last executing test programs: 12.593033533s ago: executing program 0 (id=15073): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) ioctl$XFS_IOC_START_COMMIT(r0, 0x80585882, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='yeah', 0x4) sendmmsg$inet(r0, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000980)="91f8a984", 0x4}], 0x1}}, {{0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000001500)="24acadd7f04daaa04e88680351d9ce53f67fd2afefe557d4bd561f02df2570f175951d4bdd97ec433ec583c79fa668922a61c8662e0890ce06996f5ba401e582dfb5197822bee50c6cd4b3a6f9d14f1fde9b1698ad6847d4fde0458282ece396a1e212cd02e6fb62599df5ecb5984843ee04e96eb26fa2a8100a0b7b2d032fff965485ded83b39d6c9835416a8db5414a6c54101693e6b05e652b49fceaf4a0cc2b7898034ff0eb5150b3e85b9ff5658ba346d0b6b5a3a71eb084311606cf6b8ccf7c45a79b319a201e9c5ae9f0aab5c4dd7a77de7f5ae2edb307892dbfa8377446d8cabb9302b27250c66ddaeb3988933df044b6ae4570671cf861484b9124827dbe78a0388eecac9e6ad371287ca014fa658c6f1308b046b2fc0cc3d5b8ba48f3b1319d5976bb45f3c630f01c77b93f07fe2b304a98383258a37791da00145e24f619c5dd07939c39212ca7d8421dcf50ab703f86dacf4a4159a123d25a7a9ad2319a876af43da4cf86b0f6a7f261562e1b10681a71d941a5e90031452e37f4a616b85fe6b48803cbca2369565be720ef5fd1e6326234c34f6e13ba39f9460acc68e15eef508e402b29e452883c90b50b04d66ad07cb689d31426147a965dd4691519d844bfc83d830b8c5a679c41fbdcc2d16b3dcecc1f5be156f96fa2a315c68bfd1ebba95e9de0e3cdf7ad8e93b92cda3c4643ca88fcd710c1a24d0d62b54d937f2fbe7aa09ba34c71a17eefa0dba2d4752ae91850d734be15b1f2f5e36856786f5cf0afec24a46634f8d5aec6008c1ace1e404af77c8f4d37283847349ac22f6703d44fb66cec0ceb9390cf2f878d8390ecd8fbeb82a6ccd966bca4c4689a2e2a850a30dfa7c0c19ecec0c799e2880d2088ece8401306bfa4b34da709caa802c8f9d6deb5b599d262faa7de40de113c89a8e8e3a4f19ac1847387be89e27286e20dd49339021e79ddb0cf3bf72fcc25f3b7d35ca05c4473521320b1a6bee637e4f4da9692506931df8f990ed54e23000030d26f30c8ee3ace6c9d5795b7443aa0651ecb2b64549d4bd4bea0ed0f69e69291057bf7c3b92ad0a8ec4e5acf31c4ed8c372f1bd9b0bf6c51a7a29915fc2e5a24c36599612fd4527870ea6c7057f87c105c73386f738f98165cb8bac0d2ce46eeb7e39d9f3c2d93e4910d231ce946d65120f2bd4842ed181261c0ea728b06e6155944b6c3554d553724c5419d45f633d97bc59889ed7a4df1d35cc9bede168d3d8dca779293dd9564877b009d93c99a7a0f983e33e937bfb13b06e611c8c33313821f110e6911643cfabc2c75c42af256a07c8fee22c7795cb5a57dda8df2b668d893dd7a6bbfada01b49c6c96156bd5ebc10f16fd30579fa059207c4c9f69fff76a3e83839697324adc1037b64db5fe6f55a72fc9311a414c8848885071620e2c7539e6ac2684785ce04bba9785b4571e183bc12fdad8d58e57d0355c4082fbe08fdb8feedd6d3d6f7f586f22b06069ed48b931c7cbc2eca14b2e649432953a9ef28928450ca8907b90fce815cdfe", 0x443}], 0x1, 0x0, 0x6d}}], 0x2, 0x2090) 11.527482482s ago: executing program 0 (id=15088): ioctl$NILFS_IOCTL_GET_VINFO(0xffffffffffffffff, 0xc0186e86, &(0x7f00000001c0)={&(0x7f0000000080)=[{0x7fffffff, 0x2, 0x9, 0x9}, {0x5, 0x7fffffff, 0x7ff, 0x19e8}, {0x6, 0x8, 0xc, 0xc}, {0x9, 0x8001, 0x9, 0xffff}, {0x7fffffffffffffff, 0x9, 0xffffffff, 0xe}, {0x6, 0x2, 0x3, 0x5}, {0x10000, 0x6, 0x8, 0x9}, {0x7, 0x9, 0x10001, 0x7}, {0x4, 0x301, 0x6, 0x1}], 0x9, 0x20, 0x1, 0x9}) (async) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000001400791048000000000069004f000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0xa3}, 0x21) 11.478151668s ago: executing program 0 (id=15090): r0 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x40000) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000980)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xfffa, 0xfff3}, {0x0, 0xffe0}, {0x10, 0x4}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ICMPV4_TYPE_MASK={0x5}, @TCA_FLOWER_KEY_ENC_IPV4_DST={0x8, 0x1d, @remote}, @TCA_FLOWER_KEY_ENC_IPV4_DST_MASK={0x8}]}}, @TCA_CHAIN={0x8, 0xb, 0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x20048001}, 0x4044) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) read(r3, &(0x7f0000000580)=""/63, 0x3f) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x41}}, &(0x7f0000000480)='GPL\x00', 0x7}, 0x90) sendmsg$RDMA_NLDEV_CMD_RES_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="100000000914e73f"], 0x4e}}, 0x20008000) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 11.27215526s ago: executing program 0 (id=15094): r0 = socket$l2tp6(0xa, 0x2, 0x73) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x10002) bind$l2tp6(r0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0) 10.327521197s ago: executing program 0 (id=15111): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, 0x0, 0x4040800) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e24, @loopback}, 0x10) sendmsg$inet(r0, &(0x7f0000000480)={&(0x7f0000000000)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f00000001c0)="91cfdfefdb", 0x1a000}], 0x1}, 0x0) sendmsg$rds(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x2, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x488c4}, 0x30) 10.145801953s ago: executing program 0 (id=15114): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, 0x0, &(0x7f0000000100)) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, {0xb}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@delchain={0x2c, 0x64, 0xf31, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0xf}}, [@TCA_CHAIN={0x8, 0xb, 0xe0d}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x4040000) 2.800704016s ago: executing program 4 (id=15144): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x3c1, 0x3, 0x3f8, 0x0, 0xc8, 0x8, 0x0, 0x5803, 0x328, 0x2e8, 0x2e8, 0x328, 0x2e8, 0x3, 0x0, {[{{@ipv6={@local, @private1, [0xffffff00, 0xff000000], [0xff, 0x34da508f3e8fb0eb, 0xffffff00, 0xff], 'veth0_to_batadv\x00', 'veth1_to_team\x00', {0xff}, {0xff}, 0x89, 0x7, 0x7, 0x38}, 0x0, 0x190, 0x1c8, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x100, 'bm\x00', "cfcaf80c672f61cd17ae5119b5135c2aee0500000000000000ecef50c3234e082555f67222476147864fa03182f5cf11d8c348cbd06d7d4e252c3394fed47bf78c70f607b0178fa5ea3350ebc989f1f34a214e67442ce98bbaa8e0f7323a4ca0a7be6c60c527bac2b500", 0x1, 0x3}}, @common=@inet=@set2={{0x28}, {{0xfffe, 0x5, 0x4}}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x3, 0x6, 0x7}, {0x3, 0x3, 0x6}, {0x1, 0x1, 0x2}, 0x3, 0x29b}}}, {{@ipv6={@remote, @loopback, [], [], 'macvtap0\x00', 'syzkaller1\x00', {}, {0xff}, 0x0, 0x0, 0x2}, 0x0, 0xf8, 0x160, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00', {0xfffffffffffffffd}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x458) ioctl$XFS_IOC_PATH_TO_HANDLE(r0, 0xc0385869, &(0x7f0000000580)={r0, &(0x7f0000000000)='-$::{)(%-,}\x00', 0x84c02, &(0x7f00000004c0)={@_ha_fsid={[0x597, 0x5]}, {0x40, 0x2, 0x3, 0x9}}, 0x9, &(0x7f0000000500)={@_ha_fsid}, &(0x7f0000000540)=0x4}) ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f00000005c0)={0x1, 0xa, [@remote, @random="aeda7fe79c55", @multicast, @remote, @broadcast, @empty, @broadcast, @empty, @broadcast, @remote]}) 2.59576781s ago: executing program 4 (id=15146): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}, 0xac}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000480)=""/92, 0x95}, {&(0x7f00000018c0)=""/4108, 0x100c}, {&(0x7f0000001680)=""/109, 0x6d}, {&(0x7f0000001740)=""/72, 0x48}, {&(0x7f00000005c0)=""/61, 0x3d}], 0x5}, 0x7}, {{0x0, 0x3c, 0x0}, 0xd3a7}, {{0x0, 0x0, 0x0}, 0x80000}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}, 0x8000005}, {{0x0, 0x0, 0x0}, 0x6}, {{0x0, 0x0, 0x0}, 0x10001}, {{0x0, 0x0, 0x0}, 0xa9e5}], 0x9, 0x2000, 0x0) 2.371875172s ago: executing program 2 (id=15149): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000000)={0x0, 0x1, 0x8001, 0x6}, 0x10) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback, 0xff000000}, 0x1c) 2.326035169s ago: executing program 4 (id=15150): r0 = socket$l2tp6(0xa, 0x2, 0x73) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x10002) bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x20) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x8e, 0x0, 0x0) 2.211270309s ago: executing program 2 (id=15151): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000e00)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa000000029000007000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350607000fff07206706000003000000160302000ee60060bf350000000000001f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dc725f431bcab0ef59b8f0e431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa0100000000000000b93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4ffcae1a8a793a7795a9214a92f66e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc3086936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154baa8e51489a614e69722bac30000000000000000000000000000a006b178438e930b2494db1bf624a70a19a45b8b71869afb13cb2ac1d2f3ec0d93a3e4fd0ad076c7d826f218aa6ba8ec5e58b7c64dc8616127087901dc65418a4b25bfa7ae8b5ad9642815f319230425e8bd89c6983d816d97d81a739917eecd26f9a3aecaf0acdaf6cffab38eae3b10b122b4bf521a46bf01a0c136f745113b589459fbe1666087a7c554a55e2b42ab7e405a77f405a348a64e356b7fb61e48ea9c87bf13f97052c51fdd49f3dbccf9874cf61807ae4b1665ccdd026d4580a068395e8cb851eeadb1da6d1009513ca73a685c66fb15f27eb74a7a4eb5966e3ef4be3ca8ba81b2d17d797265390ce616c3d7b566fe956fb93c6a43f4dc6bfc194daeb7b998d550773bc14aca"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffdb7}, 0x48) 2.142977888s ago: executing program 3 (id=15153): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000108c0)={0x12, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}]}, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x29, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0) r4 = socket$inet(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b04, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r5, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}, 0x1, 0x0, 0x0, 0x8090}, 0x0) r6 = socket(0x10, 0x803, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x79, 0x11, 0xc8}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x70) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x20, r8, 0x603, 0x70bd2f, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x42000}, 0x4000054) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r11, 0x1, 0x4c, &(0x7f0000000000), 0x4) recvmsg$unix(r11, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x2000) ioctl$TUNSETNOCSUM(r12, 0xc040ff0b, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x11, 0xb, &(0x7f0000000180)=@raw=[@map_idx_val={0x18, 0x0, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001240)='GPL\x00', 0x10000, 0x0, 0x0, 0x41000, 0x22, '\x00', r10, 0x0, r12, 0x8, &(0x7f0000001280)={0x7, 0x4}, 0x8}, 0x94) bpf$MAP_CREATE(0x15, 0x0, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) r13 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r13, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r13, &(0x7f0000000040)="09000000010001", 0x7) 2.009359498s ago: executing program 2 (id=15154): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000500), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000002000000018000180140002006e657464657673696d3000000000000008001000000100000800130000000000080012"], 0x44}}, 0x0) 1.783771276s ago: executing program 2 (id=15156): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmmsg$inet6(r0, &(0x7f0000001240)=[{{&(0x7f0000000100)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x6}, 0x1c, &(0x7f00000002c0)=[{&(0x7f00000001c0)="40b2364924ab187cc4df4d0ac67fdd0b1b6c7afa15cc6acba2a142217b1c3e73da3fcff2abf4a114309c2208c6ea60f26c2e0bd00e8d793e46e9469ccc893bcec3097837ee6f5c260eb3e669b5c5fe7b69ad90c421f551b3603055bdd63f84ec0dc8796ea9e1785597c4664adf3f62cdd2eda0e17e450836e6becfacb601c2b76a6f5a779b1569e258a9e9", 0x8b}], 0x1, &(0x7f0000000300)=[@tclass={{0x14, 0x29, 0x43, 0xfe3}}, @hopopts_2292={{0x28, 0x29, 0x36, {0x2c, 0x1, '\x00', [@padn={0x1, 0x2, [0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x4}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x6}}], 0x58}}, {{&(0x7f0000000380)={0xa, 0x4e23, 0x400, @dev={0xfe, 0x80, '\x00', 0xc}, 0x86}, 0x1c, &(0x7f0000000540)=[{&(0x7f00000003c0)="dd5e6ba37b8ef796052fd56547bfab3ac5e4cbe8b7bfcaef9cafb017a87bfa100a813a52c64bd93486e4469c17e68a52ebd38cd88d097f538afafa7a4b5aa47ae45894b1541d93e9402431b02d04d454c7d83ec28490724ba9f029a815cd418a20724d16af6518fcf2c0cd2be4ffb3260815b4fd75280e07b24c970458220f7572c1d810b161aeef592762e7d546dea9b3809d96e1b1803c340ec7557d09c77a5a6ec3ff0a6db67f3daecca3de9bb2150798720c0a811e467472b032264360f90945cd8efd31c6bea07331f96248e8110d4ab77c104786a096dc1ce649bca8e420", 0xe1}], 0x1, &(0x7f0000000580)=[@dstopts={{0x68, 0x29, 0x37, {0xf7, 0x9, '\x00', [@ra={0x5, 0x2, 0x6}, @hao={0xc9, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}, @ra={0x5, 0x2, 0x8000}, @enc_lim={0x4, 0x1, 0xb8}, @jumbo={0xc2, 0x4, 0xfff}, @ra={0x5, 0x2, 0x4}, @calipso={0x7, 0x20, {0x3, 0x6, 0x1, 0x8, [0x1, 0x7f, 0x9]}}]}}}, @hopopts_2292={{0x160, 0x29, 0x36, {0x16, 0x28, '\x00', [@ra={0x5, 0x2, 0x41}, @generic={0xc7, 0xda, "b8ef57a1f2eed9cfd916b765d070a70ba1add82a2005af5d709966a264d5d917036789e663d1ea4ba985ba0e93a36d9a4d18c3e8abd29a71a427c72250a428918cb9025cac96099ed969f7bf2b429699e19d3ed9606273dec3fc3f01a47900678ade3b16522dd3edb0f71b6ce02c82441491977669b42dfd9a3fad48b19ed60bc52129a00ba895e8907d179e7a7e23a579b190981ef4e6d90b38521334367d488a58c3be82804bf873557cb3ff7153bf0198ddeec63a526b804d72141bdb4396c3dc61ba44dbc6bac533e357d7199482a24c5f4124862cd000e8"}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @pad1, @calipso={0x7, 0x28, {0x3, 0x8, 0x9, 0x9, [0x1000, 0x1, 0x3ff, 0x7f]}}, @calipso={0x7, 0x20, {0x3, 0x6, 0x7, 0x3, [0x5, 0x5, 0x1]}}, @calipso={0x7, 0x8, {0x3, 0x0, 0x80, 0x1}}, @ra={0x5, 0x2, 0x7}, @enc_lim={0x4, 0x1, 0x17}]}}}], 0x1c8}}, {{&(0x7f0000000780)={0xa, 0x4e22, 0x100, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2cec}, 0x1c, &(0x7f0000000f00)=[{&(0x7f00000007c0)="a8fcf227ac8eb4650006", 0xa}, {&(0x7f0000000800)="7a6bf209", 0x4}, {&(0x7f0000000840)="52ed5b54c6f34665c2dc8fe470858bf2651e74a1a7d3aadd3fb75d3e0d87de18d5ede7a4831f47175ba3b27cead404293bcef05595d9e204f6f2fc2a9998dcac09b7214efec9a3ad66ae8365e3955a252926fb13d323e85bdbb7e3a10ef08b3cf8a6394bc2fbaa45843dcd5eacd2a9630f5a753e30690c0f775155a261431de41dc022cdbca770ddcb1ba39a81fcb0fb1926b66988df496041edc9a251ba7b5b1b973f9c5f3bf13311e98bce4f5279f23734d6843fbc03c4b57d7b9a4a3dcddd69c0418205ddd310e982c7b496ed9b805fa215d082313a0002a636ac4076aeeb59f1", 0xe2}, {&(0x7f0000000940)="b23c6380255f49ff5407aaf157579189bc235d85b192da714b60c800c3911ceee76a1b084f23f0ac17adce4fed3b7418ae9e19003480b7ac93d5301bf7aa2ea3037f40e6de90c635cdb221af6ecf85e35c80a98a3a66afbbeb787d29a359cf90ab2b0fd8e4a3f3450679082f4dccb2e5743357da6349c3122c47f8fc35ec1d3d742f91f1c34860b8ac6a0a609d20eadb5a199f2b5e4905b0c006dfe157e5cd01efeb8d5b6fc4aa1e15438f", 0xab}, {&(0x7f0000000a00)="bbaaab6daa30379cf00d96188c3eafe993cb42242426fcb2fc86a89194f09e3a8bfca160775fe2e97421747b16e29e469e8e494317ab9afb6bfcdc5d44d2c8e89953a7a750bdbbd7323635c83500a071ab2eb05743d907c6bd4a0956f71f07b4a605cd43cc000a0ce1dab1cae19cd3b6bf8a3b1bca477aab1a5a6240b07166b3238df72157e8ed1618d00ca024c95039ddaa6f808a10cc5651e3480bedad824cbb7818abd5c719257ffe6f17fed7921f61883a32d3cbcb450fabae13240bde095a", 0xc1}, {&(0x7f0000000b00)="308943d6ac0d70e8cbf68aa292a52bdaf5346a48b9489d1ead1770d793f0e7516e484e0256e796c53ff84742a40a23717542deda33d9b5ea42aed1ac7aa7e4f4e28057995e43fbc14c46592bc0844d58d459b39c808668bc41b33ac3bdb6b39effdc099dc0ec11e58a3b2ae9fc87a7e6e4b52c409647cbd78b7158dc76079a58ba68003c5daf19c17a05f596a441c384726c6056592ee730e25bb70af98a77109830a2aa1778c665728f5ea414e2f60054b58cd85b3453a301167357f57c8d00d148c315f657273f", 0xc8}, {&(0x7f0000000c00)="e8b90160070adaafa1ac066b8dffc7df21bb0fe4708230477896c8923365dee3d8f86db57b2cfa276325d3051908562e24a81dac97b7845ea5b65a0c7614e79dfaf74140f6d17fad3483c4ba3f37b932feba404444da2ab421f44c1ecd39a5c29e7a977028384dd81538239ab874aec7cc26008accfcb0a98d961f513313e607a13d25d3f3ccc7234adf64bd04f199130c1035b7a53238a276aeacce61b8769f570031e6458fc3246a556d571c45275c15c5", 0xb2}, {&(0x7f0000000cc0)="1243fe32f1564eabb9e25625de65f328b32a2dab5b72f2a8f957c7b0404fae6eb4a9085164ef46736f92454ad53cae9c3794e39f30c00a5b5510c9eaa0b5426e60369e01facf", 0x46}, {&(0x7f0000000d40)="9f5c11e53ec0a4ac6b432e12d3b46c1172584c3c60a8b0c5c6b2e1d8e2cfa18ea0398b4f6c66274989f605c3a01e89526c938addc6b0817c3606083dd69ee7b5db0ceeaee43877df323078ff199abce87b9bc187ee6398debf95c6049064df0988f20fa92ac1ce55a78006043d580b7bbcf17d17934345f052725813a73a988f07ce28556033", 0x86}, {&(0x7f0000000e00)="f5b8394433763ef1ef627717ee037d109dd058504c89fa7b3ca6b23c0fadd99c815cbf4ccb7c79284d3347e883548ddec57a52ec3297148d6a001fe8c81688f11d310ba64090598a8fd0cdc259d6a80bc48cef57343eef528288348ea883c8684688d8ccab8726a955020189daae784031a38c42a5949680fac671489c27238d773448c6a63bdbde7cd21980967b0dada8a1de2c942f710609fd8d00e51a1d251d0b0fbf12b1fc45aa3215c77cff58ec340e7d89059019b111a76cd4c60536090f613d917a9ffd", 0xc7}], 0xa, &(0x7f0000000fc0)=ANY=[@ANYBLOB="14000000000000002900000034000000000000000000000014000000000000002900000043000000ff9d000000000000680000000000000029000000370000002e090000000000000720000000000601c10a00002047000000000300000000000000060000000000000004010004017e050200010105000000000005020003c910fc000000000000000000000000000000c20400000003001400000000000000290000003e0000000100000000000000140000001d00"/200], 0xc8}}, {{&(0x7f00000010c0)={0xa, 0x4e22, 0x6, @private2, 0x9}, 0x1c, &(0x7f0000001200)=[{&(0x7f0000001100)="76612cccf6a0b6269dcc56a3f0ac5b25d8035f93bdec34dabb6adef535a62e64fec6015534e7ce6a719cab8711e35eebbcf395bf1d128eae6a21bf688b96715f1e31045a380da84aa53a580413d0d58d8639b649", 0x54}, {&(0x7f0000001180)="9ac4257781fb56338243428f7f6fc463b3933c8c64ce87e45ba0e29bb25caf42273cd50a0a31eefb003f5a3a193f2be0917503d15afa84936ab785e6a0b56a99bb34256f39249c11ab04df74f91a85b5e3cdf6a1e3b8ed20c3297de972b09b4e8ca74620f36eca00761ffcabda5b7e", 0x6f}], 0x2}}], 0x4, 0x20000400) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000180)=ANY=[], 0x8) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x14, 0x3a, 0x229, 0x0, 0x25dfdbfc, {0xa}}, 0x14}}, 0x8000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0}, 0x28) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e21, 0x7fffffff, @private0={0xfc, 0x0, '\x00', 0x1}, 0x2}, 0x1c) connect$inet6(r0, &(0x7f00000004c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)="82", 0x1}, {&(0x7f0000000180)='K', 0x1}], 0x2}}], 0x1, 0x4400c800) close(0x4) syz_open_procfs$namespace(0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee9, 0x8031, 0xffffffffffffffff, 0x215eb000) socket(0x14, 0x2, 0x4) sendto$inet6(r0, &(0x7f00000000c0)="cfc850defd27f31e2d20223673feacf3b5421387e6f3", 0x16, 0x3b00, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) 1.614904215s ago: executing program 1 (id=15157): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01010000000000000000020000000900010073797a3000000000080002400000000098000000030a01020000000000000000020000000900010073797a30000000000900030073797a32000000006b00030091abc1", @ANYBLOB="3baa7d57c5e2dc1040d8e43006bc76c2efa17e7c33073ba660775f37a2d892f43b7701ba97f1aca7afe1d9a6c593b8e098f331d6"], 0xfc}}, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)={0x14, r0, 0x1, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x40000) 1.353058687s ago: executing program 4 (id=15158): socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x50) close(0x3) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000000008001000000", @ANYRES32, @ANYBLOB="fcffffff00000000000001000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4001, 0x800000, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) r3 = socket$can_raw(0x1d, 0x3, 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x3, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000020000000000000091108f00000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e}, 0x90) sendmsg$can_raw(r3, &(0x7f0000000240)={&(0x7f0000000780), 0x6, &(0x7f0000000200)={&(0x7f0000000140)=@can={{}, 0x0, 0x0, 0x0, 0x0, "5b7ba3698f28aaf0"}, 0x10}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) sendmsg$can_raw(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@can={{0x0, 0x1, 0x0, 0x1}, 0x4, 0x3, 0x0, 0x0, "75d621976197a68b"}, 0x10}, 0x1, 0x0, 0x0, 0x6000045}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000380)={'wlan1\x00'}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf2501"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$tipc(0x1e, 0x2, 0x0) ioctl$sock_netdev_private(r6, 0x8947, 0x0) ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000280)) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(0x0, r7) socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000500)={@private, @multicast1}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000700)={'gretap0\x00', &(0x7f0000000580)={'sit0\x00', 0x0, 0x7, 0x10, 0x7, 0x8, {{0x1c, 0x4, 0x1, 0xd, 0x70, 0x67, 0x0, 0x4f, 0xb920c973d6887edf, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@cipso={0x86, 0x6, 0x1}, @ssrr={0x89, 0x7, 0x25, [@rand_addr=0x64010102]}, @cipso={0x86, 0x4c, 0x3, [{0x0, 0xb, "724acc35b799fee73d"}, {0x1, 0x6, "864a9ad3"}, {0x6, 0x11, "73668116c038b8fdc5b36402000d00"}, {0x2, 0x2}, {0x0, 0x12, "c149747062e8fd8e8b650c9b34ee1e0f"}, {0x0, 0x2}, {0x2, 0x4, "1f15"}, {0x6, 0x4, "d025"}, {0x2, 0x6, "c3454362"}]}, @rr={0x7, 0x3, 0x93}]}}}}}) sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x81) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 1.227616628s ago: executing program 1 (id=15159): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}, 0xac}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000480)=""/92, 0x95}, {&(0x7f00000018c0)=""/4108, 0x100c}, {&(0x7f0000001680)=""/109, 0x6d}, {&(0x7f0000001740)=""/72, 0x48}, {&(0x7f00000005c0)=""/61, 0x3d}], 0x5}, 0x7}, {{0x0, 0x3c, 0x0}, 0xd3a7}, {{0x0, 0x0, 0x0}, 0x80000}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x8000005}, {{0x0, 0x0, 0x0}, 0x6}, {{0x0, 0x0, 0x0}, 0x10001}, {{0x0, 0x0, 0x0}, 0xa9e5}], 0x9, 0x2000, 0x0) 1.121097471s ago: executing program 3 (id=15160): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xf}]}, @NFT_MSG_NEWSETELEM={0x60, 0xc, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x34, 0x3, 0x0, 0x1, [{0x30, 0xf00, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x24, 0xb, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0x8400000000000000}]}}}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xe4}}, 0x0) 873.235854ms ago: executing program 3 (id=15161): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700) pwritev(r1, &(0x7f00000004c0)=[{&(0x7f0000000200)="db", 0x1}], 0x1, 0x8040000, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NLBL_CALIPSO_C_ADD(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, r3, 0x2, 0x70bd2b, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x40008) mmap$xdp(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000004, 0x12, r0, 0x100000000) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r1) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000840)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000800)={&(0x7f0000000500)={0x2cc, r4, 0x8, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x2c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x4}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="028cfb5a8024371a7490325a3e51d964"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "8da1420b7bffa199"}]}, @NL80211_ATTR_REKEY_DATA={0x8c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="e2a6e79e77a83f60751411b3578ed4b48134c701ffad3ce637f0d6a7241e8bf7"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="38b9d223e434ec660ceeab9c45284a27fb119d206a604001"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="0e3d438f99f204fe444a803cfb43969c"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x9}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "441c814b48b565a5"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="a80eb0baad14d0dea82a01f4684a75ed"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "a11ac128574611aa"}]}, @NL80211_ATTR_REKEY_DATA={0x34, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x4}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x80000001}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "15b22347fdba727b"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xd}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "e8115bf4a62747b8"}]}, @NL80211_ATTR_REKEY_DATA={0x34, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "950dffe89a82b276"}, @NL80211_REKEY_DATA_AKM={0x8}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "a3f77ac1ac1b122e"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x401}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xe64}]}, @NL80211_ATTR_REKEY_DATA={0x20, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="e1810b5f313a35b2452167feef07f15bda7bf9b59ace24f6"}]}, @NL80211_ATTR_REKEY_DATA={0x5c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="7065d5fd83becc0084182b565daaaf5797b3f07afd63a6f3462b413731bf6ac2"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="54f484bf807ba62316f20c81220dcf5d"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "207a21ae599c99fa"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="08f9325339e1afbfab47c27fba093f4e"}]}, @NL80211_ATTR_REKEY_DATA={0x58, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="868c4c2901eae8acd0b4682b863ef86e"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "58b08bd6d6bca979"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="a488c5cb4f48b9893fdbaf62a355d9b8"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "81843edb1f279319"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="f4d5e66768edf3d1a0701521a4a951d0"}]}, @NL80211_ATTR_REKEY_DATA={0x60, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="ed51a777ef201dc25b06450f7f8c58b6"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x9}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x401}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "c639cb075f22edde"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xfffffffa}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="d496be1fc4684b0a7e4fb2e4dbbb482aef7417f75b99a919"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x8}]}, @NL80211_ATTR_REKEY_DATA={0x3c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="0870e75f75bf2fa9be9a8b0e9a9d11b0efc5be5f6dd8862d4c88cc453edff30a"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "29efb59d0d7fa2e5"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x5}]}, @NL80211_ATTR_REKEY_DATA={0x20, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x1}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="3759b6d7ca24f3ee8df0f2865690c1ce"}]}]}, 0x2cc}, 0x1, 0x0, 0x0, 0x40091}, 0x2005) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700) (async) pwritev(r1, &(0x7f00000004c0)=[{&(0x7f0000000200)="db", 0x1}], 0x1, 0x8040000, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000000c0), 0xffffffffffffffff) (async) sendmsg$NLBL_CALIPSO_C_ADD(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, r3, 0x2, 0x70bd2b, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x40008) (async) mmap$xdp(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000004, 0x12, r0, 0x100000000) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r1) (async) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000840)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000800)={&(0x7f0000000500)={0x2cc, r4, 0x8, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x2c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x4}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="028cfb5a8024371a7490325a3e51d964"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "8da1420b7bffa199"}]}, @NL80211_ATTR_REKEY_DATA={0x8c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="e2a6e79e77a83f60751411b3578ed4b48134c701ffad3ce637f0d6a7241e8bf7"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="38b9d223e434ec660ceeab9c45284a27fb119d206a604001"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="0e3d438f99f204fe444a803cfb43969c"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x9}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "441c814b48b565a5"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="a80eb0baad14d0dea82a01f4684a75ed"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "a11ac128574611aa"}]}, @NL80211_ATTR_REKEY_DATA={0x34, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x4}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x80000001}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "15b22347fdba727b"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xd}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "e8115bf4a62747b8"}]}, @NL80211_ATTR_REKEY_DATA={0x34, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "950dffe89a82b276"}, @NL80211_REKEY_DATA_AKM={0x8}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "a3f77ac1ac1b122e"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x401}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xe64}]}, @NL80211_ATTR_REKEY_DATA={0x20, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="e1810b5f313a35b2452167feef07f15bda7bf9b59ace24f6"}]}, @NL80211_ATTR_REKEY_DATA={0x5c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="7065d5fd83becc0084182b565daaaf5797b3f07afd63a6f3462b413731bf6ac2"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="54f484bf807ba62316f20c81220dcf5d"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "207a21ae599c99fa"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="08f9325339e1afbfab47c27fba093f4e"}]}, @NL80211_ATTR_REKEY_DATA={0x58, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="868c4c2901eae8acd0b4682b863ef86e"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "58b08bd6d6bca979"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="a488c5cb4f48b9893fdbaf62a355d9b8"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "81843edb1f279319"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="f4d5e66768edf3d1a0701521a4a951d0"}]}, @NL80211_ATTR_REKEY_DATA={0x60, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="ed51a777ef201dc25b06450f7f8c58b6"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x9}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x401}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "c639cb075f22edde"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xfffffffa}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="d496be1fc4684b0a7e4fb2e4dbbb482aef7417f75b99a919"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x8}]}, @NL80211_ATTR_REKEY_DATA={0x3c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="0870e75f75bf2fa9be9a8b0e9a9d11b0efc5be5f6dd8862d4c88cc453edff30a"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "29efb59d0d7fa2e5"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x5}]}, @NL80211_ATTR_REKEY_DATA={0x20, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x1}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="3759b6d7ca24f3ee8df0f2865690c1ce"}]}]}, 0x2cc}, 0x1, 0x0, 0x0, 0x40091}, 0x2005) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async) 866.886832ms ago: executing program 2 (id=15162): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f00000004c0)={0x8, {{0x2, 0x0, @multicast2}}, {{0x2, 0x4e24, @rand_addr=0x64010102}}}, 0x108) setsockopt$inet_group_source_req(r0, 0x0, 0x2b, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @multicast2}}}, 0x108) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYRESHEX=r0], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f00000001c0)}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1, 0xffffffffffffffff}, 0x4) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$inet(r4, &(0x7f0000000480)={&(0x7f0000000080)={0x2, 0x4e23, @private=0xa010100}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000140)="d8ac7e4858e0a1c7b2d008a4af4f5ef6c369726c98c6dfc8d8a44fad38299010777b00d32d22dfdbe06a66469715d2a63bc3ced2", 0x34}, {&(0x7f0000000280)="1bed8417618fcf272ba2d4783b8e6a530170754949e5b04dcf8da2548a6183cf3ccc1df138a2d6dffa131dc267090a565d1cb8b5bae54eff0e69276b6d086c81251a475cb929e6326be75de9eb0ed064c5210045d31171ceb792a24f443b27508a8bd9add43773058b70a8f5f922f6b9e1ea3395cd83d401df1d3b493f4a5a8b02caa38283348e7a3c988e132e7f29f8b1e16570881bbacbdfc1a9ba7a762754a48fda", 0xa3}, {&(0x7f0000000340)="e0252e03da017f54fad46539dbc63ec10535faa45a717829a63f026998c4ffd905f2cd8aab8902b177fb817b7b3ceb0a8522f3", 0x33}, {&(0x7f0000000380)="daa6dff3deeb9a66e81958165b580f3d097fd91ebbf257b7dfb80307bbd10c6eed206b80b79341650e7361fcde94a01a2ca13fd797c8cd147fcf4314f606f7ef7c27e7b13731867e184be6eed45c3d79", 0x50}], 0x4, &(0x7f0000000440)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x3}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x1}}], 0x30}, 0x8080) ioctl$XFS_IOC_PATH_TO_FSHANDLE(r4, 0xc0385868, &(0x7f00000005c0)={r4, &(0x7f0000000100)='\x00', 0x80000, &(0x7f0000000500)={@_ha_fsid={[0x7, 0x5b2d]}, {0x61b4, 0x9, 0x5}}, 0x90, &(0x7f0000000540), &(0x7f0000000580)=0x80}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x1f, &(0x7f0000000600)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@map_val={0x18, 0x0, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x637e}, @map_fd={0x18, 0xa, 0x1, 0x0, r2}, @jmp={0x5, 0x1, 0x9, 0x1, 0x1, 0xffffffffffffffe0, 0x8}, @alu={0x4, 0x1, 0x2, 0x7, 0x0, 0xffffffffffffffac, 0xfffffffffffffffc}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @generic={0x4, 0x1, 0xc, 0xb, 0xfff}]}, &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x41000}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xa, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0xb}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="d80000001a0081044e81f782db4cb9040a1d0800fe007c05e8fe55a115001c000200142603600e12080005007a010401a8001600200003400d000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b3cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a9411a36324ea1790e834ca9000000000000000000", 0xe2}], 0x1}, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2c, &(0x7f00000001c0)=0x3, 0x4) 671.702143ms ago: executing program 1 (id=15163): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000e00)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa00000002b000007000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350607000fff07206706000003000000160302000ee60060bf350000000000001f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dc725f431bcab0ef59b8f0e431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa0100000000000000b93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4ffcae1a8a793a7795a9214a92f66e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc3086936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154baa8e51489a614e69722bac30000000000000000000000000000a006b178438e930b2494db1bf624a70a19a45b8b71869afb13cb2ac1d2f3ec0d93a3e4fd0ad076c7d826f218aa6ba8ec5e58b7c64dc8616127087901dc65418a4b25bfa7ae8b5ad9642815f319230425e8bd89c6983d816d97d81a739917eecd26f9a3aecaf0acdaf6cffab38eae3b10b122b4bf521a46bf01a0c136f745113b589459fbe1666087a7c554a55e2b42ab7e405a77f405a348a64e356b7fb61e48ea9c87bf13f97052c51fdd49f3dbccf9874cf61807ae4b1665ccdd026d4580a068395e8cb851eeadb1da6d1009513ca73a685c66fb15f27eb74a7a4eb5966e3ef4be3ca8ba81b2d17d797265390ce616c3d7b566fe956fb93c6a43f4dc6bfc194daeb7b998d550773bc14aca"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffdb7}, 0x48) 636.743745ms ago: executing program 1 (id=15164): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r3, {0xb}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@delchain={0x2c, 0x64, 0xf31, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0xf}}, [@TCA_CHAIN={0x8, 0xb, 0xe0d}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x4040000) 604.572059ms ago: executing program 3 (id=15165): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000500), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003400000018000180140002006e657464657673696d3000000000000008001000000100000800130000000000080012"], 0x44}}, 0x0) 463.400204ms ago: executing program 3 (id=15166): syz_emit_ethernet(0xf2, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x34, 0x4, 0x0, 0x6, 0xe4, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty, {[@rr={0x7, 0x13, 0x6, [@private=0xa010102, @broadcast, @multicast1, @dev={0xac, 0x14, 0x14, 0x32}]}, @cipso={0x86, 0x1d, 0x0, [{0x1, 0x10, "6e91cc13804cf21fa07f80f6ee2c"}, {0x6, 0x7, "d0f5b566c4"}]}, @noop, @ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0x17, 0x27, [@multicast1, @remote, @private=0xa010100, @remote, @remote]}, @lsrr={0x83, 0x13, 0xfb, [@private=0xa010100, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010102]}, @cipso={0x86, 0x4e, 0xffffffffffffffff, [{0x7, 0xb, "02cf2881da94bfd00d"}, {0x7, 0x11, "f63e0db172f14c80b38d7b10e8c656"}, {0x7, 0x2}, {0x1, 0xd, "a36ff942237eb1f343e9f3"}, {0xdf68bcdb5a86e116, 0xb, "0504e2031cd3b54b35"}, {0x6, 0x12, "37a3328efe97449a3cd23b9fd61d4785"}]}, @end, @lsrr={0x83, 0xb, 0x98, [@rand_addr=0x64010102, @rand_addr=0x64010102]}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}, 0x0) 429.316499ms ago: executing program 2 (id=15167): r0 = socket$l2tp6(0xa, 0x2, 0x73) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x10002) bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x20) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x8e, 0x0, 0x0) 345.144156ms ago: executing program 1 (id=15168): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000004001b0000000c00228059fe0080040000800600210030", @ANYRESOCT], 0x28}, 0x1, 0x0, 0x0, 0x20000810}, 0x24000000) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x9, &(0x7f00000014c0)=ANY=[@ANYBLOB="18010000756c6c2500000000002020207b1af8ff00000000bfa1000000000000070100001cfeffffb702000008000000b70300000000000085000000ce00000095"], &(0x7f0000001540)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x2}, 0x94) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r2, 0x6, 0x2b, 0x0, &(0x7f00000003c0)) sendmmsg$inet6(r2, &(0x7f00000010c0)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x200, @dev={0xfe, 0x80, '\x00', 0x1e}, 0x3}, 0x1c, &(0x7f0000000540)=[{&(0x7f0000000040)="eb96b8b224976ba5bee9e21317dcb7cbb9a8d43ba14c83a1429915f981ab9f55801a59d32847dc98a4b5d500b8f21da337eb5455372453f255ea2bab80aa213dfe83f3199585ef4b012424b70cc32b45746be22ec280e0f3a3561340e243eb2a551b20f9158ec2ca89828fe9d75fac25c11983a90c8bea4a27ef879a", 0x7c}, {&(0x7f0000000280)="2c3d5b6ec2e2d69cf8430c8a04ca63ede6e31f63bcff0b9cd89f2ec8d7590d7071b3c2b2fce5f9ec1be242925ba3e3a3aefe0970cc23b1913662d8353b3ecd478b0451bbf680594433342a408a67fa95246d3b3e5f806451a7e4675b427c12b72e9af93b3bd157003ec4d0a2d4b2c2269161c4ccdd7786bf044118bb364c43750d9776f4e1fba86e99e13acf2f04591b1532085420d8f1f03ba3277ec6852eebc5eba7b7a912b3865d4427472f362f885baf83bdd8634cdecca254ed859e2ed989240c2e67e2c1157af6d513db80495b185c6b353dcbf91ac33fa9d37f272380693d1835998c14", 0xe7}, {&(0x7f0000000440)}, {&(0x7f0000000480)="24ce99932448302826b9e500ae1b5ed664f782580acfcb9e9fedf3508f9b9057db53950b7174d67e7e3c2ffd62a7cf591ed0503472c5c7f0afd509", 0x3b}, {&(0x7f0000000500)="a6273f43c35b420fca698ea4fa52be286b33d294", 0x14}], 0x5, &(0x7f0000000600)=[@dontfrag={{0x14, 0x29, 0x3e, 0x1}}], 0x18}}, {{&(0x7f0000000640)={0xa, 0x4e23, 0x4, @remote, 0x6}, 0x1c, &(0x7f0000000b00)=[{&(0x7f0000000680)="3c394c11c357ba303c78824023daede1810b33d94d576ee5496f6d90e8693d8ce71076e63307f21bdb335805ddb9984c2fbb3cb2c6fec4e654cdfe3d18bb9de3a8eb288ca6962f1c5fe69b7a0c364d468709a30835273231203dac060958f1b1ec2a85cc884e7c70916e2ee8fcf73a46ca3d00eb6cc17e17fbf828a7e629bbc547ae141e59d4379fd8ad21bcea5bdeee3a121154d6e50fb6a84d3a07d7e7c3231aae7e1b5970035189b6841b16c9829bb9445e2503c3f2df493bba471101fd90938f648d6b046e8831", 0xc9}, {&(0x7f0000000780)="dc1d4a16c49f54f38a7090c8ac396255886a2a6e18766209dff8506e84d44d1143937eb9a092eac71d31c55b41bf784d0c4a8aef8e2deda35dba1a7513328cb76df370e4ac5b9c0811cff392d06a405a99314b5f9544bd30be46438ac88b", 0x5e}, {&(0x7f0000000840)="cb0deb8bf1814209e499297eb3689343aa002351817632321f43f81b7f0d88a41351c150e429870d0be8d601c641ddf61eed7c", 0x33}, {&(0x7f0000000880)="dfd98c2771f6f1df80b8cc7e8212b1f763430f0e80b1aa2a64343f6c48de4132e1e7153017f936c858ab4044d0f84f0235f64bc57243002be8421846a3dae1c9ba66896c", 0x44}, {&(0x7f0000000900)="956a3e066f1fd39d6c567fa54fcff4dda309ba45a20bbfc672c608c4d96dd61f4e96c85a5d15edfec4a259651e31c7daf50685ff9eb354ddd4ee7f9fd644eeba8f9d795703be9360a68b2f98de501c9f3224763b15d7c36f5e89660a2516eadc50cf295fdf956002046c2199e917d8bb02e5d53d43a45771238db8e7d9d6e1e4106799ddf4a6a2a40e27be63419549f1f7359bc7aa8553a902281c1afe691a31537f3607fcd2a331fc5ab0b0f068face229d0aa3dc8dfb9df6eddfc73b244e830665b8e4ff6f87145a9236487271e063", 0xd0}, {&(0x7f0000000a00)="f558669388972a6a362be9b309b0071ecc8c9b041af3f8dfacfc85e5f873e1134823edbc21dca9cc25682459df7a381e8f5fcdac7de9fee299bb8daaa7d69ec22fb85b495969f5a5fb16e13e22c69f00f48c6d49bfb2df8786dcd466ffc635bf8420a4c4021c1e779005f7dfe997df6164eed8c56631abd38e557f9229c166853d7b1d6d117c00fc33ea6707a0bb49edf8d6cf1b2294614d59ea6e51a52462d026f07225c58f707090221b395f19de0320540843ac65aefe48af8610433a99d1c44c0d1c05aded200ed1c56a96023ac819814a183d702059e2763f29927f5fc9c0f68a0090d45914ca25", 0xea}], 0x6, &(0x7f0000000b80)=[@dstopts={{0x20, 0x29, 0x37, {0x32, 0x0, '\x00', [@padn={0x1, 0x1, [0x0]}, @enc_lim={0x4, 0x1, 0x69}]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x7}}, @tclass={{0x14, 0x29, 0x43, 0x2}}, @hopopts={{0x50, 0x29, 0x36, {0x0, 0x6, '\x00', [@enc_lim={0x4, 0x1, 0x81}, @pad1, @calipso={0x7, 0x18, {0x2, 0x4, 0x5, 0xfbff, [0x220, 0xa770]}}, @calipso={0x7, 0x8, {0x1, 0x0, 0xe, 0x2}}, @pad1, @jumbo={0xc2, 0x4, 0x5}, @enc_lim={0x4, 0x1, 0x1}]}}}, @rthdr_2292={{0xb8, 0x29, 0x39, {0x2e, 0x14, 0x0, 0xf, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @ipv4={'\x00', '\xff\xff', @remote}, @local, @private1, @private2={0xfc, 0x2, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2]}}}], 0x158}}, {{&(0x7f0000000d00)={0xa, 0x4e20, 0x6, @private1={0xfc, 0x1, '\x00', 0x1}, 0x9}, 0x1c, &(0x7f0000000d40), 0x0, &(0x7f0000000d80)=[@dontfrag={{0x14, 0x29, 0x3e, 0x100}}, @hopopts_2292={{0x138, 0x29, 0x36, {0x88, 0x23, '\x00', [@hao={0xc9, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}}, @padn={0x1, 0x1, [0x0]}, @enc_lim={0x4, 0x1, 0x67}, @pad1, @pad1, @generic={0xc0, 0xfe, "e2febf9d6c5bcdd41edffb0d245eee96aa3bf09ff6777d8caae539c16c047c1a101c2cf318c77c3e7d348d5a3de7bb0d6d7adbf09bd3fbaef2930f19d5fed6088b9fe527918bbcd1f30511c7d388b1f0d94aedf2007554567b9355a983930bfe7beb1600511284c3a74552a46c27e4309c2fd13c6fa6c76c094185a2748046f03d83ce7f0f6bba99f1113ad1710438d1605b287342f06a5776b446a38e0332f0cda6f826c6562f254fa6a824ce0cf6bc2c41010b4aab6a1bfe4e55486d702303fb2cc054d5fa71ddd200df8e08de79db86a1d38d0ec703cc7a990e18c36e74a25320c8020766f06bf3f0f0eac48c107066668f20e7a9714cae0d674fd814"}]}}}, @dstopts={{0x40, 0x29, 0x37, {0x67, 0x4, '\x00', [@padn={0x1, 0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0xcb}, @pad1, @jumbo, @ra={0x5, 0x2, 0x2}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}}}], 0x190}}, {{&(0x7f0000000f40)={0xa, 0x4e21, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4}, 0x1c, &(0x7f0000001080)=[{&(0x7f0000000f80)="314c960c5b506493f139f224e372eac8fb0d27256bb72206445add9db7ce905b0cfc69d9cb92987998eb2fd89bc25c0ddf3977ce42b5e50966a8ff5a1d447b2b44da3a4b6f3022c5b84a26bdd2c88ca3eb0842774f9704d1c50dc2f7e3bb26b9343b4cf6e5e399fc7597c5a5a366190d3da24c2f21b53097e1f05ce764d2d3c07283b8a988062a19a786adcaf6e26228c1da065b18c64bfec6f7c7c817a1711a7c257faba567066f0b9433282fb0f8af6ff3a3485c01745a4dbaaec958e56ad8134fab113a96763975", 0xc9}], 0x1}}], 0x4, 0x40) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ADD(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="997425bd7000fbdbdf2515000000400001800d0001007564703a9058f43a82"], 0x54}, 0x1, 0x0, 0x0, 0x4000080}, 0x2400c000) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) (async) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000004001b0000000c00228059fe0080040000800600210030", @ANYRESOCT], 0x28}, 0x1, 0x0, 0x0, 0x20000810}, 0x24000000) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x9, &(0x7f00000014c0)=ANY=[@ANYBLOB="18010000756c6c2500000000002020207b1af8ff00000000bfa1000000000000070100001cfeffffb702000008000000b70300000000000085000000ce00000095"], &(0x7f0000001540)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x2}, 0x94) (async) socket$inet6_tcp(0xa, 0x1, 0x0) (async) getsockopt$inet6_tcp_int(r2, 0x6, 0x2b, 0x0, &(0x7f00000003c0)) (async) sendmmsg$inet6(r2, &(0x7f00000010c0)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x200, @dev={0xfe, 0x80, '\x00', 0x1e}, 0x3}, 0x1c, &(0x7f0000000540)=[{&(0x7f0000000040)="eb96b8b224976ba5bee9e21317dcb7cbb9a8d43ba14c83a1429915f981ab9f55801a59d32847dc98a4b5d500b8f21da337eb5455372453f255ea2bab80aa213dfe83f3199585ef4b012424b70cc32b45746be22ec280e0f3a3561340e243eb2a551b20f9158ec2ca89828fe9d75fac25c11983a90c8bea4a27ef879a", 0x7c}, {&(0x7f0000000280)="2c3d5b6ec2e2d69cf8430c8a04ca63ede6e31f63bcff0b9cd89f2ec8d7590d7071b3c2b2fce5f9ec1be242925ba3e3a3aefe0970cc23b1913662d8353b3ecd478b0451bbf680594433342a408a67fa95246d3b3e5f806451a7e4675b427c12b72e9af93b3bd157003ec4d0a2d4b2c2269161c4ccdd7786bf044118bb364c43750d9776f4e1fba86e99e13acf2f04591b1532085420d8f1f03ba3277ec6852eebc5eba7b7a912b3865d4427472f362f885baf83bdd8634cdecca254ed859e2ed989240c2e67e2c1157af6d513db80495b185c6b353dcbf91ac33fa9d37f272380693d1835998c14", 0xe7}, {&(0x7f0000000440)}, {&(0x7f0000000480)="24ce99932448302826b9e500ae1b5ed664f782580acfcb9e9fedf3508f9b9057db53950b7174d67e7e3c2ffd62a7cf591ed0503472c5c7f0afd509", 0x3b}, {&(0x7f0000000500)="a6273f43c35b420fca698ea4fa52be286b33d294", 0x14}], 0x5, &(0x7f0000000600)=[@dontfrag={{0x14, 0x29, 0x3e, 0x1}}], 0x18}}, {{&(0x7f0000000640)={0xa, 0x4e23, 0x4, @remote, 0x6}, 0x1c, &(0x7f0000000b00)=[{&(0x7f0000000680)="3c394c11c357ba303c78824023daede1810b33d94d576ee5496f6d90e8693d8ce71076e63307f21bdb335805ddb9984c2fbb3cb2c6fec4e654cdfe3d18bb9de3a8eb288ca6962f1c5fe69b7a0c364d468709a30835273231203dac060958f1b1ec2a85cc884e7c70916e2ee8fcf73a46ca3d00eb6cc17e17fbf828a7e629bbc547ae141e59d4379fd8ad21bcea5bdeee3a121154d6e50fb6a84d3a07d7e7c3231aae7e1b5970035189b6841b16c9829bb9445e2503c3f2df493bba471101fd90938f648d6b046e8831", 0xc9}, {&(0x7f0000000780)="dc1d4a16c49f54f38a7090c8ac396255886a2a6e18766209dff8506e84d44d1143937eb9a092eac71d31c55b41bf784d0c4a8aef8e2deda35dba1a7513328cb76df370e4ac5b9c0811cff392d06a405a99314b5f9544bd30be46438ac88b", 0x5e}, {&(0x7f0000000840)="cb0deb8bf1814209e499297eb3689343aa002351817632321f43f81b7f0d88a41351c150e429870d0be8d601c641ddf61eed7c", 0x33}, {&(0x7f0000000880)="dfd98c2771f6f1df80b8cc7e8212b1f763430f0e80b1aa2a64343f6c48de4132e1e7153017f936c858ab4044d0f84f0235f64bc57243002be8421846a3dae1c9ba66896c", 0x44}, {&(0x7f0000000900)="956a3e066f1fd39d6c567fa54fcff4dda309ba45a20bbfc672c608c4d96dd61f4e96c85a5d15edfec4a259651e31c7daf50685ff9eb354ddd4ee7f9fd644eeba8f9d795703be9360a68b2f98de501c9f3224763b15d7c36f5e89660a2516eadc50cf295fdf956002046c2199e917d8bb02e5d53d43a45771238db8e7d9d6e1e4106799ddf4a6a2a40e27be63419549f1f7359bc7aa8553a902281c1afe691a31537f3607fcd2a331fc5ab0b0f068face229d0aa3dc8dfb9df6eddfc73b244e830665b8e4ff6f87145a9236487271e063", 0xd0}, {&(0x7f0000000a00)="f558669388972a6a362be9b309b0071ecc8c9b041af3f8dfacfc85e5f873e1134823edbc21dca9cc25682459df7a381e8f5fcdac7de9fee299bb8daaa7d69ec22fb85b495969f5a5fb16e13e22c69f00f48c6d49bfb2df8786dcd466ffc635bf8420a4c4021c1e779005f7dfe997df6164eed8c56631abd38e557f9229c166853d7b1d6d117c00fc33ea6707a0bb49edf8d6cf1b2294614d59ea6e51a52462d026f07225c58f707090221b395f19de0320540843ac65aefe48af8610433a99d1c44c0d1c05aded200ed1c56a96023ac819814a183d702059e2763f29927f5fc9c0f68a0090d45914ca25", 0xea}], 0x6, &(0x7f0000000b80)=[@dstopts={{0x20, 0x29, 0x37, {0x32, 0x0, '\x00', [@padn={0x1, 0x1, [0x0]}, @enc_lim={0x4, 0x1, 0x69}]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x7}}, @tclass={{0x14, 0x29, 0x43, 0x2}}, @hopopts={{0x50, 0x29, 0x36, {0x0, 0x6, '\x00', [@enc_lim={0x4, 0x1, 0x81}, @pad1, @calipso={0x7, 0x18, {0x2, 0x4, 0x5, 0xfbff, [0x220, 0xa770]}}, @calipso={0x7, 0x8, {0x1, 0x0, 0xe, 0x2}}, @pad1, @jumbo={0xc2, 0x4, 0x5}, @enc_lim={0x4, 0x1, 0x1}]}}}, @rthdr_2292={{0xb8, 0x29, 0x39, {0x2e, 0x14, 0x0, 0xf, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @ipv4={'\x00', '\xff\xff', @remote}, @local, @private1, @private2={0xfc, 0x2, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2]}}}], 0x158}}, {{&(0x7f0000000d00)={0xa, 0x4e20, 0x6, @private1={0xfc, 0x1, '\x00', 0x1}, 0x9}, 0x1c, &(0x7f0000000d40), 0x0, &(0x7f0000000d80)=[@dontfrag={{0x14, 0x29, 0x3e, 0x100}}, @hopopts_2292={{0x138, 0x29, 0x36, {0x88, 0x23, '\x00', [@hao={0xc9, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}}, @padn={0x1, 0x1, [0x0]}, @enc_lim={0x4, 0x1, 0x67}, @pad1, @pad1, @generic={0xc0, 0xfe, "e2febf9d6c5bcdd41edffb0d245eee96aa3bf09ff6777d8caae539c16c047c1a101c2cf318c77c3e7d348d5a3de7bb0d6d7adbf09bd3fbaef2930f19d5fed6088b9fe527918bbcd1f30511c7d388b1f0d94aedf2007554567b9355a983930bfe7beb1600511284c3a74552a46c27e4309c2fd13c6fa6c76c094185a2748046f03d83ce7f0f6bba99f1113ad1710438d1605b287342f06a5776b446a38e0332f0cda6f826c6562f254fa6a824ce0cf6bc2c41010b4aab6a1bfe4e55486d702303fb2cc054d5fa71ddd200df8e08de79db86a1d38d0ec703cc7a990e18c36e74a25320c8020766f06bf3f0f0eac48c107066668f20e7a9714cae0d674fd814"}]}}}, @dstopts={{0x40, 0x29, 0x37, {0x67, 0x4, '\x00', [@padn={0x1, 0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0xcb}, @pad1, @jumbo, @ra={0x5, 0x2, 0x2}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}}}], 0x190}}, {{&(0x7f0000000f40)={0xa, 0x4e21, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4}, 0x1c, &(0x7f0000001080)=[{&(0x7f0000000f80)="314c960c5b506493f139f224e372eac8fb0d27256bb72206445add9db7ce905b0cfc69d9cb92987998eb2fd89bc25c0ddf3977ce42b5e50966a8ff5a1d447b2b44da3a4b6f3022c5b84a26bdd2c88ca3eb0842774f9704d1c50dc2f7e3bb26b9343b4cf6e5e399fc7597c5a5a366190d3da24c2f21b53097e1f05ce764d2d3c07283b8a988062a19a786adcaf6e26228c1da065b18c64bfec6f7c7c817a1711a7c257faba567066f0b9433282fb0f8af6ff3a3485c01745a4dbaaec958e56ad8134fab113a96763975", 0xc9}], 0x1}}], 0x4, 0x40) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) (async) sendmsg$TIPC_NL_BEARER_ADD(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="997425bd7000fbdbdf2515000000400001800d0001007564703a9058f43a82"], 0x54}, 0x1, 0x0, 0x0, 0x4000080}, 0x2400c000) (async) 245.618306ms ago: executing program 3 (id=15169): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000108c0)={0x12, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}]}, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x29, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xc, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x8d80}, [@call={0x85, 0x0, 0x0, 0x18}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r4, 0x0, 0xe, 0x0, &(0x7f0000000040)="f4b84de4115d64244a0e839e9900", 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r5 = socket$inet(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8b04, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r6, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}, 0x1, 0x0, 0x0, 0x8090}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x79, 0x11, 0xc8}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x70) bpf$MAP_CREATE(0x15, 0x0, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r8, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r8, &(0x7f0000000040)="09000000010001", 0x7) 245.130474ms ago: executing program 4 (id=15170): ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, &(0x7f0000000440)={{0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x303102, &(0x7f0000000040)={@align=0xffffffffffffffff, {0x6, 0x10, 0x80000000, 0xb4}}, 0x1, &(0x7f0000000080)={@_ha_fsid}, &(0x7f00000000c0)=0x6}, 0x4, &(0x7f00000003c0)=[{0x3, 0x1, &(0x7f0000000100)='deflate\x00', &(0x7f0000000140)="09d157773cccf018facfd0f733d3b02c4fc78aa70d407009ddf29938727d2531f30213650a295b44bfa0a9d94894299d9e7a370cba5b422a530039fe3de24d8b8d884d6b25cdfb52c708a1b5e97d975f3e3dce4b8a3bc96f18a45bbc65776ed7b220a3ba55b9", 0x66}, {0x2, 0x7, &(0x7f00000001c0)=':\x00', &(0x7f0000000200)="94b0d513e1d6", 0x6, 0x52059fd6a029c2e5}, {0xf3a918535254837c, 0x6, &(0x7f0000000240)='!\x00', &(0x7f0000000280)="3883369accd7f04bf042116841b36c68be4a289b216aebcd535d5a8e4d1aec8703b02e3c30f9eee94398e84ebed2a6896abcde54cc562aab4bdf6820eba23c06abe0f2", 0x43, 0x10}, {0x3, 0x5, &(0x7f0000000300)='+\x00', &(0x7f0000000340)="72b45a175e0fa8b82b6726ca7398d2edf124a06d2895cf7be3c952c0467e6af02aef68b09215774cc89c0f22f5a71dec6baf2860e876980bc3add5f222a3ce62250986f5874c5625cb8bf4cbeea7d396b0653844108e5c05f290281702eacbc8e40f1512e41a41a9bfb9dbe51fa08b7d15467f0164959bf1178bb270", 0x7c}]}) getsockopt$inet_tcp_buf(r0, 0x6, 0xb93ce470d66d4d66, &(0x7f00000004c0)=""/1, &(0x7f0000000500)=0x1) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000440)={0x0, 0x100000000000000b, 0x1, [0x0, 0x1, 0x3, 0x401, 0x81], [0xd3, 0x2, 0x7, 0x1, 0xd, 0x2, 0x10, 0x7, 0x5, 0xffffffff, 0x0, 0x1, 0x9, 0x757, 0x2, 0x3d2, 0x9, 0x80000000, 0x400, 0x5de, 0x9, 0x3, 0x3, 0x8001, 0x9, 0x2, 0x0, 0x547, 0xca66, 0x1000, 0x8, 0x83, 0x0, 0x8, 0x6, 0x5, 0x7, 0x1, 0x10000, 0x6, 0x5, 0x5, 0x8, 0x3, 0x1, 0x400000000, 0x6, 0x8, 0x4, 0x8, 0x3, 0x5, 0x9, 0x1, 0x8, 0xf, 0x3, 0x1f1, 0x32, 0x656, 0xbba, 0x0, 0xf9, 0x8, 0x8, 0x3, 0x8000000000000000, 0xfffffffffffffffb, 0xb, 0x66fe, 0x6, 0x7, 0x1, 0x1, 0x8, 0x8000, 0x2, 0x5, 0x1000, 0x4, 0x1b12, 0x8001, 0x225f, 0x0, 0xfff, 0xffffbffffffffff7, 0x8, 0x0, 0x4, 0xb554, 0xcb, 0x4, 0x5, 0x10001, 0x5, 0x100000000, 0x400000000, 0x5, 0x0, 0x5, 0x44, 0x565a, 0x8001, 0xb40, 0x81, 0x9, 0x0, 0x7fff, 0x8, 0xfffffffffffffffe, 0x8000000000000001, 0xe27a, 0x3, 0x3ff, 0x3ff, 0x2, 0xb, 0xfc, 0x0, 0x0, 0x1]}) syz_emit_ethernet(0x82, &(0x7f0000000580)=ANY=[@ANYBLOB="cf599d3baed500000000000086dd60f20000004c2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa00060008"], 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa88000001"], 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000a40)=@newsa={0x140, 0x10, 0x1, 0x0, 0x0, {{@in=@empty, @in6=@remote, 0x0, 0xfff7, 0x2000, 0x1, 0x0, 0x0, 0x0, 0x3b, 0x0, 0xffffffffffffffff}, {@in=@rand_addr=0x64010102, 0x0, 0x6c}, @in=@remote, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4}, {0x0, 0x4, 0x40000000}, {}, 0x0, 0x0, 0x2, 0x0, 0x1}, [@etimer_thresh={0x8, 0xc, 0x2}, @algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x140}}, 0x4810) 84.756903ms ago: executing program 4 (id=15171): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x100200, 0x0) ioctl$TUNGETFEATURES(r0, 0x800454cf, &(0x7f0000000080)) r1 = socket$netlink(0x10, 0x3, 0x0) (async) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0x3}, 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r2, &(0x7f0000000080)}, 0x20) ioctl$OCFS2_IOC_UNRESVSP64(r2, 0x4030582b, &(0x7f0000000100)={0x0, 0x1, 0x63, 0x6, 0x0, 0x1}) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) (async, rerun: 64) r3 = socket(0x10, 0x3, 0x0) (async, rerun: 64) r4 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64) ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a1, &(0x7f0000000180)='batadv_slave_1\x00') r5 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r5) getsockname$packet(r5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r6, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) (async) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0xfffffffffffffd6f, &(0x7f00000001c0)={&(0x7f00000006c0)=@newtfilter={0x34, 0x28, 0x575ac7824d421509, 0x70bd2d, 0x4, {0x0, 0x0, 0x0, r6, {0x10}, {0x1}, {0xfff1, 0x3d}}, [@filter_kind_options=@f_bpf={{0x8}, {0x8, 0x2, [@TCA_BPF_ACT={0x4}]}}]}, 0x34}}, 0x40) (async, rerun: 64) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="48000000fcff010010000000ffdbdf25000000001e066eb26c35de7c5c563aa5714b1df7967cec98e2d2224f1aa9665f045da6dc02b519eb70168e154191e5086d3c6d17bc7830ade6ebde30ed1300d53d22adf516337c7ef56ad57e63e75974dc0ae9afd3405457c32b027023b3fd857e11ce9b9f0a83f2b0138ef54d065c7c41c73d7b6dd7c9d0166df6866af99b5071", @ANYRES32=r0, @ANYBLOB="20000000280e0400280012800b0001006d61637365630000180002800500030008"], 0x48}, 0x1, 0x0, 0x0, 0x24008001}, 0x4) (rerun: 64) 0s ago: executing program 1 (id=15172): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000) sendmsg$nl_route(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000000c0)=@setlink={0x2c, 0x13, 0x5, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r2, 0x312}, [@IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x42) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000010000104001200"/20, @ANYRES32=0x0, @ANYBLOB="00030000000000001c0012800c0001006d6163766c616e000c000280080001000800000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x4c}}, 0x884) kernel console output (not intermixed with test programs): c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1499.225829][T17108] RSP: 002b:00007fb9678d2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1499.225853][T17108] RAX: ffffffffffffffda RBX: 00007fb966c16090 RCX: 00007fb96699ce59 [ 1499.225868][T17108] RDX: 000000000000006e RSI: 0000200000000940 RDI: 0000000000000003 [ 1499.225882][T17108] RBP: 00007fb9678d2090 R08: 0000000000000000 R09: 0000000000000000 [ 1499.225894][T17108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1499.225906][T17108] R13: 00007fb966c16128 R14: 00007fb966c16090 R15: 00007ffdb13afc18 [ 1499.225941][T17108] [ 1499.651200][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1500.188386][T17144] netlink: 16 bytes leftover after parsing attributes in process `syz.0.13526'. [ 1500.563863][T17151] netlink: 24 bytes leftover after parsing attributes in process `syz.4.13529'. [ 1500.718603][T17163] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13531'. [ 1500.863563][T17167] netlink: 12 bytes leftover after parsing attributes in process `syz.4.13533'. [ 1501.019938][T17167] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1501.082285][T17169] bond1: entered promiscuous mode [ 1501.087484][T17169] bond1: entered allmulticast mode [ 1501.093193][T17176] SET target dimension over the limit! [ 1501.164021][T17171] macvlan2: entered promiscuous mode [ 1501.183772][T17171] macvlan2: entered allmulticast mode [ 1501.214163][T17171] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1501.708632][T17195] xt_connbytes: Forcing CT accounting to be enabled [ 1501.731185][ C0] net_ratelimit: 4 callbacks suppressed [ 1501.731205][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1501.955901][T17205] netlink: 12 bytes leftover after parsing attributes in process `syz.2.13544'. [ 1501.992101][T17205] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 1502.015753][T17205] team0: Port device batadv1 added [ 1502.224731][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1502.506667][T17228] netlink: 'syz.1.13553': attribute type 49 has an invalid length. [ 1502.520896][T17227] dvmrp0: entered allmulticast mode [ 1502.725562][T17241] netlink: 'syz.1.13559': attribute type 8 has an invalid length. [ 1502.771420][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1502.790462][T17249] netlink: 184 bytes leftover after parsing attributes in process `syz.2.13560'. [ 1502.842365][T17248] syzkaller0: entered promiscuous mode [ 1502.856239][T17248] syzkaller0: entered allmulticast mode [ 1502.938178][T17257] netlink: 'syz.3.13563': attribute type 1 has an invalid length. [ 1503.023982][T17914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1503.210134][T17268] netlink: 207952 bytes leftover after parsing attributes in process `syz.3.13569'. [ 1503.255905][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1503.326470][T17272] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13570'. [ 1503.377027][T17274] wg1 speed is unknown, defaulting to 1000 [ 1503.386975][T17274] wg1 speed is unknown, defaulting to 1000 [ 1503.402029][T17274] wg1 speed is unknown, defaulting to 1000 [ 1503.432661][T17274] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 1503.445090][T17279] netlink: 'syz.4.13572': attribute type 20 has an invalid length. [ 1503.463497][T17279] netlink: 4 bytes leftover after parsing attributes in process `syz.4.13572'. [ 1503.470948][T17274] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 1503.485613][T23218] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1503.513925][T17274] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 1503.518129][T23218] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1503.545159][T17274] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 1503.562201][T17279] netlink: 'syz.4.13572': attribute type 5 has an invalid length. [ 1503.570129][T23218] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1503.584596][T23218] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1503.663311][T17274] wg1 speed is unknown, defaulting to 1000 [ 1503.687206][T17274] wg1 speed is unknown, defaulting to 1000 [ 1503.714045][T17290] pim6reg: entered allmulticast mode [ 1503.738742][T17274] wg1 speed is unknown, defaulting to 1000 [ 1503.811192][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1503.828934][T17274] wg1 speed is unknown, defaulting to 1000 [ 1503.847588][T17274] wg1 speed is unknown, defaulting to 1000 [ 1503.862422][T17274] wg1 speed is unknown, defaulting to 1000 [ 1503.874768][T17274] wg1 speed is unknown, defaulting to 1000 [ 1503.884308][T17274] wg1 speed is unknown, defaulting to 1000 [ 1503.895050][T17274] wg1 speed is unknown, defaulting to 1000 [ 1503.903827][T17274] wg1 speed is unknown, defaulting to 1000 [ 1504.031925][T17302] netlink: 212336 bytes leftover after parsing attributes in process `syz.4.13578'. [ 1504.148826][T17310] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1504.163822][T17308] syzkaller0: entered promiscuous mode [ 1504.182373][T17308] syzkaller0: entered allmulticast mode [ 1504.294898][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1504.767614][T17329] sctp: [Deprecated]: syz.0.13586 (pid 17329) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1504.767614][T17329] Use struct sctp_sack_info instead [ 1504.851324][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1504.965446][T17337] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13589'. [ 1504.999213][T17336] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13589'. [ 1505.016304][T17334] tipc: Enabling of bearer rejected, failed to enable media [ 1505.125643][T17343] netlink: 'syz.0.13588': attribute type 4 has an invalid length. [ 1505.175032][T11675] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1505.427589][T17334] syzkaller0: entered promiscuous mode [ 1505.444992][T17334] syzkaller0: entered allmulticast mode [ 1505.598937][T17362] netlink: 'syz.4.13596': attribute type 20 has an invalid length. [ 1505.629798][T17362] IPv6: NLM_F_CREATE should be specified when creating new route [ 1505.891940][T17369] netlink: 24 bytes leftover after parsing attributes in process `syz.2.13598'. [ 1506.940013][ C0] net_ratelimit: 5 callbacks suppressed [ 1506.940038][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1507.423980][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1507.980498][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1508.455800][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1509.021534][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1509.095167][T11675] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1509.325898][T17391] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1509.349115][T17391] bond0: (slave lo): Error: Device can not be enslaved while up [ 1509.495943][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1509.609040][T17405] netlink: 12 bytes leftover after parsing attributes in process `syz.1.13609'. [ 1509.954967][T17429] can: request_module (can-proto-0) failed. [ 1509.971749][T17424] can: request_module (can-proto-0) failed. [ 1510.051216][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1510.245757][T17440] syzkaller0: entered promiscuous mode [ 1510.280004][T17440] syzkaller0: entered allmulticast mode [ 1510.379849][T17449] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1510.468424][T17460] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13629'. [ 1510.532560][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1510.638616][T17472] netlink: 36 bytes leftover after parsing attributes in process `syz.4.13632'. [ 1511.101454][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1512.134389][ C0] net_ratelimit: 1 callbacks suppressed [ 1512.134411][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1512.149614][T17914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1512.386401][ T5655] Bluetooth: hci5: command 0x0405 tx timeout [ 1512.614235][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1513.181247][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1513.647122][T17489] netlink: 12 bytes leftover after parsing attributes in process `syz.2.13640'. [ 1513.657993][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1513.784644][T17489] 8021q: adding VLAN 0 to HW filter on device bond12 [ 1513.804925][T17498] bond12: entered promiscuous mode [ 1513.816629][T17498] bond12: entered allmulticast mode [ 1513.855918][T17500] macvlan2: entered promiscuous mode [ 1513.861524][T17500] macvlan2: entered allmulticast mode [ 1513.869181][T17500] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1513.975549][T17502] xt_hashlimit: size too large, truncated to 1048576 [ 1514.099482][T17506] netlink: 40 bytes leftover after parsing attributes in process `syz.0.13642'. [ 1514.211237][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1514.226117][T17510] netlink: 'syz.4.13643': attribute type 1 has an invalid length. [ 1514.307818][T17510] bond2: entered promiscuous mode [ 1514.313644][T17510] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1514.343768][T17510] bond2: (slave bridge2): making interface the new active one [ 1514.352242][T17510] bridge2: entered promiscuous mode [ 1514.376347][T17510] bridge2: left promiscuous mode [ 1514.520654][T17504] veth5: entered allmulticast mode [ 1514.697779][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1514.773494][T17914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1514.938468][T17535] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1515.070483][T17545] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13654'. [ 1515.169686][T17545] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1515.182778][T17914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1515.217513][T17552] bond3: entered promiscuous mode [ 1515.236566][T17552] bond3: entered allmulticast mode [ 1515.296209][T17557] macvlan2: entered promiscuous mode [ 1515.305327][T17557] macvlan2: entered allmulticast mode [ 1515.326240][T17557] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1515.566581][T17572] veth0: entered promiscuous mode [ 1516.340755][T17568] veth0: left promiscuous mode [ 1517.341426][ C0] net_ratelimit: 6 callbacks suppressed [ 1517.341450][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1517.812451][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1518.054096][T17547] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1518.221612][T17578] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13661'. [ 1518.371176][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1518.385879][T17593] netlink: 'syz.0.13665': attribute type 1 has an invalid length. [ 1518.459708][T17914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1518.494341][T17593] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1518.669912][T17603] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1518.836439][T17616] pimreg: entered allmulticast mode [ 1518.851971][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1519.179003][T17640] netlink: 20 bytes leftover after parsing attributes in process `syz.4.13684'. [ 1519.373867][T17646] netlink: 20 bytes leftover after parsing attributes in process `syz.4.13684'. [ 1519.406787][T17646] nbd: nbd64 already in use [ 1519.421214][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1519.424881][T17640] netlink: 36 bytes leftover after parsing attributes in process `syz.4.13684'. [ 1519.663556][T17481] udevd[17481]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 1519.753454][T17674] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.13692'. [ 1519.892349][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1520.097518][T17688] netlink: 24 bytes leftover after parsing attributes in process `syz.2.13699'. [ 1520.125667][T17688] netlink: 156 bytes leftover after parsing attributes in process `syz.2.13699'. [ 1520.158110][T17688] openvswitch: netlink: Flow key attr not present in new flow. [ 1520.167611][T17693] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13698'. [ 1520.451181][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1520.599601][T17713] macvlan0: entered promiscuous mode [ 1520.615619][T17713] Cannot find set identified by id 2 to match [ 1520.630247][T17716] netlink: 24 bytes leftover after parsing attributes in process `syz.0.13706'. [ 1521.002591][T17738] bond4: Unable to set down delay as MII monitoring is disabled [ 1521.017237][T17738] bond4 (unregistering): Released all slaves [ 1521.135672][T17751] veth0_to_bridge: entered promiscuous mode [ 1521.174062][T17751] netlink: 'syz.4.13718': attribute type 4 has an invalid length. [ 1521.241548][T17747] veth0_to_bridge: left promiscuous mode [ 1521.369797][T17760] netlink: 'syz.3.13721': attribute type 26 has an invalid length. [ 1521.382450][T17762] netlink: 84 bytes leftover after parsing attributes in process `syz.1.13719'. [ 1521.398212][T17760] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13721'. [ 1521.417712][T17760] netlink: 'syz.3.13721': attribute type 26 has an invalid length. [ 1521.435408][T17760] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13721'. [ 1522.205190][T17789] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13731'. [ 1522.290718][T17792] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1522.298119][T17792] IPv6: NLM_F_CREATE should be set when creating new route [ 1522.531146][ C0] net_ratelimit: 4 callbacks suppressed [ 1522.531167][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1522.621708][T17802] netlink: 'syz.2.13735': attribute type 1 has an invalid length. [ 1522.634490][T17805] netlink: 20 bytes leftover after parsing attributes in process `syz.1.13737'. [ 1522.827423][T17814] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13739'. [ 1522.866391][T17811] pim6reg: entered allmulticast mode [ 1523.017780][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1523.076001][T17827] netlink: 'syz.2.13743': attribute type 1 has an invalid length. [ 1523.123878][T17827] netlink: 'syz.2.13743': attribute type 1 has an invalid length. [ 1523.184797][T17827] netlink: 'syz.2.13743': attribute type 8 has an invalid length. [ 1523.354633][T17845] netlink: 'syz.2.13750': attribute type 6 has an invalid length. [ 1523.363942][T17845] netlink: 'syz.2.13750': attribute type 5 has an invalid length. [ 1523.581354][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1523.635466][T17866] ip6tnl1: entered promiscuous mode [ 1524.051840][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1524.479871][T17893] netlink: 'syz.0.13766': attribute type 2 has an invalid length. [ 1524.531729][ T3971] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1524.611193][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1524.990498][T17912] xt_hashlimit: size too large, truncated to 1048576 [ 1525.011635][ T3971] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1525.093235][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1525.654509][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1525.662731][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1526.277043][T17940] __nla_validate_parse: 13 callbacks suppressed [ 1526.277066][T17940] netlink: 7064 bytes leftover after parsing attributes in process `syz.2.13783'. [ 1526.382231][T17943] syzkaller0: entered promiscuous mode [ 1526.394027][T17943] syzkaller0: entered allmulticast mode [ 1526.641340][T17954] syzkaller0: entered promiscuous mode [ 1526.647776][T17954] syzkaller0: entered allmulticast mode [ 1526.864115][T17962] netlink: 12 bytes leftover after parsing attributes in process `syz.2.13790'. [ 1527.053005][T17966] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13791'. [ 1527.434843][T17984] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13799'. [ 1527.462039][T17985] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13798'. [ 1527.465880][T17981] bond3: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 1527.486135][T17981] bond3 (unregistering): Released all slaves [ 1527.551872][T17985] netlink: 12 bytes leftover after parsing attributes in process `syz.4.13798'. [ 1527.731203][ C0] net_ratelimit: 8 callbacks suppressed [ 1527.731225][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1528.214601][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1528.240396][T18012] IPv6: NLM_F_CREATE should be specified when creating new route [ 1528.265292][T18012] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13808'. [ 1528.299039][T18013] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13806'. [ 1528.513172][T18026] netlink: 40 bytes leftover after parsing attributes in process `syz.1.13815'. [ 1528.539513][T18026] netlink: 40 bytes leftover after parsing attributes in process `syz.1.13815'. [ 1528.701532][ T3971] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1528.771187][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1528.924946][T18051] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1529.075026][T18060] validate_nla: 1 callbacks suppressed [ 1529.075051][T18060] netlink: 'syz.1.13827': attribute type 1 has an invalid length. [ 1529.127798][T18060] netlink: 'syz.1.13827': attribute type 1 has an invalid length. [ 1529.152730][T18060] netlink: 'syz.1.13827': attribute type 8 has an invalid length. [ 1529.252997][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1529.758084][T18092] bond3: option mode: invalid value (133) [ 1529.808920][T18092] bond3 (unregistering): Released all slaves [ 1529.815458][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1530.294421][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1530.631591][T18129] bridge0: port 1(bridge_slave_0) entered listening state [ 1530.663067][T18136] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1530.851191][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1531.284818][T18162] netlink: 'syz.3.13850': attribute type 3 has an invalid length. [ 1531.332222][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1531.358734][T18166] __nla_validate_parse: 12 callbacks suppressed [ 1531.358756][T18166] netlink: 28 bytes leftover after parsing attributes in process `syz.0.13851'. [ 1531.733495][T11675] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1531.840562][T18189] netlink: 'syz.3.13862': attribute type 17 has an invalid length. [ 1531.857521][T18189] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13862'. [ 1531.873582][T18189] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13862'. [ 1531.903093][T18193] netlink: 72 bytes leftover after parsing attributes in process `syz.3.13862'. [ 1531.928630][T18189] gretap0: entered promiscuous mode [ 1531.944380][T18189] gretap0: left promiscuous mode [ 1532.230306][T18208] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13869'. [ 1532.333987][T18207] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13867'. [ 1532.376452][T18207] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13867'. [ 1532.768921][T18232] netlink: 32 bytes leftover after parsing attributes in process `syz.3.13875'. [ 1532.797226][T18232] netlink: 32 bytes leftover after parsing attributes in process `syz.3.13875'. [ 1532.891996][T18243] netlink: 32 bytes leftover after parsing attributes in process `syz.3.13875'. [ 1532.901545][T18245] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1532.931192][ C0] net_ratelimit: 2 callbacks suppressed [ 1532.931212][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1533.315877][T18266] netlink: 'syz.2.13887': attribute type 4 has an invalid length. [ 1533.346030][T18272] netlink: 'syz.2.13887': attribute type 4 has an invalid length. [ 1533.415244][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1533.526206][T18282] netlink: 'syz.4.13890': attribute type 1 has an invalid length. [ 1533.601714][T18289] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1533.690472][T18282] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1533.776706][T18293] bond3: (slave geneve2): making interface the new active one [ 1533.788483][T18293] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 1533.923275][T23218] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1533.939506][T23218] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1533.976053][T23218] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1533.981390][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1533.997872][T23218] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1534.375855][T18323] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1534.457293][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1534.549047][T18327] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1534.585910][T18327] bond4: (slave bond5): Enslaving as an active interface with an up link [ 1534.614767][ T5760] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1534.774209][ T5760] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1534.808157][ T8984] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1534.818983][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1534.833469][T18354] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1534.835062][ T5760] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1535.370066][T18386] netlink: 'syz.4.13918': attribute type 21 has an invalid length. [ 1535.391814][T18386] netlink: 'syz.4.13918': attribute type 21 has an invalid length. [ 1535.557126][T18389] netlink: 'syz.3.13919': attribute type 22 has an invalid length. [ 1535.786262][T18401] bond4: entered promiscuous mode [ 1535.835517][T18406] macvlan2: entered promiscuous mode [ 1535.855304][T18406] macvlan2: entered allmulticast mode [ 1535.864584][T18406] bond4: (slave macvlan2): Opening slave failed [ 1535.888832][T18405] tipc: New replicast peer: 172.20.20.187 [ 1535.917425][T18405] tipc: Enabled bearer , priority 10 [ 1535.993026][T18405] syzkaller1: entered promiscuous mode [ 1535.998669][T18405] syzkaller1: entered allmulticast mode [ 1536.800458][T18448] __nla_validate_parse: 15 callbacks suppressed [ 1536.800482][T18448] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13924'. [ 1536.909272][T18456] netlink: 'syz.1.13931': attribute type 1 has an invalid length. [ 1536.933880][T18456] RDS: rds_bind could not find a transport for b704:0:200:0:8500:0:ae00:0, load rds_tcp or rds_rdma? [ 1537.097505][T18466] syzkaller1: entered promiscuous mode [ 1537.110711][T18466] syzkaller1: entered allmulticast mode [ 1537.157544][T18465] dvmrp0: entered allmulticast mode [ 1537.184205][T18472] FAULT_INJECTION: forcing a failure. [ 1537.184205][T18472] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1537.214523][T18472] CPU: 0 UID: 0 PID: 18472 Comm: syz.1.13935 Not tainted syzkaller #0 PREEMPT(full) [ 1537.214554][T18472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1537.214567][T18472] Call Trace: [ 1537.214576][T18472] [ 1537.214586][T18472] dump_stack_lvl+0xe8/0x150 [ 1537.214627][T18472] should_fail_ex+0x412/0x560 [ 1537.214657][T18472] _copy_from_iter+0x1d3/0x1670 [ 1537.214685][T18472] ? rcu_is_watching+0x15/0xb0 [ 1537.214718][T18472] ? __pfx__copy_from_iter+0x10/0x10 [ 1537.214751][T18472] ? netlink_sendmsg+0x650/0xb40 [ 1537.214781][T18472] ? skb_put+0x11b/0x210 [ 1537.214816][T18472] netlink_sendmsg+0x6c0/0xb40 [ 1537.214862][T18472] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1537.214896][T18472] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1537.214929][T18472] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1537.214961][T18472] ____sys_sendmsg+0x972/0x9f0 [ 1537.214982][T18472] ? __might_fault+0xaf/0x130 [ 1537.215017][T18472] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1537.215048][T18472] ? import_iovec+0x73/0xa0 [ 1537.215078][T18472] ___sys_sendmsg+0x2a5/0x360 [ 1537.215097][T18472] ? __lock_acquire+0x6b5/0x2cf0 [ 1537.215125][T18472] ? __pfx____sys_sendmsg+0x10/0x10 [ 1537.215185][T18472] ? __fget_files+0x2a/0x420 [ 1537.215209][T18472] ? __fget_files+0x3a0/0x420 [ 1537.215246][T18472] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1537.215270][T18472] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1537.215302][T18472] ? __pfx_ksys_write+0x10/0x10 [ 1537.215341][T18472] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1537.215364][T18472] do_syscall_64+0x174/0x580 [ 1537.215385][T18472] ? trace_irq_disable+0x3b/0x140 [ 1537.215415][T18472] ? clear_bhb_loop+0x40/0x90 [ 1537.215441][T18472] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1537.215461][T18472] RIP: 0033:0x7fb96699ce59 [ 1537.215482][T18472] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1537.215499][T18472] RSP: 002b:00007fb9678f3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1537.215523][T18472] RAX: ffffffffffffffda RBX: 00007fb966c15fa0 RCX: 00007fb96699ce59 [ 1537.215538][T18472] RDX: 0000000000000010 RSI: 00002000000012c0 RDI: 0000000000000004 [ 1537.215552][T18472] RBP: 00007fb9678f3090 R08: 0000000000000000 R09: 0000000000000000 [ 1537.215565][T18472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1537.215578][T18472] R13: 00007fb966c16038 R14: 00007fb966c15fa0 R15: 00007ffdb13afc18 [ 1537.215619][T18472] [ 1537.506970][T18478] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13937'. [ 1537.661829][T18489] atomic_op ffff88804a6ba198 conn xmit_atomic 0000000000000000 [ 1537.756545][T18487] bond13 (unregistering): Released all slaves [ 1537.809154][T18500] x_tables: duplicate underflow at hook 4 [ 1537.925386][T18512] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13943'. [ 1537.950771][T18512] netlink: 5508 bytes leftover after parsing attributes in process `syz.1.13943'. [ 1537.965254][T18516] netlink: 'syz.4.13947': attribute type 1 has an invalid length. [ 1537.997301][T18495] bond13 (unregistering): Released all slaves [ 1538.118936][T18500] bond3: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 1538.131330][ C0] net_ratelimit: 7 callbacks suppressed [ 1538.131351][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1538.170814][T18500] bond3 (unregistering): Released all slaves [ 1538.402337][T18513] speed is unknown, defaulting to 1000 [ 1538.411702][T18538] netlink: 'syz.1.13951': attribute type 1 has an invalid length. [ 1538.423443][T18538] netlink: 96 bytes leftover after parsing attributes in process `syz.1.13951'. [ 1538.433786][T18538] netlink: 650 bytes leftover after parsing attributes in process `syz.1.13951'. [ 1538.439064][T18513] wg1 speed is unknown, defaulting to 1000 [ 1538.448684][T18539] netlink: 'syz.1.13951': attribute type 1 has an invalid length. [ 1538.479360][T18539] netlink: 96 bytes leftover after parsing attributes in process `syz.1.13951'. [ 1538.493664][T18539] netlink: 650 bytes leftover after parsing attributes in process `syz.1.13951'. [ 1538.507098][T18538] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13951'. [ 1538.613107][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1538.747537][T18553] netlink: 'syz.2.13956': attribute type 1 has an invalid length. [ 1538.751543][T18552] syz_tun: entered allmulticast mode [ 1538.769231][T18553] netlink: 4 bytes leftover after parsing attributes in process `syz.2.13956'. [ 1538.779806][T18557] veth1_macvtap: left promiscuous mode [ 1538.794188][T18557] macsec0: entered promiscuous mode [ 1538.799622][T18557] macsec0: entered allmulticast mode [ 1538.833216][T18560] veth1_macvtap: entered promiscuous mode [ 1538.845052][T18560] veth1_macvtap: entered allmulticast mode [ 1538.851580][T18560] macsec0: left promiscuous mode [ 1538.856904][T18560] macsec0: left allmulticast mode [ 1538.862739][T18560] veth1_macvtap: left allmulticast mode [ 1539.069733][T18572] netlink: 'syz.4.13963': attribute type 1 has an invalid length. [ 1539.078303][T18572] netlink: 'syz.4.13963': attribute type 2 has an invalid length. [ 1539.171168][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1539.658593][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1540.211337][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1540.375940][T14131] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1540.384986][ T5760] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1540.397538][ T5760] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1540.694564][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1540.856668][T18675] validate_nla: 3 callbacks suppressed [ 1540.856688][T18675] netlink: 'syz.0.13999': attribute type 1 has an invalid length. [ 1541.251217][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1543.332176][ C0] net_ratelimit: 3 callbacks suppressed [ 1543.332199][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1543.414663][ T5760] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1543.465589][T18730] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) ! [ 1543.519013][T18730] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) ! [ 1543.588734][T18736] __nla_validate_parse: 13 callbacks suppressed [ 1543.588756][T18736] netlink: 16 bytes leftover after parsing attributes in process `syz.1.14015'. [ 1543.626683][T18736] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14015'. [ 1543.813669][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1543.927970][T18756] netlink: 256 bytes leftover after parsing attributes in process `syz.1.14021'. [ 1544.046062][T18766] netlink: 8 bytes leftover after parsing attributes in process `syz.4.14024'. [ 1544.055956][T18766] netlink: 4 bytes leftover after parsing attributes in process `syz.4.14024'. [ 1544.215460][ T3971] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1544.371198][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1544.852704][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1544.885630][T18808] IPVS: set_ctl: invalid protocol: 59 172.20.20.187:20001 [ 1545.135969][T18820] x_tables: duplicate entry at hook 3 [ 1545.411168][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1545.808274][T18853] netlink: 256 bytes leftover after parsing attributes in process `syz.2.14055'. [ 1545.839478][T18853] netlink: 256 bytes leftover after parsing attributes in process `syz.2.14055'. [ 1545.871520][T18859] netlink: 36 bytes leftover after parsing attributes in process `syz.4.14056'. [ 1545.882564][T18859] netlink: 36 bytes leftover after parsing attributes in process `syz.4.14056'. [ 1545.907665][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1546.092566][T18869] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14058'. [ 1546.128767][T18869] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1546.146021][ T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1546.162422][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.455141][T18879] 8021q: adding VLAN 0 to HW filter on device bond13 [ 1546.490885][T18883] bond13: entered promiscuous mode [ 1546.520096][T18883] bond13: entered allmulticast mode [ 1546.546046][T18879] macvlan2: entered promiscuous mode [ 1546.551687][T18879] macvlan2: entered allmulticast mode [ 1546.558891][T18879] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1546.773500][T18902] netlink: 'syz.2.14069': attribute type 1 has an invalid length. [ 1546.815922][T18904] netlink: 'syz.1.14070': attribute type 14 has an invalid length. [ 1546.834965][T18902] 8021q: adding VLAN 0 to HW filter on device bond14 [ 1546.864119][T18902] bond14: (slave ip6gretap1): making interface the new active one [ 1546.874987][T18902] bond14: (slave ip6gretap1): Enslaving as an active interface with an up link [ 1546.907279][T18908] bridge3: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 1546.939993][T18910] netlink: 'syz.0.14071': attribute type 1 has an invalid length. [ 1547.128299][T18917] netlink: 'syz.2.14076': attribute type 8 has an invalid length. [ 1547.133766][T18916] netlink: 'syz.0.14075': attribute type 1 has an invalid length. [ 1547.179349][T18920] netlink: 'syz.1.14077': attribute type 1 has an invalid length. [ 1547.187713][T18920] netlink: 'syz.1.14077': attribute type 11 has an invalid length. [ 1547.300168][T18916] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1547.436115][T18916] bond6: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 1547.765903][T18947] ip6gre1: entered allmulticast mode [ 1548.531229][ C0] net_ratelimit: 6 callbacks suppressed [ 1548.531250][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1548.670299][T18978] __nla_validate_parse: 12 callbacks suppressed [ 1548.670324][T18978] netlink: 36 bytes leftover after parsing attributes in process `syz.0.14097'. [ 1549.013087][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1549.251402][ T3971] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1549.576299][T19002] netlink: 8 bytes leftover after parsing attributes in process `syz.3.14103'. [ 1549.585599][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1549.751392][T18994] netlink: 20 bytes leftover after parsing attributes in process `syz.2.14102'. [ 1550.056253][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1550.286076][T19031] netlink: 40 bytes leftover after parsing attributes in process `syz.0.14110'. [ 1550.322024][T19031] netlink: 40 bytes leftover after parsing attributes in process `syz.0.14110'. [ 1550.611377][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1550.634885][T19043] bond15: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 1550.646376][T19050] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14116'. [ 1550.658125][T19050] netlink: 12 bytes leftover after parsing attributes in process `syz.2.14116'. [ 1550.661574][T19043] bond15 (unregistering): Released all slaves [ 1551.095972][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1551.134874][T19063] netlink: 40 bytes leftover after parsing attributes in process `syz.2.14123'. [ 1551.492614][T19073] netlink: 12 bytes leftover after parsing attributes in process `syz.2.14127'. [ 1551.650548][T19073] 8021q: adding VLAN 0 to HW filter on device bond15 [ 1551.661340][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1551.698339][T19077] bond15: entered promiscuous mode [ 1551.717553][T19077] bond15: entered allmulticast mode [ 1551.785892][T19081] macvlan2: entered promiscuous mode [ 1551.799833][T19081] macvlan2: entered allmulticast mode [ 1551.819305][T19081] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1551.894123][T14128] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1551.904431][T17914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1552.119053][T19096] netlink: 'syz.2.14135': attribute type 2 has an invalid length. [ 1552.333623][T19106] netlink: 28 bytes leftover after parsing attributes in process `syz.4.14138'. [ 1552.353454][T19106] netlink: 'syz.4.14138': attribute type 7 has an invalid length. [ 1552.373210][T19106] netlink: 'syz.4.14138': attribute type 8 has an invalid length. [ 1552.488454][T19113] netlink: 'syz.2.14141': attribute type 2 has an invalid length. [ 1552.675323][T19123] syzkaller0: entered promiscuous mode [ 1552.683325][T19123] syzkaller0: entered allmulticast mode [ 1553.378844][T19154] netlink: 'syz.1.14156': attribute type 1 has an invalid length. [ 1553.388950][T19154] netlink: 'syz.1.14156': attribute type 1 has an invalid length. [ 1553.568033][T19161] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1553.731394][ C0] net_ratelimit: 5 callbacks suppressed [ 1553.731417][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1553.788826][T19174] __nla_validate_parse: 5 callbacks suppressed [ 1553.788847][T19174] netlink: 4 bytes leftover after parsing attributes in process `syz.4.14164'. [ 1553.812970][ T3971] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1554.212008][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1554.630356][T19205] netlink: 'syz.3.14175': attribute type 1 has an invalid length. [ 1554.771132][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1554.858241][T19220] netlink: 236 bytes leftover after parsing attributes in process `syz.1.14180'. [ 1554.893940][T19220] netlink: 236 bytes leftover after parsing attributes in process `syz.1.14180'. [ 1554.904720][T19221] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1554.931742][T11675] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1555.251904][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1555.351183][T19229] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14184'. [ 1555.372177][T19229] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14184'. [ 1555.746772][T19239] netlink: 596 bytes leftover after parsing attributes in process `syz.0.14189'. [ 1555.811346][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1556.090361][T19258] netlink: 'syz.2.14197': attribute type 83 has an invalid length. [ 1556.267205][T19271] netlink: 28 bytes leftover after parsing attributes in process `syz.0.14200'. [ 1556.300591][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1556.364359][T19273] sch_tbf: burst 7 is lower than device syzkaller0 mtu (1514) ! [ 1556.404741][T19274] sch_tbf: burst 7 is lower than device syzkaller0 mtu (1514) ! [ 1556.424440][T19277] netlink: 24 bytes leftover after parsing attributes in process `syz.2.14203'. [ 1556.795726][T19300] syzkaller0: entered promiscuous mode [ 1556.815461][T19300] syzkaller0: entered allmulticast mode [ 1556.851753][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1556.936425][T19309] netlink: 'syz.1.14213': attribute type 1 has an invalid length. [ 1557.046469][T19309] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1557.092380][T19310] bond3: (slave veth5): Enslaving as an active interface with a down link [ 1557.107168][T19310] syz.1.14213 (19310) used greatest stack depth: 17344 bytes left [ 1557.115527][T19321] netlink: 28 bytes leftover after parsing attributes in process `syz.2.14215'. [ 1557.159312][T19319] bond3: (slave veth0_to_bond): making interface the new active one [ 1557.189347][T19319] veth0_to_bond: entered promiscuous mode [ 1557.201606][T19319] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 1557.333428][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1557.984244][T19346] netlink: 28 bytes leftover after parsing attributes in process `syz.2.14225'. [ 1558.181449][T19354] netlink: 'syz.4.14227': attribute type 1 has an invalid length. [ 1558.931232][ C0] net_ratelimit: 5 callbacks suppressed [ 1558.931255][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1558.961682][T19387] __nla_validate_parse: 2 callbacks suppressed [ 1558.961711][T19387] netlink: 24 bytes leftover after parsing attributes in process `syz.4.14238'. [ 1558.976728][T19390] tipc: Enabling of bearer rejected, failed to enable media [ 1559.238626][T19398] netlink: 28 bytes leftover after parsing attributes in process `syz.4.14240'. [ 1559.411742][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1559.971442][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1560.026565][T19419] batadv0: entered allmulticast mode [ 1560.452230][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1560.497624][T19434] netlink: 44 bytes leftover after parsing attributes in process `syz.4.14256'. [ 1560.699754][ T5760] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1560.739053][T19444] netlink: 'syz.4.14260': attribute type 10 has an invalid length. [ 1560.772245][T19438] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.14257'. [ 1560.773322][T19444] ipvlan0: entered allmulticast mode [ 1560.823061][T19444] veth0_vlan: entered allmulticast mode [ 1560.863827][T19444] team0: Device ipvlan0 failed to register rx_handler [ 1561.011169][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1561.088887][T19455] netlink: 48 bytes leftover after parsing attributes in process `syz.4.14263'. [ 1561.231819][T19457] netlink: 36 bytes leftover after parsing attributes in process `syz.0.14266'. [ 1561.494826][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1561.829251][T19477] tipc: Enabling of bearer rejected, already enabled [ 1562.051123][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1562.108009][T19487] netlink: 104 bytes leftover after parsing attributes in process `syz.1.14277'. [ 1562.287799][T19495] netlink: 4 bytes leftover after parsing attributes in process `syz.4.14281'. [ 1562.337061][T19495] netlink: 4 bytes leftover after parsing attributes in process `syz.4.14281'. [ 1562.487948][T19498] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14282'. [ 1562.531649][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1562.596695][T19499] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1563.091146][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1563.285885][T19528] veth0_to_bridge: entered promiscuous mode [ 1563.302058][T19528] veth0_to_bridge: left promiscuous mode [ 1563.664267][T19548] netlink: 'syz.2.14302': attribute type 1 has an invalid length. [ 1563.672488][T19548] netlink: 'syz.2.14302': attribute type 2 has an invalid length. [ 1563.905338][T19553] netlink: 'syz.2.14303': attribute type 1 has an invalid length. [ 1564.131079][ C0] net_ratelimit: 4 callbacks suppressed [ 1564.131102][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1564.612043][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1565.171239][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1565.550558][T19630] __nla_validate_parse: 1 callbacks suppressed [ 1565.550580][T19630] netlink: 24 bytes leftover after parsing attributes in process `syz.3.14331'. [ 1565.598354][T19634] xt_hashlimit: overflow, rate too high: 0 [ 1565.653354][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1566.000905][T19647] netlink: 28 bytes leftover after parsing attributes in process `syz.3.14337'. [ 1566.211156][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1566.458533][T19675] netlink: 28 bytes leftover after parsing attributes in process `syz.0.14346'. [ 1566.695136][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1566.728097][T19691] netlink: 165 bytes leftover after parsing attributes in process `syz.2.14353'. [ 1566.772475][T11675] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1566.830926][T19695] gre1: entered promiscuous mode [ 1566.887112][T19698] netlink: 20 bytes leftover after parsing attributes in process `syz.1.14354'. [ 1567.132041][T19709] netlink: 'syz.0.14361': attribute type 1 has an invalid length. [ 1567.216967][T19709] bond7: entered promiscuous mode [ 1567.222921][T19709] 8021q: adding VLAN 0 to HW filter on device bond7 [ 1567.251379][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1567.465186][T19728] mac80211_hwsim hwsim100 syzkaller0: entered promiscuous mode [ 1567.493433][T19728] mac80211_hwsim hwsim100 syzkaller0: entered allmulticast mode [ 1567.659120][T19736] netlink: 8 bytes leftover after parsing attributes in process `syz.3.14367'. [ 1567.699675][T19744] atomic_op ffff8880754c3198 conn xmit_atomic 0000000000000000 [ 1567.731782][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1567.973937][T19757] netlink: 'syz.3.14373': attribute type 1 has an invalid length. [ 1567.978570][T19758] netlink: 'syz.1.14374': attribute type 83 has an invalid length. [ 1568.068016][T19764] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14376'. [ 1568.068948][T19757] bond6: entered promiscuous mode [ 1568.083448][T19757] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1568.291081][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1568.333020][T14128] veth0_to_bond: left promiscuous mode [ 1568.570251][T19794] netlink: 84 bytes leftover after parsing attributes in process `syz.3.14382'. [ 1568.670222][T19800] netlink: 12 bytes leftover after parsing attributes in process `syz.4.14386'. [ 1568.704222][T19802] netlink: 'syz.1.14387': attribute type 21 has an invalid length. [ 1568.737143][T19800] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1568.753667][T19802] netlink: 132 bytes leftover after parsing attributes in process `syz.1.14387'. [ 1568.779883][T19804] bond5: entered promiscuous mode [ 1568.787637][T19804] bond5: entered allmulticast mode [ 1568.801730][T19806] netlink: 'syz.3.14388': attribute type 1 has an invalid length. [ 1568.858612][T19806] bond7: entered promiscuous mode [ 1568.864668][T19806] 8021q: adding VLAN 0 to HW filter on device bond7 [ 1568.872105][T19814] FAULT_INJECTION: forcing a failure. [ 1568.872105][T19814] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1568.887513][T19814] CPU: 0 UID: 0 PID: 19814 Comm: syz.0.14390 Not tainted syzkaller #0 PREEMPT(full) [ 1568.887540][T19814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1568.887553][T19814] Call Trace: [ 1568.887561][T19814] [ 1568.887570][T19814] dump_stack_lvl+0xe8/0x150 [ 1568.887601][T19814] should_fail_ex+0x412/0x560 [ 1568.887630][T19814] _copy_from_user+0x2d/0xb0 [ 1568.887655][T19814] ___sys_recvmsg+0x175/0x590 [ 1568.887691][T19814] ? __pfx____sys_recvmsg+0x10/0x10 [ 1568.887712][T19814] ? __fget_files+0x2a/0x420 [ 1568.887768][T19814] do_recvmmsg+0x334/0x800 [ 1568.887799][T19814] ? __pfx_do_recvmmsg+0x10/0x10 [ 1568.887832][T19814] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1568.887872][T19814] __x64_sys_recvmmsg+0x198/0x250 [ 1568.887901][T19814] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1568.887925][T19814] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1568.887945][T19814] do_syscall_64+0x174/0x580 [ 1568.887963][T19814] ? trace_irq_disable+0x3b/0x140 [ 1568.887993][T19814] ? clear_bhb_loop+0x40/0x90 [ 1568.888014][T19814] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1568.888035][T19814] RIP: 0033:0x7f276fb9ce59 [ 1568.888056][T19814] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1568.888072][T19814] RSP: 002b:00007f2770a2f028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1568.888095][T19814] RAX: ffffffffffffffda RBX: 00007f276fe16090 RCX: 00007f276fb9ce59 [ 1568.888109][T19814] RDX: 000000000291962b RSI: 0000200000000040 RDI: 0000000000000003 [ 1568.888123][T19814] RBP: 00007f2770a2f090 R08: 0000000000000000 R09: 0000000000000000 [ 1568.888136][T19814] R10: 45833af92e4b39ff R11: 0000000000000246 R12: 0000000000000001 [ 1568.888149][T19814] R13: 00007f276fe16128 R14: 00007f276fe16090 R15: 00007ffd0f662848 [ 1568.888184][T19814] [ 1569.080743][T19800] macvlan2: entered promiscuous mode [ 1569.086225][T19800] macvlan2: entered allmulticast mode [ 1569.094455][T19800] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1569.331225][ C0] net_ratelimit: 3 callbacks suppressed [ 1569.331248][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1569.739445][T19849] netlink: 'syz.0.14404': attribute type 11 has an invalid length. [ 1569.767136][T19850] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 1569.774621][T19855] netlink: 'syz.3.14403': attribute type 1 has an invalid length. [ 1569.809339][T19855] bond8: entered promiscuous mode [ 1569.815857][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1569.824087][T17914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1569.826643][T19855] 8021q: adding VLAN 0 to HW filter on device bond8 [ 1569.986638][T19861] pim6reg1: entered promiscuous mode [ 1570.011930][T19861] pim6reg1: entered allmulticast mode [ 1570.371081][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1570.852065][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1571.359924][T19940] __nla_validate_parse: 10 callbacks suppressed [ 1571.359948][T19940] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14429'. [ 1571.392207][T19940] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14429'. [ 1571.411113][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1571.694023][T19954] netlink: 'syz.0.14434': attribute type 1 has an invalid length. [ 1571.775367][T19927] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 1571.895224][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1572.413795][T19990] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 1572.451153][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1572.628236][T20002] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1572.728122][T14987] IPVS: starting estimator thread 0... [ 1572.841358][T20007] IPVS: using max 24 ests per chain, 57600 per kthread [ 1572.852141][T11675] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1572.976034][T20020] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1573.113810][T20029] syzkaller0: entered promiscuous mode [ 1573.126650][T20029] syzkaller0: entered allmulticast mode [ 1573.700167][T20059] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14465'. [ 1573.736752][T20057] macvtap1: entered promiscuous mode [ 1573.758506][T20057] macvtap1: entered allmulticast mode [ 1573.777584][T20057] veth1_vlan: entered allmulticast mode [ 1573.786417][T20064] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14467'. [ 1573.813846][T12921] Bluetooth: hci4: command 0x0406 tx timeout [ 1573.819743][T20060] macvtap2: entered promiscuous mode [ 1573.834107][T20060] macvtap2: entered allmulticast mode [ 1573.908455][T20069] netlink: 24 bytes leftover after parsing attributes in process `syz.3.14468'. [ 1573.933829][T20072] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1574.026880][T20077] netlink: 8 bytes leftover after parsing attributes in process `syz.3.14472'. [ 1574.048353][T20077] netlink: 24 bytes leftover after parsing attributes in process `syz.3.14472'. [ 1574.066455][T20077] netlink: 8 bytes leftover after parsing attributes in process `syz.3.14472'. [ 1574.076449][T20077] netlink: 24 bytes leftover after parsing attributes in process `syz.3.14472'. [ 1574.115991][T20081] syzkaller0: entered promiscuous mode [ 1574.122172][T20081] syzkaller0: entered allmulticast mode [ 1574.210796][T20085] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1574.320913][T20090] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 1574.531092][ C0] net_ratelimit: 6 callbacks suppressed [ 1574.531114][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1574.558777][T20105] netlink: 4 bytes leftover after parsing attributes in process `syz.4.14481'. [ 1574.826704][T20125] netlink: 'syz.0.14489': attribute type 1 has an invalid length. [ 1574.838228][T20125] workqueue: Failed to create a rescuer kthread for wq "bond9": -EINTR [ 1574.840727][T20123] syzkaller0: entered promiscuous mode [ 1574.864266][T20123] syzkaller0: entered allmulticast mode [ 1574.875963][T20123] TC_ACT_REPEAT abuse ? [ 1575.035372][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1575.337687][T20157] netlink: 'syz.2.14496': attribute type 1 has an invalid length. [ 1575.540262][T20157] bond16: entered promiscuous mode [ 1575.551606][T20157] 8021q: adding VLAN 0 to HW filter on device bond16 [ 1575.571527][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1575.652125][ T5655] Bluetooth: hci2: command 0x0405 tx timeout [ 1575.884151][T20183] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1575.904533][T11675] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1575.946808][T20187] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 1575.970598][T20187] team0: Failed to send port change of device batadv1 via netlink (err -105) [ 1575.990134][T20187] team0: Failed to send options change via netlink (err -105) [ 1576.010603][T20187] team0: Port device batadv1 added [ 1576.053396][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1576.136909][T20189] IPv6: sit4: Disabled Multicast RS [ 1576.480135][T20207] __nla_validate_parse: 5 callbacks suppressed [ 1576.480160][T20207] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14512'. [ 1576.611119][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1576.862398][T20217] netlink: 'syz.3.14516': attribute type 11 has an invalid length. [ 1577.092048][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1577.193180][T20237] netlink: 'syz.2.14523': attribute type 1 has an invalid length. [ 1577.259244][T20237] bond17: entered promiscuous mode [ 1577.265133][T20237] 8021q: adding VLAN 0 to HW filter on device bond17 [ 1577.651132][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1577.807357][T20276] netlink: 'syz.2.14537': attribute type 1 has an invalid length. [ 1577.833314][T20276] bond18: entered promiscuous mode [ 1577.838924][T20276] 8021q: adding VLAN 0 to HW filter on device bond18 [ 1578.150392][T20286] bond19: option arp_all_targets: invalid value (18446744073709551613) [ 1578.245982][T20286] bond19 (unregistering): Released all slaves [ 1578.290846][T20297] ipt_ECN: cannot use operation on non-tcp rule [ 1578.538068][T20313] FAULT_INJECTION: forcing a failure. [ 1578.538068][T20313] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1578.576195][T20310] netlink: 'syz.0.14548': attribute type 1 has an invalid length. [ 1578.579571][T20313] CPU: 1 UID: 0 PID: 20313 Comm: syz.3.14547 Not tainted syzkaller #0 PREEMPT(full) [ 1578.579603][T20313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1578.579614][T20313] Call Trace: [ 1578.579622][T20313] [ 1578.579630][T20313] dump_stack_lvl+0xe8/0x150 [ 1578.579657][T20313] should_fail_ex+0x412/0x560 [ 1578.579684][T20313] _copy_from_iter+0x1d3/0x1670 [ 1578.579714][T20313] ? rcu_is_watching+0x15/0xb0 [ 1578.579742][T20313] ? __pfx__copy_from_iter+0x10/0x10 [ 1578.579770][T20313] ? netlink_sendmsg+0x650/0xb40 [ 1578.579794][T20313] ? skb_put+0x11b/0x210 [ 1578.579823][T20313] netlink_sendmsg+0x6c0/0xb40 [ 1578.579858][T20313] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1578.579887][T20313] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1578.579915][T20313] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1578.579942][T20313] ____sys_sendmsg+0x972/0x9f0 [ 1578.579960][T20313] ? __might_fault+0xaf/0x130 [ 1578.579990][T20313] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1578.580017][T20313] ? import_iovec+0x73/0xa0 [ 1578.580043][T20313] ___sys_sendmsg+0x2a5/0x360 [ 1578.580059][T20313] ? __lock_acquire+0x6b5/0x2cf0 [ 1578.580083][T20313] ? __pfx____sys_sendmsg+0x10/0x10 [ 1578.580106][T20313] ? kstrtouint+0x6e/0xe0 [ 1578.580159][T20313] ? __fget_files+0x2a/0x420 [ 1578.580180][T20313] ? __fget_files+0x3a0/0x420 [ 1578.580211][T20313] __sys_sendmmsg+0x27c/0x4e0 [ 1578.580235][T20313] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1578.580251][T20313] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 1578.580296][T20313] ? ksys_write+0x242/0x270 [ 1578.580324][T20313] ? __pfx_ksys_write+0x10/0x10 [ 1578.580362][T20313] __x64_sys_sendmmsg+0xa0/0xc0 [ 1578.580381][T20313] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1578.580400][T20313] do_syscall_64+0x174/0x580 [ 1578.580417][T20313] ? trace_irq_disable+0x3b/0x140 [ 1578.580442][T20313] ? clear_bhb_loop+0x40/0x90 [ 1578.580465][T20313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1578.580483][T20313] RIP: 0033:0x7f94f259ce59 [ 1578.580501][T20313] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1578.580515][T20313] RSP: 002b:00007f94f3390028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1578.580536][T20313] RAX: ffffffffffffffda RBX: 00007f94f2815fa0 RCX: 00007f94f259ce59 [ 1578.580549][T20313] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003 [ 1578.580561][T20313] RBP: 00007f94f3390090 R08: 0000000000000000 R09: 0000000000000000 [ 1578.580573][T20313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1578.580583][T20313] R13: 00007f94f2816038 R14: 00007f94f2815fa0 R15: 00007ffe6ad13b28 [ 1578.580613][T20313] [ 1578.738578][T20320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14552'. [ 1578.807138][T20321] netlink: 12 bytes leftover after parsing attributes in process `syz.2.14551'. [ 1578.882847][T20321] netlink: 60 bytes leftover after parsing attributes in process `syz.2.14551'. [ 1578.892088][T20321] netlink: 12 bytes leftover after parsing attributes in process `syz.2.14551'. [ 1578.901653][T20321] netlink: 60 bytes leftover after parsing attributes in process `syz.2.14551'. [ 1578.910717][T20321] netlink: 104 bytes leftover after parsing attributes in process `syz.2.14551'. [ 1578.920791][T20320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14552'. [ 1578.958604][T20310] bond9: entered promiscuous mode [ 1578.967991][T20310] 8021q: adding VLAN 0 to HW filter on device bond9 [ 1579.129441][T20335] veth0: entered promiscuous mode [ 1579.138605][T20337] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14557'. [ 1579.152376][T20334] veth0: left promiscuous mode [ 1579.159863][T20337] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14557'. [ 1579.290822][T20344] netlink: 'syz.3.14562': attribute type 29 has an invalid length. [ 1579.373337][T20347] FAULT_INJECTION: forcing a failure. [ 1579.373337][T20347] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1579.386742][T20347] CPU: 1 UID: 0 PID: 20347 Comm: syz.4.14563 Not tainted syzkaller #0 PREEMPT(full) [ 1579.386770][T20347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1579.386782][T20347] Call Trace: [ 1579.386790][T20347] [ 1579.386799][T20347] dump_stack_lvl+0xe8/0x150 [ 1579.386830][T20347] should_fail_ex+0x412/0x560 [ 1579.386858][T20347] _copy_from_user+0x2d/0xb0 [ 1579.386883][T20347] ___sys_sendmsg+0x1c6/0x360 [ 1579.386902][T20347] ? __lock_acquire+0x6b5/0x2cf0 [ 1579.386927][T20347] ? __pfx____sys_sendmsg+0x10/0x10 [ 1579.386950][T20347] ? __lock_acquire+0x6b5/0x2cf0 [ 1579.386975][T20347] ? kstrtouint+0x6e/0xe0 [ 1579.387046][T20347] __sys_sendmmsg+0x27c/0x4e0 [ 1579.387072][T20347] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1579.387089][T20347] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 1579.387137][T20347] ? ksys_write+0x242/0x270 [ 1579.387169][T20347] ? __pfx_ksys_write+0x10/0x10 [ 1579.387205][T20347] __x64_sys_sendmmsg+0xa0/0xc0 [ 1579.387225][T20347] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1579.387246][T20347] do_syscall_64+0x174/0x580 [ 1579.387264][T20347] ? trace_irq_disable+0x3b/0x140 [ 1579.387292][T20347] ? clear_bhb_loop+0x40/0x90 [ 1579.387317][T20347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1579.387337][T20347] RIP: 0033:0x7f404079ce59 [ 1579.387357][T20347] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1579.387373][T20347] RSP: 002b:00007f4041645028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1579.387396][T20347] RAX: ffffffffffffffda RBX: 00007f4040a15fa0 RCX: 00007f404079ce59 [ 1579.387411][T20347] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003 [ 1579.387423][T20347] RBP: 00007f4041645090 R08: 0000000000000000 R09: 0000000000000000 [ 1579.387435][T20347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1579.387446][T20347] R13: 00007f4040a16038 R14: 00007f4040a15fa0 R15: 00007ffddb0e0f08 [ 1579.387479][T20347] [ 1579.392998][T20351] netlink: 'syz.0.14564': attribute type 1 has an invalid length. [ 1579.629539][T20351] workqueue: Failed to create a rescuer kthread for wq "bond10": -EINTR [ 1579.731223][ C0] net_ratelimit: 4 callbacks suppressed [ 1579.731247][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1579.983863][T20375] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1580.026343][T20379] netlink: 'syz.1.14575': attribute type 1 has an invalid length. [ 1580.292690][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1580.327652][T20396] openvswitch: netlink: IP tunnel dst address not specified [ 1580.338948][T20396] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1580.648944][T20423] xt_hashlimit: size too large, truncated to 1048576 [ 1580.771077][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1580.992114][T20433] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1581.333299][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1581.447144][T20465] netlink: 'syz.4.14603': attribute type 24 has an invalid length. [ 1581.449080][T20467] netlink: 'syz.3.14604': attribute type 1 has an invalid length. [ 1581.474734][T20467] workqueue: Failed to create a rescuer kthread for wq "bond9": -EINTR [ 1581.610628][T20480] __nla_validate_parse: 17 callbacks suppressed [ 1581.610652][T20480] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14607'. [ 1581.642996][T20480] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14607'. [ 1581.689809][T20483] pim6reg1: entered promiscuous mode [ 1581.736894][T20483] pim6reg1: entered allmulticast mode [ 1581.811131][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1581.983943][T17914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1582.029614][T20509] netlink: 16 bytes leftover after parsing attributes in process `syz.2.14617'. [ 1582.038578][T20511] netlink: 'syz.1.14616': attribute type 11 has an invalid length. [ 1582.064292][T20511] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14616'. [ 1582.082641][T20509] bond19: entered promiscuous mode [ 1582.119086][T23218] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1582.121338][T20511] netlink: 'syz.1.14616': attribute type 11 has an invalid length. [ 1582.140762][T20511] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14616'. [ 1582.145164][T23218] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1582.180032][T23218] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1582.199172][T23218] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1582.372864][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1582.443811][T20526] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14621'. [ 1582.449632][T20530] netlink: 96 bytes leftover after parsing attributes in process `syz.1.14624'. [ 1582.459751][T20526] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14621'. [ 1582.561914][T20532] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.14621'. [ 1582.675675][T20546] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14628'. [ 1582.865825][T20539] geneve3: entered promiscuous mode [ 1582.872977][T20539] geneve3: entered allmulticast mode [ 1582.880421][T14604] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 19999 - 0 [ 1582.900740][T14604] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 19999 - 0 [ 1583.046900][T14604] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 19999 - 0 [ 1583.068254][T14604] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 19999 - 0 [ 1583.128586][T20565] syzkaller1: entered promiscuous mode [ 1583.137795][T20565] syzkaller1: entered allmulticast mode [ 1583.268759][T20572] Cannot find add_set index 4 as target [ 1583.306020][T20572] bridge0: port 2(bridge_slave_1) entered disabled state [ 1584.133216][T20617] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1584.435211][T20633] syzkaller0: entered promiscuous mode [ 1584.452097][T20633] syzkaller0: entered allmulticast mode [ 1584.778498][T17914] net_ratelimit: 14 callbacks suppressed [ 1584.778520][T17914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1584.931069][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1585.023411][ T5760] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1585.023413][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1585.131188][T20666] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 1585.172946][T14604] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1585.184584][ T5760] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1585.198790][T17914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1585.387491][T20676] syzkaller0: entered promiscuous mode [ 1585.405188][T20676] syzkaller0: entered allmulticast mode [ 1585.429830][T20676] TC_ACT_REPEAT abuse ? [ 1585.495635][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1585.822757][T17914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1586.265909][T20711] FAULT_INJECTION: forcing a failure. [ 1586.265909][T20711] name failslab, interval 1, probability 0, space 0, times 0 [ 1586.280126][T20711] CPU: 1 UID: 0 PID: 20711 Comm: syz.2.14681 Not tainted syzkaller #0 PREEMPT(full) [ 1586.280154][T20711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1586.280167][T20711] Call Trace: [ 1586.280176][T20711] [ 1586.280186][T20711] dump_stack_lvl+0xe8/0x150 [ 1586.280217][T20711] should_fail_ex+0x412/0x560 [ 1586.280243][T20711] ? __d_alloc+0x37/0x6f0 [ 1586.280271][T20711] should_failslab+0xa8/0x100 [ 1586.280304][T20711] kmem_cache_alloc_lru_noprof+0x87/0x640 [ 1586.280344][T20711] __d_alloc+0x37/0x6f0 [ 1586.280388][T20711] d_alloc+0x4b/0x190 [ 1586.280412][T20711] ? lookup_one_qstr_excl+0xc4/0x360 [ 1586.280442][T20711] lookup_one_qstr_excl+0xd8/0x360 [ 1586.280471][T20711] ? lookup_noperm_common+0x245/0x430 [ 1586.280502][T20711] start_dirop+0x5c/0x90 [ 1586.280529][T20711] simple_start_creating+0xcc/0x110 [ 1586.280557][T20711] ? __pfx_simple_start_creating+0x10/0x10 [ 1586.280587][T20711] ? do_raw_spin_unlock+0xf5/0x210 [ 1586.280617][T20711] ? mntput+0x65/0xc0 [ 1586.280644][T20711] debugfs_start_creating+0xdb/0x1a0 [ 1586.280672][T20711] __debugfs_create_file+0x6f/0x400 [ 1586.280700][T20711] debugfs_create_file_full+0x3f/0x60 [ 1586.280736][T20711] ref_tracker_dir_debugfs+0x197/0x360 [ 1586.280762][T20711] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1586.280820][T20711] ? __kvmalloc_node_noprof+0x545/0x8a0 [ 1586.280850][T20711] ? alloc_netdev_mqs+0xa8/0x1210 [ 1586.280878][T20711] ? __raw_spin_lock_init+0x45/0x100 [ 1586.280910][T20711] alloc_netdev_mqs+0x274/0x1210 [ 1586.280931][T20711] ? __pfx_vxlan_setup+0x10/0x10 [ 1586.280961][T20711] rtnl_create_link+0x31f/0xd70 [ 1586.280993][T20711] rtnl_newlink_create+0x277/0xb70 [ 1586.281024][T20711] ? __pfx___nla_validate_parse+0x10/0x10 [ 1586.281056][T20711] ? __mutex_lock+0x608/0x1550 [ 1586.281079][T20711] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 1586.281113][T20711] ? __pfx___mutex_lock+0x10/0x10 [ 1586.281145][T20711] ? full_name_hash+0x92/0xe0 [ 1586.281174][T20711] rtnl_newlink+0x166a/0x1bb0 [ 1586.281219][T20711] ? __pfx_rtnl_newlink+0x10/0x10 [ 1586.281258][T20711] ? __lock_acquire+0x6b5/0x2cf0 [ 1586.281293][T20711] ? unwind_next_frame+0xa6/0x2550 [ 1586.281334][T20711] ? unwind_next_frame+0xa6/0x2550 [ 1586.281362][T20711] ? is_bpf_text_address+0x26/0x2b0 [ 1586.281408][T20711] ? is_bpf_text_address+0x26/0x2b0 [ 1586.281436][T20711] ? __lock_acquire+0x6b5/0x2cf0 [ 1586.281462][T20711] ? kernel_text_address+0xa5/0xe0 [ 1586.281490][T20711] ? __kernel_text_address+0xd/0x30 [ 1586.281516][T20711] ? unwind_get_return_address+0x4d/0x90 [ 1586.281540][T20711] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1586.281571][T20711] ? arch_stack_walk+0xfb/0x150 [ 1586.281610][T20711] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1586.281657][T20711] ? __pfx_rtnl_newlink+0x10/0x10 [ 1586.281684][T20711] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1586.281709][T20711] ? kmem_cache_alloc_node_noprof+0x384/0x690 [ 1586.281735][T20711] ? netlink_sendmsg+0x5d4/0xb40 [ 1586.281767][T20711] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1586.281795][T20711] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1586.281825][T20711] ? __lock_acquire+0x6b5/0x2cf0 [ 1586.281864][T20711] netlink_rcv_skb+0x232/0x4b0 [ 1586.281895][T20711] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1586.281926][T20711] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1586.281972][T20711] ? netlink_deliver_tap+0x2e/0x1b0 [ 1586.282002][T20711] ? netlink_deliver_tap+0x2e/0x1b0 [ 1586.282039][T20711] netlink_unicast+0x75c/0x8e0 [ 1586.282081][T20711] netlink_sendmsg+0x813/0xb40 [ 1586.282122][T20711] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1586.282154][T20711] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1586.282187][T20711] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1586.282219][T20711] ____sys_sendmsg+0x972/0x9f0 [ 1586.282241][T20711] ? __might_fault+0xaf/0x130 [ 1586.282277][T20711] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1586.282318][T20711] ? import_iovec+0x73/0xa0 [ 1586.282349][T20711] ___sys_sendmsg+0x2a5/0x360 [ 1586.282368][T20711] ? __lock_acquire+0x6b5/0x2cf0 [ 1586.282395][T20711] ? __pfx____sys_sendmsg+0x10/0x10 [ 1586.282413][T20711] ? __lock_acquire+0x6b5/0x2cf0 [ 1586.282441][T20711] ? kstrtouint+0x6e/0xe0 [ 1586.282520][T20711] __sys_sendmmsg+0x27c/0x4e0 [ 1586.282549][T20711] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1586.282567][T20711] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 1586.282623][T20711] ? ksys_write+0x242/0x270 [ 1586.282655][T20711] ? __pfx_ksys_write+0x10/0x10 [ 1586.282693][T20711] __x64_sys_sendmmsg+0xa0/0xc0 [ 1586.282714][T20711] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1586.282736][T20711] do_syscall_64+0x174/0x580 [ 1586.282756][T20711] ? trace_irq_disable+0x3b/0x140 [ 1586.282785][T20711] ? clear_bhb_loop+0x40/0x90 [ 1586.282812][T20711] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1586.282833][T20711] RIP: 0033:0x7f338c39ce59 [ 1586.282853][T20711] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1586.282870][T20711] RSP: 002b:00007f338d18b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1586.282893][T20711] RAX: ffffffffffffffda RBX: 00007f338c615fa0 RCX: 00007f338c39ce59 [ 1586.282909][T20711] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003 [ 1586.282923][T20711] RBP: 00007f338d18b090 R08: 0000000000000000 R09: 0000000000000000 [ 1586.282936][T20711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1586.282948][T20711] R13: 00007f338c616038 R14: 00007f338c615fa0 R15: 00007ffefed104f8 [ 1586.282986][T20711] [ 1586.828126][T20711] __nla_validate_parse: 7 callbacks suppressed [ 1586.828146][T20711] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14681'. [ 1586.987815][T20720] netlink: 'syz.2.14685': attribute type 13 has an invalid length. [ 1587.178168][T20724] mac80211_hwsim hwsim95 syzkaller0: Caught tx_queue_len zero misconfig [ 1587.406373][T20747] netlink: 4 bytes leftover after parsing attributes in process `syz.0.14693'. [ 1587.415961][T20747] : entered promiscuous mode [ 1587.619872][T20761] bond10: Removing last ns target with arp_interval on [ 1588.532715][T20794] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14705'. [ 1588.584028][T20796] lo: Caught tx_queue_len zero misconfig [ 1589.811264][T17914] net_ratelimit: 14 callbacks suppressed [ 1589.811287][T17914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1590.056912][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1590.141167][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1590.166515][T20735] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1590.402427][T20805] openvswitch: netlink: nsh attribute has 2531 unknown bytes. [ 1590.480131][T20813] netlink: 256 bytes leftover after parsing attributes in process `syz.3.14710'. [ 1590.487737][T20814] netlink: 'syz.0.14711': attribute type 1 has an invalid length. [ 1590.498473][T20813] netlink: 'syz.3.14710': attribute type 9 has an invalid length. [ 1590.542952][T20813] netlink: 144 bytes leftover after parsing attributes in process `syz.3.14710'. [ 1590.555463][T20814] 8021q: adding VLAN 0 to HW filter on device bond11 [ 1590.799847][T20834] netlink: 4 bytes leftover after parsing attributes in process `syz.0.14716'. [ 1590.849301][T20837] pimreg: left allmulticast mode [ 1590.861107][T17914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1590.936800][ T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1590.946221][T17914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1590.955371][T11675] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1591.093907][T11675] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1591.102081][T11675] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1591.163127][T20853] netlink: 8 bytes leftover after parsing attributes in process `syz.4.14722'. [ 1591.216218][T20854] netlink: 28 bytes leftover after parsing attributes in process `syz.4.14722'. [ 1591.218686][T20856] syzkaller0: entered promiscuous mode [ 1591.246239][T20856] syzkaller0: entered allmulticast mode [ 1591.418823][T20861] netlink: 12 bytes leftover after parsing attributes in process `syz.0.14724'. [ 1591.519328][T20867] bridge5: port 1(dummy0) entered blocking state [ 1591.553462][T20867] bridge5: port 1(dummy0) entered disabled state [ 1591.570256][T20867] dummy0: entered allmulticast mode [ 1591.581747][T20861] netlink: 'syz.0.14724': attribute type 10 has an invalid length. [ 1591.598725][T20867] dummy0: entered promiscuous mode [ 1591.607871][T20861] netlink: 40 bytes leftover after parsing attributes in process `syz.0.14724'. [ 1591.729178][T20861] bridge5: port 1(dummy0) entered blocking state [ 1591.736837][T20861] bridge5: port 1(dummy0) entered forwarding state [ 1591.762616][T20861] dummy0: left allmulticast mode [ 1591.768029][T20861] bridge5: port 1(dummy0) entered disabled state [ 1591.827044][T20880] : entered promiscuous mode [ 1591.833747][T20880] : entered allmulticast mode [ 1592.577669][T20919] syzkaller0: entered promiscuous mode [ 1592.598635][T20919] syzkaller0: entered allmulticast mode [ 1592.830283][T20932] __nla_validate_parse: 1 callbacks suppressed [ 1592.830306][T20932] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14741'. [ 1592.980586][T20939] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14744'. [ 1593.066750][T20941] bond0: entered promiscuous mode [ 1593.126546][T20941] netlink: 13 bytes leftover after parsing attributes in process `syz.4.14745'. [ 1593.240732][T20950] netlink: 'syz.1.14748': attribute type 29 has an invalid length. [ 1593.297316][T20952] netlink: 'syz.1.14748': attribute type 29 has an invalid length. [ 1593.338424][T20950] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14748'. [ 1593.361984][T20950] netlink: 12 bytes leftover after parsing attributes in process `syz.1.14748'. [ 1593.373605][T20950] netlink: 500 bytes leftover after parsing attributes in process `syz.1.14748'. [ 1593.565199][T20961] netlink: 'syz.3.14751': attribute type 11 has an invalid length. [ 1593.587519][T20961] netlink: 64 bytes leftover after parsing attributes in process `syz.3.14751'. [ 1593.592463][T20969] netlink: 'syz.3.14751': attribute type 11 has an invalid length. [ 1593.644188][T20969] netlink: 64 bytes leftover after parsing attributes in process `syz.3.14751'. [ 1593.784319][T20977] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.14756'. [ 1593.835797][T20977] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14756'. [ 1594.130773][T20995] xt_hashlimit: size too large, truncated to 1048576 [ 1594.318364][T21001] tipc: Enabling of bearer rejected, already enabled [ 1594.866789][T21030] xt_hashlimit: overflow, try lower: 18446744073709551613/4 [ 1595.000237][T21038] xt_hashlimit: size too large, truncated to 1048576 [ 1595.011361][T11675] net_ratelimit: 18 callbacks suppressed [ 1595.011382][T11675] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1595.057983][T21040] can: request_module (can-proto-4) failed. [ 1595.266408][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1595.307193][T21053] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1595.331337][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1596.052253][ T5760] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1596.287243][T21093] xt_hashlimit: size too large, truncated to 1048576 [ 1596.316892][T21089] 8021q: adding VLAN 0 to HW filter on device bond20 [ 1596.328710][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1596.358249][T21094] bond20: entered promiscuous mode [ 1596.371236][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1596.385647][T21094] bond20: entered allmulticast mode [ 1596.448496][T21089] macvlan2: entered promiscuous mode [ 1596.472133][T21089] macvlan2: entered allmulticast mode [ 1596.489111][T21089] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1596.699347][T11652] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1596.708743][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1596.720802][T11675] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1596.812567][T21106] netlink: 'syz.3.14796': attribute type 6 has an invalid length. [ 1597.106547][T21120] netlink: 'syz.4.14803': attribute type 2 has an invalid length. [ 1597.138113][T21117] mac80211_hwsim hwsim95 syzkaller0: left promiscuous mode [ 1597.147468][T21120] netlink: 'syz.4.14803': attribute type 2 has an invalid length. [ 1597.535033][T21142] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1597.547218][T21146] bond5: entered promiscuous mode [ 1597.558954][T21146] bond5: entered allmulticast mode [ 1597.615028][T21142] macvlan2: entered promiscuous mode [ 1597.635921][T21142] macvlan2: entered allmulticast mode [ 1597.653252][T21142] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1597.711890][T21151] netlink: 'syz.2.14811': attribute type 1 has an invalid length. [ 1597.955167][T21166] xt_hashlimit: size too large, truncated to 1048576 [ 1598.102647][T21175] __nla_validate_parse: 15 callbacks suppressed [ 1598.102668][T21175] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14816'. [ 1598.137400][T21175] : left promiscuous mode [ 1598.151458][T21175] : left allmulticast mode [ 1598.171795][T21175] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14816'. [ 1598.299405][T21176] bond6: Removing last ns target with arp_interval on [ 1598.379907][T21168] netlink: 'syz.2.14814': attribute type 1 has an invalid length. [ 1598.414025][T21168] bond21: entered promiscuous mode [ 1598.419888][T21168] 8021q: adding VLAN 0 to HW filter on device bond21 [ 1598.434804][T21168] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14814'. [ 1598.444013][T21168] netlink: 24 bytes leftover after parsing attributes in process `syz.2.14814'. [ 1598.545530][T21187] netlink: 20 bytes leftover after parsing attributes in process `syz.3.14819'. [ 1598.555290][T21187] netlink: 24 bytes leftover after parsing attributes in process `syz.3.14819'. [ 1598.728942][T21193] FAULT_INJECTION: forcing a failure. [ 1598.728942][T21193] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1598.749973][T21195] mac80211_hwsim hwsim95 wlan1: Caught tx_queue_len zero misconfig [ 1598.766613][T21193] CPU: 0 UID: 0 PID: 21193 Comm: syz.0.14821 Not tainted syzkaller #0 PREEMPT(full) [ 1598.766642][T21193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1598.766655][T21193] Call Trace: [ 1598.766664][T21193] [ 1598.766673][T21193] dump_stack_lvl+0xe8/0x150 [ 1598.766703][T21193] should_fail_ex+0x412/0x560 [ 1598.766730][T21193] _copy_from_user+0x2d/0xb0 [ 1598.766757][T21193] ___sys_recvmsg+0x175/0x590 [ 1598.766786][T21193] ? __pfx____sys_recvmsg+0x10/0x10 [ 1598.766813][T21193] ? __fget_files+0x2a/0x420 [ 1598.766873][T21193] do_recvmmsg+0x334/0x800 [ 1598.766905][T21193] ? __pfx_do_recvmmsg+0x10/0x10 [ 1598.766940][T21193] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1598.766982][T21193] __x64_sys_recvmmsg+0x198/0x250 [ 1598.767007][T21193] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1598.767039][T21193] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1598.767062][T21193] do_syscall_64+0x174/0x580 [ 1598.767082][T21193] ? trace_irq_disable+0x3b/0x140 [ 1598.767112][T21193] ? clear_bhb_loop+0x40/0x90 [ 1598.767138][T21193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1598.767158][T21193] RIP: 0033:0x7f276fb9ce59 [ 1598.767178][T21193] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1598.767196][T21193] RSP: 002b:00007f2770a2f028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1598.767220][T21193] RAX: ffffffffffffffda RBX: 00007f276fe16090 RCX: 00007f276fb9ce59 [ 1598.767234][T21193] RDX: 000000000291962b RSI: 0000200000000040 RDI: 0000000000000003 [ 1598.767269][T21193] RBP: 00007f2770a2f090 R08: 0000000000000000 R09: 0000000000000000 [ 1598.767281][T21193] R10: 45833af92e4b39ff R11: 0000000000000246 R12: 0000000000000001 [ 1598.767300][T21193] R13: 00007f276fe16128 R14: 00007f276fe16090 R15: 00007ffd0f662848 [ 1598.767334][T21193] [ 1599.090688][T21203] netlink: 4 bytes leftover after parsing attributes in process `syz.4.14825'. [ 1599.258705][T21216] xt_hashlimit: size too large, truncated to 1048576 [ 1599.536742][T21226] Cannot find add_set index 1 as target [ 1599.538414][T21227] Cannot find add_set index 1 as target [ 1599.659234][T21231] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14834'. [ 1599.715984][T21231] netlink: 'syz.1.14834': attribute type 1 has an invalid length. [ 1599.729336][T21236] sock: sock_timestamping_bind_phc: sock not bind to device [ 1599.751878][T21235] netlink: 12 bytes leftover after parsing attributes in process `syz.3.14836'. [ 1599.761594][T21231] netlink: 'syz.1.14834': attribute type 2 has an invalid length. [ 1599.805286][T21235] netlink: 8 bytes leftover after parsing attributes in process `syz.3.14836'. [ 1600.212005][T11675] net_ratelimit: 14 callbacks suppressed [ 1600.212026][T11675] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1600.227347][ T5760] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1600.314134][T21268] openvswitch: netlink: Flow key attr not present in new flow. [ 1600.459199][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1600.507160][T21272] syzkaller1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 1600.531336][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1600.557487][T21279] netlink: 'syz.4.14852': attribute type 1 has an invalid length. [ 1601.108524][T21301] x_tables: duplicate underflow at hook 1 [ 1601.228228][T21307] netlink: 'syz.4.14861': attribute type 1 has an invalid length. [ 1601.259054][ T5760] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1601.395651][T21307] bond7: entered promiscuous mode [ 1601.429253][T21307] 8021q: adding VLAN 0 to HW filter on device bond7 [ 1601.490059][T21314] bond7: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1601.503942][T14988] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1601.533073][T21314] bond7: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 1601.564796][T21314] bond7: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode [ 1601.581099][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1601.640467][T21332] : left promiscuous mode [ 1601.811489][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1601.811586][T11675] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1601.935332][T21346] bond12: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 1601.952836][T21346] bond12 (unregistering): Released all slaves [ 1602.167125][T21364] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 9 [ 1603.086767][T21396] 8021q: adding VLAN 0 to HW filter on device bond8 [ 1603.108111][T21401] netlink: 'syz.3.14893': attribute type 13 has an invalid length. [ 1603.141742][T21401] netlink: 'syz.3.14893': attribute type 58 has an invalid length. [ 1603.200032][T21401] __nla_validate_parse: 9 callbacks suppressed [ 1603.200054][T21401] netlink: 152 bytes leftover after parsing attributes in process `syz.3.14893'. [ 1603.468215][T21404] 8021q: adding VLAN 0 to HW filter on device bond9 [ 1603.528008][T21404] bond8: (slave bond9): Enslaving as an active interface with an up link [ 1603.559382][T12921] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1603.577115][T12921] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1603.589177][T12921] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1603.602840][T12921] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1603.619212][T12921] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1604.210361][T21447] sctp: [Deprecated]: syz.0.14904 (pid 21447) Use of int in max_burst socket option. [ 1604.210361][T21447] Use struct sctp_assoc_value instead [ 1604.417685][T21459] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14910'. [ 1604.429273][T21457] netlink: 36 bytes leftover after parsing attributes in process `syz.3.14909'. [ 1604.430068][T21414] speed is unknown, defaulting to 1000 [ 1604.454941][T21414] wg1 speed is unknown, defaulting to 1000 [ 1604.735501][T21471] netlink: 'syz.3.14914': attribute type 25 has an invalid length. [ 1604.762622][T21471] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14914'. [ 1604.800860][T21475] netlink: 'syz.4.14916': attribute type 3 has an invalid length. [ 1604.802687][T21481] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.14914'. [ 1604.888443][T21481] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14914'. [ 1604.975932][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88803d346c00: rx timeout, send abort [ 1605.208951][T21414] bridge0: port 1(bridge_slave_0) entered blocking state [ 1605.216636][T21414] bridge0: port 1(bridge_slave_0) entered disabled state [ 1605.224521][T21414] bridge_slave_0: entered allmulticast mode [ 1605.233562][T21414] bridge_slave_0: entered promiscuous mode [ 1605.243562][T21414] bridge0: port 2(bridge_slave_1) entered blocking state [ 1605.250831][T21414] bridge0: port 2(bridge_slave_1) entered disabled state [ 1605.259279][T21414] bridge_slave_1: entered allmulticast mode [ 1605.266730][T21502] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14921'. [ 1605.272693][T21414] bridge_slave_1: entered promiscuous mode [ 1605.310000][T21504] syz_tun: entered allmulticast mode [ 1605.315746][T21502] : entered promiscuous mode [ 1605.320464][T21502] : entered allmulticast mode [ 1605.329902][T21414] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1605.362551][T21414] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1605.476133][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88803d346800: rx timeout, send abort [ 1605.485141][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88803d346c00: abort rx timeout. Force session deactivation [ 1605.507473][T21414] team0: Port device team_slave_0 added [ 1605.513432][T21511] netlink: 12 bytes leftover after parsing attributes in process `syz.1.14925'. [ 1605.524816][T21511] netlink: 12 bytes leftover after parsing attributes in process `syz.1.14925'. [ 1605.534937][T21511] netlink: 'syz.1.14925': attribute type 4 has an invalid length. [ 1605.548737][T21414] team0: Port device team_slave_1 added [ 1605.652481][ T5793] net_ratelimit: 13 callbacks suppressed [ 1605.652502][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1605.703749][T21524] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1605.731087][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1605.740095][ T5655] Bluetooth: hci3: command tx timeout [ 1605.850112][T21414] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1605.885675][T21414] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1605.893439][T21530] netlink: 'syz.4.14929': attribute type 11 has an invalid length. [ 1605.948858][T21530] netlink: 64 bytes leftover after parsing attributes in process `syz.4.14929'. [ 1605.963007][T21414] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1605.984543][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88803d346800: abort rx timeout. Force session deactivation [ 1606.010740][T21414] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1606.029313][T21414] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1606.075538][T21414] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1606.225359][T21538] syz_tun (unregistering): left allmulticast mode [ 1606.292605][T11675] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1606.359838][T21414] hsr_slave_0: entered promiscuous mode [ 1606.381520][T21414] hsr_slave_1: entered promiscuous mode [ 1606.413265][T21414] debugfs: 'hsr0' already exists in 'hsr' [ 1606.434220][T21414] Cannot create hsr debugfs directory [ 1606.691481][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1606.771112][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1606.969030][T21414] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 1607.037491][T21559] sctp: [Deprecated]: syz.1.14936 (pid 21559) Use of int in maxseg socket option. [ 1607.037491][T21559] Use struct sctp_assoc_value instead [ 1607.337929][T21414] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1607.380131][T21414] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1607.619261][T21414] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1607.632629][T21414] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1607.733665][T14988] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1607.760478][T21596] 8021q: adding VLAN 0 to HW filter on device bond9 [ 1607.806992][T21593] bond9: entered promiscuous mode [ 1607.821294][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1607.829723][ T5655] Bluetooth: hci3: command tx timeout [ 1607.844999][T21593] bond9: entered allmulticast mode [ 1607.904348][T21602] macvlan2: entered promiscuous mode [ 1607.910106][T21602] macvlan2: entered allmulticast mode [ 1607.921289][T21602] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1608.053582][T21414] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1608.073797][T21414] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1608.549177][T21632] netlink: 'syz.3.14952': attribute type 1 has an invalid length. [ 1608.655585][T21639] netlink: 'syz.4.14953': attribute type 30 has an invalid length. [ 1608.693403][T21632] 8021q: adding VLAN 0 to HW filter on device bond10 [ 1608.729065][T21635] team0: Port device team_slave_0 removed [ 1608.762524][T21635] bond10: (slave team_slave_0): Enslaving as a backup interface with an up link [ 1608.771453][T14988] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1608.851325][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1608.905081][T21643] __nla_validate_parse: 4 callbacks suppressed [ 1608.905104][T21643] netlink: 28 bytes leftover after parsing attributes in process `syz.0.14955'. [ 1608.921501][T21414] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1608.928802][T21643] netlink: 28 bytes leftover after parsing attributes in process `syz.0.14955'. [ 1608.943251][T21414] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1608.952368][T21414] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1608.967592][T21414] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1608.989591][T21414] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1609.005220][T21414] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1609.054757][T21414] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1609.068745][T21414] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1609.313105][T21414] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1609.408024][T21414] 8021q: adding VLAN 0 to HW filter on device team0 [ 1609.453379][T14611] bridge0: port 1(bridge_slave_0) entered blocking state [ 1609.460682][T14611] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1609.512948][T14611] bridge0: port 2(bridge_slave_1) entered blocking state [ 1609.520218][T14611] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1609.639659][T21670] syzkaller0: entered promiscuous mode [ 1609.660727][T21670] syzkaller0: entered allmulticast mode [ 1609.893507][ T5655] Bluetooth: hci3: command tx timeout [ 1609.918889][T21683] netlink: 412 bytes leftover after parsing attributes in process `syz.3.14966'. [ 1610.427766][T21703] netlink: 'syz.0.14972': attribute type 5 has an invalid length. [ 1610.474480][T21703] netlink: 'syz.0.14972': attribute type 5 has an invalid length. [ 1610.586241][T21714] syzkaller0: entered promiscuous mode [ 1610.594152][T21714] syzkaller0: entered allmulticast mode [ 1610.746689][T21723] ipt_REJECT: TCP_RESET invalid for non-tcp [ 1610.853575][T14988] net_ratelimit: 6 callbacks suppressed [ 1610.853596][T14988] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1610.865812][T21414] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1610.927990][T21730] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14980'. [ 1610.936841][T21727] syzkaller0: entered promiscuous mode [ 1610.937172][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1610.945136][T21727] syzkaller0: entered allmulticast mode [ 1610.960861][T21730] netlink: 4 bytes leftover after parsing attributes in process `syz.0.14980'. [ 1611.085427][T21414] veth0_vlan: entered promiscuous mode [ 1611.124491][T21414] veth1_vlan: entered promiscuous mode [ 1611.194801][T21736] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1611.304027][T21414] veth0_macvtap: entered promiscuous mode [ 1611.340903][T21414] veth1_macvtap: entered promiscuous mode [ 1611.417659][T21746] FAULT_INJECTION: forcing a failure. [ 1611.417659][T21746] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1611.420511][T21414] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1611.439513][T17914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1611.451712][T21746] CPU: 0 UID: 0 PID: 21746 Comm: syz.4.14987 Not tainted syzkaller #0 PREEMPT(full) [ 1611.451740][T21746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1611.451753][T21746] Call Trace: [ 1611.451762][T21746] [ 1611.451771][T21746] dump_stack_lvl+0xe8/0x150 [ 1611.451801][T21746] should_fail_ex+0x412/0x560 [ 1611.451831][T21746] _copy_to_user+0x31/0xb0 [ 1611.451857][T21746] simple_read_from_buffer+0xe1/0x170 [ 1611.451889][T21746] proc_fail_nth_read+0x1bb/0x230 [ 1611.451918][T21746] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1611.451949][T21746] ? rw_verify_area+0x2a6/0x4d0 [ 1611.451975][T21746] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1611.452001][T21746] vfs_read+0x20c/0xa70 [ 1611.452035][T21746] ? __pfx___mutex_lock+0x10/0x10 [ 1611.452059][T21746] ? __pfx_vfs_read+0x10/0x10 [ 1611.452088][T21746] ? __fget_files+0x2a/0x420 [ 1611.452119][T21746] ? __fget_files+0x3a0/0x420 [ 1611.452143][T21746] ? __fget_files+0x2a/0x420 [ 1611.452179][T21746] ksys_read+0x150/0x270 [ 1611.452209][T21746] ? __pfx_ksys_read+0x10/0x10 [ 1611.452247][T21746] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1611.452271][T21746] do_syscall_64+0x174/0x580 [ 1611.452290][T21746] ? trace_irq_disable+0x3b/0x140 [ 1611.452320][T21746] ? clear_bhb_loop+0x40/0x90 [ 1611.452346][T21746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1611.452367][T21746] RIP: 0033:0x7f404075d68e [ 1611.452388][T21746] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1611.452406][T21746] RSP: 002b:00007f4041644fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1611.452429][T21746] RAX: ffffffffffffffda RBX: 00007f40416456c0 RCX: 00007f404075d68e [ 1611.452444][T21746] RDX: 000000000000000f RSI: 00007f40416450a0 RDI: 0000000000000006 [ 1611.452466][T21746] RBP: 00007f4041645090 R08: 0000000000000000 R09: 0000000000000000 [ 1611.452479][T21746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1611.452491][T21746] R13: 00007f4040a16038 R14: 00007f4040a15fa0 R15: 00007ffddb0e0f08 [ 1611.452528][T21746] [ 1611.673472][T21414] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1611.776975][T21748] netlink: 20 bytes leftover after parsing attributes in process `syz.0.14991'. [ 1611.790860][T14611] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1611.818078][T14611] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1611.835036][T21757] xt_hashlimit: size too large, truncated to 1048576 [ 1611.875486][T21753] bridge_slave_0: left promiscuous mode [ 1611.882256][T21753] bridge0: port 1(bridge_slave_0) entered disabled state [ 1611.894759][T14987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1611.918027][T21753] bridge_slave_1: left allmulticast mode [ 1611.927174][T21753] bridge_slave_1: left promiscuous mode [ 1611.934022][T21753] bridge0: port 2(bridge_slave_1) entered disabled state [ 1611.950874][T21753] bond6: (slave veth0_to_bond): Releasing backup interface [ 1611.971115][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1611.972038][ T5655] Bluetooth: hci3: command tx timeout [ 1611.994485][T21753] bond0: (slave bond_slave_0): Releasing backup interface [ 1612.014380][T21753] bond0: (slave bond_slave_1): Releasing backup interface [ 1612.059818][T21753] team0: Port device team_slave_0 removed [ 1612.089848][T21753] team0: Port device team_slave_1 removed [ 1612.107116][T21753] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 1612.178737][T14611] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1612.200900][T14611] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1612.371457][ T3974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1612.516050][T21779] netlink: 24 bytes leftover after parsing attributes in process `syz.4.14995'. [ 1612.534988][T21782] netlink: 8 bytes leftover after parsing attributes in process `syz.4.14995'. [ 1612.551269][T21780] netlink: 8 bytes leftover after parsing attributes in process `syz.4.14995'. [ 1612.598811][T21767] syzkaller0: entered promiscuous mode [ 1612.608271][T21767] syzkaller0: entered allmulticast mode [ 1612.668242][T21780] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 1612.680562][T21780] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 1612.688929][T21780] gretap1: entered promiscuous mode [ 1612.696908][T21780] gretap1: entered allmulticast mode [ 1612.940511][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1613.021251][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1615.790059][T14123] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1615.824550][T14123] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1615.936404][T14131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1615.959507][T14131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1616.052729][ T4456] net_ratelimit: 5 callbacks suppressed [ 1616.052751][ T4456] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1616.131102][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1616.274791][T21813] openvswitch: netlink: nsh attribute has 2698 unknown bytes. [ 1616.302491][T21816] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.15008'. [ 1616.444288][T21826] ipt_REJECT: ECHOREPLY no longer supported. [ 1616.626860][T21833] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15015'. [ 1616.667279][T21837] netlink: 'syz.4.15016': attribute type 26 has an invalid length. [ 1616.773950][T21842] netlink: 148152 bytes leftover after parsing attributes in process `syz.1.15017'. [ 1616.849322][T21844] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15018'. [ 1616.899027][T21844] syzkaller0: entered promiscuous mode [ 1616.916505][T21848] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15020'. [ 1616.947122][T21844] syzkaller0: entered allmulticast mode [ 1616.964003][T21848] netlink: 'syz.4.15020': attribute type 1 has an invalid length. [ 1616.972729][T21848] netlink: 96 bytes leftover after parsing attributes in process `syz.4.15020'. [ 1616.982589][T21848] netlink: 1 bytes leftover after parsing attributes in process `syz.4.15020'. [ 1616.997360][T21848] netlink: 658 bytes leftover after parsing attributes in process `syz.4.15020'. [ 1617.007960][T21844] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15018'. [ 1617.101928][T14988] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1617.169649][T21860] tipc: Enabled bearer , priority 0 [ 1617.176748][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1617.305006][T21860] syzkaller0: entered promiscuous mode [ 1617.310633][T21860] syzkaller0: entered allmulticast mode [ 1617.317521][T21860] tipc: Resetting bearer [ 1617.328378][T21872] netlink: 'syz.3.15026': attribute type 6 has an invalid length. [ 1617.393205][T21859] tipc: Resetting bearer [ 1617.403636][T21877] netlink: 12 bytes leftover after parsing attributes in process `syz.2.15027'. [ 1618.131819][ T4456] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1618.218579][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1618.457406][T17914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1619.171985][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1619.265888][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1620.428009][T21859] tipc: Disabling bearer [ 1620.445060][T21881] syz_tun: entered promiscuous mode [ 1620.450407][T21881] syz_tun: entered allmulticast mode [ 1620.508245][T21883] macvlan2: entered promiscuous mode [ 1620.514678][T21883] macvlan2: entered allmulticast mode [ 1620.748254][T21902] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 1620.971430][T21918] netlink: 'syz.2.15037': attribute type 13 has an invalid length. [ 1621.028600][T21916] IPVS: Scheduler module ip_vs_sip not found [ 1621.331206][ C0] net_ratelimit: 6 callbacks suppressed [ 1621.331228][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1621.345065][ T4456] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1621.396833][T21934] __nla_validate_parse: 1 callbacks suppressed [ 1621.396855][T21934] netlink: 36 bytes leftover after parsing attributes in process `syz.1.15041'. [ 1621.468837][T21940] sctp: [Deprecated]: syz.2.15043 (pid 21940) Use of int in max_burst socket option. [ 1621.468837][T21940] Use struct sctp_assoc_value instead [ 1621.492687][T17914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1621.506217][T21943] netlink: 4 bytes leftover after parsing attributes in process `syz.1.15044'. [ 1621.589334][T21945] netlink: 'syz.3.15045': attribute type 15 has an invalid length. [ 1621.610553][T21945] netlink: 24 bytes leftover after parsing attributes in process `syz.3.15045'. [ 1621.625714][T21945] netlink: 164 bytes leftover after parsing attributes in process `syz.3.15045'. [ 1621.637356][T21945] netlink: 164 bytes leftover after parsing attributes in process `syz.3.15045'. [ 1621.654323][T21945] netlink: 60 bytes leftover after parsing attributes in process `syz.3.15045'. [ 1621.713993][T21950] netlink: 16 bytes leftover after parsing attributes in process `syz.2.15047'. [ 1621.795974][T21957] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0 [ 1621.806916][T21959] netlink: 'syz.0.15049': attribute type 1 has an invalid length. [ 1621.857167][T21962] netlink: 'syz.4.15050': attribute type 12 has an invalid length. [ 1621.894593][T21967] netlink: 24 bytes leftover after parsing attributes in process `syz.3.15052'. [ 1621.911758][T21959] 8021q: adding VLAN 0 to HW filter on device bond12 [ 1622.013091][T21959] bond12: (slave geneve3): making interface the new active one [ 1622.030831][T21959] bond12: (slave geneve3): Enslaving as an active interface with an up link [ 1622.250418][T21974] netlink: 'syz.3.15054': attribute type 1 has an invalid length. [ 1622.371052][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1622.380151][T14988] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1622.724924][T21989] netlink: 104 bytes leftover after parsing attributes in process `syz.3.15060'. [ 1623.411174][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1623.423761][ T4456] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1623.603675][T21996] debugfs: 'Ku crK:̥B| lS-!' already exists in 'ieee80211' [ 1623.644246][T21998] netlink: 24 bytes leftover after parsing attributes in process `syz.4.15064'. [ 1623.744015][T21999] sysfs: cannot create duplicate filename '/class/ieee80211/Ku crK:̥B| lS-!' [ 1623.758529][T21999] CPU: 0 UID: 0 PID: 21999 Comm: syz.2.15062 Not tainted syzkaller #0 PREEMPT(full) [ 1623.758556][T21999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1623.758567][T21999] Call Trace: [ 1623.758576][T21999] [ 1623.758586][T21999] dump_stack_lvl+0xe8/0x150 [ 1623.758616][T21999] sysfs_warn_dup+0x8e/0xa0 [ 1623.758644][T21999] sysfs_do_create_link_sd+0xc0/0x110 [ 1623.758674][T21999] device_add_class_symlinks+0x1cf/0x240 [ 1623.758701][T21999] device_add+0x475/0xbb0 [ 1623.758728][T21999] wiphy_register+0x1dc5/0x2dc0 [ 1623.758773][T21999] ? __pfx_wiphy_register+0x10/0x10 [ 1623.758794][T21999] ? __pfx_netdev_run_todo+0x10/0x10 [ 1623.758818][T21999] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 1623.758853][T21999] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 1623.758882][T21999] ieee80211_register_hw+0x3d82/0x4a70 [ 1623.758925][T21999] ? ieee80211_register_hw+0x19c1/0x4a70 [ 1623.758980][T21999] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1623.759009][T21999] ? __asan_memset+0x22/0x50 [ 1623.759036][T21999] ? __hrtimer_setup+0x1b7/0x260 [ 1623.759061][T21999] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1623.759088][T21999] mac80211_hwsim_new_radio+0x3335/0x5aa0 [ 1623.759154][T21999] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1623.759183][T21999] ? kstrndup+0xbf/0x160 [ 1623.759218][T21999] hwsim_new_radio_nl+0xf6a/0x1c00 [ 1623.759275][T21999] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1623.759314][T21999] ? rcu_is_watching+0x15/0xb0 [ 1623.759348][T21999] ? trace_kmalloc+0x2a/0xf0 [ 1623.759384][T21999] ? __nla_parse+0x40/0x60 [ 1623.759415][T21999] ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0 [ 1623.759440][T21999] ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0 [ 1623.759475][T21999] genl_family_rcv_msg_doit+0x22a/0x330 [ 1623.759507][T21999] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1623.759548][T21999] ? bpf_lsm_capable+0x9/0x20 [ 1623.759568][T21999] ? security_capable+0x7e/0x2c0 [ 1623.759605][T21999] genl_rcv_msg+0x61c/0x7a0 [ 1623.759638][T21999] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1623.759668][T21999] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1623.759699][T21999] ? __pfx_ref_tracker_free+0x10/0x10 [ 1623.759733][T21999] netlink_rcv_skb+0x232/0x4b0 [ 1623.759766][T21999] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1623.759793][T21999] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1623.759844][T21999] ? down_read+0x270/0x2e0 [ 1623.759867][T21999] ? genl_rcv+0xd/0x40 [ 1623.759891][T21999] genl_rcv+0x28/0x40 [ 1623.759911][T21999] netlink_unicast+0x75c/0x8e0 [ 1623.759950][T21999] netlink_sendmsg+0x813/0xb40 [ 1623.759993][T21999] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1623.760027][T21999] ? page_table_check_set+0x126/0x510 [ 1623.760054][T21999] ? lock_acquire+0x106/0x350 [ 1623.760074][T21999] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1623.760105][T21999] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1623.760137][T21999] ____sys_sendmsg+0x972/0x9f0 [ 1623.760158][T21999] ? __might_fault+0xaf/0x130 [ 1623.760194][T21999] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1623.760227][T21999] ? import_iovec+0x73/0xa0 [ 1623.760258][T21999] ___sys_sendmsg+0x2a5/0x360 [ 1623.760277][T21999] ? __lock_acquire+0x6b5/0x2cf0 [ 1623.760305][T21999] ? __pfx____sys_sendmsg+0x10/0x10 [ 1623.760380][T21999] ? __fget_files+0x2a/0x420 [ 1623.760405][T21999] ? __fget_files+0x3a0/0x420 [ 1623.760442][T21999] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1623.760468][T21999] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1623.760486][T21999] ? __se_sys_rt_sigprocmask+0x22f/0x2a0 [ 1623.760524][T21999] ? do_user_addr_fault+0xc6f/0x1340 [ 1623.760556][T21999] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1623.760580][T21999] do_syscall_64+0x174/0x580 [ 1623.760600][T21999] ? trace_irq_disable+0x3b/0x140 [ 1623.760630][T21999] ? clear_bhb_loop+0x40/0x90 [ 1623.760655][T21999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1623.760676][T21999] RIP: 0033:0x7f2ab819ce59 [ 1623.760698][T21999] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1623.760716][T21999] RSP: 002b:00007f2ab906b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1623.760739][T21999] RAX: ffffffffffffffda RBX: 00007f2ab8416090 RCX: 00007f2ab819ce59 [ 1623.760752][T21999] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000003 [ 1623.760765][T21999] RBP: 00007f2ab8232d6f R08: 0000000000000000 R09: 0000000000000000 [ 1623.760777][T21999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1623.760788][T21999] R13: 00007f2ab8416128 R14: 00007f2ab8416090 R15: 00007fff28f27e78 [ 1623.760824][T21999] [ 1624.258380][T21997] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1624.451056][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1624.459237][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1624.531466][ T3974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1624.887390][T22032] xt_CT: No such helper "snmp_trap" [ 1625.032477][T22043] netlink: 'syz.3.15078': attribute type 1 has an invalid length. [ 1625.041317][T22043] netlink: 'syz.3.15078': attribute type 4 has an invalid length. [ 1625.284497][T22053] : entered promiscuous mode [ 1625.463901][T22064] 8021q: adding VLAN 0 to HW filter on device bond7 [ 1625.490325][T22070] bond7: entered promiscuous mode [ 1625.531493][T22070] bond7: entered allmulticast mode [ 1625.539212][T22077] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1625.613057][T22064] macvlan2: entered promiscuous mode [ 1625.638105][T22064] macvlan2: entered allmulticast mode [ 1625.674380][T22064] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1626.051518][T14123] wlan1: Trigger new scan to find an IBSS to join [ 1626.099325][ T6047] IPVS: starting estimator thread 0... [ 1626.157861][T22108] netlink: 'syz.1.15097': attribute type 3 has an invalid length. [ 1626.201624][T22106] IPVS: using max 25 ests per chain, 60000 per kthread [ 1626.531287][ C0] net_ratelimit: 2 callbacks suppressed [ 1626.531309][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1626.552128][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1626.836570][T22144] syzkaller1: entered promiscuous mode [ 1626.851462][T22144] syzkaller1: entered allmulticast mode [ 1626.875517][T22146] __nla_validate_parse: 11 callbacks suppressed [ 1626.875539][T22146] netlink: 12 bytes leftover after parsing attributes in process `syz.3.15109'. [ 1626.939126][T22146] ipvlan2: entered allmulticast mode [ 1626.966943][T22146] syz_tun: entered allmulticast mode [ 1627.017936][T22151] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15112'. [ 1627.093195][T22155] netlink: 24 bytes leftover after parsing attributes in process `syz.0.15114'. [ 1627.113532][T22153] netlink: 8 bytes leftover after parsing attributes in process `syz.2.15113'. [ 1627.201995][T22153] tipc: Started in network mode [ 1627.224347][T22153] tipc: Node identity aaaaaaaaaa35, cluster identity 4711 [ 1627.245409][T22153] tipc: Enabled bearer , priority 14 [ 1627.269622][T22153] syzkaller1: entered promiscuous mode [ 1627.293541][T22153] syzkaller1: entered allmulticast mode [ 1627.330275][T22153] netlink: 8 bytes leftover after parsing attributes in process `syz.2.15113'. [ 1627.363971][T22153] netlink: 24 bytes leftover after parsing attributes in process `syz.2.15113'. [ 1627.403915][T22153] netlink: 24 bytes leftover after parsing attributes in process `syz.2.15113'. [ 1627.581177][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1627.589368][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1627.597534][ T3974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1627.791555][T12921] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1627.808279][T12921] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1627.817592][T22164] bond12: option arp_validate: mode dependency failed, not supported in mode balance-alb(6) [ 1627.831440][T12921] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1627.840643][T12921] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1627.857515][T12921] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1627.911947][T22164] bond12 (unregistering): Released all slaves [ 1628.372418][ T6047] tipc: Node number set to 10463914 [ 1628.460639][T22183] netlink: 16 bytes leftover after parsing attributes in process `syz.4.15119'. [ 1628.484811][T22183] netlink: 32 bytes leftover after parsing attributes in process `syz.4.15119'. [ 1628.608374][T14604] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1628.619080][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1628.621728][T14988] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1628.632343][T14604] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1628.651506][T14604] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 1628.686906][T22183] gretap2: entered promiscuous mode [ 1628.696665][T22183] gretap2: entered allmulticast mode [ 1628.879769][T14604] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1628.893656][T14604] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1628.907203][T14604] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 1628.927953][T22200] netlink: 4 bytes leftover after parsing attributes in process `syz.3.15125'. [ 1629.093090][T14123] wlan1: Trigger new scan to find an IBSS to join [ 1629.110787][T14604] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1629.133849][T14604] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1629.160838][T14604] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 1629.287784][T14604] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1629.302619][T14604] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1629.314933][T14604] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 1629.366604][T22167] speed is unknown, defaulting to 1000 [ 1629.416351][T22167] wg1 speed is unknown, defaulting to 1000 [ 1629.538737][T22222] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 1629.599149][T14610] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 1629.661292][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1629.669571][ T4456] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1629.745988][T22228] nbd5: detected capacity change from 0 to 127 [ 1629.781839][T14123] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 1629.891633][T12921] Bluetooth: hci0: command tx timeout [ 1630.416419][ T5655] block nbd5: Receive control failed (result -104) [ 1630.612991][ T3974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1631.731208][ C0] net_ratelimit: 6 callbacks suppressed [ 1631.731232][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1631.744997][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1631.972527][ T5655] Bluetooth: hci0: command tx timeout [ 1632.578554][T14610] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1632.636136][T14610] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 1632.771147][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1632.781531][T14988] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1632.787710][T14131] netdevsim netdevsim0 eth4: set [1, 0] type 2 family 0 port 20000 - 0 [ 1632.928438][T14604] dvmrp0: left allmulticast mode [ 1633.074539][T22257] __nla_validate_parse: 4 callbacks suppressed [ 1633.074561][T22257] netlink: 32 bytes leftover after parsing attributes in process `syz.2.15140'. [ 1633.622737][T14604] bond12 (unregistering): (slave geneve3): Releasing active interface [ 1633.658686][ T3974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1633.811377][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1633.820459][ T6047] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1634.007178][T14604] bond0 (unregistering): Released all slaves [ 1634.018105][T14604] bond1 (unregistering): Released all slaves [ 1634.033381][T14604] bond2 (unregistering): Released all slaves [ 1634.049512][T14604] bond3 (unregistering): Released all slaves [ 1634.056267][ T5655] Bluetooth: hci0: command tx timeout [ 1634.079127][T14604] bond4 (unregistering): Released all slaves [ 1634.095152][T14604] bond5 (unregistering): Released all slaves [ 1634.111741][T14604] bond6 (unregistering): Released all slaves [ 1634.128603][T14604] bond7 (unregistering): Released all slaves [ 1634.150052][T14604] bond8 (unregistering): Released all slaves [ 1634.165718][T14604] bond9 (unregistering): Released all slaves [ 1634.179875][T14604] bond10 (unregistering): Released all slaves [ 1634.202448][T14604] bond11 (unregistering): Released all slaves [ 1634.229981][T14604] bond12 (unregistering): Released all slaves [ 1634.471732][ T5297] 8021q: adding VLAN 0 to HW filter on device eth1 [ 1634.505790][T22279] Cannot find set identified by id 65534 to match [ 1634.557742][T14604] tipc: Disabling bearer [ 1634.581438][T14604] tipc: Left network mode [ 1634.861451][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1634.879166][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1635.230371][T22310] netlink: 'syz.3.15153': attribute type 1 has an invalid length. [ 1635.420625][T22310] bond11: entered promiscuous mode [ 1635.432866][T22310] 8021q: adding VLAN 0 to HW filter on device bond11 [ 1635.477521][T22310] Bluetooth: MGMT ver 1.23 [ 1635.891360][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1636.006311][T22167] bridge0: port 1(bridge_slave_0) entered blocking state [ 1636.026950][T22167] bridge0: port 1(bridge_slave_0) entered disabled state [ 1636.054963][T22167] bridge_slave_0: entered allmulticast mode [ 1636.085459][T22167] bridge_slave_0: entered promiscuous mode [ 1636.132192][ T5655] Bluetooth: hci0: command tx timeout [ 1636.134810][ T5297] 8021q: adding VLAN 0 to HW filter on device eth2 [ 1636.200092][T22341] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15158'. [ 1636.222731][T22167] bridge0: port 2(bridge_slave_1) entered blocking state [ 1636.230498][T22167] bridge0: port 2(bridge_slave_1) entered disabled state [ 1636.248461][T22167] bridge_slave_1: entered allmulticast mode [ 1636.274279][T22167] bridge_slave_1: entered promiscuous mode [ 1636.368288][T22167] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1636.426965][T22167] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1636.463772][ T30] audit: type=1800 audit(1780017815.540:106): pid=22352 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.15161" name="memory.events" dev="tmpfs" ino=2372 res=0 errno=0 [ 1636.543364][T22358] netlink: 'syz.2.15162': attribute type 28 has an invalid length. [ 1636.560718][T22358] netlink: 'syz.2.15162': attribute type 3 has an invalid length. [ 1636.573809][T22358] netlink: 132 bytes leftover after parsing attributes in process `syz.2.15162'. [ 1636.643728][T22167] team0: Port device team_slave_0 added [ 1636.677768][T22167] team0: Port device team_slave_1 added [ 1636.815668][T22167] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1636.839404][T22167] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1636.902671][T22167] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1636.929185][T22167] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1636.936423][ C0] net_ratelimit: 2 callbacks suppressed [ 1636.936442][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1636.975041][ T4456] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1636.981089][T22167] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1637.044567][T22167] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1637.117064][T22374] netlink: 'syz.3.15169': attribute type 1 has an invalid length. [ 1637.191388][T14604] [ 1637.193786][T14604] ====================================================== [ 1637.200815][T14604] WARNING: possible circular locking dependency detected [ 1637.207921][T14604] syzkaller #0 Not tainted [ 1637.212333][T14604] ------------------------------------------------------ [ 1637.219348][T14604] kworker/u8:1/14604 is trying to acquire lock: [ 1637.226022][T14604] ffff88801be85210 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_unlink_sibling+0x71/0x180 [ 1637.236565][T14604] [ 1637.236565][T14604] but task is already holding lock: [ 1637.243926][T14604] ffff88801be85180 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_rename_ns+0x76/0x830 [ 1637.253504][T14604] [ 1637.253504][T14604] which lock already depends on the new lock. [ 1637.253504][T14604] [ 1637.263904][T14604] [ 1637.263904][T14604] the existing dependency chain (in reverse order) is: [ 1637.272912][T14604] [ 1637.272912][T14604] -> #10 (&root->kernfs_rwsem){++++}-{4:4}: [ 1637.280995][T14604] down_write+0x96/0x200 [ 1637.285766][T14604] kernfs_add_one+0x41/0x5c0 [ 1637.290886][T14604] kernfs_create_dir_ns+0xde/0x130 [ 1637.296530][T14604] internal_create_group+0x425/0x1190 [ 1637.302425][T14604] cpuhp_invoke_callback+0x445/0x860 [ 1637.308232][T14604] cpuhp_issue_call+0x430/0x7a0 [ 1637.313606][T14604] __cpuhp_setup_state_cpuslocked+0x3d9/0x6b0 [ 1637.320194][T14604] __cpuhp_setup_state+0x3f/0x60 [ 1637.325670][T14604] do_one_initcall+0x250/0x870 [ 1637.330964][T14604] do_initcall_level+0x104/0x190 [ 1637.336555][T14604] do_initcalls+0x59/0xa0 [ 1637.341411][T14604] kernel_init_freeable+0x2a6/0x3e0 [ 1637.347134][T14604] kernel_init+0x1d/0x1d0 [ 1637.351991][T14604] ret_from_fork+0x514/0xb70 [ 1637.357102][T14604] ret_from_fork_asm+0x1a/0x30 [ 1637.362391][T14604] [ 1637.362391][T14604] -> #9 (cpuhp_state_mutex){+.+.}-{4:4}: [ 1637.370219][T14604] [ 1637.370219][T14604] -> #8 (cpu_hotplug_lock){++++}-{0:0}: [ 1637.377960][T14604] cpus_read_lock+0x42/0x160 [ 1637.383080][T14604] static_key_disable+0x12/0x20 [ 1637.388456][T14604] __inet_hash_connect+0x25bb/0x25c0 [ 1637.394275][T14604] tcp_v4_connect+0xd5f/0x19b0 [ 1637.399564][T14604] __inet_stream_connect+0x25a/0xdd0 [ 1637.405373][T14604] inet_stream_connect+0x66/0xa0 [ 1637.410830][T14604] __sys_connect+0x312/0x450 [ 1637.415947][T14604] __x64_sys_connect+0x7a/0x90 [ 1637.421248][T14604] do_syscall_64+0x174/0x580 [ 1637.426364][T14604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1637.432781][T14604] [ 1637.432781][T14604] -> #7 (sk_lock-AF_INET){+.+.}-{0:0}: [ 1637.440425][T14604] lock_sock_nested+0x41/0x100 [ 1637.445715][T14604] inet_shutdown+0x6a/0x390 [ 1637.450741][T14604] nbd_mark_nsock_dead+0x2e9/0x560 [ 1637.456379][T14604] recv_work+0x1c2e/0x1d40 [ 1637.461314][T14604] process_scheduled_works+0xb5d/0x1860 [ 1637.467383][T14604] worker_thread+0xa53/0xfc0 [ 1637.472498][T14604] kthread+0x389/0x470 [ 1637.477087][T14604] ret_from_fork+0x514/0xb70 [ 1637.482199][T14604] ret_from_fork_asm+0x1a/0x30 [ 1637.487493][T14604] [ 1637.487493][T14604] -> #6 (&nsock->tx_lock){+.+.}-{4:4}: [ 1637.495143][T14604] __mutex_lock+0x1a3/0x1550 [ 1637.500255][T14604] nbd_queue_rq+0x37b/0x1100 [ 1637.505377][T14604] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 1637.511448][T14604] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 1637.518303][T14604] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 1637.524811][T14604] blk_mq_run_hw_queue+0x348/0x4f0 [ 1637.530449][T14604] blk_mq_dispatch_list+0xd16/0xe10 [ 1637.536167][T14604] blk_mq_flush_plug_list+0x48d/0x570 [ 1637.542062][T14604] __blk_flush_plug+0x3ed/0x4d0 [ 1637.547442][T14604] __submit_bio+0x28d/0x580 [ 1637.552468][T14604] submit_bio_noacct_nocheck+0x2f4/0xa40 [ 1637.558622][T14604] block_read_full_folio+0x599/0x830 [ 1637.564438][T14604] filemap_read_folio+0x137/0x3b0 [ 1637.569990][T14604] do_read_cache_folio+0x358/0x590 [ 1637.575628][T14604] read_part_sector+0xb6/0x2b0 [ 1637.580922][T14604] adfspart_check_ICS+0xb1/0x960 [ 1637.586391][T14604] bdev_disk_changed+0x817/0x1770 [ 1637.592027][T14604] blkdev_get_whole+0x380/0x510 [ 1637.597490][T14604] bdev_open+0x31e/0xd30 [ 1637.602257][T14604] blkdev_open+0x470/0x610 [ 1637.607209][T14604] do_dentry_open+0x822/0x13a0 [ 1637.612494][T14604] vfs_open+0x3b/0x340 [ 1637.617085][T14604] path_openat+0x2e08/0x3860 [ 1637.622199][T14604] do_file_open+0x23e/0x4a0 [ 1637.627231][T14604] do_sys_openat2+0x113/0x200 [ 1637.632438][T14604] __x64_sys_openat+0x138/0x170 [ 1637.637810][T14604] do_syscall_64+0x174/0x580 [ 1637.642925][T14604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1637.649338][T14604] [ 1637.649338][T14604] -> #5 (&cmd->lock){+.+.}-{4:4}: [ 1637.656554][T14604] __mutex_lock+0x1a3/0x1550 [ 1637.661671][T14604] nbd_queue_rq+0xc6/0x1100 [ 1637.666738][T14604] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 1637.672808][T14604] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 1637.679659][T14604] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 1637.686165][T14604] blk_mq_run_hw_queue+0x348/0x4f0 [ 1637.691800][T14604] blk_mq_dispatch_list+0xd16/0xe10 [ 1637.697521][T14604] blk_mq_flush_plug_list+0x48d/0x570 [ 1637.703417][T14604] __blk_flush_plug+0x3ed/0x4d0 [ 1637.708792][T14604] __submit_bio+0x28d/0x580 [ 1637.713818][T14604] submit_bio_noacct_nocheck+0x2f4/0xa40 [ 1637.719973][T14604] block_read_full_folio+0x599/0x830 [ 1637.725781][T14604] filemap_read_folio+0x137/0x3b0 [ 1637.731337][T14604] do_read_cache_folio+0x358/0x590 [ 1637.736981][T14604] read_part_sector+0xb6/0x2b0 [ 1637.742276][T14604] adfspart_check_ICS+0xb1/0x960 [ 1637.747737][T14604] bdev_disk_changed+0x817/0x1770 [ 1637.753286][T14604] blkdev_get_whole+0x380/0x510 [ 1637.758661][T14604] bdev_open+0x31e/0xd30 [ 1637.763426][T14604] blkdev_open+0x470/0x610 [ 1637.768365][T14604] do_dentry_open+0x822/0x13a0 [ 1637.773651][T14604] vfs_open+0x3b/0x340 [ 1637.778245][T14604] path_openat+0x2e08/0x3860 [ 1637.783365][T14604] do_file_open+0x23e/0x4a0 [ 1637.788392][T14604] do_sys_openat2+0x113/0x200 [ 1637.793591][T14604] __x64_sys_openat+0x138/0x170 [ 1637.798966][T14604] do_syscall_64+0x174/0x580 [ 1637.804081][T14604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1637.810497][T14604] [ 1637.810497][T14604] -> #4 (set->srcu){.+.+}-{0:0}: [ 1637.817629][T14604] __synchronize_srcu+0xca/0x300 [ 1637.823089][T14604] elevator_switch+0x1e8/0x7a0 [ 1637.828377][T14604] elevator_change+0x2cc/0x450 [ 1637.833666][T14604] elevator_set_default+0x36c/0x430 [ 1637.839389][T14604] blk_register_queue+0x3e9/0x4e0 [ 1637.844946][T14604] __add_disk+0x677/0xd50 [ 1637.849809][T14604] add_disk_fwnode+0xfb/0x480 [ 1637.855096][T14604] nbd_dev_add+0x72c/0xb50 [ 1637.860045][T14604] nbd_init+0x168/0x1f0 [ 1637.864763][T14604] do_one_initcall+0x250/0x870 [ 1637.870048][T14604] do_initcall_level+0x104/0x190 [ 1637.875507][T14604] do_initcalls+0x59/0xa0 [ 1637.880357][T14604] kernel_init_freeable+0x2a6/0x3e0 [ 1637.886077][T14604] kernel_init+0x1d/0x1d0 [ 1637.890935][T14604] ret_from_fork+0x514/0xb70 [ 1637.896051][T14604] ret_from_fork_asm+0x1a/0x30 [ 1637.901341][T14604] [ 1637.901341][T14604] -> #3 (&q->elevator_lock){+.+.}-{4:4}: [ 1637.909160][T14604] __mutex_lock+0x1a3/0x1550 [ 1637.914277][T14604] elevator_change+0x1b3/0x450 [ 1637.919564][T14604] elevator_set_none+0xb5/0x140 [ 1637.924937][T14604] blk_mq_update_nr_hw_queues+0x5e7/0x1a60 [ 1637.931274][T14604] nbd_start_device+0x17f/0xb10 [ 1637.936651][T14604] nbd_genl_connect+0x165b/0x1cf0 [ 1637.942210][T14604] genl_family_rcv_msg_doit+0x22a/0x330 [ 1637.948281][T14604] genl_rcv_msg+0x61c/0x7a0 [ 1637.953396][T14604] netlink_rcv_skb+0x232/0x4b0 [ 1637.958691][T14604] genl_rcv+0x28/0x40 [ 1637.963194][T14604] netlink_unicast+0x75c/0x8e0 [ 1637.968480][T14604] netlink_sendmsg+0x813/0xb40 [ 1637.973774][T14604] ____sys_sendmsg+0x972/0x9f0 [ 1637.979055][T14604] ___sys_sendmsg+0x2a5/0x360 [ 1637.984254][T14604] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1637.989718][T14604] do_syscall_64+0x174/0x580 [ 1637.994832][T14604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1638.001251][T14604] [ 1638.001251][T14604] -> #2 (&q->q_usage_counter(io)#69){++++}-{0:0}: [ 1638.009895][T14604] blk_alloc_queue+0x546/0x680 [ 1638.015189][T14604] __blk_mq_alloc_disk+0x197/0x390 [ 1638.020831][T14604] nbd_dev_add+0x499/0xb50 [ 1638.025783][T14604] nbd_genl_connect+0x962/0x1cf0 [ 1638.031268][T14604] genl_family_rcv_msg_doit+0x22a/0x330 [ 1638.037347][T14604] genl_rcv_msg+0x61c/0x7a0 [ 1638.042381][T14604] netlink_rcv_skb+0x232/0x4b0 [ 1638.047675][T14604] genl_rcv+0x28/0x40 [ 1638.052181][T14604] netlink_unicast+0x75c/0x8e0 [ 1638.057475][T14604] netlink_sendmsg+0x813/0xb40 [ 1638.062765][T14604] ____sys_sendmsg+0x972/0x9f0 [ 1638.068054][T14604] ___sys_sendmsg+0x2a5/0x360 [ 1638.073252][T14604] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1638.078719][T14604] do_syscall_64+0x174/0x580 [ 1638.083833][T14604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1638.090246][T14604] [ 1638.090246][T14604] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 1638.097478][T14604] fs_reclaim_acquire+0x71/0x100 [ 1638.102972][T14604] kmem_cache_alloc_noprof+0x40/0x650 [ 1638.108892][T14604] __kernfs_iattrs+0xdf/0x320 [ 1638.114098][T14604] kernfs_iop_setattr+0xea/0x3f0 [ 1638.119564][T14604] notify_change+0xc1a/0xf40 [ 1638.124682][T14604] do_truncate+0x1c2/0x250 [ 1638.129634][T14604] path_openat+0x2f89/0x3860 [ 1638.134757][T14604] do_file_open+0x23e/0x4a0 [ 1638.139790][T14604] do_sys_openat2+0x113/0x200 [ 1638.144990][T14604] __x64_sys_openat+0x138/0x170 [ 1638.150369][T14604] do_syscall_64+0x174/0x580 [ 1638.155486][T14604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1638.161903][T14604] [ 1638.161903][T14604] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 1638.170420][T14604] __lock_acquire+0x15a5/0x2cf0 [ 1638.175794][T14604] lock_acquire+0x106/0x350 [ 1638.180839][T14604] down_write+0x96/0x200 [ 1638.185611][T14604] kernfs_unlink_sibling+0x71/0x180 [ 1638.191338][T14604] kernfs_rename_ns+0x4a6/0x830 [ 1638.196718][T14604] sysfs_rename_link_ns+0x16e/0x1b0 [ 1638.202440][T14604] device_rename+0x110/0x210 [ 1638.207551][T14604] __dev_change_net_namespace+0x15d3/0x20a0 [ 1638.213967][T14604] cfg802154_switch_netns+0xbf/0x3d0 [ 1638.219774][T14604] cfg802154_pernet_exit+0x75/0xe0 [ 1638.225413][T14604] ops_undo_list+0x49f/0x940 [ 1638.230527][T14604] cleanup_net+0x56b/0x800 [ 1638.235467][T14604] process_scheduled_works+0xb5d/0x1860 [ 1638.241536][T14604] worker_thread+0xa53/0xfc0 [ 1638.246648][T14604] kthread+0x389/0x470 [ 1638.251241][T14604] ret_from_fork+0x514/0xb70 [ 1638.256352][T14604] ret_from_fork_asm+0x1a/0x30 [ 1638.261729][T14604] [ 1638.261729][T14604] other info that might help us debug this: [ 1638.261729][T14604] [ 1638.271952][T14604] Chain exists of: [ 1638.271952][T14604] &root->kernfs_iattr_rwsem --> cpuhp_state_mutex --> &root->kernfs_rwsem [ 1638.271952][T14604] [ 1638.286385][T14604] Possible unsafe locking scenario: [ 1638.286385][T14604] [ 1638.293837][T14604] CPU0 CPU1 [ 1638.299200][T14604] ---- ---- [ 1638.304562][T14604] lock(&root->kernfs_rwsem); [ 1638.309345][T14604] lock(cpuhp_state_mutex); [ 1638.316474][T14604] lock(&root->kernfs_rwsem); [ 1638.323782][T14604] lock(&root->kernfs_iattr_rwsem); [ 1638.329085][T14604] [ 1638.329085][T14604] *** DEADLOCK *** [ 1638.329085][T14604] [ 1638.337228][T14604] 5 locks held by kworker/u8:1/14604: [ 1638.342604][T14604] #0: ffff88801be86140 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 1638.353495][T14604] #1: ffffc9000204fc40 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 1638.364024][T14604] #2: ffffffff8fdb9128 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800 [ 1638.373350][T14604] #3: ffffffff8fdc7e00 (rtnl_mutex){+.+.}-{4:4}, at: cfg802154_pernet_exit+0x19/0xe0 [ 1638.382925][T14604] #4: ffff88801be85180 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_rename_ns+0x76/0x830 [ 1638.392946][T14604] [ 1638.392946][T14604] stack backtrace: [ 1638.398834][T14604] CPU: 0 UID: 0 PID: 14604 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) [ 1638.398852][T14604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1638.398863][T14604] Workqueue: netns cleanup_net [ 1638.398884][T14604] Call Trace: [ 1638.398893][T14604] [ 1638.398901][T14604] dump_stack_lvl+0xe8/0x150 [ 1638.398917][T14604] print_circular_bug+0x2e1/0x300 [ 1638.398939][T14604] check_noncircular+0x12e/0x150 [ 1638.398959][T14604] __lock_acquire+0x15a5/0x2cf0 [ 1638.398978][T14604] ? __lock_acquire+0x6b5/0x2cf0 [ 1638.398994][T14604] ? __lock_acquire+0x6b5/0x2cf0 [ 1638.399011][T14604] ? kernfs_unlink_sibling+0x71/0x180 [ 1638.399037][T14604] lock_acquire+0x106/0x350 [ 1638.399052][T14604] ? kernfs_unlink_sibling+0x71/0x180 [ 1638.399078][T14604] down_write+0x96/0x200 [ 1638.399094][T14604] ? kernfs_unlink_sibling+0x71/0x180 [ 1638.399115][T14604] ? __pfx_down_write+0x10/0x10 [ 1638.399130][T14604] ? kernfs_root+0x1c/0x230 [ 1638.399148][T14604] ? kernfs_root+0x1c/0x230 [ 1638.399164][T14604] ? kernfs_root+0x1c/0x230 [ 1638.399182][T14604] ? kernfs_root+0x1ea/0x230 [ 1638.399200][T14604] kernfs_unlink_sibling+0x71/0x180 [ 1638.399222][T14604] kernfs_rename_ns+0x4a6/0x830 [ 1638.399247][T14604] sysfs_rename_link_ns+0x16e/0x1b0 [ 1638.399267][T14604] device_rename+0x110/0x210 [ 1638.399286][T14604] __dev_change_net_namespace+0x15d3/0x20a0 [ 1638.399312][T14604] ? __pfx___dev_change_net_namespace+0x10/0x10 [ 1638.399333][T14604] ? __lock_acquire+0x6b5/0x2cf0 [ 1638.399352][T14604] ? __mutex_trylock_common+0x158/0x260 [ 1638.399371][T14604] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1638.399391][T14604] ? rcu_is_watching+0x15/0xb0 [ 1638.399408][T14604] ? trace_contention_end+0x3d/0x140 [ 1638.399427][T14604] ? __mutex_lock+0x319/0x1550 [ 1638.399444][T14604] ? do_raw_spin_unlock+0xf5/0x210 [ 1638.399465][T14604] ? _raw_spin_unlock+0x28/0x50 [ 1638.399486][T14604] ? __pfx___mutex_lock+0x10/0x10 [ 1638.399503][T14604] ? __pfx_netdev_run_todo+0x10/0x10 [ 1638.399520][T14604] cfg802154_switch_netns+0xbf/0x3d0 [ 1638.399541][T14604] cfg802154_pernet_exit+0x75/0xe0 [ 1638.399561][T14604] ops_undo_list+0x49f/0x940 [ 1638.399582][T14604] ? __pfx_ops_undo_list+0x10/0x10 [ 1638.399603][T14604] ? idr_destroy+0x227/0x290 [ 1638.399625][T14604] cleanup_net+0x56b/0x800 [ 1638.399645][T14604] ? __pfx_cleanup_net+0x10/0x10 [ 1638.399667][T14604] ? process_scheduled_works+0xa70/0x1860 [ 1638.399682][T14604] ? process_scheduled_works+0xa70/0x1860 [ 1638.399696][T14604] process_scheduled_works+0xb5d/0x1860 [ 1638.399722][T14604] ? __pfx_process_scheduled_works+0x10/0x10 [ 1638.399739][T14604] ? assign_work+0x3d5/0x5e0 [ 1638.399754][T14604] worker_thread+0xa53/0xfc0 [ 1638.399779][T14604] kthread+0x389/0x470 [ 1638.399798][T14604] ? __pfx_worker_thread+0x10/0x10 [ 1638.399811][T14604] ? __pfx_kthread+0x10/0x10 [ 1638.399830][T14604] ret_from_fork+0x514/0xb70 [ 1638.399846][T14604] ? __pfx_ret_from_fork+0x10/0x10 [ 1638.399861][T14604] ? __switch_to+0xc79/0x1410 [ 1638.399881][T14604] ? __pfx_kthread+0x10/0x10 [ 1638.399899][T14604] ret_from_fork_asm+0x1a/0x30 [ 1638.399921][T14604] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1638.402381][ T4456] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1638.705259][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1638.817747][T22391] netlink: 12 bytes leftover after parsing attributes in process `syz.1.15172'. [ 1639.016782][T14604] hsr_slave_0: left promiscuous mode [ 1639.029914][T14604] hsr_slave_1: left promiscuous mode [ 1639.062640][T14604] veth0_macvtap: left promiscuous mode [ 1639.071595][T14604] veth1_vlan: left promiscuous mode [ 1639.087479][T14604] veth0_vlan: left promiscuous mode [ 1639.399739][T22374] workqueue: Failed to create a rescuer kthread for wq "bond12": -EINTR [ 1639.400767][T22391] workqueue: Failed to create a rescuer kthread for wq "bond8": -EINTR [ 1639.411020][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1639.447199][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1639.494714][ T5297] 8021q: adding VLAN 0 to HW filter on device eth3 [ 1639.727121][T14604] IPVS: stop unused estimator thread 0... [ 1639.741364][ T3974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1639.994986][T22391] syz_tun (unregistering): left allmulticast mode [ 1640.138985][T14604] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1640.208853][T14604] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1640.222186][ T3974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1640.239168][ T5297] 8021q: adding VLAN 0 to HW filter on device eth4 [ 1640.269817][T14604] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1640.344278][T14604] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1640.408340][T23218] netdevsim netdevsim2 eth5: set [1, 0] type 2 family 0 port 20000 - 0 [ 1640.426637][T14123] netdevsim netdevsim2 eth6: set [1, 0] type 2 family 0 port 20000 - 0 [ 1640.452811][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1640.462947][ T4456] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1640.475235][T14131] netdevsim netdevsim2 eth7: set [1, 0] type 2 family 0 port 20000 - 0 [ 1640.493976][T14604] bridge_slave_1: left allmulticast mode [ 1640.504004][T14604] bridge_slave_1: left promiscuous mode [ 1640.509757][T14604] bridge0: port 2(bridge_slave_1) entered disabled state [ 1640.518585][T14604] bridge_slave_0: left allmulticast mode [ 1640.524658][T14604] bridge_slave_0: left promiscuous mode [ 1640.530400][T14604] bridge0: port 1(bridge_slave_0) entered disabled state [ 1640.540694][T14604] bridge_slave_1: left allmulticast mode [ 1640.546528][T14604] bridge_slave_1: left promiscuous mode [ 1640.553181][T14604] bridge0: port 2(bridge_slave_1) entered disabled state [ 1640.567102][T14604] bridge_slave_0: left allmulticast mode [ 1640.573428][T14604] bridge_slave_0: left promiscuous mode [ 1640.579183][T14604] bridge0: port 1(bridge_slave_0) entered disabled state [ 1640.689288][T14604] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1640.706097][T14604] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1640.717021][T14604] bond0 (unregistering): Released all slaves [ 1640.897868][T14604] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1640.908772][T14604] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1640.919589][T14604] bond0 (unregistering): Released all slaves [ 1640.939439][T14131] netdevsim netdevsim2 eth8: set [1, 0] type 2 family 0 port 20000 - 0 [ 1641.012809][T14604] tipc: Disabling bearer [ 1641.033111][T14604] tipc: Left network mode [ 1641.055268][T14604] IPVS: stopping backup sync thread 21957 ... [ 1641.237775][T14604] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1641.245695][T14604] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1641.258922][T14604] hsr_slave_0: left promiscuous mode [ 1641.269454][T14604] hsr_slave_1: left promiscuous mode [ 1641.278334][T14604] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1641.286367][T14604] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1641.295664][T14604] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1641.303320][T14604] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1641.315938][T14604] veth1_macvtap: left promiscuous mode [ 1641.322034][T14604] veth0_macvtap: left promiscuous mode [ 1641.327601][T14604] veth1_vlan: left promiscuous mode [ 1641.333397][T14604] veth0_vlan: left promiscuous mode [ 1641.421634][T14604] team0 (unregistering): Port device team_slave_1 removed [ 1641.437748][T14604] team0 (unregistering): Port device team_slave_0 removed [ 1641.662292][T14604] team0 (unregistering): Port device team_slave_1 removed [ 1641.686434][T14604] team0 (unregistering): Port device team_slave_0 removed [ 1642.395649][ T5297] 8021q: adding VLAN 0 to HW filter on device eth5 [ 1642.533965][ T4456] net_ratelimit: 2 callbacks suppressed [ 1642.533986][ T4456] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1642.547745][ T4456] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1642.635437][ T5297] 8021q: adding VLAN 0 to HW filter on device eth6 [ 1642.780956][ T5760] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1642.863561][ T5297] 8021q: adding VLAN 0 to HW filter on device eth7 [ 1643.089558][ T5297] 8021q: adding VLAN 0 to HW filter on device eth8 [ 1643.571077][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1643.580072][ T4456] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1644.611667][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1644.619813][ T5793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1645.651078][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1645.660086][ T4456] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1645.812244][ T5760] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog