last executing test programs: 4.796127274s ago: executing program 2 (id=3938): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="3000000040000701feffffff00000000017c0000040042801400018008000300", @ANYRES32=0x0, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB="040002"], 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) (fail_nth: 11) 4.631146948s ago: executing program 2 (id=3943): socket$nl_route(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) close(0x4) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) socket$inet6_sctp(0xa, 0x1, 0x84) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000) r0 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e1f, 0x2, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1e}}, 0x1}, 0x1c) (fail_nth: 4) 4.305223814s ago: executing program 3 (id=3950): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$bt_hci(r0, 0x84, 0x80, &(0x7f0000000000)=""/4102, &(0x7f0000001080)=0x1006) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha1\x00'}, 0x58) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) socket$can_raw(0x1d, 0x3, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xe, 0x16, &(0x7f0000001900)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94) 4.073069398s ago: executing program 0 (id=3951): getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x4, 0x0, 0x0) socket$igmp6(0xa, 0x3, 0x2) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a34000000000a0104000000fffffff500010000030900010073797a300000000008000240000000020c00044000000000000000042c000000030a01010000000000000000010000090900010073797a3000000000280900030073797a320000000098000000060a010400000000000000000100000008000b400000040070000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000380001800c00010062697477697365002800028008000340000000020800014000000014080002400000001208000640"], 0x120}}, 0x0) 3.820516739s ago: executing program 2 (id=3954): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_RENAME(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x34, 0x5, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20004054}, 0x4000000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r1, &(0x7f00000003c0)={0x0, 0xfffffffffffffd90, &(0x7f0000000380)={&(0x7f0000000240)={0x14, r2, 0x701, 0x74bd2b, 0x0, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x20004074}, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000001100), r1) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan3\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_DEV(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, r3, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0xba}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xfffe}]}, 0x38}, 0x1, 0x0, 0x0, 0x80000c0}, 0x4004000) 3.684090717s ago: executing program 4 (id=3955): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400002100000000000200000054000480500001800a000100696e6e65720000004000028008000240000000840800034000000007080004400000000f08000140000000000c0005800c0001007061796c6f6164000c00028008000240000000050900010073797a30000000000900020073797a3200"], 0xa8}}, 0x0) 3.683600428s ago: executing program 0 (id=3956): r0 = socket(0x11, 0xa, 0x0) getsockname$packet(r0, 0x0, &(0x7f0000000040)) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000e0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d103000008000340000000011400"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x8044) setsockopt$SO_TIMESTAMP(r4, 0x1, 0x1d, &(0x7f0000000000)=0x384e45f6, 0x4) socket(0x11, 0xa, 0x0) (async) getsockname$packet(r0, 0x0, &(0x7f0000000040)) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) close(r1) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000e0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d103000008000340000000011400"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) (async) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}}, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000080)) (async) sendmsg$nl_route(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x8044) (async) setsockopt$SO_TIMESTAMP(r4, 0x1, 0x1d, &(0x7f0000000000)=0x384e45f6, 0x4) (async) 3.610381231s ago: executing program 3 (id=3957): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x17}}, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x6000000}, 0x90) 3.609644328s ago: executing program 2 (id=3958): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='wlan1\x00', 0x10) setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000f00)=0x1000000, 0x4) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdirat$cgroup(r1, &(0x7f0000000080)='syz0\x00', 0x1ff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x2, 0xa, 0x0, 0x2, 0x2}, 0x10}}, 0x0) 3.552619101s ago: executing program 4 (id=3960): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="3000feff40000701feffffff00000000017c0000040042801400018008000300", @ANYRES32=0x0, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB="040002"], 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) 3.460117074s ago: executing program 3 (id=3961): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a80)=@newsa={0x16c, 0x10, 0x713, 0x70bd26, 0x0, {{@in=@rand_addr=0x64010101, @in=@dev={0xac, 0x14, 0x14, 0x13}, 0x4e22, 0x0, 0x4e23, 0x7, 0x2, 0x0, 0x0, 0x3a, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x4d3, 0x32}, @in6=@local, {0x0, 0x0, 0x8, 0xa, 0x6, 0x8000000, 0x0, 0x3}, {0x0, 0x0, 0x2, 0xfffffffffffffff8}, {0xc, 0x0, 0x2}, 0x70bd29, 0x0, 0x2, 0x1, 0x0, 0x28}, [@algo_aead={0x68, 0x12, {{'rfc4543(gcm(aes))\x00'}, 0xe0, 0x80, "316f74eeac053deb73fc018493cc121927a9bca207141b9a451c00aa"}}, @tfcpad={0x8, 0x16, 0x2}, @offload={0xc, 0x1c, {0x0, 0x2}}]}, 0x16c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 3.442352026s ago: executing program 0 (id=3962): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001700)=@newtaction={0x4c, 0x1e, 0x109, 0x0, 0x0, {}, [{0x38, 0x1, [@m_police={0x34, 0x0, 0x0, 0x0, {{0xb}, {0x4}, {0x6, 0x6, "9aaa"}, {0xc}, {0xc, 0x8, {0x1}}}}]}]}, 0x4c}}, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, 0x0) sendmsg$nl_route(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=@ipv4_delrule={0x24, 0x21, 0x1, 0x0, 0x0, {}, [@FRA_GENERIC_POLICY=@FRA_FWMARK={0x8}]}, 0x24}}, 0x44044) sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xf0, r1, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0x90, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x34, 0x3, "823ff95ff72bef960bf9ebace730c1a2b2ccd7530dc4379ffad4efbf7041a01eb3d2a4f2706f42ec0ffb278eb59855e5"}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xffffffff}, @TIPC_NLA_NODE_KEY={0x47, 0x4, {'gcm(aes)\x00', 0x1f, "3c3d6180172565db477f96af656031bb92db05f8a3e6541a5bfc6941f85810"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_MEDIA={0x4c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x435a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xb7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x48010}, 0x44085) 3.430219645s ago: executing program 2 (id=3963): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) (async) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r2, 0x0, 0x41, &(0x7f0000000580)=ANY=[@ANYBLOB="6e00000000000000000000000000000004000000991600000000000020000000000099d7ab45865422eff9e39cb861543547d07f5e190e9f24abb3b68d96c97e766855e4f59cad42f66fd702731359f1201083ea1155ab81a82e7db5a94f04c2611d114ffd9b761208df0d59ed054afe03d56c6fe7750b1ab3"], &(0x7f0000000080)=0x28) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_vlan={0x70, 0x1, 0x0, 0x0, {{0x9}, {0x44, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{}, 0x3}}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x9, 0x65, 0x4, 0x10001}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}}, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_SHORT_ADDR(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="04"], 0x14}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0x3}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x84}, 0x8000) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0x3}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x84}, 0x8000) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r3) (async) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r3) r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000200), r3) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="000000b4", @ANYRES16=r4, @ANYBLOB="1d3200000000000000001000000014000f00fe8000000000000000000000000000bb0800010000000000"], 0x30}}, 0x0) (async) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="000000b4", @ANYRES16=r4, @ANYBLOB="1d3200000000000000001000000014000f00fe8000000000000000000000000000bb0800010000000000"], 0x30}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000004500000002"], 0x48) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) setsockopt$ax25_int(r6, 0x101, 0x4, &(0x7f0000000000)=0x20, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) (async) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) write$cgroup_int(r8, &(0x7f0000000000), 0xffffff6a) (async) write$cgroup_int(r8, &(0x7f0000000000), 0xffffff6a) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) (async) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendfile(r7, r8, 0x0, 0xffffffff004) write$6lowpan_enable(r8, &(0x7f0000000040)='0', 0x1) (async) write$6lowpan_enable(r8, &(0x7f0000000040)='0', 0x1) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) (async) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000006800e97800000000000000000a00000000000000040004"], 0x1c}}, 0x0) write$cgroup_subtree(r8, &(0x7f0000000400)=ANY=[@ANYBLOB="2b726c696d6974203b6e6574202d6e463cef10d86574202b987265657a6572202b876d3b7b19bf229be09e1c34903d7cb091f1ffec35e4e181e6dc9a559ea06bc2fc9d02a659bee7e4d094d3b49bebadf7deb72867e3e78321359df7ff5d44a0d6b772ce76888f958c1f9690de955dcca48b76d0bcbce802ccf844f1b7a1b3cbdff1fa70d6534c4c398e51a75db609e76971198203291d013a051514d159599df6dbe9"], 0x21) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x9}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x74}}, 0x0) 3.368430237s ago: executing program 1 (id=3964): r0 = socket(0x2a, 0x2, 0x0) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) (async) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r2) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f00000001c0), 0x1a, 0x0, 0x1, 0x4}, 0x28) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xb, 0x7fe000, 0x1, 0x2, 0x40000, r1, 0x5, '\x00', 0x0, r2, 0x5, 0x2, 0x2}, 0x50) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000018c0)={'team0\x00'}) (async) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000022780)=ANY=[@ANYRES16, @ANYRES32=0x0, @ANYBLOB="c1900000815c00001800128008000100677470000c00028008000200", @ANYRES32=r3, @ANYBLOB="fa762ea6", @ANYRES32=r3, @ANYBLOB], 0x40}}, 0x4c010) 3.35407687s ago: executing program 4 (id=3965): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000900)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd29, 0x25dfdbfb, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffd}, {0x0, 0x5, 0x200000000000}, 0x0, 0x0, 0x1, 0x0, 0x2, 0x2}, [@tmpl={0x44, 0x5, [{{@in6=@mcast1, 0x4d4, 0x2b}, 0x2, @in6=@empty, 0x0, 0x2, 0x1, 0x6a, 0x7ff, 0x8, 0x5}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) r1 = socket$kcm(0x2, 0x3, 0x2) sendmsg$inet(r1, &(0x7f0000003a80)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000003a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xb}, @multicast1}}}], 0x20}, 0x4008804) 3.311022952s ago: executing program 3 (id=3966): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) r4 = socket(0x2a, 0x2, 0x0) getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002abd7000fbdbdf25040000002000018008000100", @ANYRES32=r5, @ANYBLOB="14000231000000000000000000000000000000fe"], 0x34}, 0x1, 0x0, 0x0, 0x10008890}, 0x20000000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$team(&(0x7f00000001c0), r7) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000fc0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000001d40)={0x0, 0x0, &(0x7f0000001d00)={&(0x7f0000000580)={0x60, r8, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [{{0x8, 0x1, r9}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r9}}, {0x8}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40004}, 0x0) r10 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) ioctl$VFAT_IOCTL_READDIR_SHORT(r10, 0x82307202, &(0x7f0000000800)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r11, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x44, 0x2c, 0xf07, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r11, {0xc}, {0x0, 0x9}, {0xffff, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_LABEL={0x8, 0x46, 0x7fffffff}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8881}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000100)={'ip6tnl0\x00', &(0x7f0000000180)={'ip6_vti0\x00', r5, 0x2f, 0x6, 0x8, 0x9, 0x18, @local, @rand_addr=' \x01\x00', 0x1, 0x700, 0x5, 0x463}}) sendmsg$TEAM_CMD_PORT_LIST_GET(r6, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f0000000500)={0x2e4, r8, 0x200, 0x70bd26, 0x25dfdbfc, {}, [{{0x8, 0x1, r5}, {0xc4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x9d1}}, {0x8, 0x6, r11}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x28fd}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1ff}}, {0x8, 0x6, r5}}}]}}, {{0x8, 0x1, r5}, {0x12c, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x101}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x80}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r5}}}]}}, {{0x8, 0x1, r5}, {0x84, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r5}}}]}}, {{0x8, 0x1, r12}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}]}}]}, 0x2e4}, 0x1, 0x0, 0x0, 0x4001}, 0x2000000) recvmsg$unix(r1, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001bc0)=[{&(0x7f0000001940)=""/216, 0xd8}], 0x1}, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b4080000000000007311be00000000008510000002000000b7000000000000009500c200000000009500001200000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70) 3.240683786s ago: executing program 4 (id=3967): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0904000000000000000002000000540004802c0001800e000100696d6d656469617465000000180002800c0002801e000100c4000000080001400000000924000180090001006d6574610000000014000280080002400000000808000140000000100900010073797a300000000009000200737d7a3200000000cc000000030a05000000000000000000020000010900010073797a30000000000b00070066696c74657200000900030073797a320000000008000540ffff0400410008800c00024000000000000004840c00014000000000000000050c00014000000000000000000c0001400000000000000f8c0c0002400000000000000081440004803400030073797a6b616c6c65723100"], 0x174}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r2, &(0x7f0000000040)={@void, @void, @eth={@broadcast, @link_local, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x2, 0x5c, 0x0, 0x0, 0x7, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x16}}, {0x3, 0x17c1, 0x48, 0x0, @wg=@cookie={0x3f, 0x3, "acd1e93ad0ea106ddb39225708bb69c808216067eee7c4a0", "561e1642983432c4630021d6bede7e392b9d9a148783918358d915b3071872e0"}}}}}}}, 0x6e) r4 = socket$inet6(0xa, 0x1, 0x84) setsockopt$inet6_int(r4, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4) sendto$inet6(r4, &(0x7f0000000000)="80", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="54000000100001002fbd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0201000000000000140003006e657464657673696d30000000000000200016801c006503000001000000c18000"/60], 0x54}}, 0x24040800) 3.172622713s ago: executing program 0 (id=3968): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a200000000f0a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a3a0000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a310000000054000000050a01020000000000000000010020000c00024000000000000000010900010073797a3100000000200004801400030076657468315f6d6163767461700000000800014000000005"], 0xf0}, 0x1, 0x0, 0x0, 0x48000}, 0x20040080) 3.169853417s ago: executing program 1 (id=3969): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af3653c001a0004000202080002000300010004000600eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x94, 0x24, 0x400, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x12, 0x0, {0x10}, {0xffff, 0xffff}, {0x2, 0xfffa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x2}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0xa, [0x0, 0x1, 0xfe, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xd], 0x0, [0x8, 0x4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x8], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x634]}}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x5b5ace103c07041}, 0x0) (async) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000058000000030a0102000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c0800014000000002080001400000003008000240000000030800014000000012080003"], 0x122}}, 0x0) 3.14672901s ago: executing program 2 (id=3970): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03", 0x3}], 0x1}, 0x0) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054) write$nci(r0, &(0x7f0000000240)=ANY=[@ANYBLOB='p\x00\t'], 0xc) write$nci(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="5001"], 0x14) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffd38) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000005380)={0x6, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x59, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x2000000, 0xe, 0x0, &(0x7f00000001c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 3.069151622s ago: executing program 1 (id=3971): r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20044000, &(0x7f0000000180)={0x2, 0x14, @dev={0xac, 0x14, 0x14, 0x16}}, 0x10) 3.008016966s ago: executing program 3 (id=3972): r0 = socket$unix(0x1, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x42, &(0x7f0000000200)={0x0, 0xea60}, 0x10) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw-serpent-sse2\x00'}, 0x58) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r1, &(0x7f0000000000)={0x27}, 0x62) listen(r1, 0x807) close(r1) r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r2, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x1, 0x7, 0x0, 0x1}, 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r3, 0x0, &(0x7f0000001700)=""/53}, 0x20) connect$ax25(r2, &(0x7f0000000200)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x8}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @default, @null]}, 0x48) getsockopt$sock_timeval(r0, 0x1, 0x42, 0x0, &(0x7f0000000080)) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="3000000040000701feffffff00000000017c0000040042801400018008000300", @ANYRES32=0x0, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB="040002"], 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f00000000c0)=[@timestamp, @mss={0x2, 0xa}, @timestamp, @sack_perm], 0x4) 2.995647037s ago: executing program 0 (id=3973): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='wlan1\x00', 0x10) setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000f00)=0x1000000, 0x4) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdirat$cgroup(r1, &(0x7f0000000080)='syz0\x00', 0x1ff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x2, 0xa, 0x0, 0x2, 0x2}, 0x10}}, 0x0) 2.956136797s ago: executing program 1 (id=3974): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000480)={0x5, {{0x2, 0x4e23, @multicast1}}, {{0x2, 0x0, @broadcast}}}, 0x108) getsockopt$inet_buf(r1, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1) r2 = socket$kcm(0x2, 0xa, 0x2) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb006}, 0x4) r4 = socket$rds(0x15, 0x5, 0x0) bind$rds(r4, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$RDS_CANCEL_SENT_TO(r4, 0x114, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000080)={'pimreg0\x00', @random="7425ddae00"}) write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="08000800070303000200140000004514000000000000082f9078ac14140cffffffff810088a8", @ANYRES8=0x0, @ANYRESDEC=r3, @ANYRES64=r2], 0x36) 2.944086775s ago: executing program 3 (id=3975): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000d00)=@mangle={'mangle\x00', 0x2, 0x6, 0x660, 0x378, 0x378, 0xe0, 0x378, 0x468, 0x590, 0x590, 0x590, 0x590, 0x590, 0x6, 0x0, {[{{@ipv6={@private0, @private2={0xfc, 0x2, '\x00', 0x1}, [0x0, 0xffffffff, 0xffffff00, 0xff], [0xff, 0xff, 0xff000000, 0xffffff00], 'batadv0\x00', 'rose0\x00', {}, {0xff}, 0xff, 0x3, 0x0, 0x26}, 0x0, 0xa8, 0xe0, 0x0, {0x7a00000010000000}}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x2, 0x1}, {0xffffffffffffffff, 0x45, 0x1}, {0xfffd, 0x4}, 0x6, 0x7ff}}}, {{@ipv6={@mcast2, @dev={0xfe, 0x80, '\x00', 0xa}, [0x0, 0xffffffff, 0x0, 0xffffff00], [0x0, 0x0, 0xffffffff, 0xff], 'macvlan0\x00', 'veth1_vlan\x00', {}, {}, 0x6, 0x1, 0x4}, 0x0, 0x138, 0x170, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x5}}, @common=@unspec=@rateest={{0x68}, {'pim6reg\x00', 'ip6_vti0\x00', 0x24, 0x0, 0x2, 0x2400000, 0x3, 0x8, {0x10000}}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffff, 0x0, 0x5}, {}, {0x87, 0x1, 0x7}}}}, {{@uncond, 0x0, 0x100, 0x128, 0x48000000, {}, [@inet=@rpfilter={{0x28}, {0xd}}, @common=@srh={{0x30}, {0x33, 0x66, 0xf8, 0xa6, 0x9, 0x440, 0x502}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@rand_addr=0x64010100, @ipv4=@loopback, 0x0, 0x0, 0x7ff}}}, {{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@srh={{0x30}, {0x62, 0x8, 0x7, 0xb, 0x30ba, 0x222}}, @inet=@rpfilter={{0x28}, {0x6}}]}, @HL={0x28, 'HL\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6c0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$alg(r2, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40010}, 0x0) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x123) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4) sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="180000002500010324bd5502ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20004888}, 0x0) recvmsg(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)=""/232, 0xe8}, {&(0x7f0000000240)=""/183, 0xb7}, {&(0x7f00000005c0)=""/87, 0x57}, {&(0x7f00000000c0)=""/47, 0x2f}, {&(0x7f0000001400)=""/4096, 0x1000}, {&(0x7f0000002700)=""/36, 0x24}, {&(0x7f0000000e80)=""/232, 0xe8}, {&(0x7f0000002540)=""/209, 0xd1}], 0x8}, 0x22120) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r4) sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)=ANY=[@ANYBLOB="1801000035000100"/28], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) (async) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000d00)=@mangle={'mangle\x00', 0x2, 0x6, 0x660, 0x378, 0x378, 0xe0, 0x378, 0x468, 0x590, 0x590, 0x590, 0x590, 0x590, 0x6, 0x0, {[{{@ipv6={@private0, @private2={0xfc, 0x2, '\x00', 0x1}, [0x0, 0xffffffff, 0xffffff00, 0xff], [0xff, 0xff, 0xff000000, 0xffffff00], 'batadv0\x00', 'rose0\x00', {}, {0xff}, 0xff, 0x3, 0x0, 0x26}, 0x0, 0xa8, 0xe0, 0x0, {0x7a00000010000000}}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x2, 0x1}, {0xffffffffffffffff, 0x45, 0x1}, {0xfffd, 0x4}, 0x6, 0x7ff}}}, {{@ipv6={@mcast2, @dev={0xfe, 0x80, '\x00', 0xa}, [0x0, 0xffffffff, 0x0, 0xffffff00], [0x0, 0x0, 0xffffffff, 0xff], 'macvlan0\x00', 'veth1_vlan\x00', {}, {}, 0x6, 0x1, 0x4}, 0x0, 0x138, 0x170, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x5}}, @common=@unspec=@rateest={{0x68}, {'pim6reg\x00', 'ip6_vti0\x00', 0x24, 0x0, 0x2, 0x2400000, 0x3, 0x8, {0x10000}}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffff, 0x0, 0x5}, {}, {0x87, 0x1, 0x7}}}}, {{@uncond, 0x0, 0x100, 0x128, 0x48000000, {}, [@inet=@rpfilter={{0x28}, {0xd}}, @common=@srh={{0x30}, {0x33, 0x66, 0xf8, 0xa6, 0x9, 0x440, 0x502}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@rand_addr=0x64010100, @ipv4=@loopback, 0x0, 0x0, 0x7ff}}}, {{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@srh={{0x30}, {0x62, 0x8, 0x7, 0xb, 0x30ba, 0x222}}, @inet=@rpfilter={{0x28}, {0x6}}]}, @HL={0x28, 'HL\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6c0) (async) socket$alg(0x26, 0x5, 0x0) (async) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-aesni\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (async) accept4(r1, 0x0, 0x0, 0x0) (async) sendmsg$alg(r2, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40010}, 0x0) (async) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x123) (async) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4) (async) sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="180000002500010324bd5502ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20004888}, 0x0) (async) recvmsg(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)=""/232, 0xe8}, {&(0x7f0000000240)=""/183, 0xb7}, {&(0x7f00000005c0)=""/87, 0x57}, {&(0x7f00000000c0)=""/47, 0x2f}, {&(0x7f0000001400)=""/4096, 0x1000}, {&(0x7f0000002700)=""/36, 0x24}, {&(0x7f0000000e80)=""/232, 0xe8}, {&(0x7f0000002540)=""/209, 0xd1}], 0x8}, 0x22120) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r4) (async) sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)=ANY=[@ANYBLOB="1801000035000100"/28], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) (async) 2.867828005s ago: executing program 4 (id=3976): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c00000010000108fdffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="000000002000000008001b000000000024001a80080002"], 0x4c}}, 0x0) 2.788962686s ago: executing program 4 (id=3977): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x21, 0x0, 0x0) close(0x4) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x8001000000000000, 0x40, &(0x7f0000001500)=@raw={'raw\x00', 0x8, 0x3, 0x248, 0xd8, 0x11, 0x148, 0xd8, 0x0, 0x1b0, 0x2a8, 0x2a8, 0x1b0, 0x2a8, 0x3, 0x0, {[{{@ip={@loopback, @dev={0xac, 0x14, 0x14, 0x20}, 0x0, 0xff, 'pim6reg1\x00', 'veth1_macvtap\x00', {0xff}, {0xff}, 0x4, 0x3, 0x40}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x3, 0x1, 0x8001, '\x00', 'syz1\x00', {0x288}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010102, 0xffffffff, 0xffffff00, 'nr0\x00', 'macsec0\x00', {}, {}, 0x6, 0x2, 0x8}, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00', {0xfffffffffffffffc}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a8) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000003100), r2) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r2, &(0x7f0000003240)={0x0, 0x0, &(0x7f0000003200)={&(0x7f0000003140)={0x50, r3, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private0}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'nr0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x50}}, 0x0) 2.742562717s ago: executing program 1 (id=3978): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x84, r1, 0x8, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0xc}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x5}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x6}]}, @IPVS_CMD_ATTR_DAEMON={0x34, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr=' \x01\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, '\x00', 0x37}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x777b}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4781}]}, 0x84}}, 0x8011) (async) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0xfb5, 0xfffffffe}, 0x10) (async) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) (async) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="180000001600156f"], 0x18}}, 0x8080) 625.606µs ago: executing program 0 (id=3979): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, r1, 0x500, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x6}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x80000001}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000004}, 0x8045) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r0) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r3, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000200)={0x1bc, r4, 0x8, 0x70bd2d, 0x25dfdbfe, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0xe}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8}, {0x6, 0x11, 0x401}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x4}, {0x6, 0x11, 0x200}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x401}, {0x6, 0x11, 0xdf38}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x3ff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0xefd}, {0x6, 0x11, 0x40}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8}, {0x6, 0x11, 0x7fff}}]}, 0x1bc}, 0x1, 0x0, 0x0, 0x4000004}, 0x8000) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000580)={'syztnl1\x00', &(0x7f0000000500)={'ip6tnl0\x00', 0x0, 0x4, 0x8, 0x4, 0x8, 0x40, @empty, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x80, 0x7800, 0x5, 0xd}}) ioctl$XFS_IOC_PATH_TO_FSHANDLE(r5, 0xc0385868, &(0x7f00000006c0)={r2, &(0x7f00000005c0)='.]&\x00', 0x80, &(0x7f0000000600)={@_ha_fsid={[0x309, 0x9]}, {0x0, 0x1, 0x0, 0x3589}}, 0x10001, &(0x7f0000000640), &(0x7f0000000680)=0x2}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a40)={0xffffffffffffffff, 0xe0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000740)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x57, &(0x7f0000000840)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000880), &(0x7f00000008c0), 0x8, 0xbd, 0x8, 0x8, &(0x7f0000000900)}}, 0x10) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000a80)={0x1, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x1b, 0x2, &(0x7f0000000440)=@raw=[@cb_func={0x18, 0xb, 0x4, 0x0, 0x8}], &(0x7f0000000480)='GPL\x00', 0x1, 0x8, &(0x7f00000004c0)=""/8, 0x40f00, 0x4, '\x00', r6, @fallback=0x33, r7, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000700)={0x3, 0x2, 0x400, 0x2}, 0x10, r9, 0xffffffffffffffff, 0x0, &(0x7f0000000ac0)=[r10], 0x0, 0x10, 0x4}, 0x94) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000bc0)={'ip6tnl0\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r7, 0x89f0, &(0x7f0000000cc0)={'ip_vti0\x00', &(0x7f0000000c00)={'erspan0\x00', r8, 0x10, 0x20, 0x9, 0x8, {{0x27, 0x4, 0x1, 0x20, 0x9c, 0x67, 0x0, 0x7, 0x4, 0x0, @empty, @remote, {[@timestamp_prespec={0x44, 0x24, 0xbd, 0x3, 0x7, [{@dev={0xac, 0x14, 0x14, 0x26}, 0x4}, {@multicast2, 0x9}, {@empty, 0x80000000}, {@multicast1, 0xfffffffe}]}, @timestamp={0x44, 0x14, 0xd6, 0x0, 0x4, [0x1, 0x1000, 0x0, 0x8]}, @ra={0x94, 0x4}, @end, @rr={0x7, 0xb, 0x46, [@remote, @empty]}, @timestamp_prespec={0x44, 0x1c, 0xa1, 0x3, 0x3, [{@multicast1, 0xf}, {@loopback, 0x2}, {@multicast2}]}, @timestamp_prespec={0x44, 0x14, 0xca, 0x3, 0x0, [{@rand_addr=0x64010101, 0x6}, {@multicast2, 0x3}]}, @generic={0x83, 0x4, 'S:'}, @generic={0x89, 0xa, "218085f0016ca81e"}]}}}}}) ioctl$XFS_IOC_PATH_TO_HANDLE(0xffffffffffffffff, 0xc0385869, &(0x7f0000000e00)={r2, &(0x7f0000000d00)='pci\x00', 0x40, &(0x7f0000000d40)={@align=0x2, {0x3, 0x81, 0x723, 0x1}}, 0x2, &(0x7f0000000d80), &(0x7f0000000dc0)=0x101}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000e40)={0x2, 0x4, 0x8, 0x1, 0x80, r10, 0x6, '\x00', r12, r13, 0x4, 0x5, 0x4}, 0x50) r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f00), r5) ioctl$sock_SIOCGIFINDEX_80211(r13, 0x8933, &(0x7f0000000f40)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f0000001000)={&(0x7f0000000ec0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000fc0)={&(0x7f0000000f80)={0x30, r14, 0x100, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r15}, @val={0xc, 0x99, {0x4361, 0x2e}}}}, [@NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x24008040}, 0x8000) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000001140)={@ifindex=r11, 0x12, 0x0, 0x4, &(0x7f0000001040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, &(0x7f0000001080)=[0x0], &(0x7f00000010c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001100)=[0x0, 0x0, 0x0, 0x0]}, 0x40) ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f00000011c0)={'wg2\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000001380)={&(0x7f0000001180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001340)={&(0x7f0000001200)=@RTM_DELMDB={0x138, 0x55, 0x100, 0x70bd2d, 0x25dfdbff, {0x7, r16}, [@MDBA_SET_ENTRY={0x20, 0x1, {r11, 0x1, 0x1, 0x2, {@ip4=@multicast2, 0x86dd}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r8, 0x1, 0x1, 0x2, {@in6_addr=@private1={0xfc, 0x1, '\x00', 0x1}, 0x8edd}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r12, 0x1, 0x1, 0x2, {@in6_addr=@empty, 0x800}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r12, 0x1, 0x1, 0x0, {@in6_addr=@private0={0xfc, 0x0, '\x00', 0x1}, 0x400}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r8, 0x0, 0x2, 0x0, {@in6_addr=@private0={0xfc, 0x0, '\x00', 0x1}, 0xc5b3}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r6, 0x1, 0x2, 0x1, {@ip4=@rand_addr=0x64010100, 0x800}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r11, 0x0, 0x3, 0x2, {@in6_addr=@dev={0xfe, 0x80, '\x00', 0x2f}, 0x800}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r8, 0x0, 0x1, 0x1, {@ip4=@remote, 0x800}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r12, 0x0, 0x1, 0x1, {@ip4=@multicast1, 0x18367}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x40004}, 0x10) recvmmsg(r7, &(0x7f0000003800)=[{{&(0x7f00000013c0)=@hci, 0x80, &(0x7f00000036c0)=[{&(0x7f0000001440)=""/90, 0x5a}, {&(0x7f00000014c0)=""/25, 0x19}, {&(0x7f0000001500)=""/201, 0xc9}, {&(0x7f0000001600)=""/141, 0x8d}, {&(0x7f00000016c0)=""/4096, 0x1000}, {&(0x7f00000026c0)=""/4096, 0x1000}], 0x6, &(0x7f0000003740)=""/149, 0x95}, 0xfffffffd}], 0x1, 0x120, &(0x7f0000003840)={0x77359400}) ioctl$SIOCX25GSUBSCRIP(r13, 0x89e0, &(0x7f0000003880)={'veth0_to_hsr\x00', 0x3, 0x1}) shutdown(r13, 0x1) sendmsg$NL80211_CMD_GET_REG(r2, &(0x7f0000003a40)={&(0x7f0000003980)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000003a00)={&(0x7f00000039c0)={0x34, r14, 0xe00, 0x70bd2d, 0x25dfdbff, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x41}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000800}, 0x40000) socket$nl_route(0x10, 0x3, 0x0) bind$bt_rfcomm(r7, &(0x7f0000003a80)={0x1f, @none, 0x4}, 0xa) syz_genetlink_get_family_id$devlink(&(0x7f0000003ac0), 0xffffffffffffffff) 0s ago: executing program 1 (id=3980): socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x9, 0x10001, 0x9, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r2, &(0x7f00000003c0), &(0x7f00000000c0)=""/109}, 0x20) (async) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r2, &(0x7f00000003c0), &(0x7f00000000c0)=""/109}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000ac0)={r2, &(0x7f0000000980), &(0x7f00000009c0)=@tcp6, 0x1}, 0x20) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000440)={0x58, r1, 0x800, 0x50bd25, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xe6}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9bd}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x74}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000004}, 0x20000010) (async) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000440)={0x58, r1, 0x800, 0x50bd25, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xe6}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9bd}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x74}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000004}, 0x20000010) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_mreqn(r3, 0x0, 0x20, &(0x7f0000000540)={@rand_addr, @initdev, 0x0}, &(0x7f0000000580)=0xc) socket$nl_route(0x10, 0x3, 0x0) (async) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pie={{0x8}, {0xfffffffffffffe62}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040005}, 0x0) r9 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0)={0xffffffffffffffff}, 0x4) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000640)=@generic={&(0x7f0000000600)='./file0\x00', 0x0, 0x10}, 0x18) (async) r10 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000640)=@generic={&(0x7f0000000600)='./file0\x00', 0x0, 0x10}, 0x18) r11 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x6, 0x1, &(0x7f0000000680)=@raw=[@exit], &(0x7f00000006c0)='syzkaller\x00', 0xd, 0xdb, &(0x7f0000000700)=""/219, 0x41000, 0x25, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000840)={0x5, 0xd, 0x7ec, 0x6000000}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000880)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f00000008c0)=[{0x2, 0x5, 0xf, 0x8}], 0x10, 0x7}, 0x94) sendmsg$nl_route(r4, &(0x7f0000000b40)={&(0x7f0000000500), 0xc, &(0x7f0000000b00)={&(0x7f00000009c0)=@bridge_dellink={0x108, 0x11, 0x1, 0x70bd2b, 0x25dfdbfb, {0x7, 0x0, 0x0, r5, 0x20844, 0x20a00}, [@IFLA_BROADCAST={0xa, 0x2, @remote}, @IFLA_MAP={0x24, 0xe, {0xf8, 0x1, 0x963, 0x7, 0x0, 0x2}}, @IFLA_PHYS_SWITCH_ID={0xf, 0x24, "369d5756cd21f1921bf497"}, @IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, @IFLA_PORT_SELF={0x34, 0x19, 0x0, 0x1, [@IFLA_PORT_PROFILE={0xb, 0x2, 'TIPCv2\x00'}, @IFLA_PORT_PROFILE={0x5, 0x2, '\x00'}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "c1328f2d4fb833a0de8be5c3b09da690"}, @IFLA_PORT_PROFILE={0x5, 0x2, '\x00'}]}, @IFLA_PHYS_PORT_ID={0x1a, 0x22, "57eb791f4cb97d3e5096cf2459c1d50c95da69305d91"}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_XDP={0x2c, 0x2b, 0x0, 0x1, [@IFLA_XDP_EXPECTED_FD={0x8, 0x8, r9}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x2}, @IFLA_XDP_FD={0x8, 0x1, r10}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x3}, @IFLA_XDP_EXPECTED_FD={0x8, 0x8, r11}]}, @IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ppp={{0x8}, {0xc, 0x2, 0x0, 0x1, {0x8, 0x1, r3}}}}]}, 0x108}, 0x1, 0x0, 0x0, 0x4040}, 0x40000) sendmsg$IPCTNL_MSG_EXP_GET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)={0x50, 0x1, 0x2, 0x101, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASTER={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @private1}}}]}]}, 0x50}}, 0x0) (async) sendmsg$IPCTNL_MSG_EXP_GET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)={0x50, 0x1, 0x2, 0x101, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASTER={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @private1}}}]}]}, 0x50}}, 0x0) ioctl$XFS_IOC_PATH_TO_FSHANDLE(r3, 0xc0385868, &(0x7f0000000100)={r3, &(0x7f0000000000)='\x00', 0x82840, &(0x7f0000000040)={@_ha_fsid={[0xd5, 0x4]}, {0x4, 0x6000, 0xc258, 0xffffffffffffffff}}, 0x776, &(0x7f0000000080)={@_ha_fsid}, &(0x7f00000000c0)=0xfffffffa}) (async) ioctl$XFS_IOC_PATH_TO_FSHANDLE(r3, 0xc0385868, &(0x7f0000000100)={r3, &(0x7f0000000000)='\x00', 0x82840, &(0x7f0000000040)={@_ha_fsid={[0xd5, 0x4]}, {0x4, 0x6000, 0xc258, 0xffffffffffffffff}}, 0x776, &(0x7f0000000080)={@_ha_fsid}, &(0x7f00000000c0)=0xfffffffa}) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r12, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="91590000", @ANYRES16=0x0, @ANYBLOB="000127bd7000fddbdf2553000000"], 0x14}, 0x1, 0x0, 0x0, 0x5}, 0xc0) accept4$inet(r12, 0x0, &(0x7f0000000140), 0x80000) kernel console output (not intermixed with test programs): eftover after parsing attributes in process `syz.2.2473'. [ 265.134739][ T1685] block nbd0: Possible stuck request ffff888026360000: control (read@0,1024B). Runtime 150 seconds [ 265.146318][ T1685] block nbd0: Possible stuck request ffff888026360200: control (read@1024,1024B). Runtime 150 seconds [ 265.158656][ T1685] block nbd0: Possible stuck request ffff888026360400: control (read@2048,1024B). Runtime 150 seconds [ 265.165630][T15012] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2473'. [ 265.169868][ T1685] block nbd0: Possible stuck request ffff888026360600: control (read@3072,1024B). Runtime 150 seconds [ 265.249289][T15007] netlink: 'syz.2.2473': attribute type 2 has an invalid length. [ 265.278625][T15021] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2479'. [ 265.300692][T15020] netlink: 'syz.1.2480': attribute type 24 has an invalid length. [ 265.532710][T15031] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2484'. [ 265.546178][T15035] netlink: 'syz.4.2485': attribute type 6 has an invalid length. [ 265.600000][T15038] netlink: 'syz.0.2486': attribute type 5 has an invalid length. [ 265.624457][T15038] tipc: Enabling of bearer rejected, failed to enable media [ 265.809911][T15053] nbd: must specify a size in bytes for the device [ 265.894194][T15052] syzkaller0: entered promiscuous mode [ 265.930243][T15052] syzkaller0: entered allmulticast mode [ 266.025974][T15064] netlink: 'syz.0.2492': attribute type 1 has an invalid length. [ 266.048813][T15064] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2492'. [ 266.174534][ T796] tipc: Node number set to 1685224846 [ 266.331952][T15084] FAULT_INJECTION: forcing a failure. [ 266.331952][T15084] name failslab, interval 1, probability 0, space 0, times 0 [ 266.360424][T15084] CPU: 1 UID: 0 PID: 15084 Comm: syz.0.2499 Not tainted syzkaller #0 PREEMPT(full) [ 266.360448][T15084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 266.360458][T15084] Call Trace: [ 266.360464][T15084] [ 266.360472][T15084] dump_stack_lvl+0xe8/0x150 [ 266.360501][T15084] should_fail_ex+0x412/0x560 [ 266.360530][T15084] should_failslab+0xa8/0x100 [ 266.360552][T15084] ? xfrm_state_alloc+0x24/0x2f0 [ 266.360572][T15084] kmem_cache_alloc_noprof+0x87/0x650 [ 266.360600][T15084] xfrm_state_alloc+0x24/0x2f0 [ 266.360620][T15084] pfkey_add+0x700/0x2df0 [ 266.360653][T15084] ? kasan_quarantine_put+0x72/0x1f0 [ 266.360679][T15084] ? __pfx_pfkey_add+0x10/0x10 [ 266.360701][T15084] ? pfkey_broadcast+0x3c2/0x3e0 [ 266.360734][T15084] pfkey_sendmsg+0xc56/0x1120 [ 266.360773][T15084] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 266.360823][T15084] ? aa_sock_msg_perm+0xf1/0x1b0 [ 266.360854][T15084] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 266.360888][T15084] ____sys_sendmsg+0x972/0x9f0 [ 266.360920][T15084] ? __pfx_____sys_sendmsg+0x10/0x10 [ 266.360950][T15084] ? import_iovec+0x73/0xa0 [ 266.360975][T15084] ___sys_sendmsg+0x2a5/0x360 [ 266.361002][T15084] ? __pfx____sys_sendmsg+0x10/0x10 [ 266.361060][T15084] ? __fget_files+0x2a/0x420 [ 266.361085][T15084] ? __fget_files+0x3a0/0x420 [ 266.361122][T15084] __x64_sys_sendmsg+0x1bd/0x2a0 [ 266.361145][T15084] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 266.361176][T15084] ? __pfx_ksys_write+0x10/0x10 [ 266.361206][T15084] do_syscall_64+0x14d/0xf80 [ 266.361225][T15084] ? trace_irq_disable+0x3b/0x150 [ 266.361249][T15084] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.361268][T15084] ? clear_bhb_loop+0x40/0x90 [ 266.361290][T15084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.361308][T15084] RIP: 0033:0x7fcdf3d9c799 [ 266.361327][T15084] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 266.361343][T15084] RSP: 002b:00007fcdf4c9b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 266.361364][T15084] RAX: ffffffffffffffda RBX: 00007fcdf4015fa0 RCX: 00007fcdf3d9c799 [ 266.361376][T15084] RDX: 0000000004008000 RSI: 0000200000000000 RDI: 0000000000000003 [ 266.361388][T15084] RBP: 00007fcdf4c9b090 R08: 0000000000000000 R09: 0000000000000000 [ 266.361400][T15084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 266.361410][T15084] R13: 00007fcdf4016038 R14: 00007fcdf4015fa0 R15: 00007ffc1c8a6a38 [ 266.361441][T15084] [ 266.858188][T15106] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 267.785421][T15165] FAULT_INJECTION: forcing a failure. [ 267.785421][T15165] name failslab, interval 1, probability 0, space 0, times 0 [ 267.816809][T15165] CPU: 0 UID: 0 PID: 15165 Comm: syz.3.2512 Not tainted syzkaller #0 PREEMPT(full) [ 267.816835][T15165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 267.816845][T15165] Call Trace: [ 267.816852][T15165] [ 267.816859][T15165] dump_stack_lvl+0xe8/0x150 [ 267.816890][T15165] should_fail_ex+0x412/0x560 [ 267.816922][T15165] should_failslab+0xa8/0x100 [ 267.816946][T15165] ? skb_clone+0x212/0x3a0 [ 267.816968][T15165] kmem_cache_alloc_noprof+0x87/0x650 [ 267.816987][T15165] ? sk_filter_trim_cap+0x1e1/0xd90 [ 267.817017][T15165] skb_clone+0x212/0x3a0 [ 267.817042][T15165] __netlink_deliver_tap+0x404/0x850 [ 267.817082][T15165] ? netlink_deliver_tap+0x2e/0x1b0 [ 267.817110][T15165] netlink_deliver_tap+0x19c/0x1b0 [ 267.817138][T15165] netlink_dump+0x926/0xe80 [ 267.817177][T15165] ? __pfx_netlink_dump+0x10/0x10 [ 267.817226][T15165] netlink_recvmsg+0x690/0xa50 [ 267.817253][T15165] ? __lock_acquire+0x6b5/0x2cf0 [ 267.817285][T15165] ? __pfx_netlink_recvmsg+0x10/0x10 [ 267.817319][T15165] ? aa_sock_msg_perm+0xf1/0x1b0 [ 267.817347][T15165] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 267.817366][T15165] ? security_socket_recvmsg+0x7e/0x2c0 [ 267.817387][T15165] ? __pfx_netlink_recvmsg+0x10/0x10 [ 267.817414][T15165] sock_recvmsg+0x172/0x1b0 [ 267.817444][T15165] ____sys_recvmsg+0x1e6/0x4a0 [ 267.817475][T15165] ? __pfx_____sys_recvmsg+0x10/0x10 [ 267.817512][T15165] ? import_iovec+0x73/0xa0 [ 267.817536][T15165] ___sys_recvmsg+0x215/0x590 [ 267.817563][T15165] ? __pfx____sys_recvmsg+0x10/0x10 [ 267.817609][T15165] ? __fget_files+0x3a0/0x420 [ 267.817643][T15165] do_recvmmsg+0x334/0x800 [ 267.817670][T15165] ? __pfx_do_recvmmsg+0x10/0x10 [ 267.817711][T15165] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 267.817751][T15165] __x64_sys_recvmmsg+0x198/0x250 [ 267.817776][T15165] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 267.817810][T15165] do_syscall_64+0x14d/0xf80 [ 267.817830][T15165] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.817848][T15165] ? clear_bhb_loop+0x40/0x90 [ 267.817869][T15165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.817887][T15165] RIP: 0033:0x7f42cb19c799 [ 267.817904][T15165] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 267.817921][T15165] RSP: 002b:00007f42cbfab028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 267.817941][T15165] RAX: ffffffffffffffda RBX: 00007f42cb415fa0 RCX: 00007f42cb19c799 [ 267.817954][T15165] RDX: 0000000000000344 RSI: 0000200000005c80 RDI: 0000000000000003 [ 267.817965][T15165] RBP: 00007f42cbfab090 R08: 0000000000000000 R09: 0000000000000000 [ 267.817976][T15165] R10: 0000000000010122 R11: 0000000000000246 R12: 0000000000000001 [ 267.817987][T15165] R13: 00007f42cb416038 R14: 00007f42cb415fa0 R15: 00007ffed91c05d8 [ 267.818017][T15165] [ 268.119864][T15176] netlink: 'syz.1.2516': attribute type 10 has an invalid length. [ 268.133193][T15176] bridge_slave_1: left allmulticast mode [ 268.139571][T15176] bridge_slave_1: left promiscuous mode [ 268.153031][T15176] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.195922][T15176] bridge_slave_1: entered allmulticast mode [ 268.202360][T15176] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 268.411365][T15195] __nla_validate_parse: 2 callbacks suppressed [ 268.411384][T15195] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2521'. [ 268.746748][T15219] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2526'. [ 269.065865][T15232] FAULT_INJECTION: forcing a failure. [ 269.065865][T15232] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 269.081339][T15232] CPU: 1 UID: 0 PID: 15232 Comm: syz.3.2529 Not tainted syzkaller #0 PREEMPT(full) [ 269.081364][T15232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 269.081376][T15232] Call Trace: [ 269.081383][T15232] [ 269.081391][T15232] dump_stack_lvl+0xe8/0x150 [ 269.081422][T15232] should_fail_ex+0x412/0x560 [ 269.081454][T15232] _copy_from_user+0x2d/0xb0 [ 269.081476][T15232] ___sys_recvmsg+0x175/0x590 [ 269.081499][T15232] ? __lock_acquire+0x6b5/0x2cf0 [ 269.081527][T15232] ? __pfx____sys_recvmsg+0x10/0x10 [ 269.081584][T15232] do_recvmmsg+0x334/0x800 [ 269.081613][T15232] ? __pfx_do_recvmmsg+0x10/0x10 [ 269.081647][T15232] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 269.081686][T15232] __x64_sys_recvmmsg+0x198/0x250 [ 269.081711][T15232] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 269.081744][T15232] do_syscall_64+0x14d/0xf80 [ 269.081764][T15232] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.081783][T15232] ? clear_bhb_loop+0x40/0x90 [ 269.081805][T15232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.081823][T15232] RIP: 0033:0x7f42cb19c799 [ 269.081841][T15232] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 269.081857][T15232] RSP: 002b:00007f42cbfab028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 269.081877][T15232] RAX: ffffffffffffffda RBX: 00007f42cb415fa0 RCX: 00007f42cb19c799 [ 269.081892][T15232] RDX: 0000000000000344 RSI: 0000200000005c80 RDI: 0000000000000003 [ 269.081904][T15232] RBP: 00007f42cbfab090 R08: 0000000000000000 R09: 0000000000000000 [ 269.081916][T15232] R10: 0000000000010122 R11: 0000000000000246 R12: 0000000000000001 [ 269.081928][T15232] R13: 00007f42cb416038 R14: 00007f42cb415fa0 R15: 00007ffed91c05d8 [ 269.081958][T15232] [ 269.398255][T15243] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2534'. [ 269.458573][T15249] openvswitch: netlink: VXLAN extension 0 has unexpected len 2 expected 0 [ 269.514675][T15247] wg0: entered promiscuous mode [ 269.521200][T15247] wg0: entered allmulticast mode [ 270.212799][T11889] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0xfe [ 270.334321][ T51] Bluetooth: hci4: command 0x0405 tx timeout [ 270.487976][T15309] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2546'. [ 270.688881][T15322] netlink: zone id is out of range [ 270.704760][T15322] netlink: zone id is out of range [ 270.710003][T15322] netlink: zone id is out of range [ 270.720153][T15322] netlink: zone id is out of range [ 270.732658][T15325] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2551'. [ 270.748607][T15322] netlink: zone id is out of range [ 270.758114][T15322] netlink: zone id is out of range [ 270.763355][T15322] netlink: zone id is out of range [ 270.768948][T15325] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2551'. [ 270.781795][T15322] netlink: zone id is out of range [ 270.800065][T15322] netlink: zone id is out of range [ 270.930621][T15337] xt_cgroup: invalid path, errno=-2 [ 270.952159][T15290] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 271.398673][T15361] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2559'. [ 271.634179][T15372] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2564'. [ 271.680903][T15372] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2564'. [ 272.029793][T15398] pim6reg: entered allmulticast mode [ 272.210796][T15403] siw: device registration error -23 [ 272.540558][T15418] lo speed is unknown, defaulting to 1000 [ 272.588579][T15429] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2572'. [ 273.420030][T15476] __nla_validate_parse: 1 callbacks suppressed [ 273.420050][T15476] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2584'. [ 273.512512][T15469] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 273.515282][T15480] netlink: 'syz.1.2586': attribute type 24 has an invalid length. [ 273.530736][T15476] smc: removing net device team0 with user defined pnetid SYZ2 [ 273.651916][T15483] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2587'. [ 273.747198][T15487] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2589'. [ 273.983555][T15501] lo speed is unknown, defaulting to 1000 [ 274.093245][T15510] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2588'. [ 274.611787][T15534] netlink: 'syz.2.2598': attribute type 4 has an invalid length. [ 274.901740][T15564] net_ratelimit: 423 callbacks suppressed [ 274.901757][T15564] openvswitch: netlink: IP tunnel dst address not specified [ 275.075241][T15569] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2607'. [ 275.094885][T15569] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2607'. [ 275.526415][T15599] netlink: zone id is out of range [ 275.534417][T15599] netlink: zone id is out of range [ 275.546356][T15599] netlink: zone id is out of range [ 275.551778][T15599] netlink: zone id is out of range [ 275.602927][T15599] netlink: zone id is out of range [ 275.624862][T15599] netlink: zone id is out of range [ 275.637854][T15599] netlink: zone id is out of range [ 275.653020][T15599] netlink: zone id is out of range [ 275.669535][T15599] netlink: zone id is out of range [ 276.055951][T15635] IPVS: set_ctl: invalid protocol: 136 224.0.0.1:20004 [ 277.389421][T15529] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 277.545861][T15711] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2625'. [ 277.670068][T15724] netlink: 'syz.1.2628': attribute type 10 has an invalid length. [ 277.721592][T15728] netlink: 'syz.1.2628': attribute type 2 has an invalid length. [ 277.737388][T15728] netlink: 'syz.1.2628': attribute type 2 has an invalid length. [ 277.875681][T15736] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2630'. [ 278.113173][T15752] netlink: 3648 bytes leftover after parsing attributes in process `syz.1.2635'. [ 278.162765][T15752] netlink: 3648 bytes leftover after parsing attributes in process `syz.1.2635'. [ 278.288861][T15761] netlink: 'syz.4.2637': attribute type 24 has an invalid length. [ 278.664796][T15780] __nla_validate_parse: 2 callbacks suppressed [ 278.664814][T15780] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2644'. [ 279.156458][T15816] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2649'. [ 279.429978][T15829] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2652'. [ 279.469407][T15829] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2652'. [ 279.533321][T15832] netlink: 'syz.4.2653': attribute type 24 has an invalid length. [ 279.747706][T15844] syzkaller1: entered promiscuous mode [ 279.753377][T15844] syzkaller1: entered allmulticast mode [ 279.770367][T15849] FAULT_INJECTION: forcing a failure. [ 279.770367][T15849] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 279.824525][T15849] CPU: 0 UID: 0 PID: 15849 Comm: syz.4.2659 Not tainted syzkaller #0 PREEMPT(full) [ 279.824551][T15849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 279.824563][T15849] Call Trace: [ 279.824570][T15849] [ 279.824578][T15849] dump_stack_lvl+0xe8/0x150 [ 279.824610][T15849] should_fail_ex+0x412/0x560 [ 279.824642][T15849] _copy_from_user+0x2d/0xb0 [ 279.824663][T15849] ___sys_sendmsg+0x1c6/0x360 [ 279.824692][T15849] ? __pfx____sys_sendmsg+0x10/0x10 [ 279.824718][T15849] ? kstrtouint+0x6e/0xe0 [ 279.824770][T15849] ? __fget_files+0x2a/0x420 [ 279.824797][T15849] ? __fget_files+0x3a0/0x420 [ 279.824834][T15849] __sys_sendmmsg+0x27c/0x4e0 [ 279.824861][T15849] ? __pfx___sys_sendmmsg+0x10/0x10 [ 279.824880][T15849] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 279.824929][T15849] ? ksys_write+0x242/0x270 [ 279.824959][T15849] ? __pfx_ksys_write+0x10/0x10 [ 279.824986][T15849] __x64_sys_sendmmsg+0xa0/0xc0 [ 279.825010][T15849] do_syscall_64+0x14d/0xf80 [ 279.825031][T15849] ? trace_irq_disable+0x3b/0x150 [ 279.825058][T15849] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.825077][T15849] ? clear_bhb_loop+0x40/0x90 [ 279.825100][T15849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.825118][T15849] RIP: 0033:0x7f09abb9c799 [ 279.825135][T15849] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 279.825152][T15849] RSP: 002b:00007f09ac9be028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 279.825172][T15849] RAX: ffffffffffffffda RBX: 00007f09abe15fa0 RCX: 00007f09abb9c799 [ 279.825186][T15849] RDX: 0000000000034000 RSI: 0000200000004380 RDI: 0000000000000004 [ 279.825199][T15849] RBP: 00007f09ac9be090 R08: 0000000000000000 R09: 0000000000000000 [ 279.825210][T15849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 279.825222][T15849] R13: 00007f09abe16038 R14: 00007f09abe15fa0 R15: 00007ffc925e26e8 [ 279.825253][T15849] [ 280.062631][T15853] x_tables: duplicate underflow at hook 2 [ 280.202490][T15855] netlink: 'syz.3.2662': attribute type 1 has an invalid length. [ 280.258124][T15864] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2666'. [ 280.271121][T15864] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2666'. [ 280.400190][T15871] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2667'. [ 280.416796][T15871] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2667'. [ 280.456931][T15871] netlink: 'syz.0.2667': attribute type 4 has an invalid length. [ 280.489276][T15880] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2670'. [ 280.656529][T15887] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2672'. [ 280.766508][T15887] bond9: entered allmulticast mode [ 281.163164][T15928] FAULT_INJECTION: forcing a failure. [ 281.163164][T15928] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 281.217054][T15928] CPU: 0 UID: 0 PID: 15928 Comm: syz.2.2682 Not tainted syzkaller #0 PREEMPT(full) [ 281.217082][T15928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 281.217094][T15928] Call Trace: [ 281.217102][T15928] [ 281.217110][T15928] dump_stack_lvl+0xe8/0x150 [ 281.217142][T15928] should_fail_ex+0x412/0x560 [ 281.217175][T15928] _copy_from_iter+0x1d3/0x1670 [ 281.217207][T15928] ? rcu_is_watching+0x15/0xb0 [ 281.217238][T15928] ? __pfx__copy_from_iter+0x10/0x10 [ 281.217274][T15928] ? netlink_sendmsg+0x650/0xb40 [ 281.217301][T15928] ? skb_put+0x11b/0x210 [ 281.217323][T15928] netlink_sendmsg+0x6c0/0xb40 [ 281.217361][T15928] ? __pfx_netlink_sendmsg+0x10/0x10 [ 281.217391][T15928] ? aa_sock_msg_perm+0xf1/0x1b0 [ 281.217419][T15928] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 281.217443][T15928] ____sys_sendmsg+0x972/0x9f0 [ 281.217471][T15928] ? __pfx_____sys_sendmsg+0x10/0x10 [ 281.217499][T15928] ? import_iovec+0x73/0xa0 [ 281.217522][T15928] ___sys_sendmsg+0x2a5/0x360 [ 281.217548][T15928] ? __pfx____sys_sendmsg+0x10/0x10 [ 281.217600][T15928] ? __fget_files+0x2a/0x420 [ 281.217626][T15928] ? __fget_files+0x3a0/0x420 [ 281.217659][T15928] __x64_sys_sendmsg+0x1bd/0x2a0 [ 281.217682][T15928] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 281.217713][T15928] ? __pfx_ksys_write+0x10/0x10 [ 281.217745][T15928] do_syscall_64+0x14d/0xf80 [ 281.217765][T15928] ? trace_irq_disable+0x3b/0x150 [ 281.217792][T15928] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.217819][T15928] ? clear_bhb_loop+0x40/0x90 [ 281.217842][T15928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.217860][T15928] RIP: 0033:0x7f3f3dd9c799 [ 281.217878][T15928] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 281.217894][T15928] RSP: 002b:00007f3f3ec7a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 281.217914][T15928] RAX: ffffffffffffffda RBX: 00007f3f3e015fa0 RCX: 00007f3f3dd9c799 [ 281.217927][T15928] RDX: 0000000000004014 RSI: 0000200000000180 RDI: 0000000000000003 [ 281.217940][T15928] RBP: 00007f3f3ec7a090 R08: 0000000000000000 R09: 0000000000000000 [ 281.217951][T15928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 281.217962][T15928] R13: 00007f3f3e016038 R14: 00007f3f3e015fa0 R15: 00007ffcdc9f2748 [ 281.217993][T15928] [ 281.492132][T15934] netlink: 'syz.3.2685': attribute type 5 has an invalid length. [ 281.515473][T15935] FAULT_INJECTION: forcing a failure. [ 281.515473][T15935] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 281.567415][T15935] CPU: 1 UID: 0 PID: 15935 Comm: syz.1.2684 Not tainted syzkaller #0 PREEMPT(full) [ 281.567442][T15935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 281.567454][T15935] Call Trace: [ 281.567461][T15935] [ 281.567470][T15935] dump_stack_lvl+0xe8/0x150 [ 281.567500][T15935] should_fail_ex+0x412/0x560 [ 281.567531][T15935] _copy_from_user+0x2d/0xb0 [ 281.567553][T15935] ___sys_recvmsg+0x175/0x590 [ 281.567574][T15935] ? __lock_acquire+0x6b5/0x2cf0 [ 281.567602][T15935] ? __pfx____sys_recvmsg+0x10/0x10 [ 281.567662][T15935] do_recvmmsg+0x334/0x800 [ 281.567693][T15935] ? __pfx_do_recvmmsg+0x10/0x10 [ 281.567727][T15935] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 281.567767][T15935] __x64_sys_recvmmsg+0x198/0x250 [ 281.567792][T15935] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 281.567826][T15935] do_syscall_64+0x14d/0xf80 [ 281.567846][T15935] ? trace_irq_disable+0x3b/0x150 [ 281.567873][T15935] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.567892][T15935] ? clear_bhb_loop+0x40/0x90 [ 281.567914][T15935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.567933][T15935] RIP: 0033:0x7fdebe99c799 [ 281.567951][T15935] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 281.567967][T15935] RSP: 002b:00007fdebf8a8028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 281.567987][T15935] RAX: ffffffffffffffda RBX: 00007fdebec15fa0 RCX: 00007fdebe99c799 [ 281.568001][T15935] RDX: 0000000000000344 RSI: 0000200000005c80 RDI: 0000000000000003 [ 281.568013][T15935] RBP: 00007fdebf8a8090 R08: 0000000000000000 R09: 0000000000000000 [ 281.568025][T15935] R10: 0000000000010122 R11: 0000000000000246 R12: 0000000000000002 [ 281.568037][T15935] R13: 00007fdebec16038 R14: 00007fdebec15fa0 R15: 00007fffcdc52b58 [ 281.568068][T15935] [ 282.611302][T15988] syzkaller1: entered promiscuous mode [ 282.623885][T15988] syzkaller1: entered allmulticast mode [ 282.656558][T15990] bridge0: port 3(dummy0) entered disabled state [ 282.683552][T15990] dummy0 (unregistering): left allmulticast mode [ 282.700149][T15990] dummy0 (unregistering): left promiscuous mode [ 282.718734][T15990] bridge0: port 3(dummy0) entered disabled state [ 282.991692][T16010] net_ratelimit: 277 callbacks suppressed [ 282.991712][T16010] netlink: zone id is out of range [ 283.017544][T16010] netlink: del zone limit has 4 unknown bytes [ 283.188251][T16024] xt_hashlimit: size too large, truncated to 1048576 [ 283.537050][T16025] syzkaller1: entered promiscuous mode [ 283.613907][T16025] syzkaller1: entered allmulticast mode [ 284.036924][T16080] netlink: 'syz.4.2714': attribute type 12 has an invalid length. [ 284.112934][T16088] netlink: 'syz.4.2714': attribute type 4 has an invalid length. [ 284.198357][T16091] __nla_validate_parse: 8 callbacks suppressed [ 284.198376][T16091] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2716'. [ 284.224639][T16093] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2717'. [ 284.243155][T16093] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2717'. [ 284.296535][T16093] block nbd0: reconnected socket [ 284.297076][ T51] block nbd0: Receive control failed (result -107) [ 284.369698][T16093] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2717'. [ 284.470196][T16108] syzkaller1: entered promiscuous mode [ 284.495578][T16108] syzkaller1: entered allmulticast mode [ 285.056574][T16128] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2726'. [ 285.170966][T16139] netlink: 'syz.2.2728': attribute type 4 has an invalid length. [ 285.225442][T16139] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2728'. [ 285.427989][T16149] netem: incorrect gi model size [ 285.433302][T16149] netem: change failed [ 285.585156][T16162] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR [ 285.670244][T16173] tipc: Enabling of bearer rejected, failed to enable media [ 285.771408][T16173] netdevsim netdevsim4 netdevsim0: IPsec offload requires 128 bit authentication [ 286.030460][T16205] netlink: 'syz.1.2741': attribute type 10 has an invalid length. [ 286.206981][T16180] bond0: entered promiscuous mode [ 286.213146][T16180] batadv0: entered promiscuous mode [ 286.219385][T16180] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 286.229347][T16180] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network [ 286.240140][T16180] hsr1: entered promiscuous mode [ 286.245567][T16180] hsr1: entered allmulticast mode [ 286.250729][T16180] bond0: entered allmulticast mode [ 286.257617][T16180] batadv0: entered allmulticast mode [ 286.263341][T16180] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 286.271253][T16180] bond0: left promiscuous mode [ 286.276827][T16180] batadv0: left promiscuous mode [ 286.297334][T16203] netlink: 'syz.4.2736': attribute type 1 has an invalid length. [ 286.584872][T16226] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2744'. [ 286.708548][T16222] tipc: Enabling of bearer rejected, already enabled [ 287.116816][T16252] openvswitch: netlink: Tunnel attr 3 has unexpected len 8 expected 1 [ 287.368794][T16268] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2755'. [ 287.386949][T16267] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2754'. [ 287.427601][T16267] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2754'. [ 287.564178][T16274] wg0: entered promiscuous mode [ 287.569185][T16274] wg0: entered allmulticast mode [ 288.026467][T16298] lo speed is unknown, defaulting to 1000 [ 288.097716][T16292] IPVS: sh: FWM 3 0x00000003 - no destination available [ 288.110875][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 288.118879][T16292] IPVS: sh: FWM 3 0x00000003 - no destination available [ 288.331892][T16314] netlink: 'syz.3.2770': attribute type 24 has an invalid length. [ 288.811657][T16338] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 288.840775][T16338] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 288.886658][T16338] syzkaller0: entered promiscuous mode [ 288.909091][T16338] syzkaller0: entered allmulticast mode [ 289.241951][T16358] x_tables: duplicate underflow at hook 1 [ 289.251083][T16360] netlink: 'syz.1.2785': attribute type 24 has an invalid length. [ 289.585442][T16377] __nla_validate_parse: 2 callbacks suppressed [ 289.585464][T16377] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2791'. [ 290.137966][T16410] sctp: [Deprecated]: syz.4.2799 (pid 16410) Use of struct sctp_assoc_value in delayed_ack socket option. [ 290.137966][T16410] Use struct sctp_sack_info instead [ 290.987590][T16453] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.2805'. [ 290.997113][T16453] netlink: Conntrack attr has 4 unknown bytes [ 291.057544][T16458] netlink: 'syz.1.2807': attribute type 10 has an invalid length. [ 291.066918][T16459] netlink: 'syz.1.2807': attribute type 10 has an invalid length. [ 292.919291][T16395] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 293.203884][T16511] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2809'. [ 293.219446][T16511] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2809'. [ 293.229062][T16511] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2809'. [ 293.238521][T16511] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2809'. [ 293.248459][T16511] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2809'. [ 293.259653][T16510] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2809'. [ 293.286532][T16510] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2809'. [ 293.325780][T16510] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2809'. [ 293.340808][T16516] xt_hashlimit: size too large, truncated to 1048576 [ 293.905451][T16548] netlink: 'syz.0.2824': attribute type 15 has an invalid length. [ 293.908881][T16556] rdma_rxe: rxe_newlink: failed to add bond_slave_0 [ 294.037226][T16559] lo speed is unknown, defaulting to 1000 [ 294.040204][T16561] netlink: 'syz.2.2829': attribute type 3 has an invalid length. [ 294.179761][T16568] openvswitch: netlink: Tunnel attr 4107 out of range max 16 [ 294.473830][T16587] lo speed is unknown, defaulting to 1000 [ 294.629051][T16593] __nla_validate_parse: 5 callbacks suppressed [ 294.629068][T16593] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2840'. [ 295.215202][ T1685] block nbd0: Possible stuck request ffff888026360000: control (read@0,1024B). Runtime 180 seconds [ 295.229183][ T1685] block nbd0: Possible stuck request ffff888026360200: control (read@1024,1024B). Runtime 180 seconds [ 295.241570][ T1685] block nbd0: Possible stuck request ffff888026360400: control (read@2048,1024B). Runtime 180 seconds [ 295.253450][ T11] block nbd0: Dead connection, failed to find a fallback [ 295.262485][ T1685] block nbd0: Possible stuck request ffff888026360600: control (read@3072,1024B). Runtime 180 seconds [ 295.266206][T16631] syzkaller0: entered promiscuous mode [ 295.279042][T16631] syzkaller0: entered allmulticast mode [ 295.319295][T16634] netlink: 'syz.0.2855': attribute type 16 has an invalid length. [ 295.341174][T16634] netlink: 'syz.0.2855': attribute type 3 has an invalid length. [ 295.355469][T16634] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2855'. [ 295.416066][T16637] netlink: 'syz.1.2858': attribute type 21 has an invalid length. [ 295.455813][T16645] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2859'. [ 295.518562][T16644] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2859'. [ 295.539697][T16637] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2858'. [ 295.682424][T16658] netlink: 'syz.3.2863': attribute type 10 has an invalid length. [ 295.755947][T16668] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2863'. [ 295.764533][T16662] syzkaller0: entered promiscuous mode [ 295.796338][T16662] 0: reclassify loop, rule prio 0, protocol 800 [ 295.808665][T16667] netlink: 'syz.4.2866': attribute type 1 has an invalid length. [ 295.866112][T16677] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 296.031525][T16686] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2870'. [ 296.099870][T16691] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2871'. [ 296.436843][T16715] syzkaller0: entered promiscuous mode [ 296.446516][T16718] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2883'. [ 296.455890][T16715] 0: reclassify loop, rule prio 0, protocol 800 [ 296.737891][T16735] lo speed is unknown, defaulting to 1000 [ 297.488893][T16775] netlink: 'syz.2.2900': attribute type 1 has an invalid length. [ 297.499913][T16776] syzkaller0: entered promiscuous mode [ 297.529377][T16776] 0: reclassify loop, rule prio 0, protocol 800 [ 297.553927][T16782] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2903'. [ 298.422529][T16839] syzkaller0: entered promiscuous mode [ 298.448256][T16839] 0: reclassify loop, rule prio 0, protocol 800 [ 298.815032][T16857] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 298.836038][T16857] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 298.874364][T16859] netlink: 'syz.2.2929': attribute type 5 has an invalid length. [ 299.241873][T16885] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 299.248691][T16885] syzkaller1: linktype set to 823 [ 299.314845][T16890] syzkaller0: entered promiscuous mode [ 299.325673][T16890] 0: reclassify loop, rule prio 0, protocol 800 [ 300.478387][T16922] veth1_vlan: left allmulticast mode [ 300.510240][T16926] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.540878][T16942] wg0: entered promiscuous mode [ 300.555731][T16942] wg0: entered allmulticast mode [ 300.570551][ T61] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.595312][ T61] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.637793][ T61] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.067035][T16969] __nla_validate_parse: 4 callbacks suppressed [ 301.067054][T16969] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2964'. [ 301.090293][T16969] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2964'. [ 301.166263][T16974] netlink: 'syz.3.2966': attribute type 24 has an invalid length. [ 301.329091][T16984] openvswitch: netlink: VXLAN extension message has 8 unknown bytes. [ 301.471502][T16992] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2971'. [ 302.088476][T17030] netlink: 'syz.4.2978': attribute type 24 has an invalid length. [ 302.297135][T17043] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2982'. [ 302.429836][T17050] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 302.437879][T17051] netlink: 'syz.3.2983': attribute type 24 has an invalid length. [ 302.454245][T17051] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2983'. [ 302.456496][T17052] syzkaller1: entered promiscuous mode [ 302.468900][T17052] syzkaller1: entered allmulticast mode [ 302.645703][T17059] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2987'. [ 302.939975][T17087] netlink: 'syz.1.2994': attribute type 61 has an invalid length. [ 302.951102][T17087] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2994'. [ 303.165523][T17098] bond3: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 303.181265][T17098] bond3 (unregistering): Released all slaves [ 303.318471][T17112] netlink: 'syz.1.2999': attribute type 1 has an invalid length. [ 303.338951][T17112] netlink: 280 bytes leftover after parsing attributes in process `syz.1.2999'. [ 303.385915][T17112] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2999'. [ 303.625032][T17131] bridge0: port 3(gretap0) entered blocking state [ 303.631588][T17131] bridge0: port 3(gretap0) entered disabled state [ 303.647760][T17131] gretap0: entered allmulticast mode [ 303.655710][T17131] gretap0: entered promiscuous mode [ 303.667555][T17133] netlink: 1 bytes leftover after parsing attributes in process `syz.2.3009'. [ 303.708358][T17131] netlink: 'syz.4.3008': attribute type 1 has an invalid length. [ 303.795328][T17131] 8021q: adding VLAN 0 to HW filter on device bond3 [ 303.939925][T17153] netlink: 'syz.2.3016': attribute type 24 has an invalid length. [ 304.392339][T17184] netlink: 'syz.2.3029': attribute type 24 has an invalid length. [ 304.445123][T17191] netlink: 'syz.3.3026': attribute type 9 has an invalid length. [ 304.464599][T17191] netlink: 'syz.3.3026': attribute type 11 has an invalid length. [ 304.487555][T17191] netlink: 'syz.3.3026': attribute type 12 has an invalid length. [ 304.769864][T17211] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 304.877239][T17220] netlink: 'syz.0.3039': attribute type 4 has an invalid length. [ 304.898090][T17222] netlink: 'syz.1.3041': attribute type 1 has an invalid length. [ 304.906399][T17218] vlan4: entered allmulticast mode [ 304.911536][T17218] bond0: entered allmulticast mode [ 305.022614][T17228] 8021q: adding VLAN 0 to HW filter on device bond0 [ 305.081023][T17228] bond0: (slave rose0): Enslaving as an active interface with an up link [ 305.429439][T17262] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 305.873514][T17287] xt_ecn: cannot match TCP bits for non-tcp packets [ 306.054610][T17297] syz_tun: entered allmulticast mode [ 306.086286][T17296] syz_tun: left allmulticast mode [ 306.125390][T17302] __nla_validate_parse: 10 callbacks suppressed [ 306.125417][T17302] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3066'. [ 306.148226][T17303] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3065'. [ 306.511037][T17326] sctp: [Deprecated]: syz.1.3072 (pid 17326) Use of int in maxseg socket option. [ 306.511037][T17326] Use struct sctp_assoc_value instead [ 306.588770][T17333] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3072'. [ 306.697648][T17342] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3075'. [ 306.786581][T17342] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3075'. [ 306.895907][T17356] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3077'. [ 306.922288][T17356] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3077'. [ 307.032166][T17356] hsr_slave_1 (unregistering): left promiscuous mode [ 307.659183][T17401] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3084'. [ 307.777995][T17411] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3087'. [ 307.932913][T17411] syzkaller0: entered promiscuous mode [ 307.956777][T17411] syzkaller0: entered allmulticast mode [ 308.043206][T17422] Bluetooth: hci0: Opcode 0x0401 failed: -22 [ 308.082952][T17425] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3090'. [ 308.545779][T17448] sctp: [Deprecated]: syz.1.3097 (pid 17448) Use of int in max_burst socket option. [ 308.545779][T17448] Use struct sctp_assoc_value instead [ 308.823583][T17478] validate_nla: 4 callbacks suppressed [ 308.823602][T17478] netlink: 'syz.3.3106': attribute type 3 has an invalid length. [ 308.834174][T17482] x_tables: duplicate underflow at hook 1 [ 308.848045][T17481] rdma_op ffff888026b6e1f0 conn xmit_rdma 0000000000000000 [ 308.865475][T17481] veth0_to_team (unregistering): left allmulticast mode [ 309.046406][T17492] syzkaller1: entered promiscuous mode [ 309.051926][T17492] syzkaller1: entered allmulticast mode [ 309.530492][T17527] tipc: Enabling of bearer rejected, already enabled [ 309.559879][T17528] openvswitch: netlink: Message has 8 unknown bytes. [ 309.569902][T17528] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 309.816917][T17542] lo speed is unknown, defaulting to 1000 [ 309.830347][T17547] netlink: 'syz.0.3131': attribute type 3 has an invalid length. [ 309.845674][T17538] IPVS: sh: FWM 3 0x00000003 - no destination available [ 309.860844][ C1] IPVS: sh: FWM 3 0x00000003 - no destination available [ 309.868887][T17538] IPVS: sh: FWM 3 0x00000003 - no destination available [ 310.049733][T17558] bridge0: port 4(batadv1) entered blocking state [ 310.074283][T17558] bridge0: port 4(batadv1) entered disabled state [ 310.101505][T17558] batadv1: entered allmulticast mode [ 310.127651][T17558] batadv1: entered promiscuous mode [ 310.158649][T17560] ipvlan0: entered allmulticast mode [ 310.164219][T17560] batadv_slave_1: entered allmulticast mode [ 310.175361][T17560] batman_adv: batadv0: Adding interface: ipvlan0 [ 310.193519][T17560] batman_adv: batadv0: The MTU of interface ipvlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 310.242792][T17560] batman_adv: batadv0: Interface activated: ipvlan0 [ 310.561339][ T49] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 310.570821][ T49] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 310.642410][T17595] netlink: 'syz.2.3145': attribute type 10 has an invalid length. [ 310.809330][T17604] openvswitch: netlink: Multiple metadata blocks provided [ 310.962514][T17610] geneve3: entered promiscuous mode [ 310.968007][T17610] geneve3: entered allmulticast mode [ 313.964274][ T5193] udevd[5193]: worker [5834] /devices/virtual/block/nbd0 timeout; kill it [ 313.972897][ T5193] udevd[5193]: seq 11851 '/devices/virtual/block/nbd0' killed [ 370.870959][T17666] __nla_validate_parse: 18 callbacks suppressed [ 370.870978][T17666] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3156'. [ 370.904259][T17666] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3156'. [ 371.012192][T17678] FAULT_INJECTION: forcing a failure. [ 371.012192][T17678] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 371.041309][T17678] CPU: 1 UID: 0 PID: 17678 Comm: syz.2.3162 Not tainted syzkaller #0 PREEMPT(full) [ 371.041335][T17678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 371.041354][T17678] Call Trace: [ 371.041361][T17678] [ 371.041369][T17678] dump_stack_lvl+0xe8/0x150 [ 371.041402][T17678] should_fail_ex+0x412/0x560 [ 371.041490][T17678] _copy_to_user+0x31/0xb0 [ 371.041539][T17678] ipip6_tunnel_siocdevprivate+0x7ed/0x1650 [ 371.041599][T17678] ? __pfx_ipip6_tunnel_siocdevprivate+0x10/0x10 [ 371.041620][T17678] ? trace_contention_end+0x3d/0x150 [ 371.041650][T17678] ? __mutex_lock+0x319/0x1300 [ 371.041705][T17678] ? do_vfs_ioctl+0x1166/0x1530 [ 371.041730][T17678] ? dev_ioctl+0x83c/0x1150 [ 371.041812][T17678] ? full_name_hash+0x92/0xe0 [ 371.041848][T17678] dev_ifsioc+0xba6/0x1280 [ 371.041884][T17678] dev_ioctl+0x84c/0x1150 [ 371.041915][T17678] sock_ioctl+0x75f/0x7f0 [ 371.041969][T17678] ? __pfx_sock_ioctl+0x10/0x10 [ 371.041996][T17678] ? __fget_files+0x3a0/0x420 [ 371.042028][T17678] ? __fget_files+0x2a/0x420 [ 371.042058][T17678] ? bpf_lsm_file_ioctl+0x9/0x20 [ 371.042083][T17678] ? __pfx_sock_ioctl+0x10/0x10 [ 371.042106][T17678] __se_sys_ioctl+0xfc/0x170 [ 371.042131][T17678] do_syscall_64+0x14d/0xf80 [ 371.042174][T17678] ? trace_irq_disable+0x3b/0x150 [ 371.042200][T17678] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.042219][T17678] ? clear_bhb_loop+0x40/0x90 [ 371.042242][T17678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.042265][T17678] RIP: 0033:0x7f3f3dd9c799 [ 371.042283][T17678] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 371.042300][T17678] RSP: 002b:00007f3f3ec7a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 371.042320][T17678] RAX: ffffffffffffffda RBX: 00007f3f3e015fa0 RCX: 00007f3f3dd9c799 [ 371.042334][T17678] RDX: 0000200000000000 RSI: 00000000000089f8 RDI: 0000000000000004 [ 371.042347][T17678] RBP: 00007f3f3ec7a090 R08: 0000000000000000 R09: 0000000000000000 [ 371.042359][T17678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 371.042370][T17678] R13: 00007f3f3e016038 R14: 00007f3f3e015fa0 R15: 00007ffcdc9f2748 [ 371.042402][T17678] [ 371.369976][T17687] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3163'. [ 371.520932][T17695] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3168'. [ 371.736288][T17708] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3172'. [ 372.009490][T17714] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3174'. [ 372.349184][ T29] audit: type=1800 audit(1774314942.266:7): pid=17750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3183" name="memory.events" dev="tmpfs" ino=3369 res=0 errno=0 [ 372.575096][T17765] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 372.624598][T17762] IPVS: sh: FWM 3 0x00000003 - no destination available [ 372.647444][T17766] lo speed is unknown, defaulting to 1000 [ 372.673856][ C1] IPVS: sh: FWM 3 0x00000003 - no destination available [ 372.685743][T17776] IPVS: sh: FWM 3 0x00000003 - no destination available [ 372.714967][T17777] FAULT_INJECTION: forcing a failure. [ 372.714967][T17777] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 372.744908][T17777] CPU: 0 UID: 0 PID: 17777 Comm: syz.3.3192 Not tainted syzkaller #0 PREEMPT(full) [ 372.744935][T17777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 372.744946][T17777] Call Trace: [ 372.744954][T17777] [ 372.744962][T17777] dump_stack_lvl+0xe8/0x150 [ 372.744992][T17777] should_fail_ex+0x412/0x560 [ 372.745025][T17777] prepare_alloc_pages+0x22a/0x650 [ 372.745055][T17777] __alloc_frozen_pages_noprof+0x12f/0x380 [ 372.745082][T17777] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 372.745110][T17777] ? __pfx_policy_nodemask+0x10/0x10 [ 372.745137][T17777] ? do_raw_spin_lock+0x12b/0x2f0 [ 372.745162][T17777] alloc_pages_mpol+0x232/0x4a0 [ 372.745192][T17777] alloc_pages_noprof+0xa8/0x190 [ 372.745217][T17777] __pmd_alloc+0x3a/0x5c0 [ 372.745250][T17777] handle_mm_fault+0xe96/0x3310 [ 372.745291][T17777] ? handle_mm_fault+0xee/0x3310 [ 372.745344][T17777] ? __pfx_handle_mm_fault+0x10/0x10 [ 372.745389][T17777] ? lock_mm_and_find_vma+0xa7/0x340 [ 372.745408][T17777] do_user_addr_fault+0x75b/0x1340 [ 372.745449][T17777] exc_page_fault+0x6a/0xc0 [ 372.745542][T17777] asm_exc_page_fault+0x26/0x30 [ 372.745560][T17777] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 372.745615][T17777] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 372.745631][T17777] RSP: 0018:ffffc90003017ab8 EFLAGS: 00050202 [ 372.745648][T17777] RAX: 00007ffffffff001 RBX: 0000000000000018 RCX: 0000000000000018 [ 372.745661][T17777] RDX: 0000000000000001 RSI: 0000200000000100 RDI: ffffc90003017b70 [ 372.745673][T17777] RBP: ffffc90003017cb0 R08: ffffc90003017b87 R09: 1ffff92000602f70 [ 372.745687][T17777] R10: dffffc0000000000 R11: fffff52000602f71 R12: ffff888058602000 [ 372.745701][T17777] R13: dffffc0000000000 R14: ffffc90003017b70 R15: 0000200000000100 [ 372.745732][T17777] _copy_from_user+0x7a/0xb0 [ 372.745755][T17777] rfcomm_dev_ioctl+0x132/0x21d0 [ 372.745812][T17777] ? kasan_quarantine_put+0xbb/0x1f0 [ 372.745833][T17777] ? __pfx_rfcomm_dev_ioctl+0x10/0x10 [ 372.745859][T17777] ? tomoyo_path_number_perm+0x219/0x630 [ 372.745921][T17777] ? tomoyo_path_number_perm+0x219/0x630 [ 372.745948][T17777] ? do_vfs_ioctl+0x1166/0x1530 [ 372.745974][T17777] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 372.746002][T17777] sock_do_ioctl+0x101/0x320 [ 372.746031][T17777] ? __pfx_sock_do_ioctl+0x10/0x10 [ 372.746054][T17777] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 372.746092][T17777] sock_ioctl+0x5c6/0x7f0 [ 372.746119][T17777] ? __pfx_sock_ioctl+0x10/0x10 [ 372.746143][T17777] ? __fget_files+0x2a/0x420 [ 372.746169][T17777] ? __fget_files+0x3a0/0x420 [ 372.746194][T17777] ? __fget_files+0x2a/0x420 [ 372.746224][T17777] ? bpf_lsm_file_ioctl+0x9/0x20 [ 372.746247][T17777] ? __pfx_sock_ioctl+0x10/0x10 [ 372.746270][T17777] __se_sys_ioctl+0xfc/0x170 [ 372.746295][T17777] do_syscall_64+0x14d/0xf80 [ 372.746314][T17777] ? trace_irq_disable+0x3b/0x150 [ 372.746341][T17777] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.746359][T17777] ? clear_bhb_loop+0x40/0x90 [ 372.746381][T17777] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.746398][T17777] RIP: 0033:0x7f42cb19c799 [ 372.746414][T17777] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 372.746428][T17777] RSP: 002b:00007f42cbfab028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 372.746446][T17777] RAX: ffffffffffffffda RBX: 00007f42cb415fa0 RCX: 00007f42cb19c799 [ 372.746458][T17777] RDX: 0000200000000100 RSI: 00000000800452d3 RDI: 0000000000000004 [ 372.746471][T17777] RBP: 00007f42cbfab090 R08: 0000000000000000 R09: 0000000000000000 [ 372.746482][T17777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 372.746493][T17777] R13: 00007f42cb416038 R14: 00007f42cb415fa0 R15: 00007ffed91c05d8 [ 372.746525][T17777] [ 373.260358][T17784] FAULT_INJECTION: forcing a failure. [ 373.260358][T17784] name failslab, interval 1, probability 0, space 0, times 0 [ 373.288791][T17784] CPU: 1 UID: 0 PID: 17784 Comm: syz.1.3196 Not tainted syzkaller #0 PREEMPT(full) [ 373.288817][T17784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 373.288829][T17784] Call Trace: [ 373.288837][T17784] [ 373.288844][T17784] dump_stack_lvl+0xe8/0x150 [ 373.288878][T17784] should_fail_ex+0x412/0x560 [ 373.288910][T17784] should_failslab+0xa8/0x100 [ 373.288945][T17784] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 373.288967][T17784] ? __alloc_skb+0x186/0x7d0 [ 373.289067][T17784] ? __alloc_skb+0x1d0/0x7d0 [ 373.289082][T17784] ? __local_bh_enable_ip+0xd0/0x130 [ 373.289111][T17784] __alloc_skb+0x1d0/0x7d0 [ 373.289135][T17784] sock_wmalloc+0xb2/0x130 [ 373.289158][T17784] pppol2tp_sendmsg+0x183/0x5f0 [ 373.289226][T17784] ____sys_sendmsg+0x972/0x9f0 [ 373.289246][T17784] ? __lock_acquire+0x6b5/0x2cf0 [ 373.289285][T17784] ? __pfx_____sys_sendmsg+0x10/0x10 [ 373.289315][T17784] ? import_iovec+0x73/0xa0 [ 373.289370][T17784] ___sys_sendmsg+0x2a5/0x360 [ 373.289398][T17784] ? __pfx____sys_sendmsg+0x10/0x10 [ 373.289467][T17784] __sys_sendmmsg+0x27c/0x4e0 [ 373.289493][T17784] ? __pfx___sys_sendmmsg+0x10/0x10 [ 373.289512][T17784] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 373.289559][T17784] ? ksys_write+0x242/0x270 [ 373.289582][T17784] ? __pfx_ksys_write+0x10/0x10 [ 373.289608][T17784] __x64_sys_sendmmsg+0xa0/0xc0 [ 373.289631][T17784] do_syscall_64+0x14d/0xf80 [ 373.289651][T17784] ? trace_irq_disable+0x3b/0x150 [ 373.289677][T17784] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.289695][T17784] ? clear_bhb_loop+0x40/0x90 [ 373.289724][T17784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.289743][T17784] RIP: 0033:0x7fdebe99c799 [ 373.289760][T17784] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 373.289776][T17784] RSP: 002b:00007fdebf8a8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 373.289797][T17784] RAX: ffffffffffffffda RBX: 00007fdebec15fa0 RCX: 00007fdebe99c799 [ 373.289811][T17784] RDX: 0000000000034000 RSI: 0000200000004380 RDI: 0000000000000004 [ 373.289823][T17784] RBP: 00007fdebf8a8090 R08: 0000000000000000 R09: 0000000000000000 [ 373.289834][T17784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 373.289845][T17784] R13: 00007fdebec16038 R14: 00007fdebec15fa0 R15: 00007fffcdc52b58 [ 373.289876][T17784] [ 373.293052][T17781] openvswitch: netlink: IPv6 tunnel dst address is zero [ 373.580076][T17795] openvswitch: netlink: VXLAN extension message has 8 unknown bytes. [ 373.746778][T17802] syzkaller0: entered promiscuous mode [ 373.755151][T17802] 0: reclassify loop, rule prio 0, protocol 800 [ 373.902348][T17810] openvswitch: netlink: VXLAN extension 0 has unexpected len 2 expected 0 [ 373.950479][T17815] openvswitch: netlink: VXLAN extension 0 has unexpected len 2 expected 0 [ 374.059113][T17814] syzkaller1: entered promiscuous mode [ 374.090178][T17814] syzkaller1: entered allmulticast mode [ 374.192835][T17834] netlink: 2 bytes leftover after parsing attributes in process `syz.1.3211'. [ 374.194868][T17833] openvswitch: netlink: IPv6 tunnel dst address is zero [ 374.211196][T17832] FAULT_INJECTION: forcing a failure. [ 374.211196][T17832] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 374.225125][T17832] CPU: 1 UID: 0 PID: 17832 Comm: syz.3.3212 Not tainted syzkaller #0 PREEMPT(full) [ 374.225150][T17832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 374.225161][T17832] Call Trace: [ 374.225168][T17832] [ 374.225176][T17832] dump_stack_lvl+0xe8/0x150 [ 374.225225][T17832] should_fail_ex+0x412/0x560 [ 374.225264][T17832] _copy_from_iter+0x1d3/0x1670 [ 374.225296][T17832] ? rcu_is_watching+0x15/0xb0 [ 374.225327][T17832] ? __pfx__copy_from_iter+0x10/0x10 [ 374.225363][T17832] ? netlink_sendmsg+0x650/0xb40 [ 374.225491][T17832] ? skb_put+0x11b/0x210 [ 374.225514][T17832] netlink_sendmsg+0x6c0/0xb40 [ 374.225551][T17832] ? __pfx_netlink_sendmsg+0x10/0x10 [ 374.225581][T17832] ? aa_sock_msg_perm+0xf1/0x1b0 [ 374.225664][T17832] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 374.225686][T17832] ____sys_sendmsg+0x972/0x9f0 [ 374.225714][T17832] ? __pfx_____sys_sendmsg+0x10/0x10 [ 374.225742][T17832] ? import_iovec+0x73/0xa0 [ 374.225765][T17832] ___sys_sendmsg+0x2a5/0x360 [ 374.225791][T17832] ? __pfx____sys_sendmsg+0x10/0x10 [ 374.225847][T17832] ? __fget_files+0x2a/0x420 [ 374.225873][T17832] ? __fget_files+0x3a0/0x420 [ 374.225910][T17832] __x64_sys_sendmsg+0x1bd/0x2a0 [ 374.225934][T17832] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 374.225965][T17832] ? __pfx_ksys_write+0x10/0x10 [ 374.225997][T17832] do_syscall_64+0x14d/0xf80 [ 374.226018][T17832] ? trace_irq_disable+0x3b/0x150 [ 374.226043][T17832] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 374.226063][T17832] ? clear_bhb_loop+0x40/0x90 [ 374.226086][T17832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 374.226104][T17832] RIP: 0033:0x7f42cb19c799 [ 374.226122][T17832] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 374.226138][T17832] RSP: 002b:00007f42cbfab028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 374.226158][T17832] RAX: ffffffffffffffda RBX: 00007f42cb415fa0 RCX: 00007f42cb19c799 [ 374.226171][T17832] RDX: 000000002004c094 RSI: 0000200000000100 RDI: 0000000000000003 [ 374.226184][T17832] RBP: 00007f42cbfab090 R08: 0000000000000000 R09: 0000000000000000 [ 374.226196][T17832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 374.226207][T17832] R13: 00007f42cb416038 R14: 00007f42cb415fa0 R15: 00007ffed91c05d8 [ 374.226244][T17832] [ 374.524708][T17834] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3211'. [ 374.604356][T17842] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3211'. [ 374.654986][T17844] syzkaller1: entered promiscuous mode [ 374.660603][T17844] syzkaller1: entered allmulticast mode [ 374.670933][T17844] Cannot find add_set index 0 as target [ 374.711166][T17828] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3211'. [ 375.522580][T17887] lo speed is unknown, defaulting to 1000 [ 375.713552][T17896] syzkaller0: entered promiscuous mode [ 375.754841][T17896] syzkaller0: entered allmulticast mode [ 376.100875][T17925] netlink: 336 bytes leftover after parsing attributes in process `syz.1.3241'. [ 376.154256][T17924] ip6tnl0: entered allmulticast mode [ 376.162146][T17924] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3239'. [ 376.288060][T17931] syzkaller1: entered promiscuous mode [ 376.293583][T17931] syzkaller1: entered allmulticast mode [ 376.338940][T17937] netlink: 340 bytes leftover after parsing attributes in process `syz.3.3246'. [ 376.585144][T17947] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3249'. [ 376.920544][T17964] netlink: 'syz.4.3255': attribute type 4 has an invalid length. [ 377.031140][T17969] lec:lec_atm_send: lec0: Unknown message type 708 [ 377.128163][T17933] lec:lec_atm_close: lec0: Shut down! [ 377.222576][T17981] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3259'. [ 377.261750][T17981] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3259'. [ 377.311116][T17981] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3259'. [ 377.656367][T18002] net_ratelimit: 8 callbacks suppressed [ 377.656385][T18002] openvswitch: netlink: IP tunnel TTL not specified. [ 377.723420][T18008] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3266'. [ 378.874784][T18037] openvswitch: netlink: Tunnel attr 3 has unexpected len 8 expected 1 [ 378.937444][T18041] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3279'. [ 378.947943][T18041] openvswitch: netlink: IPv6 tunnel dst address is zero [ 380.260187][T17984] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 380.358516][T18066] openvswitch: netlink: IPv6 tunnel dst address is zero [ 380.543086][T18077] nftables ruleset with unbound set [ 380.561382][T18077] bond0: entered promiscuous mode [ 380.567333][T18077] 8021q: adding VLAN 0 to HW filter on device bond0 [ 380.668746][T18081] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate. [ 380.783313][T18086] openvswitch: netlink: Flow key attr not present in new flow. [ 380.933737][T18097] syzkaller1: entered promiscuous mode [ 380.939263][T18097] syzkaller1: entered allmulticast mode [ 380.964227][T18099] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3299'. [ 381.222139][T18117] netlink: 'syz.4.3303': attribute type 1 has an invalid length. [ 381.257758][T18117] netlink: 'syz.4.3303': attribute type 3 has an invalid length. [ 381.290287][T18117] __nla_validate_parse: 4 callbacks suppressed [ 381.290303][T18117] netlink: 172 bytes leftover after parsing attributes in process `syz.4.3303'. [ 381.344815][T18117] NCSI netlink: No device for ifindex 813332851 [ 381.366903][T18116] netlink: 'syz.4.3303': attribute type 1 has an invalid length. [ 381.388516][T18132] syzkaller1: entered promiscuous mode [ 381.408319][T18116] netlink: 'syz.4.3303': attribute type 3 has an invalid length. [ 381.416949][T18132] syzkaller1: entered allmulticast mode [ 381.474416][T18116] netlink: 172 bytes leftover after parsing attributes in process `syz.4.3303'. [ 381.485893][T18116] NCSI netlink: No device for ifindex 813332851 [ 381.717460][T18145] openvswitch: netlink: Flow key attr not present in new flow. [ 382.124421][T18167] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3317'. [ 382.143901][T18167] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3317'. [ 382.334523][T18173] syzkaller0: entered promiscuous mode [ 382.357624][T18173] syzkaller0: entered allmulticast mode [ 382.632725][T18190] openvswitch: netlink: Flow key attr not present in new flow. [ 382.912975][T18200] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3328'. [ 383.280879][T18222] syzkaller1: entered promiscuous mode [ 383.313804][T18222] syzkaller1: entered allmulticast mode [ 383.362544][T18230] openvswitch: netlink: Key type 346 is out of range max 32 [ 383.429491][T18226] IPVS: sh: FWM 3 0x00000003 - no destination available [ 383.436849][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 383.445140][T18226] IPVS: sh: FWM 3 0x00000003 - no destination available [ 383.520388][T18242] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3341'. [ 383.531111][T18229] lo speed is unknown, defaulting to 1000 [ 384.198790][T18286] FAULT_INJECTION: forcing a failure. [ 384.198790][T18286] name failslab, interval 1, probability 0, space 0, times 0 [ 384.250749][T18286] CPU: 0 UID: 0 PID: 18286 Comm: syz.0.3350 Not tainted syzkaller #0 PREEMPT(full) [ 384.250777][T18286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 384.250788][T18286] Call Trace: [ 384.250796][T18286] [ 384.250804][T18286] dump_stack_lvl+0xe8/0x150 [ 384.250836][T18286] should_fail_ex+0x412/0x560 [ 384.250867][T18286] should_failslab+0xa8/0x100 [ 384.250893][T18286] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 384.250916][T18286] ? __alloc_skb+0x1d0/0x7d0 [ 384.250932][T18286] ? __local_bh_enable_ip+0xd0/0x130 [ 384.250961][T18286] __alloc_skb+0x1d0/0x7d0 [ 384.250985][T18286] netlink_dump+0x1ef/0xe80 [ 384.251018][T18286] ? __netlink_lookup+0xc6/0x8b0 [ 384.251040][T18286] ? __pfx_netlink_dump+0x10/0x10 [ 384.251064][T18286] ? __netlink_lookup+0x7e4/0x8b0 [ 384.251097][T18286] ? netlink_lookup+0x30/0x200 [ 384.251122][T18286] ? netlink_lookup+0x30/0x200 [ 384.251152][T18286] ? netlink_lookup+0x30/0x200 [ 384.251183][T18286] __netlink_dump_start+0x5cb/0x7e0 [ 384.251218][T18286] rtnetlink_rcv_msg+0xa3a/0xbe0 [ 384.251357][T18286] ? __pfx_tc_dump_action+0x10/0x10 [ 384.251431][T18286] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 384.251459][T18286] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 384.251486][T18286] ? __pfx_rtnl_dumpit+0x10/0x10 [ 384.251512][T18286] ? __pfx_tc_dump_action+0x10/0x10 [ 384.251548][T18286] netlink_rcv_skb+0x232/0x4b0 [ 384.251577][T18286] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 384.251607][T18286] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 384.251644][T18286] ? netlink_deliver_tap+0x2e/0x1b0 [ 384.251679][T18286] netlink_unicast+0x80f/0x9b0 [ 384.251714][T18286] ? __pfx_netlink_unicast+0x10/0x10 [ 384.251740][T18286] ? netlink_sendmsg+0x650/0xb40 [ 384.251766][T18286] ? skb_put+0x11b/0x210 [ 384.251788][T18286] netlink_sendmsg+0x813/0xb40 [ 384.251825][T18286] ? __pfx_netlink_sendmsg+0x10/0x10 [ 384.251857][T18286] ? aa_sock_msg_perm+0xf1/0x1b0 [ 384.251886][T18286] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 384.251911][T18286] ____sys_sendmsg+0x972/0x9f0 [ 384.251942][T18286] ? __pfx_____sys_sendmsg+0x10/0x10 [ 384.251974][T18286] ? import_iovec+0x73/0xa0 [ 384.251999][T18286] ___sys_sendmsg+0x2a5/0x360 [ 384.252026][T18286] ? __pfx____sys_sendmsg+0x10/0x10 [ 384.252085][T18286] ? __fget_files+0x2a/0x420 [ 384.252111][T18286] ? __fget_files+0x3a0/0x420 [ 384.252153][T18286] __x64_sys_sendmsg+0x1bd/0x2a0 [ 384.252178][T18286] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 384.252206][T18286] ? __pfx_ksys_write+0x10/0x10 [ 384.252238][T18286] do_syscall_64+0x14d/0xf80 [ 384.252259][T18286] ? trace_irq_disable+0x3b/0x150 [ 384.252285][T18286] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.252304][T18286] ? clear_bhb_loop+0x40/0x90 [ 384.252327][T18286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.252345][T18286] RIP: 0033:0x7fcdf3d9c799 [ 384.252363][T18286] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 384.252379][T18286] RSP: 002b:00007fcdf4c9b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 384.252399][T18286] RAX: ffffffffffffffda RBX: 00007fcdf4015fa0 RCX: 00007fcdf3d9c799 [ 384.252413][T18286] RDX: 0000000004000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 384.252425][T18286] RBP: 00007fcdf4c9b090 R08: 0000000000000000 R09: 0000000000000000 [ 384.252437][T18286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 384.252448][T18286] R13: 00007fcdf4016038 R14: 00007fcdf4015fa0 R15: 00007ffc1c8a6a38 [ 384.252480][T18286] [ 384.679559][T18250] lec:lec_atm_close: lec0: Shut down! [ 384.933325][T18289] netlink: 'syz.3.3351': attribute type 2 has an invalid length. [ 384.965276][T18289] netlink: 'syz.3.3351': attribute type 2 has an invalid length. [ 385.068453][T18305] netlink: 'syz.0.3357': attribute type 21 has an invalid length. [ 385.093739][T18305] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3357'. [ 385.135165][T18305] netlink: 'syz.0.3357': attribute type 4 has an invalid length. [ 385.143503][T18305] netlink: 'syz.0.3357': attribute type 5 has an invalid length. [ 385.180662][T18314] netlink: 'syz.0.3357': attribute type 21 has an invalid length. [ 385.201256][T18305] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3357'. [ 385.244244][T18314] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3357'. [ 385.270269][T18314] netlink: 'syz.0.3357': attribute type 4 has an invalid length. [ 385.283624][T18314] netlink: 'syz.0.3357': attribute type 5 has an invalid length. [ 385.304972][T18314] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3357'. [ 385.350354][T18324] FAULT_INJECTION: forcing a failure. [ 385.350354][T18324] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 385.395421][T18316] IPVS: sh: FWM 3 0x00000003 - no destination available [ 385.396336][T18324] CPU: 0 UID: 0 PID: 18324 Comm: syz.2.3362 Not tainted syzkaller #0 PREEMPT(full) [ 385.396358][T18324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 385.396369][T18324] Call Trace: [ 385.396377][T18324] [ 385.396384][T18324] dump_stack_lvl+0xe8/0x150 [ 385.396421][T18324] should_fail_ex+0x412/0x560 [ 385.396453][T18324] _copy_from_user+0x2d/0xb0 [ 385.396474][T18324] kstrtouint_from_user+0xd6/0x180 [ 385.396573][T18324] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 385.396616][T18324] proc_fail_nth_write+0x8e/0x210 [ 385.396643][T18324] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 385.396673][T18324] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 385.396701][T18324] vfs_write+0x29a/0xb90 [ 385.396731][T18324] ? __pfx_vfs_write+0x10/0x10 [ 385.396752][T18324] ? __fget_files+0x2a/0x420 [ 385.396781][T18324] ? __fget_files+0x3a0/0x420 [ 385.396807][T18324] ? __fget_files+0x2a/0x420 [ 385.396841][T18324] ksys_write+0x150/0x270 [ 385.396863][T18324] ? __pfx_ksys_write+0x10/0x10 [ 385.396894][T18324] do_syscall_64+0x14d/0xf80 [ 385.396915][T18324] ? trace_irq_disable+0x3b/0x150 [ 385.396940][T18324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.396959][T18324] ? clear_bhb_loop+0x40/0x90 [ 385.396981][T18324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.396999][T18324] RIP: 0033:0x7f3f3dd5cfce [ 385.397016][T18324] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 385.397032][T18324] RSP: 002b:00007f3f3ec79fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 385.397051][T18324] RAX: ffffffffffffffda RBX: 00007f3f3ec7a6c0 RCX: 00007f3f3dd5cfce [ 385.397064][T18324] RDX: 0000000000000001 RSI: 00007f3f3ec7a0a0 RDI: 0000000000000004 [ 385.397076][T18324] RBP: 00007f3f3ec7a090 R08: 0000000000000000 R09: 0000000000000000 [ 385.397087][T18324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 385.397098][T18324] R13: 00007f3f3e016038 R14: 00007f3f3e015fa0 R15: 00007ffcdc9f2748 [ 385.397129][T18324] [ 385.575057][T18334] IPVS: sh: FWM 3 0x00000003 - no destination available [ 385.618831][ C1] IPVS: sh: FWM 3 0x00000003 - no destination available [ 385.688089][T18320] lo speed is unknown, defaulting to 1000 [ 385.868587][T18347] netlink: 'syz.2.3366': attribute type 32 has an invalid length. [ 386.001911][T18347] bond3: Setting coupled_control to off (0) [ 386.023522][T18355] netlink: 'syz.3.3370': attribute type 4 has an invalid length. [ 386.678028][T18400] lo speed is unknown, defaulting to 1000 [ 386.757612][T18403] netlink: zone id is out of range [ 386.764403][T18403] netlink: zone id is out of range [ 386.774919][T18403] netlink: zone id is out of range [ 386.787268][T18405] __nla_validate_parse: 8 callbacks suppressed [ 386.787285][T18405] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3387'. [ 386.804142][T18383] FAULT_INJECTION: forcing a failure. [ 386.804142][T18383] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 386.817679][T18383] CPU: 1 UID: 0 PID: 18383 Comm: syz.0.3381 Not tainted syzkaller #0 PREEMPT(full) [ 386.817703][T18383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 386.817713][T18383] Call Trace: [ 386.817720][T18383] [ 386.817727][T18383] dump_stack_lvl+0xe8/0x150 [ 386.817757][T18383] should_fail_ex+0x412/0x560 [ 386.817786][T18383] _copy_to_user+0x31/0xb0 [ 386.817808][T18383] simple_read_from_buffer+0xe1/0x170 [ 386.817839][T18383] proc_fail_nth_read+0x1bb/0x230 [ 386.817868][T18383] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 386.817896][T18383] ? rw_verify_area+0x2a6/0x4d0 [ 386.817915][T18383] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 386.817941][T18383] vfs_read+0x20c/0xa70 [ 386.817958][T18383] ? fdget_pos+0x246/0x320 [ 386.817989][T18383] ? __pfx___mutex_lock+0x10/0x10 [ 386.818012][T18383] ? __pfx_vfs_read+0x10/0x10 [ 386.818034][T18383] ? __fget_files+0x2a/0x420 [ 386.818060][T18383] ? __fget_files+0x3a0/0x420 [ 386.818082][T18383] ? __fget_files+0x2a/0x420 [ 386.818112][T18383] ksys_read+0x150/0x270 [ 386.818132][T18383] ? __pfx_ksys_read+0x10/0x10 [ 386.818164][T18383] do_syscall_64+0x14d/0xf80 [ 386.818182][T18383] ? trace_irq_disable+0x3b/0x150 [ 386.818205][T18383] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.818223][T18383] ? clear_bhb_loop+0x40/0x90 [ 386.818243][T18383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.818260][T18383] RIP: 0033:0x7fcdf3d5cfce [ 386.818274][T18383] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 386.818287][T18383] RSP: 002b:00007fcdf4c9afe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 386.818303][T18383] RAX: ffffffffffffffda RBX: 00007fcdf4c9b6c0 RCX: 00007fcdf3d5cfce [ 386.818315][T18383] RDX: 000000000000000f RSI: 00007fcdf4c9b0a0 RDI: 0000000000000005 [ 386.818324][T18383] RBP: 00007fcdf4c9b090 R08: 0000000000000000 R09: 0000000000000000 [ 386.818334][T18383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 386.818343][T18383] R13: 00007fcdf4016038 R14: 00007fcdf4015fa0 R15: 00007ffc1c8a6a38 [ 386.818376][T18383] [ 387.561247][T18412] syzkaller0: entered promiscuous mode [ 387.582715][T18430] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3395'. [ 387.956113][T18451] FAULT_INJECTION: forcing a failure. [ 387.956113][T18451] name failslab, interval 1, probability 0, space 0, times 0 [ 387.981154][T18451] CPU: 1 UID: 0 PID: 18451 Comm: syz.1.3405 Not tainted syzkaller #0 PREEMPT(full) [ 387.981180][T18451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 387.981191][T18451] Call Trace: [ 387.981199][T18451] [ 387.981206][T18451] dump_stack_lvl+0xe8/0x150 [ 387.981272][T18451] should_fail_ex+0x412/0x560 [ 387.981303][T18451] should_failslab+0xa8/0x100 [ 387.981329][T18451] __kmalloc_noprof+0xe8/0x760 [ 387.981350][T18451] ? tomoyo_encode+0x28b/0x550 [ 387.981454][T18451] tomoyo_encode+0x28b/0x550 [ 387.981488][T18451] tomoyo_realpath_from_path+0x58d/0x5d0 [ 387.981526][T18451] ? tomoyo_path_number_perm+0x219/0x630 [ 387.981550][T18451] tomoyo_path_number_perm+0x246/0x630 [ 387.981577][T18451] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 387.981604][T18451] ? __lock_acquire+0x6b5/0x2cf0 [ 387.981639][T18451] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 387.981681][T18451] ? __fget_files+0x2a/0x420 [ 387.981712][T18451] ? __fget_files+0x2a/0x420 [ 387.981734][T18451] ? __fget_files+0x3a0/0x420 [ 387.981756][T18451] ? __fget_files+0x2a/0x420 [ 387.981784][T18451] security_file_ioctl+0xc3/0x2a0 [ 387.981842][T18451] __se_sys_ioctl+0x47/0x170 [ 387.981868][T18451] do_syscall_64+0x14d/0xf80 [ 387.981887][T18451] ? trace_irq_disable+0x3b/0x150 [ 387.981912][T18451] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.981930][T18451] ? clear_bhb_loop+0x40/0x90 [ 387.981953][T18451] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.981971][T18451] RIP: 0033:0x7fdebe99c799 [ 387.981989][T18451] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 387.982003][T18451] RSP: 002b:00007fdebf8a8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 387.982023][T18451] RAX: ffffffffffffffda RBX: 00007fdebec15fa0 RCX: 00007fdebe99c799 [ 387.982036][T18451] RDX: 0000200000000180 RSI: 0000000000008953 RDI: 0000000000000005 [ 387.982047][T18451] RBP: 00007fdebf8a8090 R08: 0000000000000000 R09: 0000000000000000 [ 387.982058][T18451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 387.982068][T18451] R13: 00007fdebec16038 R14: 00007fdebec15fa0 R15: 00007fffcdc52b58 [ 387.982098][T18451] [ 387.982194][T18451] ERROR: Out of memory at tomoyo_realpath_from_path. [ 389.304998][T18457] erspan0: entered allmulticast mode [ 389.433855][T18464] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3407'. [ 389.442851][T18464] net_ratelimit: 42 callbacks suppressed [ 389.442863][T18464] openvswitch: netlink: Flow key attr not present in new flow. [ 389.557340][T18472] syzkaller0: entered promiscuous mode [ 389.627816][T18472] 0: reclassify loop, rule prio 0, protocol 800 [ 389.693748][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms [ 389.702231][ C1] lec:lec_tx_timeout: lec0 [ 389.708429][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 389.932649][T18490] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3414'. [ 389.960373][T18490] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3414'. [ 390.102523][T18469] netlink: 248 bytes leftover after parsing attributes in process `syz.4.3410'. [ 390.303483][T18507] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3418'. [ 390.524097][T18519] tipc: Enabling of bearer rejected, failed to enable media [ 390.544051][T18521] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3422'. [ 390.568228][T18521] openvswitch: netlink: Flow actions attr not present in new flow. [ 390.703561][T18527] : entered promiscuous mode [ 390.721166][T18527] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 40 [ 390.748410][T18531] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3427'. [ 390.758182][T18531] openvswitch: netlink: Flow key attr not present in new flow. [ 390.848157][T18533] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3428'. [ 390.892209][ T51] Bluetooth: hci4: link tx timeout [ 390.901383][ T51] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 390.934343][T18535] bridge_slave_1: default FDB implementation only supports local addresses [ 391.202256][T18560] openvswitch: netlink: Flow actions attr not present in new flow. [ 391.270773][ T5830] Bluetooth: hci4: link tx timeout [ 391.276950][ T5830] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 391.298568][ T5830] Bluetooth: hci4: link tx timeout [ 391.306652][ T5830] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 391.376106][T18566] IPVS: length: 8 != 1152 [ 391.387139][T18566] netlink: 'syz.1.3439': attribute type 4 has an invalid length. [ 391.395386][T18566] openvswitch: netlink: Key type 346 is out of range max 32 [ 391.412268][T18573] netlink: 'syz.4.3442': attribute type 1 has an invalid length. [ 391.499943][T18573] 8021q: adding VLAN 0 to HW filter on device bond4 [ 391.584332][ T5830] Bluetooth: hci4: link tx timeout [ 391.589497][ T5830] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 391.610451][ T5830] Bluetooth: hci4: link tx timeout [ 391.616981][ T5830] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 391.672230][T18586] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 391.942131][T18603] __nla_validate_parse: 7 callbacks suppressed [ 391.942150][T18603] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3449'. [ 391.976895][T18603] openvswitch: netlink: Flow actions attr not present in new flow. [ 392.328451][T18622] batadv2: entered allmulticast mode [ 392.371675][T18626] tipc: Enabling of bearer rejected, media not registered [ 392.383267][T18626] set match dimension is over the limit! [ 392.440932][T18634] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 392.540456][T18639] syzkaller1: entered promiscuous mode [ 392.556983][T18639] syzkaller1: entered allmulticast mode [ 392.628205][ T5830] Bluetooth: hci4: link tx timeout [ 392.633419][ T5830] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 392.651284][T18594] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 392.662307][ T5830] Bluetooth: hci4: link tx timeout [ 392.667591][ T5830] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 392.925795][T18666] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3466'. [ 392.946500][T18664] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3465'. [ 392.965780][T18666] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3466'. [ 392.968218][T18655] openvswitch: netlink: Key 32 has unexpected len 5204 expected 2 [ 392.989476][ T5830] Bluetooth: hci4: command 0x0405 tx timeout [ 392.996483][T18666] netlink: 'syz.3.3466': attribute type 6 has an invalid length. [ 393.012092][T18671] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3465'. [ 393.013739][T18666] netlink: 'syz.3.3466': attribute type 5 has an invalid length. [ 393.032855][T18665] can: request_module (can-proto-5) failed. [ 393.033774][T18666] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3466'. [ 393.049625][ T5830] Bluetooth: hci4: link tx timeout [ 393.105147][T18664] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3465'. [ 393.149069][T18664] sctp: [Deprecated]: syz.1.3465 (pid 18664) Use of int in maxseg socket option. [ 393.149069][T18664] Use struct sctp_assoc_value instead [ 393.312923][T18683] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3469'. [ 393.554382][T18696] netlink: 'syz.3.3473': attribute type 1 has an invalid length. [ 393.598463][T18700] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3476'. [ 393.641271][T18700] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3476'. [ 394.155454][T18729] syzkaller1: entered promiscuous mode [ 394.176305][T18729] syzkaller1: entered allmulticast mode [ 394.401118][T18743] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 394.510197][T18745] syzkaller0: entered promiscuous mode [ 394.533769][T18745] syzkaller0: entered allmulticast mode [ 394.549284][T18746] netlink: 'syz.1.3494': attribute type 1 has an invalid length. [ 394.723725][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 394.731796][ C1] lec:lec_tx_timeout: lec0 [ 394.736695][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 394.753835][T18750] nbd1: detected capacity change from 0 to 127 [ 394.825759][T18758] net_ratelimit: 4 callbacks suppressed [ 394.825777][T18758] openvswitch: netlink: Key type 253 is out of range max 32 [ 395.201922][ T5830] block nbd1: Receive control failed (result -104) [ 395.277971][T18779] openvswitch: netlink: Message has 592 unknown bytes. [ 395.311599][T18779] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 395.501245][T18786] x_tables: ip_tables: owner match: used from hooks PREROUTING, but only valid from OUTPUT/POSTROUTING [ 396.147182][T18838] netlink: 'syz.3.3522': attribute type 10 has an invalid length. [ 396.506253][T11887] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 396.524377][T11887] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 396.761687][T18878] tipc: Started in network mode [ 396.784544][T18878] tipc: Node identity ac14140f, cluster identity 4711 [ 396.792637][T18878] tipc: New replicast peer: 255.255.255.255 [ 396.819699][T18878] tipc: Enabled bearer , priority 10 [ 396.898859][T18878] syzkaller0: entered promiscuous mode [ 396.918687][T18878] syzkaller0: entered allmulticast mode [ 397.472264][T18912] __nla_validate_parse: 16 callbacks suppressed [ 397.472284][T18912] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3540'. [ 397.726060][T18925] netlink: 'syz.4.3542': attribute type 10 has an invalid length. [ 397.777647][T18925] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3542'. [ 397.934850][ T5896] tipc: Node number set to 2886997007 [ 397.953169][T18901] lec:lec_atm_close: lec0: Shut down! [ 398.197597][T18945] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3548'. [ 398.534275][T18960] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3553'. [ 398.889506][T18983] syzkaller0: entered promiscuous mode [ 398.912383][T18983] 0: reclassify loop, rule prio 0, protocol 800 [ 399.215129][T19008] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.3567'. [ 399.419798][T19021] openvswitch: netlink: Multiple metadata blocks provided [ 399.489568][T19025] openvswitch: netlink: Multiple metadata blocks provided [ 399.989386][T19054] syzkaller1: entered promiscuous mode [ 399.999286][T19062] openvswitch: netlink: IPv6 tunnel dst address is zero [ 400.015830][T19054] syzkaller1: entered allmulticast mode [ 400.283128][T19079] netlink: 592 bytes leftover after parsing attributes in process `syz.4.3590'. [ 400.345218][T19072] netlink: 'syz.1.3587': attribute type 1 has an invalid length. [ 400.444981][T19072] 8021q: adding VLAN 0 to HW filter on device bond10 [ 400.464502][T19093] netlink: 'syz.0.3593': attribute type 11 has an invalid length. [ 400.466934][T19089] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3594'. [ 400.554683][T19072] openvswitch: netlink: Duplicate or invalid key (type 0). [ 400.562174][T19072] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 400.689083][T19106] netlink: 207288 bytes leftover after parsing attributes in process `syz.4.3596'. [ 400.889787][T19112] openvswitch: netlink: IPv6 tunnel dst address is zero [ 400.976342][T19119] xt_CT: You must specify a L4 protocol and not use inversions on it [ 401.233048][T19135] openvswitch: netlink: Multiple metadata blocks provided [ 401.252310][T19134] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3604'. [ 401.329351][T19090] lec:lec_atm_close: lec0: Shut down! [ 401.381105][T19137] lo speed is unknown, defaulting to 1000 [ 401.442349][T19141] netlink: 830 bytes leftover after parsing attributes in process `syz.4.3606'. [ 401.821217][T19161] openvswitch: netlink: Key type 346 is out of range max 32 [ 401.915875][T19169] netlink: 'syz.0.3615': attribute type 1 has an invalid length. [ 402.005502][T19169] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 402.013287][T19173] tc_dump_action: action bad kind [ 402.042355][T19180] FAULT_INJECTION: forcing a failure. [ 402.042355][T19180] name failslab, interval 1, probability 0, space 0, times 0 [ 402.066862][T19180] CPU: 0 UID: 0 PID: 19180 Comm: syz.4.3621 Not tainted syzkaller #0 PREEMPT(full) [ 402.066887][T19180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 402.066899][T19180] Call Trace: [ 402.066906][T19180] [ 402.066914][T19180] dump_stack_lvl+0xe8/0x150 [ 402.066946][T19180] should_fail_ex+0x412/0x560 [ 402.066977][T19180] should_failslab+0xa8/0x100 [ 402.067000][T19180] ? __pmd_alloc+0xc1/0x5c0 [ 402.067026][T19180] kmem_cache_alloc_noprof+0x87/0x650 [ 402.067045][T19180] ? set_page_refcounted+0xa0/0x1e0 [ 402.067076][T19180] __pmd_alloc+0xc1/0x5c0 [ 402.067107][T19180] handle_mm_fault+0xe96/0x3310 [ 402.067150][T19180] ? handle_mm_fault+0xee/0x3310 [ 402.067185][T19180] ? __pfx_handle_mm_fault+0x10/0x10 [ 402.067234][T19180] ? lock_mm_and_find_vma+0xa7/0x340 [ 402.067258][T19180] do_user_addr_fault+0x75b/0x1340 [ 402.067300][T19180] exc_page_fault+0x6a/0xc0 [ 402.067322][T19180] asm_exc_page_fault+0x26/0x30 [ 402.067340][T19180] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 402.067366][T19180] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 402.067382][T19180] RSP: 0018:ffffc90004fb7ab8 EFLAGS: 00050202 [ 402.067400][T19180] RAX: 00007ffffffff001 RBX: 0000000000000018 RCX: 0000000000000018 [ 402.067413][T19180] RDX: 0000000000000001 RSI: 0000200000000100 RDI: ffffc90004fb7b70 [ 402.067426][T19180] RBP: ffffc90004fb7cb0 R08: ffffc90004fb7b87 R09: 1ffff920009f6f70 [ 402.067439][T19180] R10: dffffc0000000000 R11: fffff520009f6f71 R12: ffff88802b223000 [ 402.067452][T19180] R13: dffffc0000000000 R14: ffffc90004fb7b70 R15: 0000200000000100 [ 402.067483][T19180] _copy_from_user+0x7a/0xb0 [ 402.067505][T19180] rfcomm_dev_ioctl+0x132/0x21d0 [ 402.067533][T19180] ? kasan_quarantine_put+0xbb/0x1f0 [ 402.067553][T19180] ? __pfx_rfcomm_dev_ioctl+0x10/0x10 [ 402.067580][T19180] ? tomoyo_path_number_perm+0x219/0x630 [ 402.067606][T19180] ? tomoyo_path_number_perm+0x219/0x630 [ 402.067634][T19180] ? do_vfs_ioctl+0x1166/0x1530 [ 402.067659][T19180] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 402.067688][T19180] sock_do_ioctl+0x101/0x320 [ 402.067717][T19180] ? __pfx_sock_do_ioctl+0x10/0x10 [ 402.067739][T19180] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 402.067779][T19180] sock_ioctl+0x5c6/0x7f0 [ 402.067805][T19180] ? __pfx_sock_ioctl+0x10/0x10 [ 402.067837][T19180] ? __fget_files+0x2a/0x420 [ 402.067862][T19180] ? __fget_files+0x3a0/0x420 [ 402.067887][T19180] ? __fget_files+0x2a/0x420 [ 402.067918][T19180] ? bpf_lsm_file_ioctl+0x9/0x20 [ 402.067942][T19180] ? __pfx_sock_ioctl+0x10/0x10 [ 402.067966][T19180] __se_sys_ioctl+0xfc/0x170 [ 402.067991][T19180] do_syscall_64+0x14d/0xf80 [ 402.068011][T19180] ? trace_irq_disable+0x3b/0x150 [ 402.068038][T19180] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.068056][T19180] ? clear_bhb_loop+0x40/0x90 [ 402.068079][T19180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.068096][T19180] RIP: 0033:0x7f09abb9c799 [ 402.068113][T19180] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 402.068128][T19180] RSP: 002b:00007f09ac9be028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 402.068146][T19180] RAX: ffffffffffffffda RBX: 00007f09abe15fa0 RCX: 00007f09abb9c799 [ 402.068159][T19180] RDX: 0000200000000100 RSI: 00000000800452d3 RDI: 0000000000000004 [ 402.068171][T19180] RBP: 00007f09ac9be090 R08: 0000000000000000 R09: 0000000000000000 [ 402.068182][T19180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 402.068193][T19180] R13: 00007f09abe16038 R14: 00007f09abe15fa0 R15: 00007ffc925e26e8 [ 402.068225][T19180] [ 402.524710][T19178] bond0: (slave bridge0): Releasing backup interface [ 402.564461][T19178] bridge_slave_0: left allmulticast mode [ 402.570149][T19178] bridge_slave_0: left promiscuous mode [ 402.582635][T19178] bridge0: port 1(bridge_slave_0) entered disabled state [ 402.615745][T19187] xt_connbytes: Forcing CT accounting to be enabled [ 402.679088][T19178] bond0: (slave bridge_slave_1): Releasing backup interface [ 402.734308][T19178] bridge_slave_1: left allmulticast mode [ 402.766086][T19178] bond0: (slave bond_slave_0): Releasing backup interface [ 402.775617][T19178] bond_slave_0: left allmulticast mode [ 402.792297][T19178] bond0: (slave bond_slave_1): Releasing backup interface [ 402.821256][T19178] bond_slave_1: left allmulticast mode [ 402.835911][T19178] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 402.845492][T19178] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 402.866039][T19178] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 402.874441][T19178] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 402.887920][T19178] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 402.995848][T19202] netlink: 'syz.2.3629': attribute type 1 has an invalid length. [ 403.064056][T19202] __nla_validate_parse: 6 callbacks suppressed [ 403.064073][T19202] netlink: 2108 bytes leftover after parsing attributes in process `syz.2.3629'. [ 403.099104][T19217] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3632'. [ 403.115447][T19217] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3632'. [ 403.283644][T19230] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3637'. [ 403.359298][T19225] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3636'. [ 403.573409][T19241] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3641'. [ 403.595754][T19244] FAULT_INJECTION: forcing a failure. [ 403.595754][T19244] name failslab, interval 1, probability 0, space 0, times 0 [ 403.597401][T19242] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3641'. [ 403.623843][T19244] CPU: 1 UID: 0 PID: 19244 Comm: syz.1.3642 Not tainted syzkaller #0 PREEMPT(full) [ 403.623867][T19244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 403.623877][T19244] Call Trace: [ 403.623884][T19244] [ 403.623892][T19244] dump_stack_lvl+0xe8/0x150 [ 403.623923][T19244] should_fail_ex+0x412/0x560 [ 403.623954][T19244] should_failslab+0xa8/0x100 [ 403.623979][T19244] __kmalloc_cache_noprof+0x88/0x660 [ 403.624001][T19244] ? ovs_flow_cmd_new+0x356/0xe80 [ 403.624103][T19244] ovs_flow_cmd_new+0x356/0xe80 [ 403.624120][T19244] ? __lock_acquire+0x6b5/0x2cf0 [ 403.624157][T19244] ? kasan_save_track+0x4f/0x80 [ 403.624175][T19244] ? kasan_save_track+0x3e/0x80 [ 403.624196][T19244] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 403.624268][T19244] ? __nla_parse+0x40/0x60 [ 403.624321][T19244] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 403.624352][T19244] genl_family_rcv_msg_doit+0x22a/0x330 [ 403.624381][T19244] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 403.624416][T19244] ? bpf_lsm_capable+0x9/0x20 [ 403.624440][T19244] ? security_capable+0x7e/0x2c0 [ 403.624502][T19244] genl_rcv_msg+0x61c/0x7a0 [ 403.624530][T19244] ? __pfx_genl_rcv_msg+0x10/0x10 [ 403.624551][T19244] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 403.624570][T19244] ? __lock_acquire+0x6b5/0x2cf0 [ 403.624605][T19244] netlink_rcv_skb+0x232/0x4b0 [ 403.624633][T19244] ? __pfx_genl_rcv_msg+0x10/0x10 [ 403.624656][T19244] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 403.624700][T19244] ? down_read+0x272/0x2e0 [ 403.624721][T19244] ? genl_rcv+0xd/0x40 [ 403.624743][T19244] genl_rcv+0x28/0x40 [ 403.624762][T19244] netlink_unicast+0x80f/0x9b0 [ 403.624796][T19244] ? __pfx_netlink_unicast+0x10/0x10 [ 403.624819][T19244] ? __kvmalloc_node_noprof+0x393/0x8a0 [ 403.624842][T19244] ? netlink_sendmsg+0x650/0xb40 [ 403.624866][T19244] ? skb_put+0x11b/0x210 [ 403.624890][T19244] netlink_sendmsg+0x813/0xb40 [ 403.624927][T19244] ? __pfx_netlink_sendmsg+0x10/0x10 [ 403.624957][T19244] ? aa_sock_msg_perm+0xf1/0x1b0 [ 403.624985][T19244] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 403.625007][T19244] ____sys_sendmsg+0x972/0x9f0 [ 403.625039][T19244] ? __pfx_____sys_sendmsg+0x10/0x10 [ 403.625069][T19244] ? import_iovec+0x73/0xa0 [ 403.625093][T19244] ___sys_sendmsg+0x2a5/0x360 [ 403.625121][T19244] ? __pfx____sys_sendmsg+0x10/0x10 [ 403.625184][T19244] ? __fget_files+0x2a/0x420 [ 403.625210][T19244] ? __fget_files+0x3a0/0x420 [ 403.625247][T19244] __x64_sys_sendmsg+0x1bd/0x2a0 [ 403.625271][T19244] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 403.625303][T19244] ? __pfx_ksys_write+0x10/0x10 [ 403.625335][T19244] do_syscall_64+0x14d/0xf80 [ 403.625355][T19244] ? trace_irq_disable+0x3b/0x150 [ 403.625381][T19244] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.625400][T19244] ? clear_bhb_loop+0x40/0x90 [ 403.625423][T19244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.625441][T19244] RIP: 0033:0x7fdebe99c799 [ 403.625459][T19244] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 403.625476][T19244] RSP: 002b:00007fdebf8a8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 403.625496][T19244] RAX: ffffffffffffffda RBX: 00007fdebec15fa0 RCX: 00007fdebe99c799 [ 403.625509][T19244] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 403.625522][T19244] RBP: 00007fdebf8a8090 R08: 0000000000000000 R09: 0000000000000000 [ 403.625533][T19244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 403.625544][T19244] R13: 00007fdebec16038 R14: 00007fdebec15fa0 R15: 00007fffcdc52b58 [ 403.625576][T19244] [ 404.183596][T19255] FAULT_INJECTION: forcing a failure. [ 404.183596][T19255] name failslab, interval 1, probability 0, space 0, times 0 [ 404.286447][T19255] CPU: 1 UID: 0 PID: 19255 Comm: syz.1.3644 Not tainted syzkaller #0 PREEMPT(full) [ 404.286474][T19255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 404.286485][T19255] Call Trace: [ 404.286493][T19255] [ 404.286501][T19255] dump_stack_lvl+0xe8/0x150 [ 404.286532][T19255] should_fail_ex+0x412/0x560 [ 404.286573][T19255] should_failslab+0xa8/0x100 [ 404.286599][T19255] __kmalloc_noprof+0xe8/0x760 [ 404.286620][T19255] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 404.286651][T19255] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 404.286682][T19255] genl_family_rcv_msg_doit+0xd9/0x330 [ 404.286712][T19255] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 404.286743][T19255] ? apparmor_capable+0x126/0x170 [ 404.286767][T19255] ? bpf_lsm_capable+0x9/0x20 [ 404.286792][T19255] ? security_capable+0x7e/0x2c0 [ 404.286824][T19255] genl_rcv_msg+0x61c/0x7a0 [ 404.286852][T19255] ? __pfx_genl_rcv_msg+0x10/0x10 [ 404.286873][T19255] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 404.286893][T19255] ? __lock_acquire+0x6b5/0x2cf0 [ 404.286927][T19255] netlink_rcv_skb+0x232/0x4b0 [ 404.286952][T19255] ? __pfx_genl_rcv_msg+0x10/0x10 [ 404.286975][T19255] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 404.287020][T19255] ? down_read+0x272/0x2e0 [ 404.287041][T19255] ? genl_rcv+0xd/0x40 [ 404.287063][T19255] genl_rcv+0x28/0x40 [ 404.287081][T19255] netlink_unicast+0x80f/0x9b0 [ 404.287113][T19255] ? __pfx_netlink_unicast+0x10/0x10 [ 404.287141][T19255] ? netlink_sendmsg+0x650/0xb40 [ 404.287167][T19255] ? skb_put+0x11b/0x210 [ 404.287190][T19255] netlink_sendmsg+0x813/0xb40 [ 404.287227][T19255] ? __pfx_netlink_sendmsg+0x10/0x10 [ 404.287258][T19255] ? aa_sock_msg_perm+0xf1/0x1b0 [ 404.287286][T19255] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 404.287311][T19255] ____sys_sendmsg+0x972/0x9f0 [ 404.287378][T19255] ? __pfx_____sys_sendmsg+0x10/0x10 [ 404.287410][T19255] ? import_iovec+0x73/0xa0 [ 404.287435][T19255] ___sys_sendmsg+0x2a5/0x360 [ 404.287462][T19255] ? __pfx____sys_sendmsg+0x10/0x10 [ 404.287520][T19255] ? __fget_files+0x2a/0x420 [ 404.287545][T19255] ? __fget_files+0x3a0/0x420 [ 404.287614][T19255] __x64_sys_sendmsg+0x1bd/0x2a0 [ 404.287640][T19255] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 404.287672][T19255] ? __pfx_ksys_write+0x10/0x10 [ 404.287704][T19255] do_syscall_64+0x14d/0xf80 [ 404.287725][T19255] ? trace_irq_disable+0x3b/0x150 [ 404.287751][T19255] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.287769][T19255] ? clear_bhb_loop+0x40/0x90 [ 404.287793][T19255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.287811][T19255] RIP: 0033:0x7fdebe99c799 [ 404.287828][T19255] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 404.287844][T19255] RSP: 002b:00007fdebf8a8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 404.287864][T19255] RAX: ffffffffffffffda RBX: 00007fdebec15fa0 RCX: 00007fdebe99c799 [ 404.287877][T19255] RDX: 0000000004008094 RSI: 0000200000000100 RDI: 0000000000000003 [ 404.287889][T19255] RBP: 00007fdebf8a8090 R08: 0000000000000000 R09: 0000000000000000 [ 404.287901][T19255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 404.287911][T19255] R13: 00007fdebec16038 R14: 00007fdebec15fa0 R15: 00007fffcdc52b58 [ 404.287942][T19255] [ 405.040305][T19291] tipc: Enabled bearer , priority 0 [ 405.235652][T19291] syzkaller0: entered promiscuous mode [ 405.286601][T19291] syzkaller0: entered allmulticast mode [ 405.327770][T19291] tipc: Resetting bearer [ 405.371890][T19313] 8021q: VLANs not supported on ipvlan0 [ 405.487062][T19289] tipc: Resetting bearer [ 405.863217][T19329] netlink: 'syz.1.3662': attribute type 4 has an invalid length. [ 406.666655][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5340 ms [ 406.674722][ C1] lec:lec_tx_timeout: lec0 [ 406.679427][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 406.838257][T19289] tipc: Disabling bearer [ 406.856261][T19337] netlink: 'syz.3.3666': attribute type 12 has an invalid length. [ 407.006419][T19344] netlink: 'syz.2.3667': attribute type 20 has an invalid length. [ 407.014520][T19344] IPv6: NLM_F_CREATE should be specified when creating new route [ 407.038137][T19344] openvswitch: netlink: Multiple metadata blocks provided [ 407.047576][T19346] netlink: 'syz.1.3669': attribute type 2 has an invalid length. [ 407.080558][T19346] netlink: 'syz.1.3669': attribute type 2 has an invalid length. [ 407.304269][T19362] tap0: tun_chr_ioctl cmd 1074025676 [ 407.309611][T19362] tap0: owner set to 0 [ 407.340034][T19362] tap0: tun_chr_ioctl cmd 1074025672 [ 407.359400][T19362] tap0: ignored: set checksum enabled [ 407.507210][T19382] batman_adv: batadv0: Interface deactivated: ipvlan0 [ 407.548960][T19382] batman_adv: batadv0: Removing interface: ipvlan0 [ 407.667394][T19388] netlink: 'syz.3.3679': attribute type 4 has an invalid length. [ 407.957479][T19405] syzkaller0: entered promiscuous mode [ 407.993792][T19405] syzkaller0: entered allmulticast mode [ 408.130108][T19421] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3691'. [ 408.206939][T19427] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3692'. [ 408.231151][T19427] netem: change failed [ 408.390354][T19433] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3693'. [ 408.395295][T19437] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3695'. [ 408.453410][T19438] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3696'. [ 408.694897][T19448] netlink: 396 bytes leftover after parsing attributes in process `syz.1.3700'. [ 408.706106][T19456] openvswitch: netlink: Duplicate or invalid key (type 0). [ 408.713362][T19456] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 408.936023][T19467] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3709'. [ 408.987543][T19467] netlink: 'syz.2.3709': attribute type 83 has an invalid length. [ 409.016088][T19469] syzkaller0: entered promiscuous mode [ 409.041973][T19469] 0: reclassify loop, rule prio 0, protocol 800 [ 409.092177][T19476] openvswitch: netlink: IPv6 tunnel dst address is zero [ 409.188779][T19479] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3714'. [ 409.358506][T19489] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3717'. [ 410.180262][T19542] netlink: 'syz.1.3737': attribute type 12 has an invalid length. [ 410.221435][T19542] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3737'. [ 410.860735][T19583] rdma_rxe: rxe_newlink: failed to add bond_slave_0 [ 411.102595][T19595] Bluetooth: MGMT ver 1.23 [ 411.693794][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 411.701857][ C1] lec:lec_tx_timeout: lec0 [ 411.706476][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 413.192954][T19544] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 413.568578][T19617] bond5: entered promiscuous mode [ 413.585597][T19617] bridge_slave_0: invalid flags given to default FDB implementation [ 413.605728][T19620] delete_channel: no stack [ 413.719139][T19629] __nla_validate_parse: 5 callbacks suppressed [ 413.719156][T19629] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3770'. [ 413.757166][T19630] 8021q: VLANs not supported on lo [ 413.920959][T19647] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3774'. [ 414.501980][T19670] openvswitch: netlink: Multiple metadata blocks provided [ 414.592493][T19676] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3783'. [ 414.654216][T19680] sch_fq: defrate 53322 ignored. [ 416.713704][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 416.721767][ C1] lec:lec_tx_timeout: lec0 [ 416.726432][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 416.766860][T19632] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 417.120635][T19702] openvswitch: netlink: IPv6 tunnel dst address is zero [ 417.172439][T19708] Cannot find del_set index 4 as target [ 417.214620][T19711] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3796'. [ 417.242834][T19718] netlink: 'syz.1.3795': attribute type 4 has an invalid length. [ 417.308167][T19724] openvswitch: netlink: IP tunnel dst address not specified [ 417.339883][T19726] netlink: zone id is out of range [ 417.366180][T19726] netlink: zone id is out of range [ 417.371343][T19726] netlink: zone id is out of range [ 417.377163][T19726] netlink: zone id is out of range [ 417.382291][T19726] netlink: zone id is out of range [ 417.391121][T19726] netlink: zone id is out of range [ 417.396887][T19726] netlink: zone id is out of range [ 420.235403][T19715] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 420.373833][T19751] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3809'. [ 420.417099][T19758] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3809'. [ 420.580851][T19770] net_ratelimit: 16 callbacks suppressed [ 420.580869][T19770] netlink: zone id is out of range [ 420.612559][T19770] netlink: zone id is out of range [ 420.630712][T19773] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3815'. [ 420.633744][T19770] netlink: zone id is out of range [ 420.651239][T19773] syzkaller0: entered promiscuous mode [ 420.657403][T19773] syzkaller0: entered allmulticast mode [ 420.686807][T19770] netlink: zone id is out of range [ 420.704484][T19770] netlink: zone id is out of range [ 420.709748][T19770] netlink: zone id is out of range [ 420.718379][T19778] openvswitch: netlink: Duplicate or invalid key (type 0). [ 420.725808][T19770] netlink: zone id is out of range [ 420.731052][T19770] netlink: zone id is out of range [ 420.737211][T19778] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 420.921321][T19785] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3819'. [ 421.188326][T19806] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3825'. [ 421.210594][T19808] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3826'. [ 421.288711][T19812] xt_hashlimit: size too large, truncated to 1048576 [ 421.303249][T19813] syzkaller1: entered promiscuous mode [ 421.311165][T19813] syzkaller1: entered allmulticast mode [ 421.316333][T19815] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3827'. [ 421.329858][T19815] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3827'. [ 421.733712][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 421.741777][ C1] lec:lec_tx_timeout: lec0 [ 421.746436][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 423.825350][T19780] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 423.868111][T19814] netlink: 'syz.1.3827': attribute type 1 has an invalid length. [ 423.883973][T19814] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3827'. [ 423.889694][T19840] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3834'. [ 423.902081][T19815] netlink: 'syz.1.3827': attribute type 1 has an invalid length. [ 424.346186][T19864] syzkaller0: entered promiscuous mode [ 424.451224][T19868] erspan0: entered promiscuous mode [ 424.473424][T19868] erspan0: entered allmulticast mode [ 425.138179][ T5158] block nbd1: Possible stuck request ffff888026818000: control (read@0,1024B). Runtime 30 seconds [ 425.149048][ T5158] block nbd1: Possible stuck request ffff888026818200: control (read@1024,1024B). Runtime 30 seconds [ 425.160110][ T5158] block nbd1: Possible stuck request ffff888026818400: control (read@2048,1024B). Runtime 30 seconds [ 425.171405][ T5158] block nbd1: Possible stuck request ffff888026818600: control (read@3072,1024B). Runtime 30 seconds [ 426.753725][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 426.761753][ C1] lec:lec_tx_timeout: lec0 [ 426.766349][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 427.374987][T19867] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 427.512158][T19920] __nla_validate_parse: 3 callbacks suppressed [ 427.512177][T19920] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3862'. [ 427.545635][T19922] net_ratelimit: 67 callbacks suppressed [ 427.545653][T19922] openvswitch: netlink: IPv6 tunnel dst address is zero [ 427.589620][T19925] sch_tbf: peakrate 8655956332127499073 is lower than or equals to rate 13547069222442939358 ! [ 427.610118][T19925] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3864'. [ 427.629754][T19925] netlink: 43 bytes leftover after parsing attributes in process `syz.2.3864'. [ 427.648387][T19928] netlink: 'syz.4.3866': attribute type 1 has an invalid length. [ 427.661906][T19926] netlink: zone id is out of range [ 427.664675][T19925] netlink: 'syz.2.3864': attribute type 6 has an invalid length. [ 427.667201][T19926] netlink: zone id is out of range [ 427.676877][T19925] netlink: 'syz.2.3864': attribute type 5 has an invalid length. [ 427.695943][T19926] netlink: zone id is out of range [ 427.709225][T19925] netlink: 43 bytes leftover after parsing attributes in process `syz.2.3864'. [ 427.719792][T19926] netlink: zone id is out of range [ 427.720636][T19928] 8021q: adding VLAN 0 to HW filter on device bond6 [ 427.744507][T19926] netlink: zone id is out of range [ 427.749761][T19926] netlink: zone id is out of range [ 427.757020][T19926] netlink: zone id is out of range [ 427.762488][T19926] netlink: zone id is out of range [ 427.768234][T19926] netlink: zone id is out of range [ 427.822732][T19933] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3866'. [ 427.830045][T19928] bond6: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 427.852850][T19941] vlan3: entered allmulticast mode [ 427.865989][T19941] bridge_slave_0: entered allmulticast mode [ 428.040783][T19948] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3872'. [ 428.195868][T19952] lo speed is unknown, defaulting to 1000 [ 428.537927][T19967] netlink: 'syz.3.3878': attribute type 4 has an invalid length. [ 428.556457][T19970] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3879'. [ 428.568510][T19970] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3879'. [ 428.598223][T19970] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3879'. [ 428.811075][T19977] tipc: Enabling of bearer rejected, already enabled [ 428.870258][T19985] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3882'. [ 429.260512][T20000] netlink: 'syz.3.3884': attribute type 13 has an invalid length. [ 429.561863][T20015] syzkaller0: entered promiscuous mode [ 429.696235][T20017] netlink: 'syz.3.3894': attribute type 1 has an invalid length. [ 430.765635][T20078] FAULT_INJECTION: forcing a failure. [ 430.765635][T20078] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 430.774471][T20077] FAULT_INJECTION: forcing a failure. [ 430.774471][T20077] name failslab, interval 1, probability 0, space 0, times 0 [ 430.869229][T20077] CPU: 0 UID: 0 PID: 20077 Comm: syz.3.3910 Not tainted syzkaller #0 PREEMPT(full) [ 430.869256][T20077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 430.869268][T20077] Call Trace: [ 430.869276][T20077] [ 430.869284][T20077] dump_stack_lvl+0xe8/0x150 [ 430.869316][T20077] should_fail_ex+0x412/0x560 [ 430.869350][T20077] should_failslab+0xa8/0x100 [ 430.869374][T20077] ? ovs_flow_alloc+0x24/0x1f0 [ 430.869398][T20077] kmem_cache_alloc_noprof+0x87/0x650 [ 430.869427][T20077] ovs_flow_alloc+0x24/0x1f0 [ 430.869454][T20077] ovs_flow_cmd_new+0x2b9/0xe80 [ 430.869479][T20077] ? kasan_save_track+0x4f/0x80 [ 430.869497][T20077] ? kasan_save_track+0x3e/0x80 [ 430.869517][T20077] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 430.869593][T20077] ? __nla_parse+0x40/0x60 [ 430.869615][T20077] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 430.869647][T20077] genl_family_rcv_msg_doit+0x22a/0x330 [ 430.869677][T20077] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 430.869710][T20077] ? bpf_lsm_capable+0x9/0x20 [ 430.869734][T20077] ? security_capable+0x7e/0x2c0 [ 430.869766][T20077] genl_rcv_msg+0x61c/0x7a0 [ 430.869794][T20077] ? __pfx_genl_rcv_msg+0x10/0x10 [ 430.869814][T20077] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 430.869832][T20077] ? __lock_acquire+0x6b5/0x2cf0 [ 430.869868][T20077] netlink_rcv_skb+0x232/0x4b0 [ 430.869897][T20077] ? __pfx_genl_rcv_msg+0x10/0x10 [ 430.869919][T20077] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 430.869971][T20077] ? down_read+0x272/0x2e0 [ 430.869994][T20077] ? genl_rcv+0xd/0x40 [ 430.870016][T20077] genl_rcv+0x28/0x40 [ 430.870035][T20077] netlink_unicast+0x80f/0x9b0 [ 430.870069][T20077] ? __pfx_netlink_unicast+0x10/0x10 [ 430.870097][T20077] ? netlink_sendmsg+0x650/0xb40 [ 430.870121][T20077] ? skb_put+0x11b/0x210 [ 430.870144][T20077] netlink_sendmsg+0x813/0xb40 [ 430.870181][T20077] ? __pfx_netlink_sendmsg+0x10/0x10 [ 430.870213][T20077] ? aa_sock_msg_perm+0xf1/0x1b0 [ 430.870241][T20077] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 430.870268][T20077] ____sys_sendmsg+0x972/0x9f0 [ 430.870298][T20077] ? __pfx_____sys_sendmsg+0x10/0x10 [ 430.870326][T20077] ? import_iovec+0x73/0xa0 [ 430.870348][T20077] ___sys_sendmsg+0x2a5/0x360 [ 430.870375][T20077] ? __pfx____sys_sendmsg+0x10/0x10 [ 430.870431][T20077] ? __fget_files+0x2a/0x420 [ 430.870458][T20077] ? __fget_files+0x3a0/0x420 [ 430.870494][T20077] __x64_sys_sendmsg+0x1bd/0x2a0 [ 430.870519][T20077] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 430.870550][T20077] ? __pfx_ksys_write+0x10/0x10 [ 430.870584][T20077] do_syscall_64+0x14d/0xf80 [ 430.870604][T20077] ? trace_irq_disable+0x3b/0x150 [ 430.870630][T20077] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.870648][T20077] ? clear_bhb_loop+0x40/0x90 [ 430.870671][T20077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.870688][T20077] RIP: 0033:0x7f42cb19c799 [ 430.870707][T20077] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 430.870722][T20077] RSP: 002b:00007f42cbfab028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 430.870743][T20077] RAX: ffffffffffffffda RBX: 00007f42cb415fa0 RCX: 00007f42cb19c799 [ 430.870756][T20077] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003 [ 430.870768][T20077] RBP: 00007f42cbfab090 R08: 0000000000000000 R09: 0000000000000000 [ 430.870778][T20077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 430.870789][T20077] R13: 00007f42cb416038 R14: 00007f42cb415fa0 R15: 00007ffed91c05d8 [ 430.870819][T20077] [ 431.222273][T20078] CPU: 1 UID: 0 PID: 20078 Comm: syz.2.3911 Not tainted syzkaller #0 PREEMPT(full) [ 431.222301][T20078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 431.222312][T20078] Call Trace: [ 431.222319][T20078] [ 431.222328][T20078] dump_stack_lvl+0xe8/0x150 [ 431.222358][T20078] should_fail_ex+0x412/0x560 [ 431.222390][T20078] _copy_to_user+0x31/0xb0 [ 431.222413][T20078] simple_read_from_buffer+0xe1/0x170 [ 431.222444][T20078] proc_fail_nth_read+0x1bb/0x230 [ 431.222473][T20078] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 431.222502][T20078] ? rw_verify_area+0x2a6/0x4d0 [ 431.222521][T20078] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 431.222549][T20078] vfs_read+0x20c/0xa70 [ 431.222566][T20078] ? fdget_pos+0x246/0x320 [ 431.222598][T20078] ? __pfx___mutex_lock+0x10/0x10 [ 431.222620][T20078] ? __pfx_vfs_read+0x10/0x10 [ 431.222641][T20078] ? __fget_files+0x2a/0x420 [ 431.222671][T20078] ? __fget_files+0x3a0/0x420 [ 431.222696][T20078] ? __fget_files+0x2a/0x420 [ 431.222731][T20078] ksys_read+0x150/0x270 [ 431.222753][T20078] ? __pfx_ksys_read+0x10/0x10 [ 431.222784][T20078] do_syscall_64+0x14d/0xf80 [ 431.222804][T20078] ? trace_irq_disable+0x3b/0x150 [ 431.222829][T20078] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.222847][T20078] ? clear_bhb_loop+0x40/0x90 [ 431.222871][T20078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.222888][T20078] RIP: 0033:0x7f3f3dd5cfce [ 431.222906][T20078] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 431.222922][T20078] RSP: 002b:00007f3f3ec79fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 431.222942][T20078] RAX: ffffffffffffffda RBX: 00007f3f3ec7a6c0 RCX: 00007f3f3dd5cfce [ 431.222988][T20078] RDX: 000000000000000f RSI: 00007f3f3ec7a0a0 RDI: 0000000000000004 [ 431.223000][T20078] RBP: 00007f3f3ec7a090 R08: 0000000000000000 R09: 0000000000000000 [ 431.223012][T20078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 431.223023][T20078] R13: 00007f3f3e016038 R14: 00007f3f3e015fa0 R15: 00007ffcdc9f2748 [ 431.223054][T20078] [ 431.588312][T20085] netlink: 'syz.3.3914': attribute type 1 has an invalid length. [ 431.701148][T20087] bond10: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 431.723165][T20087] bond10: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 431.737378][T20087] bond10: (slave ip6gre1): making interface the new active one [ 431.746608][T20087] bond10: (slave ip6gre1): Enslaving as an active interface with an up link [ 431.783695][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms [ 431.791726][ C1] lec:lec_tx_timeout: lec0 [ 431.797046][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 431.812370][T20084] syzkaller0: entered promiscuous mode [ 431.828366][T20084] syzkaller0: entered allmulticast mode [ 432.051454][T20100] netlink: 'syz.4.3919': attribute type 10 has an invalid length. [ 432.082299][T20100] bridge_slave_1: left allmulticast mode [ 432.110124][T20100] bridge_slave_1: left promiscuous mode [ 432.124818][T20100] bridge0: port 2(bridge_slave_1) entered disabled state [ 432.360963][T20121] netlink: 'syz.4.3923': attribute type 11 has an invalid length. [ 433.103592][T20134] __nla_validate_parse: 7 callbacks suppressed [ 433.103612][T20134] netlink: 108 bytes leftover after parsing attributes in process `syz.1.3926'. [ 433.835855][T20139] FAULT_INJECTION: forcing a failure. [ 433.835855][T20139] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 433.865372][T20139] CPU: 1 UID: 0 PID: 20139 Comm: syz.1.3928 Not tainted syzkaller #0 PREEMPT(full) [ 433.865398][T20139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 433.865409][T20139] Call Trace: [ 433.865416][T20139] [ 433.865424][T20139] dump_stack_lvl+0xe8/0x150 [ 433.865455][T20139] should_fail_ex+0x412/0x560 [ 433.865486][T20139] _copy_from_iter+0x1d3/0x1670 [ 433.865518][T20139] ? rcu_is_watching+0x15/0xb0 [ 433.865549][T20139] ? __pfx__copy_from_iter+0x10/0x10 [ 433.865584][T20139] ? netlink_sendmsg+0x650/0xb40 [ 433.865611][T20139] ? skb_put+0x11b/0x210 [ 433.865633][T20139] netlink_sendmsg+0x6c0/0xb40 [ 433.865670][T20139] ? __pfx_netlink_sendmsg+0x10/0x10 [ 433.865700][T20139] ? aa_sock_msg_perm+0xf1/0x1b0 [ 433.865729][T20139] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 433.865753][T20139] ____sys_sendmsg+0x972/0x9f0 [ 433.865783][T20139] ? __pfx_____sys_sendmsg+0x10/0x10 [ 433.865819][T20139] ? import_iovec+0x73/0xa0 [ 433.865843][T20139] ___sys_sendmsg+0x2a5/0x360 [ 433.865870][T20139] ? __pfx____sys_sendmsg+0x10/0x10 [ 433.865925][T20139] ? __fget_files+0x2a/0x420 [ 433.865951][T20139] ? __fget_files+0x3a0/0x420 [ 433.865988][T20139] __x64_sys_sendmsg+0x1bd/0x2a0 [ 433.866012][T20139] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 433.866043][T20139] ? __pfx_ksys_write+0x10/0x10 [ 433.866075][T20139] do_syscall_64+0x14d/0xf80 [ 433.866096][T20139] ? trace_irq_disable+0x3b/0x150 [ 433.866122][T20139] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.866140][T20139] ? clear_bhb_loop+0x40/0x90 [ 433.866163][T20139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.866182][T20139] RIP: 0033:0x7fdebe99c799 [ 433.866200][T20139] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 433.866218][T20139] RSP: 002b:00007fdebf8a8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 433.866238][T20139] RAX: ffffffffffffffda RBX: 00007fdebec15fa0 RCX: 00007fdebe99c799 [ 433.866253][T20139] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 433.866265][T20139] RBP: 00007fdebf8a8090 R08: 0000000000000000 R09: 0000000000000000 [ 433.866277][T20139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 433.866288][T20139] R13: 00007fdebec16038 R14: 00007fdebec15fa0 R15: 00007fffcdc52b58 [ 433.866319][T20139] [ 434.127597][T20142] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3930'. [ 434.182268][T20143] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3929'. [ 434.233225][T20145] net_ratelimit: 86 callbacks suppressed [ 434.233244][T20145] openvswitch: netlink: Duplicate or invalid key (type 0). [ 434.259567][T20145] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 434.282784][T20143] syzkaller0: entered promiscuous mode [ 434.303945][T20143] syzkaller0: entered allmulticast mode [ 434.375901][T20152] netlink: 'syz.3.3934': attribute type 6 has an invalid length. [ 434.435479][T20157] netlink: 'syz.3.3934': attribute type 12 has an invalid length. [ 434.453916][T20157] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3934'. [ 434.562231][T20161] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3937'. [ 434.577030][T20159] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3936'. [ 434.590451][T20163] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 434.597328][T20159] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3936'. [ 434.770595][T20175] FAULT_INJECTION: forcing a failure. [ 434.770595][T20175] name failslab, interval 1, probability 0, space 0, times 0 [ 434.880983][T20175] CPU: 1 UID: 0 PID: 20175 Comm: syz.3.3942 Not tainted syzkaller #0 PREEMPT(full) [ 434.881010][T20175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 434.881022][T20175] Call Trace: [ 434.881030][T20175] [ 434.881038][T20175] dump_stack_lvl+0xe8/0x150 [ 434.881069][T20175] should_fail_ex+0x412/0x560 [ 434.881102][T20175] should_failslab+0xa8/0x100 [ 434.881125][T20175] ? skb_clone+0x212/0x3a0 [ 434.881148][T20175] kmem_cache_alloc_noprof+0x87/0x650 [ 434.881168][T20175] ? __netlink_lookup+0xc6/0x8b0 [ 434.881197][T20175] skb_clone+0x212/0x3a0 [ 434.881222][T20175] __netlink_deliver_tap+0x404/0x850 [ 434.881265][T20175] ? netlink_deliver_tap+0x2e/0x1b0 [ 434.881294][T20175] netlink_deliver_tap+0x19c/0x1b0 [ 434.881323][T20175] netlink_unicast+0x7e3/0x9b0 [ 434.881358][T20175] ? __pfx_netlink_unicast+0x10/0x10 [ 434.881385][T20175] ? netlink_sendmsg+0x650/0xb40 [ 434.881409][T20175] ? skb_put+0x11b/0x210 [ 434.881432][T20175] netlink_sendmsg+0x813/0xb40 [ 434.881469][T20175] ? __pfx_netlink_sendmsg+0x10/0x10 [ 434.881500][T20175] ? aa_sock_msg_perm+0xf1/0x1b0 [ 434.881529][T20175] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 434.881554][T20175] ____sys_sendmsg+0x972/0x9f0 [ 434.881585][T20175] ? __pfx_____sys_sendmsg+0x10/0x10 [ 434.881616][T20175] ? import_iovec+0x73/0xa0 [ 434.881640][T20175] ___sys_sendmsg+0x2a5/0x360 [ 434.881668][T20175] ? __pfx____sys_sendmsg+0x10/0x10 [ 434.881733][T20175] ? __fget_files+0x2a/0x420 [ 434.881759][T20175] ? __fget_files+0x3a0/0x420 [ 434.881797][T20175] __x64_sys_sendmsg+0x1bd/0x2a0 [ 434.881822][T20175] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 434.881854][T20175] ? __pfx_ksys_write+0x10/0x10 [ 434.881886][T20175] do_syscall_64+0x14d/0xf80 [ 434.881907][T20175] ? trace_irq_disable+0x3b/0x150 [ 434.881932][T20175] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.881951][T20175] ? clear_bhb_loop+0x40/0x90 [ 434.881974][T20175] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.881992][T20175] RIP: 0033:0x7f42cb19c799 [ 434.882010][T20175] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 434.882026][T20175] RSP: 002b:00007f42cbfab028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 434.882046][T20175] RAX: ffffffffffffffda RBX: 00007f42cb415fa0 RCX: 00007f42cb19c799 [ 434.882060][T20175] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 434.882071][T20175] RBP: 00007f42cbfab090 R08: 0000000000000000 R09: 0000000000000000 [ 434.882083][T20175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 434.882095][T20175] R13: 00007f42cb416038 R14: 00007f42cb415fa0 R15: 00007ffed91c05d8 [ 434.882127][T20175] [ 434.911165][T20185] FAULT_INJECTION: forcing a failure. [ 434.911165][T20185] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 435.212872][T20185] CPU: 0 UID: 0 PID: 20185 Comm: syz.4.3947 Not tainted syzkaller #0 PREEMPT(full) [ 435.212898][T20185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 435.212910][T20185] Call Trace: [ 435.212916][T20185] [ 435.212923][T20185] dump_stack_lvl+0xe8/0x150 [ 435.212953][T20185] should_fail_ex+0x412/0x560 [ 435.212983][T20185] _copy_from_user+0x2d/0xb0 [ 435.213005][T20185] __copy_msghdr+0x3c5/0x5b0 [ 435.213031][T20185] ___sys_sendmsg+0x213/0x360 [ 435.213057][T20185] ? __pfx____sys_sendmsg+0x10/0x10 [ 435.213110][T20185] ? __fget_files+0x2a/0x420 [ 435.213134][T20185] ? __fget_files+0x3a0/0x420 [ 435.213178][T20185] __x64_sys_sendmsg+0x1bd/0x2a0 [ 435.213201][T20185] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 435.213230][T20185] ? __pfx_ksys_write+0x10/0x10 [ 435.213259][T20185] do_syscall_64+0x14d/0xf80 [ 435.213278][T20185] ? trace_irq_disable+0x3b/0x150 [ 435.213303][T20185] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.213322][T20185] ? clear_bhb_loop+0x40/0x90 [ 435.213344][T20185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.213361][T20185] RIP: 0033:0x7f09abb9c799 [ 435.213378][T20185] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 435.213392][T20185] RSP: 002b:00007f09ac9be028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 435.213411][T20185] RAX: ffffffffffffffda RBX: 00007f09abe15fa0 RCX: 00007f09abb9c799 [ 435.213424][T20185] RDX: 0000000004008804 RSI: 0000200000003a80 RDI: 0000000000000004 [ 435.213435][T20185] RBP: 00007f09ac9be090 R08: 0000000000000000 R09: 0000000000000000 [ 435.213445][T20185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 435.213455][T20185] R13: 00007f09abe16038 R14: 00007f09abe15fa0 R15: 00007ffc925e26e8 [ 435.213483][T20185] [ 435.520424][T20205] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3951'. [ 435.667184][T20212] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3955'. [ 435.684334][T20212] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3955'. [ 435.769969][T20214] wireguard1: entered promiscuous mode [ 435.779354][T20214] wireguard1: entered allmulticast mode [ 435.847066][T20222] openvswitch: netlink: Multiple metadata blocks provided [ 435.997964][T20237] netlink: 'syz.0.3962': attribute type 7 has an invalid length. [ 436.040438][T20237] netlink: 'syz.0.3962': attribute type 8 has an invalid length. [ 436.195717][T20247] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 436.346779][T20265] openvswitch: netlink: Flow actions attr not present in new flow. [ 436.421513][T20270] Cannot find map_set index 65533 as target [ 436.553500][T20283] xt_CT: You must specify a L4 protocol and not use inversions on it [ 436.803692][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 436.819871][ C1] lec:lec_tx_timeout: lec0 [ 436.824555][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 439.252404][T20257] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 439.538840][T20302] netlink: 'syz.3.3982': attribute type 21 has an invalid length. [ 439.550702][T20309] __nla_validate_parse: 222 callbacks suppressed [ 439.550721][T20309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3984'. [ 439.568651][T20309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3984'. [ 439.595819][T20306] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 439.624819][T20313] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3984'. [ 439.857291][ T1301] aoe: packet could not be sent on bond0. consider increasing tx_queue_len [ 441.143803][ T30] INFO: task kworker/0:0H:11 blocked for more than 143 seconds. [ 441.151499][ T30] Not tainted syzkaller #0 [ 441.156476][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 441.165194][ T30] task:kworker/0:0H state:D stack:26504 pid:11 tgid:11 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 441.177305][ T30] Workqueue: kblockd blk_mq_requeue_work [ 441.183027][ T30] Call Trace: [ 441.186346][ T30] [ 441.189280][ T30] __schedule+0x15dd/0x52d0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=-1 (errno 104: Connection reset by peer) [ 441.193866][ T30] ? do_raw_spin_lock+0x12b/0x2f0 [ 441.199414][ T30] ? __pfx___schedule+0x10/0x10 [ 441.204940][ T30] ? schedule+0x90/0x360 [ 441.209207][ T30] schedule+0x164/0x360 [ 441.213377][ T30] schedule_timeout+0x158/0x2c0 [ 441.218613][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 441.224922][ T30] ? __pfx_process_timeout+0x10/0x10 [ 441.230233][ T30] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 441.273736][ T30] ? prepare_to_wait_event+0x436/0x480 [ 441.279266][ T30] nbd_queue_rq+0x857/0x1100 [ 441.334035][ T30] ? __pfx_nbd_queue_rq+0x10/0x10 [ 441.339116][ T30] ? __pfx_autoremove_wake_function+0x10/0x10 [ 441.363725][ T30] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 441.369358][ T30] ? sbitmap_get+0x229/0x390 [ 441.393746][ T30] ? __pfx_blk_mq_dispatch_rq_list+0x10/0x10 [ 441.400686][ T30] ? __blk_mq_alloc_driver_tag+0x2e7/0x6e0 [ 441.435026][ T30] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 441.441490][ T30] ? __pfx___blk_mq_sched_dispatch_requests+0x10/0x10 [ 441.473737][ T30] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 441.479769][ T30] ? blk_mq_run_hw_queue+0x31f/0x4f0 [ 441.513704][ T30] blk_mq_run_hw_queue+0x348/0x4f0 [ 441.518882][ T30] blk_mq_run_hw_queues+0x26c/0x3f0 [ 441.544198][ T30] blk_mq_requeue_work+0x71c/0x780 [ 441.549367][ T30] ? __pfx_blk_mq_requeue_work+0x10/0x10 [ 441.573766][ T30] ? process_scheduled_works+0xa8d/0x18c0 [ 441.579541][ T30] ? process_scheduled_works+0xa8d/0x18c0 [ 441.613784][ T30] process_scheduled_works+0xb6e/0x18c0 [ 441.619423][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 441.643712][ T30] ? assign_work+0x3d5/0x5e0 [ 441.648355][ T30] worker_thread+0xa53/0xfc0 [ 441.653102][ T30] kthread+0x388/0x470 [ 441.683842][ T30] ? __pfx_worker_thread+0x10/0x10 [ 441.689008][ T30] ? __pfx_kthread+0x10/0x10 [ 441.693607][ T30] ret_from_fork+0x51e/0xb90 [ 441.733789][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 441.738961][ T30] ? __switch_to+0xc7d/0x1450 [ 441.773812][ T30] ? __pfx_kthread+0x10/0x10 [ 441.778460][ T30] ret_from_fork_asm+0x1a/0x30 [ 441.783259][ T30] [ 441.813960][ T30] [ 441.813960][ T30] Showing all locks held in the system: [ 441.821715][ T30] 4 locks held by kworker/0:0H/11: [ 441.833696][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 441.841715][ C1] lec:lec_tx_timeout: lec0 [ 441.846302][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 441.874130][ T30] #0: ffff88801dedbd48 ((wq_completion)kblockd){+.+.}-{0:0}, at: process_scheduled_works+0xa52/0x18c0 [ 441.898988][ T30] #1: ffffc90000107c40 ((work_completion)(&(&q->requeue_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa8d/0x18c0 [ 441.912398][ T30] #2: ffff88802604ad18 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x31f/0x4f0 [ 441.922223][ T30] #3: ffff888026360380 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc6/0x1100 [ 441.931492][ T30] 2 locks held by kworker/1:0/24: [ 441.936618][ T30] #0: ffff88813fe0f148 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0xa52/0x18c0 [ 441.947626][ T30] #1: ffffc900001e7c40 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0xa8d/0x18c0 [ 441.957950][ T30] 1 lock held by khungtaskd/30: [ 441.962915][ T30] #0: ffffffff8e75e520 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 441.972815][ T30] 5 locks held by kworker/u8:3/49: [ 441.978019][ T30] 2 locks held by klogd/5182: [ 441.982691][ T30] #0: ffff8880b863ade0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 [ 441.992653][ T30] #1: ffff8880b8624588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 [ 442.001573][ T30] 2 locks held by getty/5583: [ 442.006258][ T30] #0: ffff888036c910a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 442.016289][ T30] #1: ffffc9000332e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 [ 442.026443][ T30] 1 lock held by syz-executor/5823: [ 442.031631][ T30] #0: ffffffff8e7647b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770 [ 442.042522][ T30] 5 locks held by syz-executor/5825: [ 442.047829][ T30] #0: ffff88801b350ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x5a0 [ 442.057861][ T30] #1: ffff88801b3500c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x640/0x10e0 [ 442.067709][ T30] #2: ffffffff8fd5abe8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x260 [ 442.077780][ T30] #3: ffff888077388b00 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7b/0x5c0 [ 442.087246][ T30] #4: ffffffff8e7647b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770 [ 442.100845][ T30] 1 lock held by udevd/5834: [ 442.105474][ T30] #0: ffff8880262f3358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 [ 442.114828][ T30] 1 lock held by udevd/5843: [ 442.119397][ T30] #0: ffff8880262f7358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 [ 442.128800][ T30] [ 442.137753][ T30] ============================================= [ 442.137753][ T30] [ 442.146288][ T30] NMI backtrace for cpu 1 [ 442.146304][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 442.146325][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 442.146335][ T30] Call Trace: [ 442.146341][ T30] [ 442.146347][ T30] dump_stack_lvl+0xe8/0x150 [ 442.146374][ T30] nmi_cpu_backtrace+0x274/0x2d0 [ 442.146445][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 442.146472][ T30] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 442.146501][ T30] sys_info+0x135/0x170 [ 442.146523][ T30] watchdog+0xfd9/0x1030 [ 442.146556][ T30] ? watchdog+0x21a/0x1030 [ 442.146588][ T30] kthread+0x388/0x470 [ 442.146608][ T30] ? __pfx_watchdog+0x10/0x10 [ 442.146632][ T30] ? __pfx_kthread+0x10/0x10 [ 442.146649][ T30] ret_from_fork+0x51e/0xb90 [ 442.146675][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 442.146697][ T30] ? __switch_to+0xc7d/0x1450 [ 442.146722][ T30] ? __pfx_kthread+0x10/0x10 [ 442.146741][ T30] ret_from_fork_asm+0x1a/0x30 [ 442.146782][ T30] [ 442.146789][ T30] Sending NMI from CPU 1 to CPUs 0: [ 442.257214][ C0] NMI backtrace for cpu 0 [ 442.257231][ C0] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 442.257250][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 442.257261][ C0] RIP: 0010:rcu_is_watching+0x70/0xb0 [ 442.257289][ C0] Code: c3 58 69 1d 93 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 34 8b 03 65 ff 0d 69 7b 71 11 74 11 83 e0 04 c1 e8 02 5b <41> 5e 41 5f e9 c7 b3 06 0a cc e8 51 f9 88 ff eb e8 48 c7 c7 00 4a [ 442.257305][ C0] RSP: 0018:ffffc90003fe7780 EFLAGS: 00000202 [ 442.257320][ C0] RAX: 0000000000000001 RBX: ffffc90003fe7801 RCX: 0000000080000001 [ 442.257332][ C0] RDX: ffffffff90a0ca01 RSI: ffffffff8c27c1e0 RDI: ffffffff8c27c1a0 [ 442.257344][ C0] RBP: dffffc0000000000 R08: ffffc90003fe78c7 R09: 0000000000000000 [ 442.257357][ C0] R10: ffffc90003fe78b8 R11: fffff520007fcf19 R12: ffffc90003fe7ef0 [ 442.257369][ C0] R13: ffffc90003fe0000 R14: ffffffff8e1b0790 R15: dffffc0000000000 [ 442.257382][ C0] FS: 0000000000000000(0000) GS:ffff88812545d000(0000) knlGS:0000000000000000 [ 442.257396][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 442.257407][ C0] CR2: 00005604d4a32ee8 CR3: 000000000e54c000 CR4: 00000000003526f0 [ 442.257423][ C0] Call Trace: [ 442.257429][ C0] [ 442.257436][ C0] ? unwind_next_frame+0xa5/0x23c0 [ 442.257461][ C0] unwind_next_frame+0x1a66/0x23c0 [ 442.257489][ C0] ? unwind_next_frame+0xa5/0x23c0 [ 442.257512][ C0] ? x64_sys_call+0x221a/0x2240 [ 442.257538][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 442.257557][ C0] arch_stack_walk+0x11b/0x150 [ 442.257584][ C0] ? do_syscall_64+0x14d/0xf80 [ 442.257605][ C0] stack_trace_save+0xa9/0x100 [ 442.257621][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 442.257644][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 442.257669][ C0] save_stack+0x122/0x230 [ 442.257688][ C0] ? __pfx_save_stack+0x10/0x10 [ 442.257704][ C0] ? __free_frozen_pages+0xc2b/0xdb0 [ 442.257721][ C0] ? vfree+0x25a/0x400 [ 442.257735][ C0] ? kcov_close+0x28/0x50 [ 442.257758][ C0] ? __fput+0x44f/0xa70 [ 442.257780][ C0] ? task_work_run+0x1d9/0x270 [ 442.257796][ C0] ? do_exit+0x70f/0x23c0 [ 442.257810][ C0] ? do_group_exit+0x21b/0x2d0 [ 442.257825][ C0] ? __x64_sys_exit_group+0x3f/0x40 [ 442.257841][ C0] ? x64_sys_call+0x221a/0x2240 [ 442.257873][ C0] __reset_page_owner+0x71/0x1f0 [ 442.257892][ C0] __free_frozen_pages+0xc2b/0xdb0 [ 442.257911][ C0] ? ___free_pages+0xb2/0x220 [ 442.257933][ C0] vfree+0x25a/0x400 [ 442.257949][ C0] ? __pfx_kcov_close+0x10/0x10 [ 442.257973][ C0] kcov_close+0x28/0x50 [ 442.257995][ C0] __fput+0x44f/0xa70 [ 442.258024][ C0] task_work_run+0x1d9/0x270 [ 442.258042][ C0] ? __pfx_task_work_run+0x10/0x10 [ 442.258059][ C0] ? kmem_cache_free+0x187/0x630 [ 442.258077][ C0] ? do_exit+0x70a/0x23c0 [ 442.258095][ C0] do_exit+0x70f/0x23c0 [ 442.258115][ C0] ? __pfx_do_exit+0x10/0x10 [ 442.258129][ C0] ? do_raw_spin_lock+0x12b/0x2f0 [ 442.258151][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 442.258169][ C0] do_group_exit+0x21b/0x2d0 [ 442.258188][ C0] __x64_sys_exit_group+0x3f/0x40 [ 442.258205][ C0] x64_sys_call+0x221a/0x2240 [ 442.258228][ C0] do_syscall_64+0x14d/0xf80 [ 442.258245][ C0] ? trace_irq_disable+0x3b/0x150 [ 442.258270][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.258287][ C0] ? clear_bhb_loop+0x40/0x90 [ 442.258306][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.258322][ C0] RIP: 0033:0x7f09abb9c799 [ 442.258336][ C0] Code: Unable to access opcode bytes at 0x7f09abb9c76f. [ 442.258344][ C0] RSP: 002b:00007ffc925e2938 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 442.258360][ C0] RAX: ffffffffffffffda RBX: 00007f09abc33be1 RCX: 00007f09abb9c799 [ 442.258373][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 442.258383][ C0] RBP: 00007f09abc33bf3 R08: 0000000000000000 R09: 00000000000927c0 [ 442.258394][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 442.258404][ C0] R13: 00000000000927c0 R14: 000000000006b5fb R15: 00007ffc925e2ae0 [ 442.258425][ C0] [ 442.659431][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 442.666304][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 442.675413][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 442.685470][ T30] Call Trace: [ 442.688749][ T30] [ 442.691668][ T30] vpanic+0x56c/0xa60 [ 442.695648][ T30] ? __pfx___schedule+0x10/0x10 [ 442.700493][ T30] ? __pfx_vpanic+0x10/0x10 [ 442.704999][ T30] ? __pfx_console_unlock+0x10/0x10 [ 442.710211][ T30] panic+0xc5/0xd0 [ 442.713932][ T30] ? __pfx_panic+0x10/0x10 [ 442.718351][ T30] ? preempt_schedule_thunk+0x16/0x30 [ 442.723721][ T30] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 442.729874][ T30] watchdog+0x1023/0x1030 [ 442.734219][ T30] ? watchdog+0x21a/0x1030 [ 442.738640][ T30] kthread+0x388/0x470 [ 442.742701][ T30] ? __pfx_watchdog+0x10/0x10 [ 442.747375][ T30] ? __pfx_kthread+0x10/0x10 [ 442.751957][ T30] ret_from_fork+0x51e/0xb90 [ 442.756543][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 442.761650][ T30] ? __switch_to+0xc7d/0x1450 [ 442.766321][ T30] ? __pfx_kthread+0x10/0x10 [ 442.770899][ T30] ret_from_fork_asm+0x1a/0x30 [ 442.775669][ T30] [ 442.778951][ T30] Kernel Offset: disabled [ 442.783263][ T30] Rebooting in 86400 seconds..