last executing test programs: 4.387183363s ago: executing program 4 (id=1683): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}}}, 0x10) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000000040)=0x1000000, 0x4) (async) bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x4}, 0x10) (async) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$SO_BINDTODEVICE_wg(r3, 0x1, 0x19, &(0x7f0000000180)='wg2\x00', 0x4) (async, rerun: 64) r4 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64) ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f00000002c0)={'wg2\x00', 0x0}) bind$xdp(r3, &(0x7f00000001c0)={0x2c, 0x2, r5, 0x29, r3}, 0x10) (async, rerun: 64) r6 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000500)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_cmd={0x15, 0x9, 0xc, 0x800, 0x5, 0x5, 0x0, 0x9, 0xb2, 0x6, 0x910d, 0x8, 0x7, 0x0, 0x0, 0x6, [0x2, 0x6]}}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) (async) r7 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt(r7, 0x28, 0x2, &(0x7f0000001100)=""/4109, &(0x7f00000000c0)=0x100d) (async) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000007c0)=ANY=[@ANYBLOB="280300002d0009"], 0x328}}, 0x84) 2.773048129s ago: executing program 3 (id=1695): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-aes-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x890}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001240)={0x18, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000030feffff720af0fff8ffffff71a4f0ff000000002d040000000000003d400300000000006504000001ed000079110000000000006c440000000000007a0ab0fe000000007b13000000000000c500f9ffffff00009500000000000000023bc065b7a379d17cf9333379fc9e94af05000000f1a864a710aad58db6a693002e6b3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a715bc5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7a29aa0d7d600c095199fe3ff3128c4e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d0800af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d390dd65be2467b373eafd9aa58f2077184b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c5da18ec0ae564162a27afea62d84f3a10746443d64364f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b93d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063be9261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6ffc3a15d96c2ea3e2e04cfe0e669e51731b2875353193f82ade69d0540059fe6c7fe7cd86975023cb08cc7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c5538a294270a1ad10c80fef7c24c87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e17fb1c1ca571380d7b4ead35a655e0b4a26b702396df7e0cbe02b6e4314f244a94aa8e98b0b263f0083bf93f05beb72f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba5823a34a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a9b702cc1b6912a1e717d29135753208165b9cdbae2ed9dc06000000000000008fe26e37037f27f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e05000000d03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d0a874c74b777df005c55fc30511d00000000c85265b2bd83d64a532869d708000000000000007baa5b6a682b50f0937f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a9037d2283c42efc54fa84323a56edbd287eba77f35c35d91f3c62a0ca74836a640224de85f2b4a5fee500bbc584328a6a7a4628c4378c9b71dff64075b74a6520adb187b40d2cccbcb08c0634ee74658d3e23bf2871ed2aa2a05e319374511c8b0bf1b69d2b3782b3f481c314e7bd4615dbbf24c06ac95bd639e68d0e6aa7f0d07bf69a93365f803f0144af37236ea133c2255b0613bf8ba1d538e06c2411e8d70053b712084fd0e313de9bb19266e49a3a2190cb039c6f89610acd896319b9c8d1b8aac2eaa5a4f8be7419a09e3fb5be3be2fcdadd2299839cc40e684e6e2b4e1385fde7a0babcb0be672110268a34dad364fddee69e564119cebb6940c6356ff83ca527c573d700000000000000c6299263e6d9097f225de969485bce3d7dc471c0669bb6a467cf0de54dfcc1857048fe22a19dbb1b3cb9babaa839f1f6e817a62d95a5b971ff96a5c66c338c6f2a2da4644519f40761402e9c81013d76c7152c95ba5efa24ce1930f23a2277f057ffb6b0144f3b434a2adc456ef4d2fbdf7c6238c2bb00ffcf2d23d68cb9b027f3b22589f7956b66c5692b46ea03abb6a404c8ccceaa4ba4161409fcb54b86eaca26b24464e0ff504b87c90697ec2a82bbfd1c31713190d3e6e502c434909d6ba06cd0361a0fd90552272f24519ea9938413947edd3a0a7aa780c1dcdddf13b46ca94f37c89664c9cc1857d64ca371fa1b6131"], &(0x7f00000001c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) writev(r3, &(0x7f0000000400)=[{&(0x7f00000002c0)="a609a89c9edd34187123b5adceb3968557f4e107445a53c0815c9636d00f896d1e8cd8de77a79f1e3e2c53ddf1bb9f8ac5cb5257ff4e8b960026bc4244c4b09179a97dffdf02563e23546d3e78f944e7e2fee2a00b6313048fe354223318badb21d8c086669c5f7772f4a6d90d0997babdf79f7d557e055b3e6f2e4f41ec06a39a57b9ccc00bbca22395e41f9e9652af665f0e1603fb85d4799d54d44c706ff8df9bb805b182a1260b5936ae44f649b5e2fdca240984dcd0033ec28aeaaa686608c5c50538eea153", 0xc8}, {&(0x7f00000004c0)="7ee25c099579d92f8da721f68a8100b6adf04e0cd543f7d26019d57e6a3ecf7ef34486da35c482845d517dc801cca9e4f248b15413a7e252b00a3878a791f64bd79d1d7cc97eed1cb0ad91426115a3b3bf2738347b0acfb01a5aeb09818f35ba6f394fcc023050ec0fab5b7405e7ce33e50e3efb3f9373ce372307160e67a6ab", 0x80}], 0x2) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r2, 0x4048587b, &(0x7f0000000b80)={{r2, &(0x7f0000000040)='\x00', 0x0, &(0x7f0000000080)={@_ha_fsid={[0x8, 0x7]}, {0x4, 0x1, 0x1, 0x7}}, 0x2, &(0x7f00000000c0)={@_ha_fsid}, &(0x7f0000000100)}, 0x2, &(0x7f0000000b40)=[{0x2, 0x10000, &(0x7f0000000140)='\x00', &(0x7f0000000940)="543a7b714f63060a2c8f00122c1ed50325bcf1990e470c492484b6447160d2f418683863458bf1245238d9c695fa6d9b77882a9ad0afeaffceff7c1462f53276c8d27c2dc8940ec2a4ed388fd191a306b630a89dc895cf1ddb72fed989a227115a0d4ff60ef227e7bae957d64b6724b18013453f662f62362785363331ab09b9163a210ef92ef3b393f5915a10b3ae875ac6be13a43fc404126180cd15f2aadd1abc0b6cb9ab0e2b46b80dba59ebfe0e9006aed208d52952032d92c2aa2d3835a196af1ddf661b0af2644f1d5ed9afa8d4b5662119a84160e3576f66d401b45d9ab74efe951863d8026773308d32d03eb3b67d4204", 0xf5, 0x8}, {0x1, 0x1, &(0x7f0000000a40)=',-!,\x00', &(0x7f0000000a80)="f67d5bdaf437a787fad7e71a6a14f55f1bfa0ee2757458f278385a1dc1b79b2b5b2c78d6c8bcb968011a4f14ffc5ea41d97cc5b4eb60e97a6b3c7c791f2a669fc8735a60d41e66f4bab79745cdd90493fe47f01f1f69f63b785defee2cabb82a9c89bcdc102ecbfffa51eb0885ce9906a0caa025081b5457b11154d57953ace96fff6145210dd71cda5dc9599a0dabe7ed5474b2a976d51495f8c69b1c6a481b239dd61a67a99963a759d5cf772bcade6c6a4b27c41ca75acb8d5e3be0", 0xbd, 0x30}]}) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000c00)={0x1}, 0x4) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="05000000050000000200000004"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000200b703000000000000850000000400000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000001080)='GPL\x00', 0x7fffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000cc0)={{0x1}, &(0x7f0000000c40), &(0x7f0000000c80)=r2}, 0x20) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000001300)={&(0x7f0000000dc0)="50987ae0ae3908092777828044f4d5d3845c2c8693ff357599d8818af863c89907ef234dddb98dbfe6aebe3e5bb2e00f33d990b0c70b334a3a0acac073ecb64418414a28d99dff8aedef808b9a3023d453afb7ccb79f1cfa7d18ee48b6318e7106d59a59eff27298d896b3322f921169857e8abad8df3f88a81e32252d6f9e1cafc20be60b4afd12af16b7c9e8f80e47bf8dba82b28bc651fed7254f1e4e5c25f820f31b412d626ee09c7d82bb82cb435727bc169c987fa10a", &(0x7f0000000e80)=""/210, &(0x7f0000000f80)="d668767432e3b181d820f56bdb271dffb6870d2a263026de8d2d677bf6799c3c68c4a7c9b7fc17b1e814a7027f00b34095ac62ee953356704e2b0d71458d58dc3ae11fac0e93483aec28c8810e96dfd7ee353c0d33ab0d5630c31adea9fd743d7d29db1ca7635e5b8099266ce2c742930706f9158bbc20c39fe3141116f3e1738b70db1693196d705d1d7e69be9306378e3fb5022d80351439ab46cf47cb1cfc150f", &(0x7f0000001040)="f00bb77ef027", 0x1}, 0x38) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d80)={{0x1}, &(0x7f0000000d00), &(0x7f0000000d40)='%pB \x00'}, 0x20) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="28000000140009050000000000000000020100fe", @ANYRES32=r6, @ANYBLOB="080003000000000208000200ac"], 0x28}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000001080)=ANY=[], &(0x7f0000001100)=""/219, 0x7d, 0xdb, 0x0, 0xfa}, 0x28) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001600)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000c63f82cbf23a8e534e23541861f6aa60b79226f35bd2ac99e537d656b64236b21191d1691e61bd81e3b00f7c8ca758a40f1b91fea0149b7610bb3369f6726288b0b853f6ab018dc4de5cbc80c7918bbcfa80ac471a45623778bcf0bfddbc095bc44dd4bf19ad90b294129aee79ad35d95c2c7c95691b80fcc4615d4ebff845e2867b92ae29c00aa42d1c11cc0b2c041a8924720458f2cdb892aed487afc63a9e41d07f582632c80284e5732440a79f90a64f5f05a8be14a4455921c83be4accdc3f5dd07c8ff03fd50121e93f1d4", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r7 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000016000000b30000007f"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000080851000000600000018100000", @ANYRES32=r7, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000360a000000000006180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x94) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)=ANY=[@ANYBLOB='..']) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r8, &(0x7f0000000100)=ANY=[], 0x32600) 2.668555212s ago: executing program 1 (id=1697): r0 = socket$tipc(0x1e, 0x5, 0x0) unshare(0x6a040000) (async) bind$tipc(r0, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x42, 0x3}}}, 0x10) (async) close(r0) (async) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000000080)={'dvmrp0\x00', {0x2, 0x0, @loopback}}) 1.96988788s ago: executing program 1 (id=1699): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'geneve0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x1, 0x0, 0x1fffffd, {0x0, 0x0, 0x0, r1, {0x7, 0x6}, {0xd, 0xc}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054) 1.813450977s ago: executing program 3 (id=1702): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@updpolicy={0xb8, 0x19, 0x1, 0x70bd26, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0xfffd, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20000000007, 0xfffffffffffffffb}, {0x0, 0x0, 0x0, 0xfffffffffffffffe}}}, 0xb8}}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0xfffffffe, {{@in=@multicast1=0xe0000002, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x10, 0x20}, {0x0, 0x1, 0x100, 0xffffffff, 0x0, 0x9, 0xffffffff}, {0x0, 0x0, 0xfffffffffffffffe, 0x4}, 0x0, 0x6e6bb5, 0x2}}, 0xb8}}, 0x0) 1.702580205s ago: executing program 1 (id=1703): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000001000)=@newqdisc={0x24, 0x24, 0x8, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0xfff1, 0xfff1}}}, 0x24}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$unix(0x1, 0x1, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYRESOCT=r3], 0x1c}, 0x1, 0x0, 0x0, 0x20004840}, 0x28000) recvmmsg(0xffffffffffffffff, &(0x7f0000004ac0)=[{{0x0, 0x0, &(0x7f0000000640)=[{0x0}, {&(0x7f0000000240)=""/7, 0x7}, {&(0x7f0000000340)=""/27, 0x1b}, {&(0x7f0000000380)=""/70, 0x46}, {0x0}, {&(0x7f0000000440)=""/67, 0x43}, {&(0x7f0000000540)=""/11, 0xb}, {&(0x7f0000000600)=""/6, 0x6}], 0x8}, 0xb7de}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000007c0)=""/184, 0xb8}, {&(0x7f0000000880)=""/67, 0x43}], 0x2}, 0x1}, {{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000a00)=""/43, 0x2b}], 0x1}, 0x8}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000c80)=""/176, 0xb0}, {&(0x7f0000000d40)=""/65, 0x41}, {&(0x7f0000000dc0)=""/103, 0x67}], 0x3}, 0x2}, {{0x0, 0x0, 0x0}, 0x10001}], 0x5, 0x2103, &(0x7f0000000bc0)={0x0, 0x989680}) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="340000000007010100000000000400001e0000080c000640001fffe000000000080005"], 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$NL802154_CMD_SET_TX_POWER(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000004c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7400ffdbdf250c00000008000b00030000000c000600010000000100000008000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=0x0, @ANYBLOB="0c000600020000000000000008000b00c20d00000c00060000000000000000000800"], 0x60}, 0x1, 0x0, 0x0, 0x2001}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x4048010) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r6 = socket$kcm(0x2, 0xa, 0x2) ioctl$TUNSETVNETBE(r5, 0x400454de, &(0x7f0000000600)=0x1) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000003700e409000000000000020080"], 0x14}}, 0x8054) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20004001}, 0x4000018) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000c40)=ANY=[@ANYRES64, @ANYRES8=r4, @ANYRESOCT=r2, @ANYRES64=r6], 0x64}, 0x1, 0x0, 0x0, 0x480d4}, 0x24000000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000b40)=ANY=[@ANYBLOB="14000000100001000000000000000001060000000000001100010000000000000000000600000a00e7d9600900000000000000be2126e6bcc40bc525ebe02b1ea1619a3ba585a5bbe3bee6311fdbf5b83e1fde3cc7bf8c36d2554d6ee858cb035ca1289617c89eb726500a"], 0x28}, 0x1, 0x0, 0x0, 0x4044050}, 0x4000000) ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000680)={0x0, {0x2, 0x4e23, @local}, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2b}}, {0x2, 0x4e24, @rand_addr=0x64010100}, 0x80, 0x0, 0x0, 0x0, 0xf34, &(0x7f0000000640)='ipvlan1\x00', 0xbdbd, 0x1, 0x2}) r8 = accept4(r7, 0x0, 0x0, 0x800) sendmmsg$alg(r8, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r8, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) write$tun(r5, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0xfd5e, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x700, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0xffffff07}, @generic={0x0, 0x2, "d588380003c1"}]}}}}}}, 0xfd6c) 1.701935542s ago: executing program 2 (id=1704): syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x7fff, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x6eb}, 0x1c) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x6, 0x0, 0x0, 0x0, 0x6f, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000780)=[{0x3, 0x4, 0x1, 0x7}, {0x1, 0x2, 0xc, 0x3}], 0x10, 0x80000000}, 0x94) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wpan1\x00'}) setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0xa4}, {0x6}]}, 0x10) writev(0xffffffffffffffff, 0x0, 0x0) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x5fe, 0x0, 0x1c, {[@window={0xb, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) 1.701741844s ago: executing program 0 (id=1705): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000180)={@loopback={0x200000000000000}, 0x800, 0x0, 0x3, 0x1}, 0x20) setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f00000001c0)={@loopback, 0x800, 0x1}, 0x20) (fail_nth: 1) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, 0x0, 0x0) 1.382223914s ago: executing program 3 (id=1706): r0 = socket$inet6(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000080)="3bfdd75fa5717852d59a9367444a2130e72cd4dabc8854532cca0c32a5b9f844a4610c7525650ce3d3b76b15026d93e6dee896115e9364066aa3d14e33ef732b4681335c576902153114bdb9c74b538a71115fb1d1a63d1b04129661b29aab89d0be999a6b7c9bea755adedbf305a79f70b71d3d4c98577b49db4963ce89b0def5e840f459659cb6f86d56b069a5de11d601d348ff88ca6e5e2cfe40176880b33e9e8dbc32ba2e6a99b1b50276dc4f06166000d7069a3cc76f", 0xb9}, {&(0x7f0000000180)="892950e2405ee8629d9384a91c16d1706a3e61f305119f95cac0f1927f4c205b971eb41147cb1f86883d6910e68ac3996551800b3ec64b77f8444b18345a2c8b178eeeba0cde7319a5a46bfe7f5770e019efd9d52069edcced33a758c4e657f3a792dc193a1911b4e82ea800ad7afe03c851a8", 0x73}, {&(0x7f0000000200)="a68cde0d56b170df7710b54f17d9a39c4f98f3547190", 0x20000216}, {&(0x7f0000000240)="45e04400f2b383517a08c397dd0a76e67ecfc8e74573c24dedd3a48fb62418c1412fdcd15e888cb0f5d02e77bfecefda6b064c0bb2b66a9a522e63873dde02330510255eec7dfa1af708cdab59fb71eca786a359a2c3b0cbad35144ec5b069c53f90e43339845dc7fd140c55b0149ab38eb27c140f374bcc2c95b0b121d1a9302f3a01b888243b3fc0d46f0de0", 0x8d}, {&(0x7f0000000300)="87fb74cf4d67adbbd062637f514c1f5eb18d7b442e6457a356c6cb1f71a43dfae773c8489cce5145f92615d4bdb13ef54d6ae90ec7733180fcf5adf3e13fdb05b57b748bd14eda042a97fdd84498304a504a0a159b972e8200c2d0f536a3465ec498ed12b924bd134057df36129d3ebe3dd3ce9f0671e5278143e4afa3d43f444681de1b5f9725fca34fa357fe2154981666fb9dc202fc17a0199eb1c25bdd1005e590e84783ee9894c888998dc25a83c14aeee31d114acfa0bcd235d571cd765f4b9259ba43e6fc30291d8a642146c4771898030b736aeee6b247abb0784b154e104e7dcda401f9b1736fea30a41a4153fe6a9a525bd0a3487571f914f05b590e242341ade289d8f5b842c6be4a93c2755dfd47174def782a2f8f61c068b5a012f02c0801601e860def788121e8808c01fed4c920a3698d0d684920918c95b17f76bbcb4f265c931d8f79560ff8114b70f4dd6791e2ed70cfeb89905791b88be26efe1c5c66b7b50b3d2be0dbc066dfc31618f9507f6f340b85a2f76a6dcac9d6ccc289ace5e5fecd25afe22ffa451f5e365ab33cc985f2e9d7f7fb1be4794740a94215d7db14b0ffcec19e5e3c5ae0d8578ef3b65d2a7a77a11e390a6c3a6b391061c886b961e3c2f42d62047bfe1356a44b840d3d956105f4c0fa95db08c4933f00de77cdc057c28b41fecfc8398c442be1ad065954f6c9dfeb2fd7207e8548a00a1d50bdf522d2abfdafd71723616a34830fbfa8fc81e0c2639cc12f363a4919b7a00ac8189dad3e7e54122a2ef430f623658d5e281c9a19442995bb9b0e3f7d13e3016b6f9523be196bf23bbcc5ec802f43ef8b651d688d9d5a44f35c9847e4c32bce3e9ebed2326adadc76f06a195db32c80b3090d7cd65c9d8518ba4e528c5eb5c7a1c5695b21595fa8a8621734bfda8afddd65e1f37a1990220a00fa9bd2c22b0117ceb08ae6af3c944c2eca924abfddad065d1472d0c3f742a49b1e78c669471873706ad157d831d7482b773f07b0673a6ce1e227a7a4d13744bf459434c0ab1c323a38b1a84cbf1ce9741f2b8fdcc2e073e56171603d035aacd83e71d5132831f4f1e8bf517979f132a33fd03783272e9b8c96dfa4e1d320a58d82acfc8d3d53a5a52daafe4dc8be08f4ad53e11cc21374b6ff4ff5ea2ecc5d3f7c057f74f0098e57d990090475cdaffdef0da917653ed10fb70b94b72e5b4d95cbea0fc1dd2579635ad6ab545ba4d7b6d2f5442bdb78beb6c8ed62942a439117025b4566b48d9f3a17fdf4577e8606a4bc4c26557e58312fd2d1a541ebec3e5ae28eef8b2ab0597083716dd12889335570ee7839530eee879d9b137606cd4dd7103991671b4464bb68529eb19fb7a8845e3491bfbac688a87cf0744f429ea112014402915c4c1f6bae08d689d3cb7d641d7befe8fc74a2242310a9a367a39531b4c86da5b39df524e52f33ff9c40b48cb196ffc9ca855b6e698ade8a83e52b9ddc5031ff09e1907e4f8b0d07e64e1fb8e427f8819a7be907aa216bf8e2a4c7cc87ed53bf9490d4cc788b91f3b9f705e984a7e62c7a495e8421b97c39dc954b35468f17c6682334f4e16308448f457faeffff6d1f818522fa441d3a48168bdb12ffebace436a3915b63076cb6a655718647f87eaaf313b5bbd430421eed3a2215e439600a56eac8c65291eb103326a8034662bd337ab51577d9110ec7151be5cc9c54b2a30891acac5ad006ed537dbeb8f16eecbde7cf4e71373faf3c36b772f6d7ea9346875c8cf1049d49d4f8eb01b946c11e8c8e3ab2015f282167acddcc77fff03e1be9134252af0abfe538b4d25fc4ff874b52b9fb0996b5f32b4141dbd30578ff46e13ef6c63fc1620f62cb11a3dce401993976c272a5f62fde3f2a0e654d19e7a39dcdb622b9526d2a15cc18e6f817c916a00775353dd9c8954e66d0445b59bb0f5e6e3b46447232f52a0e398b057d123ef503afcbd48544db6434d2025bfc8dab72262a4fa5426a03061e7f8966e0086ff8ab5a91ab59f19b830394ee8bc76d6fb4816b8f4cde35b7eb9d3811228d51c54828f97fd1e648196c81bc73ed56249a59f318704e84656a6cedd2b8c1e1808d1cc648749abc643131e494c01336d4a14b8609656f2c972dc23c5c2e43fe40119fb88b5ec2aade35c03646e347354c493de8ab3672ccf94af0df333c6678299129d79be0eec281c5b3858ce3995566a390b674635b356692e3e9c53a089638ba0d69e772b7b410a5ae03de12e7de755ee559e1707b7b8003aabc8e2ce03c01e3183ff2d93262f6d5ceaafecdae66bc7cb3952c5a6571d864d502f281db5a228695badca5d022fdb6da56ab15dc377d1c1f8581ff56e28c2b2a84edb629547d28275c2ed571103b4ca7cdeb0776ba9f9dffcd78d21c3d4caa9289ed199672f4e7b912068c49c817114c37d37ea03954bae87d1ddae3da2ad85feb2fbb735b75a51f7bee5c8d88cc7bf64700d1a46ec6b631ae22ac7b06730a86a26bdcb992e1c7b50142de96b14a8468e4514068a30896fc677fddefaebb125c693a8d460469c7fe535f844781940f66d6abd091191c3122d584f5b0f5b0d443713d7d5186124d73de28aca30b719d4a55e09d259bddbf16995aeb1000880890afbd24d4066b0398985a40999de22ce176348e1c1f57eaf75b92a1e4f1482e89a00ac2cc36b20e36af9ec310599c19a5b1d6f8fadba104c58c801c6633315f82ebfa88faddd0b693e2f827f586c1cc5538e93bcf10f81af6dd7ee727df3b5018c0b4e31e40d040a47503b6ace4d29a1162ce487351825255f5584aff7cbd421f85c3d9fbb3784abd9848f16028b68f0d32ed8bb80106e8cc4acb939ff88bd39976d166b2addebf628b3fcd056da2f60e1b90f7a32702954921908ebccb683622a1f574ceba6951bef5e751c338c8279318dc28e36b9fc2bb17c3ad08aceb00fc388e6db112a738f86a4a1eb11526e1b9d73250b326285ed47c4398d93a3933d9a784249b65ad7d78a1f81d96ef36493ed693045a2150a8eb43cecc0c93e7d20b15b39a0646b081c2923b816365b7fbb41683a41732d942c5aa12faf876ec7f036becde8f3295af6dacff38d076d8e06260fee167703bb610745374a2758a6b88e465ca77d1f3105ae8b6b04a1eb509fb178d6249dbbc84d5d1d069278449a89d03e4a9a395d8170c329a296cfc329798cb9b9f1078d098cf3f989fd4ec53e013fbe917df35292d44fb1f3da4da4432a1847d4721514ade8cda5e5c0b51183580fc35266a970ebba74faeda56d4dcb56df51f96ad237452cedbd0cb2bee112713c3d450835811bf3da9745136d428e148fd0932dc77c8d8e61a16c625241fad8425b4ece394eedd5f165bd94923bfa1172be8edc8a4fcaae5f77ee8cc510192b27964da09c3e84efb4bc7154da1a24da8b7e544b42278d2574687ec76143afa6cf193d52a2a7f4c20ee57b6056a1337d5e408117a6cf1ab49c8980f39597f69902085d3e8d374d44e6ab4ed1185a26be2bc7281e9cfbbeb6bed899aa1924d3faa06d95999fbeaf2337494e0c2c39eef5a73fcde84459a9ea48d4e015d9e5bb5839354967ce02f637bc8678d2595b9a918fc36b927d7501f0ac2e3471ce02b5df355689c87f191ef5390900a41deec29984e45a878ece964b0009aad561316fc3b30ce1b49266d32eb17cd30f3e17e1f59014e8c518940dd0a093d1349c1a7c2581963bbe0ba372b6426e81c33c71b2ec8141c5713e52a37fff0a417a5b259e1420d9fb6a731f5baa0cc494221947895aa8fa14745a986a366bff9d0c239a19f85372497565b5b703da16439019df5f3d29f4247fb528854c9648630f03e9dedde5a08a47728ea6a4d42e62eff6fa3bd402325e0f4387b60171c37c180f958ad80955779c899517e7ea76eed00598e01552eaaf08b723daf9d466e8c57af43a15a46528b1119f5074aa3c51f77357ebe158275bc06b89640d7ce3c0a03af01418d7dc6ae8a1be8ab08c1722d66d1e9277480b8b178447667c024f9b78f8a878a2d7cf8e83e5104f6964b2907a989abafc7d7d0df941abf3d7283b6a11d46c2911a42182ec27ab785d92946e1ee8ef44846d561850d2a98c305c382f36d4cfc9b2bfd3b86ef21a0d187adcafbec8268c7d662a34dda1c83c4967097743133bc8c587edf249f5668c34ddb112fa4eb1bea9c8f6a000f1f34428b54688a5e214a7919868b25dbe930e86a243ecf54afe0b518c647d04873d2cf62cb2ab27f00015537a4fd2ea3dc8777abdf3284622347016566da0b9c406ca8c40694e4013a53fbf2e803d51b0bbe5e9df5fc74f66be618856357ccf803c53ed0e3b3fe79f69f0ede9b565d8f7a8ce5aa8cbb4e8fa61be3fd00ffb07e45065498925c14c0b311942d4ed951ad6237aadb5405bc7b2d79e1fd295b7c2ed8efa883e44c86a5053e2f421c6d4dc0c47d3a05d911db37d6efdb8e50fb3f06139ac147bc7162c21aece79eaf72e9779f19eb5395cec3d15a7594ea70a6b373d98651d2215b210f037ea3f8a57ded74474f6fdb64a08b56af52168da70b30aee03472cd8bee5af04cad7303004a4aba464b99", 0xcb3}], 0x5, &(0x7f0000001480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private, @multicast1}}}], 0x20}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000500)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002bbd7000000000000200000008000300", @ANYRES32, @ANYBLOB='\b\x00gA'], 0x34}}, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_START_REQ(r5, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x3c, 0x0, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@IEEE802154_ATTR_COORD_SHORT_ADDR={0x6}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x3}, @IEEE802154_ATTR_BCN_ORD={0x5, 0x17, 0x3}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x14}, @IEEE802154_ATTR_SF_ORD={0x5, 0x18, 0x40}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x10000000) recvmsg$unix(r2, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001040)=[{&(0x7f00000015c0)=""/4096, 0x7ffff000}], 0x1, 0x0, 0x2}, 0x40000300) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)}, 0x10) write(r0, &(0x7f0000000040)="1c00000021002551071c0165ff00fc020200000003100f000ee1000c", 0x1c) 1.321446632s ago: executing program 0 (id=1707): r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) ioctl$SIOCSIFHWADDR(r0, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="018dff8dffff"}) 1.214275109s ago: executing program 0 (id=1708): socket$netlink(0x10, 0x3, 0x9) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket$can_bcm(0x1d, 0x2, 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x404, 0x9}, 0x50) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000000)) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x1b, 0x0, &(0x7f0000000200)="083972bdb3a605c4c1188e9986dd02ff4284860186ddba71f16b7d", 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30000000}, 0x50) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x8044) 1.18072684s ago: executing program 4 (id=1709): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x50}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c00000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00b90a604b9e8f2a1c8e0100627269646765b13a95ff82"], 0x3c}, 0x1, 0x0, 0x0, 0x40000000}, 0x0) 1.061512802s ago: executing program 2 (id=1710): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x44, 0x10, 0x40d, 0x70bd2d, 0x1ffffffc, {0x0, 0x0, 0x0, r2, 0x60046, 0x400}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x2}, @IFLA_BOND_XMIT_HASH_POLICY={0x5, 0xe, 0x2}]}}}]}, 0x44}, 0x1, 0x2000, 0x0, 0x40040}, 0x80) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x200e3}, [@IFLA_MASTER={0x8, 0xa, r2}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 1.017848623s ago: executing program 1 (id=1711): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002000010000000000fbdbdf25030117800c00160006ac0f00000000001400010000000000000000000000ffff0000000050bb2d6f67d29d6fabadb107d0def49ca3ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be0400eb0000"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) 1.017207713s ago: executing program 4 (id=1712): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r9, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r8, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x10}}], 0x10}, 0x2000) 937.353624ms ago: executing program 0 (id=1713): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x13, 0x3, &(0x7f0000000000)=@framed={{0x4e, 0xa, 0xa, 0x0, 0x0, 0x71, 0x10, 0xa1}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80) (async) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x13, 0x3, &(0x7f0000000000)=@framed={{0x4e, 0xa, 0xa, 0x0, 0x0, 0x71, 0x10, 0xa1}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0xc) syz_open_procfs$namespace(r1, &(0x7f00000000c0)='ns/time_for_children\x00') bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r0, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, &(0x7f0000000140)=[0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0], 0x0, 0x94, &(0x7f00000001c0)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000200), &(0x7f0000000240), 0x8, 0x19, 0x8, 0x8, &(0x7f0000000280)}}, 0x10) 875.094292ms ago: executing program 4 (id=1714): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='freezer.parent_freezing\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x200000c, 0x11, r2, 0xaa0f4000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0x3, 0x28011, r3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) mmap(&(0x7f0000ff4000/0x3000)=nil, 0x3000, 0x2000004, 0x12, r4, 0xe6905000) mmap(&(0x7f0000867000/0x2000)=nil, 0x2000, 0x0, 0x11, r3, 0x1000) mmap(&(0x7f00005d3000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0xfffff000) mmap(&(0x7f00008b7000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) mmap(&(0x7f0000071000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x40000, 0x2000000000032, 0xffffffffffffffff, 0x0) 777.234803ms ago: executing program 2 (id=1715): r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x1c, 0x0, &(0x7f0000000140)) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0xa}, [@ldst={0x6, 0x2}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48) 776.812237ms ago: executing program 1 (id=1716): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x288002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24000084) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x6e, &(0x7f0000000100)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6708100000003aff00034000000000000000ffffac1414aaff020000000000000000000000000001"], 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'dvmrp0\x00', 0x2}) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="011d0000000000000000010000000000000001410000001c001700000000000000ed6474683a7379"], 0x38}}, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r12 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) close(r12) sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000140)=@newqdisc={0x30, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r11, {0x4}, {0xffff, 0xffff}, {0xffff, 0x6}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4005c}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000640)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x5001, 0xfffffdfb, {0x0, 0x0, 0x0, r6, {0x4}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) r13 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) setsockopt$bt_l2cap_L2CAP_LM(r13, 0x12, 0x3, 0x0, 0x0) r14 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r14, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_delrule={0x38, 0x21, 0x1, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_IIFNAME={0x14, 0x3, 'sit0\x00'}, @FIB_RULE_POLICY=@FRA_PRIORITY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000880}, 0x0) 737.618156ms ago: executing program 0 (id=1717): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000180)={@loopback={0x200000000000000}, 0x800, 0x0, 0x3, 0x1}, 0x20) setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f00000001c0)={@loopback, 0x800, 0x1}, 0x20) (fail_nth: 2) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, 0x0, 0x0) 686.293596ms ago: executing program 4 (id=1718): r0 = socket$nl_rdma(0x10, 0x3, 0x14) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES64=r2, @ANYBLOB="b5c176104c34f1e4ba00010000000c00018008000400ee", @ANYRESHEX=r0], 0x20}}, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000000)=ANY=[@ANYBLOB="100000000514f3ff0000000000000000"], 0x10}}, 0x0) 662.725776ms ago: executing program 3 (id=1719): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000400)=0xa4, 0x4) syz_emit_ethernet(0x72, &(0x7f0000000140)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @link_local, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @dest_unreach={0x1, 0x5, 0x0, 0x0, '\x00', {0x0, 0x6, "00b295", 0x0, 0x3a, 0x0, @dev={0xfe, 0x80, '\x00', 0x1d}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [], '\x00\x00\x00\x00\x00\x00\x00\x00'}}}}}}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'ip6_vti0\x00', 0x0}) sendto$packet(r2, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xf, 0x4, 0x4, 0xfffffffe}, 0x48) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x24, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_QUEUE_SREG_QNUM={0x8, 0x4, 0x1, 0x0, 0x16}, @NFTA_QUEUE_FLAGS={0x6, 0x3, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}, 0x1, 0x0, 0x0, 0x850}, 0x4040080) r5 = socket(0x15, 0x5, 0x0) socket(0xa, 0x3, 0xff) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a300000000048000000030a01010000000000000000020000000900010073797a30000000000900030073797a3200000000080007008b617400140004800800014000000000080002"], 0xa4}}, 0x0) getsockopt(r5, 0x200000000114, 0x8, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002) getpeername$packet(r5, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000280)=0x14) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000181100000000000000000c0000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, 0x94) ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r2, 0x8982, &(0x7f00000002c0)={0x2, 'veth1_to_bridge\x00', {}, 0x40}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r7, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000300)="b9ff03076804268c989e14f088a8", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8}, 0xe) 614.185169ms ago: executing program 2 (id=1720): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20880001}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, r1, 0xa65cd4c98a78ed2f, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x4000000) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0xa}, [@ldst={0x6, 0x2}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48) 354.516177ms ago: executing program 4 (id=1721): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000001000)=@newqdisc={0x24, 0x24, 0x8, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0xfff1, 0xfff1}}}, 0x24}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$unix(0x1, 0x1, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYRESOCT=r3], 0x1c}, 0x1, 0x0, 0x0, 0x20004840}, 0x28000) recvmmsg(0xffffffffffffffff, &(0x7f0000004ac0)=[{{0x0, 0x0, &(0x7f0000000640)=[{0x0}, {&(0x7f0000000240)=""/7, 0x7}, {&(0x7f0000000340)=""/27, 0x1b}, {&(0x7f0000000380)=""/70, 0x46}, {0x0}, {&(0x7f0000000440)=""/67, 0x43}, {&(0x7f0000000540)=""/11, 0xb}, {&(0x7f0000000600)=""/6, 0x6}], 0x8}, 0xb7de}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000007c0)=""/184, 0xb8}, {&(0x7f0000000880)=""/67, 0x43}], 0x2}, 0x1}, {{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000a00)=""/43, 0x2b}], 0x1}, 0x8}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000c80)=""/176, 0xb0}, {&(0x7f0000000d40)=""/65, 0x41}, {&(0x7f0000000dc0)=""/103, 0x67}], 0x3}, 0x2}, {{0x0, 0x0, 0x0}, 0x10001}], 0x5, 0x2103, &(0x7f0000000bc0)={0x0, 0x989680}) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="340000000007010100000000000400001e0000080c000640001fffe000000000080005"], 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$NL802154_CMD_SET_TX_POWER(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000004c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7400ffdbdf250c00000008000b00030000000c000600010000000100000008000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=0x0, @ANYBLOB="0c000600020000000000000008000b00c20d00000c00060000000000000000000800"], 0x60}, 0x1, 0x0, 0x0, 0x2001}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x4048010) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r6 = socket$kcm(0x2, 0xa, 0x2) ioctl$TUNSETVNETBE(r5, 0x400454de, &(0x7f0000000600)=0x1) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000003700e409000000000000020080"], 0x14}}, 0x8054) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20004001}, 0x4000018) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000c40)=ANY=[@ANYRES64, @ANYRES8=r4, @ANYRESOCT=r2, @ANYRES64=r6], 0x64}, 0x1, 0x0, 0x0, 0x480d4}, 0x24000000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000b40)=ANY=[@ANYBLOB="14000000100001000000000000000001060000000000001100010000000000000000000600000a00e7d9600900000000000000be2126e6bcc40bc525ebe02b1ea1619a3ba585a5bbe3bee6311fdbf5b83e1fde3cc7bf8c36d2554d6ee858cb035ca1289617c89eb726500a"], 0x28}, 0x1, 0x0, 0x0, 0x4044050}, 0x4000000) ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000680)={0x0, {0x2, 0x4e23, @local}, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2b}}, {0x2, 0x4e24, @rand_addr=0x64010100}, 0x80, 0x0, 0x0, 0x0, 0xf34, &(0x7f0000000640)='ipvlan1\x00', 0xbdbd, 0x1, 0x2}) r8 = accept4(r7, 0x0, 0x0, 0x800) sendmmsg$alg(r8, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r8, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) write$tun(r5, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0xfd5e, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x700, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0xffffff07}, @generic={0x0, 0x2, "d588380003c1"}]}}}}}}, 0xfd6c) 299.102508ms ago: executing program 0 (id=1722): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(0xffffffffffffffff) r2 = socket$kcm(0x29, 0x5, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000000), 0xffffff6a) r4 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r4, &(0x7f0000000280)={0x0, 0xffe4, &(0x7f0000000ac0)=[{&(0x7f0000000b00)="b6bd7e4983a45b31f79d80060400000000000000a33734d88229acf96457ad59d0b87f8659b614043e3d21a7cacecab8bbd26251b93b28b4d83e618673f9c74d0a28a5146c5511549fa617e908352c87d8ddff2ce042a1e58eb7b63759cab3526dd8ae1566ddcfb5fa83e8b2940b3ed1b8", 0x71}, {&(0x7f0000000880)="3aa854", 0x3}, {&(0x7f0000000a40)="746b9120a32aaf78043a9b07000000000000003c44", 0xfffffe16}], 0x3}, 0xc854) setsockopt$sock_int(r4, 0x1, 0x12, &(0x7f0000000180)=0x4c, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1) sendfile(r2, r3, 0x0, 0xffffffff000) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x14, r5, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008004) r6 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r6, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f00000000c0)='bbr', 0x3) recvfrom$inet(r6, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000009b80)=@newchain={0x24, 0x64, 0x300, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x7, 0xfff2}, {0xf}, {0xa, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x600, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="440000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001b000000000004001a80180002"], 0x44}}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0) 181.595557ms ago: executing program 3 (id=1723): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb010018000000000000007c0000007c00000002000000000000000000000e0000000000000000000000000600000d00000000000000000000000000000000000000000000000000000000000000000000000003000000fdfffffffeffffff0000000000000000000000070000000000000000000000090000000000000000000000090400000000000000000000090600000001"], 0x0, 0x96}, 0x28) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB="18850000000000000000000000000000851000000300000018000000", @ANYRES32, @ANYBLOB="000000000000000095000000000000009500000000000000"], &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x94) 176.004747ms ago: executing program 1 (id=1724): socket$netlink(0x10, 0x3, 0x9) openat$tun(0xffffffffffffff9c, 0x0, 0x101100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket$can_bcm(0x1d, 0x2, 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x404, 0x9}, 0x50) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000000)) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x8044) 166.484299ms ago: executing program 2 (id=1725): syz_emit_ethernet(0xaa, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaabb08004522009c0067000750019078e0000002ffffffff44281ed00000000500000009000000020000000000000007000000020000000500000d4d00000531891fa300000000ac1414aa00000000ac1414197f000001ac1414bbac1414bb01014434ac416401010000008001ac1e010100000004e00000020000000fac14141d00000010ac1414aa00000003e0000001000000800000000f00907800090003"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000dc0)=ANY=[@ANYBLOB="b7000000a5517f5fbfa30000000000000703000028feffff720af0fff8ffffff71a4f0ff00000000b7060000000000012e400300000000006506020001cd000071187c0000000000c3640000f10000007b0a00fe00000000850000002e00000079000000000000009500000000000000023bc065b7a379d179fc9e94af69912435f1b6a693172e6191a12bebf9f9804ea033388cd15b65877ad4b200000000000000000beca090f32050e436fe275daf51efd601b6bf01c8e8b1abe4fef3bef7074815ae98743d1ace4c46631256dd19aed0d600c0b6199fe3ff3128e599b0eaebbdbd7359a48f5b0afc3996792043a6787bac46aa7aa400000000000069669622208266f896ba2c9e73c2efeec2dc565fbafb2cb63f5fef9ab79ff8abaa8a08f54a062107e9bb3e980fff675c8d3e91df6648a7a6aebcb63e0867b75690152af27711f0cbb9c06018d21bf3f87b8eb65323b4267a526d53442db8e48dbc5ce47d67d07441a7975d5e41b14fd0154a8246249952a8b61633ce068220defe09d3b1136af6d03e9cf996c13d1bfcdc54567a9ca80dec2e943fe4ae7c617cc071f7add70cfbd48f8f6b50fe6a8297d88efa73e7e601040000b4a685969f28902bdecf66ef39755de79ed2c711477febc96231a53984d00877301d0ec62427a8e38618fdd1ce9aaed569ebc5f2e58d6028e66139a737cc7146a131d47dcebb32ed67021d76e983223c998aec22242ae54e87f438d26982876b58f9134366952f7399a733f07138a736924f3709000000e97f0c117ec439c6b7b965752bbc06eced08d97a32ae4b1ad4d11c5b6f68ee841975233e4cea13f3ef04b2cab9cc256d4539dbafd888c7097c1169e0bebcc81ca3da40bf34b6c9c1da2d6ed8acaf2a8091820ff4cf6be74ddca8bf2eed0e11b2139e8c3ec95436af5269d5792decda7d8b5dcf8640b504ba23c6d0a7f67cdfd27328100ebf9319a56f0f9cee17deecf747f3493f1dc39551f4c9a40b3e93fa80b8234ccbf39a9ef09bd97321f0dc20956f44ba2c5ec2e7569b05cf4690ddc189f174046a8b214acf23f42fb51ed4819e6b4cb5a8bf2b559d0c198fe0315483b8beb9801d06c58b22dd713fe3b7ef18e21081aacfd091b754125a488cea18255f79bebcb3051f622f8a1d9af1908e88a58774a24f35a4ccdbedea6212286c23dd89c2b4b90647f17231472af8dda7f3ab20f093aad3ce875f7458039ee6d0a50deb7bc8eb393f056a5e7725531c5485278e0362338e2e2710fe00465e0d182a322091022cf5b814eeb9b3cab21196581e4d92d0b6fe5525285eea359274f1f21d69233bbe94941f10ba292100000000000000000000000000000000c18e93a0c5231779f2ee201e9fe7e63e84b57b5f05ecd278919bad330ffcb594b8255b3085b352ca9533d6c31c1a30158c30352f8a126a65cb6582e58aa641007418611df53a601c3a8fb8d2286e86abf98136f345446730f68f5d6d1817a9e1b09e5650d2599fbe719a45337d29eb3fef5f7f565457660dec6fe903a1c2ea4f40a8ea1c179892afa219fc69a44163f0d731de418e9fd82a8c4661caea674b19242d1840d047882f640ea248457288c5ffb63e857da03ff5c0475c3cfff41c4806f1dc750eb1c45ec3a2a0b064834010604d6f88a29e8e9bda2bc9c18d1b53a08f25d62ccaa46bc0235c830a7b3fe64bc6031b431bcad6b698a1ba6027870ea9e55fafbbf140c5f82a33ee4ac793b989c12a5827a7957f4d8136cf918b7cbf5bc5fc64c8001992536584586edded6f65bdd371ac84fd5cc60ab79b84e9e85a1c54d5666a5d133e95eff121621dff14b9de7a188b8c5387f9da63c2cce405bc44079e34e2db2b275bfbb54841d647338cad74be91144b780cf381a6860f641446ef73bd11d45f5e4df8f3c6440d8425fd7382225cf8c2cada01bf3cd5cbc6a403173e0c89a491c75efc3c21b7825a521c6011945eef94abc3000000000000000000000000000000d71b794e9b4c145caf050429937eef4364d9e1cbe9150bccd9b2e73757f1f5e8ac50736cd3cbc029ede2869642841371bb4b9c1aaa8826889a909e6716b60e4b568b6761f8ccc7d35b0e66357746b10fc481b47e67f1e14408c1ef3e018a5e647e3f607654f3bf82bcfb42be038a272d82f8362944f608b3810000000019fda0b1b607f1ab34194ed954973f7a5accc0938d3364ab07574d0b32fc30f3ab73d012b63ee905e98ab6989ec2c840cd216eb18fedfb3b204e94e170bae930660368d3799c9b1bf7556ac57164966791626f06ad2e332341965f72141ec140b80efd7720ccdaa890b79bc4523386bd66553121543c9a35b7adcf2f6b257fefef1d6e1da2ee94d3f822bf45aad21e5b5a3788ab584090664065af39b0f43968dcd7c5f8e5a8dc6298691423fbf7e8e012260bc62f9422434a547ef7ca37953d435098d9b71edd1a03e46d0ade465d0c0db0a51f9e29cac05e5a04f94e"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x45}, 0x48) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x10982, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000240)=0x400, 0x4) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) getsockopt$PNPIPE_IFINDEX(r2, 0x113, 0x2, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000140)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="9feb0100180000000000000040000000400000000200000000000000000000090400000000000000000000010500000008000000000000000000000300000000020000000200000000000000000000000000000b03"], 0x0, 0x5a}, 0x20) syz_extract_tcp_res$synack(&(0x7f00000003c0), 0x1, 0x0) syz_emit_ethernet(0x82, &(0x7f0000000280)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa008100000086dd60f53a0400483a00fe8000000000000000000000000000bbff0200000000000000000000000000010200907800ffff006050835900000000fc010000000000000000000000000000ff0000000000000000000000000000003a0100000000000007a300000000000080ff00f5bbe3069f3cdff5f26e58476e597b8b11d84e1838d727f800000000000c156d9b87246de8552aa6c4a91acb981223ce90e67cd24f1c4ab83835d777c04aa6044246a55145a75a84089bd4ddd305c7ac03b276ba29882d8592cedfedf2c400ac1af5f1798f6b38b3897d59a16d2842b9ffe17ff998db014619ef20cf4e16cb6bb0a5269843e35266e33c5344df04681ad36392ca94a8fd3e5a60abd1ae3743d81e9beb432cf962657b72f2608c60739f"], 0x0) 38.710777ms ago: executing program 3 (id=1726): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x44, 0x10, 0x40d, 0x70bd2d, 0x1ffffffc, {0x0, 0x0, 0x0, r2, 0x60046, 0x400}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x2}, @IFLA_BOND_XMIT_HASH_POLICY={0x5, 0xe, 0x2}]}}}]}, 0x44}, 0x1, 0x2500, 0x0, 0x40040}, 0x80) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x200e3}, [@IFLA_MASTER={0x8, 0xa, r2}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 0s ago: executing program 2 (id=1727): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='freezer.parent_freezing\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000215000/0x1000)=nil, 0x1000, 0x0, 0x6011, r2, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x200000c, 0x11, r2, 0xaa0f4000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0x3, 0x28011, r3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) mmap(&(0x7f0000ff4000/0x3000)=nil, 0x3000, 0x2000004, 0x12, r4, 0xe6905000) mmap(&(0x7f0000867000/0x2000)=nil, 0x2000, 0x0, 0x11, r3, 0x1000) mmap(&(0x7f00005d3000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0xfffff000) mmap(&(0x7f0000071000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) mmap(&(0x7f000015b000/0x3000)=nil, 0x3000, 0x800001, 0x10012, r1, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0) (fail_nth: 20) kernel console output (not intermixed with test programs): dd9 [ 178.884882][ T7883] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 178.884901][ T7883] RSP: 002b:00007fa9ca063028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 178.884925][ T7883] RAX: ffffffffffffffda RBX: 00007fa9c9415fa0 RCX: 00007fa9c919cdd9 [ 178.884941][ T7883] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004 [ 178.884955][ T7883] RBP: 00007fa9ca063090 R08: 0000000000000000 R09: 0000000000000000 [ 178.884969][ T7883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 178.884983][ T7883] R13: 00007fa9c9416038 R14: 00007fa9c9415fa0 R15: 00007ffce47a51d8 [ 178.885017][ T7883] [ 179.400020][ T7905] tipc: Enabling not permitted [ 179.422691][ T7905] tipc: Enabling of bearer rejected, failed to enable media [ 179.441069][ T7907] netlink: 'syz.0.589': attribute type 1 has an invalid length. [ 179.717716][ T7920] veth3: entered allmulticast mode [ 179.820649][ T30] audit: type=1804 audit(1777515138.783:24): pid=7928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.596" name="/newroot/111/cgroup.controllers" dev="tmpfs" ino=596 res=1 errno=0 [ 179.859919][ T30] audit: type=1800 audit(1777515138.783:25): pid=7928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.596" name="cgroup.controllers" dev="tmpfs" ino=596 res=0 errno=0 [ 180.349463][ T30] audit: type=1804 audit(1777515139.313:26): pid=7955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.609" name="/newroot/129/cgroup.controllers" dev="tmpfs" ino=679 res=1 errno=0 [ 180.427063][ T30] audit: type=1800 audit(1777515139.313:27): pid=7955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.609" name="cgroup.controllers" dev="tmpfs" ino=679 res=0 errno=0 [ 180.472116][ T7959] netlink: 8 bytes leftover after parsing attributes in process `syz.2.611'. [ 180.484303][ T7958] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 180.494999][ T7959] netlink: 8 bytes leftover after parsing attributes in process `syz.2.611'. [ 180.614038][ T7965] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 180.625948][ T7966] netlink: 'syz.2.612': attribute type 19 has an invalid length. [ 180.741646][ T7968] syzkaller0: entered promiscuous mode [ 180.751054][ T7968] syzkaller0: entered allmulticast mode [ 180.887938][ T7970] bond1: option mode: unable to set because the bond device has slaves [ 180.897561][ T7970] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 181.074027][ T7974] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 181.157615][ T7974] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 181.249532][ T7985] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 181.263681][ T7983] netlink: 'syz.1.621': attribute type 1 has an invalid length. [ 181.271602][ T7983] netlink: 'syz.1.621': attribute type 3 has an invalid length. [ 181.281094][ T7983] netlink: 224 bytes leftover after parsing attributes in process `syz.1.621'. [ 181.296552][ T7983] netlink: 68 bytes leftover after parsing attributes in process `syz.1.621'. [ 181.331409][ T7984] netlink: 'syz.4.620': attribute type 1 has an invalid length. [ 181.763867][ T8003] netlink: 'syz.1.629': attribute type 1 has an invalid length. [ 181.904352][ T8009] bond1: option mode: unable to set because the bond device has slaves [ 181.913787][ T8009] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 181.939544][ T8012] netlink: 'syz.1.633': attribute type 1 has an invalid length. [ 182.219985][ T8027] netlink: 28 bytes leftover after parsing attributes in process `syz.0.634'. [ 182.549809][ T8039] FAULT_INJECTION: forcing a failure. [ 182.549809][ T8039] name failslab, interval 1, probability 0, space 0, times 0 [ 182.610962][ T8039] CPU: 1 UID: 0 PID: 8039 Comm: syz.1.642 Not tainted syzkaller #0 PREEMPT(full) [ 182.610993][ T8039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 182.611007][ T8039] Call Trace: [ 182.611015][ T8039] [ 182.611024][ T8039] dump_stack_lvl+0xe8/0x150 [ 182.611055][ T8039] should_fail_ex+0x412/0x560 [ 182.611090][ T8039] should_failslab+0xa8/0x100 [ 182.611124][ T8039] ? skb_clone+0x212/0x3a0 [ 182.611153][ T8039] kmem_cache_alloc_noprof+0x87/0x650 [ 182.611183][ T8039] ? __netlink_lookup+0xc6/0x8b0 [ 182.611218][ T8039] skb_clone+0x212/0x3a0 [ 182.611251][ T8039] __netlink_deliver_tap+0x404/0x850 [ 182.611292][ T8039] ? netlink_deliver_tap+0x2e/0x1b0 [ 182.611321][ T8039] netlink_deliver_tap+0x19c/0x1b0 [ 182.611347][ T8039] netlink_unicast+0x730/0x8e0 [ 182.611382][ T8039] netlink_sendmsg+0x813/0xb40 [ 182.611428][ T8039] ? __pfx_netlink_sendmsg+0x10/0x10 [ 182.611459][ T8039] ? aa_sock_msg_perm+0xf1/0x1b0 [ 182.611486][ T8039] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 182.611516][ T8039] ? __pfx_netlink_sendmsg+0x10/0x10 [ 182.611543][ T8039] __sys_sendto+0x672/0x710 [ 182.611571][ T8039] ? __pfx___sys_sendto+0x10/0x10 [ 182.611636][ T8039] __x64_sys_sendto+0xde/0x100 [ 182.611661][ T8039] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.611672][ T8040] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 182.611685][ T8039] do_syscall_64+0x15f/0xf80 [ 182.611709][ T8039] ? trace_irq_disable+0x3b/0x140 [ 182.611850][ T8039] ? clear_bhb_loop+0x40/0x90 [ 182.611945][ T8039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.612010][ T8039] RIP: 0033:0x7fa9c915d60e [ 182.612066][ T8039] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 182.612114][ T8039] RSP: 002b:00007fa9ca061e28 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 182.612172][ T8039] RAX: ffffffffffffffda RBX: 00007fa9ca0636c0 RCX: 00007fa9c915d60e [ 182.612216][ T8039] RDX: 0000000000000020 RSI: 00007fa9ca061fe0 RDI: 0000000000000004 [ 182.612255][ T8039] RBP: 0000000000000000 R08: 00007fa9ca061ea4 R09: 000000000000000c [ 182.612290][ T8039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 182.612332][ T8039] R13: 00007fa9ca061ef8 R14: 00007fa9ca061fe0 R15: 0000000000000000 [ 182.612431][ T8039] [ 182.881182][ T8038] netlink: 96 bytes leftover after parsing attributes in process `syz.3.637'. [ 182.926840][ T8038] 8021q: VLANs not supported on ip6tnl0 [ 182.960363][ T8049] netlink: 16150 bytes leftover after parsing attributes in process `syz.2.645'. [ 183.355627][ T8074] bond1: option mode: unable to set because the bond device has slaves [ 183.366406][ T8074] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 183.448731][ T8078] bond1: option mode: unable to set because the bond device has slaves [ 183.459829][ T8078] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 183.557638][ T30] audit: type=1804 audit(1777515142.523:28): pid=8082 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.660" name="/newroot/147/cgroup.controllers" dev="tmpfs" ino=775 res=1 errno=0 [ 183.597663][ T8084] IPVS: fo: FWM 3 0x00000003 - no destination available [ 183.606170][ T30] audit: type=1800 audit(1777515142.523:29): pid=8082 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.660" name="cgroup.controllers" dev="tmpfs" ino=775 res=0 errno=0 [ 183.810409][ T8094] tap0: tun_chr_ioctl cmd 1074025678 [ 183.815921][ T8094] tap0: group set to 0 [ 183.912518][ T8098] FAULT_INJECTION: forcing a failure. [ 183.912518][ T8098] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 183.928402][ T8098] CPU: 0 UID: 0 PID: 8098 Comm: syz.1.666 Not tainted syzkaller #0 PREEMPT(full) [ 183.928432][ T8098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 183.928446][ T8098] Call Trace: [ 183.928454][ T8098] [ 183.928463][ T8098] dump_stack_lvl+0xe8/0x150 [ 183.928495][ T8098] should_fail_ex+0x412/0x560 [ 183.928526][ T8098] _copy_from_iter+0x1d3/0x1670 [ 183.928557][ T8098] ? rcu_is_watching+0x15/0xb0 [ 183.928590][ T8098] ? __pfx__copy_from_iter+0x10/0x10 [ 183.928626][ T8098] ? netlink_sendmsg+0x650/0xb40 [ 183.928653][ T8098] ? skb_put+0x11b/0x210 [ 183.928682][ T8098] netlink_sendmsg+0x6c0/0xb40 [ 183.928719][ T8098] ? __pfx_netlink_sendmsg+0x10/0x10 [ 183.928750][ T8098] ? aa_sock_msg_perm+0xf1/0x1b0 [ 183.928780][ T8098] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 183.928813][ T8098] ____sys_sendmsg+0x972/0x9f0 [ 183.928842][ T8098] ? __might_fault+0xaf/0x130 [ 183.928877][ T8098] ? __pfx_____sys_sendmsg+0x10/0x10 [ 183.928915][ T8098] ? import_iovec+0x73/0xa0 [ 183.928949][ T8098] ___sys_sendmsg+0x2a5/0x360 [ 183.928976][ T8098] ? __lock_acquire+0x6b5/0x2cf0 [ 183.929004][ T8098] ? __pfx____sys_sendmsg+0x10/0x10 [ 183.929029][ T8098] ? __lock_acquire+0x6b5/0x2cf0 [ 183.929069][ T8098] ? kstrtouint+0x6e/0xe0 [ 183.929136][ T8098] __sys_sendmmsg+0x27c/0x4e0 [ 183.929171][ T8098] ? __pfx___sys_sendmmsg+0x10/0x10 [ 183.929197][ T8098] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 183.929251][ T8098] ? ksys_write+0x242/0x270 [ 183.929285][ T8098] ? __pfx_ksys_write+0x10/0x10 [ 183.929324][ T8098] __x64_sys_sendmmsg+0xa0/0xc0 [ 183.929353][ T8098] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.929376][ T8098] do_syscall_64+0x15f/0xf80 [ 183.929401][ T8098] ? trace_irq_disable+0x3b/0x140 [ 183.929433][ T8098] ? clear_bhb_loop+0x40/0x90 [ 183.929460][ T8098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.929482][ T8098] RIP: 0033:0x7fa9c919cdd9 [ 183.929502][ T8098] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 183.929520][ T8098] RSP: 002b:00007fa9ca063028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 183.929544][ T8098] RAX: ffffffffffffffda RBX: 00007fa9c9415fa0 RCX: 00007fa9c919cdd9 [ 183.929559][ T8098] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004 [ 183.929574][ T8098] RBP: 00007fa9ca063090 R08: 0000000000000000 R09: 0000000000000000 [ 183.929587][ T8098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 183.929599][ T8098] R13: 00007fa9c9416038 R14: 00007fa9c9415fa0 R15: 00007ffce47a51d8 [ 183.929632][ T8098] [ 184.439383][ T8107] netlink: 8 bytes leftover after parsing attributes in process `syz.3.670'. [ 184.541670][ T30] audit: type=1804 audit(1777515143.503:30): pid=8111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.672" name="/newroot/123/cgroup.controllers" dev="tmpfs" ino=649 res=1 errno=0 [ 184.602739][ T30] audit: type=1800 audit(1777515143.503:31): pid=8111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.672" name="cgroup.controllers" dev="tmpfs" ino=649 res=0 errno=0 [ 184.628575][ T8114] bond1: option mode: unable to set because the bond device has slaves [ 184.656992][ T8114] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 184.841458][ T8131] FAULT_INJECTION: forcing a failure. [ 184.841458][ T8131] name failslab, interval 1, probability 0, space 0, times 0 [ 184.855406][ T8131] CPU: 0 UID: 0 PID: 8131 Comm: syz.3.679 Not tainted syzkaller #0 PREEMPT(full) [ 184.855435][ T8131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 184.855448][ T8131] Call Trace: [ 184.855457][ T8131] [ 184.855467][ T8131] dump_stack_lvl+0xe8/0x150 [ 184.855497][ T8131] should_fail_ex+0x412/0x560 [ 184.855531][ T8131] should_failslab+0xa8/0x100 [ 184.855565][ T8131] ? dst_alloc+0x105/0x170 [ 184.855595][ T8131] kmem_cache_alloc_noprof+0x87/0x650 [ 184.855635][ T8131] dst_alloc+0x105/0x170 [ 184.855671][ T8131] ip_route_input_rcu+0x23e5/0x3130 [ 184.855716][ T8131] ? __pfx_ip_route_input_rcu+0x10/0x10 [ 184.855748][ T8131] ? __skb_flow_dissect+0x668e/0x6e80 [ 184.855797][ T8131] ? ipt_do_table+0x13d2/0x1630 [ 184.855837][ T8131] ? ip_route_input_noref+0xad/0x270 [ 184.855869][ T8131] ip_route_input_noref+0x17c/0x270 [ 184.855902][ T8131] ? __pfx_ip_route_input_noref+0x10/0x10 [ 184.855937][ T8131] ? ipt_do_table+0x2b2/0x1630 [ 184.855971][ T8131] ? __pfx_ipt_do_table+0x10/0x10 [ 184.856063][ T8131] ip_rcv_finish_core+0x5af/0x1c00 [ 184.856100][ T8131] ip_rcv_finish+0x14c/0x2a0 [ 184.856127][ T8131] NF_HOOK+0x336/0x3c0 [ 184.856148][ T8131] ? sock_wfree+0x26e/0x750 [ 184.856176][ T8131] ? __pfx_ip_rcv_finish+0x10/0x10 [ 184.856197][ T8131] ? NF_HOOK+0x9e/0x3c0 [ 184.856218][ T8131] ? __pfx_NF_HOOK+0x10/0x10 [ 184.856243][ T8131] ? __pfx_ip_rcv_finish+0x10/0x10 [ 184.856279][ T8131] ? netif_receive_skb+0x102/0xbf0 [ 184.856311][ T8131] ? __pfx_ip_rcv+0x10/0x10 [ 184.856333][ T8131] netif_receive_skb+0x45b/0xbf0 [ 184.856370][ T8131] ? __pfx_netif_receive_skb+0x10/0x10 [ 184.856408][ T8131] ? tun_rx_batched+0x185/0x790 [ 184.856437][ T8131] tun_rx_batched+0x1de/0x790 [ 184.856462][ T8131] ? __build_skb+0x62/0x440 [ 184.856491][ T8131] ? __pfx_tun_rx_batched+0x10/0x10 [ 184.856516][ T8131] ? tun_get_user+0x2787/0x43e0 [ 184.856542][ T8131] ? tun_get_user+0x2787/0x43e0 [ 184.856569][ T8131] ? tun_get_user+0x2394/0x43e0 [ 184.856594][ T8131] ? tun_get_user+0x2394/0x43e0 [ 184.856618][ T8131] ? __local_bh_enable_ip+0xd0/0x130 [ 184.856647][ T8131] tun_get_user+0x2bbc/0x43e0 [ 184.856677][ T8131] ? tun_get_user+0x2787/0x43e0 [ 184.856720][ T8131] ? aa_file_perm+0x50e/0x15e0 [ 184.856750][ T8131] ? __pfx_tun_get_user+0x10/0x10 [ 184.856778][ T8131] ? __lock_acquire+0x6b5/0x2cf0 [ 184.856817][ T8131] ? ref_tracker_alloc+0x35c/0x4c0 [ 184.856848][ T8131] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 184.856879][ T8131] ? tun_get+0x1c/0x2f0 [ 184.856905][ T8131] ? tun_get+0x1c/0x2f0 [ 184.856936][ T8131] ? tun_get+0x1c/0x2f0 [ 184.856960][ T8131] ? tun_get+0x1c/0x2f0 [ 184.857000][ T8131] tun_chr_write_iter+0x113/0x200 [ 184.857030][ T8131] vfs_write+0x61d/0xb90 [ 184.857072][ T8131] ? __pfx_vfs_write+0x10/0x10 [ 184.857114][ T8131] ? __fget_files+0x2a/0x420 [ 184.857150][ T8131] ksys_write+0x150/0x270 [ 184.857185][ T8131] ? __pfx_ksys_write+0x10/0x10 [ 184.857226][ T8131] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.857247][ T8131] do_syscall_64+0x15f/0xf80 [ 184.857272][ T8131] ? trace_irq_disable+0x3b/0x140 [ 184.857306][ T8131] ? clear_bhb_loop+0x40/0x90 [ 184.857333][ T8131] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.857354][ T8131] RIP: 0033:0x7f425ff5d60e [ 184.857374][ T8131] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 184.857393][ T8131] RSP: 002b:00007f425e1edfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 184.857416][ T8131] RAX: ffffffffffffffda RBX: 00007f425e1ee6c0 RCX: 00007f425ff5d60e [ 184.857432][ T8131] RDX: 000000000000002a RSI: 0000200000000040 RDI: 00000000000000c8 [ 184.857445][ T8131] RBP: 00007f425e1ee090 R08: 0000000000000000 R09: 0000000000000000 [ 184.857458][ T8131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 184.857471][ T8131] R13: 00007f4260216038 R14: 00007f4260215fa0 R15: 00007ffc93933168 [ 184.857506][ T8131] [ 184.858399][ T8128] netlink: 36 bytes leftover after parsing attributes in process `syz.2.675'. [ 184.986135][ T8133] netlink: 16 bytes leftover after parsing attributes in process `syz.2.675'. [ 185.064886][ T8132] netlink: 'syz.4.676': attribute type 1 has an invalid length. [ 185.423836][ T8115] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 185.645895][ T8147] block nbd0: not configured, cannot reconfigure [ 185.653520][ T8147] netlink: 8 bytes leftover after parsing attributes in process `syz.4.684'. [ 185.663848][ T8147] netlink: 'syz.4.684': attribute type 30 has an invalid length. [ 185.687878][ T8147] netlink: 4 bytes leftover after parsing attributes in process `syz.4.684'. [ 185.846799][ T8154] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 185.914950][ T8161] syzkaller1: entered promiscuous mode [ 185.921583][ T30] audit: type=1804 audit(1777515144.873:32): pid=8159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.687" name="/newroot/147/cgroup.controllers" dev="tmpfs" ino=772 res=1 errno=0 [ 185.945208][ T8161] syzkaller1: entered allmulticast mode [ 185.967918][ T30] audit: type=1800 audit(1777515144.883:33): pid=8159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.687" name="cgroup.controllers" dev="tmpfs" ino=772 res=0 errno=0 [ 186.266620][ T8174] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 186.342882][ T8174] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 186.353922][ T8185] netlink: 'syz.1.698': attribute type 11 has an invalid length. [ 186.356173][ T8180] can: request_module (can-proto-4) failed. [ 186.370710][ T8185] netlink: 199788 bytes leftover after parsing attributes in process `syz.1.698'. [ 186.387579][ T8185] netlink: 'syz.1.698': attribute type 1 has an invalid length. [ 186.439984][ T8188] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 186.509722][ T8190] netlink: 'syz.0.699': attribute type 62 has an invalid length. [ 186.597435][ T30] audit: type=1804 audit(1777515145.563:34): pid=8193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.700" name="/newroot/151/cgroup.controllers" dev="tmpfs" ino=796 res=1 errno=0 [ 186.622328][ T30] audit: type=1800 audit(1777515145.563:35): pid=8193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.700" name="cgroup.controllers" dev="tmpfs" ino=796 res=0 errno=0 [ 186.716047][ T8196] can: request_module (can-proto-0) failed. [ 186.916468][ T8209] netlink: 68 bytes leftover after parsing attributes in process `syz.2.705'. [ 187.281576][ T30] audit: type=1804 audit(1777515146.243:36): pid=8228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.713" name="/newroot/130/cgroup.controllers" dev="tmpfs" ino=687 res=1 errno=0 [ 187.351564][ T30] audit: type=1800 audit(1777515146.243:37): pid=8228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.713" name="cgroup.controllers" dev="tmpfs" ino=687 res=0 errno=0 [ 187.398315][ T8232] netlink: 'syz.1.714': attribute type 1 has an invalid length. [ 187.481365][ T8237] netlink: 20 bytes leftover after parsing attributes in process `syz.3.717'. [ 187.599064][ T8239] netlink: 12 bytes leftover after parsing attributes in process `syz.4.719'. [ 187.610707][ T8239] netlink: 12 bytes leftover after parsing attributes in process `syz.4.719'. [ 187.827618][ T8257] netlink: 8 bytes leftover after parsing attributes in process `syz.0.724'. [ 187.841065][ T8257] netlink: 24 bytes leftover after parsing attributes in process `syz.0.724'. [ 187.920374][ T30] audit: type=1804 audit(1777515146.883:38): pid=8259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.726" name="/newroot/154/cgroup.controllers" dev="tmpfs" ino=814 res=1 errno=0 [ 187.969696][ T8262] netlink: 'syz.4.727': attribute type 23 has an invalid length. [ 187.975598][ T30] audit: type=1800 audit(1777515146.913:39): pid=8259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.726" name="cgroup.controllers" dev="tmpfs" ino=814 res=0 errno=0 [ 188.037153][ T8263] netlink: 8 bytes leftover after parsing attributes in process `syz.0.728'. [ 188.072481][ T8267] netlink: 4 bytes leftover after parsing attributes in process `syz.4.727'. [ 188.154680][ T8272] netlink: 32 bytes leftover after parsing attributes in process `syz.0.728'. [ 188.266693][ T8277] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 188.285220][ T8276] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 188.309487][ T5728] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 188.334794][ T5728] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 188.366595][ T8277] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 188.378596][ T3350] wlan1: authenticated [ 188.396321][ T8282] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 188.416039][ T3350] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 188.466214][ T3350] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 188.471003][ T8277] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 188.484772][ T3350] wlan1: associated [ 188.496820][ T8276] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 189.007896][ T8319] netlink: 48 bytes leftover after parsing attributes in process `syz.3.749'. [ 189.175826][ T8325] netlink: 'syz.1.752': attribute type 4 has an invalid length. [ 189.193642][ T8325] netlink: 152 bytes leftover after parsing attributes in process `syz.1.752'. [ 189.235538][ T8325] .`¹: renamed from bond0 (while UP) [ 189.259150][ T8329] team0: Cannot enslave team device to itself [ 189.272749][ T8333] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 189.329121][ T8331] syzkaller0: entered promiscuous mode [ 189.335085][ T8331] syzkaller0: entered allmulticast mode [ 190.989459][ T8325] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.031247][ T8342] gre1: entered promiscuous mode [ 191.048578][ T8342] gre1: entered allmulticast mode [ 191.365849][ T8363] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 191.376951][ T8358] syzkaller0: entered promiscuous mode [ 191.395005][ T8358] syzkaller0: entered allmulticast mode [ 191.442177][ T8358] sctp: [Deprecated]: syz.0.764 (pid 8358) Use of struct sctp_assoc_value in delayed_ack socket option. [ 191.442177][ T8358] Use struct sctp_sack_info instead [ 191.706551][ T8387] syzkaller0: entered promiscuous mode [ 191.712157][ T8387] syzkaller0: entered allmulticast mode [ 191.843036][ T8357] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 192.064310][ T8394] netlink: 'syz.2.773': attribute type 28 has an invalid length. [ 192.072394][ T8394] netlink: 'syz.2.773': attribute type 3 has an invalid length. [ 193.504073][ T8402] netlink: 'syz.2.776': attribute type 29 has an invalid length. [ 193.667469][ T8414] __nla_validate_parse: 4 callbacks suppressed [ 193.667492][ T8414] netlink: 104 bytes leftover after parsing attributes in process `syz.0.779'. [ 193.755788][ T8422] netlink: 'syz.2.782': attribute type 1 has an invalid length. [ 193.895206][ T8422] 8021q: adding VLAN 0 to HW filter on device bond2 [ 193.950641][ T8431] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 194.120769][ T8441] netlink: 4 bytes leftover after parsing attributes in process `syz.2.790'. [ 194.361912][ T8454] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 194.380658][ T8455] netlink: 'syz.0.795': attribute type 20 has an invalid length. [ 194.389520][ T8455] netlink: 4 bytes leftover after parsing attributes in process `syz.0.795'. [ 194.415406][ T13] netdevsim netdevsim0 netdevsim0: set [0, 1] type 1 family 0 port 8472 - 0 [ 194.415756][ T8455] netlink: 'syz.0.795': attribute type 20 has an invalid length. [ 194.435191][ T8455] netlink: 4 bytes leftover after parsing attributes in process `syz.0.795'. [ 194.439929][ T13] netdevsim netdevsim0 netdevsim1: set [0, 1] type 1 family 0 port 8472 - 0 [ 194.453937][ T13] netdevsim netdevsim0 netdevsim2: set [0, 1] type 1 family 0 port 8472 - 0 [ 194.463963][ T13] netdevsim netdevsim0 netdevsim3: set [0, 1] type 1 family 0 port 8472 - 0 [ 194.519318][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.525822][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.617688][ T8469] netlink: 16 bytes leftover after parsing attributes in process `syz.1.796'. [ 194.730256][ T8477] netlink: 20 bytes leftover after parsing attributes in process `syz.4.803'. [ 194.818509][ T8473] netlink: 36 bytes leftover after parsing attributes in process `syz.0.801'. [ 194.955492][ T8487] netlink: 20 bytes leftover after parsing attributes in process `syz.4.803'. [ 194.991178][ T8487] nbd: device at index 64 is going down [ 195.466935][ T8517] bond1: (slave lo): Releasing backup interface [ 195.491386][ T8517] bond1: (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed [ 195.614930][ T8517] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.622894][ T8517] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.700877][ T8533] netlink: 28 bytes leftover after parsing attributes in process `syz.3.817'. [ 195.811505][ T8517] bridge_slave_0: left allmulticast mode [ 195.833592][ T8517] bridge_slave_0: left promiscuous mode [ 195.845166][ T8517] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.918961][ T8517] bridge_slave_1: left allmulticast mode [ 195.933726][ T8517] bridge_slave_1: left promiscuous mode [ 195.954753][ T8517] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.975094][ T8517] bond0: (slave bond_slave_0): Releasing backup interface [ 195.995519][ T8517] bond0: (slave bond_slave_1): Releasing backup interface [ 196.027434][ T8517] team0: Port device team_slave_0 removed [ 196.062378][ T8517] team0: Port device team_slave_1 removed [ 196.081413][ T8517] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 196.114867][ T8517] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 196.169229][ T8517] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 196.186744][ T8517] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 196.202670][ T8517] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 196.221306][ T8518] bond1: option mode: unable to set because the bond device has slaves [ 196.247332][ T8520] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 196.285841][ T8537] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 196.438292][ T30] audit: type=1804 audit(1777515155.403:40): pid=8560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.822" name="/newroot/179/cgroup.controllers" dev="tmpfs" ino=941 res=1 errno=0 [ 196.504976][ T30] audit: type=1800 audit(1777515155.403:41): pid=8560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.822" name="cgroup.controllers" dev="tmpfs" ino=941 res=0 errno=0 [ 196.948671][ T30] audit: type=1804 audit(1777515155.913:42): pid=8586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.836" name="/newroot/182/cgroup.controllers" dev="tmpfs" ino=959 res=1 errno=0 [ 196.991055][ T8589] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 196.999678][ T30] audit: type=1800 audit(1777515155.913:43): pid=8586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.836" name="cgroup.controllers" dev="tmpfs" ino=959 res=0 errno=0 [ 197.182892][ T8596] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 197.268303][ T8603] FAULT_INJECTION: forcing a failure. [ 197.268303][ T8603] name failslab, interval 1, probability 0, space 0, times 0 [ 197.282617][ T8603] CPU: 1 UID: 0 PID: 8603 Comm: syz.3.843 Not tainted syzkaller #0 PREEMPT(full) [ 197.282647][ T8603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 197.282660][ T8603] Call Trace: [ 197.282669][ T8603] [ 197.282677][ T8603] dump_stack_lvl+0xe8/0x150 [ 197.282709][ T8603] should_fail_ex+0x412/0x560 [ 197.282742][ T8603] should_failslab+0xa8/0x100 [ 197.282777][ T8603] __kmalloc_cache_noprof+0x88/0x660 [ 197.282810][ T8603] ? flow_change+0x448/0x1b50 [ 197.282840][ T8603] flow_change+0x448/0x1b50 [ 197.282870][ T8603] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 197.282906][ T8603] ? __pfx_flow_change+0x10/0x10 [ 197.282956][ T8603] tc_new_tfilter+0xff8/0x1780 [ 197.283015][ T8603] ? __pfx_tc_new_tfilter+0x10/0x10 [ 197.283069][ T8603] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 197.283111][ T8603] ? __pfx_tc_new_tfilter+0x10/0x10 [ 197.283140][ T8603] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 197.283168][ T8603] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 197.283191][ T8603] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 197.283213][ T8603] ? ref_tracker_free+0x693/0x840 [ 197.283245][ T8603] ? __pfx_ref_tracker_free+0x10/0x10 [ 197.283285][ T8603] netlink_rcv_skb+0x232/0x4b0 [ 197.283311][ T8603] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 197.283337][ T8603] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 197.283377][ T8603] ? netlink_deliver_tap+0x2e/0x1b0 [ 197.283402][ T8603] ? netlink_deliver_tap+0x2e/0x1b0 [ 197.283435][ T8603] netlink_unicast+0x75c/0x8e0 [ 197.283472][ T8603] netlink_sendmsg+0x813/0xb40 [ 197.283507][ T8603] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.283540][ T8603] ? aa_sock_msg_perm+0xf1/0x1b0 [ 197.283570][ T8603] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 197.283603][ T8603] ____sys_sendmsg+0x972/0x9f0 [ 197.283631][ T8603] ? __might_fault+0xaf/0x130 [ 197.283667][ T8603] ? __pfx_____sys_sendmsg+0x10/0x10 [ 197.283704][ T8603] ? import_iovec+0x73/0xa0 [ 197.283739][ T8603] ___sys_sendmsg+0x2a5/0x360 [ 197.283766][ T8603] ? __lock_acquire+0x6b5/0x2cf0 [ 197.283793][ T8603] ? __pfx____sys_sendmsg+0x10/0x10 [ 197.283817][ T8603] ? __lock_acquire+0x6b5/0x2cf0 [ 197.283846][ T8603] ? kstrtouint+0x6e/0xe0 [ 197.283913][ T8603] __sys_sendmmsg+0x27c/0x4e0 [ 197.283947][ T8603] ? __pfx___sys_sendmmsg+0x10/0x10 [ 197.283973][ T8603] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 197.284035][ T8603] ? ksys_write+0x242/0x270 [ 197.284070][ T8603] ? __pfx_ksys_write+0x10/0x10 [ 197.284108][ T8603] __x64_sys_sendmmsg+0xa0/0xc0 [ 197.284136][ T8603] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.284159][ T8603] do_syscall_64+0x15f/0xf80 [ 197.284184][ T8603] ? trace_irq_disable+0x3b/0x140 [ 197.284216][ T8603] ? clear_bhb_loop+0x40/0x90 [ 197.284244][ T8603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.284264][ T8603] RIP: 0033:0x7f425ff9cdd9 [ 197.284286][ T8603] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 197.284305][ T8603] RSP: 002b:00007f425e1ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 197.284328][ T8603] RAX: ffffffffffffffda RBX: 00007f4260215fa0 RCX: 00007f425ff9cdd9 [ 197.284344][ T8603] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004 [ 197.284358][ T8603] RBP: 00007f425e1ee090 R08: 0000000000000000 R09: 0000000000000000 [ 197.284372][ T8603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 197.284384][ T8603] R13: 00007f4260216038 R14: 00007f4260215fa0 R15: 00007ffc93933168 [ 197.284420][ T8603] [ 197.632787][ T8599] netlink: 'syz.2.840': attribute type 1 has an invalid length. [ 197.647566][ T8599] netlink: 'syz.2.840': attribute type 2 has an invalid length. [ 197.726524][ T8611] bond2: option mode: unable to set because the bond device has slaves [ 197.745767][ T8612] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 197.776703][ T8611] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 197.849640][ T8599] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 197.953408][ T30] audit: type=1804 audit(1777515156.913:44): pid=8617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.848" name="/newroot/157/cgroup.controllers" dev="tmpfs" ino=833 res=1 errno=0 [ 197.976873][ T30] audit: type=1800 audit(1777515156.913:45): pid=8617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.848" name="cgroup.controllers" dev="tmpfs" ino=833 res=0 errno=0 [ 198.023739][ T8619] netlink: 8 bytes leftover after parsing attributes in process `syz.1.847'. [ 198.058512][ T8619] netlink: 'syz.1.847': attribute type 15 has an invalid length. [ 198.126561][ T8619] netlink: 'syz.1.847': attribute type 15 has an invalid length. [ 198.126593][ T13] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 256 - 0 [ 198.152217][ T13] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 256 - 0 [ 198.170219][ T13] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 256 - 0 [ 198.197149][ T13] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 256 - 0 [ 198.300466][ T8632] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 198.745549][ T30] audit: type=1804 audit(1777515157.713:46): pid=8648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.861" name="/newroot/177/cgroup.controllers" dev="tmpfs" ino=934 res=1 errno=0 [ 198.795564][ T30] audit: type=1800 audit(1777515157.713:47): pid=8648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.861" name="cgroup.controllers" dev="tmpfs" ino=934 res=0 errno=0 [ 198.927100][ T8656] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 198.950425][ T8663] openvswitch: netlink: IP tunnel TTL not specified. [ 198.973571][ T8662] openvswitch: netlink: IP tunnel TTL not specified. [ 198.980865][ T8665] __nla_validate_parse: 4 callbacks suppressed [ 198.980883][ T8665] netlink: 28 bytes leftover after parsing attributes in process `syz.0.857'. [ 199.018232][ T8666] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 199.060571][ T8656] netlink: 'syz.2.862': attribute type 13 has an invalid length. [ 199.095584][ T8656] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 199.400296][ T8686] netlink: 8 bytes leftover after parsing attributes in process `syz.3.871'. [ 199.410620][ T8686] netlink: 4 bytes leftover after parsing attributes in process `syz.3.871'. [ 199.415789][ T8685] netlink: 24 bytes leftover after parsing attributes in process `syz.4.870'. [ 199.421859][ T8686] netlink: 'syz.3.871': attribute type 15 has an invalid length. [ 199.470704][ T13] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 256 - 0 [ 199.470970][ T8686] netlink: 8 bytes leftover after parsing attributes in process `syz.3.871'. [ 199.488199][ T13] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 256 - 0 [ 199.512147][ T13] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 256 - 0 [ 199.523495][ T8686] netlink: 4 bytes leftover after parsing attributes in process `syz.3.871'. [ 199.548360][ T13] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 256 - 0 [ 199.561979][ T8686] netlink: 'syz.3.871': attribute type 15 has an invalid length. [ 199.668842][ T30] audit: type=1804 audit(1777515158.633:48): pid=8692 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.872" name="/newroot/167/cgroup.controllers" dev="tmpfs" ino=884 res=1 errno=0 [ 199.759353][ T30] audit: type=1800 audit(1777515158.663:49): pid=8692 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.872" name="cgroup.controllers" dev="tmpfs" ino=884 res=0 errno=0 [ 199.854681][ T8699] xt_hashlimit: size too large, truncated to 1048576 [ 199.989948][ T8709] af_packet: tpacket_rcv: packet too big, clamped from 108 to 4294967272. macoff=96 [ 200.346664][ T8724] netlink: 40 bytes leftover after parsing attributes in process `syz.0.882'. [ 200.484451][ T8726] netlink: 'syz.0.883': attribute type 25 has an invalid length. [ 200.530359][ T8728] tap0: tun_chr_ioctl cmd 2148553947 [ 200.603783][ T8731] netlink: 'syz.1.884': attribute type 3 has an invalid length. [ 200.612210][ T8731] netlink: 766 bytes leftover after parsing attributes in process `syz.1.884'. [ 200.722433][ T8734] syzkaller0: entered promiscuous mode [ 200.737624][ T8734] syzkaller0: entered allmulticast mode [ 200.814746][ T8738] netlink: 'syz.2.889': attribute type 1 has an invalid length. [ 200.874839][ T8738] 8021q: adding VLAN 0 to HW filter on device bond3 [ 200.947156][ T8746] bond3: (slave ip6erspan0): making interface the new active one [ 200.975431][ T8746] bond3: (slave ip6erspan0): Enslaving as an active interface with an up link [ 201.046987][ T8750] netlink: 40 bytes leftover after parsing attributes in process `syz.3.893'. [ 201.160726][ T8759] netlink: 40 bytes leftover after parsing attributes in process `syz.4.894'. [ 201.187813][ T8759] dummy0: entered promiscuous mode [ 201.205581][ T8759] bridge0: port 3(dummy0) entered blocking state [ 201.217716][ T8759] bridge0: port 3(dummy0) entered disabled state [ 201.242537][ T8759] dummy0: entered allmulticast mode [ 201.257708][ T8759] bridge0: port 3(dummy0) entered blocking state [ 201.264296][ T8759] bridge0: port 3(dummy0) entered forwarding state [ 201.330727][ T8765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.495959][ T5728] IPVS: starting estimator thread 0... [ 201.502793][ T8775] mac80211_hwsim hwsim8 syzkaller0: Caught tx_queue_len zero misconfig [ 201.593395][ T8776] IPVS: using max 27 ests per chain, 64800 per kthread [ 201.818152][ T8791] bond3: Unable to set down delay as MII monitoring is disabled [ 201.836059][ T8791] bond3 (unregistering): Released all slaves [ 201.920963][ T8790] bond2: entered allmulticast mode [ 201.961616][ T8795] veth3: entered allmulticast mode [ 201.972927][ T8795] bond2: (slave veth3): Enslaving as an active interface with an up link [ 202.004103][ T8796] veth3: entered allmulticast mode [ 202.249442][ T8816] syzkaller0: entered promiscuous mode [ 202.270295][ T8816] syzkaller0: entered allmulticast mode [ 202.807376][ T8847] syzkaller0: entered promiscuous mode [ 202.821530][ T8847] syzkaller0: entered allmulticast mode [ 203.402406][ T8876] validate_nla: 3 callbacks suppressed [ 203.402428][ T8876] netlink: 'syz.2.939': attribute type 24 has an invalid length. [ 205.437003][ T8915] bond1: option mode: unable to set because the bond device has slaves [ 205.447105][ T8915] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 206.124072][ T8930] __nla_validate_parse: 6 callbacks suppressed [ 206.124094][ T8930] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.956'. [ 206.289748][ T8932] syzkaller0: entered promiscuous mode [ 206.305711][ T8932] syzkaller0: entered allmulticast mode [ 206.371518][ T8938] nbd: must specify a size in bytes for the device [ 206.545799][ T8953] netlink: 8 bytes leftover after parsing attributes in process `syz.3.961'. [ 206.561414][ T8953] netlink: 4 bytes leftover after parsing attributes in process `syz.3.961'. [ 206.571234][ T8953] netlink: 'syz.3.961': attribute type 15 has an invalid length. [ 208.583204][ T8953] netlink: 8 bytes leftover after parsing attributes in process `syz.3.961'. [ 208.609150][ T8953] netlink: 4 bytes leftover after parsing attributes in process `syz.3.961'. [ 208.630203][ T8953] netlink: 'syz.3.961': attribute type 15 has an invalid length. [ 208.815494][ T9004] openvswitch: netlink: IP tunnel TTL not specified. [ 208.887990][ T9011] netlink: 28 bytes leftover after parsing attributes in process `syz.1.969'. [ 208.900700][ T9011] netlink: 28 bytes leftover after parsing attributes in process `syz.1.969'. [ 209.029299][ T9023] netlink: 4 bytes leftover after parsing attributes in process `syz.4.973'. [ 209.039524][ T9024] bond1: option mode: unable to set because the bond device has slaves [ 209.286648][ T8996] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 209.302481][ T9026] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 209.519855][ T9040] netlink: 8 bytes leftover after parsing attributes in process `syz.2.977'. [ 209.530594][ T9040] netlink: 4 bytes leftover after parsing attributes in process `syz.2.977'. [ 209.552056][ T9040] netlink: 'syz.2.977': attribute type 15 has an invalid length. [ 209.570457][ T9040] netlink: 'syz.2.977': attribute type 15 has an invalid length. [ 209.919817][ T9057] pim6reg: entered allmulticast mode [ 210.075700][ T9060] nbd: must specify at least one socket [ 210.146611][ T9060] bond0: entered promiscuous mode [ 210.170631][ T9060] bond_slave_0: entered promiscuous mode [ 210.198007][ T9060] bond_slave_1: entered promiscuous mode [ 210.233487][ T9072] netlink: 'syz.1.990': attribute type 21 has an invalid length. [ 210.242356][ T9060] gretap0: entered promiscuous mode [ 210.247827][ T9072] IPv6: NLM_F_CREATE should be specified when creating new route [ 210.270631][ T9060] hsr1: entered promiscuous mode [ 210.360776][ T9067] syzkaller0: entered promiscuous mode [ 210.374073][ T9067] syzkaller0: entered allmulticast mode [ 210.427253][ T9078] netlink: 'syz.4.991': attribute type 15 has an invalid length. [ 210.453183][ T9078] netlink: 'syz.4.991': attribute type 15 has an invalid length. [ 210.891650][ T9101] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 211.121296][ T9112] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 211.147842][ T9115] syzkaller0: entered promiscuous mode [ 211.158044][ T9115] syzkaller0: entered allmulticast mode [ 211.219136][ T9122] __nla_validate_parse: 12 callbacks suppressed [ 211.219159][ T9122] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1008'. [ 211.230392][ T9123] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 211.255893][ T9122] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1008'. [ 211.265251][ T9122] netlink: 'syz.3.1008': attribute type 15 has an invalid length. [ 211.274330][ T9122] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1008'. [ 211.283557][ T9122] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1008'. [ 211.293021][ T9122] netlink: 'syz.3.1008': attribute type 15 has an invalid length. [ 211.305127][ T9123] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 211.544860][ T9135] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 211.554038][ T9135] IPv6: NLM_F_CREATE should be set when creating new route [ 211.897149][ T9148] syzkaller0: entered promiscuous mode [ 211.926393][ T9148] syzkaller0: entered allmulticast mode [ 211.951488][ T4946] Bluetooth: hci1: command 0x0406 tx timeout [ 211.958615][ T5636] Bluetooth: hci2: command 0x0406 tx timeout [ 211.964735][ T5633] Bluetooth: hci3: command 0x0406 tx timeout [ 211.989972][ T30] audit: type=1804 audit(1777515170.953:50): pid=9152 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1022" name="/newroot/236/cgroup.controllers" dev="tmpfs" ino=1236 res=1 errno=0 [ 212.019612][ T30] audit: type=1800 audit(1777515170.953:51): pid=9152 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1022" name="cgroup.controllers" dev="tmpfs" ino=1236 res=0 errno=0 [ 212.112628][ T9161] sctp: [Deprecated]: syz.3.1027 (pid 9161) Use of int in maxseg socket option. [ 212.112628][ T9161] Use struct sctp_assoc_value instead [ 212.403716][ T9175] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1032'. [ 212.422425][ T9171] syzkaller1: entered promiscuous mode [ 212.438351][ T9171] syzkaller1: entered allmulticast mode [ 212.478211][ T9177] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 212.512068][ T9177] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 212.523116][ T9178] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 212.611706][ T9185] bond1: option mode: unable to set because the bond device has slaves [ 212.626314][ T1018] wlan1: authenticated [ 212.631034][ T9177] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 212.644613][ T13] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 212.718429][ T1018] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 212.727272][ T9177] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 212.755695][ T1018] wlan1: associated [ 212.914796][ T9203] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.1041'. [ 212.920380][ T9194] bond2: entered allmulticast mode [ 212.929971][ T9203] openvswitch: netlink: Message has 5 unknown bytes. [ 212.950519][ T9203] netlink: 'syz.0.1041': attribute type 1 has an invalid length. [ 213.069147][ T9201] veth3: entered allmulticast mode [ 213.120909][ T9201] bond2: (slave veth3): Enslaving as an active interface with an up link [ 213.253797][ T9214] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1044'. [ 213.271950][ T9214] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1044'. [ 213.285781][ T9214] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1044'. [ 213.450377][ T9223] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1049'. [ 213.501318][ T9223] vlan2: entered allmulticast mode [ 213.508473][ T9223] gretap0: entered allmulticast mode [ 213.604061][ T9238] netlink: 'syz.2.1052': attribute type 1 has an invalid length. [ 213.761232][ T9241] bond4: (slave gretap1): making interface the new active one [ 213.771863][ T9241] bond4: (slave gretap1): Enslaving as an active interface with an up link [ 213.989173][ T9254] netlink: 'syz.0.1058': attribute type 1 has an invalid length. [ 214.014377][ T9254] netlink: 'syz.0.1058': attribute type 1 has an invalid length. [ 214.065096][ T9254] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 214.166256][ T9264] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 214.181466][ T9262] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 214.212980][ T9263] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 214.254715][ T9254] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 214.302783][ T9269] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 214.380124][ T9263] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 214.576036][ T9278] netlink: 'syz.3.1065': attribute type 15 has an invalid length. [ 214.591278][ T9278] netlink: 'syz.3.1065': attribute type 15 has an invalid length. [ 214.617936][ T9280] FAULT_INJECTION: forcing a failure. [ 214.617936][ T9280] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 214.634894][ T9280] CPU: 1 UID: 0 PID: 9280 Comm: syz.2.1066 Not tainted syzkaller #0 PREEMPT(full) [ 214.634925][ T9280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 214.634940][ T9280] Call Trace: [ 214.634949][ T9280] [ 214.634957][ T9280] dump_stack_lvl+0xe8/0x150 [ 214.634989][ T9280] should_fail_ex+0x412/0x560 [ 214.635028][ T9280] _copy_to_user+0x31/0xb0 [ 214.635062][ T9280] simple_read_from_buffer+0xe1/0x170 [ 214.635095][ T9280] proc_fail_nth_read+0x1bb/0x230 [ 214.635128][ T9280] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 214.635159][ T9280] ? rw_verify_area+0x2a6/0x4d0 [ 214.635190][ T9280] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 214.635219][ T9280] vfs_read+0x20c/0xa70 [ 214.635255][ T9280] ? __pfx___mutex_lock+0x10/0x10 [ 214.635284][ T9280] ? __pfx_vfs_read+0x10/0x10 [ 214.635315][ T9280] ? __fget_files+0x2a/0x420 [ 214.635346][ T9280] ? __fget_files+0x3a0/0x420 [ 214.635370][ T9280] ? __fget_files+0x2a/0x420 [ 214.635405][ T9280] ksys_read+0x150/0x270 [ 214.635437][ T9280] ? __pfx_ksys_read+0x10/0x10 [ 214.635477][ T9280] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.635501][ T9280] do_syscall_64+0x15f/0xf80 [ 214.635526][ T9280] ? trace_irq_disable+0x3b/0x140 [ 214.635558][ T9280] ? clear_bhb_loop+0x40/0x90 [ 214.635586][ T9280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.635608][ T9280] RIP: 0033:0x7f578575d60e [ 214.635627][ T9280] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 214.635646][ T9280] RSP: 002b:00007f5786571fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 214.635668][ T9280] RAX: ffffffffffffffda RBX: 00007f57865726c0 RCX: 00007f578575d60e [ 214.635693][ T9280] RDX: 000000000000000f RSI: 00007f57865720a0 RDI: 0000000000000004 [ 214.635707][ T9280] RBP: 00007f5786572090 R08: 0000000000000000 R09: 0000000000000000 [ 214.635720][ T9280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 214.635733][ T9280] R13: 00007f5785a16038 R14: 00007f5785a15fa0 R15: 00007ffc1fb9c548 [ 214.635769][ T9280] [ 215.020063][ T9292] xt_hashlimit: size too large, truncated to 1048576 [ 215.299289][ T9301] bond3: entered allmulticast mode [ 215.407460][ T9304] veth5: entered allmulticast mode [ 215.430743][ T9307] bond3 (unregistering): Released all slaves [ 215.950907][ T30] audit: type=1804 audit(1777515174.913:52): pid=9331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1084" name="/newroot/248/cgroup.controllers" dev="tmpfs" ino=1297 res=1 errno=0 [ 216.030589][ T30] audit: type=1800 audit(1777515174.913:53): pid=9331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1084" name="cgroup.controllers" dev="tmpfs" ino=1297 res=0 errno=0 [ 216.129481][ T9337] bond3: Unable to set up delay as MII monitoring is disabled [ 216.158724][ T9337] bond3 (unregistering): Released all slaves [ 216.420286][ T9337] bond3: Unable to set up delay as MII monitoring is disabled [ 216.458040][ T9337] bond3 (unregistering): Released all slaves [ 216.586690][ T9337] __nla_validate_parse: 19 callbacks suppressed [ 216.586711][ T9337] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1088'. [ 216.662088][ T9337] bond3: Unable to set up delay as MII monitoring is disabled [ 216.678113][ T9337] bond3 (unregistering): Released all slaves [ 216.751303][ T9337] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1088'. [ 216.856874][ T9337] bond3: Unable to set up delay as MII monitoring is disabled [ 216.870106][ T9337] bond3 (unregistering): Released all slaves [ 216.925166][ T30] audit: type=1804 audit(1777515175.893:54): pid=9384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1101" name="/newroot/223/cgroup.controllers" dev="tmpfs" ino=1165 res=1 errno=0 [ 217.007632][ T30] audit: type=1800 audit(1777515175.893:55): pid=9384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1101" name="cgroup.controllers" dev="tmpfs" ino=1165 res=0 errno=0 [ 217.124727][ T9392] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1104'. [ 217.164274][ T9392] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1104'. [ 217.177454][ T9388] netlink: 'syz.3.1105': attribute type 3 has an invalid length. [ 217.186208][ T9392] netlink: 'syz.4.1104': attribute type 15 has an invalid length. [ 217.202519][ T9392] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1104'. [ 217.232130][ T9392] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1104'. [ 217.262749][ T9392] netlink: 'syz.4.1104': attribute type 15 has an invalid length. [ 217.381884][ T9401] tipc: Enabling of bearer rejected, failed to enable media [ 217.446938][ T9406] netlink: 'syz.4.1110': attribute type 1 has an invalid length. [ 217.495866][ T9406] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 217.607033][ T9414] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 217.637336][ T9414] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1110'. [ 217.665616][ T9419] FAULT_INJECTION: forcing a failure. [ 217.665616][ T9419] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 217.680233][ T9419] CPU: 0 UID: 0 PID: 9419 Comm: syz.2.1116 Not tainted syzkaller #0 PREEMPT(full) [ 217.680264][ T9419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 217.680279][ T9419] Call Trace: [ 217.680287][ T9419] [ 217.680296][ T9419] dump_stack_lvl+0xe8/0x150 [ 217.680328][ T9419] should_fail_ex+0x412/0x560 [ 217.680361][ T9419] _copy_to_iter+0x1e4/0x17d0 [ 217.680392][ T9419] ? do_raw_spin_lock+0x12b/0x2f0 [ 217.680435][ T9419] ? __pfx__copy_to_iter+0x10/0x10 [ 217.680462][ T9419] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 217.680487][ T9419] ? lockdep_hardirqs_on+0x7a/0x110 [ 217.680512][ T9419] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 217.680536][ T9419] ? __skb_try_recv_datagram+0x3d4/0x4d0 [ 217.680573][ T9419] __skb_datagram_iter+0xf8/0x980 [ 217.680604][ T9419] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 217.680650][ T9419] skb_copy_datagram_iter+0xb5/0x240 [ 217.680689][ T9419] netlink_recvmsg+0x2c3/0xa50 [ 217.680727][ T9419] ? __pfx_netlink_recvmsg+0x10/0x10 [ 217.680760][ T9419] ? aa_sock_msg_perm+0xf1/0x1b0 [ 217.680790][ T9419] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 217.680819][ T9419] ? security_socket_recvmsg+0x7e/0x2c0 [ 217.680852][ T9419] ? __pfx_netlink_recvmsg+0x10/0x10 [ 217.680879][ T9419] sock_recvmsg+0x172/0x1b0 [ 217.680917][ T9419] __sys_recvfrom+0x240/0x3c0 [ 217.680949][ T9419] ? __pfx___sys_recvfrom+0x10/0x10 [ 217.681002][ T9419] ? exc_page_fault+0x6a/0xc0 [ 217.681031][ T9419] ? do_user_addr_fault+0xc6f/0x1340 [ 217.681059][ T9419] __x64_sys_recvfrom+0xde/0x100 [ 217.681086][ T9419] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.681111][ T9419] do_syscall_64+0x15f/0xf80 [ 217.681141][ T9419] ? trace_irq_disable+0x3b/0x140 [ 217.681173][ T9419] ? clear_bhb_loop+0x40/0x90 [ 217.681200][ T9419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.681221][ T9419] RIP: 0033:0x7f578575d60e [ 217.681241][ T9419] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 217.681261][ T9419] RSP: 002b:00007f5786570e88 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 217.681285][ T9419] RAX: ffffffffffffffda RBX: 00007f57865726c0 RCX: 00007f578575d60e [ 217.681301][ T9419] RDX: 0000000000001000 RSI: 00007f5786570fe0 RDI: 0000000000000004 [ 217.681315][ T9419] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 [ 217.681327][ T9419] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f57858331f2 [ 217.681341][ T9419] R13: 00007f5786570f90 R14: 000000000000000c R15: 0000000000000000 [ 217.681374][ T9419] [ 217.998420][ T9424] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1117'. [ 218.014354][ T9414] unsupported nlmsg_type 40 [ 218.024741][ T9414] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1110'. [ 218.046456][ T9419] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 218.108159][ T9414] 8021q: adding VLAN 0 to HW filter on device bond2 [ 218.129357][ T9428] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1120'. [ 218.150797][ T9428] netlink: 'syz.3.1120': attribute type 15 has an invalid length. [ 218.161266][ T9428] netlink: 'syz.3.1120': attribute type 15 has an invalid length. [ 218.189610][ T9414] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 218.435689][ T9442] syzkaller0: entered promiscuous mode [ 218.441696][ T9442] syzkaller0: entered allmulticast mode [ 220.784911][ T9489] FAULT_INJECTION: forcing a failure. [ 220.784911][ T9489] name failslab, interval 1, probability 0, space 0, times 0 [ 220.804775][ T9489] CPU: 0 UID: 0 PID: 9489 Comm: syz.1.1136 Not tainted syzkaller #0 PREEMPT(full) [ 220.804808][ T9489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 220.804822][ T9489] Call Trace: [ 220.804831][ T9489] [ 220.804841][ T9489] dump_stack_lvl+0xe8/0x150 [ 220.804872][ T9489] should_fail_ex+0x412/0x560 [ 220.804906][ T9489] should_failslab+0xa8/0x100 [ 220.804941][ T9489] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 220.804971][ T9489] ? __alloc_skb+0x186/0x7d0 [ 220.804995][ T9489] ? __alloc_skb+0x1d0/0x7d0 [ 220.805017][ T9489] ? __local_bh_enable_ip+0xd0/0x130 [ 220.805045][ T9489] __alloc_skb+0x1d0/0x7d0 [ 220.805075][ T9489] netlink_sendmsg+0x5d4/0xb40 [ 220.805111][ T9489] ? __pfx_netlink_sendmsg+0x10/0x10 [ 220.805141][ T9489] ? aa_sock_msg_perm+0xf1/0x1b0 [ 220.805180][ T9489] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 220.805214][ T9489] ____sys_sendmsg+0x972/0x9f0 [ 220.805241][ T9489] ? __might_fault+0xaf/0x130 [ 220.805275][ T9489] ? __pfx_____sys_sendmsg+0x10/0x10 [ 220.805313][ T9489] ? import_iovec+0x73/0xa0 [ 220.805347][ T9489] ___sys_sendmsg+0x2a5/0x360 [ 220.805374][ T9489] ? __lock_acquire+0x6b5/0x2cf0 [ 220.805403][ T9489] ? __pfx____sys_sendmsg+0x10/0x10 [ 220.805465][ T9489] ? __fget_files+0x2a/0x420 [ 220.805491][ T9489] ? __fget_files+0x3a0/0x420 [ 220.805528][ T9489] __x64_sys_sendmsg+0x1bd/0x2a0 [ 220.805560][ T9489] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 220.805599][ T9489] ? __pfx_ksys_write+0x10/0x10 [ 220.805639][ T9489] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.805662][ T9489] do_syscall_64+0x15f/0xf80 [ 220.805688][ T9489] ? trace_irq_disable+0x3b/0x140 [ 220.805720][ T9489] ? clear_bhb_loop+0x40/0x90 [ 220.805747][ T9489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.805768][ T9489] RIP: 0033:0x7fa9c919cdd9 [ 220.805789][ T9489] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 220.805807][ T9489] RSP: 002b:00007fa9ca063028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 220.805829][ T9489] RAX: ffffffffffffffda RBX: 00007fa9c9415fa0 RCX: 00007fa9c919cdd9 [ 220.805846][ T9489] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 220.805859][ T9489] RBP: 00007fa9ca063090 R08: 0000000000000000 R09: 0000000000000000 [ 220.805870][ T9489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 220.805882][ T9489] R13: 00007fa9c9416038 R14: 00007fa9c9415fa0 R15: 00007ffce47a51d8 [ 220.805915][ T9489] [ 221.386533][ T9512] syzkaller0: entered promiscuous mode [ 221.392354][ T9512] syzkaller0: entered allmulticast mode [ 221.402981][ T9510] netlink: 'syz.3.1141': attribute type 12 has an invalid length. [ 221.741195][ T9523] netlink: 'syz.0.1150': attribute type 25 has an invalid length. [ 223.527058][ T9540] macvlan2: entered promiscuous mode [ 223.542753][ T9540] macvlan2: entered allmulticast mode [ 223.562456][ T9540] team0: Device macvlan2 is already an upper device of the team interface [ 223.608862][ T9547] xt_hashlimit: size too large, truncated to 1048576 [ 223.705774][ T9553] __nla_validate_parse: 4 callbacks suppressed [ 223.705795][ T9553] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1157'. [ 224.025497][ T9565] netlink: 'syz.0.1163': attribute type 25 has an invalid length. [ 224.198435][ T9567] syzkaller0: entered promiscuous mode [ 224.209181][ T9567] syzkaller0: entered allmulticast mode [ 224.265573][ T9575] syzkaller0: entered promiscuous mode [ 224.274674][ T9575] syzkaller0: entered allmulticast mode [ 225.975668][ T9581] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 226.253643][ T9602] netlink: 'syz.3.1177': attribute type 25 has an invalid length. [ 226.437899][ T9606] syzkaller0: entered promiscuous mode [ 226.444404][ T9606] syzkaller0: entered allmulticast mode [ 226.486806][ T9615] netlink: 'syz.0.1182': attribute type 25 has an invalid length. [ 228.676354][ T9679] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1192'. [ 228.813101][ T9681] netlink: 'syz.0.1198': attribute type 25 has an invalid length. [ 228.856479][ T9686] ieee802154 phy0 wpan0: encryption failed: -22 [ 228.871455][ T9687] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1200'. [ 228.890759][ T9687] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1200'. [ 229.242260][ T9708] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1210'. [ 229.475165][ T9725] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1211'. [ 229.509245][ T9722] syzkaller0: entered promiscuous mode [ 229.529109][ T9722] syzkaller0: entered allmulticast mode [ 229.840481][ T9726] bond4: Unable to set peer notification delay as MII monitoring is disabled [ 229.879776][ T9726] bond4 (unregistering): Released all slaves [ 230.047771][ T9734] bond4: Unable to set peer notification delay as MII monitoring is disabled [ 230.059864][ T9734] bond4 (unregistering): Released all slaves [ 230.173432][ T9747] netlink: 4472 bytes leftover after parsing attributes in process `syz.1.1214'. [ 230.869820][ T9770] syzkaller0: entered promiscuous mode [ 230.878236][ T9770] syzkaller0: entered allmulticast mode [ 230.904028][ T9781] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1219'. [ 233.079168][ T9783] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1220'. [ 233.331493][ T9806] FAULT_INJECTION: forcing a failure. [ 233.331493][ T9806] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 233.365769][ T9806] CPU: 1 UID: 0 PID: 9806 Comm: syz.1.1226 Not tainted syzkaller #0 PREEMPT(full) [ 233.365801][ T9806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 233.365825][ T9806] Call Trace: [ 233.365834][ T9806] [ 233.365844][ T9806] dump_stack_lvl+0xe8/0x150 [ 233.365877][ T9806] should_fail_ex+0x412/0x560 [ 233.365918][ T9806] _copy_to_user+0x31/0xb0 [ 233.365952][ T9806] simple_read_from_buffer+0xe1/0x170 [ 233.365985][ T9806] proc_fail_nth_read+0x1bb/0x230 [ 233.366017][ T9806] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 233.366048][ T9806] ? rw_verify_area+0x2a6/0x4d0 [ 233.366079][ T9806] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 233.366108][ T9806] vfs_read+0x20c/0xa70 [ 233.366144][ T9806] ? __pfx___mutex_lock+0x10/0x10 [ 233.366174][ T9806] ? __pfx_vfs_read+0x10/0x10 [ 233.366206][ T9806] ? __fget_files+0x2a/0x420 [ 233.366237][ T9806] ? __fget_files+0x3a0/0x420 [ 233.366263][ T9806] ? __fget_files+0x2a/0x420 [ 233.366296][ T9806] ksys_read+0x150/0x270 [ 233.366329][ T9806] ? __pfx_ksys_read+0x10/0x10 [ 233.366359][ T9806] ? __pfx_sock_ioctl+0x10/0x10 [ 233.366397][ T9806] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.366421][ T9806] do_syscall_64+0x15f/0xf80 [ 233.366448][ T9806] ? clear_bhb_loop+0x40/0x90 [ 233.366475][ T9806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.366497][ T9806] RIP: 0033:0x7fa9c915d60e [ 233.366525][ T9806] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 233.366544][ T9806] RSP: 002b:00007fa9ca062fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 233.366568][ T9806] RAX: ffffffffffffffda RBX: 00007fa9ca0636c0 RCX: 00007fa9c915d60e [ 233.366584][ T9806] RDX: 000000000000000f RSI: 00007fa9ca0630a0 RDI: 0000000000000003 [ 233.366597][ T9806] RBP: 00007fa9ca063090 R08: 0000000000000000 R09: 0000000000000000 [ 233.366611][ T9806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.366623][ T9806] R13: 00007fa9c9416038 R14: 00007fa9c9415fa0 R15: 00007ffce47a51d8 [ 233.366659][ T9806] [ 233.639826][ T9811] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1224'. [ 233.649771][ T9814] netlink: 'syz.3.1228': attribute type 1 has an invalid length. [ 233.657979][ T9814] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1228'. [ 233.667326][ T9814] NCSI netlink: No device for ifindex 0 [ 233.906113][ T9824] netlink: 'syz.3.1233': attribute type 1 has an invalid length. [ 233.959035][ T9830] netlink: 248 bytes leftover after parsing attributes in process `syz.4.1234'. [ 234.078368][ T9835] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 234.392378][ T9859] netlink: 'syz.1.1249': attribute type 1 has an invalid length. [ 234.497527][ T9850] syzkaller0: entered promiscuous mode [ 234.503305][ T9850] syzkaller0: entered allmulticast mode [ 234.512377][ T3371] syzkaller0: tun_net_xmit 48 [ 234.799957][ T9873] netlink: 'syz.0.1254': attribute type 25 has an invalid length. [ 236.172351][ T9863] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 236.323679][ T9879] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.1256'. [ 236.575872][ T9896] FAULT_INJECTION: forcing a failure. [ 236.575872][ T9896] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 236.590342][ T9896] CPU: 1 UID: 0 PID: 9896 Comm: syz.4.1264 Not tainted syzkaller #0 PREEMPT(full) [ 236.590382][ T9896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 236.590397][ T9896] Call Trace: [ 236.590405][ T9896] [ 236.590415][ T9896] dump_stack_lvl+0xe8/0x150 [ 236.590445][ T9896] should_fail_ex+0x412/0x560 [ 236.590484][ T9896] _copy_from_iter+0x1d3/0x1670 [ 236.590546][ T9896] ? skb_set_owner_w+0x26c/0x3e0 [ 236.590595][ T9896] ? sock_alloc_send_pskb+0x896/0x990 [ 236.590639][ T9896] ? __pfx__copy_from_iter+0x10/0x10 [ 236.590692][ T9896] ip_generic_getfrag+0xeb/0x2d0 [ 236.590746][ T9896] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 236.590793][ T9896] ? __pfx_ip6_pol_route+0x10/0x10 [ 236.590832][ T9896] ? __lock_acquire+0x6b5/0x2cf0 [ 236.590860][ T9896] ? skb_put+0x11b/0x210 [ 236.590895][ T9896] __ip6_append_data+0x3127/0x3e90 [ 236.590957][ T9896] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 236.591016][ T9896] ? __pfx___ip6_append_data+0x10/0x10 [ 236.591044][ T9896] ? __pfx_ip6_mtu+0x10/0x10 [ 236.591076][ T9896] ip6_make_skb+0x2af/0x320 [ 236.591103][ T9896] ? sk_setup_caps+0x9ef/0xc40 [ 236.591130][ T9896] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 236.591173][ T9896] ? __pfx_ip6_make_skb+0x10/0x10 [ 236.591198][ T9896] ? ip6_dst_hoplimit+0x65/0x3e0 [ 236.591235][ T9896] ? ip6_dst_hoplimit+0x65/0x3e0 [ 236.591257][ T9896] ? ip6_dst_hoplimit+0x65/0x3e0 [ 236.591285][ T9896] udpv6_sendmsg+0x1db8/0x25c0 [ 236.591327][ T9896] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 236.591395][ T9896] ? inet_send_prepare+0x5c/0x270 [ 236.591439][ T9896] ? inet6_sendmsg+0xe4/0x120 [ 236.591474][ T9896] ____sys_sendmsg+0x5c7/0x9f0 [ 236.591507][ T9896] ? __might_fault+0xaf/0x130 [ 236.591542][ T9896] ? __pfx_____sys_sendmsg+0x10/0x10 [ 236.591579][ T9896] ? import_iovec+0x73/0xa0 [ 236.591616][ T9896] ___sys_sendmsg+0x2a5/0x360 [ 236.591642][ T9896] ? __lock_acquire+0x6b5/0x2cf0 [ 236.591667][ T9896] ? __pfx____sys_sendmsg+0x10/0x10 [ 236.591731][ T9896] ? __fget_files+0x2a/0x420 [ 236.591757][ T9896] ? __fget_files+0x3a0/0x420 [ 236.591806][ T9896] __x64_sys_sendmsg+0x1bd/0x2a0 [ 236.591837][ T9896] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 236.591876][ T9896] ? __pfx_ksys_write+0x10/0x10 [ 236.591916][ T9896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.591940][ T9896] do_syscall_64+0x15f/0xf80 [ 236.591964][ T9896] ? trace_irq_disable+0x3b/0x140 [ 236.591996][ T9896] ? clear_bhb_loop+0x40/0x90 [ 236.592023][ T9896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.592044][ T9896] RIP: 0033:0x7f81db39cdd9 [ 236.592064][ T9896] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 236.592083][ T9896] RSP: 002b:00007f81dc286028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 236.592106][ T9896] RAX: ffffffffffffffda RBX: 00007f81db615fa0 RCX: 00007f81db39cdd9 [ 236.592122][ T9896] RDX: 0000000000000000 RSI: 0000200000000f00 RDI: 0000000000000003 [ 236.592135][ T9896] RBP: 00007f81dc286090 R08: 0000000000000000 R09: 0000000000000000 [ 236.592149][ T9896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 236.592171][ T9896] R13: 00007f81db616038 R14: 00007f81db615fa0 R15: 00007fffe95cbab8 [ 236.592213][ T9896] [ 236.937726][ T9900] xt_hashlimit: size too large, truncated to 1048576 [ 236.954457][ T9904] xt_hashlimit: size too large, truncated to 1048576 [ 236.961948][ T9897] syzkaller0: entered promiscuous mode [ 236.967997][ T9897] syzkaller0: entered allmulticast mode [ 237.205105][ T9909] netlink: 'syz.4.1265': attribute type 24 has an invalid length. [ 237.435210][ T9918] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1269'. [ 239.151352][ T9918] .`¹ (unregistering): (slave bond_slave_0): Releasing backup interface [ 239.178617][ T9918] .`¹ (unregistering): (slave bond_slave_1): Releasing backup interface [ 239.194650][ T9942] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1270'. [ 239.205454][ T9918] .`¹ (unregistering): Released all slaves [ 239.215180][ T9942] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1270'. [ 239.226678][ T9942] netlink: 'syz.4.1270': attribute type 15 has an invalid length. [ 239.258916][ T9942] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1270'. [ 239.275017][ T9942] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1270'. [ 239.284671][ T9942] netlink: 'syz.4.1270': attribute type 15 has an invalid length. [ 239.431196][ T9947] ±ÿ: renamed from team_slave_1 (while UP) [ 239.572503][ T9960] netlink: 'syz.3.1276': attribute type 1 has an invalid length. [ 239.586605][ T9962] xt_hashlimit: size too large, truncated to 1048576 [ 239.831419][ T9980] bond1: option mode: unable to set because the bond device has slaves [ 239.846380][ T9980] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 239.947907][ T9987] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1285'. [ 240.000905][ T9989] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1286'. [ 240.311161][T10008] bond5: entered promiscuous mode [ 240.327353][T10013] FAULT_INJECTION: forcing a failure. [ 240.327353][T10013] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 240.344309][T10013] CPU: 1 UID: 0 PID: 10013 Comm: syz.1.1294 Not tainted syzkaller #0 PREEMPT(full) [ 240.344341][T10013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 240.344354][T10013] Call Trace: [ 240.344362][T10013] [ 240.344371][T10013] dump_stack_lvl+0xe8/0x150 [ 240.344402][T10013] should_fail_ex+0x412/0x560 [ 240.344435][T10013] _copy_from_user+0x2d/0xb0 [ 240.344466][T10013] __sys_sendto+0x2b0/0x710 [ 240.344495][T10013] ? __pfx___sys_sendto+0x10/0x10 [ 240.344547][T10013] ? fput_close_sync+0x11f/0x240 [ 240.344574][T10013] ? __pfx_fput_close_sync+0x10/0x10 [ 240.344609][T10013] __x64_sys_sendto+0xde/0x100 [ 240.344635][T10013] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.344658][T10013] do_syscall_64+0x15f/0xf80 [ 240.344683][T10013] ? trace_irq_disable+0x3b/0x140 [ 240.344715][T10013] ? clear_bhb_loop+0x40/0x90 [ 240.344742][T10013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.344763][T10013] RIP: 0033:0x7fa9c915d60e [ 240.344783][T10013] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 240.344803][T10013] RSP: 002b:00007fa9ca061de8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 240.344826][T10013] RAX: ffffffffffffffda RBX: 00007fa9ca0636c0 RCX: 00007fa9c915d60e [ 240.344842][T10013] RDX: 0000000000000024 RSI: 00007fa9ca061fe0 RDI: 0000000000000004 [ 240.344878][T10013] RBP: 0000000000000000 R08: 00007fa9ca061e64 R09: 000000000000000c [ 240.344891][T10013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 240.344904][T10013] R13: 0000000000000000 R14: 00007fa9ca061fe0 R15: 0000000000000000 [ 240.344936][T10013] [ 240.347972][T10013] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 240.746639][T10021] netlink: 'syz.4.1298': attribute type 24 has an invalid length. [ 240.786886][T10023] netlink: 'syz.3.1299': attribute type 4 has an invalid length. [ 240.809447][T10023] netlink: 'syz.3.1299': attribute type 3 has an invalid length. [ 241.045611][T10039] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1303'. [ 241.108571][T10037] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.131952][T10043] netem: incorrect gi model size [ 241.139368][T10043] netem: change failed [ 241.155515][T10042] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.238626][T10042] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.326566][T10056] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.419081][T10061] netlink: 'syz.2.1312': attribute type 25 has an invalid length. [ 241.496099][T10063] : entered promiscuous mode [ 241.691425][T10074] netlink: 'syz.1.1315': attribute type 10 has an invalid length. [ 241.928390][T10086] netdevsim netdevsim2: Direct firmware load for  failed with error -2 [ 241.958954][T10092] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1321'. [ 241.965491][T10086] netdevsim netdevsim2: Falling back to sysfs fallback for:  [ 241.998743][T10092] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1321'. [ 242.980098][ T30] audit: type=1804 audit(1777515201.943:56): pid=10127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1331" name="/newroot/264/cgroup.controllers" dev="tmpfs" ino=1367 res=1 errno=0 [ 243.013664][ T30] audit: type=1800 audit(1777515201.973:57): pid=10127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1331" name="cgroup.controllers" dev="tmpfs" ino=1367 res=0 errno=0 [ 243.364413][ T30] audit: type=1804 audit(1777515202.323:58): pid=10134 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1333" name="/newroot/266/cgroup.controllers" dev="tmpfs" ino=1380 res=1 errno=0 [ 243.398106][ T30] audit: type=1800 audit(1777515202.323:59): pid=10134 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1333" name="cgroup.controllers" dev="tmpfs" ino=1380 res=0 errno=0 [ 244.382627][T10150] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1339'. [ 244.404754][T10150] netlink: 'syz.3.1339': attribute type 29 has an invalid length. [ 244.423426][T10150] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1339'. [ 244.446457][T10155] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1339'. [ 244.472016][T10155] netlink: 'syz.3.1339': attribute type 29 has an invalid length. [ 244.489671][T10155] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1339'. [ 244.656388][T10164] xt_hashlimit: size too large, truncated to 1048576 [ 244.916436][T10184] netlink: 'syz.0.1348': attribute type 1 has an invalid length. [ 244.998839][T10184] 8021q: adding VLAN 0 to HW filter on device bond3 [ 245.222520][T10194] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1350'. [ 245.245955][T10195] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1349'. [ 245.271651][T10195] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1349'. [ 245.309300][T10195] netlink: 'syz.0.1349': attribute type 15 has an invalid length. [ 245.330319][T10195] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1349'. [ 245.360040][T10195] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1349'. [ 245.376717][T10201] team0: Port device gretap3 added [ 245.382027][T10195] netlink: 'syz.0.1349': attribute type 15 has an invalid length. [ 245.616496][ T30] audit: type=1804 audit(1777515204.583:60): pid=10217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1359" name="/newroot/249/cgroup.controllers" dev="tmpfs" ino=1305 res=1 errno=0 [ 245.659340][ T30] audit: type=1800 audit(1777515204.603:61): pid=10217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1359" name="cgroup.controllers" dev="tmpfs" ino=1305 res=0 errno=0 [ 245.984959][T10236] FAULT_INJECTION: forcing a failure. [ 245.984959][T10236] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 246.027229][T10236] CPU: 0 UID: 0 PID: 10236 Comm: syz.3.1365 Not tainted syzkaller #0 PREEMPT(full) [ 246.027262][T10236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 246.027275][T10236] Call Trace: [ 246.027283][T10236] [ 246.027292][T10236] dump_stack_lvl+0xe8/0x150 [ 246.027323][T10236] should_fail_ex+0x412/0x560 [ 246.027355][T10236] _copy_from_user+0x2d/0xb0 [ 246.027386][T10236] __sys_sendto+0x2b0/0x710 [ 246.027416][T10236] ? __pfx___sys_sendto+0x10/0x10 [ 246.027475][T10236] ? fput_close_sync+0x11f/0x240 [ 246.027502][T10236] ? __pfx_fput_close_sync+0x10/0x10 [ 246.027538][T10236] __x64_sys_sendto+0xde/0x100 [ 246.027565][T10236] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.027589][T10236] do_syscall_64+0x15f/0xf80 [ 246.027614][T10236] ? trace_irq_disable+0x3b/0x140 [ 246.027646][T10236] ? clear_bhb_loop+0x40/0x90 [ 246.027671][T10236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.027692][T10236] RIP: 0033:0x7f425ff5d60e [ 246.027711][T10236] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 246.027729][T10236] RSP: 002b:00007f425e1ecde8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 246.027752][T10236] RAX: ffffffffffffffda RBX: 00007f425e1ee6c0 RCX: 00007f425ff5d60e [ 246.027768][T10236] RDX: 0000000000000024 RSI: 00007f425e1ecfe0 RDI: 0000000000000004 [ 246.027782][T10236] RBP: 0000000000000000 R08: 00007f425e1ece64 R09: 000000000000000c [ 246.027795][T10236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 246.027807][T10236] R13: 0000000000000000 R14: 00007f425e1ecfe0 R15: 0000000000000000 [ 246.027838][T10236] [ 246.209626][T10243] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 246.460486][T10254] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1372'. [ 246.785873][T10272] nbd: socks must be embedded in a SOCK_ITEM attr [ 247.276087][T10306] syz_tun: entered allmulticast mode [ 248.252601][T10359] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 248.333410][T10359] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 248.419459][T10359] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 248.490431][T10374] bond6: entered allmulticast mode [ 248.526166][T10374] bond6 (unregistering): Released all slaves [ 248.809733][ T30] audit: type=1804 audit(1777515207.773:62): pid=10392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1414" name="/newroot/280/cgroup.controllers" dev="tmpfs" ino=1458 res=1 errno=0 [ 248.858159][ T30] audit: type=1800 audit(1777515207.803:63): pid=10392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1414" name="cgroup.controllers" dev="tmpfs" ino=1458 res=0 errno=0 [ 248.956617][T10401] netlink: 'syz.1.1417': attribute type 11 has an invalid length. [ 249.131229][T10418] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 249.218596][T10416] bond1: option mode: unable to set because the bond device has slaves [ 249.237769][T10421] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 249.494317][T10426] bond3: Removing last ns target with arp_interval on [ 249.550877][T10435] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.602037][T10435] bridge_slave_0 (unregistering): left allmulticast mode [ 249.626644][T10435] bridge_slave_0 (unregistering): left promiscuous mode [ 249.647881][T10435] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.709403][ T30] audit: type=1804 audit(1777515208.673:64): pid=10451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1430" name="/newroot/325/cgroup.controllers" dev="tmpfs" ino=1688 res=1 errno=0 [ 249.747080][T10445] netlink: 'syz.3.1429': attribute type 29 has an invalid length. [ 249.772030][T10448] __nla_validate_parse: 6 callbacks suppressed [ 249.772053][T10448] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1429'. [ 249.803382][ T30] audit: type=1800 audit(1777515208.703:65): pid=10451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1430" name="cgroup.controllers" dev="tmpfs" ino=1688 res=0 errno=0 [ 249.826031][ T242] netdevsim netdevsim4 netdevsim0: set [0, 1] type 1 family 0 port 8472 - 0 [ 249.846846][ T242] netdevsim netdevsim4 netdevsim1: set [0, 1] type 1 family 0 port 8472 - 0 [ 249.868630][ T242] netdevsim netdevsim4 netdevsim2: set [0, 1] type 1 family 0 port 8472 - 0 [ 249.879864][ T242] netdevsim netdevsim4 netdevsim3: set [0, 1] type 1 family 0 port 8472 - 0 [ 250.492760][T10482] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1439'. [ 250.683815][T10488] macvlan2: entered promiscuous mode [ 250.704537][T10488] macvlan2: entered allmulticast mode [ 250.921863][T10500] netlink: 'syz.3.1446': attribute type 25 has an invalid length. [ 250.935533][T10507] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1448'. [ 250.958168][T10507] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1448'. [ 250.986993][T10507] netlink: 'syz.2.1448': attribute type 15 has an invalid length. [ 251.015861][T10507] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1448'. [ 251.035911][T10507] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1448'. [ 251.058957][T10507] netlink: 'syz.2.1448': attribute type 15 has an invalid length. [ 251.074991][T10515] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1451'. [ 251.114297][T10518] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1450'. [ 251.147829][T10518] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 251.299782][T10520] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1453'. [ 251.386230][T10528] nbd4: detected capacity change from 0 to 63 [ 251.397329][T10531] block nbd4: NBD_DISCONNECT [ 251.416668][T10531] block nbd4: Disconnected due to user request. [ 251.443960][T10531] block nbd4: shutting down sockets [ 251.485494][ C1] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 251.495129][ C1] Buffer I/O error on dev nbd4, logical block 0, async page read [ 251.507573][ C0] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 251.516753][ C0] Buffer I/O error on dev nbd4, logical block 1, async page read [ 251.524650][ C0] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 251.533883][ C0] Buffer I/O error on dev nbd4, logical block 2, async page read [ 251.541772][ C0] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 251.550921][ C0] Buffer I/O error on dev nbd4, logical block 3, async page read [ 251.563679][T10199] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 251.573148][T10534] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 251.589609][T10533] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 251.601871][T10199] Buffer I/O error on dev nbd4, logical block 0, async page read [ 251.611390][T10199] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 251.621315][T10199] Buffer I/O error on dev nbd4, logical block 1, async page read [ 251.630009][T10199] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 251.641664][T10199] Buffer I/O error on dev nbd4, logical block 2, async page read [ 251.650159][T10199] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 251.660548][T10199] Buffer I/O error on dev nbd4, logical block 3, async page read [ 251.671531][T10199] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 251.680235][T10534] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 251.688551][T10199] Buffer I/O error on dev nbd4, logical block 0, async page read [ 251.699960][T10199] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 251.710854][T10199] Buffer I/O error on dev nbd4, logical block 1, async page read [ 251.726114][T10199] ldm_validate_partition_table(): Disk read failed. [ 251.736887][T10199] Dev nbd4: unable to read RDB block 0 [ 251.779258][T10199] nbd4: unable to read partition table [ 251.848743][T10199] ldm_validate_partition_table(): Disk read failed. [ 251.870221][T10538] netlink: 'syz.2.1459': attribute type 1 has an invalid length. [ 251.886458][T10199] Dev nbd4: unable to read RDB block 0 [ 251.896206][T10539] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1458'. [ 251.901115][T10199] nbd4: unable to read partition table [ 251.935118][T10543] xt_hashlimit: size too large, truncated to 1048576 [ 252.025911][T10547] xt_hashlimit: size too large, truncated to 1048576 [ 252.756681][T10583] netlink: 'syz.2.1471': attribute type 1 has an invalid length. [ 252.931898][T10587] netlink: 'syz.2.1472': attribute type 7 has an invalid length. [ 253.054576][T10594] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 253.118586][T10594] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 253.161599][T10601] xt_hashlimit: size too large, truncated to 1048576 [ 253.191915][T10603] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 253.456564][ T30] audit: type=1804 audit(1777515212.423:66): pid=10611 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1479" name="/newroot/334/cgroup.controllers" dev="tmpfs" ino=1736 res=1 errno=0 [ 253.463669][ T5645] Bluetooth: hci4: command 0x0405 tx timeout [ 253.583306][ T30] audit: type=1800 audit(1777515212.443:67): pid=10611 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1479" name="cgroup.controllers" dev="tmpfs" ino=1736 res=0 errno=0 [ 253.585510][T10614] netlink: 'syz.3.1480': attribute type 5 has an invalid length. [ 253.846480][T10629] netlink: 'syz.3.1485': attribute type 1 has an invalid length. [ 254.170466][ T50] Bluetooth: hci4: link tx timeout [ 254.179498][ T50] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 254.231185][T10643] xt_hashlimit: size too large, truncated to 1048576 [ 254.350096][ T30] audit: type=1804 audit(1777515213.313:68): pid=10650 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1493" name="/newroot/270/cgroup.controllers" dev="tmpfs" ino=1414 res=1 errno=0 [ 254.394809][ T30] audit: type=1800 audit(1777515213.343:69): pid=10650 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1493" name="cgroup.controllers" dev="tmpfs" ino=1414 res=0 errno=0 [ 254.580156][T10655] syzkaller0: entered promiscuous mode [ 254.592421][T10655] syzkaller0: entered allmulticast mode [ 254.620130][T10657] syzkaller0: entered promiscuous mode [ 254.627803][T10657] syzkaller0: entered allmulticast mode [ 254.868355][T10662] syzkaller0: entered promiscuous mode [ 254.876852][T10662] syzkaller0: entered allmulticast mode [ 255.949062][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.955853][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.277750][ T50] Bluetooth: hci4: command 0x0405 tx timeout [ 256.788384][T10670] syzkaller0: entered promiscuous mode [ 256.798335][T10670] syzkaller0: entered allmulticast mode [ 256.893817][T10684] FAULT_INJECTION: forcing a failure. [ 256.893817][T10684] name failslab, interval 1, probability 0, space 0, times 0 [ 256.959299][T10684] CPU: 0 UID: 0 PID: 10684 Comm: syz.4.1504 Not tainted syzkaller #0 PREEMPT(full) [ 256.959329][T10684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 256.959342][T10684] Call Trace: [ 256.959351][T10684] [ 256.959359][T10684] dump_stack_lvl+0xe8/0x150 [ 256.959389][T10684] should_fail_ex+0x412/0x560 [ 256.959421][T10684] should_failslab+0xa8/0x100 [ 256.959455][T10684] __kmalloc_noprof+0xe8/0x760 [ 256.959485][T10684] ? sock_kmalloc+0xd6/0x160 [ 256.959518][T10684] sock_kmalloc+0xd6/0x160 [ 256.959549][T10684] ____sys_sendmsg+0x1c2/0x9f0 [ 256.959585][T10684] ? __pfx_____sys_sendmsg+0x10/0x10 [ 256.959623][T10684] ? import_iovec+0x73/0xa0 [ 256.959651][T10684] ___sys_sendmsg+0x2a5/0x360 [ 256.959679][T10684] ? __lock_acquire+0x6b5/0x2cf0 [ 256.959702][T10684] ? __pfx____sys_sendmsg+0x10/0x10 [ 256.959757][T10684] ? __fget_files+0x2a/0x420 [ 256.959780][T10684] ? __fget_files+0x3a0/0x420 [ 256.959811][T10684] __x64_sys_sendmsg+0x1bd/0x2a0 [ 256.959837][T10684] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 256.959868][T10684] ? __pfx_ksys_write+0x10/0x10 [ 256.959902][T10684] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.959922][T10684] do_syscall_64+0x15f/0xf80 [ 256.959943][T10684] ? trace_irq_disable+0x3b/0x140 [ 256.959971][T10684] ? clear_bhb_loop+0x40/0x90 [ 256.959994][T10684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.960012][T10684] RIP: 0033:0x7f81db39cdd9 [ 256.960033][T10684] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 256.960052][T10684] RSP: 002b:00007f81dc286028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 256.960074][T10684] RAX: ffffffffffffffda RBX: 00007f81db615fa0 RCX: 00007f81db39cdd9 [ 256.960089][T10684] RDX: 0000000000048010 RSI: 0000200000000440 RDI: 0000000000000003 [ 256.960103][T10684] RBP: 00007f81dc286090 R08: 0000000000000000 R09: 0000000000000000 [ 256.960116][T10684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 256.960127][T10684] R13: 00007f81db616038 R14: 00007f81db615fa0 R15: 00007fffe95cbab8 [ 256.960160][T10684] [ 257.042291][T10689] __nla_validate_parse: 2 callbacks suppressed [ 257.042345][T10689] netlink: 207952 bytes leftover after parsing attributes in process `syz.1.1506'. [ 258.199857][T10717] FAULT_INJECTION: forcing a failure. [ 258.199857][T10717] name failslab, interval 1, probability 0, space 0, times 0 [ 258.215378][T10717] CPU: 0 UID: 0 PID: 10717 Comm: syz.2.1513 Not tainted syzkaller #0 PREEMPT(full) [ 258.215400][T10717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 258.215410][T10717] Call Trace: [ 258.215416][T10717] [ 258.215423][T10717] dump_stack_lvl+0xe8/0x150 [ 258.215445][T10717] should_fail_ex+0x412/0x560 [ 258.215469][T10717] should_failslab+0xa8/0x100 [ 258.215493][T10717] ? skb_clone+0x212/0x3a0 [ 258.215518][T10717] kmem_cache_alloc_noprof+0x87/0x650 [ 258.215539][T10717] ? __netlink_lookup+0xc6/0x8b0 [ 258.215563][T10717] skb_clone+0x212/0x3a0 [ 258.215592][T10717] __netlink_deliver_tap+0x404/0x850 [ 258.215619][T10717] ? netlink_deliver_tap+0x2e/0x1b0 [ 258.215639][T10717] netlink_deliver_tap+0x19c/0x1b0 [ 258.215659][T10717] netlink_unicast+0x730/0x8e0 [ 258.215683][T10717] netlink_sendmsg+0x813/0xb40 [ 258.215708][T10717] ? __pfx_netlink_sendmsg+0x10/0x10 [ 258.215730][T10717] ? aa_sock_msg_perm+0xf1/0x1b0 [ 258.215752][T10717] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 258.215782][T10717] ? __pfx_netlink_sendmsg+0x10/0x10 [ 258.215809][T10717] __sys_sendto+0x672/0x710 [ 258.215833][T10717] ? __pfx___sys_sendto+0x10/0x10 [ 258.215872][T10717] ? fput_close_sync+0x11f/0x240 [ 258.215891][T10717] ? __pfx_fput_close_sync+0x10/0x10 [ 258.215916][T10717] __x64_sys_sendto+0xde/0x100 [ 258.215934][T10717] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.215951][T10717] do_syscall_64+0x15f/0xf80 [ 258.215969][T10717] ? trace_irq_disable+0x3b/0x140 [ 258.215992][T10717] ? clear_bhb_loop+0x40/0x90 [ 258.216011][T10717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.216026][T10717] RIP: 0033:0x7f578575d60e [ 258.216041][T10717] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 258.216054][T10717] RSP: 002b:00007f5786570de8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 258.216100][T10717] RAX: ffffffffffffffda RBX: 00007f57865726c0 RCX: 00007f578575d60e [ 258.216124][T10717] RDX: 0000000000000024 RSI: 00007f5786570fe0 RDI: 0000000000000004 [ 258.216138][T10717] RBP: 0000000000000000 R08: 00007f5786570e64 R09: 000000000000000c [ 258.216152][T10717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 258.216164][T10717] R13: 0000000000000000 R14: 00007f5786570fe0 R15: 0000000000000000 [ 258.216195][T10717] [ 258.465117][T10718] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 259.569054][T10728] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1518'. [ 259.594756][T10728] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1518'. [ 259.645254][T10720] nbd0: detected capacity change from 0 to 63 [ 259.667963][T10725] block nbd0: NBD_DISCONNECT [ 259.681822][T10725] block nbd0: Disconnected due to user request. [ 259.689259][T10725] block nbd0: shutting down sockets [ 259.702037][T10730] blk_print_req_error: 138 callbacks suppressed [ 259.702059][T10730] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 259.766652][T10730] buffer_io_error: 138 callbacks suppressed [ 259.766671][T10730] Buffer I/O error on dev nbd0, logical block 0, async page read [ 259.864254][ T4959] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 3 prio class 2 [ 259.878669][ T4959] Buffer I/O error on dev nbd0, logical block 1, async page read [ 259.887111][ T4959] Buffer I/O error on dev nbd0, logical block 2, async page read [ 259.895487][ T4959] Buffer I/O error on dev nbd0, logical block 3, async page read [ 259.905033][T10730] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 259.919143][T10730] Buffer I/O error on dev nbd0, logical block 0, async page read [ 259.927587][T10730] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 259.937376][T10730] Buffer I/O error on dev nbd0, logical block 1, async page read [ 259.945948][T10730] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 259.955500][T10730] Buffer I/O error on dev nbd0, logical block 2, async page read [ 259.964044][T10730] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 259.974117][T10730] Buffer I/O error on dev nbd0, logical block 3, async page read [ 259.982220][T10730] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 259.993141][T10730] Buffer I/O error on dev nbd0, logical block 0, async page read [ 260.001346][T10730] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 260.010586][T10730] Buffer I/O error on dev nbd0, logical block 1, async page read [ 260.018799][T10730] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 260.032392][T10730] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 260.058872][T10730] ldm_validate_partition_table(): Disk read failed. [ 260.085394][T10730] Dev nbd0: unable to read RDB block 0 [ 260.101692][T10730] nbd0: unable to read partition table [ 260.118780][T10730] ldm_validate_partition_table(): Disk read failed. [ 260.128381][T10730] Dev nbd0: unable to read RDB block 0 [ 260.139358][T10730] nbd0: unable to read partition table [ 260.211880][T10754] FAULT_INJECTION: forcing a failure. [ 260.211880][T10754] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 260.239727][T10754] CPU: 0 UID: 0 PID: 10754 Comm: syz.4.1523 Not tainted syzkaller #0 PREEMPT(full) [ 260.239758][T10754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 260.239771][T10754] Call Trace: [ 260.239780][T10754] [ 260.239790][T10754] dump_stack_lvl+0xe8/0x150 [ 260.239822][T10754] should_fail_ex+0x412/0x560 [ 260.239856][T10754] _copy_from_user+0x2d/0xb0 [ 260.239889][T10754] ___sys_sendmsg+0x1c6/0x360 [ 260.239916][T10754] ? __lock_acquire+0x6b5/0x2cf0 [ 260.239969][T10754] ? __pfx____sys_sendmsg+0x10/0x10 [ 260.240033][T10754] ? __fget_files+0x2a/0x420 [ 260.240059][T10754] ? __fget_files+0x3a0/0x420 [ 260.240095][T10754] __x64_sys_sendmsg+0x1bd/0x2a0 [ 260.240125][T10754] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 260.240162][T10754] ? __pfx_ksys_write+0x10/0x10 [ 260.240201][T10754] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.240225][T10754] do_syscall_64+0x15f/0xf80 [ 260.240249][T10754] ? trace_irq_disable+0x3b/0x140 [ 260.240282][T10754] ? clear_bhb_loop+0x40/0x90 [ 260.240310][T10754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.240340][T10754] RIP: 0033:0x7f81db39cdd9 [ 260.240361][T10754] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 260.240380][T10754] RSP: 002b:00007f81dc286028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 260.240404][T10754] RAX: ffffffffffffffda RBX: 00007f81db615fa0 RCX: 00007f81db39cdd9 [ 260.240420][T10754] RDX: 0000000004000080 RSI: 0000200000001200 RDI: 0000000000000003 [ 260.240434][T10754] RBP: 00007f81dc286090 R08: 0000000000000000 R09: 0000000000000000 [ 260.240448][T10754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 260.240461][T10754] R13: 00007f81db616038 R14: 00007f81db615fa0 R15: 00007fffe95cbab8 [ 260.240496][T10754] [ 260.720231][T10771] syzkaller0: entered promiscuous mode [ 260.739760][T10771] syzkaller0: entered allmulticast mode [ 260.899661][ T30] audit: type=1804 audit(1777515219.863:70): pid=10778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1534" name="/newroot/280/cgroup.controllers" dev="tmpfs" ino=1468 res=1 errno=0 [ 260.967121][ T30] audit: type=1800 audit(1777515219.863:71): pid=10778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1534" name="cgroup.controllers" dev="tmpfs" ino=1468 res=0 errno=0 [ 261.300510][T10799] netlink: 'syz.2.1543': attribute type 1 has an invalid length. [ 261.353151][T10799] 8021q: adding VLAN 0 to HW filter on device bond6 [ 261.430728][ T30] audit: type=1804 audit(1777515220.393:72): pid=10808 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1546" name="/newroot/291/cgroup.controllers" dev="tmpfs" ino=1515 res=1 errno=0 [ 261.459881][ T30] audit: type=1800 audit(1777515220.393:73): pid=10808 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1546" name="cgroup.controllers" dev="tmpfs" ino=1515 res=0 errno=0 [ 261.570030][ T30] audit: type=1804 audit(1777515220.533:74): pid=10815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1548" name="/newroot/292/cgroup.controllers" dev="tmpfs" ino=1523 res=1 errno=0 [ 261.617412][ T30] audit: type=1800 audit(1777515220.533:75): pid=10815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1548" name="cgroup.controllers" dev="tmpfs" ino=1523 res=0 errno=0 [ 261.697691][T10796] nbd1: detected capacity change from 0 to 63 [ 261.730107][T10806] block nbd1: NBD_DISCONNECT [ 261.741204][T10821] openvswitch: netlink: IP tunnel TTL not specified. [ 261.771697][T10806] block nbd1: Disconnected due to user request. [ 261.798075][T10806] block nbd1: shutting down sockets [ 261.819960][T10730] ldm_validate_partition_table(): Disk read failed. [ 261.838912][T10730] Dev nbd1: unable to read RDB block 0 [ 261.855130][T10730] nbd1: unable to read partition table [ 261.898756][T10730] ldm_validate_partition_table(): Disk read failed. [ 261.918783][T10730] Dev nbd1: unable to read RDB block 0 [ 261.938604][T10730] nbd1: unable to read partition table [ 262.130935][T10829] syzkaller0: entered promiscuous mode [ 262.137061][T10829] syzkaller0: entered allmulticast mode [ 264.081146][T10850] bond1: option mode: unable to set because the bond device has slaves [ 264.089759][T10853] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 264.242669][ T30] audit: type=1804 audit(1777515223.203:76): pid=10874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1568" name="/newroot/295/cgroup.controllers" dev="tmpfs" ino=1541 res=1 errno=0 [ 264.305004][ T30] audit: type=1800 audit(1777515223.203:77): pid=10874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1568" name="cgroup.controllers" dev="tmpfs" ino=1541 res=0 errno=0 [ 264.360151][T10872] bond4: option arp_all_targets: invalid value (18446744073709551613) [ 264.378353][T10872] bond4 (unregistering): Released all slaves [ 264.564359][T10891] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 264.604703][T10891] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1573'. [ 264.793131][T10901] syzkaller0: entered promiscuous mode [ 264.799001][T10901] syzkaller0: entered allmulticast mode [ 264.808941][T10904] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 265.499505][T10925] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1585'. [ 265.564584][T10926] sctp: [Deprecated]: syz.3.1585 (pid 10926) Use of int in max_burst socket option. [ 265.564584][T10926] Use struct sctp_assoc_value instead [ 265.586906][T10926] trusted_key: syz.3.1585 sent an empty control message without MSG_MORE. [ 266.754980][T10925] bridge_slave_1: left allmulticast mode [ 266.760724][T10925] bridge_slave_1: left promiscuous mode [ 266.767080][T10925] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.780262][T10925] bridge_slave_0: left allmulticast mode [ 266.787273][T10925] bridge_slave_0: left promiscuous mode [ 266.793264][T10925] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.117349][T10937] netlink: 'syz.1.1591': attribute type 6 has an invalid length. [ 267.184224][T10944] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 267.574692][T10956] syzkaller0: entered promiscuous mode [ 267.595917][T10956] syzkaller0: entered allmulticast mode [ 268.037357][T10995] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1602'. [ 268.047799][T10995] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1602'. [ 268.057493][T10995] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1602'. [ 270.076698][ T30] audit: type=1804 audit(1777515229.043:78): pid=11015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1611" name="/newroot/359/cgroup.controllers" dev="tmpfs" ino=1865 res=1 errno=0 [ 270.156298][ T30] audit: type=1800 audit(1777515229.043:79): pid=11015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1611" name="cgroup.controllers" dev="tmpfs" ino=1865 res=0 errno=0 [ 270.183595][T11021] IPVS: lc: FWM 3 0x00000003 - no destination available [ 270.354761][T11023] syzkaller0: entered promiscuous mode [ 270.360417][T11023] syzkaller0: entered allmulticast mode [ 270.367942][T11030] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 270.568881][T11046] netlink: 'syz.4.1622': attribute type 11 has an invalid length. [ 270.665455][T11050] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 270.688198][T11051] IPVS: set_ctl: invalid protocol: 12 172.20.20.19:20000 [ 270.752003][T11050] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 270.853553][T11061] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 272.734370][T11083] FAULT_INJECTION: forcing a failure. [ 272.734370][T11083] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 272.805629][T11083] CPU: 1 UID: 0 PID: 11083 Comm: syz.3.1628 Not tainted syzkaller #0 PREEMPT(full) [ 272.805659][T11083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 272.805673][T11083] Call Trace: [ 272.805682][T11083] [ 272.805691][T11083] dump_stack_lvl+0xe8/0x150 [ 272.805722][T11083] should_fail_ex+0x412/0x560 [ 272.805755][T11083] _copy_from_user+0x2d/0xb0 [ 272.805786][T11083] ___sys_sendmsg+0x1c6/0x360 [ 272.805814][T11083] ? __lock_acquire+0x6b5/0x2cf0 [ 272.805843][T11083] ? __pfx____sys_sendmsg+0x10/0x10 [ 272.805877][T11083] ? kstrtouint+0x6e/0xe0 [ 272.805927][T11083] ? __fget_files+0x2a/0x420 [ 272.805954][T11083] ? __fget_files+0x3a0/0x420 [ 272.805992][T11083] __sys_sendmmsg+0x27c/0x4e0 [ 272.806025][T11083] ? __pfx___sys_sendmmsg+0x10/0x10 [ 272.806052][T11083] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 272.806106][T11083] ? ksys_write+0x242/0x270 [ 272.806139][T11083] ? __pfx_ksys_write+0x10/0x10 [ 272.806176][T11083] __x64_sys_sendmmsg+0xa0/0xc0 [ 272.806214][T11083] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.806236][T11083] do_syscall_64+0x15f/0xf80 [ 272.806260][T11083] ? trace_irq_disable+0x3b/0x140 [ 272.806292][T11083] ? clear_bhb_loop+0x40/0x90 [ 272.806319][T11083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.806341][T11083] RIP: 0033:0x7f425ff9cdd9 [ 272.806360][T11083] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 272.806378][T11083] RSP: 002b:00007f425e1ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 272.806401][T11083] RAX: ffffffffffffffda RBX: 00007f4260215fa0 RCX: 00007f425ff9cdd9 [ 272.806417][T11083] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003 [ 272.806431][T11083] RBP: 00007f425e1ee090 R08: 0000000000000000 R09: 0000000000000000 [ 272.806445][T11083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 272.806458][T11083] R13: 00007f4260216038 R14: 00007f4260215fa0 R15: 00007ffc93933168 [ 272.806492][T11083] [ 273.218420][T11102] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1636'. [ 273.382355][T11112] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1639'. [ 273.530262][T11125] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 273.556320][T11126] netlink: 112 bytes leftover after parsing attributes in process `syz.3.1643'. [ 273.623894][T11130] bond2: option mode: unable to set because the bond device has slaves [ 273.633177][T11130] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 274.204621][T11161] netlink: 'syz.0.1655': attribute type 39 has an invalid length. [ 274.896748][T11194] netlink: 'syz.0.1663': attribute type 1 has an invalid length. [ 274.936189][T11193] xt_hashlimit: size too large, truncated to 1048576 [ 274.998732][ T8553] IPVS: starting estimator thread 0... [ 275.099140][T11200] xt_TCPMSS: Only works on TCP SYN packets [ 275.113618][T11198] IPVS: using max 29 ests per chain, 69600 per kthread [ 275.141718][T11203] netlink: 'syz.0.1666': attribute type 1 has an invalid length. [ 275.244423][T11203] bond5: entered promiscuous mode [ 275.271654][T11203] 8021q: adding VLAN 0 to HW filter on device bond5 [ 275.429382][T11207] bridge1: entered promiscuous mode [ 275.444836][T11207] bond5: (slave bridge1): Enslaving as a backup interface with an up link [ 275.494856][ T3350] bond5: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 275.532831][T11203] veth5: entered promiscuous mode [ 275.547469][T11203] veth5: entered allmulticast mode [ 275.634495][ T78] bond5: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 275.687238][T11213] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 275.724962][ T30] audit: type=1804 audit(1777515234.693:80): pid=11215 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1671" name="/newroot/372/cgroup.controllers" dev="tmpfs" ino=1937 res=1 errno=0 [ 275.770753][T11213] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 275.793466][ T30] audit: type=1800 audit(1777515234.693:81): pid=11215 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1671" name="cgroup.controllers" dev="tmpfs" ino=1937 res=0 errno=0 [ 275.837367][T11221] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1673'. [ 275.856710][T11221] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1673'. [ 275.868525][T11213] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 275.878614][T11221] netlink: 'syz.3.1673': attribute type 15 has an invalid length. [ 275.905425][T11218] bond6: entered allmulticast mode [ 275.921461][T11221] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1673'. [ 275.932248][T11221] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1673'. [ 275.942681][T11221] netlink: 'syz.3.1673': attribute type 15 has an invalid length. [ 275.955139][T11218] bond6 (unregistering): Released all slaves [ 276.017963][T11231] netlink: 'syz.1.1676': attribute type 1 has an invalid length. [ 276.100725][T11236] FAULT_INJECTION: forcing a failure. [ 276.100725][T11236] name failslab, interval 1, probability 0, space 0, times 0 [ 276.133142][T11236] CPU: 1 UID: 0 PID: 11236 Comm: syz.3.1677 Not tainted syzkaller #0 PREEMPT(full) [ 276.133174][T11236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 276.133192][T11236] Call Trace: [ 276.133200][T11236] [ 276.133209][T11236] dump_stack_lvl+0xe8/0x150 [ 276.133241][T11236] should_fail_ex+0x412/0x560 [ 276.133275][T11236] should_failslab+0xa8/0x100 [ 276.133309][T11236] ? skb_clone+0x212/0x3a0 [ 276.133338][T11236] kmem_cache_alloc_noprof+0x87/0x650 [ 276.133367][T11236] ? __netlink_lookup+0xc6/0x8b0 [ 276.133402][T11236] skb_clone+0x212/0x3a0 [ 276.133435][T11236] __netlink_deliver_tap+0x404/0x850 [ 276.133475][T11236] ? netlink_deliver_tap+0x2e/0x1b0 [ 276.133503][T11236] netlink_deliver_tap+0x19c/0x1b0 [ 276.133532][T11236] netlink_unicast+0x730/0x8e0 [ 276.133567][T11236] netlink_sendmsg+0x813/0xb40 [ 276.133605][T11236] ? __pfx_netlink_sendmsg+0x10/0x10 [ 276.133637][T11236] ? aa_sock_msg_perm+0xf1/0x1b0 [ 276.133667][T11236] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 276.133702][T11236] ____sys_sendmsg+0x972/0x9f0 [ 276.133730][T11236] ? __might_fault+0xaf/0x130 [ 276.133764][T11236] ? __pfx_____sys_sendmsg+0x10/0x10 [ 276.133803][T11236] ? import_iovec+0x73/0xa0 [ 276.133837][T11236] ___sys_sendmsg+0x2a5/0x360 [ 276.133864][T11236] ? __lock_acquire+0x6b5/0x2cf0 [ 276.133894][T11236] ? __pfx____sys_sendmsg+0x10/0x10 [ 276.133928][T11236] ? kstrtouint+0x6e/0xe0 [ 276.133989][T11236] ? __fget_files+0x2a/0x420 [ 276.134015][T11236] ? __fget_files+0x3a0/0x420 [ 276.134053][T11236] __sys_sendmmsg+0x27c/0x4e0 [ 276.134087][T11236] ? __pfx___sys_sendmmsg+0x10/0x10 [ 276.134113][T11236] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 276.134170][T11236] ? ksys_write+0x242/0x270 [ 276.134203][T11236] ? __pfx_ksys_write+0x10/0x10 [ 276.134242][T11236] __x64_sys_sendmmsg+0xa0/0xc0 [ 276.134270][T11236] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.134293][T11236] do_syscall_64+0x15f/0xf80 [ 276.134317][T11236] ? trace_irq_disable+0x3b/0x140 [ 276.134351][T11236] ? clear_bhb_loop+0x40/0x90 [ 276.134378][T11236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.134400][T11236] RIP: 0033:0x7f425ff9cdd9 [ 276.134420][T11236] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 276.134438][T11236] RSP: 002b:00007f425e1ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 276.134462][T11236] RAX: ffffffffffffffda RBX: 00007f4260215fa0 RCX: 00007f425ff9cdd9 [ 276.134478][T11236] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003 [ 276.134492][T11236] RBP: 00007f425e1ee090 R08: 0000000000000000 R09: 0000000000000000 [ 276.134506][T11236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 276.134518][T11236] R13: 00007f4260216038 R14: 00007f4260215fa0 R15: 00007ffc93933168 [ 276.134553][T11236] [ 276.724341][T11253] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1682'. [ 277.349522][T11274] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1686'. [ 277.447451][T11277] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 277.607187][T11291] FAULT_INJECTION: forcing a failure. [ 277.607187][T11291] name failslab, interval 1, probability 0, space 0, times 0 [ 277.657517][T11291] CPU: 0 UID: 0 PID: 11291 Comm: syz.3.1690 Not tainted syzkaller #0 PREEMPT(full) [ 277.657548][T11291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 277.657563][T11291] Call Trace: [ 277.657572][T11291] [ 277.657582][T11291] dump_stack_lvl+0xe8/0x150 [ 277.657613][T11291] should_fail_ex+0x412/0x560 [ 277.657647][T11291] should_failslab+0xa8/0x100 [ 277.657682][T11291] ? skb_clone+0x212/0x3a0 [ 277.657711][T11291] kmem_cache_alloc_noprof+0x87/0x650 [ 277.657742][T11291] ? __netlink_lookup+0xc6/0x8b0 [ 277.657777][T11291] skb_clone+0x212/0x3a0 [ 277.657810][T11291] __netlink_deliver_tap+0x404/0x850 [ 277.657851][T11291] ? netlink_deliver_tap+0x2e/0x1b0 [ 277.657880][T11291] netlink_deliver_tap+0x19c/0x1b0 [ 277.657909][T11291] netlink_unicast+0x730/0x8e0 [ 277.657945][T11291] netlink_sendmsg+0x813/0xb40 [ 277.657990][T11291] ? __pfx_netlink_sendmsg+0x10/0x10 [ 277.658021][T11291] ? aa_sock_msg_perm+0xf1/0x1b0 [ 277.658052][T11291] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 277.658087][T11291] ____sys_sendmsg+0x972/0x9f0 [ 277.658115][T11291] ? __might_fault+0xaf/0x130 [ 277.658151][T11291] ? __pfx_____sys_sendmsg+0x10/0x10 [ 277.658189][T11291] ? import_iovec+0x73/0xa0 [ 277.658224][T11291] ___sys_sendmsg+0x2a5/0x360 [ 277.658252][T11291] ? __lock_acquire+0x6b5/0x2cf0 [ 277.658280][T11291] ? __pfx____sys_sendmsg+0x10/0x10 [ 277.658315][T11291] ? kstrtouint+0x6e/0xe0 [ 277.658369][T11291] ? __fget_files+0x2a/0x420 [ 277.658395][T11291] ? __fget_files+0x3a0/0x420 [ 277.658433][T11291] __sys_sendmmsg+0x27c/0x4e0 [ 277.658473][T11291] ? __pfx___sys_sendmmsg+0x10/0x10 [ 277.658499][T11291] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 277.658557][T11291] ? ksys_write+0x242/0x270 [ 277.658591][T11291] ? __pfx_ksys_write+0x10/0x10 [ 277.658653][T11291] __x64_sys_sendmmsg+0xa0/0xc0 [ 277.658681][T11291] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.658705][T11291] do_syscall_64+0x15f/0xf80 [ 277.658730][T11291] ? trace_irq_disable+0x3b/0x140 [ 277.658764][T11291] ? clear_bhb_loop+0x40/0x90 [ 277.658792][T11291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.658814][T11291] RIP: 0033:0x7f425ff9cdd9 [ 277.658835][T11291] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 277.658854][T11291] RSP: 002b:00007f425e1ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 277.658877][T11291] RAX: ffffffffffffffda RBX: 00007f4260215fa0 RCX: 00007f425ff9cdd9 [ 277.658893][T11291] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003 [ 277.658907][T11291] RBP: 00007f425e1ee090 R08: 0000000000000000 R09: 0000000000000000 [ 277.658921][T11291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 277.658934][T11291] R13: 00007f4260216038 R14: 00007f4260215fa0 R15: 00007ffc93933168 [ 277.658979][T11291] [ 278.067364][T11295] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1691'. [ 278.160502][T11295] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.170769][T11295] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.336035][T11301] openvswitch: netlink: Key type 87 is out of range max 32 [ 278.518282][T11315] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1696'. [ 278.537671][T11315] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1696'. [ 279.122980][T11327] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1699'. [ 279.133340][T11329] x_tables: ip6_tables: cgroup match: used from hooks FORWARD, but only valid from INPUT/OUTPUT/POSTROUTING [ 279.147422][T11330] x_tables: ip6_tables: cgroup match: used from hooks FORWARD, but only valid from INPUT/OUTPUT/POSTROUTING [ 279.372630][T11336] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1702'. [ 279.432261][T11341] FAULT_INJECTION: forcing a failure. [ 279.432261][T11341] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 279.446986][T11341] CPU: 1 UID: 0 PID: 11341 Comm: syz.0.1705 Not tainted syzkaller #0 PREEMPT(full) [ 279.447015][T11341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 279.447029][T11341] Call Trace: [ 279.447038][T11341] [ 279.447046][T11341] dump_stack_lvl+0xe8/0x150 [ 279.447077][T11341] should_fail_ex+0x412/0x560 [ 279.447111][T11341] _copy_from_user+0x2d/0xb0 [ 279.447146][T11341] do_ipv6_setsockopt+0x25c/0x3150 [ 279.447174][T11341] ? get_pid_task+0x20/0x1f0 [ 279.447211][T11341] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 279.447238][T11341] ? get_pid_task+0x20/0x1f0 [ 279.447265][T11341] ? get_pid_task+0x20/0x1f0 [ 279.447290][T11341] ? get_pid_task+0x20/0x1f0 [ 279.447327][T11341] ? __lock_acquire+0x6b5/0x2cf0 [ 279.447372][T11341] ? aa_sk_perm+0x6d5/0x900 [ 279.447400][T11341] ? __fget_files+0x2a/0x420 [ 279.447430][T11341] ? __pfx_aa_sk_perm+0x10/0x10 [ 279.447459][T11341] ? __fget_files+0x2a/0x420 [ 279.447482][T11341] ? aa_sock_opt_perm+0xff/0x1a0 [ 279.447512][T11341] ipv6_setsockopt+0x59/0x170 [ 279.447539][T11341] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 279.447564][T11341] do_sock_setsockopt+0x17c/0x1b0 [ 279.447594][T11341] __x64_sys_setsockopt+0x13d/0x1b0 [ 279.447623][T11341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.447646][T11341] do_syscall_64+0x15f/0xf80 [ 279.447678][T11341] ? trace_irq_disable+0x3b/0x140 [ 279.447709][T11341] ? clear_bhb_loop+0x40/0x90 [ 279.447737][T11341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.447758][T11341] RIP: 0033:0x7f9481f9cdd9 [ 279.447777][T11341] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 279.447795][T11341] RSP: 002b:00007f9482edb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 279.447820][T11341] RAX: ffffffffffffffda RBX: 00007f9482215fa0 RCX: 00007f9481f9cdd9 [ 279.447835][T11341] RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000005 [ 279.447849][T11341] RBP: 00007f9482edb090 R08: 0000000000000020 R09: 0000000000000000 [ 279.447862][T11341] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001 [ 279.447876][T11341] R13: 00007f9482216038 R14: 00007f9482215fa0 R15: 00007ffe2754cbc8 [ 279.447910][T11341] [ 279.942119][T11352] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1709'. [ 279.992720][T11354] netlink: 'syz.0.1708': attribute type 25 has an invalid length. [ 280.060096][T11356] bond1: option mode: unable to set because the bond device has slaves [ 280.084816][T11356] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 280.137445][T11360] netlink: 'syz.1.1711': attribute type 1 has an invalid length. [ 280.156152][T11360] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1711'. [ 280.175263][T11360] NCSI netlink: No device for ifindex 0 [ 280.261799][ T30] audit: type=1804 audit(1777515239.223:82): pid=11365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1714" name="/newroot/349/cgroup.controllers" dev="tmpfs" ino=1801 res=1 errno=0 [ 280.340282][ T30] audit: type=1800 audit(1777515239.253:83): pid=11365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1714" name="cgroup.controllers" dev="tmpfs" ino=1801 res=0 errno=0 [ 280.435995][T11371] FAULT_INJECTION: forcing a failure. [ 280.435995][T11371] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 280.463390][T11371] CPU: 0 UID: 0 PID: 11371 Comm: syz.0.1717 Not tainted syzkaller #0 PREEMPT(full) [ 280.463420][T11371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 280.463433][T11371] Call Trace: [ 280.463443][T11371] [ 280.463452][T11371] dump_stack_lvl+0xe8/0x150 [ 280.463484][T11371] should_fail_ex+0x412/0x560 [ 280.463515][T11371] _copy_from_user+0x2d/0xb0 [ 280.463547][T11371] ipv6_flowlabel_opt+0x147/0x28e0 [ 280.463584][T11371] ? __lock_acquire+0x6b5/0x2cf0 [ 280.463612][T11371] ? __pfx_ipv6_flowlabel_opt+0x10/0x10 [ 280.463642][T11371] ? aa_file_perm+0x192/0x15e0 [ 280.463689][T11371] ? do_raw_spin_lock+0x12b/0x2f0 [ 280.463719][T11371] ? lock_sock_nested+0x6a/0x100 [ 280.463754][T11371] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 280.463797][T11371] ? __local_bh_enable_ip+0xd0/0x130 [ 280.463826][T11371] do_ipv6_setsockopt+0xd9f/0x3150 [ 280.463863][T11371] ? get_pid_task+0x20/0x1f0 [ 280.463901][T11371] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 280.463927][T11371] ? get_pid_task+0x20/0x1f0 [ 280.463955][T11371] ? get_pid_task+0x20/0x1f0 [ 280.463980][T11371] ? get_pid_task+0x20/0x1f0 [ 280.464019][T11371] ? __lock_acquire+0x6b5/0x2cf0 [ 280.464065][T11371] ? aa_sk_perm+0x6d5/0x900 [ 280.464093][T11371] ? __fget_files+0x2a/0x420 [ 280.464125][T11371] ? __pfx_aa_sk_perm+0x10/0x10 [ 280.464154][T11371] ? __fget_files+0x2a/0x420 [ 280.464177][T11371] ? aa_sock_opt_perm+0xff/0x1a0 [ 280.464208][T11371] ipv6_setsockopt+0x59/0x170 [ 280.464235][T11371] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 280.464260][T11371] do_sock_setsockopt+0x17c/0x1b0 [ 280.464291][T11371] __x64_sys_setsockopt+0x13d/0x1b0 [ 280.464320][T11371] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.464342][T11371] do_syscall_64+0x15f/0xf80 [ 280.464367][T11371] ? trace_irq_disable+0x3b/0x140 [ 280.464398][T11371] ? clear_bhb_loop+0x40/0x90 [ 280.464425][T11371] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.464446][T11371] RIP: 0033:0x7f9481f9cdd9 [ 280.464467][T11371] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 280.464486][T11371] RSP: 002b:00007f9482edb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 280.464509][T11371] RAX: ffffffffffffffda RBX: 00007f9482215fa0 RCX: 00007f9481f9cdd9 [ 280.464525][T11371] RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000005 [ 280.464538][T11371] RBP: 00007f9482edb090 R08: 0000000000000020 R09: 0000000000000000 [ 280.464555][T11371] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001 [ 280.464569][T11371] R13: 00007f9482216038 R14: 00007f9482215fa0 R15: 00007ffe2754cbc8 [ 280.464604][T11371] [ 280.470402][T11369] tipc: Enabling of bearer rejected, media not registered [ 281.015120][T11396] bond2: option mode: unable to set because the bond device has slaves [ 281.034392][T11396] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 281.066453][ T9767] ------------[ cut here ]------------ [ 281.072117][ T9767] !sta [ 281.072151][ T9767] WARNING: net/mac80211/mlme.c:4522 at ieee80211_mgd_probe_ap_send+0x497/0x560, CPU#1: kworker/u8:17/9767 [ 281.086529][ T9767] Modules linked in: [ 281.092045][ T9767] CPU: 1 UID: 0 PID: 9767 Comm: kworker/u8:17 Not tainted syzkaller #0 PREEMPT(full) [ 281.101751][ T9767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 281.112007][ T9767] Workqueue: events_unbound cfg80211_wiphy_work [ 281.118604][ T9767] RIP: 0010:ieee80211_mgd_probe_ap_send+0x497/0x560 [ 281.125673][ T9767] Code: 4c 89 fe 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 6d e5 7d f6 e8 e8 d5 91 f6 90 0f 0b 90 e9 3a fc ff ff e8 da d5 91 f6 90 <0f> 0b 90 e9 d3 fc ff ff e8 cc d5 91 f6 90 0f 0b 90 e9 3c ff ff ff [ 281.145752][ T9767] RSP: 0018:ffffc90004c67a40 EFLAGS: 00010293 [ 281.151945][ T9767] RAX: ffffffff8b33cdd6 RBX: ffff8880561c4e40 RCX: ffff88807ac39ec0 [ 281.160325][ T9767] RDX: 0000000000000000 RSI: ffffffff8e2176f3 RDI: ffff88807ac39ec0 [ 281.168851][ T9767] RBP: 0000000000000001 R08: ffff88807ac39ec0 R09: 000000000000000c [ 281.177475][ T9767] R10: 000000000000000c R11: 0000000000000000 R12: ffff8880561c6b6a [ 281.185741][ T9767] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff8880561c5dc0 [ 281.193834][ T9767] FS: 0000000000000000(0000) GS:ffff888125393000(0000) knlGS:0000000000000000 [ 281.202821][ T9767] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 281.209511][ T9767] CR2: 00007f1a9c9f8130 CR3: 0000000034a06000 CR4: 00000000003526f0 [ 281.217688][ T9767] Call Trace: [ 281.221012][ T9767] [ 281.224055][ T9767] cfg80211_wiphy_work+0x2cf/0x460 [ 281.229243][ T9767] ? process_scheduled_works+0xa70/0x1860 [ 281.235196][ T9767] process_scheduled_works+0xb5d/0x1860 [ 281.240865][ T9767] ? __pfx_process_scheduled_works+0x10/0x10 [ 281.247147][ T9767] ? assign_work+0x3d5/0x5e0 [ 281.251808][ T9767] worker_thread+0xa53/0xfc0 [ 281.256591][ T9767] kthread+0x388/0x470 [ 281.260769][ T9767] ? __pfx_worker_thread+0x10/0x10 [ 281.266205][ T9767] ? __pfx_kthread+0x10/0x10 [ 281.271177][ T9767] ret_from_fork+0x514/0xb70 [ 281.276051][ T9767] ? __pfx_ret_from_fork+0x10/0x10 [ 281.281259][ T9767] ? __switch_to+0xc79/0x1410 [ 281.286172][ T9767] ? __pfx_kthread+0x10/0x10 [ 281.290828][ T9767] ret_from_fork_asm+0x1a/0x30 [ 281.295750][ T9767] [ 281.298843][ T9767] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 281.306287][ T9767] CPU: 1 UID: 0 PID: 9767 Comm: kworker/u8:17 Not tainted syzkaller #0 PREEMPT(full) [ 281.315882][ T9767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 281.325985][ T9767] Workqueue: events_unbound cfg80211_wiphy_work [ 281.332900][ T9767] Call Trace: [ 281.336267][ T9767] [ 281.339270][ T9767] vpanic+0x56c/0xa60 [ 281.343304][ T9767] ? __pfx__printk+0x10/0x10 [ 281.347949][ T9767] ? __pfx_vpanic+0x10/0x10 [ 281.352500][ T9767] ? is_bpf_text_address+0x292/0x2b0 [ 281.357847][ T9767] ? is_bpf_text_address+0x26/0x2b0 [ 281.363107][ T9767] panic+0xc5/0xd0 [ 281.366883][ T9767] ? __pfx_panic+0x10/0x10 [ 281.371362][ T9767] ? ret_from_fork_asm+0x1a/0x30 [ 281.376354][ T9767] __warn+0x315/0x4c0 [ 281.380387][ T9767] ? ieee80211_mgd_probe_ap_send+0x497/0x560 [ 281.386430][ T9767] ? ieee80211_mgd_probe_ap_send+0x497/0x560 [ 281.392481][ T9767] __report_bug+0x29a/0x540 [ 281.397055][ T9767] ? lock_acquire+0x106/0x350 [ 281.401793][ T9767] ? ieee80211_mgd_probe_ap_send+0x497/0x560 [ 281.407871][ T9767] ? __pfx___report_bug+0x10/0x10 [ 281.412943][ T9767] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 281.418778][ T9767] ? lockdep_hardirqs_on+0x7a/0x110 [ 281.424015][ T9767] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 281.430135][ T9767] ? __wake_up_common_lock+0x190/0x1f0 [ 281.435722][ T9767] ? consume_skb+0x89/0xb0 [ 281.440202][ T9767] ? ieee80211_mgd_probe_ap_send+0x497/0x560 [ 281.446302][ T9767] report_bug+0x16a/0x220 [ 281.450753][ T9767] ? ieee80211_mgd_probe_ap_send+0x497/0x560 [ 281.456769][ T9767] ? ieee80211_mgd_probe_ap_send+0x499/0x560 [ 281.462789][ T9767] handle_bug+0x9c/0x200 [ 281.467077][ T9767] exc_invalid_op+0x1a/0x50 [ 281.471877][ T9767] asm_exc_invalid_op+0x1a/0x20 [ 281.476930][ T9767] RIP: 0010:ieee80211_mgd_probe_ap_send+0x497/0x560 [ 281.483565][ T9767] Code: 4c 89 fe 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 6d e5 7d f6 e8 e8 d5 91 f6 90 0f 0b 90 e9 3a fc ff ff e8 da d5 91 f6 90 <0f> 0b 90 e9 d3 fc ff ff e8 cc d5 91 f6 90 0f 0b 90 e9 3c ff ff ff [ 281.503297][ T9767] RSP: 0018:ffffc90004c67a40 EFLAGS: 00010293 [ 281.509420][ T9767] RAX: ffffffff8b33cdd6 RBX: ffff8880561c4e40 RCX: ffff88807ac39ec0 [ 281.517434][ T9767] RDX: 0000000000000000 RSI: ffffffff8e2176f3 RDI: ffff88807ac39ec0 [ 281.525448][ T9767] RBP: 0000000000000001 R08: ffff88807ac39ec0 R09: 000000000000000c [ 281.533448][ T9767] R10: 000000000000000c R11: 0000000000000000 R12: ffff8880561c6b6a [ 281.541447][ T9767] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff8880561c5dc0 [ 281.549566][ T9767] ? ieee80211_mgd_probe_ap_send+0x496/0x560 [ 281.555611][ T9767] cfg80211_wiphy_work+0x2cf/0x460 [ 281.560850][ T9767] ? process_scheduled_works+0xa70/0x1860 [ 281.566599][ T9767] process_scheduled_works+0xb5d/0x1860 [ 281.572205][ T9767] ? __pfx_process_scheduled_works+0x10/0x10 [ 281.578321][ T9767] ? assign_work+0x3d5/0x5e0 [ 281.582991][ T9767] worker_thread+0xa53/0xfc0 [ 281.587636][ T9767] kthread+0x388/0x470 [ 281.591739][ T9767] ? __pfx_worker_thread+0x10/0x10 [ 281.597016][ T9767] ? __pfx_kthread+0x10/0x10 [ 281.602025][ T9767] ret_from_fork+0x514/0xb70 [ 281.606672][ T9767] ? __pfx_ret_from_fork+0x10/0x10 [ 281.611820][ T9767] ? __switch_to+0xc79/0x1410 [ 281.616628][ T9767] ? __pfx_kthread+0x10/0x10 [ 281.621272][ T9767] ret_from_fork_asm+0x1a/0x30 [ 281.626193][ T9767] [ 281.630158][ T9767] Kernel Offset: disabled [ 281.634897][ T9767] Rebooting in 86400 seconds..