last executing test programs: 1m32.795825997s ago: executing program 0 (id=5541): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0xf4, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0xe0, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xd, 0x5, 0x0, 0x3}, 0x8}}]}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x48, 0x3, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xb66, 0xb3, 0x10000000, 0x34e, 0xffff}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0xf4}}, 0x0) 1m32.741273528s ago: executing program 0 (id=5544): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbff, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x24004804) 1m30.623527857s ago: executing program 0 (id=5572): bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1000000004000000080000000800000000000000", @ANYRESOCT, @ANYBLOB='_'], 0x48) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_RX_RING(r1, 0x10e, 0x6, &(0x7f0000000080)={0x8, 0xfffffff8, 0x7, 0x6}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'ip6_vti0\x00', r4, 0x4, 0x9, 0xf, 0x3ff, 0x25, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, 0x1, 0x1, 0x2, 0x4}}) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000440)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0ab0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000050000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3caa435df0a0e8c1bf176db2a6b2feb4b77d3d5707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4908ad10b97163c066d0e196bf02f46c7953ab1abdaf9de9ca3c00cb9bf4e418d076feafa22f0610a70f2bdf4000200000066b60d00b0c2c1254f0963f63223b7b80197aa3161f45346b100000000000000000089e399f6609876b5887437a172ebc02a740694298b79dc194e533583412dff048fc21f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be033c9d2f972cc93c1c13caec04a367c24a9fb2a6991ddb737d527d6acb15426415b6e8b14f822e86067a5e991c3b404984e1a2c6e94bd0339454c13ad3c328a182c15dc760a3000000005dc2ed0e0b29e98fa883c71949a34d84030323e3d54f45b29d27643453ad9211e3550ee5520211d9370175133f260c6882a146880b9387f1beb5418618bc83a3becf9bb57da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce903eaf32706e0000249a028044ede964362cfb7830a246c3b2f60000fc4deb8eda1368b0960b8d69bd99c64893d44f962526528e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e582160ed048c46e1dccca85bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7033be648b12bb1fee58b58d6a6f31bfe568215dfbde59dad00008a73b40f09cf018cd496b36050d70c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc3a4763948a1cbc10348ef2ac3781b847611fcb0a26acafdd6d9ab05865fcf7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb81c53f16d80f51006cbc71570a5e272b223425e09dc6b6cc1fbc455a64fd449284f71761092a0342000000000000008a05d36fd9b814b4292745418c92d944763a4bf5e138d810e29a31f08f7dea7762d28484e15dc4320e4f85c16a8fbffadf8214d6d24cabe17ad4135d8872935ce0e6a468fd20fa4461d1d600234feac6eb4f046f2acc1b0efb4438abddcabb4e4e72a450aab72b589bec83bbb688e659fb426cb43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c1044ef221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880ada682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f4815237c3aa356217738898a16ba603439f6eaad8e70b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) socket$inet_udp(0x2, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0a000000040000000a0000008000010040010000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000540), &(0x7f0000000080), 0x619, r5}, 0x38) setsockopt$inet6_int(r0, 0x29, 0x10, &(0x7f0000000000), 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x103, @empty, 0xb}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x4000316, 0x0, 0xfffffffffffffe62) 1m28.675763986s ago: executing program 0 (id=5587): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0x2c}, 0x94) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x9}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180200000004000000000000000000008500000036000000850000000700000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={r2, r1, 0x25, 0x0, @val=@tracing}, 0x40) syz_emit_ethernet(0x66, &(0x7f0000000b00)={@local, @local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x11, 0x58, 0x65, 0x0, 0x6, 0x2f, 0x0, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x1}, {}, {0x1, 0x0, 0x0, 0x1}, {0x8, 0x88be, 0x1, {{0x6, 0x1, 0xc, 0x1, 0x1, 0x3, 0x4, 0x5}, 0x1, {0x2d}}}, {0x8, 0x22eb, 0x3, {{0x5, 0x2, 0x2, 0x1, 0x0, 0x1, 0x4, 0x9}, 0x2, {0x2e1, 0x1e6, 0x3, 0x0, 0x0, 0x1, 0x2}}}, {0x8, 0x6558, 0x1}}}}}}, 0x0) 1m28.575775874s ago: executing program 0 (id=5590): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000060a0b040000000000000000020000001400048010000180080017"], 0x50}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="3800000040000100feffffffffdbdf25017c0000040042800c00018006000600800a000014000280100017800c"], 0x38}, 0x1, 0x0, 0x0, 0x48815}, 0x800c000) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x5a0, 0x0, 0xffffff80, 0x178, 0xd0040000, 0x178, 0x4d0, 0x22b, 0x258, 0x4d0, 0x258, 0x2034, 0x0, {[{{@uncond, 0x1d, 0x300, 0x368, 0x340, {0x1e0002a8, 0x7203000000000000}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x1a, 0x64, [{}, {0x25, 0x0, 0x1}, {0x0, 0x40}, {}, {0x0, 0x7, 0x8}, {}, {0x0, 0x0, 0xfd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x4}, {}, {0x6}, {}, {0x9}, {}, {}, {}, {0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x80000000}, {0x870}, {}, {}, {}, {0x2, 0xfe}, {0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x3, 0x10}, {}, {}, {0xfffe, 0x7, 0x4}, {0x0, 0x0, 0x1}, {0x0, 0x1}, {0x8, 0x8, 0x0, 0xfffffffc}, {}, {0x0, 0xfc, 0xe4}, {0x0, 0x0, 0xff}, {}, {0x3}, {}, {0x0, 0x0, 0x0, 0x10}, {}, {}, {0x0, 0x0, 0x0, 0xffffffff}, {}, {0x4, 0x8a}, {}, {}, {}, {0x0, 0x4}]}}, @common=@inet=@socket1={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x1c, 0x7, 0x279, 0x2, 'netbios-ns\x00', 'syz1\x00', {0x170}}}}, {{@ipv6={@private2, @empty, [0xff, 0x0, 0xffffff00, 0xff000000], [0xff000000, 0xff000000, 0xffffff00], 'vlan1\x00', 'pim6reg1\x00', {}, {0xff}, 0x0, 0x9, 0x1, 0x12}, 0x0, 0x100, 0x168, 0x0, {}, [@common=@ah={{0x30}}, @inet=@rpfilter={{0x28}, {0x4}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x11, 0x0, 0x0, 0x0, 'syz1\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x600) r2 = socket(0x28, 0x805, 0x0) connect$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r4 = gettid() r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x1, &(0x7f0000000240)=0x6, 0x4) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="2000000004140100000000000000000008000300000000000800", @ANYRES64=r5], 0x20}, 0x1, 0x0, 0x0, 0x4008055}, 0x814) setsockopt$inet6_buf(r5, 0x29, 0x15, &(0x7f0000000440)="1e8412cf1c01b6721995e3043d4645aa92a6a7ec79a64ae8a04b69bf659075a0906a0c538a1120468ee81a44e113e9f375cb85aad445e80e2f1e04699f1b7cc8d2b77fef364f8f599985a3d824cd6f1cc92818c40d635996ac68f5cc9c0259119164057e09f7ab86237e11b56203ccdff785683fae16479486760d023779d18f29729dc8759fbe1d3d2832d9baf94a54cb36fe3c81d2c2da2a1a0e828dbad5fbf613e246e480462444cdd2419e660f59cb6bfd840dab9836bab8e606b1c385c22c9b407c20f0fbd704fee67069b5754f28ad9442ba155bc95598c9f69e652533c498f4a1694465ae9c4b4427677b23f6485d863c4a7ed6a2", 0xf8) sendto$inet6(r5, &(0x7f0000000540)="3a9546bf6dd13ff3135b3081e5b3ca441b9319e448b8d74bd15e479c02078aa85bd7403afcfaff972c4c072aedc051f0376749968479c393d31c19ec193687307cbb6fb69a99158cc1b1b1111aeae22eba452cd0959e711d139d6f5cb9012df8f0acc77572048080da1f37c3f6ebe57ca4858e9830421322ca33cdd9140759b970fef4164f8f491756b4803358dd3b56e260be78ba921f0a6a360db9401f263f8f4458721ca5c59bc5442b7acc4f42cec8edf382b740725907426f54752576535df8", 0xc2, 0x4c, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}, @IFLA_BROADCAST={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0x28da}]}, 0x3c}}, 0x800) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0}, &(0x7f00000000c0)=0xc) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r2, 0x12, 0x2, &(0x7f0000000380)=""/155, &(0x7f0000000200)=0x9b) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r8, 0x29, 0x41, &(0x7f0000000300)={'filter\x00', 0x2, [{}, {}]}, 0x48) sendmsg$unix(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@cred={{0x1c, 0x1, 0x2, {r4}}}, @cred={{0x1c, 0x1, 0x2, {r4, r9, r10}}}], 0x40, 0x20048000}, 0x24004010) 1m28.243162921s ago: executing program 0 (id=5594): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000640), r0) sendmsg$NFC_CMD_DEP_LINK_DOWN(r0, &(0x7f0000002200)={0x0, 0x0, &(0x7f00000021c0)={&(0x7f0000002180)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20000040) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETGROUP(r2, 0x400454ce, 0x0) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r4 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000003c0)={&(0x7f0000000040)="4dd11545e9f884069c2ddfbc5d6988bbc61fafbeabf390d2003ccf6a32797dc6b89f0f93820d3f24a39b05f1c057553df1459745455722311a46cd781ea6249d57461b2375ff63754f6b593a5775016e791ac23eefa2de52b219f0ffffc5191c837d9b5c46acc68b8eea944bb2c7f533cb05238488590e2e503b11f897b3c8ec0f949a0e342a8d0345dcc7e6949778c384277ac6", &(0x7f0000000200)=""/101, &(0x7f0000000280)="8fde43654b0534ff85557aace831474eec516a902c48dec9211660b35b10b02bd4a273956b5be05a769b77646d159e2d212edabcdcd9c0cd8a65728f", &(0x7f0000000340)="e4eb3157b867fe6e72e43680782c4b0c748579862cca85b227e4d11b15fbc625bf93d1cd2c401c47d404ddef09343b14f9e5e5b72871a4a6db2688aa5af95b29570960e608b7b2c1b7159ce7b169a1a2bfc2e93d258194f7314f8ffbfb67c36d7212629e165f9223dc8e04", 0x63, r4, 0x4}, 0x38) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r5, &(0x7f0000000340)="0a000300010000", 0x7) recvmmsg(r5, &(0x7f0000000280)=[{{0x0, 0x0, 0x0}, 0x40}], 0x15, 0x10040, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CALIPSO_C_LISTALL(r6, &(0x7f0000000540)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)={0x14, 0x0, 0x400, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000885}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18030000000000000000000000000000851000000600000018100000", @ANYRES32=r4, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000260300000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001340)=ANY=[@ANYBLOB="2c000000680001004d000000fcffff7f0000000000000000140002000100000004000000000000000100000a"], 0x2c}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) 1m13.197761969s ago: executing program 32 (id=5594): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000640), r0) sendmsg$NFC_CMD_DEP_LINK_DOWN(r0, &(0x7f0000002200)={0x0, 0x0, &(0x7f00000021c0)={&(0x7f0000002180)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20000040) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETGROUP(r2, 0x400454ce, 0x0) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r4 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000003c0)={&(0x7f0000000040)="4dd11545e9f884069c2ddfbc5d6988bbc61fafbeabf390d2003ccf6a32797dc6b89f0f93820d3f24a39b05f1c057553df1459745455722311a46cd781ea6249d57461b2375ff63754f6b593a5775016e791ac23eefa2de52b219f0ffffc5191c837d9b5c46acc68b8eea944bb2c7f533cb05238488590e2e503b11f897b3c8ec0f949a0e342a8d0345dcc7e6949778c384277ac6", &(0x7f0000000200)=""/101, &(0x7f0000000280)="8fde43654b0534ff85557aace831474eec516a902c48dec9211660b35b10b02bd4a273956b5be05a769b77646d159e2d212edabcdcd9c0cd8a65728f", &(0x7f0000000340)="e4eb3157b867fe6e72e43680782c4b0c748579862cca85b227e4d11b15fbc625bf93d1cd2c401c47d404ddef09343b14f9e5e5b72871a4a6db2688aa5af95b29570960e608b7b2c1b7159ce7b169a1a2bfc2e93d258194f7314f8ffbfb67c36d7212629e165f9223dc8e04", 0x63, r4, 0x4}, 0x38) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r5, &(0x7f0000000340)="0a000300010000", 0x7) recvmmsg(r5, &(0x7f0000000280)=[{{0x0, 0x0, 0x0}, 0x40}], 0x15, 0x10040, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CALIPSO_C_LISTALL(r6, &(0x7f0000000540)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)={0x14, 0x0, 0x400, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000885}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18030000000000000000000000000000851000000600000018100000", @ANYRES32=r4, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000260300000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001340)=ANY=[@ANYBLOB="2c000000680001004d000000fcffff7f0000000000000000140002000100000004000000000000000100000a"], 0x2c}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) 14.72467111s ago: executing program 2 (id=6242): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'lo\x00'}) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = socket$inet6(0xa, 0x3, 0x2) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e25, 0x0, @empty, 0x7}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) 14.18620113s ago: executing program 2 (id=6245): bind$l2tp6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @empty}, 0x20) syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60f91e2e00107300fc040000000000000000000000000000ff02000000000000000000000000000100000000ff"], 0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x60, 0x0, 0x0) 14.071162712s ago: executing program 2 (id=6246): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x14, 0x6, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 14.050980598s ago: executing program 2 (id=6247): bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) syz_emit_ethernet(0x5e, &(0x7f0000000200)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x28, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x2, 0x0, 0x0, 0x0, {[@mptcp=@add_addr={0x1e, 0x12, 0x0, 0x12, 0x5, @dev={0xac, 0x14, 0x14, 0x26}, 0x3, "fcffffffffffffff"}]}}}}}}}}, 0x0) 14.006922751s ago: executing program 2 (id=6248): r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000040)="2600000022004701050007108980e8ff06006d20002b1ffec0e90101c7bb0000b00000000000", 0x26) recvmmsg(r0, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000300)=""/210, 0xd2}, {&(0x7f00000000c0)=""/226, 0xe2}, {&(0x7f0000000080)=""/20, 0x14}, {&(0x7f0000001c00)=""/4096, 0x1000}, {&(0x7f0000000700)=""/124, 0x7c}, {&(0x7f0000000600)=""/178, 0xb2}], 0x6}, 0x8}], 0x1, 0x140, 0x0) sendto(r0, &(0x7f00000005c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x20000090, 0x0, 0x0) 11.543479392s ago: executing program 2 (id=6250): socket$pppl2tp(0x18, 0x1, 0x1) r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$alg(0xffffffffffffffff, 0x0, 0x55) sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x20000005) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x9e, &(0x7f0000000980)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}, @val={@void}, {@ipv6={0x86dd, @udp={0x0, 0x6, "910100", 0x64, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x2, "c1a0c4c640fe4f2530d964e2a8541c9a3594e1a2d15d6fb06b621ec3d98f84c0", "7817407192afae8f8f3f3264b4a6a611", {"04627e1c1d49766d92f63591a1eb2cb4", "3eea5b34b87ab01aaffcf19f7e22526e"}}}}}}}}, 0x0) 3.405921373s ago: executing program 4 (id=6286): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x8, 0x3, "d6144042"}, @NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TARGET_NAME={0xc, 0x1, 'NFQUEUE\x00'}]}}}]}]}], {0x14}}, 0xc8}}, 0x0) 3.170143467s ago: executing program 4 (id=6289): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x10) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, &(0x7f0000001340)) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0) close(0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x720, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000940)=@file={0x0, './file0\x00'}, 0x6e) 2.84811113s ago: executing program 1 (id=6296): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=@newlink={0x20, 0x10, 0x1, 0x70bd28, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, 0x48815, 0x3}}, 0x20}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x44}}, 0x0) 2.750939055s ago: executing program 1 (id=6298): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x8, 0x3, "d6144042"}, @NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TARGET_NAME={0xc, 0x1, 'NFQUEUE\x00'}]}}}]}]}], {0x14}}, 0xc8}}, 0x0) 2.491964186s ago: executing program 1 (id=6300): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@ipv6_newroute={0x30, 0x18, 0x1ef, 0x70bd27, 0xffffffff, {0xa, 0x0, 0x0, 0x0, 0xfe, 0x2, 0xc8, 0xa, 0x100}, [@RTA_GATEWAY={0x14, 0x5, @loopback}]}, 0x30}, 0x1, 0x11, 0x0, 0x4000800}, 0x800) getsockopt$inet_sctp6_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f00000003c0)={0x0, 0xc9, 0x4, 0x4e25, 0x4, 0x3, 0x1, 0x4a69, {0x0, @in6={{0xa, 0x4e24, 0x7fff, @empty}}, 0x400, 0xffffff7b, 0x9, 0x4, 0x3}}, &(0x7f0000000480)=0xb0) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000300)=0xd, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x80000001, 0x4, 0x32, 0x0, 0xff}, 0x9c) socket$key(0xf, 0x3, 0x2) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0x80}}, 0x0, 0x8, 0x0, 0x0, 0x8a}, 0x9c) sendto$inet6(r3, &(0x7f0000000000)='H', 0x1, 0x40, &(0x7f00000002c0)={0xa, 0x4e22, 0x8, @dev={0xfe, 0x80, '\x00', 0x42}, 0x6}, 0x1c) 2.290346157s ago: executing program 1 (id=6302): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, 0x0, 0x0) listen(r0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x14, 0x6, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 2.178967346s ago: executing program 4 (id=6303): r0 = socket$inet(0x2, 0x3, 0x2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000000)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x2, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x200000}}}}}, 0x0) 2.157428093s ago: executing program 1 (id=6304): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a000000050000000200000004"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="1b00"/11], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200000100000085000000a000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 2.155840918s ago: executing program 4 (id=6305): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1f, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000838500000004000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000000000085000000a800"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r2}, 0xc) 2.080792583s ago: executing program 1 (id=6306): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054) write$nci(r0, &(0x7f0000000240)=ANY=[@ANYBLOB='p\x00\t'], 0xc) sendmsg$NFC_CMD_DISABLE_SE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x24, r2, 0xb27ab2d9eb346469, 0x70bd2c, 0x25dfdbfc, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0x1}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) write$nci(r0, &(0x7f0000000dc0)=@NCI_OP_CORE_INIT_RSP={0x0, 0x0, 0x2, 0x1, 0x9, {{}, {0xb5, 0x400, 0x3, 0x400, 0xab, 0x3ff}}}, 0x14) 2.036821764s ago: executing program 4 (id=6307): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=@newlink={0x20, 0x10, 0x1, 0x70bd28, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, 0x48815, 0x3}}, 0x20}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[], 0x44}}, 0x0) 2.036202012s ago: executing program 4 (id=6308): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYRES32], 0x7c}}, 0x20004450) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24000840) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10002000}, 0x800) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r1, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) 1.449503554s ago: executing program 3 (id=6316): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) bind$inet6(r1, 0x0, 0x0) syz_emit_ethernet(0x9e, &(0x7f0000000980)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}, @val={@void}, {@ipv6={0x86dd, @udp={0x0, 0x6, "910100", 0x64, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x2, "c1a0c4c640fe4f2530d964e2a8541c9a3594e1a2d15d6fb06b621ec3d98f84c0", "7817407192afae8f8f3f3264b4a6a611", {"04627e1c1d49766d92f63591a1eb2cb4", "3eea5b34b87ab01aaffcf19f7e22526e"}}}}}}}}, 0x0) 1.342947671s ago: executing program 3 (id=6317): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000006680)={0x0, 0x0, &(0x7f0000006640)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000000102050000000000000000000a000002300001"], 0x44}}, 0x0) 1.122442681s ago: executing program 3 (id=6318): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xd, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=@newtfilter={0x84, 0x2c, 0xd27, 0x70bd26, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0x2, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x1000, 0x20000000, 0xfffffffc, 0x7ff}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4811}, 0x40884) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r7 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r9 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r9, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r9, &(0x7f0000000280)={&(0x7f0000000540)=@xdp={0x2c, 0x0, r8, 0x42}, 0x80, &(0x7f00000000c0)=[{&(0x7f00000002c0)="27030200dc0f14000e00003c0ff000000000ff8800000066c1532cc10200000003125ce882cbf490d90812533f00", 0x2e}], 0x1}, 0x4005) 629.184529ms ago: executing program 5 (id=6322): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x521deb0b}]}]}, @NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @tunnel={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_TUNNEL_KEY={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_TUNNEL_DREG={0x8, 0x2, 0x1, 0x0, 0x9}]}}}, {0x34, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_REJECT_ICMP_CODE={0x5, 0x2, 0x7}, @NFTA_REJECT_TYPE={0x8}, @NFTA_REJECT_ICMP_CODE={0x5, 0x2, 0x81}, @NFTA_REJECT_TYPE={0x8}]}}}]}]}], {0x14}}, 0x100}}, 0x0) 545.142358ms ago: executing program 3 (id=6323): r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x7fffe, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {0xb, 0xb}, {0x2, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x808, 0x205, 0x1, 0xc}, 0xb, 0x1, 0x32, 0x5, 0x9, 0x7, 0x9, 0x10, 0x1, 0x1, {0xffff1c72, 0x23, 0x100007, 0x8, 0xfffffffe, 0x7583}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x44040}, 0x8000) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', 0x0}) sendto$packet(r0, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @multicast}, 0x14) 543.842115ms ago: executing program 5 (id=6324): r0 = socket$inet(0x2, 0x3, 0x2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000000)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x2, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x200000}}}}}, 0x0) 450.412426ms ago: executing program 5 (id=6325): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a000000050000000200000004"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="1b00"/11], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200000100000085000000a000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 415.578469ms ago: executing program 5 (id=6326): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000002000095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x94) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r1, r2, 0x25, 0x0, @val=@iter={0x0}}, 0x20) syz_init_net_socket$llc(0x1a, 0x801, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000100)=0x4207, 0x4) sendto$packet(r5, &(0x7f00000002c0), 0x0, 0x4, &(0x7f0000000140)={0x11, 0x88a8, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r8, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r6], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0) r9 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r9, 0x0, 0x0, 0x44010, &(0x7f0000000180)={0x11, 0x1, r8, 0x1, 0x12, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x40}}, 0x14) 335.199782ms ago: executing program 5 (id=6327): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0xfffffff9}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0x11}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000100)=0x4207, 0x4) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', 0x0}) sendto$packet(r4, &(0x7f00000002c0)="05031400d3fc141200004788031c09102c28", 0xfdef, 0x4, &(0x7f0000000140)={0x11, 0x88a8, r5, 0x1, 0x0, 0x6, @multicast}, 0x14) 112.326975ms ago: executing program 3 (id=6328): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x10) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, &(0x7f0000001340)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r3, 0x0, 0x0, 0x720, 0x0, 0x0) connect$unix(r2, &(0x7f0000000940)=@file={0x0, './file0\x00'}, 0x6e) 66.25562ms ago: executing program 5 (id=6329): sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="58bc0d25", @ANYRES16, @ANYBLOB="080029bd7000fddbdf2508000000440003800800030003000000080003000b00000008000300165d0000080003000000000008000100001000000800030000000000080002"], 0x58}, 0x1, 0x0, 0x0, 0x4008010}, 0x10) r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f0003"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4) 0s ago: executing program 3 (id=6330): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newtfilter={0x90, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0x0, 0x7}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x5c, 0x2, [@TCA_MATCHALL_ACT={0x58, 0x2, [@m_gact={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x1000, 0x4, 0xfffffffc, 0x8}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x5ef, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r7 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r7, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r7, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r5, 0xc}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf", 0x22}, {&(0x7f0000000c00)="4307ed2e", 0x4}], 0x2}, 0x4) kernel console output (not intermixed with test programs): aving as an active interface with an up link [ 819.707280][T30903] ±ÿ speed is unknown, defaulting to 1000 [ 819.758304][T30878] netlink: 'syz.2.4984': attribute type 9 has an invalid length. [ 819.888159][T30910] ip6gre1: entered promiscuous mode [ 819.894367][T30910] ip6gre1: entered allmulticast mode [ 819.937415][T30911] tipc: Enabled bearer , priority 0 [ 819.958014][T30911] syzkaller0: entered promiscuous mode [ 819.965727][T30911] syzkaller0: entered allmulticast mode [ 820.177531][T30926] tipc: Resetting bearer [ 820.189190][T30908] tipc: Resetting bearer [ 820.291013][T30908] tipc: Disabling bearer [ 820.312390][T30931] netlink: 'syz.3.4997': attribute type 4 has an invalid length. [ 820.361080][T30931] netlink: 'syz.3.4997': attribute type 4 has an invalid length. [ 820.381691][T30940] __nla_validate_parse: 11 callbacks suppressed [ 820.381707][T30940] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5000'. [ 820.437833][T30940] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5000'. [ 820.506422][T30943] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5000'. [ 821.270964][T30974] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5008'. [ 821.377924][T30977] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5009'. [ 821.397538][T30977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 821.406099][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 821.554062][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 821.562443][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 821.570792][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 821.579126][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 822.594396][T31009] netlink: 'syz.3.5018': attribute type 1 has an invalid length. [ 822.698921][T31009] 8021q: adding VLAN 0 to HW filter on device bond10 [ 822.751872][T31012] netlink: 'syz.3.5018': attribute type 10 has an invalid length. [ 822.759730][T31012] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5018'. [ 822.828083][T31011] bond10: (slave dummy0): making interface the new active one [ 822.858221][T31011] bond10: (slave dummy0): Enslaving as an active interface with an up link [ 822.880383][T31012] dummy0: entered promiscuous mode [ 822.887215][T31012] bond10: (slave dummy0): Releasing active interface [ 822.902571][T31014] nbd: couldn't find device at index 2 [ 822.915929][T31017] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5019'. [ 823.155067][T31020] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5020'. [ 823.202734][T31022] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5021'. [ 823.211634][T31022] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4. [ 823.268774][T31022] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5021'. [ 823.277770][T31022] netlink: 'syz.2.5021': attribute type 1 has an invalid length. [ 823.349324][T31024] netlink: 'syz.3.5022': attribute type 1 has an invalid length. [ 823.407996][T31026] netlink: 'syz.2.5023': attribute type 1 has an invalid length. [ 824.265202][ T30] audit: type=1800 audit(1778423319.185:22): pid=31049 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5030" name=3A202E31323334352E2E2E2E2028313829207238203D2030783363333130303030300A202020202020323A202E31323334352E2E382E20283835292063616C6C2070632B360A202020202020333A202E2E2E2E2E2E2E2E382E2028313829207230203D203078313130303030303066666666666666660A202020202020353A202E2E2E2E2E2E2E2E382E202836362920696620773820733E2030783020676F746F2070632B300A202020202020363A202E2E2E2E2E2E2E2E2E2E20283138292072 dev="tmpfs" ino=2258 res=0 errno=0 [ 824.910241][T31071] netlink: 'syz.0.5036': attribute type 7 has an invalid length. [ 825.354687][T25292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 825.719037][T31086] __nla_validate_parse: 4 callbacks suppressed [ 825.719056][T31086] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5041'. [ 825.734273][T31086] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5041'. [ 825.797325][T31093] netlink: 72 bytes leftover after parsing attributes in process `syz.2.5044'. [ 825.904465][T31097] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5047'. [ 825.946145][T31093] geneve1: Caught tx_queue_len zero misconfig [ 825.972820][T31093] sch_tbf: peakrate 5 is lower than or equals to rate 5 ! [ 825.998226][T31106] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5049'. [ 826.030680][T31106] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 826.551929][T31115] netlink: 48 bytes leftover after parsing attributes in process `syz.0.5051'. [ 826.565959][T27527] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 826.811128][T31119] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 826.819412][T31119] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 826.829527][T31119] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 826.839850][T31119] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 826.848252][T31119] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 826.857511][T31119] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 826.865758][T31119] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 827.132212][T31131] netlink: 'syz.3.5055': attribute type 1 has an invalid length. [ 827.195893][T31133] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5055'. [ 827.257160][T31127] sctp: [Deprecated]: syz.2.5054 (pid 31127) Use of int in max_burst socket option. [ 827.257160][T31127] Use struct sctp_assoc_value instead [ 827.286848][T31131] 8021q: adding VLAN 0 to HW filter on device bond11 [ 827.486462][T31129] netlink: 'syz.3.5055': attribute type 1 has an invalid length. [ 827.586543][T31129] bond11: (slave batadv2): Opening slave failed [ 827.883124][T31147] netlink: 'syz.4.5059': attribute type 32 has an invalid length. [ 827.947465][T31149] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5060'. [ 827.967116][T31149] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5060'. [ 827.978939][T31149] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5060'. [ 827.994296][T31149] IPv6: sit2: Disabled Multicast RS [ 828.355685][T31171] dvmrp6: entered allmulticast mode [ 828.690107][T31185] netlink: 'syz.2.5072': attribute type 1 has an invalid length. [ 828.904462][T31197] veth11: entered allmulticast mode [ 830.017743][T31243] ±ÿ speed is unknown, defaulting to 1000 [ 830.507337][T31256] tipc: Enabled bearer , priority 0 [ 830.791366][T31266] netlink: 'syz.1.5094': attribute type 3 has an invalid length. [ 830.832727][T31266] __nla_validate_parse: 8 callbacks suppressed [ 830.832756][T31266] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5094'. [ 831.041014][T31267] xt_bpf: check failed: parse error [ 831.052753][T31270] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5097'. [ 831.115094][T31273] netlink: 52 bytes leftover after parsing attributes in process `syz.1.5097'. [ 831.404668][T31279] bond13 (unregistering): Released all slaves [ 831.781833][T31298] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5105'. [ 831.804732][T31298] macvtap1: entered promiscuous mode [ 831.818361][T31298] team0: entered promiscuous mode [ 831.823431][T31298] team_slave_0: entered promiscuous mode [ 831.829284][T31298] team_slave_1: entered promiscuous mode [ 831.835590][T31298] macvtap1: entered allmulticast mode [ 831.840993][T31298] team0: entered allmulticast mode [ 831.897994][T31298] team_slave_0: entered allmulticast mode [ 831.903779][T31298] team_slave_1: entered allmulticast mode [ 831.910904][T31298] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 831.918584][T31302] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5105'. [ 831.954229][T31302] team0: left allmulticast mode [ 831.959097][T31302] team_slave_0: left allmulticast mode [ 831.964550][T31302] team_slave_1: left allmulticast mode [ 831.970060][T31302] team0: left promiscuous mode [ 831.977295][T31302] macvtap1: left promiscuous mode [ 831.982349][T31302] macvtap1: left allmulticast mode [ 832.077046][T30121] team_slave_0: left promiscuous mode [ 832.082757][T30121] team_slave_1: left promiscuous mode [ 832.093874][T31306] veth0_macvtap: Caught tx_queue_len zero misconfig [ 832.200774][ C0] net_ratelimit: 41 callbacks suppressed [ 832.200798][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 832.214876][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 832.223250][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 832.231609][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 832.583016][T31314] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.5107'. [ 832.624750][T31312] batman_adv: batadv0: Interface deactivated: vlan2 [ 832.941025][T31312] bridge0: port 2(bridge_slave_1) entered disabled state [ 833.478634][T31312] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 834.192066][T31312] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 834.290616][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 834.298966][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 834.307218][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 834.315513][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 834.323805][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 834.332097][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 834.546526][T28594] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 834.589122][T28594] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 834.619078][T28594] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 20004 - 0 [ 834.649515][T28594] netdevsim netdevsim2 netdevsim0: unset [1, 2] type 2 family 0 port 256 - 0 [ 834.672343][T31353] macsec2: entered promiscuous mode [ 834.780204][T31353] erspan0: entered promiscuous mode [ 834.813300][T31353] erspan0: left promiscuous mode [ 834.885430][ T8375] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 834.896030][ T8375] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 834.906296][ T8375] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 20004 - 0 [ 834.921405][ T8375] netdevsim netdevsim2 netdevsim1: unset [1, 2] type 2 family 0 port 256 - 0 [ 834.941676][ T8375] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 834.972438][T31369] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5120'. [ 835.005766][ T8375] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 835.024887][ T8375] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 20004 - 0 [ 835.033877][ T8375] netdevsim netdevsim2 netdevsim2: unset [1, 2] type 2 family 0 port 256 - 0 [ 835.042757][ T8375] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 835.051624][ T8375] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 835.060491][ T8375] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 20004 - 0 [ 835.069439][ T8375] netdevsim netdevsim2 netdevsim3: unset [1, 2] type 2 family 0 port 256 - 0 [ 835.233257][T31382] netlink: 68 bytes leftover after parsing attributes in process `syz.2.5116'. [ 835.364943][T31386] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5123'. [ 835.766172][T31394] sctp: [Deprecated]: syz.4.5122 (pid 31394) Use of int in max_burst socket option. [ 835.766172][T31394] Use struct sctp_assoc_value instead [ 836.088967][T31410] xt_l2tp: wrong L2TP version: 0 [ 836.195682][T31412] netlink: 'syz.3.5129': attribute type 1 has an invalid length. [ 836.320019][T31412] bond12: entered promiscuous mode [ 836.325837][T31412] 8021q: adding VLAN 0 to HW filter on device bond12 [ 836.539697][T31415] 8021q: adding VLAN 0 to HW filter on device bond12 [ 836.557826][T31415] bond12: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 836.570602][T31417] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5130'. [ 836.579827][T31415] bond12: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 836.596340][T31415] bond12: (slave ip6gre1): making interface the new active one [ 836.649712][T31415] ip6gre1: entered promiscuous mode [ 836.657388][T31415] bond12: (slave ip6gre1): Enslaving as an active interface with an up link [ 836.780073][T31412] ±ÿ speed is unknown, defaulting to 1000 [ 837.090274][T31434] netlink: 'syz.0.5135': attribute type 1 has an invalid length. [ 837.127953][T31434] 8021q: adding VLAN 0 to HW filter on device bond13 [ 837.135595][T31437] netlink: 84 bytes leftover after parsing attributes in process `syz.4.5136'. [ 837.225672][T31437] netlink: 'syz.4.5136': attribute type 1 has an invalid length. [ 837.344550][T31439] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5136'. [ 837.357139][T31437] 8021q: adding VLAN 0 to HW filter on device bond7 [ 837.418745][T31434] vlan0: entered allmulticast mode [ 837.438827][T31434] bond13: entered allmulticast mode [ 837.448697][T31439] bond7: entered promiscuous mode [ 837.495706][T31439] bond7: entered allmulticast mode [ 837.790648][T31455] net_ratelimit: 4 callbacks suppressed [ 837.790665][T31455] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 837.804500][T31455] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 837.812832][T31455] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 837.954932][T31463] netlink: 'syz.1.5143': attribute type 10 has an invalid length. [ 837.980401][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 837.988759][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 837.997067][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 838.007381][T31460] debugfs: '!' already exists in 'ieee80211' [ 838.016249][T31464] netlink: 'syz.1.5143': attribute type 10 has an invalid length. [ 838.213608][T31456] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 838.225118][T31456] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 838.356245][T31478] netlink: 'syz.1.5146': attribute type 22 has an invalid length. [ 838.409819][T31479] netlink: 'syz.1.5146': attribute type 22 has an invalid length. [ 838.418368][T31479] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5146'. [ 838.847441][T31500] netlink: 88 bytes leftover after parsing attributes in process `syz.2.5151'. [ 838.864567][T31500] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5151'. [ 839.847826][T31537] tipc: Enabled bearer , priority 0 [ 839.876171][T31536] tipc: Disabling bearer [ 840.188887][T31552] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5162'. [ 840.199916][T31552] netlink: 'syz.4.5162': attribute type 7 has an invalid length. [ 840.208080][T31552] netlink: 'syz.4.5162': attribute type 8 has an invalid length. [ 840.216198][T31552] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5162'. [ 840.632338][T31576] netlink: 'syz.2.5167': attribute type 1 has an invalid length. [ 840.743128][T31576] bond10: entered promiscuous mode [ 840.784647][T31576] 8021q: adding VLAN 0 to HW filter on device bond10 [ 840.811612][T31576] mac80211_hwsim hwsim54 wlan0: Caught tx_queue_len zero misconfig [ 841.778259][T31617] netlink: 56 bytes leftover after parsing attributes in process `syz.0.5176'. [ 841.890368][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 841.898815][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 842.088487][T31627] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5181'. [ 842.121831][T31627] nbd: illegal input index -1113835520 [ 842.135218][T31638] syzkaller1: entered promiscuous mode [ 842.143557][T31638] syzkaller1: entered allmulticast mode [ 842.230124][T31644] netlink: 'syz.4.5186': attribute type 17 has an invalid length. [ 842.237989][T31644] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5186'. [ 842.272513][T31642] dvmrp1: left allmulticast mode [ 842.279748][T31641] netlink: 'syz.2.5182': attribute type 1 has an invalid length. [ 842.433617][T31657] IPVS: set_ctl: invalid protocol: 115 172.20.20.187:20002 [ 842.459851][T31641] bond11: entered promiscuous mode [ 842.475501][T31641] 8021q: adding VLAN 0 to HW filter on device bond11 [ 842.524145][T31661] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5189'. [ 842.537338][T31645] 8021q: adding VLAN 0 to HW filter on device bond11 [ 842.544865][T31645] bond11: (slave wireguard0): The slave device specified does not support setting the MAC address [ 842.556705][T31645] bond11: (slave wireguard0): Setting fail_over_mac to active for active-backup mode [ 842.638772][T31645] bond11: (slave wireguard0): making interface the new active one [ 842.667171][T31645] wireguard0: entered promiscuous mode [ 842.680248][T31645] bond11: (slave wireguard0): Enslaving as an active interface with an up link [ 842.746643][T31658] bond11: (slave wireguard1): The slave device specified does not support setting the MAC address [ 842.760880][T31658] bond11: (slave wireguard1): Enslaving as a backup interface with an up link [ 842.923029][T31674] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 842.932917][T31674] syzkaller1: Linktype set failed because interface is up [ 842.941985][T31674] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 843.010959][T30122] syzkaller1: tun_net_xmit 90 [ 843.341553][T31703] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5198'. [ 843.351034][T31703] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5198'. [ 843.474879][T30122] syzkaller1: tun_net_xmit 90 [ 843.499415][T31707] veth0: entered promiscuous mode [ 843.537808][T31709] veth0: left promiscuous mode [ 843.599006][T31713] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5201'. [ 843.710067][T31713] 8021q: adding VLAN 0 to HW filter on device team0 [ 843.751924][T31713] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 844.221377][T31713] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 844.256493][T31713] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 844.269213][T31713] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 844.279578][T31713] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 844.295010][T31713] veth1_vlan: left promiscuous mode [ 844.301385][T31713] veth0_vlan: left promiscuous mode [ 844.308455][T31713] veth0_vlan: entered promiscuous mode [ 844.315808][T31713] veth1_vlan: entered promiscuous mode [ 844.325968][T31713] veth1_macvtap: left promiscuous mode [ 844.332644][T31713] veth0_macvtap: left promiscuous mode [ 844.339220][T31713] veth0_macvtap: entered promiscuous mode [ 844.398334][T31713] veth1_macvtap: entered promiscuous mode [ 844.420065][T31713] 8021q: adding VLAN 0 to HW filter on device bond1 [ 844.427398][T31713] net_ratelimit: 1 callbacks suppressed [ 844.427414][T31713] A link change request failed with some changes committed already. Interface batadv1 may have been left with an inconsistent configuration, please check. [ 844.468079][T28592] bridge0: port 1(bridge_slave_0) entered blocking state [ 844.475322][T28592] bridge0: port 1(bridge_slave_0) entered forwarding state [ 844.558693][T28592] bridge0: port 2(bridge_slave_1) entered blocking state [ 844.565947][T28592] bridge0: port 2(bridge_slave_1) entered forwarding state [ 844.640819][T28592] bridge0: port 3(veth0_virt_wifi) entered blocking state [ 844.648115][T28592] bridge0: port 3(veth0_virt_wifi) entered forwarding state [ 844.716008][T27512] syz0: Port: 1 Link ACTIVE [ 844.721604][T28594] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 844.732998][T28594] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 844.847435][T10263] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 844.855252][T10263] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 844.862872][T28594] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 844.871092][T28594] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 844.882713][T10263] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 844.890525][T10263] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 844.951732][T31751] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5207'. [ 845.004557][T25296] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 845.014508][T25296] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 845.109480][T25296] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 845.197667][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 845.206044][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 845.218519][T31759] bond13: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 845.237281][T31759] bond13: (slave lo): Enslaving as an active interface with an up link [ 845.253262][T31759] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 845.372393][T31766] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5211'. [ 845.385817][T31765] netlink: 80 bytes leftover after parsing attributes in process `syz.0.5210'. [ 845.683467][T31769] ±ÿ speed is unknown, defaulting to 1000 [ 845.763787][T25296] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 845.773629][T25298] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 845.911779][T25296] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 847.116456][T31827] x_tables: duplicate underflow at hook 2 [ 847.222673][T31838] __nla_validate_parse: 3 callbacks suppressed [ 847.222691][T31838] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5228'. [ 847.290447][T31835] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5228'. [ 847.381754][T31827] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5227'. [ 847.658464][T31858] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5233'. [ 847.780374][T31861] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5234'. [ 847.973231][T31861] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5234'. [ 848.647265][T31879] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5236'. [ 848.675049][T31879] openvswitch: netlink: Unknown nsh attribute 0 [ 849.393205][T31858] ±ÿ speed is unknown, defaulting to 1000 [ 849.480611][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 849.486381][T31882] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5237'. [ 849.490883][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 849.506094][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 849.900227][T31884] netlink: 256 bytes leftover after parsing attributes in process `syz.3.5238'. [ 850.194998][T31887] netlink: 'syz.2.5239': attribute type 14 has an invalid length. [ 850.549662][T31893] rdma_rxe: rxe_newlink: failed to add bridge_slave_1 [ 850.861101][T31910] bond8: Unable to set down delay as MII monitoring is disabled [ 850.875177][T31910] bond8 (unregistering): Released all slaves [ 851.011869][T31912] bridge0: port 3(veth0_virt_wifi) entered disabled state [ 851.019670][T31912] bridge0: port 2(bridge_slave_1) entered disabled state [ 851.027165][T31912] bridge0: port 1(bridge_slave_0) entered disabled state [ 851.140393][T31914] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5246'. [ 851.156484][T31912] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 851.217485][T31912] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 851.562017][T25296] syz0: Port: 1 Link DOWN [ 851.651921][T31914] ip6gre1: entered promiscuous mode [ 851.661719][T31914] ip6gre1: entered allmulticast mode [ 851.676113][ T8375] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 851.697640][ T8375] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 851.846577][ T8375] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 851.854995][ T8375] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 852.092451][T31943] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 852.267509][T31958] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5256'. [ 852.354316][T31942] netlink: 'syz.4.5254': attribute type 10 has an invalid length. [ 852.362168][T31942] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5254'. [ 852.374192][T31952] tipc: New replicast peer: 172.20.20.170 [ 852.412833][T31952] tipc: Enabled bearer , priority 10 [ 852.540605][T31955] netlink: 'syz.1.5255': attribute type 1 has an invalid length. [ 852.572516][T31955] netlink: 476 bytes leftover after parsing attributes in process `syz.1.5255'. [ 852.584892][T31955] netlink: 1041 bytes leftover after parsing attributes in process `syz.1.5255'. [ 852.599252][T31963] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5257'. [ 852.608598][T31963] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5257'. [ 852.830400][T31977] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5260'. [ 853.166695][T31987] netlink: 'syz.1.5262': attribute type 8 has an invalid length. [ 853.381743][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 853.390203][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 853.398516][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 853.406858][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 853.417038][T27512] tipc: Node number set to 258637964 [ 855.957953][T25298] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 855.966435][T25296] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 859.230466][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 859.238812][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 859.247107][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 859.255297][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 864.941265][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 864.949614][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 864.957945][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 864.966392][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 865.555503][T25298] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 870.220433][T32041] FAULT_INJECTION: forcing a failure. [ 870.220433][T32041] name failslab, interval 1, probability 0, space 0, times 1 [ 870.233082][T32041] CPU: 1 UID: 0 PID: 32041 Comm: syz.4.5283 Not tainted syzkaller #0 PREEMPT(full) [ 870.233105][T32041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 870.233117][T32041] Call Trace: [ 870.233125][T32041] [ 870.233132][T32041] dump_stack_lvl+0xe8/0x150 [ 870.233161][T32041] should_fail_ex+0x412/0x560 [ 870.233190][T32041] should_failslab+0xa8/0x100 [ 870.233219][T32041] __kmalloc_noprof+0xe8/0x760 [ 870.233244][T32041] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 870.233275][T32041] tomoyo_realpath_from_path+0xe3/0x5d0 [ 870.233301][T32041] ? tomoyo_domain+0xd7/0x130 [ 870.233331][T32041] ? tomoyo_path_number_perm+0x219/0x630 [ 870.233351][T32041] tomoyo_path_number_perm+0x246/0x630 [ 870.233373][T32041] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 870.233393][T32041] ? __lock_acquire+0x6b5/0x2cf0 [ 870.233428][T32041] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 870.233467][T32041] ? __fget_files+0x2a/0x420 [ 870.233491][T32041] ? __fget_files+0x2a/0x420 [ 870.233511][T32041] ? __fget_files+0x3a0/0x420 [ 870.233529][T32041] ? __fget_files+0x2a/0x420 [ 870.233554][T32041] security_file_ioctl+0xc3/0x2a0 [ 870.233575][T32041] __se_sys_ioctl+0x47/0x170 [ 870.233600][T32041] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 870.233619][T32041] do_syscall_64+0x15f/0xf80 [ 870.233635][T32041] ? trace_irq_disable+0x3b/0x140 [ 870.233660][T32041] ? clear_bhb_loop+0x40/0x90 [ 870.233681][T32041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 870.233699][T32041] RIP: 0033:0x7f37ced9cdd9 [ 870.233716][T32041] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 870.233731][T32041] RSP: 002b:00007f37cfc6b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 870.233750][T32041] RAX: ffffffffffffffda RBX: 00007f37cf015fa0 RCX: 00007f37ced9cdd9 [ 870.233763][T32041] RDX: 00002000000001c0 RSI: 000000000000890b RDI: 0000000000000003 [ 870.233774][T32041] RBP: 00007f37cfc6b090 R08: 0000000000000000 R09: 0000000000000000 [ 870.233785][T32041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 870.233795][T32041] R13: 00007f37cf016038 R14: 00007f37cf015fa0 R15: 00007ffcc4304e28 [ 870.233826][T32041] [ 870.233841][T32041] ERROR: Out of memory at tomoyo_realpath_from_path. [ 870.284739][T32047] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5285'. [ 870.541990][T32050] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5286'. [ 870.610657][T32052] syzkaller0: entered promiscuous mode [ 870.632449][T32052] syzkaller0: entered allmulticast mode [ 870.690785][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 870.699180][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 870.707492][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 870.715769][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 871.239212][T32069] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5293'. [ 875.038602][T32115] FAULT_INJECTION: forcing a failure. [ 875.038602][T32115] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 875.088182][T32115] CPU: 0 UID: 0 PID: 32115 Comm: syz.4.5312 Not tainted syzkaller #0 PREEMPT(full) [ 875.088208][T32115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 875.088219][T32115] Call Trace: [ 875.088226][T32115] [ 875.088234][T32115] dump_stack_lvl+0xe8/0x150 [ 875.088261][T32115] should_fail_ex+0x412/0x560 [ 875.088289][T32115] _copy_to_user+0x31/0xb0 [ 875.088318][T32115] simple_read_from_buffer+0xe1/0x170 [ 875.088345][T32115] proc_fail_nth_read+0x1bb/0x230 [ 875.088372][T32115] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 875.088398][T32115] ? rw_verify_area+0x2a6/0x4d0 [ 875.088422][T32115] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 875.088446][T32115] vfs_read+0x20c/0xa70 [ 875.088476][T32115] ? __pfx___mutex_lock+0x10/0x10 [ 875.088496][T32115] ? __pfx_vfs_read+0x10/0x10 [ 875.088521][T32115] ? __fget_files+0x2a/0x420 [ 875.088553][T32115] ? __fget_files+0x3a0/0x420 [ 875.088573][T32115] ? __fget_files+0x2a/0x420 [ 875.088603][T32115] ksys_read+0x150/0x270 [ 875.088631][T32115] ? __pfx_ksys_read+0x10/0x10 [ 875.088654][T32115] ? __pfx_sock_ioctl+0x10/0x10 [ 875.088681][T32115] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 875.088701][T32115] do_syscall_64+0x15f/0xf80 [ 875.088717][T32115] ? trace_irq_disable+0x3b/0x140 [ 875.088743][T32115] ? clear_bhb_loop+0x40/0x90 [ 875.088765][T32115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 875.088783][T32115] RIP: 0033:0x7f37ced5d60e [ 875.088800][T32115] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 875.088815][T32115] RSP: 002b:00007f37cfc6afe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 875.088834][T32115] RAX: ffffffffffffffda RBX: 00007f37cfc6b6c0 RCX: 00007f37ced5d60e [ 875.088847][T32115] RDX: 000000000000000f RSI: 00007f37cfc6b0a0 RDI: 0000000000000004 [ 875.088858][T32115] RBP: 00007f37cfc6b090 R08: 0000000000000000 R09: 0000000000000000 [ 875.088869][T32115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 875.088880][T32115] R13: 00007f37cf016038 R14: 00007f37cf015fa0 R15: 00007ffcc4304e28 [ 875.088911][T32115] [ 875.443917][T27527] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 875.681727][T32137] netlink: 8752 bytes leftover after parsing attributes in process `syz.4.5319'. [ 875.730760][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 875.739268][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 875.747706][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 875.756088][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 876.284280][T32159] netlink: 64 bytes leftover after parsing attributes in process `syz.1.5325'. [ 876.711139][T32189] mac80211_hwsim hwsim54 syzkaller0: entered promiscuous mode [ 876.718663][T32189] mac80211_hwsim hwsim54 syzkaller0: entered allmulticast mode [ 876.923076][T32195] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5334'. [ 877.087265][T32195] ±ÿ speed is unknown, defaulting to 1000 [ 877.095744][T32196] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5334'. [ 877.104946][T32192] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5332'. [ 877.129269][T32204] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5336'. [ 877.193247][T32206] vxcan2: entered allmulticast mode [ 877.386011][ T30] audit: type=1800 audit(1778423372.315:23): pid=32211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.5337" name="memory.events" dev="tmpfs" ino=2538 res=0 errno=0 [ 877.597874][T32218] netlink: 'syz.3.5341': attribute type 1 has an invalid length. [ 877.606190][T32216] netlink: 72 bytes leftover after parsing attributes in process `syz.0.5339'. [ 877.618453][T32216] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5339'. [ 877.627458][T32216] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5339'. [ 877.658623][T32222] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5341'. [ 877.723059][ T30] audit: type=1804 audit(1778423372.655:24): pid=32225 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.5340" name="/newroot/424/memory.events" dev="tmpfs" ino=2195 res=1 errno=0 [ 877.745091][ T30] audit: type=1800 audit(1778423372.655:25): pid=32225 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.5340" name="memory.events" dev="tmpfs" ino=2195 res=0 errno=0 [ 877.798725][T32224] bond14: (slave gretap3): making interface the new active one [ 877.912435][T32224] bond14: (slave gretap3): Enslaving as an active interface with an up link [ 877.973821][T32225] bond8: entered promiscuous mode [ 878.001764][T32218] macvlan3: entered promiscuous mode [ 878.007103][T32218] macvlan3: entered allmulticast mode [ 878.127702][T32230] syzkaller1: tun_chr_ioctl cmd 2147767520 [ 878.143226][T32234] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 878.752942][T32264] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 878.762117][T32264] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 878.771394][T32264] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 878.786662][T32264] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 878.795372][T32264] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 879.456514][T32290] netlink: 'syz.4.5360': attribute type 4 has an invalid length. [ 879.464511][T32291] netlink: 'syz.4.5360': attribute type 4 has an invalid length. [ 879.889178][T32304] tipc: Invalid UDP bearer configuration [ 879.889228][T32304] tipc: Enabling of bearer rejected, failed to enable media [ 880.108623][T32303] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 880.243350][T32319] netlink: 'syz.4.5370': attribute type 6 has an invalid length. [ 880.410152][T32303] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 880.842995][T32330] x_tables: arp_tables: NFQUEUE target: not valid for this family [ 881.248780][T32347] netlink: 'syz.0.5381': attribute type 32 has an invalid length. [ 881.256645][T32347] __nla_validate_parse: 10 callbacks suppressed [ 881.256661][T32347] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5381'. [ 881.366191][T32351] net_ratelimit: 14 callbacks suppressed [ 881.366209][T32351] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 881.436232][T32347] bond14: option coupled_control: invalid value (12) [ 881.438872][T32351] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 881.455403][T32347] bond14 (unregistering): Released all slaves [ 881.520683][T32351] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 881.591995][T32303] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 881.930390][T32369] netlink: 'syz.2.5387': attribute type 10 has an invalid length. [ 881.938261][T32369] netlink: 228 bytes leftover after parsing attributes in process `syz.2.5387'. [ 882.242427][T32303] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 882.571682][T32382] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5391'. [ 882.605345][T32393] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5391'. [ 882.614249][T32393] openvswitch: netlink: Invalid VLAN frame [ 882.729040][T32395] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5395'. [ 882.761010][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 882.769421][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 882.777761][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 883.306262][T32420] syz.4.5402: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 883.321450][T32420] CPU: 1 UID: 0 PID: 32420 Comm: syz.4.5402 Not tainted syzkaller #0 PREEMPT(full) [ 883.321477][T32420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 883.321488][T32420] Call Trace: [ 883.321496][T32420] [ 883.321504][T32420] dump_stack_lvl+0xe8/0x150 [ 883.321533][T32420] warn_alloc+0x249/0x340 [ 883.321561][T32420] ? stack_trace_save+0xa9/0x100 [ 883.321595][T32420] ? __pfx_warn_alloc+0x10/0x10 [ 883.321628][T32420] ? kasan_save_track+0x4f/0x80 [ 883.321649][T32420] ? kasan_save_track+0x3e/0x80 [ 883.321669][T32420] ? __kasan_kmalloc+0x93/0xb0 [ 883.321690][T32420] ? __kmalloc_cache_noprof+0x31c/0x660 [ 883.321712][T32420] ? xskq_create+0x56/0x170 [ 883.321733][T32420] ? xsk_setsockopt+0x54c/0x990 [ 883.321752][T32420] ? do_sock_setsockopt+0x17c/0x1b0 [ 883.321782][T32420] ? __x64_sys_setsockopt+0x13d/0x1b0 [ 883.321805][T32420] ? do_syscall_64+0x15f/0xf80 [ 883.321823][T32420] __vmalloc_node_range_noprof+0x132/0x1750 [ 883.321872][T32420] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 883.321901][T32420] ? __kasan_kmalloc+0x93/0xb0 [ 883.321929][T32420] vmalloc_user_noprof+0xad/0xe0 [ 883.321952][T32420] ? xskq_create+0xbf/0x170 [ 883.321974][T32420] xskq_create+0xbf/0x170 [ 883.321998][T32420] xsk_init_queue+0x8a/0xe0 [ 883.322021][T32420] xsk_setsockopt+0x54c/0x990 [ 883.322044][T32420] ? __pfx_xsk_setsockopt+0x10/0x10 [ 883.322065][T32420] ? __pfx_aa_sk_perm+0x10/0x10 [ 883.322087][T32420] ? aa_sock_opt_perm+0xff/0x1a0 [ 883.322111][T32420] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 883.322132][T32420] ? __pfx_xsk_setsockopt+0x10/0x10 [ 883.322155][T32420] do_sock_setsockopt+0x17c/0x1b0 [ 883.322181][T32420] __x64_sys_setsockopt+0x13d/0x1b0 [ 883.322208][T32420] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 883.322226][T32420] do_syscall_64+0x15f/0xf80 [ 883.322240][T32420] ? trace_irq_disable+0x3b/0x140 [ 883.322264][T32420] ? clear_bhb_loop+0x40/0x90 [ 883.322283][T32420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 883.322299][T32420] RIP: 0033:0x7f37ced9cdd9 [ 883.322316][T32420] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 883.322330][T32420] RSP: 002b:00007f37cfc6b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 883.322348][T32420] RAX: ffffffffffffffda RBX: 00007f37cf015fa0 RCX: 00007f37ced9cdd9 [ 883.322360][T32420] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008 [ 883.322370][T32420] RBP: 00007f37cee32d69 R08: 0000000000000004 R09: 0000000000000000 [ 883.322380][T32420] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 883.322390][T32420] R13: 00007f37cf016038 R14: 00007f37cf015fa0 R15: 00007ffcc4304e28 [ 883.322416][T32420] [ 883.322436][T32420] Mem-Info: [ 883.708880][T32420] active_anon:6178 inactive_anon:0 isolated_anon:0 [ 883.708880][T32420] active_file:2572 inactive_file:40765 isolated_file:0 [ 883.708880][T32420] unevictable:768 dirty:225 writeback:0 [ 883.708880][T32420] slab_reclaimable:14995 slab_unreclaimable:216192 [ 883.708880][T32420] mapped:30435 shmem:1426 pagetables:1512 [ 883.708880][T32420] sec_pagetables:0 bounce:0 [ 883.708880][T32420] kernel_misc_reclaimable:0 [ 883.708880][T32420] free:1178116 free_pcp:23003 free_cma:0 [ 883.754384][T32420] Node 0 active_anon:24812kB inactive_anon:0kB active_file:10288kB inactive_file:162856kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:84876kB dirty:900kB writeback:0kB shmem:4168kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:19040kB pagetables:5680kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 883.847457][T32420] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:36864kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:168kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 883.880360][T32420] Node 0 DMA free:11256kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 883.910240][T32420] lowmem_reserve[]: 0 2492 2493 2493 2493 [ 883.916017][T32420] Node 0 DMA32 free:1030680kB boost:0kB min:34188kB low:42732kB high:51276kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24688kB inactive_anon:0kB active_file:10288kB inactive_file:162864kB unevictable:1536kB writepending:904kB zspages:0kB present:3129332kB managed:2552540kB mlocked:0kB bounce:0kB free_pcp:40272kB local_pcp:21148kB free_cma:0kB [ 884.010346][T28592] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 884.024659][T32420] lowmem_reserve[]: 0 0 0 0 0 [ 884.029434][T32420] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:668kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 884.066848][T10263] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 884.075483][T32420] lowmem_reserve[]: 0 0 0 0 0 [ 884.080243][T32420] Node 1 Normal free:3671836kB boost:0kB min:55704kB low:69628kB high:83552kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:51564kB local_pcp:27152kB free_cma:0kB [ 884.129655][T32424] ±ÿ speed is unknown, defaulting to 1000 [ 884.246541][T10266] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 884.332771][T32420] lowmem_reserve[]: 0 0 0 0 0 [ 884.339332][T32420] Node 0 DMA: 0*4kB 1*8kB (U) 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 2*1024kB (U) 2*2048kB (UM) 1*4096kB (M) = 11256kB [ 884.364895][T32420] Node 0 DMA32: 5345*4kB (U) 6865*8kB (U) 3273*16kB (UM) 429*32kB (UM) 158*64kB (UME) 346*128kB (UM) 524*256kB (UM) 378*512kB (UME) 248*1024kB (UME) 123*2048kB (UM) 0*4096kB = 1030332kB [ 884.436849][T32420] Node 0 Normal: 0*4kB [ 884.456172][T32439] netlink: 'syz.0.5407': attribute type 1 has an invalid length. [ 884.468185][T28592] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 884.499813][T32420] 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 884.509516][T32420] Node 1 Normal: 8*4kB (U) 12*8kB (UM) 15*16kB (UM) 9*32kB (UM) 19*64kB (UM) 14*128kB (UM) 13*256kB (UM) 12*512kB (UM) 9*1024kB (UM) 8*2048kB (U) 887*4096kB (UM) = 3671888kB [ 884.527133][T32440] netlink: 'syz.0.5407': attribute type 1 has an invalid length. [ 884.604175][T32420] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 884.634178][T32420] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 884.666154][T32420] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 884.682307][T32420] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 884.694622][T32420] 44761 total pagecache pages [ 884.699351][T32420] 0 pages in swap cache [ 884.740894][T32420] Free swap = 124996kB [ 884.771927][T32420] Total swap = 124996kB [ 884.787959][T32420] 2097051 pages RAM [ 884.812601][T32420] 0 pages HighMem/MovableOnly [ 884.824246][T32420] 427134 pages reserved [ 884.834903][T32451] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5411'. [ 884.884404][T32420] 0 pages cma reserved [ 884.892793][T25298] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 884.922505][T32455] netlink: 56 bytes leftover after parsing attributes in process `syz.3.5412'. [ 884.945522][T32455] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5412'. [ 884.957216][T32454] netlink: 56 bytes leftover after parsing attributes in process `syz.3.5412'. [ 884.978091][T32454] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5412'. [ 885.024570][T32446] ±ÿ speed is unknown, defaulting to 1000 [ 886.867186][T32465] ±ÿ speed is unknown, defaulting to 1000 [ 887.241045][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 887.249463][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 887.257823][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 887.581827][T32499] netlink: 244 bytes leftover after parsing attributes in process `syz.0.5424'. [ 887.821314][T32507] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001161 ! [ 888.425995][T32525] ±ÿ speed is unknown, defaulting to 1000 [ 889.700326][T32536] netlink: 'syz.4.5435': attribute type 1 has an invalid length. [ 889.937860][T32556] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5439'. [ 890.521808][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 890.530300][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 890.541330][T25298] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 890.851317][T32587] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5447'. [ 891.020702][T32586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5448'. [ 891.031597][T32586] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5448'. [ 892.388420][T32618] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.5456'. [ 892.536564][T32632] veth1_to_team: default FDB implementation only supports local addresses [ 892.572072][T32635] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5460'. [ 892.582901][T32635] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5460'. [ 892.591974][T32635] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5460'. [ 892.601006][T32635] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5460'. [ 892.793552][T32644] xt_SECMARK: invalid mode: 4 [ 893.740598][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 893.749005][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 893.757313][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 894.081652][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 895.219066][T32613] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 895.513060][T32661] FAULT_INJECTION: forcing a failure. [ 895.513060][T32661] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 895.543795][T32655] sctp: [Deprecated]: syz.0.5464 (pid 32655) Use of int in maxseg socket option. [ 895.543795][T32655] Use struct sctp_assoc_value instead [ 895.550926][T32661] CPU: 1 UID: 0 PID: 32661 Comm: syz.2.5468 Not tainted syzkaller #0 PREEMPT(full) [ 895.550950][T32661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 895.550962][T32661] Call Trace: [ 895.550970][T32661] [ 895.550977][T32661] dump_stack_lvl+0xe8/0x150 [ 895.551003][T32661] should_fail_ex+0x412/0x560 [ 895.551030][T32661] _copy_from_user+0x2d/0xb0 [ 895.551055][T32661] hidp_sock_ioctl+0x2dc/0x650 [ 895.551080][T32661] ? __pfx_hidp_sock_ioctl+0x10/0x10 [ 895.551142][T32661] ? do_vfs_ioctl+0x1166/0x1530 [ 895.551179][T32661] sock_do_ioctl+0x101/0x320 [ 895.551201][T32661] ? __pfx_sock_do_ioctl+0x10/0x10 [ 895.551218][T32661] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 895.551251][T32661] sock_ioctl+0x5c6/0x7f0 [ 895.551272][T32661] ? __pfx_sock_ioctl+0x10/0x10 [ 895.551291][T32661] ? __fget_files+0x2a/0x420 [ 895.551310][T32661] ? __fget_files+0x3a0/0x420 [ 895.551329][T32661] ? __fget_files+0x2a/0x420 [ 895.551351][T32661] ? bpf_lsm_file_ioctl+0x9/0x20 [ 895.551376][T32661] ? __pfx_sock_ioctl+0x10/0x10 [ 895.551393][T32661] __se_sys_ioctl+0xfc/0x170 [ 895.551417][T32661] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 895.551435][T32661] do_syscall_64+0x15f/0xf80 [ 895.551453][T32661] ? clear_bhb_loop+0x40/0x90 [ 895.551474][T32661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 895.551491][T32661] RIP: 0033:0x7fb71e79cdd9 [ 895.551508][T32661] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 895.551522][T32661] RSP: 002b:00007fb71f5de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 895.551541][T32661] RAX: ffffffffffffffda RBX: 00007fb71ea15fa0 RCX: 00007fb71e79cdd9 [ 895.551553][T32661] RDX: 0000200000000400 RSI: 00000000400448c8 RDI: 0000000000000005 [ 895.551564][T32661] RBP: 00007fb71f5de090 R08: 0000000000000000 R09: 0000000000000000 [ 895.551575][T32661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 895.551585][T32661] R13: 00007fb71ea16038 R14: 00007fb71ea15fa0 R15: 00007ffed5203c18 [ 895.551621][T32661] [ 895.694397][T32653] __nla_validate_parse: 61 callbacks suppressed [ 895.694415][T32653] netlink: 76 bytes leftover after parsing attributes in process `syz.0.5464'. [ 895.751375][T32667] netlink: 996 bytes leftover after parsing attributes in process `syz.4.5467'. [ 895.873938][T32655] netlink: 'syz.0.5464': attribute type 2 has an invalid length. [ 896.084741][T32682] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 896.094243][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 896.119759][T32678] tipc: New replicast peer: 255.255.255.255 [ 896.126577][T32678] tipc: Enabled bearer , priority 10 [ 896.228100][T32693] dvmrp6: entered allmulticast mode [ 896.233765][T32679] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5472'. [ 896.321236][T32697] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5475'. [ 896.387396][T32697] batadv_slave_0: Caught tx_queue_len zero misconfig [ 896.477321][T32693] netlink: 51 bytes leftover after parsing attributes in process `syz.0.5476'. [ 896.637123][T32712] xt_hashlimit: size too large, truncated to 1048576 [ 896.667937][T32715] xt_hashlimit: size too large, truncated to 1048576 [ 896.722211][T32717] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5483'. [ 896.731457][T32717] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5483'. [ 896.842427][T32722] tap0: tun_chr_ioctl cmd 1074025677 [ 896.848109][T32722] tap0: linktype set to 773 [ 896.878419][T32727] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5484'. [ 896.907271][T32727] netlink: 7 bytes leftover after parsing attributes in process `syz.0.5484'. [ 897.149804][T32731] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5486'. [ 897.561272][T32715] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 897.747782][T32760] netlink: 'syz.3.5493': attribute type 39 has an invalid length. [ 897.820716][T32762] sctp: [Deprecated]: syz.3.5493 (pid 32762) Use of int in maxseg socket option. [ 897.820716][T32762] Use struct sctp_assoc_value instead [ 897.883235][T32762] bond13: (slave lo): Releasing backup interface [ 897.972188][T32762] bond13: (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed [ 897.983451][T32762] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 898.244176][ T308] netlink: 'syz.4.5499': attribute type 7 has an invalid length. [ 898.271016][ T315] netlink: 'syz.4.5499': attribute type 7 has an invalid length. [ 898.929974][ T334] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 898.941359][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 898.950867][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 898.959315][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 898.967670][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 898.976032][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 898.988614][ T334] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 899.039993][ T337] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 899.048462][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 899.082058][ T334] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 899.546818][ T352] mac80211_hwsim hwsim63 syzkaller0: left promiscuous mode [ 899.560140][ T352] mac80211_hwsim hwsim63 syzkaller0: left allmulticast mode [ 899.725643][T10260] nci: nci_rsp_packet: unknown rsp opcode 0xa [ 899.889978][ T378] ip6gre2: entered allmulticast mode [ 899.897413][ T378] team0: Device ip6gre2 is of different type [ 901.039061][ T417] __nla_validate_parse: 9 callbacks suppressed [ 901.039079][ T417] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5542'. [ 901.286929][ T431] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 901.401899][ T438] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5550'. [ 902.101214][ T452] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5555'. [ 902.395669][ T462] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5561'. [ 902.634844][ T480] netlink: 'syz.4.5567': attribute type 3 has an invalid length. [ 902.642612][ T480] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5567'. [ 902.652663][ T480] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5567'. [ 902.893832][ T491] netlink: 240 bytes leftover after parsing attributes in process `syz.3.5569'. [ 902.960601][ T491] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 903.229915][ T503] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5571'. [ 903.401850][ T515] sit0: entered promiscuous mode [ 903.419202][ T515] netlink: 'syz.1.5574': attribute type 1 has an invalid length. [ 903.426971][ T515] netlink: 1 bytes leftover after parsing attributes in process `syz.1.5574'. [ 904.842737][ T539] IPVS: length: 528 != 632 [ 905.113926][ T548] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5585'. [ 905.357305][ T561] net_ratelimit: 26 callbacks suppressed [ 905.357325][ T561] openvswitch: netlink: Message has 4 unknown bytes. [ 905.421182][ T561] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 905.433974][ T561] netlink: 'syz.0.5590': attribute type 8 has an invalid length. [ 905.600934][ T568] ±ÿ speed is unknown, defaulting to 1000 [ 906.248901][ T594] __nla_validate_parse: 3 callbacks suppressed [ 906.248920][ T594] netlink: 120 bytes leftover after parsing attributes in process `syz.3.5598'. [ 906.269784][ T594] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5598'. [ 906.413474][ T599] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5599'. [ 906.457038][ T599] syzkaller0: entered promiscuous mode [ 906.500058][ T599] syzkaller0: entered allmulticast mode [ 906.512733][ T602] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5601'. [ 906.521737][ T602] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5601'. [ 906.540540][ T596] tc action pedit 'at' offset 8666 out of bounds [ 906.547229][ T596] tc action pedit 'at' offset 8666 out of bounds [ 906.553545][ T596] tc action pedit 'at' offset 8666 out of bounds [ 906.559848][ T596] tc action pedit 'at' offset 8666 out of bounds [ 906.566151][ T596] tc action pedit 'at' offset 8666 out of bounds [ 906.593723][ T596] tc action pedit 'at' offset 8666 out of bounds [ 906.600052][ T596] tc action pedit 'at' offset 8666 out of bounds [ 906.606357][ T596] tc action pedit 'at' offset 8666 out of bounds [ 906.612659][ T596] tc action pedit 'at' offset 8666 out of bounds [ 906.618956][ T596] tc action pedit 'at' offset 8666 out of bounds [ 906.625272][ T596] TC_ACT_REPEAT abuse ? [ 906.884429][ T602] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5601'. [ 906.893321][ T602] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5601'. [ 906.921124][ T30] audit: type=1804 audit(1778423401.815:26): pid=606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.5602" name="/newroot/510/cgroup.controllers" dev="tmpfs" ino=2625 res=1 errno=0 [ 906.943809][ T30] audit: type=1800 audit(1778423401.815:27): pid=606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.5602" name="cgroup.controllers" dev="tmpfs" ino=2625 res=0 errno=0 [ 907.160113][ T613] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5605'. [ 907.540313][ T611] syzkaller0: entered promiscuous mode [ 907.545902][ T611] syzkaller0: entered allmulticast mode [ 907.581128][ T620] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 907.623491][ T620] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 908.337063][ T632] netlink: 1084 bytes leftover after parsing attributes in process `syz.1.5610'. [ 908.711907][ T641] lo speed is unknown, defaulting to 1000 [ 908.752519][ T641] lo speed is unknown, defaulting to 1000 [ 908.773806][ T641] lo speed is unknown, defaulting to 1000 [ 908.804917][ T641] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 908.819505][ T641] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 908.876499][ T641] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 908.897758][ T641] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 908.924498][ T641] lo speed is unknown, defaulting to 1000 [ 908.943898][ T641] lo speed is unknown, defaulting to 1000 [ 908.957865][ T641] lo speed is unknown, defaulting to 1000 [ 908.967351][ T641] lo speed is unknown, defaulting to 1000 [ 908.992158][ T641] lo speed is unknown, defaulting to 1000 [ 908.998998][ T641] lo speed is unknown, defaulting to 1000 [ 909.005939][ T641] lo speed is unknown, defaulting to 1000 [ 909.012672][ T641] lo speed is unknown, defaulting to 1000 [ 909.019274][ T641] lo speed is unknown, defaulting to 1000 [ 909.030014][ T641] lo speed is unknown, defaulting to 1000 [ 909.170251][ T655] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 909.297957][ T662] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5616'. [ 909.392371][ T655] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 909.591972][ T673] netlink: 'syz.2.5619': attribute type 12 has an invalid length. [ 909.784059][ T678] netlink: 'syz.3.5620': attribute type 4 has an invalid length. [ 909.806078][ T655] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 910.196834][ T681] mac80211_hwsim hwsim63 syzkaller0: entered promiscuous mode [ 910.204449][ T681] mac80211_hwsim hwsim63 syzkaller0: entered allmulticast mode [ 910.213704][ T684] dvmrp1: tun_chr_ioctl cmd 1074025677 [ 910.219445][ T684] dvmrp1: linktype set to 0 [ 910.320515][ T655] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 910.428799][ T688] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 910.479581][ T689] debugfs: 'netdev:syzkaller0' already exists in 'phy65' [ 910.570026][ T691] netlink: 'syz.3.5625': attribute type 1 has an invalid length. [ 910.592459][ T691] 8021q: adding VLAN 0 to HW filter on device bond15 [ 910.718207][ T701] netlink: 'syz.2.5628': attribute type 3 has an invalid length. [ 910.798610][ T688] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 910.872223][T10266] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 910.996864][T10266] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 911.005103][T10266] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 911.013295][T10266] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 911.511066][ T688] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 911.528267][ T728] __nla_validate_parse: 2 callbacks suppressed [ 911.528284][ T728] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5637'. [ 911.650809][ T735] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5640'. [ 911.728986][ T739] ±ÿ speed is unknown, defaulting to 1000 [ 912.068976][ T741] ±ÿ speed is unknown, defaulting to 1000 [ 912.337002][ T740] veth0_macvtap: entered promiscuous mode [ 912.342781][ T740] veth0_macvtap: entered allmulticast mode [ 912.387881][ T740] 8021q: adding VLAN 0 to HW filter on device bond4 [ 912.465821][ T740] 8021q: adding VLAN 0 to HW filter on device bond5 [ 912.484371][ T740] 8021q: adding VLAN 0 to HW filter on device bond6 [ 912.513579][ T740] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 912.523791][ T740] 8021q: adding VLAN 0 to HW filter on device bond7 [ 912.534590][ T740] 8021q: adding VLAN 0 to HW filter on device bond8 [ 912.599794][ T740] 8021q: adding VLAN 0 to HW filter on device eth0 [ 912.608919][ T740] 8021q: adding VLAN 0 to HW filter on device eth1 [ 912.618371][ T740] 8021q: adding VLAN 0 to HW filter on device eth2 [ 912.627443][ T740] 8021q: adding VLAN 0 to HW filter on device eth3 [ 912.635028][T11425] team_slave_0: entered promiscuous mode [ 912.640711][T11425] team_slave_1: entered promiscuous mode [ 912.668719][T10266] ip6_tnl_xmit_ctl: 2 callbacks suppressed [ 912.668739][T10266] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 912.689915][ T688] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 912.734199][ T750] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5645'. [ 912.791245][ T751] bond16: Unable to set up delay as MII monitoring is disabled [ 912.801697][ T751] bond16 (unregistering): Released all slaves [ 912.818114][ T739] lo speed is unknown, defaulting to 1000 [ 913.052604][T10266] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 913.078703][ T741] lo speed is unknown, defaulting to 1000 [ 913.198664][T10260] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 913.207825][T10260] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 913.310419][T10266] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 913.482606][T10266] bond3: (slave veth9): link status definitely up, 10000 Mbps full duplex [ 913.491773][T10266] bond3: (slave veth9): making interface the new active one [ 913.503254][T10266] bond3: active interface up! [ 914.409001][ T776] netlink: 144 bytes leftover after parsing attributes in process `syz.3.5651'. [ 914.421161][ T776] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5651'. [ 915.039139][ T788] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5655'. [ 915.225453][ T794] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5658'. [ 915.368917][ T799] bridge_slave_0: Caught tx_queue_len zero misconfig [ 915.543244][ T803] netlink: 'syz.1.5661': attribute type 3 has an invalid length. [ 915.551129][ T803] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5661'. [ 916.222657][ T830] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5674'. [ 916.618038][ T850] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5683'. [ 916.652499][ T850] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5683'. [ 917.000815][ C0] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 920.525527][ T895] netlink: 352 bytes leftover after parsing attributes in process `syz.1.5701'. [ 921.183142][ T924] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5713'. [ 921.204570][ T540] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 921.231643][ T540] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 921.240780][ T540] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 921.263475][ T924] netlink: 43 bytes leftover after parsing attributes in process `syz.3.5713'. [ 921.282213][ T924] netlink: 'syz.3.5713': attribute type 5 has an invalid length. [ 921.290061][ T924] netlink: 43 bytes leftover after parsing attributes in process `syz.3.5713'. [ 921.310416][ T540] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 921.323095][ T540] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 921.866062][ T947] 8021q: adding VLAN 0 to HW filter on device bond12 [ 921.877908][ T947] team0: Port device bond12 added [ 921.899182][ T947] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5716'. [ 921.908073][ T947] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5716'. [ 922.613060][ T982] netlink: 48 bytes leftover after parsing attributes in process `syz.1.5723'. [ 922.624467][ T920] ±ÿ speed is unknown, defaulting to 1000 [ 923.392762][ T540] Bluetooth: hci3: command tx timeout [ 923.592455][ T920] lo speed is unknown, defaulting to 1000 [ 923.600635][T10259] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 923.613635][T10259] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 923.626580][ T1016] netlink: 'syz.2.5732': attribute type 1 has an invalid length. [ 923.708381][ T999] bridge8: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 923.727154][ T1023] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5735'. [ 923.757822][ T1023] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5735'. [ 923.813927][ T1025] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5735'. [ 923.828304][ T1016] 8021q: adding VLAN 0 to HW filter on device bond13 [ 923.840669][ T1025] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5735'. [ 925.000335][ T920] bridge0: port 1(bridge_slave_0) entered blocking state [ 925.069231][ T920] bridge0: port 1(bridge_slave_0) entered disabled state [ 925.076579][ T920] bridge_slave_0: entered allmulticast mode [ 925.084542][ T920] bridge_slave_0: entered promiscuous mode [ 925.391924][ T920] bridge0: port 2(bridge_slave_1) entered blocking state [ 925.399087][ T920] bridge0: port 2(bridge_slave_1) entered disabled state [ 925.406544][ T920] bridge_slave_1: entered allmulticast mode [ 925.414472][ T920] bridge_slave_1: entered promiscuous mode [ 925.481758][ T540] Bluetooth: hci3: command tx timeout [ 925.545898][ T920] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 925.561989][ T920] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 925.619439][ T920] team0: Port device team_slave_0 added [ 925.668276][ T920] team0: Port device team_slave_1 added [ 925.720568][ C0] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 925.790003][ T920] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 925.796993][ T920] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 925.826268][ T1115] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5760'. [ 925.907646][ T920] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 925.923216][ T920] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 925.931712][ T920] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 925.968415][ T920] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 926.074801][ T1123] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5766'. [ 926.142399][ T920] hsr_slave_0: entered promiscuous mode [ 926.232869][ T920] hsr_slave_1: entered promiscuous mode [ 926.239385][ T920] debugfs: 'hsr0' already exists in 'hsr' [ 926.245136][ T920] Cannot create hsr debugfs directory [ 926.795939][ T920] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 926.821292][ T920] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 926.829804][ T920] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 926.844479][ T920] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 926.852611][ T920] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 926.921608][ T920] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 926.929320][ T1158] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5782'. [ 926.940252][ T920] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 926.972477][ T920] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 927.215536][ T1176] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5784'. [ 927.237873][ T1176] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5784'. [ 927.256790][ T1176] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5784'. [ 927.320183][ T920] 8021q: adding VLAN 0 to HW filter on device bond0 [ 927.364262][ T1180] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5788'. [ 927.393686][ T920] 8021q: adding VLAN 0 to HW filter on device team0 [ 927.410970][T28592] bridge0: port 1(bridge_slave_0) entered blocking state [ 927.463331][T28592] bridge0: port 1(bridge_slave_0) entered forwarding state [ 927.516494][ T8375] bridge0: port 2(bridge_slave_1) entered blocking state [ 927.523665][ T8375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 927.571330][ T540] Bluetooth: hci3: command tx timeout [ 927.686327][ T920] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 928.253947][ T1220] netlink: 'syz.2.5803': attribute type 4 has an invalid length. [ 928.266222][ T1220] netlink: 'syz.2.5803': attribute type 4 has an invalid length. [ 928.508780][ T1215] syzkaller0: entered promiscuous mode [ 928.514297][ T1215] syzkaller0: entered allmulticast mode [ 928.745576][ T920] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 929.080309][ T1263] netlink: 64 bytes leftover after parsing attributes in process `syz.4.5815'. [ 929.229528][ T920] veth0_vlan: entered promiscuous mode [ 929.274483][ T920] veth1_vlan: entered promiscuous mode [ 929.308778][ T920] veth0_macvtap: entered promiscuous mode [ 929.319314][ T920] veth1_macvtap: entered promiscuous mode [ 929.485306][ T1279] netlink: 256 bytes leftover after parsing attributes in process `syz.3.5822'. [ 929.517550][ T920] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 929.560567][ T920] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 929.644811][ T540] Bluetooth: hci3: command tx timeout [ 929.717853][T10262] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.833119][T28592] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.916649][T28592] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 930.030077][ T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 930.093781][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 930.113907][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 930.253797][T10263] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 930.265412][T10263] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 930.397093][ T1321] mac80211_hwsim hwsim54 syzkaller0: left promiscuous mode [ 930.404876][ T1321] mac80211_hwsim hwsim54 syzkaller0: left allmulticast mode [ 930.529261][ T1326] netlink: 192 bytes leftover after parsing attributes in process `syz.1.5839'. [ 931.011699][ T1348] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5849'. [ 931.174544][T20677] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 931.194230][T20677] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 931.202370][T20677] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 931.212943][T20677] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 931.283830][T20677] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 931.610661][ T1374] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 932.188281][ T1349] ±ÿ speed is unknown, defaulting to 1000 [ 932.784304][ T1424] ªªªªªª: renamed from vlan0 [ 933.412904][ T540] Bluetooth: hci1: command tx timeout [ 933.503860][ T1349] lo speed is unknown, defaulting to 1000 [ 934.751035][T10266] veth0_virt_wifi: left allmulticast mode [ 934.757045][T10266] veth0_virt_wifi: left promiscuous mode [ 934.767082][T10266] bridge0: port 3(veth0_virt_wifi) entered disabled state [ 934.788551][T10266] bridge_slave_1: left allmulticast mode [ 934.794245][T10266] bridge_slave_1: left promiscuous mode [ 934.843500][T10266] bridge0: port 2(bridge_slave_1) entered disabled state [ 934.876775][T10266] bridge_slave_0: left allmulticast mode [ 934.882469][T10266] bridge_slave_0: left promiscuous mode [ 934.888208][T10266] bridge0: port 1(bridge_slave_0) entered disabled state [ 934.981138][T10266] pimreg9: left allmulticast mode [ 935.420303][T10266] bond12 (unregistering): (slave ip6gre1): Releasing backup interface [ 935.428566][T10266] ip6gre1 (unregistering): left promiscuous mode [ 935.483163][T20677] Bluetooth: hci1: command tx timeout [ 935.807509][T10266] bond14 (unregistering): (slave gretap3): Releasing active interface [ 935.857868][ T1543] FAULT_INJECTION: forcing a failure. [ 935.857868][ T1543] name failslab, interval 1, probability 0, space 0, times 0 [ 935.870681][ T1543] CPU: 0 UID: 0 PID: 1543 Comm: syz.4.5923 Not tainted syzkaller #0 PREEMPT(full) [ 935.870704][ T1543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 935.870714][ T1543] Call Trace: [ 935.870721][ T1543] [ 935.870729][ T1543] dump_stack_lvl+0xe8/0x150 [ 935.870756][ T1543] should_fail_ex+0x412/0x560 [ 935.870784][ T1543] should_failslab+0xa8/0x100 [ 935.870810][ T1543] __kmalloc_noprof+0xe8/0x760 [ 935.870835][ T1543] ? security_sk_alloc+0x52/0x360 [ 935.870858][ T1543] security_sk_alloc+0x52/0x360 [ 935.870878][ T1543] sk_prot_alloc+0x101/0x210 [ 935.870902][ T1543] ? sk_alloc+0x27/0x390 [ 935.870923][ T1543] sk_alloc+0x3a/0x390 [ 935.870944][ T1543] bpf_prog_test_run_skb+0x415/0x2260 [ 935.870978][ T1543] ? __fget_files+0x3a0/0x420 [ 935.870994][ T1543] ? __fget_files+0x2a/0x420 [ 935.871013][ T1543] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 935.871032][ T1543] bpf_prog_test_run+0x2c7/0x340 [ 935.871049][ T1543] __sys_bpf+0x643/0x950 [ 935.871069][ T1543] ? __pfx___sys_bpf+0x10/0x10 [ 935.871100][ T1543] ? ksys_write+0x242/0x270 [ 935.871120][ T1543] ? __pfx_ksys_write+0x10/0x10 [ 935.871142][ T1543] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 935.871157][ T1543] __x64_sys_bpf+0x7c/0x90 [ 935.871175][ T1543] do_syscall_64+0x15f/0xf80 [ 935.871188][ T1543] ? trace_irq_disable+0x3b/0x140 [ 935.871207][ T1543] ? clear_bhb_loop+0x40/0x90 [ 935.871223][ T1543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 935.871236][ T1543] RIP: 0033:0x7f37ced9cdd9 [ 935.871250][ T1543] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 935.871262][ T1543] RSP: 002b:00007f37cfc6b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 935.871277][ T1543] RAX: ffffffffffffffda RBX: 00007f37cf015fa0 RCX: 00007f37ced9cdd9 [ 935.871286][ T1543] RDX: 0000000000000048 RSI: 00002000000002c0 RDI: 000000000000000a [ 935.871295][ T1543] RBP: 00007f37cfc6b090 R08: 0000000000000000 R09: 0000000000000000 [ 935.871304][ T1543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 935.871311][ T1543] R13: 00007f37cf016038 R14: 00007f37cf015fa0 R15: 00007ffcc4304e28 [ 935.871333][ T1543] [ 936.103555][T10266] bond9 (unregistering): (slave geneve3): Releasing active interface [ 937.550676][T20677] Bluetooth: hci1: command tx timeout [ 937.579501][T10266] bond1 (unregistering): Released all slaves [ 937.598250][T10266] bond2 (unregistering): Released all slaves [ 937.612270][T10266] bond3 (unregistering): Released all slaves [ 937.631719][T10266] bond4 (unregistering): Released all slaves [ 937.649709][T10266] bond5 (unregistering): Released all slaves [ 937.665453][T10266] bond6 (unregistering): Released all slaves [ 937.696066][T10266] bond7 (unregistering): (slave wireguard0): Releasing backup interface [ 937.705450][T10266] bond7 (unregistering): Released all slaves [ 937.722347][T10266] bond0 (unregistering): Released all slaves [ 937.737961][T10266] bond8 (unregistering): Released all slaves [ 937.754108][T10266] bond9 (unregistering): Released all slaves [ 937.769785][T10266] bond10 (unregistering): Released all slaves [ 937.793005][T10266] bond11 (unregistering): Released all slaves [ 937.815756][T10266] bond12 (unregistering): Released all slaves [ 937.847491][T10266] bond13 (unregistering): Released all slaves [ 937.864354][T10266] bond14 (unregistering): Released all slaves [ 937.886929][T10266] bond15 (unregistering): Released all slaves [ 937.914036][ T5287] 8021q: adding VLAN 0 to HW filter on device eth1 [ 937.952573][ T1534] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 938.429800][ T1349] bridge0: port 1(bridge_slave_0) entered blocking state [ 938.499344][ T1349] bridge0: port 1(bridge_slave_0) entered disabled state [ 938.509613][ T1349] bridge_slave_0: entered allmulticast mode [ 938.532430][ T1349] bridge_slave_0: entered promiscuous mode [ 938.557603][ T1349] bridge0: port 2(bridge_slave_1) entered blocking state [ 938.574906][ T1349] bridge0: port 2(bridge_slave_1) entered disabled state [ 938.600258][ T1349] bridge_slave_1: entered allmulticast mode [ 938.608594][ T1349] bridge_slave_1: entered promiscuous mode [ 938.609424][ T1577] netlink: 176 bytes leftover after parsing attributes in process `syz.2.5932'. [ 938.823435][T10266] tipc: Left network mode [ 938.902920][ T1349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 939.143840][ T1349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 939.486745][ T1349] team0: Port device team_slave_0 added [ 939.495618][ T1349] team0: Port device team_slave_1 added [ 939.661634][T20677] Bluetooth: hci1: command tx timeout [ 939.862232][ T1349] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 939.869377][ T1349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 939.895254][ T1349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 939.975891][ T5287] 8021q: adding VLAN 0 to HW filter on device eth2 [ 940.013631][ T1349] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 940.020611][ T1349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 940.168323][ T1349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 940.170619][ T1628] netlink: 176 bytes leftover after parsing attributes in process `syz.1.5944'. [ 940.410758][ T1640] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:0021 with DS=0x7 [ 940.688451][ T1349] hsr_slave_0: entered promiscuous mode [ 940.733836][ T1349] hsr_slave_1: entered promiscuous mode [ 940.761854][ T1349] debugfs: 'hsr0' already exists in 'hsr' [ 940.785484][ T1349] Cannot create hsr debugfs directory [ 941.136798][ T1667] netlink: 'syz.5.5955': attribute type 10 has an invalid length. [ 941.519367][ T1684] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 941.526686][ T1684] IPv6: NLM_F_CREATE should be set when creating new route [ 941.533978][ T1684] IPv6: NLM_F_CREATE should be set when creating new route [ 941.985370][ T5287] 8021q: adding VLAN 0 to HW filter on device eth3 [ 943.021464][ C0] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 943.090120][ T1741] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5972'. [ 943.800871][ T1772] FAULT_INJECTION: forcing a failure. [ 943.800871][ T1772] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 943.813958][ T1772] CPU: 1 UID: 0 PID: 1772 Comm: syz.5.5983 Not tainted syzkaller #0 PREEMPT(full) [ 943.813983][ T1772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 943.813995][ T1772] Call Trace: [ 943.814003][ T1772] [ 943.814011][ T1772] dump_stack_lvl+0xe8/0x150 [ 943.814039][ T1772] should_fail_ex+0x412/0x560 [ 943.814068][ T1772] _copy_from_iter+0x1d3/0x1670 [ 943.814096][ T1772] ? rcu_is_watching+0x15/0xb0 [ 943.814124][ T1772] ? __pfx__copy_from_iter+0x10/0x10 [ 943.814146][ T1772] ? __kmalloc_node_track_caller_noprof+0x4f9/0x7b0 [ 943.814181][ T1772] ? netlink_sendmsg+0x650/0xb40 [ 943.814205][ T1772] ? skb_put+0x11b/0x210 [ 943.814234][ T1772] netlink_sendmsg+0x6c0/0xb40 [ 943.814268][ T1772] ? __pfx_netlink_sendmsg+0x10/0x10 [ 943.814297][ T1772] ? aa_sock_msg_perm+0xf1/0x1b0 [ 943.814323][ T1772] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 943.814350][ T1772] ____sys_sendmsg+0x972/0x9f0 [ 943.814376][ T1772] ? __might_fault+0xaf/0x130 [ 943.814405][ T1772] ? __pfx_____sys_sendmsg+0x10/0x10 [ 943.814441][ T1772] ? import_iovec+0x73/0xa0 [ 943.814469][ T1772] ___sys_sendmsg+0x2a5/0x360 [ 943.814494][ T1772] ? __lock_acquire+0x6b5/0x2cf0 [ 943.814518][ T1772] ? __pfx____sys_sendmsg+0x10/0x10 [ 943.814579][ T1772] ? __fget_files+0x2a/0x420 [ 943.814600][ T1772] ? __fget_files+0x3a0/0x420 [ 943.814628][ T1772] __x64_sys_sendmsg+0x1bd/0x2a0 [ 943.814655][ T1772] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 943.814687][ T1772] ? __pfx_ksys_write+0x10/0x10 [ 943.814716][ T1772] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.814733][ T1772] do_syscall_64+0x15f/0xf80 [ 943.814748][ T1772] ? trace_irq_disable+0x3b/0x140 [ 943.814769][ T1772] ? clear_bhb_loop+0x40/0x90 [ 943.814790][ T1772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.814807][ T1772] RIP: 0033:0x7f2b6d79cdd9 [ 943.814826][ T1772] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 943.814842][ T1772] RSP: 002b:00007f2b6e65f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 943.814862][ T1772] RAX: ffffffffffffffda RBX: 00007f2b6da15fa0 RCX: 00007f2b6d79cdd9 [ 943.814875][ T1772] RDX: 0000000000004080 RSI: 0000200000000480 RDI: 0000000000000003 [ 943.814887][ T1772] RBP: 00007f2b6e65f090 R08: 0000000000000000 R09: 0000000000000000 [ 943.814899][ T1772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 943.814910][ T1772] R13: 00007f2b6da16038 R14: 00007f2b6da15fa0 R15: 00007ffc01255148 [ 943.814947][ T1772] [ 943.851666][ T1773] FAULT_INJECTION: forcing a failure. [ 943.851666][ T1773] name failslab, interval 1, probability 0, space 0, times 0 [ 944.007784][ T1777] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 944.079290][ T1773] CPU: 1 UID: 0 PID: 1773 Comm: syz.4.5985 Not tainted syzkaller #0 PREEMPT(full) [ 944.079316][ T1773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 944.079328][ T1773] Call Trace: [ 944.079335][ T1773] [ 944.079342][ T1773] dump_stack_lvl+0xe8/0x150 [ 944.079369][ T1773] should_fail_ex+0x412/0x560 [ 944.079397][ T1773] should_failslab+0xa8/0x100 [ 944.079426][ T1773] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 944.079452][ T1773] ? __alloc_skb+0x1d0/0x7d0 [ 944.079473][ T1773] ? __local_bh_enable_ip+0xd0/0x130 [ 944.079497][ T1773] __alloc_skb+0x1d0/0x7d0 [ 944.079520][ T1773] ? netlink_ack_tlv_len+0x6c/0x210 [ 944.079547][ T1773] netlink_ack+0x146/0xa50 [ 944.079568][ T1773] ? __pfx_genl_rcv_msg+0x10/0x10 [ 944.079604][ T1773] netlink_rcv_skb+0x2b6/0x4b0 [ 944.079630][ T1773] ? __pfx_genl_rcv_msg+0x10/0x10 [ 944.079650][ T1773] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 944.079689][ T1773] ? down_read+0x270/0x2e0 [ 944.079706][ T1773] ? genl_rcv+0xd/0x40 [ 944.079727][ T1773] genl_rcv+0x28/0x40 [ 944.079744][ T1773] netlink_unicast+0x75c/0x8e0 [ 944.079777][ T1773] netlink_sendmsg+0x813/0xb40 [ 944.079811][ T1773] ? __pfx_netlink_sendmsg+0x10/0x10 [ 944.079838][ T1773] ? aa_sock_msg_perm+0xf1/0x1b0 [ 944.079863][ T1773] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 944.079890][ T1773] ____sys_sendmsg+0x972/0x9f0 [ 944.079922][ T1773] ? __might_fault+0xaf/0x130 [ 944.079950][ T1773] ? __pfx_____sys_sendmsg+0x10/0x10 [ 944.079984][ T1773] ? import_iovec+0x73/0xa0 [ 944.080013][ T1773] ___sys_sendmsg+0x2a5/0x360 [ 944.080037][ T1773] ? __lock_acquire+0x6b5/0x2cf0 [ 944.080060][ T1773] ? __pfx____sys_sendmsg+0x10/0x10 [ 944.080120][ T1773] ? __fget_files+0x2a/0x420 [ 944.080140][ T1773] ? __fget_files+0x3a0/0x420 [ 944.080170][ T1773] __x64_sys_sendmsg+0x1bd/0x2a0 [ 944.080199][ T1773] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 944.080234][ T1773] ? __pfx_ksys_write+0x10/0x10 [ 944.080266][ T1773] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.080286][ T1773] do_syscall_64+0x15f/0xf80 [ 944.080302][ T1773] ? trace_irq_disable+0x3b/0x140 [ 944.080326][ T1773] ? clear_bhb_loop+0x40/0x90 [ 944.080348][ T1773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.080366][ T1773] RIP: 0033:0x7f37ced9cdd9 [ 944.080383][ T1773] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 944.080399][ T1773] RSP: 002b:00007f37cfc6b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 944.080418][ T1773] RAX: ffffffffffffffda RBX: 00007f37cf015fa0 RCX: 00007f37ced9cdd9 [ 944.080436][ T1773] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000004 [ 944.080447][ T1773] RBP: 00007f37cfc6b090 R08: 0000000000000000 R09: 0000000000000000 [ 944.080458][ T1773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 944.080469][ T1773] R13: 00007f37cf016038 R14: 00007f37cf015fa0 R15: 00007ffcc4304e28 [ 944.080499][ T1773] [ 944.698721][ T1795] syzkaller0: entered promiscuous mode [ 944.726373][ T1795] syzkaller0: entered allmulticast mode [ 944.919143][ T1792] syzkaller0: mtu less than device minimum [ 945.925574][ T1844] mac80211_hwsim hwsim54 syzkaller0: entered promiscuous mode [ 945.937758][ T1844] mac80211_hwsim hwsim54 syzkaller0: entered allmulticast mode [ 946.018103][ T1845] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6007'. [ 946.133291][ T1851] FAULT_INJECTION: forcing a failure. [ 946.133291][ T1851] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 946.146380][ T1851] CPU: 1 UID: 0 PID: 1851 Comm: syz.4.6009 Not tainted syzkaller #0 PREEMPT(full) [ 946.146401][ T1851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 946.146409][ T1851] Call Trace: [ 946.146417][ T1851] [ 946.146423][ T1851] dump_stack_lvl+0xe8/0x150 [ 946.146446][ T1851] should_fail_ex+0x412/0x560 [ 946.146468][ T1851] _copy_from_iter+0x1d3/0x1670 [ 946.146487][ T1851] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 946.146511][ T1851] ? __pfx_policy_nodemask+0x10/0x10 [ 946.146534][ T1851] ? __pfx__copy_from_iter+0x10/0x10 [ 946.146554][ T1851] ? alloc_pages_mpol+0x3c0/0x490 [ 946.146580][ T1851] copy_page_from_iter+0x220/0x2d0 [ 946.146601][ T1851] tun_get_user+0x1bf7/0x43e0 [ 946.146620][ T1851] ? tun_get_user+0x8aa/0x43e0 [ 946.146649][ T1851] ? aa_file_perm+0x50e/0x15e0 [ 946.146668][ T1851] ? __pfx_tun_get_user+0x10/0x10 [ 946.146686][ T1851] ? __lock_acquire+0x6b5/0x2cf0 [ 946.146711][ T1851] ? ref_tracker_alloc+0x35c/0x4c0 [ 946.146737][ T1851] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 946.146756][ T1851] ? tun_get+0x1c/0x2f0 [ 946.146772][ T1851] ? tun_get+0x1c/0x2f0 [ 946.146792][ T1851] ? tun_get+0x1c/0x2f0 [ 946.146807][ T1851] ? tun_get+0x1c/0x2f0 [ 946.146827][ T1851] tun_chr_write_iter+0x113/0x200 [ 946.146845][ T1851] vfs_write+0x61d/0xb90 [ 946.146871][ T1851] ? __pfx_vfs_write+0x10/0x10 [ 946.146897][ T1851] ? __fget_files+0x2a/0x420 [ 946.146919][ T1851] ksys_write+0x150/0x270 [ 946.146939][ T1851] ? __pfx_ksys_write+0x10/0x10 [ 946.146964][ T1851] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 946.146979][ T1851] do_syscall_64+0x15f/0xf80 [ 946.146992][ T1851] ? trace_irq_disable+0x3b/0x140 [ 946.147011][ T1851] ? clear_bhb_loop+0x40/0x90 [ 946.147028][ T1851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 946.147041][ T1851] RIP: 0033:0x7f37ced5d60e [ 946.147056][ T1851] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 946.147068][ T1851] RSP: 002b:00007f37cfc6afb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 946.147083][ T1851] RAX: ffffffffffffffda RBX: 00007f37cfc6b6c0 RCX: 00007f37ced5d60e [ 946.147093][ T1851] RDX: 0000000000000066 RSI: 0000200000000b00 RDI: 00000000000000c8 [ 946.147102][ T1851] RBP: 00007f37cfc6b090 R08: 0000000000000000 R09: 0000000000000000 [ 946.147110][ T1851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 946.147118][ T1851] R13: 00007f37cf016038 R14: 00007f37cf015fa0 R15: 00007ffcc4304e28 [ 946.147140][ T1851] [ 946.601082][T10266] hsr_slave_0: left promiscuous mode [ 946.652187][T10266] hsr_slave_1: left promiscuous mode [ 946.663567][T10266] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 946.709918][T10266] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 947.235982][ T1878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6019'. [ 947.602632][ T1886] siw: device registration error -23 [ 947.886492][ T1886] smbdirect: ib_dev[syz1] removed [ 947.943234][ T1906] FAULT_INJECTION: forcing a failure. [ 947.943234][ T1906] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 947.956306][ T1906] CPU: 1 UID: 0 PID: 1906 Comm: syz.4.6026 Not tainted syzkaller #0 PREEMPT(full) [ 947.956330][ T1906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 947.956348][ T1906] Call Trace: [ 947.956356][ T1906] [ 947.956364][ T1906] dump_stack_lvl+0xe8/0x150 [ 947.956392][ T1906] should_fail_ex+0x412/0x560 [ 947.956419][ T1906] _copy_to_user+0x31/0xb0 [ 947.956446][ T1906] simple_read_from_buffer+0xe1/0x170 [ 947.956473][ T1906] proc_fail_nth_read+0x1bb/0x230 [ 947.956500][ T1906] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 947.956526][ T1906] ? rw_verify_area+0x2a6/0x4d0 [ 947.956548][ T1906] ? tun_chr_write_iter+0x18a/0x200 [ 947.956570][ T1906] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 947.956592][ T1906] vfs_read+0x20c/0xa70 [ 947.956619][ T1906] ? __pfx___mutex_lock+0x10/0x10 [ 947.956639][ T1906] ? __pfx_vfs_read+0x10/0x10 [ 947.956664][ T1906] ? __fget_files+0x2a/0x420 [ 947.956690][ T1906] ? __fget_files+0x3a0/0x420 [ 947.956710][ T1906] ? __fget_files+0x2a/0x420 [ 947.956740][ T1906] ksys_read+0x150/0x270 [ 947.956767][ T1906] ? __pfx_ksys_read+0x10/0x10 [ 947.956799][ T1906] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 947.956820][ T1906] do_syscall_64+0x15f/0xf80 [ 947.956837][ T1906] ? trace_irq_disable+0x3b/0x140 [ 947.956862][ T1906] ? clear_bhb_loop+0x40/0x90 [ 947.956884][ T1906] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 947.956902][ T1906] RIP: 0033:0x7f37ced5d60e [ 947.956920][ T1906] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 947.956935][ T1906] RSP: 002b:00007f37cfc49fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 947.956954][ T1906] RAX: ffffffffffffffda RBX: 00007f37cfc4a6c0 RCX: 00007f37ced5d60e [ 947.956968][ T1906] RDX: 000000000000000f RSI: 00007f37cfc4a0a0 RDI: 0000000000000005 [ 947.956979][ T1906] RBP: 00007f37cfc4a090 R08: 0000000000000000 R09: 0000000000000000 [ 947.956989][ T1906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 947.956998][ T1906] R13: 00007f37cf016128 R14: 00007f37cf016090 R15: 00007ffcc4304e28 [ 947.957029][ T1906] [ 948.042565][ T1907] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6028'. [ 948.292020][T10266] team0 (unregistering): Port device team_slave_1 removed [ 948.337705][T10266] team0 (unregistering): Port device team_slave_0 removed [ 948.464724][T28594] smc: removing ib device syz0 [ 948.796885][T28594] smbdirect: ib_dev[syz0] removed [ 948.984508][ T1926] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6033'. [ 949.443076][ T1945] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6038'. [ 949.616796][ T1349] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 949.632005][ T1948] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6040'. [ 949.690197][ T1948] openvswitch: netlink: Flow actions attr not present in new flow. [ 949.804824][ T1349] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 949.824063][ T1943] netlink: 256 bytes leftover after parsing attributes in process `syz.1.6040'. [ 949.835883][ T1349] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 949.883936][ T1349] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 949.981648][ T1349] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 950.014302][ T1349] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 950.022383][ T1349] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 950.131631][ T1349] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 950.464546][ T1349] 8021q: adding VLAN 0 to HW filter on device bond0 [ 950.482979][ T1349] 8021q: adding VLAN 0 to HW filter on device team0 [ 950.522546][ T1349] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 950.532923][ T1349] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 950.795822][T10262] bridge0: port 1(bridge_slave_0) entered blocking state [ 950.803010][T10262] bridge0: port 1(bridge_slave_0) entered forwarding state [ 950.844653][ T1996] netlink: 56 bytes leftover after parsing attributes in process `syz.2.6054'. [ 950.887019][T10262] bridge0: port 2(bridge_slave_1) entered blocking state [ 950.894173][T10262] bridge0: port 2(bridge_slave_1) entered forwarding state [ 952.715170][ T1349] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 952.862360][ T1349] veth0_vlan: entered promiscuous mode [ 952.882160][ T1349] veth1_vlan: entered promiscuous mode [ 953.106644][ T1349] veth0_macvtap: entered promiscuous mode [ 953.231645][ T1349] veth1_macvtap: entered promiscuous mode [ 953.249723][ T1349] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 953.278501][ T1349] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 953.590063][T10262] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 953.602703][T10262] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 953.614110][ T34] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 953.624672][ T2089] FAULT_INJECTION: forcing a failure. [ 953.624672][ T2089] name failslab, interval 1, probability 0, space 0, times 0 [ 953.632155][ T34] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 953.657869][ T2089] CPU: 1 UID: 0 PID: 2089 Comm: syz.1.6084 Not tainted syzkaller #0 PREEMPT(full) [ 953.657894][ T2089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 953.657906][ T2089] Call Trace: [ 953.657913][ T2089] [ 953.657921][ T2089] dump_stack_lvl+0xe8/0x150 [ 953.657955][ T2089] should_fail_ex+0x412/0x560 [ 953.657984][ T2089] should_failslab+0xa8/0x100 [ 953.658012][ T2089] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 953.658038][ T2089] ? __alloc_skb+0x186/0x7d0 [ 953.658060][ T2089] ? __alloc_skb+0x1d0/0x7d0 [ 953.658081][ T2089] ? __local_bh_enable_ip+0xd0/0x130 [ 953.658105][ T2089] __alloc_skb+0x1d0/0x7d0 [ 953.658132][ T2089] netlink_sendmsg+0x5d4/0xb40 [ 953.658168][ T2089] ? __pfx_netlink_sendmsg+0x10/0x10 [ 953.658196][ T2089] ? aa_sock_msg_perm+0xf1/0x1b0 [ 953.658222][ T2089] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 953.658253][ T2089] ____sys_sendmsg+0x972/0x9f0 [ 953.658280][ T2089] ? __might_fault+0xaf/0x130 [ 953.658309][ T2089] ? __pfx_____sys_sendmsg+0x10/0x10 [ 953.658345][ T2089] ? import_iovec+0x73/0xa0 [ 953.658373][ T2089] ___sys_sendmsg+0x2a5/0x360 [ 953.658398][ T2089] ? __lock_acquire+0x6b5/0x2cf0 [ 953.658422][ T2089] ? __pfx____sys_sendmsg+0x10/0x10 [ 953.658483][ T2089] ? __fget_files+0x2a/0x420 [ 953.658504][ T2089] ? __fget_files+0x3a0/0x420 [ 953.658535][ T2089] __x64_sys_sendmsg+0x1bd/0x2a0 [ 953.658564][ T2089] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 953.658600][ T2089] ? __pfx_ksys_write+0x10/0x10 [ 953.658633][ T2089] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 953.658651][ T2089] do_syscall_64+0x15f/0xf80 [ 953.658669][ T2089] ? trace_irq_disable+0x3b/0x140 [ 953.658693][ T2089] ? clear_bhb_loop+0x40/0x90 [ 953.658715][ T2089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 953.658731][ T2089] RIP: 0033:0x7faf9479cdd9 [ 953.658748][ T2089] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 953.658770][ T2089] RSP: 002b:00007faf955a9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 953.658789][ T2089] RAX: ffffffffffffffda RBX: 00007faf94a15fa0 RCX: 00007faf9479cdd9 [ 953.658802][ T2089] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004 [ 953.658813][ T2089] RBP: 00007faf955a9090 R08: 0000000000000000 R09: 0000000000000000 [ 953.658824][ T2089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 953.658834][ T2089] R13: 00007faf94a16038 R14: 00007faf94a15fa0 R15: 00007ffc3d7e50a8 [ 953.658862][ T2089] [ 954.275706][T28590] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 954.357097][T28590] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 954.368527][ T2099] netlink: 'syz.5.6086': attribute type 10 has an invalid length. [ 954.460362][ T2094] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6086'. [ 954.496121][ T2094] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6086'. [ 954.517717][ T2099] syz_tun: entered promiscuous mode [ 954.778071][ T2099] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 954.994331][ T8375] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 955.002196][ T8375] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 955.137544][ T2123] FAULT_INJECTION: forcing a failure. [ 955.137544][ T2123] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 955.282012][ T2123] CPU: 1 UID: 0 PID: 2123 Comm: syz.5.6094 Not tainted syzkaller #0 PREEMPT(full) [ 955.282037][ T2123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 955.282048][ T2123] Call Trace: [ 955.282055][ T2123] [ 955.282062][ T2123] dump_stack_lvl+0xe8/0x150 [ 955.282089][ T2123] should_fail_ex+0x412/0x560 [ 955.282118][ T2123] _copy_from_user+0x2d/0xb0 [ 955.282145][ T2123] do_sock_getsockopt+0x200/0x7e0 [ 955.282176][ T2123] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 955.282217][ T2123] ? __fget_files+0x3a0/0x420 [ 955.282236][ T2123] ? __fget_files+0x2a/0x420 [ 955.282263][ T2123] __x64_sys_getsockopt+0x1a4/0x240 [ 955.282293][ T2123] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 955.282314][ T2123] do_syscall_64+0x15f/0xf80 [ 955.282331][ T2123] ? trace_irq_disable+0x3b/0x140 [ 955.282357][ T2123] ? clear_bhb_loop+0x40/0x90 [ 955.282380][ T2123] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 955.282399][ T2123] RIP: 0033:0x7f2b6d79cdd9 [ 955.282416][ T2123] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 955.282431][ T2123] RSP: 002b:00007f2b6e65f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 955.282448][ T2123] RAX: ffffffffffffffda RBX: 00007f2b6da15fa0 RCX: 00007f2b6d79cdd9 [ 955.282461][ T2123] RDX: 0000000000000002 RSI: 000000000000011a RDI: 0000000000000003 [ 955.282472][ T2123] RBP: 00007f2b6e65f090 R08: 0000000000000000 R09: 0000000000000000 [ 955.282483][ T2123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 955.282494][ T2123] R13: 00007f2b6da16038 R14: 00007f2b6da15fa0 R15: 00007ffc01255148 [ 955.282523][ T2123] [ 956.023567][ T2146] netlink: 'syz.2.6102': attribute type 23 has an invalid length. [ 956.936539][ T540] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 956.954607][ T540] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 956.966629][ T540] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 957.065995][ T540] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 957.082356][ T540] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 957.411536][ T2185] syzkaller1: entered promiscuous mode [ 957.417066][ T2185] syzkaller1: entered allmulticast mode [ 957.470794][T10266] IPVS: stop unused estimator thread 0... [ 958.174679][ T2216] syzkaller0: entered promiscuous mode [ 958.185143][ T2216] syzkaller0: entered allmulticast mode [ 958.203733][ T2171] ±ÿ speed is unknown, defaulting to 1000 [ 958.411311][ T2229] netlink: 'syz.3.6133': attribute type 3 has an invalid length. [ 958.466488][ T2171] lo speed is unknown, defaulting to 1000 [ 958.715531][T10266] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 959.126388][ T2171] bridge0: port 1(bridge_slave_0) entered blocking state [ 959.133629][ T2171] bridge0: port 1(bridge_slave_0) entered disabled state [ 959.141213][ T2171] bridge_slave_0: entered allmulticast mode [ 959.149058][ T2171] bridge_slave_0: entered promiscuous mode [ 959.213587][ T2171] bridge0: port 2(bridge_slave_1) entered blocking state [ 959.220757][ T2171] bridge0: port 2(bridge_slave_1) entered disabled state [ 959.228286][ T2171] bridge_slave_1: entered allmulticast mode [ 959.236038][ T2171] bridge_slave_1: entered promiscuous mode [ 959.267303][ T540] Bluetooth: hci2: command tx timeout [ 959.357683][ T2171] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 959.369254][ T2171] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 959.408973][ T2171] team0: Port device team_slave_0 added [ 959.416889][ T2171] team0: Port device team_slave_1 added [ 959.443305][ T2171] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 959.470218][ T2171] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 959.522347][ T2171] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 959.535919][ T2171] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 959.542877][ T2171] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 959.614064][ T2171] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 959.630431][T10266] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 959.754424][T10266] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 959.802225][ T2171] hsr_slave_0: entered promiscuous mode [ 959.808785][ T2171] hsr_slave_1: entered promiscuous mode [ 959.834878][ T2171] debugfs: 'hsr0' already exists in 'hsr' [ 959.841579][ T2171] Cannot create hsr debugfs directory [ 960.288891][ T540] block nbd6: Receive control failed (result -32) [ 960.303561][T10266] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 960.371870][ T2301] mac80211_hwsim hwsim54 syzkaller0: left promiscuous mode [ 960.379121][ T2301] mac80211_hwsim hwsim54 syzkaller0: left allmulticast mode [ 960.874982][T10266] dvmrp6: left allmulticast mode [ 960.977084][T10266] bond11 (unregistering): (slave ip6erspan0): Releasing active interface [ 961.101714][T10266] bond5 (unregistering): (slave erspan2): Releasing active interface [ 961.138489][T10266] tipc: Disabling bearer [ 961.339642][ T540] Bluetooth: hci2: command tx timeout [ 961.353780][ T2312] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6158'. [ 962.074660][T10266] bond6 (unregistering): (slave bridge5): Releasing backup interface [ 962.769711][ T2271] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 962.860310][ T2317] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 962.872149][ T2317] xt_SECMARK: invalid mode: 9 [ 963.225975][ T2293] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 963.242133][ T2306] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 963.310804][ T2325] netlink: 148 bytes leftover after parsing attributes in process `syz.4.6162'. [ 963.487155][ T540] Bluetooth: hci2: command tx timeout [ 964.265159][T10266] bond0 (unregistering): Released all slaves [ 964.287581][T10266] bond1 (unregistering): Released all slaves [ 964.313000][T10266] bond2 (unregistering): Released all slaves [ 964.374190][T10266] bond3 (unregistering): Released all slaves [ 964.393075][T10266] bond4 (unregistering): Released all slaves [ 964.411940][T10266] bond5 (unregistering): Released all slaves [ 964.437061][T10266] bond6 (unregistering): Released all slaves [ 964.458798][T10266] bond7 (unregistering): Released all slaves [ 964.484630][T10266] bond8 (unregistering): Released all slaves [ 964.498268][ T2346] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6168'. [ 964.503699][T10266] bond9 (unregistering): Released all slaves [ 964.520557][T10266] bond10 (unregistering): Released all slaves [ 964.534966][T10266] bond11 (unregistering): Released all slaves [ 964.549955][T10266] bond12 (unregistering): (slave veth9): Releasing active interface [ 964.559945][T10266] bond12 (unregistering): Released all slaves [ 964.578393][ T2325] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6162'. [ 964.712124][ T2325] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6162'. [ 964.924934][ T2325] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6162'. [ 964.933905][T10266] tipc: Disabling bearer [ 964.948941][ T2325] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6162'. [ 965.012415][T10266] tipc: Disabling bearer [ 965.028738][T10266] tipc: Left network mode [ 965.041128][T10260] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 965.049739][T10260] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 965.093042][ T2352] syzkaller0: entered promiscuous mode [ 965.176105][ T2352] syzkaller0: entered allmulticast mode [ 965.496315][T10260] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 965.541006][ T540] Bluetooth: hci2: command tx timeout [ 965.866431][T10260] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 965.903041][ T5287] 8021q: adding VLAN 0 to HW filter on device eth1 [ 966.071763][ T2376] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6173'. [ 966.254411][ T2382] netlink: 'syz.5.6174': attribute type 12 has an invalid length. [ 966.262270][ T2382] netlink: 'syz.5.6174': attribute type 29 has an invalid length. [ 966.270084][ T2382] netlink: 148 bytes leftover after parsing attributes in process `syz.5.6174'. [ 966.279131][ T2382] netlink: 'syz.5.6174': attribute type 3 has an invalid length. [ 966.286856][ T2382] netlink: 'syz.5.6174': attribute type 2 has an invalid length. [ 966.294583][ T2382] netlink: 35 bytes leftover after parsing attributes in process `syz.5.6174'. [ 967.040262][ T2419] netlink: 'syz.5.6182': attribute type 1 has an invalid length. [ 967.143081][ T2407] syzkaller0: entered promiscuous mode [ 967.148733][ T2407] syzkaller0: entered allmulticast mode [ 967.162766][ T2422] mac80211_hwsim hwsim54 syzkaller0: entered promiscuous mode [ 967.180193][ T2422] mac80211_hwsim hwsim54 syzkaller0: entered allmulticast mode [ 970.114240][ T2434] syzkaller0: entered promiscuous mode [ 970.143653][ T2434] syzkaller0: entered allmulticast mode [ 970.296868][ T2446] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6190'. [ 970.412434][ T2453] syzkaller0: entered promiscuous mode [ 970.423333][ T2453] syzkaller0: entered allmulticast mode [ 970.433017][ T2171] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 970.441357][ T2455] netlink: 'syz.2.6193': attribute type 1 has an invalid length. [ 970.452925][ T2171] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 970.534680][ T2171] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 970.545354][ T2171] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 970.554244][ T2171] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 970.574630][ T2171] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 970.583017][ T2171] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 970.599413][ T2171] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 970.938191][ T2171] 8021q: adding VLAN 0 to HW filter on device bond0 [ 970.957055][ T2485] netlink: 92 bytes leftover after parsing attributes in process `syz.5.6197'. [ 970.986912][ T2171] 8021q: adding VLAN 0 to HW filter on device team0 [ 971.073509][ T8375] bridge0: port 1(bridge_slave_0) entered blocking state [ 971.080737][ T8375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 971.162508][T10260] bridge0: port 2(bridge_slave_1) entered blocking state [ 971.169671][T10260] bridge0: port 2(bridge_slave_1) entered forwarding state [ 971.694730][ T2525] syzkaller0: entered promiscuous mode [ 971.711700][ T2525] syzkaller0: entered allmulticast mode [ 972.202456][ T2537] batadv_slave_1: entered promiscuous mode [ 972.209485][ T2537] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6207'. [ 972.237697][ T2537] batadv_slave_1 (unregistering): left promiscuous mode [ 972.272870][ T2537] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 972.522031][ T2171] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 972.576370][ T2171] veth0_vlan: entered promiscuous mode [ 972.589983][ T2171] veth1_vlan: entered promiscuous mode [ 972.756068][ T2171] veth0_macvtap: entered promiscuous mode [ 972.846172][ T2171] veth1_macvtap: entered promiscuous mode [ 973.007469][ T2553] IPv6: NLM_F_REPLACE set, but no existing node found! [ 973.008918][ T2171] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 973.026801][ T2553] sctp: Trying to GSO but underlying device doesn't support it. [ 973.052169][ T2171] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 973.106121][ T8375] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 973.142159][ T2555] netlink: 'syz.3.6212': attribute type 12 has an invalid length. [ 973.156495][ T2555] netlink: 'syz.3.6212': attribute type 29 has an invalid length. [ 973.178454][ T2555] netlink: 148 bytes leftover after parsing attributes in process `syz.3.6212'. [ 973.192749][ T2555] netlink: 59 bytes leftover after parsing attributes in process `syz.3.6212'. [ 973.240772][ T2558] netlink: 'syz.2.6214': attribute type 1 has an invalid length. [ 973.439654][ T8375] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 973.449013][ T8375] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 973.466660][ T8375] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 973.555838][ T2566] bond14: (slave geneve6): making interface the new active one [ 973.616968][ T2566] bond14: (slave geneve6): Enslaving as an active interface with an up link [ 973.656452][ T8375] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 973.780842][ T2571] syzkaller0: entered promiscuous mode [ 973.786360][ T2571] syzkaller0: entered allmulticast mode [ 973.999542][ T8375] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 974.011888][ T8375] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 975.436248][ T2518] Set syz1 is full, maxelem 65536 reached [ 975.592216][ T2613] xt_hashlimit: size too large, truncated to 1048576 [ 975.669389][ C0] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 977.599694][ T8375] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 977.830033][ T2619] pim6reg: entered allmulticast mode [ 978.126437][T10266] team0 (unregistering): Port device veth5 removed [ 978.881146][T10259] smbdirect: ib_dev[syz2] removed [ 978.909406][T27512] lo speed is unknown, defaulting to 1000 [ 978.927328][T27512] syz2: Port: 1 Link DOWN [ 979.017906][ T2662] syzkaller0: entered promiscuous mode [ 979.023427][ T2662] syzkaller0: entered allmulticast mode [ 979.052986][T28590] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 979.088990][T28590] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 982.150038][T28592] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 982.171056][T28592] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 982.772013][T20677] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 982.787730][T20677] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 982.796367][T20677] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 982.828412][T20677] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 982.836050][T20677] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 983.364183][T10266] IPVS: stop unused estimator thread 0... [ 983.623896][ T2717] ±ÿ speed is unknown, defaulting to 1000 [ 983.988039][ T2774] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6265'. [ 984.061767][ T2779] netlink: 'syz.1.6266': attribute type 21 has an invalid length. [ 984.069694][ T2779] netlink: 164 bytes leftover after parsing attributes in process `syz.1.6266'. [ 984.081963][ T2717] bridge0: port 1(bridge_slave_0) entered blocking state [ 984.089201][ T2717] bridge0: port 1(bridge_slave_0) entered disabled state [ 984.096559][ T2717] bridge_slave_0: entered allmulticast mode [ 984.108632][ T2717] bridge_slave_0: entered promiscuous mode [ 984.117335][ T2717] bridge0: port 2(bridge_slave_1) entered blocking state [ 984.124579][ T2717] bridge0: port 2(bridge_slave_1) entered disabled state [ 984.131975][ T2717] bridge_slave_1: entered allmulticast mode [ 984.139772][ T2717] bridge_slave_1: entered promiscuous mode [ 984.182747][ T2717] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 984.195374][ T2717] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 984.223813][ T2717] team0: Port device team_slave_0 added [ 984.231484][ T2717] team0: Port device team_slave_1 added [ 984.252925][ T2717] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 984.259865][ T2717] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 984.286657][ T2717] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 984.299407][ T2717] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 984.306417][ T2717] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 984.335192][ T2717] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 984.398444][ T2717] hsr_slave_0: entered promiscuous mode [ 984.405541][ T2717] hsr_slave_1: entered promiscuous mode [ 984.416186][ T2717] debugfs: 'hsr0' already exists in 'hsr' [ 984.422421][ T2717] Cannot create hsr debugfs directory [ 984.447455][T10260] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 984.956045][ T2797] syzkaller0: entered promiscuous mode [ 984.961528][ T2797] syzkaller0: entered allmulticast mode [ 984.996554][T20677] Bluetooth: hci0: command tx timeout [ 985.017691][T10260] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 985.564743][T10260] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 985.675343][T10260] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 985.909401][T10260] bridge_slave_1: left allmulticast mode [ 985.915303][T10260] bridge_slave_1: left promiscuous mode [ 985.921771][T10260] bridge0: port 2(bridge_slave_1) entered disabled state [ 986.034606][ T2739] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 986.045531][T10260] batman_adv: batadv0: Removing interface: ip6gretap1 [ 986.157468][ T2803] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6275'. [ 986.313619][ T2807] netlink: 'syz.5.6276': attribute type 21 has an invalid length. [ 986.321492][ T2807] netlink: 164 bytes leftover after parsing attributes in process `syz.5.6276'. [ 986.431938][T10260] batman_adv: batadv0: Removing interface: vlan2 [ 986.506589][T10260] bond14 (unregistering): (slave geneve6): Releasing active interface [ 986.533548][T10260] bond4 (unregistering): (slave geneve3): Releasing active interface [ 986.545680][T10260] bond1 (unregistering): (slave geneve2): Releasing active interface [ 986.553805][T10260] geneve2 (unregistering): left allmulticast mode [ 986.565765][T10260] team0: Port device geneve1 removed [ 987.072515][T20677] Bluetooth: hci0: command tx timeout [ 987.114271][T10260] bond3 (unregistering): (slave bridge3): Releasing active interface [ 987.122363][T10260] bond3 (unregistering): (slave bridge3): the permanent HWaddr of slave - 6e:bb:42:f7:0c:89 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 987.416803][T10260] bond3 (unregistering): (slave bridge4): Releasing active interface [ 987.748792][T10260] bond5 (unregistering): (slave bridge7): Releasing active interface [ 988.868607][T10260] bond7 (unregistering): (slave bridge11): Releasing backup interface [ 989.191053][T20677] Bluetooth: hci0: command tx timeout [ 989.645238][T10260] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 989.655523][T10260] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 989.664916][T10260] bond0 (unregistering): Released all slaves [ 989.678852][T10260] bond1 (unregistering): Released all slaves [ 989.692376][T10260] bond2 (unregistering): Released all slaves [ 989.705960][T10260] bond3 (unregistering): Released all slaves [ 989.721018][T10260] bond4 (unregistering): Released all slaves [ 989.754130][T10260] bond5 (unregistering): Released all slaves [ 989.774278][T10260] bond6 (unregistering): Released all slaves [ 989.789488][T10260] bond7 (unregistering): Released all slaves [ 989.804988][T10260] bond8 (unregistering): Released all slaves [ 989.820206][T10260] bond9 (unregistering): Released all slaves [ 989.835691][T10260] bond10 (unregistering): Released all slaves [ 989.877466][T10260] bond11 (unregistering): (slave wireguard0): Releasing backup interface [ 989.885939][T10260] wireguard0: left promiscuous mode [ 989.893598][T10260] bond11 (unregistering): (slave wireguard1): Releasing backup interface [ 989.903509][T10260] bond11 (unregistering): Released all slaves [ 989.918804][T10260] team0: Port device bond12 removed [ 989.925246][T10260] bond12 (unregistering): Released all slaves [ 989.941874][T10260] bond13 (unregistering): Released all slaves [ 989.957289][T10260] bond14 (unregistering): Released all slaves [ 990.028284][ T2813] netlink: 'syz.4.6279': attribute type 12 has an invalid length. [ 990.036118][ T2813] netlink: 'syz.4.6279': attribute type 29 has an invalid length. [ 990.043912][ T2813] netlink: 148 bytes leftover after parsing attributes in process `syz.4.6279'. [ 990.052936][ T2813] netlink: 'syz.4.6279': attribute type 3 has an invalid length. [ 990.060637][ T2813] netlink: 'syz.4.6279': attribute type 2 has an invalid length. [ 990.068328][ T2813] netlink: 35 bytes leftover after parsing attributes in process `syz.4.6279'. [ 990.356217][ T2841] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6284'. [ 990.395878][ T2839] syzkaller0: entered promiscuous mode [ 990.401486][ T2839] syzkaller0: entered allmulticast mode [ 990.511415][ T2844] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 990.558317][ T2849] netlink: 32 bytes leftover after parsing attributes in process `syz.5.6287'. [ 990.561200][T10260] tipc: Disabling bearer [ 990.608596][T10260] tipc: Left network mode [ 990.666424][T10260] IPVS: stopping master sync thread 19954 ... [ 991.226541][ T2900] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6299'. [ 991.256104][T20677] Bluetooth: hci0: command tx timeout [ 991.566082][ T5287] 8021q: adding VLAN 0 to HW filter on device eth1 [ 991.974034][ T2937] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6310'. [ 992.559526][ T2964] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6317'. [ 993.165473][ T2987] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6321'. [ 993.326931][ T2991] syzkaller0: entered promiscuous mode [ 993.356375][ T2991] syzkaller0: entered allmulticast mode [ 993.426665][ T2997] 8021q: VLANs not supported on ip6gre0 [ 993.929724][T10260] ------------[ cut here ]------------ [ 993.935422][T10260] err [ 993.935448][T10260] WARNING: net/wireless/core.c:207 at cfg80211_switch_netns+0x574/0x5a0, CPU#1: kworker/u8:25/10260 [ 993.948816][T10260] Modules linked in: [ 993.952890][T10260] CPU: 1 UID: 0 PID: 10260 Comm: kworker/u8:25 Not tainted syzkaller #0 PREEMPT(full) [ 993.962505][T10260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 993.972545][T10260] Workqueue: netns cleanup_net [ 993.977303][T10260] RIP: 0010:cfg80211_switch_netns+0x574/0x5a0 [ 993.983359][T10260] Code: e1 07 38 c1 7c 8c 4c 89 e7 e8 b8 33 40 f7 eb 82 e8 d1 f8 d4 f6 e9 63 fe ff ff e8 c7 f8 d4 f6 e9 59 fe ff ff e8 bd f8 d4 f6 90 <0f> 0b 90 e9 95 fd ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c b7 fa [ 994.002955][T10260] RSP: 0018:ffffc90003c3f8a0 EFLAGS: 00010293 [ 994.009037][T10260] RAX: ffffffff8af0c6b3 RBX: ffff88803f780e10 RCX: ffff888041583d80 [ 994.043515][T10260] RDX: 0000000000000000 RSI: 00000000ffffffef RDI: 0000000000000000 [ 994.051973][T10260] RBP: 00000000ffffffef R08: ffffffff9030dbf7 R09: 1ffffffff2061b7e [ 994.059970][T10260] R10: dffffc0000000000 R11: fffffbfff2061b7f R12: ffff88803f780740 [ 994.067964][T10260] R13: ffff888055ac4b80 R14: dffffc0000000000 R15: ffff88803f780928 [ 994.076034][T10260] FS: 0000000000000000(0000) GS:ffff888125387000(0000) knlGS:0000000000000000 [ 994.084976][T10260] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 994.091576][T10260] CR2: 00007f96a6c3b6b0 CR3: 000000007e770000 CR4: 00000000003526f0 [ 994.099562][T10260] Call Trace: [ 994.102854][T10260] [ 994.105799][T10260] cfg80211_pernet_exit+0x92/0x120 [ 994.110926][T10260] ops_undo_list+0x49f/0x940 [ 994.115534][T10260] ? __pfx_ops_undo_list+0x10/0x10 [ 994.120664][T10260] ? idr_destroy+0x218/0x290 [ 994.125277][T10260] ? do_raw_spin_unlock+0xf5/0x210 [ 994.130408][T10260] cleanup_net+0x56b/0x800 [ 994.134843][T10260] ? __pfx_cleanup_net+0x10/0x10 [ 994.139811][T10260] ? process_scheduled_works+0xa70/0x1860 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 994.170779][T10260] ? process_scheduled_works+0xa70/0x1860 [ 994.176555][T10260] process_scheduled_works+0xb5d/0x1860 [ 994.182524][T10260] ? __pfx_process_scheduled_works+0x10/0x10 [ 994.188539][T10260] ? assign_work+0x3d5/0x5e0 [ 994.193158][T10260] worker_thread+0xa53/0xfc0 [ 994.197792][T10260] kthread+0x388/0x470 [ 994.201896][T10260] ? __pfx_worker_thread+0x10/0x10 [ 994.207016][T10260] ? __pfx_kthread+0x10/0x10 [ 994.211618][T10260] ret_from_fork+0x514/0xb70 [ 994.216223][T10260] ? __pfx_ret_from_fork+0x10/0x10 [ 994.221347][T10260] ? __switch_to+0xc79/0x1410 [ 994.226047][T10260] ? __pfx_kthread+0x10/0x10 [ 994.230658][T10260] ret_from_fork_asm+0x1a/0x30 [ 994.235456][T10260] [ 994.238493][T10260] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 994.245772][T10260] CPU: 1 UID: 0 PID: 10260 Comm: kworker/u8:25 Not tainted syzkaller #0 PREEMPT(full) [ 994.255388][T10260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 994.265429][T10260] Workqueue: netns cleanup_net [ 994.270198][T10260] Call Trace: [ 994.273471][T10260] [ 994.276391][T10260] vpanic+0x56c/0xa60 [ 994.280363][T10260] ? __pfx__printk+0x10/0x10 [ 994.284945][T10260] ? __pfx_vpanic+0x10/0x10 [ 994.289436][T10260] ? is_bpf_text_address+0x292/0x2b0 [ 994.294708][T10260] ? is_bpf_text_address+0x26/0x2b0 [ 994.299900][T10260] panic+0xc5/0xd0 [ 994.303608][T10260] ? __pfx_panic+0x10/0x10 [ 994.308019][T10260] ? ret_from_fork_asm+0x1a/0x30 [ 994.312956][T10260] __warn+0x315/0x4c0 [ 994.316926][T10260] ? cfg80211_switch_netns+0x574/0x5a0 [ 994.322379][T10260] ? cfg80211_switch_netns+0x574/0x5a0 [ 994.327834][T10260] __report_bug+0x29a/0x540 [ 994.332340][T10260] ? cfg80211_switch_netns+0x574/0x5a0 [ 994.337791][T10260] ? __pfx___report_bug+0x10/0x10 [ 994.342835][T10260] ? cfg80211_switch_netns+0x574/0x5a0 [ 994.348288][T10260] report_bug+0x16a/0x220 [ 994.352614][T10260] ? cfg80211_switch_netns+0x574/0x5a0 [ 994.358069][T10260] ? cfg80211_switch_netns+0x576/0x5a0 [ 994.363521][T10260] handle_bug+0x9c/0x200 [ 994.367753][T10260] exc_invalid_op+0x1a/0x50 [ 994.372254][T10260] asm_exc_invalid_op+0x1a/0x20 [ 994.377095][T10260] RIP: 0010:cfg80211_switch_netns+0x574/0x5a0 [ 994.383164][T10260] Code: e1 07 38 c1 7c 8c 4c 89 e7 e8 b8 33 40 f7 eb 82 e8 d1 f8 d4 f6 e9 63 fe ff ff e8 c7 f8 d4 f6 e9 59 fe ff ff e8 bd f8 d4 f6 90 <0f> 0b 90 e9 95 fd ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c b7 fa [ 994.402756][T10260] RSP: 0018:ffffc90003c3f8a0 EFLAGS: 00010293 [ 994.408810][T10260] RAX: ffffffff8af0c6b3 RBX: ffff88803f780e10 RCX: ffff888041583d80 [ 994.416765][T10260] RDX: 0000000000000000 RSI: 00000000ffffffef RDI: 0000000000000000 [ 994.424719][T10260] RBP: 00000000ffffffef R08: ffffffff9030dbf7 R09: 1ffffffff2061b7e [ 994.432677][T10260] R10: dffffc0000000000 R11: fffffbfff2061b7f R12: ffff88803f780740 [ 994.440632][T10260] R13: ffff888055ac4b80 R14: dffffc0000000000 R15: ffff88803f780928 [ 994.448595][T10260] ? cfg80211_switch_netns+0x573/0x5a0 [ 994.454064][T10260] cfg80211_pernet_exit+0x92/0x120 [ 994.459169][T10260] ops_undo_list+0x49f/0x940 [ 994.463757][T10260] ? __pfx_ops_undo_list+0x10/0x10 [ 994.468862][T10260] ? idr_destroy+0x218/0x290 [ 994.473443][T10260] ? do_raw_spin_unlock+0xf5/0x210 [ 994.478560][T10260] cleanup_net+0x56b/0x800 [ 994.482971][T10260] ? __pfx_cleanup_net+0x10/0x10 [ 994.487907][T10260] ? process_scheduled_works+0xa70/0x1860 [ 994.493698][T10260] ? process_scheduled_works+0xa70/0x1860 [ 994.499405][T10260] process_scheduled_works+0xb5d/0x1860 [ 994.504962][T10260] ? __pfx_process_scheduled_works+0x10/0x10 [ 994.510934][T10260] ? assign_work+0x3d5/0x5e0 [ 994.515513][T10260] worker_thread+0xa53/0xfc0 [ 994.520122][T10260] kthread+0x388/0x470 [ 994.524191][T10260] ? __pfx_worker_thread+0x10/0x10 [ 994.529287][T10260] ? __pfx_kthread+0x10/0x10 [ 994.533870][T10260] ret_from_fork+0x514/0xb70 [ 994.538454][T10260] ? __pfx_ret_from_fork+0x10/0x10 [ 994.543555][T10260] ? __switch_to+0xc79/0x1410 [ 994.548401][T10260] ? __pfx_kthread+0x10/0x10 [ 994.552995][T10260] ret_from_fork_asm+0x1a/0x30 [ 994.557767][T10260] [ 994.561444][T10260] Kernel Offset: disabled [ 994.565753][T10260] Rebooting in 86400 seconds..