last executing test programs: 8.160418888s ago: executing program 3 (id=11116): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r2, &(0x7f0000000240), &(0x7f0000000140)=@tcp6=r0}, 0x20) sendmmsg$inet6(r0, &(0x7f0000002440)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000600)="e2", 0x1}], 0x1}}], 0x1, 0x10) sendto$inet6(r0, &(0x7f0000000000)="18f9", 0xc3ff, 0x4, 0x0, 0x0) close(0x3) 7.969631095s ago: executing program 3 (id=11117): socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000711227000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$packet(0x11, 0x3, 0x300) socket$key(0xf, 0x3, 0x2) socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)='O', 0x1}], 0x1}}], 0x1, 0x0) 7.809409589s ago: executing program 3 (id=11119): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1342, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x20000, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f00000016c0)=[{&(0x7f0000000040)="89e7ee0c7cda99b4b47380c988ca75", 0xf}, {&(0x7f0000000200)="05f70b", 0x3}, {&(0x7f0000000100)="03be9b0e06798d7d34d9b282be419e87b4b88c0e86f6d5f592d3287e", 0x1c}], 0x3) 4.905477793s ago: executing program 2 (id=11133): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x34, r3, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x34}}, 0x20) r5 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r5, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @loopback}, 0x4}}, 0x2e) 4.833929134s ago: executing program 3 (id=11135): socket(0x2a, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x7a05, 0x1700) splice(r0, 0x0, r2, 0x0, 0x100000000, 0x4) socket(0x10, 0x3, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) vmsplice(r1, &(0x7f00000003c0)=[{&(0x7f00000002c0)='\"', 0x1}], 0x1, 0x3) 4.750913862s ago: executing program 2 (id=11138): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWTABLE={0xc4, 0x0, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFTA_TABLE_USERDATA={0xae, 0x6, "7220c41382d2bd4fcd007de01b329303aaa2ec6f4418f7f611e63220d38b5379307c2c6c73dda9cc5079259fe9088ca8985b7c6460bd15338261e0a1553e4954e1921304ed0931a5b661d52159835da7aa857c8d7eaa98a2591d55ba7d0a7c507e85683c0323594a843c282abf29ce6e1e3fcfc50fbe251280c9c9d3bff60920689234ce3ed2f0339e10c2a525dfe71315c2a23594829ab645be9f14818120703432e55ad49cc53a587d"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xec}, 0x1, 0x0, 0x0, 0x40}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000002c0)={'syzkaller1\x00', @link_local}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'}) write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) 4.497926881s ago: executing program 2 (id=11143): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8000}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, 0x0, 0x108) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x54, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x54}}, 0x0) 4.264595693s ago: executing program 2 (id=11148): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) r4 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xfffbffff, {0x0, 0x0, 0x0, r2, {0x0, 0x8}, {0xffff, 0xffff}, {0xc, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x1c, 0x2, [@TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x8001}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0xb}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x8, 0x3, 0xa15, 0x7, 0x1, 0x5, 0x80000000}}, {0x4}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x40001}, 0x8010) 3.896890284s ago: executing program 3 (id=11151): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000002c0)=0x200000, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000380)={0x0, 0x21d000, 0x1000, 0x1, 0x2}, 0x20) 3.782974817s ago: executing program 4 (id=11152): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83766b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42ddd5f393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05bea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd60b1a715c366da2b37ac7e9e3033f8ec04db1c2412e02ccd0617d9fb646c4897750d068c936c3558a94b05d7c65c0d458c0d70d0aa864bc1e324d3f69b1b4061627da875a4b5c2668ab0990623fe6f3b54cd1c79da4baf256f88750c18486330589473e267fa44e220cf40db662b570c2a2fbba9a34a3dd7bbd8368fe506daa62b45797d4b397905a69e58eb436c08cc78963197adb1b16ad83a1a9b4"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) r1 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r1) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, 0x0}, 0x8) r4 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000002c0)=r3, 0x4) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={r4, r0, 0x4, r2}, 0x10) 3.62831512s ago: executing program 4 (id=11154): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0xf0b, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1, 0xa}, {0x0, 0x2}, {0x0, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x40c0}, 0xc4) r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) r2 = accept4(r0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000100)={0x0, 0x0, 0x4}, &(0x7f0000000180)=0x8) 3.412082338s ago: executing program 4 (id=11155): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xe, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x27}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x5}, 0x8}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0b00000000010000000100000900000001"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0x8, r0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r0}, 0x38) 3.191722279s ago: executing program 1 (id=11156): r0 = socket(0x40000000015, 0x5, 0x0) recvmsg(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x10102) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0xb4a02fe0ce239f93, '\x00', 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r2, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000040)="630b008646dc3f0adf33c9f7b986", 0x0, 0xcf25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x80}, 0x50) 2.979047371s ago: executing program 0 (id=11157): socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) setsockopt$sock_timeval(r1, 0x1, 0x43, &(0x7f0000000040)={0x0, 0x2710}, 0x10) writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x2) 2.85537249s ago: executing program 0 (id=11158): ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)=ANY=[@ANYBLOB='..']) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) unshare(0x100000) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) unshare(0x2c020400) openat$cgroup_ro(r1, &(0x7f0000000000)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0) 2.694484339s ago: executing program 0 (id=11159): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0xffffffffffffff14, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="0380c2000000bbbbbbbbbbbb08004500003000000000000190789f1e0001ac14140490781200183f2500000000000000000100007f000001"], 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0x140}], 0x1) 2.240404874s ago: executing program 1 (id=11160): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r1, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000140)={0x40, 0x3, 0x3}, 0x10) bind$tipc(r0, 0x0, 0x0) close(r0) 1.991550495s ago: executing program 1 (id=11161): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000040c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000001e0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c000180060001"], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0) 1.843406775s ago: executing program 1 (id=11162): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x9c, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x9c}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x14, 0x6, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000) 1.684832892s ago: executing program 1 (id=11163): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000100)=ANY=[@ANYBLOB="60b80000", @ANYRES16, @ANYBLOB="050427bd7000fedbdf250100000008000100", @ANYRES32, @ANYBLOB="4400028040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005"], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x4040084) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x1, 0x80000000, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x8, 0x3}, {0xa, 0xffe0}, {0xfff1, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_LIMIT={0x8, 0x1, 0xf4b6}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xfe2a}]}}]}, 0x44}}, 0x20004055) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(r0, 0x0, 0x4008840) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x5, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x2}, [@map_idx={0x18, 0x0, 0x5, 0x0, 0x3}]}, 0x0, 0x8, 0x0, 0x0, 0x40f00, 0x41, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r1 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) 614.704678ms ago: executing program 4 (id=11164): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0, 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0xfffc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_SOCKET_KEY={0x8}]}}}]}, @NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xd8}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="034886dd010000000000140000006000000000280600fe88a43de1a400000000000000027d01ff020000000000000000000000000001000088bed2868a1610e8f515ab", @ANYRESOCT=r0], 0xfdef) 600.340969ms ago: executing program 2 (id=11165): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_RX(r0, 0x11a, 0x2, &(0x7f0000000040)=@gcm_256={{0x304}, "2b875c4dba89eaaf", "b144cd6f1e6801ee02d37138c6c49d600da928554995cc24db65a0730183ff63", "736700dc", "fa81907166736e06"}, 0x38) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x1cf98000) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000080)=@gcm_256={{0x303}, "74eea70542c42cf8", "f084c0b4190ffe9dbfea4236f0e86ecbbd4ebad1b3e5baf5e3e8c850b182c147", "fdeb110f", "bf9dd645ed1a45a8"}, 0x38) 487.098049ms ago: executing program 0 (id=11166): setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) r0 = socket(0x2, 0x80805, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x2, 0x0, {}, [@NHA_OIF={0x8, 0x5, r3}]}, 0x20}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x10, 0x0, 0xfe, 0x4, 0x0, 0x1, 0x20000000}, [@RTA_NH_ID={0x8, 0x1e, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010) 348.158925ms ago: executing program 2 (id=11167): r0 = socket(0x15, 0x5, 0x0) sendmsg$DEVLINK_CMD_SB_POOL_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x70}, 0x1, 0x0, 0x0, 0xc001}, 0x4884) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r3, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028008000200ac1414bb080004"], 0x44}, 0x1, 0x2, 0x0, 0x4003}, 0x0) 259.005485ms ago: executing program 4 (id=11168): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000900)={0x41, 0x4}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x41, 0x0, 0x2}, 0x1be) sendmsg$tipc(r3, &(0x7f0000000180)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10, 0x0}, 0x0) 242.339829ms ago: executing program 0 (id=11169): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xc8, 0x0, 0xc000000) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) write$tun(r1, 0x0, 0xfdef) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', 0x0}) setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f00000000c0)={@remote, r4}, 0x14) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x1, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYRES32=r4], 0x28}}], 0x1, 0x0) 230.332356ms ago: executing program 1 (id=11170): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000200)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001}) epoll_pwait(r3, &(0x7f0000000400)=[{}], 0x1, 0x80, 0x0, 0x0) 77.255444ms ago: executing program 4 (id=11171): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, 0x0, 0x0) recvmsg$kcm(r0, &(0x7f0000004180)={0x0, 0x0, &(0x7f0000004080)=[{&(0x7f0000000a00)=""/4096, 0x1000}, {0x0}, {0x0}], 0x3}, 0x40000000) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1d19cb307b3472ab9cdb042d2", "643fcbb2c5a57df67d074af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x5, 0x0, 0x0, 0x60ff78ce1cb3c070}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, 0x0}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000009, 0x200000006c832, 0xffffffffffffffff, 0x0) 794.905µs ago: executing program 3 (id=11172): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r1, &(0x7f0000000840), &(0x7f0000004880)=@udp=r0}, 0x20) recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000480)=""/149, 0x95}], 0x1}, 0x22) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$cgroup_type(r2, &(0x7f0000000040), 0x9) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x9, @private2, 0x400}, 0x1c) 0s ago: executing program 0 (id=11173): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) close(r3) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x303}, "b7a41f5d937e5523", "4705a7b6113b967d7314f7201eb2babf", 'O\x00', "ecba26893bcdc493"}, 0x28) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000001000010029bd7000ffdbdf2500007100", @ANYRES32=r4, @ANYBLOB="100804002010000024001280110001006272696467655f736c618c65000000000c000580050019"], 0x44}, 0x1, 0x0, 0x0, 0xc441}, 0x40040d4) kernel console output (not intermixed with test programs): 311.601986][T16321] Bluetooth: MGMT ver 1.23 [ 311.842095][T16336] xt_socket: unknown flags 0xe4 [ 313.394268][T16423] netlink: 1 bytes leftover after parsing attributes in process `syz.4.5136'. [ 313.403862][ T30] audit: type=1107 audit(1780302567.620:2): pid=16419 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='ً5%UA٠0ltݕ/ 6򊨊' [ 313.424363][T16423] xt_policy: neither incoming nor outgoing policy selected [ 313.533313][T16425] netlink: 'syz.2.5137': attribute type 1 has an invalid length. [ 313.562474][T16428] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5139'. [ 313.928563][T16449] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5148'. [ 314.341390][T16471] tipc: Enabling of bearer rejected, media not registered [ 314.650299][T16488] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5167'. [ 314.749348][T16493] Zero length message leads to an empty skb [ 315.373146][T16524] netlink: 56 bytes leftover after parsing attributes in process `syz.0.5183'. [ 315.614148][T16538] netlink: 45349 bytes leftover after parsing attributes in process `syz.4.5189'. [ 315.665052][T16538] 0XD: renamed from gretap0 (while UP) [ 315.704150][T16542] netlink: 216 bytes leftover after parsing attributes in process `syz.0.5192'. [ 315.725221][T16538] 0XD: entered allmulticast mode [ 315.732285][T16542] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5192'. [ 315.802284][T16536] wg1 speed is unknown, defaulting to 1000 [ 315.841005][T16536] xfrm0 speed is unknown, defaulting to 1000 [ 316.026485][T16554] netlink: 'syz.1.5197': attribute type 3 has an invalid length. [ 317.116459][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.124705][ T1317] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.194271][T16599] netlink: 56 bytes leftover after parsing attributes in process `syz.2.5220'. [ 317.558825][T16611] vlan2: entered allmulticast mode [ 317.573155][T16611] bond0: entered allmulticast mode [ 317.580583][T16611] bond_slave_0: entered allmulticast mode [ 317.599439][T16611] bond_slave_1: entered allmulticast mode [ 317.605623][T16611] netdevsim netdevsim4 netdevsim1: entered allmulticast mode [ 318.955666][T16685] netlink: 'syz.1.5257': attribute type 3 has an invalid length. [ 318.995380][T16680] bridge0: port 1(bridge_slave_0) entered blocking state [ 319.002617][T16680] bridge0: port 1(bridge_slave_0) entered forwarding state [ 319.488598][ T12] tipc: Subscription rejected, illegal request [ 319.703654][T16715] sctp: [Deprecated]: syz.1.5272 (pid 16715) Use of int in max_burst socket option. [ 319.703654][T16715] Use struct sctp_assoc_value instead [ 319.860996][T16722] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.5276'. [ 319.873267][T16722] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.5276'. [ 319.939469][T16723] syz.4.5275 (16723) used obsolete PPPIOCDETACH ioctl [ 320.446917][T16750] openvswitch: netlink: IP tunnel dst address not specified [ 320.479797][T16753] tipc: Enabling of bearer rejected, failed to enable media [ 320.490022][T16750] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 320.966275][T16776] netlink: 'syz.0.5303': attribute type 83 has an invalid length. [ 321.133983][T16782] netlink: 'syz.2.5305': attribute type 4 has an invalid length. [ 321.154821][T16782] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5305'. [ 321.166426][T16787] netlink: 10 bytes leftover after parsing attributes in process `syz.0.5308'. [ 321.868727][T16825] IPVS: sync thread started: state = MASTER, mcast_ifn = batadv0, syncid = 4, id = 0 [ 321.880641][T16824] IPVS: stopping master sync thread 16825 ... [ 322.203384][T16840] Bluetooth: MGMT ver 1.23 [ 323.471405][T16903] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5359'. [ 323.627477][T16911] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5365'. [ 323.715571][T16917] raw_sendmsg: syz.3.5366 forgot to set AF_INET. Fix it! [ 324.643362][T16965] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5392'. [ 324.820714][T16973] netlink: 'syz.4.5394': attribute type 11 has an invalid length. [ 324.850304][T16973] netlink: 'syz.4.5394': attribute type 4 has an invalid length. [ 324.870106][T16973] netlink: 199768 bytes leftover after parsing attributes in process `syz.4.5394'. [ 324.896096][T16979] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 325.774410][T17021] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5415'. [ 326.383736][T17054] xt_hashlimit: size too large, truncated to 1048576 [ 327.340212][T17104] netlink: 240 bytes leftover after parsing attributes in process `syz.4.5454'. [ 327.560316][T17115] smc: net device team0 applied user defined pnetid SYZ2 [ 328.078641][T17140] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5471'. [ 328.674403][T17175] netlink: 'syz.2.5487': attribute type 1 has an invalid length. [ 328.723542][T17175] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 328.781843][T17179] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5491'. [ 328.889713][T17187] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5492'. [ 328.900540][T17187] netlink: 52 bytes leftover after parsing attributes in process `syz.1.5492'. [ 329.078050][T17194] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5497'. [ 329.459761][T17216] xt_hashlimit: size too large, truncated to 1048576 [ 329.928016][T17239] netlink: 88 bytes leftover after parsing attributes in process `syz.0.5518'. [ 329.938183][T17239] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5518'. [ 329.948358][T17239] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5518'. [ 330.139376][T17249] netlink: 256 bytes leftover after parsing attributes in process `syz.4.5523'. [ 331.375304][T17306] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5551'. [ 331.515389][T17313] openvswitch: netlink: Missing valid actions attribute. [ 331.546395][T17313] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 331.657467][T17319] vlan3: entered promiscuous mode [ 331.672863][T17319] geneve1: entered promiscuous mode [ 331.686335][T17319] vlan3: entered allmulticast mode [ 331.713367][T17319] geneve1: entered allmulticast mode [ 332.129030][T17343] netlink: 312 bytes leftover after parsing attributes in process `syz.2.5570'. [ 332.291555][T17352] netlink: 'syz.3.5574': attribute type 10 has an invalid length. [ 332.412785][T17358] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5577'. [ 332.967452][T13073] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 333.008638][T13073] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 333.042200][T13073] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 333.071149][T13073] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 333.216524][T17393] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5594'. [ 333.250226][T17394] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5593'. [ 333.791310][T17416] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5603'. [ 334.212340][T17435] bond3: Invalid ad_actor_system MAC address. [ 334.222523][T17435] bond3: option ad_actor_system: invalid value (1) [ 334.246104][T17435] bond3 (unregistering): Released all slaves [ 335.021975][T17475] netlink: 'syz.4.5632': attribute type 1 has an invalid length. [ 335.060471][T17475] netlink: 'syz.4.5632': attribute type 3 has an invalid length. [ 335.068827][T17475] __nla_validate_parse: 1 callbacks suppressed [ 335.068846][T17475] netlink: 172 bytes leftover after parsing attributes in process `syz.4.5632'. [ 335.086578][T17475] NCSI netlink: No device for ifindex 813332851 [ 335.707832][T17510] netlink: 'syz.4.5649': attribute type 1 has an invalid length. [ 335.742347][T17510] netlink: 'syz.4.5649': attribute type 1 has an invalid length. [ 335.916261][T17522] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 335.989710][T17524] veth5: entered allmulticast mode [ 336.900606][T17572] netlink: zone id is out of range [ 336.911486][T17574] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.5679'. [ 336.921314][T17572] netlink: zone id is out of range [ 336.927145][T17572] netlink: zone id is out of range [ 336.937028][T17572] netlink: zone id is out of range [ 336.957445][T17572] netlink: zone id is out of range [ 336.982841][T17572] netlink: zone id is out of range [ 337.003195][T17572] netlink: zone id is out of range [ 337.024369][T17572] netlink: zone id is out of range [ 337.043405][T17572] netlink: zone id is out of range [ 337.061359][T17572] netlink: zone id is out of range [ 337.121519][T17580] bridge_slave_0: default FDB implementation only supports local addresses [ 338.333759][T17641] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5713'. [ 338.743103][T17662] netlink: 'syz.1.5724': attribute type 29 has an invalid length. [ 338.771875][T17662] netlink: 'syz.1.5724': attribute type 29 has an invalid length. [ 340.633783][ T30] audit: type=1800 audit(1780302594.860:3): pid=17758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5771" name="memory.events" dev="tmpfs" ino=5861 res=0 errno=0 [ 340.698802][ T30] audit: type=1804 audit(1780302594.900:4): pid=17758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.5771" name="/newroot/1168/memory.events" dev="tmpfs" ino=5861 res=1 errno=0 [ 341.152895][T17783] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5778'. [ 341.178293][T17783] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5778'. [ 341.495496][T17797] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5787'. [ 341.547384][T17799] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5788'. [ 342.164342][T17833] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5805'. [ 342.173675][T17833] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5805'. [ 343.017381][T17868] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5821'. [ 343.070249][T17874] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5823'. [ 343.087494][T17874] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5823'. [ 343.128564][T17870] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 343.192386][T17870] bond0 (unregistering): Released all slaves [ 343.921286][T17912] netlink: 'syz.0.5843': attribute type 1 has an invalid length. [ 344.197271][T17926] netlink: 'syz.1.5850': attribute type 32 has an invalid length. [ 344.237986][T17926] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5850'. [ 344.357797][T17926] bond3: option coupled_control: invalid value (192) [ 344.401989][T17926] bond3 (unregistering): Released all slaves [ 344.856954][T17961] xt_hashlimit: size too large, truncated to 1048576 [ 345.229500][T17979] ipvlan2: entered promiscuous mode [ 345.576907][T17996] xt_hashlimit: size too large, truncated to 1048576 [ 346.558280][T18045] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.5907'. [ 346.567888][T18044] Bluetooth: MGMT ver 1.23 [ 347.172033][T18070] netlink: 'syz.1.5919': attribute type 1 has an invalid length. [ 347.207112][T18072] net_ratelimit: 44 callbacks suppressed [ 347.207132][T18072] netlink: zone id is out of range [ 347.208639][T18070] netlink: 'syz.1.5919': attribute type 3 has an invalid length. [ 347.224194][T18072] netlink: zone id is out of range [ 347.248812][T18072] netlink: zone id is out of range [ 347.252588][T18070] netlink: 172 bytes leftover after parsing attributes in process `syz.1.5919'. [ 347.264310][T18072] netlink: zone id is out of range [ 347.275909][T18072] netlink: zone id is out of range [ 347.283404][T18072] netlink: zone id is out of range [ 347.291985][T18072] netlink: zone id is out of range [ 347.300663][T18070] NCSI netlink: No device for ifindex 813332851 [ 347.301603][T18072] netlink: zone id is out of range [ 347.319810][T18072] netlink: zone id is out of range [ 347.325227][T18072] netlink: zone id is out of range [ 348.058205][T18111] netlink: 216 bytes leftover after parsing attributes in process `syz.1.5938'. [ 348.069106][T18111] netlink: 'syz.1.5938': attribute type 2 has an invalid length. [ 349.340295][T18161] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5962'. [ 349.425586][T18166] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5962'. [ 349.752656][T18180] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5971'. [ 349.926218][T18190] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 350.076645][T18197] tipc: Enabling of bearer rejected, failed to enable media [ 350.297518][T18211] netlink: 216 bytes leftover after parsing attributes in process `syz.2.5986'. [ 350.325595][T18211] netlink: 'syz.2.5986': attribute type 2 has an invalid length. [ 350.348102][T18211] netlink: 'syz.2.5986': attribute type 1 has an invalid length. [ 350.619924][T18229] vlan1: entered allmulticast mode [ 350.639121][T18229] veth0_vlan: entered allmulticast mode [ 351.442568][T18273] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6015'. [ 351.453466][T18273] netlink: 35 bytes leftover after parsing attributes in process `syz.0.6015'. [ 351.464016][T18273] netlink: 'syz.0.6015': attribute type 5 has an invalid length. [ 351.473693][T18273] netlink: 'syz.0.6015': attribute type 6 has an invalid length. [ 351.504884][T18273] netlink: 35 bytes leftover after parsing attributes in process `syz.0.6015'. [ 351.912868][T18293] tipc: Enabling of bearer rejected, failed to enable media [ 353.695338][T18368] netlink: 'syz.4.6061': attribute type 2 has an invalid length. [ 354.383580][T18408] netlink: 'syz.0.6079': attribute type 8 has an invalid length. [ 354.625278][T18421] net_ratelimit: 820 callbacks suppressed [ 354.625296][T18421] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 354.640880][T18422] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6088'. [ 355.051726][T18441] netlink: 'syz.2.6095': attribute type 178 has an invalid length. [ 355.110291][T18447] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6098'. [ 355.201884][T18450] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6099'. [ 355.569683][T18471] netlink: 104 bytes leftover after parsing attributes in process `syz.2.6111'. [ 355.631806][T18476] sctp: [Deprecated]: syz.4.6110 (pid 18476) Use of int in max_burst socket option deprecated. [ 355.631806][T18476] Use struct sctp_assoc_value instead [ 356.562725][T18514] xt_HMARK: spi-set and port-set can't be combined [ 356.613508][T18518] netlink: 'syz.2.6133': attribute type 1 has an invalid length. [ 356.680734][T18518] netlink: 96 bytes leftover after parsing attributes in process `syz.2.6133'. [ 356.698925][T18524] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 356.714668][T18518] netlink: 'syz.2.6133': attribute type 1 has an invalid length. [ 356.734682][T18518] netlink: 'syz.2.6133': attribute type 8 has an invalid length. [ 356.763149][T18518] netlink: 606 bytes leftover after parsing attributes in process `syz.2.6133'. [ 356.785598][T18518] netlink: 1 bytes leftover after parsing attributes in process `syz.2.6133'. [ 356.985506][T18536] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6142'. [ 357.713805][T18577] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6163'. [ 357.749558][T18577] tipc: Started in network mode [ 357.767750][T18577] tipc: Node identity 2, cluster identity 4711 [ 357.796313][T18577] tipc: Node number set to 2 [ 357.919240][T18585] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6166'. [ 358.968023][T18635] netlink: 'syz.4.6191': attribute type 2 has an invalid length. [ 358.980633][T18637] netlink: 'syz.3.6190': attribute type 12 has an invalid length. [ 359.009116][T18637] netlink: 'syz.3.6190': attribute type 29 has an invalid length. [ 359.207531][T18648] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1303 [ 359.787385][T18680] __nla_validate_parse: 5 callbacks suppressed [ 359.787405][T18680] netlink: 64 bytes leftover after parsing attributes in process `syz.3.6207'. [ 359.916386][T18686] tipc: Enabling not permitted [ 359.935217][T18686] tipc: Enabling of bearer rejected, failed to enable media [ 360.430405][T18711] tipc: Started in network mode [ 360.442219][T18711] tipc: Node identity ac14140f, cluster identity 4711 [ 360.466644][T18711] tipc: Enabled bearer , priority 10 [ 360.508830][T18716] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6223'. [ 360.562397][T18716] macsec1: entered promiscuous mode [ 360.567902][T18716] bridge0: entered promiscuous mode [ 360.574476][T18716] macsec1: entered allmulticast mode [ 360.580190][T18716] bridge0: entered allmulticast mode [ 360.587997][T18716] bridge0: port 3(macsec1) entered blocking state [ 360.595204][T18716] bridge0: port 3(macsec1) entered disabled state [ 360.610527][T18716] bridge0: left allmulticast mode [ 360.633889][ T5764] bridge0: left promiscuous mode [ 361.132757][T18750] xt_hashlimit: size too large, truncated to 1048576 [ 361.442948][T18766] netlink: 100 bytes leftover after parsing attributes in process `syz.3.6246'. [ 361.463346][T18766] netlink: 100 bytes leftover after parsing attributes in process `syz.3.6246'. [ 361.485575][T18768] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6247'. [ 361.597283][ T5650] tipc: Node number set to 2886997007 [ 361.689666][T18775] RDS: rds_bind could not find a transport for fe80::, load rds_tcp or rds_rdma? [ 361.895698][T18787] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6256'. [ 361.962189][T18790] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6258'. [ 362.861938][T18830] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 362.871713][ T5644] IPVS: starting estimator thread 0... [ 362.985193][T18832] IPVS: using max 25 ests per chain, 60000 per kthread [ 363.174265][T18844] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6282'. [ 363.546168][T18865] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6293'. [ 364.356314][T18911] nbd: must specify a size in bytes for the device [ 364.975359][T18948] sctp: [Deprecated]: syz.2.6333 (pid 18948) Use of struct sctp_assoc_value in delayed_ack socket option. [ 364.975359][T18948] Use struct sctp_sack_info instead [ 365.053420][T18948] sctp: [Deprecated]: syz.2.6333 (pid 18948) Use of struct sctp_assoc_value in delayed_ack socket option. [ 365.053420][T18948] Use struct sctp_sack_info instead [ 365.542341][T18975] tipc: Enabling of bearer rejected, failed to enable media [ 365.633985][T18981] netlink: 'syz.4.6349': attribute type 12 has an invalid length. [ 366.449945][T19025] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6369'. [ 366.556310][T19027] xt_hashlimit: size too large, truncated to 1048576 [ 367.090630][T19050] veth1_macvtap: left promiscuous mode [ 367.106965][T19050] macsec0: entered promiscuous mode [ 367.120975][T19050] macsec0: entered allmulticast mode [ 367.324406][T19054] veth1_macvtap: entered promiscuous mode [ 367.344456][T19054] veth1_macvtap: entered allmulticast mode [ 367.354268][T19054] macsec0: left promiscuous mode [ 367.361102][T19054] macsec0: left allmulticast mode [ 367.367813][T19054] veth1_macvtap: left allmulticast mode [ 367.436090][T19064] tipc: Started in network mode [ 367.450840][T19064] tipc: Node identity e0000001, cluster identity 4711 [ 367.458921][T19064] tipc: Enabling of bearer rejected, failed to enable media [ 367.575796][T19069] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6389'. [ 367.630788][T19074] xt_limit: Overflow, try lower: 271964/0 [ 368.176598][T19103] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6406'. [ 368.192741][T19103] netlink: 80 bytes leftover after parsing attributes in process `syz.0.6406'. [ 368.202410][T19103] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6406'. [ 368.590443][T19124] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6415'. [ 368.626117][T19124] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6415'. [ 368.681584][T19127] tipc: Enabling of bearer rejected, failed to enable media [ 368.879552][T19138] netlink: 48 bytes leftover after parsing attributes in process `syz.0.6423'. [ 369.819010][T19195] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6451'. [ 370.375816][T19220] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.532583][T19220] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.650894][T19220] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.759040][T19220] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.952552][T19254] pim6reg: entered allmulticast mode [ 370.993672][T19254] pim6reg: left allmulticast mode [ 371.010462][ T1016] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.081399][ T1016] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.166064][ T1016] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.260009][ T1016] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.988683][T19309] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6506'. [ 372.002140][T19309] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6506'. [ 372.161001][T19316] netlink: 'syz.0.6511': attribute type 23 has an invalid length. [ 372.328193][T19321] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 372.652587][T19342] netlink: 44 bytes leftover after parsing attributes in process `syz.4.6522'. [ 372.689877][T19342] netlink: 43 bytes leftover after parsing attributes in process `syz.4.6522'. [ 372.729302][T19342] netlink: 'syz.4.6522': attribute type 6 has an invalid length. [ 372.763418][T19342] netlink: 'syz.4.6522': attribute type 5 has an invalid length. [ 372.800922][T19342] netlink: 43 bytes leftover after parsing attributes in process `syz.4.6522'. [ 372.863901][T19353] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6528'. [ 373.073944][T19364] sctp: [Deprecated]: syz.2.6533 (pid 19364) Use of int in maxseg socket option. [ 373.073944][T19364] Use struct sctp_assoc_value instead [ 373.170282][T19371] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6535'. [ 375.831538][T19494] netlink: 256 bytes leftover after parsing attributes in process `syz.0.6594'. [ 376.560662][T19533] netlink: 5 bytes leftover after parsing attributes in process `syz.2.6612'. [ 376.808758][T19545] netlink: 96 bytes leftover after parsing attributes in process `syz.3.6618'. [ 377.022950][T19554] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6623'. [ 378.209350][T19630] veth0_to_bridge: vlans aren't supported yet for dev_uc|mc_add() [ 378.444801][T19641] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6662'. [ 378.461810][T19641] netlink: 'syz.4.6662': attribute type 3 has an invalid length. [ 378.559285][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.758047][T19660] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6670'. [ 378.768574][T19660] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6670'. [ 378.920285][T19668] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 379.409325][T19692] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 379.416680][T19692] IPv6: NLM_F_CREATE should be set when creating new route [ 379.423978][T19692] IPv6: NLM_F_CREATE should be set when creating new route [ 379.431337][T19692] IPv6: NLM_F_CREATE should be set when creating new route [ 379.484196][T19692] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 379.599957][T19700] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 379.950664][T19707] bridge0: port 2(bridge_slave_1) entered disabled state [ 379.958156][T19707] bridge0: port 1(1x9) entered disabled state [ 379.994101][T19707] team0: left promiscuous mode [ 380.007910][T19707] team_slave_0: left promiscuous mode [ 380.023875][T19707] team_slave_1: left promiscuous mode [ 380.051243][T19716] netlink: 'syz.0.6699': attribute type 142 has an invalid length. [ 380.122202][T19707] A link change request failed with some changes committed already. Interface 1x9 may have been left with an inconsistent configuration, please check. [ 380.217596][T19722] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6701'. [ 380.451123][T19732] tipc: Started in network mode [ 380.463290][T19732] tipc: Node identity fe800000000000000000000000000014, cluster identity 4711 [ 380.513979][T19732] tipc: Enabled bearer , priority 10 [ 380.732756][T19751] netlink: 52 bytes leftover after parsing attributes in process `syz.4.6716'. [ 381.130709][T19776] macvlan0: entered promiscuous mode [ 381.526656][T19798] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6739'. [ 381.625513][ T921] tipc: Node number set to 4269801492 [ 382.252343][T19840] netlink: 'syz.4.6754': attribute type 1 has an invalid length. [ 382.422219][T19849] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6757'. [ 382.867262][T19872] vcan1: entered promiscuous mode [ 382.894826][T19872] vcan1: entered allmulticast mode [ 383.582974][T19917] netlink: 19 bytes leftover after parsing attributes in process `syz.3.6784'. [ 383.702928][T19925] netlink: 'syz.0.6788': attribute type 2 has an invalid length. [ 383.743100][T19925] netlink: 188 bytes leftover after parsing attributes in process `syz.0.6788'. [ 384.073074][T19942] netlink: 104 bytes leftover after parsing attributes in process `syz.4.6795'. [ 385.173082][T20012] netlink: 176 bytes leftover after parsing attributes in process `syz.3.6822'. [ 385.198439][T20012] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6822'. [ 385.586323][T20029] netlink: 'syz.2.6829': attribute type 1 has an invalid length. [ 386.619352][T20094] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6853'. [ 387.332904][T20126] tipc: Enabling of bearer rejected, failed to enable media [ 388.731097][T20212] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6901'. [ 388.867770][T20218] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 388.900503][T20219] netlink: 48 bytes leftover after parsing attributes in process `syz.1.6904'. [ 388.934892][T20219] unsupported nla_type 7424 [ 389.766172][T20265] netlink: 64 bytes leftover after parsing attributes in process `syz.0.6923'. [ 390.718015][T20319] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6950'. [ 390.727519][T20319] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6950'. [ 390.806483][T20323] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 390.867046][T20325] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6953'. [ 391.638555][T20360] netlink: 'syz.1.6968': attribute type 1 has an invalid length. [ 391.652224][T20360] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6968'. [ 391.673241][T20360] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6968'. [ 391.704006][T20360] netlink: 'syz.1.6968': attribute type 2 has an invalid length. [ 391.722582][T20360] netlink: 'syz.1.6968': attribute type 2 has an invalid length. [ 391.737434][T20360] netlink: 'syz.1.6968': attribute type 2 has an invalid length. [ 391.922114][T20371] netlink: 'syz.1.6973': attribute type 29 has an invalid length. [ 392.187845][T20391] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6983'. [ 392.624043][T20418] xt_hashlimit: size too large, truncated to 1048576 [ 392.822622][T20430] netlink: 32 bytes leftover after parsing attributes in process `syz.4.7001'. [ 393.308716][T20457] netlink: 'syz.0.7015': attribute type 3 has an invalid length. [ 394.054430][T20503] __nla_validate_parse: 1 callbacks suppressed [ 394.054452][T20503] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7036'. [ 394.387325][T20515] Bluetooth: MGMT ver 1.23 [ 395.472624][T20577] netlink: 'syz.1.7072': attribute type 11 has an invalid length. [ 395.686188][T20587] netlink: 277 bytes leftover after parsing attributes in process `syz.4.7078'. [ 395.810049][T20598] netlink: 80 bytes leftover after parsing attributes in process `syz.1.7082'. [ 396.459431][T20619] syz.0.7094 (20619) used greatest stack depth: 15680 bytes left [ 396.726352][T20648] netlink: 76 bytes leftover after parsing attributes in process `syz.2.7107'. [ 396.753992][T20648] nbd: illegal input index -8454144 [ 398.089691][T20722] IPVS: ip_vs_edit_dest(): server weight less than zero [ 398.294182][T20734] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7146'. [ 398.803598][T20758] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7157'. [ 398.900218][T20765] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7159'. [ 398.909443][T20765] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7159'. [ 398.922024][T20765] netlink: 'syz.1.7159': attribute type 14 has an invalid length. [ 398.930207][T20765] netlink: 'syz.1.7159': attribute type 13 has an invalid length. [ 399.213093][T20784] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 399.235406][T20777] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7164'. [ 399.513497][T20799] wg1 speed is unknown, defaulting to 1000 [ 401.982484][T20951] netlink: 'syz.4.7251': attribute type 1 has an invalid length. [ 401.997470][T20951] netlink: 236 bytes leftover after parsing attributes in process `syz.4.7251'. [ 402.129155][T20957] netlink: 44 bytes leftover after parsing attributes in process `syz.4.7253'. [ 402.172574][T20957] netlink: 43 bytes leftover after parsing attributes in process `syz.4.7253'. [ 402.202039][T20957] netlink: 'syz.4.7253': attribute type 5 has an invalid length. [ 402.226236][T20957] netlink: 43 bytes leftover after parsing attributes in process `syz.4.7253'. [ 402.636570][T20983] vlan2: entered promiscuous mode [ 402.647287][T20983] bridge0: entered promiscuous mode [ 402.668826][T20987] lo: entered allmulticast mode [ 402.697274][T20987] lo: left allmulticast mode [ 403.710364][T21051] netlink: 'syz.3.7297': attribute type 25 has an invalid length. [ 404.748662][T21113] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7329'. [ 405.284714][T21143] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7344'. [ 406.657627][T21221] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7382'. [ 406.671575][T21220] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7381'. [ 406.687758][T21221] netlink: 'syz.3.7382': attribute type 5 has an invalid length. [ 406.711481][T21221] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7382'. [ 406.806976][T21229] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7386'. [ 406.994216][T21239] IPv6: NLM_F_CREATE should be specified when creating new route [ 407.013075][T21239] netlink: 'syz.2.7391': attribute type 1 has an invalid length. [ 407.242033][T21253] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7398'. [ 407.274392][T21253] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7398'. [ 407.749196][T21283] sch_tbf: burst 0 is lower than device lo mtu (81) ! [ 408.323237][T21322] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7427'. [ 409.045826][T21362] netlink: 'syz.2.7448': attribute type 1 has an invalid length. [ 409.062867][T21365] IPv6: NLM_F_CREATE should be specified when creating new route [ 409.988920][T21412] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7473'. [ 410.192722][T21427] netlink: 'syz.3.7478': attribute type 3 has an invalid length. [ 410.217793][T21428] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7479'. [ 410.224021][T21427] netlink: 'syz.3.7478': attribute type 1 has an invalid length. [ 410.251536][T21427] netlink: 212 bytes leftover after parsing attributes in process `syz.3.7478'. [ 410.278819][T21427] NCSI netlink: No device for ifindex 813332851 [ 410.456549][T21439] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7484'. [ 410.532755][T21441] netlink: 'syz.0.7485': attribute type 83 has an invalid length. [ 411.336498][T21496] bond0: option miimon: invalid value (18446744071829782528) [ 411.344051][T21496] bond0: option miimon: allowed values 0 - 2147483647 [ 411.450207][T21499] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7510'. [ 411.553187][T21503] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7512'. [ 412.286901][T21545] tipc: Started in network mode [ 412.302070][T21545] tipc: Node identity ac14140f, cluster identity 4711 [ 412.318552][T21545] tipc: New replicast peer: 255.255.255.255 [ 412.332264][T21545] tipc: Enabled bearer , priority 10 [ 413.325004][ T5650] tipc: Node number set to 2886997007 [ 413.614964][T21625] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check. [ 413.707031][T21629] sctp: [Deprecated]: syz.4.7569 (pid 21629) Use of int in max_burst socket option deprecated. [ 413.707031][T21629] Use struct sctp_assoc_value instead [ 413.876799][T21638] netlink: 'syz.1.7574': attribute type 2 has an invalid length. [ 413.902158][T21638] netlink: 100 bytes leftover after parsing attributes in process `syz.1.7574'. [ 414.056116][T21649] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7579'. [ 415.005262][T21705] netlink: 'syz.4.7606': attribute type 83 has an invalid length. [ 415.673642][T21747] gretap0: entered promiscuous mode [ 415.706604][T21747] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7625'. [ 415.725096][T21747] gretap0: left promiscuous mode [ 416.192066][T21779] syz.2.7637: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 416.263362][T21779] CPU: 1 UID: 0 PID: 21779 Comm: syz.2.7637 Not tainted syzkaller #0 PREEMPT(full) [ 416.263408][T21779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 416.263432][T21779] Call Trace: [ 416.263441][T21779] [ 416.263454][T21779] dump_stack_lvl+0xe8/0x150 [ 416.263498][T21779] warn_alloc+0x249/0x340 [ 416.263530][T21779] ? stack_trace_save+0xa9/0x100 [ 416.263565][T21779] ? __pfx_warn_alloc+0x10/0x10 [ 416.263601][T21779] ? kasan_save_track+0x4f/0x80 [ 416.263627][T21779] ? kasan_save_track+0x3e/0x80 [ 416.263653][T21779] ? __kasan_kmalloc+0x93/0xb0 [ 416.263680][T21779] ? __kmalloc_cache_noprof+0x31c/0x660 [ 416.263707][T21779] ? xskq_create+0x56/0x170 [ 416.263735][T21779] ? xsk_setsockopt+0x54c/0x990 [ 416.263759][T21779] ? do_sock_setsockopt+0x17c/0x1b0 [ 416.263788][T21779] ? __x64_sys_setsockopt+0x13d/0x1b0 [ 416.263815][T21779] ? do_syscall_64+0x174/0x580 [ 416.263839][T21779] __vmalloc_node_range_noprof+0x132/0x1750 [ 416.263902][T21779] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 416.263947][T21779] ? __kasan_kmalloc+0x93/0xb0 [ 416.263983][T21779] vmalloc_user_noprof+0xad/0xe0 [ 416.264012][T21779] ? xskq_create+0xbf/0x170 [ 416.264043][T21779] xskq_create+0xbf/0x170 [ 416.264074][T21779] xsk_init_queue+0x8a/0xe0 [ 416.264106][T21779] xsk_setsockopt+0x54c/0x990 [ 416.264137][T21779] ? __pfx_xsk_setsockopt+0x10/0x10 [ 416.264165][T21779] ? __pfx_aa_sk_perm+0x10/0x10 [ 416.264198][T21779] ? aa_sock_opt_perm+0xff/0x1a0 [ 416.264232][T21779] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 416.264259][T21779] ? __pfx_xsk_setsockopt+0x10/0x10 [ 416.264289][T21779] do_sock_setsockopt+0x17c/0x1b0 [ 416.264325][T21779] __x64_sys_setsockopt+0x13d/0x1b0 [ 416.264357][T21779] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.264379][T21779] do_syscall_64+0x174/0x580 [ 416.264398][T21779] ? trace_irq_disable+0x3b/0x140 [ 416.264429][T21779] ? clear_bhb_loop+0x40/0x90 [ 416.264454][T21779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.264474][T21779] RIP: 0033:0x7f8d5a19ce59 [ 416.264502][T21779] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 416.264519][T21779] RSP: 002b:00007f8d583f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 416.264541][T21779] RAX: ffffffffffffffda RBX: 00007f8d5a415fa0 RCX: 00007f8d5a19ce59 [ 416.264556][T21779] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 416.264569][T21779] RBP: 00007f8d5a232d6f R08: 0000000000000004 R09: 0000000000000000 [ 416.264582][T21779] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 416.264596][T21779] R13: 00007f8d5a416038 R14: 00007f8d5a415fa0 R15: 00007ffe13afc128 [ 416.264630][T21779] [ 416.547133][T21779] Mem-Info: [ 416.551562][T21779] active_anon:5581 inactive_anon:6 isolated_anon:0 [ 416.551562][T21779] active_file:2825 inactive_file:40388 isolated_file:0 [ 416.551562][T21779] unevictable:768 dirty:337 writeback:0 [ 416.551562][T21779] slab_reclaimable:11021 slab_unreclaimable:100376 [ 416.551562][T21779] mapped:29172 shmem:1287 pagetables:1238 [ 416.551562][T21779] sec_pagetables:0 bounce:0 [ 416.551562][T21779] kernel_misc_reclaimable:0 [ 416.551562][T21779] free:1329213 free_pcp:8032 free_cma:0 [ 416.600486][T21779] Node 0 active_anon:22624kB inactive_anon:24kB active_file:11300kB inactive_file:161348kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:116788kB dirty:1340kB writeback:0kB shmem:3612kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12164kB pagetables:4844kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 416.636506][T21779] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:108kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 416.673180][T21779] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 416.704095][T21779] lowmem_reserve[]: 0 2492 2493 2493 2493 [ 416.710047][T21779] Node 0 DMA32 free:1359352kB boost:0kB min:34188kB low:42732kB high:51276kB reserved_highatomic:0KB free_highatomic:0KB active_anon:22524kB inactive_anon:24kB active_file:11300kB inactive_file:161348kB unevictable:1536kB writepending:1340kB zspages:0kB present:3129332kB managed:2552800kB mlocked:0kB bounce:0kB free_pcp:31868kB local_pcp:12012kB free_cma:0kB [ 416.744919][T21779] lowmem_reserve[]: 0 0 0 0 0 [ 416.749705][T21779] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:680kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 416.780873][T21779] lowmem_reserve[]: 0 0 0 0 0 [ 416.785991][T21779] Node 1 Normal free:3942140kB boost:0kB min:55704kB low:69628kB high:83552kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:8kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:160kB local_pcp:160kB free_cma:0kB [ 416.819543][T21779] lowmem_reserve[]: 0 0 0 0 0 [ 416.824336][T21779] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 416.837701][T21779] Node 0 DMA32: 5530*4kB (UM) 3480*8kB (UME) 1959*16kB (UM) 433*32kB (UM) 417*64kB (UME) 400*128kB (UM) 264*256kB (UME) 151*512kB (UME) 93*1024kB (UME) 36*2048kB (UME) 213*4096kB (M) = 1359352kB [ 416.859451][T21779] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 416.871390][T21779] Node 1 Normal: 1*4kB (U) 7*8kB (UM) 14*16kB (UM) 4*32kB (UM) 8*64kB (UM) 6*128kB (UM) 3*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 2*2048kB (U) 960*4096kB (M) = 3942300kB [ 416.910880][T21779] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 416.927584][T21779] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 416.968040][T21779] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 417.028621][T21779] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 417.081911][T21779] 44496 total pagecache pages [ 417.127357][T21779] 0 pages in swap cache [ 417.146513][T21779] Free swap = 124996kB [ 417.153946][T21779] Total swap = 124996kB [ 417.165202][T21779] 2097051 pages RAM [ 417.173716][T21779] 0 pages HighMem/MovableOnly [ 417.184275][T21779] 427066 pages reserved [ 417.197611][T21779] 0 pages cma reserved [ 417.205262][T21803] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 417.768330][T21835] netlink: 104 bytes leftover after parsing attributes in process `syz.1.7663'. [ 418.341015][T21872] netlink: 284 bytes leftover after parsing attributes in process `syz.3.7679'. [ 418.801999][T21901] batadv0: entered promiscuous mode [ 418.809550][T21901] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 418.823249][T21901] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 418.837439][T21901] batadv0: left promiscuous mode [ 418.888962][T21907] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7695'. [ 418.950573][T21907] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7695'. [ 419.096758][T21913] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.7699'. [ 419.252509][T21923] netlink: 10 bytes leftover after parsing attributes in process `syz.4.7705'. [ 419.839569][ T4950] block nbd1: Receive control failed (result -32) [ 420.099510][T21974] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7726'. [ 420.146248][T21974] macvlan2: entered allmulticast mode [ 420.151838][T21974] dummy0: entered allmulticast mode [ 420.159579][T21974] dummy0: entered promiscuous mode [ 420.185416][T21977] tap0: tun_chr_ioctl cmd 1074025676 [ 420.190978][T21977] tap0: owner set to 0 [ 420.541392][T21996] netlink: 'syz.1.7735': attribute type 12 has an invalid length. [ 420.566324][T21996] netlink: 190972 bytes leftover after parsing attributes in process `syz.1.7735'. [ 421.901891][T22074] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.7773'. [ 421.989599][T22078] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7774'. [ 422.057548][T22078] xfrm1: entered promiscuous mode [ 422.089440][T22081] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7774'. [ 422.120879][T22078] xfrm1: entered allmulticast mode [ 422.482563][T22098] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7783'. [ 422.891971][T22121] netlink: 160 bytes leftover after parsing attributes in process `syz.4.7793'. [ 422.938172][T22126] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7795'. [ 423.121008][T22135] IPv6: Can't replace route, no match found [ 423.136436][T22135] IPv6: Can't replace route, no match found [ 423.369764][T22146] netlink: 68 bytes leftover after parsing attributes in process `syz.1.7804'. [ 423.474289][T22151] tun0: tun_chr_ioctl cmd 1074025675 [ 423.494692][T22151] tun0: persist disabled [ 423.507915][T22153] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7807'. [ 423.548412][T22155] veth0: entered promiscuous mode [ 423.548455][T22153] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7807'. [ 423.568911][T22155] veth0: left promiscuous mode [ 423.839182][T22165] gtp0: entered allmulticast mode [ 423.866059][T22165] team0: Device gtp0 is of different type [ 424.400267][T22196] vcan0: tx address claim with dest, not broadcast [ 424.537263][T22201] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7830'. [ 424.540138][T22203] netlink: 'syz.2.7831': attribute type 1 has an invalid length. [ 424.563227][T22203] netlink: 'syz.2.7831': attribute type 2 has an invalid length. [ 424.576416][T22203] netlink: 'syz.2.7831': attribute type 1 has an invalid length. [ 424.588739][T22203] netlink: 'syz.2.7831': attribute type 2 has an invalid length. [ 424.600020][T22204] gtp0: entered promiscuous mode [ 424.609836][T22204] gtp0: entered allmulticast mode [ 424.832263][T22220] block nbd2: Unsupported socket: should be TCP or UNIX. [ 425.432508][T22253] netlink: 'syz.3.7852': attribute type 10 has an invalid length. [ 425.472406][T22253] team0: Port device dummy0 added [ 425.539371][T22260] netlink: 'syz.2.7854': attribute type 1 has an invalid length. [ 425.563302][T22260] netlink: 'syz.2.7854': attribute type 7 has an invalid length. [ 425.583130][T22260] netlink: 'syz.2.7854': attribute type 8 has an invalid length. [ 426.017005][T22278] sctp: [Deprecated]: syz.0.7860 (pid 22278) Use of struct sctp_assoc_value in delayed_ack socket option. [ 426.017005][T22278] Use struct sctp_sack_info instead [ 426.411007][ T5295] veth0_macvtap: left promiscuous mode [ 426.742698][T22315] netlink: 'syz.2.7873': attribute type 21 has an invalid length. [ 426.761315][T22315] netlink: 'syz.2.7873': attribute type 4 has an invalid length. [ 426.778680][T22315] netlink: 'syz.2.7873': attribute type 5 has an invalid length. [ 426.798028][T22315] netlink: 'syz.2.7873': attribute type 21 has an invalid length. [ 426.824177][T22315] netlink: 'syz.2.7873': attribute type 4 has an invalid length. [ 426.856331][T22315] netlink: 'syz.2.7873': attribute type 5 has an invalid length. [ 426.907524][T22315] __nla_validate_parse: 8 callbacks suppressed [ 426.907544][T22315] netlink: 3 bytes leftover after parsing attributes in process `syz.2.7873'. [ 428.168876][T22388] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7903'. [ 428.266476][T22394] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7905'. [ 428.475718][T22407] netlink: 84 bytes leftover after parsing attributes in process `syz.4.7911'. [ 429.007546][T22440] netlink: 'syz.2.7926': attribute type 33 has an invalid length. [ 429.064800][T22440] bond5: option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0) [ 429.141142][T22440] bond5 (unregistering): Released all slaves [ 429.669769][T22474] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7941'. [ 429.740036][T22477] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7943'. [ 429.753448][T22477] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7943'. [ 430.458717][T22506] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 430.593285][T22519] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7960'. [ 431.083101][T22547] netem: incorrect gi model size [ 431.212459][T22554] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7977'. [ 431.358471][T22562] sctp: [Deprecated]: syz.4.7981 (pid 22562) Use of struct sctp_assoc_value in delayed_ack socket option. [ 431.358471][T22562] Use struct sctp_sack_info instead [ 431.988966][T22599] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7999'. [ 432.155569][T22590] nbd2: detected capacity change from 0 to 63 [ 432.187315][ T4950] block nbd2: Receive control failed (result -32) [ 432.191105][ T5652] block nbd2: Receive control failed (result -32) [ 432.219592][ T5660] block nbd2: Dead connection, failed to find a fallback [ 432.249941][ T5660] block nbd2: shutting down sockets [ 432.256636][ T5660] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 432.269331][ T5660] Buffer I/O error on dev nbd2, logical block 0, async page read [ 432.280614][ T5660] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 432.292091][ T5660] Buffer I/O error on dev nbd2, logical block 1, async page read [ 432.300895][ T5660] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 432.310272][ T5660] Buffer I/O error on dev nbd2, logical block 2, async page read [ 432.323383][ T5660] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 432.334147][ T5660] Buffer I/O error on dev nbd2, logical block 3, async page read [ 432.357647][ T5660] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 432.394130][ T5660] Buffer I/O error on dev nbd2, logical block 0, async page read [ 432.441028][ T5660] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 432.471896][ T5660] Buffer I/O error on dev nbd2, logical block 1, async page read [ 432.503298][ T5660] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 432.534358][ T5660] Buffer I/O error on dev nbd2, logical block 2, async page read [ 432.569284][ T5660] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 432.603103][ T5660] Buffer I/O error on dev nbd2, logical block 3, async page read [ 432.630144][ T5660] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 432.660286][ T5660] Buffer I/O error on dev nbd2, logical block 0, async page read [ 432.686351][ T5660] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 432.695495][T22626] netlink: 'syz.0.8010': attribute type 1 has an invalid length. [ 432.702094][T22626] netlink: 'syz.0.8010': attribute type 2 has an invalid length. [ 432.741916][T22626] netlink: 'syz.0.8010': attribute type 1 has an invalid length. [ 432.749704][ T5660] Buffer I/O error on dev nbd2, logical block 1, async page read [ 432.774827][T22626] netlink: 'syz.0.8010': attribute type 3 has an invalid length. [ 432.788310][ T5660] ldm_validate_partition_table(): Disk read failed. [ 432.795914][T22626] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8010'. [ 432.847123][ T5660] Dev nbd2: unable to read RDB block 0 [ 432.889953][ T5660] nbd2: unable to read partition table [ 432.962868][ T5660] ldm_validate_partition_table(): Disk read failed. [ 432.981616][ T5660] Dev nbd2: unable to read RDB block 0 [ 433.017784][ T5660] nbd2: unable to read partition table [ 433.040397][T22641] netlink: 36 bytes leftover after parsing attributes in process `syz.2.8017'. [ 433.366990][T22662] netlink: 220 bytes leftover after parsing attributes in process `syz.4.8026'. [ 433.387596][T22662] netlink: 'syz.4.8026': attribute type 2 has an invalid length. [ 433.818651][T22689] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8039'. [ 434.686717][T22744] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8065'. [ 434.966120][T22759] netlink: 232 bytes leftover after parsing attributes in process `syz.4.8072'. [ 435.192088][T22771] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8078'. [ 435.328784][T22777] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8081'. [ 435.723695][T22803] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8092'. [ 435.764454][T22805] netlink: 'syz.4.8093': attribute type 83 has an invalid length. [ 436.105898][T22819] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 436.491189][T22835] bond0: (slave bond_slave_1): Releasing backup interface [ 437.009601][T22858] netlink: 196 bytes leftover after parsing attributes in process `syz.3.8118'. [ 437.281741][T22866] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8122'. [ 437.314946][T22866] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8122'. [ 437.983484][T22915] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8146'. [ 438.129028][T22925] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.8150'. [ 438.608631][T22948] skbuff: bad partial csum: csum=65535/0 headroom=64 headlen=65537 [ 438.951234][T22972] netlink: 'syz.1.8172': attribute type 4 has an invalid length. [ 439.293339][T22992] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8179'. [ 439.379107][T22998] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8179'. [ 439.418035][T22998] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8179'. [ 439.933688][T23028] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8191'. [ 439.948797][T23028] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 439.997664][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.057924][T23028] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 440.432695][ T5650] IPVS: starting estimator thread 0... [ 440.446750][T23052] IPVS: ovf: SCTP 172.20.20.187:0 - no destination available [ 440.493408][T23056] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8201'. [ 440.547737][T23053] IPVS: using max 31 ests per chain, 74400 per kthread [ 440.643043][T23062] block nbd3: Unsupported socket: should be TCP or UNIX. [ 440.843968][T23069] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 440.978987][T23078] sctp: [Deprecated]: syz.1.8210 (pid 23078) Use of int in maxseg socket option. [ 440.978987][T23078] Use struct sctp_assoc_value instead [ 441.235884][T23094] netlink: 'syz.3.8218': attribute type 5 has an invalid length. [ 442.186713][T23152] netem: incorrect ge model size [ 442.201115][T23152] netem: change failed [ 442.359551][T23163] 8021q: adding VLAN 0 to HW filter on device macsec2 [ 442.368072][ T5644] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 443.269947][T23208] netlink: 'syz.2.8266': attribute type 8 has an invalid length. [ 443.280843][T23208] sch_fq: defrate 0 ignored. [ 443.342445][T23210] __nla_validate_parse: 3 callbacks suppressed [ 443.342464][T23210] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8267'. [ 443.652651][T23226] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8277'. [ 443.966169][T23243] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8283'. [ 444.280848][T23264] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8294'. [ 444.603655][T23280] netlink: 248 bytes leftover after parsing attributes in process `syz.3.8302'. [ 444.653483][T23284] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8304'. [ 444.863861][T23295] veth0: entered promiscuous mode [ 444.876414][T23294] veth0: left promiscuous mode [ 445.377905][T23325] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8323'. [ 445.424212][ T12] tipc: Subscription rejected, illegal request [ 445.818999][T23354] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8338'. [ 446.177898][T23372] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8347'. [ 446.205331][T23372] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8347'. [ 447.209816][T23430] veth0_to_bridge: entered promiscuous mode [ 447.222245][T23430] veth0_to_bridge: left promiscuous mode [ 447.311803][T23432] netem: change failed [ 447.537017][T23442] 8021q: adding VLAN 0 to HW filter on device bond0 [ 447.600037][T23442] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 447.731398][T23448] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 447.778684][T22209] xfrm0 speed is unknown, defaulting to 1000 [ 448.547160][T23501] __nla_validate_parse: 5 callbacks suppressed [ 448.547182][T23501] netlink: 48 bytes leftover after parsing attributes in process `syz.2.8405'. [ 448.806828][T23515] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8411'. [ 448.940953][T23521] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8415'. [ 449.133591][T23536] netlink: 'syz.4.8421': attribute type 9 has an invalid length. [ 449.253817][T23542] netlink: 104 bytes leftover after parsing attributes in process `syz.4.8424'. [ 449.458465][T23555] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8430'. [ 449.525935][T23557] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8431'. [ 449.547344][T23557] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8431'. [ 450.082586][T23587] tap0: tun_chr_ioctl cmd 1074025672 [ 450.090691][T23587] tap0: ignored: set checksum disabled [ 450.301968][T23595] sch_fq: defrate 0 ignored. [ 451.037379][T23631] netem: change failed [ 451.186764][T23639] netlink: 36 bytes leftover after parsing attributes in process `syz.1.8467'. [ 451.458969][T23655] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8477'. [ 451.886809][T23678] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8486'. [ 452.166004][T23692] ipvlan2: entered allmulticast mode [ 452.172075][T23692] syz_tun: entered allmulticast mode [ 454.118251][T23776] netlink: 'syz.0.8533': attribute type 19 has an invalid length. [ 454.148756][T23777] __nla_validate_parse: 3 callbacks suppressed [ 454.148778][T23777] netlink: 212356 bytes leftover after parsing attributes in process `syz.2.8532'. [ 454.708464][T23809] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8548'. [ 454.766011][T23813] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8549'. [ 455.347329][T23846] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8565'. [ 456.240095][T23889] netem: change failed [ 456.569043][T23909] netlink: 212340 bytes leftover after parsing attributes in process `syz.2.8595'. [ 456.587305][T23909] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 457.345701][T23956] tipc: Enabling of bearer rejected, already enabled [ 457.354109][T23956] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8618'. [ 457.655733][T23967] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8623'. [ 457.698084][T23972] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.8626'. [ 458.121468][T23997] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.8637'. [ 458.242629][T24001] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8639'. [ 458.959433][T24026] IPv6: NLM_F_CREATE should be specified when creating new route [ 458.987385][T24026] IPv6: Can't replace route, no match found [ 459.400506][T24051] tipc: Enabling of bearer rejected, failed to enable media [ 460.124021][T24092] netlink: 'syz.3.8681': attribute type 1 has an invalid length. [ 460.151890][T24092] __nla_validate_parse: 2 callbacks suppressed [ 460.151910][T24092] netlink: 96 bytes leftover after parsing attributes in process `syz.3.8681'. [ 460.184915][T24092] netlink: 'syz.3.8681': attribute type 1 has an invalid length. [ 460.201324][T24092] netlink: 'syz.3.8681': attribute type 8 has an invalid length. [ 460.220051][T24092] netlink: 582 bytes leftover after parsing attributes in process `syz.3.8681'. [ 461.376042][T24135] netlink: 'syz.2.8701': attribute type 6 has an invalid length. [ 462.126488][T24178] netlink: 'syz.0.8724': attribute type 83 has an invalid length. [ 462.303307][T24189] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8729'. [ 462.350598][T24194] netlink: 'syz.4.8730': attribute type 4 has an invalid length. [ 462.530876][T24202] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.8734'. [ 462.655082][T24210] netlink: 'syz.4.8737': attribute type 21 has an invalid length. [ 462.676762][T24213] netlink: 190972 bytes leftover after parsing attributes in process `syz.2.8738'. [ 462.687688][T24210] netlink: 152 bytes leftover after parsing attributes in process `syz.4.8737'. [ 463.216338][T24242] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8752'. [ 463.226041][T24242] netlink: 'syz.1.8752': attribute type 1 has an invalid length. [ 463.254579][T24242] netlink: 'syz.1.8752': attribute type 2 has an invalid length. [ 463.725255][T24269] netlink: 104 bytes leftover after parsing attributes in process `syz.4.8765'. [ 463.770795][T24274] netlink: 'syz.2.8767': attribute type 5 has an invalid length. [ 464.208530][T24291] IPVS: persistence engine module ip_vs_pe_ not found [ 464.690673][T24323] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8789'. [ 464.783895][ T5652] block nbd3: Receive control failed (result -32) [ 465.131621][T24347] netlink: 92 bytes leftover after parsing attributes in process `syz.4.8800'. [ 465.155565][T24347] netlink: 'syz.4.8800': attribute type 1 has an invalid length. [ 465.644370][ T30] audit: type=1804 audit(1780302719.870:5): pid=24379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.8815" name="/newroot/1836/cgroup.controllers" dev="tmpfs" ino=9225 res=1 errno=0 [ 465.700621][ T30] audit: type=1800 audit(1780302719.910:6): pid=24379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.8815" name="cgroup.controllers" dev="tmpfs" ino=9225 res=0 errno=0 [ 466.706180][T24436] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8841'. [ 466.716648][T24436] bridge_slave_1: left allmulticast mode [ 466.722489][T24436] bridge_slave_1: left promiscuous mode [ 466.729439][T24436] bridge0: port 2(bridge_slave_1) entered disabled state [ 466.741642][T24436] x9: left allmulticast mode [ 466.747582][T24436] x9: left promiscuous mode [ 466.753798][T24436] bridge0: port 1(1x9) entered disabled state [ 467.181205][T24449] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8846'. [ 467.208091][T24449] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8846'. [ 468.373189][T24503] bridge0: port 2(bridge_slave_1) entered disabled state [ 468.978308][T24541] netlink: 168 bytes leftover after parsing attributes in process `syz.2.8888'. [ 469.190481][T24553] netlink: 207952 bytes leftover after parsing attributes in process `syz.3.8894'. [ 469.742192][T24577] netlink: 'syz.0.8906': attribute type 4 has an invalid length. [ 470.121171][T24596] netlink: 'syz.0.8916': attribute type 1 has an invalid length. [ 470.292901][T24605] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.8921'. [ 470.727383][T24611] vlan1 (unregistering): left allmulticast mode [ 470.748560][T24611] veth0_vlan (unregistering): left allmulticast mode [ 471.730434][T24650] syzkaller1: entered promiscuous mode [ 471.740632][T24650] syzkaller1: entered allmulticast mode [ 472.750475][T24709] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8958'. [ 472.777465][T24709] netlink: 'syz.1.8958': attribute type 7 has an invalid length. [ 472.798729][T24709] netlink: 'syz.1.8958': attribute type 8 has an invalid length. [ 472.817310][T24709] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8958'. [ 473.059460][T24725] netlink: 'syz.4.8963': attribute type 17 has an invalid length. [ 473.067686][T24725] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8963'. [ 473.084821][T24725] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8963'. [ 473.177840][T24725] 0XD: entered promiscuous mode [ 473.208560][T24725] 0XD: left promiscuous mode [ 473.511666][T24742] syzkaller1: entered promiscuous mode [ 473.532693][T24742] syzkaller1: entered allmulticast mode [ 473.636087][T24750] pim6reg1: entered promiscuous mode [ 473.651100][T24750] pim6reg1: entered allmulticast mode [ 474.089918][T24770] veth1_to_bond: entered allmulticast mode [ 474.126033][T24770] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8983'. [ 474.160151][T24770] veth1_to_bond (unregistering): left allmulticast mode [ 474.519569][T24790] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8992'. [ 474.559119][T24790] netlink: 'syz.4.8992': attribute type 7 has an invalid length. [ 474.593229][T24790] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8992'. [ 474.852967][T24803] IPVS: Scheduler module ip_vs_sip not found [ 475.648104][T24844] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9017'. [ 475.872758][T24855] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9017'. [ 475.882447][ T5660] block nbd64: NBD_DISCONNECT [ 475.905423][T24855] nbd: device at index 64 is going down [ 476.238213][ T5660] udevd[5660]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 476.338960][T24880] netlink: 'syz.0.9030': attribute type 39 has an invalid length. [ 476.402927][ T5783] wg1 speed is unknown, defaulting to 1000 [ 476.419691][ T5783] syz2: Port: 1 Link DOWN [ 476.530246][ T1016] smbdirect: ib_dev[syz2] removed [ 477.273605][T24922] netlink: 36 bytes leftover after parsing attributes in process `syz.1.9049'. [ 478.183206][T24964] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9069'. [ 478.636069][T24988] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 28 [ 479.099611][T25008] netlink: 'syz.0.9087': attribute type 63 has an invalid length. [ 479.130357][T25008] netlink: 'syz.0.9087': attribute type 63 has an invalid length. [ 479.599491][T25030] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.9097'. [ 480.388842][T25071] netlink: 'syz.3.9117': attribute type 11 has an invalid length. [ 480.626512][T25076] netlink: 32 bytes leftover after parsing attributes in process `syz.3.9119'. [ 480.879213][T25091] vlan0: entered allmulticast mode [ 480.897733][T25091] hsr0: entered allmulticast mode [ 480.916105][T25091] hsr_slave_0: entered allmulticast mode [ 480.949711][T25091] hsr_slave_1: entered allmulticast mode [ 481.010035][T25096] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2 [ 482.034887][T25153] netlink: 48 bytes leftover after parsing attributes in process `syz.3.9152'. [ 482.394127][T25175] netlink: 68 bytes leftover after parsing attributes in process `syz.4.9159'. [ 482.419427][T25175] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9159'. [ 483.071512][T25212] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 483.360034][T25227] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9181'. [ 483.417439][T25231] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9184'. [ 483.428110][T25231] netlink: 65011 bytes leftover after parsing attributes in process `syz.0.9184'. [ 483.534422][T25236] netlink: 104 bytes leftover after parsing attributes in process `syz.0.9187'. [ 484.002778][T25262] sctp: [Deprecated]: syz.0.9199 (pid 25262) Use of int in max_burst socket option. [ 484.002778][T25262] Use struct sctp_assoc_value instead [ 484.034186][T25263] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9198'. [ 484.171361][T25274] veth0: entered promiscuous mode [ 484.186529][T25274] veth0: left promiscuous mode [ 484.305800][T25281] netlink: 'syz.1.9207': attribute type 29 has an invalid length. [ 484.336669][T25281] netlink: 'syz.1.9207': attribute type 29 has an invalid length. [ 484.348727][T25283] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9208'. [ 484.349263][T25281] netlink: 264 bytes leftover after parsing attributes in process `syz.1.9207'. [ 484.385281][T25283] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9208'. [ 484.488653][T25288] netlink: 212328 bytes leftover after parsing attributes in process `syz.0.9210'. [ 484.565287][T25292] netlink: 'syz.3.9213': attribute type 1 has an invalid length. [ 484.575590][T25292] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9213'. [ 485.124260][T25326] netlink: 'syz.2.9228': attribute type 1 has an invalid length. [ 485.134240][T25326] netlink: 'syz.2.9228': attribute type 1 has an invalid length. [ 485.560651][T25353] netlink: 'syz.1.9241': attribute type 30 has an invalid length. [ 485.582597][T13082] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 485.602238][T25353] netlink: 'syz.1.9241': attribute type 30 has an invalid length. [ 485.611420][T13082] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 485.677788][T13082] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 486.763657][T25407] gtp1: entered promiscuous mode [ 486.768846][T25407] gtp1: entered allmulticast mode [ 488.000581][T13082] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 488.478629][ T5650] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 488.543271][T25492] __nla_validate_parse: 10 callbacks suppressed [ 488.543293][T25492] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9300'. [ 488.854272][T25508] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9307'. [ 489.104038][T25522] sch_tbf: burst 21990 is lower than device lo mtu (65550) ! [ 489.448607][T25538] netlink: 56 bytes leftover after parsing attributes in process `syz.3.9320'. [ 489.500781][T25538] netlink: 56 bytes leftover after parsing attributes in process `syz.3.9320'. [ 489.515097][ T5650] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 490.268744][T25574] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9337'. [ 490.295137][T25574] netlink: 'syz.4.9337': attribute type 7 has an invalid length. [ 490.356730][T25574] netlink: 'syz.4.9337': attribute type 8 has an invalid length. [ 490.377942][T25574] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9337'. [ 490.427276][T25574] 0XD: entered promiscuous mode [ 490.446528][T25574] 0XD: left promiscuous mode [ 490.555315][ T5650] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 490.920766][T25602] netlink: 'syz.0.9348': attribute type 6 has an invalid length. [ 490.963434][T25602] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9348'. [ 490.994813][T25602] nbd: couldn't find a device at index 0 [ 491.104847][T25615] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 491.196346][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 491.353688][T25627] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 491.364581][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 491.473723][T25632] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.9362'. [ 491.536829][T25636] netlink: 27 bytes leftover after parsing attributes in process `syz.1.9364'. [ 491.567069][T25639] netlink: 14560 bytes leftover after parsing attributes in process `syz.3.9365'. [ 491.594944][T22209] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 492.469052][T25684] netlink: 'syz.4.9384': attribute type 1 has an invalid length. [ 492.490064][T25690] batadv_slave_1: entered promiscuous mode [ 492.508949][T25688] batadv_slave_1: left promiscuous mode [ 493.143113][T25721] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 493.598857][T25741] sctp: [Deprecated]: syz.3.9410 (pid 25741) Use of int in max_burst socket option deprecated. [ 493.598857][T25741] Use struct sctp_assoc_value instead [ 493.949446][T25764] syzkaller1: entered promiscuous mode [ 493.984149][T25764] syzkaller1: entered allmulticast mode [ 494.389071][T25787] Bluetooth: hci1: expected 19 bytes, got 2 bytes [ 494.645217][T25804] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.9437'. [ 494.689961][ T30] audit: type=1800 audit(1780302748.920:7): pid=25803 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.9438" name="memory.events" dev="tmpfs" ino=9363 res=0 errno=0 [ 495.011284][T25815] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9443'. [ 495.472136][T25843] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.9456'. [ 495.848834][T25866] syzkaller1: entered promiscuous mode [ 495.866014][T25866] syzkaller1: entered allmulticast mode [ 496.453137][T25900] netlink: 64 bytes leftover after parsing attributes in process `syz.3.9482'. [ 496.645900][T25912] netlink: 16215 bytes leftover after parsing attributes in process `syz.0.9488'. [ 496.955797][ T3320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 496.965251][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 496.981378][T25931] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9497'. [ 496.992731][T25931] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 497.011157][T25931] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 497.204170][T25942] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 497.214853][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 497.709601][T25964] netlink: 212336 bytes leftover after parsing attributes in process `syz.3.9511'. [ 498.175431][T25984] netlink: 36 bytes leftover after parsing attributes in process `syz.3.9520'. [ 498.239937][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 498.249488][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 498.359927][T25993] netlink: 207952 bytes leftover after parsing attributes in process `syz.0.9526'. [ 499.254187][T26038] netlink: 212336 bytes leftover after parsing attributes in process `syz.3.9546'. [ 499.296774][T26041] sock: sock_set_timeout: `syz.1.9547' (pid 26041) tries to set negative timeout [ 499.427775][T26043] syzkaller1: entered promiscuous mode [ 499.450524][T26043] syzkaller1: entered allmulticast mode [ 499.797352][T26069] netlink: 'syz.2.9560': attribute type 2 has an invalid length. [ 499.930795][T26074] netlink: 27 bytes leftover after parsing attributes in process `syz.2.9562'. [ 500.156556][T13082] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.166851][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.248118][T26089] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2 [ 500.268033][T26089] gretap2: default qdisc (pfifo_fast) fail, fallback to noqueue [ 500.280530][T26089] gretap2: entered promiscuous mode [ 500.286258][T26089] gretap2: entered allmulticast mode [ 501.072768][T26133] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9588'. [ 501.106625][T26133] netlink: 'syz.3.9588': attribute type 7 has an invalid length. [ 501.115418][T26133] netlink: 'syz.3.9588': attribute type 8 has an invalid length. [ 501.123219][T26133] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9588'. [ 501.247130][T26143] netlink: 207952 bytes leftover after parsing attributes in process `syz.0.9593'. [ 501.285410][T26144] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 501.439762][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.148990][T26192] sctp: [Deprecated]: syz.3.9616 (pid 26192) Use of struct sctp_assoc_value in delayed_ack socket option. [ 502.148990][T26192] Use struct sctp_sack_info instead [ 502.210730][T26194] netlink: 'syz.0.9617': attribute type 1 has an invalid length. [ 502.265315][T26194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 502.347123][T26198] bond0: (slave geneve2): making interface the new active one [ 502.358246][T26198] bond0: (slave geneve2): Enslaving as an active interface with an up link [ 502.371122][ T13] netdevsim netdevsim0 : set [1, 1] type 2 family 0 port 20004 - 0 [ 502.383120][ T13] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 502.392969][ T13] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 502.404402][ T13] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 502.431380][T26200] netlink: 'syz.3.9619': attribute type 11 has an invalid length. [ 502.632001][T26206] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.9624'. [ 502.715758][T13082] net_ratelimit: 7 callbacks suppressed [ 502.715777][T13082] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 502.729936][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 502.910443][T26221] netlink: 'syz.3.9630': attribute type 12 has an invalid length. [ 502.919678][T26221] netlink: 'syz.3.9630': attribute type 29 has an invalid length. [ 502.928312][T26221] netlink: 148 bytes leftover after parsing attributes in process `syz.3.9630'. [ 502.937968][T26221] netlink: 'syz.3.9630': attribute type 1 has an invalid length. [ 502.951205][T26221] netlink: 'syz.3.9630': attribute type 2 has an invalid length. [ 502.962079][T26223] netlink: 208240 bytes leftover after parsing attributes in process `syz.4.9629'. [ 502.972681][T26221] netlink: 11 bytes leftover after parsing attributes in process `syz.3.9630'. [ 502.997838][T26218] netlink: 'syz.1.9628': attribute type 4 has an invalid length. [ 503.408045][T26246] netlink: 212344 bytes leftover after parsing attributes in process `syz.3.9641'. [ 503.426730][T26248] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 503.436940][T26248] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 503.446335][T26248] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 503.455404][T26248] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 503.476366][T26248] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 503.488550][T26248] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 503.497440][T26248] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 503.547088][T26248] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 503.572290][T26254] bond3: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 503.596763][T26254] bond3: (slave lo): Enslaving as an active interface with an up link [ 504.363663][T26284] xt_hashlimit: size too large, truncated to 1048576 [ 505.068371][T26311] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.9670'. [ 505.109630][T26314] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9671'. [ 505.130541][T26314] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9671'. [ 506.284022][T26359] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9690'. [ 506.600436][T26373] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9696'. [ 507.130722][T26400] netlink: 'syz.3.9707': attribute type 13 has an invalid length. [ 507.149775][T26400] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9707'. [ 507.183618][T26400] netlink: 'syz.3.9707': attribute type 13 has an invalid length. [ 507.212433][T26400] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9707'. [ 508.118061][T26438] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 508.124566][T26438] syzkaller1: Linktype set failed because interface is up [ 508.305719][T26448] xt_hashlimit: size too large, truncated to 1048576 [ 508.371088][T26450] nbd: nbd3 already in use [ 508.394412][T26450] block nbd3: NBD_DISCONNECT [ 508.414982][T26450] block nbd3: Send disconnect failed -32 [ 508.438264][T26450] block nbd3: shutting down sockets [ 508.476817][ T12] net_ratelimit: 747 callbacks suppressed [ 508.476837][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 508.491353][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 508.764428][T26468] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9733'. [ 508.776404][T26470] netlink: 'syz.2.9735': attribute type 1 has an invalid length. [ 508.788203][T26470] netlink: 16179 bytes leftover after parsing attributes in process `syz.2.9735'. [ 508.810985][T26468] netlink: 'syz.1.9733': attribute type 7 has an invalid length. [ 508.837730][T26468] netlink: 'syz.1.9733': attribute type 8 has an invalid length. [ 508.859043][T26468] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9733'. [ 509.315884][T26488] 8021q: adding VLAN 0 to HW filter on device bond4 [ 509.766049][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 509.775897][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 510.665961][T26560] netlink: 'syz.4.9773': attribute type 7 has an invalid length. [ 510.683081][T26560] netlink: 'syz.4.9773': attribute type 7 has an invalid length. [ 510.922876][T26566] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.031917][T26576] __nla_validate_parse: 2 callbacks suppressed [ 511.031938][T26576] netlink: 51 bytes leftover after parsing attributes in process `syz.3.9781'. [ 511.191019][T26566] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.261381][T26580] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9783'. [ 511.352988][T26566] bond0: (slave netdevsim1): Releasing backup interface [ 511.363133][T26566] netdevsim netdevsim4 netdevsim1 (unregistering): left promiscuous mode [ 511.372806][T26566] netdevsim netdevsim4 netdevsim1 (unregistering): left allmulticast mode [ 511.384275][T26566] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.401800][T26589] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1500) ! [ 511.505871][T26566] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.552968][T26597] netlink: 'syz.3.9789': attribute type 1 has an invalid length. [ 511.630018][T26597] 8021q: adding VLAN 0 to HW filter on device bond1 [ 511.678263][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 511.686684][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 511.852513][ T36] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.867021][T26608] netlink: 'syz.3.9793': attribute type 2 has an invalid length. [ 511.887876][ T36] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.925934][ T36] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.948454][ T36] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.343487][T26627] netlink: 'syz.0.9803': attribute type 1 has an invalid length. [ 512.416468][T26627] 8021q: adding VLAN 0 to HW filter on device bond2 [ 512.429493][T26631] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9804'. [ 512.452296][T26634] netlink: 212344 bytes leftover after parsing attributes in process `syz.4.9805'. [ 512.740446][T26647] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9811'. [ 512.754219][T26649] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 512.763763][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 512.788190][T26642] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9809'. [ 512.947909][T26658] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9815'. [ 512.958341][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 512.968710][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 513.085838][T26664] vxcan1 speed is unknown, defaulting to 1000 [ 513.116787][T26664] vxcan1 speed is unknown, defaulting to 1000 [ 513.127941][T26664] vxcan1 speed is unknown, defaulting to 1000 [ 513.171737][T26668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9821'. [ 513.188861][T26670] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9820'. [ 513.209713][T26670] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9820'. [ 513.286354][ T36] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 513.309362][ T36] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 513.330611][T26672] syzkaller1: entered promiscuous mode [ 513.347373][T26672] syzkaller1: entered allmulticast mode [ 513.361809][ T36] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 513.408377][ T36] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 513.584002][T26681] vxcan0: tx drop: invalid sa for name 0x0000000000000002 [ 513.772308][T26664] infiniband syz2: set down [ 513.779934][T26664] infiniband syz2: added vxcan1 [ 513.833663][ T5644] vxcan1 speed is unknown, defaulting to 1000 [ 513.856429][T26664] smbdirect: ib_dev[syz2]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000 [ 513.875425][T26664] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32 [ 513.915838][T26696] bridge6: entered promiscuous mode [ 513.921244][T26696] bridge6: entered allmulticast mode [ 513.931527][T26664] smbdirect: ib_dev[syz2]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005 [ 513.982596][T26664] RDS/IB: syz2: added [ 513.987584][T26664] smc: adding ib device syz2 with port count 1 [ 513.993824][T26664] smc: ib device syz2 port 1 has no pnetid [ 514.000728][ T5644] vxcan1 speed is unknown, defaulting to 1000 [ 514.008312][T26664] vxcan1 speed is unknown, defaulting to 1000 [ 514.235564][T13082] net_ratelimit: 2 callbacks suppressed [ 514.235583][T13082] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 514.249733][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 514.360861][T26711] netlink: 'syz.2.9838': attribute type 29 has an invalid length. [ 514.390851][T26711] netlink: 'syz.2.9838': attribute type 29 has an invalid length. [ 514.615247][T26721] bond2: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 514.703765][T26721] bond2: (slave lo): Enslaving as an active interface with an up link [ 514.751984][T26721] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 514.773406][T26664] vxcan1 speed is unknown, defaulting to 1000 [ 514.876672][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 514.885158][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 515.403016][T26664] vxcan1 speed is unknown, defaulting to 1000 [ 516.095554][T26664] vxcan1 speed is unknown, defaulting to 1000 [ 516.567447][T26807] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 516.575296][T26807] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 516.693035][T26664] vxcan1 speed is unknown, defaulting to 1000 [ 516.962042][T26821] __nla_validate_parse: 11 callbacks suppressed [ 516.962065][T26821] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.9886'. [ 517.241960][T26833] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9890'. [ 517.441019][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 517.449415][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 517.649074][T26853] netlink: 212328 bytes leftover after parsing attributes in process `syz.0.9899'. [ 517.659190][T26853] netlink: Unknown conntrack attr (type=2304, max=9) [ 517.766883][T26852] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9898'. [ 517.857626][T26857] bridge_slave_0: left allmulticast mode [ 517.873479][T26857] bridge_slave_0: left promiscuous mode [ 517.891386][T26857] bridge0: port 1(bridge_slave_0) entered disabled state [ 517.922161][T26857] bridge_slave_1: left allmulticast mode [ 517.937757][T26857] bridge0: port 2(bridge_slave_1) entered disabled state [ 517.968548][T26860] netlink: 'syz.3.9903': attribute type 16 has an invalid length. [ 517.980267][T26857] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 517.983222][T26860] netlink: 'syz.3.9903': attribute type 17 has an invalid length. [ 518.002727][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 518.062986][T26860] bond0: left allmulticast mode [ 518.075349][T26860] bond_slave_0: left allmulticast mode [ 518.083872][T26860] bond_slave_1: left allmulticast mode [ 518.218492][T26860] veth1_virt_wifi: left promiscuous mode [ 518.257771][T13082] bridge0: port 2(bridge_slave_1) entered blocking state [ 518.265058][T13082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 518.749046][T26893] netlink: 512 bytes leftover after parsing attributes in process `syz.1.9917'. [ 519.139858][T26914] syzkaller1: entered promiscuous mode [ 519.146854][T26914] syzkaller1: entered allmulticast mode [ 519.250168][T26919] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9927'. [ 519.266761][T26919] hsr_slave_0: left promiscuous mode [ 519.292408][T26919] hsr_slave_1: left promiscuous mode [ 519.588462][T26937] netlink: 240 bytes leftover after parsing attributes in process `syz.0.9933'. [ 519.902271][T26955] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9942'. [ 519.997786][T13082] net_ratelimit: 3 callbacks suppressed [ 519.997806][T13082] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 520.012007][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 520.111084][T26962] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 520.119580][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 520.134239][T26960] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 520.400792][T26981] trusted_key: syz.3.9955 sent an empty control message without MSG_MORE. [ 520.515484][T26987] netlink: 'syz.1.9959': attribute type 21 has an invalid length. [ 520.523471][T26987] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9959'. [ 520.535552][T26987] netlink: 'syz.1.9959': attribute type 21 has an invalid length. [ 520.543447][T26987] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9959'. [ 520.635461][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 520.643885][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 520.678079][T26994] netlink: 'syz.0.9961': attribute type 14 has an invalid length. [ 520.706169][T26994] netlink: 'syz.0.9961': attribute type 14 has an invalid length. [ 521.043650][T27014] bridge_slave_0: entered promiscuous mode [ 521.267740][T27025] netlink: Unknown conntrack attr (0) [ 521.364386][T27031] netlink: 'syz.3.9978': attribute type 7 has an invalid length. [ 521.385664][T27031] netlink: 'syz.3.9978': attribute type 7 has an invalid length. [ 522.251989][T27082] __nla_validate_parse: 8 callbacks suppressed [ 522.252009][T27082] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9999'. [ 522.954401][T27113] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 523.198791][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 523.214778][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 523.271026][T27144] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10027'. [ 523.283451][T27144] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10027'. [ 523.315978][T27144] netlink: 'syz.0.10027': attribute type 15 has an invalid length. [ 523.346645][T27144] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10027'. [ 523.355932][T27144] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10027'. [ 523.360903][ T36] netdevsim netdevsim0 : set [0, 0] type 1 family 0 port 256 - 0 [ 523.365120][T27144] netlink: 'syz.0.10027': attribute type 15 has an invalid length. [ 523.393679][ T36] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 256 - 0 [ 523.413998][ T36] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 256 - 0 [ 523.440405][ T36] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 256 - 0 [ 523.548561][T27153] netlink: 20 bytes leftover after parsing attributes in process `syz.1.10030'. [ 523.670273][T27118] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 523.691735][T27118] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 523.899517][T27175] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10041'. [ 523.909235][T27176] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10040'. [ 523.949001][T27175] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10041'. [ 524.004161][T27180] netlink: 20 bytes leftover after parsing attributes in process `syz.3.10043'. [ 524.487009][T27206] netlink: 'syz.3.10052': attribute type 18 has an invalid length. [ 524.496569][T27206] netlink: 'syz.3.10052': attribute type 18 has an invalid length. [ 525.116092][ T3320] net_ratelimit: 3 callbacks suppressed [ 525.116113][ T3320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 525.130252][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 525.205396][ T3320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 525.220374][T27229] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 525.280518][T27235] syzkaller1: entered promiscuous mode [ 525.297851][T27235] syzkaller1: entered allmulticast mode [ 525.376676][T27243] bridge_slave_0: invalid flags given to default FDB implementation [ 525.596492][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.395132][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.403512][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.498918][ T30] audit: type=1800 audit(1780302780.730:8): pid=27300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.10089" name=4996AE17DFFC2E43C8174B54B620636894AAACF28FF62616363C70A440AEC4014CAF28C0ADC04308 dev="tmpfs" ino=10105 res=0 errno=0 [ 527.775399][T27361] __nla_validate_parse: 9 callbacks suppressed [ 527.775420][T27361] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.10106'. [ 527.961495][T27366] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10107'. [ 528.319305][ T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 528.328246][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 528.435607][T27387] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 528.742157][T27403] netlink: 51 bytes leftover after parsing attributes in process `syz.3.10126'. [ 528.828062][T27406] netlink: 'syz.0.10127': attribute type 5 has an invalid length. [ 529.703886][T27455] batadv_slave_1: entered promiscuous mode [ 529.720647][T27455] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10149'. [ 529.733690][T27457] netlink: 51 bytes leftover after parsing attributes in process `syz.4.10150'. [ 529.779272][T27455] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 529.872528][T27455] batadv_slave_1 (unregistering): left promiscuous mode [ 529.889102][T27455] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 529.941168][T27461] netlink: 'syz.4.10152': attribute type 1 has an invalid length. [ 530.009946][T27461] 8021q: adding VLAN 0 to HW filter on device bond3 [ 530.111195][T27467] bond3: (slave geneve2): making interface the new active one [ 530.145620][T27467] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 530.171752][T27473] netlink: 'syz.1.10157': attribute type 1 has an invalid length. [ 530.186035][T27473] netlink: 96 bytes leftover after parsing attributes in process `syz.1.10157'. [ 530.204644][T27473] netlink: 1 bytes leftover after parsing attributes in process `syz.1.10157'. [ 530.342390][T27478] netlink: 'syz.3.10158': attribute type 15 has an invalid length. [ 530.759727][T27501] netlink: 'syz.3.10167': attribute type 1 has an invalid length. [ 530.777319][T27504] netlink: 96 bytes leftover after parsing attributes in process `syz.2.10170'. [ 530.800237][T27505] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96 [ 530.876798][ T3320] net_ratelimit: 4 callbacks suppressed [ 530.876817][ T3320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 530.890874][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 531.201760][T27523] netlink: 32 bytes leftover after parsing attributes in process `syz.4.10178'. [ 531.396122][T27533] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.10181'. [ 531.449830][T27532] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 531.484213][ T808] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 531.494223][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 531.516030][ T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 531.524556][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 531.674078][T27545] gretap3: entered promiscuous mode [ 531.689136][T27545] batman_adv: batadv0: Adding interface: gretap3 [ 531.711770][T27545] batman_adv: batadv0: The MTU of interface gretap3 is too small (1462) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500. [ 531.763770][T27545] batman_adv: batadv0: Not using interface gretap3 (retrying later): interface not active [ 532.235644][ T808] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 532.244146][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 532.629465][T27585] xt_hashlimit: size too large, truncated to 1048576 [ 532.646881][T27582] atomic_op ffff888078051998 conn xmit_atomic 0000000000000000 [ 532.884197][T27595] netlink: 'syz.4.10205': attribute type 22 has an invalid length. [ 532.935194][T27595] __nla_validate_parse: 1 callbacks suppressed [ 532.935216][T27595] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10205'. [ 533.215797][T27595] netlink: 'syz.4.10205': attribute type 22 has an invalid length. [ 533.238619][T27595] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10205'. [ 533.436734][ T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 533.652368][T27620] netlink: 'syz.0.10215': attribute type 22 has an invalid length. [ 533.681241][T27620] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10215'. [ 533.699854][T27620] netlink: 'syz.0.10215': attribute type 22 has an invalid length. [ 533.719278][T27620] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10215'. [ 533.784410][T27627] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10216'. [ 534.462839][T27666] netlink: 'syz.4.10235': attribute type 1 has an invalid length. [ 534.763368][T27680] netlink: 'syz.0.10239': attribute type 25 has an invalid length. [ 534.771974][T27680] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10239'. [ 534.808225][ T3320] netdevsim netdevsim0 : set [0, 1] type 1 family 0 port 8472 - 0 [ 534.808576][T27680] netlink: 'syz.0.10239': attribute type 25 has an invalid length. [ 534.826982][T27680] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10239'. [ 534.838677][ T3320] netdevsim netdevsim0 netdevsim1: set [0, 1] type 1 family 0 port 8472 - 0 [ 534.859109][ T3320] netdevsim netdevsim0 netdevsim2: set [0, 1] type 1 family 0 port 8472 - 0 [ 534.884053][ T3320] netdevsim netdevsim0 netdevsim3: set [0, 1] type 1 family 0 port 8472 - 0 [ 535.363998][T27706] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10248'. [ 535.396601][T27706] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10248'. [ 535.424723][T27708] netlink: 208240 bytes leftover after parsing attributes in process `syz.2.10251'. [ 535.629446][T27712] bond4: entered promiscuous mode [ 536.597016][T27772] netlink: 'syz.0.10277': attribute type 21 has an invalid length. [ 536.614615][T27772] netlink: 'syz.0.10277': attribute type 22 has an invalid length. [ 536.633338][T27772] netlink: 'syz.0.10277': attribute type 23 has an invalid length. [ 536.657646][T27772] netlink: 'syz.0.10277': attribute type 25 has an invalid length. [ 537.041110][T27790] netlink: 'syz.2.10284': attribute type 1 has an invalid length. [ 537.059571][T27790] netlink: 'syz.2.10284': attribute type 4 has an invalid length. [ 537.728913][T27816] netlink: 'syz.3.10296': attribute type 1 has an invalid length. [ 537.962378][T27824] __nla_validate_parse: 7 callbacks suppressed [ 537.962400][T27824] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10300'. [ 538.007719][T27824] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10300'. [ 538.020363][T27824] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10300'. [ 538.030098][T27824] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10300'. [ 538.361538][T27839] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10305'. [ 538.716493][T27850] 8021q: adding VLAN 0 to HW filter on device bond3 [ 538.734105][T27852] ip_vti0: entered promiscuous mode [ 538.767542][T27856] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10313'. [ 538.798246][T27856] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10313'. [ 539.007753][T27863] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10315'. [ 539.088817][T27863] hsr_slave_1 (unregistering): left promiscuous mode [ 539.361959][T27876] 8021q: adding VLAN 0 to HW filter on device team0 [ 539.382894][T27876] bond0: (slave team0): Enslaving as an active interface with an up link [ 539.532142][T27882] validate_nla: 5 callbacks suppressed [ 539.532189][T27882] netlink: 'syz.0.10324': attribute type 1 has an invalid length. [ 539.795510][T27882] bond3: entered promiscuous mode [ 539.801299][T27882] 8021q: adding VLAN 0 to HW filter on device bond3 [ 540.288092][T27912] netlink: 212344 bytes leftover after parsing attributes in process `syz.4.10335'. [ 540.602665][T27931] netlink: 24 bytes leftover after parsing attributes in process `syz.4.10343'. [ 541.681947][T27979] syzkaller1: entered promiscuous mode [ 541.687899][T27979] syzkaller1: entered allmulticast mode [ 541.736346][T27985] netlink: 'syz.1.10367': attribute type 1 has an invalid length. [ 541.898362][T27989] bond5: (slave geneve4): making interface the new active one [ 541.907285][T27989] bond5: (slave geneve4): Enslaving as an active interface with an up link [ 541.918534][ T12] netdevsim netdevsim1 netdevsim0: set [1, 2] type 2 family 0 port 20000 - 0 [ 541.968848][ T12] netdevsim netdevsim1 netdevsim1: set [1, 2] type 2 family 0 port 20000 - 0 [ 542.005755][ T47] netdevsim netdevsim1 netdevsim2: set [1, 2] type 2 family 0 port 20000 - 0 [ 542.633517][T28031] bridge0: port 2(bridge_slave_1) entered disabled state [ 542.642408][T28031] bridge0: port 1(bridge_slave_0) entered disabled state [ 543.226780][T28057] __nla_validate_parse: 4 callbacks suppressed [ 543.226799][T28057] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10399'. [ 543.448892][T28069] netlink: 92 bytes leftover after parsing attributes in process `syz.3.10403'. [ 543.532360][T28072] netlink: 'syz.3.10405': attribute type 1 has an invalid length. [ 543.577924][T28072] 8021q: adding VLAN 0 to HW filter on device bond4 [ 543.660189][T28072] team0: Port device team_slave_0 removed [ 543.681682][T28072] bond4: (slave team_slave_0): Enslaving as a backup interface with an up link [ 543.808175][T28084] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.10410'. [ 543.968632][T28094] netlink: 212344 bytes leftover after parsing attributes in process `syz.4.10414'. [ 544.013640][T28093] netlink: 40 bytes leftover after parsing attributes in process `syz.2.10416'. [ 544.240993][T28106] syzkaller0: entered promiscuous mode [ 544.260555][T28106] syzkaller0: entered allmulticast mode [ 544.299224][T28110] macvlan3: entered promiscuous mode [ 544.313921][T28110] macvlan3: entered allmulticast mode [ 544.329397][T28110] 0XD: entered promiscuous mode [ 544.342060][T28110] team0: Port device macvlan3 added [ 544.818022][T28127] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10430'. [ 547.276296][T28181] netlink: 'syz.4.10449': attribute type 1 has an invalid length. [ 547.430117][T28181] 8021q: adding VLAN 0 to HW filter on device bond5 [ 547.502589][T28183] bond5: (slave gretap2): making interface the new active one [ 547.529161][T28183] bond5: (slave gretap2): Enslaving as an active interface with an up link [ 547.679353][T28195] net_ratelimit: 6 callbacks suppressed [ 547.679383][T28195] IPVS: ovf: SCTP 172.20.20.187:0 - no destination available [ 548.471958][T28236] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.10469'. [ 548.501338][T28236] netlink: Conntrack attr type has unexpected length (type=2, length=0, expected=2) [ 548.598623][T28225] syzkaller0: entered promiscuous mode [ 548.612797][T28225] syzkaller0: entered allmulticast mode [ 548.770374][T28247] syz_tun: entered allmulticast mode [ 548.818781][T28247] pim6reg: entered allmulticast mode [ 548.899101][T28247] syz_tun (unregistering): left allmulticast mode [ 550.503980][T28319] netlink: 24 bytes leftover after parsing attributes in process `syz.2.10499'. [ 550.619226][T28329] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10502'. [ 550.716358][T28329] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10502'. [ 551.326623][T28357] tipc: Failed to remove unknown binding: 66,1,1/2:2813350031/2813350033 [ 551.339160][T28357] tipc: Failed to remove unknown binding: 66,1,1/2:2813350031/2813350033 [ 552.021165][T28387] netlink: 'syz.2.10529': attribute type 15 has an invalid length. [ 552.508322][T28412] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10541'. [ 552.528497][T28412] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10541'. [ 553.052497][T28436] sock: sock_set_timeout: `syz.0.10553' (pid 28436) tries to set negative timeout [ 553.501359][T28461] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10565'. [ 554.119441][T28490] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10577'. [ 554.128766][T28490] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10577'. [ 554.239433][T28494] netlink: 208 bytes leftover after parsing attributes in process `syz.1.10579'. [ 555.036890][T28526] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 555.455297][T28545] policy can only be matched on NF_INET_PRE_ROUTING [ 555.455321][T28545] unable to load match [ 555.545423][T28547] GUP no longer grows the stack in syz.2.10601 (28547): 200000003000-20000000a000 (200000001000) [ 555.560796][T28549] syzkaller1: entered promiscuous mode [ 555.569831][T28547] CPU: 0 UID: 0 PID: 28547 Comm: syz.2.10601 Not tainted syzkaller #0 PREEMPT(full) [ 555.569881][T28547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 555.569905][T28547] Call Trace: [ 555.569914][T28547] [ 555.569923][T28547] dump_stack_lvl+0xe8/0x150 [ 555.569955][T28547] __get_user_pages+0x2378/0x2730 [ 555.570009][T28547] ? __gup_longterm_locked+0xc4e/0x1630 [ 555.570036][T28547] ? down_read_killable+0x1bb/0x340 [ 555.570147][T28547] __gup_longterm_locked+0xdcf/0x1630 [ 555.570180][T28547] ? lock_acquire+0x106/0x350 [ 555.570225][T28547] gup_fast_fallback+0x1d84/0x20d0 [ 555.570290][T28547] ? __pfx_gup_fast_fallback+0x10/0x10 [ 555.570321][T28547] ? is_valid_gup_args+0x11f/0x200 [ 555.570349][T28547] ? get_user_pages_fast+0x4d/0xb0 [ 555.570379][T28547] __iov_iter_get_pages_alloc+0x370/0xa10 [ 555.570450][T28547] ? __pfx_pipe_clear_nowait+0x10/0x10 [ 555.570488][T28547] iov_iter_get_pages2+0x5e/0xa0 [ 555.570519][T28547] __se_sys_vmsplice+0x7c7/0x1620 [ 555.570583][T28547] ? __pfx___se_sys_vmsplice+0x10/0x10 [ 555.570613][T28547] ? __pfx_futex_wait+0x10/0x10 [ 555.570751][T28547] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.570777][T28547] do_syscall_64+0x174/0x580 [ 555.570822][T28547] ? trace_irq_disable+0x3b/0x140 [ 555.570855][T28547] ? clear_bhb_loop+0x40/0x90 [ 555.570883][T28547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.570904][T28547] RIP: 0033:0x7f8d5a19ce59 [ 555.570924][T28547] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 555.570942][T28547] RSP: 002b:00007f8d583f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 555.570964][T28547] RAX: ffffffffffffffda RBX: 00007f8d5a415fa0 RCX: 00007f8d5a19ce59 [ 555.570980][T28547] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000005 [ 555.570993][T28547] RBP: 00007f8d5a232d6f R08: 0000000000000000 R09: 0000000000000000 [ 555.571007][T28547] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 555.571019][T28547] R13: 00007f8d5a416038 R14: 00007f8d5a415fa0 R15: 00007ffe13afc128 [ 555.571057][T28547] [ 555.574130][T28549] syzkaller1: entered allmulticast mode [ 556.134329][T28571] netlink: 'syz.1.10610': attribute type 1 has an invalid length. [ 556.358634][T28576] bond6: (slave geneve5): making interface the new active one [ 556.369037][T28576] bond6: (slave geneve5): Enslaving as an active interface with an up link [ 556.468433][T13077] netdevsim netdevsim1 netdevsim0: set [1, 3] type 2 family 0 port 20004 - 0 [ 556.497222][T13077] netdevsim netdevsim1 netdevsim1: set [1, 3] type 2 family 0 port 20004 - 0 [ 556.541150][T13077] netdevsim netdevsim1 netdevsim2: set [1, 3] type 2 family 0 port 20004 - 0 [ 557.239507][T28618] ip6gretap1: entered allmulticast mode [ 557.499851][T28631] netlink: 208240 bytes leftover after parsing attributes in process `syz.0.10628'. [ 557.888321][T28651] netlink: 212360 bytes leftover after parsing attributes in process `syz.2.10636'. [ 558.353460][T28674] netlink: 'syz.1.10646': attribute type 1 has an invalid length. [ 558.431398][T28674] 8021q: adding VLAN 0 to HW filter on device bond7 [ 559.337834][T28725] netlink: 'syz.4.10669': attribute type 2 has an invalid length. [ 559.356506][T28725] netlink: 'syz.4.10669': attribute type 2 has an invalid length. [ 559.527579][T28738] netlink: 24 bytes leftover after parsing attributes in process `syz.1.10676'. [ 559.860676][T28756] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10682'. [ 560.005790][T28763] syzkaller1: entered promiscuous mode [ 560.024081][T28763] syzkaller1: entered allmulticast mode [ 560.259465][T28775] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 560.422103][T28788] only policy match revision 0 supported [ 560.430574][T28788] unable to load match [ 560.647192][T28801] netlink: 24 bytes leftover after parsing attributes in process `syz.1.10701'. [ 560.680199][T28801] netlink: 24 bytes leftover after parsing attributes in process `syz.1.10701'. [ 560.829960][T28809] netlink: 40 bytes leftover after parsing attributes in process `syz.3.10705'. [ 561.093188][T28828] sctp: [Deprecated]: syz.2.10712 (pid 28828) Use of int in maxseg socket option. [ 561.093188][T28828] Use struct sctp_assoc_value instead [ 561.283241][T28832] sch_tbf: burst 7 is lower than device syzkaller0 mtu (1514) ! [ 561.522172][T28845] bridge7: entered promiscuous mode [ 561.536985][T28845] bridge7: entered allmulticast mode [ 561.563877][T28845] team0: Port device bridge7 added [ 561.966086][T28863] netlink: 'syz.3.10728': attribute type 2 has an invalid length. [ 561.975308][T28863] netlink: 'syz.3.10728': attribute type 2 has an invalid length. [ 562.721950][T28896] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10740'. [ 562.877044][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.244213][T28922] veth0: entered promiscuous mode [ 563.298295][T28922] veth0: left promiscuous mode [ 563.499806][T28937] netlink: 12 bytes leftover after parsing attributes in process `syz.4.10758'. [ 563.857281][T28952] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10763'. [ 564.853949][T28980] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 565.033546][T28992] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10780'. [ 565.213479][T29000] netlink: 24 bytes leftover after parsing attributes in process `syz.3.10784'. [ 565.229172][T28992] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10780'. [ 565.846430][T29022] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 565.928175][T29031] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10796'. [ 565.981374][T29034] xt_ecn: cannot match TCP bits for non-tcp packets [ 566.203424][T29043] syzkaller1: entered promiscuous mode [ 566.223388][T29043] syzkaller1: entered allmulticast mode [ 566.586232][T29053] netlink: 16 bytes leftover after parsing attributes in process `syz.1.10804'. [ 567.135325][T29071] syzkaller1: entered promiscuous mode [ 567.159067][T29071] syzkaller1: entered allmulticast mode [ 567.411059][T29082] netlink: 24 bytes leftover after parsing attributes in process `syz.4.10815'. [ 567.562743][T29089] netlink: 'syz.3.10818': attribute type 1 has an invalid length. [ 567.636523][T29089] 8021q: adding VLAN 0 to HW filter on device bond5 [ 567.708832][T29091] bond5: (slave veth7): Enslaving as an active interface with a down link [ 567.799565][T29089] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 567.819395][T29089] bond5: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 567.972658][T29107] netlink: 24 bytes leftover after parsing attributes in process `syz.0.10824'. [ 568.079949][T29110] netlink: 24 bytes leftover after parsing attributes in process `syz.2.10825'. [ 568.127099][T29112] IPVS: sed: FWM 3 0x00000003 - no destination available [ 568.800194][T29146] netlink: 156 bytes leftover after parsing attributes in process `syz.0.10837'. [ 568.889235][T29142] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10837'. [ 569.130750][T29155] sctp: [Deprecated]: syz.0.10840 (pid 29155) Use of int in maxseg socket option. [ 569.130750][T29155] Use struct sctp_assoc_value instead [ 570.247185][T29211] __nla_validate_parse: 3 callbacks suppressed [ 570.247207][T29211] netlink: 212344 bytes leftover after parsing attributes in process `syz.4.10861'. [ 570.881923][T29235] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10871'. [ 570.931141][T29238] netlink: 208240 bytes leftover after parsing attributes in process `syz.3.10872'. [ 571.255941][T29252] netlink: 24 bytes leftover after parsing attributes in process `syz.3.10878'. [ 571.334754][T29252] netlink: 32 bytes leftover after parsing attributes in process `syz.3.10878'. [ 571.553816][T29262] syzkaller1: entered promiscuous mode [ 571.579630][T29262] syzkaller1: entered allmulticast mode [ 572.254235][T29281] netlink: 'syz.0.10888': attribute type 1 has an invalid length. [ 572.490288][T29281] 8021q: adding VLAN 0 to HW filter on device bond5 [ 572.582577][T29284] bond5: (slave veth5): Enslaving as an active interface with a down link [ 572.641334][T29285] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 572.685888][T29285] bond5: (slave batadv0): making interface the new active one [ 572.720282][T29285] batadv0: entered promiscuous mode [ 572.747089][T29285] bond5: (slave batadv0): Enslaving as an active interface with an up link [ 572.775482][T29291] netlink: 144 bytes leftover after parsing attributes in process `syz.3.10891'. [ 572.787955][T29303] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10895'. [ 572.803265][T29304] netlink: 'syz.2.10894': attribute type 1 has an invalid length. [ 572.864869][T29306] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10895'. [ 572.881518][T29304] bond5: entered promiscuous mode [ 572.888743][T29304] 8021q: adding VLAN 0 to HW filter on device bond5 [ 572.944181][T29307] bond5: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 572.982812][T29307] bond5: (slave ipvlan0): The slave device specified does not support setting the MAC address [ 572.998858][T29307] bond5: (slave ipvlan0): Setting fail_over_mac to active for active-backup mode [ 573.016731][T29316] netlink: 14 bytes leftover after parsing attributes in process `syz.0.10896'. [ 573.479029][T29330] netlink: 24 bytes leftover after parsing attributes in process `syz.1.10903'. [ 573.602425][T29337] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 573.627508][T29337] batadv_slave_1: entered promiscuous mode [ 574.162065][T29364] netlink: 'syz.1.10914': attribute type 13 has an invalid length. [ 574.675180][T29369] bridge0: entered promiscuous mode [ 574.686224][T29369] bridge0: entered allmulticast mode [ 575.416899][T29410] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 575.631729][T29413] netlink: 'syz.4.10927': attribute type 5 has an invalid length. [ 575.901384][T29430] veth1_virt_wifi: Caught tx_queue_len zero misconfig [ 575.947975][T29430] __nla_validate_parse: 1 callbacks suppressed [ 575.948004][T29430] netlink: 14544 bytes leftover after parsing attributes in process `syz.1.10930'. [ 576.925717][T29462] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10942'. [ 576.983413][T29469] netlink: 'syz.4.10945': attribute type 1 has an invalid length. [ 577.001788][T29472] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10946'. [ 577.181675][T29484] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10949'. [ 577.206211][T29477] bond6: (slave ip6gre3): The slave device specified does not support setting the MAC address [ 577.221630][T29477] bond6: (slave ip6gre3): Setting fail_over_mac to active for active-backup mode [ 577.241642][T29477] bond6: (slave ip6gre3): making interface the new active one [ 577.251045][T29477] bond6: (slave ip6gre3): Enslaving as an active interface with an up link [ 577.495652][T29494] netlink: 20 bytes leftover after parsing attributes in process `syz.2.10954'. [ 577.508693][T29493] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10951'. [ 577.587714][T29493] netlink: 'syz.0.10951': attribute type 1 has an invalid length. [ 577.779346][T29507] netlink: 'syz.3.10959': attribute type 1 has an invalid length. [ 577.843227][T29512] tipc: Failed to remove unknown binding: 66,1,1/2886997007:924544518/924544520 [ 577.906804][T29507] bond6: (slave veth11): Enslaving as an active interface with a down link [ 577.968382][T29515] 8021q: adding VLAN 0 to HW filter on device bond6 [ 578.133844][T29525] netlink: 24 bytes leftover after parsing attributes in process `syz.4.10965'. [ 578.429382][T29541] netlink: 'syz.4.10971': attribute type 1 has an invalid length. [ 578.578248][T29541] bond7: entered promiscuous mode [ 578.613138][T29541] 8021q: adding VLAN 0 to HW filter on device bond7 [ 578.752411][T29548] bond7: (slave bridge5): making interface the new active one [ 578.765664][T29548] bridge5: entered promiscuous mode [ 578.810593][T29548] bridge5: left promiscuous mode [ 578.925982][T29546] A link change request failed with some changes committed already. Interface eth0 may have been left with an inconsistent configuration, please check. [ 579.265444][T29560] sctp: [Deprecated]: syz.3.10977 (pid 29560) Use of struct sctp_assoc_value in delayed_ack socket option. [ 579.265444][T29560] Use struct sctp_sack_info instead [ 579.413578][T29562] syzkaller1: entered promiscuous mode [ 579.424310][T29562] syzkaller1: entered allmulticast mode [ 579.636198][T29568] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10981'. [ 579.787353][T29571] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10982'. [ 579.911589][T29580] netlink: 'syz.0.10984': attribute type 26 has an invalid length. [ 579.942337][T29580] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10984'. [ 579.979051][T29580] netlink: 'syz.0.10984': attribute type 26 has an invalid length. [ 580.349210][T29591] netlink: 'syz.3.10989': attribute type 1 has an invalid length. [ 581.677989][T29639] __nla_validate_parse: 1 callbacks suppressed [ 581.678021][T29639] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11006'. [ 582.279004][T29664] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11016'. [ 582.601043][T29654] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11012'. [ 582.611995][T29654] netlink: 24 bytes leftover after parsing attributes in process `syz.1.11012'. [ 582.783005][T29677] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11019'. [ 583.703863][T29715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11030'. [ 584.076750][ T3320] batadv0: left promiscuous mode [ 584.159202][T29734] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11035'. [ 584.188248][T29734] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11035'. [ 584.207390][T29734] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11035'. [ 584.549074][T29750] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11039'. [ 586.627396][T29843] bond6: entered promiscuous mode [ 586.671417][T29841] tipc: Enabled bearer , priority 0 [ 586.686398][T29843] macvlan0: entered promiscuous mode [ 586.691848][T29843] macvlan0: entered allmulticast mode [ 586.700972][T29843] bond6: (slave macvlan0): Opening slave failed [ 586.830464][T29841] syzkaller0: entered promiscuous mode [ 586.847268][T29841] syzkaller0: entered allmulticast mode [ 586.854306][T29841] tipc: Resetting bearer [ 586.895452][T29838] tipc: Resetting bearer [ 589.196693][T29838] tipc: Disabling bearer [ 589.257045][ T5644] tipc: Node number set to 3758096385 [ 589.433262][T29888] netlink: 'syz.2.11082': attribute type 4 has an invalid length. [ 589.471394][T29891] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11084'. [ 589.590264][T29893] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 589.639209][T29893] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 589.991043][T29921] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11097'. [ 590.688581][T29956] netlink: 64 bytes leftover after parsing attributes in process `syz.2.11106'. [ 590.710960][T29955] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 590.785884][T29958] syzkaller1: entered promiscuous mode [ 590.803606][T29958] syzkaller1: entered allmulticast mode [ 590.948247][T29962] netlink: 28 bytes leftover after parsing attributes in process `syz.4.11108'. [ 591.236464][T29981] netlink: 64 bytes leftover after parsing attributes in process `syz.1.11115'. [ 591.307249][T29981] syzkaller1: entered promiscuous mode [ 591.319412][T29981] syzkaller1: entered allmulticast mode [ 591.729559][T29991] tipc: Enabled bearer , priority 0 [ 591.817436][T29991] syzkaller0: entered promiscuous mode [ 591.830118][T29991] syzkaller0: entered allmulticast mode [ 591.843386][T29991] tipc: Resetting bearer [ 591.883565][T29990] tipc: Resetting bearer [ 592.556651][T30019] netlink: 64 bytes leftover after parsing attributes in process `syz.1.11129'. [ 592.763178][T30028] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11131'. [ 594.468022][T29990] tipc: Disabling bearer [ 596.220233][ T5652] block nbd4: Receive control failed (result -110) [ 597.303616][T30111] tipc: Failed to remove unknown binding: 66,0,0/2886997007:4144929825/4144929826 [ 597.329142][T30111] tipc: Failed to remove unknown binding: 66,0,0/2886997007:4144929825/4144929826 [ 597.489442][T30113] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11161'. [ 597.499988][T30113] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11161'. [ 598.801541][T30105] tipc: Enabling of bearer rejected, failed to enable media [ 598.838596][T30117] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11163'. [ 598.986062][T30117] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11163'. [ 599.261110][T30135] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 599.436207][ T3320] [ 599.438594][ T3320] ====================================================== [ 599.445633][ T3320] WARNING: possible circular locking dependency detected [ 599.452691][ T3320] syzkaller #0 Not tainted [ 599.457129][ T3320] ------------------------------------------------------ [ 599.464251][ T3320] kworker/u8:8/3320 is trying to acquire lock: [ 599.470426][ T3320] ffffffff8ea85600 (fs_reclaim){+.+.}-{0:0}, at: kmem_cache_alloc_node_noprof+0x4a/0x690 [ 599.480313][ T3320] [ 599.480313][ T3320] but task is already holding lock: [ 599.487705][ T3320] ffff888059050260 (k-sk_lock-AF_INET){+.+.}-{0:0}, at: inet_stream_connect+0x51/0xa0 [ 599.497396][ T3320] [ 599.497396][ T3320] which lock already depends on the new lock. [ 599.497396][ T3320] [ 599.507816][ T3320] [ 599.507816][ T3320] the existing dependency chain (in reverse order) is: [ 599.516842][ T3320] [ 599.516842][ T3320] -> #7 (k-sk_lock-AF_INET){+.+.}-{0:0}: [ 599.524678][ T3320] lock_sock_nested+0x41/0x100 [ 599.530047][ T3320] __inet_bind+0x392/0xa90 [ 599.534996][ T3320] mptcp_bind+0x128/0x1d0 [ 599.539905][ T3320] __sys_bind+0x2e3/0x410 [ 599.544822][ T3320] __x64_sys_bind+0x7a/0x90 [ 599.549873][ T3320] do_syscall_64+0x174/0x580 [ 599.555001][ T3320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.561438][ T3320] [ 599.561438][ T3320] -> #6 (sk_lock-AF_INET){+.+.}-{0:0}: [ 599.569103][ T3320] lock_sock_nested+0x41/0x100 [ 599.574406][ T3320] inet_shutdown+0x6a/0x390 [ 599.579449][ T3320] nbd_mark_nsock_dead+0x2e9/0x560 [ 599.585182][ T3320] recv_work+0x1c2e/0x1d40 [ 599.590138][ T3320] process_scheduled_works+0xb5d/0x1860 [ 599.596217][ T3320] worker_thread+0xa53/0xfc0 [ 599.601435][ T3320] kthread+0x389/0x470 [ 599.606043][ T3320] ret_from_fork+0x514/0xb70 [ 599.611167][ T3320] ret_from_fork_asm+0x1a/0x30 [ 599.616463][ T3320] [ 599.616463][ T3320] -> #5 (&nsock->tx_lock){+.+.}-{4:4}: [ 599.624126][ T3320] __mutex_lock+0x1a3/0x1550 [ 599.629250][ T3320] nbd_queue_rq+0x37b/0x1100 [ 599.634394][ T3320] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 599.640552][ T3320] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 599.647444][ T3320] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 599.653959][ T3320] blk_mq_run_hw_queue+0x348/0x4f0 [ 599.659623][ T3320] blk_mq_dispatch_list+0xd16/0xe10 [ 599.665361][ T3320] blk_mq_flush_plug_list+0x48d/0x570 [ 599.671275][ T3320] __blk_flush_plug+0x3ed/0x4d0 [ 599.676734][ T3320] __submit_bio+0x28d/0x580 [ 599.681778][ T3320] submit_bio_noacct_nocheck+0x2f4/0xa40 [ 599.687948][ T3320] block_read_full_folio+0x599/0x830 [ 599.693769][ T3320] filemap_read_folio+0x137/0x3b0 [ 599.699328][ T3320] do_read_cache_folio+0x358/0x590 [ 599.704984][ T3320] read_part_sector+0xb6/0x2b0 [ 599.710346][ T3320] adfspart_check_ICS+0xb1/0x960 [ 599.715819][ T3320] bdev_disk_changed+0x817/0x1770 [ 599.721381][ T3320] blkdev_get_whole+0x380/0x510 [ 599.726815][ T3320] bdev_open+0x31e/0xd30 [ 599.731593][ T3320] blkdev_open+0x470/0x610 [ 599.736554][ T3320] do_dentry_open+0x822/0x13a0 [ 599.741855][ T3320] vfs_open+0x3b/0x340 [ 599.746467][ T3320] path_openat+0x2e08/0x3860 [ 599.751604][ T3320] do_file_open+0x23e/0x4a0 [ 599.756654][ T3320] do_sys_openat2+0x113/0x200 [ 599.761864][ T3320] __x64_sys_openat+0x138/0x170 [ 599.767251][ T3320] do_syscall_64+0x174/0x580 [ 599.772377][ T3320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.778801][ T3320] [ 599.778801][ T3320] -> #4 (&cmd->lock){+.+.}-{4:4}: [ 599.786029][ T3320] __mutex_lock+0x1a3/0x1550 [ 599.791151][ T3320] nbd_queue_rq+0xc6/0x1100 [ 599.796199][ T3320] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 599.802285][ T3320] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 599.809161][ T3320] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 599.815685][ T3320] blk_mq_run_hw_queue+0x348/0x4f0 [ 599.821329][ T3320] blk_mq_dispatch_list+0xd16/0xe10 [ 599.827068][ T3320] blk_mq_flush_plug_list+0x48d/0x570 [ 599.832974][ T3320] __blk_flush_plug+0x3ed/0x4d0 [ 599.838362][ T3320] __submit_bio+0x28d/0x580 [ 599.843403][ T3320] submit_bio_noacct_nocheck+0x2f4/0xa40 [ 599.849581][ T3320] block_read_full_folio+0x599/0x830 [ 599.855399][ T3320] filemap_read_folio+0x137/0x3b0 [ 599.860965][ T3320] do_read_cache_folio+0x358/0x590 [ 599.866621][ T3320] read_part_sector+0xb6/0x2b0 [ 599.871921][ T3320] adfspart_check_ICS+0xb1/0x960 [ 599.877491][ T3320] bdev_disk_changed+0x817/0x1770 [ 599.883065][ T3320] blkdev_get_whole+0x380/0x510 [ 599.888457][ T3320] bdev_open+0x31e/0xd30 [ 599.893239][ T3320] blkdev_open+0x470/0x610 [ 599.898198][ T3320] do_dentry_open+0x822/0x13a0 [ 599.903499][ T3320] vfs_open+0x3b/0x340 [ 599.908201][ T3320] path_openat+0x2e08/0x3860 [ 599.913337][ T3320] do_file_open+0x23e/0x4a0 [ 599.918386][ T3320] do_sys_openat2+0x113/0x200 [ 599.923608][ T3320] __x64_sys_openat+0x138/0x170 [ 599.928992][ T3320] do_syscall_64+0x174/0x580 [ 599.934117][ T3320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.940546][ T3320] [ 599.940546][ T3320] -> #3 (set->srcu){.+.+}-{0:0}: [ 599.947692][ T3320] __synchronize_srcu+0xca/0x300 [ 599.953170][ T3320] elevator_switch+0x1e8/0x7a0 [ 599.958471][ T3320] elevator_change+0x2cc/0x450 [ 599.963768][ T3320] elevator_set_default+0x36c/0x430 [ 599.969499][ T3320] blk_register_queue+0x3e9/0x4e0 [ 599.975063][ T3320] __add_disk+0x677/0xd50 [ 599.979931][ T3320] add_disk_fwnode+0xfb/0x480 [ 599.985144][ T3320] nbd_dev_add+0x72c/0xb50 [ 599.990104][ T3320] nbd_init+0x168/0x1f0 [ 599.994800][ T3320] do_one_initcall+0x250/0x870 [ 600.000103][ T3320] do_initcall_level+0x104/0x190 [ 600.005577][ T3320] do_initcalls+0x59/0xa0 [ 600.010441][ T3320] kernel_init_freeable+0x2a6/0x3e0 [ 600.016175][ T3320] kernel_init+0x1d/0x1d0 [ 600.021101][ T3320] ret_from_fork+0x514/0xb70 [ 600.026234][ T3320] ret_from_fork_asm+0x1a/0x30 [ 600.031624][ T3320] [ 600.031624][ T3320] -> #2 (&q->elevator_lock){+.+.}-{4:4}: [ 600.039484][ T3320] __mutex_lock+0x1a3/0x1550 [ 600.044631][ T3320] elevator_change+0x1b3/0x450 [ 600.049957][ T3320] elevator_set_none+0xb5/0x140 [ 600.055369][ T3320] blk_mq_update_nr_hw_queues+0x5e7/0x1a60 [ 600.061760][ T3320] nbd_start_device+0x17f/0xb10 [ 600.067166][ T3320] nbd_genl_connect+0x165b/0x1cf0 [ 600.072746][ T3320] genl_family_rcv_msg_doit+0x22a/0x330 [ 600.078911][ T3320] genl_rcv_msg+0x61c/0x7a0 [ 600.083961][ T3320] netlink_rcv_skb+0x232/0x4b0 [ 600.089312][ T3320] genl_rcv+0x28/0x40 [ 600.093838][ T3320] netlink_unicast+0x75c/0x8e0 [ 600.099151][ T3320] netlink_sendmsg+0x813/0xb40 [ 600.104479][ T3320] ____sys_sendmsg+0x972/0x9f0 [ 600.109808][ T3320] ___sys_sendmsg+0x2a5/0x360 [ 600.115031][ T3320] __x64_sys_sendmsg+0x1bd/0x2a0 [ 600.120506][ T3320] do_syscall_64+0x174/0x580 [ 600.125634][ T3320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.132068][ T3320] [ 600.132068][ T3320] -> #1 (&q->q_usage_counter(io)#51){++++}-{0:0}: [ 600.140701][ T3320] blk_alloc_queue+0x546/0x680 [ 600.146008][ T3320] __blk_mq_alloc_disk+0x197/0x390 [ 600.151664][ T3320] nbd_dev_add+0x499/0xb50 [ 600.156624][ T3320] nbd_init+0x168/0x1f0 [ 600.161323][ T3320] do_one_initcall+0x250/0x870 [ 600.166624][ T3320] do_initcall_level+0x104/0x190 [ 600.172100][ T3320] do_initcalls+0x59/0xa0 [ 600.176962][ T3320] kernel_init_freeable+0x2a6/0x3e0 [ 600.182698][ T3320] kernel_init+0x1d/0x1d0 [ 600.187562][ T3320] ret_from_fork+0x514/0xb70 [ 600.192684][ T3320] ret_from_fork_asm+0x1a/0x30 [ 600.197986][ T3320] [ 600.197986][ T3320] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 600.205217][ T3320] __lock_acquire+0x15a5/0x2cf0 [ 600.210601][ T3320] lock_acquire+0x106/0x350 [ 600.215638][ T3320] fs_reclaim_acquire+0x71/0x100 [ 600.221114][ T3320] kmem_cache_alloc_node_noprof+0x4a/0x690 [ 600.227462][ T3320] __alloc_skb+0x1d0/0x7d0 [ 600.232480][ T3320] tcp_stream_alloc_skb+0x3f/0x580 [ 600.238184][ T3320] tcp_connect+0x15a9/0x53a0 [ 600.243335][ T3320] tcp_v4_connect+0x10f7/0x19b0 [ 600.248748][ T3320] __inet_stream_connect+0x25a/0xdd0 [ 600.254658][ T3320] inet_stream_connect+0x66/0xa0 [ 600.260134][ T3320] kernel_connect+0x141/0x1c0 [ 600.265356][ T3320] rds_tcp_conn_path_connect+0x6f6/0x930 [ 600.271601][ T3320] rds_connect_worker+0x1d8/0x290 [ 600.277180][ T3320] process_scheduled_works+0xb5d/0x1860 [ 600.283254][ T3320] worker_thread+0xa53/0xfc0 [ 600.288377][ T3320] kthread+0x389/0x470 [ 600.292982][ T3320] ret_from_fork+0x514/0xb70 [ 600.298113][ T3320] ret_from_fork_asm+0x1a/0x30 [ 600.303410][ T3320] [ 600.303410][ T3320] other info that might help us debug this: [ 600.303410][ T3320] [ 600.313649][ T3320] Chain exists of: [ 600.313649][ T3320] fs_reclaim --> sk_lock-AF_INET --> k-sk_lock-AF_INET [ 600.313649][ T3320] [ 600.326453][ T3320] Possible unsafe locking scenario: [ 600.326453][ T3320] [ 600.333907][ T3320] CPU0 CPU1 [ 600.339277][ T3320] ---- ---- [ 600.344662][ T3320] lock(k-sk_lock-AF_INET); [ 600.349275][ T3320] lock(sk_lock-AF_INET); [ 600.356225][ T3320] lock(k-sk_lock-AF_INET); [ 600.363350][ T3320] lock(fs_reclaim); [ 600.367347][ T3320] [ 600.367347][ T3320] *** DEADLOCK *** [ 600.367347][ T3320] [ 600.375493][ T3320] 4 locks held by kworker/u8:8/3320: [ 600.380781][ T3320] #0: ffff888028bdd940 ((wq_completion)krds_cp_wq#14/0){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 600.392548][ T3320] #1: ffffc9000e307c40 ((work_completion)(&(&cp->cp_conn_w)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 600.405347][ T3320] #2: ffff8880592d4980 (&tc->t_conn_path_lock){+.+.}-{4:4}, at: rds_tcp_conn_path_connect+0x1cc/0x930 [ 600.416426][ T3320] #3: ffff888059050260 (k-sk_lock-AF_INET){+.+.}-{0:0}, at: inet_stream_connect+0x51/0xa0 [ 600.426449][ T3320] [ 600.426449][ T3320] stack backtrace: [ 600.432353][ T3320] CPU: 0 UID: 0 PID: 3320 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(full) [ 600.432372][ T3320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 600.432384][ T3320] Workqueue: krds_cp_wq#14/0 rds_connect_worker [ 600.432407][ T3320] Call Trace: [ 600.432431][ T3320] [ 600.432439][ T3320] dump_stack_lvl+0xe8/0x150 [ 600.432458][ T3320] print_circular_bug+0x2e1/0x300 [ 600.432482][ T3320] check_noncircular+0x12e/0x150 [ 600.432506][ T3320] __lock_acquire+0x15a5/0x2cf0 [ 600.432530][ T3320] ? __lock_acquire+0x6b5/0x2cf0 [ 600.432549][ T3320] ? kmem_cache_alloc_node_noprof+0x4a/0x690 [ 600.432572][ T3320] lock_acquire+0x106/0x350 [ 600.432587][ T3320] ? kmem_cache_alloc_node_noprof+0x4a/0x690 [ 600.432613][ T3320] ? rcu_is_watching+0x15/0xb0 [ 600.432634][ T3320] fs_reclaim_acquire+0x71/0x100 [ 600.432658][ T3320] ? kmem_cache_alloc_node_noprof+0x4a/0x690 [ 600.432680][ T3320] kmem_cache_alloc_node_noprof+0x4a/0x690 [ 600.432704][ T3320] ? __alloc_skb+0x1d0/0x7d0 [ 600.432726][ T3320] ? ipv4_default_advmss+0x20/0x340 [ 600.432800][ T3320] __alloc_skb+0x1d0/0x7d0 [ 600.432825][ T3320] tcp_stream_alloc_skb+0x3f/0x580 [ 600.432845][ T3320] ? __asan_memset+0x22/0x50 [ 600.432873][ T3320] tcp_connect+0x15a9/0x53a0 [ 600.432899][ T3320] ? irqentry_exit+0x218/0x8b0 [ 600.432916][ T3320] ? irqentry_exit+0x218/0x8b0 [ 600.432935][ T3320] ? __pfx_tcp_connect+0x10/0x10 [ 600.432959][ T3320] ? __asan_memset+0x22/0x50 [ 600.432981][ T3320] ? __pfx_tcp_fastopen_defer_connect+0x10/0x10 [ 600.433025][ T3320] ? secure_tcp_seq_and_ts_off+0xf2/0x1d0 [ 600.433078][ T3320] ? sk_setup_caps+0x9ef/0xc40 [ 600.433093][ T3320] ? sk_setup_caps+0x29/0xc40 [ 600.433109][ T3320] tcp_v4_connect+0x10f7/0x19b0 [ 600.433140][ T3320] ? __pfx_tcp_v4_connect+0x10/0x10 [ 600.433159][ T3320] ? inet_csk_get_port+0x1178/0x16d0 [ 600.433176][ T3320] ? __local_bh_enable_ip+0xd0/0x130 [ 600.433195][ T3320] __inet_stream_connect+0x25a/0xdd0 [ 600.433216][ T3320] ? do_raw_spin_lock+0x12b/0x2f0 [ 600.433237][ T3320] ? lock_sock_nested+0x6a/0x100 [ 600.433257][ T3320] ? __pfx___inet_stream_connect+0x10/0x10 [ 600.433277][ T3320] ? inet_stream_connect+0x51/0xa0 [ 600.433295][ T3320] ? __local_bh_enable_ip+0xd0/0x130 [ 600.433313][ T3320] inet_stream_connect+0x66/0xa0 [ 600.433331][ T3320] kernel_connect+0x141/0x1c0 [ 600.433349][ T3320] ? __pfx_kernel_connect+0x10/0x10 [ 600.433373][ T3320] ? __local_bh_enable_ip+0xd0/0x130 [ 600.433391][ T3320] rds_tcp_conn_path_connect+0x6f6/0x930 [ 600.433427][ T3320] ? __pfx_rds_tcp_conn_path_connect+0x10/0x10 [ 600.433451][ T3320] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 600.433475][ T3320] ? process_scheduled_works+0xa70/0x1860 [ 600.433492][ T3320] ? process_scheduled_works+0xa70/0x1860 [ 600.433511][ T3320] rds_connect_worker+0x1d8/0x290 [ 600.433530][ T3320] ? process_scheduled_works+0xa70/0x1860 [ 600.433546][ T3320] process_scheduled_works+0xb5d/0x1860 [ 600.433576][ T3320] ? __pfx_process_scheduled_works+0x10/0x10 [ 600.433595][ T3320] ? assign_work+0x3d5/0x5e0 [ 600.433612][ T3320] worker_thread+0xa53/0xfc0 [ 600.433640][ T3320] kthread+0x389/0x470 [ 600.433661][ T3320] ? __pfx_worker_thread+0x10/0x10 [ 600.433676][ T3320] ? __pfx_kthread+0x10/0x10 [ 600.433697][ T3320] ret_from_fork+0x514/0xb70 [ 600.433715][ T3320] ? __pfx_ret_from_fork+0x10/0x10 [ 600.433731][ T3320] ? __switch_to+0xc79/0x1410 [ 600.433755][ T3320] ? __pfx_kthread+0x10/0x10 [ 600.433776][ T3320] ret_from_fork_asm+0x1a/0x30 [ 600.433802][ T3320]