last executing test programs:

1.094288141s ago: executing program 1 (id=2944):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newtfilter={0x70, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xfff3, 0xc}, {}, {0xa, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x40, 0x2, [@TCA_CGROUP_EMATCHES={0x3c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0xe38, 0x9, 0x4}, [@TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0xa}, @TCA_EM_IPT_MATCH_DATA={0x4}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x2}]}}]}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x40010)

943.178129ms ago: executing program 1 (id=2946):
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1, 0x4, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8}, [@generic={0x91, 0x1, 0x1, 0xb8}]}, &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)

766.910583ms ago: executing program 1 (id=2952):
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x1, 0x84)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
socket$inet6(0xa, 0x2, 0x3a)
r0 = socket$kcm(0xa, 0x1, 0x0)
r1 = socket$kcm(0xa, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000000e80400"/20, @ANYRES32=r0], 0x48)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8916, &(0x7f0000000000)={r1})
r2 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8916, &(0x7f0000000000)={r2})
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8936, &(0x7f0000000000)={r2})

691.26409ms ago: executing program 0 (id=2953):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x15}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xc0}}, 0x0)

690.80847ms ago: executing program 0 (id=2954):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000980)=ANY=[@ANYBLOB="3c0000001000030425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0005000082180000140012800b00010062726964676500000400028008000a00", @ANYRES32=r5], 0x3c}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newlink={0x4c, 0x10, 0x401, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r2, 0x301}}, 0x4c}, 0x1, 0x0, 0x0, 0x8081}, 0x884)

576.035121ms ago: executing program 0 (id=2956):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4000c}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0x9, 0x14, @broadcast}, @IFLA_BR_AGEING_TIME={0x8, 0x9}]}}}]}, 0x48}}, 0x4040)

485.919205ms ago: executing program 1 (id=2957):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=@base={0x2, 0x4, 0x4, 0x3, 0x1014}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000010000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000001c0)={r1, 0xffffffffffffffff, 0x60000000}, 0xc)

397.406683ms ago: executing program 2 (id=2959):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d1de0000080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000003700)=ANY=[@ANYBLOB="140000001000010000000000000000000500000aa82c00000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000007c2c0380100000800c00018006000100d1ff0000d4060080480001801400028008000180fffffffd08000340000000033000028008000180ffffffff08000180fffffffc08000180ffffffff08000340000000010900020073797a300000000089000640b80d1868322c68556ea351084de75a8ee4d686e60a0efa53bfd499e92a740ae8d05d16a05df3701e0fa9f8f0af87f400041d5f037b82cbbaf54dbcbba280ad1ab3ec3e30af7ebb205b0e5e7e71a14e5ec3333ef9d4aa95917ec4ec4d30058cab865ff6e147b8a9a61a2162281b6477a5fbd1fa9b64c42a78d994f24bf68839752574478d1a00000030000b802c0001800a0001006c696d69740000001c000280080003400000000a08000440000000000800044000000001"], 0x2cd0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

397.082313ms ago: executing program 0 (id=2960):
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x5, 0x0, 0x0, 0x60ff78ce1cb3c070}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000007300)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000006200)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

329.050671ms ago: executing program 1 (id=2961):
unshare(0x20000400)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f0000000480)=""/130, &(0x7f0000000100)=0x82)

328.726742ms ago: executing program 2 (id=2962):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000100)=@newlink={0x50, 0x10, 0x401, 0x70bd28, 0x8848, {0x0, 0x0, 0x0, 0x0, 0x8405, 0x8000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0x200}]}}}, @IFLA_IFNAME={0x14, 0x3, 'bridge0\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x400c800}, 0x40)

328.575184ms ago: executing program 1 (id=2963):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1400000010000100ab5a0000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4024}, 0x4000010)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40)
write$tun(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="000086dd0001110004000000a60c6eec00be844484"], 0xfdef)

268.97614ms ago: executing program 2 (id=2964):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000005c0)={0x3c, r1, 0x1, 0x0, 0x0, {0x49}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x73}}}]}, 0x3c}}, 0x0)

123.230955ms ago: executing program 0 (id=2965):
r0 = socket(0xa, 0x3, 0x87)
sendmmsg$unix(r0, &(0x7f000000cc80)=[{{&(0x7f0000001d40)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000003400)=[{&(0x7f0000000000)="a573dcb5aa", 0x5}, {0x0}], 0x2}}], 0x1, 0x24040080)

61.957041ms ago: executing program 0 (id=2966):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000212c1400001e0a05010000000000000000070000000900020073797a31000000000900010073797a300000000000140380300000802c000180250001"], 0x14b0}}, 0x0)

61.538104ms ago: executing program 2 (id=2967):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r0)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000440)={0x34, r1, 0x607, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x5}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x34}}, 0x20048840)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(0x0, r2)
sendmsg$NLBL_MGMT_C_ADD(r2, 0x0, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r0, 0x0, 0x4008010)
socket$key(0xf, 0x3, 0x2)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
openat$pidfd(0xffffffffffffff9c, 0x0, 0x101880, 0x0)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

355.207µs ago: executing program 2 (id=2968):
r0 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac141411e00000010000000024000000000000000000000007000000441407"], 0x48}, 0x200040c4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

0s ago: executing program 2 (id=2969):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800000019000100000000000000000000000000000000000000000000000000fe8000000000000000833449155bf3c2640000000000000002000010"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x10, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="6501000014"], 0x188}}, 0x0)
mmap(&(0x7f0000c61000/0x4000)=nil, 0x4000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000140)={&(0x7f0000000000)=""/64, 0x1128000, 0x1000, 0x4}, 0x20)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x6)
ioctl$sock_inet6_SIOCDIFADDR(r2, 0x8936, &(0x7f0000000040)={@remote, 0x62})
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r3, &(0x7f0000000100)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002dbd7000000000000100000008000600e0000001050004000100000008000b"], 0x2c}, 0x1, 0x0, 0x0, 0x20048091}, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x101801, 0x0)
ioctl$TUNGETFEATURES(r7, 0x800454cf, 0x0)
bind$alg(r6, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000000)="0800d907", 0x4)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r8, 0x200, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x73}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x15}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x4000000)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:53855' (ED25519) to the list of known hosts.
syzkaller login: [   56.650791][ T5542] cgroup: Unknown subsys name 'net'
[   56.777721][ T5542] cgroup: Unknown subsys name 'cpuset'
[   56.783659][ T5542] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.799813][ T5542] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   63.318834][ T5614] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   63.324823][ T5614] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   63.328005][ T5614] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   63.332104][ T5614] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   63.335988][ T5614] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   63.341613][ T5617] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   63.346141][ T5617] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   63.349216][ T5617] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   63.355760][ T5617] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   63.359978][ T5617] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   63.436074][ T5617] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   63.440063][ T5617] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   63.447906][ T5617] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   63.451814][ T5617] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   63.456464][ T5617] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   64.124953][ T5612] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.128043][ T5612] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.130499][ T5612] bridge_slave_0: entered allmulticast mode
[   64.134611][ T5612] bridge_slave_0: entered promiscuous mode
[   64.156113][ T5615] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.158768][ T5615] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.161499][ T5615] bridge_slave_0: entered allmulticast mode
[   64.166215][ T5615] bridge_slave_0: entered promiscuous mode
[   64.170250][ T5615] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.173284][ T5615] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.176037][ T5615] bridge_slave_1: entered allmulticast mode
[   64.179536][ T5615] bridge_slave_1: entered promiscuous mode
[   64.183616][ T5612] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.186482][ T5612] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.189392][ T5612] bridge_slave_1: entered allmulticast mode
[   64.193166][ T5612] bridge_slave_1: entered promiscuous mode
[   64.260494][ T5612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.265360][ T5612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.278505][ T5615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.300276][ T5615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.315245][ T5626] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.318260][ T5626] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.321316][ T5626] bridge_slave_0: entered allmulticast mode
[   64.325188][ T5626] bridge_slave_0: entered promiscuous mode
[   64.329184][ T5626] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.332002][ T5626] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.336040][ T5626] bridge_slave_1: entered allmulticast mode
[   64.339731][ T5626] bridge_slave_1: entered promiscuous mode
[   64.354760][ T5612] team0: Port device team_slave_0 added
[   64.383621][ T5612] team0: Port device team_slave_1 added
[   64.387045][ T5615] team0: Port device team_slave_0 added
[   64.393168][ T5626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.408752][ T5615] team0: Port device team_slave_1 added
[   64.421517][ T5626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.438777][ T5612] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.441586][ T5612] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.451063][ T5612] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.471493][ T5612] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.476091][ T5612] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.485832][ T5612] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.495810][ T5615] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.498364][ T5615] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.506714][ T5615] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.512694][ T5615] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.515183][ T5615] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.524352][ T5615] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.541073][ T5626] team0: Port device team_slave_0 added
[   64.554411][ T5626] team0: Port device team_slave_1 added
[   64.620727][ T5612] hsr_slave_0: entered promiscuous mode
[   64.623598][ T5612] hsr_slave_1: entered promiscuous mode
[   64.631305][ T5615] hsr_slave_0: entered promiscuous mode
[   64.633753][ T5615] hsr_slave_1: entered promiscuous mode
[   64.635950][ T5615] debugfs: 'hsr0' already exists in 'hsr'
[   64.637897][ T5615] Cannot create hsr debugfs directory
[   64.640098][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.642919][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.651172][ T5626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.656418][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.658610][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.666633][ T5626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.790595][ T5626] hsr_slave_0: entered promiscuous mode
[   64.792982][ T5626] hsr_slave_1: entered promiscuous mode
[   64.795513][ T5626] debugfs: 'hsr0' already exists in 'hsr'
[   64.797617][ T5626] Cannot create hsr debugfs directory
[   65.050006][ T5612] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   65.068293][ T5612] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   65.073966][ T5612] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   65.084302][ T5612] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   65.087761][ T5612] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   65.096427][ T5612] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   65.114930][ T5612] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   65.121392][ T5612] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   65.186867][ T5615] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   65.194294][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   65.199119][ T5615] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   65.206017][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   65.210086][ T5615] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   65.218357][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   65.224555][ T5615] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   65.233140][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   65.327970][ T5626] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   65.336629][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   65.342004][ T5626] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   65.349207][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   65.364933][ T5626] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   65.370837][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   65.375271][ T5626] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   65.381700][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   65.412844][ T5614] Bluetooth: hci0: command tx timeout
[   65.412870][ T5617] Bluetooth: hci1: command tx timeout
[   65.440141][ T5612] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.474780][ T5612] 8021q: adding VLAN 0 to HW filter on device team0
[   65.496110][ T5614] Bluetooth: hci2: command tx timeout
[   65.503443][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.506650][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.511932][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.514178][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.533004][ T5615] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.567262][ T5615] 8021q: adding VLAN 0 to HW filter on device team0
[   65.599687][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.602262][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.617967][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.620297][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.627735][ T5626] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.669533][ T5626] 8021q: adding VLAN 0 to HW filter on device team0
[   65.686557][ T3447] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.689713][ T3447] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.698665][ T3447] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.701521][ T3447] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.011687][ T5612] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.088112][ T5612] veth0_vlan: entered promiscuous mode
[   66.099979][ T5612] veth1_vlan: entered promiscuous mode
[   66.129610][ T5626] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.148365][ T5612] veth0_macvtap: entered promiscuous mode
[   66.168322][ T5612] veth1_macvtap: entered promiscuous mode
[   66.182575][ T5615] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.195448][ T5612] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.215433][ T5612] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.231873][ T5670] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.235248][ T5670] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.248990][ T5670] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.260743][ T5670] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.316229][ T5626] veth0_vlan: entered promiscuous mode
[   66.361141][ T5626] veth1_vlan: entered promiscuous mode
[   66.366341][ T5615] veth0_vlan: entered promiscuous mode
[   66.393743][ T5615] veth1_vlan: entered promiscuous mode
[   66.393763][ T1112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.399208][ T1112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.454787][ T5626] veth0_macvtap: entered promiscuous mode
[   66.465728][ T1112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.466757][ T5626] veth1_macvtap: entered promiscuous mode
[   66.468527][ T1112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.490432][ T5615] veth0_macvtap: entered promiscuous mode
[   66.501512][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.505841][ T5615] veth1_macvtap: entered promiscuous mode
[   66.527111][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.548553][ T5612] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   66.559215][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.564866][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.568339][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.591161][ T5615] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.594018][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.620611][ T5615] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.672592][ T5670] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.680032][ T5670] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.689924][ T5670] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.712738][ T5670] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.725749][ T1112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.734219][ T1112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.834415][  T195] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.843398][  T195] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.899274][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.905631][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.057350][ T1112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.068681][ T1112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.218388][ T5729] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4'.
[   67.492817][ T5614] Bluetooth: hci1: command tx timeout
[   67.504916][ T5614] Bluetooth: hci0: command tx timeout
[   67.573843][ T5614] Bluetooth: hci2: command tx timeout
[   67.593720][ T5749] syzkaller0: entered promiscuous mode
[   67.596852][ T5749] syzkaller0: entered allmulticast mode
[   67.674505][ T5752] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11'.
[   67.778857][ T5756] syzkaller1: entered promiscuous mode
[   67.783042][ T5756] syzkaller1: entered allmulticast mode
[   68.740728][ T5786] netlink: 4 bytes leftover after parsing attributes in process `syz.0.26'.
[   69.082090][ T5802] netlink: zone id is out of range
[   69.084287][ T5802] netlink: zone id is out of range
[   69.087290][ T5802] netlink: zone id is out of range
[   69.089314][ T5802] netlink: set zone limit has 4 unknown bytes
[   69.131746][ T5803] syz.0.33 uses obsolete (PF_INET,SOCK_PACKET)
[   69.424513][ T5814] syzkaller0: entered promiscuous mode
[   69.426809][ T5814] syzkaller0: entered allmulticast mode
[   69.573809][ T5614] Bluetooth: hci0: command tx timeout
[   69.576239][ T5617] Bluetooth: hci1: command tx timeout
[   69.662644][ T5617] Bluetooth: hci2: command tx timeout
[   70.666417][ T5824] hmac(sha224: entered promiscuous mode
[   70.840642][ T5837] netlink: 28 bytes leftover after parsing attributes in process `syz.2.51'.
[   70.843799][ T5837] netlink: 32 bytes leftover after parsing attributes in process `syz.2.51'.
[   70.847282][ T5837] netlink: 28 bytes leftover after parsing attributes in process `syz.2.51'.
[   70.850974][ T5837] netlink: 32 bytes leftover after parsing attributes in process `syz.2.51'.
[   71.657438][ T5617] Bluetooth: hci1: command tx timeout
[   71.660449][ T5614] Bluetooth: hci0: command tx timeout
[   71.742584][ T5614] Bluetooth: hci2: command tx timeout
[   72.366196][ T5892] openvswitch: netlink: Message has 151 unknown bytes.
[   72.436464][ T5905] syzkaller0: entered promiscuous mode
[   72.438459][ T5905] syzkaller0: entered allmulticast mode
[   72.491940][ T5907] netlink: 7 bytes leftover after parsing attributes in process `syz.1.73'.
[   72.584999][ T5912] Driver unsupported XDP return value 0 on prog  (id 9) dev N/A, expect packet loss!
[   72.598760][ T5909] Bluetooth: hci2: Opcode 0x0401 failed: -4
[   73.632057][  T799] cfg80211: failed to load regulatory.db
[   73.895346][ T5952] netlink: 3 bytes leftover after parsing attributes in process `syz.2.91'.
[   73.919044][ T5949] netlink: 8 bytes leftover after parsing attributes in process `syz.0.90'.
[   73.930251][ T5949] netlink: 24 bytes leftover after parsing attributes in process `syz.0.90'.
[   74.067709][ T5962] vlan0: entered promiscuous mode
[   74.173174][ T5970] warning: `syz.0.100' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   74.186547][ T5968] syzkaller0: entered promiscuous mode
[   74.191670][ T5968] syzkaller0: entered allmulticast mode
[   74.532490][ T5614] Bluetooth: hci2: command 0x0401 tx timeout
[   74.575131][ T5992] IPVS: set_ctl: invalid protocol: 136 172.30.0.1:20005
[   74.823269][ T6011] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[   74.911722][ T6020] netlink: 'syz.2.123': attribute type 15 has an invalid length.
[   74.994443][ T6023] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[   75.007722][ T6023] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[   75.014781][ T6023] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[   75.050481][ T6029] pim6reg: entered allmulticast mode
[   75.062741][ T6029] pim6reg: left allmulticast mode
[   75.459786][ T6036] openvswitch: netlink: Key type 142 is out of range max 32
[   75.958328][ T6048] x_tables: ip_tables: icmp match: only valid for protocol 1
[   76.156196][ T6061] netlink: 'syz.2.139': attribute type 3 has an invalid length.
[   76.160285][ T6061] netlink: 'syz.2.139': attribute type 1 has an invalid length.
[   76.164813][ T6061] netlink: 232 bytes leftover after parsing attributes in process `syz.2.139'.
[   76.214266][ T6064] netlink: 'syz.2.140': attribute type 1 has an invalid length.
[   76.249520][ T6064] gretap1: entered allmulticast mode
[   76.256598][ T6064] bond1: (slave gretap1): making interface the new active one
[   76.259873][ T6064] bond1: (slave gretap1): Enslaving as an active interface with an up link
[   76.700331][ T1380] ieee802154 phy0 wpan0: encryption failed: -22
[   76.704964][ T1380] ieee802154 phy1 wpan1: encryption failed: -22
[   76.749210][ T6096] netlink: 'syz.0.152': attribute type 1 has an invalid length.
[   76.844619][ T6096] gretap1: entered allmulticast mode
[   76.857390][ T6096] bond1: (slave gretap1): making interface the new active one
[   76.861326][ T6096] bond1: (slave gretap1): Enslaving as an active interface with an up link
[   77.345822][ T6126] Unsupported ieee802154 address type: 0
[   77.376208][ T6129] netlink: 'syz.0.167': attribute type 9 has an invalid length.
[   77.378646][ T6129] netlink: 8 bytes leftover after parsing attributes in process `syz.0.167'.
[   77.390697][ T6129] gretap0: entered promiscuous mode
[   77.397750][ T6129] macvlan2: entered promiscuous mode
[   77.400384][ T6129] macvlan2: entered allmulticast mode
[   77.408883][ T6129] gretap0: entered allmulticast mode
[   77.421477][ T6129] netlink: 'syz.0.167': attribute type 9 has an invalid length.
[   77.424193][ T6129] netlink: 8 bytes leftover after parsing attributes in process `syz.0.167'.
[   77.439516][ T6129] macvlan3: entered promiscuous mode
[   77.443052][ T6129] macvlan3: entered allmulticast mode
[   77.447586][ T6129] Zero length message leads to an empty skb
[   78.020000][ T6164] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   78.087402][ T6170] netlink: 68 bytes leftover after parsing attributes in process `syz.2.183'.
[   78.121058][ T6172] netlink: 16 bytes leftover after parsing attributes in process `syz.2.184'.
[   78.201420][ T6174] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.292256][ T6174] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.365202][ T6174] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.452245][ T6174] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.569901][   T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.597606][   T12] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.641467][   T12] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.672041][   T12] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.927840][   T12] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   78.930896][   T12] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   78.942230][ T6211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.200'.
[   78.946890][   T12] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   78.955659][   T12] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   79.383415][ T6235] netlink: 32 bytes leftover after parsing attributes in process `syz.1.212'.
[   79.485211][ T6245] netlink: 8 bytes leftover after parsing attributes in process `syz.0.216'.
[   79.535603][ T6249] openvswitch: netlink: IP tunnel dst address not specified
[   79.691680][ T6261] netlink: 16 bytes leftover after parsing attributes in process `syz.2.224'.
[   80.593892][ T6295] netlink: zone id is out of range
[   80.595897][ T6295] netlink: zone id is out of range
[   80.597590][ T6295] netlink: zone id is out of range
[   80.599246][ T6295] netlink: zone id is out of range
[   80.600866][ T6295] netlink: zone id is out of range
[   80.603565][ T6295] netlink: zone id is out of range
[   80.605658][ T6295] netlink: zone id is out of range
[   80.607880][ T6295] netlink: zone id is out of range
[   80.609975][ T6295] netlink: zone id is out of range
[   80.611850][ T6295] netlink: zone id is out of range
[   80.715867][ T6299] ip6gre1: entered promiscuous mode
[   80.718212][ T6299] ip6gre1: entered allmulticast mode
[   81.749237][ T6341] xt_policy: input policy not valid in POSTROUTING and OUTPUT
[   81.816923][ T6343] netlink: 'syz.0.264': attribute type 29 has an invalid length.
[   81.830704][ T6343] netlink: 8 bytes leftover after parsing attributes in process `syz.0.264'.
[   81.841871][ T6343] netlink: 'syz.0.264': attribute type 29 has an invalid length.
[   81.849546][ T6343] netlink: 8 bytes leftover after parsing attributes in process `syz.0.264'.
[   81.858159][ T6343] netlink: 'syz.0.264': attribute type 29 has an invalid length.
[   81.864073][ T6343] netlink: 8 bytes leftover after parsing attributes in process `syz.0.264'.
[   81.867804][ T6343] netlink: 'syz.0.264': attribute type 29 has an invalid length.
[   81.878387][ T6343] netlink: 8 bytes leftover after parsing attributes in process `syz.0.264'.
[   81.884215][ T6339] netlink: 'syz.1.261': attribute type 2 has an invalid length.
[   81.889466][ T6343] netlink: 'syz.0.264': attribute type 29 has an invalid length.
[   81.890388][ T6339] netlink: 'syz.1.261': attribute type 2 has an invalid length.
[   81.891990][ T6343] netlink: 'syz.0.264': attribute type 29 has an invalid length.
[   81.898234][ T6343] netlink: 'syz.0.264': attribute type 29 has an invalid length.
[   81.901063][ T6343] netlink: 'syz.0.264': attribute type 29 has an invalid length.
[   81.941525][ T6339] macsec1: entered promiscuous mode
[   81.966350][ T6350] pim6reg: entered allmulticast mode
[   81.971653][ T6350] pim6reg: left allmulticast mode
[   82.090325][ T6358] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   82.334431][ T6369] af_packet: tpacket_rcv: packet too big, clamped from 29 to 4294967272. macoff=96
[   82.531730][ T6383] batadv_slave_1: entered promiscuous mode
[   82.542857][ T6383] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   82.561104][ T6383] batadv_slave_1 (unregistering): left promiscuous mode
[   82.563687][ T6383] batman_adv: batadv0: Removing interface: batadv_slave_1
[   82.740002][ T6395] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.225393][ T6431] __nla_validate_parse: 19 callbacks suppressed
[   83.225410][ T6431] netlink: 20 bytes leftover after parsing attributes in process `syz.0.306'.
[   83.240526][ T6431] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.245117][ T6431] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.325649][ T6438] netlink: 8 bytes leftover after parsing attributes in process `syz.0.309'.
[   83.506127][ T6454] netlink: 5000 bytes leftover after parsing attributes in process `syz.2.316'.
[   83.936476][ T6471] netlink: 32 bytes leftover after parsing attributes in process `syz.2.324'.
[   83.944728][ T6473] netlink: 72 bytes leftover after parsing attributes in process `syz.0.325'.
[   84.118101][ T6485] netlink: 24 bytes leftover after parsing attributes in process `syz.2.327'.
[   84.354634][ T6499] tipc: Failed to remove unknown binding: 66,1,1/0:4082666074/4082666076
[   84.362792][ T6499] tipc: Failed to remove unknown binding: 66,1,1/0:4082666074/4082666076
[   85.528655][ T6521] netlink: 8 bytes leftover after parsing attributes in process `syz.2.347'.
[   85.783458][ T6534] 8021q: adding VLAN 0 to HW filter on device bond3
[   85.791969][ T6534] bond2: (slave bond3): making interface the new active one
[   85.800269][ T6534] bond2: (slave bond3): Enslaving as an active interface with an up link
[   85.845592][ T6534] netlink: 104 bytes leftover after parsing attributes in process `syz.0.351'.
[   85.959128][ T6554] netlink: 4 bytes leftover after parsing attributes in process `syz.0.355'.
[   85.967695][ T6554] netlink: 4 bytes leftover after parsing attributes in process `syz.0.355'.
[   86.150586][ T6571] Bluetooth: MGMT ver 1.23
[   86.289521][ T6581] pim6reg: entered allmulticast mode
[   86.298460][ T6580] pim6reg: left allmulticast mode
[   86.310858][ T6583] net_ratelimit: 347 callbacks suppressed
[   86.310869][ T6583] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   86.358113][ T6587] x_tables: ip6_tables: icmp6 match: only valid for protocol 58
[   87.508405][ T6640] syzkaller0: entered promiscuous mode
[   87.524358][ T6640] syzkaller0: entered allmulticast mode
[   88.052047][ T6661] validate_nla: 18 callbacks suppressed
[   88.052063][ T6661] netlink: 'syz.2.406': attribute type 1 has an invalid length.
[   88.498575][ T5692] IPVS: starting estimator thread 0...
[   88.592856][ T6685] IPVS: using max 53 ests per chain, 127200 per kthread
[   88.855048][ T6676] 8021q: adding VLAN 0 to HW filter on device bond1
[   88.868904][ T6695] __nla_validate_parse: 8 callbacks suppressed
[   88.868916][ T6695] netlink: 16 bytes leftover after parsing attributes in process `syz.1.420'.
[   88.869098][ T6676] 8021q: adding VLAN 0 to HW filter on device eth0
[   88.889559][ T6676] 8021q: adding VLAN 0 to HW filter on device eth1
[   88.897850][ T6676] 8021q: adding VLAN 0 to HW filter on device eth2
[   88.907267][ T6676] 8021q: adding VLAN 0 to HW filter on device eth3
[   88.916116][ T6676] ip6gre1: left promiscuous mode
[   88.923532][ T1111] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.926093][ T1111] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.172156][ T6713] netlink: 'syz.2.426': attribute type 13 has an invalid length.
[   89.195933][ T6713] netlink: 'syz.2.426': attribute type 17 has an invalid length.
[   89.207341][ T6707] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.213967][ T6707] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.319560][ T6707] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   89.328556][ T6707] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   89.374331][ T6723] netlink: 4 bytes leftover after parsing attributes in process `syz.2.426'.
[   89.574287][ T6713] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.577821][ T6713] 8021q: adding VLAN 0 to HW filter on device team0
[   89.588780][ T6713] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.621211][ T6713] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.623740][ T6713] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.631230][ T6713] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.633506][ T6713] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.645662][ T6713] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.649981][ T6713] batman_adv: batadv0: Interface activated: batadv_slave_1
[   89.679188][ T6713] veth1_vlan: left promiscuous mode
[   89.684220][ T6713] veth0_vlan: left promiscuous mode
[   89.687854][ T6713] veth0_vlan: entered promiscuous mode
[   89.699858][ T6713] veth1_vlan: entered promiscuous mode
[   89.713364][ T6713] veth1_macvtap: left promiscuous mode
[   89.717711][ T6713] veth0_macvtap: left promiscuous mode
[   89.721811][ T6713] veth0_macvtap: entered promiscuous mode
[   89.737382][ T6713] veth1_macvtap: entered promiscuous mode
[   89.758439][ T6713] 8021q: adding VLAN 0 to HW filter on device bond1
[   89.761354][ T6713] gretap1: left allmulticast mode
[   89.772214][ T6713] 8021q: adding VLAN 0 to HW filter on device eth0
[   89.780643][ T6713] 8021q: adding VLAN 0 to HW filter on device eth1
[   89.791108][ T6713] 8021q: adding VLAN 0 to HW filter on device eth2
[   89.800607][ T6713] 8021q: adding VLAN 0 to HW filter on device eth3
[   89.815701][ T6713] ip6gre1: left allmulticast mode
[   90.166786][ T6754] bond4: entered promiscuous mode
[   90.169771][ T6754] 8021q: adding VLAN 0 to HW filter on device bond4
[   90.314702][ T6772] netlink: 'syz.0.452': attribute type 11 has an invalid length.
[   90.371368][ T6777] netlink: 12 bytes leftover after parsing attributes in process `syz.0.453'.
[   90.375383][ T6777] netlink: 36 bytes leftover after parsing attributes in process `syz.0.453'.
[   90.391145][ T6777] vlan2: entered promiscuous mode
[   90.395349][ T6777] vlan2: entered allmulticast mode
[   90.547056][ T6785] netlink: 'syz.1.455': attribute type 8 has an invalid length.
[   90.649403][ T6793] netlink: 8 bytes leftover after parsing attributes in process `syz.1.459'.
[   90.652214][ T6793] netlink: 8 bytes leftover after parsing attributes in process `syz.1.459'.
[   90.737016][ T6801] netlink: 'syz.2.462': attribute type 21 has an invalid length.
[   90.739564][ T6801] IPv6: NLM_F_CREATE should be specified when creating new route
[   90.809645][ T6807] netlink: 8 bytes leftover after parsing attributes in process `syz.0.465'.
[   91.045438][ T6825] trusted_key: syz.0.471 sent an empty control message without MSG_MORE.
[   91.503698][ T6852] netlink: 8 bytes leftover after parsing attributes in process `syz.1.485'.
[   91.507149][ T6852] netlink: 312 bytes leftover after parsing attributes in process `syz.1.485'.
[   91.510564][ T6852] netlink: 8 bytes leftover after parsing attributes in process `syz.1.485'.
[   91.730732][ T6869] netlink: 'syz.1.493': attribute type 2 has an invalid length.
[   92.226468][ T6909] syzkaller0: entered promiscuous mode
[   92.228524][ T6909] syzkaller0: entered allmulticast mode
[   92.238073][ T6911] netlink: 'syz.0.512': attribute type 6 has an invalid length.
[   92.243006][ T6911] netlink: 'syz.0.512': attribute type 5 has an invalid length.
[   92.589888][ T6933] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   92.593752][ T6933] IPv6: NLM_F_CREATE should be set when creating new route
[   92.819981][ T6952] pim6reg0: tun_chr_ioctl cmd 1074025675
[   92.821793][ T6952] pim6reg0: persist disabled
[   93.580955][ T6993] xt_hashlimit: invalid rate
[   93.605679][ T6995] bond1: option arp_interval: mode dependency failed, not supported in mode 802.3ad(4)
[   93.614385][ T6995] bond1 (unregistering): Released all slaves
[   93.634923][ T6994] batman_adv: batadv0: Adding interface: dummy0
[   93.638670][ T6994] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   93.647768][ T6994] batman_adv: batadv0: Interface activated: dummy0
[   93.686732][ T6998] batadv0: mtu less than device minimum
[   93.690643][ T6998] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   93.696883][ T6998] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   93.701964][ T6998] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   93.707028][ T6998] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   93.711743][ T6998] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   93.716767][ T6998] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   93.721834][ T6998] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   93.726889][ T6998] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   93.732162][ T6998] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   93.887812][ T7010] syz.0.553: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[   93.904796][ T7001] syzkaller0: entered promiscuous mode
[   93.906698][ T7001] syzkaller0: entered allmulticast mode
[   93.915215][ T7010] CPU: 0 UID: 0 PID: 7010 Comm: syz.0.553 Not tainted syzkaller #0 PREEMPT(full) 
[   93.915229][ T7010] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   93.915235][ T7010] Call Trace:
[   93.915241][ T7010]  <TASK>
[   93.915246][ T7010]  dump_stack_lvl+0xe8/0x150
[   93.915263][ T7010]  warn_alloc+0x249/0x340
[   93.915313][ T7010]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   93.915337][ T7010]  ? __pfx_warn_alloc+0x10/0x10
[   93.915352][ T7010]  ? kasan_save_track+0x4f/0x80
[   93.915363][ T7010]  ? kasan_save_track+0x3e/0x80
[   93.915376][ T7010]  ? __kasan_kmalloc+0x93/0xb0
[   93.915390][ T7010]  ? __kmalloc_cache_noprof+0x31c/0x660
[   93.915409][ T7010]  ? xskq_create+0x56/0x170
[   93.915421][ T7010]  ? xsk_setsockopt+0x54c/0x990
[   93.915429][ T7010]  ? do_sock_setsockopt+0x17c/0x1b0
[   93.915441][ T7010]  ? __x64_sys_setsockopt+0x13d/0x1b0
[   93.915452][ T7010]  ? do_syscall_64+0x15f/0xf80
[   93.915465][ T7010]  __vmalloc_node_range_noprof+0x132/0x1750
[   93.915490][ T7010]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   93.915503][ T7010]  ? __kasan_kmalloc+0x93/0xb0
[   93.915521][ T7010]  vmalloc_user_noprof+0xad/0xe0
[   93.915549][ T7010]  ? xskq_create+0xbf/0x170
[   93.915565][ T7010]  xskq_create+0xbf/0x170
[   93.915584][ T7010]  xsk_init_queue+0x8a/0xe0
[   93.915602][ T7010]  xsk_setsockopt+0x54c/0x990
[   93.915619][ T7010]  ? __pfx_xsk_setsockopt+0x10/0x10
[   93.915636][ T7010]  ? __pfx_aa_sk_perm+0x10/0x10
[   93.915658][ T7010]  ? aa_sock_opt_perm+0xff/0x1a0
[   93.915679][ T7010]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[   93.915693][ T7010]  ? __pfx_xsk_setsockopt+0x10/0x10
[   93.915702][ T7010]  do_sock_setsockopt+0x17c/0x1b0
[   93.915719][ T7010]  __x64_sys_setsockopt+0x13d/0x1b0
[   93.915737][ T7010]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.915753][ T7010]  do_syscall_64+0x15f/0xf80
[   93.915775][ T7010]  ? trace_irq_disable+0x3b/0x140
[   93.915799][ T7010]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.915817][ T7010] RIP: 0033:0x7f029b59ce59
[   93.915834][ T7010] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   93.915849][ T7010] RSP: 002b:00007f02997ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   93.915864][ T7010] RAX: ffffffffffffffda RBX: 00007f029b815fa0 RCX: 00007f029b59ce59
[   93.915875][ T7010] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[   93.915883][ T7010] RBP: 00007f029b632d6f R08: 0000000000000004 R09: 0000000000000000
[   93.915892][ T7010] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[   93.915900][ T7010] R13: 00007f029b816038 R14: 00007f029b815fa0 R15: 00007ffcae6d7bd8
[   93.915925][ T7010]  </TASK>
[   93.915933][ T7010] Mem-Info:
[   94.017130][ T7010] active_anon:5759 inactive_anon:0 isolated_anon:0
[   94.017130][ T7010]  active_file:11264 inactive_file:38335 isolated_file:0
[   94.017130][ T7010]  unevictable:1768 dirty:308 writeback:0
[   94.017130][ T7010]  slab_reclaimable:9859 slab_unreclaimable:127443
[   94.017130][ T7010]  mapped:18249 shmem:2366 pagetables:1021
[   94.017130][ T7010]  sec_pagetables:0 bounce:0
[   94.017130][ T7010]  kernel_misc_reclaimable:0
[   94.017130][ T7010]  free:1084065 free_pcp:28055 free_cma:0
[   94.032509][ T7010] Node 0 active_anon:10264kB inactive_anon:0kB active_file:12472kB inactive_file:3704kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:26372kB dirty:412kB writeback:0kB shmem:4820kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8448kB pagetables:2244kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[   94.052002][ T7010] Node 1 active_anon:12772kB inactive_anon:0kB active_file:32584kB inactive_file:149636kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:46624kB dirty:820kB writeback:0kB shmem:4644kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:3304kB pagetables:1840kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[   94.068894][ T7010] Node 0 DMA free:15360kB boost:0kB min:240kB low:300kB high:360kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   94.080308][ T7010] lowmem_reserve[]: 0 1587 2117 2117 2117
[   94.082726][ T7010] Node 0 DMA32 free:1602600kB boost:0kB min:25012kB low:31264kB high:37516kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:2080636kB managed:1625136kB mlocked:0kB bounce:0kB free_pcp:22528kB local_pcp:9088kB free_cma:0kB
[   94.094775][ T7010] lowmem_reserve[]: 0 0 530 530 530
[   94.097022][ T7010] Node 0 Normal free:72624kB boost:0kB min:8512kB low:10640kB high:12768kB reserved_highatomic:0KB free_highatomic:0KB active_anon:10264kB inactive_anon:0kB active_file:12472kB inactive_file:3704kB unevictable:3536kB writepending:428kB zspages:0kB present:1572868kB managed:543144kB mlocked:0kB bounce:0kB free_pcp:24128kB local_pcp:24084kB free_cma:0kB
[   94.109241][ T7010] lowmem_reserve[]: 0 0 0 0 0
[   94.111064][ T7010] Node 1 Normal free:2646076kB boost:0kB min:56344kB low:70428kB high:84512kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12656kB inactive_anon:0kB active_file:32584kB inactive_file:149644kB unevictable:3536kB writepending:908kB zspages:0kB present:3670012kB managed:3594684kB mlocked:0kB bounce:0kB free_pcp:65668kB local_pcp:34920kB free_cma:0kB
[   94.121017][ T7010] lowmem_reserve[]: 0 0 0 0 0
[   94.123349][ T7010] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   94.128572][ T7010] Node 0 DMA32: 4*4kB (M) 5*8kB (UM) 5*16kB (UM) 5*32kB (UM) 4*64kB (UM) 4*128kB (UM) 4*256kB (UM) 2*512kB (UM) 4*1024kB (UM) 5*2048kB (UM) 387*4096kB (UM) = 1602600kB
[   94.141708][ T7010] Node 0 Normal: 530*4kB (UM) 581*8kB (UME) 356*16kB (UME) 74*32kB (UM) 81*64kB (UM) 85*128kB (UME) 33*256kB (UM) 13*512kB (UM) 8*1024kB (UME) 5*2048kB (UME) 2*4096kB (U) = 72624kB
[   94.151913][ T7010] Node 1 Normal: 1945*4kB (UME) 767*8kB (UME) 152*16kB (UM) 46*32kB (UM) 106*64kB (UM) 41*128kB (UME) 37*256kB (UME) 8*512kB (UM) 5*1024kB (UME) 6*2048kB (UM) 631*4096kB (UM) = 2645404kB
[   94.164949][ T7010] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   94.167939][ T7010] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   94.170981][ T7010] 51969 total pagecache pages
[   94.180163][ T7010] 0 pages in swap cache
[   94.181553][ T7010] Free swap  = 124996kB
[   94.191070][ T7010] Total swap = 124996kB
[   94.192874][ T7010] 1834877 pages RAM
[   94.196623][ T7010] 0 pages HighMem/MovableOnly
[   94.198221][ T7010] 390296 pages reserved
[   94.208892][ T7010] 0 pages cma reserved
[   95.438089][ T7042] netlink: 'syz.0.562': attribute type 1 has an invalid length.
[   95.545570][ T7051] __nla_validate_parse: 6 callbacks suppressed
[   95.545585][ T7051] netlink: 16 bytes leftover after parsing attributes in process `syz.1.567'.
[   95.623635][ T7058] netlink: 'syz.2.569': attribute type 15 has an invalid length.
[   96.273964][ T7102] syzkaller0: entered promiscuous mode
[   96.275875][ T7102] syzkaller0: entered allmulticast mode
[   96.934770][ T7118] netlink: 8 bytes leftover after parsing attributes in process `syz.0.585'.
[   97.647530][ T7129] netlink: 8 bytes leftover after parsing attributes in process `syz.0.590'.
[   97.956866][ T7132] netlink: 8 bytes leftover after parsing attributes in process `syz.0.591'.
[   98.022957][ T7139] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.593'.
[   98.400906][ T7168] netlink: 4 bytes leftover after parsing attributes in process `syz.0.603'.
[   98.551951][   T31] bridge0: entered promiscuous mode
[   98.633634][ T7179] netlink: 4 bytes leftover after parsing attributes in process `syz.0.607'.
[   98.676921][ T7185] tipc: Started in network mode
[   98.681065][ T7185] tipc: Node identity , cluster identity 4711
[   98.685401][ T7185] tipc: Failed to obtain node identity
[   98.687268][ T7185] tipc: Enabling of bearer <eth:gre0> rejected, failed to enable media
[   98.723312][ T7191] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[   98.725884][ T7191] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[   98.730355][ T7191] netdevsim netdevsim0 netdevsim0: refused to change device tx_queue_len
[   98.796064][ T7199] xt_l2tp: v2 tid > 0xffff: 37482740
[   99.510312][ T7245] netlink: 16 bytes leftover after parsing attributes in process `syz.2.637'.
[   99.655964][ T7252] tipc: Started in network mode
[   99.657649][ T7252] tipc: Node identity defc7f305a79, cluster identity 4711
[   99.660199][ T7252] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   99.711555][ T7252] syzkaller0: entered promiscuous mode
[   99.713690][ T7252] syzkaller0: entered allmulticast mode
[   99.724858][ T7253] tipc: Resetting bearer <eth:syzkaller0>
[   99.757014][ T7252] tipc: Resetting bearer <eth:syzkaller0>
[   99.773231][ T7252] tipc: Disabling bearer <eth:syzkaller0>
[  100.220698][ T7277] net_ratelimit: 358 callbacks suppressed
[  100.220710][ T7277] netlink: zone id is out of range
[  100.227660][ T7276] netlink: 12 bytes leftover after parsing attributes in process `syz.0.650'.
[  100.366738][ T7286] raw_sendmsg: syz.0.654 forgot to set AF_INET. Fix it!
[  100.439645][ T7289] netlink: 8 bytes leftover after parsing attributes in process `syz.0.656'.
[  100.452439][ T7289] netlink: 'syz.0.656': attribute type 18 has an invalid length.
[  100.762025][ T7312] __nla_validate_parse: 1 callbacks suppressed
[  100.762040][ T7312] netlink: 71 bytes leftover after parsing attributes in process `syz.1.665'.
[  100.791571][ T7312] team0 (unregistering): Port device team_slave_0 removed
[  100.815210][ T7312] team0 (unregistering): Port device team_slave_1 removed
[  100.904773][ T7324] netlink: 48 bytes leftover after parsing attributes in process `syz.1.672'.
[  100.973390][ T7330] netlink: 12 bytes leftover after parsing attributes in process `syz.1.676'.
[  100.976158][ T7330] netlink: 12 bytes leftover after parsing attributes in process `syz.1.676'.
[  101.024513][ T7335] openvswitch: netlink: IP tunnel dst address not specified
[  101.151550][ T7345] ip6erspan0: entered promiscuous mode
[  101.153997][ T7345] ip6erspan0: entered allmulticast mode
[  101.174213][ T7347] netlink: 44 bytes leftover after parsing attributes in process `syz.1.682'.
[  101.394123][ T7359] geneve2: entered allmulticast mode
[  101.901362][ T7374] netlink: 32 bytes leftover after parsing attributes in process `syz.2.694'.
[  101.909168][ T7374] netlink: 'syz.2.694': attribute type 1 has an invalid length.
[  101.998521][ T7380] netlink: 8 bytes leftover after parsing attributes in process `syz.0.698'.
[  102.068506][ T7380] batman_adv: batadv0: Interface deactivated: dummy0
[  102.071328][ T7380] batman_adv: batadv0: Removing interface: dummy0
[  102.089831][ T7380] bridge_slave_0: left allmulticast mode
[  102.098527][ T7380] bridge_slave_0: left promiscuous mode
[  102.104045][ T7380] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.317269][ T7380] bridge_slave_1: left allmulticast mode
[  102.329620][ T7380] bridge_slave_1: left promiscuous mode
[  102.343797][ T7380] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.397751][ T7380] bond0: (slave bond_slave_0): Releasing backup interface
[  102.416917][ T7380] bond0: (slave bond_slave_1): Releasing backup interface
[  102.442410][ T7380] team0: Port device team_slave_0 removed
[  102.449222][ T7380] team0: Port device team_slave_1 removed
[  102.452059][ T7380] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  102.456839][ T7380] batman_adv: batadv0: Removing interface: batadv_slave_0
[  102.460512][ T7380] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  102.505236][ T7401] netlink: 8 bytes leftover after parsing attributes in process `syz.1.704'.
[  102.621510][ T7405] syzkaller0: entered promiscuous mode
[  102.625388][ T7405] syzkaller0: entered allmulticast mode
[  103.106050][ T7461] netlink: 'syz.2.733': attribute type 15 has an invalid length.
[  103.108510][ T7461] netlink: 16 bytes leftover after parsing attributes in process `syz.2.733'.
[  103.140531][ T7465] netlink: 20 bytes leftover after parsing attributes in process `syz.2.735'.
[  103.170957][ T7467] sctp: [Deprecated]: syz.2.736 (pid 7467) Use of int in maxseg socket option.
[  103.170957][ T7467] Use struct sctp_assoc_value instead
[  103.249547][ T7473] netlink: 'syz.0.739': attribute type 8 has an invalid length.
[  103.961846][ T7511] xt_bpf: check failed: parse error
[  104.089776][ T7519] bond1: option fail_over_mac: invalid value (127)
[  104.095924][ T7519] bond1 (unregistering): Released all slaves
[  104.464418][ T7528] netlink: 'syz.2.763': attribute type 12 has an invalid length.
[  104.497042][ T7534] openvswitch: netlink: Actions may not be safe on all matching packets
[  104.801824][ T7549] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.807382][ T7549] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.846492][ T7549] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.848901][ T7549] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.852388][ T7549] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.854711][ T7549] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.750828][ T7570] syz.1.783 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  105.755615][ T7570] CPU: 0 UID: 0 PID: 7570 Comm: syz.1.783 Not tainted syzkaller #0 PREEMPT(full) 
[  105.755643][ T7570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  105.755651][ T7570] Call Trace:
[  105.755657][ T7570]  <TASK>
[  105.755664][ T7570]  dump_stack_lvl+0xe8/0x150
[  105.755688][ T7570]  dump_header+0xd3/0x4c0
[  105.755712][ T7570]  oom_kill_process+0x3ab/0x970
[  105.755734][ T7570]  out_of_memory+0x106c/0x1410
[  105.755748][ T7570]  ? try_charge_memcg+0xbb9/0x1570
[  105.755772][ T7570]  ? __pfx___mutex_lock+0x10/0x10
[  105.755791][ T7570]  ? __pfx_out_of_memory+0x10/0x10
[  105.755805][ T7570]  ? do_raw_spin_unlock+0x4d/0x210
[  105.755832][ T7570]  try_charge_memcg+0xc77/0x1570
[  105.755865][ T7570]  ? __pfx_try_charge_memcg+0x10/0x10
[  105.755881][ T7570]  ? percpu_ref_tryget+0x15/0x180
[  105.755916][ T7570]  ? charge_memcg+0x23/0x2b0
[  105.755935][ T7570]  charge_memcg+0x1a2/0x2b0
[  105.755954][ T7570]  ? mem_cgroup_swapin_charge_folio+0x33/0x390
[  105.755971][ T7570]  mem_cgroup_swapin_charge_folio+0x262/0x390
[  105.755991][ T7570]  __swap_cache_prepare_and_add+0xdc/0x700
[  105.756013][ T7570]  ? page_rmappable_folio+0x9a/0x170
[  105.756040][ T7570]  swap_cache_alloc_folio+0xf1/0x240
[  105.756058][ T7570]  swap_cluster_readahead+0x355/0x670
[  105.756078][ T7570]  ? __pfx_swap_cluster_readahead+0x10/0x10
[  105.756103][ T7570]  ? get_vma_policy+0x27b/0x3c0
[  105.756124][ T7570]  swapin_readahead+0x196/0xc50
[  105.756143][ T7570]  ? swap_table_get+0x1e/0x260
[  105.756159][ T7570]  ? __pfx_swapin_readahead+0x10/0x10
[  105.756170][ T7570]  ? swap_table_get+0x1e/0x260
[  105.756177][ T7570]  ? swap_table_get+0x1e/0x260
[  105.756184][ T7570]  ? swap_table_get+0x1e/0x260
[  105.756192][ T7570]  ? swap_table_get+0x216/0x260
[  105.756200][ T7570]  ? swap_cache_get_folio+0x2e4/0x2f0
[  105.756211][ T7570]  do_swap_page+0x555/0x5120
[  105.756222][ T7570]  ? __pte_offset_map+0x29/0x240
[  105.756231][ T7570]  ? __pte_offset_map+0x29/0x240
[  105.756245][ T7570]  ? do_swap_page+0x128/0x5120
[  105.756258][ T7570]  ? __pfx_do_swap_page+0x10/0x10
[  105.756271][ T7570]  ? __pte_offset_map+0x1ae/0x240
[  105.756289][ T7570]  ? pte_offset_map_rw_nolock+0xea/0x160
[  105.756307][ T7570]  handle_mm_fault+0x12d4/0x3170
[  105.756327][ T7570]  ? handle_mm_fault+0xee/0x3170
[  105.756339][ T7570]  ? __pfx_handle_mm_fault+0x10/0x10
[  105.756347][ T7570]  ? lock_vma_under_rcu+0x45a/0x500
[  105.756364][ T7570]  ? irqentry_exit+0x218/0x760
[  105.756403][ T7570]  do_user_addr_fault+0xa73/0x1340
[  105.756422][ T7570]  ? rcu_is_watching+0x15/0xb0
[  105.756434][ T7570]  ? trace_page_fault_user+0x84/0x1e0
[  105.756443][ T7570]  exc_page_fault+0x6a/0xc0
[  105.756453][ T7570]  asm_exc_page_fault+0x26/0x30
[  105.756461][ T7570] RIP: 0033:0x7f1ac466a7d0
[  105.756545][ T7570] Code: c4 4c 0f 42 e0 83 3d fa d5 3a 00 00 0f 8e d9 fd ff ff e8 23 80 fe ff 49 39 c4 0f 82 82 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 <69> 3d be ae ed 00 e8 03 00 00 48 8d 1d bf b7 3a 00 e8 8a 31 13 00
[  105.756557][ T7570] RSP: 002b:00007ffd1dee73b0 EFLAGS: 00010216
[  105.756570][ T7570] RAX: 0000000000019c9c RBX: 00007f1ac4a17da0 RCX: 0000000000019a28
[  105.756578][ T7570] RDX: 0000000000000274 RSI: 00007ffd1dee7390 RDI: 0000000000000001
[  105.756586][ T7570] RBP: 00007f1ac4a17da0 R08: 00000000257639bb R09: 3fffffffffffffff
[  105.756594][ T7570] R10: 4000000000000000 R11: 0000000000000246 R12: 0000000000019dab
[  105.756603][ T7570] R13: 00007f1ac4a15fac R14: 0000000000019a9e R15: 00007ffd1dee74b0
[  105.756632][ T7570]  </TASK>
[  105.756792][ T7570] memory: usage 307200kB, limit 307200kB, failcnt 2253
[  105.880105][ T7570] memory+swap: usage 307300kB, limit 9007199254740988kB, failcnt 0
[  105.886621][ T7570] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0
[  105.889508][ T7570] Memory cgroup stats for /syz1:
[  105.889669][ T7570] cache 0
[  105.894961][ T7570] rss 0
[  105.896097][ T7570] rss_huge 0
[  105.897434][ T7570] shmem 0
[  105.898637][ T7570] mapped_file 0
[  105.900031][ T7570] dirty 0
[  105.901209][ T7570] writeback 0
[  105.902686][ T7570] workingset_refault_anon 18
[  105.904501][ T7570] workingset_refault_file 1
[  105.906271][ T7570] swap 102400
[  105.907602][ T7570] swapcached 225280
[  105.908810][ T7570] pgpgin 22141
[  105.910014][ T7570] pgpgout 22138
[  105.911110][ T7570] pgfault 43127
[  105.912257][ T7570] pgmajfault 15
[  105.913691][ T7570] inactive_anon 8192
[  105.914897][ T7570] active_anon 4096
[  105.916034][ T7570] inactive_file 0
[  105.917140][ T7570] active_file 0
[  105.918193][ T7570] unevictable 0
[  105.919346][ T7570] hierarchical_memory_limit 314572800
[  105.920988][ T7570] hierarchical_memsw_limit 9223372036854771712
[  105.922920][ T7570] total_cache 0
[  105.923988][ T7570] total_rss 0
[  105.925002][ T7570] total_rss_huge 0
[  105.926129][ T7570] total_shmem 0
[  105.927188][ T7570] total_mapped_file 0
[  105.928428][ T7570] total_dirty 0
[  105.930718][ T7570] total_writeback 0
[  105.931938][ T7570] total_workingset_refault_anon 18
[  105.935899][ T7570] total_workingset_refault_file 1
[  105.937441][ T7570] total_swap 102400
[  105.939934][ T7570] total_swapcached 225280
[  105.941332][ T7570] total_pgpgin 22141
[  105.943038][ T7570] total_pgpgout 22138
[  105.944409][ T7570] total_pgfault 43127
[  105.945791][ T7570] total_pgmajfault 15
[  105.947301][ T7570] total_inactive_anon 8192
[  105.952651][ T7570] total_active_anon 4096
[  105.954010][ T7570] total_inactive_file 0
[  105.961063][ T7570] total_active_file 0
[  105.964010][ T7570] total_unevictable 0
[  105.965361][ T7570] anon_cost 0
[  105.972846][ T7570] file_cost 0
[  105.973989][ T7570] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.783,pid=7570,uid=0
[  105.983497][ T7570] Memory cgroup out of memory: Killed process 7570 (syz.1.783) total-vm:102160kB, anon-rss:1244kB, file-rss:21580kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000
[  106.424698][ T7594] ip6gretap0: entered promiscuous mode
[  107.006202][ T7624] netlink: 'syz.0.805': attribute type 83 has an invalid length.
[  107.132703][ T7629] netlink: 'syz.0.807': attribute type 4 has an invalid length.
[  107.334291][ T7638] sctp: [Deprecated]: syz.1.812 (pid 7638) Use of struct sctp_assoc_value in delayed_ack socket option.
[  107.334291][ T7638] Use struct sctp_sack_info instead
[  107.450662][ T7647] __nla_validate_parse: 3 callbacks suppressed
[  107.450674][ T7647] netlink: 404 bytes leftover after parsing attributes in process `syz.0.815'.
[  107.457621][ T7647] netlink: 28 bytes leftover after parsing attributes in process `syz.0.815'.
[  107.460762][ T7647] netlink: 28 bytes leftover after parsing attributes in process `syz.0.815'.
[  107.464613][ T7647] netlink: 20 bytes leftover after parsing attributes in process `syz.0.815'.
[  107.936581][ T7670] syzkaller0: entered promiscuous mode
[  107.938584][ T7670] syzkaller0: entered allmulticast mode
[  107.999857][ T7673] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.003251][ T7673] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.040357][ T7673] IPVS: set_ctl: invalid protocol: 50 127.0.0.1:20004
[  108.225649][ T7689] pimreg: entered allmulticast mode
[  108.232678][ T7689] pimreg: left allmulticast mode
[  108.251248][ T7691] netlink: 'syz.0.835': attribute type 1 has an invalid length.
[  108.254967][ T7691] netlink: 224 bytes leftover after parsing attributes in process `syz.0.835'.
[  108.491510][ T7697] netlink: 28 bytes leftover after parsing attributes in process `syz.0.838'.
[  108.495846][ T7697] netlink: 28 bytes leftover after parsing attributes in process `syz.0.838'.
[  108.986413][ T7733] geneve1: entered promiscuous mode
[  108.993969][ T7736] IPv6: addrconf: prefix option has invalid lifetime
[  109.065191][ T7744] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  109.177973][ T7753] netlink: 'syz.2.863': attribute type 2 has an invalid length.
[  109.247102][ T7761] netlink: 'syz.0.867': attribute type 22 has an invalid length.
[  109.251742][ T7761] bond0: option ad_select: unable to set because the bond device is up
[  109.262205][ T7757] syzkaller0: entered promiscuous mode
[  109.267839][ T7757] syzkaller0: entered allmulticast mode
[  109.347366][ T7763] lo speed is unknown, defaulting to 1000
[  109.350053][ T7763] lo speed is unknown, defaulting to 1000
[  109.358014][ T7763] lo speed is unknown, defaulting to 1000
[  109.361433][ T7763] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000
[  109.370810][ T7763] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6
[  109.377561][ T7763] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008
[  109.391166][ T7763] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  109.394697][ T7769] netlink: 'syz.0.870': attribute type 1 has an invalid length.
[  109.397135][ T7769] netlink: 96 bytes leftover after parsing attributes in process `syz.0.870'.
[  109.406435][ T7769] netlink: 1 bytes leftover after parsing attributes in process `syz.0.870'.
[  109.418535][ T7769] netlink: 'syz.0.870': attribute type 1 has an invalid length.
[  109.421878][ T7763] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  109.424573][ T7769] netlink: 'syz.0.870': attribute type 8 has an invalid length.
[  109.432913][ T7769] netlink: 606 bytes leftover after parsing attributes in process `syz.0.870'.
[  109.471037][ T7763] lo speed is unknown, defaulting to 1000
[  109.485704][ T7763] lo speed is unknown, defaulting to 1000
[  109.491370][ T7763] lo speed is unknown, defaulting to 1000
[  110.019600][ T7814] netlink: 'syz.0.890': attribute type 2 has an invalid length.
[  110.023240][ T7812] netlink: 'syz.2.889': attribute type 1 has an invalid length.
[  110.533565][ T7853] vxcan0: entered allmulticast mode
[  111.026453][ T7893] team0: Port device team_slave_0 removed
[  111.425069][  T856] lo speed is unknown, defaulting to 1000
[  111.577670][ T7918] xt_bpf: check failed: parse error
[  112.054835][ T7958] netlink: 'syz.2.951': attribute type 1 has an invalid length.
[  112.169793][ T7963] smbdirect: ib_dev[syz1]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000
[  112.176218][ T7963] smbdirect: ib_dev[syz1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6
[  112.183575][ T7963] smbdirect: ib_dev[syz1]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008
[  112.197064][ T7963] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  112.331458][ T7968] netlink: 'syz.2.955': attribute type 21 has an invalid length.
[  112.334625][ T7968] netlink: 'syz.2.955': attribute type 1 has an invalid length.
[  112.611718][ T7978] netlink: 'syz.2.960': attribute type 33 has an invalid length.
[  112.614410][ T7978] __nla_validate_parse: 12 callbacks suppressed
[  112.614419][ T7978] netlink: 152 bytes leftover after parsing attributes in process `syz.2.960'.
[  112.619782][ T7978] `: renamed from team0 (while UP)
[  113.100760][ T8009] netlink: 76 bytes leftover after parsing attributes in process `syz.0.971'.
[  113.105786][ T8009] syzkaller0: entered promiscuous mode
[  113.107721][ T8009] syzkaller0: entered allmulticast mode
[  113.116619][ T8009] tc action pedit offset must be on 32 bit boundaries
[  113.120623][ T8009] tc action pedit offset must be on 32 bit boundaries
[  113.123361][ T8009] tc action pedit offset must be on 32 bit boundaries
[  113.125672][ T8009] tc action pedit offset must be on 32 bit boundaries
[  113.127868][ T8009] tc action pedit offset must be on 32 bit boundaries
[  113.130316][ T8009] tc action pedit offset must be on 32 bit boundaries
[  113.132997][ T8009] tc action pedit offset must be on 32 bit boundaries
[  113.135455][ T8009] tc action pedit offset must be on 32 bit boundaries
[  113.138043][ T8009] tc action pedit offset must be on 32 bit boundaries
[  113.140625][ T8009] tc action pedit offset must be on 32 bit boundaries
[  113.143379][ T8009] 0: reclassify loop, rule prio 0, protocol 800
[  113.241682][ T8015] syzkaller1: entered promiscuous mode
[  113.244080][ T8015] syzkaller1: entered allmulticast mode
[  113.481195][ T8033] netlink: 'syz.0.983': attribute type 62 has an invalid length.
[  113.804283][ T8059] netlink: 72 bytes leftover after parsing attributes in process `syz.2.994'.
[  113.886029][ T8059] netlink: 8 bytes leftover after parsing attributes in process `syz.2.994'.
[  113.944405][ T8064] netlink: 'syz.2.994': attribute type 1 has an invalid length.
[  114.155468][ T8088] netlink: 'syz.2.1006': attribute type 1 has an invalid length.
[  114.162697][ T8088] netlink: 'syz.2.1006': attribute type 2 has an invalid length.
[  114.167332][ T8088] netlink: 'syz.2.1006': attribute type 1 has an invalid length.
[  114.175886][ T8088] netlink: 'syz.2.1006': attribute type 3 has an invalid length.
[  114.181651][ T8088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1006'.
[  114.337284][ T8109] ipt_rpfilter: unknown options
[  114.721779][ T8144] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1031'.
[  114.891238][ T8153] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1035'.
[  114.912829][ T8155] bond2: entered promiscuous mode
[  114.917046][ T8155] 8021q: adding VLAN 0 to HW filter on device bond2
[  114.935811][ T8155] 8021q: adding VLAN 0 to HW filter on device bond2
[  114.938243][ T8155] bond2: (slave vcan1): The slave device specified does not support setting the MAC address
[  114.941371][ T8155] bond2: (slave vcan1): Setting fail_over_mac to active for active-backup mode
[  114.949316][ T8155] bond2: (slave vcan1): making interface the new active one
[  114.951841][ T8155] vcan1: entered promiscuous mode
[  114.957981][ T8155] bond2: (slave vcan1): Enslaving as an active interface with an up link
[  115.068595][ T8161] xt_hashlimit: size too large, truncated to 1048576
[  115.190691][  T856] IPVS: starting estimator thread 0...
[  115.192970][ T8171] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  115.282528][ T8172] IPVS: using max 67 ests per chain, 160800 per kthread
[  115.318186][ T8176] smbdirect: ib_dev[syz1] removed
[  115.386453][ T8181] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1046'.
[  116.105999][ T8221] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  116.194179][ T8226] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1067'.
[  116.197398][ T8226] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1067'.
[  116.306872][ T8235] syzkaller0: entered promiscuous mode
[  116.308837][ T8235] syzkaller0: entered allmulticast mode
[  116.699914][ T8261] syzkaller0: entered promiscuous mode
[  116.702147][ T8261] syzkaller0: entered allmulticast mode
[  116.719581][ T8261] simple: basic_1
[  116.721639][ T8261] simple: basic_2
[  116.722921][ T8261] simple: basic_3
[  116.724214][ T8261] simple: basic_4
[  116.725640][ T8261] simple: basic_5
[  116.726863][ T8261] simple: basic_6
[  116.728138][ T8261] simple: basic_7
[  116.729534][ T8261] simple: basic_8
[  116.730721][ T8261] simple: basic_9
[  116.731879][ T8261] simple: basic_10
[  116.733394][ T8261] simple: basic_11
[  116.734866][ T8261] simple: basic_12
[  116.736318][ T8261] simple: basic_13
[  116.737803][ T8261] simple: basic_14
[  116.739081][ T8261] simple: basic_15
[  116.739084][ T8263] xt_hashlimit: size too large, truncated to 1048576
[  116.740197][ T8261] simple: basic_16
[  116.745315][ T8261] simple: basic_17
[  116.746513][ T8261] 0: reclassify loop, rule prio 0, protocol 800
[  117.264197][ T8299] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  118.174270][   T33] audit: type=1804 audit(1779045250.339:2): pid=8361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1131" name="/newroot/342/cgroup.controllers" dev="tmpfs" ino=1739 res=1 errno=0
[  118.190219][   T33] audit: type=1800 audit(1779045250.339:3): pid=8361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1131" name="cgroup.controllers" dev="tmpfs" ino=1739 res=0 errno=0
[  118.315123][ T8369] __nla_validate_parse: 9 callbacks suppressed
[  118.315142][ T8369] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1134'.
[  118.411944][ T8375] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1137'.
[  118.440412][ T8375] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1137'.
[  118.721873][ T8394] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[  119.127280][ T8415] netlink: 428 bytes leftover after parsing attributes in process `syz.1.1155'.
[  119.130854][ T8415] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1155'.
[  119.347091][ T8429] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1159'.
[  119.363205][ T8429] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1159'.
[  119.400745][ T8434] validate_nla: 4 callbacks suppressed
[  119.400756][ T8434] netlink: 'syz.0.1162': attribute type 1 has an invalid length.
[  119.410221][ T8434] netlink: 'syz.0.1162': attribute type 2 has an invalid length.
[  119.640124][ T8452] netlink: 'syz.0.1171': attribute type 4 has an invalid length.
[  119.643234][ T8452] netlink: 240 bytes leftover after parsing attributes in process `syz.0.1171'.
[  119.930742][ T8464] netlink: 'syz.2.1175': attribute type 11 has an invalid length.
[  119.939766][ T8466] tipc: Started in network mode
[  119.941973][ T8466] tipc: Node identity 2007ff, cluster identity 4711
[  119.944936][ T8466] tipc: Node number set to 2099199
[  120.413641][ T8496] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.1192'.
[  120.666585][ T8512] netlink: 'syz.1.1199': attribute type 9 has an invalid length.
[  120.669078][ T8512] netlink: 212340 bytes leftover after parsing attributes in process `syz.1.1199'.
[  120.919485][ T8536] syzkaller0: entered promiscuous mode
[  120.921643][ T8536] syzkaller0: entered allmulticast mode
[  121.130341][ T8548] team0: entered promiscuous mode
[  121.133855][ T8548] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  121.669150][ T8584] hsr0: entered promiscuous mode
[  121.709844][ T8584] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input5
[  121.926565][ T8583] hsr0: left promiscuous mode
[  122.367265][ T5614] Bluetooth: hci2: link tx timeout
[  122.369920][ T5614] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  122.380901][ T5614] Bluetooth: hci2: link tx timeout
[  122.384481][ T5614] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  122.437979][ T5614] Bluetooth: hci2: link tx timeout
[  122.440033][ T5614] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  122.467634][ T5614] Bluetooth: hci2: link tx timeout
[  122.469843][ T5614] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  122.474742][ T8648] tipc: Started in network mode
[  122.478841][ T8648] tipc: Node identity ac14140f, cluster identity 4711
[  122.489032][ T8648] tipc: New replicast peer: 255.255.255.255
[  122.499511][ T8648] tipc: Enabled bearer <udp:syz2>, priority 10
[  122.579019][ T8658] bond1: entered allmulticast mode
[  122.585261][ T8658] 8021q: adding VLAN 0 to HW filter on device bond1
[  122.763761][ T5614] Bluetooth: hci2: link tx timeout
[  122.765666][ T5614] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  122.909445][   T56] block nbd0: Receive control failed (result -32)
[  122.913576][ T8687] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048)
[  122.917992][ T8687] pim6reg1: entered promiscuous mode
[  122.920159][ T8687] pim6reg1: entered allmulticast mode
[  122.966977][ T5614] Bluetooth: hci2: link tx timeout
[  122.969012][ T5614] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  122.981127][ T8690] netlink: 'syz.2.1270': attribute type 1 has an invalid length.
[  122.991545][ T8690] netlink: 'syz.2.1270': attribute type 1 has an invalid length.
[  123.133064][ T8700] IPVS: Scheduler module ip_vs_ not found
[  123.615154][  T856] tipc: Node number set to 2886997007
[  123.825643][ T5614] Bluetooth: hci2: link tx timeout
[  123.827471][ T5614] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  123.829961][ T5614] Bluetooth: hci2: link tx timeout
[  123.831650][ T5614] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  124.164331][ T5614] Bluetooth: hci2: link tx timeout
[  124.165993][ T5614] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  124.184760][ T5614] Bluetooth: hci2: link tx timeout
[  124.187487][ T5614] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  124.377988][ T8745] syzkaller0: entered promiscuous mode
[  124.380076][ T8745] syzkaller0: entered allmulticast mode
[  124.418310][ T8748] veth1_to_bond: entered allmulticast mode
[  124.421046][ T8748] __nla_validate_parse: 7 callbacks suppressed
[  124.421055][ T8748] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1294'.
[  124.435716][ T8748] veth1_to_bond (unregistering): left allmulticast mode
[  124.441814][ T8748] bond0: (slave bond_slave_1): Releasing backup interface
[  124.452650][ T5614] Bluetooth: hci2: command 0x0401 tx timeout
[  124.549082][ T8756] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1296'.
[  124.637388][ T8753] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1296'.
[  124.640378][ T8753] netlink: 348 bytes leftover after parsing attributes in process `syz.2.1296'.
[  124.646314][ T8753] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1296'.
[  124.649546][ T8753] netlink: 348 bytes leftover after parsing attributes in process `syz.2.1296'.
[  124.652949][ T8753] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1296'.
[  124.696853][ T8765] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1301'.
[  124.779930][ T8771] bond3: entered allmulticast mode
[  124.813510][ T8771] vxcan3: entered promiscuous mode
[  124.817011][ T8771] vxcan3: entered allmulticast mode
[  124.820529][ T8771] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  124.828262][ T8771] bond3: (slave vxcan3): Error -95 calling set_mac_address
[  124.887329][ T8782] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  124.894686][ T8782] syzkaller0: entered promiscuous mode
[  124.896956][ T8782] syzkaller0: entered allmulticast mode
[  124.917459][ T8782] tipc: Resetting bearer <eth:syzkaller0>
[  124.925356][ T8781] tipc: Resetting bearer <eth:syzkaller0>
[  124.944864][ T8781] tipc: Disabling bearer <eth:syzkaller0>
[  125.083630][ T8798] lo speed is unknown, defaulting to 1000
[  125.430950][ T8821] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20004
[  125.559751][ T8831] macvtap1: entered promiscuous mode
[  125.561945][ T8831] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  125.564498][ T8831] team0: Device macvtap1 is already an upper device of the team interface
[  125.768940][ T8840] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1336'.
[  125.857959][ T8844] lo speed is unknown, defaulting to 1000
[  126.166229][ T8860] netlink: 'syz.1.1343': attribute type 10 has an invalid length.
[  126.169235][ T8860] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1343'.
[  126.263560][ T8868] TCP: tcp_parse_options: Illegal window scaling value 45 > 14 received
[  126.559037][ T8884] veth1_macvtap: left promiscuous mode
[  126.684732][ T8890] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  126.946731][ T5356] veth1_macvtap: entered promiscuous mode
[  127.210374][ T8923] ip6gre2: entered promiscuous mode
[  127.248126][ T8928] netlink: 'syz.1.1363': attribute type 30 has an invalid length.
[  127.290960][ T8932] syzkaller0: entered promiscuous mode
[  127.297218][ T8932] syzkaller0: entered allmulticast mode
[  127.559312][ T8955] xt_l2tp: missing protocol rule (udp|l2tpip)
[  127.808296][ T8970] lo speed is unknown, defaulting to 1000
[  127.981069][ T8977] bond2: entered allmulticast mode
[  127.983339][ T8977] vcan1: entered allmulticast mode
[  127.996862][ T8976] bond2: left allmulticast mode
[  127.998766][ T8976] vcan1: left allmulticast mode
[  128.165131][ T8986] bridge0: port 1(macvlan4) entered blocking state
[  128.167936][ T8986] bridge0: port 1(macvlan4) entered disabled state
[  128.170762][ T8986] macvlan4: entered allmulticast mode
[  128.173934][ T8986] ip6gretap0: entered allmulticast mode
[  128.178098][ T8986] macvlan4: entered promiscuous mode
[  128.181034][ T8986] bridge0: port 1(macvlan4) entered blocking state
[  128.184163][ T8986] bridge0: port 1(macvlan4) entered forwarding state
[  128.767402][ T9003] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.770255][ T9003] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.874079][ T9024] netlink: 'syz.2.1403': attribute type 3 has an invalid length.
[  129.004660][ T9003] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  129.041688][ T9003] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  129.465951][ T5725] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  129.470443][ T5725] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  129.479237][ T5725] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  129.486209][ T5725] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  129.496496][ T5725] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  129.506183][ T5725] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  129.511913][ T5725] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  129.516301][ T5725] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  129.601371][ T9043] __nla_validate_parse: 5 callbacks suppressed
[  129.601381][ T9043] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1408'.
[  129.607128][ T9043] nbd: illegal input index -1113835520
[  129.662687][ T5617] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  129.719310][ T9057] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1417'.
[  129.767102][ T9061] mac80211_hwsim hwsim7 syzkaller0: entered promiscuous mode
[  129.769478][ T9061] mac80211_hwsim hwsim7 syzkaller0: entered allmulticast mode
[  129.885099][ T9073] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1424'.
[  130.040859][ T9088] syzkaller0: entered promiscuous mode
[  130.043239][ T9088] syzkaller0: entered allmulticast mode
[  130.498850][ T9114] netlink: 'syz.0.1443': attribute type 1 has an invalid length.
[  130.502049][ T9114] netlink: 'syz.0.1443': attribute type 2 has an invalid length.
[  130.541956][ T9116] sctp: [Deprecated]: syz.0.1444 (pid 9116) Use of struct sctp_assoc_value in delayed_ack socket option.
[  130.541956][ T9116] Use struct sctp_sack_info instead
[  130.650862][ T9122] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1447'.
[  130.665082][   T33] audit: type=1804 audit(1779045262.819:4): pid=9122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1447" name="/newroot/520/cgroup.controllers" dev="tmpfs" ino=2631 res=1 errno=0
[  130.674212][   T33] audit: type=1800 audit(1779045262.839:5): pid=9122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1447" name="cgroup.controllers" dev="tmpfs" ino=2631 res=0 errno=0
[  130.693219][   T33] audit: type=1804 audit(1779045262.839:6): pid=9122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1447" name="/newroot/520/cgroup.controllers" dev="tmpfs" ino=2631 res=1 errno=0
[  130.976088][ T9150] IPVS: Scheduler module ip_vs_ not found
[  131.483516][ T9167] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1468'.
[  131.490458][ T9167] l2tp_ppp: sess 2/0: no socket in recv
[  131.704813][ T9194] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1480'.
[  132.005137][ T9228] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.1496'.
[  132.011169][ T9228] netlink: Conntrack attr has 4 unknown bytes
[  132.084902][ T9235] netlink: 'syz.1.1499': attribute type 29 has an invalid length.
[  132.205398][ T9245] netlink: 'syz.0.1504': attribute type 1 has an invalid length.
[  132.220279][ T9247] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT
[  132.249114][ T9249] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1506'.
[  132.299225][ T9253] xt_limit: Overflow, try lower: 28676/2147483648
[  132.364952][ T9256] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1509'.
[  132.760012][ T9287] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1524'.
[  132.770213][ T5670] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  132.779209][ T5670] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  132.786310][ T5670] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  132.789626][ T5670] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  133.814795][ T9329] veth6: entered allmulticast mode
[  136.070983][ T9348] lo speed is unknown, defaulting to 1000
[  136.691582][ T9389] __nla_validate_parse: 1 callbacks suppressed
[  136.691601][ T9389] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1560'.
[  137.036270][ T9410] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1570'.
[  137.252870][ T9407] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  137.283727][ T9418] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1573'.
[  137.676517][ T9448] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  137.679434][ T9448] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.794251][ T9448] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  137.812501][ T9448] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.855127][ T9460] netlink: 'syz.0.1591': attribute type 11 has an invalid length.
[  137.856522][ T9455] bond2: option xmit_hash_policy: invalid value (10)
[  137.865775][ T9455] bond2 (unregistering): Released all slaves
[  137.896904][ T9448] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  137.901068][ T9448] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.934234][ T9462] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1592'.
[  138.019573][ T9448] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  138.026003][ T9448] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.126429][ T5725] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  138.131785][ T5725] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  138.145370][ T1380] ieee802154 phy0 wpan0: encryption failed: -22
[  138.181961][ T5725] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  138.186070][ T5725] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  138.211614][ T5725] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  138.216257][ T5725] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  138.247346][ T5725] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  138.252191][ T5725] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  138.497022][ T9483] gtp0: entered promiscuous mode
[  138.505027][ T9483] gtp0: entered allmulticast mode
[  138.533944][ T5617] Bluetooth: hci2: command 0x0401 tx timeout
[  138.981834][ T9497] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1605'.
[  139.013063][ T9497] 8021q: adding VLAN 0 to HW filter on device bond2
[  139.019615][ T9497] bond2: option mode: unable to set because the bond device is up
[  139.076714][ T9502] syzkaller0: entered promiscuous mode
[  139.078995][ T9502] syzkaller0: entered allmulticast mode
[  139.661957][ T9511] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1611'.
[  140.790529][ T9531] netlink: 'syz.0.1618': attribute type 21 has an invalid length.
[  140.793356][ T9531] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1618'.
[  140.802163][ T9531] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1618'.
[  140.901342][ T9539] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1622'.
[  140.920116][ T9539] ip6erspan1: entered allmulticast mode
[  141.016603][ T9551] netlink: 277 bytes leftover after parsing attributes in process `syz.0.1628'.
[  141.634658][ T9610] tap0: tun_chr_ioctl cmd 2147767521
[  141.806426][ T9625] __nla_validate_parse: 4 callbacks suppressed
[  141.806446][ T9625] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1661'.
[  142.045880][ T9650] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1672'.
[  142.076383][ T9652] openvswitch: netlink: VXLAN extension 307 out of range max 1
[  142.133433][ T9657] xt_hl: Unknown TTL match mode: 237
[  142.221886][ T9666] netlink: 'syz.1.1680': attribute type 1 has an invalid length.
[  142.243201][ T9666] 8021q: adding VLAN 0 to HW filter on device bond3
[  142.470827][ T9676] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1684'.
[  142.820129][ T9690] tipc: New replicast peer: 255.255.255.255
[  142.828312][ T9690] tipc: Enabled bearer <udp:syz2>, priority 10
[  143.776983][ T9746] lo speed is unknown, defaulting to 1000
[  143.952596][   T24] tipc: Node number set to 2223341360
[  144.715776][ T9819] block nbd1: Unsupported socket: should be TCP or UNIX.
[  144.949567][ T9838] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1727'.
[  144.956414][ T9843] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1725'.
[  144.959717][ T9838] macvtap1: entered promiscuous mode
[  144.961653][ T9838] erspan0: entered promiscuous mode
[  144.972500][ T9838] macvtap1: entered allmulticast mode
[  144.975429][ T9838] erspan0: entered allmulticast mode
[  144.980015][ T9838] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1727'.
[  144.984241][ T9843] ip6tnl2: entered allmulticast mode
[  145.156868][ T9856] netlink: 'syz.1.1732': attribute type 1 has an invalid length.
[  145.223646][ T9861] lo speed is unknown, defaulting to 1000
[  145.462152][ T9861] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  145.504567][ T9880] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1741'.
[  145.571656][ T9884] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1743'.
[  145.721694][ T9896] xt_TCPMSS: Only works on TCP SYN packets
[  146.051113][ T9923] netlink: 207952 bytes leftover after parsing attributes in process `syz.2.1756'.
[  146.104495][ T9928] openvswitch: netlink: Unexpected mask (mask=40040, allowed=10048)
[  146.134866][ T9933] IPVS: set_ctl: invalid protocol: 50 224.0.0.2:0
[  146.396986][ T9955] netlink: 160 bytes leftover after parsing attributes in process `syz.1.1771'.
[  146.400576][ T9955] netlink: 'syz.1.1771': attribute type 11 has an invalid length.
[  147.595917][ T9995] dvmrp0: entered allmulticast mode
[  147.623183][ T9995] __nla_validate_parse: 1 callbacks suppressed
[  147.623200][ T9995] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1785'.
[  147.801404][T10007] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1791'.
[  147.807141][T10007] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1791'.
[  148.098048][T10023] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 64993
[  148.110148][T10026] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1800'.
[  148.298368][T10039] geneve3: entered promiscuous mode
[  148.301725][T10039] geneve3: entered allmulticast mode
[  148.310235][ T5725] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 20000 - 0
[  148.320155][ T5725] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 20000 - 0
[  148.330530][ T5725] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 20000 - 0
[  148.338774][ T5725] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 20000 - 0
[  148.479459][T10051] tipc: Enabled bearer <udp:s>, priority 10
[  148.497108][T10053] syzkaller0: refused to change device tx_queue_len
[  148.956999][T10091] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1831'.
[  148.961850][T10091] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1831'.
[  148.971518][T10091] netlink: 'syz.1.1831': attribute type 4 has an invalid length.
[  149.578738][T10116] pim6reg1: entered promiscuous mode
[  149.584279][T10116] pim6reg1: entered allmulticast mode
[  149.626584][T10120] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1843'.
[  149.924911][T10134] netlink: 'syz.1.1849': attribute type 3 has an invalid length.
[  149.931099][T10134] netlink: 'syz.1.1849': attribute type 1 has an invalid length.
[  149.941506][T10134] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1849'.
[  149.949649][T10134] NCSI netlink: No device for ifindex 36
[  150.119859][T10148] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1856'.
[  150.281979][T10159] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  150.298039][T10159] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  150.450872][T10167] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1866'.
[  150.871391][T10179] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  151.891626][T10216] netlink: 'syz.0.1887': attribute type 1 has an invalid length.
[  151.898242][T10216] netlink: 'syz.0.1887': attribute type 1 has an invalid length.
[  152.139501][   T33] audit: type=1107 audit(1779045284.299:7): pid=10222 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  152.848500][T10234] __nla_validate_parse: 2 callbacks suppressed
[  152.848511][T10234] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1895'.
[  152.854414][T10234] hmac(sha224: left promiscuous mode
[  153.707173][T10276] netlink: 'syz.0.1913': attribute type 12 has an invalid length.
[  154.275760][T10291] netlink: 'syz.1.1916': attribute type 1 has an invalid length.
[  154.355304][T10293] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1916'.
[  154.380688][T10291] bond4: entered promiscuous mode
[  154.383469][T10291] 8021q: adding VLAN 0 to HW filter on device bond4
[  154.386252][T10293] bond4: entered allmulticast mode
[  154.412864][T10291] bond4: (slave bridge3): making interface the new active one
[  154.415650][T10291] bridge3: entered promiscuous mode
[  154.417705][T10291] bridge3: entered allmulticast mode
[  154.422928][T10291] bond4: (slave bridge3): Enslaving as an active interface with an up link
[  154.505898][T10294] netlink: 'syz.0.1915': attribute type 10 has an invalid length.
[  154.515497][T10294] syz_tun: entered promiscuous mode
[  154.551024][T10294] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  154.571190][T10294] netlink: 41 bytes leftover after parsing attributes in process `syz.0.1915'.
[  154.581195][T10294] netlink: 140 bytes leftover after parsing attributes in process `syz.0.1915'.
[  154.601727][T10294] netlink: 41 bytes leftover after parsing attributes in process `syz.0.1915'.
[  154.678046][T10306] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1921'.
[  154.695698][T10306] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1921'.
[  155.119404][T10312] lo speed is unknown, defaulting to 1000
[  155.765920][T10326] netlink: 280 bytes leftover after parsing attributes in process `syz.0.1929'.
[  156.026159][T10337] syzkaller0: entered promiscuous mode
[  156.031586][T10337] syzkaller0: entered allmulticast mode
[  156.049032][T10337] 0: reclassify loop, rule prio 0, protocol 800
[  156.318116][T10354] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1940'.
[  156.408964][T10358] set match dimension is over the limit!
[  157.046503][T10383] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1953'.
[  157.602889][T10406] netlink: 'syz.0.1964': attribute type 13 has an invalid length.
[  157.804868][T10408] bond0: (slave syz_tun): Releasing backup interface
[  158.090353][T10427] __nla_validate_parse: 1 callbacks suppressed
[  158.090509][T10427] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1972'.
[  158.276964][T10440] bond0: Caught tx_queue_len zero misconfig
[  158.281385][T10440] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1975'.
[  158.379419][T10447] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  158.729441][T10461] netlink: 'syz.0.1987': attribute type 12 has an invalid length.
[  158.775488][T10464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1988'.
[  158.847085][T10468] syzkaller0: entered promiscuous mode
[  158.850081][T10468] syzkaller0: entered allmulticast mode
[  158.941220][T10469] block nbd1: server does not support multiple connections per device.
[  158.968285][T10469] block nbd1: shutting down sockets
[  159.083500][T10479] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1993'.
[  159.087631][T10479] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1993'.
[  159.167371][T10483] tipc: Failed to remove unknown binding: 66,1,1/2223341360:3160195654/3160195656
[  159.185098][T10483] tipc: Failed to remove unknown binding: 66,1,1/2223341360:3160195654/3160195656
[  159.189206][T10483] tipc: Failed to remove unknown binding: 66,1,1/2223341360:3160195654/3160195656
[  159.289828][T10489] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1997'.
[  159.438980][T10501] x_tables: ip6_tables: udp match: only valid for protocol 17
[  160.163336][T10519] lo speed is unknown, defaulting to 1000
[  160.231854][T10532] Bluetooth: MGMT ver 1.23
[  160.415861][T10538] netlink: 'syz.2.2019': attribute type 32 has an invalid length.
[  160.422660][T10538] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2019'.
[  160.481132][T10538] bond5: Setting coupled_control to off (0)
[  160.831522][T10559] veth0: entered promiscuous mode
[  160.838773][T10559] veth0: left promiscuous mode
[  160.950830][T10567] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2031'.
[  161.140689][T10579] netlink: 'syz.1.2034': attribute type 10 has an invalid length.
[  161.144685][T10579] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2034'.
[  162.617972][T10611] bond5: peer notification delay (9) is not a multiple of miimon (100), value rounded to 0 ms
[  162.762907][T10617] mac80211_hwsim hwsim7 syzkaller0: Caught tx_queue_len zero misconfig
[  162.828901][T10618] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2052'.
[  163.206669][T10636] netlink: 208240 bytes leftover after parsing attributes in process `syz.1.2061'.
[  163.319550][T10640] xt_hashlimit: size too large, truncated to 1048576
[  163.324064][T10640] xt_hashlimit: max too large, truncated to 1048576
[  163.667092][T10651] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2067'.
[  163.804734][T10654] netlink: 'syz.0.2069': attribute type 4 has an invalid length.
[  164.201970][T10667] netlink: 'syz.0.2075': attribute type 1 has an invalid length.
[  164.272163][T10672] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2076'.
[  164.283485][T10672] veth1_to_team: entered promiscuous mode
[  164.287825][T10672] veth1_to_team: left promiscuous mode
[  164.402197][T10676] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  165.471287][T10738] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2103'.
[  165.796818][T10751] syzkaller0: entered promiscuous mode
[  165.798666][T10751] syzkaller0: entered allmulticast mode
[  166.281024][T10765] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  166.336384][T10767] netlink: 'syz.1.2116': attribute type 21 has an invalid length.
[  166.339463][T10767] IPv6: NLM_F_CREATE should be specified when creating new route
[  166.342840][T10767] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  166.345612][T10767] IPv6: NLM_F_CREATE should be set when creating new route
[  166.348172][T10767] IPv6: NLM_F_CREATE should be set when creating new route
[  166.350860][T10767] IPv6: NLM_F_CREATE should be set when creating new route
[  166.370575][T10767] netlink: 'syz.1.2116': attribute type 21 has an invalid length.
[  166.374797][T10767] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  166.609750][T10784] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2125'.
[  166.612941][T10784] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2125'.
[  166.616194][T10784] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2125'.
[  166.619749][T10784] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2125'.
[  166.746827][ T9029] IPVS: starting estimator thread 0...
[  166.820881][T10800] syzkaller0: entered promiscuous mode
[  166.823500][T10800] syzkaller0: entered allmulticast mode
[  166.846367][T10795] IPVS: using max 67 ests per chain, 160800 per kthread
[  167.794788][T10828] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2143'.
[  168.742528][T10847] netlink: 'syz.0.2151': attribute type 29 has an invalid length.
[  169.232211][T10863] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  169.505888][T10871] netlink: 'syz.0.2158': attribute type 4 has an invalid length.
[  169.543727][T10875] netlink: 'syz.2.2161': attribute type 1 has an invalid length.
[  169.546850][T10875] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2161'.
[  169.689492][T10883] x_tables: duplicate underflow at hook 4
[  170.593857][T10928] vlan0: entered promiscuous mode
[  170.599279][T10928] gretap0: entered promiscuous mode
[  170.724736][T10931] netlink: 15672 bytes leftover after parsing attributes in process `syz.2.2178'.
[  170.729743][T10931] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2178'.
[  170.739322][T10931] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2178'.
[  172.594815][T10999] lo speed is unknown, defaulting to 1000
[  173.066341][T11014] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2207'.
[  173.070298][T11014] netlink: 'syz.1.2207': attribute type 7 has an invalid length.
[  173.084168][T11014] netlink: 'syz.1.2207': attribute type 8 has an invalid length.
[  173.099970][T11014] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2207'.
[  173.278815][T11019] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2209'.
[  173.282740][T11019] netlink: 'syz.2.2209': attribute type 15 has an invalid length.
[  173.286195][T11019] netlink: 'syz.2.2209': attribute type 25 has an invalid length.
[  173.289534][T11019] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2209'.
[  173.420321][T11023] netlink: 'syz.2.2211': attribute type 1 has an invalid length.
[  173.427541][T11023] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2211'.
[  173.431390][T11023] netlink: 658 bytes leftover after parsing attributes in process `syz.2.2211'.
[  173.439056][T11023] netlink: 'syz.2.2211': attribute type 1 has an invalid length.
[  173.727473][T11032] bond6 (unregistering): Released all slaves
[  174.551912][T11075] ip6gretap1: entered allmulticast mode
[  174.703958][T11081] __nla_validate_parse: 2 callbacks suppressed
[  174.704001][T11081] netlink: 1 bytes leftover after parsing attributes in process `syz.0.2236'.
[  174.846408][T11095] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2246'.
[  174.965686][T11104] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2249'.
[  175.278286][T11127] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2261'.
[  175.281376][T11127] tipc: Invalid UDP bearer configuration
[  175.281416][T11127] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  175.630284][T11145] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2270'.
[  175.637807][T11145] netlink: 'syz.0.2270': attribute type 14 has an invalid length.
[  175.640930][T11145] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2270'.
[  176.080808][T11173] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2278'.
[  176.308605][T11180] nicvf0: tun_chr_ioctl cmd 2148553947
[  176.407324][T11182] netlink: 'syz.2.2281': attribute type 6 has an invalid length.
[  176.424375][T11182] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2281'.
[  176.469763][T11186] xt_HMARK: spi-set and port-set can't be combined
[  177.511338][T11226] tunl0: Caught tx_queue_len zero misconfig
[  177.546295][T11228] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2300'.
[  177.549783][T11228] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2300'.
[  178.041522][T11255] No such timeout policy "syz1"
[  178.059812][T11259] ip6tnl0: Caught tx_queue_len zero misconfig
[  178.221648][T11267] netlink: 'syz.0.2318': attribute type 1 has an invalid length.
[  178.245287][T11267] 8021q: adding VLAN 0 to HW filter on device bond5
[  178.299002][T11267] bond5: (slave veth5): Enslaving as an active interface with a down link
[  178.334985][T11267] bond5: (slave veth7): Enslaving as an active interface with a down link
[  178.353284][T11267] bond5: entered allmulticast mode
[  178.698054][T11295] netlink: 'syz.0.2329': attribute type 30 has an invalid length.
[  179.785685][T11355] __nla_validate_parse: 5 callbacks suppressed
[  179.785697][T11355] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2356'.
[  179.848706][ T5725] nci: nci_ntf_packet: unsupported ntf opcode 0xf00
[  182.623687][T11346] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  182.958508][T11379] syzkaller0: entered promiscuous mode
[  182.965009][T11379] syzkaller0: entered allmulticast mode
[  183.175928][T11386] netlink: 'syz.1.2369': attribute type 1 has an invalid length.
[  183.211088][T11386] 8021q: adding VLAN 0 to HW filter on device bond6
[  183.222122][T11386] bond6: (slave ip6gretap0): Enslaving as a backup interface with an up link
[  183.313641][   T13] bond6: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  183.322729][T11392] netlink: 'syz.1.2373': attribute type 4 has an invalid length.
[  183.327363][T11392] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2373'.
[  183.401872][T11400] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2375'.
[  183.408526][T11398] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2370'.
[  183.435475][ T5725] bond6: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  183.540805][T11398] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2370'.
[  183.556273][T11284] block nbd64: NBD_DISCONNECT
[  183.890935][T11431] netlink: 260 bytes leftover after parsing attributes in process `syz.2.2389'.
[  184.183125][T11450] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2397'.
[  185.588121][ T5614] Bluetooth: hci2: link tx timeout
[  185.591144][ T5614] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  186.292593][ T5001] Bluetooth: hci1: command 0x0406 tx timeout
[  186.574841][T11483] erspan0: left allmulticast mode
[  186.577662][T11483] erspan0: left promiscuous mode
[  186.741481][T11493] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2415'.
[  186.820169][ T5617] Bluetooth: hci2: link tx timeout
[  186.826042][ T5617] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  186.939364][T11506] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2417'.
[  186.948299][T11506] netlink: 'syz.1.2417': attribute type 7 has an invalid length.
[  186.954275][T11506] netlink: 'syz.1.2417': attribute type 8 has an invalid length.
[  186.960463][T11506] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2417'.
[  187.053071][T11514] xt_recent: hitcount (33554435) is larger than allowed maximum (65535)
[  187.529094][T11548] netlink: 'syz.0.2438': attribute type 32 has an invalid length.
[  187.652633][ T5617] Bluetooth: hci2: command 0x0401 tx timeout
[  187.831559][T11560] ip6gre3: entered promiscuous mode
[  187.837617][T11560] ip6gre3: entered allmulticast mode
[  187.928513][T11571] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2447'.
[  188.335485][T11581] lo speed is unknown, defaulting to 1000
[  189.465603][T11632] netlink: 'syz.1.2462': attribute type 13 has an invalid length.
[  189.471267][T11632] netlink: 'syz.1.2462': attribute type 17 has an invalid length.
[  189.609376][T11632] bridge0: left promiscuous mode
[  189.623237][T11632] 8021q: adding VLAN 0 to HW filter on device bond0
[  189.657915][T11632] 8021q: adding VLAN 0 to HW filter on device batadv0
[  189.750182][T11632] batman_adv: batadv0: Interface activated: batadv_slave_0
[  189.761179][T11632] batman_adv: batadv0: Interface activated: batadv_slave_1
[  189.785827][T11632] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  189.800856][T11632] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  189.833948][T11632] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  189.865308][T11641] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.886333][ T3447] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.889135][ T3447] bridge0: port 1(bridge_slave_0) entered forwarding state
[  190.152171][T11662] openvswitch: netlink: Actions may not be safe on all matching packets
[  190.187609][T11664] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2475'.
[  190.291634][T11667] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  190.931456][T11683] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.2483'.
[  190.940609][T11683] netlink: 324 bytes leftover after parsing attributes in process `syz.0.2483'.
[  190.974534][T11684] netlink: 'syz.1.2482': attribute type 1 has an invalid length.
[  190.987020][T11684] netlink: 'syz.1.2482': attribute type 2 has an invalid length.
[  191.004598][T11684] netlink: 'syz.1.2482': attribute type 1 has an invalid length.
[  191.007852][T11684] netlink: 'syz.1.2482': attribute type 2 has an invalid length.
[  191.250980][T11704] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2484'.
[  191.275568][T11690] netlink: 'syz.0.2484': attribute type 10 has an invalid length.
[  191.309857][T11690] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  191.316244][T11690] netdevsim netdevsim0 netdevsim1: entered promiscuous mode
[  191.322316][T11690] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[  191.327309][T11690] team0: Failed to send options change via netlink (err -105)
[  191.329570][T11690] team0: Port device netdevsim1 added
[  192.040700][T11749] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2506'.
[  192.675716][T11773] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  192.678027][T11773] IPv6: NLM_F_CREATE should be set when creating new route
[  192.680412][T11773] IPv6: NLM_F_CREATE should be set when creating new route
[  192.682829][T11773] IPv6: NLM_F_CREATE should be set when creating new route
[  192.686508][T11773] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  192.837208][T11783] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2523'.
[  192.840173][T11783] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2523'.
[  193.131820][T11793] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2527'.
[  193.145289][T11793] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2527'.
[  193.386354][T11811] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2533'.
[  193.392233][T11811] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2533'.
[  194.022682][T11852] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2553'.
[  194.190556][T11863] xt_CT: You must specify a L4 protocol and not use inversions on it
[  194.196031][T11863] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  194.321983][T11855] bridge0: port 1(bridge_slave_0) entered disabled state
[  194.390409][T11855] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  194.404307][T11855] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  194.419170][T11855] geneve2: left allmulticast mode
[  194.421125][T11855] bond1: left allmulticast mode
[  194.425507][T11855] macvtap1: left promiscuous mode
[  194.427337][T11855] macvtap1: left allmulticast mode
[  194.429272][T11855] bond4: left promiscuous mode
[  194.431030][T11855] bridge3: left promiscuous mode
[  194.434488][T11855] bond4: left allmulticast mode
[  194.436081][T11855] bridge3: left allmulticast mode
[  194.437945][T11855] ip6gretap1: left allmulticast mode
[  194.439881][T11855] ip6gre3: left promiscuous mode
[  194.441490][T11855] ip6gre3: left allmulticast mode
[  194.576635][T11875] netlink: 'syz.0.2562': attribute type 1 has an invalid length.
[  194.621669][T11875] bond6: entered promiscuous mode
[  194.624081][T11875] bond6: entered allmulticast mode
[  194.626525][T11875] 8021q: adding VLAN 0 to HW filter on device bond6
[  194.645158][T11875] bridge2: entered promiscuous mode
[  194.647379][T11875] bridge2: entered allmulticast mode
[  194.650081][T11875] bond6: (slave bridge2): Enslaving as a backup interface with an up link
[  194.670329][T11875] bridge3: entered promiscuous mode
[  194.672907][T11875] bridge3: entered allmulticast mode
[  194.676095][T11875] bond6: (slave bridge3): Enslaving as a backup interface with a down link
[  194.725611][ T5670] bond6: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  194.884497][ T5670] bond6: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  195.241139][T11901] netlink: 'syz.1.2573': attribute type 1 has an invalid length.
[  195.267262][T11903] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2574'.
[  195.270047][T11903] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2574'.
[  195.446588][T11916] netlink: 'syz.1.2580': attribute type 1 has an invalid length.
[  195.450845][T11916] netlink: 'syz.1.2580': attribute type 2 has an invalid length.
[  196.212526][ T5617] Bluetooth: hci2: command 0x0401 tx timeout
[  196.433865][T11948] netlink: 'syz.0.2593': attribute type 1 has an invalid length.
[  196.620147][T11954] block nbd1: Unsupported socket: should be TCP or UNIX.
[  197.109610][T11974] __nla_validate_parse: 1 callbacks suppressed
[  197.109666][T11974] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2604'.
[  197.164426][T11975] netlink: 'syz.2.2603': attribute type 1 has an invalid length.
[  197.358808][T11980] xt_HMARK: proto mask must be zero with L3 mode
[  197.499145][T11988] vcan0: tx drop: invalid da for name 0xfffffffffffffffd
[  198.069602][T12019] mac80211_hwsim hwsim7 syzkaller0: left promiscuous mode
[  198.075595][T12019] mac80211_hwsim hwsim7 syzkaller0: left allmulticast mode
[  199.082448][T12040] lo speed is unknown, defaulting to 1000
[  199.577712][ T1380] ieee802154 phy0 wpan0: encryption failed: -22
[  200.160370][T12092] syzkaller1: entered allmulticast mode
[  200.458881][T12104] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2661'.
[  200.469484][T12104] macvtap1: entered promiscuous mode
[  200.471203][T12104] `: entered promiscuous mode
[  200.474515][T12104] team_slave_1: entered promiscuous mode
[  200.476783][T12104] macvtap1: entered allmulticast mode
[  200.478637][T12104] `: entered allmulticast mode
[  200.480190][T12104] team_slave_1: entered allmulticast mode
[  200.484249][T12104] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  200.502841][T12104] `: left allmulticast mode
[  200.508543][T12104] team_slave_1: left allmulticast mode
[  200.512814][T12104] `: left promiscuous mode
[  200.523443][T12104] macvtap1: left promiscuous mode
[  200.525201][T12104] macvtap1: left allmulticast mode
[  200.528137][ T9028] team_slave_1: left promiscuous mode
[  200.732158][T12118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2665'.
[  200.771238][T12123] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2671'.
[  200.808240][T12121] bond7: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  200.825064][T12121] bond7: (slave lo): Enslaving as an active interface with an up link
[  200.831703][T12121] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  201.055233][T12136] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2677'.
[  201.088533][T12136] team0: entered promiscuous mode
[  201.093333][T12136] team0: entered allmulticast mode
[  201.098566][T12136] 8021q: adding VLAN 0 to HW filter on device team0
[  201.113768][T12136] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2677'.
[  201.117336][T12136] team1 (uninitialized): Failed to send options change via netlink (err -105)
[  201.131591][T12136] team1: entered promiscuous mode
[  201.133455][T12136] team1: entered allmulticast mode
[  201.135368][T12136] 8021q: adding VLAN 0 to HW filter on device team1
[  201.551081][T12162] netlink: 'syz.1.2688': attribute type 1 has an invalid length.
[  201.580543][T12162] 8021q: adding VLAN 0 to HW filter on device bond8
[  201.610936][T12162] bond8: (slave geneve3): making interface the new active one
[  201.616355][T12162] bond8: (slave geneve3): Enslaving as an active interface with an up link
[  201.619931][ T5670] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  201.632160][ T5670] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  201.641260][ T5670] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  201.648760][ T5670] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  203.431963][T12216] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2712'.
[  203.559208][T12216] bridge4: port 1(dummy0) entered blocking state
[  203.563602][T12216] bridge4: port 1(dummy0) entered disabled state
[  203.567021][T12216] dummy0: entered allmulticast mode
[  203.580250][T12216] dummy0: entered promiscuous mode
[  203.604214][T12217] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2712'.
[  204.092202][T12217] dummy0 (unregistering): left allmulticast mode
[  204.095889][T12217] dummy0 (unregistering): left promiscuous mode
[  204.099069][T12217] bridge4: port 1(dummy0) entered disabled state
[  204.626605][T12232] syzkaller0: entered promiscuous mode
[  204.629117][T12232] syzkaller0: entered allmulticast mode
[  204.712036][T12235] xt_CT: You must specify a L4 protocol and not use inversions on it
[  204.798464][T12238] netlink: 'syz.2.2720': attribute type 11 has an invalid length.
[  205.393164][T12266] ipvlan0: entered promiscuous mode
[  205.395883][T12266] bridge0: port 3(ipvlan0) entered blocking state
[  205.401671][T12266] bridge0: port 3(ipvlan0) entered disabled state
[  205.406165][T12266] ipvlan0: entered allmulticast mode
[  205.409826][T12266] bridge0: entered allmulticast mode
[  205.428565][T12266] ipvlan0: left allmulticast mode
[  205.430475][T12266] bridge0: left allmulticast mode
[  207.760667][T12332] lo: Caught tx_queue_len zero misconfig
[  207.808857][T12337] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2766'.
[  207.880032][T12338] netlink: 236 bytes leftover after parsing attributes in process `syz.0.2767'.
[  208.087395][T12346] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2771'.
[  208.610574][T12364] netlink: 8772 bytes leftover after parsing attributes in process `syz.2.2779'.
[  209.070445][T12399] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2795'.
[  209.171948][T12408] syz_tun: entered allmulticast mode
[  209.180391][T12408] dvmrp8: entered allmulticast mode
[  209.187574][T12406] syz_tun: left allmulticast mode
[  209.824350][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  209.961805][T12426] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2806'.
[  212.015175][T12393] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  212.160960][T12443] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  212.227114][T12447] netlink: 'syz.1.2817': attribute type 1 has an invalid length.
[  212.265840][T12447] 8021q: adding VLAN 0 to HW filter on device bond10
[  212.270490][T12447] bond9: (slave bond10): making interface the new active one
[  212.275278][T12447] bond9: (slave bond10): Enslaving as an active interface with an up link
[  212.288087][T12447] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2817'.
[  212.362273][T12453] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2818'.
[  212.823005][T12474] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2825'.
[  213.190533][T12486] tap0: tun_chr_ioctl cmd 1074025676
[  213.193021][T12486] tap0: owner set to 0
[  213.369758][T12495] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2835'.
[  213.985934][T12533] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2852'.
[  214.630290][T12564] syzkaller0: entered promiscuous mode
[  214.634998][T12564] syzkaller0: entered allmulticast mode
[  214.761176][T12568] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2869'.
[  214.793604][T12568] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2869'.
[  214.796737][T12568] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  214.814479][T12568] batman_adv: batadv0: Removing interface: batadv_slave_1
[  216.001498][T12605] syzkaller0: entered promiscuous mode
[  216.006888][T12605] syzkaller0: entered allmulticast mode
[  216.090639][T12607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2885'.
[  216.184203][T12612] netlink: 'syz.2.2887': attribute type 1 has an invalid length.
[  216.187417][T12612] netlink: 'syz.2.2887': attribute type 2 has an invalid length.
[  216.263419][T12613] erspan1: entered promiscuous mode
[  216.268308][T12613] erspan1: entered allmulticast mode
[  216.389721][T12629] openvswitch: netlink: Key type 29 is not supported
[  216.489184][T12636] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2897'.
[  216.758379][T12656] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2907'.
[  217.027045][T12671] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2912'.
[  217.089364][T12677] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2917'.
[  217.186661][T12684] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2919'.
[  217.189880][T12684] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2919'.
[  217.196690][T12684] erspan0: entered promiscuous mode
[  217.204470][T12684] erspan0: left promiscuous mode
[  217.989537][T12723] nbd1: detected capacity change from 0 to 63
[  217.996100][   T56] block nbd1: Receive control failed (result -32)
[  217.999729][ T8684] block nbd1: Receive control failed (result -32)
[  218.006877][T12273] block nbd1: Dead connection, failed to find a fallback
[  218.024177][T12273] block nbd1: shutting down sockets
[  218.030089][T12273] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  218.044977][T12273] Buffer I/O error on dev nbd1, logical block 0, async page read
[  218.059425][T12273] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  218.066170][T12273] Buffer I/O error on dev nbd1, logical block 1, async page read
[  218.071387][T12273] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  218.077777][T12273] Buffer I/O error on dev nbd1, logical block 2, async page read
[  218.080734][T12734] policy can only be matched on NF_INET_PRE_ROUTING
[  218.080743][T12734] unable to load match
[  218.086795][T12273] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  218.094961][T12273] Buffer I/O error on dev nbd1, logical block 3, async page read
[  218.101987][T12273] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  218.113973][T12273] Buffer I/O error on dev nbd1, logical block 0, async page read
[  218.122038][T12273] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  218.129949][T12273] Buffer I/O error on dev nbd1, logical block 1, async page read
[  218.147874][T12273] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  218.166706][T12273] Buffer I/O error on dev nbd1, logical block 2, async page read
[  218.175438][T12273] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  218.187085][T12273] Buffer I/O error on dev nbd1, logical block 3, async page read
[  218.203987][T12273] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  218.212554][T12273] Buffer I/O error on dev nbd1, logical block 0, async page read
[  218.217540][T12273] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  218.221436][T12273] Buffer I/O error on dev nbd1, logical block 1, async page read
[  218.248625][T12273] ldm_validate_partition_table(): Disk read failed.
[  218.260467][T12273] Dev nbd1: unable to read RDB block 0
[  218.281715][T12273]  nbd1: unable to read partition table
[  218.340812][T12273] ldm_validate_partition_table(): Disk read failed.
[  218.366736][T12273] Dev nbd1: unable to read RDB block 0
[  218.394294][T12273]  nbd1: unable to read partition table
[  218.526924][T12754] netlink: 'syz.0.2954': attribute type 1 has an invalid length.
[  218.558441][T12754] bond8: (slave bridge4): making interface the new active one
[  218.562023][T12754] bond8: (slave bridge4): Enslaving as an active interface with an up link
[  218.572175][T12754] bond8: entered promiscuous mode
[  218.575570][T12754] bridge4: entered promiscuous mode
[  218.578864][T12754] bond8: entered allmulticast mode
[  218.580464][T12754] bridge4: entered allmulticast mode
[  218.584703][T12754] 8021q: adding VLAN 0 to HW filter on device bond8
[  218.623148][T12759] netlink: 'syz.0.2956': attribute type 9 has an invalid length.
[  219.196455][T12789] __nla_validate_parse: 10 callbacks suppressed
[  219.196471][T12789] netlink: 277 bytes leftover after parsing attributes in process `syz.2.2969'.
[  219.212046][T12789] 
[  219.213113][T12789] ======================================================
[  219.215792][T12789] WARNING: possible circular locking dependency detected
[  219.218456][T12789] syzkaller #0 Not tainted
[  219.220253][T12789] ------------------------------------------------------
[  219.222944][T12789] syz.2.2969/12789 is trying to acquire lock:
[  219.225220][T12789] ffff88811b6bb8e0 (&resv_map->rw_sema){++++}-{4:4}, at: __get_user_pages+0x5e4/0x2720
[  219.228892][T12789] 
[  219.228892][T12789] but task is already holding lock:
[  219.231682][T12789] ffff8881b89a0338 (&mm->mmap_lock){++++}-{4:4}, at: xdp_umem_pin_pages+0xca/0x340
[  219.235307][T12789] 
[  219.235307][T12789] which lock already depends on the new lock.
[  219.235307][T12789] 
[  219.239215][T12789] 
[  219.239215][T12789] the existing dependency chain (in reverse order) is:
[  219.242578][T12789] 
[  219.242578][T12789] -> #8 (&mm->mmap_lock){++++}-{4:4}:
[  219.245454][T12789]        __might_fault+0xcb/0x130
[  219.247356][T12789]        _copy_from_user+0x28/0xb0
[  219.249275][T12789]        csum_and_copy_from_iter_full+0x1e7/0x1f00
[  219.251713][T12789]        ip_generic_getfrag+0x149/0x2d0
[  219.253863][T12789]        __ip6_append_data+0x39cd/0x3f60
[  219.256013][T12789]        ip6_append_data+0x10f/0x280
[  219.258043][T12789]        rawv6_sendmsg+0x12d3/0x18e0
[  219.260066][T12789]        ____sys_sendmsg+0x80a/0x9f0
[  219.262002][T12789]        ___sys_sendmsg+0x2a5/0x360
[  219.263957][T12789]        __x64_sys_sendmsg+0x1bd/0x2a0
[  219.265978][T12789]        do_syscall_64+0x15f/0xf80
[  219.267953][T12789]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.270388][T12789] 
[  219.270388][T12789] -> #7 (sk_lock-AF_INET6){+.+.}-{0:0}:
[  219.273315][T12789]        lock_sock_nested+0x41/0x100
[  219.275334][T12789]        inet_shutdown+0x6a/0x390
[  219.277259][T12789]        nbd_mark_nsock_dead+0x2e9/0x560
[  219.279352][T12789]        sock_shutdown+0x15e/0x260
[  219.281246][T12789]        nbd_clear_sock+0x24/0x170
[  219.283206][T12789]        nbd_config_put+0x2dd/0x580
[  219.285203][T12789]        nbd_genl_connect+0x19d5/0x1cf0
[  219.287333][T12789]        genl_family_rcv_msg_doit+0x22a/0x330
[  219.289682][T12789]        genl_rcv_msg+0x61c/0x7a0
[  219.291569][T12789]        netlink_rcv_skb+0x232/0x4b0
[  219.293581][T12789]        genl_rcv+0x28/0x40
[  219.295358][T12789]        netlink_unicast+0x75c/0x8e0
[  219.297359][T12789]        netlink_sendmsg+0x813/0xb40
[  219.299395][T12789]        ____sys_sendmsg+0x972/0x9f0
[  219.301349][T12789]        ___sys_sendmsg+0x2a5/0x360
[  219.302881][T12789]        __x64_sys_sendmsg+0x1bd/0x2a0
[  219.304479][T12789]        do_syscall_64+0x15f/0xf80
[  219.306162][T12789]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.308137][T12789] 
[  219.308137][T12789] -> #6 (&nsock->tx_lock){+.+.}-{4:4}:
[  219.310520][T12789]        __mutex_lock+0x1a3/0x1550
[  219.312067][T12789]        nbd_queue_rq+0x37b/0x1100
[  219.313627][T12789]        blk_mq_dispatch_rq_list+0xa70/0x1910
[  219.315550][T12789]        __blk_mq_sched_dispatch_requests+0xdcc/0x1600
[  219.318090][T12789]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  219.320530][T12789]        blk_mq_run_hw_queue+0x348/0x4f0
[  219.322532][T12789]        blk_mq_dispatch_list+0xd16/0xe10
[  219.324489][T12789]        blk_mq_flush_plug_list+0x48d/0x570
[  219.326590][T12789]        __blk_flush_plug+0x3ed/0x4d0
[  219.328426][T12789]        __submit_bio+0x28d/0x580
[  219.329992][T12789]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  219.331912][T12789]        block_read_full_folio+0x599/0x830
[  219.333699][T12789]        filemap_read_folio+0x137/0x3b0
[  219.335780][T12789]        do_read_cache_folio+0x358/0x590
[  219.337944][T12789]        read_part_sector+0xb6/0x2b0
[  219.339975][T12789]        adfspart_check_ICS+0xb1/0x960
[  219.342106][T12789]        bdev_disk_changed+0x817/0x1770
[  219.344214][T12789]        blkdev_get_whole+0x380/0x510
[  219.346303][T12789]        bdev_open+0x31e/0xd30
[  219.348181][T12789]        blkdev_open+0x470/0x610
[  219.350076][T12789]        do_dentry_open+0x785/0x14e0
[  219.352159][T12789]        vfs_open+0x3b/0x340
[  219.353943][T12789]        path_openat+0x2e08/0x3860
[  219.355918][T12789]        do_file_open+0x23e/0x4a0
[  219.357889][T12789]        do_sys_openat2+0x113/0x200
[  219.359920][T12789]        __x64_sys_openat+0x138/0x170
[  219.361789][T12789]        do_syscall_64+0x15f/0xf80
[  219.363522][T12789]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.365743][T12789] 
[  219.365743][T12789] -> #5 (&cmd->lock){+.+.}-{4:4}:
[  219.368209][T12789]        __mutex_lock+0x1a3/0x1550
[  219.369946][T12789]        nbd_queue_rq+0xc6/0x1100
[  219.371807][T12789]        blk_mq_dispatch_rq_list+0xa70/0x1910
[  219.374174][T12789]        __blk_mq_sched_dispatch_requests+0xdcc/0x1600
[  219.376799][T12789]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  219.379307][T12789]        blk_mq_run_hw_queue+0x348/0x4f0
[  219.381467][T12789]        blk_mq_dispatch_list+0xd16/0xe10
[  219.383700][T12789]        blk_mq_flush_plug_list+0x48d/0x570
[  219.385991][T12789]        __blk_flush_plug+0x3ed/0x4d0
[  219.387661][T12789]        __submit_bio+0x28d/0x580
[  219.389362][T12789]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  219.391258][T12789]        block_read_full_folio+0x599/0x830
[  219.393122][T12789]        filemap_read_folio+0x137/0x3b0
[  219.394944][T12789]        do_read_cache_folio+0x358/0x590
[  219.396787][T12789]        read_part_sector+0xb6/0x2b0
[  219.398405][T12789]        adfspart_check_ICS+0xb1/0x960
[  219.400417][T12789]        bdev_disk_changed+0x817/0x1770
[  219.402132][T12789]        blkdev_get_whole+0x380/0x510
[  219.403710][T12789]        bdev_open+0x31e/0xd30
[  219.405152][T12789]        blkdev_open+0x470/0x610
[  219.406823][T12789]        do_dentry_open+0x785/0x14e0
[  219.408438][T12789]        vfs_open+0x3b/0x340
[  219.409815][T12789]        path_openat+0x2e08/0x3860
[  219.411529][T12789]        do_file_open+0x23e/0x4a0
[  219.413390][T12789]        do_sys_openat2+0x113/0x200
[  219.414945][T12789]        __x64_sys_openat+0x138/0x170
[  219.416824][T12789]        do_syscall_64+0x15f/0xf80
[  219.418499][T12789]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.420457][T12789] 
[  219.420457][T12789] -> #4 (set->srcu){.+.+}-{0:0}:
[  219.422637][T12789]        __synchronize_srcu+0xca/0x300
[  219.424253][T12789]        elevator_switch+0x1e8/0x7a0
[  219.425895][T12789]        elevator_change+0x2cc/0x450
[  219.427524][T12789]        elevator_set_default+0x36c/0x430
[  219.429398][T12789]        blk_register_queue+0x3e9/0x4e0
[  219.431217][T12789]        __add_disk+0x677/0xd50
[  219.432673][T12789]        add_disk_fwnode+0xfb/0x480
[  219.434501][T12789]        nbd_dev_add+0x72c/0xb50
[  219.436296][T12789]        nbd_init+0x168/0x1f0
[  219.438074][T12789]        do_one_initcall+0x250/0x870
[  219.439776][T12789]        do_initcall_level+0x104/0x190
[  219.441450][T12789]        do_initcalls+0x59/0xa0
[  219.442927][T12789]        kernel_init_freeable+0x2a6/0x3e0
[  219.444617][T12789]        kernel_init+0x1d/0x1d0
[  219.446375][T12789]        ret_from_fork+0x514/0xb70
[  219.448062][T12789]        ret_from_fork_asm+0x1a/0x30
[  219.449631][T12789] 
[  219.449631][T12789] -> #3 (&q->elevator_lock){+.+.}-{4:4}:
[  219.451983][T12789]        __mutex_lock+0x1a3/0x1550
[  219.453512][T12789]        elevator_change+0x1b3/0x450
[  219.455274][T12789]        elevator_set_none+0xb5/0x140
[  219.456988][T12789]        blk_mq_update_nr_hw_queues+0x5e7/0x1a60
[  219.459031][T12789]        nbd_start_device+0x17f/0xb10
[  219.460877][T12789]        nbd_genl_connect+0x165b/0x1cf0
[  219.462518][T12789]        genl_family_rcv_msg_doit+0x22a/0x330
[  219.464327][T12789]        genl_rcv_msg+0x61c/0x7a0
[  219.465867][T12789]        netlink_rcv_skb+0x232/0x4b0
[  219.467738][T12789]        genl_rcv+0x28/0x40
[  219.469233][T12789]        netlink_unicast+0x75c/0x8e0
[  219.471059][T12789]        netlink_sendmsg+0x813/0xb40
[  219.472740][T12789]        ____sys_sendmsg+0x972/0x9f0
[  219.474386][T12789]        ___sys_sendmsg+0x2a5/0x360
[  219.476376][T12789]        __x64_sys_sendmsg+0x1bd/0x2a0
[  219.478441][T12789]        do_syscall_64+0x15f/0xf80
[  219.480345][T12789]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.482370][T12789] 
[  219.482370][T12789] -> #2 (&q->q_usage_counter(io)#50){++++}-{0:0}:
[  219.485187][T12789]        blk_alloc_queue+0x546/0x680
[  219.487071][T12789]        __blk_mq_alloc_disk+0x197/0x390
[  219.489113][T12789]        nbd_dev_add+0x499/0xb50
[  219.490859][T12789]        nbd_init+0x168/0x1f0
[  219.492330][T12789]        do_one_initcall+0x250/0x870
[  219.494330][T12789]        do_initcall_level+0x104/0x190
[  219.496442][T12789]        do_initcalls+0x59/0xa0
[  219.498263][T12789]        kernel_init_freeable+0x2a6/0x3e0
[  219.500359][T12789]        kernel_init+0x1d/0x1d0
[  219.502008][T12789]        ret_from_fork+0x514/0xb70
[  219.503655][T12789]        ret_from_fork_asm+0x1a/0x30
[  219.505285][T12789] 
[  219.505285][T12789] -> #1 (fs_reclaim){+.+.}-{0:0}:
[  219.507731][T12789]        fs_reclaim_acquire+0x71/0x100
[  219.509469][T12789]        kmem_cache_alloc_noprof+0x40/0x650
[  219.511326][T12789]        __anon_vma_prepare+0xcb/0x4a0
[  219.513030][T12789]        __vmf_anon_prepare+0xe1/0x1b0
[  219.514667][T12789]        hugetlb_no_page+0x399/0x2100
[  219.516447][T12789]        hugetlb_fault+0x747/0x1510
[  219.518101][T12789]        handle_mm_fault+0x2009/0x3170
[  219.519932][T12789]        __get_user_pages+0x1683/0x2720
[  219.521690][T12789]        populate_vma_page_range+0x2be/0x3c0
[  219.523679][T12789]        __mm_populate+0x25f/0x390
[  219.525693][T12789]        vm_mmap_pgoff+0x3aa/0x4f0
[  219.527492][T12789]        ksys_mmap_pgoff+0x586/0x760
[  219.529201][T12789]        do_syscall_64+0x15f/0xf80
[  219.530870][T12789]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.533135][T12789] 
[  219.533135][T12789] -> #0 (&resv_map->rw_sema){++++}-{4:4}:
[  219.535552][T12789]        __lock_acquire+0x15a5/0x2cf0
[  219.537359][T12789]        lock_acquire+0x106/0x350
[  219.539130][T12789]        down_read+0x47/0x2e0
[  219.540704][T12789]        __get_user_pages+0x5e4/0x2720
[  219.542506][T12789]        __gup_longterm_locked+0x3db/0x1630
[  219.544294][T12789]        pin_user_pages+0x9d/0xd0
[  219.546038][T12789]        xdp_umem_pin_pages+0x11b/0x340
[  219.547875][T12789]        xdp_umem_create+0x631/0x8b0
[  219.549452][T12789]        xsk_setsockopt+0x860/0x990
[  219.551122][T12789]        do_sock_setsockopt+0x17c/0x1b0
[  219.552897][T12789]        __x64_sys_setsockopt+0x13d/0x1b0
[  219.554663][T12789]        do_syscall_64+0x15f/0xf80
[  219.556368][T12789]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.558490][T12789] 
[  219.558490][T12789] other info that might help us debug this:
[  219.558490][T12789] 
[  219.561798][T12789] Chain exists of:
[  219.561798][T12789]   &resv_map->rw_sema --> sk_lock-AF_INET6 --> &mm->mmap_lock
[  219.561798][T12789] 
[  219.566435][T12789]  Possible unsafe locking scenario:
[  219.566435][T12789] 
[  219.568820][T12789]        CPU0                    CPU1
[  219.570510][T12789]        ----                    ----
[  219.572264][T12789]   rlock(&mm->mmap_lock);
[  219.573715][T12789]                                lock(sk_lock-AF_INET6);
[  219.575852][T12789]                                lock(&mm->mmap_lock);
[  219.578169][T12789]   rlock(&resv_map->rw_sema);
[  219.579692][T12789] 
[  219.579692][T12789]  *** DEADLOCK ***
[  219.579692][T12789] 
[  219.582703][T12789] 2 locks held by syz.2.2969/12789:
[  219.584613][T12789]  #0: ffff88811de826b0 (&xs->mutex){+.+.}-{4:4}, at: xsk_setsockopt+0x6d2/0x990
[  219.587951][T12789]  #1: ffff8881b89a0338 (&mm->mmap_lock){++++}-{4:4}, at: xdp_umem_pin_pages+0xca/0x340
[  219.591020][T12789] 
[  219.591020][T12789] stack backtrace:
[  219.592989][T12789] CPU: 0 UID: 0 PID: 12789 Comm: syz.2.2969 Not tainted syzkaller #0 PREEMPT(full) 
[  219.593011][T12789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  219.593022][T12789] Call Trace:
[  219.593031][T12789]  <TASK>
[  219.593040][T12789]  dump_stack_lvl+0xe8/0x150
[  219.593061][T12789]  print_circular_bug+0x2e1/0x300
[  219.593084][T12789]  check_noncircular+0x12e/0x150
[  219.593107][T12789]  __lock_acquire+0x15a5/0x2cf0
[  219.593121][T12789]  ? mt_find+0x481/0x630
[  219.593136][T12789]  ? mt_find+0x186/0x630
[  219.593147][T12789]  ? __pfx_mt_find+0x10/0x10
[  219.593157][T12789]  ? __get_user_pages+0x5e4/0x2720
[  219.593167][T12789]  lock_acquire+0x106/0x350
[  219.593174][T12789]  ? __get_user_pages+0x5e4/0x2720
[  219.593184][T12789]  down_read+0x47/0x2e0
[  219.593192][T12789]  ? __get_user_pages+0x5e4/0x2720
[  219.593201][T12789]  __get_user_pages+0x5e4/0x2720
[  219.593214][T12789]  ? lruvec_stat_mod_folio+0x6e/0x3e0
[  219.593224][T12789]  __gup_longterm_locked+0x3db/0x1630
[  219.593234][T12789]  ? xdp_umem_pin_pages+0xca/0x340
[  219.593246][T12789]  pin_user_pages+0x9d/0xd0
[  219.593254][T12789]  xdp_umem_pin_pages+0x11b/0x340
[  219.593265][T12789]  xdp_umem_create+0x631/0x8b0
[  219.593277][T12789]  xsk_setsockopt+0x860/0x990
[  219.593288][T12789]  ? __pfx_xsk_setsockopt+0x10/0x10
[  219.593298][T12789]  ? __fget_files+0x2a/0x420
[  219.593307][T12789]  ? aa_sock_opt_perm+0xff/0x1a0
[  219.593318][T12789]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  219.593328][T12789]  ? __pfx_xsk_setsockopt+0x10/0x10
[  219.593338][T12789]  do_sock_setsockopt+0x17c/0x1b0
[  219.593351][T12789]  __x64_sys_setsockopt+0x13d/0x1b0
[  219.593362][T12789]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.593369][T12789]  do_syscall_64+0x15f/0xf80
[  219.593382][T12789]  ? trace_irq_disable+0x3b/0x140
[  219.593394][T12789]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.593402][T12789] RIP: 0033:0x7f763ed9ce59
[  219.593412][T12789] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  219.593418][T12789] RSP: 002b:00007f763fc08028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  219.593426][T12789] RAX: ffffffffffffffda RBX: 00007f763f015fa0 RCX: 00007f763ed9ce59
[  219.593432][T12789] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000004
[  219.593438][T12789] RBP: 00007f763ee32d6f R08: 0000000000000020 R09: 0000000000000000
[  219.593444][T12789] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000000
[  219.593450][T12789] R13: 00007f763f016038 R14: 00007f763f015fa0 R15: 00007fff969f8358
[  219.593459][T12789]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
