last executing test programs: 6.020855571s ago: executing program 2 (id=1295): write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe1b) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) r0 = socket$rxrpc(0x21, 0x2, 0x2) r1 = socket$igmp(0x2, 0x3, 0x2) bind$rxrpc(r0, &(0x7f0000000340)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x0, @local}}, 0x24) listen(r0, 0x4) listen(r0, 0x6) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000180)) unshare(0x8000400) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x7) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40010) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1802007ffd2f20b1dd156c00000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2000012, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="600000000206010800000000000000000000000005000400000000000900020073797a31000000001400078008001240000000000500140008000000050005000a000000050001000600000011000300686173683a69702c706f7274"], 0x60}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_buf(r5, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r5, &(0x7f0000001940)={0xa, 0x0, 0x1000006, @private0={0xfc, 0x0, '\x00', 0x2}, 0x4005}, 0x1c) sendmmsg$inet6(r5, &(0x7f0000002200)=[{{0x0, 0xf5, 0x0}}], 0x40000000000027f, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x2000c011) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000000)={@broadcast, @broadcast, 0x1, 0x5, [@empty, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty, @multicast2]}, 0x24) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)=ANY=[@ANYBLOB="5c000000090601080000000000000000070000000900020073797a31000000000500010007000000340007801800018014000240fe8000000000000000000000000000bb060004400e1f00cd050007008800000006000540"], 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x3, 0x6, 0xb83, 0x0, 0x0, {0x1, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x800) 4.940159191s ago: executing program 0 (id=1298): ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000006c0)={0xffffffffffffffff}) setsockopt$inet_tcp_int(r0, 0x6, 0x1b, &(0x7f0000000700)=0x3, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x4f}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x54, 0x10, 0x1, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x1438a}, [@IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_RATE={0x10, 0x6, {0xfffffff8, 0x4, 0x9}}]}]}, @IFLA_IFNAME={0x14, 0x3, 'wlan0\x00'}, @IFLA_LINKMODE={0x5, 0x11, 0x9a}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000880}, 0xc010) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x4, 0xfff, 0x7, 0x88, 0xffffffffffffffff, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000300)={@private0, 0x0}, &(0x7f0000000340)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000200)=ANY=[@ANYBLOB="b800000019000100000000000000000000000000000000000000000000000000ff02000000000000000000000000000100000008000000000a00000000000000", @ANYRES32=r5, @ANYRES32, @ANYBLOB="000000000068000000a900000000000000000000000000000001000000000000000000000000000000ffffffffffffffff0082c200000000000000000000000000000000009e00000000000000000000000000000000804000020000000000000800"], 0xb8}}, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x70bd2d, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x5}, {0x0, 0x0, 0x200000000000000}}}, 0xb8}}, 0x2c000010) sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, 0x0, 0x6e6bb5}}, 0xb8}, 0x1, 0x0, 0x0, 0x810}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@empty, @in6=@mcast2, 0x0, 0x8, 0x0, 0x0, 0xa, 0x0, 0x80, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x8000000000000001, 0x6, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000004, 0x800000000000002}}}, 0xb8}}, 0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=@migrate={0xa0, 0x21, 0x1, 0x70bd27, 0x0, {{@in=@rand_addr=0x64010102, @in6=@mcast2, 0x0, 0x0, 0x0, 0x2, 0xa, 0x0, 0xa0, 0x73}}, [@migrate={0x50, 0x11, [{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in=@empty, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@multicast1, 0x3c, 0x4, 0x0, 0x0, 0xa, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x40000}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'bridge0\x00'}) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r9, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r9, 0x0) r10 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000440)=@generic={&(0x7f0000000400)='./file0\x00', 0x0, 0x8}, 0x18) bpf$MAP_CREATE(0x300000000000011, &(0x7f0000000100)=ANY=[@ANYBLOB="2000000004000000410000000000000001000000", @ANYRES32=0x1, @ANYBLOB="0000000000000000000001bcb472a5ad9f000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000000600"/28], 0x48) socket$pppl2tp(0x18, 0x1, 0x1) r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000540)=@bpf_tracing={0x1a, 0x4, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1}, [@ldst={0x0, 0x3, 0x3, 0x7, 0x0, 0xfffffffffffffff8, 0x8}]}, &(0x7f00000000c0)='syzkaller\x00', 0x3, 0xec, &(0x7f0000000200)=""/236, 0x40f00, 0x0, '\x00', r4, 0x1a, r9, 0x8, &(0x7f0000000380)={0x4, 0x2}, 0x8, 0x10, &(0x7f00000003c0)={0x3, 0xb, 0x994e, 0xfffff801}, 0x10, 0x4c40, r1, 0x0, &(0x7f0000000500)=[r10, 0xffffffffffffffff, r11], 0x0, 0x10, 0x9}, 0x94) 3.530384225s ago: executing program 3 (id=1304): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="170000001400010028de4ae677dbdf2502"], 0x20}}, 0x40000c0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x5, 0x2, 0x7, 0x0, 0xffffffffffffffff, 0x98}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000440)}, 0x20) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000d40)={0x24, r4, 0x1, 0x0, 0x0, {}, [@GTPA_LINK={0x8}, @GTPA_VERSION={0x8}]}, 0x24}}, 0x20000800) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, &(0x7f0000001d00)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4002}, [@map_fd={0x18, 0x0, 0x1, 0x0, r2}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xc74}}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 3.321340456s ago: executing program 2 (id=1306): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="4400000010000104000000000005000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e640000000014000280050001000600200008000200", @ANYRES32], 0x44}}, 0x0) 3.3127813s ago: executing program 0 (id=1307): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b18, &(0x7f0000000000)={'wlan0\x00'}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0b00000007000000010001000900000005"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="18"], 0x0}, 0x90) bpf$MAP_LOOKUP_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000001840), 0xfffffff7, r2}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000080)={0x0, &(0x7f0000001900)=""/4108, &(0x7f00000000c0), &(0x7f0000000440), 0x2, r2}, 0x38) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r6, @ANYRESOCT=r1], 0x58}}, 0x0) sendmsg$NL80211_CMD_ABORT_SCAN(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)={0x1c, r0, 0x400, 0x0, 0xe7030000, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}}, 0x0) 3.124362115s ago: executing program 3 (id=1308): r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000000), &(0x7f0000000040)=0x4) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000cc0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x4000000, {0x0, 0x0, 0x0, r1, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x5, 0x1, {{0x1, 0x2, 0x0, 0x1c, 0x0, 0xfffffb81}, {0xef, 0x0, 0x1}, 0x0, 0x1}}, @TCA_TBF_PTAB={0x404, 0x3, [0x1, 0x0, 0x167, 0x6, 0x9, 0x7ff, 0x7, 0x1, 0x6, 0x13f, 0x5, 0x8, 0x10000, 0x1ff, 0x1, 0x1ff, 0x9, 0x8, 0x5, 0xb, 0x8, 0xd, 0x6, 0x9, 0x8, 0x7, 0x16, 0x8, 0x80, 0x7fff, 0x8, 0x400, 0x8, 0x6, 0x3, 0x16, 0xfffffc00, 0xfffffffe, 0xfff, 0xf, 0x3ff, 0x80, 0x8001, 0xaf, 0x800, 0xd, 0x6, 0x3, 0x7f, 0x0, 0x40000000, 0x97, 0x2, 0x4, 0x9, 0x5, 0x4, 0x8001, 0x4, 0x6, 0x1, 0x7, 0x7, 0x40, 0x0, 0x1000, 0x5a, 0x4, 0x6, 0x2, 0x4, 0x2, 0x5, 0x3, 0xc, 0x80000001, 0x7fff, 0x0, 0x2, 0x2, 0x7, 0x3, 0x1000, 0x0, 0x4, 0x9, 0xe, 0x900, 0x8, 0xd61, 0x5, 0x9, 0x6, 0x0, 0x5, 0x5, 0x0, 0x2, 0x6, 0x5, 0x5, 0x5, 0x80000000, 0x9, 0xe, 0xe5ea, 0x7, 0x73, 0x10001, 0x7, 0x8f1b, 0x3, 0x80000000, 0x602, 0xfffffffd, 0x3, 0x7, 0x80000000, 0xfffffff7, 0xfff, 0x4, 0x3, 0x7d, 0x3ff, 0x2, 0xfffffefe, 0x1, 0x244f, 0x8, 0xffffffff, 0x7fff, 0xfffffff8, 0x7f, 0x80, 0x2, 0x6, 0xa6e, 0x5, 0x1, 0x9, 0x3, 0xb, 0x9, 0x3, 0x30, 0x3, 0x3, 0x3, 0xfffffff9, 0x1, 0x101, 0x80, 0xd8, 0x10001, 0x8, 0x3, 0x3, 0x0, 0x200040, 0xfffffff7, 0xc, 0x3, 0x4cdd072, 0xd, 0x9, 0x0, 0xffff301e, 0x90000, 0x0, 0x2, 0x0, 0x606, 0x6, 0x4, 0x1, 0x80000001, 0xfffffffc, 0xd40e, 0xfffffff7, 0x1, 0xd3f, 0xe48e, 0x3, 0x8, 0x3, 0x8, 0x77, 0xf, 0xeca, 0x8d, 0xe051, 0x6, 0x4, 0xab5, 0x3, 0xffffffbc, 0x8, 0x7, 0x16e4, 0x5, 0x8, 0x5e, 0xffff, 0x8, 0x8000, 0x328, 0x5, 0x3, 0x515240d2, 0x1, 0x2, 0xe4, 0x4, 0xc1f5, 0x3, 0x9, 0x8, 0x3ff, 0x0, 0x11f, 0x8, 0xe8dd, 0x1, 0x8, 0x2, 0x8c, 0xffffffff, 0x9, 0x4, 0x46e, 0x7f, 0x0, 0x5, 0x1, 0x0, 0x5cd, 0x9, 0x277b, 0x3, 0x3, 0x5, 0x80000000, 0x80000000, 0x4, 0x0, 0x8, 0x8000, 0x100, 0x8000, 0x3, 0x1ff, 0x3069, 0xc, 0x400, 0x9, 0x400]}]}}]}, 0x45c}, 0x1, 0x0, 0x0, 0x4815}, 0x0) 2.921777339s ago: executing program 4 (id=1309): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x10, 0xd, &(0x7f0000000100)=ANY=[@ANYBLOB="180200000000000000000000000000008510000001000000950000000000000018010000202073250000000000202020731af8ff00000000bfa100000000000007010000f8fffffdb702d00008000000b703000000000028850000006c00000095"], &(0x7f00000000c0)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) 2.890972618s ago: executing program 0 (id=1310): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x3, {0x41}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x9c, 0x30, 0xb, 0x70bd2b, 0x0, {}, [{0x88, 0x1, [@m_ct={0x84, 0x1, 0x0, 0x0, {{0x7}, {0x5c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x7ff, 0x1000, 0x0, 0x0, 0x400}}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @ipv4={'\x00', '\xff\xff', @local}}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e24}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e21}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4008890}, 0x40) sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000480)=ANY=[@ANYBLOB="400000000102010200000000000000000200000106000740000400002400018014000180080001"], 0x40}, 0x1, 0x0, 0x0, 0x20049804}, 0x200000c4) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r7 = accept4(r6, 0x0, 0x0, 0x800) sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3", 0xffffffe4}], 0x3}], 0x1, 0x40800) recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000800)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='&'], 0x10) close(r4) close(r5) recvmmsg(r1, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/89, 0x59}], 0x1}, 0xc0000}], 0x1, 0x40002022, 0x0) getsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f0000000040), &(0x7f0000000140)=0x4) 2.588190106s ago: executing program 4 (id=1312): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) unshare(0x22020400) (async) connect(r1, &(0x7f00000001c0)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x4e22, @local}, 0x2, 0x0, 0x1, 0x1}}, 0x80) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a60000000060a0b0400000000000000000200000034000480300001800a0001006d61746368000000200002800e000100636f6e6e62797465730000000400030008000240000000000900010073797a30000000000900020073797a32000000002a0000001100010000000000000000000300000a"], 0x88}}, 0x0) (async) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) (async) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000000)={0x0, 0x3723}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000180)=@assoc_id=r3, 0x4) 2.428548547s ago: executing program 0 (id=1314): socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) (async) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000640)=0x17ff, 0x4) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40) sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x8084) (async) sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x8084) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000680)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)={0x40, r1, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) 2.236786956s ago: executing program 3 (id=1315): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b70000008100003bbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff000000007110af00000000001d400500000000004704000001ed00000f030000000000009f440000000000006b0a18fe000000007313000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff31a8fd3c0fd8b7ff831028e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646c0200000000000000020000e35208b0bb0d2cd829e654400e2438ec649dc76128610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda82fc9c4d7ecc7a803bf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714f62ba7a54f0c33d39000d0bfed3a6a59ff616236fd8f2477184bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06fa2e04cfe0649226c697d9e8eaade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00023ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a83469620c6e74e1f46132559c4f8700a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88f15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a920099c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40fc5d2f55ff07c53147de202ce517b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661061173f359e9052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff26b61aac8aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3ba18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e26534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336dfaa6d5d164301190bc2d4c04087729033342045804a28082abc3b4762302a271722fb515f31e0dd115a292f1e68481a62c49d15ea5460a29c60b1058fb7aa9bf4ee3cbe11b03711a15d730646b72d074dab1e8c429339f3460d324c17a4a8bfc7d7eab45bef00664d6dc82300000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=@newlink={0x4c, 0x10, 0x403, 0x58bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646, 0x20}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x1}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x88a8}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4408}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TTL_INHERIT={0x5, 0xc, 0x1}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 2.179079205s ago: executing program 2 (id=1316): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) (async) syz_emit_ethernet(0x4c, &(0x7f0000000140)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "000004", 0x16, 0x11, 0xff, @remote, @local, {[], {0x3, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3, 0x0, @val=0xe00}, "ff300afe4e70"}}}}}}}, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0xc}, 0x8) (async) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f0000000040)=0x3a, 0x4) getsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f00000002c0), &(0x7f0000000500)=0x4) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@getnexthop={0x20, 0x76, 0xb0d, 0x0, 0x0, {0x3}, [@NHA_MASTER={0x8, 0xa, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4080}, 0x20000000) (async) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x6}]}, &(0x7f0000000640)=0x10) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000100), 0x4) 2.043602882s ago: executing program 4 (id=1317): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000bc0)={{r0, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000000)='%+9llu \x00'}, 0x20) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="3400000019000109000000000000000002180000000000000000000008000100ac1414"], 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x10, &(0x7f0000000240)=0x8000, 0x4) ioctl$int_in(r3, 0x5421, &(0x7f0000000340)=0xfff) connect$unix(r3, &(0x7f0000000080)=@abs={0x1, 0x0, 0x4e24}, 0x6e) connect$unix(r3, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1, r0}, 0x4) r5 = socket(0x10, 0x803, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3800000056000100000000000000000007020000", @ANYRES32=r6, @ANYBLOB="200001"], 0x38}}, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000001b40)={0x1d, 0x18, &(0x7f0000001a80)=ANY=[@ANYBLOB="180000000300000000000000030000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000010000a0850000002d000000b7080000000000007b8af8ff00000000b7080000010000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYRESOCT=r5], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0xf3, 0x0, r4, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x4}, 0x50) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r9, 0x0) r10 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000580)=@generic={&(0x7f0000000540)='./file0\x00'}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xc, 0x1a, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x80000001}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@alu={0x7, 0x1, 0x7, 0xa, 0x6, 0x2, 0x4}, @jmp={0x5, 0x1, 0x0, 0xa, 0x1, 0xfffffffffffffffe, 0x4}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x3}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x7}, @jmp={0x5, 0x1, 0x5, 0x8, 0x0, 0x2, 0x1}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000400)='syzkaller\x00', 0x2, 0x2e, &(0x7f0000000440)=""/46, 0x40f00, 0x38, '\x00', 0x0, @fallback=0x8, r9, 0x8, &(0x7f00000004c0)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x0, 0xa, 0x1, 0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x1, &(0x7f00000005c0)=[r4, r10], &(0x7f0000000640)=[{0x1, 0x5, 0x4, 0x9}], 0x10, 0x10001}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000007c0)={r7}, 0xc) 1.704852016s ago: executing program 3 (id=1318): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000e00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}}], {0x14}}, 0x88}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = epoll_create(0x5) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000100)={0xa9c17475d4ced89e}) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x50, 0x2, 0x6, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xfffffffc}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e21}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4080}, 0x20004000) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x18, r4, 0x2, 0x70bd2f, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}, 0x1, 0xff07}, 0x2000000) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r5) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x5, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@call={0x85, 0x0, 0x0, 0x29}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f00000001c0)='GPL\x00', 0xf, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x320e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x64, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT_TO={0x6}, @IPSET_ATTR_PORT={0x6}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x6}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}]}, 0x64}}, 0x0) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x14, r11, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008004) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f00000001c0)={'wpan0\x00'}) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010026bd7000ffdbdf240065000500350007000000050036008100000005003300050000000500360001000000235c98a69e8227fcbd0df76b4b33794bd79f255262c042d463a6c524ac3a2ddced10ffe60b8887aabb2cad6ef799f63456c4c46dbe5ddfef5c1f0ed8a6a07d6b76d50100a55298d7886425f2654c6d6bafc9e4ed33d6a01acc34b2a400"], 0x34}}, 0x0) 1.639974442s ago: executing program 4 (id=1319): syz_emit_ethernet(0x246, &(0x7f0000000000)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0x210, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "8bb91d", 0x0, 0x11, 0x0, @local, @empty, [@fragment, @hopopts={0x0, 0x3a, '\x00', [@ra, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @generic={0x0, 0x4d, "a17e9ab13f6e142b20582c8d220c698a74dbf13dfc0ad1f526dfc43313759300929090dd4792ce67ea9f8769d3246f94412c56e0247939ed4b318e4b6066b72d91d9aff97fcf30977dfd4028de"}, @ra, @generic={0x0, 0x8c, "65fd1a52737fa1ec91495f4d25a766a5dd36bcffb376f4b35d4a5bc51b0f8fb9a273282a9c8ef192a4de26c8732765dbeb6ce083e81cebf0612d1cc7956b78fb34ce0e4a867c8b4094bab04b23680ba97ad5c624055e8504a7a121cf38a402a7aa80e05dbe56fecab8b014420231c0e997cbfda9bdc7f29e3a8b13dcfc396cf6ff1fcd8a7f43a107871fdd7e"}, @generic={0x0, 0x31, "8b168e4b48529453d91cea424030c8b200632af95e7c30322241dd567db14507f8b523b418a0edc41397a2f639f9f6c3b3"}, @generic={0xcc, 0xb1, "096b92bd157e46e368dcc6b270d4047bcef994504c03bb4fbd39e6376959844c297e6cf3d50c29a293032c2c0dfff5fa7bc635f6e3c2e1cddaf9c6d6f8d109b3aa3dbd9e035fd2d7bee98302bf7836a1ad6e0df7f9d541baeb05119c2b9bad311c3a928c8e3f4e6fc2d1f98878b4decd71839f46c15e83b448df116784906946d509c3b696698bd8b8f9e5bba2307c9a71ae459e6492c58c1ad6940a25b7012613e8882f24a3897adf9728de5eedff0e7d"}]}]}}}}}}}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) r3 = getpid() r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xc, 0x5, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0xfffffff9}, [@map_idx={0x18, 0x0, 0x5, 0x0, 0xe}]}, &(0x7f0000000100)='GPL\x00', 0x5, 0x3b, &(0x7f0000000140)=""/59, 0x41100, 0x10, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x2, 0x4}, 0x8, 0x10, &(0x7f0000000200)={0x0, 0x0, 0x7, 0x80}, 0x10, 0x0, 0xffffffffffffffff, 0x7, &(0x7f0000000240)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000280)=[{0x2, 0x4, 0xe, 0x8}, {0x3, 0x2, 0xe, 0xa}, {0x4, 0x3, 0x6, 0x3}, {0x2, 0x1, 0x7, 0x6}, {0x2, 0x3, 0x9, 0x6}, {0x5, 0x4, 0xa, 0x8}, {0x0, 0x5, 0xb, 0x8}], 0x10, 0x9}, 0x94) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000680)={@fallback, 0xffffffffffffffff, 0x1, 0x8, 0x0, @void, @value=r4}, 0x20) write$cgroup_pid(r1, &(0x7f0000000180)=r3, 0x12) r5 = openat$cgroup_procs(r2, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000380), 0x12) r6 = socket$inet_icmp(0x2, 0x2, 0x1) ioctl$BTRFS_IOC_RESIZE(r6, 0x50009403, &(0x7f0000000340)={{r4}, {@void, @max}}) r7 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_FIOGETOWN(r7, 0x8903, &(0x7f0000000300)) 1.563012511s ago: executing program 1 (id=1320): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010000000"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000001c0)=r0}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r0}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x8, &(0x7f0000000100)=@framed={{0x18, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @map_fd={0x18, 0x1, 0x1, 0x0, r1}, @exit={0x95, 0x0, 0x7b00}, @call={0x85, 0x0, 0x0, 0x13}]}, &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x41000}, 0x94) 1.382548709s ago: executing program 4 (id=1321): r0 = socket(0x1d, 0x80802, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x1, {0x0, 0xff, 0x3}, 0xfe}, 0x18) sendmsg$key(r0, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f00000005c0)={0x2, 0x56, 0x3, 0x0, 0x2, 0x0, 0x70bd29, 0x25dfdbfd}, 0x10}}, 0x50050) writev(r0, &(0x7f0000002b40)=[{&(0x7f0000000140)="fb74", 0x2}], 0x1) 1.311126772s ago: executing program 1 (id=1322): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000001100), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000001140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000040)={0x28, r3, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="f9b7b5acfe1e"}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8000000) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x54, r3, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xd}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x401}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x400}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xfffffffb}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x48050}, 0x4000000) r5 = socket$inet(0xa, 0x801, 0x84) listen(r5, 0x5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x38, r7, 0x801, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "04c6f64f08"}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000011}, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) shutdown(r5, 0x0) accept4(r5, 0x0, 0x0, 0x0) 1.219955804s ago: executing program 0 (id=1323): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0xb368f4ff5519c3e8}, 0x850) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0\x00', 0x0}) bind$packet(r1, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x6, 0x6, @remote}, 0x14) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a88000000060a010400000000000000000a0000010900010073797a31000000005c000480580001800b0001007461726765740000480002802c0003009ac420002e2eafb9fdd672bad09dfb78c7699c74e82fa0c70000000000000000000000000000000008000240000000000e00010049444c4554494d45520000000900020073797a32"], 0xb0}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) 1.135554634s ago: executing program 1 (id=1324): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x10, 0xd, &(0x7f0000000100)=ANY=[@ANYBLOB="180200000000000000000000000000008510000001000000950000000000000018010000202073250000000000202020731af8ff00000000bfa100000000000007010000f8fffffdb702f30008000000b703000000000028850000006c00000095"], &(0x7f00000000c0)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) 955.073407ms ago: executing program 3 (id=1325): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="500000002700010000000000000000000a000100000000000000000000006f330000010100000000e8000000000000000000000000000800000000002b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x50}, 0x1, 0x0, 0x0, 0x2000c0c0}, 0x0) r1 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x13, 0x0, @void}, 0x10) bpf$ITER_CREATE(0x21, &(0x7f00000010c0)={r1}, 0x8) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x80, 0x0, 0x1, 0x5, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x62, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0xffffffc3, 0x1, @dev={0xac, 0x14, 0x14, 0x27}}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0x24, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x100e}]}, 0x80}}, 0x0) syz_emit_ethernet(0xae, &(0x7f00000004c0)=ANY=[@ANYBLOB="cfb14e407d33aaaaaaaaaa2e86dd697a262d00383a01fe8000000000000000000000000000aaff0200000000000000000000000000010200907800008001620000000009ff0066a810d78486e0d9f089d3c66100000000000000000000000000000001000000000000000000"], 0x0) syz_emit_ethernet(0x102, &(0x7f0000002000)={@multicast, @remote, @void, {@ipv6={0x86dd, @dccp_packet={0x7, 0x6, "a01841", 0xcc, 0x21, 0x0, @private0, @mcast1, {[@fragment={0x0, 0x0, 0xb, 0x0, 0x0, 0x3, 0x64}], {{0x4e23, 0x4e20, 0x4, 0x1, 0x7, 0x0, 0x0, 0x0, 0x3, "efba27", 0xf9, "d9f495"}, "db8e4e9536f2d28a467d036eb4259e2901a4e889f3db8cd65ab773c0c269bcf6680ec5e3791a80000693b47840a527fba6c4cb3557002da15e4e761347bc73278768b772fd66439cb9994d735e86e93949bc8ceb0385323b523cb0dd85a2645ceeb1962a73058b8917beb141241e5d804baa0c31398876836ed19b05b0a38ecdb2432422d8bb6f839e1b6fb72bebb0e05f64e3cf092331b7ac4c507cd4ee632b85474229e1ac17811f5cbf05ddf685afee06e032"}}}}}}, 0x0) syz_emit_ethernet(0x1e, &(0x7f0000000200)={@remote, @remote, @void, {@can={0xc, {{0x0, 0x0, 0x0, 0x1}, 0x0, 0x3, 0x0, 0x0, "2dc9c01da586ff0b"}}}}, &(0x7f0000000240)={0x0, 0x4, [0x8da, 0x376, 0x9c3, 0xef6]}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x80000) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SIOCGSTAMPNS(r2, 0x8907, &(0x7f0000001200)) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000300)={0xa, 0x4e24, 0x6bb, @ipv4={'\x00', '\xff\xff', @local}, 0x5}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r6, &(0x7f00000001c0), 0x10) setsockopt$CAN_RAW_ERR_FILTER(r6, 0x65, 0x2, &(0x7f00000005c0)=0x1, 0x4) r7 = socket(0x10, 0x3, 0x0) write(r7, &(0x7f0000000000)="2400000011005f0414f9f4070009041f810000000e0000000000000008000f0001000000", 0x24) syz_emit_ethernet(0x3e, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0xc, &(0x7f0000000080)=0x1, 0x4) r8 = socket$inet(0x2, 0x2, 0x73) setsockopt$inet_int(r8, 0x0, 0x2, 0x0, 0x0) shutdown(r5, 0x0) recvmmsg(r5, &(0x7f0000001f00)=[{{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/38, 0x26}, {&(0x7f0000000100)=""/224, 0xe0}, {&(0x7f0000000200)=""/4096, 0xfffffffffffffeac}, {&(0x7f0000001980)=""/124, 0x7c}, {&(0x7f0000001280)=""/60, 0x3c}], 0x5}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000012c0)=""/26, 0x1a}, 0x800}, {{&(0x7f0000001700)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000001e80)=[{&(0x7f0000001d00)=""/213, 0xd5}, {&(0x7f0000001e00)=""/53, 0x35}, {&(0x7f0000001e40)=""/2, 0x2}], 0x3, &(0x7f0000001ec0)}, 0x3}, {{&(0x7f0000001380)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x80, &(0x7f0000001840)=[{&(0x7f0000001400)=""/149, 0x95}, {&(0x7f0000001b00)=""/118, 0x76}, {&(0x7f0000001540)=""/188, 0xbc}, {&(0x7f0000001600)=""/57, 0x39}, {&(0x7f0000001640)=""/125, 0x7d}, {&(0x7f00000014c0)=""/101, 0x65}, {&(0x7f0000001a00)=""/171, 0xab}], 0x7, &(0x7f00000018c0)=""/176, 0xb0}}], 0x4, 0x40000000, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000001780)=ANY=[@ANYBLOB="3c00000002060108000000000000003a63bd754308d5c69a4404ac000000004005000400000000000900020073797a310000000011000300686173683a69702c6d61726b00000000"], 0x3c}}, 0x0) 907.673881ms ago: executing program 1 (id=1326): socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000b00)=ANY=[@ANYBLOB="f00000000002030000000000000000000700000978000a805c0002800c00028005000100840000001400018008000100ffffffff08000200ac1414aa0c0002800500010021000000060003400001000006000340000300001400018008000100ac1414bb08000200ffffffff060003400000000008000140000000010800014000000001080001400000000164000a8008000140000000000800014000000001500002800c000280050001002f0000000c000280050001008400000006000340000000000c00028005000100880000000c000280050001008800000006000340000200000c000280050001003a00000009a436073ae8d503ec013d76c17810b6cda165fc4e8bb820dd3a3be42c96750ba472d42a5217a43bed8dc519b364f45cb4ef264441f971f56db520d357a2a83e51acaec05958966fb92ae6091f94ec17e2da8d1fcfc426bd8d7fa1271eb810b72b6fa3edbe"], 0xf0}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=ANY=[@ANYBLOB="38000000020101010800000000000000030000001400108008000240000000070800034000000fff10000e800c"], 0x38}}, 0x24000881) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="680000000101010200000000000000000a00000908001a4000010000080015400000496d0c001880080003400000397d38"], 0x68}, 0x1, 0x0, 0x0, 0x4800}, 0x4) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001c008102e00f80ecdb4cb9f207c804a00d00000088081afb0a0002000a0ada1b40d80800c500c50083b8", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001700)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a00)=@newqdisc={0x9c, 0x24, 0x3fe3aa0262d8c783, 0x4, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x0, 0x10}, {0xffff, 0xffff}, {0x0, 0x16747c6d2baaace}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x2, 0x7, 0x401, 0x0, 0x10000}, 0x609d, 0x4, 0x8, 0xfffffffa, 0x2738, 0x2, 0x18, 0x1, 0x6, 0xe, {0xe389, 0x5, 0x5, 0x0, 0x9, 0x2}}}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1f, 0x7, 0x0, 0x2, 0x0, 0x2, 0x65}}, {0x4}}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x20004090}, 0x24008080) r3 = socket(0x10, 0x803, 0x0) sendto(r3, &(0x7f0000000040)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400}) r4 = socket$inet(0x2, 0x3, 0x2) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000002ec0)=ANY=[@ANYBLOB="02000000040000000700000009"], 0x48) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0d00000003000000040000000100000000000000", @ANYRES32=r3, @ANYRES16=0x0, @ANYBLOB="e679ee7fd0ed400334f47c800b3d7a8d9e03ab55127a7224d36e8acfe87eca609fef6dfa2d00b5f5b7d9ee734af8e8cbb307e48a9c3237900485ba7d10c9ad76103951c0979bc241adb482f2e5a571d9dedbd149d438f8045eddb146f534689981352e96060e454412973a04195677d2489348f8da408d1e5fe3555243cffadec67223177d7852c77806844ec201e8c967897c526f90862b5804abc4a59290c1c33835d42127701df56c6850756b211e0f2e420447045a3c736cda903f0f117f941efec4f1bbc73b45", @ANYRES16, @ANYRESOCT, @ANYRES32=r3], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r6}, &(0x7f0000000840), &(0x7f0000000880)=r5}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000e80)={r6, &(0x7f0000000d40), 0x0}, 0x20) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000002680)={0x0, 0x0, &(0x7f0000002640)={&(0x7f0000000000)={0x13, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3, 0x0, 0x208}, [@IPSET_ATTR_DATA={0x0, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x0, 0x3, 0x2}, @IPSET_ATTR_PORT_TO={0x0, 0x5, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_LINENO={0x0, 0x9, 0x1, 0x0, 0x1}, @IPSET_ATTR_IP2_TO={0x0, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x0, 0x2, 0x1, 0x0, @rand_addr=' \x01\x00'}}]}]}, 0x14}, 0x1, 0x0, 0x0, 0x24008010}, 0x4400d040) r7 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$inet6_int(r7, 0x29, 0x16, &(0x7f0000fcb000), 0x4) socket$inet6(0xa, 0x3, 0xff) close(0x4) setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000280)={@remote, @local, @remote}, 0xc) syz_emit_ethernet(0xa4, &(0x7f0000000c80)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @val={@void, {0x8100, 0x7, 0x1, 0x3}}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x92, 0x64, 0x0, 0x2, 0x2, 0x0, @remote, @multicast2}, @redirect={0x5, 0x2, 0x0, @broadcast, {0x1c, 0x4, 0x3, 0x1, 0xeb, 0x64, 0x7, 0x6c, 0x6c, 0x8, @broadcast, @private=0xa010100, {[@generic={0x83, 0x10, "d8e0ad4364b9690042daa7ac5332"}, @timestamp={0x44, 0x18, 0xf9, 0x0, 0x8, [0xc, 0x4, 0xfffffffc, 0x8, 0x5]}, @timestamp_addr={0x44, 0x4, 0xed, 0x1, 0x2}, @ra={0x94, 0x4, 0x1}, @timestamp={0x44, 0x24, 0x85, 0x0, 0x7, [0x6, 0x7, 0x9, 0xe, 0x7, 0x7, 0xd314, 0x4]}, @noop, @ra={0x94, 0x4, 0x1}]}}, "0ad3ae3fdf41"}}}}}, 0x0) 759.163487ms ago: executing program 2 (id=1327): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="4400000010000104000000000005000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e640000000014000280050001000600210008000200", @ANYRES32], 0x44}}, 0x0) 543.328562ms ago: executing program 1 (id=1328): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b70000008100003bbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff000000007110af00000000001d400500000000004704000001ed00000f030000000000009f440000000000006b0a18fe000000007313000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff31a8fd3c0fd8b7ff831028e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646c0200000000000000020000e35208b0bb0d2cd829e654400e2438ec649dc76128610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda82fc9c4d7ecc7a803bf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714f62ba7a54f0c33d39000d0bfed3a6a59ff616236fd8f2477184bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06fa2e04cfe0649226c697d9e8eaade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00023ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a83469620c6e74e1f46132559c4f8700a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88f15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a920099c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40fc5d2f55ff07c53147de202ce517b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661061173f359e9052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff26b61aac8aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3ba18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e26534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336dfaa6d5d164301190bc2d4c04087729033342045804a28082abc3b4762302a271722fb515f31e0dd115a292f1e68481a62c49d15ea5460a29c60b1058fb7aa9bf4ee3cbe11b03711a15d730646b72d074dab1e8c429339f3460d324c17a4a8bfc7d7eab45bef00664d6dc82300000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=@newlink={0x4c, 0x10, 0x403, 0x58bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646, 0x20}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x1}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x88a8}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4408}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TTL_INHERIT={0x5, 0xc, 0x1}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 540.013089ms ago: executing program 3 (id=1329): r0 = socket$packet(0x11, 0x2, 0x300) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x2000011, r0, 0x2000) r1 = socket$unix(0x1, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000200)={0x1d, r2}, 0x10) sendmsg$can_bcm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000f9fe68ca7e4d5d5bdbe70000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r2, @ANYRES64=r1, @ANYBLOB="3bf81bb9e9"], 0x20000600}}, 0x0) sendmsg$sock(r3, &(0x7f0000001940)={&(0x7f00000002c0)=@sco={0x1f, @none}, 0x80, &(0x7f0000000000), 0x5, &(0x7f00000008c0)=[@timestamping={{0x14}}], 0x18}, 0x0) sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="20002abd7000fddbdf250c0000000c0099008100f8"], 0x20}, 0x1, 0x0, 0x0, 0x40004}, 0x4000000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newtaction={0x14, 0x30, 0x9}, 0x14}}, 0x0) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000004000ffff0900010073797a30000000000900020073797a31000000001400038008"], 0x138}, 0x1, 0x0, 0x0, 0x20040855}, 0x4000000) r4 = socket$kcm(0x10, 0x2, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="8b332dbd7000fdffffff1500000008000300", @ANYRES32=r8, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x2004c014}, 0x0) r9 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r9, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) setsockopt$packet_int(r9, 0x107, 0xa, &(0x7f0000000240)=0x1, 0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd0002800800"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x0, 0xc940}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bond={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BOND_DOWNDELAY={0x8}, @IFLA_BOND_MODE={0x5, 0x1, 0x6}, @IFLA_BOND_AD_LACP_ACTIVE={0x5, 0x1d, 0x5}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x41055}, 0x0) 355.974235ms ago: executing program 1 (id=1330): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r1, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0xe23, @remote}, 0x10, &(0x7f0000000680)=[{&(0x7f0000000380)='_', 0x1}], 0x1}, 0x448e4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r3, 0x1, 0x4c, &(0x7f0000000000), 0x4) sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x2000) ioctl$sock_inet_SIOCADDRT(r4, 0xff09, 0x0) setsockopt$sock_attach_bpf(r1, 0x84, 0x1e, &(0x7f0000000000), 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=@newtaction={0x78, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x64, 0x1, [@m_ctinfo={0x60, 0x1, 0x0, 0x0, {{0xb}, {0x34, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0xb, 0x7fffffff, 0x20000000, 0x5, 0x1000}}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0xbd}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x5e9}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x5}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x440c0}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="4000000010003b1500000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="41040000015001001800128008000100677470000c00028008000100", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT=r1], 0x40}}, 0x0) 197.128107ms ago: executing program 2 (id=1331): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getpeername(r0, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x0}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000001440)=""/67, 0x43}], 0x1}, 0x40000000) 139.204019ms ago: executing program 4 (id=1332): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000040)=0x1b32, 0x4) sendto$inet(r3, &(0x7f0000000540)='v', 0x1, 0x4040, 0x0, 0x0) recvmmsg(r3, &(0x7f0000004440)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=""/4096, 0x1000}, 0x1}], 0x1, 0x40012021, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="05000000050000000200000004"], 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x6, 0x4, 0x2003, 0x2}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000007200000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000480)={r5}, 0xc) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=@newqdisc={0x48, 0x24, 0xd0f, 0x470bd2d, 0xfffffffd, {0x60, 0x0, 0x0, r2, {0x0, 0xfff2}, {0xfff1, 0xffff}, {0x0, 0xd}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x7}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x83}, @TCA_RATE={0x6, 0x5, {0x48, 0x6}}]}, 0x48}, 0x1, 0x0, 0x0, 0x24000040}, 0x0) 87.002089ms ago: executing program 0 (id=1333): r0 = socket$kcm(0x2d, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x6, 0x31, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x100000005, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) ioctl$sock_inet_udp_SIOCINQ(r2, 0x541b, &(0x7f00000011c0)) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000006c0)={0x2, 0x4620, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet_udp_int(r3, 0x11, 0x67, &(0x7f0000000240)=0x2, 0x4) sendto$inet(r3, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23ad87fb7019706ccae98cfe7c4fd23e8297b8cabc46ede1ac3da78f1b488c6357e7edfcd417df6660af20a54ecdcb02f689ae15ee655d4b7b1ea733e88ee9f53669388dff487c1c49953f3bc142112bd4b582b29b35d43962ed245c2cd5d5df40a3e0ed6beaf3b641e84b0f0dfa121a9efe05269f9f4a0e9bcbf43c7a90a711f453668c730c3badedca687b71a9c27bab9e724cc4a4918713031596ea6fd01124f973f257ccd9665aee7df4", 0xffe3, 0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e3, &(0x7f0000000180)={r0, r1}) 0s ago: executing program 2 (id=1334): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000003ec0), r0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$alg(r3, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4040001}, 0x0) recvmsg$unix(r3, &(0x7f0000000440)={0x0, 0x2d, &(0x7f0000000140)=[{&(0x7f0000001140)=""/4083, 0x1002}], 0x1}, 0x12062) sendmsg$IEEE802154_LLSEC_DEL_DEV(r0, &(0x7f0000003fc0)={0x0, 0x0, &(0x7f0000003f80)={&(0x7f0000003f00)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x40c6) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$ieee802154(&(0x7f0000003ec0), r0) (async) socket$alg(0x26, 0x5, 0x0) (async) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) (async) accept4(r2, 0x0, 0x0, 0x0) (async) sendmsg$alg(r3, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4040001}, 0x0) (async) recvmsg$unix(r3, &(0x7f0000000440)={0x0, 0x2d, &(0x7f0000000140)=[{&(0x7f0000001140)=""/4083, 0x1002}], 0x1}, 0x12062) (async) sendmsg$IEEE802154_LLSEC_DEL_DEV(r0, &(0x7f0000003fc0)={0x0, 0x0, &(0x7f0000003f80)={&(0x7f0000003f00)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x40c6) (async) kernel console output (not intermixed with test programs): T7039] R13: 00007facabc16038 R14: 00007facabc15fa0 R15: 00007ffc2ca89808 [ 109.505252][ T7039] [ 109.697467][ T7035] mac80211_hwsim hwsim9 wlan0: entered promiscuous mode [ 109.707559][ T7035] mac80211_hwsim hwsim9 wlan0: entered allmulticast mode [ 109.716974][ T7035] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 110.010882][ T7045] syzkaller0: entered promiscuous mode [ 110.016489][ T7045] syzkaller0: entered allmulticast mode [ 110.045722][ T7054] rdma_op ffff88807863c9f0 conn xmit_rdma 0000000000000000 [ 111.676632][ T7061] tipc: Cannot configure node identity twice [ 111.823666][ T7072] netlink: 12 bytes leftover after parsing attributes in process `syz.4.373'. [ 112.242935][ T7089] FAULT_INJECTION: forcing a failure. [ 112.242935][ T7089] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 112.333178][ T7089] CPU: 1 UID: 0 PID: 7089 Comm: syz.0.378 Not tainted syzkaller #0 PREEMPT(full) [ 112.333200][ T7089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 112.333209][ T7089] Call Trace: [ 112.333216][ T7089] [ 112.333223][ T7089] dump_stack_lvl+0xe8/0x150 [ 112.333247][ T7089] should_fail_ex+0x412/0x560 [ 112.333272][ T7089] _copy_to_user+0x31/0xb0 [ 112.333295][ T7089] simple_read_from_buffer+0xe1/0x170 [ 112.333317][ T7089] proc_fail_nth_read+0x1bb/0x230 [ 112.333339][ T7089] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 112.333361][ T7089] ? rw_verify_area+0x2a6/0x4d0 [ 112.333381][ T7089] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 112.333400][ T7089] vfs_read+0x20c/0xa70 [ 112.333424][ T7089] ? __pfx___mutex_lock+0x10/0x10 [ 112.333438][ T7089] ? __pfx_vfs_read+0x10/0x10 [ 112.333460][ T7089] ? __fget_files+0x2a/0x420 [ 112.333480][ T7089] ? __fget_files+0x3a0/0x420 [ 112.333494][ T7089] ? __fget_files+0x2a/0x420 [ 112.333517][ T7089] ksys_read+0x150/0x270 [ 112.333538][ T7089] ? __pfx_ksys_read+0x10/0x10 [ 112.333563][ T7089] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.333580][ T7089] do_syscall_64+0x15f/0xf80 [ 112.333599][ T7089] ? trace_irq_disable+0x3b/0x140 [ 112.333620][ T7089] ? clear_bhb_loop+0x40/0x90 [ 112.333637][ T7089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.333650][ T7089] RIP: 0033:0x7f39ba75d68e [ 112.333665][ T7089] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 112.333676][ T7089] RSP: 002b:00007f39bb5d9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 112.333690][ T7089] RAX: ffffffffffffffda RBX: 00007f39bb5da6c0 RCX: 00007f39ba75d68e [ 112.333699][ T7089] RDX: 000000000000000f RSI: 00007f39bb5da0a0 RDI: 0000000000000004 [ 112.333707][ T7089] RBP: 00007f39bb5da090 R08: 0000000000000000 R09: 0000000000000000 [ 112.333715][ T7089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.333724][ T7089] R13: 00007f39baa16038 R14: 00007f39baa15fa0 R15: 00007ffc0082d8b8 [ 112.333747][ T7089] [ 112.778457][ T7100] veth0: entered promiscuous mode [ 112.806120][ T7105] block nbd4: not configured, cannot reconfigure [ 112.842129][ T7100] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.866558][ T7100] bridge_slave_0 (unregistering): left allmulticast mode [ 112.920283][ T7100] bridge_slave_0 (unregistering): left promiscuous mode [ 112.941214][ T7100] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.063595][ T7101] netlink: 16 bytes leftover after parsing attributes in process `syz.3.381'. [ 113.217544][ T7107] syzkaller0: entered promiscuous mode [ 113.231032][ T7107] syzkaller0: entered allmulticast mode [ 113.241327][ T7098] veth0: left promiscuous mode [ 114.569621][ T7123] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 114.713888][ T7142] netlink: 'syz.0.393': attribute type 1 has an invalid length. [ 114.731174][ T7143] netlink: 8 bytes leftover after parsing attributes in process `syz.4.391'. [ 114.731237][ T7143] netlink: 8 bytes leftover after parsing attributes in process `syz.4.391'. [ 114.924608][ T7147] block nbd1: not configured, cannot reconfigure [ 115.222309][ T7159] netlink: 20 bytes leftover after parsing attributes in process `syz.4.399'. [ 115.245301][ T7159] netlink: 20 bytes leftover after parsing attributes in process `syz.4.399'. [ 115.408123][ T7171] netlink: 'syz.4.401': attribute type 5 has an invalid length. [ 115.425512][ T7171] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.401'. [ 115.713608][ T7175] syzkaller0: entered promiscuous mode [ 115.723101][ T7175] syzkaller0: entered allmulticast mode [ 115.884264][ T7190] block nbd0: not configured, cannot reconfigure [ 117.391968][ T7195] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 117.968693][ T7235] block nbd0: not configured, cannot reconfigure [ 118.021254][ T7241] netlink: 'syz.2.422': attribute type 1 has an invalid length. [ 118.117348][ T7244] netlink: 220 bytes leftover after parsing attributes in process `syz.3.420'. [ 118.129354][ T7237] syzkaller0: entered promiscuous mode [ 118.142197][ T7237] syzkaller0: entered allmulticast mode [ 118.147935][ T7244] netlink: 'syz.3.420': attribute type 2 has an invalid length. [ 118.243873][ T7241] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.251588][ T7241] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.293076][ T7241] veth1: left promiscuous mode [ 118.298001][ T7241] veth1: left allmulticast mode [ 118.350488][ T7241] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 118.366694][ T7241] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 118.948148][ T7269] netlink: 8 bytes leftover after parsing attributes in process `syz.2.429'. [ 118.957892][ T7269] netlink: 8 bytes leftover after parsing attributes in process `syz.2.429'. [ 119.055206][ T7275] netlink: 14 bytes leftover after parsing attributes in process `syz.2.429'. [ 120.096033][ T48] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.118471][ T48] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.132203][ T48] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.245040][ T7269] vlan2: entered allmulticast mode [ 120.254402][ T7269] bond0: entered allmulticast mode [ 120.260157][ T7269] bond_slave_0: entered allmulticast mode [ 120.266195][ T7269] bond_slave_1: entered allmulticast mode [ 120.297462][ T7278] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 120.327994][ T7275] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 120.331710][ T7289] block nbd1: not configured, cannot reconfigure [ 120.356960][ T7275] bond_slave_0: left allmulticast mode [ 120.380466][ T7275] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 120.405073][ T7275] bond_slave_1: left allmulticast mode [ 120.416175][ T7275] bond0 (unregistering): Released all slaves [ 120.473326][ T48] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.662465][ T7296] vlan2: entered promiscuous mode [ 120.682411][ T7296] gretap0: entered promiscuous mode [ 120.697709][ T7300] netlink: 8 bytes leftover after parsing attributes in process `syz.2.436'. [ 120.901725][ T7306] bond3 (unregistering): Released all slaves [ 121.023315][ T7314] netlink: 16 bytes leftover after parsing attributes in process `syz.0.441'. [ 121.040234][ T7314] netlink: 29 bytes leftover after parsing attributes in process `syz.0.441'. [ 121.270885][ T7318] syzkaller0: entered promiscuous mode [ 121.276562][ T7318] syzkaller0: entered allmulticast mode [ 123.540666][ T7348] openvswitch: netlink: IP tunnel TTL not specified. [ 123.669984][ T7351] netlink: 'syz.2.453': attribute type 1 has an invalid length. [ 124.561182][ T7399] syzkaller0: entered promiscuous mode [ 124.566824][ T7399] syzkaller0: entered allmulticast mode [ 124.781671][ T7412] Bluetooth: MGMT ver 1.23 [ 125.553858][ T7439] netlink: 4 bytes leftover after parsing attributes in process `syz.3.476'. [ 125.629348][ T7442] netlink: 12 bytes leftover after parsing attributes in process `syz.3.476'. [ 126.556380][ T7447] netlink: 'syz.4.478': attribute type 5 has an invalid length. [ 127.115676][ T7480] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 127.134752][ T7480] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 127.168111][ T7480] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 127.587900][ T7495] xt_cgroup: invalid path, errno=-2 [ 127.647323][ T7495] netlink: 12 bytes leftover after parsing attributes in process `syz.1.491'. [ 127.828964][ T7499] FAULT_INJECTION: forcing a failure. [ 127.828964][ T7499] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 127.873978][ T7499] CPU: 1 UID: 0 PID: 7499 Comm: syz.4.493 Not tainted syzkaller #0 PREEMPT(full) [ 127.874000][ T7499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 127.874009][ T7499] Call Trace: [ 127.874019][ T7499] [ 127.874026][ T7499] dump_stack_lvl+0xe8/0x150 [ 127.874060][ T7499] should_fail_ex+0x412/0x560 [ 127.874082][ T7499] _copy_from_user+0x2d/0xb0 [ 127.874105][ T7499] copy_from_sockptr+0x5e/0x90 [ 127.874127][ T7499] memdup_sockptr_noprof+0x44/0x90 [ 127.874151][ T7499] do_ip_setsockopt+0x2041/0x2ea0 [ 127.874181][ T7499] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 127.874204][ T7499] ? aa_sk_perm+0x6d5/0x900 [ 127.874223][ T7499] ? __fget_files+0x2a/0x420 [ 127.874246][ T7499] ? __pfx_aa_sk_perm+0x10/0x10 [ 127.874267][ T7499] ? __fget_files+0x2a/0x420 [ 127.874289][ T7499] ? aa_sock_opt_perm+0xff/0x1a0 [ 127.874311][ T7499] ip_setsockopt+0x66/0x110 [ 127.874325][ T7499] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 127.874348][ T7499] do_sock_setsockopt+0x17c/0x1b0 [ 127.874375][ T7499] __x64_sys_setsockopt+0x13d/0x1b0 [ 127.874399][ T7499] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.874417][ T7499] do_syscall_64+0x15f/0xf80 [ 127.874438][ T7499] ? trace_irq_disable+0x3b/0x140 [ 127.874459][ T7499] ? clear_bhb_loop+0x40/0x90 [ 127.874479][ T7499] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.874498][ T7499] RIP: 0033:0x7facab99ce59 [ 127.874522][ T7499] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 127.874542][ T7499] RSP: 002b:00007facac83a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 127.874563][ T7499] RAX: ffffffffffffffda RBX: 00007facabc15fa0 RCX: 00007facab99ce59 [ 127.874573][ T7499] RDX: 0000000000000029 RSI: 0000000000000000 RDI: 0000000000000003 [ 127.874581][ T7499] RBP: 00007facac83a090 R08: 0000000000020000 R09: 0000000000000000 [ 127.874590][ T7499] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 127.874599][ T7499] R13: 00007facabc16038 R14: 00007facabc15fa0 R15: 00007ffc2ca89808 [ 127.874627][ T7499] [ 128.716930][ T7530] openvswitch: netlink: Unexpected mask (mask=240040, allowed=10048) [ 128.941588][ T7541] FAULT_INJECTION: forcing a failure. [ 128.941588][ T7541] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 129.012769][ T7541] CPU: 0 UID: 0 PID: 7541 Comm: syz.0.509 Not tainted syzkaller #0 PREEMPT(full) [ 129.012791][ T7541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 129.012800][ T7541] Call Trace: [ 129.012806][ T7541] [ 129.012813][ T7541] dump_stack_lvl+0xe8/0x150 [ 129.012837][ T7541] should_fail_ex+0x412/0x560 [ 129.012861][ T7541] _copy_to_user+0x31/0xb0 [ 129.012884][ T7541] simple_read_from_buffer+0xe1/0x170 [ 129.012930][ T7541] proc_fail_nth_read+0x1bb/0x230 [ 129.012952][ T7541] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 129.012972][ T7541] ? rw_verify_area+0x2a6/0x4d0 [ 129.012991][ T7541] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 129.013010][ T7541] vfs_read+0x20c/0xa70 [ 129.013034][ T7541] ? __pfx___mutex_lock+0x10/0x10 [ 129.013050][ T7541] ? __pfx_vfs_read+0x10/0x10 [ 129.013071][ T7541] ? __fget_files+0x2a/0x420 [ 129.013093][ T7541] ? __fget_files+0x3a0/0x420 [ 129.013110][ T7541] ? __fget_files+0x2a/0x420 [ 129.013134][ T7541] ksys_read+0x150/0x270 [ 129.013157][ T7541] ? __pfx_ksys_read+0x10/0x10 [ 129.013185][ T7541] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.013202][ T7541] do_syscall_64+0x15f/0xf80 [ 129.013223][ T7541] ? trace_irq_disable+0x3b/0x140 [ 129.013246][ T7541] ? clear_bhb_loop+0x40/0x90 [ 129.013265][ T7541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.013279][ T7541] RIP: 0033:0x7f39ba75d68e [ 129.013300][ T7541] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 129.013313][ T7541] RSP: 002b:00007f39bb5d9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 129.013329][ T7541] RAX: ffffffffffffffda RBX: 00007f39bb5da6c0 RCX: 00007f39ba75d68e [ 129.013340][ T7541] RDX: 000000000000000f RSI: 00007f39bb5da0a0 RDI: 0000000000000004 [ 129.013348][ T7541] RBP: 00007f39bb5da090 R08: 0000000000000000 R09: 0000000000000000 [ 129.013357][ T7541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 129.013366][ T7541] R13: 00007f39baa16038 R14: 00007f39baa15fa0 R15: 00007ffc0082d8b8 [ 129.013395][ T7541] [ 129.902433][ T7585] syzkaller0: entered promiscuous mode [ 129.921933][ T7585] syzkaller0: entered allmulticast mode [ 130.653772][ T7616] ICMPv6: NA: aa:aa:aa:aa:aa:00 advertised our address fe80::aa on syz_tun! [ 130.669533][ T7614] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 131.112469][ T7638] netlink: 40 bytes leftover after parsing attributes in process `syz.0.542'. [ 131.150029][ T7638] netlink: 28 bytes leftover after parsing attributes in process `syz.0.542'. [ 131.186369][ T7636] netlink: 8 bytes leftover after parsing attributes in process `syz.4.541'. [ 131.201815][ T7636] netlink: 'syz.4.541': attribute type 8 has an invalid length. [ 131.210893][ T7636] netlink: 4 bytes leftover after parsing attributes in process `syz.4.541'. [ 131.226858][ T7636] bond0: entered promiscuous mode [ 131.233049][ T7636] bond_slave_0: entered promiscuous mode [ 131.259427][ T7636] bond_slave_1: entered promiscuous mode [ 131.280179][ T7636] gretap0: entered promiscuous mode [ 131.288165][ T7636] team0: entered promiscuous mode [ 131.294076][ T7636] team_slave_0: entered promiscuous mode [ 131.304228][ T7636] team_slave_1: entered promiscuous mode [ 131.317248][ T7636] hsr1: entered promiscuous mode [ 132.557326][ T7706] netlink: 8 bytes leftover after parsing attributes in process `syz.0.566'. [ 132.623251][ T7711] FAULT_INJECTION: forcing a failure. [ 132.623251][ T7711] name failslab, interval 1, probability 0, space 0, times 0 [ 132.640083][ T7711] CPU: 1 UID: 0 PID: 7711 Comm: syz.2.568 Not tainted syzkaller #0 PREEMPT(full) [ 132.640106][ T7711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 132.640115][ T7711] Call Trace: [ 132.640121][ T7711] [ 132.640127][ T7711] dump_stack_lvl+0xe8/0x150 [ 132.640148][ T7711] should_fail_ex+0x412/0x560 [ 132.640173][ T7711] should_failslab+0xa8/0x100 [ 132.640195][ T7711] __kmalloc_noprof+0xe8/0x760 [ 132.640214][ T7711] ? genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 132.640238][ T7711] genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 132.640265][ T7711] genl_family_rcv_msg_doit+0xd9/0x330 [ 132.640288][ T7711] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 132.640313][ T7711] ? apparmor_capable+0x126/0x170 [ 132.640330][ T7711] ? bpf_lsm_capable+0x9/0x20 [ 132.640344][ T7711] ? security_capable+0x7e/0x2c0 [ 132.640369][ T7711] genl_rcv_msg+0x61c/0x7a0 [ 132.640392][ T7711] ? __pfx_genl_rcv_msg+0x10/0x10 [ 132.640410][ T7711] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 132.640425][ T7711] ? __pfx_nl80211_set_bss+0x10/0x10 [ 132.640455][ T7711] ? __pfx_nl80211_post_doit+0x10/0x10 [ 132.640485][ T7711] netlink_rcv_skb+0x232/0x4b0 [ 132.640502][ T7711] ? __pfx_genl_rcv_msg+0x10/0x10 [ 132.640522][ T7711] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 132.640550][ T7711] ? down_read+0x270/0x2e0 [ 132.640565][ T7711] ? genl_rcv+0xd/0x40 [ 132.640584][ T7711] genl_rcv+0x28/0x40 [ 132.640601][ T7711] netlink_unicast+0x75c/0x8e0 [ 132.640631][ T7711] netlink_sendmsg+0x813/0xb40 [ 132.640656][ T7711] ? __pfx_netlink_sendmsg+0x10/0x10 [ 132.640675][ T7711] ? aa_sock_msg_perm+0xf1/0x1b0 [ 132.640695][ T7711] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 132.640716][ T7711] ____sys_sendmsg+0x972/0x9f0 [ 132.640732][ T7711] ? __might_fault+0xaf/0x130 [ 132.640756][ T7711] ? __pfx_____sys_sendmsg+0x10/0x10 [ 132.640780][ T7711] ? import_iovec+0x73/0xa0 [ 132.640804][ T7711] ___sys_sendmsg+0x2a5/0x360 [ 132.640819][ T7711] ? __lock_acquire+0x6b5/0x2cf0 [ 132.640841][ T7711] ? __pfx____sys_sendmsg+0x10/0x10 [ 132.640889][ T7711] ? __fget_files+0x2a/0x420 [ 132.640908][ T7711] ? __fget_files+0x3a0/0x420 [ 132.640935][ T7711] __x64_sys_sendmsg+0x1bd/0x2a0 [ 132.640953][ T7711] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 132.640983][ T7711] ? __pfx_ksys_write+0x10/0x10 [ 132.641012][ T7711] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.641028][ T7711] do_syscall_64+0x15f/0xf80 [ 132.641065][ T7711] ? trace_irq_disable+0x3b/0x140 [ 132.641087][ T7711] ? clear_bhb_loop+0x40/0x90 [ 132.641106][ T7711] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.641121][ T7711] RIP: 0033:0x7f512c39ce59 [ 132.641137][ T7711] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 132.641149][ T7711] RSP: 002b:00007f512d23d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 132.641166][ T7711] RAX: ffffffffffffffda RBX: 00007f512c615fa0 RCX: 00007f512c39ce59 [ 132.641177][ T7711] RDX: 0000000000000040 RSI: 0000200000000600 RDI: 0000000000000003 [ 132.641186][ T7711] RBP: 00007f512d23d090 R08: 0000000000000000 R09: 0000000000000000 [ 132.641195][ T7711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 132.641204][ T7711] R13: 00007f512c616038 R14: 00007f512c615fa0 R15: 00007ffe259f4218 [ 132.641231][ T7711] [ 133.177279][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.594944][ T7740] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 133.736613][ T7751] FAULT_INJECTION: forcing a failure. [ 133.736613][ T7751] name failslab, interval 1, probability 0, space 0, times 0 [ 133.764004][ T7751] CPU: 1 UID: 0 PID: 7751 Comm: syz.4.581 Not tainted syzkaller #0 PREEMPT(full) [ 133.764029][ T7751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 133.764038][ T7751] Call Trace: [ 133.764045][ T7751] [ 133.764052][ T7751] dump_stack_lvl+0xe8/0x150 [ 133.764075][ T7751] should_fail_ex+0x412/0x560 [ 133.764100][ T7751] should_failslab+0xa8/0x100 [ 133.764123][ T7751] __kmalloc_noprof+0xe8/0x760 [ 133.764143][ T7751] ? genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 133.764168][ T7751] genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 133.764193][ T7751] genl_family_rcv_msg_doit+0xd9/0x330 [ 133.764215][ T7751] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 133.764240][ T7751] ? apparmor_capable+0x126/0x170 [ 133.764255][ T7751] ? bpf_lsm_capable+0x9/0x20 [ 133.764268][ T7751] ? security_capable+0x7e/0x2c0 [ 133.764290][ T7751] genl_rcv_msg+0x61c/0x7a0 [ 133.764316][ T7751] ? __pfx_genl_rcv_msg+0x10/0x10 [ 133.764333][ T7751] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 133.764350][ T7751] ? __pfx_nl80211_set_bss+0x10/0x10 [ 133.764367][ T7751] ? __pfx_nl80211_post_doit+0x10/0x10 [ 133.764385][ T7751] ? __pfx_ref_tracker_free+0x10/0x10 [ 133.764402][ T7751] ? __asan_memcpy+0x40/0x70 [ 133.764418][ T7751] ? __skb_clone+0x63/0x7a0 [ 133.764439][ T7751] netlink_rcv_skb+0x232/0x4b0 [ 133.764456][ T7751] ? __pfx_genl_rcv_msg+0x10/0x10 [ 133.764475][ T7751] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 133.764506][ T7751] ? down_read+0x270/0x2e0 [ 133.764520][ T7751] ? genl_rcv+0xd/0x40 [ 133.764540][ T7751] genl_rcv+0x28/0x40 [ 133.764557][ T7751] netlink_unicast+0x75c/0x8e0 [ 133.764590][ T7751] netlink_sendmsg+0x813/0xb40 [ 133.764616][ T7751] ? __pfx_netlink_sendmsg+0x10/0x10 [ 133.764634][ T7751] ? aa_sock_msg_perm+0xf1/0x1b0 [ 133.764656][ T7751] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 133.764678][ T7751] ____sys_sendmsg+0x972/0x9f0 [ 133.764695][ T7751] ? __might_fault+0xaf/0x130 [ 133.764720][ T7751] ? __pfx_____sys_sendmsg+0x10/0x10 [ 133.764744][ T7751] ? import_iovec+0x73/0xa0 [ 133.764769][ T7751] ___sys_sendmsg+0x2a5/0x360 [ 133.764783][ T7751] ? __lock_acquire+0x6b5/0x2cf0 [ 133.764804][ T7751] ? __pfx____sys_sendmsg+0x10/0x10 [ 133.764852][ T7751] ? __fget_files+0x2a/0x420 [ 133.764870][ T7751] ? __fget_files+0x3a0/0x420 [ 133.764903][ T7751] __x64_sys_sendmsg+0x1bd/0x2a0 [ 133.764920][ T7751] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 133.764941][ T7751] ? rcu_is_watching+0x15/0xb0 [ 133.764965][ T7751] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.764981][ T7751] do_syscall_64+0x15f/0xf80 [ 133.764999][ T7751] ? trace_irq_disable+0x3b/0x140 [ 133.765019][ T7751] ? clear_bhb_loop+0x40/0x90 [ 133.765036][ T7751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.765049][ T7751] RIP: 0033:0x7facab99ce59 [ 133.765064][ T7751] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 133.765074][ T7751] RSP: 002b:00007facac83a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 133.765089][ T7751] RAX: ffffffffffffffda RBX: 00007facabc15fa0 RCX: 00007facab99ce59 [ 133.765098][ T7751] RDX: 0000000000000040 RSI: 0000200000000600 RDI: 0000000000000003 [ 133.765106][ T7751] RBP: 00007facac83a090 R08: 0000000000000000 R09: 0000000000000000 [ 133.765114][ T7751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.765123][ T7751] R13: 00007facabc16038 R14: 00007facabc15fa0 R15: 00007ffc2ca89808 [ 133.765150][ T7751] [ 134.587115][ T7781] netlink: 4 bytes leftover after parsing attributes in process `syz.1.588'. [ 134.665920][ T7784] netlink: 4 bytes leftover after parsing attributes in process `syz.0.589'. [ 134.924842][ T7794] netdevsim netdevsim0: Firmware load for './file0/file0/..' refused, path contains '..' component [ 134.950903][ T7797] FAULT_INJECTION: forcing a failure. [ 134.950903][ T7797] name failslab, interval 1, probability 0, space 0, times 0 [ 135.019428][ T7797] CPU: 0 UID: 0 PID: 7797 Comm: syz.3.595 Not tainted syzkaller #0 PREEMPT(full) [ 135.019450][ T7797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 135.019459][ T7797] Call Trace: [ 135.019465][ T7797] [ 135.019471][ T7797] dump_stack_lvl+0xe8/0x150 [ 135.019495][ T7797] should_fail_ex+0x412/0x560 [ 135.019518][ T7797] should_failslab+0xa8/0x100 [ 135.019541][ T7797] __kmalloc_noprof+0xe8/0x760 [ 135.019560][ T7797] ? genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 135.019586][ T7797] genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 135.019612][ T7797] genl_family_rcv_msg_doit+0xd9/0x330 [ 135.019634][ T7797] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 135.019650][ T7797] ? apparmor_capable+0x126/0x170 [ 135.019660][ T7797] ? bpf_lsm_capable+0x9/0x20 [ 135.019669][ T7797] ? security_capable+0x7e/0x2c0 [ 135.019684][ T7797] genl_rcv_msg+0x61c/0x7a0 [ 135.019698][ T7797] ? __pfx_genl_rcv_msg+0x10/0x10 [ 135.019709][ T7797] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 135.019719][ T7797] ? __pfx_nl80211_set_bss+0x10/0x10 [ 135.019730][ T7797] ? __pfx_nl80211_post_doit+0x10/0x10 [ 135.019740][ T7797] ? __pfx_ref_tracker_free+0x10/0x10 [ 135.019752][ T7797] ? __asan_memcpy+0x40/0x70 [ 135.019762][ T7797] ? __skb_clone+0x63/0x7a0 [ 135.019775][ T7797] netlink_rcv_skb+0x232/0x4b0 [ 135.019785][ T7797] ? __pfx_genl_rcv_msg+0x10/0x10 [ 135.019796][ T7797] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 135.019813][ T7797] ? down_read+0x270/0x2e0 [ 135.019829][ T7797] ? genl_rcv+0xd/0x40 [ 135.019840][ T7797] genl_rcv+0x28/0x40 [ 135.019850][ T7797] netlink_unicast+0x75c/0x8e0 [ 135.019871][ T7797] netlink_sendmsg+0x813/0xb40 [ 135.019885][ T7797] ? __pfx_netlink_sendmsg+0x10/0x10 [ 135.019896][ T7797] ? aa_sock_msg_perm+0xf1/0x1b0 [ 135.019908][ T7797] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 135.019923][ T7797] ____sys_sendmsg+0x972/0x9f0 [ 135.019932][ T7797] ? __might_fault+0xaf/0x130 [ 135.019947][ T7797] ? __pfx_____sys_sendmsg+0x10/0x10 [ 135.019960][ T7797] ? import_iovec+0x73/0xa0 [ 135.019975][ T7797] ___sys_sendmsg+0x2a5/0x360 [ 135.019983][ T7797] ? __lock_acquire+0x6b5/0x2cf0 [ 135.019995][ T7797] ? __pfx____sys_sendmsg+0x10/0x10 [ 135.020022][ T7797] ? __fget_files+0x2a/0x420 [ 135.020032][ T7797] ? __fget_files+0x3a0/0x420 [ 135.020047][ T7797] __x64_sys_sendmsg+0x1bd/0x2a0 [ 135.020058][ T7797] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 135.020071][ T7797] ? __pfx_ksys_write+0x10/0x10 [ 135.020088][ T7797] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.020098][ T7797] do_syscall_64+0x15f/0xf80 [ 135.020110][ T7797] ? trace_irq_disable+0x3b/0x140 [ 135.020124][ T7797] ? clear_bhb_loop+0x40/0x90 [ 135.020135][ T7797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.020143][ T7797] RIP: 0033:0x7f5bc519ce59 [ 135.020153][ T7797] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 135.020160][ T7797] RSP: 002b:00007f5bc6120028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 135.020171][ T7797] RAX: ffffffffffffffda RBX: 00007f5bc5415fa0 RCX: 00007f5bc519ce59 [ 135.020177][ T7797] RDX: 0000000000000040 RSI: 0000200000000600 RDI: 0000000000000003 [ 135.020182][ T7797] RBP: 00007f5bc6120090 R08: 0000000000000000 R09: 0000000000000000 [ 135.020188][ T7797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 135.020193][ T7797] R13: 00007f5bc5416038 R14: 00007f5bc5415fa0 R15: 00007ffc798589f8 [ 135.020207][ T7797] [ 135.467517][ T7811] SET target dimension over the limit! [ 135.535029][ T7817] syzkaller0: entered promiscuous mode [ 135.540649][ T7817] syzkaller0: entered allmulticast mode [ 135.571621][ T7819] netlink: 8 bytes leftover after parsing attributes in process `syz.2.601'. [ 135.614825][ T7819] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 135.723535][ T7826] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 137.888554][ T7792] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 138.171711][ T7851] netlink: 8 bytes leftover after parsing attributes in process `syz.4.614'. [ 138.240642][ T7846] bond3 (unregistering): Released all slaves [ 138.295948][ T7862] Bluetooth: MGMT ver 1.23 [ 138.341211][ T7854] netlink: 20 bytes leftover after parsing attributes in process `syz.0.615'. [ 138.435787][ T7852] tap0: tun_chr_ioctl cmd 2148553947 [ 138.520562][ T7858] xt_limit: Overflow, try lower: 324382443/0 [ 139.123026][ T7902] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.183993][ T7902] tipc: Failed to remove unknown binding: 66,0,0/2641125705:167213035/167213037 [ 139.238848][ T7902] tipc: Failed to remove unknown binding: 66,0,0/2641125705:167213035/167213036 [ 139.323460][ T7910] netlink: 4 bytes leftover after parsing attributes in process `syz.2.636'. [ 139.408447][ T7910] bond2: Invalid ad_actor_system MAC address. [ 139.418646][ T7910] bond2: option ad_actor_system: invalid value (7) [ 139.447142][ T7910] bond2 (unregistering): Released all slaves [ 139.457677][ T7919] tipc: Failed to remove unknown binding: 66,0,0/2641125705:167213035/167213037 [ 139.468619][ T7919] tipc: Failed to remove unknown binding: 66,0,0/2641125705:167213035/167213036 [ 139.790638][ T7932] syzkaller0: entered promiscuous mode [ 139.796394][ T7932] syzkaller0: entered allmulticast mode [ 140.008583][ T7941] netlink: 68 bytes leftover after parsing attributes in process `syz.1.649'. [ 140.116875][ T7945] FAULT_INJECTION: forcing a failure. [ 140.116875][ T7945] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 140.124597][ T7950] netlink: 24 bytes leftover after parsing attributes in process `syz.2.650'. [ 140.164757][ T7945] CPU: 0 UID: 0 PID: 7945 Comm: syz.0.652 Not tainted syzkaller #0 PREEMPT(full) [ 140.164781][ T7945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 140.164791][ T7945] Call Trace: [ 140.164797][ T7945] [ 140.164804][ T7945] dump_stack_lvl+0xe8/0x150 [ 140.164828][ T7945] should_fail_ex+0x412/0x560 [ 140.164852][ T7945] _copy_to_user+0x31/0xb0 [ 140.164885][ T7945] simple_read_from_buffer+0xe1/0x170 [ 140.164907][ T7945] proc_fail_nth_read+0x1bb/0x230 [ 140.164929][ T7945] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 140.164952][ T7945] ? rw_verify_area+0x2a6/0x4d0 [ 140.164972][ T7945] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 140.164992][ T7945] vfs_read+0x20c/0xa70 [ 140.165017][ T7945] ? __pfx___mutex_lock+0x10/0x10 [ 140.165033][ T7945] ? __pfx_vfs_read+0x10/0x10 [ 140.165056][ T7945] ? __fget_files+0x2a/0x420 [ 140.165078][ T7945] ? __fget_files+0x3a0/0x420 [ 140.165094][ T7945] ? __fget_files+0x2a/0x420 [ 140.165120][ T7945] ksys_read+0x150/0x270 [ 140.165143][ T7945] ? __pfx_ksys_read+0x10/0x10 [ 140.165171][ T7945] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.165188][ T7945] do_syscall_64+0x15f/0xf80 [ 140.165208][ T7945] ? trace_irq_disable+0x3b/0x140 [ 140.165230][ T7945] ? clear_bhb_loop+0x40/0x90 [ 140.165250][ T7945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.165264][ T7945] RIP: 0033:0x7f39ba75d68e [ 140.165280][ T7945] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 140.165291][ T7945] RSP: 002b:00007f39bb5d9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 140.165308][ T7945] RAX: ffffffffffffffda RBX: 00007f39bb5da6c0 RCX: 00007f39ba75d68e [ 140.165319][ T7945] RDX: 000000000000000f RSI: 00007f39bb5da0a0 RDI: 0000000000000004 [ 140.165328][ T7945] RBP: 00007f39bb5da090 R08: 0000000000000000 R09: 0000000000000000 [ 140.165337][ T7945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 140.165346][ T7945] R13: 00007f39baa16038 R14: 00007f39baa15fa0 R15: 00007ffc0082d8b8 [ 140.165372][ T7945] [ 140.604228][ T7959] bond3 (unregistering): Released all slaves [ 140.640609][ T7968] netlink: 12 bytes leftover after parsing attributes in process `syz.2.655'. [ 140.651971][ T7969] tipc: Failed to remove unknown binding: 66,0,0/4:3989756542/3989756544 [ 140.668402][ T7969] tipc: Failed to remove unknown binding: 66,0,0/4:3989756542/3989756543 [ 140.870280][ T7973] tipc: Failed to remove unknown binding: 66,0,0/4:3989756542/3989756544 [ 140.911757][ T7973] tipc: Failed to remove unknown binding: 66,0,0/4:3989756542/3989756543 [ 141.057276][ T7984] netlink: 'syz.0.663': attribute type 1 has an invalid length. [ 141.794576][ T8006] erspan0: entered promiscuous mode [ 141.835147][ T8005] erspan0: left promiscuous mode [ 142.156895][ T8028] FAULT_INJECTION: forcing a failure. [ 142.156895][ T8028] name failslab, interval 1, probability 0, space 0, times 0 [ 142.211455][ T8028] CPU: 1 UID: 0 PID: 8028 Comm: syz.4.675 Not tainted syzkaller #0 PREEMPT(full) [ 142.211477][ T8028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 142.211485][ T8028] Call Trace: [ 142.211491][ T8028] [ 142.211498][ T8028] dump_stack_lvl+0xe8/0x150 [ 142.211521][ T8028] should_fail_ex+0x412/0x560 [ 142.211548][ T8028] should_failslab+0xa8/0x100 [ 142.211569][ T8028] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 142.211590][ T8028] ? __alloc_skb+0x186/0x7d0 [ 142.211609][ T8028] ? __alloc_skb+0x1d0/0x7d0 [ 142.211632][ T8028] ? __local_bh_enable_ip+0xd0/0x130 [ 142.211653][ T8028] __alloc_skb+0x1d0/0x7d0 [ 142.211676][ T8028] netlink_sendmsg+0x5d4/0xb40 [ 142.211701][ T8028] ? __pfx_netlink_sendmsg+0x10/0x10 [ 142.211719][ T8028] ? aa_sock_msg_perm+0xf1/0x1b0 [ 142.211740][ T8028] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 142.211764][ T8028] ____sys_sendmsg+0x972/0x9f0 [ 142.211779][ T8028] ? __might_fault+0xaf/0x130 [ 142.211803][ T8028] ? __pfx_____sys_sendmsg+0x10/0x10 [ 142.211831][ T8028] ? import_iovec+0x73/0xa0 [ 142.211855][ T8028] ___sys_sendmsg+0x2a5/0x360 [ 142.211870][ T8028] ? __lock_acquire+0x6b5/0x2cf0 [ 142.211891][ T8028] ? __pfx____sys_sendmsg+0x10/0x10 [ 142.211938][ T8028] ? __fget_files+0x2a/0x420 [ 142.211955][ T8028] ? __fget_files+0x3a0/0x420 [ 142.211982][ T8028] __x64_sys_sendmsg+0x1bd/0x2a0 [ 142.211999][ T8028] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 142.212028][ T8028] ? __pfx_ksys_write+0x10/0x10 [ 142.212057][ T8028] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.212074][ T8028] do_syscall_64+0x15f/0xf80 [ 142.212095][ T8028] ? trace_irq_disable+0x3b/0x140 [ 142.212116][ T8028] ? clear_bhb_loop+0x40/0x90 [ 142.212140][ T8028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.212155][ T8028] RIP: 0033:0x7facab99ce59 [ 142.212169][ T8028] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 142.212182][ T8028] RSP: 002b:00007facac83a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 142.212198][ T8028] RAX: ffffffffffffffda RBX: 00007facabc15fa0 RCX: 00007facab99ce59 [ 142.212209][ T8028] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000004 [ 142.212224][ T8028] RBP: 00007facac83a090 R08: 0000000000000000 R09: 0000000000000000 [ 142.212234][ T8028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.212242][ T8028] R13: 00007facabc16038 R14: 00007facabc15fa0 R15: 00007ffc2ca89808 [ 142.212268][ T8028] [ 142.616373][ T8037] can: request_module (can-proto-0) failed. [ 142.670491][ T8045] veth1_macvtap: left promiscuous mode [ 142.684287][ T8045] macsec0: entered promiscuous mode [ 142.695263][ T8045] veth1_macvtap: entered promiscuous mode [ 142.701900][ T8045] macsec0: left promiscuous mode [ 142.901200][ T8054] netlink: 12 bytes leftover after parsing attributes in process `syz.0.686'. [ 143.280276][ T8074] veth1_macvtap: left promiscuous mode [ 143.318843][ T8074] macsec0: entered promiscuous mode [ 143.590092][ T8089] netlink: 'syz.3.703': attribute type 1 has an invalid length. [ 143.606825][ T8089] netlink: 96 bytes leftover after parsing attributes in process `syz.3.703'. [ 143.619431][ T8089] netlink: 'syz.3.703': attribute type 1 has an invalid length. [ 143.663664][ T8089] netlink: 634 bytes leftover after parsing attributes in process `syz.3.703'. [ 143.689493][ T8089] netlink: 1 bytes leftover after parsing attributes in process `syz.3.703'. [ 143.791662][ T8100] FAULT_INJECTION: forcing a failure. [ 143.791662][ T8100] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 143.868343][ T8100] CPU: 0 UID: 0 PID: 8100 Comm: syz.3.705 Not tainted syzkaller #0 PREEMPT(full) [ 143.868365][ T8100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 143.868374][ T8100] Call Trace: [ 143.868380][ T8100] [ 143.868387][ T8100] dump_stack_lvl+0xe8/0x150 [ 143.868411][ T8100] should_fail_ex+0x412/0x560 [ 143.868436][ T8100] _copy_from_iter+0x1d3/0x1670 [ 143.868461][ T8100] ? rcu_is_watching+0x15/0xb0 [ 143.868485][ T8100] ? __pfx__copy_from_iter+0x10/0x10 [ 143.868510][ T8100] ? netlink_sendmsg+0x650/0xb40 [ 143.868525][ T8100] ? skb_put+0x11b/0x210 [ 143.868548][ T8100] netlink_sendmsg+0x6c0/0xb40 [ 143.868570][ T8100] ? __pfx_netlink_sendmsg+0x10/0x10 [ 143.868586][ T8100] ? aa_sock_msg_perm+0xf1/0x1b0 [ 143.868607][ T8100] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 143.868629][ T8100] ____sys_sendmsg+0x972/0x9f0 [ 143.868645][ T8100] ? __might_fault+0xaf/0x130 [ 143.868669][ T8100] ? __pfx_____sys_sendmsg+0x10/0x10 [ 143.868695][ T8100] ? import_iovec+0x73/0xa0 [ 143.868717][ T8100] ___sys_sendmsg+0x2a5/0x360 [ 143.868731][ T8100] ? __lock_acquire+0x6b5/0x2cf0 [ 143.868751][ T8100] ? __pfx____sys_sendmsg+0x10/0x10 [ 143.868796][ T8100] ? __fget_files+0x2a/0x420 [ 143.868812][ T8100] ? __fget_files+0x3a0/0x420 [ 143.868837][ T8100] __x64_sys_sendmsg+0x1bd/0x2a0 [ 143.868854][ T8100] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 143.868875][ T8100] ? __pfx_ksys_write+0x10/0x10 [ 143.868902][ T8100] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.868927][ T8100] do_syscall_64+0x15f/0xf80 [ 143.868948][ T8100] ? trace_irq_disable+0x3b/0x140 [ 143.868969][ T8100] ? clear_bhb_loop+0x40/0x90 [ 143.868989][ T8100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.869002][ T8100] RIP: 0033:0x7f5bc519ce59 [ 143.869017][ T8100] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 143.869029][ T8100] RSP: 002b:00007f5bc6120028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 143.869045][ T8100] RAX: ffffffffffffffda RBX: 00007f5bc5415fa0 RCX: 00007f5bc519ce59 [ 143.869055][ T8100] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000004 [ 143.869064][ T8100] RBP: 00007f5bc6120090 R08: 0000000000000000 R09: 0000000000000000 [ 143.869073][ T8100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.869081][ T8100] R13: 00007f5bc5416038 R14: 00007f5bc5415fa0 R15: 00007ffc798589f8 [ 143.869107][ T8100] [ 144.199331][ T8102] netlink: 8 bytes leftover after parsing attributes in process `syz.2.706'. [ 144.392932][ T8126] netlink: 8 bytes leftover after parsing attributes in process `syz.3.715'. [ 144.854491][ T8153] FAULT_INJECTION: forcing a failure. [ 144.854491][ T8153] name failslab, interval 1, probability 0, space 0, times 0 [ 144.907211][ T8153] CPU: 1 UID: 0 PID: 8153 Comm: syz.1.722 Not tainted syzkaller #0 PREEMPT(full) [ 144.907233][ T8153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 144.907243][ T8153] Call Trace: [ 144.907249][ T8153] [ 144.907255][ T8153] dump_stack_lvl+0xe8/0x150 [ 144.907278][ T8153] should_fail_ex+0x412/0x560 [ 144.907302][ T8153] should_failslab+0xa8/0x100 [ 144.907323][ T8153] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 144.907345][ T8153] ? __alloc_skb+0x1d0/0x7d0 [ 144.907363][ T8153] ? __local_bh_enable_ip+0xd0/0x130 [ 144.907381][ T8153] __alloc_skb+0x1d0/0x7d0 [ 144.907400][ T8153] ? netlink_ack_tlv_len+0x6c/0x210 [ 144.907417][ T8153] netlink_ack+0x146/0xa50 [ 144.907429][ T8153] ? __lock_acquire+0x6b5/0x2cf0 [ 144.907459][ T8153] netlink_rcv_skb+0x2b6/0x4b0 [ 144.907475][ T8153] ? __pfx_genl_rcv_msg+0x10/0x10 [ 144.907495][ T8153] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 144.907524][ T8153] ? down_read+0x270/0x2e0 [ 144.907537][ T8153] ? genl_rcv+0xd/0x40 [ 144.907556][ T8153] genl_rcv+0x28/0x40 [ 144.907573][ T8153] netlink_unicast+0x75c/0x8e0 [ 144.907603][ T8153] netlink_sendmsg+0x813/0xb40 [ 144.907629][ T8153] ? __pfx_netlink_sendmsg+0x10/0x10 [ 144.907646][ T8153] ? aa_sock_msg_perm+0xf1/0x1b0 [ 144.907668][ T8153] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 144.907691][ T8153] ____sys_sendmsg+0x972/0x9f0 [ 144.907705][ T8153] ? __might_fault+0xaf/0x130 [ 144.907728][ T8153] ? __pfx_____sys_sendmsg+0x10/0x10 [ 144.907752][ T8153] ? import_iovec+0x73/0xa0 [ 144.907777][ T8153] ___sys_sendmsg+0x2a5/0x360 [ 144.907791][ T8153] ? __lock_acquire+0x6b5/0x2cf0 [ 144.907822][ T8153] ? __pfx____sys_sendmsg+0x10/0x10 [ 144.907871][ T8153] ? __fget_files+0x2a/0x420 [ 144.907888][ T8153] ? __fget_files+0x3a0/0x420 [ 144.907915][ T8153] __x64_sys_sendmsg+0x1bd/0x2a0 [ 144.907934][ T8153] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 144.907956][ T8153] ? __pfx_ksys_write+0x10/0x10 [ 144.907984][ T8153] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.908000][ T8153] do_syscall_64+0x15f/0xf80 [ 144.908021][ T8153] ? trace_irq_disable+0x3b/0x140 [ 144.908043][ T8153] ? clear_bhb_loop+0x40/0x90 [ 144.908063][ T8153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.908077][ T8153] RIP: 0033:0x7f87ecb9ce59 [ 144.908093][ T8153] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 144.908104][ T8153] RSP: 002b:00007f87edac7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 144.908121][ T8153] RAX: ffffffffffffffda RBX: 00007f87ece16090 RCX: 00007f87ecb9ce59 [ 144.908132][ T8153] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000005 [ 144.908141][ T8153] RBP: 00007f87edac7090 R08: 0000000000000000 R09: 0000000000000000 [ 144.908150][ T8153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.908158][ T8153] R13: 00007f87ece16128 R14: 00007f87ece16090 R15: 00007ffde54ad7c8 [ 144.908186][ T8153] [ 145.217496][ T8159] veth1_to_bond: entered allmulticast mode [ 145.223910][ T8159] netlink: 4 bytes leftover after parsing attributes in process `syz.4.724'. [ 145.239579][ T8159] veth1_to_bond (unregistering): left allmulticast mode [ 145.251527][ T8159] bond0: (slave bond_slave_1): Releasing backup interface [ 145.261572][ T8159] bond_slave_1 (unregistering): left promiscuous mode [ 145.458640][ T8170] bond3 (unregistering): Released all slaves [ 146.991465][ T8107] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 147.005777][ T8173] netlink: 324 bytes leftover after parsing attributes in process `syz.4.728'. [ 147.155456][ T8186] netlink: 'syz.2.731': attribute type 1 has an invalid length. [ 147.165058][ T8185] netlink: 60 bytes leftover after parsing attributes in process `syz.3.729'. [ 147.191238][ T8185] nbd: must specify at least one socket [ 147.363617][ T8186] 8021q: adding VLAN 0 to HW filter on device bond2 [ 147.416336][ T8186] netlink: 44 bytes leftover after parsing attributes in process `syz.2.731'. [ 147.537728][ T8199] bond2: (slave geneve2): making interface the new active one [ 147.570136][ T8199] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 147.612916][ T1167] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.651550][ T6195] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.672705][ T8217] FAULT_INJECTION: forcing a failure. [ 147.672705][ T8217] name failslab, interval 1, probability 0, space 0, times 0 [ 147.685650][ T8217] CPU: 1 UID: 0 PID: 8217 Comm: syz.3.740 Not tainted syzkaller #0 PREEMPT(full) [ 147.685670][ T8217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 147.685678][ T8217] Call Trace: [ 147.685684][ T8217] [ 147.685691][ T8217] dump_stack_lvl+0xe8/0x150 [ 147.685716][ T8217] should_fail_ex+0x412/0x560 [ 147.685742][ T8217] should_failslab+0xa8/0x100 [ 147.685766][ T8217] __kmalloc_noprof+0xe8/0x760 [ 147.685786][ T8217] ? genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 147.685813][ T8217] genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 147.685838][ T8217] genl_family_rcv_msg_doit+0xd9/0x330 [ 147.685862][ T8217] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 147.685889][ T8217] ? apparmor_capable+0x126/0x170 [ 147.685905][ T8217] ? bpf_lsm_capable+0x9/0x20 [ 147.685918][ T8217] ? security_capable+0x7e/0x2c0 [ 147.685940][ T8217] genl_rcv_msg+0x61c/0x7a0 [ 147.685962][ T8217] ? __pfx_genl_rcv_msg+0x10/0x10 [ 147.685979][ T8217] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 147.685995][ T8217] ? __pfx_nl80211_join_mesh+0x10/0x10 [ 147.686014][ T8217] ? __pfx_nl80211_post_doit+0x10/0x10 [ 147.686032][ T8217] ? __pfx_ref_tracker_free+0x10/0x10 [ 147.686050][ T8217] ? __asan_memcpy+0x40/0x70 [ 147.686066][ T8217] ? __skb_clone+0x63/0x7a0 [ 147.686085][ T8217] netlink_rcv_skb+0x232/0x4b0 [ 147.686102][ T8217] ? __pfx_genl_rcv_msg+0x10/0x10 [ 147.686121][ T8217] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 147.686149][ T8217] ? down_read+0x270/0x2e0 [ 147.686163][ T8217] ? genl_rcv+0xd/0x40 [ 147.686182][ T8217] genl_rcv+0x28/0x40 [ 147.686198][ T8217] netlink_unicast+0x75c/0x8e0 [ 147.686230][ T8217] netlink_sendmsg+0x813/0xb40 [ 147.686254][ T8217] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.686274][ T8217] ? aa_sock_msg_perm+0xf1/0x1b0 [ 147.686295][ T8217] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 147.686319][ T8217] ____sys_sendmsg+0x972/0x9f0 [ 147.686334][ T8217] ? __might_fault+0xaf/0x130 [ 147.686359][ T8217] ? __pfx_____sys_sendmsg+0x10/0x10 [ 147.686381][ T8217] ? import_iovec+0x73/0xa0 [ 147.686403][ T8217] ___sys_sendmsg+0x2a5/0x360 [ 147.686416][ T8217] ? __lock_acquire+0x6b5/0x2cf0 [ 147.686436][ T8217] ? __pfx____sys_sendmsg+0x10/0x10 [ 147.686475][ T8217] ? __fget_files+0x2a/0x420 [ 147.686490][ T8217] ? __fget_files+0x3a0/0x420 [ 147.686518][ T8217] __x64_sys_sendmsg+0x1bd/0x2a0 [ 147.686535][ T8217] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 147.686556][ T8217] ? __pfx_ksys_write+0x10/0x10 [ 147.686582][ T8217] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.686597][ T8217] do_syscall_64+0x15f/0xf80 [ 147.686630][ T8217] ? trace_irq_disable+0x3b/0x140 [ 147.686652][ T8217] ? clear_bhb_loop+0x40/0x90 [ 147.686671][ T8217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.686686][ T8217] RIP: 0033:0x7f5bc519ce59 [ 147.686701][ T8217] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 147.686713][ T8217] RSP: 002b:00007f5bc6120028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 147.686729][ T8217] RAX: ffffffffffffffda RBX: 00007f5bc5415fa0 RCX: 00007f5bc519ce59 [ 147.686738][ T8217] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000004 [ 147.686745][ T8217] RBP: 00007f5bc6120090 R08: 0000000000000000 R09: 0000000000000000 [ 147.686753][ T8217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 147.686761][ T8217] R13: 00007f5bc5416038 R14: 00007f5bc5415fa0 R15: 00007ffc798589f8 [ 147.686786][ T8217] [ 147.700869][ T1006] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.829814][ T8221] netlink: 24 bytes leftover after parsing attributes in process `syz.4.739'. [ 148.076186][ T1006] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.325968][ T8235] netlink: 'syz.1.743': attribute type 1 has an invalid length. [ 148.576871][ T8247] netlink: Conntrack attr has 4 unknown bytes [ 149.135132][ T8256] macsec0: entered promiscuous mode [ 149.527005][ T8278] netlink: 'syz.1.753': attribute type 1 has an invalid length. [ 149.656661][ T8286] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 149.706682][ T8278] 8021q: adding VLAN 0 to HW filter on device bond3 [ 149.760706][ T8291] tipc: Enabled bearer , priority 10 [ 149.825171][ T8293] bond3: (slave geneve2): making interface the new active one [ 149.836612][ T8293] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 149.863918][ T1167] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.893511][ T1167] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.906641][ T8298] veth1_macvtap: left promiscuous mode [ 149.913490][ T8298] macsec0: entered promiscuous mode [ 149.922388][ T1167] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.950733][ T1167] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.321913][ T8302] bond3 (unregistering): Released all slaves [ 150.593610][ T8312] syzkaller0: entered promiscuous mode [ 150.631139][ T8312] syzkaller0: entered allmulticast mode [ 150.693893][ T8330] __nla_validate_parse: 2 callbacks suppressed [ 150.693908][ T8330] netlink: 8 bytes leftover after parsing attributes in process `syz.3.768'. [ 150.903311][ T8339] netlink: 20 bytes leftover after parsing attributes in process `syz.3.772'. [ 150.936185][ T8339] sit1: entered promiscuous mode [ 151.233708][ T8358] netlink: 'syz.0.777': attribute type 13 has an invalid length. [ 151.254926][ T8358] netlink: 'syz.0.777': attribute type 17 has an invalid length. [ 151.616416][ T8357] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.773411][ T8357] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 151.790382][ T8357] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 152.045146][ T8385] ieee802154 phy0 wpan0: encryption failed: -22 [ 152.236962][ T8395] block nbd3: not configured, cannot reconfigure [ 152.293059][ T8358] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.324513][ T8358] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.357585][ T8358] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.426653][ T8358] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.433898][ T8358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.457259][ T8358] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.464442][ T8358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.499662][ T8358] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 152.529689][ T8406] netlink: 4 bytes leftover after parsing attributes in process `syz.2.786'. [ 152.548144][ T8358] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 152.562095][ T8370] hid-generic 0005:0B57:0A0E.0001: item fetching failed at offset 0/1 [ 152.573145][ T8370] hid-generic 0005:0B57:0A0E.0001: probe with driver hid-generic failed with error -22 [ 152.598904][ T8358] veth1_vlan: left promiscuous mode [ 152.606026][ T8358] veth0_vlan: left promiscuous mode [ 152.613286][ T8358] veth0_vlan: entered promiscuous mode [ 152.622870][ T8358] veth1_vlan: entered promiscuous mode [ 152.637105][ T8358] veth0_macvtap: left promiscuous mode [ 152.644284][ T8358] veth0_macvtap: entered promiscuous mode [ 152.657667][ T8358] veth1_macvtap: entered promiscuous mode [ 152.663929][ T8358] macsec0: left promiscuous mode [ 152.676150][ T8358] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 152.687535][ T8358] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 152.699591][ T8358] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 152.712236][ T8358] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 152.724039][ T8358] mac80211_hwsim hwsim9 wlan0: left promiscuous mode [ 152.730939][ T8358] mac80211_hwsim hwsim9 wlan0: left allmulticast mode [ 152.741739][ T8358] 8021q: adding VLAN 0 to HW filter on device bond1 [ 152.753178][ T8358] 8021q: adding VLAN 0 to HW filter on device bond2 [ 152.763300][ T8358] 8021q: adding VLAN 0 to HW filter on device bond3 [ 153.215239][ T8428] pim6reg1: entered promiscuous mode [ 153.224026][ T8428] pim6reg1: entered allmulticast mode [ 153.462695][ T8441] netlink: 4 bytes leftover after parsing attributes in process `syz.3.800'. [ 153.552774][ T8448] netlink: 44 bytes leftover after parsing attributes in process `syz.4.802'. [ 153.577114][ T8449] netlink: 8 bytes leftover after parsing attributes in process `syz.2.803'. [ 153.666231][ T8455] bridge3: entered promiscuous mode [ 153.696564][ T8455] bridge3: entered allmulticast mode [ 153.744049][ T8455] team0: Port device bridge3 added [ 154.113674][ T8482] netlink: 8 bytes leftover after parsing attributes in process `syz.2.818'. [ 154.164212][ T8487] veth1_macvtap: left promiscuous mode [ 154.176332][ T8487] macsec0: entered promiscuous mode [ 154.394243][ T8497] netlink: 11 bytes leftover after parsing attributes in process `syz.2.813'. [ 155.794559][ T8532] netlink: 12 bytes leftover after parsing attributes in process `syz.1.825'. [ 156.050764][ T8542] 8021q: adding VLAN 0 to HW filter on device bond5 [ 156.066389][ T8542] bond5 (unregistering): Released all slaves [ 156.344791][ T8564] netlink: 48 bytes leftover after parsing attributes in process `syz.2.834'. [ 156.947678][ T8603] netlink: 8 bytes leftover after parsing attributes in process `syz.0.844'. [ 156.957978][ T8603] netlink: 31 bytes leftover after parsing attributes in process `syz.0.844'. [ 157.159207][ T8612] syzkaller0: entered promiscuous mode [ 157.164999][ T8612] syzkaller0: entered allmulticast mode [ 157.190776][ T8610] netlink: 8 bytes leftover after parsing attributes in process `syz.2.846'. [ 157.339474][ T8614] bond3 (unregistering): Released all slaves [ 157.877138][ T8641] syzkaller0: entered promiscuous mode [ 157.904259][ T8641] syzkaller0: entered allmulticast mode [ 158.063988][ T8650] netlink: 12 bytes leftover after parsing attributes in process `syz.2.864'. [ 158.104787][ T8650] netlink: 12 bytes leftover after parsing attributes in process `syz.2.864'. [ 158.146755][ T8655] bond3 (unregistering): Released all slaves [ 158.189013][ T8650] team0 (unregistering): Port device team_slave_0 removed [ 158.222021][ T8650] team0 (unregistering): Port device team_slave_1 removed [ 158.646453][ T8678] block nbd1: not configured, cannot reconfigure [ 159.019422][ T8689] syzkaller0: entered promiscuous mode [ 159.025228][ T8689] syzkaller0: entered allmulticast mode [ 159.276993][ T8709] FAULT_INJECTION: forcing a failure. [ 159.276993][ T8709] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 159.297748][ T8709] CPU: 0 UID: 0 PID: 8709 Comm: syz.2.884 Not tainted syzkaller #0 PREEMPT(full) [ 159.297772][ T8709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 159.297781][ T8709] Call Trace: [ 159.297787][ T8709] [ 159.297795][ T8709] dump_stack_lvl+0xe8/0x150 [ 159.297818][ T8709] should_fail_ex+0x412/0x560 [ 159.297842][ T8709] _copy_from_user+0x2d/0xb0 [ 159.297865][ T8709] ___sys_sendmsg+0x1c6/0x360 [ 159.297881][ T8709] ? __lock_acquire+0x6b5/0x2cf0 [ 159.297902][ T8709] ? __pfx____sys_sendmsg+0x10/0x10 [ 159.297950][ T8709] ? __fget_files+0x2a/0x420 [ 159.297967][ T8709] ? __fget_files+0x3a0/0x420 [ 159.297995][ T8709] __x64_sys_sendmsg+0x1bd/0x2a0 [ 159.298013][ T8709] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 159.298038][ T8709] ? __pfx_ksys_write+0x10/0x10 [ 159.298067][ T8709] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.298084][ T8709] do_syscall_64+0x15f/0xf80 [ 159.298104][ T8709] ? trace_irq_disable+0x3b/0x140 [ 159.298126][ T8709] ? clear_bhb_loop+0x40/0x90 [ 159.298145][ T8709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.298160][ T8709] RIP: 0033:0x7f512c39ce59 [ 159.298176][ T8709] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 159.298188][ T8709] RSP: 002b:00007f512d23d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 159.298207][ T8709] RAX: ffffffffffffffda RBX: 00007f512c615fa0 RCX: 00007f512c39ce59 [ 159.298216][ T8709] RDX: 00000000000000ee RSI: 00002000000001c0 RDI: 0000000000000004 [ 159.298225][ T8709] RBP: 00007f512d23d090 R08: 0000000000000000 R09: 0000000000000000 [ 159.298233][ T8709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 159.298241][ T8709] R13: 00007f512c616038 R14: 00007f512c615fa0 R15: 00007ffe259f4218 [ 159.298263][ T8709] [ 161.223016][ T8703] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 161.274166][ T8736] netlink: 68 bytes leftover after parsing attributes in process `syz.1.892'. [ 161.443713][ T8747] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 161.505622][ T8747] netlink: 32 bytes leftover after parsing attributes in process `syz.3.896'. [ 161.573064][ T8747] tipc: Invalid UDP bearer configuration [ 161.573123][ T8747] tipc: Enabling of bearer rejected, failed to enable media [ 161.680607][ T8759] netlink: 'syz.0.899': attribute type 40 has an invalid length. [ 161.833332][ T8767] netlink: 28 bytes leftover after parsing attributes in process `syz.2.902'. [ 161.874940][ T8767] block nbd0: not configured, cannot reconfigure [ 161.968148][ T8774] syzkaller0: entered promiscuous mode [ 161.974126][ T8774] syzkaller0: entered allmulticast mode [ 162.050578][ T8777] netlink: 20 bytes leftover after parsing attributes in process `syz.0.905'. [ 162.281511][ T8783] netlink: 12 bytes leftover after parsing attributes in process `syz.2.908'. [ 162.884926][ C1] vcan0: j1939_tp_rxtimer: 0xffff88806bfcb000: rx timeout, send abort [ 162.893591][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88806bfcb000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 163.032601][ T8795] netlink: 8 bytes leftover after parsing attributes in process `syz.4.911'. [ 163.775616][ T8799] xt_hashlimit: size too large, truncated to 1048576 [ 163.861529][ T8804] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.943092][ T8804] bridge_slave_0 (unregistering): left allmulticast mode [ 164.023621][ T8804] bridge_slave_0 (unregistering): left promiscuous mode [ 164.067141][ T8818] netlink: 68 bytes leftover after parsing attributes in process `syz.4.912'. [ 164.093870][ T8804] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.203918][ T8816] netlink: 'syz.4.912': attribute type 1 has an invalid length. [ 164.238802][ T8816] netlink: 224 bytes leftover after parsing attributes in process `syz.4.912'. [ 164.453752][ T8834] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 164.462245][ T8834] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode [ 164.481968][ T8834] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 164.607708][ T8840] block nbd4: not configured, cannot reconfigure [ 164.787144][ T8848] FAULT_INJECTION: forcing a failure. [ 164.787144][ T8848] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 164.834842][ T8848] CPU: 1 UID: 0 PID: 8848 Comm: syz.4.925 Not tainted syzkaller #0 PREEMPT(full) [ 164.834873][ T8848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 164.834882][ T8848] Call Trace: [ 164.834889][ T8848] [ 164.834896][ T8848] dump_stack_lvl+0xe8/0x150 [ 164.834919][ T8848] should_fail_ex+0x412/0x560 [ 164.834945][ T8848] _copy_from_user+0x2d/0xb0 [ 164.834967][ T8848] ___sys_sendmsg+0x1c6/0x360 [ 164.834981][ T8848] ? __lock_acquire+0x6b5/0x2cf0 [ 164.835001][ T8848] ? __pfx____sys_sendmsg+0x10/0x10 [ 164.835047][ T8848] ? __fget_files+0x2a/0x420 [ 164.835064][ T8848] ? __fget_files+0x3a0/0x420 [ 164.835090][ T8848] __x64_sys_sendmsg+0x1bd/0x2a0 [ 164.835109][ T8848] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 164.835132][ T8848] ? __pfx_ksys_write+0x10/0x10 [ 164.835159][ T8848] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.835175][ T8848] do_syscall_64+0x15f/0xf80 [ 164.835193][ T8848] ? trace_irq_disable+0x3b/0x140 [ 164.835220][ T8848] ? clear_bhb_loop+0x40/0x90 [ 164.835239][ T8848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.835253][ T8848] RIP: 0033:0x7facab99ce59 [ 164.835272][ T8848] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 164.835289][ T8848] RSP: 002b:00007facac83a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 164.835305][ T8848] RAX: ffffffffffffffda RBX: 00007facabc15fa0 RCX: 00007facab99ce59 [ 164.835315][ T8848] RDX: 0000000000004000 RSI: 0000200000000640 RDI: 0000000000000004 [ 164.835323][ T8848] RBP: 00007facac83a090 R08: 0000000000000000 R09: 0000000000000000 [ 164.835332][ T8848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 164.835340][ T8848] R13: 00007facabc16038 R14: 00007facabc15fa0 R15: 00007ffc2ca89808 [ 164.835363][ T8848] [ 164.905327][ T8846] syzkaller0: entered promiscuous mode [ 165.085571][ T8846] syzkaller0: entered allmulticast mode [ 165.792824][ T8897] FAULT_INJECTION: forcing a failure. [ 165.792824][ T8897] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 165.832623][ T8895] netlink: 4 bytes leftover after parsing attributes in process `syz.0.933'. [ 165.852064][ T8897] CPU: 1 UID: 0 PID: 8897 Comm: syz.1.935 Not tainted syzkaller #0 PREEMPT(full) [ 165.852087][ T8897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 165.852097][ T8897] Call Trace: [ 165.852103][ T8897] [ 165.852111][ T8897] dump_stack_lvl+0xe8/0x150 [ 165.852140][ T8897] should_fail_ex+0x412/0x560 [ 165.852165][ T8897] _copy_from_iter+0x1d3/0x1670 [ 165.852188][ T8897] ? rcu_is_watching+0x15/0xb0 [ 165.852213][ T8897] ? __pfx__copy_from_iter+0x10/0x10 [ 165.852247][ T8897] ? netlink_sendmsg+0x650/0xb40 [ 165.852263][ T8897] ? skb_put+0x11b/0x210 [ 165.852287][ T8897] netlink_sendmsg+0x6c0/0xb40 [ 165.852311][ T8897] ? __pfx_netlink_sendmsg+0x10/0x10 [ 165.852329][ T8897] ? aa_sock_msg_perm+0xf1/0x1b0 [ 165.852351][ T8897] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 165.852374][ T8897] ? __pfx_netlink_sendmsg+0x10/0x10 [ 165.852388][ T8897] sock_write_iter+0x49b/0x4f0 [ 165.852409][ T8897] ? __pfx_sock_write_iter+0x10/0x10 [ 165.852446][ T8897] do_iter_readv_writev+0x619/0x8c0 [ 165.852471][ T8897] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 165.852497][ T8897] ? bpf_lsm_file_permission+0x9/0x20 [ 165.852517][ T8897] ? security_file_permission+0x75/0x260 [ 165.852534][ T8897] ? rw_verify_area+0x255/0x4d0 [ 165.852557][ T8897] vfs_writev+0x33c/0x990 [ 165.852580][ T8897] ? __pfx_vfs_writev+0x10/0x10 [ 165.852614][ T8897] ? __fget_files+0x2a/0x420 [ 165.852635][ T8897] ? __fget_files+0x3a0/0x420 [ 165.852652][ T8897] ? __fget_files+0x2a/0x420 [ 165.852677][ T8897] do_writev+0x154/0x2e0 [ 165.852695][ T8897] ? __pfx_do_writev+0x10/0x10 [ 165.852719][ T8897] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.852734][ T8897] do_syscall_64+0x15f/0xf80 [ 165.852750][ T8897] ? trace_irq_disable+0x3b/0x140 [ 165.852769][ T8897] ? clear_bhb_loop+0x40/0x90 [ 165.852788][ T8897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.852803][ T8897] RIP: 0033:0x7f87ecb9ce59 [ 165.852818][ T8897] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 165.852829][ T8897] RSP: 002b:00007f87edae8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 165.852846][ T8897] RAX: ffffffffffffffda RBX: 00007f87ece15fa0 RCX: 00007f87ecb9ce59 [ 165.852857][ T8897] RDX: 0000000000000001 RSI: 0000200000000280 RDI: 0000000000000004 [ 165.852866][ T8897] RBP: 00007f87edae8090 R08: 0000000000000000 R09: 0000000000000000 [ 165.852875][ T8897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 165.852884][ T8897] R13: 00007f87ece16038 R14: 00007f87ece15fa0 R15: 00007ffde54ad7c8 [ 165.852909][ T8897] [ 166.218560][ T8901] netlink: 4 bytes leftover after parsing attributes in process `syz.0.933'. [ 166.296992][ T8891] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 166.349687][ T8915] netlink: 'syz.1.937': attribute type 1 has an invalid length. [ 167.630558][ T8895] team1: entered promiscuous mode [ 167.638150][ T8895] team1: entered allmulticast mode [ 167.644513][ T8895] 8021q: adding VLAN 0 to HW filter on device team1 [ 167.692396][ T8901] team2: entered promiscuous mode [ 167.697521][ T8901] team2: entered allmulticast mode [ 167.705033][ T8901] 8021q: adding VLAN 0 to HW filter on device team2 [ 167.720784][ T8915] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 167.744901][ T8920] netlink: 8 bytes leftover after parsing attributes in process `syz.3.938'. [ 167.868152][ T8924] macsec0: entered promiscuous mode [ 167.875349][ T8926] FAULT_INJECTION: forcing a failure. [ 167.875349][ T8926] name failslab, interval 1, probability 0, space 0, times 0 [ 167.919146][ T8926] CPU: 0 UID: 0 PID: 8926 Comm: syz.2.941 Not tainted syzkaller #0 PREEMPT(full) [ 167.919171][ T8926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 167.919180][ T8926] Call Trace: [ 167.919186][ T8926] [ 167.919191][ T8926] dump_stack_lvl+0xe8/0x150 [ 167.919215][ T8926] should_fail_ex+0x412/0x560 [ 167.919240][ T8926] should_failslab+0xa8/0x100 [ 167.919264][ T8926] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 167.919284][ T8926] ? __alloc_skb+0x186/0x7d0 [ 167.919303][ T8926] ? __alloc_skb+0x1d0/0x7d0 [ 167.919321][ T8926] ? __local_bh_enable_ip+0xd0/0x130 [ 167.919341][ T8926] __alloc_skb+0x1d0/0x7d0 [ 167.919366][ T8926] netlink_sendmsg+0x5d4/0xb40 [ 167.919391][ T8926] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.919410][ T8926] ? aa_sock_msg_perm+0xf1/0x1b0 [ 167.919430][ T8926] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 167.919454][ T8926] ____sys_sendmsg+0x972/0x9f0 [ 167.919469][ T8926] ? __might_fault+0xaf/0x130 [ 167.919494][ T8926] ? __pfx_____sys_sendmsg+0x10/0x10 [ 167.919525][ T8926] ? import_iovec+0x73/0xa0 [ 167.919549][ T8926] ___sys_sendmsg+0x2a5/0x360 [ 167.919564][ T8926] ? __lock_acquire+0x6b5/0x2cf0 [ 167.919584][ T8926] ? __pfx____sys_sendmsg+0x10/0x10 [ 167.919630][ T8926] ? __fget_files+0x2a/0x420 [ 167.919648][ T8926] ? __fget_files+0x3a0/0x420 [ 167.919673][ T8926] __x64_sys_sendmsg+0x1bd/0x2a0 [ 167.919690][ T8926] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 167.919714][ T8926] ? __pfx_ksys_write+0x10/0x10 [ 167.919744][ T8926] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.919761][ T8926] do_syscall_64+0x15f/0xf80 [ 167.919782][ T8926] ? trace_irq_disable+0x3b/0x140 [ 167.919803][ T8926] ? clear_bhb_loop+0x40/0x90 [ 167.919821][ T8926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.919835][ T8926] RIP: 0033:0x7f512c39ce59 [ 167.919851][ T8926] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 167.919863][ T8926] RSP: 002b:00007f512d23d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 167.919880][ T8926] RAX: ffffffffffffffda RBX: 00007f512c615fa0 RCX: 00007f512c39ce59 [ 167.919891][ T8926] RDX: 0000000000004000 RSI: 0000200000000640 RDI: 0000000000000004 [ 167.919900][ T8926] RBP: 00007f512d23d090 R08: 0000000000000000 R09: 0000000000000000 [ 167.919909][ T8926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 167.919917][ T8926] R13: 00007f512c616038 R14: 00007f512c615fa0 R15: 00007ffe259f4218 [ 167.919943][ T8926] [ 168.419697][ T8944] netlink: 4 bytes leftover after parsing attributes in process `syz.1.946'. [ 168.594183][ T8956] block nbd3: not configured, cannot reconfigure [ 168.812715][ T8972] netlink: 'syz.3.951': attribute type 1 has an invalid length. [ 169.260770][ T8996] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 169.431190][ T8962] syzkaller0: entered promiscuous mode [ 169.436894][ T8962] syzkaller0: entered allmulticast mode [ 169.488739][ T8972] 8021q: adding VLAN 0 to HW filter on device bond3 [ 169.515813][ T8980] bond3: (slave geneve2): making interface the new active one [ 169.524772][ T8980] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 169.626899][ T8998] veth1_macvtap: left promiscuous mode [ 169.726211][ T9007] FAULT_INJECTION: forcing a failure. [ 169.726211][ T9007] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 169.741181][ T9007] CPU: 0 UID: 0 PID: 9007 Comm: syz.3.956 Not tainted syzkaller #0 PREEMPT(full) [ 169.741203][ T9007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 169.741211][ T9007] Call Trace: [ 169.741217][ T9007] [ 169.741224][ T9007] dump_stack_lvl+0xe8/0x150 [ 169.741247][ T9007] should_fail_ex+0x412/0x560 [ 169.741271][ T9007] _copy_to_user+0x31/0xb0 [ 169.741381][ T9007] simple_read_from_buffer+0xe1/0x170 [ 169.741404][ T9007] proc_fail_nth_read+0x1bb/0x230 [ 169.741425][ T9007] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 169.741445][ T9007] ? rw_verify_area+0x2a6/0x4d0 [ 169.741475][ T9007] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 169.741494][ T9007] vfs_read+0x20c/0xa70 [ 169.741516][ T9007] ? __pfx___mutex_lock+0x10/0x10 [ 169.741531][ T9007] ? __pfx_vfs_read+0x10/0x10 [ 169.741551][ T9007] ? __fget_files+0x2a/0x420 [ 169.741568][ T9007] ? __fget_files+0x3a0/0x420 [ 169.741580][ T9007] ? __fget_files+0x2a/0x420 [ 169.741600][ T9007] ksys_read+0x150/0x270 [ 169.741617][ T9007] ? __pfx_ksys_read+0x10/0x10 [ 169.741638][ T9007] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.741651][ T9007] do_syscall_64+0x15f/0xf80 [ 169.741667][ T9007] ? trace_irq_disable+0x3b/0x140 [ 169.741684][ T9007] ? clear_bhb_loop+0x40/0x90 [ 169.741698][ T9007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.741709][ T9007] RIP: 0033:0x7f5bc515d68e [ 169.741722][ T9007] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 169.741731][ T9007] RSP: 002b:00007f5bc611ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 169.741744][ T9007] RAX: ffffffffffffffda RBX: 00007f5bc61206c0 RCX: 00007f5bc515d68e [ 169.741753][ T9007] RDX: 000000000000000f RSI: 00007f5bc61200a0 RDI: 0000000000000005 [ 169.741760][ T9007] RBP: 00007f5bc6120090 R08: 0000000000000000 R09: 0000000000000000 [ 169.741766][ T9007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 169.741773][ T9007] R13: 00007f5bc5416038 R14: 00007f5bc5415fa0 R15: 00007ffc798589f8 [ 169.741794][ T9007] [ 170.041515][ T9012] netlink: 620 bytes leftover after parsing attributes in process `syz.1.959'. [ 170.103528][ T9016] netlink: 'syz.3.958': attribute type 4 has an invalid length. [ 170.180954][ T9019] netlink: 8 bytes leftover after parsing attributes in process `syz.0.960'. [ 170.291774][ T9023] nbd: must specify a device to reconfigure [ 172.085541][ T9045] FAULT_INJECTION: forcing a failure. [ 172.085541][ T9045] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 172.129543][ T9045] CPU: 1 UID: 0 PID: 9045 Comm: syz.1.965 Not tainted syzkaller #0 PREEMPT(full) [ 172.129567][ T9045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 172.129575][ T9045] Call Trace: [ 172.129582][ T9045] [ 172.129589][ T9045] dump_stack_lvl+0xe8/0x150 [ 172.129621][ T9045] should_fail_ex+0x412/0x560 [ 172.129646][ T9045] _copy_from_iter+0x1d3/0x1670 [ 172.129670][ T9045] ? rcu_is_watching+0x15/0xb0 [ 172.129694][ T9045] ? __pfx__copy_from_iter+0x10/0x10 [ 172.129720][ T9045] ? netlink_sendmsg+0x650/0xb40 [ 172.129735][ T9045] ? skb_put+0x11b/0x210 [ 172.129759][ T9045] netlink_sendmsg+0x6c0/0xb40 [ 172.129783][ T9045] ? __pfx_netlink_sendmsg+0x10/0x10 [ 172.129802][ T9045] ? aa_sock_msg_perm+0xf1/0x1b0 [ 172.129823][ T9045] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 172.129846][ T9045] ____sys_sendmsg+0x972/0x9f0 [ 172.129862][ T9045] ? __might_fault+0xaf/0x130 [ 172.129885][ T9045] ? __pfx_____sys_sendmsg+0x10/0x10 [ 172.129909][ T9045] ? import_iovec+0x73/0xa0 [ 172.129933][ T9045] ___sys_sendmsg+0x2a5/0x360 [ 172.129947][ T9045] ? __lock_acquire+0x6b5/0x2cf0 [ 172.129968][ T9045] ? __pfx____sys_sendmsg+0x10/0x10 [ 172.130015][ T9045] ? __fget_files+0x2a/0x420 [ 172.130031][ T9045] ? __fget_files+0x3a0/0x420 [ 172.130058][ T9045] __x64_sys_sendmsg+0x1bd/0x2a0 [ 172.130076][ T9045] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 172.130100][ T9045] ? __pfx_ksys_write+0x10/0x10 [ 172.130127][ T9045] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.130143][ T9045] do_syscall_64+0x15f/0xf80 [ 172.130163][ T9045] ? trace_irq_disable+0x3b/0x140 [ 172.130185][ T9045] ? clear_bhb_loop+0x40/0x90 [ 172.130203][ T9045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.130218][ T9045] RIP: 0033:0x7f87ecb9ce59 [ 172.130234][ T9045] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 172.130246][ T9045] RSP: 002b:00007f87edae8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 172.130262][ T9045] RAX: ffffffffffffffda RBX: 00007f87ece15fa0 RCX: 00007f87ecb9ce59 [ 172.130272][ T9045] RDX: 0000000000004000 RSI: 0000200000000640 RDI: 0000000000000004 [ 172.130282][ T9045] RBP: 00007f87edae8090 R08: 0000000000000000 R09: 0000000000000000 [ 172.130291][ T9045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 172.130299][ T9045] R13: 00007f87ece16038 R14: 00007f87ece15fa0 R15: 00007ffde54ad7c8 [ 172.130325][ T9045] [ 172.386685][ T9030] syzkaller0: entered promiscuous mode [ 172.392588][ T9030] syzkaller0: entered allmulticast mode [ 173.918062][ T9050] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 174.053819][ T9068] FAULT_INJECTION: forcing a failure. [ 174.053819][ T9068] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 174.083712][ T9068] CPU: 1 UID: 0 PID: 9068 Comm: syz.4.972 Not tainted syzkaller #0 PREEMPT(full) [ 174.083734][ T9068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 174.083742][ T9068] Call Trace: [ 174.083748][ T9068] [ 174.083755][ T9068] dump_stack_lvl+0xe8/0x150 [ 174.083779][ T9068] should_fail_ex+0x412/0x560 [ 174.083804][ T9068] _copy_from_user+0x2d/0xb0 [ 174.083826][ T9068] ___sys_recvmsg+0x175/0x590 [ 174.083848][ T9068] ? __pfx____sys_recvmsg+0x10/0x10 [ 174.083867][ T9068] ? __fget_files+0x2a/0x420 [ 174.083899][ T9068] ? __fget_files+0x3a0/0x420 [ 174.083925][ T9068] do_recvmmsg+0x334/0x800 [ 174.083949][ T9068] ? __pfx_do_recvmmsg+0x10/0x10 [ 174.083985][ T9068] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 174.084024][ T9068] __x64_sys_recvmmsg+0x198/0x250 [ 174.084043][ T9068] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 174.084067][ T9068] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.084084][ T9068] do_syscall_64+0x15f/0xf80 [ 174.084104][ T9068] ? trace_irq_disable+0x3b/0x140 [ 174.084126][ T9068] ? clear_bhb_loop+0x40/0x90 [ 174.084145][ T9068] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.084159][ T9068] RIP: 0033:0x7facab99ce59 [ 174.084174][ T9068] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 174.084187][ T9068] RSP: 002b:00007facac83a028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 174.084204][ T9068] RAX: ffffffffffffffda RBX: 00007facabc15fa0 RCX: 00007facab99ce59 [ 174.084215][ T9068] RDX: 0000000000000001 RSI: 0000200000000dc0 RDI: 0000000000000004 [ 174.084224][ T9068] RBP: 00007facac83a090 R08: 0000000000000000 R09: 0000000000000000 [ 174.084233][ T9068] R10: 0000000040002022 R11: 0000000000000246 R12: 0000000000000001 [ 174.084242][ T9068] R13: 00007facabc16038 R14: 00007facabc15fa0 R15: 00007ffc2ca89808 [ 174.084268][ T9068] [ 174.310802][ T9073] netlink: 620 bytes leftover after parsing attributes in process `syz.2.975'. [ 174.505664][ T9086] netlink: 8 bytes leftover after parsing attributes in process `syz.0.976'. [ 174.520908][ T9087] trusted_key: syz.2.979 sent an empty control message without MSG_MORE. [ 174.543436][ T9087] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 174.765980][ T9083] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 176.290754][ T9097] netlink: 64 bytes leftover after parsing attributes in process `syz.2.983'. [ 176.300240][ T9097] netlink: 64 bytes leftover after parsing attributes in process `syz.2.983'. [ 176.461255][ T9121] vlan2: entered promiscuous mode [ 176.465674][ T9123] FAULT_INJECTION: forcing a failure. [ 176.465674][ T9123] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 176.484736][ T9121] bridge0: entered promiscuous mode [ 176.507315][ T9123] CPU: 1 UID: 0 PID: 9123 Comm: syz.2.988 Not tainted syzkaller #0 PREEMPT(full) [ 176.507338][ T9123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 176.507347][ T9123] Call Trace: [ 176.507354][ T9123] [ 176.507361][ T9123] dump_stack_lvl+0xe8/0x150 [ 176.507384][ T9123] should_fail_ex+0x412/0x560 [ 176.507410][ T9123] _copy_to_user+0x31/0xb0 [ 176.507435][ T9123] simple_read_from_buffer+0xe1/0x170 [ 176.507459][ T9123] proc_fail_nth_read+0x1bb/0x230 [ 176.507483][ T9123] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 176.507506][ T9123] ? rw_verify_area+0x2a6/0x4d0 [ 176.507526][ T9123] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 176.507546][ T9123] vfs_read+0x20c/0xa70 [ 176.507573][ T9123] ? __pfx___mutex_lock+0x10/0x10 [ 176.507589][ T9123] ? __pfx_vfs_read+0x10/0x10 [ 176.507611][ T9123] ? __fget_files+0x2a/0x420 [ 176.507634][ T9123] ? __fget_files+0x3a0/0x420 [ 176.507650][ T9123] ? __fget_files+0x2a/0x420 [ 176.507674][ T9123] ksys_read+0x150/0x270 [ 176.507695][ T9123] ? __pfx_ksys_read+0x10/0x10 [ 176.507721][ T9123] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.507736][ T9123] do_syscall_64+0x15f/0xf80 [ 176.507756][ T9123] ? trace_irq_disable+0x3b/0x140 [ 176.507776][ T9123] ? clear_bhb_loop+0x40/0x90 [ 176.507796][ T9123] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.507811][ T9123] RIP: 0033:0x7f512c35d68e [ 176.507826][ T9123] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 176.507838][ T9123] RSP: 002b:00007f512d23cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 176.507855][ T9123] RAX: ffffffffffffffda RBX: 00007f512d23d6c0 RCX: 00007f512c35d68e [ 176.507865][ T9123] RDX: 000000000000000f RSI: 00007f512d23d0a0 RDI: 0000000000000005 [ 176.507875][ T9123] RBP: 00007f512d23d090 R08: 0000000000000000 R09: 0000000000000000 [ 176.507882][ T9123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 176.507891][ T9123] R13: 00007f512c616038 R14: 00007f512c615fa0 R15: 00007ffe259f4218 [ 176.507919][ T9123] [ 176.790595][ T9127] netlink: 620 bytes leftover after parsing attributes in process `syz.3.989'. [ 176.885895][ T9133] netlink: 16 bytes leftover after parsing attributes in process `syz.2.994'. [ 176.909761][ T9134] netlink: 'syz.0.990': attribute type 1 has an invalid length. [ 176.937286][ T9133] netlink: 57 bytes leftover after parsing attributes in process `syz.2.994'. [ 176.964471][ T9134] 8021q: adding VLAN 0 to HW filter on device bond4 [ 176.996238][ T9140] netlink: 8 bytes leftover after parsing attributes in process `syz.3.995'. [ 177.093033][ T9148] netlink: 'syz.0.997': attribute type 4 has an invalid length. [ 177.193176][ T9157] netlink: 'syz.0.999': attribute type 4 has an invalid length. [ 177.288708][ T9161] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1000'. [ 177.393239][ T9164] syzkaller0: entered promiscuous mode [ 177.406750][ T9164] syzkaller0: entered allmulticast mode [ 177.427322][ T9168] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1002'. [ 179.098560][ T9186] netlink: 'syz.4.1008': attribute type 1 has an invalid length. [ 179.203777][ T9186] 8021q: adding VLAN 0 to HW filter on device bond3 [ 179.299218][ T9186] bond3: (slave geneve2): making interface the new active one [ 179.310490][ T9186] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 179.336970][ T9189] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 179.477770][ T9202] xt_connbytes: Forcing CT accounting to be enabled [ 179.478685][ T9204] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1013'. [ 179.493672][ T9204] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1013'. [ 179.498854][ T9202] x_tables: ip_tables: esp match: only valid for protocol 50 [ 180.015965][ T9210] syzkaller0: entered promiscuous mode [ 180.022200][ T9210] syzkaller0: entered allmulticast mode [ 182.141497][ T9231] nbd: socks must be embedded in a SOCK_ITEM attr [ 182.876648][ T9224] lo speed is unknown, defaulting to 1000 [ 182.884898][ T9224] lo speed is unknown, defaulting to 1000 [ 182.987434][ T9224] lo speed is unknown, defaulting to 1000 [ 183.062883][ T9224] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 183.085344][ T9237] netlink: 620 bytes leftover after parsing attributes in process `syz.0.1020'. [ 183.087468][ T9224] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 183.132924][ T9224] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 183.189369][ T9243] block nbd3: not configured, cannot reconfigure [ 183.197775][ T9224] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 183.205904][ T9243] FAULT_INJECTION: forcing a failure. [ 183.205904][ T9243] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 183.233980][ T9243] CPU: 1 UID: 0 PID: 9243 Comm: syz.3.1022 Not tainted syzkaller #0 PREEMPT(full) [ 183.234003][ T9243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 183.234013][ T9243] Call Trace: [ 183.234020][ T9243] [ 183.234027][ T9243] dump_stack_lvl+0xe8/0x150 [ 183.234052][ T9243] should_fail_ex+0x412/0x560 [ 183.234078][ T9243] _copy_to_user+0x31/0xb0 [ 183.234103][ T9243] simple_read_from_buffer+0xe1/0x170 [ 183.234127][ T9243] proc_fail_nth_read+0x1bb/0x230 [ 183.234150][ T9243] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 183.234173][ T9243] ? rw_verify_area+0x2a6/0x4d0 [ 183.234193][ T9243] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 183.234214][ T9243] vfs_read+0x20c/0xa70 [ 183.234240][ T9243] ? __pfx___mutex_lock+0x10/0x10 [ 183.234257][ T9243] ? __pfx_vfs_read+0x10/0x10 [ 183.234278][ T9243] ? __fget_files+0x2a/0x420 [ 183.234301][ T9243] ? __fget_files+0x3a0/0x420 [ 183.234318][ T9243] ? __fget_files+0x2a/0x420 [ 183.234344][ T9243] ksys_read+0x150/0x270 [ 183.234367][ T9243] ? __pfx_ksys_read+0x10/0x10 [ 183.234396][ T9243] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.234414][ T9243] do_syscall_64+0x15f/0xf80 [ 183.234435][ T9243] ? trace_irq_disable+0x3b/0x140 [ 183.234457][ T9243] ? clear_bhb_loop+0x40/0x90 [ 183.234476][ T9243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.234499][ T9243] RIP: 0033:0x7f5bc515d68e [ 183.234515][ T9243] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 183.234529][ T9243] RSP: 002b:00007f5bc611ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 183.234546][ T9243] RAX: ffffffffffffffda RBX: 00007f5bc61206c0 RCX: 00007f5bc515d68e [ 183.234558][ T9243] RDX: 000000000000000f RSI: 00007f5bc61200a0 RDI: 0000000000000006 [ 183.234567][ T9243] RBP: 00007f5bc6120090 R08: 0000000000000000 R09: 0000000000000000 [ 183.234577][ T9243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 183.234586][ T9243] R13: 00007f5bc5416038 R14: 00007f5bc5415fa0 R15: 00007ffc798589f8 [ 183.234614][ T9243] [ 183.235542][ T9224] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 183.625766][ T9258] tipc: Can't bind to reserved service type 0 [ 183.629563][ T9224] lo speed is unknown, defaulting to 1000 [ 183.670847][ T9224] lo speed is unknown, defaulting to 1000 [ 183.722525][ T9224] lo speed is unknown, defaulting to 1000 [ 183.735415][ T9262] netlink: 'syz.0.1027': attribute type 9 has an invalid length. [ 183.737921][ T9224] lo speed is unknown, defaulting to 1000 [ 183.792813][ T9264] netlink: 8905 bytes leftover after parsing attributes in process `syz.0.1027'. [ 183.888167][ T9224] lo speed is unknown, defaulting to 1000 [ 184.043433][ T9275] netlink: 'syz.2.1030': attribute type 1 has an invalid length. [ 184.107494][ T9279] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 184.139141][ T9284] netlink: 620 bytes leftover after parsing attributes in process `syz.0.1033'. [ 184.152047][ T1006] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.189214][ T1006] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.280105][ T9275] 8021q: adding VLAN 0 to HW filter on device bond3 [ 184.681163][ T9308] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1038'. [ 186.354923][ T9290] syzkaller0: entered promiscuous mode [ 186.361319][ T9290] syzkaller0: entered allmulticast mode [ 186.574977][ T9335] block nbd4: not configured, cannot reconfigure [ 186.652788][ T9339] netlink: 'syz.0.1042': attribute type 1 has an invalid length. [ 186.985373][ T9350] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1044'. [ 188.622984][ T9355] netlink: 'syz.2.1046': attribute type 1 has an invalid length. [ 188.715523][ T9342] 8021q: adding VLAN 0 to HW filter on device bond6 [ 188.727337][ T9359] netlink: 'syz.1.1047': attribute type 1 has an invalid length. [ 188.740528][ T9342] bond5: (slave bond6): making interface the new active one [ 188.749177][ T9361] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1046'. [ 188.759559][ T9342] bond5: (slave bond6): Enslaving as an active interface with an up link [ 188.814277][ T9365] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 188.823056][ T9365] IPv6: NLM_F_CREATE should be set when creating new route [ 188.854380][ T9367] netlink: 204 bytes leftover after parsing attributes in process `syz.3.1049'. [ 188.892686][ T9357] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address [ 188.906727][ T9357] bond4: (slave vxcan3): Setting fail_over_mac to active for active-backup mode [ 188.930370][ T9357] bond4: (slave vxcan3): making interface the new active one [ 188.938907][ T9357] bond4: (slave vxcan3): Enslaving as an active interface with an up link [ 189.006235][ T9359] 8021q: adding VLAN 0 to HW filter on device bond5 [ 189.025867][ T9361] bond4 (unregistering): (slave vxcan3): Releasing backup interface [ 189.057796][ T9361] bond4 (unregistering): Released all slaves [ 189.236056][ T9379] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1051'. [ 189.295468][ T9365] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.487426][ T9365] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 189.520327][ T9365] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 189.873417][ T9409] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 189.959836][ T5723] lo speed is unknown, defaulting to 1000 [ 189.985941][ T5723] syz2: Port: 1 Link DOWN [ 190.162174][ T1167] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.205216][ T1167] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.247577][ T1167] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.341348][ T9423] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1059'. [ 191.115902][ T5627] Bluetooth: hci3: command 0x0406 tx timeout [ 191.123224][ T50] Bluetooth: hci2: command 0x0406 tx timeout [ 191.129786][ T5627] Bluetooth: hci1: command 0x0406 tx timeout [ 192.268581][ T9415] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1056'. [ 192.279210][ T1167] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.477660][ T9452] netlink: 'syz.2.1061': attribute type 1 has an invalid length. [ 192.501039][ T9454] netlink: 'syz.3.1062': attribute type 15 has an invalid length. [ 192.543861][ T9454] netlink: 666 bytes leftover after parsing attributes in process `syz.3.1062'. [ 192.570655][ T9452] 8021q: adding VLAN 0 to HW filter on device bond4 [ 192.926092][ T9479] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1068'. [ 193.059658][ T9488] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1071'. [ 193.331024][ T9506] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1076'. [ 193.372944][ T9506] netlink: 'syz.4.1076': attribute type 9 has an invalid length. [ 193.493177][ T9517] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1077'. [ 193.519350][ T9517] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1077'. [ 193.809866][ T9504] syzkaller0: entered promiscuous mode [ 193.815403][ T9504] syzkaller0: entered allmulticast mode [ 194.159146][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.733092][ T9533] veth0: entered promiscuous mode [ 195.739216][ T9536] wlan0: mtu less than device minimum [ 195.760963][ T9541] veth0: left promiscuous mode [ 195.771469][ T9545] netlink: 280 bytes leftover after parsing attributes in process `syz.1.1083'. [ 195.900924][ T9549] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1084'. [ 195.922345][ T9548] macsec0: entered allmulticast mode [ 196.148043][ T9566] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1085'. [ 196.205662][ T9566] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1085'. [ 196.315678][ T5628] Bluetooth: hci3: command 0x0406 tx timeout [ 196.427754][ T9580] netlink: 'syz.1.1093': attribute type 1 has an invalid length. [ 196.524400][ T9548] pim6reg1: entered allmulticast mode [ 196.598980][ T9580] bond6: entered promiscuous mode [ 196.605062][ T9580] 8021q: adding VLAN 0 to HW filter on device bond6 [ 197.048500][ T9578] macvtap1: entered allmulticast mode [ 197.133840][ T9580] bond6: (slave bridge1): making interface the new active one [ 197.158847][ T9580] bridge1: entered promiscuous mode [ 197.176299][ T9580] bond6: (slave bridge1): Enslaving as an active interface with an up link [ 197.202584][ T9589] tipc: Cannot configure node identity twice [ 197.350805][ T9585] lo speed is unknown, defaulting to 1000 [ 197.376509][ T9596] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1099'. [ 197.517595][ T9604] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1097'. [ 197.534953][ T9604] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1097'. [ 197.535582][ T9607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1100'. [ 197.561386][ T9604] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1097'. [ 197.590445][ T9604] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1097'. [ 197.627851][ T9612] netlink: 'syz.1.1101': attribute type 1 has an invalid length. [ 197.686111][ T9612] 8021q: adding VLAN 0 to HW filter on device bond7 [ 197.866091][ T9619] vlan4: entered allmulticast mode [ 197.871437][ T9619] bond0: entered allmulticast mode [ 197.891362][ T9624] netlink: 'syz.4.1104': attribute type 4 has an invalid length. [ 197.901706][ T9624] syzkaller1: entered promiscuous mode [ 197.911378][ T9624] syzkaller1: entered allmulticast mode [ 198.036247][ T9626] netlink: 'syz.1.1105': attribute type 11 has an invalid length. [ 198.114161][ T9633] xt_socket: unknown flags 0x50 [ 198.310449][ T9644] openvswitch: netlink: Message has 2 unknown bytes. [ 198.710080][ T9652] block nbd1: not configured, cannot reconfigure [ 198.823387][ T9654] syzkaller0: entered promiscuous mode [ 198.831418][ T9654] syzkaller0: entered allmulticast mode [ 198.849309][ T9658] netlink: 'syz.1.1115': attribute type 84 has an invalid length. [ 199.244505][ T9670] bond7 (unregistering): Released all slaves [ 199.660611][ T9694] syzkaller0: entered promiscuous mode [ 199.676450][ T9694] syzkaller0: entered allmulticast mode [ 199.781825][ T9702] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 200.209515][ T9721] netlink: 'syz.4.1135': attribute type 15 has an invalid length. [ 200.371593][ T9725] lo speed is unknown, defaulting to 1000 [ 200.434237][ T9728] netdevsim netdevsim4 €Â: renamed from netdevsim0 [ 200.814458][ T9747] netlink: 'syz.2.1143': attribute type 1 has an invalid length. [ 200.916036][ T9737] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 201.066205][ T9747] 8021q: adding VLAN 0 to HW filter on device bond5 [ 201.111240][ T9750] netdevsim netdevsim0: Direct firmware load for . failed with error -2 [ 201.127361][ T9750] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 201.153951][ T9752] tipc: Invalid UDP bearer configuration [ 201.154000][ T9752] tipc: Enabling of bearer rejected, failed to enable media [ 201.263860][ T9752] xt_hashlimit: size too large, truncated to 1048576 [ 201.514519][ T9765] batadv_slave_0: entered allmulticast mode [ 201.535532][ T9765] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 201.685751][ T9770] __nla_validate_parse: 12 callbacks suppressed [ 201.685770][ T9770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1149'. [ 202.057361][ T9783] lo speed is unknown, defaulting to 1000 [ 203.166104][ T9812] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1161'. [ 203.175688][ T9812] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1161'. [ 203.372979][ T9798] lo speed is unknown, defaulting to 1000 [ 203.452158][ T9814] netlink: 620 bytes leftover after parsing attributes in process `syz.3.1163'. [ 203.981503][ T48] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.043459][ T48] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.063670][ T48] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.082794][ T48] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.097894][ T9848] syz_tun: left allmulticast mode [ 204.103593][ T9848] syz_tun: left promiscuous mode [ 204.108897][ T9848] bridge0: port 3(syz_tun) entered disabled state [ 204.126128][ T9848] bridge_slave_1: left allmulticast mode [ 204.132099][ T9848] bridge_slave_1: left promiscuous mode [ 204.137917][ T9848] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.155956][ T9848] bond0: (slave bond_slave_0): Releasing backup interface [ 204.169672][ T9848] bond0: (slave bond_slave_1): Releasing backup interface [ 204.189927][ T9848] team0: Port device team_slave_0 removed [ 204.207647][ T9848] team0: Port device team_slave_1 removed [ 204.218412][ T9848] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 204.226011][ T9848] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 204.235278][ T9848] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 204.245433][ T9848] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 204.255038][ T9848] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 204.272179][ T48] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.282288][ T48] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.299103][ T9849] ip6gre1: entered allmulticast mode [ 204.311485][ T9849] team0: Port device ip6gre1 added [ 204.333731][ T48] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.350728][ T48] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.540616][ T9856] netlink: 'syz.1.1174': attribute type 4 has an invalid length. [ 204.626872][ T9863] netlink: 620 bytes leftover after parsing attributes in process `syz.3.1177'. [ 204.800761][ T9870] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.831237][ T9870] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.869902][ T9870] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.912459][ T9883] netlink: 'syz.3.1183': attribute type 1 has an invalid length. [ 204.947083][ T9870] batadv_slave_0: left allmulticast mode [ 204.953707][ T9870] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 204.964526][ T9870] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.977927][ T9870] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 204.988927][ T9870] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 205.000065][ T9870] 8021q: adding VLAN 0 to HW filter on device hsr0 [ 205.011953][ T9870] veth1_vlan: left promiscuous mode [ 205.018126][ T9870] veth0_vlan: left promiscuous mode [ 205.025255][ T9870] veth0_vlan: entered promiscuous mode [ 205.036276][ T9870] veth1_vlan: entered promiscuous mode [ 205.045893][ T9870] veth1_macvtap: left promiscuous mode [ 205.052582][ T9870] veth0_macvtap: left promiscuous mode [ 205.059085][ T9870] veth0_macvtap: entered promiscuous mode [ 205.066009][ T9870] veth1_macvtap: entered promiscuous mode [ 205.072378][ T9870] macsec0: left promiscuous mode [ 205.082900][ T9870] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 205.092090][ T9870] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 205.100324][ T9870] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 205.109137][ T9870] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 205.119189][ T9870] 8021q: adding VLAN 0 to HW filter on device bond1 [ 205.127285][ T9870] 8021q: adding VLAN 0 to HW filter on device bond2 [ 205.136279][ T9870] 8021q: adding VLAN 0 to HW filter on device bond3 [ 205.147093][ T9870] 8021q: adding VLAN 0 to HW filter on device bond4 [ 205.156052][ T9870] 8021q: adding VLAN 0 to HW filter on device bond5 [ 205.163481][ T9870] bond6: left promiscuous mode [ 205.168495][ T9870] bridge1: left promiscuous mode [ 205.174365][ T9870] 8021q: adding VLAN 0 to HW filter on device bond6 [ 205.182267][ T9870] bond6: entered allmulticast mode [ 205.187428][ T9870] bridge1: entered allmulticast mode [ 205.196150][ T9870] macvtap1: left allmulticast mode [ 205.201355][ T9870] bond6: left allmulticast mode [ 205.206301][ T9870] bridge1: left allmulticast mode [ 205.212555][ T9870] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 205.221186][ T9870] bridge1: entered promiscuous mode [ 205.226936][ T9870] 8021q: adding VLAN 0 to HW filter on device bond7 [ 205.236591][ T9870] A link change request failed with some changes committed already. Interface geneve3 may have been left with an inconsistent configuration, please check. [ 205.325067][ T1167] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.332366][ T1167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.362420][ T1167] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.370798][ T1167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.465647][ T48] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.483220][ T48] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.555454][ T48] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.585181][ T48] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 208.321627][ T9887] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 208.501171][ T9920] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1191'. [ 208.780130][ T9939] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1197'. [ 208.784543][ T9940] netlink: 'syz.1.1199': attribute type 1 has an invalid length. [ 208.833419][ T9947] netlink: 'syz.2.1197': attribute type 21 has an invalid length. [ 208.873134][ T30] audit: type=1804 audit(1778979270.810:2): pid=9950 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1201" name="/newroot/265/memory.events" dev="tmpfs" ino=1357 res=1 errno=0 [ 208.929284][ T30] audit: type=1800 audit(1778979270.810:3): pid=9950 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1201" name="memory.events" dev="tmpfs" ino=1357 res=0 errno=0 [ 208.952431][ T30] audit: type=1804 audit(1778979270.810:4): pid=9950 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1201" name="/newroot/265/memory.events" dev="tmpfs" ino=1357 res=1 errno=0 [ 208.981856][ T9940] 8021q: adding VLAN 0 to HW filter on device bond8 [ 209.022631][ T9947] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1197'. [ 209.040530][ T9937] veth2: entered allmulticast mode [ 209.825952][ T9980] IPVS: set_ctl: invalid protocol: 50 127.0.0.1:20004 [ 209.838765][ T9977] ipip0: entered promiscuous mode [ 209.851740][ T9977] netlink: 'syz.4.1210': attribute type 2 has an invalid length. [ 209.892303][ T9977] netlink: 'syz.4.1210': attribute type 1 has an invalid length. [ 209.914279][ T9977] netlink: 'syz.4.1210': attribute type 1 has an invalid length. [ 210.015771][ T9986] netlink: 'syz.3.1214': attribute type 1 has an invalid length. [ 210.092956][ T9986] 8021q: adding VLAN 0 to HW filter on device bond4 [ 210.100768][ T9991] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1215'. [ 210.118054][ T9991] unsupported nlmsg_type 40 [ 210.146615][ T9991] netlink: 34 bytes leftover after parsing attributes in process `syz.4.1215'. [ 210.235368][T10000] netlink: 'syz.1.1217': attribute type 30 has an invalid length. [ 210.260629][T10000] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1217'. [ 210.287347][ T9991] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1215'. [ 210.300654][ T1018] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 210.310798][T10002] netlink: 'syz.1.1217': attribute type 30 has an invalid length. [ 210.322831][ T1018] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 210.325232][ T9987] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 210.331212][T10002] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1217'. [ 210.352758][ T9998] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1215'. [ 210.797887][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880258d2c00: rx timeout, send abort [ 210.808296][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880258d2c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 212.918612][T10043] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1227'. [ 213.197597][T10065] block nbd1: not configured, cannot reconfigure [ 213.330084][T10067] netlink: 'syz.0.1237': attribute type 11 has an invalid length. [ 213.376707][T10074] netlink: 'syz.1.1239': attribute type 32 has an invalid length. [ 213.386578][T10069] bond6 (unregistering): Released all slaves [ 213.468995][T10077] block nbd4: not configured, cannot reconfigure [ 213.671345][T10076] __nla_validate_parse: 2 callbacks suppressed [ 213.671380][T10076] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1239'. [ 214.071149][T10101] veth1_to_bridge: entered promiscuous mode [ 214.080084][ T81] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.299671][T10108] sctp: [Deprecated]: syz.4.1249 (pid 10108) Use of struct sctp_assoc_value in delayed_ack socket option. [ 214.299671][T10108] Use struct sctp_sack_info instead [ 214.313655][T10109] RDS: rds_bind could not find a transport for 0:b3::, load rds_tcp or rds_rdma? [ 214.666872][T10119] ip6tnl1: entered allmulticast mode [ 214.687182][T10124] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1252'. [ 214.708389][ T1018] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 214.731837][ T9389] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 214.741755][ T1018] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 214.830696][T10127] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1254'. [ 214.852561][T10127] netlink: 'syz.1.1254': attribute type 26 has an invalid length. [ 214.868954][T10127] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1254'. [ 214.908395][T10130] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1254'. [ 215.045686][T10129] syzkaller0: entered promiscuous mode [ 215.069048][T10129] syzkaller0: entered allmulticast mode [ 215.098560][ T5778] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 215.165728][T10138] netlink: 'syz.1.1257': attribute type 1 has an invalid length. [ 215.186306][T10129] tipc: Enabled bearer , priority 0 [ 215.213069][T10128] tipc: Resetting bearer [ 215.272157][T10128] tipc: Disabling bearer [ 215.509953][ T9389] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 215.560847][T10153] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_tx_wq": -EINTR [ 215.745293][T10171] FAULT_INJECTION: forcing a failure. [ 215.745293][T10171] name failslab, interval 1, probability 0, space 0, times 0 [ 215.826612][T10171] CPU: 1 UID: 0 PID: 10171 Comm: syz.3.1263 Not tainted syzkaller #0 PREEMPT(full) [ 215.826638][T10171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 215.826648][T10171] Call Trace: [ 215.826655][T10171] [ 215.826662][T10171] dump_stack_lvl+0xe8/0x150 [ 215.826688][T10171] should_fail_ex+0x412/0x560 [ 215.826714][T10171] should_failslab+0xa8/0x100 [ 215.826740][T10171] __kmalloc_node_noprof+0xf0/0x7c0 [ 215.826760][T10171] ? lock_acquire+0x106/0x350 [ 215.826778][T10171] ? qdisc_alloc+0x92/0x9e0 [ 215.826804][T10171] qdisc_alloc+0x92/0x9e0 [ 215.826834][T10171] qdisc_create+0x12c/0xf20 [ 215.826856][T10171] ? lockdep_rtnl_is_held+0x26/0x40 [ 215.826872][T10171] ? qdisc_lookup+0x36d/0x6d0 [ 215.826890][T10171] tc_modify_qdisc+0x16f0/0x2290 [ 215.826910][T10171] ? rcu_is_watching+0x15/0xb0 [ 215.826938][T10171] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 215.826958][T10171] ? __dev_queue_xmit+0x2b6/0x3950 [ 215.827000][T10171] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 215.827018][T10171] rtnetlink_rcv_msg+0x77e/0xbe0 [ 215.827044][T10171] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 215.827064][T10171] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 215.827084][T10171] ? ref_tracker_free+0x693/0x840 [ 215.827107][T10171] ? __pfx_ref_tracker_free+0x10/0x10 [ 215.827125][T10171] ? __asan_memcpy+0x40/0x70 [ 215.827141][T10171] ? __skb_clone+0x63/0x7a0 [ 215.827162][T10171] netlink_rcv_skb+0x232/0x4b0 [ 215.827178][T10171] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 215.827198][T10171] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 215.827223][T10171] ? netlink_deliver_tap+0x2e/0x1b0 [ 215.827236][T10171] ? netlink_deliver_tap+0x2e/0x1b0 [ 215.827254][T10171] netlink_unicast+0x75c/0x8e0 [ 215.827295][T10171] netlink_sendmsg+0x813/0xb40 [ 215.827320][T10171] ? __pfx_netlink_sendmsg+0x10/0x10 [ 215.827338][T10171] ? aa_sock_msg_perm+0xf1/0x1b0 [ 215.827358][T10171] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 215.827382][T10171] ____sys_sendmsg+0x972/0x9f0 [ 215.827396][T10171] ? __might_fault+0xaf/0x130 [ 215.827419][T10171] ? __pfx_____sys_sendmsg+0x10/0x10 [ 215.827442][T10171] ? import_iovec+0x73/0xa0 [ 215.827467][T10171] ___sys_sendmsg+0x2a5/0x360 [ 215.827480][T10171] ? __lock_acquire+0x6b5/0x2cf0 [ 215.827502][T10171] ? __pfx____sys_sendmsg+0x10/0x10 [ 215.827550][T10171] ? __fget_files+0x2a/0x420 [ 215.827568][T10171] ? __fget_files+0x3a0/0x420 [ 215.827595][T10171] __x64_sys_sendmsg+0x1bd/0x2a0 [ 215.827613][T10171] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 215.827636][T10171] ? __pfx_ksys_write+0x10/0x10 [ 215.827666][T10171] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.827683][T10171] do_syscall_64+0x15f/0xf80 [ 215.827704][T10171] ? trace_irq_disable+0x3b/0x140 [ 215.827726][T10171] ? clear_bhb_loop+0x40/0x90 [ 215.827744][T10171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.827759][T10171] RIP: 0033:0x7f5bc519ce59 [ 215.827775][T10171] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 215.827788][T10171] RSP: 002b:00007f5bc6120028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 215.827806][T10171] RAX: ffffffffffffffda RBX: 00007f5bc5415fa0 RCX: 00007f5bc519ce59 [ 215.827816][T10171] RDX: 0000000004040010 RSI: 00002000000012c0 RDI: 0000000000000004 [ 215.827826][T10171] RBP: 00007f5bc6120090 R08: 0000000000000000 R09: 0000000000000000 [ 215.827836][T10171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.827845][T10171] R13: 00007f5bc5416038 R14: 00007f5bc5415fa0 R15: 00007ffc798589f8 [ 215.827872][T10171] [ 216.374487][T10183] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1267'. [ 216.385816][T10183] netlink: 'syz.4.1267': attribute type 13 has an invalid length. [ 216.395701][T10183] netlink: 'syz.4.1267': attribute type 17 has an invalid length. [ 216.578538][T10183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.587019][T10183] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.600437][T10183] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.668403][T10183] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 216.679436][T10183] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 216.693382][T10183] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 216.703752][T10183] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 216.735458][T10183] veth1_vlan: left promiscuous mode [ 216.741956][T10183] veth0_vlan: left promiscuous mode [ 216.764077][T10183] veth0_vlan: entered promiscuous mode [ 216.777219][T10183] veth1_vlan: entered promiscuous mode [ 216.797350][T10183] veth0_macvtap: left promiscuous mode [ 216.805299][T10183] veth0_macvtap: entered promiscuous mode [ 216.831693][T10183] veth1_macvtap: entered promiscuous mode [ 216.837974][T10183] veth1_macvtap: entered allmulticast mode [ 216.846656][T10183] macsec0: left promiscuous mode [ 216.852527][T10183] macsec0: left allmulticast mode [ 216.859372][T10183] veth1_macvtap: left allmulticast mode [ 216.873669][T10183] 8021q: adding VLAN 0 to HW filter on device €Â [ 216.887610][T10183] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 216.902025][T10183] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 216.916331][T10183] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 216.933367][T10183] bond1: left promiscuous mode [ 216.938813][T10183] 8021q: adding VLAN 0 to HW filter on device bond1 [ 216.952246][T10183] bond2: left allmulticast mode [ 216.957689][T10183] 8021q: adding VLAN 0 to HW filter on device bond2 [ 216.979513][T10183] hsr1: Interlink (team0) is not up; please bring it up to get a fully working HSR network [ 216.990349][T10183] hsr1: left promiscuous mode [ 217.009009][T10183] bridge3: left allmulticast mode [ 217.018015][T10183] vlan2: left promiscuous mode [ 217.023062][T10183] bridge0: left promiscuous mode [ 217.031321][T10183] 8021q: adding VLAN 0 to HW filter on device bond3 [ 217.044207][T10183] ipip0: left promiscuous mode [ 217.057530][ T8372] lo speed is unknown, defaulting to 1000 [ 217.078016][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.086214][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.087775][ T8372] syz2: Port: 1 Link ACTIVE [ 217.195335][ T1006] netdevsim netdevsim4 €Â: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.222854][ T1006] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.241307][ T1006] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.267950][ T1006] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.386097][T10192] lo speed is unknown, defaulting to 1000 [ 217.548507][T10222] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1275'. [ 217.727517][T10227] FAULT_INJECTION: forcing a failure. [ 217.727517][T10227] name failslab, interval 1, probability 0, space 0, times 0 [ 217.740428][T10227] CPU: 1 UID: 0 PID: 10227 Comm: syz.2.1279 Not tainted syzkaller #0 PREEMPT(full) [ 217.740451][T10227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 217.740461][T10227] Call Trace: [ 217.740467][T10227] [ 217.740474][T10227] dump_stack_lvl+0xe8/0x150 [ 217.740499][T10227] should_fail_ex+0x412/0x560 [ 217.740525][T10227] should_failslab+0xa8/0x100 [ 217.740550][T10227] __kmalloc_node_noprof+0xf0/0x7c0 [ 217.740572][T10227] ? qdisc_alloc+0x92/0x9e0 [ 217.740608][T10227] qdisc_alloc+0x92/0x9e0 [ 217.740638][T10227] qdisc_create_dflt+0x8e/0x4e0 [ 217.740664][T10227] taprio_init+0x3e5/0xbe0 [ 217.740692][T10227] ? __pfx_taprio_init+0x10/0x10 [ 217.740708][T10227] ? qdisc_alloc+0x6ec/0x9e0 [ 217.740734][T10227] ? __pfx_taprio_init+0x10/0x10 [ 217.740750][T10227] qdisc_create+0x7c4/0xf20 [ 217.740772][T10227] ? lockdep_rtnl_is_held+0x26/0x40 [ 217.740795][T10227] tc_modify_qdisc+0x16f0/0x2290 [ 217.740815][T10227] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 217.740849][T10227] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 217.740897][T10227] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 217.740915][T10227] rtnetlink_rcv_msg+0x77e/0xbe0 [ 217.740935][T10227] ? kmem_cache_alloc_node_noprof+0x384/0x690 [ 217.740955][T10227] ? netlink_sendmsg+0x5d4/0xb40 [ 217.740973][T10227] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 217.740993][T10227] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 217.741016][T10227] ? __lock_acquire+0x6b5/0x2cf0 [ 217.741046][T10227] netlink_rcv_skb+0x232/0x4b0 [ 217.741064][T10227] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 217.741087][T10227] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 217.741116][T10227] ? netlink_deliver_tap+0x2e/0x1b0 [ 217.741131][T10227] ? netlink_deliver_tap+0x2e/0x1b0 [ 217.741153][T10227] netlink_unicast+0x75c/0x8e0 [ 217.741186][T10227] netlink_sendmsg+0x813/0xb40 [ 217.741212][T10227] ? __pfx_netlink_sendmsg+0x10/0x10 [ 217.741232][T10227] ? aa_sock_msg_perm+0xf1/0x1b0 [ 217.741254][T10227] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 217.741279][T10227] ____sys_sendmsg+0x972/0x9f0 [ 217.741295][T10227] ? __might_fault+0xaf/0x130 [ 217.741321][T10227] ? __pfx_____sys_sendmsg+0x10/0x10 [ 217.741346][T10227] ? import_iovec+0x73/0xa0 [ 217.741372][T10227] ___sys_sendmsg+0x2a5/0x360 [ 217.741387][T10227] ? __lock_acquire+0x6b5/0x2cf0 [ 217.741408][T10227] ? __pfx____sys_sendmsg+0x10/0x10 [ 217.741458][T10227] ? __fget_files+0x2a/0x420 [ 217.741477][T10227] ? __fget_files+0x3a0/0x420 [ 217.741503][T10227] __x64_sys_sendmsg+0x1bd/0x2a0 [ 217.741520][T10227] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 217.741543][T10227] ? __pfx_ksys_write+0x10/0x10 [ 217.741570][T10227] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.741593][T10227] do_syscall_64+0x15f/0xf80 [ 217.741613][T10227] ? trace_irq_disable+0x3b/0x140 [ 217.741635][T10227] ? clear_bhb_loop+0x40/0x90 [ 217.741654][T10227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.741670][T10227] RIP: 0033:0x7f512c39ce59 [ 217.741686][T10227] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 217.741697][T10227] RSP: 002b:00007f512d23d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 217.741712][T10227] RAX: ffffffffffffffda RBX: 00007f512c615fa0 RCX: 00007f512c39ce59 [ 217.741722][T10227] RDX: 0000000004040010 RSI: 00002000000012c0 RDI: 0000000000000004 [ 217.741731][T10227] RBP: 00007f512d23d090 R08: 0000000000000000 R09: 0000000000000000 [ 217.741740][T10227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 217.741748][T10227] R13: 00007f512c616038 R14: 00007f512c615fa0 R15: 00007ffe259f4218 [ 217.741773][T10227] [ 218.753108][T10252] netlink: 'syz.2.1285': attribute type 16 has an invalid length. [ 218.798605][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 218.844009][T10252] netlink: 'syz.2.1285': attribute type 17 has an invalid length. [ 219.164961][T10252] gretap0: entered promiscuous mode [ 219.406466][T10252] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.518267][T10273] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.1292'. [ 219.998476][T10252] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.049841][T10252] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.062943][T10252] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 220.074169][T10252] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 220.090638][T10252] veth1_vlan: left promiscuous mode [ 220.097055][T10252] veth0_vlan: left promiscuous mode [ 220.103267][T10252] veth0_vlan: entered promiscuous mode [ 220.112556][T10252] veth1_vlan: entered promiscuous mode [ 220.155280][T10252] veth1_macvtap: left promiscuous mode [ 220.162823][T10252] veth0_macvtap: left promiscuous mode [ 220.169774][T10252] veth0_macvtap: entered promiscuous mode [ 220.176885][T10252] veth1_macvtap: entered promiscuous mode [ 220.182865][T10252] macsec0: left promiscuous mode [ 220.200033][T10252] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.209201][T10252] 8021q: adding VLAN 0 to HW filter on device bond1 [ 220.220157][T10252] 8021q: adding VLAN 0 to HW filter on device bond2 [ 220.255208][T10252] veth0_to_team: entered promiscuous mode [ 220.264557][T10252] 8021q: adding VLAN 0 to HW filter on device bond3 [ 220.273875][T10252] 8021q: adding VLAN 0 to HW filter on device bond4 [ 220.282899][T10252] vlan4: left allmulticast mode [ 220.287872][T10252] bond0: left allmulticast mode [ 220.295177][T10252] 8021q: adding VLAN 0 to HW filter on device bond5 [ 220.306225][T10252] 8021q: adding VLAN 0 to HW filter on device eth0 [ 220.315274][T10252] 8021q: adding VLAN 0 to HW filter on device eth1 [ 220.324278][T10252] 8021q: adding VLAN 0 to HW filter on device eth2 [ 220.335433][T10252] 8021q: adding VLAN 0 to HW filter on device eth3 [ 220.371188][T10262] syz.4.1287 (10262) used greatest stack depth: 17944 bytes left [ 220.398556][ T6198] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.405728][ T6198] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.423164][ T6198] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.430340][ T6198] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.726191][T10278] FAULT_INJECTION: forcing a failure. [ 220.726191][T10278] name failslab, interval 1, probability 0, space 0, times 0 [ 220.738842][T10278] CPU: 1 UID: 0 PID: 10278 Comm: syz.3.1293 Not tainted syzkaller #0 PREEMPT(full) [ 220.738865][T10278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 220.738875][T10278] Call Trace: [ 220.738883][T10278] [ 220.738890][T10278] dump_stack_lvl+0xe8/0x150 [ 220.738915][T10278] should_fail_ex+0x412/0x560 [ 220.738942][T10278] should_failslab+0xa8/0x100 [ 220.738968][T10278] __kmalloc_noprof+0xe8/0x760 [ 220.738988][T10278] ? __asan_memset+0x22/0x50 [ 220.739006][T10278] ? taprio_init+0x2cf/0xbe0 [ 220.739020][T10278] ? __hrtimer_setup+0x1b7/0x260 [ 220.739044][T10278] taprio_init+0x2cf/0xbe0 [ 220.739062][T10278] ? is_dynamic_key+0xd6/0x1c0 [ 220.739086][T10278] ? __pfx_taprio_init+0x10/0x10 [ 220.739102][T10278] ? qdisc_alloc+0x6ec/0x9e0 [ 220.739128][T10278] ? __pfx_taprio_init+0x10/0x10 [ 220.739145][T10278] qdisc_create+0x7c4/0xf20 [ 220.739166][T10278] ? lockdep_rtnl_is_held+0x26/0x40 [ 220.739189][T10278] tc_modify_qdisc+0x16f0/0x2290 [ 220.739209][T10278] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 220.739243][T10278] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 220.739290][T10278] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 220.739309][T10278] rtnetlink_rcv_msg+0x77e/0xbe0 [ 220.739335][T10278] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 220.739356][T10278] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 220.739375][T10278] ? ref_tracker_free+0x693/0x840 [ 220.739403][T10278] ? __pfx_ref_tracker_free+0x10/0x10 [ 220.739422][T10278] ? __asan_memcpy+0x40/0x70 [ 220.739438][T10278] ? __skb_clone+0x63/0x7a0 [ 220.739462][T10278] netlink_rcv_skb+0x232/0x4b0 [ 220.739480][T10278] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 220.739503][T10278] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 220.739532][T10278] ? netlink_deliver_tap+0x2e/0x1b0 [ 220.739547][T10278] ? netlink_deliver_tap+0x2e/0x1b0 [ 220.739569][T10278] netlink_unicast+0x75c/0x8e0 [ 220.739602][T10278] netlink_sendmsg+0x813/0xb40 [ 220.739627][T10278] ? __pfx_netlink_sendmsg+0x10/0x10 [ 220.739647][T10278] ? aa_sock_msg_perm+0xf1/0x1b0 [ 220.739669][T10278] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 220.739694][T10278] ____sys_sendmsg+0x972/0x9f0 [ 220.739709][T10278] ? __might_fault+0xaf/0x130 [ 220.739735][T10278] ? __pfx_____sys_sendmsg+0x10/0x10 [ 220.739760][T10278] ? import_iovec+0x73/0xa0 [ 220.739792][T10278] ___sys_sendmsg+0x2a5/0x360 [ 220.739807][T10278] ? __lock_acquire+0x6b5/0x2cf0 [ 220.739828][T10278] ? __pfx____sys_sendmsg+0x10/0x10 [ 220.739878][T10278] ? __fget_files+0x2a/0x420 [ 220.739896][T10278] ? __fget_files+0x3a0/0x420 [ 220.739925][T10278] __x64_sys_sendmsg+0x1bd/0x2a0 [ 220.739943][T10278] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 220.739969][T10278] ? __pfx_ksys_write+0x10/0x10 [ 220.739999][T10278] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.740016][T10278] do_syscall_64+0x15f/0xf80 [ 220.740037][T10278] ? trace_irq_disable+0x3b/0x140 [ 220.740059][T10278] ? clear_bhb_loop+0x40/0x90 [ 220.740079][T10278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.740095][T10278] RIP: 0033:0x7f5bc519ce59 [ 220.740111][T10278] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 220.740125][T10278] RSP: 002b:00007f5bc6120028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 220.740142][T10278] RAX: ffffffffffffffda RBX: 00007f5bc5415fa0 RCX: 00007f5bc519ce59 [ 220.740152][T10278] RDX: 0000000004040010 RSI: 00002000000012c0 RDI: 0000000000000004 [ 220.740162][T10278] RBP: 00007f5bc6120090 R08: 0000000000000000 R09: 0000000000000000 [ 220.740172][T10278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 220.740181][T10278] R13: 00007f5bc5416038 R14: 00007f5bc5415fa0 R15: 00007ffc798589f8 [ 220.740209][T10278] [ 220.764593][T10273] batman_adv: batadv0: Adding interface: ipvlan2 [ 221.479323][T10273] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (129) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 221.504990][T10273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.515421][T10273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.525239][T10273] batman_adv: batadv0: Interface activated: ipvlan2 [ 221.553628][ T57] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.831818][ T5716] lo speed is unknown, defaulting to 1000 [ 221.838078][ T57] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.884307][ T57] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.892547][ T57] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.140742][T10298] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1298'. [ 222.221439][T10300] netlink: 'syz.1.1299': attribute type 1 has an invalid length. [ 222.972941][ T57] af_packet: tpacket_rcv: packet too big, clamped from 196 to 4294967272. macoff=96 [ 222.987197][T10296] mac80211_hwsim hwsim9 wlan0: entered promiscuous mode [ 222.994196][T10296] mac80211_hwsim hwsim9 wlan0: entered allmulticast mode [ 223.063853][T10296] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 223.318241][ C0] sched: DL replenish lagged too much [ 223.597143][T10326] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1307'. [ 223.883776][T10327] bond6 (unregistering): Released all slaves [ 224.018370][T10339] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1310'. [ 224.027666][T10339] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1310'. [ 224.308674][T10344] sctp: [Deprecated]: syz.4.1312 (pid 10344) Use of int in maxseg socket option. [ 224.308674][T10344] Use struct sctp_assoc_value instead [ 224.508667][T10348] netlink: 'syz.0.1314': attribute type 10 has an invalid length. [ 224.648995][T10353] netlink: 'syz.3.1315': attribute type 1 has an invalid length. [ 224.659181][T10348] team0: Failed to send options change via netlink (err -105) [ 224.666846][T10348] team0: Port device dummy0 added [ 224.771436][T10356] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1317'. [ 224.781646][T10358] netlink: 'syz.0.1314': attribute type 10 has an invalid length. [ 224.820084][T10349] netlink: 'syz.0.1314': attribute type 10 has an invalid length. [ 224.838426][T10350] bridge2: entered allmulticast mode [ 224.864489][T10349] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 225.009975][T10349] team0: Failed to send options change via netlink (err -105) [ 225.152319][T10349] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 225.184127][T10349] team0: Port device dummy0 removed [ 225.221182][T10349] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 225.778712][T10377] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1325'. [ 225.838760][T10377] netlink: 34 bytes leftover after parsing attributes in process `syz.3.1325'. [ 225.868454][T10379] netlink: 758 bytes leftover after parsing attributes in process `syz.1.1326'. [ 225.882213][T10377] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1325'. [ 226.042717][T10381] bond6 (unregistering): Released all slaves [ 226.067331][T10377] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1325'. [ 226.228637][T10386] netlink: 'syz.1.1328': attribute type 1 has an invalid length. [ 226.394938][T10385] bond5: option lacp_active: mode dependency failed, not supported in mode balance-alb(6) [ 226.806276][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 243.454447][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 257.739596][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 275.482324][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 317.375863][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 335.818592][ T4946] Bluetooth: hci4: command tx timeout [ 342.654402][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 382.718138][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 382.725132][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5626/1:b..l [ 382.733576][ C0] rcu: (detected by 0, t=10503 jiffies, g=43065, q=1491 ncpus=2) [ 382.741406][ C0] task:syz-executor state:R running task stack:21888 pid:5626 tgid:5626 ppid:5621 task_flags:0x400140 flags:0x00080000 [ 382.756170][ C0] Call Trace: [ 382.759519][ C0] [ 382.762464][ C0] __schedule+0x1821/0x5740 [ 382.767363][ C0] ? is_bpf_text_address+0x26/0x2b0 [ 382.772587][ C0] ? __pfx___schedule+0x10/0x10 [ 382.777470][ C0] preempt_schedule_irq+0x4d/0xa0 [ 382.782515][ C0] irqentry_exit+0x14f/0x760 [ 382.787127][ C0] ? trace_irq_disable+0x3b/0x140 [ 382.792189][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 382.798187][ C0] RIP: 0010:unwind_next_frame+0x1a8/0x2550 [ 382.804006][ C0] Code: 4c 89 6c 24 20 4c 89 7c 24 50 48 89 5c 24 18 0f b6 1b 48 8b 44 24 30 80 3c 28 00 4c 8b 7c 24 10 74 08 4c 89 ff e8 e8 0e ba 00 <4d> 8b 27 48 83 f3 01 48 c7 c2 20 a5 c9 8b 49 29 dc 0f 84 b2 02 00 [ 382.824409][ C0] RSP: 0018:ffffc9000400f018 EFLAGS: 00000246 [ 382.830508][ C0] RAX: 1ffff92000801e26 RBX: 0000000000000000 RCX: 0000000080000001 [ 382.838927][ C0] RDX: 00000000d9884214 RSI: ffffffff8c28afc0 RDI: ffffffff8c28af80 [ 382.846908][ C0] RBP: dffffc0000000000 R08: ffffffff8176f256 R09: ffffffff8e95cda0 [ 382.854897][ C0] R10: ffffc9000400f138 R11: ffffffff81b0efc0 R12: ffffc9000400f120 [ 382.862973][ C0] R13: 1ffff92000801e1d R14: ffffc9000400f0e8 R15: ffffc9000400f130 [ 382.871395][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 382.877586][ C0] ? unwind_next_frame+0xa6/0x2550 [ 382.882720][ C0] ? unwind_next_frame+0xd5/0x2550 [ 382.887865][ C0] ? unwind_next_frame+0xa6/0x2550 [ 382.893006][ C0] ? save_stack+0x122/0x230 [ 382.897625][ C0] ? save_stack+0x122/0x230 [ 382.902244][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 382.908988][ C0] arch_stack_walk+0x11b/0x150 [ 382.914231][ C0] ? save_stack+0x122/0x230 [ 382.918760][ C0] stack_trace_save+0xa9/0x100 [ 382.923549][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 382.929411][ C0] save_stack+0x122/0x230 [ 382.933865][ C0] ? __pfx_save_stack+0x10/0x10 [ 382.939546][ C0] __reset_page_owner+0x71/0x1f0 [ 382.944624][ C0] __free_frozen_pages+0xbc7/0xd30 [ 382.950001][ C0] __slab_free+0x274/0x2c0 [ 382.954546][ C0] ? qlist_free_all+0x8e/0x100 [ 382.959342][ C0] qlist_free_all+0x99/0x100 [ 382.963968][ C0] kasan_quarantine_reduce+0x148/0x160 [ 382.969452][ C0] __kasan_kmalloc+0x22/0xb0 [ 382.974949][ C0] __kmalloc_noprof+0x35c/0x760 [ 382.979829][ C0] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 382.985582][ C0] ? __kmalloc_noprof+0x1b8/0x760 [ 382.990638][ C0] tomoyo_realpath_from_path+0xe3/0x5d0 [ 382.996310][ C0] tomoyo_check_open_permission+0x229/0x470 [ 383.002219][ C0] ? tomoyo_check_open_permission+0x1d3/0x470 [ 383.008313][ C0] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 383.014745][ C0] ? __asan_memset+0x22/0x50 [ 383.019391][ C0] security_file_open+0xa9/0x240 [ 383.024518][ C0] do_dentry_open+0x384/0x14e0 [ 383.029480][ C0] ? vfs_open+0x31/0x340 [ 383.033749][ C0] vfs_open+0x3b/0x340 [ 383.037826][ C0] ? path_openat+0x2df0/0x3860 [ 383.042787][ C0] path_openat+0x2e08/0x3860 [ 383.047430][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 383.052834][ C0] ? stack_depot_save_flags+0x33/0x810 [ 383.058332][ C0] ? __pfx_path_openat+0x10/0x10 [ 383.063394][ C0] ? __x64_sys_openat+0x138/0x170 [ 383.068652][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 383.073710][ C0] do_file_open+0x23e/0x4a0 [ 383.078768][ C0] ? __pfx_do_file_open+0x10/0x10 [ 383.083919][ C0] ? _raw_spin_unlock+0x28/0x50 [ 383.088869][ C0] ? alloc_fd+0x64b/0x6c0 [ 383.093240][ C0] do_sys_openat2+0x113/0x200 [ 383.097932][ C0] ? __pfx_do_sys_openat2+0x10/0x10 [ 383.103136][ C0] ? __se_sys_clock_nanosleep+0x35b/0x3b0 [ 383.108869][ C0] ? __pfx___se_sys_clock_nanosleep+0x10/0x10 [ 383.114962][ C0] __x64_sys_openat+0x138/0x170 [ 383.119851][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.125931][ C0] do_syscall_64+0x15f/0xf80 [ 383.130549][ C0] ? trace_irq_disable+0x3b/0x140 [ 383.135593][ C0] ? clear_bhb_loop+0x40/0x90 [ 383.140285][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.146183][ C0] RIP: 0033:0x7f5bc519c17c [ 383.150610][ C0] RSP: 002b:00007ffc79858cf0 EFLAGS: 00000206 ORIG_RAX: 0000000000000101 [ 383.159031][ C0] RAX: ffffffffffffffda RBX: 00000000000002d1 RCX: 00007f5bc519c17c [ 383.167703][ C0] RDX: 0000000000090800 RSI: 00007f5bc52326b1 RDI: 00000000ffffff9c [ 383.175689][ C0] RBP: 00007ffc79858d9c R08: 0000000000000000 R09: 0000000000000000 [ 383.183677][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000000000f8 [ 383.192009][ C0] R13: 0000000000000000 R14: 0000000000037735 R15: 00007ffc79858df0 [ 383.201034][ C0] [ 383.204072][ C0] rcu: rcu_preempt kthread starved for 810 jiffies! g43065 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 383.216402][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 383.228307][ C0] rcu: RCU grace-period kthread stack dump: [ 383.236558][ C0] task:rcu_preempt state:R running task stack:27544 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 383.252166][ C0] Call Trace: [ 383.256931][ C0] [ 383.260692][ C0] __schedule+0x1821/0x5740 [ 383.265617][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 383.270972][ C0] ? __pfx___schedule+0x10/0x10 [ 383.275853][ C0] ? schedule+0x90/0x360 [ 383.280229][ C0] schedule+0x164/0x360 [ 383.284681][ C0] schedule_timeout+0x158/0x2c0 [ 383.289734][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 383.295131][ C0] ? __pfx_process_timeout+0x10/0x10 [ 383.300439][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 383.306350][ C0] ? prepare_to_swait_event+0x340/0x370 [ 383.311917][ C0] rcu_gp_fqs_loop+0x312/0x11d0 [ 383.316789][ C0] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 383.323048][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 383.328514][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 383.334094][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 383.340189][ C0] rcu_gp_kthread+0x9e/0x2b0 [ 383.344885][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 383.350704][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 383.356970][ C0] ? __kthread_parkme+0x7a/0x1f0 [ 383.361932][ C0] ? __kthread_parkme+0x19c/0x1f0 [ 383.366982][ C0] kthread+0x389/0x470 [ 383.371596][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 383.376888][ C0] ? __pfx_kthread+0x10/0x10 [ 383.381495][ C0] ret_from_fork+0x514/0xb70 [ 383.386094][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 383.391298][ C0] ? __switch_to+0xc79/0x1410 [ 383.396005][ C0] ? __pfx_kthread+0x10/0x10 [ 383.400704][ C0] ret_from_fork_asm+0x1a/0x30 [ 383.405504][ C0] [ 383.408529][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 383.414967][ C0] Sending NMI from CPU 0 to CPUs 1: [ 383.420198][ C1] NMI backtrace for cpu 1 [ 383.420214][ C1] CPU: 1 UID: 0 PID: 8370 Comm: kworker/1:11 Not tainted syzkaller #0 PREEMPT(full) [ 383.420231][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 383.420242][ C1] Workqueue: wg-crypt-wg0 wg_packet_tx_worker [ 383.420271][ C1] RIP: 0010:check_preemption_disabled+0x1d/0xe0 [ 383.420289][ C1] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 56 53 65 8b 05 87 ff 8f 07 65 8b 0d 7c ff 8f 07 f7 c1 ff ff ff 7f 74 0c 5b <41> 5e 41 5f 5d e9 d9 d7 02 00 cc 9c 59 f7 c1 00 02 00 00 74 ea 65 [ 383.420303][ C1] RSP: 0018:ffffc90000a07df8 EFLAGS: 00000002 [ 383.420315][ C1] RAX: 0000000000000001 RBX: 00000000ffffffff RCX: 0000000080000101 [ 383.420326][ C1] RDX: 0000000000000100 RSI: ffffffff8dfc9638 RDI: ffffffff8c28afe0 [ 383.420336][ C1] RBP: 00000000ffffffff R08: ffffffff8a0c2026 R09: ffffffff8e95cda0 [ 383.420347][ C1] R10: ffffc90000a07f80 R11: fffff52000140ff6 R12: 0000000000000246 [ 383.420358][ C1] R13: ffff8880361bdc40 R14: ffffffff8fdd1280 R15: dffffc0000000000 [ 383.420369][ C1] FS: 0000000000000000(0000) GS:ffff88812537a000(0000) knlGS:0000000000000000 [ 383.420382][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 383.420392][ C1] CR2: 000055557bffd4e8 CR3: 000000006744a000 CR4: 00000000003526f0 [ 383.420406][ C1] Call Trace: [ 383.420412][ C1] [ 383.420419][ C1] lock_is_held_type+0x5a/0x150 [ 383.420444][ C1] lockdep_rtnl_is_held+0x1b/0x40 [ 383.420461][ C1] fib_lookup+0x17e/0x440 [ 383.420479][ C1] ? fib_lookup+0x76/0x440 [ 383.420498][ C1] ip_route_output_key_hash_rcu+0x32e/0x25d0 [ 383.420523][ C1] ? ip_route_output_key_hash+0xd8/0x2a0 [ 383.420542][ C1] ? ip_route_output_key_hash+0xd8/0x2a0 [ 383.420563][ C1] ip_route_output_key_hash+0x18d/0x2a0 [ 383.420585][ C1] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 383.420614][ C1] ? lock_acquire+0x106/0x350 [ 383.420634][ C1] ip_route_output_flow+0x2a/0x150 [ 383.420652][ C1] ? ip_route_me_harder+0x730/0xf90 [ 383.420673][ C1] ip_route_me_harder+0x742/0xf90 [ 383.420697][ C1] ? __pfx_ip_route_me_harder+0x10/0x10 [ 383.420724][ C1] ? __cookie_v4_init_sequence+0x25d/0x500 [ 383.420743][ C1] synproxy_send_tcp+0x34c/0x670 [ 383.420764][ C1] synproxy_send_client_synack+0x8c1/0xe30 [ 383.420789][ C1] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 383.420807][ C1] ? nft_tunnel_obj_init+0xe38/0x1960 [ 383.420821][ C1] ? synproxy_pernet+0x45/0x270 [ 383.420843][ C1] nft_synproxy_eval_v4+0x34a/0x4e0 [ 383.420865][ C1] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 383.420886][ C1] ? nf_ip_checksum+0x13c/0x510 [ 383.420908][ C1] nft_synproxy_do_eval+0x305/0x580 [ 383.420930][ C1] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 383.420951][ C1] ? lockdep_hardirqs_on+0x7a/0x110 [ 383.420972][ C1] ? queue_work_on+0x159/0x1d0 [ 383.420992][ C1] nft_do_chain+0x48d/0x1ae0 [ 383.421020][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 383.421043][ C1] ? ipt_do_table+0x2b2/0x1630 [ 383.421071][ C1] ? nf_nat_inet_fn+0x95b/0xbf0 [ 383.421098][ C1] nft_do_chain_inet+0x360/0x4b0 [ 383.421124][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 383.421144][ C1] ? ipt_do_table+0x2b2/0x1630 [ 383.421168][ C1] ? nf_nat_ipv4_local_in+0x223/0x720 [ 383.421185][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 383.421206][ C1] nf_hook_slow+0xc5/0x220 [ 383.421225][ C1] NF_HOOK+0x21f/0x3c0 [ 383.421241][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 383.421257][ C1] ? NF_HOOK+0x9e/0x3c0 [ 383.421271][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 383.421284][ C1] ? ip_rcv_finish_core+0xda3/0x1c00 [ 383.421302][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 383.421320][ C1] ? ip_local_deliver+0x12a/0x1b0 [ 383.421337][ C1] NF_HOOK+0x336/0x3c0 [ 383.421353][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 383.421368][ C1] ? NF_HOOK+0x9e/0x3c0 [ 383.421382][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 383.421397][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 383.421416][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 383.421431][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 383.421451][ C1] ? process_backlog+0x3eb/0x1950 [ 383.421472][ C1] process_backlog+0xaa3/0x1950 [ 383.421501][ C1] __napi_poll+0xae/0x340 [ 383.421519][ C1] ? skb_defer_free_flush+0x233/0x260 [ 383.421539][ C1] net_rx_action+0x627/0xf70 [ 383.421566][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 383.421591][ C1] ? do_raw_spin_unlock+0xf5/0x210 [ 383.421619][ C1] ? try_to_wake_up+0x7f2/0x1380 [ 383.421645][ C1] handle_softirqs+0x22a/0x840 [ 383.421663][ C1] ? do_softirq+0x76/0xd0 [ 383.421679][ C1] ? wg_timers_any_authenticated_packet_traversal+0x82/0x2f0 [ 383.421702][ C1] do_softirq+0x76/0xd0 [ 383.421716][ C1] [ 383.421721][ C1] [ 383.421726][ C1] __local_bh_enable_ip+0xf8/0x130 [ 383.421741][ C1] wg_packet_tx_worker+0x16b/0x7c0 [ 383.421766][ C1] ? process_scheduled_works+0xa70/0x1860 [ 383.421782][ C1] process_scheduled_works+0xb5d/0x1860 [ 383.421811][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 383.421830][ C1] ? assign_work+0x3d5/0x5e0 [ 383.421847][ C1] worker_thread+0xa53/0xfc0 [ 383.421874][ C1] kthread+0x389/0x470 [ 383.421894][ C1] ? __pfx_worker_thread+0x10/0x10 [ 383.421908][ C1] ? __pfx_kthread+0x10/0x10 [ 383.421927][ C1] ret_from_fork+0x514/0xb70 [ 383.421944][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 383.421959][ C1] ? __switch_to+0xc79/0x1410 [ 383.421981][ C1] ? __pfx_kthread+0x10/0x10 [ 383.422001][ C1] ret_from_fork_asm+0x1a/0x30 [ 383.422026][ C1]