last executing test programs: 1.768341543s ago: executing program 3 (id=2729): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000000c0)={0x20, r0, 0x801, 0x70bd26, 0x3, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x19800}, 0x40000) 1.66459786s ago: executing program 0 (id=2732): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000340)=@dstopts={0x6c}, 0x8) sendto$inet6(r0, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x2, @local, 0x9}, 0x1c) 1.642677071s ago: executing program 3 (id=2733): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58) close(r0) 1.557904488s ago: executing program 3 (id=2735): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00'}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x4814) 1.523925664s ago: executing program 0 (id=2738): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000220a01"], 0xc8}}, 0x0) r1 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$VFAT_IOCTL_READDIR_BOTH(r1, 0x82307201, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r3, &(0x7f00000004c0)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) getsockopt$bt_l2cap_L2CAP_OPTIONS(r3, 0x6, 0x1, 0x0, &(0x7f0000000100)) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[], 0x60}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x20044804}, 0x20000001) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r4 = socket$kcm(0x10, 0x2, 0x4) close(r4) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="5c0000007a006bcd9e3fe3dc6e08000007000000010000007ea60864160af36504005425198bc3488bc3a0e69ee517d34460bc24eab556a705251e6182949a3651f668c3664402682fb6e27bbfa83b5cae0300c9f4d1938037e786a6", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x2048840) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_ro(r5, &(0x7f0000000300)='pids.current\x00', 0x275a, 0xfffe) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r7, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) setsockopt$sock_int(r7, 0x1, 0x2e, &(0x7f0000000140)=0x7, 0x4) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r7) preadv(r6, &(0x7f0000000100), 0xa, 0x0, 0x0) 1.430733996s ago: executing program 3 (id=2739): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000b40)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000fddbdf258100000008000300", @ANYRES32=r3, @ANYBLOB="1c0033"], 0x44}, 0x1, 0x0, 0x0, 0x48801}, 0x44010) 1.372731292s ago: executing program 0 (id=2741): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05bea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd60b1a715c366da2b37ac7e9e3033f8ec04db1c2412e02ccd0617d9fb646c4897750d068c936c3558a94b05d7c65c0d458c0d70d0aa864bc1e324d3f69b1b4061627da875a4b5c2668ab0990623fe6f3b54cd1c79da4baf256f88750c18486330589473e267fa44e220cf40db662b570c2a2fbba9a34a3dd7bbd8368fe506daa62b45797d4b397905a69e58eb436c08cc78963197adb1b16ad83a1a9b4"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)=ANY=[@ANYRES32=r1, @ANYRES32=r1, @ANYBLOB="2e00000000000000e6ffffff", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20) (async) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000180)={0x0, 0x0}, 0x0) r3 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=r2, 0x4) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r3, r0, 0x4, r1}, 0x10) (async, rerun: 32) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) (rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xa}}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async, rerun: 32) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @random="c4bc9cac9686", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @local, @mcast2, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2}}}}}}}, 0x0) (rerun: 32) 1.286338468s ago: executing program 3 (id=2745): r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000380)="6ebe3018046b2c626a05737446ffc208", 0x10) close(r0) 1.143489128s ago: executing program 0 (id=2749): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00'}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x4814) 1.142603511s ago: executing program 3 (id=2750): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) (async, rerun: 32) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) (rerun: 32) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) (async) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r2, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2}}, 0x10) (async) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4) (async) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000140)={'vxcan1\x00', 0x0}) bind$can_j1939(r3, &(0x7f00000001c0)={0x1d, r5, 0x1, {0x0, 0x0, 0x1}, 0xfd}, 0x18) (async) connect$can_j1939(r3, &(0x7f0000000080)={0x1d, r4, 0x4, {0x2, 0xff, 0x2}, 0xfd}, 0x18) sendmmsg$inet(r2, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000280)="f0", 0x1}], 0x1}}], 0x1, 0x24044c41) (async, rerun: 32) ppoll(&(0x7f0000000380)=[{r2, 0x6006}], 0x1, 0x0, 0x0, 0x0) (async, rerun: 32) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7) sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x1c, r8, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x4008004) r9 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x2, [@func_proto={0x2, 0x1, 0x0, 0x13, 0x2, [{0xe}]}]}}, 0x0, 0x2e}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000580)=@ringbuf, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r9, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x401}, 0x10}, 0x90) write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r6], 0x4) 1.098494253s ago: executing program 1 (id=2751): sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x4000090) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="10007d"], 0x2c}, 0x1, 0x0, 0x0, 0x440c0}, 0x0) 1.016275311s ago: executing program 0 (id=2752): bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_type(r0, 0x0, 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000c40), 0x12) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) epoll_create1(0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect$packet(r4, &(0x7f0000000200)={0x1f, 0x0, 0x0, 0x1, 0x2, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14) shutdown(r4, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) r6 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r6, &(0x7f0000000200)=0x1, 0x12) 953.286649ms ago: executing program 1 (id=2754): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000000c0)={0x24, r0, 0x801, 0x70bd26, 0x3, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x8, 0x50, 0x0, 0x1, [@NL80211_KEY_SEQ={0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x19800}, 0x40000) 879.925482ms ago: executing program 1 (id=2755): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x22, 0x0, 0x0) shutdown(r0, 0x1) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000140)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x2, @empty, 0xfffffffe}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000a40)="fb", 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x20080058) 796.757392ms ago: executing program 4 (id=2756): r0 = socket$kcm(0x10, 0x2, 0x10) r1 = socket(0xa, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0x3e, &(0x7f0000000100)=0x1fffff, 0x4) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23, 0x3, @loopback, 0xf}, 0x1c) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x55) write(r2, &(0x7f0000000000)="0a000000010001", 0x7) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$inet_sctp(0x2, 0x5, 0x84) r4 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f0000000000)={r5, 0x5, 0x7}, 0x8) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20050840) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1}, 0x0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r6, 0x400448ca, 0x0) write$bt_hci(r6, &(0x7f0000000100)=ANY=[], 0xa) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x0, 0x3}}]}}}]}, 0x40}}, 0x0) r8 = syz_init_net_socket$ax25(0x3, 0x3, 0xf0) ioctl$SIOCAX25GETINFOOLD(r8, 0x89e9, 0x0) 796.40019ms ago: executing program 2 (id=2757): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMKSA(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)={0x4c, r2, 0x1, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PMK={0x14, 0xfe, "f91fa027e9af27577365dd6bea6dd254"}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x18}, @NL80211_ATTR_PMKID={0x14, 0x55, "b6308cb82ffdc8819fb02b3b1f1ec18a"}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc800}, 0x84) 714.839756ms ago: executing program 1 (id=2759): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x34, r1, 0x625, 0x0, 0x82, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_SETUP={0xc, 0x70, [@NL80211_MESH_SETUP_IE={0x5, 0x3, 'A'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000004}, 0x40) 695.944911ms ago: executing program 2 (id=2760): r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000380)="6ebe3018046b2c626a05737446ffc208", 0x10) close(r0) 580.918537ms ago: executing program 4 (id=2761): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000340)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, 0x0, 0x40) 565.423199ms ago: executing program 1 (id=2762): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x0, 0xfffffffe, 0x4}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8801}, 0x20008850) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=@newtfilter={0x488, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0xfff3, 0xffe0}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x45c, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x9, 0x4}]}}, @TCA_BPF_POLICE={0x444, 0x2, [@TCA_POLICE_RATE={0x404, 0x2, [0x3, 0x8, 0x1, 0x7, 0xd988, 0x3, 0x3, 0xa08b, 0x1, 0x3ff, 0x5, 0x5, 0x6, 0x4, 0x3, 0x92c, 0x7, 0xffffffb2, 0xeaac, 0x2, 0xe13, 0x4, 0x10000, 0xded, 0x8, 0x10000000, 0x1, 0x10001, 0xc6d, 0x80000001, 0x8, 0x7, 0x7, 0x7, 0x5, 0x7, 0x800, 0x9, 0x100, 0x8, 0x9, 0x8, 0x3, 0x5, 0x6, 0x9, 0x3, 0xd, 0x7, 0x5, 0x13f6, 0x81, 0x53, 0x17, 0x4, 0x1, 0x6, 0x4, 0x8, 0x800, 0x86e1, 0x8, 0xfffffff9, 0x5, 0x1, 0x3, 0x5, 0x5, 0x80000000, 0xf3, 0xd, 0x8, 0xfffffff9, 0x800, 0x2726a3ed, 0x6, 0x4, 0x2, 0x6, 0x8, 0x2, 0x7ff, 0x100, 0x1ff, 0x7, 0x3, 0x4, 0x8, 0x5, 0x2, 0x5, 0x0, 0x4, 0x3, 0x16, 0xff, 0x1, 0xc, 0x9, 0xb, 0x5, 0x8000, 0x8, 0x6, 0xa, 0xfa, 0x3, 0x0, 0x10, 0x1ff, 0x3, 0x4, 0x60000000, 0x8, 0x2, 0x4000000d, 0x3, 0x2, 0x401, 0xa955, 0x5000, 0x1, 0xe6, 0x2, 0x9, 0x6e4, 0x1, 0x5, 0xe, 0xb, 0x6, 0x4, 0x80000001, 0x3, 0x99b, 0x9c4, 0x7f, 0x3, 0x70, 0xff800, 0x1, 0x7, 0x5, 0xff, 0x7, 0x6, 0xfff, 0x800, 0xa3, 0x10000, 0xff, 0x80000000, 0xc, 0x7, 0x8, 0xff, 0x0, 0x0, 0x8, 0x6, 0xe2f3, 0x4, 0x7f, 0x9, 0x1, 0xffff, 0x3, 0x9, 0x9, 0x8, 0x7, 0xfffffc00, 0x0, 0x40, 0x400, 0x64c, 0x8, 0x7, 0x8, 0x6, 0xfffffffe, 0x6, 0x5, 0x7ff, 0xc7, 0x7, 0xf30, 0x800, 0x0, 0xee3, 0x5, 0x4, 0x8, 0x8, 0x1000, 0x8, 0x7, 0xa37f, 0x8, 0x9, 0x3, 0x1, 0xff, 0x5, 0x10000, 0xb, 0xcf9, 0x8, 0xfc, 0x40, 0x3, 0x1731, 0x3b, 0xff, 0x6, 0x6ad880, 0x266d, 0x7, 0xc28, 0x2, 0x400, 0x7d75, 0x52, 0xd3, 0x8, 0x2, 0x4, 0xfffffff8, 0x200, 0x6, 0x6, 0x8, 0xe, 0xe459, 0x7ff, 0xc7, 0x81, 0x40, 0x0, 0x9, 0x3feb, 0x800, 0x100, 0x100, 0x8, 0xfffffb98, 0xfffffffb, 0x4, 0x20001, 0x3, 0x8, 0x1, 0x15b9, 0x7, 0x100, 0xffffffff]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0xffffffffffffffff, 0x7a94, 0x7, 0xb, {0x7, 0x0, 0x1, 0x80, 0x6572, 0x6}, {0x2, 0x1, 0x400, 0x8, 0x8}, 0x3, 0x4, 0x7fffffff}}]}]}}]}, 0x488}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000000)=@gettaction={0x30, 0x32, 0x301, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x4}]}, 0x30}}, 0x0) 524.595549ms ago: executing program 2 (id=2763): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000007c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000800)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000840)={0x38, r1, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "7926bff9da3ba9ab117ba1f87167105c"}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x1d}]}, 0x38}}, 0x4044014) 396.396231ms ago: executing program 4 (id=2764): sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000801}, 0x4000090) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="10007d"], 0x2c}, 0x1, 0x0, 0x0, 0x440c0}, 0x0) 374.966774ms ago: executing program 4 (id=2765): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_OCB(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x448d0) 255.701484ms ago: executing program 2 (id=2766): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x20040884}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@ipv6_getaddr={0x18, 0x16, 0x3c2be10bca706f15, 0x0, 0x0, {0x9, 0x0, 0x50}}, 0x18}}, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newsa={0x158, 0x10, 0x1, 0x0, 0x0, {{@in=@remote, @in6=@loopback}, {@in, 0x0, 0x32}, @in6=@loopback, {}, {}, {0x0, 0xfffffffd}, 0x70bd25, 0x0, 0xa, 0x0, 0x0, 0xaf}, [@replay_esn_val={0x1c}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}, 0x0, 0x8}}]}, 0x158}}, 0x0) r3 = openat$cgroup_ro(r1, &(0x7f0000000300)='cgroup.controllers\x00', 0x275a, 0xfffe) preadv(r3, &(0x7f0000000100), 0xa, 0x0, 0x0) setsockopt$inet_sctp_SCTP_INITMSG(r3, 0x84, 0x2, &(0x7f0000000040)={0x200, 0x94b, 0x9, 0x6}, 0x8) socket$nl_netfilter(0x10, 0x3, 0xc) 202.242881ms ago: executing program 1 (id=2767): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000400)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x1c, r6, 0xd66771a5e8224ded, 0x0, 0x0, {{}, {@void, @void, @void}}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x1c}}, 0x0) (async) sendmsg$NL80211_CMD_SET_CHANNEL(r4, &(0x7f00000004c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r6, 0x400, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x24e}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x80000}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x811) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) (async) r8 = socket$nl_route(0x10, 0x3, 0x0) (async) r9 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r9, &(0x7f0000000440)=[{{&(0x7f0000000280)={0x2, 0x4e22, @private=0xa010101}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000200)="9c", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x4e22, @rand_addr=0x64010101}, 0x10, &(0x7f0000000180)=[{&(0x7f00000000c0)="99", 0x1}], 0x1}}], 0x2, 0x48000) getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={0x0}, &(0x7f0000000000)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r9, 0x84, 0x22, &(0x7f0000000240)={0xffff, 0x1, 0x1, 0x1, r10}, 0x10) (async) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r11, {0x0, 0xb}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_CE_THRESHOLD={0x8, 0xc, 0x7}, @TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x7fffffff}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r12 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r12, &(0x7f00000002c0)="0bdf3f4c98190a0000000000000000a288a8", 0x12, 0x40, &(0x7f00000000c0)={0x11, 0x88a8, r11, 0x1, 0xd8, 0x6, @multicast}, 0x14) r13 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r13, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd700004000000030000000800090002"], 0x40}}, 0x20) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x3c, r1, 0x10, 0x70bd27, 0x25dfdbfd, {}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x6}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x8}, @L2TP_ATTR_COOKIE={0xc, 0xf, 0xe1c}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4884}, 0x8000) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) (async) r15 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x30, r15, 0x1, 0x70bd29, 0x0, {{0x2}, {@val={0x8, 0x3, r14}, @val={0xc, 0x99, {0x41, 0x60}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x39a}]]}, 0x30}}, 0x0) 201.749526ms ago: executing program 2 (id=2768): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x22, 0x0, 0x0) shutdown(r0, 0x1) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000140)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x2, @empty, 0xfffffffe}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000a40)="fb", 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x20080058) 178.1076ms ago: executing program 4 (id=2769): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x40) 156.034131ms ago: executing program 2 (id=2770): r0 = socket$kcm(0x10, 0x2, 0x10) r1 = socket(0xa, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0x3e, &(0x7f0000000100)=0x1fffff, 0x4) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23, 0x3, @loopback, 0xf}, 0x1c) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x55) write(r2, &(0x7f0000000000)="0a000000010001", 0x7) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$inet_sctp(0x2, 0x5, 0x84) r4 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f0000000000)={r5, 0x5, 0x7}, 0x8) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20050840) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1}, 0x0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r6, 0x400448ca, 0x0) write$bt_hci(r6, &(0x7f0000000100)=ANY=[], 0xa) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x0, 0x3}}]}}}]}, 0x40}}, 0x0) r8 = syz_init_net_socket$ax25(0x3, 0x3, 0xf0) ioctl$SIOCAX25GETINFOOLD(r8, 0x89e9, 0x0) 281.247µs ago: executing program 0 (id=2771): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x34, r1, 0x625, 0x0, 0x82, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_SETUP={0xc, 0x70, [@NL80211_MESH_SETUP_IE={0x5, 0x3, 'A'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000004}, 0x40) 0s ago: executing program 4 (id=2772): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x2c, r1, 0x5, 0x0, 0xfffffffd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_WANT_1X_4WAY_HS={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x2000080) kernel console output (not intermixed with test programs): 00141 [ 166.274510][T10101] RAX: ffffffffffffffda RBX: 00007f860cc15fa0 RCX: 00007f860c99aeb9 [ 166.274523][T10101] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a [ 166.274533][T10101] RBP: 00007f860d82e090 R08: 0000000000000000 R09: 0000000000000000 [ 166.274544][T10101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 166.274552][T10101] R13: 00007f860cc16038 R14: 00007f860cc15fa0 R15: 00007ffc16df36a8 [ 166.274582][T10101] [ 166.282320][T10024] vxcan1 speed is unknown, defaulting to 1000 [ 166.538247][T10107] __nla_validate_parse: 4 callbacks suppressed [ 166.538263][T10107] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1192'. [ 166.560290][T10104] netlink: 212340 bytes leftover after parsing attributes in process `syz.3.1190'. [ 166.571891][T10104] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 166.656930][T10108] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1192'. [ 166.685953][T10110] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1190'. [ 166.881566][T10121] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1195'. [ 166.923139][T10116] syzkaller0: entered promiscuous mode [ 166.946905][T10116] syzkaller0: entered allmulticast mode [ 167.121605][T10132] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1198'. [ 167.145776][T10131] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1198'. [ 167.329988][T10142] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1200'. [ 167.458719][ T5840] Bluetooth: hci4: command 0x0405 tx timeout [ 168.420798][T10130] netlink: 'syz.3.1197': attribute type 2 has an invalid length. [ 168.631987][T10155] netlink: 'syz.0.1203': attribute type 4 has an invalid length. [ 168.647322][T10152] syzkaller0: entered promiscuous mode [ 168.679508][T10152] syzkaller0: entered allmulticast mode [ 168.807642][T10168] FAULT_INJECTION: forcing a failure. [ 168.807642][T10168] name failslab, interval 1, probability 0, space 0, times 0 [ 168.820369][T10168] CPU: 1 UID: 0 PID: 10168 Comm: syz.2.1209 Not tainted syzkaller #0 PREEMPT(full) [ 168.820392][T10168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 168.820402][T10168] Call Trace: [ 168.820409][T10168] [ 168.820415][T10168] dump_stack_lvl+0xe8/0x150 [ 168.820442][T10168] should_fail_ex+0x412/0x560 [ 168.820467][T10168] should_failslab+0xa8/0x100 [ 168.820487][T10168] kmem_cache_alloc_noprof+0x87/0x6e0 [ 168.820514][T10168] ? skb_clone+0x212/0x3a0 [ 168.820549][T10168] skb_clone+0x212/0x3a0 [ 168.820575][T10168] bpf_clone_redirect+0x16a/0x4b0 [ 168.820599][T10168] ? bpf_test_run+0x1d1/0x830 [ 168.820617][T10168] bpf_prog_cbaa716d5e7dde70+0x5f/0x68 [ 168.820637][T10168] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 168.820659][T10168] ? arch_stack_walk+0xfb/0x150 [ 168.820684][T10168] ? ktime_get+0x45/0x200 [ 168.820715][T10168] ? seqcount_lockdep_reader_access+0xa9/0x100 [ 168.820735][T10168] ? lockdep_hardirqs_on+0x7a/0x110 [ 168.820752][T10168] ? ktime_get+0x45/0x200 [ 168.820768][T10168] ? seqcount_lockdep_reader_access+0xea/0x100 [ 168.820794][T10168] ? bpf_test_timer_continue+0x10c/0x320 [ 168.820815][T10168] bpf_test_run+0x354/0x830 [ 168.820849][T10168] ? __pfx_bpf_test_run+0x10/0x10 [ 168.820879][T10168] ? __kasan_krealloc+0xeb/0x110 [ 168.820895][T10168] ? eth_type_trans+0x35e/0x6d0 [ 168.820918][T10168] ? bpf_prog_test_run_skb+0x889/0x1d50 [ 168.820934][T10168] ? convert___skb_to_skb+0x3d/0x5b0 [ 168.820952][T10168] bpf_prog_test_run_skb+0xd66/0x1d50 [ 168.820979][T10168] ? __fget_files+0x2a/0x420 [ 168.820997][T10168] ? __fget_files+0x3a0/0x420 [ 168.821015][T10168] ? __fget_files+0x2a/0x420 [ 168.821039][T10168] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 168.821057][T10168] bpf_prog_test_run+0x2c7/0x340 [ 168.821076][T10168] __sys_bpf+0x5cb/0x920 [ 168.821095][T10168] ? __pfx___sys_bpf+0x10/0x10 [ 168.821128][T10168] ? ksys_write+0x242/0x270 [ 168.821155][T10168] ? __pfx_ksys_write+0x10/0x10 [ 168.821186][T10168] __x64_sys_bpf+0x7c/0x90 [ 168.821213][T10168] do_syscall_64+0xe2/0xf80 [ 168.821231][T10168] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.821248][T10168] ? trace_irq_disable+0x37/0x100 [ 168.821265][T10168] ? clear_bhb_loop+0x60/0xb0 [ 168.821286][T10168] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.821303][T10168] RIP: 0033:0x7fb2fcd9aeb9 [ 168.821319][T10168] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 168.821334][T10168] RSP: 002b:00007fb2fdc8d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 168.821353][T10168] RAX: ffffffffffffffda RBX: 00007fb2fd015fa0 RCX: 00007fb2fcd9aeb9 [ 168.821367][T10168] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 000000000000000a [ 168.821378][T10168] RBP: 00007fb2fdc8d090 R08: 0000000000000000 R09: 0000000000000000 [ 168.821389][T10168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 168.821399][T10168] R13: 00007fb2fd016038 R14: 00007fb2fd015fa0 R15: 00007fffcc45ae68 [ 168.821425][T10168] [ 169.254878][T10172] netlink: 'syz.4.1211': attribute type 1 has an invalid length. [ 169.268593][T10179] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1213'. [ 169.296748][T10180] syzkaller0: entered promiscuous mode [ 169.302233][T10180] syzkaller0: entered allmulticast mode [ 169.346282][T10172] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.412126][T10177] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1210'. [ 169.497717][T10172] bond0: (slave geneve2): making interface the new active one [ 169.518608][T10172] bond0: (slave geneve2): Enslaving as an active interface with an up link [ 169.617592][T10189] vlan4: entered allmulticast mode [ 169.646607][T10189] bond0: entered allmulticast mode [ 169.675093][T10189] geneve2: entered allmulticast mode [ 169.708429][T10189] bond0: (slave vlan4): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 169.918429][T10190] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.926149][T10190] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.955337][T10200] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 170.172601][T10190] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 170.193681][T10190] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 170.394224][T10190] bond3: left promiscuous mode [ 170.399180][T10190] bridge2: left promiscuous mode [ 170.412527][ T5941] vxcan1 speed is unknown, defaulting to 1000 [ 170.412968][ T3449] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.428370][ T5941] syz2: Port: 1 Link DOWN [ 170.440806][ T5911] IPVS: starting estimator thread 0... [ 170.447709][T10209] IPVS: wrr: FWM 3 0x00000003 - no destination available [ 170.448248][ T3449] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.484947][ T3449] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.486676][ T5941] vxcan1 speed is unknown, defaulting to 1000 [ 170.515450][ T3449] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.547434][T10210] IPVS: using max 31 ests per chain, 74400 per kthread [ 170.657274][T10218] openvswitch: netlink: Key type 4099 is out of range max 32 [ 170.702877][T10222] netlink: 'syz.3.1225': attribute type 1 has an invalid length. [ 170.810744][T10222] bond7: entered promiscuous mode [ 170.835082][T10222] 8021q: adding VLAN 0 to HW filter on device bond7 [ 170.901935][T10225] bond7: (slave bridge7): making interface the new active one [ 170.925307][T10225] bridge7: entered promiscuous mode [ 170.932452][T10225] bond7: (slave bridge7): Enslaving as an active interface with an up link [ 171.743251][T10281] __nla_validate_parse: 4 callbacks suppressed [ 171.743270][T10281] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1240'. [ 171.845428][T10285] vlan3: entered promiscuous mode [ 171.855032][T10285] vlan3: entered allmulticast mode [ 171.886760][T10285] hsr_slave_1: entered allmulticast mode [ 171.967702][T10295] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 172.193294][T10311] syzkaller0: entered promiscuous mode [ 172.198913][T10311] syzkaller0: entered allmulticast mode [ 172.249248][T10316] netlink: 'syz.4.1250': attribute type 23 has an invalid length. [ 172.280234][T10316] netlink: 112 bytes leftover after parsing attributes in process `syz.4.1250'. [ 172.854684][T10346] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1255'. [ 172.866067][T10344] netlink: 120 bytes leftover after parsing attributes in process `syz.1.1256'. [ 172.875134][T10344] netlink: 'syz.1.1256': attribute type 1 has an invalid length. [ 172.898454][T10344] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1256'. [ 172.927223][T10352] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1259'. [ 173.007555][T10354] netlink: 212344 bytes leftover after parsing attributes in process `syz.3.1258'. [ 173.156978][T10368] netlink: 'syz.1.1262': attribute type 1 has an invalid length. [ 173.214468][T10370] bond8: entered promiscuous mode [ 173.221797][T10370] bond8: entered allmulticast mode [ 173.234518][T10367] syzkaller0: entered promiscuous mode [ 173.264905][T10367] syzkaller0: entered allmulticast mode [ 173.291585][T10373] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.1264'. [ 173.306085][T10373] netlink: Conntrack attr has 3 unknown bytes [ 173.767578][T10395] netlink: 120 bytes leftover after parsing attributes in process `syz.3.1272'. [ 173.797357][T10395] netlink: 'syz.3.1272': attribute type 1 has an invalid length. [ 173.805130][T10395] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1272'. [ 173.840416][T10406] netlink: 'syz.2.1276': attribute type 30 has an invalid length. [ 173.974190][T10417] netlink: 'syz.1.1277': attribute type 1 has an invalid length. [ 173.988583][T10417] ip_tunnel: non-ECT from 2.0.0.0 with TOS=0x3 [ 174.051633][T10406] bond4: option arp_missed_max: invalid value (0) [ 174.065798][T10406] bond4: option arp_missed_max: allowed values 1 - 255 [ 174.074849][T10406] bond4 (unregistering): Released all slaves [ 174.219970][T10427] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 174.252959][T10430] syzkaller0: entered promiscuous mode [ 174.259335][T10430] syzkaller0: entered allmulticast mode [ 174.701304][T10457] ipvlan2: entered allmulticast mode [ 174.712704][T10457] batadv_slave_1: entered allmulticast mode [ 174.722194][T10457] batman_adv: batadv0: Adding interface: ipvlan2 [ 174.729029][T10457] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 174.756824][T10457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.779478][T10457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.790395][T10457] batman_adv: batadv0: Interface activated: ipvlan2 [ 174.825304][T10462] netlink: 'syz.0.1288': attribute type 1 has an invalid length. [ 175.065494][T10478] netlink: 'syz.0.1293': attribute type 1 has an invalid length. [ 175.112867][T10478] 8021q: adding VLAN 0 to HW filter on device bond4 [ 175.137908][T10476] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 175.195183][T10488] bond4: (slave geneve2): making interface the new active one [ 175.212217][T10488] bond4: (slave geneve2): Enslaving as an active interface with an up link [ 175.457746][T10504] xfrm1: entered allmulticast mode [ 175.607936][T10519] netlink: 'syz.0.1305': attribute type 1 has an invalid length. [ 175.750428][T10519] 8021q: adding VLAN 0 to HW filter on device bond5 [ 175.779074][T10528] vlan5: entered allmulticast mode [ 175.784247][T10528] bond5: entered allmulticast mode [ 176.348348][T10566] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 176.360444][T10566] syzkaller0: entered promiscuous mode [ 176.366018][T10566] syzkaller0: entered allmulticast mode [ 176.453529][T10574] netlink: 'syz.4.1324': attribute type 19 has an invalid length. [ 177.256227][T10608] sock: sock_timestamping_bind_phc: sock not bind to device [ 177.407188][T10622] __nla_validate_parse: 10 callbacks suppressed [ 177.407205][T10622] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1337'. [ 177.452117][T10628] veth1_macvtap: left promiscuous mode [ 177.500635][T10632] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 177.728246][T10644] pim6reg1: entered promiscuous mode [ 177.734576][T10634] netlink: zone id is out of range [ 177.745158][T10644] pim6reg1: entered allmulticast mode [ 177.754915][T10634] netlink: zone id is out of range [ 177.769446][T10634] netlink: zone id is out of range [ 177.783057][T10634] netlink: zone id is out of range [ 177.815288][T10634] netlink: zone id is out of range [ 178.147489][T10676] netlink: 'syz.3.1353': attribute type 10 has an invalid length. [ 178.179750][T10676] team0: Device veth0_macvtap failed to register rx_handler [ 178.200386][T10673] syzkaller0: entered promiscuous mode [ 178.206093][T10673] syzkaller0: entered allmulticast mode [ 178.444347][T10698] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1360'. [ 178.893732][T10719] IPVS: set_ctl: invalid protocol: 58 172.20.20.187:20004 [ 178.929177][T10719] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1366'. [ 179.052256][T10727] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1371'. [ 179.076494][T10728] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1370'. [ 179.117481][T10728] bridge0: port 2(ipvlan2) entered blocking state [ 179.125698][T10728] bridge0: port 2(ipvlan2) entered disabled state [ 179.140658][T10728] ipvlan2: entered allmulticast mode [ 179.147356][T10728] bridge0: entered allmulticast mode [ 179.154994][T10728] ipvlan2: left allmulticast mode [ 179.198050][T10728] bridge0: left allmulticast mode [ 179.256088][T10742] syzkaller0: entered promiscuous mode [ 179.261877][T10742] syzkaller0: entered allmulticast mode [ 179.279384][T10743] netlink: 'syz.2.1376': attribute type 2 has an invalid length. [ 179.296311][T10743] netlink: 'syz.2.1376': attribute type 1 has an invalid length. [ 179.427996][T10752] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1378'. [ 179.473822][T10754] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1379'. [ 179.493539][T10754] net_ratelimit: 57 callbacks suppressed [ 179.493556][T10754] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 179.508275][T10752] xt_recent: Unsupported userspace flags (000000b1) [ 179.554678][T10758] netlink: 'syz.4.1380': attribute type 1 has an invalid length. [ 180.778650][T10758] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 180.779073][T10760] macsec0: entered promiscuous mode [ 180.792957][T10760] macsec0: entered allmulticast mode [ 180.808998][T10763] veth1_macvtap: entered promiscuous mode [ 180.814939][T10763] veth1_macvtap: entered allmulticast mode [ 180.821077][T10763] macsec0: left promiscuous mode [ 180.827432][T10763] macsec0: left allmulticast mode [ 180.832552][T10763] veth1_macvtap: left allmulticast mode [ 181.006453][T10783] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 181.024360][T10785] syzkaller0: entered promiscuous mode [ 181.041956][T10785] syzkaller0: entered allmulticast mode [ 181.164111][T10794] syzkaller0: entered promiscuous mode [ 181.169720][T10794] syzkaller0: entered allmulticast mode [ 181.181733][T10794] netlink: 'syz.3.1388': attribute type 83 has an invalid length. [ 181.296953][T10808] netlink: 'syz.0.1393': attribute type 21 has an invalid length. [ 181.306710][T10808] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1393'. [ 181.329601][ T3449] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 181.338760][T10808] netlink: 'syz.0.1393': attribute type 21 has an invalid length. [ 181.350980][ T3449] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 181.359890][T10808] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1393'. [ 181.369682][ T3449] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 181.383106][ T3449] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 181.422586][T10812] syzkaller0: entered promiscuous mode [ 181.432063][T10812] syzkaller0: entered allmulticast mode [ 181.594929][T10828] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1396'. [ 181.625665][T10828] netlink: 'syz.4.1396': attribute type 7 has an invalid length. [ 181.838956][T10839] tipc: Started in network mode [ 181.848789][T10839] tipc: Node identity ac14140f, cluster identity 4711 [ 181.866563][T10839] tipc: New replicast peer: 255.255.255.255 [ 181.873072][T10839] tipc: Enabled bearer , priority 10 [ 181.931119][T10841] vlan5: entered allmulticast mode [ 181.944241][T10841] geneve1: entered allmulticast mode [ 182.088217][T10851] netlink: 'syz.4.1408': attribute type 1 has an invalid length. [ 182.152597][T10851] 8021q: adding VLAN 0 to HW filter on device bond5 [ 182.183065][T10851] vlan4: entered allmulticast mode [ 182.287796][T10851] bond5: entered allmulticast mode [ 182.654101][T10876] __nla_validate_parse: 4 callbacks suppressed [ 182.654118][T10876] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1415'. [ 183.000086][ T5911] tipc: Node number set to 2886997007 [ 183.068005][T10900] FAULT_INJECTION: forcing a failure. [ 183.068005][T10900] name failslab, interval 1, probability 0, space 0, times 0 [ 183.080726][T10900] CPU: 0 UID: 0 PID: 10900 Comm: syz.0.1422 Not tainted syzkaller #0 PREEMPT(full) [ 183.080752][T10900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 183.080763][T10900] Call Trace: [ 183.080770][T10900] [ 183.080779][T10900] dump_stack_lvl+0xe8/0x150 [ 183.080807][T10900] should_fail_ex+0x412/0x560 [ 183.080834][T10900] should_failslab+0xa8/0x100 [ 183.080856][T10900] kmem_cache_alloc_noprof+0x87/0x6e0 [ 183.080883][T10900] ? skb_clone+0x212/0x3a0 [ 183.080912][T10900] skb_clone+0x212/0x3a0 [ 183.080939][T10900] bpf_clone_redirect+0x16a/0x4b0 [ 183.080968][T10900] ? bpf_test_run+0x1d1/0x830 [ 183.080986][T10900] bpf_prog_e4907c0d029eaf1c+0x22/0x2a [ 183.081003][T10900] bpf_test_run+0x354/0x830 [ 183.081049][T10900] ? __pfx_bpf_test_run+0x10/0x10 [ 183.081078][T10900] ? csum_partial+0x239/0x2c0 [ 183.081117][T10900] ? convert___skb_to_skb+0x3d/0x5b0 [ 183.081138][T10900] bpf_prog_test_run_skb+0xd66/0x1d50 [ 183.081168][T10900] ? __fget_files+0x2a/0x420 [ 183.081186][T10900] ? __fget_files+0x3a0/0x420 [ 183.081204][T10900] ? __fget_files+0x2a/0x420 [ 183.081229][T10900] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 183.081248][T10900] bpf_prog_test_run+0x2c7/0x340 [ 183.081272][T10900] __sys_bpf+0x5cb/0x920 [ 183.081293][T10900] ? __pfx___sys_bpf+0x10/0x10 [ 183.081327][T10900] ? ksys_write+0x242/0x270 [ 183.081355][T10900] ? __pfx_ksys_write+0x10/0x10 [ 183.081388][T10900] __x64_sys_bpf+0x7c/0x90 [ 183.081415][T10900] do_syscall_64+0xe2/0xf80 [ 183.081433][T10900] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.081451][T10900] ? trace_irq_disable+0x37/0x100 [ 183.081468][T10900] ? clear_bhb_loop+0x60/0xb0 [ 183.081490][T10900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.081509][T10900] RIP: 0033:0x7f860c99aeb9 [ 183.081525][T10900] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 183.081541][T10900] RSP: 002b:00007f860d82e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 183.081561][T10900] RAX: ffffffffffffffda RBX: 00007f860cc15fa0 RCX: 00007f860c99aeb9 [ 183.081575][T10900] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a [ 183.081587][T10900] RBP: 00007f860d82e090 R08: 0000000000000000 R09: 0000000000000000 [ 183.081599][T10900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 183.081610][T10900] R13: 00007f860cc16038 R14: 00007f860cc15fa0 R15: 00007ffc16df36a8 [ 183.081641][T10900] [ 183.465706][T10911] netlink: 'syz.1.1424': attribute type 1 has an invalid length. [ 183.494018][T10914] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1427'. [ 183.570940][T10911] 8021q: adding VLAN 0 to HW filter on device bond9 [ 183.637040][T10922] vlan5: entered allmulticast mode [ 183.644684][T10922] bond9: entered allmulticast mode [ 183.664883][T10926] netlink: 'syz.0.1430': attribute type 1 has an invalid length. [ 183.952965][T10945] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1434'. [ 183.963988][T10942] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1434'. [ 184.007623][T10940] syzkaller0: entered promiscuous mode [ 184.013140][T10940] syzkaller0: entered allmulticast mode [ 184.017734][T10951] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1440'. [ 184.440469][T10978] netlink: 'syz.2.1448': attribute type 1 has an invalid length. [ 184.534453][T10981] bond4: entered promiscuous mode [ 184.547230][T10983] netlink: 'syz.0.1449': attribute type 1 has an invalid length. [ 184.561871][T10981] bond4: entered allmulticast mode [ 184.647242][T10983] 8021q: adding VLAN 0 to HW filter on device bond7 [ 184.693519][T10989] vlan5: entered allmulticast mode [ 184.702577][T10994] netlink: 'syz.3.1454': attribute type 23 has an invalid length. [ 184.716173][T10989] bond7: entered allmulticast mode [ 184.795784][T11001] netlink: 'syz.1.1455': attribute type 1 has an invalid length. [ 184.926441][T11001] 8021q: adding VLAN 0 to HW filter on device bond10 [ 184.960967][T11005] : entered promiscuous mode [ 184.997303][T11013] vlan5: entered allmulticast mode [ 185.033426][T11013] bond10: entered allmulticast mode [ 185.099276][T11017] IPv6: sit1: Disabled Multicast RS [ 185.117682][T11017] sit1: entered allmulticast mode [ 185.126333][ T30] audit: type=1804 audit(1769434649.108:2): pid=11024 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1457" name="/newroot/261/cgroup.controllers" dev="tmpfs" ino=1343 res=1 errno=0 [ 185.173340][ T30] audit: type=1800 audit(1769434649.108:3): pid=11020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1457" name="cgroup.controllers" dev="tmpfs" ino=1343 res=0 errno=0 [ 185.197776][ T30] audit: type=1800 audit(1769434649.118:4): pid=11024 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1457" name="cgroup.controllers" dev="tmpfs" ino=1343 res=0 errno=0 [ 185.294177][T11029] ip6gre1: entered allmulticast mode [ 185.413031][T11040] FAULT_INJECTION: forcing a failure. [ 185.413031][T11040] name failslab, interval 1, probability 0, space 0, times 0 [ 185.425724][T11040] CPU: 1 UID: 0 PID: 11040 Comm: syz.3.1461 Not tainted syzkaller #0 PREEMPT(full) [ 185.425748][T11040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 185.425757][T11040] Call Trace: [ 185.425771][T11040] [ 185.425778][T11040] dump_stack_lvl+0xe8/0x150 [ 185.425805][T11040] should_fail_ex+0x412/0x560 [ 185.425832][T11040] should_failslab+0xa8/0x100 [ 185.425852][T11040] kmem_cache_alloc_noprof+0x87/0x6e0 [ 185.425878][T11040] ? skb_clone+0x212/0x3a0 [ 185.425905][T11040] skb_clone+0x212/0x3a0 [ 185.425930][T11040] bpf_clone_redirect+0x16a/0x4b0 [ 185.425957][T11040] ? bpf_test_run+0x1d1/0x830 [ 185.425975][T11040] bpf_prog_4653d16e8163849f+0x22/0x2a [ 185.425993][T11040] bpf_test_run+0x354/0x830 [ 185.426031][T11040] ? __pfx_bpf_test_run+0x10/0x10 [ 185.426061][T11040] ? csum_partial+0x239/0x2c0 [ 185.426097][T11040] ? convert___skb_to_skb+0x3d/0x5b0 [ 185.426117][T11040] bpf_prog_test_run_skb+0xd66/0x1d50 [ 185.426147][T11040] ? __fget_files+0x2a/0x420 [ 185.426167][T11040] ? __fget_files+0x3a0/0x420 [ 185.426184][T11040] ? __fget_files+0x2a/0x420 [ 185.426209][T11040] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 185.426228][T11040] bpf_prog_test_run+0x2c7/0x340 [ 185.426252][T11040] __sys_bpf+0x5cb/0x920 [ 185.426272][T11040] ? __pfx___sys_bpf+0x10/0x10 [ 185.426302][T11040] ? ksys_write+0x242/0x270 [ 185.426330][T11040] ? __pfx_ksys_write+0x10/0x10 [ 185.426361][T11040] __x64_sys_bpf+0x7c/0x90 [ 185.426386][T11040] do_syscall_64+0xe2/0xf80 [ 185.426404][T11040] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.426421][T11040] ? trace_irq_disable+0x37/0x100 [ 185.426438][T11040] ? clear_bhb_loop+0x60/0xb0 [ 185.426459][T11040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.426477][T11040] RIP: 0033:0x7f658a99aeb9 [ 185.426494][T11040] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 185.426509][T11040] RSP: 002b:00007f6588bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 185.426528][T11040] RAX: ffffffffffffffda RBX: 00007f658ac15fa0 RCX: 00007f658a99aeb9 [ 185.426541][T11040] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a [ 185.426553][T11040] RBP: 00007f6588bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 185.426564][T11040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 185.426575][T11040] R13: 00007f658ac16038 R14: 00007f658ac15fa0 R15: 00007ffcc7ed2f78 [ 185.426606][T11040] [ 185.429827][T11041] FAULT_INJECTION: forcing a failure. [ 185.429827][T11041] name failslab, interval 1, probability 0, space 0, times 0 [ 185.466855][T11042] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1463'. [ 185.469544][T11041] CPU: 1 UID: 0 PID: 11041 Comm: syz.0.1462 Not tainted syzkaller #0 PREEMPT(full) [ 185.469569][T11041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 185.469580][T11041] Call Trace: [ 185.469588][T11041] [ 185.469596][T11041] dump_stack_lvl+0xe8/0x150 [ 185.469624][T11041] should_fail_ex+0x412/0x560 [ 185.469650][T11041] should_failslab+0xa8/0x100 [ 185.469672][T11041] kmem_cache_alloc_noprof+0x87/0x6e0 [ 185.469699][T11041] ? skb_clone+0x212/0x3a0 [ 185.469726][T11041] skb_clone+0x212/0x3a0 [ 185.469752][T11041] bpf_clone_redirect+0x16a/0x4b0 [ 185.469785][T11041] ? bpf_test_run+0x1d1/0x830 [ 185.469802][T11041] bpf_prog_e4907c0d029eaf1c+0x22/0x2a [ 185.469819][T11041] bpf_test_run+0x354/0x830 [ 185.469857][T11041] ? __pfx_bpf_test_run+0x10/0x10 [ 185.469885][T11041] ? csum_partial+0x239/0x2c0 [ 185.469921][T11041] ? convert___skb_to_skb+0x3d/0x5b0 [ 185.469940][T11041] bpf_prog_test_run_skb+0xd66/0x1d50 [ 185.469970][T11041] ? __fget_files+0x2a/0x420 [ 185.469988][T11041] ? __fget_files+0x3a0/0x420 [ 185.470004][T11041] ? __fget_files+0x2a/0x420 [ 185.470028][T11041] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 185.470046][T11041] bpf_prog_test_run+0x2c7/0x340 [ 185.470069][T11041] __sys_bpf+0x5cb/0x920 [ 185.470089][T11041] ? __pfx___sys_bpf+0x10/0x10 [ 185.470120][T11041] ? ksys_write+0x242/0x270 [ 185.470147][T11041] ? __pfx_ksys_write+0x10/0x10 [ 185.470178][T11041] __x64_sys_bpf+0x7c/0x90 [ 185.470204][T11041] do_syscall_64+0xe2/0xf80 [ 185.470221][T11041] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.470238][T11041] ? trace_irq_disable+0x37/0x100 [ 185.470255][T11041] ? clear_bhb_loop+0x60/0xb0 [ 185.470275][T11041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.470292][T11041] RIP: 0033:0x7f860c99aeb9 [ 185.470309][T11041] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 185.470324][T11041] RSP: 002b:00007f860d82e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 185.470343][T11041] RAX: ffffffffffffffda RBX: 00007f860cc15fa0 RCX: 00007f860c99aeb9 [ 185.470356][T11041] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a [ 185.470368][T11041] RBP: 00007f860d82e090 R08: 0000000000000000 R09: 0000000000000000 [ 185.470379][T11041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 185.470389][T11041] R13: 00007f860cc16038 R14: 00007f860cc15fa0 R15: 00007ffc16df36a8 [ 185.470419][T11041] [ 185.594287][T11045] netlink: 'syz.1.1464': attribute type 1 has an invalid length. [ 185.680056][T11048] geneve3: entered promiscuous mode [ 185.816886][T11045] netlink: 'syz.1.1464': attribute type 3 has an invalid length. [ 185.820621][ T1164] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20002 - 0 [ 185.844633][T11045] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1464'. [ 185.896734][ T1164] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20002 - 0 [ 186.048936][ T1164] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20002 - 0 [ 186.102615][ T1164] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20002 - 0 [ 186.217637][T11067] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1468'. [ 186.234571][T11067] unsupported nlmsg_type 40 [ 186.242521][T11068] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.1472'. [ 186.348150][T11070] 8021q: adding VLAN 0 to HW filter on device bond6 [ 186.442672][T11075] bond6: (slave veth0_to_bond): making interface the new active one [ 186.463427][T11075] bond6: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 186.567712][T11070] 8021q: adding VLAN 0 to HW filter on device bond7 [ 186.577234][T11070] bond6: (slave bond7): Enslaving as an active interface with a down link [ 186.627847][T11084] netlink: 120 bytes leftover after parsing attributes in process `syz.3.1476'. [ 186.965688][T11084] validate_nla: 1 callbacks suppressed [ 186.965707][T11084] netlink: 'syz.3.1476': attribute type 1 has an invalid length. [ 186.996543][T11070] netlink: 'syz.4.1473': attribute type 2 has an invalid length. [ 187.005389][T11070] netlink: 'syz.4.1473': attribute type 3 has an invalid length. [ 187.047134][T11070] netlink: 'syz.4.1473': attribute type 3 has an invalid length. [ 187.235216][T11115] syzkaller0: entered promiscuous mode [ 187.242293][T11115] syzkaller0: entered allmulticast mode [ 187.672773][T11138] netlink: 'syz.2.1490': attribute type 2 has an invalid length. [ 187.686189][T11138] __nla_validate_parse: 2 callbacks suppressed [ 187.686207][T11138] netlink: 232 bytes leftover after parsing attributes in process `syz.2.1490'. [ 187.872170][T11155] netlink: 'syz.4.1496': attribute type 4 has an invalid length. [ 187.906437][T11157] netlink: 'syz.3.1495': attribute type 1 has an invalid length. [ 188.012083][T11165] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.1499'. [ 188.034879][T11163] 8021q: adding VLAN 0 to HW filter on device bond9 [ 188.047451][T11163] bond8: (slave bond9): making interface the new active one [ 188.055405][T11163] bond8: (slave bond9): Enslaving as an active interface with an up link [ 188.075426][T11169] 8021q: VLANs not supported on ip6_vti0 [ 188.110201][T11172] openvswitch: netlink: IP tunnel dst address not specified [ 188.271758][T11188] netlink: 'syz.0.1505': attribute type 1 has an invalid length. [ 188.328906][T11188] 8021q: adding VLAN 0 to HW filter on device bond8 [ 188.353958][T11188] vlan5: entered allmulticast mode [ 188.361311][T11188] bond8: entered allmulticast mode [ 188.530369][T11197] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.1507'. [ 188.589536][T11199] netlink: 207952 bytes leftover after parsing attributes in process `syz.0.1509'. [ 188.707702][T11212] netlink: 'syz.1.1512': attribute type 1 has an invalid length. [ 188.773376][T11212] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1512'. [ 188.856930][T11225] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1517'. [ 189.118606][T11245] IPv6: sit2: Disabled Multicast RS [ 189.132833][T11251] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1524'. [ 189.136573][T11245] sit2: entered allmulticast mode [ 189.184692][T11255] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1524'. [ 189.383899][T11265] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1532'. [ 189.403423][T11265] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1532'. [ 189.447916][T11110] netdevsim netdevsim1 netdevsim0: set [1, 2] type 2 family 0 port 20000 - 0 [ 189.463436][T11110] netdevsim netdevsim1 netdevsim1: set [1, 2] type 2 family 0 port 20000 - 0 [ 189.480632][T11110] netdevsim netdevsim1 netdevsim2: set [1, 2] type 2 family 0 port 20000 - 0 [ 189.519594][T11110] netdevsim netdevsim1 netdevsim3: set [1, 2] type 2 family 0 port 20000 - 0 [ 190.340612][T11323] netlink: 'syz.1.1551': attribute type 1 has an invalid length. [ 190.555446][T11339] ipt_ECN: cannot use operation on non-tcp rule [ 190.574597][T11339] tipc: Failed to obtain node identity [ 190.596199][T11339] tipc: Enabling of bearer rejected, failed to enable media [ 190.873729][T11352] syzkaller0: entered promiscuous mode [ 190.879948][T11352] syzkaller0: entered allmulticast mode [ 191.152200][T11368] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 192.473043][T11401] vxcan1 speed is unknown, defaulting to 1000 [ 192.479131][T11408] validate_nla: 1 callbacks suppressed [ 192.479149][T11408] netlink: 'syz.3.1577': attribute type 1 has an invalid length. [ 192.583062][T11414] netlink: 'syz.2.1580': attribute type 21 has an invalid length. [ 192.691158][T11408] 8021q: adding VLAN 0 to HW filter on device bond10 [ 192.716607][T11427] netlink: 'syz.0.1578': attribute type 18 has an invalid length. [ 192.731657][T11414] __nla_validate_parse: 9 callbacks suppressed [ 192.731674][T11414] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1580'. [ 192.759607][T11421] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1578'. [ 193.021401][T11440] Cannot find add_set index 0 as target [ 193.395781][T11458] netlink: 'syz.3.1592': attribute type 1 has an invalid length. [ 193.520253][T11458] 8021q: adding VLAN 0 to HW filter on device bond11 [ 193.546699][T11465] netlink: 'syz.1.1594': attribute type 1 has an invalid length. [ 193.641977][T11463] vlan5: entered allmulticast mode [ 193.670694][T11463] bond11: entered allmulticast mode [ 193.752898][T11465] 8021q: adding VLAN 0 to HW filter on device bond12 [ 193.876910][T11475] syzkaller0: entered promiscuous mode [ 193.882556][T11475] syzkaller0: entered allmulticast mode [ 193.918576][T11475] netlink: 212360 bytes leftover after parsing attributes in process `syz.4.1596'. [ 193.960494][T11485] ip6gre1: entered promiscuous mode [ 193.966381][T11485] ip6gre1: entered allmulticast mode [ 194.034201][T11477] vxcan1 speed is unknown, defaulting to 1000 [ 194.083954][T11493] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1602'. [ 194.102986][T11495] erspan0: entered promiscuous mode [ 194.135654][T11495] erspan0: entered allmulticast mode [ 194.160056][T11493] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1602'. [ 194.186134][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.193775][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.291436][T11501] FAULT_INJECTION: forcing a failure. [ 194.291436][T11501] name failslab, interval 1, probability 0, space 0, times 0 [ 194.304143][T11501] CPU: 0 UID: 0 PID: 11501 Comm: syz.1.1605 Not tainted syzkaller #0 PREEMPT(full) [ 194.304167][T11501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 194.304177][T11501] Call Trace: [ 194.304184][T11501] [ 194.304192][T11501] dump_stack_lvl+0xe8/0x150 [ 194.304219][T11501] should_fail_ex+0x412/0x560 [ 194.304245][T11501] should_failslab+0xa8/0x100 [ 194.304266][T11501] kmem_cache_alloc_noprof+0x87/0x6e0 [ 194.304293][T11501] ? skb_clone+0x212/0x3a0 [ 194.304321][T11501] skb_clone+0x212/0x3a0 [ 194.304348][T11501] bpf_clone_redirect+0x16a/0x4b0 [ 194.304377][T11501] ? bpf_test_run+0x1d1/0x830 [ 194.304394][T11501] bpf_prog_4653d16e8163849f+0x22/0x2a [ 194.304412][T11501] bpf_test_run+0x354/0x830 [ 194.304450][T11501] ? __pfx_bpf_test_run+0x10/0x10 [ 194.304478][T11501] ? csum_partial+0x239/0x2c0 [ 194.304515][T11501] ? convert___skb_to_skb+0x3d/0x5b0 [ 194.304534][T11501] bpf_prog_test_run_skb+0xd66/0x1d50 [ 194.304564][T11501] ? __fget_files+0x2a/0x420 [ 194.304583][T11501] ? __fget_files+0x3a0/0x420 [ 194.304600][T11501] ? __fget_files+0x2a/0x420 [ 194.304624][T11501] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 194.304642][T11501] bpf_prog_test_run+0x2c7/0x340 [ 194.304666][T11501] __sys_bpf+0x5cb/0x920 [ 194.304686][T11501] ? __pfx___sys_bpf+0x10/0x10 [ 194.304720][T11501] ? ksys_write+0x242/0x270 [ 194.304747][T11501] ? __pfx_ksys_write+0x10/0x10 [ 194.304780][T11501] __x64_sys_bpf+0x7c/0x90 [ 194.304806][T11501] do_syscall_64+0xe2/0xf80 [ 194.304825][T11501] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.304843][T11501] ? trace_irq_disable+0x37/0x100 [ 194.304867][T11501] ? clear_bhb_loop+0x60/0xb0 [ 194.304889][T11501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.304906][T11501] RIP: 0033:0x7f668459aeb9 [ 194.304923][T11501] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 194.304939][T11501] RSP: 002b:00007f668538b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 194.304958][T11501] RAX: ffffffffffffffda RBX: 00007f6684815fa0 RCX: 00007f668459aeb9 [ 194.304972][T11501] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a [ 194.304984][T11501] RBP: 00007f668538b090 R08: 0000000000000000 R09: 0000000000000000 [ 194.304995][T11501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 194.305006][T11501] R13: 00007f6684816038 R14: 00007f6684815fa0 R15: 00007ffecc275418 [ 194.305034][T11501] [ 194.739680][T11514] FAULT_INJECTION: forcing a failure. [ 194.739680][T11514] name failslab, interval 1, probability 0, space 0, times 0 [ 194.752391][T11514] CPU: 0 UID: 0 PID: 11514 Comm: syz.3.1610 Not tainted syzkaller #0 PREEMPT(full) [ 194.752413][T11514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 194.752422][T11514] Call Trace: [ 194.752429][T11514] [ 194.752436][T11514] dump_stack_lvl+0xe8/0x150 [ 194.752462][T11514] should_fail_ex+0x412/0x560 [ 194.752490][T11514] should_failslab+0xa8/0x100 [ 194.752511][T11514] kmem_cache_alloc_noprof+0x87/0x6e0 [ 194.752537][T11514] ? skb_clone+0x212/0x3a0 [ 194.752563][T11514] skb_clone+0x212/0x3a0 [ 194.752588][T11514] bpf_clone_redirect+0x16a/0x4b0 [ 194.752614][T11514] ? bpf_test_run+0x1d1/0x830 [ 194.752631][T11514] bpf_prog_cbaa716d5e7dde70+0x5f/0x68 [ 194.752650][T11514] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 194.752684][T11514] ? __pfx___schedule+0x10/0x10 [ 194.752707][T11514] ? ktime_get+0x45/0x200 [ 194.752736][T11514] ? preempt_schedule_thunk+0x16/0x30 [ 194.752762][T11514] ? preempt_schedule_common+0x82/0xd0 [ 194.752775][T11514] ? bpf_test_run+0x1d1/0x830 [ 194.752790][T11514] ? bpf_test_timer_continue+0x10c/0x320 [ 194.752808][T11514] bpf_test_run+0x354/0x830 [ 194.752843][T11514] ? __pfx_bpf_test_run+0x10/0x10 [ 194.752868][T11514] ? __kasan_krealloc+0xeb/0x110 [ 194.752883][T11514] ? eth_type_trans+0x35e/0x6d0 [ 194.752903][T11514] ? bpf_prog_test_run_skb+0x889/0x1d50 [ 194.752916][T11514] ? convert___skb_to_skb+0x3d/0x5b0 [ 194.752932][T11514] bpf_prog_test_run_skb+0xd66/0x1d50 [ 194.752954][T11514] ? __fget_files+0x2a/0x420 [ 194.752969][T11514] ? __fget_files+0x3a0/0x420 [ 194.752983][T11514] ? __fget_files+0x2a/0x420 [ 194.753001][T11514] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 194.753016][T11514] bpf_prog_test_run+0x2c7/0x340 [ 194.753034][T11514] __sys_bpf+0x5cb/0x920 [ 194.753050][T11514] ? __pfx___sys_bpf+0x10/0x10 [ 194.753076][T11514] ? ksys_write+0x242/0x270 [ 194.753097][T11514] ? __pfx_ksys_write+0x10/0x10 [ 194.753122][T11514] __x64_sys_bpf+0x7c/0x90 [ 194.753142][T11514] do_syscall_64+0xe2/0xf80 [ 194.753156][T11514] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.753170][T11514] ? trace_irq_disable+0x37/0x100 [ 194.753184][T11514] ? clear_bhb_loop+0x60/0xb0 [ 194.753200][T11514] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.753214][T11514] RIP: 0033:0x7f658a99aeb9 [ 194.753227][T11514] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 194.753239][T11514] RSP: 002b:00007f6588bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 194.753256][T11514] RAX: ffffffffffffffda RBX: 00007f658ac15fa0 RCX: 00007f658a99aeb9 [ 194.753267][T11514] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 000000000000000a [ 194.753276][T11514] RBP: 00007f6588bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 194.753285][T11514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 194.753294][T11514] R13: 00007f658ac16038 R14: 00007f658ac15fa0 R15: 00007ffcc7ed2f78 [ 194.753317][T11514] [ 195.086506][T11518] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1609'. [ 195.268890][T11524] can: request_module (can-proto-3) failed. [ 195.289786][T11534] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 195.346133][T11533] openvswitch: netlink: Unexpected mask (mask=200240, allowed=10048) [ 195.401171][T11528] tipc: Enabling of bearer rejected, failed to enable media [ 195.482569][T11545] FAULT_INJECTION: forcing a failure. [ 195.482569][T11545] name failslab, interval 1, probability 0, space 0, times 0 [ 195.495276][T11545] CPU: 0 UID: 0 PID: 11545 Comm: syz.0.1618 Not tainted syzkaller #0 PREEMPT(full) [ 195.495300][T11545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 195.495312][T11545] Call Trace: [ 195.495319][T11545] [ 195.495327][T11545] dump_stack_lvl+0xe8/0x150 [ 195.495356][T11545] should_fail_ex+0x412/0x560 [ 195.495383][T11545] should_failslab+0xa8/0x100 [ 195.495406][T11545] kmem_cache_alloc_noprof+0x87/0x6e0 [ 195.495433][T11545] ? skb_clone+0x212/0x3a0 [ 195.495468][T11545] skb_clone+0x212/0x3a0 [ 195.495495][T11545] bpf_clone_redirect+0x16a/0x4b0 [ 195.495525][T11545] ? bpf_test_run+0x1d1/0x830 [ 195.495542][T11545] bpf_prog_4653d16e8163849f+0x22/0x2a [ 195.495558][T11545] bpf_test_run+0x354/0x830 [ 195.495591][T11545] ? __pfx_bpf_test_run+0x10/0x10 [ 195.495620][T11545] ? csum_partial+0x239/0x2c0 [ 195.495658][T11545] ? convert___skb_to_skb+0x3d/0x5b0 [ 195.495679][T11545] bpf_prog_test_run_skb+0xd66/0x1d50 [ 195.495709][T11545] ? __fget_files+0x2a/0x420 [ 195.495728][T11545] ? __fget_files+0x3a0/0x420 [ 195.495746][T11545] ? __fget_files+0x2a/0x420 [ 195.495770][T11545] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 195.495789][T11545] bpf_prog_test_run+0x2c7/0x340 [ 195.495813][T11545] __sys_bpf+0x5cb/0x920 [ 195.495834][T11545] ? __pfx___sys_bpf+0x10/0x10 [ 195.495868][T11545] ? ksys_write+0x242/0x270 [ 195.495895][T11545] ? __pfx_ksys_write+0x10/0x10 [ 195.495928][T11545] __x64_sys_bpf+0x7c/0x90 [ 195.495955][T11545] do_syscall_64+0xe2/0xf80 [ 195.495973][T11545] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.495990][T11545] ? trace_irq_disable+0x37/0x100 [ 195.496007][T11545] ? clear_bhb_loop+0x60/0xb0 [ 195.496029][T11545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.496046][T11545] RIP: 0033:0x7f860c99aeb9 [ 195.496063][T11545] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 195.496078][T11545] RSP: 002b:00007f860d82e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 195.496098][T11545] RAX: ffffffffffffffda RBX: 00007f860cc15fa0 RCX: 00007f860c99aeb9 [ 195.496111][T11545] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a [ 195.496123][T11545] RBP: 00007f860d82e090 R08: 0000000000000000 R09: 0000000000000000 [ 195.496135][T11545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 195.496145][T11545] R13: 00007f860cc16038 R14: 00007f860cc15fa0 R15: 00007ffc16df36a8 [ 195.496177][T11545] [ 195.749034][T11542] netlink: 120 bytes leftover after parsing attributes in process `syz.4.1617'. [ 195.762640][T11542] netlink: 'syz.4.1617': attribute type 1 has an invalid length. [ 195.811247][T11549] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.1619'. [ 195.826770][T11542] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1617'. [ 195.940423][T11549] bridge_slave_0: left allmulticast mode [ 195.950356][T11549] bridge_slave_0: left promiscuous mode [ 195.962970][T11549] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.973650][T11549] bridge_slave_1: left allmulticast mode [ 195.979713][T11549] bridge_slave_1: left promiscuous mode [ 196.000710][T11549] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.047384][T11549] bond0: (slave bond_slave_0): Releasing backup interface [ 196.061528][T11549] bond0: (slave bond_slave_1): Releasing backup interface [ 196.092786][T11549] team0: Port device team_slave_0 removed [ 196.128828][T11549] team0: Port device team_slave_1 removed [ 196.135244][T11549] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 196.156297][T11549] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 196.165252][T11549] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 196.258714][ T5847] Bluetooth: hci2: command 0x0401 tx timeout [ 196.264789][ T5832] Bluetooth: hci3: command 0x0406 tx timeout [ 196.271013][ T5836] Bluetooth: hci1: command 0x0406 tx timeout [ 196.297974][T11567] vxcan1 speed is unknown, defaulting to 1000 [ 196.481908][T11585] syzkaller0: entered promiscuous mode [ 196.487836][T11585] syzkaller0: entered allmulticast mode [ 196.691324][T11594] netlink: 'syz.3.1632': attribute type 1 has an invalid length. [ 196.860919][T11609] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1638'. [ 196.913000][T11610] x_tables: unsorted underflow at hook 3 [ 197.258037][T11635] netlink: 'syz.2.1643': attribute type 1 has an invalid length. [ 197.320886][T11631] veth9: entered allmulticast mode [ 197.340695][T11633] veth1_to_bond: entered allmulticast mode [ 197.377987][ T5846] Bluetooth: hci4: command 0x0405 tx timeout [ 197.423489][T11635] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 197.430182][T11632] veth1_to_bond: left allmulticast mode [ 197.570434][T11650] FAULT_INJECTION: forcing a failure. [ 197.570434][T11650] name failslab, interval 1, probability 0, space 0, times 0 [ 197.583136][T11650] CPU: 0 UID: 0 PID: 11650 Comm: syz.0.1648 Not tainted syzkaller #0 PREEMPT(full) [ 197.583159][T11650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 197.583169][T11650] Call Trace: [ 197.583176][T11650] [ 197.583184][T11650] dump_stack_lvl+0xe8/0x150 [ 197.583211][T11650] should_fail_ex+0x412/0x560 [ 197.583238][T11650] should_failslab+0xa8/0x100 [ 197.583259][T11650] kmem_cache_alloc_noprof+0x87/0x6e0 [ 197.583286][T11650] ? skb_clone+0x212/0x3a0 [ 197.583314][T11650] skb_clone+0x212/0x3a0 [ 197.583340][T11650] bpf_clone_redirect+0x16a/0x4b0 [ 197.583368][T11650] ? bpf_test_run+0x1d1/0x830 [ 197.583385][T11650] bpf_prog_4653d16e8163849f+0x22/0x2a [ 197.583402][T11650] bpf_test_run+0x354/0x830 [ 197.583440][T11650] ? __pfx_bpf_test_run+0x10/0x10 [ 197.583468][T11650] ? csum_partial+0x239/0x2c0 [ 197.583506][T11650] ? convert___skb_to_skb+0x3d/0x5b0 [ 197.583527][T11650] bpf_prog_test_run_skb+0xd66/0x1d50 [ 197.583562][T11650] ? __fget_files+0x2a/0x420 [ 197.583578][T11650] ? __fget_files+0x3a0/0x420 [ 197.583593][T11650] ? __fget_files+0x2a/0x420 [ 197.583612][T11650] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 197.583629][T11650] bpf_prog_test_run+0x2c7/0x340 [ 197.583652][T11650] __sys_bpf+0x5cb/0x920 [ 197.583670][T11650] ? __pfx___sys_bpf+0x10/0x10 [ 197.583701][T11650] ? ksys_write+0x242/0x270 [ 197.583728][T11650] ? __pfx_ksys_write+0x10/0x10 [ 197.583760][T11650] __x64_sys_bpf+0x7c/0x90 [ 197.583786][T11650] do_syscall_64+0xe2/0xf80 [ 197.583804][T11650] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.583822][T11650] ? trace_irq_disable+0x37/0x100 [ 197.583838][T11650] ? clear_bhb_loop+0x60/0xb0 [ 197.583859][T11650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.583877][T11650] RIP: 0033:0x7f860c99aeb9 [ 197.583894][T11650] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 197.583909][T11650] RSP: 002b:00007f860d82e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 197.583929][T11650] RAX: ffffffffffffffda RBX: 00007f860cc15fa0 RCX: 00007f860c99aeb9 [ 197.583942][T11650] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a [ 197.583954][T11650] RBP: 00007f860d82e090 R08: 0000000000000000 R09: 0000000000000000 [ 197.583966][T11650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 197.583977][T11650] R13: 00007f860cc16038 R14: 00007f860cc15fa0 R15: 00007ffc16df36a8 [ 197.584007][T11650] [ 197.996966][T11652] vxcan1 speed is unknown, defaulting to 1000 [ 198.332047][T11680] syzkaller0: entered promiscuous mode [ 198.337985][T11680] syzkaller0: entered allmulticast mode [ 198.344703][T11683] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1659'. [ 198.499064][T11685] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1660'. [ 198.523564][T11685] netlink: 232 bytes leftover after parsing attributes in process `syz.1.1660'. [ 198.533704][T11685] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1660'. [ 198.598787][T11689] netlink: 'syz.0.1662': attribute type 1 has an invalid length. [ 200.138793][T11717] C: renamed from lo [ 200.152856][T11717] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 200.168642][T11722] netlink: 'syz.3.1674': attribute type 1 has an invalid length. [ 200.197864][T11722] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1674'. [ 200.218047][T11723] syzkaller0: entered promiscuous mode [ 200.223578][T11723] syzkaller0: entered allmulticast mode [ 200.564212][T11751] vxcan1 speed is unknown, defaulting to 1000 [ 200.619652][T11758] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1684'. [ 201.606646][T11801] netlink: 'syz.0.1696': attribute type 3 has an invalid length. [ 201.614415][T11801] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1696'. [ 201.724167][ T30] audit: type=1800 audit(1769434665.708:5): pid=11795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1694" name="memory.events" dev="tmpfs" ino=1776 res=0 errno=0 [ 201.823857][ T30] audit: type=1804 audit(1769434665.708:6): pid=11795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1694" name="/newroot/346/memory.events" dev="tmpfs" ino=1776 res=1 errno=0 [ 201.906146][T11813] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1699'. [ 201.944457][T11817] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1701'. [ 202.136121][T11825] syzkaller0: entered promiscuous mode [ 202.141753][T11825] syzkaller0: entered allmulticast mode [ 202.402989][T11846] syzkaller0: entered promiscuous mode [ 202.412207][T11846] syzkaller0: entered allmulticast mode [ 202.531207][T11858] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1710'. [ 202.742260][T11869] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 202.977589][T11890] syzkaller0: entered promiscuous mode [ 202.987169][T11890] syzkaller0: entered allmulticast mode [ 203.322200][T11910] netlink: 'syz.0.1722': attribute type 1 has an invalid length. [ 203.428548][T11918] netlink: 'syz.0.1724': attribute type 1 has an invalid length. [ 203.438884][T11918] workqueue: Failed to create a rescuer kthread for wq "bond9": -EINTR [ 203.573554][T11885] __nla_validate_parse: 4 callbacks suppressed [ 203.573577][T11885] netlink: 188 bytes leftover after parsing attributes in process `syz.4.1717'. [ 203.876304][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 203.888654][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 203.895470][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 203.920510][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 203.935493][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 203.944123][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 203.952049][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 203.983965][T11953] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1735'. [ 203.985877][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.007117][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.037631][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.068262][T11959] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1738'. [ 204.070620][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.099984][T11959] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1738'. [ 204.135596][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.142550][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.181873][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.210199][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.217647][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.224455][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.231903][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.244682][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.253185][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.258454][T11971] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1742'. [ 204.260333][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.278335][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.285205][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.295076][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.302033][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.307225][T11967] bond5 (unregistering): Released all slaves [ 204.309491][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.322539][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.322810][T11974] netlink: 'syz.4.1744': attribute type 1 has an invalid length. [ 204.329465][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.346581][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.353419][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.360691][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.368139][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.374945][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.381879][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.396595][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.403596][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.411889][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.441542][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.487826][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.515188][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.544582][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.558867][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.569009][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.580778][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.589143][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.596137][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.609398][T11985] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1747'. [ 204.609773][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.627943][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.634885][T11942] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20001 [ 204.636216][T11985] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1747'. [ 204.882577][T12004] syzkaller0: entered promiscuous mode [ 204.888348][T12004] syzkaller0: entered allmulticast mode [ 204.899444][T12004] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1752'. [ 205.077714][T11980] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 205.237332][T12014] tipc: Enabled bearer , priority 0 [ 205.244723][T12014] syzkaller0: entered promiscuous mode [ 205.250699][T12014] syzkaller0: entered allmulticast mode [ 205.277050][T12014] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 205.328114][T12014] tipc: Resetting bearer [ 205.418817][T12031] tipc: Resetting bearer [ 205.446634][T12037] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1761'. [ 205.476360][T12031] tipc: Disabling bearer [ 205.492620][T12043] netlink: 207952 bytes leftover after parsing attributes in process `syz.0.1763'. [ 206.473369][T12085] syzkaller0: entered promiscuous mode [ 206.488346][T12085] syzkaller0: entered allmulticast mode [ 206.894732][T12114] netlink: 'syz.3.1786': attribute type 1 has an invalid length. [ 207.096527][T12131] netlink: 'syz.1.1790': attribute type 11 has an invalid length. [ 207.135456][T12134] netlink: 'syz.3.1792': attribute type 5 has an invalid length. [ 207.159339][T12132] syzkaller0: entered promiscuous mode [ 207.164839][T12132] syzkaller0: entered allmulticast mode [ 207.308319][T12149] netlink: 'syz.3.1794': attribute type 1 has an invalid length. [ 207.393088][T12153] tc_dump_action: action bad kind [ 207.485000][T12153] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.570133][T12158] vlan3: entered allmulticast mode [ 207.598197][T12158] geneve1: entered allmulticast mode [ 207.725274][T12177] netlink: 'syz.2.1803': attribute type 1 has an invalid length. [ 207.872836][T12184] bond5: (slave gretap2): making interface the new active one [ 207.881887][T12184] bond5: (slave gretap2): Enslaving as an active interface with an up link [ 207.882437][T12187] xt_CT: You must specify a L4 protocol and not use inversions on it [ 207.943242][T12191] xt_CT: You must specify a L4 protocol and not use inversions on it [ 208.001996][T12196] 8021q: adding VLAN 0 to HW filter on device bond12 [ 208.016992][T12192] syzkaller0: entered promiscuous mode [ 208.022896][T12192] syzkaller0: entered allmulticast mode [ 208.098192][T12196] bond12: (slave dummy0): Enslaving as an active interface with an up link [ 208.234083][T12208] bond12 (unregistering): (slave dummy0): Releasing backup interface [ 208.244992][T12208] bond12 (unregistering): Released all slaves [ 208.787372][T12256] syzkaller0: entered promiscuous mode [ 208.793526][T12256] syzkaller0: entered allmulticast mode [ 208.887914][T12265] __nla_validate_parse: 12 callbacks suppressed [ 208.887933][T12265] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1828'. [ 209.017319][T12276] netlink: 'syz.2.1831': attribute type 39 has an invalid length. [ 209.268398][T12295] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1837'. [ 209.372487][T12304] syzkaller0: entered promiscuous mode [ 209.383336][T12304] syzkaller0: entered allmulticast mode [ 209.398835][T12307] ip6t_srh: unknown srh invflags 4000 [ 209.559893][T12307] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 209.597275][T12312] netlink: 212328 bytes leftover after parsing attributes in process `syz.4.1842'. [ 209.631879][T12312] netlink: Unknown conntrack attr (type=2304, max=9) [ 209.788174][T12328] FAULT_INJECTION: forcing a failure. [ 209.788174][T12328] name failslab, interval 1, probability 0, space 0, times 0 [ 209.820449][T12327] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.1846'. [ 209.837851][T12328] CPU: 1 UID: 0 PID: 12328 Comm: syz.3.1845 Not tainted syzkaller #0 PREEMPT(full) [ 209.837880][T12328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 209.837891][T12328] Call Trace: [ 209.837898][T12328] [ 209.837907][T12328] dump_stack_lvl+0xe8/0x150 [ 209.837936][T12328] should_fail_ex+0x412/0x560 [ 209.837962][T12328] should_failslab+0xa8/0x100 [ 209.837990][T12328] __kmalloc_noprof+0xde/0x7e0 [ 209.838008][T12328] ? tomoyo_encode+0x28b/0x550 [ 209.838036][T12328] tomoyo_encode+0x28b/0x550 [ 209.838062][T12328] tomoyo_realpath_from_path+0x58d/0x5d0 [ 209.838086][T12328] ? tomoyo_domain+0xd7/0x130 [ 209.838113][T12328] ? tomoyo_path_number_perm+0x219/0x630 [ 209.838133][T12328] tomoyo_path_number_perm+0x246/0x630 [ 209.838156][T12328] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 209.838175][T12328] ? __lock_acquire+0x6b5/0x2cf0 [ 209.838212][T12328] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 209.838250][T12328] ? __fget_files+0x2a/0x420 [ 209.838272][T12328] ? __fget_files+0x2a/0x420 [ 209.838290][T12328] ? __fget_files+0x3a0/0x420 [ 209.838308][T12328] ? __fget_files+0x2a/0x420 [ 209.838330][T12328] security_file_ioctl+0xc3/0x2a0 [ 209.838350][T12328] __se_sys_ioctl+0x47/0x170 [ 209.838377][T12328] do_syscall_64+0xe2/0xf80 [ 209.838395][T12328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.838412][T12328] ? trace_irq_disable+0x37/0x100 [ 209.838430][T12328] ? clear_bhb_loop+0x60/0xb0 [ 209.838451][T12328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.838467][T12328] RIP: 0033:0x7f658a99aeb9 [ 209.838483][T12328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 209.838499][T12328] RSP: 002b:00007f6588bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 209.838520][T12328] RAX: ffffffffffffffda RBX: 00007f658ac15fa0 RCX: 00007f658a99aeb9 [ 209.838531][T12328] RDX: 0000200000000000 RSI: 0000000000008b14 RDI: 0000000000000003 [ 209.838541][T12328] RBP: 00007f6588bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 209.838551][T12328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 209.838560][T12328] R13: 00007f658ac16038 R14: 00007f658ac15fa0 R15: 00007ffcc7ed2f78 [ 209.838591][T12328] [ 209.838780][T12328] ERROR: Out of memory at tomoyo_realpath_from_path. [ 210.105282][T12331] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1847'. [ 210.371736][T12343] syzkaller0: entered promiscuous mode [ 210.384078][T12343] syzkaller0: entered allmulticast mode [ 210.505259][T12347] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1854'. [ 210.671027][T12361] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.1858'. [ 210.687382][T12360] netlink: 'syz.0.1857': attribute type 1 has an invalid length. [ 210.802851][T12371] FAULT_INJECTION: forcing a failure. [ 210.802851][T12371] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 210.830707][T12371] CPU: 1 UID: 0 PID: 12371 Comm: syz.4.1859 Not tainted syzkaller #0 PREEMPT(full) [ 210.830732][T12371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 210.830744][T12371] Call Trace: [ 210.830750][T12371] [ 210.830758][T12371] dump_stack_lvl+0xe8/0x150 [ 210.830785][T12371] should_fail_ex+0x412/0x560 [ 210.830811][T12371] _copy_from_user+0x2d/0xb0 [ 210.830837][T12371] wext_handle_ioctl+0xc7/0x1d0 [ 210.830860][T12371] ? __pfx_wext_handle_ioctl+0x10/0x10 [ 210.830885][T12371] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 210.830918][T12371] sock_ioctl+0x159/0x7f0 [ 210.830945][T12371] ? __pfx_sock_ioctl+0x10/0x10 [ 210.830969][T12371] ? __fget_files+0x2a/0x420 [ 210.830987][T12371] ? __fget_files+0x3a0/0x420 [ 210.831003][T12371] ? __fget_files+0x2a/0x420 [ 210.831026][T12371] ? bpf_lsm_file_ioctl+0x9/0x20 [ 210.831046][T12371] ? __pfx_sock_ioctl+0x10/0x10 [ 210.831069][T12371] __se_sys_ioctl+0xfc/0x170 [ 210.831095][T12371] do_syscall_64+0xe2/0xf80 [ 210.831113][T12371] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.831130][T12371] ? trace_irq_disable+0x37/0x100 [ 210.831147][T12371] ? clear_bhb_loop+0x60/0xb0 [ 210.831169][T12371] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.831185][T12371] RIP: 0033:0x7fb6bf99aeb9 [ 210.831202][T12371] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 210.831218][T12371] RSP: 002b:00007fb6c08d3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 210.831237][T12371] RAX: ffffffffffffffda RBX: 00007fb6bfc15fa0 RCX: 00007fb6bf99aeb9 [ 210.831250][T12371] RDX: 0000200000000000 RSI: 0000000000008b14 RDI: 0000000000000003 [ 210.831262][T12371] RBP: 00007fb6c08d3090 R08: 0000000000000000 R09: 0000000000000000 [ 210.831274][T12371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 210.831285][T12371] R13: 00007fb6bfc16038 R14: 00007fb6bfc15fa0 R15: 00007ffc7f76cfc8 [ 210.831313][T12371] [ 211.129821][T12385] veth0: entered promiscuous mode [ 211.141182][T12385] veth0: left promiscuous mode [ 211.151467][T12385] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1867'. [ 211.164030][T12385] netlink: 'syz.2.1867': attribute type 11 has an invalid length. [ 211.172496][T12385] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1867'. [ 211.300004][T12389] syzkaller0: entered promiscuous mode [ 211.305673][T12389] syzkaller0: entered allmulticast mode [ 211.334381][T12400] netlink: 'syz.2.1869': attribute type 33 has an invalid length. [ 211.348097][T12400] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1869'. [ 211.491007][T12407] netlink: 'syz.4.1870': attribute type 1 has an invalid length. [ 211.544383][T12407] netlink: 'syz.4.1870': attribute type 29 has an invalid length. [ 211.711551][T12426] FAULT_INJECTION: forcing a failure. [ 211.711551][T12426] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 211.737405][T12426] CPU: 0 UID: 0 PID: 12426 Comm: syz.2.1875 Not tainted syzkaller #0 PREEMPT(full) [ 211.737430][T12426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 211.737441][T12426] Call Trace: [ 211.737448][T12426] [ 211.737457][T12426] dump_stack_lvl+0xe8/0x150 [ 211.737484][T12426] should_fail_ex+0x412/0x560 [ 211.737510][T12426] _copy_from_user+0x2d/0xb0 [ 211.737537][T12426] wext_handle_ioctl+0xc7/0x1d0 [ 211.737561][T12426] ? __pfx_wext_handle_ioctl+0x10/0x10 [ 211.737580][T12426] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 211.737615][T12426] sock_ioctl+0x159/0x7f0 [ 211.737644][T12426] ? __pfx_sock_ioctl+0x10/0x10 [ 211.737669][T12426] ? __fget_files+0x2a/0x420 [ 211.737688][T12426] ? __fget_files+0x3a0/0x420 [ 211.737707][T12426] ? __fget_files+0x2a/0x420 [ 211.737728][T12426] ? bpf_lsm_file_ioctl+0x9/0x20 [ 211.737751][T12426] ? __pfx_sock_ioctl+0x10/0x10 [ 211.737781][T12426] __se_sys_ioctl+0xfc/0x170 [ 211.737808][T12426] do_syscall_64+0xe2/0xf80 [ 211.737826][T12426] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.737843][T12426] ? trace_irq_disable+0x37/0x100 [ 211.737860][T12426] ? clear_bhb_loop+0x60/0xb0 [ 211.737882][T12426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.737899][T12426] RIP: 0033:0x7fb2fcd9aeb9 [ 211.737915][T12426] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 211.737931][T12426] RSP: 002b:00007fb2fdc8d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 211.737950][T12426] RAX: ffffffffffffffda RBX: 00007fb2fd015fa0 RCX: 00007fb2fcd9aeb9 [ 211.737963][T12426] RDX: 0000200000000000 RSI: 0000000000008b14 RDI: 0000000000000003 [ 211.737975][T12426] RBP: 00007fb2fdc8d090 R08: 0000000000000000 R09: 0000000000000000 [ 211.737987][T12426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.737997][T12426] R13: 00007fb2fd016038 R14: 00007fb2fd015fa0 R15: 00007fffcc45ae68 [ 211.738026][T12426] [ 212.116429][T12442] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 212.131313][T12443] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 212.164190][T12443] netlink: 'syz.2.1881': attribute type 16 has an invalid length. [ 212.208032][T12448] syzkaller0: entered promiscuous mode [ 212.226081][T12448] syzkaller0: entered allmulticast mode [ 212.386478][T12460] IPVS: set_ctl: invalid protocol: 4 172.20.20.32:20004 [ 212.990733][T12471] pim6reg1: entered promiscuous mode [ 212.997235][T12471] pim6reg1: entered allmulticast mode [ 213.261093][T12488] FAULT_INJECTION: forcing a failure. [ 213.261093][T12488] name failslab, interval 1, probability 0, space 0, times 0 [ 213.273797][T12488] CPU: 0 UID: 0 PID: 12488 Comm: syz.0.1897 Not tainted syzkaller #0 PREEMPT(full) [ 213.273821][T12488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 213.273832][T12488] Call Trace: [ 213.273839][T12488] [ 213.273847][T12488] dump_stack_lvl+0xe8/0x150 [ 213.273874][T12488] should_fail_ex+0x412/0x560 [ 213.273900][T12488] should_failslab+0xa8/0x100 [ 213.273922][T12488] kmem_cache_alloc_noprof+0x87/0x6e0 [ 213.273949][T12488] ? skb_clone+0x212/0x3a0 [ 213.273977][T12488] skb_clone+0x212/0x3a0 [ 213.274005][T12488] bpf_clone_redirect+0x16a/0x4b0 [ 213.274033][T12488] ? bpf_test_run+0x1d1/0x830 [ 213.274050][T12488] bpf_prog_cbaa716d5e7dde70+0x5f/0x68 [ 213.274070][T12488] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 213.274093][T12488] ? arch_stack_walk+0xfb/0x150 [ 213.274121][T12488] ? ktime_get+0x45/0x200 [ 213.274152][T12488] ? seqcount_lockdep_reader_access+0xa9/0x100 [ 213.274174][T12488] ? lockdep_hardirqs_on+0x7a/0x110 [ 213.274192][T12488] ? ktime_get+0x45/0x200 [ 213.274209][T12488] ? seqcount_lockdep_reader_access+0xea/0x100 [ 213.274236][T12488] ? bpf_test_timer_continue+0x10c/0x320 [ 213.274258][T12488] bpf_test_run+0x354/0x830 [ 213.274297][T12488] ? __pfx_bpf_test_run+0x10/0x10 [ 213.274328][T12488] ? __kasan_krealloc+0xeb/0x110 [ 213.274347][T12488] ? eth_type_trans+0x35e/0x6d0 [ 213.274374][T12488] ? bpf_prog_test_run_skb+0x889/0x1d50 [ 213.274390][T12488] ? convert___skb_to_skb+0x3d/0x5b0 [ 213.274409][T12488] bpf_prog_test_run_skb+0xd66/0x1d50 [ 213.274439][T12488] ? __fget_files+0x2a/0x420 [ 213.274457][T12488] ? __fget_files+0x3a0/0x420 [ 213.274475][T12488] ? __fget_files+0x2a/0x420 [ 213.274499][T12488] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 213.274518][T12488] bpf_prog_test_run+0x2c7/0x340 [ 213.274541][T12488] __sys_bpf+0x5cb/0x920 [ 213.274561][T12488] ? __pfx___sys_bpf+0x10/0x10 [ 213.274594][T12488] ? ksys_write+0x242/0x270 [ 213.274628][T12488] ? __pfx_ksys_write+0x10/0x10 [ 213.274660][T12488] __x64_sys_bpf+0x7c/0x90 [ 213.274686][T12488] do_syscall_64+0xe2/0xf80 [ 213.274704][T12488] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.274721][T12488] ? trace_irq_disable+0x37/0x100 [ 213.274738][T12488] ? clear_bhb_loop+0x60/0xb0 [ 213.274760][T12488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.274778][T12488] RIP: 0033:0x7f860c99aeb9 [ 213.274794][T12488] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 213.274810][T12488] RSP: 002b:00007f860d82e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 213.274829][T12488] RAX: ffffffffffffffda RBX: 00007f860cc15fa0 RCX: 00007f860c99aeb9 [ 213.274843][T12488] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 000000000000000a [ 213.274854][T12488] RBP: 00007f860d82e090 R08: 0000000000000000 R09: 0000000000000000 [ 213.274866][T12488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 213.274877][T12488] R13: 00007f860cc16038 R14: 00007f860cc15fa0 R15: 00007ffc16df36a8 [ 213.274907][T12488] [ 213.894814][T12514] netlink: 'syz.2.1907': attribute type 2 has an invalid length. [ 213.916500][T12514] __nla_validate_parse: 14 callbacks suppressed [ 213.916517][T12514] netlink: 31 bytes leftover after parsing attributes in process `syz.2.1907'. [ 214.040643][T12524] bond13: option packets_per_slave: invalid value (18446744073709551615) [ 214.057934][T12524] bond13: option packets_per_slave: allowed values 0 - 65535 [ 214.070392][T12530] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1912'. [ 214.082096][T12524] bond13 (unregistering): Released all slaves [ 214.430632][T12543] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1913'. [ 214.494465][T12550] xt_cluster: node mask cannot exceed total number of nodes [ 214.729120][T12569] netlink: 'syz.3.1923': attribute type 1 has an invalid length. [ 214.799568][T12574] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1925'. [ 214.832749][T12576] netlink: 'syz.2.1926': attribute type 10 has an invalid length. [ 214.842538][T12569] netlink: 'syz.3.1923': attribute type 4 has an invalid length. [ 214.842538][T12571] netlink: 'syz.3.1923': attribute type 4 has an invalid length. [ 214.874965][T12576] team0: Port device dummy0 added [ 214.912883][T12573] syzkaller0: entered promiscuous mode [ 214.918555][T12573] syzkaller0: entered allmulticast mode [ 215.189732][T12595] bond13: entered promiscuous mode [ 215.196340][T12595] 8021q: adding VLAN 0 to HW filter on device bond13 [ 215.300645][T12604] xt_TPROXY: Can be used only with -p tcp or -p udp [ 215.321382][T12606] netdevsim netdevsim1: Firmware load for './file0/file0/..' refused, path contains '..' component [ 215.333356][T12609] xt_TPROXY: Can be used only with -p tcp or -p udp [ 215.343989][T12606] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1938'. [ 215.353623][T12606] nbd: couldn't find a device at index 0 [ 215.415985][T12610] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1936'. [ 215.436413][T12610] gretap0: entered promiscuous mode [ 215.486774][T12601] vxcan1 speed is unknown, defaulting to 1000 [ 215.621757][T12615] syzkaller0: entered promiscuous mode [ 215.640562][T12615] syzkaller0: entered allmulticast mode [ 215.798931][T12631] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1944'. [ 217.450354][T12669] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.1956'. [ 217.624803][T12677] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1959'. [ 217.952324][T12706] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1968'. [ 218.600611][T12753] validate_nla: 1 callbacks suppressed [ 218.600628][T12753] netlink: 'syz.3.1980': attribute type 15 has an invalid length. [ 218.684816][T12764] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 218.964028][T12786] __nla_validate_parse: 134 callbacks suppressed [ 218.964047][T12786] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1991'. [ 218.983066][T12789] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1989'. [ 218.990646][T12786] netlink: 'syz.3.1991': attribute type 1 has an invalid length. [ 219.004799][T12786] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1991'. [ 219.049781][T12789] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1989'. [ 219.159585][T12799] xt_NFQUEUE: number of total queues is 0 [ 219.191678][T12799] RDS: rds_bind could not find a transport for ::ffff:172.30.0.5, load rds_tcp or rds_rdma? [ 219.551207][T12809] netlink: 'syz.0.1999': attribute type 142 has an invalid length. [ 219.663382][T12831] netlink: 'syz.3.2008': attribute type 12 has an invalid length. [ 219.679595][T12835] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2007'. [ 219.697583][T12831] netlink: 'syz.3.2008': attribute type 29 has an invalid length. [ 219.727984][T12831] netlink: 148 bytes leftover after parsing attributes in process `syz.3.2008'. [ 219.745282][T12840] ip6t_rpfilter: unknown options [ 219.748305][T12831] netlink: 'syz.3.2008': attribute type 2 has an invalid length. [ 219.782194][T12834] netlink: 120 bytes leftover after parsing attributes in process `syz.1.2006'. [ 219.815788][T12834] netlink: 'syz.1.2006': attribute type 1 has an invalid length. [ 219.823558][T12834] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2006'. [ 219.877652][T12846] netlink: 'syz.2.2012': attribute type 11 has an invalid length. [ 220.403502][T12887] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2022'. [ 220.448449][T12887] netlink: 'syz.1.2022': attribute type 1 has an invalid length. [ 220.457754][T12897] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.2023'. [ 220.530119][T12903] sock: sock_set_timeout: `syz.3.2025' (pid 12903) tries to set negative timeout [ 220.541819][T12903] netlink: 'syz.3.2025': attribute type 10 has an invalid length. [ 220.579403][T12907] netlink: 'syz.1.2028': attribute type 1 has an invalid length. [ 220.671019][T12907] 8021q: adding VLAN 0 to HW filter on device bond14 [ 220.700432][T12913] vlan6: entered allmulticast mode [ 220.712117][T12913] bond14: entered allmulticast mode [ 220.743630][T12915] bond6 (unregistering): Released all slaves [ 220.848488][T12926] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 221.584734][T12990] bond0: (slave macvlan3): Error -98 calling set_mac_address [ 221.691057][T12999] syzkaller0: entered promiscuous mode [ 221.697164][T12999] syzkaller0: entered allmulticast mode [ 221.731730][T12999] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 222.049891][T13020] bond0 (unregistering): (slave veth3): Releasing backup interface [ 222.065248][T13026] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 222.072573][T13026] IPv6: NLM_F_CREATE should be set when creating new route [ 222.079857][T13026] IPv6: NLM_F_CREATE should be set when creating new route [ 222.088901][T13026] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 222.103940][T13020] bond0 (unregistering): Released all slaves [ 222.254172][T13039] geneve4: entered promiscuous mode [ 222.275910][ T36] netdevsim netdevsim3 eth0: set [1, 2] type 2 family 0 port 46316 - 0 [ 222.284219][ T36] netdevsim netdevsim3 eth1: set [1, 2] type 2 family 0 port 46316 - 0 [ 222.314392][ T36] netdevsim netdevsim3 eth2: set [1, 2] type 2 family 0 port 46316 - 0 [ 222.352124][ T36] netdevsim netdevsim3 eth3: set [1, 2] type 2 family 0 port 46316 - 0 [ 222.406072][T13048] openvswitch: netlink: VXLAN extension 307 out of range max 1 [ 222.521576][T13054] bond0 (unregistering): Released all slaves [ 224.010504][T13135] __nla_validate_parse: 26 callbacks suppressed [ 224.010522][T13135] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2099'. [ 224.054863][T13137] FAULT_INJECTION: forcing a failure. [ 224.054863][T13137] name failslab, interval 1, probability 0, space 0, times 0 [ 224.067581][T13137] CPU: 0 UID: 0 PID: 13137 Comm: syz.0.2103 Not tainted syzkaller #0 PREEMPT(full) [ 224.067608][T13137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 224.067619][T13137] Call Trace: [ 224.067626][T13137] [ 224.067634][T13137] dump_stack_lvl+0xe8/0x150 [ 224.067662][T13137] should_fail_ex+0x412/0x560 [ 224.067688][T13137] should_failslab+0xa8/0x100 [ 224.067711][T13137] kmem_cache_alloc_noprof+0x87/0x6e0 [ 224.067737][T13137] ? skb_clone+0x212/0x3a0 [ 224.067764][T13137] skb_clone+0x212/0x3a0 [ 224.067797][T13137] bpf_clone_redirect+0x16a/0x4b0 [ 224.067823][T13137] ? bpf_test_run+0x1d1/0x830 [ 224.067840][T13137] bpf_prog_cbaa716d5e7dde70+0x5f/0x68 [ 224.067860][T13137] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 224.067893][T13137] ? __pfx___schedule+0x10/0x10 [ 224.067917][T13137] ? ktime_get+0x45/0x200 [ 224.067948][T13137] ? preempt_schedule_thunk+0x16/0x30 [ 224.067978][T13137] ? preempt_schedule_common+0x82/0xd0 [ 224.067993][T13137] ? bpf_test_run+0x1d1/0x830 [ 224.068011][T13137] ? bpf_test_timer_continue+0x10c/0x320 [ 224.068033][T13137] bpf_test_run+0x354/0x830 [ 224.068068][T13137] ? __pfx_bpf_test_run+0x10/0x10 [ 224.068098][T13137] ? __kasan_krealloc+0xeb/0x110 [ 224.068118][T13137] ? eth_type_trans+0x35e/0x6d0 [ 224.068143][T13137] ? bpf_prog_test_run_skb+0x889/0x1d50 [ 224.068159][T13137] ? convert___skb_to_skb+0x3d/0x5b0 [ 224.068179][T13137] bpf_prog_test_run_skb+0xd66/0x1d50 [ 224.068208][T13137] ? __fget_files+0x2a/0x420 [ 224.068226][T13137] ? __fget_files+0x3a0/0x420 [ 224.068242][T13137] ? __fget_files+0x2a/0x420 [ 224.068264][T13137] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 224.068283][T13137] bpf_prog_test_run+0x2c7/0x340 [ 224.068307][T13137] __sys_bpf+0x5cb/0x920 [ 224.068327][T13137] ? __pfx___sys_bpf+0x10/0x10 [ 224.068359][T13137] ? ksys_write+0x242/0x270 [ 224.068387][T13137] ? __pfx_ksys_write+0x10/0x10 [ 224.068419][T13137] __x64_sys_bpf+0x7c/0x90 [ 224.068446][T13137] do_syscall_64+0xe2/0xf80 [ 224.068464][T13137] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.068481][T13137] ? trace_irq_disable+0x37/0x100 [ 224.068499][T13137] ? clear_bhb_loop+0x60/0xb0 [ 224.068521][T13137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.068537][T13137] RIP: 0033:0x7f860c99aeb9 [ 224.068554][T13137] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 224.068569][T13137] RSP: 002b:00007f860d82e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 224.068589][T13137] RAX: ffffffffffffffda RBX: 00007f860cc15fa0 RCX: 00007f860c99aeb9 [ 224.068602][T13137] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 000000000000000a [ 224.068614][T13137] RBP: 00007f860d82e090 R08: 0000000000000000 R09: 0000000000000000 [ 224.068626][T13137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 224.068637][T13137] R13: 00007f860cc16038 R14: 00007f860cc15fa0 R15: 00007ffc16df36a8 [ 224.068669][T13137] [ 224.394708][T13143] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.2104'. [ 224.421555][T13145] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2105'. [ 224.707760][T13162] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2110'. [ 224.727555][T13163] netlink: 176 bytes leftover after parsing attributes in process `syz.2.2111'. [ 224.777048][T13167] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2114'. [ 224.820347][T13170] FAULT_INJECTION: forcing a failure. [ 224.820347][T13170] name failslab, interval 1, probability 0, space 0, times 0 [ 224.833053][T13170] CPU: 1 UID: 0 PID: 13170 Comm: syz.2.2115 Not tainted syzkaller #0 PREEMPT(full) [ 224.833078][T13170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 224.833089][T13170] Call Trace: [ 224.833096][T13170] [ 224.833103][T13170] dump_stack_lvl+0xe8/0x150 [ 224.833131][T13170] should_fail_ex+0x412/0x560 [ 224.833158][T13170] should_failslab+0xa8/0x100 [ 224.833181][T13170] kmem_cache_alloc_noprof+0x87/0x6e0 [ 224.833208][T13170] ? skb_clone+0x212/0x3a0 [ 224.833237][T13170] skb_clone+0x212/0x3a0 [ 224.833264][T13170] bpf_clone_redirect+0x16a/0x4b0 [ 224.833292][T13170] ? bpf_test_run+0x1d1/0x830 [ 224.833310][T13170] bpf_prog_4653d16e8163849f+0x22/0x2a [ 224.833329][T13170] bpf_test_run+0x354/0x830 [ 224.833367][T13170] ? __pfx_bpf_test_run+0x10/0x10 [ 224.833404][T13170] ? csum_partial+0x239/0x2c0 [ 224.833441][T13170] ? convert___skb_to_skb+0x3d/0x5b0 [ 224.833462][T13170] bpf_prog_test_run_skb+0xd66/0x1d50 [ 224.833491][T13170] ? __fget_files+0x2a/0x420 [ 224.833510][T13170] ? __fget_files+0x3a0/0x420 [ 224.833528][T13170] ? __fget_files+0x2a/0x420 [ 224.833552][T13170] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 224.833571][T13170] bpf_prog_test_run+0x2c7/0x340 [ 224.833595][T13170] __sys_bpf+0x5cb/0x920 [ 224.833615][T13170] ? __pfx___sys_bpf+0x10/0x10 [ 224.833648][T13170] ? ksys_write+0x242/0x270 [ 224.833675][T13170] ? __pfx_ksys_write+0x10/0x10 [ 224.833707][T13170] __x64_sys_bpf+0x7c/0x90 [ 224.833734][T13170] do_syscall_64+0xe2/0xf80 [ 224.833752][T13170] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.833770][T13170] ? trace_irq_disable+0x37/0x100 [ 224.833786][T13170] ? clear_bhb_loop+0x60/0xb0 [ 224.833808][T13170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.833825][T13170] RIP: 0033:0x7fb2fcd9aeb9 [ 224.833841][T13170] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 224.833855][T13170] RSP: 002b:00007fb2fdc8d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 224.833874][T13170] RAX: ffffffffffffffda RBX: 00007fb2fd015fa0 RCX: 00007fb2fcd9aeb9 [ 224.833887][T13170] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a [ 224.833898][T13170] RBP: 00007fb2fdc8d090 R08: 0000000000000000 R09: 0000000000000000 [ 224.833909][T13170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 224.833921][T13170] R13: 00007fb2fd016038 R14: 00007fb2fd015fa0 R15: 00007fffcc45ae68 [ 224.833951][T13170] [ 225.091253][T13171] validate_nla: 4 callbacks suppressed [ 225.091270][T13171] netlink: 'syz.4.2113': attribute type 4 has an invalid length. [ 225.231421][T13171] atomic_op ffff888052c14998 conn xmit_atomic 0000000000000000 [ 225.272445][T13181] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.2119'. [ 225.305241][T13175] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 225.319801][T13184] FAULT_INJECTION: forcing a failure. [ 225.319801][T13184] name failslab, interval 1, probability 0, space 0, times 0 [ 225.332982][T13184] CPU: 1 UID: 0 PID: 13184 Comm: syz.3.2120 Not tainted syzkaller #0 PREEMPT(full) [ 225.333004][T13184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 225.333014][T13184] Call Trace: [ 225.333021][T13184] [ 225.333028][T13184] dump_stack_lvl+0xe8/0x150 [ 225.333056][T13184] should_fail_ex+0x412/0x560 [ 225.333082][T13184] should_failslab+0xa8/0x100 [ 225.333104][T13184] __kmalloc_noprof+0xde/0x7e0 [ 225.333122][T13184] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 225.333150][T13184] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 225.333179][T13184] genl_start+0x180/0x6c0 [ 225.333199][T13184] ? netlink_lookup+0x30/0x200 [ 225.333222][T13184] __netlink_dump_start+0x469/0x7e0 [ 225.333246][T13184] genl_family_rcv_msg_dumpit+0x213/0x310 [ 225.333272][T13184] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 225.333294][T13184] ? genl_get_cmd+0x691/0x930 [ 225.333328][T13184] ? __pfx_genl_start+0x10/0x10 [ 225.333347][T13184] ? __pfx_genl_dumpit+0x10/0x10 [ 225.333366][T13184] ? __pfx_genl_done+0x10/0x10 [ 225.333391][T13184] ? __dev_queue_xmit+0x274/0x3850 [ 225.333421][T13184] genl_rcv_msg+0x5e8/0x7a0 [ 225.333448][T13184] ? __pfx_genl_rcv_msg+0x10/0x10 [ 225.333469][T13184] ? __pfx_ethnl_tsinfo_start+0x10/0x10 [ 225.333486][T13184] ? __pfx_ethnl_tsinfo_dumpit+0x10/0x10 [ 225.333503][T13184] ? __pfx_ethnl_tsinfo_done+0x10/0x10 [ 225.333525][T13184] ? __pfx_ref_tracker_free+0x10/0x10 [ 225.333555][T13184] netlink_rcv_skb+0x232/0x4b0 [ 225.333573][T13184] ? __pfx_genl_rcv_msg+0x10/0x10 [ 225.333596][T13184] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 225.333612][T13184] ? genl_rcv+0x19/0x40 [ 225.333648][T13184] ? down_read+0x272/0x2e0 [ 225.333667][T13184] ? genl_rcv+0xd/0x40 [ 225.333689][T13184] genl_rcv+0x28/0x40 [ 225.333709][T13184] netlink_unicast+0x80f/0x9b0 [ 225.333742][T13184] ? __pfx_netlink_unicast+0x10/0x10 [ 225.333766][T13184] ? __alloc_skb+0x193/0x390 [ 225.333783][T13184] ? netlink_sendmsg+0x650/0xb40 [ 225.333797][T13184] ? skb_put+0x11b/0x210 [ 225.333816][T13184] netlink_sendmsg+0x813/0xb40 [ 225.333837][T13184] ? __pfx_netlink_sendmsg+0x10/0x10 [ 225.333854][T13184] ? aa_sock_msg_perm+0xf1/0x1b0 [ 225.333876][T13184] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 225.333893][T13184] ? __pfx_netlink_sendmsg+0x10/0x10 [ 225.333905][T13184] ____sys_sendmsg+0xa68/0xad0 [ 225.333922][T13184] ? __might_fault+0xaf/0x130 [ 225.333946][T13184] ? __pfx_____sys_sendmsg+0x10/0x10 [ 225.333970][T13184] ? import_iovec+0x73/0xa0 [ 225.333994][T13184] ___sys_sendmsg+0x2a5/0x360 [ 225.334009][T13184] ? __lock_acquire+0x6b5/0x2cf0 [ 225.334031][T13184] ? __pfx____sys_sendmsg+0x10/0x10 [ 225.334075][T13184] ? __fget_files+0x2a/0x420 [ 225.334090][T13184] ? __fget_files+0x3a0/0x420 [ 225.334112][T13184] __x64_sys_sendmsg+0x1bd/0x2a0 [ 225.334133][T13184] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 225.334159][T13184] ? __pfx_ksys_write+0x10/0x10 [ 225.334188][T13184] do_syscall_64+0xe2/0xf80 [ 225.334203][T13184] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.334216][T13184] ? trace_irq_disable+0x37/0x100 [ 225.334229][T13184] ? clear_bhb_loop+0x60/0xb0 [ 225.334246][T13184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.334260][T13184] RIP: 0033:0x7f658a99aeb9 [ 225.334275][T13184] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 225.334289][T13184] RSP: 002b:00007f6588bf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 225.334330][T13184] RAX: ffffffffffffffda RBX: 00007f658ac15fa0 RCX: 00007f658a99aeb9 [ 225.334343][T13184] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 225.334354][T13184] RBP: 00007f6588bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 225.334364][T13184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 225.334373][T13184] R13: 00007f658ac16038 R14: 00007f658ac15fa0 R15: 00007ffcc7ed2f78 [ 225.334403][T13184] [ 225.338025][T13175] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.737588][T13175] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20002 - 0 [ 225.771044][T13175] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0 [ 225.897245][T13201] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2126'. [ 225.947563][T13175] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 225.962707][T13175] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.977376][T13175] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20002 - 0 [ 225.988273][T13175] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0 [ 226.063139][T13209] vxcan1 speed is unknown, defaulting to 1000 [ 226.080909][T13211] bond0: (slave macvlan3): Error -98 calling set_mac_address [ 226.103601][T13209] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2129'. [ 226.147630][T13214] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2130'. [ 226.183199][T13209] 8021q: adding VLAN 0 to HW filter on device bond8 [ 226.350469][T13175] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 226.366318][T13175] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.385920][T13175] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20002 - 0 [ 226.420381][T13175] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0 [ 226.491072][T13220] netlink: 'syz.4.2132': attribute type 83 has an invalid length. [ 226.541179][T13175] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 226.552620][T13175] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.572032][T13175] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20002 - 0 [ 226.626731][T13175] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0 [ 226.649661][T13229] sctp: [Deprecated]: syz.4.2136 (pid 13229) Use of int in maxseg socket option. [ 226.649661][T13229] Use struct sctp_assoc_value instead [ 226.839923][T13243] netlink: 'syz.3.2139': attribute type 2 has an invalid length. [ 226.883108][T13248] openvswitch: netlink: Flow actions attr not present in new flow. [ 226.891668][T11105] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 226.906074][T11105] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 226.922301][T11105] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 20002 - 0 [ 226.943599][T11105] netdevsim netdevsim1 eth0: set [1, 2] type 2 family 0 port 6081 - 0 [ 226.960946][T13248] netlink: 'syz.4.2140': attribute type 2 has an invalid length. [ 226.989535][T11546] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 227.003334][T11546] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 227.012506][T11546] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 20002 - 0 [ 227.021169][T11546] netdevsim netdevsim1 eth1: set [1, 2] type 2 family 0 port 6081 - 0 [ 227.043995][T11546] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 227.052770][T11546] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 227.064047][T11546] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 20002 - 0 [ 227.086099][T11546] netdevsim netdevsim1 eth2: set [1, 2] type 2 family 0 port 6081 - 0 [ 227.112214][T11546] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 227.132323][T11546] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 227.155721][T11546] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 20002 - 0 [ 227.164028][T11546] netdevsim netdevsim1 eth3: set [1, 2] type 2 family 0 port 6081 - 0 [ 227.288253][T13265] tipc: Enabled bearer , priority 0 [ 227.306319][T13265] syzkaller0: entered promiscuous mode [ 227.314162][T13265] syzkaller0: entered allmulticast mode [ 227.385455][T13265] tipc: Resetting bearer [ 227.401884][T13264] tipc: Resetting bearer [ 227.431568][T13277] sock: sock_timestamping_bind_phc: sock not bind to device [ 227.453849][T13264] tipc: Disabling bearer [ 227.495107][T13279] netlink: 'syz.0.2154': attribute type 6 has an invalid length. [ 227.612601][T13287] macsec3: entered promiscuous mode [ 227.624774][T13287] vlan0: entered promiscuous mode [ 227.638821][T13287] macsec3: entered allmulticast mode [ 227.644655][T13287] vlan0: entered allmulticast mode [ 227.651383][T13287] veth0_vlan: entered allmulticast mode [ 227.669998][T13287] vlan0: left allmulticast mode [ 227.679904][T13287] veth0_vlan: left allmulticast mode [ 227.689720][T13287] vlan0: left promiscuous mode [ 228.199917][T13324] netlink: 'syz.0.2176': attribute type 10 has an invalid length. [ 228.222544][T13324] syz_tun: entered promiscuous mode [ 228.266931][T13324] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 228.279053][T13328] netlink: 'syz.0.2176': attribute type 10 has an invalid length. [ 228.319777][T13328] 8021q: adding VLAN 0 to HW filter on device bond0 [ 228.339721][T13328] team0: Device bond0 failed to register rx_handler [ 228.486705][T13340] batadv_slave_1: entered promiscuous mode [ 228.529244][T13340] batadv_slave_1: left promiscuous mode [ 228.985984][T13376] af_packet: tpacket_rcv: packet too big, clamped from 24 to 4294967272. macoff=96 [ 229.291982][T13396] netlink: 'syz.0.2208': attribute type 3 has an invalid length. [ 229.367515][T13400] __nla_validate_parse: 12 callbacks suppressed [ 229.367534][T13400] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2210'. [ 229.601757][T13413] vlan2: left allmulticast mode [ 229.608418][T13413] bond2: left allmulticast mode [ 229.613706][T13413] gretap1: left allmulticast mode [ 229.621779][T13413] xfrm1: left allmulticast mode [ 229.645229][T13413] bond4: left promiscuous mode [ 229.659166][T13413] bond4: left allmulticast mode [ 229.690483][T13421] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2219'. [ 229.768724][T13425] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2221'. [ 230.104455][T13445] syz_tun: Device is already in use. [ 230.217950][T13455] netlink: 'syz.4.2232': attribute type 12 has an invalid length. [ 230.239715][T13457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2235'. [ 230.249954][T13457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2235'. [ 230.259912][T13457] gre0: left promiscuous mode [ 230.264676][T13457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2235'. [ 230.274083][T13457] gretap0: left promiscuous mode [ 230.279348][T13457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2235'. [ 230.288519][T13457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2235'. [ 230.300114][T13457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2235'. [ 230.310279][T13457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2235'. [ 230.321369][T13457] syz_tun: left promiscuous mode [ 230.340842][T13457] macvlan0: left promiscuous mode [ 230.544923][T13466] sock: sock_set_timeout: `syz.2.2239' (pid 13466) tries to set negative timeout [ 230.972417][T13490] netlink: 'syz.0.2251': attribute type 11 has an invalid length. [ 232.038452][T13565] macsec1: entered allmulticast mode [ 232.043787][T13565] batadv0: entered allmulticast mode [ 232.079366][T13565] batadv0: left allmulticast mode [ 233.751150][T13684] vxcan1 speed is unknown, defaulting to 1000 [ 234.591564][T13732] syzkaller0: entered promiscuous mode [ 234.610268][T13732] syzkaller0: entered allmulticast mode [ 234.654448][T13730] vxcan1 speed is unknown, defaulting to 1000 [ 235.028429][T13750] syz.4.2365 (13750) used greatest stack depth: 17656 bytes left [ 235.349094][T13774] __nla_validate_parse: 109 callbacks suppressed [ 235.349113][T13774] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2375'. [ 236.383279][T13815] batadv_slave_1: entered promiscuous mode [ 236.391001][T13813] batadv_slave_1: left promiscuous mode [ 236.543308][T13828] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2400'. [ 236.856955][T13852] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2408'. [ 237.069232][T13864] syzkaller0: entered promiscuous mode [ 237.082890][T13864] syzkaller0: entered allmulticast mode [ 237.507712][ T5911] IPVS: starting estimator thread 0... [ 237.639157][T13895] IPVS: using max 27 ests per chain, 64800 per kthread [ 237.693458][T13910] netlink: 176 bytes leftover after parsing attributes in process `syz.3.2435'. [ 237.850548][T13920] syzkaller0: entered promiscuous mode [ 237.879674][T13920] syzkaller0: entered allmulticast mode [ 237.933753][T13930] netlink: 'syz.4.2444': attribute type 29 has an invalid length. [ 237.948733][T13930] netlink: 'syz.4.2444': attribute type 29 has an invalid length. [ 238.060260][T13935] netlink: 'syz.4.2446': attribute type 3 has an invalid length. [ 238.092414][T13935] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2446'. [ 238.184434][T13940] pim6reg: entered allmulticast mode [ 238.776211][T13981] Bluetooth: MGMT ver 1.23 [ 238.908548][T13992] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 239.040354][T13979] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 239.083415][T13979] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 239.349662][T14018] netlink: 'syz.3.2481': attribute type 10 has an invalid length. [ 239.360875][T14018] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2481'. [ 239.382131][T14018] bond0: entered promiscuous mode [ 239.387828][T14018] bond_slave_0: entered promiscuous mode [ 239.393796][T14018] bond_slave_1: entered promiscuous mode [ 239.401943][T14018] bridge0: port 3(bond0) entered blocking state [ 239.409604][T14018] bridge0: port 3(bond0) entered disabled state [ 239.440284][T14018] bond0: entered allmulticast mode [ 239.446554][T14018] bond_slave_0: entered allmulticast mode [ 239.476938][T14018] bond_slave_1: entered allmulticast mode [ 239.503964][T14018] bridge0: port 3(bond0) entered blocking state [ 239.510423][T14018] bridge0: port 3(bond0) entered forwarding state [ 239.540696][T14031] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2485'. [ 239.732996][T14037] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 240.002022][T14057] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2497'. [ 240.041907][T14046] syzkaller0: entered promiscuous mode [ 240.056204][T14046] syzkaller0: entered allmulticast mode [ 240.072097][T14061] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2498'. [ 241.423921][T14066] tipc: Enabling of bearer rejected, failed to enable media [ 241.469009][T14075] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2496'. [ 241.749919][T14096] syzkaller0: entered promiscuous mode [ 241.766152][T14096] syzkaller0: entered allmulticast mode [ 242.072781][T14120] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2517'. [ 242.111971][T14120] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2517'. [ 242.351090][T14141] syzkaller0: entered promiscuous mode [ 242.356958][T14141] syzkaller0: entered allmulticast mode [ 242.606336][T14151] erspan0: left promiscuous mode [ 242.611588][T14151] erspan0: left allmulticast mode [ 242.664203][T14151] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.872341][T14151] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 242.921280][T14151] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 243.323852][T14151] ip6erspan0: left promiscuous mode [ 243.329299][T14151] ip6erspan0: left allmulticast mode [ 243.340534][T14151] vlan2: left allmulticast mode [ 243.345401][T14151] veth0_to_hsr: left allmulticast mode [ 243.361381][T14151] gretap1: left promiscuous mode [ 243.366655][T14151] gretap1: left allmulticast mode [ 243.400133][T14151] vlan3: left allmulticast mode [ 243.405010][T14151] bond2: left allmulticast mode [ 243.417195][T14151] gretap2: left allmulticast mode [ 243.432494][T14151] vlan4: left allmulticast mode [ 243.437481][T14151] bond3: left allmulticast mode [ 243.456777][T14151] geneve2: left promiscuous mode [ 243.462804][T14151] geneve2: left allmulticast mode [ 243.480662][T14151] veth5: left promiscuous mode [ 243.494548][T14151] veth7: left promiscuous mode [ 243.506899][T14151] bond8: left promiscuous mode [ 243.511680][T14151] bond8: left allmulticast mode [ 243.522790][T14151] batman_adv: batadv0: Interface deactivated: ipvlan2 [ 243.530044][T14151] ipvlan2: left allmulticast mode [ 243.535061][T14151] batadv_slave_1: left allmulticast mode [ 243.554529][T14151] vlan5: left allmulticast mode [ 243.563086][T14151] bond10: left allmulticast mode [ 243.569930][T14151] geneve3: left promiscuous mode [ 243.594800][T14151] bond13: left promiscuous mode [ 243.608955][T14151] vlan6: left allmulticast mode [ 243.615761][T14151] bond14: left allmulticast mode [ 243.621433][T14153] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2533'. [ 243.631536][ T8772] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 243.648422][ T8772] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 20000 - 0 [ 243.658430][ T8772] netdevsim netdevsim1 eth0: unset [1, 1] type 2 family 0 port 20002 - 0 [ 243.667887][ T8772] netdevsim netdevsim1 eth0: unset [1, 2] type 2 family 0 port 6081 - 0 [ 243.676873][ T8772] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 243.685225][ T8772] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 20000 - 0 [ 243.696657][ T8772] netdevsim netdevsim1 eth1: unset [1, 1] type 2 family 0 port 20002 - 0 [ 243.705103][ T8772] netdevsim netdevsim1 eth1: unset [1, 2] type 2 family 0 port 6081 - 0 [ 243.725629][ T8772] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 243.734420][ T8772] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 20000 - 0 [ 243.762732][ T8772] netdevsim netdevsim1 eth2: unset [1, 1] type 2 family 0 port 20002 - 0 [ 243.773224][ T8772] netdevsim netdevsim1 eth2: unset [1, 2] type 2 family 0 port 6081 - 0 [ 243.790103][ T8772] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 243.801206][ T8772] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 20000 - 0 [ 243.813074][ T8772] netdevsim netdevsim1 eth3: unset [1, 1] type 2 family 0 port 20002 - 0 [ 243.822150][ T8772] netdevsim netdevsim1 eth3: unset [1, 2] type 2 family 0 port 6081 - 0 [ 243.845134][T14180] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2541'. [ 244.581591][T14236] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2563'. [ 245.120293][T14256] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2571'. [ 245.256188][T14259] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 245.267311][T14259] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.412716][T14259] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 245.434733][T14259] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.584224][T14259] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 245.610263][T14259] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.720056][T14259] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 245.743060][T14259] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.893076][ T12] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 245.915309][ T12] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.939128][ T12] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 245.948331][ T12] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.974733][ T12] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 245.984185][ T12] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.008550][ T12] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 246.018853][ T12] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.108390][T14306] syz.4.2593: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 246.125256][T14306] CPU: 1 UID: 0 PID: 14306 Comm: syz.4.2593 Not tainted syzkaller #0 PREEMPT(full) [ 246.125283][T14306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 246.125307][T14306] Call Trace: [ 246.125315][T14306] [ 246.125323][T14306] dump_stack_lvl+0xe8/0x150 [ 246.125353][T14306] warn_alloc+0x249/0x340 [ 246.125380][T14306] ? stack_trace_save+0xa9/0x100 [ 246.125406][T14306] ? __pfx_warn_alloc+0x10/0x10 [ 246.125432][T14306] ? kasan_save_track+0x4f/0x80 [ 246.125447][T14306] ? kasan_save_track+0x3e/0x80 [ 246.125463][T14306] ? __kasan_kmalloc+0x93/0xb0 [ 246.125479][T14306] ? __kmalloc_cache_noprof+0x3d1/0x6e0 [ 246.125495][T14306] ? xskq_create+0x56/0x170 [ 246.125526][T14306] ? xsk_setsockopt+0x54c/0x990 [ 246.125547][T14306] ? do_sock_setsockopt+0x17c/0x1b0 [ 246.125566][T14306] ? __x64_sys_setsockopt+0x13d/0x1b0 [ 246.125586][T14306] ? do_syscall_64+0xe2/0xf80 [ 246.125606][T14306] __vmalloc_node_range_noprof+0x132/0x1730 [ 246.125656][T14306] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 246.125682][T14306] ? __kasan_kmalloc+0x93/0xb0 [ 246.125706][T14306] vmalloc_user_noprof+0xad/0xe0 [ 246.125724][T14306] ? xskq_create+0xbf/0x170 [ 246.125750][T14306] xskq_create+0xbf/0x170 [ 246.125779][T14306] xsk_init_queue+0xad/0x110 [ 246.125806][T14306] xsk_setsockopt+0x54c/0x990 [ 246.125831][T14306] ? __pfx_xsk_setsockopt+0x10/0x10 [ 246.125856][T14306] ? __pfx_aa_sk_perm+0x10/0x10 [ 246.125881][T14306] ? aa_sock_opt_perm+0xff/0x1a0 [ 246.125906][T14306] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 246.125925][T14306] ? __pfx_xsk_setsockopt+0x10/0x10 [ 246.125952][T14306] do_sock_setsockopt+0x17c/0x1b0 [ 246.125977][T14306] __x64_sys_setsockopt+0x13d/0x1b0 [ 246.126003][T14306] do_syscall_64+0xe2/0xf80 [ 246.126021][T14306] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.126039][T14306] ? trace_irq_disable+0x37/0x100 [ 246.126057][T14306] ? clear_bhb_loop+0x60/0xb0 [ 246.126079][T14306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.126097][T14306] RIP: 0033:0x7fb6bf99aeb9 [ 246.126115][T14306] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 246.126129][T14306] RSP: 002b:00007fb6c08d3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 246.126149][T14306] RAX: ffffffffffffffda RBX: 00007fb6bfc15fa0 RCX: 00007fb6bf99aeb9 [ 246.126163][T14306] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000004 [ 246.126175][T14306] RBP: 00007fb6bfa08c1f R08: 0000000000000004 R09: 0000000000000000 [ 246.126187][T14306] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 246.126199][T14306] R13: 00007fb6bfc16038 R14: 00007fb6bfc15fa0 R15: 00007ffc7f76cfc8 [ 246.126230][T14306] [ 246.398857][T14306] Mem-Info: [ 246.402132][T14306] active_anon:5824 inactive_anon:0 isolated_anon:0 [ 246.402132][T14306] active_file:3401 inactive_file:39999 isolated_file:0 [ 246.402132][T14306] unevictable:819 dirty:161 writeback:0 [ 246.402132][T14306] slab_reclaimable:12214 slab_unreclaimable:106772 [ 246.402132][T14306] mapped:29375 shmem:1360 pagetables:1160 [ 246.402132][T14306] sec_pagetables:0 bounce:0 [ 246.402132][T14306] kernel_misc_reclaimable:0 [ 246.402132][T14306] free:1315593 free_pcp:14515 free_cma:0 [ 246.477391][T14306] Node 0 active_anon:23096kB inactive_anon:0kB active_file:13604kB inactive_file:159792kB unevictable:1740kB isolated(anon):0kB isolated(file):0kB mapped:117500kB dirty:644kB writeback:0kB shmem:3904kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14332kB pagetables:4496kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 246.526012][T14306] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 246.612061][T14306] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 246.658676][T14306] lowmem_reserve[]: 0 2494 2495 2495 2495 [ 246.681266][T14321] netlink: 207952 bytes leftover after parsing attributes in process `syz.1.2600'. [ 246.697229][T14306] Node 0 DMA32 free:1371604kB boost:0kB min:34216kB low:42768kB high:51320kB reserved_highatomic:0KB free_highatomic:0KB active_anon:23196kB inactive_anon:0kB active_file:13604kB inactive_file:159792kB unevictable:1640kB writepending:644kB zspages:0kB present:3129332kB managed:2554132kB mlocked:96kB bounce:0kB free_pcp:36892kB local_pcp:17128kB free_cma:0kB [ 246.732079][T14306] lowmem_reserve[]: 0 0 1 1 1 [ 246.742116][T14306] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 246.793543][T14306] lowmem_reserve[]: 0 0 0 0 0 [ 246.817884][T14306] Node 1 Normal free:3875088kB boost:0kB min:55668kB low:69584kB high:83500kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:20868kB local_pcp:9024kB free_cma:0kB [ 246.887097][T14306] lowmem_reserve[]: 0 0 0 0 0 [ 246.892158][T14306] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 246.923628][T14306] Node 0 DMA32: 4911*4kB (UME) 2967*8kB (UME) 1362*16kB (UM) 153*32kB (UM) 50*64kB (UM) 23*128kB (UM) 59*256kB (UM) 41*512kB (UME) 60*1024kB (UM) 23*2048kB (UME) 281*4096kB (UM) = 1371828kB [ 246.944388][T14306] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 247.009812][T14306] Node 1 Normal: 202*4kB (U) 43*8kB (UME) 51*16kB (UME) 113*32kB (UME) 33*64kB (UME) 10*128kB (UM) 4*256kB (UM) 5*512kB (UME) 2*1024kB (UM) 1*2048kB (E) 942*4096kB (M) = 3875088kB [ 247.029699][T14306] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 247.039745][T14306] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 247.049372][T14306] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 247.062381][T14306] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 247.096639][T14306] 44756 total pagecache pages [ 247.104470][T14306] 0 pages in swap cache [ 247.111689][T14306] Free swap = 124996kB [ 247.116436][T14306] Total swap = 124996kB [ 247.120597][T14306] 2097051 pages RAM [ 247.124396][T14306] 0 pages HighMem/MovableOnly [ 247.129215][T14306] 426620 pages reserved [ 247.133372][T14306] 0 pages cma reserved [ 247.156839][T14344] syzkaller0: entered promiscuous mode [ 247.162357][T14344] syzkaller0: entered allmulticast mode [ 247.265465][T14352] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2613'. [ 247.288477][T14349] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 247.311654][T14349] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2612'. [ 247.423271][T14358] netlink: 120 bytes leftover after parsing attributes in process `syz.3.2615'. [ 247.456716][T14358] netlink: 'syz.3.2615': attribute type 1 has an invalid length. [ 247.476343][T14358] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2615'. [ 247.600579][T14371] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2622'. [ 247.630443][T14371] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2622'. [ 247.766928][T14384] syzkaller0: entered promiscuous mode [ 247.785663][T14384] syzkaller0: entered allmulticast mode [ 247.787508][T14383] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2627'. [ 247.879892][T14390] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2630'. [ 247.911421][T14390] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2630'. [ 247.930070][T14390] netlink: 'syz.1.2630': attribute type 12 has an invalid length. [ 247.944028][T14390] netlink: 'syz.1.2630': attribute type 11 has an invalid length. [ 248.442098][T14428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 248.632599][T14442] FAULT_INJECTION: forcing a failure. [ 248.632599][T14442] name failslab, interval 1, probability 0, space 0, times 0 [ 248.647239][T14442] CPU: 0 UID: 0 PID: 14442 Comm: syz.0.2653 Not tainted syzkaller #0 PREEMPT(full) [ 248.647263][T14442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 248.647274][T14442] Call Trace: [ 248.647281][T14442] [ 248.647289][T14442] dump_stack_lvl+0xe8/0x150 [ 248.647317][T14442] should_fail_ex+0x412/0x560 [ 248.647345][T14442] should_failslab+0xa8/0x100 [ 248.647368][T14442] kmem_cache_alloc_node_noprof+0x8b/0x6f0 [ 248.647396][T14442] ? __alloc_skb+0x1d7/0x390 [ 248.647415][T14442] ? __local_bh_enable_ip+0xd0/0x130 [ 248.647433][T14442] ? __alloc_skb+0x193/0x390 [ 248.647453][T14442] __alloc_skb+0x1d7/0x390 [ 248.647477][T14442] netlink_ack+0x146/0xa50 [ 248.647494][T14442] ? __pfx_genl_rcv_msg+0x10/0x10 [ 248.647515][T14442] ? __pfx_ethnl_tsinfo_start+0x10/0x10 [ 248.647534][T14442] ? __pfx_ethnl_tsinfo_done+0x10/0x10 [ 248.647557][T14442] ? __pfx_ref_tracker_free+0x10/0x10 [ 248.647586][T14442] netlink_rcv_skb+0x2b6/0x4b0 [ 248.647605][T14442] ? __pfx_genl_rcv_msg+0x10/0x10 [ 248.647629][T14442] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 248.647644][T14442] ? genl_rcv+0x19/0x40 [ 248.647681][T14442] ? down_read+0x272/0x2e0 [ 248.647701][T14442] ? genl_rcv+0xd/0x40 [ 248.647723][T14442] genl_rcv+0x28/0x40 [ 248.647744][T14442] netlink_unicast+0x80f/0x9b0 [ 248.647777][T14442] ? __pfx_netlink_unicast+0x10/0x10 [ 248.647801][T14442] ? __alloc_skb+0x193/0x390 [ 248.647821][T14442] ? netlink_sendmsg+0x650/0xb40 [ 248.647837][T14442] ? skb_put+0x11b/0x210 [ 248.647862][T14442] netlink_sendmsg+0x813/0xb40 [ 248.647890][T14442] ? __pfx_netlink_sendmsg+0x10/0x10 [ 248.647912][T14442] ? aa_sock_msg_perm+0xf1/0x1b0 [ 248.647943][T14442] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 248.647964][T14442] ? __pfx_netlink_sendmsg+0x10/0x10 [ 248.647982][T14442] ____sys_sendmsg+0xa68/0xad0 [ 248.648004][T14442] ? __might_fault+0xaf/0x130 [ 248.648035][T14442] ? __pfx_____sys_sendmsg+0x10/0x10 [ 248.648068][T14442] ? import_iovec+0x73/0xa0 [ 248.648097][T14442] ___sys_sendmsg+0x2a5/0x360 [ 248.648119][T14442] ? __lock_acquire+0x6b5/0x2cf0 [ 248.648147][T14442] ? __pfx____sys_sendmsg+0x10/0x10 [ 248.648202][T14442] ? __fget_files+0x2a/0x420 [ 248.648220][T14442] ? __fget_files+0x3a0/0x420 [ 248.648252][T14442] __x64_sys_sendmsg+0x1bd/0x2a0 [ 248.648278][T14442] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 248.648311][T14442] ? __pfx_ksys_write+0x10/0x10 [ 248.648348][T14442] do_syscall_64+0xe2/0xf80 [ 248.648365][T14442] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.648383][T14442] ? trace_irq_disable+0x37/0x100 [ 248.648400][T14442] ? clear_bhb_loop+0x60/0xb0 [ 248.648421][T14442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.648439][T14442] RIP: 0033:0x7f860c99aeb9 [ 248.648456][T14442] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 248.648472][T14442] RSP: 002b:00007f860d82e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 248.648491][T14442] RAX: ffffffffffffffda RBX: 00007f860cc15fa0 RCX: 00007f860c99aeb9 [ 248.648505][T14442] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 248.648517][T14442] RBP: 00007f860d82e090 R08: 0000000000000000 R09: 0000000000000000 [ 248.648529][T14442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 248.648540][T14442] R13: 00007f860cc16038 R14: 00007f860cc15fa0 R15: 00007ffc16df36a8 [ 248.648570][T14442] [ 249.176218][T14454] netlink: 'syz.0.2656': attribute type 1 has an invalid length. [ 249.202208][T14449] hsr_slave_0 (unregistering): left promiscuous mode [ 249.498555][T14471] FAULT_INJECTION: forcing a failure. [ 249.498555][T14471] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 249.530131][T14471] CPU: 1 UID: 0 PID: 14471 Comm: syz.0.2666 Not tainted syzkaller #0 PREEMPT(full) [ 249.530164][T14471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 249.530174][T14471] Call Trace: [ 249.530181][T14471] [ 249.530189][T14471] dump_stack_lvl+0xe8/0x150 [ 249.530217][T14471] should_fail_ex+0x412/0x560 [ 249.530244][T14471] _copy_to_user+0x31/0xb0 [ 249.530271][T14471] simple_read_from_buffer+0xe1/0x170 [ 249.530295][T14471] proc_fail_nth_read+0x1bb/0x230 [ 249.530322][T14471] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 249.530350][T14471] ? rw_verify_area+0x2a6/0x4d0 [ 249.530374][T14471] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 249.530398][T14471] vfs_read+0x20c/0xa70 [ 249.530419][T14471] ? fdget_pos+0x246/0x320 [ 249.530441][T14471] ? __pfx___mutex_lock+0x10/0x10 [ 249.530460][T14471] ? __pfx_vfs_read+0x10/0x10 [ 249.530485][T14471] ? __fget_files+0x2a/0x420 [ 249.530508][T14471] ? __fget_files+0x3a0/0x420 [ 249.530526][T14471] ? __fget_files+0x2a/0x420 [ 249.530553][T14471] ksys_read+0x150/0x270 [ 249.530580][T14471] ? __pfx_ksys_read+0x10/0x10 [ 249.530614][T14471] do_syscall_64+0xe2/0xf80 [ 249.530633][T14471] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.530651][T14471] ? trace_irq_disable+0x37/0x100 [ 249.530668][T14471] ? clear_bhb_loop+0x60/0xb0 [ 249.530689][T14471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.530706][T14471] RIP: 0033:0x7f860c95b78e [ 249.530722][T14471] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 249.530737][T14471] RSP: 002b:00007f860d82dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 249.530754][T14471] RAX: ffffffffffffffda RBX: 00007f860d82e6c0 RCX: 00007f860c95b78e [ 249.530768][T14471] RDX: 000000000000000f RSI: 00007f860d82e0a0 RDI: 0000000000000004 [ 249.530779][T14471] RBP: 00007f860d82e090 R08: 0000000000000000 R09: 0000000000000000 [ 249.530789][T14471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 249.530800][T14471] R13: 00007f860cc16038 R14: 00007f860cc15fa0 R15: 00007ffc16df36a8 [ 249.530830][T14471] [ 250.455017][T14528] FAULT_INJECTION: forcing a failure. [ 250.455017][T14528] name failslab, interval 1, probability 0, space 0, times 0 [ 250.495692][T14528] CPU: 1 UID: 0 PID: 14528 Comm: syz.3.2689 Not tainted syzkaller #0 PREEMPT(full) [ 250.495717][T14528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 250.495728][T14528] Call Trace: [ 250.495735][T14528] [ 250.495743][T14528] dump_stack_lvl+0xe8/0x150 [ 250.495770][T14528] should_fail_ex+0x412/0x560 [ 250.495795][T14528] should_failslab+0xa8/0x100 [ 250.495816][T14528] __kmalloc_noprof+0xde/0x7e0 [ 250.495834][T14528] ? iovec_from_user+0x87/0x250 [ 250.495862][T14528] iovec_from_user+0x87/0x250 [ 250.495889][T14528] __import_iovec+0x163/0x7e0 [ 250.495922][T14528] import_iovec+0x73/0xa0 [ 250.495949][T14528] vfs_readv+0x1c9/0x840 [ 250.495982][T14528] ? __pfx_vfs_readv+0x10/0x10 [ 250.496014][T14528] ? __fget_files+0x2a/0x420 [ 250.496037][T14528] ? __fget_files+0x3a0/0x420 [ 250.496055][T14528] ? __fget_files+0x2a/0x420 [ 250.496080][T14528] __x64_sys_preadv+0x19f/0x2a0 [ 250.496099][T14528] ? __pfx___x64_sys_preadv+0x10/0x10 [ 250.496127][T14528] do_syscall_64+0xe2/0xf80 [ 250.496144][T14528] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.496165][T14528] ? trace_irq_disable+0x37/0x100 [ 250.496181][T14528] ? clear_bhb_loop+0x60/0xb0 [ 250.496202][T14528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.496220][T14528] RIP: 0033:0x7f658a99aeb9 [ 250.496236][T14528] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 250.496251][T14528] RSP: 002b:00007f6588bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 250.496270][T14528] RAX: ffffffffffffffda RBX: 00007f658ac15fa0 RCX: 00007f658a99aeb9 [ 250.496282][T14528] RDX: 000000000000000a RSI: 0000200000000100 RDI: 0000000000000004 [ 250.496294][T14528] RBP: 00007f6588bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 250.496304][T14528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 250.496314][T14528] R13: 00007f658ac16038 R14: 00007f658ac15fa0 R15: 00007ffcc7ed2f78 [ 250.496341][T14528] [ 251.554293][T14596] netlink: 'syz.4.2718': attribute type 1 has an invalid length. [ 251.890912][T14613] 8021q: adding VLAN 0 to HW filter on device bond10 [ 251.920239][T14613] bond9: (slave bond10): making interface the new active one [ 251.933606][T14613] bond9: (slave bond10): Enslaving as an active interface with an up link [ 251.951718][T14617] bond9: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 251.964995][T14617] bond9: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 252.812002][T14677] workqueue: Failed to create a rescuer kthread for wq "nfc4_nci_rx_wq": -EINTR [ 253.316976][ T52] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 253.349365][ T52] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 253.360205][ T52] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 253.369548][ T52] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 253.377511][ T52] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 253.545067][T14716] vxcan1 speed is unknown, defaulting to 1000 [ 253.748508][T10303] ================================================================== [ 253.756614][T10303] BUG: KASAN: out-of-bounds in __mutex_lock+0x812/0x1300 [ 253.763646][T10303] Read of size 8 at addr ffff8880203480a8 by task khidpd_16bf5505/10303 [ 253.771969][T10303] [ 253.774291][T10303] CPU: 0 UID: 0 PID: 10303 Comm: khidpd_16bf5505 Not tainted syzkaller #0 PREEMPT(full) [ 253.774313][T10303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 253.774324][T10303] Call Trace: [ 253.774331][T10303] [ 253.774338][T10303] dump_stack_lvl+0xe8/0x150 [ 253.774369][T10303] print_report+0xba/0x230 [ 253.774388][T10303] ? __mutex_lock+0x812/0x1300 [ 253.774406][T10303] kasan_report+0x117/0x150 [ 253.774426][T10303] ? __mutex_lock+0x812/0x1300 [ 253.774448][T10303] __mutex_lock+0x812/0x1300 [ 253.774467][T10303] ? __mutex_lock+0x5ac/0x1300 [ 253.774487][T10303] ? l2cap_unregister_user+0x6a/0x1b0 [ 253.774513][T10303] ? __pfx___mutex_lock+0x10/0x10 [ 253.774536][T10303] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 253.774562][T10303] ? lockdep_hardirqs_on+0x7a/0x110 [ 253.774580][T10303] l2cap_unregister_user+0x6a/0x1b0 [ 253.774605][T10303] hidp_session_thread+0x3cb/0x440 [ 253.774632][T10303] ? __pfx_hidp_session_thread+0x10/0x10 [ 253.774657][T10303] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 253.774685][T10303] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 253.774710][T10303] ? __kthread_parkme+0x7a/0x1f0 [ 253.774727][T10303] ? __kthread_parkme+0x19c/0x1f0 [ 253.774746][T10303] kthread+0x726/0x8b0 [ 253.774767][T10303] ? __pfx_hidp_session_thread+0x10/0x10 [ 253.774791][T10303] ? __pfx_kthread+0x10/0x10 [ 253.774811][T10303] ? _raw_spin_unlock_irq+0x23/0x50 [ 253.774835][T10303] ? __pfx_kthread+0x10/0x10 [ 253.774853][T10303] ret_from_fork+0x51b/0xa40 [ 253.774880][T10303] ? __pfx_ret_from_fork+0x10/0x10 [ 253.774904][T10303] ? __switch_to+0xc82/0x1410 [ 253.774928][T10303] ? __pfx_kthread+0x10/0x10 [ 253.774947][T10303] ret_from_fork_asm+0x1a/0x30 [ 253.774976][T10303] [ 253.774983][T10303] [ 253.945615][T10303] The buggy address belongs to the physical page: [ 253.952027][T10303] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888020349d40 pfn:0x20348 [ 253.962074][T10303] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 253.970551][T10303] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 253.978076][T10303] page_type: f8(unknown) [ 253.982308][T10303] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 253.990958][T10303] raw: ffff888020349d40 0000000000000000 00000000f8000000 0000000000000000 [ 253.999526][T10303] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 254.008190][T10303] head: ffff888020349d40 0000000000000000 00000000f8000000 0000000000000000 [ 254.016856][T10303] head: 00fff00000000002 ffffea000080d201 00000000ffffffff 00000000ffffffff [ 254.025522][T10303] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 254.034174][T10303] page dumped because: kasan: bad access detected [ 254.040666][T10303] page_owner tracks the page as allocated [ 254.046361][T10303] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 14716, tgid 14716 (syz-executor), ts 253749229919, free_ts 253744987725 [ 254.064581][T10303] post_alloc_hook+0x228/0x280 [ 254.069334][T10303] get_page_from_freelist+0x24dc/0x2580 [ 254.074864][T10303] __alloc_frozen_pages_noprof+0x18d/0x380 [ 254.080651][T10303] alloc_pages_mpol+0x232/0x4a0 [ 254.085486][T10303] ___kmalloc_large_node+0x4e/0x150 [ 254.090668][T10303] __kmalloc_large_node_noprof+0x18/0x90 [ 254.096286][T10303] __kmalloc_noprof+0x4b8/0x7e0 [ 254.101121][T10303] ib_setup_port_attrs+0xfb2/0x2140 [ 254.106299][T10303] add_one_compat_dev+0x448/0x650 [ 254.111322][T10303] rdma_dev_init_net+0x243/0x2f0 [ 254.116248][T10303] ops_init+0x35c/0x5c0 [ 254.120391][T10303] setup_net+0x118/0x340 [ 254.124611][T10303] copy_net_ns+0x50e/0x730 [ 254.129011][T10303] create_new_namespaces+0x3e7/0x6a0 [ 254.134283][T10303] unshare_nsproxy_namespaces+0x11a/0x160 [ 254.139994][T10303] ksys_unshare+0x4f4/0x900 [ 254.144486][T10303] page last free pid 5841 tgid 5841 stack trace: [ 254.150788][T10303] __free_frozen_pages+0xbf8/0xd70 [ 254.155880][T10303] bt_host_release+0x82/0x90 [ 254.160454][T10303] device_release+0x9e/0x1d0 [ 254.165024][T10303] kobject_put+0x228/0x560 [ 254.169429][T10303] vhci_release+0x15a/0x1a0 [ 254.173918][T10303] __fput+0x44f/0xa70 [ 254.177892][T10303] task_work_run+0x1d9/0x270 [ 254.182484][T10303] do_exit+0x69b/0x2310 [ 254.186627][T10303] do_group_exit+0x21b/0x2d0 [ 254.191201][T10303] get_signal+0x1284/0x1330 [ 254.195690][T10303] arch_do_signal_or_restart+0xbc/0x830 [ 254.201222][T10303] exit_to_user_mode_loop+0x86/0x480 [ 254.206492][T10303] do_syscall_64+0x2b7/0xf80 [ 254.211064][T10303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.216940][T10303] [ 254.219245][T10303] Memory state around the buggy address: [ 254.224868][T10303] ffff888020347f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 254.232910][T10303] ffff888020348000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 254.240951][T10303] >ffff888020348080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 254.248992][T10303] ^ [ 254.254604][T10303] ffff888020348100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 254.262645][T10303] ffff888020348180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 254.270690][T10303] ================================================================== [ 254.279032][T10303] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 254.286228][T10303] CPU: 0 UID: 0 PID: 10303 Comm: khidpd_16bf5505 Not tainted syzkaller #0 PREEMPT(full) [ 254.296034][T10303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 254.306091][T10303] Call Trace: [ 254.309359][T10303] [ 254.312273][T10303] vpanic+0x1e0/0x670 [ 254.316253][T10303] panic+0xc5/0xd0 [ 254.319964][T10303] ? __pfx_panic+0x10/0x10 [ 254.324365][T10303] ? __mutex_lock+0x812/0x1300 [ 254.329122][T10303] ? __mutex_lock+0x812/0x1300 [ 254.333878][T10303] check_panic_on_warn+0x89/0xb0 [ 254.338805][T10303] ? __mutex_lock+0x812/0x1300 [ 254.343553][T10303] end_report+0x6f/0x140 [ 254.347786][T10303] kasan_report+0x128/0x150 [ 254.352274][T10303] ? __mutex_lock+0x812/0x1300 [ 254.357030][T10303] __mutex_lock+0x812/0x1300 [ 254.361609][T10303] ? __mutex_lock+0x5ac/0x1300 [ 254.366359][T10303] ? l2cap_unregister_user+0x6a/0x1b0 [ 254.371725][T10303] ? __pfx___mutex_lock+0x10/0x10 [ 254.376739][T10303] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 254.382535][T10303] ? lockdep_hardirqs_on+0x7a/0x110 [ 254.387719][T10303] l2cap_unregister_user+0x6a/0x1b0 [ 254.392911][T10303] hidp_session_thread+0x3cb/0x440 [ 254.398013][T10303] ? __pfx_hidp_session_thread+0x10/0x10 [ 254.403639][T10303] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 254.409870][T10303] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 254.416098][T10303] ? __kthread_parkme+0x7a/0x1f0 [ 254.421020][T10303] ? __kthread_parkme+0x19c/0x1f0 [ 254.426042][T10303] kthread+0x726/0x8b0 [ 254.430101][T10303] ? __pfx_hidp_session_thread+0x10/0x10 [ 254.435723][T10303] ? __pfx_kthread+0x10/0x10 [ 254.440297][T10303] ? _raw_spin_unlock_irq+0x23/0x50 [ 254.445482][T10303] ? __pfx_kthread+0x10/0x10 [ 254.450070][T10303] ret_from_fork+0x51b/0xa40 [ 254.454652][T10303] ? __pfx_ret_from_fork+0x10/0x10 [ 254.459750][T10303] ? __switch_to+0xc82/0x1410 [ 254.464414][T10303] ? __pfx_kthread+0x10/0x10 [ 254.468986][T10303] ret_from_fork_asm+0x1a/0x30 [ 254.473744][T10303] [ 254.477108][T10303] Kernel Offset: disabled [ 254.481415][T10303] Rebooting in 86400 seconds..