfs_read+0x200/0xa30 [ 489.252443][T21489] ? net_generic+0x1e/0x240 [ 489.252470][T21489] ? __pfx_vfs_read+0x10/0x10 [ 489.252494][T21489] ? l2tp_ip_connect+0x6f/0x3b0 [ 489.252519][T21489] ? __sys_connect+0x339/0x440 [ 489.252539][T21489] ? do_sys_openat2+0x154/0x1c0 [ 489.252560][T21489] ? __pfx___sys_connect+0x10/0x10 [ 489.252587][T21489] ksys_read+0x145/0x250 [ 489.252615][T21489] ? __pfx_ksys_read+0x10/0x10 [ 489.252645][T21489] ? do_syscall_64+0xbe/0xfa0 [ 489.252679][T21489] do_syscall_64+0xfa/0xfa0 [ 489.252702][T21489] ? lockdep_hardirqs_on+0x9c/0x150 [ 489.252725][T21489] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 489.252745][T21489] ? clear_bhb_loop+0x60/0xb0 [ 489.252770][T21489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 489.252789][T21489] RIP: 0033:0x7efed758d8dc [ 489.252806][T21489] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 489.252824][T21489] RSP: 002b:00007efed8431030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 489.252846][T21489] RAX: ffffffffffffffda RBX: 00007efed77e5fa0 RCX: 00007efed758d8dc [ 489.252861][T21489] RDX: 000000000000000f RSI: 00007efed84310a0 RDI: 0000000000000004 [ 489.252874][T21489] RBP: 00007efed8431090 R08: 0000000000000000 R09: 0000000000000000 [ 489.252887][T21489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 489.252899][T21489] R13: 00007efed77e6038 R14: 00007efed77e5fa0 R15: 00007ffc502d6848 [ 489.252932][T21489] [ 489.782734][T21505] wg1 speed is unknown, defaulting to 1000 [ 489.826431][T21501] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4934'. [ 489.856414][T21501] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4934'. [ 490.009178][T21502] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 490.076288][T21521] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4936'. [ 490.161118][T21521] geneve2: entered promiscuous mode [ 490.167317][T21521] geneve2: entered allmulticast mode [ 490.182483][T12304] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 256 - 0 [ 490.205101][T12304] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 256 - 0 [ 490.238605][T12304] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 256 - 0 [ 490.272089][T12304] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 256 - 0 [ 490.459313][T21527] FAULT_INJECTION: forcing a failure. [ 490.459313][T21527] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 490.485419][T21527] CPU: 1 UID: 0 PID: 21527 Comm: syz.4.4938 Not tainted syzkaller #0 PREEMPT(full) [ 490.485448][T21527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 490.485460][T21527] Call Trace: [ 490.485469][T21527] [ 490.485478][T21527] dump_stack_lvl+0x189/0x250 [ 490.485505][T21527] ? __pfx____ratelimit+0x10/0x10 [ 490.485529][T21527] ? __pfx_dump_stack_lvl+0x10/0x10 [ 490.485549][T21527] ? __pfx__printk+0x10/0x10 [ 490.485570][T21527] ? __might_fault+0xb0/0x130 [ 490.485610][T21527] should_fail_ex+0x414/0x560 [ 490.485640][T21527] _copy_from_user+0x2d/0xb0 [ 490.485661][T21527] ___sys_sendmsg+0x158/0x2a0 [ 490.485688][T21527] ? __pfx____sys_sendmsg+0x10/0x10 [ 490.485752][T21527] ? __fget_files+0x2a/0x420 [ 490.485770][T21527] ? __fget_files+0x3a0/0x420 [ 490.485800][T21527] __x64_sys_sendmsg+0x19b/0x260 [ 490.485827][T21527] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 490.485862][T21527] ? __pfx_ksys_write+0x10/0x10 [ 490.485894][T21527] ? do_syscall_64+0xbe/0xfa0 [ 490.485923][T21527] do_syscall_64+0xfa/0xfa0 [ 490.485951][T21527] ? lockdep_hardirqs_on+0x9c/0x150 [ 490.485976][T21527] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.485996][T21527] ? clear_bhb_loop+0x60/0xb0 [ 490.486022][T21527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.486042][T21527] RIP: 0033:0x7f85da18eec9 [ 490.486060][T21527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 490.486081][T21527] RSP: 002b:00007f85db03b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 490.486104][T21527] RAX: ffffffffffffffda RBX: 00007f85da3e5fa0 RCX: 00007f85da18eec9 [ 490.486119][T21527] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000009 [ 490.486133][T21527] RBP: 00007f85db03b090 R08: 0000000000000000 R09: 0000000000000000 [ 490.486154][T21527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 490.486166][T21527] R13: 00007f85da3e6038 R14: 00007f85da3e5fa0 R15: 00007ffde1d13da8 [ 490.486201][T21527] [ 491.390109][T21572] lo speed is unknown, defaulting to 1000 [ 491.420541][T21553] can: request_module (can-proto-0) failed. [ 491.448804][T21572] lo speed is unknown, defaulting to 1000 [ 491.551447][T21572] lo speed is unknown, defaulting to 1000 [ 491.735620][T21581] FAULT_INJECTION: forcing a failure. [ 491.735620][T21581] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 491.753512][T21581] CPU: 0 UID: 0 PID: 21581 Comm: syz.2.4953 Not tainted syzkaller #0 PREEMPT(full) [ 491.753540][T21581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 491.753552][T21581] Call Trace: [ 491.753560][T21581] [ 491.753568][T21581] dump_stack_lvl+0x189/0x250 [ 491.753619][T21581] ? __pfx____ratelimit+0x10/0x10 [ 491.753642][T21581] ? __pfx_dump_stack_lvl+0x10/0x10 [ 491.753664][T21581] ? __pfx__printk+0x10/0x10 [ 491.753699][T21581] should_fail_ex+0x414/0x560 [ 491.753726][T21581] _copy_from_user+0x2d/0xb0 [ 491.753747][T21581] __copy_msghdr+0x3c5/0x5b0 [ 491.753777][T21581] ___sys_sendmsg+0x1a5/0x2a0 [ 491.753803][T21581] ? __pfx____sys_sendmsg+0x10/0x10 [ 491.753858][T21581] ? __fget_files+0x2a/0x420 [ 491.753875][T21581] ? __fget_files+0x3a0/0x420 [ 491.753901][T21581] __x64_sys_sendmsg+0x19b/0x260 [ 491.753924][T21581] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 491.753955][T21581] ? __pfx_ksys_write+0x10/0x10 [ 491.753983][T21581] ? do_syscall_64+0xbe/0xfa0 [ 491.754010][T21581] do_syscall_64+0xfa/0xfa0 [ 491.754032][T21581] ? lockdep_hardirqs_on+0x9c/0x150 [ 491.754054][T21581] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.754073][T21581] ? clear_bhb_loop+0x60/0xb0 [ 491.754097][T21581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.754116][T21581] RIP: 0033:0x7fc69698eec9 [ 491.754135][T21581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 491.754153][T21581] RSP: 002b:00007fc6977d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 491.754174][T21581] RAX: ffffffffffffffda RBX: 00007fc696be5fa0 RCX: 00007fc69698eec9 [ 491.754189][T21581] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000009 [ 491.754202][T21581] RBP: 00007fc6977d6090 R08: 0000000000000000 R09: 0000000000000000 [ 491.754214][T21581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 491.754226][T21581] R13: 00007fc696be6038 R14: 00007fc696be5fa0 R15: 00007fffc25f2ac8 [ 491.754256][T21581] [ 492.063956][ T5840] Bluetooth: hci0: command tx timeout [ 492.144026][T21572] infiniband syz0: set active [ 492.149041][T21572] infiniband syz0: added lo [ 492.156404][T21572] syz0: rxe_create_cq: returned err = -12 [ 492.162682][T21572] infiniband syz0: Couldn't create ib_mad CQ [ 492.169182][T21572] infiniband syz0: Couldn't open port 1 [ 492.184825][ T5926] lo speed is unknown, defaulting to 1000 [ 492.206646][T21572] RDS/IB: syz0: added [ 492.215000][T21572] smc: adding ib device syz0 with port count 1 [ 492.221708][T21572] smc: ib device syz0 port 1 has no pnetid [ 492.230801][ T5841] lo speed is unknown, defaulting to 1000 [ 492.245136][T21572] lo speed is unknown, defaulting to 1000 [ 492.592458][T21599] vlan2: entered promiscuous mode [ 492.624260][T21599] team0: entered promiscuous mode [ 492.629429][T21599] team_slave_0: entered promiscuous mode [ 492.663829][T21599] team_slave_1: entered promiscuous mode [ 492.736402][T21606] IPVS: wlc: FWM 3 0x00000003 - no destination available [ 492.863335][T21572] lo speed is unknown, defaulting to 1000 [ 493.037219][T21614] __nla_validate_parse: 13 callbacks suppressed [ 493.037239][T21614] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4963'. [ 493.052702][T21614] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4963'. [ 493.087198][T21614] netlink: 540 bytes leftover after parsing attributes in process `syz.1.4963'. [ 493.127222][T21616] SET target dimension over the limit! [ 493.269995][T21625] netlink: 136 bytes leftover after parsing attributes in process `syz.2.4967'. [ 493.284160][T21625] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4967'. [ 493.352924][T21625] FAULT_INJECTION: forcing a failure. [ 493.352924][T21625] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 493.383529][T21625] CPU: 0 UID: 0 PID: 21625 Comm: syz.2.4967 Not tainted syzkaller #0 PREEMPT(full) [ 493.383557][T21625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 493.383569][T21625] Call Trace: [ 493.383576][T21625] [ 493.383584][T21625] dump_stack_lvl+0x189/0x250 [ 493.383607][T21625] ? __pfx____ratelimit+0x10/0x10 [ 493.383629][T21625] ? __pfx_dump_stack_lvl+0x10/0x10 [ 493.383647][T21625] ? __pfx__printk+0x10/0x10 [ 493.383668][T21625] ? __might_fault+0xb0/0x130 [ 493.383701][T21625] should_fail_ex+0x414/0x560 [ 493.383729][T21625] _copy_from_user+0x2d/0xb0 [ 493.383749][T21625] ____sys_sendmsg+0x2fe/0x830 [ 493.383777][T21625] ? __pfx_____sys_sendmsg+0x10/0x10 [ 493.383811][T21625] ? import_iovec+0x74/0xa0 [ 493.383832][T21625] ___sys_sendmsg+0x21f/0x2a0 [ 493.383857][T21625] ? __pfx____sys_sendmsg+0x10/0x10 [ 493.383911][T21625] ? __fget_files+0x2a/0x420 [ 493.383926][T21625] ? __fget_files+0x3a0/0x420 [ 493.383951][T21625] __x64_sys_sendmsg+0x19b/0x260 [ 493.383976][T21625] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 493.384008][T21625] ? __pfx_ksys_write+0x10/0x10 [ 493.384039][T21625] ? do_syscall_64+0xbe/0xfa0 [ 493.384064][T21625] do_syscall_64+0xfa/0xfa0 [ 493.384085][T21625] ? lockdep_hardirqs_on+0x9c/0x150 [ 493.384108][T21625] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 493.384126][T21625] ? clear_bhb_loop+0x60/0xb0 [ 493.384148][T21625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 493.384167][T21625] RIP: 0033:0x7fc69698eec9 [ 493.384185][T21625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 493.384201][T21625] RSP: 002b:00007fc6977d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 493.384221][T21625] RAX: ffffffffffffffda RBX: 00007fc696be5fa0 RCX: 00007fc69698eec9 [ 493.384236][T21625] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000009 [ 493.384249][T21625] RBP: 00007fc6977d6090 R08: 0000000000000000 R09: 0000000000000000 [ 493.384261][T21625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 493.384274][T21625] R13: 00007fc696be6038 R14: 00007fc696be5fa0 R15: 00007fffc25f2ac8 [ 493.384307][T21625] [ 493.386079][T21627] pim6reg: entered allmulticast mode [ 493.640701][T21572] lo speed is unknown, defaulting to 1000 [ 493.777685][T21635] netlink: 136 bytes leftover after parsing attributes in process `syz.2.4971'. [ 493.814038][T21635] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4971'. [ 493.833605][T21638] IPVS: wlc: FWM 3 0x00000003 - no destination available [ 494.013673][T21645] Unsupported ieee802154 address type: 0 [ 494.027255][T21645] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4974'. [ 494.120790][T21649] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4974'. [ 494.173625][T21649] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4974'. [ 494.197860][T21650] Bluetooth: hci0: unsupported parameter 512 [ 494.205361][T21650] Bluetooth: hci0: invalid length 0, exp 2 for type 1 [ 494.206348][T21572] lo speed is unknown, defaulting to 1000 [ 494.294050][T21577] Set syz1 is full, maxelem 65536 reached [ 494.303823][T21655] SET target dimension over the limit! [ 494.695443][T21656] lo speed is unknown, defaulting to 1000 [ 494.937330][T21572] lo speed is unknown, defaulting to 1000 [ 495.339187][T21572] lo speed is unknown, defaulting to 1000 [ 495.425334][T21694] validate_nla: 3 callbacks suppressed [ 495.425355][T21694] netlink: 'syz.4.4989': attribute type 11 has an invalid length. [ 495.450938][T21688] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-6) [ 495.688130][T21678] lo speed is unknown, defaulting to 1000 [ 495.781579][T21706] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 64993 [ 495.965126][T21713] netlink: 'syz.4.4996': attribute type 13 has an invalid length. [ 495.983191][T21713] netlink: 'syz.4.4996': attribute type 17 has an invalid length. [ 496.030623][T21572] lo speed is unknown, defaulting to 1000 [ 496.107736][T21718] vlan2: entered promiscuous mode [ 496.871118][T21742] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 497.090110][T21759] IPv6: NLM_F_CREATE should be specified when creating new route [ 497.104044][T21759] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 497.111323][T21759] IPv6: NLM_F_CREATE should be set when creating new route [ 497.118617][T21759] IPv6: NLM_F_CREATE should be set when creating new route [ 497.234174][T21767] netlink: 'syz.2.5016': attribute type 13 has an invalid length. [ 497.465967][T21784] lo speed is unknown, defaulting to 1000 [ 497.728220][T21787] lo speed is unknown, defaulting to 1000 [ 498.169334][T21799] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 498.426568][T21803] lo speed is unknown, defaulting to 1000 [ 498.503054][T21808] __nla_validate_parse: 11 callbacks suppressed [ 498.503072][T21808] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5025'. [ 498.545479][T21811] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5026'. [ 498.818661][T21826] netlink: 'syz.2.5031': attribute type 2 has an invalid length. [ 498.835497][T21826] netlink: 'syz.2.5031': attribute type 9 has an invalid length. [ 498.883706][T21826] netlink: 184 bytes leftover after parsing attributes in process `syz.2.5031'. [ 499.067647][T21806] netlink: 'syz.3.5024': attribute type 1 has an invalid length. [ 499.077949][T21833] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 499.108174][T21806] netlink: 180 bytes leftover after parsing attributes in process `syz.3.5024'. [ 499.156938][T21806] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5024'. [ 499.202227][T21806] macvlan2: entered promiscuous mode [ 499.229900][T21806] syz_tun: entered promiscuous mode [ 499.246606][T21838] ip6t_srh: unknown srh match flags 4000 [ 499.273210][T21806] team0: Port device macvlan2 added [ 499.308674][T21838] netlink: 11 bytes leftover after parsing attributes in process `syz.0.5035'. [ 499.382886][T21843] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5036'. [ 499.629445][T21844] bond0: (slave rose0): Enslaving as an active interface with an up link [ 499.640480][T21828] lo speed is unknown, defaulting to 1000 [ 499.799960][T21850] netlink: 'syz.3.5038': attribute type 11 has an invalid length. [ 499.886591][T21852] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5039'. [ 499.897715][T21852] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5039'. [ 499.908418][T21852] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5039'. [ 500.757851][T21880] netlink: 'syz.0.5049': attribute type 11 has an invalid length. [ 501.423120][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.430207][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.537542][T21915] SET target dimension over the limit! [ 501.688702][T21926] vlan2: entered promiscuous mode [ 502.457451][T21938] netlink: 'syz.2.5066': attribute type 2 has an invalid length. [ 502.465881][T21938] netlink: 'syz.2.5066': attribute type 2 has an invalid length. [ 502.474994][T21938] netlink: 'syz.2.5066': attribute type 1 has an invalid length. [ 502.501473][T21938] netlink: 'syz.2.5066': attribute type 1 has an invalid length. [ 502.509673][T21938] netlink: 'syz.2.5066': attribute type 2 has an invalid length. [ 502.526824][T21938] netlink: 'syz.2.5066': attribute type 1 has an invalid length. [ 502.579262][T21938] sctp: [Deprecated]: syz.2.5066 (pid 21938) Use of int in max_burst socket option. [ 502.579262][T21938] Use struct sctp_assoc_value instead [ 502.702445][T21953] pim6reg: entered allmulticast mode [ 502.709614][T21953] pim6reg: left allmulticast mode [ 502.876339][T21961] SET target dimension over the limit! [ 503.008858][T21969] tipc: Enabled bearer , priority 0 [ 503.015841][ T5840] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 503.115712][T21968] tipc: Disabling bearer [ 503.346688][T21996] pim6reg: entered allmulticast mode [ 503.355726][T21996] pim6reg: left allmulticast mode [ 503.361770][T21996] FAULT_INJECTION: forcing a failure. [ 503.361770][T21996] name failslab, interval 1, probability 0, space 0, times 0 [ 503.375619][T21996] CPU: 0 UID: 0 PID: 21996 Comm: syz.1.5084 Not tainted syzkaller #0 PREEMPT(full) [ 503.375646][T21996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 503.375658][T21996] Call Trace: [ 503.375668][T21996] [ 503.375676][T21996] dump_stack_lvl+0x189/0x250 [ 503.375702][T21996] ? __pfx____ratelimit+0x10/0x10 [ 503.375725][T21996] ? __pfx_dump_stack_lvl+0x10/0x10 [ 503.375746][T21996] ? __pfx__printk+0x10/0x10 [ 503.375773][T21996] ? __pfx___might_resched+0x10/0x10 [ 503.375794][T21996] ? fs_reclaim_acquire+0x7d/0x100 [ 503.375828][T21996] should_fail_ex+0x414/0x560 [ 503.375858][T21996] should_failslab+0xa8/0x100 [ 503.375880][T21996] kmem_cache_alloc_node_noprof+0x77/0x710 [ 503.375907][T21996] ? __alloc_skb+0x112/0x2d0 [ 503.375933][T21996] ? rtnl_prop_list_size+0x1ba/0x1e0 [ 503.375968][T21996] __alloc_skb+0x112/0x2d0 [ 503.375993][T21996] rtmsg_ifinfo_build_skb+0x84/0x260 [ 503.376029][T21996] rtmsg_ifinfo+0x8c/0x1a0 [ 503.376063][T21996] netif_close_many+0x27f/0x410 [ 503.376098][T21996] ? __pfx_netif_close_many+0x10/0x10 [ 503.376124][T21996] ? do_ipv6_setsockopt+0x35a/0x2eb0 [ 503.376148][T21996] ? ipv6_setsockopt+0x59/0x170 [ 503.376172][T21996] ? rawv6_setsockopt+0x23b/0x5b0 [ 503.376199][T21996] ? do_sock_setsockopt+0x179/0x1b0 [ 503.376220][T21996] ? __x64_sys_setsockopt+0x13f/0x1b0 [ 503.376241][T21996] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.376268][T21996] unregister_netdevice_many_notify+0x7b9/0x1ff0 [ 503.376296][T21996] ? nlmsg_notify+0xf0/0x1a0 [ 503.376314][T21996] ? nlmsg_notify+0x14a/0x1a0 [ 503.376344][T21996] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 503.376376][T21996] ? __pfx_mif6_delete+0x10/0x10 [ 503.376399][T21996] ? __mutex_trylock_common+0x153/0x260 [ 503.376427][T21996] ? __pfx___mutex_trylock_common+0x10/0x10 [ 503.376460][T21996] mroute_clean_tables+0x3b5/0x18f0 [ 503.376509][T21996] ? __pfx_mroute_clean_tables+0x10/0x10 [ 503.376548][T21996] ? _copy_from_user+0x94/0xb0 [ 503.376572][T21996] ip6_mroute_setsockopt+0xa95/0xf00 [ 503.376608][T21996] ? __pfx_ip6_mroute_setsockopt+0x10/0x10 [ 503.376668][T21996] do_ipv6_setsockopt+0x35a/0x2eb0 [ 503.376705][T21996] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 503.376744][T21996] ? aa_label_sk_perm+0x4cd/0x630 [ 503.376767][T21996] ? get_pid_task+0x20/0x1f0 [ 503.376801][T21996] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 503.376839][T21996] ? vfs_write+0x956/0xb30 [ 503.376869][T21996] ? __pfx___might_resched+0x10/0x10 [ 503.376899][T21996] ? __lock_acquire+0xab9/0xd20 [ 503.376932][T21996] ipv6_setsockopt+0x59/0x170 [ 503.376964][T21996] rawv6_setsockopt+0x23b/0x5b0 [ 503.376997][T21996] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 503.377026][T21996] ? aa_sock_opt_perm+0xff/0x1b0 [ 503.377055][T21996] ? sock_common_setsockopt+0x36/0xc0 [ 503.377083][T21996] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 503.377115][T21996] do_sock_setsockopt+0x179/0x1b0 [ 503.377142][T21996] __x64_sys_setsockopt+0x13f/0x1b0 [ 503.377170][T21996] do_syscall_64+0xfa/0xfa0 [ 503.377193][T21996] ? lockdep_hardirqs_on+0x9c/0x150 [ 503.377217][T21996] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.377235][T21996] ? clear_bhb_loop+0x60/0xb0 [ 503.377260][T21996] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.377278][T21996] RIP: 0033:0x7f950078eec9 [ 503.377296][T21996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 503.377313][T21996] RSP: 002b:00007f95016c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 503.377334][T21996] RAX: ffffffffffffffda RBX: 00007f95009e5fa0 RCX: 00007f950078eec9 [ 503.377350][T21996] RDX: 00000000000000d4 RSI: 0000000000000029 RDI: 0000000000000003 [ 503.377362][T21996] RBP: 00007f95016c5090 R08: 0000000000000004 R09: 0000000000000000 [ 503.377374][T21996] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 503.377387][T21996] R13: 00007f95009e6038 R14: 00007f95009e5fa0 R15: 00007ffe0a7437e8 [ 503.377422][T21996] [ 503.803713][T21995] lo speed is unknown, defaulting to 1000 [ 503.830412][T22001] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 503.842644][T22001] netlink: 'syz.4.5087': attribute type 39 has an invalid length. [ 503.898603][T22004] __nla_validate_parse: 6 callbacks suppressed [ 503.898623][T22004] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5088'. [ 503.924701][T21995] lo speed is unknown, defaulting to 1000 [ 503.931318][T21995] lo speed is unknown, defaulting to 1000 [ 503.995843][T21995] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 504.157613][T21995] lo speed is unknown, defaulting to 1000 [ 504.182899][T21995] lo speed is unknown, defaulting to 1000 [ 504.192161][T22016] tipc: Enabling of bearer rejected, already enabled [ 504.240553][T21995] lo speed is unknown, defaulting to 1000 [ 504.255525][T21995] lo speed is unknown, defaulting to 1000 [ 504.263702][T21995] lo speed is unknown, defaulting to 1000 [ 504.271375][T21995] lo speed is unknown, defaulting to 1000 [ 504.280132][T21995] lo speed is unknown, defaulting to 1000 [ 504.378183][T22021] bond7: entered promiscuous mode [ 504.386687][T22021] bond7: entered allmulticast mode [ 504.403838][T22021] 8021q: adding VLAN 0 to HW filter on device bond7 [ 504.529111][T22048] pim6reg: entered allmulticast mode [ 504.538407][T22048] pim6reg: left allmulticast mode [ 504.621598][T22051] SET target dimension over the limit! [ 504.702913][T22053] lo speed is unknown, defaulting to 1000 [ 504.730266][T22055] netlink: 'syz.0.5103': attribute type 1 has an invalid length. [ 504.746679][T22055] netlink: 76 bytes leftover after parsing attributes in process `syz.0.5103'. [ 504.929223][T22066] netlink: 100 bytes leftover after parsing attributes in process `syz.2.5106'. [ 505.049575][T22065] netlink: 'syz.0.5107': attribute type 3 has an invalid length. [ 505.366164][T22072] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 505.434985][T22082] vlan2: entered promiscuous mode [ 507.035035][T22053] lo speed is unknown, defaulting to 1000 [ 507.042044][T22087] kthread_run failed with err -4 [ 507.048717][T22069] lo speed is unknown, defaulting to 1000 [ 507.290346][T22099] SET target dimension over the limit! [ 507.368033][T22094] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5113'. [ 507.413661][T22105] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5116'. [ 507.520445][T22069] lo speed is unknown, defaulting to 1000 [ 507.760145][T22115] tipc: Enabled bearer , priority 0 [ 507.812646][T22115] syzkaller0: entered promiscuous mode [ 507.823359][T22115] syzkaller0: entered allmulticast mode [ 507.892255][T22111] lo speed is unknown, defaulting to 1000 [ 507.911281][T22115] tipc: Resetting bearer [ 508.026949][T22114] tipc: Resetting bearer [ 508.084309][T22114] tipc: Disabling bearer [ 508.263724][T22112] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5118'. [ 508.317820][T22119] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5118'. [ 508.411483][T22113] lo speed is unknown, defaulting to 1000 [ 508.429063][T22130] validate_nla: 2 callbacks suppressed [ 508.429081][T22130] netlink: 'syz.3.5123': attribute type 1 has an invalid length. [ 508.479791][T22130] 8021q: adding VLAN 0 to HW filter on device bond9 [ 508.489565][T22131] tipc: Enabled bearer , priority 0 [ 508.501713][T22133] bond9: (slave wlan0): Opening slave failed [ 508.516309][T22130] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5123'. [ 508.615189][T22111] lo speed is unknown, defaulting to 1000 [ 508.652876][T22113] lo speed is unknown, defaulting to 1000 [ 508.876870][T22138] netlink: 136 bytes leftover after parsing attributes in process `syz.3.5125'. [ 508.889616][T22138] netlink: 180 bytes leftover after parsing attributes in process `syz.3.5125'. [ 509.102893][T22146] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5128'. [ 509.204696][T22125] tipc: Disabling bearer [ 509.345636][T22152] netlink: 'syz.4.5131': attribute type 58 has an invalid length. [ 509.373582][T22152] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5131'. [ 509.462264][T22154] lo speed is unknown, defaulting to 1000 [ 510.201680][T22170] netlink: 'syz.2.5137': attribute type 9 has an invalid length. [ 510.260558][T22154] lo speed is unknown, defaulting to 1000 [ 510.480580][T22182] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5142'. [ 510.512911][T22179] syzkaller0 speed is unknown, defaulting to 1000 [ 510.543189][T22179] syzkaller0 speed is unknown, defaulting to 1000 [ 510.554172][T22179] syzkaller0 speed is unknown, defaulting to 1000 [ 510.580386][T22179] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 510.596963][T22183] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5143'. [ 510.628256][T22183] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5143'. [ 510.651102][T22179] syzkaller0 speed is unknown, defaulting to 1000 [ 510.709551][T22179] syzkaller0 speed is unknown, defaulting to 1000 [ 510.767708][T22179] syzkaller0 speed is unknown, defaulting to 1000 [ 510.795114][T22179] syzkaller0 speed is unknown, defaulting to 1000 [ 510.836150][T22179] syzkaller0 speed is unknown, defaulting to 1000 [ 510.872026][T22179] syzkaller0 speed is unknown, defaulting to 1000 [ 510.891945][T22179] syzkaller0 speed is unknown, defaulting to 1000 [ 510.937362][T22196] team_slave_0: entered promiscuous mode [ 510.943130][T22196] team_slave_0: entered allmulticast mode [ 511.097478][T22202] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5148'. [ 511.149874][T22202] bond11: option active_slave: mode dependency failed, not supported in mode balance-xor(2) [ 511.172671][T22202] bond11 (unregistering): Released all slaves [ 511.832616][T22240] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5155'. [ 511.924643][T22243] bridge52: the hash_elasticity option has been deprecated and is always 16 [ 511.954320][T22243] bridge52: entered allmulticast mode [ 511.968581][T22232] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5155'. [ 512.195297][T22248] lo speed is unknown, defaulting to 1000 [ 512.350610][T22246] netlink: 'syz.0.5161': attribute type 12 has an invalid length. [ 512.412065][T22246] netlink: 9472 bytes leftover after parsing attributes in process `syz.0.5161'. [ 512.816782][T22248] lo speed is unknown, defaulting to 1000 [ 512.824907][T22248] syzkaller0 speed is unknown, defaulting to 1000 [ 512.858419][T22252] lo speed is unknown, defaulting to 1000 [ 513.076396][T22264] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.190694][T22264] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.286514][ T30] audit: type=1800 audit(1760453575.490:4): pid=22272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.5168" name="memory.events" dev="tmpfs" ino=2001 res=0 errno=0 [ 513.296745][T22252] lo speed is unknown, defaulting to 1000 [ 513.358857][T22264] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.374049][ T30] audit: type=1804 audit(1760453575.520:5): pid=22272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.5168" name="memory.events" dev="tmpfs" ino=2001 res=1 errno=0 [ 513.405841][T22252] syzkaller0 speed is unknown, defaulting to 1000 [ 513.593664][T22264] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.735115][T22280] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input8 [ 513.927698][ T13] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.940017][ T13] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.974972][T22287] syz_tun: entered allmulticast mode [ 513.987292][ T13] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 514.023823][T22287] dvmrp1: entered allmulticast mode [ 514.070627][T12301] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 514.193146][T22287] lo speed is unknown, defaulting to 1000 [ 514.531718][T22287] lo speed is unknown, defaulting to 1000 [ 514.565245][T22287] syzkaller0 speed is unknown, defaulting to 1000 [ 514.679729][T22285] syz_tun: left allmulticast mode [ 514.732083][T22316] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5178'. [ 514.750910][T22319] netlink: 276 bytes leftover after parsing attributes in process `syz.3.5180'. [ 514.769715][T22319] vlan3: entered promiscuous mode [ 514.775297][T22319] geneve1: entered promiscuous mode [ 514.781105][T22319] vlan3: entered allmulticast mode [ 514.788753][T22319] geneve1: entered allmulticast mode [ 514.826641][ T30] audit: type=1804 audit(1760453577.030:6): pid=22319 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.5180" name="/newroot/454/cgroup.controllers" dev="tmpfs" ino=2319 res=1 errno=0 [ 514.895688][ T30] audit: type=1800 audit(1760453577.050:7): pid=22319 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.5180" name="cgroup.controllers" dev="tmpfs" ino=2319 res=0 errno=0 [ 515.009107][T22323] pim6reg1: entered promiscuous mode [ 515.039490][T22323] pim6reg1: entered allmulticast mode [ 515.082239][T22326] !: renamed from dummy0 (while UP) [ 515.251541][T22340] netlink: 'syz.0.5185': attribute type 11 has an invalid length. [ 515.308868][T22343] netlink: 'syz.3.5186': attribute type 1 has an invalid length. [ 515.401912][T22343] bond10: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 515.454420][T22355] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5186'. [ 515.525151][T22343] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5186'. [ 515.577744][T22360] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5193'. [ 515.655626][T22365] sctp: [Deprecated]: syz.1.5194 (pid 22365) Use of int in maxseg socket option. [ 515.655626][T22365] Use struct sctp_assoc_value instead [ 515.741253][T22377] netlink: 'syz.4.5199': attribute type 11 has an invalid length. [ 516.196630][T22414] tipc: Enabling of bearer rejected, failed to enable media [ 516.208760][T22415] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 516.225978][ T5841] lo speed is unknown, defaulting to 1000 [ 516.295196][T22415] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5211'. [ 516.444144][T22432] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5215'. [ 516.454725][T22432] netlink: 35 bytes leftover after parsing attributes in process `syz.2.5215'. [ 516.473982][T22432] netlink: 'syz.2.5215': attribute type 5 has an invalid length. [ 516.501129][T22432] netlink: 35 bytes leftover after parsing attributes in process `syz.2.5215'. [ 516.718472][T22447] netlink: set zone limit has 8 unknown bytes [ 516.914926][T22459] IPVS: set_ctl: invalid protocol: 11612 172.20.20.11:21 [ 517.066809][T22471] SET target dimension over the limit! [ 517.149748][T22476] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 517.167913][T22477] netlink: 'syz.2.5229': attribute type 1 has an invalid length. [ 517.207444][T22477] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5229'. [ 517.264321][T22477] macvlan2: entered promiscuous mode [ 517.269658][T22477] macvlan2: entered allmulticast mode [ 517.277691][T22477] bond13: entered promiscuous mode [ 517.286757][T22477] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 517.300096][T22477] bond13: left promiscuous mode [ 517.560035][T22501] IPVS: wlc: FWM 3 0x00000003 - no destination available [ 517.710218][T22511] SET target dimension over the limit! [ 517.710349][T22509] mac80211_hwsim hwsim41 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 517.963524][T22525] netlink: 'syz.2.5248': attribute type 11 has an invalid length. [ 518.119954][T22529] bond8: option downdelay: invalid value (18446744073709551615) [ 518.180602][T22529] bond8: option downdelay: allowed values 0 - 2147483647 [ 518.220107][T22529] bond8 (unregistering): Released all slaves [ 518.492756][T22531] lo speed is unknown, defaulting to 1000 [ 518.670738][T22564] vlan3: entered promiscuous mode [ 518.754118][T22531] lo speed is unknown, defaulting to 1000 [ 518.761643][T22531] syzkaller0 speed is unknown, defaulting to 1000 [ 518.914958][T22575] netlink: 'syz.4.5259': attribute type 1 has an invalid length. [ 518.988488][T22582] netlink: 'syz.0.5261': attribute type 11 has an invalid length. [ 519.186217][T22587] macvlan3: entered promiscuous mode [ 519.192917][T22587] macvlan3: entered allmulticast mode [ 519.223942][T22587] bond11: entered promiscuous mode [ 519.231169][T22587] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 519.244122][T22587] bond11: left promiscuous mode [ 519.810215][T22616] netlink: 'syz.3.5271': attribute type 1 has an invalid length. [ 519.867803][T22616] bond11: entered promiscuous mode [ 519.873885][T22616] 8021q: adding VLAN 0 to HW filter on device bond11 [ 519.933576][T22627] netlink: 'syz.4.5273': attribute type 11 has an invalid length. [ 519.946448][T22622] 8021q: adding VLAN 0 to HW filter on device bond11 [ 519.954735][T22622] bond11: (slave wireguard0): The slave device specified does not support setting the MAC address [ 519.968002][T22622] bond11: (slave wireguard0): Setting fail_over_mac to active for active-backup mode [ 519.997468][T22622] bond11: (slave wireguard0): making interface the new active one [ 520.006927][T22622] wireguard0: entered promiscuous mode [ 520.018878][T22622] bond11: (slave wireguard0): Enslaving as an active interface with an up link [ 520.052077][T22634] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 520.078579][T22634] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 520.209065][T22639] __nla_validate_parse: 9 callbacks suppressed [ 520.209084][T22639] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5279'. [ 520.214593][T22642] vlan2: entered promiscuous mode [ 520.298965][T22639] macvlan3: entered promiscuous mode [ 520.306677][T22639] macvlan3: entered allmulticast mode [ 520.316354][T22639] bond9: entered promiscuous mode [ 520.321970][T22639] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 520.331493][T22639] bond9: left promiscuous mode [ 520.542842][T22658] validate_nla: 1 callbacks suppressed [ 520.542861][T22658] netlink: 'syz.0.5285': attribute type 2 has an invalid length. [ 520.677063][T22663] tipc: Enabling of bearer rejected, already enabled [ 520.699978][T22663] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5286'. [ 520.710032][T22663] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5286'. [ 520.723778][T22663] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5286'. [ 520.969759][T22681] netlink: 'syz.3.5290': attribute type 1 has an invalid length. [ 521.037544][T22684] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5293'. [ 521.046905][T22681] bond12: entered promiscuous mode [ 521.052458][T22681] 8021q: adding VLAN 0 to HW filter on device bond12 [ 521.100333][T22692] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 521.107841][T22692] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 521.157599][T22695] x_tables: duplicate underflow at hook 4 [ 522.225772][T22743] netlink: 'syz.3.5311': attribute type 11 has an invalid length. [ 522.496946][T22752] lo speed is unknown, defaulting to 1000 [ 522.639232][T22757] Bluetooth: hci0: unsupported parameter 512 [ 522.655009][T22759] netlink: 'syz.2.5317': attribute type 1 has an invalid length. [ 522.679655][T22757] Bluetooth: hci0: invalid len left 28, exp >= 190 [ 522.783756][T22759] bond14: entered promiscuous mode [ 522.798568][T22759] 8021q: adding VLAN 0 to HW filter on device bond14 [ 523.238511][T22752] lo speed is unknown, defaulting to 1000 [ 523.245230][T22783] netlink: 136 bytes leftover after parsing attributes in process `syz.4.5324'. [ 523.254592][T22783] netlink: 180 bytes leftover after parsing attributes in process `syz.4.5324'. [ 523.264232][T22752] syzkaller0 speed is unknown, defaulting to 1000 [ 523.428686][T22786] xt_connbytes: Forcing CT accounting to be enabled [ 523.451546][T22786] xt_CT: You must specify a L4 protocol and not use inversions on it [ 523.535980][T22799] netlink: 'syz.2.5328': attribute type 1 has an invalid length. [ 523.557595][T22787] pim6reg: entered allmulticast mode [ 523.563789][T22786] tipc: Enabled bearer , priority 0 [ 523.615686][T22799] bond15: entered promiscuous mode [ 523.621236][T22799] 8021q: adding VLAN 0 to HW filter on device bond15 [ 523.630575][T22793] syzkaller0: entered promiscuous mode [ 523.637246][T22793] syzkaller0: entered allmulticast mode [ 523.726732][T22786] tipc: Resetting bearer [ 523.774219][T22785] tipc: Resetting bearer [ 523.831193][T22785] tipc: Disabling bearer [ 523.906539][T22807] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5331'. [ 523.925401][T22807] netlink: 'syz.4.5331': attribute type 2 has an invalid length. [ 524.221022][T22820] netlink: 'syz.3.5337': attribute type 11 has an invalid length. [ 524.407498][T22826] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 524.454280][T22826] sctp: [Deprecated]: syz.3.5340 (pid 22826) Use of struct sctp_assoc_value in delayed_ack socket option. [ 524.454280][T22826] Use struct sctp_sack_info instead [ 524.758558][T22854] vlan4: entered promiscuous mode [ 524.820568][T22856] netlink: 'syz.2.5348': attribute type 1 has an invalid length. [ 524.841480][T22856] netlink: 228 bytes leftover after parsing attributes in process `syz.2.5348'. [ 525.040811][T22869] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5354'. [ 525.152238][T22876] netlink: 'syz.2.5356': attribute type 11 has an invalid length. [ 525.324431][T22881] netlink: ct family unspecified [ 525.329627][T22881] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 525.454832][T22887] __nla_validate_parse: 1 callbacks suppressed [ 525.454851][T22887] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5359'. [ 525.510838][T22887] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5359'. [ 525.530540][T22892] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5361'. [ 525.647823][T22898] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5365'. [ 525.658506][T22902] netlink: 'syz.1.5367': attribute type 1 has an invalid length. [ 525.674925][T22899] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5364'. [ 525.691170][T22900] 8021q: adding VLAN 0 to HW filter on device team0 [ 525.705238][T22900] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 525.731503][ T5948] lo speed is unknown, defaulting to 1000 [ 525.962130][T22920] netlink: 68 bytes leftover after parsing attributes in process `syz.2.5372'. [ 526.051951][T22923] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5375'. [ 526.237404][T22935] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5379'. [ 526.480408][T22948] netlink: 'syz.2.5384': attribute type 32 has an invalid length. [ 526.521846][T22948] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5384'. [ 526.576582][T22948] bond16: option coupled_control: invalid value (12) [ 526.602219][T22948] bond16 (unregistering): Released all slaves [ 526.719510][T22957] pim6reg: entered allmulticast mode [ 526.746518][T22960] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5388'. [ 526.800933][T22962] pim6reg: left allmulticast mode [ 526.847164][T22963] netlink: 'syz.4.5389': attribute type 5 has an invalid length. [ 526.874711][T22967] netlink: 'syz.2.5390': attribute type 11 has an invalid length. [ 526.951054][T22972] netlink: 'syz.2.5393': attribute type 23 has an invalid length. [ 527.177878][T22988] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 527.211206][T22989] netlink: 'syz.2.5398': attribute type 13 has an invalid length. [ 527.233936][T22989] netlink: 'syz.2.5398': attribute type 17 has an invalid length. [ 527.270347][T22989] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 527.444450][T23000] netlink: zone id is out of range [ 527.449609][T23000] netlink: zone id is out of range [ 527.463949][T23000] netlink: zone id is out of range [ 527.477265][T23000] netlink: zone id is out of range [ 527.884524][T23020] veth1_macvtap: left promiscuous mode [ 527.938148][T23029] netlink: 'syz.2.5413': attribute type 3 has an invalid length. [ 528.527483][T23070] netlink: 'syz.1.5427': attribute type 1 has an invalid length. [ 528.624867][T23078] vlan2: entered promiscuous mode [ 528.741509][T23070] macvlan3: entered promiscuous mode [ 528.769641][T23070] macvlan3: entered allmulticast mode [ 528.796813][T23070] bond8: entered promiscuous mode [ 528.802781][T23070] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 528.813920][T23070] bond8: left promiscuous mode [ 528.921916][T23095] netlink: 'syz.3.5432': attribute type 9 has an invalid length. [ 529.182792][T23108] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 529.189280][T23108] syzkaller1: linktype set to 823 [ 529.461859][T23123] bond13: option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0) [ 529.491190][T23123] bond13 (unregistering): Released all slaves [ 529.973020][T23156] net_ratelimit: 2 callbacks suppressed [ 529.973040][T23156] IPVS: lblcr: FWM 3 0x00000003 - no destination available [ 530.005281][ C1] IPVS: lblcr: FWM 3 0x00000003 - no destination available [ 530.441048][T23149] macvlan3: entered promiscuous mode [ 530.446604][T23149] macvlan3: entered allmulticast mode [ 530.456559][T23149] bond13: entered promiscuous mode [ 530.463003][T23149] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 530.483337][T23149] bond13: left promiscuous mode [ 530.498153][T23161] SET target dimension over the limit! [ 530.610898][T23167] __nla_validate_parse: 32 callbacks suppressed [ 530.610918][T23167] netlink: 68 bytes leftover after parsing attributes in process `syz.2.5457'. [ 530.719422][T23176] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5460'. [ 530.882039][T23189] netlink: 136 bytes leftover after parsing attributes in process `syz.3.5465'. [ 530.915095][T23189] netlink: 180 bytes leftover after parsing attributes in process `syz.3.5465'. [ 530.945217][T23194] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.5466'. [ 530.954788][T23194] openvswitch: netlink: Message has 512 unknown bytes. [ 531.182903][T23204] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5468'. [ 531.182921][T23206] validate_nla: 1 callbacks suppressed [ 531.182933][T23206] netlink: 'syz.4.5470': attribute type 1 has an invalid length. [ 531.232186][T23204] bond9: option broadcast_neighbor: invalid value (5) [ 531.241349][T23214] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5470'. [ 531.252304][T23204] bond9 (unregistering): Released all slaves [ 531.300840][T23215] netlink: 68 bytes leftover after parsing attributes in process `syz.3.5472'. [ 531.418906][T23206] macvlan3: entered promiscuous mode [ 531.424646][T23206] macvlan3: entered allmulticast mode [ 531.432207][T23206] bond12: entered promiscuous mode [ 531.438222][T23206] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 531.449063][T23206] bond12: left promiscuous mode [ 531.777844][T23234] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5475'. [ 531.809312][T23231] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5476'. [ 531.990928][T23243] IPVS: lblcr: FWM 3 0x00000003 - no destination available [ 532.001717][ C0] IPVS: lblcr: FWM 3 0x00000003 - no destination available [ 532.708948][T23279] lo speed is unknown, defaulting to 1000 [ 532.752762][T23283] Bluetooth: MGMT ver 1.23 [ 532.854128][T23292] SET target dimension over the limit! [ 533.084567][T23297] FAULT_INJECTION: forcing a failure. [ 533.084567][T23297] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 533.142752][T23297] CPU: 0 UID: 0 PID: 23297 Comm: syz.0.5500 Not tainted syzkaller #0 PREEMPT(full) [ 533.142781][T23297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 533.142794][T23297] Call Trace: [ 533.142802][T23297] [ 533.142812][T23297] dump_stack_lvl+0x189/0x250 [ 533.142837][T23297] ? __pfx____ratelimit+0x10/0x10 [ 533.142862][T23297] ? __pfx_dump_stack_lvl+0x10/0x10 [ 533.142883][T23297] ? __pfx__printk+0x10/0x10 [ 533.142916][T23297] should_fail_ex+0x414/0x560 [ 533.142944][T23297] _copy_to_user+0x31/0xb0 [ 533.142966][T23297] simple_read_from_buffer+0xe1/0x170 [ 533.142999][T23297] proc_fail_nth_read+0x1b3/0x220 [ 533.143027][T23297] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 533.143055][T23297] ? rw_verify_area+0x2a6/0x4d0 [ 533.143080][T23297] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 533.143105][T23297] vfs_read+0x200/0xa30 [ 533.143134][T23297] ? lockdep_hardirqs_on+0x9c/0x150 [ 533.143162][T23297] ? __pfx_vfs_read+0x10/0x10 [ 533.143188][T23297] ? raw_setsockopt+0x489/0x1290 [ 533.143226][T23297] ? __pfx_raw_setsockopt+0x10/0x10 [ 533.143249][T23297] ? do_sock_setsockopt+0x185/0x1b0 [ 533.143277][T23297] ksys_read+0x145/0x250 [ 533.143302][T23297] ? __pfx_ksys_read+0x10/0x10 [ 533.143333][T23297] ? do_syscall_64+0xbe/0xfa0 [ 533.143360][T23297] do_syscall_64+0xfa/0xfa0 [ 533.143383][T23297] ? lockdep_hardirqs_on+0x9c/0x150 [ 533.143406][T23297] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.143433][T23297] ? clear_bhb_loop+0x60/0xb0 [ 533.143457][T23297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.143477][T23297] RIP: 0033:0x7fd36bf8d8dc [ 533.143496][T23297] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 533.143514][T23297] RSP: 002b:00007fd36ceac030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 533.143536][T23297] RAX: ffffffffffffffda RBX: 00007fd36c1e5fa0 RCX: 00007fd36bf8d8dc [ 533.143552][T23297] RDX: 000000000000000f RSI: 00007fd36ceac0a0 RDI: 0000000000000004 [ 533.143566][T23297] RBP: 00007fd36ceac090 R08: 0000000000000000 R09: 0000000000000000 [ 533.143579][T23297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 533.143592][T23297] R13: 00007fd36c1e6038 R14: 00007fd36c1e5fa0 R15: 00007ffdf7900db8 [ 533.143625][T23297] [ 533.375474][T23298] syzkaller1: entered promiscuous mode [ 533.381086][T23298] syzkaller1: entered allmulticast mode [ 533.389330][T23298] openvswitch: netlink: Flow key attr not present in new flow. [ 533.400144][T23298] x_tables: duplicate underflow at hook 4 [ 533.487614][T23284] tipc: Enabled bearer , priority 0 [ 533.495902][T23284] syzkaller0: entered promiscuous mode [ 533.502006][T23284] syzkaller0: entered allmulticast mode [ 533.539847][T23284] tipc: Resetting bearer [ 533.574053][T23301] x_tables: ip6_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT/POSTROUTING [ 533.797694][T23278] tipc: Resetting bearer [ 534.166032][T23278] tipc: Disabling bearer [ 534.226748][T23318] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 534.261423][T23279] lo speed is unknown, defaulting to 1000 [ 534.261466][T23323] veth0: entered promiscuous mode [ 534.386604][T23332] netlink: 'syz.2.5510': attribute type 11 has an invalid length. [ 534.515661][T23279] syzkaller0 speed is unknown, defaulting to 1000 [ 534.524064][T23330] tipc: Enabling of bearer rejected, already enabled [ 534.638519][T23342] netlink: 'syz.0.5513': attribute type 1 has an invalid length. [ 534.736966][T23342] bond10: entered promiscuous mode [ 534.742584][T23342] 8021q: adding VLAN 0 to HW filter on device bond10 [ 534.937348][T23354] veth0: entered promiscuous mode [ 534.942637][T23354] veth0: entered allmulticast mode [ 534.969159][T23354] netem: change failed [ 535.154536][T23359] tipc: Enabled bearer , priority 0 [ 535.174783][T23359] syzkaller0: entered promiscuous mode [ 535.210047][T23359] syzkaller0: entered allmulticast mode [ 535.281821][T23361] xt_policy: output policy not valid in PREROUTING and INPUT [ 535.296191][T23359] tipc: Resetting bearer [ 535.315208][T23358] tipc: Resetting bearer [ 535.364675][T23358] tipc: Disabling bearer [ 535.490744][T23368] netlink: 'syz.3.5523': attribute type 11 has an invalid length. [ 535.604579][T23378] IPVS: set_ctl: invalid protocol: 39909 172.20.20.170:20002 [ 535.695466][T23382] vlan2: entered promiscuous mode [ 535.700820][T23382] vlan2: entered allmulticast mode [ 535.712972][T23382] gretap0: entered allmulticast mode [ 535.978400][T23397] __nla_validate_parse: 16 callbacks suppressed [ 535.978420][T23397] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5532'. [ 535.997146][T23397] netlink: 88 bytes leftover after parsing attributes in process `syz.0.5532'. [ 536.022606][T23399] macvlan0: entered promiscuous mode [ 536.035447][T23399] batadv0: entered promiscuous mode [ 536.043869][T23399] hsr1: Slave A (macvlan0) is not up; please bring it up to get a fully working HSR network [ 536.055308][T23399] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network [ 536.083872][T23399] hsr1: entered allmulticast mode [ 536.095851][T23399] macvlan0: entered allmulticast mode [ 536.110525][T23399] batadv0: entered allmulticast mode [ 536.128386][T23399] macvlan0: left promiscuous mode [ 536.166214][T23399] batadv0: left promiscuous mode [ 536.188957][T23412] netlink: 'syz.0.5535': attribute type 1 has an invalid length. [ 536.291722][T23412] bond11: entered promiscuous mode [ 536.304639][T23412] 8021q: adding VLAN 0 to HW filter on device bond11 [ 536.322817][T23414] tipc: Enabled bearer , priority 0 [ 536.331073][T23414] syzkaller0: entered promiscuous mode [ 536.337531][T23414] syzkaller0: entered allmulticast mode [ 536.359003][T23414] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5536'. [ 536.383329][T23414] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5536'. [ 536.414583][T23414] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5536'. [ 536.457351][T23413] tipc: Resetting bearer [ 536.505280][T23413] tipc: Disabling bearer [ 536.542901][T23427] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 536.604974][T23432] netlink: 68 bytes leftover after parsing attributes in process `syz.1.5542'. [ 536.809927][T23437] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5544'. [ 537.027151][T23455] bridge: RTM_NEWNEIGH with invalid ether address [ 537.049640][T23455] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5549'. [ 537.086614][T23455] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5549'. [ 537.107919][T23455] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5549'. [ 537.328941][T23470] netlink: 'syz.4.5554': attribute type 1 has an invalid length. [ 537.348278][T23471] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 537.367113][T23431] FAULT_INJECTION: forcing a failure. [ 537.367113][T23431] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 537.384822][T23431] CPU: 1 UID: 0 PID: 23431 Comm: syz.3.5541 Not tainted syzkaller #0 PREEMPT(full) [ 537.384850][T23431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 537.384864][T23431] Call Trace: [ 537.384872][T23431] [ 537.384881][T23431] dump_stack_lvl+0x189/0x250 [ 537.384907][T23431] ? __pfx____ratelimit+0x10/0x10 [ 537.384931][T23431] ? __pfx_dump_stack_lvl+0x10/0x10 [ 537.384952][T23431] ? __pfx__printk+0x10/0x10 [ 537.384973][T23431] ? __might_fault+0xb0/0x130 [ 537.385010][T23431] should_fail_ex+0x414/0x560 [ 537.385036][T23431] core_sys_select+0x729/0xa20 [ 537.385072][T23431] ? __pfx_core_sys_select+0x10/0x10 [ 537.385128][T23431] ? __pfx_set_user_sigmask+0x10/0x10 [ 537.385149][T23431] ? bpf_trace_run2+0x322/0x4b0 [ 537.385180][T23431] ? bpf_trace_run2+0x186/0x4b0 [ 537.385214][T23431] __se_sys_pselect6+0x27a/0x300 [ 537.385247][T23431] ? __pfx___se_sys_pselect6+0x10/0x10 [ 537.385283][T23431] ? __x64_sys_pselect6+0x21/0xf0 [ 537.385313][T23431] do_syscall_64+0xfa/0xfa0 [ 537.385334][T23431] ? lockdep_hardirqs_on+0x9c/0x150 [ 537.385355][T23431] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 537.385373][T23431] ? clear_bhb_loop+0x60/0xb0 [ 537.385396][T23431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 537.385414][T23431] RIP: 0033:0x7efed758eec9 [ 537.385430][T23431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 537.385446][T23431] RSP: 002b:00007efed8410038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 537.385465][T23431] RAX: ffffffffffffffda RBX: 00007efed77e6090 RCX: 00007efed758eec9 [ 537.385479][T23431] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040 [ 537.385492][T23431] RBP: 00007efed8410090 R08: 0000000000000000 R09: 0000000000000000 [ 537.385504][T23431] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 537.385517][T23431] R13: 00007efed77e6128 R14: 00007efed77e6090 R15: 00007ffc502d6848 [ 537.385549][T23431] [ 537.765450][T23470] macvlan3: entered promiscuous mode [ 537.770788][T23470] macvlan3: entered allmulticast mode [ 537.777998][T23470] bond13: entered promiscuous mode [ 537.784168][T23470] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 537.798347][T23470] bond13: left promiscuous mode [ 537.874935][T23489] tun0: tun_chr_ioctl cmd 2148045848 [ 537.904204][T23489] tun0: tun_chr_ioctl cmd 21731 [ 538.037869][T23498] sctp: [Deprecated]: syz.4.5564 (pid 23498) Use of struct sctp_assoc_value in delayed_ack socket option. [ 538.037869][T23498] Use struct sctp_sack_info instead [ 538.373096][T23510] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 538.552778][T23517] netlink: 'syz.1.5573': attribute type 11 has an invalid length. [ 538.772972][T23520] netlink: 'syz.0.5574': attribute type 1 has an invalid length. [ 539.352319][T23556] ieee802154 phy0 wpan0: encryption failed: -90 [ 539.487319][T23566] netlink: 'syz.0.5588': attribute type 1 has an invalid length. [ 539.529033][T23566] bond13: entered promiscuous mode [ 539.534777][T23566] 8021q: adding VLAN 0 to HW filter on device bond13 [ 540.240069][T23595] netlink: 'syz.2.5598': attribute type 1 has an invalid length. [ 540.366794][T23608] SET target dimension over the limit! [ 540.402498][T23610] netlink: 'syz.4.5603': attribute type 2 has an invalid length. [ 540.410762][T23610] netlink: 'syz.4.5603': attribute type 2 has an invalid length. [ 540.419078][T23610] netlink: 'syz.4.5603': attribute type 2 has an invalid length. [ 540.427097][T23610] netlink: 'syz.4.5603': attribute type 1 has an invalid length. [ 540.451581][T23595] macvlan2: entered promiscuous mode [ 540.466399][T23595] macvlan2: entered allmulticast mode [ 540.474063][T23595] bond16: entered promiscuous mode [ 540.480145][T23595] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 540.494510][T23595] bond16: left promiscuous mode [ 541.265999][T23641] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.283433][T23645] validate_nla: 4 callbacks suppressed [ 541.283451][T23645] netlink: 'syz.3.5611': attribute type 1 has an invalid length. [ 541.358868][T23645] bond14: entered promiscuous mode [ 541.365366][T23645] 8021q: adding VLAN 0 to HW filter on device bond14 [ 541.396004][T23641] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.632825][T23641] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.715092][T23641] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.860980][T12274] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.884235][T23680] __nla_validate_parse: 15 callbacks suppressed [ 541.884253][T23680] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5621'. [ 541.937184][T12274] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.952883][T12274] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.968433][T12274] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.143035][T23687] lo speed is unknown, defaulting to 1000 [ 542.267066][T23697] netlink: 'syz.3.5627': attribute type 1 has an invalid length. [ 542.276848][T23697] netlink: 224 bytes leftover after parsing attributes in process `syz.3.5627'. [ 542.371782][T23703] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5629'. [ 542.389442][T23703] netlink: 'syz.2.5629': attribute type 1 has an invalid length. [ 542.400195][T23703] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 542.420776][T23703] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5629'. [ 542.477047][T23687] lo speed is unknown, defaulting to 1000 [ 542.485125][T23687] syzkaller0 speed is unknown, defaulting to 1000 [ 542.655798][T23712] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 542.714721][T23717] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5635'. [ 542.871232][T23720] tipc: Enabled bearer , priority 0 [ 542.890797][T23720] syzkaller0: entered promiscuous mode [ 542.925183][T23720] syzkaller0: entered allmulticast mode [ 542.947519][T23720] sch_fq: defrate 32768 ignored. [ 542.966977][T23720] tipc: Resetting bearer [ 543.063789][T23719] tipc: Resetting bearer [ 543.094960][T23732] netlink: 'syz.3.5641': attribute type 11 has an invalid length. [ 543.154388][T23719] tipc: Disabling bearer [ 543.160695][T23734] netlink: 'syz.1.5642': attribute type 21 has an invalid length. [ 543.169606][T23734] netlink: 156 bytes leftover after parsing attributes in process `syz.1.5642'. [ 543.384979][T23750] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5645'. [ 543.852242][T23773] netlink: 'syz.2.5655': attribute type 11 has an invalid length. [ 543.889052][T23772] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5654'. [ 543.914312][T23772] netlink: 184 bytes leftover after parsing attributes in process `syz.3.5654'. [ 543.963654][T23776] netlink: 136 bytes leftover after parsing attributes in process `syz.4.5656'. [ 544.485696][T23786] lo speed is unknown, defaulting to 1000 [ 544.985291][T23806] syzkaller1: entered promiscuous mode [ 545.013770][T23806] syzkaller1: entered allmulticast mode [ 545.206037][T23786] lo speed is unknown, defaulting to 1000 [ 545.222717][T23786] syzkaller0 speed is unknown, defaulting to 1000 [ 545.267313][T23813] lo speed is unknown, defaulting to 1000 [ 545.984269][T23813] lo speed is unknown, defaulting to 1000 [ 545.991798][T23813] syzkaller0 speed is unknown, defaulting to 1000 [ 546.117207][T23831] netlink: 'syz.4.5672': attribute type 11 has an invalid length. [ 546.689033][T23851] netlink: 'syz.4.5677': attribute type 1 has an invalid length. [ 546.871619][T23853] syzkaller0: entered promiscuous mode [ 546.878541][T23853] syzkaller0: entered allmulticast mode [ 546.898977][T23864] __nla_validate_parse: 3 callbacks suppressed [ 546.898997][T23864] netlink: 824 bytes leftover after parsing attributes in process `syz.3.5681'. [ 546.917609][T23863] FAULT_INJECTION: forcing a failure. [ 546.917609][T23863] name failslab, interval 1, probability 0, space 0, times 0 [ 546.950826][T23863] CPU: 0 UID: 0 PID: 23863 Comm: syz.1.5682 Not tainted syzkaller #0 PREEMPT(full) [ 546.950856][T23863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 546.950868][T23863] Call Trace: [ 546.950876][T23863] [ 546.950886][T23863] dump_stack_lvl+0x189/0x250 [ 546.950916][T23863] ? __pfx____ratelimit+0x10/0x10 [ 546.950940][T23863] ? __pfx_dump_stack_lvl+0x10/0x10 [ 546.950961][T23863] ? __pfx__printk+0x10/0x10 [ 546.950988][T23863] ? __pfx___might_resched+0x10/0x10 [ 546.951015][T23863] should_fail_ex+0x414/0x560 [ 546.951045][T23863] should_failslab+0xa8/0x100 [ 546.951067][T23863] __kmalloc_cache_noprof+0x6f/0x6f0 [ 546.951104][T23863] ? nfc_genl_se_io+0x227/0x680 [ 546.951121][T23863] ? __nla_parse+0x40/0x60 [ 546.951153][T23863] nfc_genl_se_io+0x227/0x680 [ 546.951180][T23863] genl_family_rcv_msg_doit+0x212/0x300 [ 546.951217][T23863] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 546.951259][T23863] ? bpf_lsm_capable+0x9/0x20 [ 546.951282][T23863] ? security_capable+0x7e/0x2e0 [ 546.951315][T23863] genl_rcv_msg+0x60e/0x790 [ 546.951348][T23863] ? __pfx_genl_rcv_msg+0x10/0x10 [ 546.951374][T23863] ? __pfx_nfc_genl_se_io+0x10/0x10 [ 546.951409][T23863] netlink_rcv_skb+0x205/0x470 [ 546.951427][T23863] ? __lock_acquire+0xab9/0xd20 [ 546.951448][T23863] ? __pfx_genl_rcv_msg+0x10/0x10 [ 546.951475][T23863] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 546.951517][T23863] ? down_read+0x1ad/0x2e0 [ 546.951548][T23863] genl_rcv+0x28/0x40 [ 546.951571][T23863] netlink_unicast+0x82f/0x9e0 [ 546.951611][T23863] ? __pfx_netlink_unicast+0x10/0x10 [ 546.951648][T23863] ? netlink_sendmsg+0x642/0xb30 [ 546.951667][T23863] ? skb_put+0x11b/0x210 [ 546.951692][T23863] netlink_sendmsg+0x805/0xb30 [ 546.951726][T23863] ? __pfx_netlink_sendmsg+0x10/0x10 [ 546.951748][T23863] ? aa_sock_msg_perm+0xf1/0x1d0 [ 546.951776][T23863] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 546.951793][T23863] ? __pfx_netlink_sendmsg+0x10/0x10 [ 546.951813][T23863] __sock_sendmsg+0x21c/0x270 [ 546.951844][T23863] ____sys_sendmsg+0x505/0x830 [ 546.951872][T23863] ? __pfx_____sys_sendmsg+0x10/0x10 [ 546.951907][T23863] ? import_iovec+0x74/0xa0 [ 546.951931][T23863] ___sys_sendmsg+0x21f/0x2a0 [ 546.951958][T23863] ? __pfx____sys_sendmsg+0x10/0x10 [ 546.952023][T23863] ? __fget_files+0x2a/0x420 [ 546.952040][T23863] ? __fget_files+0x3a0/0x420 [ 546.952071][T23863] __x64_sys_sendmsg+0x19b/0x260 [ 546.952098][T23863] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 546.952133][T23863] ? __pfx_ksys_write+0x10/0x10 [ 546.952164][T23863] ? do_syscall_64+0xbe/0xfa0 [ 546.952193][T23863] do_syscall_64+0xfa/0xfa0 [ 546.952216][T23863] ? lockdep_hardirqs_on+0x9c/0x150 [ 546.952240][T23863] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.952259][T23863] ? clear_bhb_loop+0x60/0xb0 [ 546.952285][T23863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.952303][T23863] RIP: 0033:0x7f950078eec9 [ 546.952322][T23863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 546.952339][T23863] RSP: 002b:00007f95016c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 546.952361][T23863] RAX: ffffffffffffffda RBX: 00007f95009e5fa0 RCX: 00007f950078eec9 [ 546.952377][T23863] RDX: 0000000000000000 RSI: 0000200000000840 RDI: 0000000000000005 [ 546.952390][T23863] RBP: 00007f95016c5090 R08: 0000000000000000 R09: 0000000000000000 [ 546.952401][T23863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 546.952414][T23863] R13: 00007f95009e6038 R14: 00007f95009e5fa0 R15: 00007ffe0a7437e8 [ 546.952450][T23863] [ 547.119653][T23856] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5680'. [ 547.125746][T23857] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5679'. [ 547.177156][T23865] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5679'. [ 547.331686][T23874] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5683'. [ 547.390926][T23848] macvlan3: entered promiscuous mode [ 547.409337][T23848] macvlan3: entered allmulticast mode [ 547.437251][T23848] bond14: entered promiscuous mode [ 547.443106][T23848] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 547.455967][T23848] bond14: left promiscuous mode [ 547.899924][T23892] netlink: 'syz.0.5690': attribute type 13 has an invalid length. [ 547.927819][T23892] netlink: 'syz.0.5690': attribute type 17 has an invalid length. [ 547.942763][T23895] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5691'. [ 548.066080][T23892] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 548.099740][T23895] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5691'. [ 548.126629][T23895] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5691'. [ 548.172629][T23895] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5691'. [ 548.186127][T23895] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5691'. [ 549.019493][T23954] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 549.417838][T23973] netlink: 'syz.4.5719': attribute type 13 has an invalid length. [ 549.526868][T23986] netlink: 'syz.4.5719': attribute type 10 has an invalid length. [ 549.714442][T23988] nbd1: detected capacity change from 0 to 127 [ 549.732863][T23986] team0: Port device macvlan1 added [ 549.784352][T23973] lo: Caught tx_queue_len zero misconfig [ 549.853200][ T5840] block nbd1: Receive control failed (result -32) [ 549.895721][T23996] netlink: 'syz.0.5723': attribute type 1 has an invalid length. [ 549.949151][T23996] bond14: entered promiscuous mode [ 549.957278][T23996] 8021q: adding VLAN 0 to HW filter on device bond14 [ 549.974189][T23997] vlan2: entered promiscuous mode [ 549.996466][T24001] tipc: Enabled bearer , priority 0 [ 550.006011][T24001] syzkaller0: entered promiscuous mode [ 550.011507][T24001] syzkaller0: entered allmulticast mode [ 550.022467][T24000] tipc: Resetting bearer [ 550.052987][T24000] tipc: Disabling bearer [ 550.152985][T24003] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 550.517082][T24027] FAULT_INJECTION: forcing a failure. [ 550.517082][T24027] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 550.532459][T24027] CPU: 1 UID: 0 PID: 24027 Comm: syz.4.5732 Not tainted syzkaller #0 PREEMPT(full) [ 550.532486][T24027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 550.532499][T24027] Call Trace: [ 550.532508][T24027] [ 550.532517][T24027] dump_stack_lvl+0x189/0x250 [ 550.532542][T24027] ? __pfx____ratelimit+0x10/0x10 [ 550.532566][T24027] ? __pfx_dump_stack_lvl+0x10/0x10 [ 550.532587][T24027] ? __pfx__printk+0x10/0x10 [ 550.532621][T24027] should_fail_ex+0x414/0x560 [ 550.532650][T24027] _copy_to_user+0x31/0xb0 [ 550.532672][T24027] simple_read_from_buffer+0xe1/0x170 [ 550.532704][T24027] proc_fail_nth_read+0x1b3/0x220 [ 550.532741][T24027] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 550.532773][T24027] ? rw_verify_area+0x2a6/0x4d0 [ 550.532798][T24027] ? __lock_acquire+0xab9/0xd20 [ 550.532819][T24027] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 550.532844][T24027] vfs_read+0x200/0xa30 [ 550.532869][T24027] ? fdget_pos+0x247/0x320 [ 550.532891][T24027] ? __pfx___mutex_lock+0x10/0x10 [ 550.532916][T24027] ? __pfx_vfs_read+0x10/0x10 [ 550.532944][T24027] ? __fget_files+0x2a/0x420 [ 550.532965][T24027] ? __fget_files+0x3a0/0x420 [ 550.532981][T24027] ? __fget_files+0x2a/0x420 [ 550.533007][T24027] ksys_read+0x145/0x250 [ 550.533034][T24027] ? __pfx_ksys_read+0x10/0x10 [ 550.533061][T24027] ? do_syscall_64+0xbe/0xfa0 [ 550.533088][T24027] do_syscall_64+0xfa/0xfa0 [ 550.533113][T24027] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.533133][T24027] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 550.533152][T24027] ? clear_bhb_loop+0x60/0xb0 [ 550.533182][T24027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.533200][T24027] RIP: 0033:0x7f85da18d8dc [ 550.533221][T24027] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 550.533237][T24027] RSP: 002b:00007f85db03b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 550.533256][T24027] RAX: ffffffffffffffda RBX: 00007f85da3e5fa0 RCX: 00007f85da18d8dc [ 550.533269][T24027] RDX: 000000000000000f RSI: 00007f85db03b0a0 RDI: 0000000000000004 [ 550.533281][T24027] RBP: 00007f85db03b090 R08: 0000000000000000 R09: 0000000000000000 [ 550.533293][T24027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 550.533304][T24027] R13: 00007f85da3e6038 R14: 00007f85da3e5fa0 R15: 00007ffde1d13da8 [ 550.533337][T24027] [ 550.861438][T24037] IPVS: lblcr: FWM 3 0x00000003 - no destination available [ 550.869217][ C1] IPVS: lblcr: FWM 3 0x00000003 - no destination available [ 550.979235][T24044] openvswitch: netlink: Message has 26 unknown bytes. [ 551.089530][T24051] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 551.262400][T24054] xfrm1: entered allmulticast mode [ 551.346320][T24057] bond17: invalid ARP target 0.0.0.0 specified for addition [ 551.354554][T24057] bond17: option arp_ip_target: invalid value (0) [ 551.364502][T24057] bond17 (unregistering): Released all slaves [ 551.441079][T24068] netlink: 'syz.0.5744': attribute type 1 has an invalid length. [ 551.452609][T24066] vxcan31: entered allmulticast mode [ 551.639795][T24081] netlink: 'syz.3.5747': attribute type 1 has an invalid length. [ 552.117501][T24068] bond15: entered promiscuous mode [ 552.123531][T24068] 8021q: adding VLAN 0 to HW filter on device bond15 [ 552.151326][T24060] Cannot find set identified by id 3 to match [ 552.190437][T24086] macvlan3: entered promiscuous mode [ 552.195974][T24086] macvlan3: entered allmulticast mode [ 552.202339][T24086] bond15: entered promiscuous mode [ 552.208122][T24086] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 552.220984][T24086] bond15: left promiscuous mode [ 552.261260][T24096] netlink: 'syz.0.5748': attribute type 11 has an invalid length. [ 552.716332][T24108] netlink: 'syz.1.5754': attribute type 4 has an invalid length. [ 552.771466][T24110] __nla_validate_parse: 39 callbacks suppressed [ 552.771487][T24110] netlink: 152 bytes leftover after parsing attributes in process `syz.1.5754'. [ 552.827146][T24111] netlink: 14436 bytes leftover after parsing attributes in process `syz.0.5755'. [ 552.865420][T24113] netlink: 'syz.4.5756': attribute type 4 has an invalid length. [ 552.916721][T24110] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5754'. [ 552.987704][T24117] lo speed is unknown, defaulting to 1000 [ 553.131018][T24128] netlink: 'syz.0.5760': attribute type 11 has an invalid length. [ 553.288191][T24135] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5764'. [ 553.327058][T24135] xfrm1: entered allmulticast mode [ 553.649286][T24119] lo speed is unknown, defaulting to 1000 [ 553.650235][T24117] lo speed is unknown, defaulting to 1000 [ 553.721275][T24117] syzkaller0 speed is unknown, defaulting to 1000 [ 554.156093][T24119] lo speed is unknown, defaulting to 1000 [ 554.163753][T24119] syzkaller0 speed is unknown, defaulting to 1000 [ 554.191439][T24181] netlink: 'syz.4.5778': attribute type 10 has an invalid length. [ 554.345082][T24185] netlink: 136 bytes leftover after parsing attributes in process `syz.1.5780'. [ 554.354621][T24185] netlink: 180 bytes leftover after parsing attributes in process `syz.1.5780'. [ 555.008601][T24198] netlink: 'syz.3.5784': attribute type 1 has an invalid length. [ 555.065477][T24198] bond16: entered promiscuous mode [ 555.071098][T24198] 8021q: adding VLAN 0 to HW filter on device bond16 [ 555.112474][T24201] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5785'. [ 555.301199][T24201] team_slave_0: left promiscuous mode [ 555.316566][T24201] team0 (unregistering): Port device team_slave_0 removed [ 555.324588][T24201] Àÿ: left promiscuous mode [ 555.348395][T24201] team0 (unregistering): Port device 52Àÿ removed [ 555.404902][T24215] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5787'. [ 555.861510][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 555.872332][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 555.880904][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 555.891179][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 555.904777][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 556.023808][T24227] lo speed is unknown, defaulting to 1000 [ 556.179247][T24236] netlink: 'syz.1.5794': attribute type 2 has an invalid length. [ 556.187834][T24236] netlink: 'syz.1.5794': attribute type 1 has an invalid length. [ 556.203441][T24236] netlink: 'syz.1.5794': attribute type 1 has an invalid length. [ 556.385821][T24241] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 556.410662][T24247] netlink: 'syz.0.5798': attribute type 11 has an invalid length. [ 556.604883][T24227] lo speed is unknown, defaulting to 1000 [ 556.667298][T24258] bond17: entered promiscuous mode [ 556.674548][T24258] 8021q: adding VLAN 0 to HW filter on device bond17 [ 556.686500][T24227] syzkaller0 speed is unknown, defaulting to 1000 [ 556.774530][T24271] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5801'. [ 556.901991][T24280] netlink: 92 bytes leftover after parsing attributes in process `syz.0.5801'. [ 557.148600][T12268] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.186729][T24227] chnl_net:caif_netlink_parms(): no params data found [ 557.249362][T12268] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.305978][T12268] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.335444][T24227] bridge0: port 1(bridge_slave_0) entered blocking state [ 557.342723][T24227] bridge0: port 1(bridge_slave_0) entered disabled state [ 557.350389][T24227] bridge_slave_0: entered allmulticast mode [ 557.359421][T24227] bridge_slave_0: entered promiscuous mode [ 557.388968][T12268] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.406615][T24227] bridge0: port 2(bridge_slave_1) entered blocking state [ 557.414437][T24227] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.421906][T24227] bridge_slave_1: entered allmulticast mode [ 557.432069][T24227] bridge_slave_1: entered promiscuous mode [ 557.567183][T24227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 557.586989][T24227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 557.634658][T24294] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 557.710523][T24302] validate_nla: 1 callbacks suppressed [ 557.710541][T24302] netlink: 'syz.2.5810': attribute type 11 has an invalid length. [ 557.830600][T24227] team0: Port device team_slave_0 added [ 557.854436][T12288] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 557.886900][T24227] team0: Port device team_slave_1 added [ 557.893547][T12288] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 557.910614][T24309] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5813'. [ 557.974096][ T5840] Bluetooth: hci2: command tx timeout [ 558.023773][T12288] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.042605][T24227] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 558.059358][T24227] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 558.111383][T24320] netlink: 68 bytes leftover after parsing attributes in process `syz.1.5816'. [ 558.121760][T24227] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 558.135222][T24227] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 558.142184][T24227] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 558.170138][T24227] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 558.180443][T24323] SET target dimension over the limit! [ 558.182036][T12288] netdevsim netdevsim4 eth4: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.196563][T12268] bridge0: port 1(batadv0) entered disabled state [ 558.458834][T24335] netlink: 'syz.1.5821': attribute type 11 has an invalid length. [ 559.076339][T12268] bond2 (unregistering): (slave geneve2): Releasing active interface [ 560.053428][ T5840] Bluetooth: hci2: command tx timeout [ 561.719056][T12268] bond0 (unregistering): (slave team0): Releasing backup interface [ 561.729577][T12268] bond0 (unregistering): Released all slaves [ 561.742615][T12268] bond1 (unregistering): Released all slaves [ 561.846045][T12268] bond2 (unregistering): Released all slaves [ 561.944545][T12268] bond3 (unregistering): Released all slaves [ 561.957125][T12268] bond4 (unregistering): Released all slaves [ 561.969878][T12268] bond5 (unregistering): Released all slaves [ 561.982595][T12268] bond6 (unregistering): Released all slaves [ 561.997789][T12268] bond7 (unregistering): Released all slaves [ 562.013446][T12268] bond8 (unregistering): Released all slaves [ 562.028187][T12268] bond9 (unregistering): Released all slaves [ 562.040545][T12268] bond10 (unregistering): Released all slaves [ 562.059619][T12268] bond11 (unregistering): Released all slaves [ 562.072129][T12268] bond12 (unregistering): Released all slaves [ 562.085937][T12268] bond13 (unregistering): Released all slaves [ 562.099882][T12268] bond14 (unregistering): Released all slaves [ 562.134884][ T5840] Bluetooth: hci2: command tx timeout [ 562.326769][T24227] hsr_slave_0: entered promiscuous mode [ 562.366755][T24227] hsr_slave_1: entered promiscuous mode [ 562.383772][T24227] debugfs: 'hsr0' already exists in 'hsr' [ 562.392648][T24227] Cannot create hsr debugfs directory [ 562.416666][T24359] tipc: Enabling of bearer rejected, already enabled [ 562.443350][T12268] tipc: Left network mode [ 562.476756][T24359] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5829'. [ 562.682390][T24371] netlink: 52 bytes leftover after parsing attributes in process `syz.0.5833'. [ 562.706913][T24371] netlink: 56 bytes leftover after parsing attributes in process `syz.0.5833'. [ 562.841374][T24376] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 562.861962][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.947349][T24384] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5838'. [ 562.961481][T24384] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5838'. [ 562.999838][T24385] netlink: 16215 bytes leftover after parsing attributes in process `syz.2.5838'. [ 563.018183][T24385] netlink: 'syz.2.5838': attribute type 10 has an invalid length. [ 563.030082][T24385] bridge0: port 3(macsec0) entered blocking state [ 563.038992][T24385] bridge0: port 3(macsec0) entered disabled state [ 563.049608][T24385] macsec0: entered allmulticast mode [ 563.056729][T24385] veth1_macvtap: entered allmulticast mode [ 563.066426][T24385] macsec0: entered promiscuous mode [ 563.073631][T24385] bridge0: port 3(macsec0) entered blocking state [ 563.080184][T24385] bridge0: port 3(macsec0) entered listening state [ 563.108821][T24227] netdevsim netdevsim4 eth4 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.168091][T24392] dvmrp8: entered allmulticast mode [ 563.227574][T24227] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.451209][T24227] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.558964][T24404] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5844'. [ 563.604744][T12268] hsr_slave_0: left promiscuous mode [ 563.611711][T12268] hsr_slave_1: left promiscuous mode [ 563.622028][T12268] batman_adv: batadv0: Removing interface: macvtap1 [ 563.642098][T12268] veth1_macvtap: left promiscuous mode [ 563.650535][T12268] veth0_macvtap: left promiscuous mode [ 563.656780][T12268] veth1_vlan: left promiscuous mode [ 563.662276][T12268] veth0_vlan: left promiscuous mode [ 563.868260][T12268] pim6reg (unregistering): left allmulticast mode [ 564.228339][ T5840] Bluetooth: hci2: command tx timeout [ 564.272418][T12268] team0 (unregistering): Port device macvlan1 removed [ 564.871068][T24387] lo speed is unknown, defaulting to 1000 [ 564.871124][T24400] netlink: 96 bytes leftover after parsing attributes in process `syz.1.5842'. [ 564.889249][T24227] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 565.044196][T24386] dvmrp8: left allmulticast mode [ 565.103331][ C1] bridge0: port 3(macsec0) entered learning state [ 565.336735][T24410] lo speed is unknown, defaulting to 1000 [ 565.339263][T24387] lo speed is unknown, defaulting to 1000 [ 565.349439][T24227] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 565.366814][T24429] Cannot find add_set index 0 as target [ 565.489835][T24227] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 565.553004][T24387] syzkaller0 speed is unknown, defaulting to 1000 [ 565.560788][T24227] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 565.646681][T24227] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 565.706454][T24437] netlink: 'syz.1.5853': attribute type 11 has an invalid length. [ 565.743678][T24435] netlink: 'syz.2.5852': attribute type 1 has an invalid length. [ 565.751431][T24435] netlink: 232 bytes leftover after parsing attributes in process `syz.2.5852'. [ 565.839478][T24410] lo speed is unknown, defaulting to 1000 [ 565.852081][T24410] syzkaller0 speed is unknown, defaulting to 1000 [ 565.882440][T24449] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5855'. [ 565.883679][T12268] IPVS: stop unused estimator thread 0... [ 566.276372][T24227] 8021q: adding VLAN 0 to HW filter on device bond0 [ 566.324219][T24455] netlink: 'syz.2.5856': attribute type 1 has an invalid length. [ 566.376170][T24460] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5856'. [ 566.448661][T24227] 8021q: adding VLAN 0 to HW filter on device team0 [ 566.492812][T24455] macvlan2: entered promiscuous mode [ 566.498612][T24455] macvlan2: entered allmulticast mode [ 566.505111][T24455] bond17: entered promiscuous mode [ 566.510678][T24455] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 566.520476][T24455] bond17: left promiscuous mode [ 566.597567][T12288] bridge0: port 1(bridge_slave_0) entered blocking state [ 566.604812][T12288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 566.637887][T22296] bridge0: port 2(bridge_slave_1) entered blocking state [ 566.645172][T22296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 567.099971][T24481] lo speed is unknown, defaulting to 1000 [ 567.173379][ C1] bridge0: port 3(macsec0) entered forwarding state [ 567.180018][ C1] bridge0: topology change detected, propagating [ 567.244303][T24227] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 567.316125][T24494] netlink: 'syz.3.5864': attribute type 11 has an invalid length. [ 567.602363][T24490] lo speed is unknown, defaulting to 1000 [ 567.609655][T24481] lo speed is unknown, defaulting to 1000 [ 567.622258][T24481] syzkaller0 speed is unknown, defaulting to 1000 [ 567.790940][T24227] veth0_vlan: entered promiscuous mode [ 567.877147][T24227] veth1_vlan: entered promiscuous mode [ 567.888897][T24490] lo speed is unknown, defaulting to 1000 [ 567.901040][T24490] syzkaller0 speed is unknown, defaulting to 1000 [ 567.914283][T24497] siw: device registration error -23 [ 567.922371][T24500] lo speed is unknown, defaulting to 1000 [ 568.015262][T24227] veth0_macvtap: entered promiscuous mode [ 568.047692][T24227] veth1_macvtap: entered promiscuous mode [ 568.090934][T24227] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 568.112208][T24227] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 568.135461][T12301] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 568.160487][T12301] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 568.172060][ T57] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 568.182457][T24500] lo speed is unknown, defaulting to 1000 [ 568.194526][ T57] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 568.203978][T24500] syzkaller0 speed is unknown, defaulting to 1000 [ 568.559518][T24513] mac80211_hwsim hwsim34 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 568.664294][T12268] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 568.672201][T12268] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 568.724035][T24517] netlink: 'syz.1.5869': attribute type 1 has an invalid length. [ 568.781920][T24519] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5869'. [ 569.155052][T24526] macvlan3: entered promiscuous mode [ 569.163697][T24526] macvlan3: entered allmulticast mode [ 569.171451][T24526] bond9: entered promiscuous mode [ 569.181074][T24526] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 569.196128][T24526] bond9: left promiscuous mode [ 569.224333][T12279] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 569.232723][T12279] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 569.557626][T24542] lo speed is unknown, defaulting to 1000 [ 569.664659][T24550] openvswitch: netlink: IP tunnel attribute has 150 unknown bytes. [ 569.764635][T24554] netlink: 'syz.2.5877': attribute type 2 has an invalid length. [ 569.809835][T24557] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5878'. [ 569.837009][T24557] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5878'. [ 569.855435][T24542] lo speed is unknown, defaulting to 1000 [ 569.863535][T24542] syzkaller0 speed is unknown, defaulting to 1000 [ 570.020825][T24565] Cannot find add_set index 0 as target [ 570.421395][T24582] netlink: 'syz.3.5887': attribute type 11 has an invalid length. [ 570.971379][T24609] netlink: 'syz.4.5892': attribute type 3 has an invalid length. [ 570.979648][T24609] netlink: 'syz.4.5892': attribute type 1 has an invalid length. [ 570.987817][T24609] netlink: 60387 bytes leftover after parsing attributes in process `syz.4.5892'. [ 572.799862][T24598] tipc: Enabling of bearer rejected, failed to enable media [ 572.909175][T24623] IPv6: NLM_F_REPLACE set, but no existing node found! [ 573.275417][T24636] delete_channel: no stack [ 573.999472][T24657] netlink: 'syz.3.5906': attribute type 1 has an invalid length. [ 574.009798][T24659] netlink: 'syz.2.5908': attribute type 11 has an invalid length. [ 574.090383][T24660] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5906'. [ 574.180150][T24657] macvlan3: entered promiscuous mode [ 574.208606][T24657] macvlan3: entered allmulticast mode [ 574.237630][T24657] bond18: entered promiscuous mode [ 574.253131][T24657] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 574.317203][T24657] bond18: left promiscuous mode [ 574.431594][T24678] netlink: 'syz.1.5913': attribute type 1 has an invalid length. [ 574.477858][T24678] 8021q: adding VLAN 0 to HW filter on device bond10 [ 574.565504][T24680] bond10: (slave geneve4): making interface the new active one [ 574.587622][T24689] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5916'. [ 574.609752][T24680] bond10: (slave geneve4): Enslaving as an active interface with an up link [ 574.823108][T24700] lo speed is unknown, defaulting to 1000 [ 574.848822][T24705] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.5919'. [ 575.154076][T24717] netlink: 128 bytes leftover after parsing attributes in process `syz.3.5922'. [ 575.567942][T24728] netlink: 'syz.3.5923': attribute type 11 has an invalid length. [ 575.571909][T24700] lo speed is unknown, defaulting to 1000 [ 575.612784][T24700] syzkaller0 speed is unknown, defaulting to 1000 [ 575.978308][T24745] netlink: 'syz.3.5926': attribute type 1 has an invalid length. [ 576.087454][T24745] bond19: entered promiscuous mode [ 576.116399][T24745] 8021q: adding VLAN 0 to HW filter on device bond19 [ 576.157495][T24750] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5929'. [ 576.322151][T24757] SET target dimension over the limit! [ 576.587540][T24766] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5934'. [ 576.693827][T24772] netlink: 'syz.4.5936': attribute type 11 has an invalid length. [ 576.725392][T24773] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 576.872756][T24782] SET target dimension over the limit! [ 576.919709][T24788] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5940'. [ 576.937915][T24785] netlink: 'syz.1.5943': attribute type 4 has an invalid length. [ 576.963350][T24785] xt_hashlimit: size too large, truncated to 1048576 [ 577.192797][T24797] sctp: [Deprecated]: syz.3.5946 (pid 24797) Use of struct sctp_assoc_value in delayed_ack socket option. [ 577.192797][T24797] Use struct sctp_sack_info instead [ 577.232820][T24802] siw: device registration error -23 [ 577.401495][T24812] netlink: 'syz.3.5951': attribute type 11 has an invalid length. [ 577.532858][T24814] macvlan0: entered promiscuous mode [ 577.547376][T24818] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5953'. [ 577.575018][T24814] batadv0: entered promiscuous mode [ 577.592630][T24814] hsr1: entered allmulticast mode [ 577.603329][T24814] macvlan0: entered allmulticast mode [ 577.663562][T24814] veth1_vlan: entered allmulticast mode [ 577.723494][T24814] batadv0: entered allmulticast mode [ 577.761261][T24814] macvlan0: left promiscuous mode [ 577.772511][T24814] batadv0: left promiscuous mode [ 577.915376][T24816] geneve2: entered promiscuous mode [ 578.326153][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 578.335833][ T5846] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 578.345381][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 578.357274][ T5846] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 578.365136][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 578.409297][T15185] team0: Port device macvlan2 removed [ 578.423869][T24843] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5958'. [ 578.465018][T24835] syzkaller0: entered promiscuous mode [ 578.470597][T24835] syzkaller0: entered allmulticast mode [ 578.598133][T24849] lo speed is unknown, defaulting to 1000 [ 579.110418][T24875] vlan2: entered promiscuous mode [ 579.213588][T24877] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5966'. [ 579.272927][T24849] lo speed is unknown, defaulting to 1000 [ 579.273182][T24836] lo speed is unknown, defaulting to 1000 [ 579.291584][T24849] syzkaller0 speed is unknown, defaulting to 1000 [ 579.775619][T24887] netlink: 'syz.1.5969': attribute type 13 has an invalid length. [ 579.789473][T24887] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5969'. [ 579.799840][T24887] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5969'. [ 579.863770][T24836] lo speed is unknown, defaulting to 1000 [ 579.907418][T24836] syzkaller0 speed is unknown, defaulting to 1000 [ 579.944826][T24891] netlink: 'syz.1.5971': attribute type 83 has an invalid length. [ 579.959453][T24894] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5973'. [ 579.969000][T24895] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5973'. [ 580.166053][T24897] tipc: Enabled bearer , priority 0 [ 580.180312][T24899] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5974'. [ 580.196667][T24896] syzkaller0: entered promiscuous mode [ 580.206021][T24896] syzkaller0: entered allmulticast mode [ 580.218200][T24901] Bluetooth: MGMT ver 1.23 [ 580.262741][T24896] tipc: Resetting bearer [ 580.330413][T24897] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5972'. [ 580.435685][T24892] tipc: Resetting bearer [ 580.454893][ T5846] Bluetooth: hci0: command tx timeout [ 580.479591][T24892] tipc: Disabling bearer [ 580.536398][T24836] chnl_net:caif_netlink_parms(): no params data found [ 580.766803][T24929] netlink: 'syz.1.5981': attribute type 13 has an invalid length. [ 580.798018][T24929] netlink: 'syz.1.5981': attribute type 17 has an invalid length. [ 580.896838][T24929] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 580.999329][T24836] bridge0: port 1(bridge_slave_0) entered blocking state [ 581.011500][T24836] bridge0: port 1(bridge_slave_0) entered disabled state [ 581.019021][T24836] bridge_slave_0: entered allmulticast mode [ 581.037114][T24836] bridge_slave_0: entered promiscuous mode [ 581.050393][T24836] bridge0: port 2(bridge_slave_1) entered blocking state [ 581.077323][T24836] bridge0: port 2(bridge_slave_1) entered disabled state [ 581.097442][T24836] bridge_slave_1: entered allmulticast mode [ 581.117372][T24943] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5980'. [ 581.126181][T24836] bridge_slave_1: entered promiscuous mode [ 581.139873][T24944] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5983'. [ 581.241874][T24836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 581.258181][T24836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 581.312544][T24836] team0: Port device team_slave_0 added [ 581.334329][T24836] team0: Port device team_slave_1 added [ 581.390374][T24949] bridge0: port 3(batadv0) entered disabled state [ 581.413021][T24949] bridge_slave_0: left allmulticast mode [ 581.423897][T24949] bridge_slave_0: left promiscuous mode [ 581.429835][T24949] bridge0: port 1(bridge_slave_0) entered disabled state [ 581.451834][T24949] bridge_slave_1: left allmulticast mode [ 581.468769][T24949] bridge_slave_1: left promiscuous mode [ 581.480790][T24949] bridge0: port 2(bridge_slave_1) entered disabled state [ 581.518339][T24949] bond0: (slave bond_slave_0): Releasing backup interface [ 581.540672][T24949] bond0: (slave bond_slave_1): Releasing backup interface [ 581.554567][T24949] team_slave_0: left promiscuous mode [ 581.576375][T24949] team0: Port device team_slave_0 removed [ 581.584879][T24949] team_slave_1: left promiscuous mode [ 581.599590][T24949] team0: Port device team_slave_1 removed [ 581.615460][T24949] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 581.639196][T24949] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 581.668245][T24949] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 581.677021][T24949] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 581.688570][T24949] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 581.698997][T24971] IPv6: Can't replace route, no match found [ 581.712274][T24836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 581.731552][T24836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 581.761247][T24836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 581.777765][T24836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 581.785457][T24836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 581.812096][T24836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 581.839695][T24961] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.5988'. [ 581.940761][T24836] hsr_slave_0: entered promiscuous mode [ 581.958734][T24836] hsr_slave_1: entered promiscuous mode [ 582.044162][T24979] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 582.362621][T24994] netlink: 'syz.1.5999': attribute type 7 has an invalid length. [ 582.535232][ T5846] Bluetooth: hci0: command tx timeout [ 582.629679][T24836] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 582.655137][T24836] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 582.683136][T24836] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 582.704351][T25007] lo speed is unknown, defaulting to 1000 [ 582.704848][T24836] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 582.743845][T22296] nci: nci_rx_work: unknown MT 0x1 [ 582.967800][T25007] lo speed is unknown, defaulting to 1000 [ 582.978147][T25007] syzkaller0 speed is unknown, defaulting to 1000 [ 583.287083][T24998] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 583.296999][T25022] lo speed is unknown, defaulting to 1000 [ 583.313652][T24998] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 583.341527][T24998] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 583.373950][T24998] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 583.582315][T24998] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 583.589725][T24998] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 583.658473][T24998] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN PTI [ 583.670396][T24998] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f] [ 583.678920][T24998] CPU: 0 UID: 0 PID: 24998 Comm: syz.4.6001 Not tainted syzkaller #0 PREEMPT(full) [ 583.688312][T24998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 583.698383][T24998] RIP: 0010:klist_remove+0x14a/0x340 [ 583.703686][T24998] Code: 4d 89 f5 49 c1 ed 03 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 e9 54 e3 f6 4d 8b 26 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 ca 54 e3 f6 49 8b 44 24 58 48 89 44 24 08 [ 583.723303][T24998] RSP: 0018:ffffc90000bd7800 EFLAGS: 00010202 [ 583.729377][T24998] RAX: 000000000000000b RBX: ffff88802de59e40 RCX: 0000000000000000 [ 583.737338][T24998] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058 [ 583.745297][T24998] RBP: ffffc90000bd7900 R08: ffffffff8f84bcc3 R09: 1ffffffff1f09798 [ 583.753270][T24998] R10: dffffc0000000000 R11: fffffbfff1f09799 R12: 0000000000000000 [ 583.761235][T24998] R13: 1ffff110104be28c R14: ffff8880825f1460 R15: dffffc0000000000 [ 583.769215][T24998] FS: 00007f254aff66c0(0000) GS:ffff888125d0f000(0000) knlGS:0000000000000000 [ 583.778142][T24998] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 583.784716][T24998] CR2: 0000001b2d80dff8 CR3: 0000000038e3a000 CR4: 00000000003526f0 [ 583.792679][T24998] Call Trace: [ 583.795950][T24998] [ 583.798876][T24998] ? __pfx_klist_remove+0x10/0x10 [ 583.803899][T24998] ? __pfx_kobject_move+0x10/0x10 [ 583.808917][T24998] ? do_raw_spin_unlock+0x122/0x240 [ 583.814112][T24998] ? get_device_parent+0x366/0x3a0 [ 583.819225][T24998] device_move+0x193/0x700 [ 583.823631][T24998] hci_conn_del_sysfs+0xb8/0x170 [ 583.828579][T24998] hci_conn_del+0xc33/0x11b0 [ 583.833167][T24998] hci_conn_hash_flush+0x191/0x230 [ 583.838284][T24998] hci_dev_close_sync+0xaef/0x1330 [ 583.843405][T24998] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 583.848947][T24998] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 583.854837][T24998] hci_dev_do_close+0x2f/0x90 [ 583.859510][T24998] hci_rfkill_set_block+0x21d/0x2e0 [ 583.864707][T24998] ? __pfx_hci_rfkill_set_block+0x10/0x10 [ 583.870422][T24998] rfkill_set_block+0x1cf/0x440 [ 583.875291][T24998] rfkill_fop_write+0x44b/0x570 [ 583.880157][T24998] ? __pfx_rfkill_fop_write+0x10/0x10 [ 583.885535][T24998] ? security_kernfs_init_security+0x220/0x290 [ 583.891951][T24998] ? rw_verify_area+0x255/0x4d0 [ 583.896803][T24998] ? __lock_acquire+0xab9/0xd20 [ 583.901645][T24998] ? __pfx_rfkill_fop_write+0x10/0x10 [ 583.907016][T24998] vfs_write+0x27b/0xb30 [ 583.911269][T24998] ? __pfx_vfs_write+0x10/0x10 [ 583.916029][T24998] ? __fget_files+0x2a/0x420 [ 583.920615][T24998] ? __fget_files+0x2a/0x420 [ 583.925214][T24998] ? __fget_files+0x3a0/0x420 [ 583.929908][T24998] ? __fget_files+0x2a/0x420 [ 583.934498][T24998] ksys_write+0x145/0x250 [ 583.938829][T24998] ? __pfx_ksys_write+0x10/0x10 [ 583.943682][T24998] ? do_syscall_64+0xbe/0xfa0 [ 583.948356][T24998] do_syscall_64+0xfa/0xfa0 [ 583.952853][T24998] ? lockdep_hardirqs_on+0x9c/0x150 [ 583.958652][T24998] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.964711][T24998] ? clear_bhb_loop+0x60/0xb0 [ 583.969405][T24998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.975291][T24998] RIP: 0033:0x7f254cd8eec9 [ 583.979698][T24998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 583.999291][T24998] RSP: 002b:00007f254aff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 584.007698][T24998] RAX: ffffffffffffffda RBX: 00007f254cfe5fa0 RCX: 00007f254cd8eec9 [ 584.015661][T24998] RDX: 0000000000000008 RSI: 0000200000000000 RDI: 0000000000000005 [ 584.023626][T24998] RBP: 00007f254ce11f91 R08: 0000000000000000 R09: 0000000000000000 [ 584.031592][T24998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 584.039554][T24998] R13: 00007f254cfe6038 R14: 00007f254cfe5fa0 R15: 00007ffe21fe94f8 [ 584.047526][T24998] [ 584.050542][T24998] Modules linked in: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 584.056713][T24998] ---[ end trace 0000000000000000 ]--- [ 584.073388][T24998] RIP: 0010:klist_remove+0x14a/0x340 [ 584.078735][T24998] Code: 4d 89 f5 49 c1 ed 03 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 e9 54 e3 f6 4d 8b 26 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 ca 54 e3 f6 49 8b 44 24 58 48 89 44 24 08 [ 584.163292][T24998] RSP: 0018:ffffc90000bd7800 EFLAGS: 00010202 [ 584.169425][T24998] RAX: 000000000000000b RBX: ffff88802de59e40 RCX: 0000000000000000 [ 584.253612][T24998] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058 [ 584.261725][T24998] RBP: ffffc90000bd7900 R08: ffffffff8f84bcc3 R09: 1ffffffff1f09798 [ 584.284599][T24998] R10: dffffc0000000000 R11: fffffbfff1f09799 R12: 0000000000000000 [ 584.292631][T24998] R13: 1ffff110104be28c R14: ffff8880825f1460 R15: dffffc0000000000 [ 584.301573][T24998] FS: 00007f254aff66c0(0000) GS:ffff888125e0f000(0000) knlGS:0000000000000000 [ 584.310744][T24998] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 584.317866][T24998] CR2: 00007fffe5a45fec CR3: 0000000038e3a000 CR4: 00000000003526f0 [ 584.326008][T24998] Kernel panic - not syncing: Fatal exception [ 584.332364][T24998] Kernel Offset: disabled [ 584.336686][T24998] Rebooting in 86400 seconds..