last executing test programs: 22.564966104s ago: executing program 4 (id=6243): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000002c0)) ioctl$PPPIOCSACTIVE(r0, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0}) read(r0, 0x0, 0xff40) pread64(r0, 0x0, 0x0, 0x8) write$ppp(r0, &(0x7f0000000200)="bc72", 0x2) r1 = socket(0xa, 0x3, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x4e1c, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001240)='io.stat\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f00000011c0)=0x6, 0x4) r4 = socket$inet_sctp(0x2, 0x1, 0x84) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000000c0)={'ip_vti0\x00', &(0x7f0000000000)=@ethtool_gstrings={0x1b, 0x8}}) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r4, 0x84, 0x1e, &(0x7f00000000c0)=0x6, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001200)=[{&(0x7f0000001180)="5c000000130001ec9e3be35c6e17aa31076b876c1d0000ef7da60864160af36507001ac004", 0x25}, {&(0x7f0000000140)="675da4166183b4b264a55c295aeaf5e7ab60fe16a1d7c1f0eca3158d6aada144cb11d38f82162c1d294e421fefdc47703f4c72a2a8b82b180573dfb8e85d8c317176e52546fb95b678e499bb0e99f332ae1cf985537eb813bc7ff9f0e94d3f8de42c378ff95703d0f9f72d64ac73059fa44867811eb3f612c4820c71062a8ee72b9abbcbc73ce73d3f8fd115936585c1b724042311eec33d55ca8b00bb260c8ec48a5943e5e2e8d869bff930ac0ec7c6712ab70a27f3e1449cfa8e96b1b560c7a3898ab42dc1778c6ac600de066d3bf2c93a338ea68e1bc0b9e556961160395bdffab1ff692d68adcf7ba46d1d9dc52f6454f79db93159c9a8f4d096b8d46944a19fc22ce4ef42f42a699ac6b764c3ffde6a7047d99ff487f16661fb5cb0fb982c2afbf2c1cd46b5f4c095e073cc435ca2729023805a4f2a6f503b9a6357ff60ddb4473fc2d54413035508c5b7c015915fbe148096224c15465f61b938dbc20f3683bbc66f7bb0b98b4bcfd7cc8a034995ea611fde48b608d9b1406970e0fc5d51da900055f3385b8c00dec50d50325d8b51cbd744bea3adb799da7aebd1e5028523f237a2e1c13277e5e551bf6789d94bff84533dccd07e3641f3e4445203a306052721553454fc499c675cdb82f262c596c25e270403a816bac102fa284b3204e1626510d9f8e619f46a480213d1a896afbaad572679d31fdda8917a109073848070b96e91c174c9444ee1e692bbf76f21ae1f41fc67e533f45bfcc11afc7b7855f49592e79c43eff2a2087c419d8696a203167ea1bf53d4922c8fdefde8c22635c17835fde8fe3d8e87d8b1a5971393261cfc581ce6a0a9ef0d7983e45e7cef04d576034ad4b0bba288bca32ec26d70359a5d9e316b9c5ca1d83a856dcecf5b6979e4360b66df561cd03046b7513baac47c38b8810c3dcf6bb9c6239982a3d4717612d3d9751c925155e914de03931e7fa846b65bf57db271d6cf9efff46e06828e7eaa419dca7664a69f5749f1a8ec6d8745d44c46197e550e6d866a6a1dfd8062899b0e414337e8d055687fe9025608057353d3164eb0a5f5266f0ea19632eff2a08f3fffe293190d559f41d7029e3b8a98ad50d55d6f57da009647595e80fad6dce1b889d2ab34d3626afc0cc6b6abe49a23aea855294689b369b69d7d8047a26d44e64f8fce79ff4a2da32c4c161ed37ba98fc690f20d2540ad1bea38b2565201eb9b11110944b6c5de46e33de6604cae15f8d2c6171c9ee56c9fc6ee976c275b2ae4e6605cf1814b06c8ca7142eb8cfa3e8535d53091b6348745182feff1033f0efc940f93d7317087382be162e9f10c341fefbb7cf30a8dc4d7ee3a16d94518c1661481c88148a259a2488a5868a26cc66149767bb6ce167f53a643827c6edd390da8d2195d1b1bbdb9c7f56ec958a7483fbcf9dd1262bb264d816f254940a85514068e3396f6b48df8e8ed95b742306c5fbe362486fd52a7a3e5dd08c55de0cc024c1ef9d6b4b58388aa1ef54259fde0e5609f8d6d37cd8ab62e11a81811f5741c94c14a938e8bc73b5e332c3bf5f993bdba6e6c770b795bbd17b0cc87d7410d6b048fd441ee0cd26812595a617694fe53804505654177dfdac15b92daf5de96b23bc2b8b9251b260a255c919b83a6fcea37bbf289805f48ef8bf1a70463c2f827837364b86a68da1f58ac550cee5c5bf49d3effa150b454e5b41be5375ff45708d0ab5e04b0aebc87455f6fb136e4492c027022a1bccd102872a3f4d24dd8772c40a0924ce614ced08f5008ffb5265e464b773ed2233fb53f5c9b67e5db2b81bd5b4e4a32fc779a2ae19feece8ff6034b91b8ff0a6595b38267ef6f2336ed720929349bca25549b994bd14b8f0b322c121bcb7407433a1feda6a89f58cbf40c222998885dc2a04d74b9851aae8c64c98b6a44673fbafd9a69d191231fdb8439939f4d877acdabbb32c0b5ec571f8492e3c873e7ae4285542bc79254303d574c87262b79d8c8ac74eca178077775198c3e086408426d8fd1c487a6a43309c78d4c790635f2d4ae03753ba20f7a7f0d52beb7768089f81783c4580b02a80ed9f76d05a783b5672ffb37239b7b31e575ec29cee7c8fdea1c4d8275dccb970d61c9308d5f61a4ecc396da99b48e81cc8b5ead01713249806e5ae6007f420b3fc322f355de4e7043ab78e121be8458f1104a7178d74154c0c14e8964f87934e7505d17cc5a3a48acbf37fc0cbf571290fc4fbc80a5eb69e1a5a842ddce4db96d453fd4e53428902301f3e6e31471f7001433c81b06abea19e8eecee3dece5b56e279cf199dda5df447f682566649665047e4f8c9c4d385cc754ea010c87b4937ec87de02c2499b64c50dff4abdd4ae2e1e3dad27b399b0a65262a3fd4990186ce935200052f897ce34cb30f7b4e19a2d9d8448bae67d406c2f6b1a250829e6bc8d78564e8cb76f96cb80951eb36c783c0c2d78b20b0dc42d460abc93b576710f7b2728ec87a0ed18102772df07784e3e0a4b00eb7fe8e20435b221cc40b8f244c4b3e12065299cb25b8eb392558b30679ab8c03154809f2497912dfc06f6e44d49191b1cd7dcf1027c4893e8d4a9af18307d6087eefbf616bde7aaa00192a4eb08298f5c13f1d27eaf763793e5cd02e0cb8b8a4b24074cd0d94150824af94d2381d18f176538a762b312cf6ed1ad5e51592d0a8819a840f2a8ca5d72c68a7f54c2510e2d648ef9da680e99725b58867b63fea2aa77ca8dd684b2b4a7ea16a0a23a406646af115b50f3c71b2918f71d7d35759f646791b294689d9cc11bd4bc1f6630239542614aeb28612cd01160496b4e7041ca363bf9f4eaf6482873e3aad0889453a42be4d570a233ab349b2deb8a9bb92f8df4c90e7dead4ae19843b8215cb56c5072071bd9007aaeec3dbbb380096836a58a1ef22b4361fe6bf95fd9a0a5f08bd67b50ae7ce1fcfb4c87837dc593a73e802e4d4c60e4ffebe70b36bb611e1610abfe993e7baac98815e2e825e3049b62b018e5d7240d89576b7d6f00dc603bee1699a944af748ba620f06a2eb5d6df2496758b9f868b03c77c7e70594aeaf71f964c36254ff2aa4d71dcad81a7ca37fd2b318cd6f9e82abeb67bf15c5ccba38e4d7d207ee8eca6b95c818e216b4d6035b6cf19a2a433ec2aafaf8734efff6058e3d3fc486fa8bebf4030b822404035ff9e869c72ebf39c972f44b5a9835f22d730414d29fbf02ea4106fd2111c80d36bc073ddc8a28d34531f5c5b399d5c0bcba81858b9742481acc62fa1e681f991311ac8461deecfc22d0f7edc277c679edd2f70f1086ed35cc3e9a2b0d39a738d7bac97479382ed8dc626a3fe9475780625f6fa3d2ecd735c2dec5e902a9c15de24c89a8cb971d6ccd64c11721c723e32ad7912a2b10cdce8b28cb430758a77ec3f035ea39b9e28975b76905eaf03576890f20434abc74b044254b71971ec52b0ff8e860ba7811e7d444d8af6ec323a533dbe5a5ea4b1f14ba3fd135c2f59058458408de1fd8c7d01beddfc266059885651ac1a599fcde560e307ca756c5a72d018da8e580b62ec5e85dba8e8ad7e755118c5e7662a297ced33bce4cd1d5fc3494d7eacfa1a92472b6912b1c9dc34c09737c6c18982d7eefee6e49ede331ce4a5f202113382000e0e5dce836b63dcf50bda9530dce4c064e28f2e157362ec636bab70832090571e47df4b17dd6ddc23b8b7be6ae4aeada618311fe972b74e311b0f05439b14fd6ace4db62006b18741722e96dfb655c9fc85b91407c4f215da64e8378804ddf46edb54abdc9dd12b8b03c2ba540d207d8b13d3e30a1e1442aa95f8bf3f40a590c736eb5d9b728a9002635cee17b487424a96832735b0e9f0cd9d0356a43172b24b48a7115c14289f84f39af1e9c29162082322af482aec3738bcfcc737b9d02ad1bced518823c0474182766510a3a7fe0d39c062792a9077b6628c5a42be6002442ba3bfbe3129e9034186caaf2bd30738f077faa0e33529a4f65e06d0743dc6c409ae866bd3be227d3d99d60e59a33abebd4e9e76b5bbb412e49a5121b3c8e86cfc01c3d3bf06b20f3a9bfcbdbd2c9075b2683f1d28f9feaf8f893b9c33972bd209279d7b23000349fcb3275e0d1f498f17947d681698bb28828cf6eced95158c198527e02f4169a4b79459389073a14122c4f76cb02844a8f6b06a01f7800e0b514a77d1ae839c58d08ce2fc5e1e28fcf51349edb60e906e273bf76ad1365e1f20e294a9422328337b0625f9553e5fab0dd56b41d1aea07bc406f9a57560ca096399b30df72e33afc9af010be3712b3f1401a47b0a0013084110fc60b824c67b41875b69656ccacaf420e6a8f770515df828b71bed9a3f6d6b8204bc9ca85008f7de7421013ccd800692685070322337a711690bc82e31029618183e09cc8f894498f777142421153baa71c74bdd35c590a8e690f11eca0b5cb948e6d84f63bbeec519f8f96dba85e7465ac51f0b762ac8edc66bae3ff4b94c0ed46ae01d2d57dcd617d8cbe38db70317bdd3c1be0a081b47aaab430ba4c550382789d8e781f9207ddcd4da8c4c0d60b51b4ea0a536164c7123fa88ecb4b757d5d08e115b88f73aab33409f3d50029cce0bbdc09b22e3c834ea69ab680d8d2ba29e2ad749ad2b0fb9a1f922fd29b44e7e6af6c5f2ebdddd5693c12239d8d99888ee51b17448522a619d16f59a0286552f38b0e80a7f6cfe78bd0c53663a57de4ac5182ba9bbaa051974db347d1f23086d6bd74e0eb0732ba716af0d38757a8ccdda12209b13d01508a98ccc1f7fc378fb28cbd607d9c959a70212078bda939185fd30375e216169405727bada220b82175864c9df886433d9760d3e2302b0d3ee26cf02e5df8fc94f599a29d0bd2253220d3e0e2acbdaa66b4cdd948ff672416439719cba1af619ef2b69b2051aef614ce5d4a6696d34515f9b05dec93bdb969c415ed5dc773f4dd9ec46fa9c36b17a7f33edad5ada908ba80349e94a55d28f83aaf942e6274c78f02509bb051cb51184db2eae789adff00726522177962064a8706286c3fe4d2855283254ce82a9568b754c7fda613d65645f5315860839b25c9a19f74619a04f93120f3f7ba9b56df4441a567b44b97f706b4679e4f8e33a0202e1380808140ceeb51dcd40e83f298dd9bd935bca37e1b973a39cef17c0e4755be0f0ac731b40a510778ec256ceb4783ee4a098bc298a105c44b1ea479d9d96c3f50d19d88032a80a7739fba309533c3ea701261d76a1325b21c85ad3434a6b5016fa9da410739dd250f1c595322cc32b854ec27fabaf00701c787c106798aa33ce240a154c097b588473994f2321e161605a5bf7301d04459a86ff5582b04eda13fadaa2a766a380df3d670168fa4d577ca74cee329413ab78155fda6cfd490eb4062071bb4dccdbf0ee7d74f6e57fe72107bcea3ace5c4fb12f1975da7f37198697f8c19be8a8b4fe8075889507ce0a5ab51a29e1d529fcbd774cf8c567fc2f1b5403a6446321699e33a399375194f8c8e423e5e56aa0bfd747961a70b807ef8b21dbade4a97ec0694d9f657ce01d3643eb600961940db163ddb92a351979905a8e6c42b132feeb90b1d11d5ffb097e11f3bd8d0427594707bfaf663fd72d4e6f321506328f4acf2731382e5c3e6337361ec456fdc775bfe9ecdc5926b81a0362e37023d8fbf6283af6aa87928ef11efd9dbc6e49257f7886b7864a230148a0644639dbc08f769e6f7b3411a8b4cd7cd83eb6a55912a371156f33e952cd33cef426b2430811bf7d5d8", 0x1000}, {&(0x7f0000001140)="4c6e162895d43fbf29e48e4e81828a2b75d40dc66a2e20a33b7c284021a4a432acd93fed396472d89f50048f4b60cfb99839b05d9d3fddfd2078", 0x88}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4040080) socket(0x25, 0x80000, 0x7fe0000) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0xffffffffffffffa0, &(0x7f0000000040)={&(0x7f0000001280)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r6, @ANYBLOB="c61b186be34745ae", @ANYRES8=r3], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4) 21.132767975s ago: executing program 4 (id=6253): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r1 = socket$igmp(0x2, 0x3, 0x2) (async) socket$nl_xfrm(0x10, 0x3, 0x6) (async) syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$cgroup(0xffffffffffffffff, &(0x7f00000001c0)='syz1\x00', 0x200002, 0x0) (async) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$igmp(0x2, 0x3, 0x2) (async) ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYRESOCT, @ANYRES16=r4, @ANYBLOB="24000000a56b71b280cbbe90df022ad72ea7be3ecc87d9", @ANYRESDEC=r2], 0x24}, 0x1, 0x0, 0x0, 0x40004004}, 0x20040044) (async) setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, 0x0, 0x0) (async) listen(0xffffffffffffffff, 0x400004) (async) setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, 0x0, 0x48) (async) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x2b}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x0) r7 = socket$netlink(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r7, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000140)={0x14, 0x2, 0x3, 0x201}, 0x14}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8000}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x8010) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) (async) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r9 = openat$cgroup_procs(r8, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) (async) r10 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094) (async) r11 = openat$cgroup_procs(r8, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r9, &(0x7f00000000c0), 0x12) pread64(r11, &(0x7f0000002840)=""/4096, 0x1000, 0x4) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000100)=""/74, 0x328000, 0x1000}, 0x20) (async) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0xd, 0x7, 0x4ef, 0x9, 0x3}) 20.517269989s ago: executing program 4 (id=6256): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000811}, 0x0) (async) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) (async) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x17ff, 0x4) (async) r1 = socket$kcm(0x10, 0x2, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40) (async, rerun: 32) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) (rerun: 32) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) (async, rerun: 32) syz_genetlink_get_family_id$wireguard(&(0x7f0000000240), r0) (async, rerun: 32) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000540)={0x1, &(0x7f0000000400)=[{0x7, 0x0, 0x4, 0x5}]}, 0x10) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=@mpls_delroute={0x24, 0x19, 0x200, 0x70bd27, 0x25dfdbff, {0x1c, 0x80, 0x10, 0x10, 0xfe, 0x0, 0xfe, 0x1, 0x2800}, [@RTA_OIF={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000801}, 0x0) (async) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SMC_PNETID_DEL(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000021c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0180000000000000000003020200090001"], 0x20}, 0x1, 0x40030000000000}, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_x25_SIOCDELRT(r6, 0x890c, &(0x7f00000006c0)={@remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x2}, 0x3, 'veth1_to_bridge\x00'}) (async) setsockopt$inet6_udp_int(r3, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r7 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) (async) r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r8, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) (async) ioctl$sock_bt_hidp_HIDPCONNADD(r7, 0x400448c8, &(0x7f0000000340)={r8, r8, 0x7fff, 0x0, 0x0, 0x9, 0xc1, 0x16c0, 0x9, 0x97d8, 0x1, 0x9, 'syz1\x00'}) (async) ioctl$sock_bt_hidp_HIDPCONNDEL(r7, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}) 20.033967361s ago: executing program 4 (id=6260): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000480)="3e8bbce90da45d7ed1572ed4e0220406f87b0024292bc6317c6dfe38358847e22efa978944d1bc5cc5d340c8f4156cbaa91845aa78f654ca47efbfdd569b0ce9b642fb44f832c0f80c9cda639db97065d537f2d6a8e996375498bdb199410300000000000000de41b1f74db52f6836b6765ebb7fab2e6f22d27ad6340ffbcd71b70ef5683dfeb022614681c9e3762a3ad5f84751ca94e35039796705cadae08ee170149049bca1061336755d0e4ab0454262699a2e46cd90a2374f0e7201efe43a4d614461f3e841", 0xc8}, {&(0x7f0000000240)="94d7d7a1db0e7c00000000000037da1eb2d3be4c8581ee5ce7b53e010cf8bb6f46912bb58c43579721a5948a1353a77b3066cd0caa0a78b2edee2403377d045db0f55f896ab86783c2af6f861927ef79ad5c573823a36c095b86b69ccb0900c0de4c9ee8da3075f0a855c3a49963522b4a61e6f55a0a3d4bda99db1934677b8b603eb81f0d63d82566a28e5babde509deac559bfc3", 0x95}, {&(0x7f0000000580)="2e883e9a4c8571413e19a030859f01d51d868014e8afa711c9401eb7b10fd9d6dd37162995f0f9ae05bfcfda99366330b11352bc6257d0adac38a47379b287f2cbe6491ccc7d9f026464c908785a536a05c26d2bbabb0ba226f64c770565d7c467747bf22734856574d41302", 0x6c}], 0x3}, 0x547052430a225ce3) setsockopt$sock_attach_bpf(r0, 0x1, 0x21, 0x0, 0x0) close(r1) recvmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)=""/208, 0xd0}], 0x1}, 0x1) close(0x3) 19.862033319s ago: executing program 4 (id=6262): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[], 0x34}}, 0x80) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000d00), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000c000000180001801400020073797a5f74756e0000000000000000001c00038004000100140003800c000180050002"], 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x0) r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SMC_PNETID_DEL(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="200000003bbd231b6355156116f78bbd12a53e54d7b9799eb50e35", @ANYRES16=r3, @ANYBLOB="010000000000fedbdf25020202000900010073797a3200000000"], 0x20}, 0x1, 0x40030000000000, 0x0, 0x800}, 0x80) 19.494523372s ago: executing program 4 (id=6265): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) close(0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x806000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000080)="3bfdd75fa5717852d59a9367444a2130e72cd4dabc8854532cca0c32a5b9f844a4610c7525650ce3d3b76b15026d93e6dee896115e9364066aa3d14e33ef732b4681335c576902153114bdb9c74b538a71115fb1d1a63d1b04129661b29aab89d0be999a6b7c9bea755adedbf305a79f70b71d3d4c98577b49db4963ce89b0def5e840f459659cb6f86d56b069a5de11d601d348ff88ca6e5e2cfe40176880b33e9e8dbc32ba2e6a99b1b50276dc4f06166000d7069a3cc76f", 0xb9}, {&(0x7f0000000180)="892950e2405ee8629d9384a91c16d1706a3e61f305119f95cac0f1927f4c205b971eb41147cb1f86883d6910e68ac3996551800b3ec64b77f8444b18345a2c8b178eeeba0cde7319a5a46bfe7f5770e019efd9d52069edcced33a758c4e657f3a792dc193a1911b4e82ea800ad7afe03c851a8", 0x73}, {&(0x7f0000000200)="a68cde0d56b170df7710b54f17d9a39c4f98f3547190", 0x16}, {&(0x7f0000000240)="45e04400f2b383517a08c397dd0a76e67ecfc8e74573c24dedd3a48fb62418c1412fdcd15e888cb0f5d02e77bfecefda6b064c0bb2b66a9a522e63873dde02330510255eec7dfa1af708cdab59fb71eca786a359a2c3b0cbad35144ec5b069c53f90e43339845dc7fd140c55b0149ab38eb27c140f374bcc2c95b0b121d1a9302f3a01b888243b3fc0d46f0de0", 0x8d}, {0x0}], 0x5, &(0x7f0000001480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private, @multicast1}}}], 0x20}, 0x0) recvmsg$unix(r3, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001040)=[{&(0x7f00000015c0)=""/4096, 0x7ffff000}], 0x1, 0x0, 0x2}, 0x40000300) r4 = socket$kcm(0x2, 0x1000000000000002, 0x0) sendmsg$inet(r4, &(0x7f0000000840)={&(0x7f0000000000)={0x2, 0x4e23}, 0x10, 0x0, 0x0, &(0x7f0000000040)=[@ip_retopts={{0x18, 0x0, 0x7, {[@noop, @lsrr={0x83, 0x7, 0x4, [@multicast2]}]}}}], 0x18}, 0x0) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r6 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r6, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) socket$packet(0x11, 0x2, 0x300) r7 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r7, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10) r8 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r8, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x3, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4) ioctl$FS_IOC_RESVSP(r1, 0x40305829, &(0x7f0000000380)={0x0, 0x0, 0x4000, 0x9ffffc}) syz_emit_ethernet(0x52, &(0x7f00000011c0)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd318", 0x1c, 0x6, 0x0, @private1={0xfc, 0x1, '\x00', 0x2}, @mcast2, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x2, 0x0, 0x0, 0x0, {[@exp_fastopen={0xfe, 0x6, 0xf989, "fc2e"}, @generic={0x3, 0x2}]}}}}}}}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x13, r0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) close(0x3) ioctl$XFS_IOC_FSGROWFSDATA(r2, 0x4010586e, &(0x7f0000000000)={0x4, 0xf}) r9 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_opts(r9, 0x0, 0x9, &(0x7f0000001080)=""/140, &(0x7f0000001180)=0x8c) 9.233063969s ago: executing program 0 (id=6295): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x102}) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route_sched(r1, &(0x7f0000006280)={0x0, 0x0, 0x0}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@ipv4={'\x00', '\xff\xff', @loopback}, 0x1, 0x2, 0x0, 0xd, 0x4101}, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) writev(0xffffffffffffffff, &(0x7f0000000180)=[{}], 0x1) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r5) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r6, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r5, 0x4010744d, &(0x7f0000000180)) ioctl$FS_IOC_GETFSLABEL(r4, 0x400452c8, &(0x7f0000000100)) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="54000000680001002abd7000fedbdf2502000200000000003c000c80080003000300000008000200070000000800030007000000080002000101000008000300faffffff0800030003000000080003007f000000d631ddcb0a49c9f8eb7ffea764201ee03fd3e826f4d79f8a24dc27798fcc83fdc6b5d6b445c8a489dd7cdacfadb43f9d4bd06b4f754d012264183534"], 0x54}}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004804) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r7, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x4}) ioctl$sock_netdev_private(r7, 0x89f2, &(0x7f0000000000)) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000006800010002000000fcffff7f00000000000000000c00020001000000040000008a9bd89c5e5501fd0160ce5eb69509ed5098194cbacba2cb6c9d999b128b4485f88a22fe25825f6cb3e1dcd50b811db2aa75422ae52ba65d98fb7c"], 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) socket$nl_route(0x10, 0x3, 0x0) 8.997445631s ago: executing program 1 (id=6298): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d30000000000000080000000000000014000000110001"], 0xac}, 0x1, 0x0, 0x0, 0x4008855}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x1000000, 0x0, {0x2}}, [@NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x3, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x800}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x4}]}]}], {0x14}}, 0x70}, 0x1, 0x0, 0x0, 0x20040845}, 0x802) 8.805258077s ago: executing program 1 (id=6300): unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfdffa000) socket$nl_xfrm(0x10, 0x3, 0x6) (async) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0x0, 0xa00, 0x0, 0x0, 0x0, 0x6410, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48) (async) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) 4.589609433s ago: executing program 3 (id=6309): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LAST_MSECS={0xc, 0x2, 0x1, 0x0, 0x8}, @NFTA_LAST_MSECS={0xc, 0x2, 0x1, 0x0, 0x20000}, @NFTA_LAST_SET={0x8, 0x1, 0x1, 0x0, 0xfffffff8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xd4}, 0x1, 0x0, 0x0, 0x80}, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="1800000000"], 0x18}], 0x1, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0x0, 0x0, 0x0, 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff80fe}, 0x50) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x20, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x48000) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000007c0)={&(0x7f0000000680), 0xc, &(0x7f0000000780)={&(0x7f0000000740)=ANY=[@ANYBLOB="30006eb7", @ANYRES16=0x0, @ANYBLOB="000126bd7000fedbdf253b00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000600000007000000080057006a0f00000400870004008e00"], 0x38}, 0x1, 0x0, 0x0, 0x14}, 0x20000084) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000400)={'wlan1\x00', 0x0}) r8 = syz_open_procfs$namespace(0x0, &(0x7f00000003c0)='ns/net\x00') sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000700)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="ed4d00000000fddbdf253100000008000300", @ANYRES32=r7, @ANYBLOB="0800db00", @ANYRES32=r8], 0x24}}, 0x8040) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@ipv6_newnexthop={0x2c, 0x68, 0x1, 0x70bd26, 0x25dfdbfb, {0xa, 0x0, 0x1, 0x0, 0x4}, [@NHA_GATEWAY={0x14, 0x6, @in6_addr=@private2}]}, 0x2c}}, 0x20044094) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000140), r10) r12 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000280), r10) r13 = socket$alg(0x26, 0x5, 0x0) bind$alg(r13, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256-generic\x00'}, 0x58) r14 = accept$alg(r13, 0x0, 0x0) sendmmsg$alg(r14, &(0x7f0000000b80)=[{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)='v', 0xf4240}], 0x1}], 0x4924924924923d5, 0x8004) sendmmsg$alg(r14, &(0x7f0000000bc0)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000006}], 0x1, 0x84) sendmsg$NLBL_CALIPSO_C_LIST(r10, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100c001}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x2c, r12, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000840}, 0x4004001) sendmsg$NLBL_CIPSOV4_C_ADD(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYRES8=r14, @ANYRES16=r11, @ANYBLOB="010000000000000000000100000008000100030000002c0004802800030080ff00000500030080ff00000500030080ff00000500030080ff000005000300800000000800020003"], 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x4020000) 4.116706327s ago: executing program 2 (id=6311): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0x34}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x23}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) r0 = socket$rds(0x15, 0x5, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000300)=[{&(0x7f0000002640)=""/102389, 0x18ff5}], 0x1, 0x1903d}}], 0x48}, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f0000000400)=ANY=[@ANYBLOB="00000200ebe42b55b099000000000400"]) r2 = socket(0x11, 0x3, 0x1) setsockopt(r2, 0x107, 0xf, &(0x7f0000000100)="00008634", 0x4) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg(r2, &(0x7f0000000180)={&(0x7f0000000040)=@xdp={0x2c, 0x8, r4, 0x6}, 0x80, &(0x7f0000000340)=[{&(0x7f00000004c0)="000302000b00000000002d3922ff65b4355e953d23d254f0", 0x18}, {&(0x7f0000000240)="60a75dc565ef116aa412580445034943beea59637ecdd8a174caf38d", 0x1c}, {&(0x7f0000000500)="55f0e46e7aeb504dca2fb5", 0xb}, {&(0x7f00000002c0)="ba27dbcc9c7c396af4b4e76b61", 0xd}], 0x4}, 0x40011) socket$inet6_udp(0xa, 0x2, 0x0) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@loopback, @in=@initdev}}, {{@in6}, 0x0, @in=@dev}}, &(0x7f00000005c0)=0x48) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0xe, 0x0, 0x70bd2c, 0x25dfdbfb, [@sadb_key={0x3, 0x9, 0x80, 0x0, "1cdc0dca1d9f68846960e56de42944af"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @remote}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xc, 0x1}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}}, @sadb_x_nat_t_type={0x1, 0x14, 0xb}]}, 0x70}, 0x1, 0x7}, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r7, &(0x7f0000000380)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0) r8 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$sock_buf(r8, 0x1, 0x4b, 0x0, &(0x7f00000001c0)) 3.519989164s ago: executing program 3 (id=6312): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@enum={0x5}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x2b, 0x0, 0x1}, 0x28) bpf$MAP_CREATE(0x0, &(0x7f0000001400)=@base={0xb, 0x6, 0x4, 0x3a7, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x1}, 0x48) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000580)={'ip_vti0\x00', &(0x7f0000000500)={'syztnl0\x00', 0x0, 0xf810, 0x8, 0xdbc, 0x101, {{0x5, 0x4, 0x1, 0x6, 0x14, 0x67, 0x0, 0x2, 0x4, 0x0, @local, @dev={0xac, 0x14, 0x14, 0x23}}}}}) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974"], 0xdc}}, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newtaction={0x4c, 0x1e, 0x109, 0x100, 0x40000, {}, [{0x38, 0x1, [@m_sample={0x34, 0xc, 0x0, 0x0, {{0xb}, {0x4}, {0x6, 0x6, "9030"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1}}}}]}]}, 0x4c}, 0x1, 0x2b1e}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000000fd00)={0x1c, 0x4a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x6e80}, [@nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x13}]}]}, 0x1c}}, 0x0) r6 = socket(0x10, 0x80003, 0x0) r7 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="10000000140001"], 0x14}}, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xb, "00000d0000020400"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x48000) 3.137332207s ago: executing program 0 (id=6313): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x12, &(0x7f0000000080)=ANY=[@ANYBLOB="1c080000d0ff00000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000206608000000000000180000000000010000000000000000019500000000000000180100002020782500000000002020207b1af8ff00000000bfa1000000000000070100000aa8ffffb702000008000000b50afdff00000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0xc}, 0x94) 3.049572289s ago: executing program 3 (id=6314): socket(0x2a, 0x6, 0xde97) socket$can_bcm(0x1d, 0x2, 0x2) socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth0_macvtap\x00', 0x0}) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0xc0189436, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r4, 0xfffffffc) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000040000000800000001000000800000001686bc213dd7341a065e0045725ae5894d52778278a8e83a279b50549e64738408a2c19a8fe9bcf6a55f00ad01b679cc8a6748266c27c21ae6ccb47a064a7ca18b443f7fa185d47ac0c8b2f323c7b47e409a8f3da8d5ca5bdecab7d297866c6163281c6e0e4ebaf52875278fbcd5187f0234", @ANYRESHEX=r5, @ANYRESOCT=r6, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000980)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x1c, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xfffff7dd}, {{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x1}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r7}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000001b00)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xa, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000}, 0x94) r9 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x5, &(0x7f0000000140)=@framed={{}, [@cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffff9}]}, &(0x7f0000000000)='syzkaller\x00', 0xa, 0xff1, &(0x7f0000002e00)=""/4081}, 0x94) r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000600)="2e61b3e3dff01e19adc7beef915d564c90c200"/32, 0x20) r12 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r12, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="070000000000000000000200000014000180060001000200000008000300ac2d3748c9b78a1414aa"], 0x28}}, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r9) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r6, 0x1, 0x70bd2c, 0x1000000, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x37}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}, 0x1, 0xff07}, 0x2000000) sendmsg$nl_route_sched(r3, 0x0, 0x10) 2.904947652s ago: executing program 0 (id=6315): socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b04, &(0x7f0000000000)={'wlan1\x00', @random="0200"}) 2.61942929s ago: executing program 0 (id=6316): r0 = socket$inet_icmp(0x2, 0x2, 0x1) sendmmsg$inet(r0, &(0x7f0000000340)=[{{&(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000400)="0800000028feffff", 0x8}], 0x1}}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001500)="01a2ad91001fa594", 0x8}], 0x1}}], 0x2, 0x4000) 2.449524726s ago: executing program 3 (id=6317): r0 = socket$inet6(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) write(r2, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) recvmmsg(r2, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="30000000100001006c4789ec390bca4900000000", @ANYRES32=0x0, @ANYBLOB="211000000300000008001b0000000000080040"], 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x4000000) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 2.321150328s ago: executing program 0 (id=6318): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) 2.27421618s ago: executing program 1 (id=6319): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0xa, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r3}, 0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x4e1f, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xd340}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x74, &(0x7f0000000240)={r4, 0xe23a, 0x20, 0x10001}, &(0x7f0000000840)=0x18) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r5, 0x400448e3, &(0x7f0000000100)={0x0, 0x4000, '\x00', 0x2}) sendmsg$NFQNL_MSG_VERDICT(r0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x45}, 0x4040040) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a64000000060a0b0400000000000000000200000038000480340001800a000100696e6e65720000002400028008000240000000840800034000000005080004400000000f08000140000000000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a99943c5cf7f0d70e48bed61fe30a6a449a8891ce2c8429e68156eec0433e656b67bce3e6fc26c7cc2f74a042509d290572485f338570a96d9ebaa31b559b07f8bcce10e13f509b34f163d1e746fee88e03440adad16d97b13568c9ffdeed93b7d02a534dba9919877972103a6a8da250170af500f8d6466b118b7e2c1eb5c4de5348c298fe00e33e1411daac3dfd2363e21dd91c3ee4afb518ecd6a1f92b332ea90e6d714f5f8df8ad8686480b7543a3cd7f1a728553cba7561f9bbc9bd5f5ca7e4093f26b7e631a470bfe2dcf02ab7869fd50fd86a67d112f93a67bfb0d72b8f897ea5a610fafebbc2aa0fd5eab8bbca697d92e253e98081fcffcc4278fc857811377c474477a459329fb954e237557"], 0x8c}}, 0x0) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r7, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) setsockopt$inet_sctp6_SCTP_RTOINFO(r7, 0x84, 0x0, &(0x7f0000000000)={0x0, 0x1, 0x8001, 0x6}, 0x10) sendto$inet6(r7, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r9, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000a80)={&(0x7f0000000940)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x40, 0x2}]}}, 0x0, 0x2a, 0x0, 0x1, 0xfffff354}, 0x28) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000001f00)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}], 0x1, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r9, 0x84, 0x17, &(0x7f0000000080)={0x0, 0x2, 0x1, "fa"}, 0x9) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r9, 0x84, 0x19, &(0x7f0000000100)={0x0, 0x2}, 0x8) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="2800000010000108feffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="080000002f1c060008001b00"], 0x28}}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x2, @loopback, 0xfffffffd}}, 0x0, 0x0, 0x300, 0x0, 0x54, 0x6}, 0x9c) 2.165207026s ago: executing program 0 (id=6320): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r1 = socket(0x1, 0x1, 0x1) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f0000000500)={0x3c, r3, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x40d5}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r1}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r1}}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000) r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICLIST(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r4, 0x20, 0x70bd27, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @local}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0xc000) r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r5, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r6) sendmsg$IEEE802154_LIST_PHY(r6, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000300)={0x14, r7, 0x30b, 0x0, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x404c857}, 0x20060000) 2.11779567s ago: executing program 2 (id=6321): sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x40810) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r1) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x56) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000300)=ANY=[@ANYBLOB="400000001000390400000000fbdbdf2500000000", @ANYRES32=r2, @ANYBLOB="0198047ca4dd994c832105477c84727f00419a0400206b17cc12e740a75d52e9237fd089660012800800010073697400140002800600f6"], 0x40}}, 0x24000080) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000000)=0x2) ioctl$PPPIOCSPASS(r3, 0x40107447, &(0x7f0000000180)={0x0, &(0x7f0000000100)}) write$ppp(r3, &(0x7f0000000640)="00f3c210226eb1", 0x7) sendto$packet(r0, &(0x7f0000000400)="05d936277c6f5422007f83477ca1b278e3e4018a34e7bfd3de1a00ad6762646c95c716727eb53bcc", 0x28, 0x40880, &(0x7f0000000200)={0x11, 0x86dd, r2, 0x1, 0x4, 0x6, @local}, 0x14) 1.720123145s ago: executing program 3 (id=6322): socket$pppoe(0x18, 0x1, 0x0) socket$rxrpc(0x21, 0x2, 0x2) socket$nl_route(0x10, 0x3, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x4c, &(0x7f0000000000), 0x4) recvmsg$unix(0xffffffffffffffff, 0x0, 0x2000) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0xff08, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x2c}, 0x94) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@ipv4_newroute={0x2c, 0x18, 0xaba64f4add525e83, 0xfffffffe, 0xffffffff, {0x2, 0x14, 0x10, 0x4, 0xfd, 0x0, 0xfe, 0x2, 0x300}, [@RTA_OIF={0x8}, @RTA_PREFSRC={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0xf}}]}, 0x2c}, 0x1, 0xffffff7f}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r0, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 646.209428ms ago: executing program 1 (id=6323): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x2012, r0, 0x0) getsockopt$inet6_udp_int(r0, 0x11, 0xb, &(0x7f0000000000), &(0x7f0000000040)=0x4) socket(0x2a, 0x2, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000005c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58) r2 = socket(0x1e, 0x5, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x3c00, 0x10000000, 0x7b3, 0x7, 0x2, 0x10000, 0x400}, 0x1c) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) socket$kcm(0x10, 0x2, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060", @ANYRESOCT], 0xb8}}, 0x20040014) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300100000000000fbdbdf2500000000000000000000000000000001fe8000000000000000000000000000aa00000004000000000a0060803b000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="00000000000000000400000000000000000000000000000000000000000000000700000000000070a9ffffffffe400000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e0001"], 0xb8}}, 0x20004000) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000020000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80c0}, 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="b80000001300e9990500000000000000fc000000000000000000000000000000fc00000000000000000000000000000000000000000000000a0030"], 0xb8}}, 0x4000) mmap(&(0x7f000009e000/0x4000)=nil, 0x4000, 0x2800007, 0x8032, 0xffffffffffffffff, 0x0) 480.757859ms ago: executing program 3 (id=6324): r0 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000080)=0xffffffff, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req={0xa35, 0x0, 0x7, 0xfffffe00}, 0x10) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000400)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x6}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0xb0}, [@ldst={0x4}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) write$bt_hci(r2, 0x0, 0x0) write$tun(0xffffffffffffffff, 0x0, 0x2e) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={0xffffffffffffffff, &(0x7f00000002c0)="cee25723f83a6e7c42773bdce1490a74e666275ed4a425b271433e91a58554822227f090a84a7ef30ef49bbd6596d808048fbc8979d8094806ccc94d7a2f49ff72537f4140be9ca26903f43c6b77dfe97c0f814d17922857d7781557afbbdb4f2e4c30b0169f5acb9add590907088dc7604f08cd2335fda0eb51d760ef5636d25b968a044a912b115907b8b158f218a0be6d28277cb1fea2a731c65373e1c01c58a6e16f398c1af358c526411da7001b4e4fa162bce01e107ded2c1979eed5124f17d42b527bb9119887c6cc886658ad7ecdb3fdc83dcb2e8c2be7a31f0ddce5fe7afb214fb388", &(0x7f0000000440)=""/129, 0x4}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x80, 0x0) socketpair(0x1d, 0x2, 0x6, &(0x7f0000000180)) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = socket$inet(0xa, 0x801, 0x84) connect$inet(r4, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r4, 0x8) r5 = accept4(r4, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000000040)={0x0, 0x7fff}, &(0x7f0000000080)=0x8) ioctl$HCIINQUIRY(r3, 0x800448f0, &(0x7f0000000000)={0x0, 0x9, "be5f21", 0x8, 0x80}) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f00)=@newsa={0x1b0, 0x10, 0x1, 0x70bd2b, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @in6=@mcast1, 0x0, 0xecdf, 0x0, 0x200, 0xa}, {@in=@broadcast, 0x0, 0x32}, @in=@rand_addr=0x64010100, {0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x8, 0x400800, 0x0, 0x400}, {}, 0x0, 0x0, 0xa, 0x4, 0x0, 0x2c}, [@algo_crypt={0x58, 0x2, {{'cbc(aes)\x00'}, 0x80, "e0fad3f10cd3a506627800000000074f"}}, @algo_auth_trunc={0x4c, 0x14, {{'hmac(sha256)\x00'}, 0x0, 0xc0}}, @encap={0x1c, 0x4, {0x1, 0x4e20, 0x0, @in6=@private2={0xfc, 0x2, '\x00', 0x1}}}]}, 0x1b0}}, 0x4050) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) 480.454177ms ago: executing program 1 (id=6325): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8b04, 0x0) 416.702819ms ago: executing program 2 (id=6326): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000024c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="44000000100001042abd70000000000000000000", @ANYRES32=r1, @ANYBLOB="8249e900800005001c00378009000100626f6e64000000000c0002800500100006000000050027"], 0x44}, 0x1, 0x0, 0x0, 0x20000c10}, 0x4) 333.077432ms ago: executing program 1 (id=6327): socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_udp(0x2, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000010000000000000000000000711217000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cgroup.controllers\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[], &(0x7f0000001f40)=""/4087, 0x3e, 0xff7, 0x1}, 0x28) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = syz_init_net_socket$llc(0x1a, 0x4, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) recvmmsg(r3, &(0x7f00000040c0)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x2102, &(0x7f00000042c0)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0xb4a02fe0ce239f93, '\x00', 0x0, 0x2}, 0x94) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000200)={@loopback}, &(0x7f0000000280)=0x14) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r5, 0x0, 0x0, 0x0, 0x0}, 0x94) unshare(0x20000400) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r6, 0x400448c9, 0x0) bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0xffff, 0x2}, 0x6) r7 = socket$inet6(0xa, 0x2, 0x0) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0) sendto$inet6(r7, &(0x7f0000000800)="51e251578851f74182a74b89b27df427aeef44966d202e4138b5a18e75a0424e7fe93b0d32c7abba87b65f97aba1c26a06b6d94c4aefd8fdca10e744391062c8e612721c20051608d9aa6dacf61e1eb331a4daad402b9885599d56130f7149fb1111fa116e94324d585a0569fbd311dad54cb4e32ff7f02216844ec3d526c878d5135ad1c9262239339c18885e2a0a95854d6cde3dd2feeaa50216af6c5760923413af81199a65a6332b02ec7bbf79d557c033cbe032fdc44f66a5c59cc4a3c5d218f5896b359d1efd60baf98df6396567478f7b817ce6e11d59a7def452a068e9607f57f626a5b8d476636ef1ee76307524009ae49be402000000000000001e80fed632155e14da1f7324d97bc61a3c1edc4431ee8a6caa2ed9f85cea5a2a9b263630c7d6fc35dda6002da571a2e51917e7c1019d8ce21a608147e408074c7c5f444fab931bda86d977d7c9ccefd881e5ef05b287f41eea526862885881c2cdc687dfff01a9b70a9b08734ac4d62c7f34465c34aa9e9f136c7f796d9eea41aa37f61830508338bb1f887089070567a1dd96cd700e7a098dabedb60f31acd17d487bc8be1a3101d2b5ac1715003793596c6daa93a27f4adb4d6fbea5669cabc206c944317ea18a2c762457f1bc945fec8f849641d44e7e2a24faeee28f3f266395fe18b0dce20c1f64e8896c8ff0e4a44a116fb32462471a0fcde143e551723d57339722765673b4163d66f473ac10f988cb252f106632f9884a47866d284b4efc6bb1aa74ed48d4a6535795f0873a99907ebc22be2337364cf9acc063e32f7d2e02fad64d04aa405d2dbdee1128ab1e4761d2dd30885ad37dd168478f10789d172feef4c817a5cd372caade57f23300e45f47e001e3ea093680ffffff802477368b9910f4e24037c871cb8251568c792287a6f49fa61b7c2600accaa0e7b40c59d88a29af5886c1f5dfc6837c58aaef12a9e100225c70441144ffa82927fa4802ed9ebb03eea8e945af5f4993f21a7f53baf7ec5bb6cc96b917dde82c18840c3500e9565f68f687b1c73d834c0d99d4acb002dc5682dbcdb1217a98f6c3ef8318b7fa93894e8a097b4511ba5c035e27c9fe8bfe7754741ac21bbc0303b81672e3117e5590fe2d92f912759b9937f64204ec5caa92e2cccb31016b13ed8d7bcabb03e176b1c9bda3bf1c1256ab74ab6f42ed9bafbbd0096263be1a7da1e1c88deec55a653d170e1e13c77dacaa60a37a6ba2383e661ebc9f13dbaade2dd884c9951819fb4608e19e70cd2496ccfb12f24c71f496cfe90400fe1bbea1e9a24b1d4664fb0776aca6269b396779680e52f86877d9209988d12ccb137be01ab7496d00547a7d4849d365a18dbb55c429cde87d33c4b74ad2273cdfee88b5418866ef327f25e9cbcd5a64d97107339f7e4cb5f8de171d2779c0f68884ae835e398f982d5749f085628d3608986656ea04b721f828202e9342bd7d19dfa091e772aebf9718030167a8c029df7c58b7f40029d7cfcaf26fd1900d8775ef373e8e2c5bf3525f907add3be426cd5a079c49abffe933e9ee213a3baf34f932d1299312691e1c53e6247ae0989ad66070d51fad22856a8b6b28954e7d41189b11c5321789eec8670de9e8db0b0473ba2e02731e60e7222697d61e052c18d4bcc6d1572fdf426f7b2fee6c1dee66c85c497b90facaf63b8ec5cde4a73400f9180bcfc0f81eca9580a7c81462a077f9034026bf72aa7c6de4b3c15d4a2dbd6fd7d87084aea9f25fb4bf5ec83eb56874a760533792df", 0x4ef, 0x0, &(0x7f0000000080)={0xa, 0x5e24, 0x9, @mcast2}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_pid(r9, 0x0, 0x0) recvmsg$unix(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)=""/79, 0xbdef}], 0x300, 0x0, 0x4a}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f0000000040)="630b008646dc3f0adf33c9f7b986", 0x0, 0xcf25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x80}, 0x50) sendmsg$NL80211_CMD_RELOAD_REGDB(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x14, r2, 0x200, 0x70bd30, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008004) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) getpid() 192.86809ms ago: executing program 2 (id=6328): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$gtp(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket(0x200000000000011, 0x2, 0x3c644) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="208000002500010324bd7006fcdbdf25150000000a005e00378d390000000000dce1b7c1df82ceb1db4422ba8d1b56e4935b4f02e4b396f0493c2b692db30c81022b011c73c2b7030aa3d931169f7eb67d9e75c98f0d04f5a3666d96d6bc2d6ad56440526b37c1a7a773cb74eb43295b3c21a4ba18b86730d9b64e2c1e0df4b8297c99c1"], 0x20}, 0x1, 0x0, 0x0, 0x40008840}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f0000000080)={0x11, 0x800, r3, 0x1, 0x0, 0x6, @multicast}, 0x23) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x30, 0x3, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_COUNTERS={0x4}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xcc}}, 0x0) sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x20, 0x3f7, 0x200, 0x70bd28, 0x25dfdbfe, {0x7, 0x1, './file0', '.'}, ["", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x40840}, 0x4090) bind$packet(r1, &(0x7f0000000200)={0x11, 0x16, r3, 0x1, 0x81, 0x6, @link_local}, 0x14) sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000002880)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x24008040) 101.177876ms ago: executing program 2 (id=6329): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x0) 0s ago: executing program 2 (id=6330): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x4, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000000000000000000000000000850000005300000085000000d000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000), 0x0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f00000021c0)=[{0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000100)="a92e81d0991808e33c2330164cf023df", 0xfffffc81}], 0x1, &(0x7f0000001040)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x880}], 0x1, 0x80001) recvmmsg(r2, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000001080)=""/4096, 0x1000}, {&(0x7f0000000640)=""/82, 0x52}], 0x2}, 0x40}], 0x1, 0x102, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86b", 0xf) sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xd1}, 0x50) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f00000008c0)=ANY=[@ANYRESDEC, @ANYBLOB="400001801400020070696d3672656730", @ANYBLOB="140002"], 0x17c}, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5) sendmsg$NFNL_MSG_ACCT_GET(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x44}}, 0x80) r4 = accept4(r3, 0x0, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000a80)=0x8, 0x4) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x8044) ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0) kernel console output (not intermixed with test programs): process `syz.2.5522'. [ 877.895060][T27052] bridge_slave_0: left allmulticast mode [ 877.926222][T27052] bridge_slave_0: left promiscuous mode [ 877.965143][T27052] bridge0: port 1(bridge_slave_0) entered disabled state [ 878.065136][T27052] bridge_slave_1: left allmulticast mode [ 878.092228][T27052] bridge_slave_1: left promiscuous mode [ 878.117138][T27052] bridge0: port 2(bridge_slave_1) entered disabled state [ 878.172860][T27052] bond0: (slave bond_slave_0): Releasing backup interface [ 878.229224][T27052] bond0: (slave bond_slave_1): Releasing backup interface [ 878.308204][T27052] team0: Port device team_slave_0 removed [ 878.384760][T27052] team0: Port device team_slave_1 removed [ 878.408295][T27052] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 878.435781][T27052] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 878.472905][T27052] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 878.495042][T27052] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 878.560553][T27052] bond3: (slave ip6gretap1): Releasing backup interface [ 878.598304][T27052] ip6gretap1: left allmulticast mode [ 878.681399][T27052] bond5: (slave erspan1): Releasing active interface [ 878.711057][T27052] erspan1: left promiscuous mode [ 878.836772][T27052] bond8: (slave bridge3): Releasing backup interface [ 878.881985][T27052] bridge3: left promiscuous mode [ 878.897567][T27072] netlink: 'syz.4.5527': attribute type 39 has an invalid length. [ 878.907597][T27052] bridge3: left allmulticast mode [ 878.948684][T27052] bond9: (slave bridge5): Releasing backup interface [ 878.965984][T27052] bridge5: left promiscuous mode [ 878.977304][T27052] bridge5: left allmulticast mode [ 879.011018][T27041] workqueue: Failed to create a rescuer kthread for wq "bond13": -EINTR [ 879.087857][T27059] workqueue: Failed to create a rescuer kthread for wq "bond21": -EINTR [ 879.776646][T27092] __nla_validate_parse: 3 callbacks suppressed [ 879.776671][T27092] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5533'. [ 880.044453][T27092] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5533'. [ 881.032622][T27131] FAULT_INJECTION: forcing a failure. [ 881.032622][T27131] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 881.128819][T27131] CPU: 0 UID: 0 PID: 27131 Comm: syz.3.5537 Not tainted syzkaller #0 PREEMPT(full) [ 881.128849][T27131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 881.128864][T27131] Call Trace: [ 881.128873][T27131] [ 881.128882][T27131] dump_stack_lvl+0xe8/0x150 [ 881.128914][T27131] should_fail_ex+0x412/0x560 [ 881.128945][T27131] _copy_from_user+0x2d/0xb0 [ 881.128974][T27131] ___sys_recvmsg+0x175/0x590 [ 881.129008][T27131] ? __pfx____sys_recvmsg+0x10/0x10 [ 881.129041][T27131] ? __fget_files+0x2a/0x420 [ 881.129105][T27131] do_recvmmsg+0x334/0x800 [ 881.129142][T27131] ? __pfx_do_recvmmsg+0x10/0x10 [ 881.129191][T27131] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 881.129238][T27131] __x64_sys_recvmmsg+0x198/0x250 [ 881.129270][T27131] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 881.129308][T27131] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 881.129333][T27131] do_syscall_64+0x174/0x580 [ 881.129356][T27131] ? trace_irq_disable+0x3b/0x140 [ 881.129390][T27131] ? clear_bhb_loop+0x40/0x90 [ 881.129418][T27131] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 881.129440][T27131] RIP: 0033:0x7fcf5bb9ce59 [ 881.129462][T27131] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 881.129481][T27131] RSP: 002b:00007fcf5ca30028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 881.129503][T27131] RAX: ffffffffffffffda RBX: 00007fcf5be16090 RCX: 00007fcf5bb9ce59 [ 881.129520][T27131] RDX: 000000000000f000 RSI: 0000200000000d00 RDI: 0000000000000007 [ 881.129535][T27131] RBP: 00007fcf5ca30090 R08: 0000000000000000 R09: 0000000000000000 [ 881.129549][T27131] R10: 0000000000010002 R11: 0000000000000246 R12: 0000000000000001 [ 881.129563][T27131] R13: 00007fcf5be16128 R14: 00007fcf5be16090 R15: 00007ffcf1617798 [ 881.129599][T27131] [ 881.621020][T27136] tipc: Enabling of bearer rejected, already enabled [ 881.685528][T27136] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5541'. [ 881.748774][T27136] netlink: 'syz.2.5541': attribute type 1 has an invalid length. [ 881.951503][T27151] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5541'. [ 882.167406][T27136] bond13: entered promiscuous mode [ 882.202768][T27136] 8021q: adding VLAN 0 to HW filter on device bond13 [ 882.437702][T27159] bond13: (slave bridge8): making interface the new active one [ 882.483391][T27159] bridge8: entered promiscuous mode [ 882.516080][T27159] bond13: (slave bridge8): Enslaving as an active interface with an up link [ 882.625447][T27148] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 882.716764][T27148] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 883.482183][T27148] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 883.508561][T27183] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5548'. [ 883.535360][T27148] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 883.590652][T27152] xfrm0 speed is unknown, defaulting to 1000 [ 883.668730][T27156] netlink: 'syz.4.5543': attribute type 4 has an invalid length. [ 883.696848][T27148] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 883.751570][T27148] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 883.892346][T27152] lo speed is unknown, defaulting to 1000 [ 883.985811][T27148] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 884.016998][T27148] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 884.386291][T27191] xfrm0 speed is unknown, defaulting to 1000 [ 884.596009][ T1057] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 884.634786][ T1057] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 884.728683][ T33] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 884.774571][ T33] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 884.887654][ T1057] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 884.937765][ T1057] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 885.075600][ T1057] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 885.120694][ T1057] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 885.311787][T27191] lo speed is unknown, defaulting to 1000 [ 885.544840][T27213] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5554'. [ 885.930795][T27213] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 885.979570][T27213] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 886.152940][T27213] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 886.218666][T27213] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 886.376173][T27233] netlink: 'syz.2.5557': attribute type 1 has an invalid length. [ 886.414511][T27230] tipc: Enabling of bearer rejected, already enabled [ 886.447847][T27232] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5557'. [ 886.642883][T27230] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5557'. [ 886.792531][T27233] bond14: entered promiscuous mode [ 886.861580][T27233] 8021q: adding VLAN 0 to HW filter on device bond14 [ 886.937891][T27230] bond14: entered allmulticast mode [ 887.213078][T27238] bond14: (slave bridge9): making interface the new active one [ 887.244365][T27238] bridge9: entered promiscuous mode [ 887.267043][T27238] bridge9: entered allmulticast mode [ 887.300381][T27238] bond14: (slave bridge9): Enslaving as an active interface with an up link [ 887.343935][T27213] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 887.361847][T27213] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 887.644781][T27213] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 887.678637][T27213] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 887.835276][T27250] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 888.177553][ T5967] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 888.221683][ T5967] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 888.392369][ T3396] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 888.433780][ T3396] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 888.588703][ T5967] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 888.635760][ T5967] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 889.131185][T27213] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 889.180063][T27213] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 889.328477][T27213] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 889.383181][T27213] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 889.562238][T27213] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 889.623204][T27213] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 889.776191][T27277] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5566'. [ 890.039150][T27279] sctp: [Deprecated]: syz.4.5566 (pid 27279) Use of int in max_burst socket option. [ 890.039150][T27279] Use struct sctp_assoc_value instead [ 890.539734][T27292] openvswitch: netlink: IPv6 tunnel dst address is zero [ 890.658222][T27295] FAULT_INJECTION: forcing a failure. [ 890.658222][T27295] name failslab, interval 1, probability 0, space 0, times 0 [ 890.733705][T27295] CPU: 0 UID: 0 PID: 27295 Comm: syz.1.5571 Not tainted syzkaller #0 PREEMPT(full) [ 890.733737][T27295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 890.733751][T27295] Call Trace: [ 890.733760][T27295] [ 890.733771][T27295] dump_stack_lvl+0xe8/0x150 [ 890.733803][T27295] should_fail_ex+0x412/0x560 [ 890.733844][T27295] should_failslab+0xa8/0x100 [ 890.733869][T27295] __kvmalloc_node_noprof+0x178/0x8a0 [ 890.733905][T27295] ? xt_alloc_table_info+0x40/0xb0 [ 890.734122][T27295] xt_alloc_table_info+0x40/0xb0 [ 890.734156][T27295] do_ipt_set_ctl+0x962/0xe10 [ 890.734209][T27295] ? __pfx___mutex_trylock_common+0x10/0x10 [ 890.734244][T27295] ? rcu_is_watching+0x15/0xb0 [ 890.734279][T27295] ? trace_contention_end+0x3d/0x140 [ 890.734310][T27295] ? __pfx_do_ipt_set_ctl+0x10/0x10 [ 890.734354][T27295] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 890.734405][T27295] ? __pfx___mutex_lock+0x10/0x10 [ 890.734432][T27295] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 890.734466][T27295] ? __pfx_aa_sk_perm+0x10/0x10 [ 890.734506][T27295] nf_setsockopt+0x26f/0x290 [ 890.734568][T27295] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 890.734604][T27295] do_sock_setsockopt+0x17c/0x1b0 [ 890.734635][T27295] __x64_sys_setsockopt+0x13d/0x1b0 [ 890.734663][T27295] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 890.734689][T27295] do_syscall_64+0x174/0x580 [ 890.734713][T27295] ? trace_irq_disable+0x3b/0x140 [ 890.734747][T27295] ? clear_bhb_loop+0x40/0x90 [ 890.734782][T27295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 890.734805][T27295] RIP: 0033:0x7f0c9a59ce59 [ 890.734835][T27295] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 890.734854][T27295] RSP: 002b:00007f0c9b44e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 890.734878][T27295] RAX: ffffffffffffffda RBX: 00007f0c9a815fa0 RCX: 00007f0c9a59ce59 [ 890.734894][T27295] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 890.734907][T27295] RBP: 00007f0c9b44e090 R08: 0000000000000358 R09: 0000000000000000 [ 890.734921][T27295] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 890.734935][T27295] R13: 00007f0c9a816038 R14: 00007f0c9a815fa0 R15: 00007fff3cebe268 [ 890.734971][T27295] [ 891.105704][T27297] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 891.506890][T27303] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5574'. [ 892.131572][T27317] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5577'. [ 892.691171][T27328] tipc: Enabling of bearer rejected, already enabled [ 892.739449][T27331] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5580'. [ 892.802903][T27328] netlink: 'syz.3.5580': attribute type 1 has an invalid length. [ 893.078309][T27347] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5580'. [ 893.363327][T27328] bond22: entered promiscuous mode [ 893.416016][T27328] 8021q: adding VLAN 0 to HW filter on device bond22 [ 893.456356][T27334] debugfs: 'netdev:syzkaller0' already exists in 'phy35' [ 893.776618][T27351] bond22: (slave bridge12): making interface the new active one [ 893.815051][T27351] bridge12: entered promiscuous mode [ 893.861233][T27351] bond22: (slave bridge12): Enslaving as an active interface with an up link [ 893.996066][T27359] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 894.166518][T27359] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 894.367490][T27377] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5587'. [ 894.506459][T27359] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 894.668185][T27359] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 894.766946][T27384] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5588'. [ 894.986153][ T33] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 895.100631][ T12] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 895.192521][ T3396] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 895.264491][ T12] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 895.335694][T27401] netlink: 'syz.1.5593': attribute type 9 has an invalid length. [ 896.613715][T27429] tipc: Enabling of bearer rejected, already enabled [ 896.663298][T27429] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5598'. [ 896.710006][T27429] netlink: 'syz.0.5598': attribute type 1 has an invalid length. [ 897.028265][T27436] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5598'. [ 897.053763][T27429] bond10: entered promiscuous mode [ 897.096730][T27429] 8021q: adding VLAN 0 to HW filter on device bond10 [ 897.321720][T27429] bond10: (slave bridge6): making interface the new active one [ 897.351717][T27429] bridge6: entered promiscuous mode [ 897.376172][T27429] bond10: (slave bridge6): Enslaving as an active interface with an up link [ 897.485867][T27457] xt_NFQUEUE: number of total queues is 0 [ 897.542174][T27439] xfrm0 speed is unknown, defaulting to 1000 [ 897.687104][T27439] lo speed is unknown, defaulting to 1000 [ 897.693029][T27448] netlink: 44 bytes leftover after parsing attributes in process `syz.4.5603'. [ 897.709729][T27453] xt_NFQUEUE: number of total queues is 0 [ 897.796239][T27466] netlink: 'syz.1.5605': attribute type 11 has an invalid length. [ 897.924096][T27471] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5605'. [ 898.204755][T27465] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5604'. [ 898.748941][T27491] netlink: 252 bytes leftover after parsing attributes in process `syz.4.5609'. [ 898.955113][T27488] netlink: 'syz.2.5601': attribute type 4 has an invalid length. [ 899.060026][T27501] netlink: 'syz.3.5613': attribute type 1 has an invalid length. [ 899.586129][T27496] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 899.631047][T27496] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 899.706416][T27508] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5613'. [ 899.745874][T27508] 8021q: adding VLAN 0 to HW filter on device bond23 [ 899.943343][T27510] veth7: entered promiscuous mode [ 900.246680][T27496] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 900.302431][T27496] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 900.576798][T27496] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 900.617062][T27496] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 900.701046][T27496] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 900.714737][T27527] xt_policy: output policy not valid in PREROUTING and INPUT [ 900.748250][T27496] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 901.183922][ T93] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 901.205472][ T93] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 901.408619][ T5964] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 901.427988][ T5964] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 901.485840][ T5964] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 901.506158][ T5964] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 901.592773][ T5964] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 901.627796][ T5964] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 901.982551][T27548] FAULT_INJECTION: forcing a failure. [ 901.982551][T27548] name failslab, interval 1, probability 0, space 0, times 0 [ 902.028638][T27548] CPU: 1 UID: 0 PID: 27548 Comm: syz.1.5620 Not tainted syzkaller #0 PREEMPT(full) [ 902.028670][T27548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 902.028684][T27548] Call Trace: [ 902.028694][T27548] [ 902.028704][T27548] dump_stack_lvl+0xe8/0x150 [ 902.028738][T27548] should_fail_ex+0x412/0x560 [ 902.028769][T27548] should_failslab+0xa8/0x100 [ 902.028795][T27548] __kmalloc_cache_noprof+0x88/0x660 [ 902.028830][T27548] ? __sctp_v6_cmp_addr+0x1e6/0x510 [ 902.028854][T27548] ? sctp_add_bind_addr+0x8c/0x370 [ 902.028895][T27548] sctp_add_bind_addr+0x8c/0x370 [ 902.028935][T27548] sctp_copy_local_addr_list+0x314/0x4f0 [ 902.028974][T27548] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 902.029010][T27548] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 902.029054][T27548] ? sctp_v6_is_any+0x64/0x80 [ 902.029079][T27548] ? sctp_copy_one_addr+0x93/0x360 [ 902.029119][T27548] sctp_bind_addr_copy+0xb3/0x3c0 [ 902.029155][T27548] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 902.029192][T27548] sctp_connect_new_asoc+0x2ff/0x6b0 [ 902.029223][T27548] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 902.029259][T27548] ? __local_bh_enable_ip+0xd0/0x130 [ 902.029282][T27548] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 902.029326][T27548] ? security_sctp_bind_connect+0x7e/0x2c0 [ 902.029360][T27548] sctp_sendmsg+0x1576/0x2c50 [ 902.029405][T27548] ? __pfx_sctp_sendmsg+0x10/0x10 [ 902.029436][T27548] ? aa_sk_perm+0x6d5/0x900 [ 902.029478][T27548] ? __pfx_aa_sk_perm+0x10/0x10 [ 902.029514][T27548] ? sock_rps_record_flow+0x19/0x350 [ 902.029553][T27548] ? inet_sendmsg+0x2f4/0x370 [ 902.029592][T27548] ____sys_sendmsg+0x80a/0x9f0 [ 902.029631][T27548] ? __pfx_____sys_sendmsg+0x10/0x10 [ 902.029670][T27548] ? import_iovec+0x73/0xa0 [ 902.029703][T27548] ___sys_sendmsg+0x2a5/0x360 [ 902.029728][T27548] ? __lock_acquire+0x6b5/0x2cf0 [ 902.029759][T27548] ? __pfx____sys_sendmsg+0x10/0x10 [ 902.029792][T27548] ? kstrtouint+0x6e/0xe0 [ 902.029863][T27548] ? __fget_files+0x2a/0x420 [ 902.029891][T27548] ? __fget_files+0x3a0/0x420 [ 902.029931][T27548] __sys_sendmmsg+0x27c/0x4e0 [ 902.029965][T27548] ? __pfx___sys_sendmmsg+0x10/0x10 [ 902.029990][T27548] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 902.030049][T27548] ? ksys_write+0x242/0x270 [ 902.030085][T27548] ? __pfx_ksys_write+0x10/0x10 [ 902.030127][T27548] __x64_sys_sendmmsg+0xa0/0xc0 [ 902.030154][T27548] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 902.030179][T27548] do_syscall_64+0x174/0x580 [ 902.030203][T27548] ? trace_irq_disable+0x3b/0x140 [ 902.030238][T27548] ? clear_bhb_loop+0x40/0x90 [ 902.030267][T27548] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 902.030289][T27548] RIP: 0033:0x7f0c9a59ce59 [ 902.030334][T27548] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 902.030355][T27548] RSP: 002b:00007f0c9b44e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 902.030378][T27548] RAX: ffffffffffffffda RBX: 00007f0c9a815fa0 RCX: 00007f0c9a59ce59 [ 902.030394][T27548] RDX: 0000000000000001 RSI: 00002000000022c0 RDI: 0000000000000004 [ 902.030409][T27548] RBP: 00007f0c9b44e090 R08: 0000000000000000 R09: 0000000000000000 [ 902.030423][T27548] R10: 0000000024040040 R11: 0000000000000246 R12: 0000000000000002 [ 902.030437][T27548] R13: 00007f0c9a816038 R14: 00007f0c9a815fa0 R15: 00007fff3cebe268 [ 902.030474][T27548] [ 902.574250][T27557] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5619'. [ 903.236877][T27575] netlink: 'syz.4.5626': attribute type 10 has an invalid length. [ 903.312021][T27575] netlink: 'syz.4.5626': attribute type 10 has an invalid length. [ 903.620737][T27587] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5630'. [ 904.247647][T27608] netlink: 'syz.3.5635': attribute type 1 has an invalid length. [ 904.308421][T27609] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5635'. [ 904.662576][T27608] bond24: entered promiscuous mode [ 904.669577][T27608] 8021q: adding VLAN 0 to HW filter on device bond24 [ 904.706720][T27596] xfrm0 speed is unknown, defaulting to 1000 [ 904.855181][T27609] bond24: entered allmulticast mode [ 904.887340][T27596] lo speed is unknown, defaulting to 1000 [ 904.978205][ T93] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 905.000532][ T93] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.163026][ T93] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 905.205930][ T93] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.301473][ T5967] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 905.330438][ T5967] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.425190][ T93] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 905.452431][ T93] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.612424][T27598] netlink: 'syz.4.5633': attribute type 4 has an invalid length. [ 905.808353][T27642] FAULT_INJECTION: forcing a failure. [ 905.808353][T27642] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 905.885087][T27642] CPU: 1 UID: 0 PID: 27642 Comm: syz.0.5644 Not tainted syzkaller #0 PREEMPT(full) [ 905.885120][T27642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 905.885134][T27642] Call Trace: [ 905.885144][T27642] [ 905.885153][T27642] dump_stack_lvl+0xe8/0x150 [ 905.885186][T27642] should_fail_ex+0x412/0x560 [ 905.885217][T27642] _copy_to_user+0x31/0xb0 [ 905.885248][T27642] simple_read_from_buffer+0xe1/0x170 [ 905.885283][T27642] proc_fail_nth_read+0x1bb/0x230 [ 905.885317][T27642] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 905.885348][T27642] ? rw_verify_area+0x2a6/0x4d0 [ 905.885380][T27642] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 905.885412][T27642] vfs_read+0x20c/0xa70 [ 905.885451][T27642] ? __pfx___mutex_lock+0x10/0x10 [ 905.885479][T27642] ? __pfx_vfs_read+0x10/0x10 [ 905.885513][T27642] ? __fget_files+0x2a/0x420 [ 905.885547][T27642] ? __fget_files+0x3a0/0x420 [ 905.885573][T27642] ? __fget_files+0x2a/0x420 [ 905.885616][T27642] ksys_read+0x150/0x270 [ 905.885651][T27642] ? __pfx_ksys_read+0x10/0x10 [ 905.885694][T27642] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.885719][T27642] do_syscall_64+0x174/0x580 [ 905.885742][T27642] ? trace_irq_disable+0x3b/0x140 [ 905.885776][T27642] ? clear_bhb_loop+0x40/0x90 [ 905.885804][T27642] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.885836][T27642] RIP: 0033:0x7f19a155d68e [ 905.885856][T27642] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 905.885875][T27642] RSP: 002b:00007f19a2450fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 905.885899][T27642] RAX: ffffffffffffffda RBX: 00007f19a24516c0 RCX: 00007f19a155d68e [ 905.885915][T27642] RDX: 000000000000000f RSI: 00007f19a24510a0 RDI: 0000000000000004 [ 905.885929][T27642] RBP: 00007f19a2451090 R08: 0000000000000000 R09: 0000000000000000 [ 905.885943][T27642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 905.885957][T27642] R13: 00007f19a1816038 R14: 00007f19a1815fa0 R15: 00007ffe99e4be98 [ 905.885994][T27642] [ 906.405103][T27645] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 906.770480][T27654] ip6gre1: entered promiscuous mode [ 906.793340][T27654] ip6gre1: entered allmulticast mode [ 907.137678][T27669] FAULT_INJECTION: forcing a failure. [ 907.137678][T27669] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 907.187814][T27669] CPU: 1 UID: 0 PID: 27669 Comm: syz.0.5653 Not tainted syzkaller #0 PREEMPT(full) [ 907.187845][T27669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 907.187860][T27669] Call Trace: [ 907.187870][T27669] [ 907.187879][T27669] dump_stack_lvl+0xe8/0x150 [ 907.187912][T27669] should_fail_ex+0x412/0x560 [ 907.187944][T27669] strncpy_from_user+0x36/0x2b0 [ 907.187972][T27669] strncpy_from_user_nofault+0x71/0x150 [ 907.188049][T27669] bpf_probe_read_user_str+0x2a/0x70 [ 907.188080][T27669] bpf_prog_2b9d543235bb144e+0x62/0x68 [ 907.188107][T27669] bpf_flow_dissect+0x224/0x730 [ 907.188145][T27669] bpf_prog_test_run_flow_dissector+0x3a4/0x610 [ 907.188198][T27669] ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10 [ 907.188232][T27669] ? __fget_files+0x2a/0x420 [ 907.188268][T27669] ? __fget_files+0x2a/0x420 [ 907.188301][T27669] ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10 [ 907.188332][T27669] bpf_prog_test_run+0x2c7/0x340 [ 907.188360][T27669] __sys_bpf+0x643/0x950 [ 907.188397][T27669] ? __pfx___sys_bpf+0x10/0x10 [ 907.188449][T27669] ? ksys_write+0x242/0x270 [ 907.188486][T27669] ? __pfx_ksys_write+0x10/0x10 [ 907.188525][T27669] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 907.188551][T27669] __x64_sys_bpf+0x7c/0x90 [ 907.188584][T27669] do_syscall_64+0x174/0x580 [ 907.188609][T27669] ? trace_irq_disable+0x3b/0x140 [ 907.188641][T27669] ? clear_bhb_loop+0x40/0x90 [ 907.188668][T27669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 907.188688][T27669] RIP: 0033:0x7f19a159ce59 [ 907.188706][T27669] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 907.188723][T27669] RSP: 002b:00007f19a2451028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 907.188744][T27669] RAX: ffffffffffffffda RBX: 00007f19a1815fa0 RCX: 00007f19a159ce59 [ 907.188758][T27669] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 000000000000000a [ 907.188770][T27669] RBP: 00007f19a2451090 R08: 0000000000000000 R09: 0000000000000000 [ 907.188782][T27669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 907.188794][T27669] R13: 00007f19a1816038 R14: 00007f19a1815fa0 R15: 00007ffe99e4be98 [ 907.188829][T27669] [ 908.026453][T27686] netlink: 'syz.1.5657': attribute type 1 has an invalid length. [ 908.123820][T27693] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5657'. [ 908.228690][T27693] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5657'. [ 908.403577][T27686] 8021q: adding VLAN 0 to HW filter on device bond21 [ 909.126847][T27712] IPv6: sit1: Disabled Multicast RS [ 909.531787][T27733] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5665'. [ 909.797756][T27743] netlink: 830 bytes leftover after parsing attributes in process `syz.3.5668'. [ 909.818151][T27733] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5665'. [ 910.072512][T27736] xfrm0 speed is unknown, defaulting to 1000 [ 910.444087][T27764] xt_policy: output policy not valid in PREROUTING and INPUT [ 910.622789][T27753] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5669'. [ 910.653045][T27736] lo speed is unknown, defaulting to 1000 [ 911.627227][T27789] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5674'. [ 912.271643][T27805] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 912.341309][T27805] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 912.758433][T27811] A link change request failed with some changes committed already. Interface bond1 may have been left with an inconsistent configuration, please check. [ 913.092107][T27827] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5684'. [ 913.137935][T27827] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5684'. [ 913.191984][T27827] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5684'. [ 913.340620][T27827] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5684'. [ 913.381609][T27827] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5684'. [ 913.435166][T27827] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5684'. [ 913.918247][T27841] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5688'. [ 913.966581][T27842] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5689'. [ 914.848424][T27866] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5694'. [ 915.607133][T27886] netlink: 'syz.1.5700': attribute type 1 has an invalid length. [ 915.708760][T27890] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5700'. [ 915.816045][T27890] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5700'. [ 915.906091][T27886] 8021q: adding VLAN 0 to HW filter on device bond22 [ 916.456527][T27905] xfrm0 speed is unknown, defaulting to 1000 [ 916.553634][T27905] lo speed is unknown, defaulting to 1000 [ 916.893330][T27925] netlink: 'syz.1.5711': attribute type 7 has an invalid length. [ 917.241758][T27925] netlink: 'syz.1.5711': attribute type 7 has an invalid length. [ 917.284342][T27931] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 917.390249][T27931] team0: No ports can be present during mode change [ 917.715343][T27942] FAULT_INJECTION: forcing a failure. [ 917.715343][T27942] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 917.768971][T27942] CPU: 0 UID: 0 PID: 27942 Comm: syz.3.5715 Not tainted syzkaller #0 PREEMPT(full) [ 917.769005][T27942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 917.769019][T27942] Call Trace: [ 917.769029][T27942] [ 917.769039][T27942] dump_stack_lvl+0xe8/0x150 [ 917.769072][T27942] should_fail_ex+0x412/0x560 [ 917.769105][T27942] _copy_from_iter+0x1d3/0x1670 [ 917.769132][T27942] ? rep_movs_alternative+0x4a/0x90 [ 917.769175][T27942] ? __pfx__copy_from_iter+0x10/0x10 [ 917.769197][T27942] ? sock_alloc_send_pskb+0x896/0x990 [ 917.769235][T27942] ? __pfx__copy_from_iter+0x10/0x10 [ 917.769269][T27942] copy_page_from_iter+0x220/0x2d0 [ 917.769299][T27942] skb_copy_datagram_from_iter+0x306/0x710 [ 917.769342][T27942] tun_get_user+0xc5e/0x43e0 [ 917.769386][T27942] ? aa_file_perm+0x192/0x15e0 [ 917.769415][T27942] ? aa_file_perm+0x50e/0x15e0 [ 917.769436][T27942] ? __pfx_tun_get_user+0x10/0x10 [ 917.769462][T27942] ? __lock_acquire+0x6b5/0x2cf0 [ 917.769491][T27942] ? kstrtoull+0x12f/0x1d0 [ 917.769532][T27942] ? ref_tracker_alloc+0x35c/0x4c0 [ 917.769560][T27942] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 917.769588][T27942] ? tun_get+0x1c/0x2f0 [ 917.769611][T27942] ? tun_get+0x1c/0x2f0 [ 917.769640][T27942] ? tun_get+0x1c/0x2f0 [ 917.769661][T27942] ? tun_get+0x1c/0x2f0 [ 917.769690][T27942] tun_chr_write_iter+0x113/0x200 [ 917.769716][T27942] vfs_write+0x61d/0xb90 [ 917.769767][T27942] ? __pfx_vfs_write+0x10/0x10 [ 917.769811][T27942] ? __fget_files+0x2a/0x420 [ 917.769849][T27942] ksys_write+0x150/0x270 [ 917.769885][T27942] ? __pfx_ksys_write+0x10/0x10 [ 917.769927][T27942] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 917.769952][T27942] do_syscall_64+0x174/0x580 [ 917.769976][T27942] ? trace_irq_disable+0x3b/0x140 [ 917.770011][T27942] ? clear_bhb_loop+0x40/0x90 [ 917.770039][T27942] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 917.770062][T27942] RIP: 0033:0x7fcf5bb5d68e [ 917.770083][T27942] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 917.770102][T27942] RSP: 002b:00007fcf5ca50fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 917.770126][T27942] RAX: ffffffffffffffda RBX: 00007fcf5ca516c0 RCX: 00007fcf5bb5d68e [ 917.770143][T27942] RDX: 000000000000fdef RSI: 00002000000039c0 RDI: 00000000000000c8 [ 917.770157][T27942] RBP: 00007fcf5ca51090 R08: 0000000000000000 R09: 0000000000000000 [ 917.770171][T27942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 917.770184][T27942] R13: 00007fcf5be16038 R14: 00007fcf5be15fa0 R15: 00007ffcf1617798 [ 917.770220][T27942] [ 918.190733][T27950] netlink: 'syz.3.5717': attribute type 1 has an invalid length. [ 918.927075][T27974] sctp: [Deprecated]: syz.3.5722 (pid 27974) Use of struct sctp_assoc_value in delayed_ack socket option. [ 918.927075][T27974] Use struct sctp_sack_info instead [ 918.958269][T27973] __nla_validate_parse: 2 callbacks suppressed [ 918.958294][T27973] netlink: 256 bytes leftover after parsing attributes in process `syz.2.5723'. [ 919.028086][T27973] netlink: 80 bytes leftover after parsing attributes in process `syz.2.5723'. [ 919.086824][T27973] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5723'. [ 919.142276][T27967] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5721'. [ 919.805958][T27995] netlink: 'syz.3.5728': attribute type 4 has an invalid length. [ 919.830990][T27998] debugfs: 'netdev:syzkaller0' already exists in 'phy29' [ 919.902449][T28004] netlink: 'syz.3.5728': attribute type 4 has an invalid length. [ 920.584873][T28030] xfrm0 speed is unknown, defaulting to 1000 [ 920.654320][T28030] lo speed is unknown, defaulting to 1000 [ 920.897719][T28039] geneve3: entered promiscuous mode [ 920.932104][ T12] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 920.950599][ T12] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 920.973731][ T12] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 920.992370][ T12] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 921.868197][T28031] netlink: 'syz.3.5736': attribute type 4 has an invalid length. [ 922.181892][T28066] block nbd0: server does not support multiple connections per device. [ 922.316220][T28066] block nbd0: shutting down sockets [ 922.896401][T28096] FAULT_INJECTION: forcing a failure. [ 922.896401][T28096] name failslab, interval 1, probability 0, space 0, times 0 [ 922.953002][T28096] CPU: 1 UID: 0 PID: 28096 Comm: syz.3.5751 Not tainted syzkaller #0 PREEMPT(full) [ 922.953047][T28096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 922.953062][T28096] Call Trace: [ 922.953072][T28096] [ 922.953083][T28096] dump_stack_lvl+0xe8/0x150 [ 922.953117][T28096] should_fail_ex+0x412/0x560 [ 922.953147][T28096] should_failslab+0xa8/0x100 [ 922.953183][T28096] __kmalloc_noprof+0xe8/0x760 [ 922.953218][T28096] ? iter_file_splice_write+0x1da/0x10f0 [ 922.953255][T28096] iter_file_splice_write+0x1da/0x10f0 [ 922.953285][T28096] ? __lock_acquire+0x6b5/0x2cf0 [ 922.953318][T28096] ? copy_splice_read+0x92e/0xaa0 [ 922.953352][T28096] ? copy_splice_read+0x92e/0xaa0 [ 922.953391][T28096] ? __pfx_iter_file_splice_write+0x10/0x10 [ 922.953420][T28096] ? direct_splice_actor+0x49/0x160 [ 922.953452][T28096] ? direct_splice_actor+0x49/0x160 [ 922.953497][T28096] ? __pfx_iter_file_splice_write+0x10/0x10 [ 922.953529][T28096] direct_splice_actor+0x101/0x160 [ 922.953564][T28096] splice_direct_to_actor+0x53a/0xc70 [ 922.953607][T28096] ? __pfx_direct_splice_actor+0x10/0x10 [ 922.953647][T28096] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 922.953690][T28096] do_splice_direct+0x195/0x290 [ 922.953724][T28096] ? __pfx_do_splice_direct+0x10/0x10 [ 922.953755][T28096] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 922.953794][T28096] ? rw_verify_area+0x255/0x4d0 [ 922.953831][T28096] do_sendfile+0x535/0x7d0 [ 922.953857][T28096] ? __pfx_vfs_write+0x10/0x10 [ 922.953897][T28096] ? __pfx_do_sendfile+0x10/0x10 [ 922.953923][T28096] ? __fget_files+0x3a0/0x420 [ 922.953965][T28096] __se_sys_sendfile64+0x144/0x1a0 [ 922.953993][T28096] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 922.954029][T28096] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 922.954054][T28096] do_syscall_64+0x174/0x580 [ 922.954078][T28096] ? trace_irq_disable+0x3b/0x140 [ 922.954113][T28096] ? clear_bhb_loop+0x40/0x90 [ 922.954148][T28096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 922.954178][T28096] RIP: 0033:0x7fcf5bb9ce59 [ 922.954199][T28096] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 922.954219][T28096] RSP: 002b:00007fcf5ca51028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 922.954243][T28096] RAX: ffffffffffffffda RBX: 00007fcf5be15fa0 RCX: 00007fcf5bb9ce59 [ 922.954260][T28096] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000008 [ 922.954273][T28096] RBP: 00007fcf5ca51090 R08: 0000000000000000 R09: 0000000000000000 [ 922.954299][T28096] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000002 [ 922.954314][T28096] R13: 00007fcf5be16038 R14: 00007fcf5be15fa0 R15: 00007ffcf1617798 [ 922.954352][T28096] [ 923.474057][T28108] tipc: Enabled bearer , priority 10 [ 923.760627][T28126] tipc: Enabling of bearer rejected, already enabled [ 923.810192][T28126] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5760'. [ 923.833439][T28126] netlink: 'syz.3.5760': attribute type 1 has an invalid length. [ 923.924899][T28126] bond26: entered promiscuous mode [ 923.930843][T28126] 8021q: adding VLAN 0 to HW filter on device bond26 [ 923.957225][T28126] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5760'. [ 923.966660][T28126] bond26: entered allmulticast mode [ 924.065783][T28126] bond26: (slave bridge13): making interface the new active one [ 924.085911][T28126] bridge13: entered promiscuous mode [ 924.092880][T28126] bridge13: entered allmulticast mode [ 924.104176][T28126] bond26: (slave bridge13): Enslaving as an active interface with an up link [ 924.140219][T28141] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5762'. [ 924.378495][T28149] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5764'. [ 924.597923][T28162] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5768'. [ 924.607751][T28162] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5768'. [ 925.442244][T28201] tipc: Enabling of bearer rejected, already enabled [ 925.467147][T28201] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5775'. [ 925.501438][T28201] netlink: 'syz.3.5775': attribute type 1 has an invalid length. [ 925.552064][T28201] bond27: entered promiscuous mode [ 925.595067][T28201] 8021q: adding VLAN 0 to HW filter on device bond27 [ 925.631504][T28209] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5775'. [ 925.674190][T28209] bond27: entered allmulticast mode [ 925.779246][T28201] bond27: (slave bridge14): making interface the new active one [ 925.793341][T28201] bridge14: entered promiscuous mode [ 925.804191][T28201] bridge14: entered allmulticast mode [ 925.823418][T28201] bond27: (slave bridge14): Enslaving as an active interface with an up link [ 926.657029][T23236] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 926.670965][T23236] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 926.682449][T23236] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 926.695710][T23236] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 926.715888][T23236] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 927.654453][T28258] openvswitch: netlink: Unexpected mask (mask=200240, allowed=10048) [ 927.780209][T28237] xfrm0 speed is unknown, defaulting to 1000 [ 927.866922][T28237] lo speed is unknown, defaulting to 1000 [ 928.179832][T28271] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5789'. [ 928.768950][ T5637] Bluetooth: hci2: command tx timeout [ 928.973242][T28291] netlink: 'syz.1.5793': attribute type 39 has an invalid length. [ 929.197012][ T93] tipc: Resetting bearer [ 929.396194][ T93] tipc: Disabling bearer [ 929.595639][T28303] FAULT_INJECTION: forcing a failure. [ 929.595639][T28303] name failslab, interval 1, probability 0, space 0, times 0 [ 929.641766][T28303] CPU: 0 UID: 0 PID: 28303 Comm: syz.0.5795 Not tainted syzkaller #0 PREEMPT(full) [ 929.641797][T28303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 929.641813][T28303] Call Trace: [ 929.641822][T28303] [ 929.641833][T28303] dump_stack_lvl+0xe8/0x150 [ 929.641867][T28303] should_fail_ex+0x412/0x560 [ 929.641898][T28303] should_failslab+0xa8/0x100 [ 929.641924][T28303] __kmalloc_cache_noprof+0x88/0x660 [ 929.641960][T28303] ? sctp_add_bind_addr+0x8c/0x370 [ 929.642002][T28303] sctp_add_bind_addr+0x8c/0x370 [ 929.642050][T28303] sctp_copy_local_addr_list+0x314/0x4f0 [ 929.642090][T28303] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 929.642124][T28303] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 929.642161][T28303] ? sctp_v6_is_any+0x64/0x80 [ 929.642186][T28303] ? sctp_copy_one_addr+0x93/0x360 [ 929.642224][T28303] sctp_bind_addr_copy+0xb3/0x3c0 [ 929.642259][T28303] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 929.642300][T28303] sctp_connect_new_asoc+0x2ff/0x6b0 [ 929.642332][T28303] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 929.642367][T28303] ? __local_bh_enable_ip+0xd0/0x130 [ 929.642390][T28303] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 929.642423][T28303] ? security_sctp_bind_connect+0x7e/0x2c0 [ 929.642456][T28303] sctp_sendmsg+0x1576/0x2c50 [ 929.642501][T28303] ? __pfx_sctp_sendmsg+0x10/0x10 [ 929.642532][T28303] ? aa_sk_perm+0x6d5/0x900 [ 929.642574][T28303] ? __pfx_aa_sk_perm+0x10/0x10 [ 929.642609][T28303] ? sock_rps_record_flow+0x19/0x350 [ 929.642649][T28303] ? inet_sendmsg+0x2f4/0x370 [ 929.642688][T28303] ____sys_sendmsg+0x80a/0x9f0 [ 929.642727][T28303] ? __pfx_____sys_sendmsg+0x10/0x10 [ 929.642764][T28303] ? import_iovec+0x73/0xa0 [ 929.642798][T28303] ___sys_sendmsg+0x2a5/0x360 [ 929.642823][T28303] ? __lock_acquire+0x6b5/0x2cf0 [ 929.642853][T28303] ? __pfx____sys_sendmsg+0x10/0x10 [ 929.642886][T28303] ? kstrtouint+0x6e/0xe0 [ 929.642952][T28303] ? __fget_files+0x2a/0x420 [ 929.642980][T28303] ? __fget_files+0x3a0/0x420 [ 929.643027][T28303] __sys_sendmmsg+0x27c/0x4e0 [ 929.643061][T28303] ? __pfx___sys_sendmmsg+0x10/0x10 [ 929.643085][T28303] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 929.643143][T28303] ? ksys_write+0x242/0x270 [ 929.643179][T28303] ? __pfx_ksys_write+0x10/0x10 [ 929.643221][T28303] __x64_sys_sendmmsg+0xa0/0xc0 [ 929.643248][T28303] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 929.643272][T28303] do_syscall_64+0x174/0x580 [ 929.643296][T28303] ? trace_irq_disable+0x3b/0x140 [ 929.643330][T28303] ? clear_bhb_loop+0x40/0x90 [ 929.643358][T28303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 929.643381][T28303] RIP: 0033:0x7f19a159ce59 [ 929.643402][T28303] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 929.643421][T28303] RSP: 002b:00007f19a2451028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 929.643446][T28303] RAX: ffffffffffffffda RBX: 00007f19a1815fa0 RCX: 00007f19a159ce59 [ 929.643463][T28303] RDX: 0000000000000001 RSI: 00002000000022c0 RDI: 0000000000000004 [ 929.643477][T28303] RBP: 00007f19a2451090 R08: 0000000000000000 R09: 0000000000000000 [ 929.643491][T28303] R10: 0000000024040040 R11: 0000000000000246 R12: 0000000000000002 [ 929.643505][T28303] R13: 00007f19a1816038 R14: 00007f19a1815fa0 R15: 00007ffe99e4be98 [ 929.643543][T28303] [ 930.275082][T28312] FAULT_INJECTION: forcing a failure. [ 930.275082][T28312] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 930.318405][T28312] CPU: 1 UID: 0 PID: 28312 Comm: syz.0.5798 Not tainted syzkaller #0 PREEMPT(full) [ 930.318436][T28312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 930.318450][T28312] Call Trace: [ 930.318460][T28312] [ 930.318471][T28312] dump_stack_lvl+0xe8/0x150 [ 930.318502][T28312] should_fail_ex+0x412/0x560 [ 930.318533][T28312] _copy_from_iter+0x3b0/0x1670 [ 930.318576][T28312] ? __pfx__copy_from_iter+0x10/0x10 [ 930.318611][T28312] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 930.318646][T28312] skb_copy_datagram_from_iter+0xf5/0x710 [ 930.318679][T28312] ? dev_get_by_index+0x22/0x2e0 [ 930.318708][T28312] ? skb_put+0x11b/0x210 [ 930.318735][T28312] packet_sendmsg+0x35b1/0x4fb0 [ 930.318890][T28312] ? unwind_next_frame+0xa6/0x2550 [ 930.318941][T28312] ? __pfx_packet_sendmsg+0x10/0x10 [ 930.318966][T28312] ? aa_sk_perm+0x6d5/0x900 [ 930.319008][T28312] ? __pfx_aa_sk_perm+0x10/0x10 [ 930.319037][T28312] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 930.319079][T28312] ? aa_sock_msg_perm+0xf1/0x1b0 [ 930.319115][T28312] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 930.319149][T28312] ____sys_sendmsg+0x972/0x9f0 [ 930.319186][T28312] ? __pfx_____sys_sendmsg+0x10/0x10 [ 930.319223][T28312] ? import_iovec+0x73/0xa0 [ 930.319255][T28312] ___sys_sendmsg+0x2a5/0x360 [ 930.319280][T28312] ? __lock_acquire+0x6b5/0x2cf0 [ 930.319309][T28312] ? __pfx____sys_sendmsg+0x10/0x10 [ 930.319385][T28312] ? __fget_files+0x2a/0x420 [ 930.319412][T28312] ? __fget_files+0x3a0/0x420 [ 930.319452][T28312] __x64_sys_sendmsg+0x1bd/0x2a0 [ 930.319482][T28312] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 930.319520][T28312] ? __pfx_ksys_write+0x10/0x10 [ 930.319563][T28312] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 930.319588][T28312] do_syscall_64+0x174/0x580 [ 930.319613][T28312] ? trace_irq_disable+0x3b/0x140 [ 930.319647][T28312] ? clear_bhb_loop+0x40/0x90 [ 930.319676][T28312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 930.319699][T28312] RIP: 0033:0x7f19a159ce59 [ 930.319720][T28312] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 930.319740][T28312] RSP: 002b:00007f19a2451028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 930.319764][T28312] RAX: ffffffffffffffda RBX: 00007f19a1815fa0 RCX: 00007f19a159ce59 [ 930.319781][T28312] RDX: 0000000000008045 RSI: 0000200000000040 RDI: 0000000000000003 [ 930.319796][T28312] RBP: 00007f19a2451090 R08: 0000000000000000 R09: 0000000000000000 [ 930.319810][T28312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 930.319823][T28312] R13: 00007f19a1816038 R14: 00007f19a1815fa0 R15: 00007ffe99e4be98 [ 930.319860][T28312] [ 930.757793][ T93] bond16 (unregistering): (slave gretap1): Releasing active interface [ 930.848949][ T5637] Bluetooth: hci2: command tx timeout [ 930.882826][ T93] bond13 (unregistering): (slave geneve3): Releasing active interface [ 930.886362][T28321] netlink: 212344 bytes leftover after parsing attributes in process `syz.2.5801'. [ 930.911851][ T93] bond10 (unregistering): (slave geneve2): Releasing active interface [ 930.921695][ T93] geneve2 (unregistering): left allmulticast mode [ 930.955219][ T93] bond1 (unregistering): (slave bridge1): Releasing backup interface [ 930.964436][ T93] bridge1 (unregistering): left promiscuous mode [ 930.974627][ T93] bridge1 (unregistering): left allmulticast mode [ 930.994539][ T93] bond2 (unregistering): (slave bridge2): Releasing backup interface [ 931.003056][ T93] bridge2 (unregistering): left promiscuous mode [ 931.010529][ T93] bridge2 (unregistering): left allmulticast mode [ 931.042448][ T93] bond3 (unregistering): (slave bridge3): Releasing backup interface [ 931.052875][ T93] bridge3 (unregistering): left promiscuous mode [ 931.059828][ T93] bridge3 (unregistering): left allmulticast mode [ 931.079661][ T93] bond4 (unregistering): (slave bridge4): Releasing backup interface [ 931.095925][ T93] bridge4 (unregistering): left promiscuous mode [ 931.115204][ T93] bond5 (unregistering): (slave bridge5): Releasing backup interface [ 931.126940][ T93] bridge5 (unregistering): left promiscuous mode [ 931.133970][ T93] bridge5 (unregistering): left allmulticast mode [ 931.155382][ T93] bond6 (unregistering): (slave bridge6): Releasing backup interface [ 931.166968][ T93] bridge6 (unregistering): left promiscuous mode [ 931.189805][ T93] bridge6 (unregistering): left allmulticast mode [ 931.209338][ T93] bond8 (unregistering): (slave bridge7): Releasing backup interface [ 931.219222][ T93] bridge7 (unregistering): left promiscuous mode [ 931.226006][ T93] bridge7 (unregistering): left allmulticast mode [ 931.299174][ T93] bond14 (unregistering): (slave bridge10): Releasing backup interface [ 931.310111][ T93] bridge10 (unregistering): left promiscuous mode [ 931.330449][ T93] bridge10 (unregistering): left allmulticast mode [ 931.344248][ T93] bond17 (unregistering): (slave bridge0): Releasing backup interface [ 931.352767][ T93] bridge0 (unregistering): left promiscuous mode [ 931.359498][ T93] bridge0 (unregistering): left allmulticast mode [ 931.377010][ T93] bond18 (unregistering): (slave bridge11): Releasing backup interface [ 931.390211][ T93] bridge11 (unregistering): left promiscuous mode [ 931.397000][ T93] bridge11 (unregistering): left allmulticast mode [ 931.421802][ T93] bond22 (unregistering): (slave bridge12): Releasing backup interface [ 931.430402][ T93] bridge12 (unregistering): left promiscuous mode [ 931.453133][ T93] bond26 (unregistering): (slave bridge13): Releasing backup interface [ 931.470785][ T93] bridge13 (unregistering): left promiscuous mode [ 931.488991][ T93] bridge13 (unregistering): left allmulticast mode [ 931.508125][ T93] bond27 (unregistering): (slave bridge14): Releasing backup interface [ 931.516534][ T93] bridge14 (unregistering): left promiscuous mode [ 931.523524][ T93] bridge14 (unregistering): left allmulticast mode [ 931.537582][ T93] bond0 (unregistering): Released all slaves [ 931.552173][ T93] bond1 (unregistering): Released all slaves [ 931.570825][ T93] bond2 (unregistering): Released all slaves [ 931.592518][ T93] bond3 (unregistering): Released all slaves [ 931.616614][ T93] bond4 (unregistering): Released all slaves [ 931.637196][ T93] bond5 (unregistering): Released all slaves [ 931.662486][ T93] bond6 (unregistering): Released all slaves [ 931.685826][ T93] team0: Port device macvlan2 removed [ 931.702684][ T93] bond7 (unregistering): Released all slaves [ 931.724764][ T93] bond8 (unregistering): Released all slaves [ 931.750918][ T93] bond9 (unregistering): Released all slaves [ 931.772836][ T93] bond10 (unregistering): Released all slaves [ 931.799286][ T93] bond11 (unregistering): Released all slaves [ 931.813567][ T93] bond12 (unregistering): Released all slaves [ 931.834658][ T93] bond13 (unregistering): Released all slaves [ 931.854369][ T93] bond14 (unregistering): Released all slaves [ 931.881589][ T93] bond15 (unregistering): Released all slaves [ 931.904727][ T93] bond16 (unregistering): Released all slaves [ 931.932714][ T93] bond17 (unregistering): Released all slaves [ 931.958605][ T93] bond18 (unregistering): Released all slaves [ 932.008680][ T93] bond19 (unregistering): (slave veth3): Releasing active interface [ 932.023217][ T93] bond19 (unregistering): (slave veth5): Releasing active interface [ 932.058220][ T93] bond19 (unregistering): Released all slaves [ 932.084090][ T93] bond20 (unregistering): Released all slaves [ 932.109817][ T93] bond21 (unregistering): Released all slaves [ 932.155661][ T93] bond22 (unregistering): Released all slaves [ 932.178644][ T93] bond23 (unregistering): Released all slaves [ 932.222317][ T93] bond24 (unregistering): Released all slaves [ 932.252731][ T93] bond25 (unregistering): Released all slaves [ 932.294541][ T93] bond26 (unregistering): Released all slaves [ 932.332320][ T93] bond27 (unregistering): Released all slaves [ 932.931210][ T5637] Bluetooth: hci2: command tx timeout [ 933.144648][ T93] tipc: Disabling bearer [ 933.177443][ T93] tipc: Left network mode [ 933.934576][T28237] bridge0: port 1(bridge_slave_0) entered blocking state [ 933.973863][T28237] bridge0: port 1(bridge_slave_0) entered disabled state [ 934.001922][T28237] bridge_slave_0: entered allmulticast mode [ 934.042504][T28237] bridge_slave_0: entered promiscuous mode [ 934.056003][T28237] bridge0: port 2(bridge_slave_1) entered blocking state [ 934.063913][T28237] bridge0: port 2(bridge_slave_1) entered disabled state [ 934.113280][T28237] bridge_slave_1: entered allmulticast mode [ 934.158042][T28237] bridge_slave_1: entered promiscuous mode [ 934.393613][T28414] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5824'. [ 934.480565][T28237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 934.590099][T28237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 934.794036][T28432] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5826'. [ 934.823952][T28433] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5830'. [ 934.844185][T28432] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5826'. [ 934.931029][T28435] bridge0: port 1(bond0) entered blocking state [ 934.937931][T28435] bridge0: port 1(bond0) entered disabled state [ 934.957080][T28435] bond0: entered allmulticast mode [ 934.979529][T28435] bond0: entered promiscuous mode [ 934.989886][T28237] team0: Port device team_slave_0 added [ 935.009775][ T5637] Bluetooth: hci2: command tx timeout [ 935.129342][ T5294] 8021q: adding VLAN 0 to HW filter on device eth1 [ 935.143964][T28237] team0: Port device team_slave_1 added [ 935.285952][T28237] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 935.304358][T28237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 935.358160][T28237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 935.404392][T28237] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 935.433089][T28237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 935.493540][T28237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 935.875805][T28469] nftables ruleset with unbound set [ 935.965761][T28237] hsr_slave_0: entered promiscuous mode [ 935.998124][T28237] hsr_slave_1: entered promiscuous mode [ 936.902127][T28510] netlink: 'syz.2.5852': attribute type 1 has an invalid length. [ 937.426353][T28525] Bluetooth: MGMT ver 1.23 [ 937.500832][T28527] Cannot find del_set index 4 as target [ 937.641138][ T5294] 8021q: adding VLAN 0 to HW filter on device eth2 [ 937.678099][T28521] xfrm0 speed is unknown, defaulting to 1000 [ 937.717832][T28521] lo speed is unknown, defaulting to 1000 [ 938.004175][ T93] hsr_slave_0: left promiscuous mode [ 938.033351][ T93] hsr_slave_1: left promiscuous mode [ 939.371099][T28569] FAULT_INJECTION: forcing a failure. [ 939.371099][T28569] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 939.410130][T28569] CPU: 1 UID: 0 PID: 28569 Comm: syz.0.5863 Not tainted syzkaller #0 PREEMPT(full) [ 939.410158][T28569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 939.410170][T28569] Call Trace: [ 939.410178][T28569] [ 939.410187][T28569] dump_stack_lvl+0xe8/0x150 [ 939.410216][T28569] should_fail_ex+0x412/0x560 [ 939.410242][T28569] prepare_alloc_pages+0x22a/0x650 [ 939.410279][T28569] __alloc_frozen_pages_noprof+0x12f/0x380 [ 939.410302][T28569] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 939.410336][T28569] ? __pfx_policy_nodemask+0x10/0x10 [ 939.410364][T28569] alloc_pages_mpol+0x235/0x490 [ 939.410387][T28569] alloc_pages_noprof+0xac/0x2a0 [ 939.410408][T28569] bpf_prog_test_run_xdp+0xc69/0x1160 [ 939.410451][T28569] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 939.410479][T28569] ? __fget_files+0x2a/0x420 [ 939.410507][T28569] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 939.410532][T28569] bpf_prog_test_run+0x2c7/0x340 [ 939.410565][T28569] __sys_bpf+0x643/0x950 [ 939.410596][T28569] ? __pfx___sys_bpf+0x10/0x10 [ 939.410638][T28569] ? ksys_write+0x242/0x270 [ 939.410669][T28569] ? __pfx_ksys_write+0x10/0x10 [ 939.410701][T28569] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 939.410722][T28569] __x64_sys_bpf+0x7c/0x90 [ 939.410751][T28569] do_syscall_64+0x174/0x580 [ 939.410773][T28569] ? trace_irq_disable+0x3b/0x140 [ 939.410801][T28569] ? clear_bhb_loop+0x40/0x90 [ 939.410824][T28569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 939.410843][T28569] RIP: 0033:0x7f19a159ce59 [ 939.410861][T28569] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 939.410877][T28569] RSP: 002b:00007f19a2451028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 939.410897][T28569] RAX: ffffffffffffffda RBX: 00007f19a1815fa0 RCX: 00007f19a159ce59 [ 939.410910][T28569] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a [ 939.410922][T28569] RBP: 00007f19a2451090 R08: 0000000000000000 R09: 0000000000000000 [ 939.410934][T28569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 939.410945][T28569] R13: 00007f19a1816038 R14: 00007f19a1815fa0 R15: 00007ffe99e4be98 [ 939.410974][T28569] [ 940.167006][ T93] IPVS: stop unused estimator thread 0... [ 940.382931][T28598] FAULT_INJECTION: forcing a failure. [ 940.382931][T28598] name failslab, interval 1, probability 0, space 0, times 0 [ 940.515161][T28598] CPU: 0 UID: 0 PID: 28598 Comm: syz.2.5869 Not tainted syzkaller #0 PREEMPT(full) [ 940.515192][T28598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 940.515207][T28598] Call Trace: [ 940.515217][T28598] [ 940.515228][T28598] dump_stack_lvl+0xe8/0x150 [ 940.515260][T28598] should_fail_ex+0x412/0x560 [ 940.515292][T28598] should_failslab+0xa8/0x100 [ 940.515317][T28598] __kmalloc_noprof+0xe8/0x760 [ 940.515351][T28598] ? ip_options_get+0x50/0x580 [ 940.515399][T28598] ip_options_get+0x50/0x580 [ 940.515442][T28598] ip_cmsg_send+0x591/0xa70 [ 940.515480][T28598] ping_v4_sendmsg+0x69e/0x1810 [ 940.515515][T28598] ? __pfx_ping_v4_sendmsg+0x10/0x10 [ 940.515572][T28598] ? inet_sendmsg+0x14f/0x370 [ 940.515604][T28598] ? __local_bh_enable_ip+0xd0/0x130 [ 940.515628][T28598] ? lockdep_hardirqs_on+0x7a/0x110 [ 940.515652][T28598] ? inet_sendmsg+0x14f/0x370 [ 940.515684][T28598] ? __local_bh_enable_ip+0xd0/0x130 [ 940.515707][T28598] ? inet_sendmsg+0x2f4/0x370 [ 940.515745][T28598] ____sys_sendmsg+0x80a/0x9f0 [ 940.515782][T28598] ? __pfx_____sys_sendmsg+0x10/0x10 [ 940.515819][T28598] ? import_iovec+0x73/0xa0 [ 940.515849][T28598] ___sys_sendmsg+0x2a5/0x360 [ 940.515874][T28598] ? __lock_acquire+0x6b5/0x2cf0 [ 940.515905][T28598] ? __pfx____sys_sendmsg+0x10/0x10 [ 940.515972][T28598] ? __fget_files+0x2a/0x420 [ 940.516000][T28598] ? __fget_files+0x3a0/0x420 [ 940.516040][T28598] __x64_sys_sendmsg+0x1bd/0x2a0 [ 940.516070][T28598] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 940.516110][T28598] ? __pfx_ksys_write+0x10/0x10 [ 940.516153][T28598] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.516183][T28598] do_syscall_64+0x174/0x580 [ 940.516208][T28598] ? trace_irq_disable+0x3b/0x140 [ 940.516242][T28598] ? clear_bhb_loop+0x40/0x90 [ 940.516270][T28598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.516292][T28598] RIP: 0033:0x7f5e8159ce59 [ 940.516314][T28598] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 940.516333][T28598] RSP: 002b:00007f5e82534028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 940.516357][T28598] RAX: ffffffffffffffda RBX: 00007f5e81815fa0 RCX: 00007f5e8159ce59 [ 940.516372][T28598] RDX: 0000000020000000 RSI: 0000200000000600 RDI: 0000000000000003 [ 940.516387][T28598] RBP: 00007f5e82534090 R08: 0000000000000000 R09: 0000000000000000 [ 940.516409][T28598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 940.516423][T28598] R13: 00007f5e81816038 R14: 00007f5e81815fa0 R15: 00007ffc77cf0fe8 [ 940.516460][T28598] [ 941.398704][T28237] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 941.443957][T28237] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 941.461340][T28237] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 941.496275][T28237] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 941.521124][T28237] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 941.563902][T28237] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 941.587680][T28237] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 941.632170][T28237] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 941.662308][T28620] tipc: Enabling of bearer rejected, already enabled [ 941.679373][T28620] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5875'. [ 941.692984][T28620] netlink: 'syz.4.5875': attribute type 1 has an invalid length. [ 941.803703][T28620] bond16: entered promiscuous mode [ 941.810261][T28620] 8021q: adding VLAN 0 to HW filter on device bond16 [ 941.838436][T28635] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5877'. [ 941.879183][T28620] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5875'. [ 941.926214][T28620] bond16: entered allmulticast mode [ 941.977763][T28642] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5880'. [ 942.044617][T28620] bond16: (slave bridge6): making interface the new active one [ 942.054688][T28620] bridge6: entered promiscuous mode [ 942.064603][T28640] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5877'. [ 942.075359][T28620] bridge6: entered allmulticast mode [ 942.100197][T28620] bond16: (slave bridge6): Enslaving as an active interface with an up link [ 942.333113][T28655] netlink: 'syz.4.5882': attribute type 1 has an invalid length. [ 942.350917][T28656] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5883'. [ 942.386806][T28656] netlink: 'syz.2.5883': attribute type 7 has an invalid length. [ 942.430392][T28660] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5882'. [ 942.466838][T28656] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5883'. [ 942.557391][T28655] 8021q: adding VLAN 0 to HW filter on device bond17 [ 942.613999][T28662] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 942.853111][T28668] netlink: 'syz.0.5885': attribute type 1 has an invalid length. [ 942.869247][T28668] netlink: 96 bytes leftover after parsing attributes in process `syz.0.5885'. [ 942.905513][T28668] netlink: 1 bytes leftover after parsing attributes in process `syz.0.5885'. [ 942.943764][T28237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 942.954723][T28668] netlink: 'syz.0.5885': attribute type 1 has an invalid length. [ 942.982168][T28668] netlink: 'syz.0.5885': attribute type 8 has an invalid length. [ 943.035267][T28237] 8021q: adding VLAN 0 to HW filter on device team0 [ 943.105431][ T33] bridge0: port 1(bridge_slave_0) entered blocking state [ 943.112842][ T33] bridge0: port 1(bridge_slave_0) entered forwarding state [ 943.138164][T28683] FAULT_INJECTION: forcing a failure. [ 943.138164][T28683] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 943.180214][ T5971] bridge0: port 2(bridge_slave_1) entered blocking state [ 943.187486][ T5971] bridge0: port 2(bridge_slave_1) entered forwarding state [ 943.207929][T28683] CPU: 0 UID: 0 PID: 28683 Comm: syz.1.5887 Not tainted syzkaller #0 PREEMPT(full) [ 943.207963][T28683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 943.207979][T28683] Call Trace: [ 943.207990][T28683] [ 943.208001][T28683] dump_stack_lvl+0xe8/0x150 [ 943.208036][T28683] should_fail_ex+0x412/0x560 [ 943.208069][T28683] _copy_from_user+0x2d/0xb0 [ 943.208102][T28683] __copy_msghdr+0x3c5/0x5b0 [ 943.208138][T28683] ___sys_sendmsg+0x213/0x360 [ 943.208167][T28683] ? __lock_acquire+0x6b5/0x2cf0 [ 943.208196][T28683] ? __pfx____sys_sendmsg+0x10/0x10 [ 943.208259][T28683] ? __fget_files+0x2a/0x420 [ 943.208285][T28683] ? __fget_files+0x3a0/0x420 [ 943.208342][T28683] __x64_sys_sendmsg+0x1bd/0x2a0 [ 943.208376][T28683] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 943.208419][T28683] ? __pfx_ksys_write+0x10/0x10 [ 943.208468][T28683] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.208496][T28683] do_syscall_64+0x174/0x580 [ 943.208524][T28683] ? trace_irq_disable+0x3b/0x140 [ 943.208561][T28683] ? clear_bhb_loop+0x40/0x90 [ 943.208594][T28683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.208622][T28683] RIP: 0033:0x7f0c9a59ce59 [ 943.208646][T28683] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 943.208677][T28683] RSP: 002b:00007f0c9b40c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 943.208705][T28683] RAX: ffffffffffffffda RBX: 00007f0c9a816180 RCX: 00007f0c9a59ce59 [ 943.208724][T28683] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000006 [ 943.208741][T28683] RBP: 00007f0c9b40c090 R08: 0000000000000000 R09: 0000000000000000 [ 943.208757][T28683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 943.208772][T28683] R13: 00007f0c9a816218 R14: 00007f0c9a816180 R15: 00007fff3cebe268 [ 943.208832][T28683] [ 943.478303][T28687] tipc: Enabling of bearer rejected, already enabled [ 943.491301][T28687] netlink: 'syz.2.5891': attribute type 1 has an invalid length. [ 943.528548][T28687] bond15: entered promiscuous mode [ 943.534594][T28687] 8021q: adding VLAN 0 to HW filter on device bond15 [ 943.584068][T28680] xfrm0 speed is unknown, defaulting to 1000 [ 943.634280][T28687] bond15: entered allmulticast mode [ 943.643110][T28680] lo speed is unknown, defaulting to 1000 [ 943.697085][T28687] bond15: (slave bridge11): making interface the new active one [ 943.726990][T28687] bridge11: entered promiscuous mode [ 943.743921][T28687] bridge11: entered allmulticast mode [ 943.762062][T28687] bond15: (slave bridge11): Enslaving as an active interface with an up link [ 944.296562][T28717] netlink: 'syz.2.5897': attribute type 10 has an invalid length. [ 944.348214][T28717] team0: Failed to send options change via netlink (err -105) [ 944.384329][T28717] team0: Port device dummy0 added [ 944.567661][T28725] netlink: 'syz.0.5899': attribute type 1 has an invalid length. [ 945.053447][T28725] bond11: (slave gretap1): making interface the new active one [ 945.105255][T28725] bond11: (slave gretap1): Enslaving as an active interface with an up link [ 945.168554][T28734] macvlan2: entered promiscuous mode [ 945.182364][T28734] macvlan2: entered allmulticast mode [ 945.191412][T28734] bond11: entered promiscuous mode [ 945.196878][T28734] gretap1: entered promiscuous mode [ 945.204957][T28734] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 945.218007][T28734] bond11: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 945.235844][T28734] bond11: left promiscuous mode [ 945.242175][T28734] gretap1: left promiscuous mode [ 945.280692][T28748] x_tables: duplicate underflow at hook 1 [ 945.477719][T28756] FAULT_INJECTION: forcing a failure. [ 945.477719][T28756] name failslab, interval 1, probability 0, space 0, times 0 [ 945.496383][T28756] CPU: 1 UID: 0 PID: 28756 Comm: syz.0.5904 Not tainted syzkaller #0 PREEMPT(full) [ 945.496414][T28756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 945.496427][T28756] Call Trace: [ 945.496435][T28756] [ 945.496444][T28756] dump_stack_lvl+0xe8/0x150 [ 945.496476][T28756] should_fail_ex+0x412/0x560 [ 945.496506][T28756] should_failslab+0xa8/0x100 [ 945.496532][T28756] __kmalloc_cache_noprof+0x88/0x660 [ 945.496567][T28756] ? sctp_add_bind_addr+0x8c/0x370 [ 945.496600][T28756] ? __pfx_sctp_get_port_local+0x10/0x10 [ 945.496633][T28756] sctp_add_bind_addr+0x8c/0x370 [ 945.496666][T28756] ? sctp_auto_asconf_init+0x15c/0x1e0 [ 945.496698][T28756] sctp_do_bind+0x5b2/0x9d0 [ 945.496744][T28756] sctp_connect_new_asoc+0x270/0x6b0 [ 945.496775][T28756] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 945.496810][T28756] ? __local_bh_enable_ip+0xd0/0x130 [ 945.496833][T28756] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 945.496865][T28756] ? security_sctp_bind_connect+0x7e/0x2c0 [ 945.496898][T28756] sctp_sendmsg+0x1576/0x2c50 [ 945.496954][T28756] ? __pfx_sctp_sendmsg+0x10/0x10 [ 945.496985][T28756] ? aa_sk_perm+0x6d5/0x900 [ 945.497016][T28756] ? __might_fault+0xaf/0x130 [ 945.497054][T28756] ? __pfx_aa_sk_perm+0x10/0x10 [ 945.497090][T28756] ? sock_rps_record_flow+0x19/0x350 [ 945.497125][T28756] ? __pfx_inet_sendmsg+0x10/0x10 [ 945.497162][T28756] ? inet_sendmsg+0x2f4/0x370 [ 945.497197][T28756] ? __pfx_inet_sendmsg+0x10/0x10 [ 945.497233][T28756] __sys_sendto+0x5de/0x710 [ 945.497260][T28756] ? __pfx___sys_sendto+0x10/0x10 [ 945.497282][T28756] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 945.497323][T28756] ? __fget_files+0x3a0/0x420 [ 945.497364][T28756] ? ksys_write+0x242/0x270 [ 945.497401][T28756] ? __pfx_ksys_write+0x10/0x10 [ 945.497441][T28756] __x64_sys_sendto+0xde/0x100 [ 945.497466][T28756] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.497490][T28756] do_syscall_64+0x174/0x580 [ 945.497511][T28756] ? trace_irq_disable+0x3b/0x140 [ 945.497543][T28756] ? clear_bhb_loop+0x40/0x90 [ 945.497572][T28756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.497595][T28756] RIP: 0033:0x7f19a159ce59 [ 945.497617][T28756] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 945.497636][T28756] RSP: 002b:00007f19a2451028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 945.497661][T28756] RAX: ffffffffffffffda RBX: 00007f19a1815fa0 RCX: 00007f19a159ce59 [ 945.497679][T28756] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 945.497693][T28756] RBP: 00007f19a2451090 R08: 0000200000000080 R09: 000000000000001c [ 945.497708][T28756] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000001 [ 945.497722][T28756] R13: 00007f19a1816038 R14: 00007f19a1815fa0 R15: 00007ffe99e4be98 [ 945.497761][T28756] [ 945.952121][T28237] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 946.094667][T28237] veth0_vlan: entered promiscuous mode [ 946.110491][T28237] veth1_vlan: entered promiscuous mode [ 946.204525][T28237] veth0_macvtap: entered promiscuous mode [ 946.255242][T28237] veth1_macvtap: entered promiscuous mode [ 946.483475][T28777] 8021q: adding VLAN 0 to HW filter on device bond23 [ 946.526735][T28237] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 946.592586][T28780] xt_NFQUEUE: number of total queues is 0 [ 946.634872][T28237] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 946.693439][ T47] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 946.704677][T28780] __nla_validate_parse: 5 callbacks suppressed [ 946.704698][T28780] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5908'. [ 946.717854][ T47] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 946.782213][ T47] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 946.817558][ T47] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 946.861984][T28780] netlink: 348 bytes leftover after parsing attributes in process `syz.0.5908'. [ 947.019771][T28798] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5908'. [ 947.066427][T28780] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5908'. [ 947.144945][T28780] netlink: 348 bytes leftover after parsing attributes in process `syz.0.5908'. [ 947.271758][T28780] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5908'. [ 947.467190][T28808] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5914'. [ 947.543249][ T5967] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 947.600354][ T5967] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 948.022787][ T5971] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 948.053789][ T5971] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 948.620742][T28854] netlink: 192 bytes leftover after parsing attributes in process `syz.4.5923'. [ 950.009238][T28912] xt_cgroup: xt_cgroup: no path or classid specified [ 950.143884][T28916] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5938'. [ 950.717680][T28928] netlink: 'syz.3.5943': attribute type 1 has an invalid length. [ 950.746718][T28932] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5942'. [ 951.777080][T28964] rdma_rxe: rxe_newlink: failed to add xfrm0 [ 952.309019][T28988] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5958'. [ 952.336430][T28988] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5958'. [ 952.484305][T28985] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input11 [ 952.664389][T29002] netlink: 292 bytes leftover after parsing attributes in process `syz.0.5962'. [ 953.734099][T29037] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5969'. [ 954.306051][T29059] sctp: [Deprecated]: syz.3.5977 (pid 29059) Use of struct sctp_assoc_value in delayed_ack socket option. [ 954.306051][T29059] Use struct sctp_sack_info instead [ 954.560938][T29068] FAULT_INJECTION: forcing a failure. [ 954.560938][T29068] name failslab, interval 1, probability 0, space 0, times 0 [ 954.623552][T29068] CPU: 0 UID: 0 PID: 29068 Comm: syz.0.5979 Not tainted syzkaller #0 PREEMPT(full) [ 954.623584][T29068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 954.623599][T29068] Call Trace: [ 954.623609][T29068] [ 954.623619][T29068] dump_stack_lvl+0xe8/0x150 [ 954.623652][T29068] should_fail_ex+0x412/0x560 [ 954.623684][T29068] should_failslab+0xa8/0x100 [ 954.623710][T29068] __kmalloc_cache_noprof+0x88/0x660 [ 954.623746][T29068] ? sctp_auth_asoc_copy_shkeys+0x14e/0x5a0 [ 954.623887][T29068] ? __genradix_ptr+0x1e1/0x220 [ 954.623924][T29068] sctp_auth_asoc_copy_shkeys+0x14e/0x5a0 [ 954.623980][T29068] sctp_association_new+0x15d3/0x25e0 [ 954.624027][T29068] sctp_connect_new_asoc+0x2e4/0x6b0 [ 954.624059][T29068] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 954.624103][T29068] ? __local_bh_enable_ip+0xd0/0x130 [ 954.624126][T29068] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 954.624159][T29068] ? security_sctp_bind_connect+0x7e/0x2c0 [ 954.624192][T29068] sctp_sendmsg+0x1576/0x2c50 [ 954.624216][T29068] ? unwind_next_frame+0xa6/0x2550 [ 954.624261][T29068] ? __pfx_sctp_sendmsg+0x10/0x10 [ 954.624292][T29068] ? aa_sk_perm+0x6d5/0x900 [ 954.624333][T29068] ? __pfx_aa_sk_perm+0x10/0x10 [ 954.624369][T29068] ? sock_rps_record_flow+0x19/0x350 [ 954.624407][T29068] ? inet_sendmsg+0x2f4/0x370 [ 954.624446][T29068] ____sys_sendmsg+0x80a/0x9f0 [ 954.624482][T29068] ? __pfx_____sys_sendmsg+0x10/0x10 [ 954.624520][T29068] ? import_iovec+0x73/0xa0 [ 954.624551][T29068] ___sys_sendmsg+0x2a5/0x360 [ 954.624577][T29068] ? __lock_acquire+0x6b5/0x2cf0 [ 954.624606][T29068] ? __pfx____sys_sendmsg+0x10/0x10 [ 954.624675][T29068] ? __fget_files+0x2a/0x420 [ 954.624703][T29068] ? __fget_files+0x3a0/0x420 [ 954.624742][T29068] __x64_sys_sendmsg+0x1bd/0x2a0 [ 954.624773][T29068] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 954.624810][T29068] ? __pfx_ksys_write+0x10/0x10 [ 954.624854][T29068] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 954.624879][T29068] do_syscall_64+0x174/0x580 [ 954.624904][T29068] ? trace_irq_disable+0x3b/0x140 [ 954.624938][T29068] ? clear_bhb_loop+0x40/0x90 [ 954.624975][T29068] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 954.624998][T29068] RIP: 0033:0x7f19a159ce59 [ 954.625019][T29068] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 954.625039][T29068] RSP: 002b:00007f19a2430028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 954.625064][T29068] RAX: ffffffffffffffda RBX: 00007f19a1816090 RCX: 00007f19a159ce59 [ 954.625082][T29068] RDX: 0000000024000052 RSI: 00002000000000c0 RDI: 0000000000000005 [ 954.625098][T29068] RBP: 00007f19a2430090 R08: 0000000000000000 R09: 0000000000000000 [ 954.625112][T29068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 954.625125][T29068] R13: 00007f19a1816128 R14: 00007f19a1816090 R15: 00007ffe99e4be98 [ 954.625163][T29068] [ 955.100269][T29073] netlink: 'syz.2.5978': attribute type 13 has an invalid length. [ 956.223145][T29109] FAULT_INJECTION: forcing a failure. [ 956.223145][T29109] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 956.249211][T29107] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input12 [ 956.302540][T29109] CPU: 1 UID: 0 PID: 29109 Comm: syz.3.5986 Not tainted syzkaller #0 PREEMPT(full) [ 956.302569][T29109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 956.302584][T29109] Call Trace: [ 956.302593][T29109] [ 956.302603][T29109] dump_stack_lvl+0xe8/0x150 [ 956.302636][T29109] should_fail_ex+0x412/0x560 [ 956.302667][T29109] _copy_to_user+0x31/0xb0 [ 956.302698][T29109] simple_read_from_buffer+0xe1/0x170 [ 956.302734][T29109] proc_fail_nth_read+0x1bb/0x230 [ 956.302767][T29109] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 956.302802][T29109] ? rw_verify_area+0x2a6/0x4d0 [ 956.302834][T29109] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 956.302866][T29109] vfs_read+0x20c/0xa70 [ 956.302905][T29109] ? __pfx___mutex_lock+0x10/0x10 [ 956.302933][T29109] ? __pfx_vfs_read+0x10/0x10 [ 956.302968][T29109] ? __fget_files+0x2a/0x420 [ 956.303010][T29109] ? __fget_files+0x3a0/0x420 [ 956.303037][T29109] ? __fget_files+0x2a/0x420 [ 956.303075][T29109] ksys_read+0x150/0x270 [ 956.303110][T29109] ? __pfx_ksys_read+0x10/0x10 [ 956.303162][T29109] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 956.303186][T29109] do_syscall_64+0x174/0x580 [ 956.303210][T29109] ? trace_irq_disable+0x3b/0x140 [ 956.303244][T29109] ? clear_bhb_loop+0x40/0x90 [ 956.303272][T29109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 956.303295][T29109] RIP: 0033:0x7f8c4b15d68e [ 956.303317][T29109] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 956.303337][T29109] RSP: 002b:00007f8c4bf9bfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 956.303361][T29109] RAX: ffffffffffffffda RBX: 00007f8c4bf9c6c0 RCX: 00007f8c4b15d68e [ 956.303378][T29109] RDX: 000000000000000f RSI: 00007f8c4bf9c0a0 RDI: 0000000000000004 [ 956.303393][T29109] RBP: 00007f8c4bf9c090 R08: 0000000000000000 R09: 0000000000000000 [ 956.303407][T29109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 956.303420][T29109] R13: 00007f8c4b416038 R14: 00007f8c4b415fa0 R15: 00007fff9efec8e8 [ 956.303458][T29109] [ 957.363355][T29132] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5992'. [ 957.464681][T29135] netlink: 220 bytes leftover after parsing attributes in process `syz.0.5993'. [ 957.499547][T29135] netlink: 'syz.0.5993': attribute type 2 has an invalid length. [ 958.366941][T29159] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5997'. [ 959.612300][T29186] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6001'. [ 959.749692][T29186] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input13 [ 960.032166][T29197] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6004'. [ 960.864064][T29217] netlink: 168 bytes leftover after parsing attributes in process `syz.4.6010'. [ 961.177168][T29229] netlink: 'syz.0.6014': attribute type 1 has an invalid length. [ 961.272748][T29232] netlink: 56 bytes leftover after parsing attributes in process `syz.0.6014'. [ 961.451494][T29229] 8021q: adding VLAN 0 to HW filter on device bond12 [ 961.638587][T29243] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6018'. [ 961.983135][T29255] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6021'. [ 962.437518][T29268] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6027'. [ 962.466531][T29268] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6027'. [ 963.121398][T29280] netlink: 'syz.4.6030': attribute type 1 has an invalid length. [ 963.190670][T29283] netlink: 56 bytes leftover after parsing attributes in process `syz.4.6030'. [ 963.210110][T29284] netlink: 'syz.3.6031': attribute type 1 has an invalid length. [ 963.433596][T29280] 8021q: adding VLAN 0 to HW filter on device bond18 [ 964.043414][T29289] bond2: (slave gretap1): making interface the new active one [ 964.113898][T29289] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 964.218721][T23236] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 964.238491][T23236] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 964.252223][T23236] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 964.268525][T23236] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 964.283774][T23236] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 964.381594][T29292] bond2: (slave bridge1): Enslaving as an active interface with a down link [ 964.877322][T29326] netlink: 'syz.2.6038': attribute type 1 has an invalid length. [ 964.991305][T29332] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6038'. [ 965.162547][T29326] 8021q: adding VLAN 0 to HW filter on device bond16 [ 965.242065][T29340] bond16: (slave geneve4): making interface the new active one [ 965.281458][T29340] bond16: (slave geneve4): Enslaving as an active interface with an up link [ 965.504732][ T33] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 965.535212][ T33] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 965.570048][T29330] xfrm0 speed is unknown, defaulting to 1000 [ 965.587201][T29330] lo speed is unknown, defaulting to 1000 [ 965.712398][ T33] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 965.770143][ T33] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 965.963013][ T33] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 965.999800][ T33] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 966.081898][T29309] xfrm0 speed is unknown, defaulting to 1000 [ 966.187520][ T33] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 966.222509][ T33] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 966.268335][T29336] netlink: 'syz.3.6040': attribute type 4 has an invalid length. [ 966.295188][T29363] xfrm0 speed is unknown, defaulting to 1000 [ 966.388092][ T5637] Bluetooth: hci5: command tx timeout [ 966.562428][T29380] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6047'. [ 966.791473][T29309] lo speed is unknown, defaulting to 1000 [ 966.855284][T29395] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6048'. [ 967.018551][T29388] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6048'. [ 967.781862][ T33] bond13 (unregistering): (slave erspan1): Releasing active interface [ 967.790952][ T33] erspan1 (unregistering): left promiscuous mode [ 967.846120][ T33] bond8 (unregistering): (slave gretap1): Releasing active interface [ 967.975602][ T33] bond10 (unregistering): (slave geneve3): Releasing active interface [ 968.026683][ T33] bond1 (unregistering): (slave bridge1): Releasing backup interface [ 968.035890][ T33] bridge1 (unregistering): left promiscuous mode [ 968.043207][ T33] bridge1 (unregistering): left allmulticast mode [ 968.071997][ T33] bond3 (unregistering): (slave bridge2): Releasing backup interface [ 968.080877][ T33] bridge2 (unregistering): left promiscuous mode [ 968.087323][ T33] bridge2 (unregistering): left allmulticast mode [ 968.100714][ T33] bond4 (unregistering): (slave bridge3): Releasing backup interface [ 968.109787][ T33] bridge3 (unregistering): left promiscuous mode [ 968.116413][ T33] bridge3 (unregistering): left allmulticast mode [ 968.131295][ T33] bond5 (unregistering): (slave bridge4): Releasing backup interface [ 968.140307][ T33] bridge4 (unregistering): left promiscuous mode [ 968.146779][ T33] bridge4 (unregistering): left allmulticast mode [ 968.160924][ T33] bond6 (unregistering): (slave bridge5): Releasing backup interface [ 968.170261][ T33] bridge5 (unregistering): left promiscuous mode [ 968.176702][ T33] bridge5 (unregistering): left allmulticast mode [ 968.194953][ T33] bond12 (unregistering): (slave bridge7): Releasing backup interface [ 968.204335][ T33] bridge7 (unregistering): left promiscuous mode [ 968.211793][ T33] bridge7 (unregistering): left allmulticast mode [ 968.250736][ T33] bond17 (unregistering): (slave bridge8): Releasing backup interface [ 968.259242][ T33] bridge8 (unregistering): left promiscuous mode [ 968.265804][ T33] bridge8 (unregistering): left allmulticast mode [ 968.283397][ T33] bond20 (unregistering): (slave bridge9): Releasing backup interface [ 968.295027][ T33] bridge9 (unregistering): left promiscuous mode [ 968.301532][ T33] bridge9 (unregistering): left allmulticast mode [ 968.330991][ T33] bond0 (unregistering): Released all slaves [ 968.343586][ T33] bond1 (unregistering): Released all slaves [ 968.361914][ T33] bond2 (unregistering): Released all slaves [ 968.379742][ T33] bond3 (unregistering): Released all slaves [ 968.397759][ T33] bond4 (unregistering): Released all slaves [ 968.422940][ T33] bond5 (unregistering): Released all slaves [ 968.440473][ T33] bond6 (unregistering): Released all slaves [ 968.448956][ T5637] Bluetooth: hci5: command tx timeout [ 968.468662][ T33] bond7 (unregistering): Released all slaves [ 968.487915][ T33] bond8 (unregistering): Released all slaves [ 968.505810][ T33] bond9 (unregistering): Released all slaves [ 968.525869][ T33] bond10 (unregistering): Released all slaves [ 968.548189][ T33] bond11 (unregistering): Released all slaves [ 968.564837][ T33] bond12 (unregistering): Released all slaves [ 968.583711][ T33] bond13 (unregistering): Released all slaves [ 968.603930][ T33] bond14 (unregistering): Released all slaves [ 968.625100][ T33] bond15 (unregistering): Released all slaves [ 968.645567][ T33] bond16 (unregistering): Released all slaves [ 968.666674][ T33] bond17 (unregistering): Released all slaves [ 968.685670][ T33] bond18 (unregistering): (slave veth3): Releasing active interface [ 968.696377][ T33] bond18 (unregistering): Released all slaves [ 968.716509][ T33] bond19 (unregistering): (slave veth5): Releasing backup interface [ 968.727931][ T33] bond19 (unregistering): (slave batadv1): Releasing backup interface [ 968.738376][ T33] bond19 (unregistering): Released all slaves [ 968.758677][ T33] bond20 (unregistering): Released all slaves [ 968.777495][ T33] bond21 (unregistering): Released all slaves [ 968.794112][ T33] bond22 (unregistering): Released all slaves [ 968.814059][ T33] bond23 (unregistering): Released all slaves [ 968.852600][T29363] lo speed is unknown, defaulting to 1000 [ 969.271757][ T33] : left promiscuous mode [ 969.622364][ T33] tipc: Disabling bearer [ 969.634498][ T33] tipc: Disabling bearer [ 969.690859][ T33] tipc: Left network mode [ 970.528931][ T5637] Bluetooth: hci5: command tx timeout [ 970.930335][ T5294] 8021q: adding VLAN 0 to HW filter on device eth1 [ 971.143068][T29466] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6058'. [ 971.162382][T29309] bridge0: port 1(bridge_slave_0) entered blocking state [ 971.197909][T29309] bridge0: port 1(bridge_slave_0) entered disabled state [ 971.217163][T29309] bridge_slave_0: entered allmulticast mode [ 971.279725][T29309] bridge_slave_0: entered promiscuous mode [ 971.354263][T29309] bridge0: port 2(bridge_slave_1) entered blocking state [ 971.380660][T29309] bridge0: port 2(bridge_slave_1) entered disabled state [ 971.413798][T29309] bridge_slave_1: entered allmulticast mode [ 971.436120][T29309] bridge_slave_1: entered promiscuous mode [ 971.638707][T29309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 971.675463][T29309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 971.742320][T29474] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6061'. [ 971.891487][T29309] team0: Port device team_slave_0 added [ 971.918142][T29309] team0: Port device team_slave_1 added [ 971.940594][T29488] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6061'. [ 972.055795][T29492] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6064'. [ 972.095079][T29492] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 972.286756][T29309] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 972.321889][T29309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 972.394683][T29309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 972.534029][T29309] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 972.561341][T29309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 972.610768][ T5637] Bluetooth: hci5: command tx timeout [ 972.619577][T29309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 972.643969][T29503] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6066'. [ 972.767027][T29510] netlink: 'syz.2.6066': attribute type 10 has an invalid length. [ 972.820677][T29510] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6066'. [ 972.872600][T29506] team0: Port device dummy0 removed [ 972.953553][T29517] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6069'. [ 972.978114][T29510] dummy0: entered promiscuous mode [ 973.155062][ T5294] 8021q: adding VLAN 0 to HW filter on device eth2 [ 973.186122][T29309] hsr_slave_0: entered promiscuous mode [ 973.195284][T29309] hsr_slave_1: entered promiscuous mode [ 973.203647][T29309] debugfs: 'hsr0' already exists in 'hsr' [ 973.210894][T29309] Cannot create hsr debugfs directory [ 973.923522][T29531] xfrm0 speed is unknown, defaulting to 1000 [ 973.987849][T29531] lo speed is unknown, defaulting to 1000 [ 974.491223][T29556] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6078'. [ 974.904970][T29569] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6081'. [ 974.990963][T29569] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6081'. [ 975.546315][T29589] netlink: 'syz.4.6086': attribute type 21 has an invalid length. [ 975.580084][T29578] xt_NFQUEUE: number of total queues is 0 [ 975.661231][T29594] netlink: 'syz.4.6086': attribute type 18 has an invalid length. [ 976.616735][T29623] netlink: 'syz.0.6091': attribute type 1 has an invalid length. [ 976.641905][T29625] __nla_validate_parse: 12 callbacks suppressed [ 976.641927][T29625] netlink: 220 bytes leftover after parsing attributes in process `syz.4.6092'. [ 976.656491][T29623] netlink: 76 bytes leftover after parsing attributes in process `syz.0.6091'. [ 976.723601][T29625] netlink: 'syz.4.6092': attribute type 2 has an invalid length. [ 976.757637][T29628] xt_limit: Overflow, try lower: 324382443/0 [ 976.761321][T29625] FAULT_INJECTION: forcing a failure. [ 976.761321][T29625] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 976.787809][T29629] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 976.834592][T29625] CPU: 1 UID: 0 PID: 29625 Comm: syz.4.6092 Not tainted syzkaller #0 PREEMPT(full) [ 976.834624][T29625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 976.834638][T29625] Call Trace: [ 976.834648][T29625] [ 976.834666][T29625] dump_stack_lvl+0xe8/0x150 [ 976.834698][T29625] should_fail_ex+0x412/0x560 [ 976.834729][T29625] _copy_to_user+0x31/0xb0 [ 976.834761][T29625] simple_read_from_buffer+0xe1/0x170 [ 976.834796][T29625] proc_fail_nth_read+0x1bb/0x230 [ 976.834841][T29625] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 976.834875][T29625] ? rw_verify_area+0x2a6/0x4d0 [ 976.834907][T29625] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 976.834940][T29625] vfs_read+0x20c/0xa70 [ 976.834979][T29625] ? __pfx___mutex_lock+0x10/0x10 [ 976.835008][T29625] ? __pfx_vfs_read+0x10/0x10 [ 976.835042][T29625] ? __fget_files+0x2a/0x420 [ 976.835076][T29625] ? __fget_files+0x3a0/0x420 [ 976.835103][T29625] ? __fget_files+0x2a/0x420 [ 976.835142][T29625] ksys_read+0x150/0x270 [ 976.835177][T29625] ? __pfx_ksys_read+0x10/0x10 [ 976.835220][T29625] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 976.835246][T29625] do_syscall_64+0x174/0x580 [ 976.835270][T29625] ? trace_irq_disable+0x3b/0x140 [ 976.835305][T29625] ? clear_bhb_loop+0x40/0x90 [ 976.835334][T29625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 976.835356][T29625] RIP: 0033:0x7f585e75d68e [ 976.835378][T29625] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 976.835398][T29625] RSP: 002b:00007f585f5b7fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 976.835422][T29625] RAX: ffffffffffffffda RBX: 00007f585f5b86c0 RCX: 00007f585e75d68e [ 976.835438][T29625] RDX: 000000000000000f RSI: 00007f585f5b80a0 RDI: 0000000000000003 [ 976.835452][T29625] RBP: 00007f585f5b8090 R08: 0000000000000000 R09: 0000000000000000 [ 976.835466][T29625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 976.835480][T29625] R13: 00007f585ea16038 R14: 00007f585ea15fa0 R15: 00007ffee16314f8 [ 976.835518][T29625] [ 977.598483][T29309] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 977.647930][T29636] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6094'. [ 977.671533][T29309] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 977.810069][ T33] hsr_slave_0: left promiscuous mode [ 977.840229][ T33] hsr_slave_1: left promiscuous mode [ 977.917251][ T33] veth1_macvtap: left promiscuous mode [ 977.932526][ T33] veth0_macvtap: left promiscuous mode [ 977.945336][ T33] veth1_vlan: left promiscuous mode [ 977.953716][ T33] veth0_vlan: left promiscuous mode [ 978.270778][T29668] xt_NFQUEUE: number of total queues is 0 [ 978.374969][ T33] pim6reg (unregistering): left allmulticast mode [ 978.407333][T29670] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6099'. [ 978.447149][T29670] netlink: 348 bytes leftover after parsing attributes in process `syz.3.6099'. [ 978.501535][T29670] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6099'. [ 978.538728][T29670] netlink: 348 bytes leftover after parsing attributes in process `syz.3.6099'. [ 978.653825][T29670] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6099'. [ 978.890420][T29670] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6099'. [ 978.913955][T29670] netlink: 348 bytes leftover after parsing attributes in process `syz.3.6099'. [ 979.628125][T29309] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 979.653391][T29309] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 979.670440][T29309] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 979.692131][T29309] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 979.776824][T29653] vlan2: entered allmulticast mode [ 979.787847][T29653] bond0: entered allmulticast mode [ 979.828973][T29309] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 979.870885][T29309] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 980.366748][ T33] IPVS: stop unused estimator thread 0... [ 980.445050][T29695] xt_NFQUEUE: number of total queues is 0 [ 980.490086][T29309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 980.616593][T29309] 8021q: adding VLAN 0 to HW filter on device team0 [ 980.675387][ T5964] bridge0: port 1(bridge_slave_0) entered blocking state [ 980.682852][ T5964] bridge0: port 1(bridge_slave_0) entered forwarding state [ 980.972023][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 980.979545][ T47] bridge0: port 2(bridge_slave_1) entered forwarding state [ 981.785539][T29722] xfrm0 speed is unknown, defaulting to 1000 [ 981.848275][T29722] lo speed is unknown, defaulting to 1000 [ 982.849813][T29748] __nla_validate_parse: 13 callbacks suppressed [ 982.849838][T29748] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6112'. [ 983.093297][T29760] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6112'. [ 984.614054][T29309] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 984.698223][T29779] xt_NFQUEUE: number of total queues is 0 [ 984.781954][T29788] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6117'. [ 984.884520][T29788] netlink: 348 bytes leftover after parsing attributes in process `syz.4.6117'. [ 985.003651][T29788] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6117'. [ 985.169540][T29788] netlink: 348 bytes leftover after parsing attributes in process `syz.4.6117'. [ 985.261311][T29788] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6117'. [ 985.467738][ T30] audit: type=1800 audit(1780667666.734:15): pid=29804 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.6120" name="memory.events" dev="tmpfs" ino=2906 res=0 errno=0 [ 985.498513][T29309] veth0_vlan: entered promiscuous mode [ 985.595955][T29309] veth1_vlan: entered promiscuous mode [ 985.607920][ T30] audit: type=1804 audit(1780667666.764:16): pid=29804 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.6120" name="/newroot/568/memory.events" dev="tmpfs" ino=2906 res=1 errno=0 [ 985.837960][T29309] veth0_macvtap: entered promiscuous mode [ 985.912203][T29309] veth1_macvtap: entered promiscuous mode [ 986.042732][T29309] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 986.141461][T29309] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 986.244064][ T5967] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 986.297759][ T5967] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 986.362298][ T5967] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 986.397821][T29821] IPVS: set_ctl: invalid protocol: 22 172.20.20.170:20001 [ 986.416478][ T5967] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 986.506847][T29822] IPVS: lc: FWM 3 0x00000003 - no destination available [ 986.547762][T29816] xt_CT: No such helper "snmp" [ 986.567645][ C0] IPVS: lc: FWM 3 0x00000003 - no destination available [ 987.115188][ T182] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 987.186084][ T182] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 987.718273][T29831] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6125'. [ 987.963527][ T1336] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 987.992225][ T1336] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 988.965622][T29868] tipc: Started in network mode [ 989.002765][T29868] tipc: Node identity ac14140f, cluster identity 4711 [ 989.061556][T29868] tipc: New replicast peer: 255.255.255.255 [ 989.098028][T29868] tipc: Enabled bearer , priority 10 [ 989.130250][T29871] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6130'. [ 989.177863][T29868] netlink: 'syz.1.6130': attribute type 1 has an invalid length. [ 989.296668][T29868] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6130'. [ 989.348904][T29868] erspan0: entered promiscuous mode [ 989.385046][T29868] erspan0: entered allmulticast mode [ 989.633805][T29877] xt_NFQUEUE: number of total queues is 0 [ 989.713983][T29886] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6132'. [ 989.819576][T29886] netlink: 348 bytes leftover after parsing attributes in process `syz.2.6132'. [ 989.850058][T29890] Bluetooth: MGMT ver 1.23 [ 989.968197][T29886] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6132'. [ 990.089474][T29886] netlink: 348 bytes leftover after parsing attributes in process `syz.2.6132'. [ 990.188424][T29886] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6132'. [ 990.850986][T29913] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6139'. [ 991.128746][T29887] syzkaller1: entered promiscuous mode [ 991.160290][T29887] syzkaller1: entered allmulticast mode [ 991.233161][T29392] tipc: Node number set to 2886997007 [ 991.979721][ T5637] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 991.990823][ T5637] Bluetooth: hci2: command 0x0401 tx timeout [ 992.542046][T29956] tipc: Enabling of bearer rejected, already enabled [ 992.589028][T29956] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6148'. [ 992.651109][T29956] netlink: 'syz.2.6148': attribute type 1 has an invalid length. [ 992.853432][T29968] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6148'. [ 992.995835][T29956] bond17: entered promiscuous mode [ 993.055666][T29956] 8021q: adding VLAN 0 to HW filter on device bond17 [ 993.169891][T29968] bond17: entered allmulticast mode [ 993.422402][T29978] bond17: (slave bridge13): making interface the new active one [ 993.468197][T29978] bridge13: entered promiscuous mode [ 993.512353][T29978] bridge13: entered allmulticast mode [ 993.575344][T29978] bond17: (slave bridge13): Enslaving as an active interface with an up link [ 994.444356][T30006] __nla_validate_parse: 5 callbacks suppressed [ 994.444386][T30006] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6157'. [ 995.409584][T30018] nbd: must specify at least one socket [ 995.744609][T30025] netlink: 'syz.1.6162': attribute type 21 has an invalid length. [ 995.920917][T30027] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6163'. [ 995.961099][T30031] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 995.974791][T30038] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6166'. [ 996.044752][T30031] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 996.775106][T30062] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6172'. [ 997.019958][T30066] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6174'. [ 997.154142][T30070] netlink: 830 bytes leftover after parsing attributes in process `syz.3.6175'. [ 997.224748][T30049] smbdirect: ib_dev[syz1] removed [ 998.442638][T30093] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6180'. [ 1000.176153][T30073] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1000.200997][T30066] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6174'. [ 1001.211788][T30124] FAULT_INJECTION: forcing a failure. [ 1001.211788][T30124] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1001.276916][T30124] CPU: 0 UID: 0 PID: 30124 Comm: syz.0.6191 Not tainted syzkaller #0 PREEMPT(full) [ 1001.276948][T30124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1001.276962][T30124] Call Trace: [ 1001.276971][T30124] [ 1001.276982][T30124] dump_stack_lvl+0xe8/0x150 [ 1001.277015][T30124] should_fail_ex+0x412/0x560 [ 1001.277046][T30124] _copy_to_user+0x31/0xb0 [ 1001.277077][T30124] simple_read_from_buffer+0xe1/0x170 [ 1001.277113][T30124] proc_fail_nth_read+0x1bb/0x230 [ 1001.277147][T30124] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1001.277182][T30124] ? rw_verify_area+0x2a6/0x4d0 [ 1001.277212][T30124] ? __fget_files+0x2a/0x420 [ 1001.277238][T30124] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1001.277270][T30124] vfs_read+0x20c/0xa70 [ 1001.277308][T30124] ? __pfx___mutex_lock+0x10/0x10 [ 1001.277336][T30124] ? __pfx_vfs_read+0x10/0x10 [ 1001.277370][T30124] ? __fget_files+0x2a/0x420 [ 1001.277406][T30124] ? __fget_files+0x3a0/0x420 [ 1001.277432][T30124] ? __fget_files+0x2a/0x420 [ 1001.277471][T30124] ksys_read+0x150/0x270 [ 1001.277507][T30124] ? __pfx_ksys_read+0x10/0x10 [ 1001.277556][T30124] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1001.277582][T30124] do_syscall_64+0x174/0x580 [ 1001.277606][T30124] ? trace_irq_disable+0x3b/0x140 [ 1001.277641][T30124] ? clear_bhb_loop+0x40/0x90 [ 1001.277670][T30124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1001.277693][T30124] RIP: 0033:0x7f19a155d68e [ 1001.277714][T30124] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1001.277733][T30124] RSP: 002b:00007f19a2450fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1001.277757][T30124] RAX: ffffffffffffffda RBX: 00007f19a24516c0 RCX: 00007f19a155d68e [ 1001.277775][T30124] RDX: 000000000000000f RSI: 00007f19a24510a0 RDI: 0000000000000005 [ 1001.277790][T30124] RBP: 00007f19a2451090 R08: 0000000000000000 R09: 0000000000000000 [ 1001.277804][T30124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1001.277817][T30124] R13: 00007f19a1816038 R14: 00007f19a1815fa0 R15: 00007ffe99e4be98 [ 1001.277853][T30124] [ 1001.871406][ T30] audit: type=1804 audit(1780667683.144:17): pid=30135 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.6192" name="/newroot/584/memory.events" dev="tmpfs" ino=2993 res=1 errno=0 [ 1002.025661][ T30] audit: type=1800 audit(1780667683.184:18): pid=30135 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6192" name="memory.events" dev="tmpfs" ino=2993 res=0 errno=0 [ 1003.408003][T17285] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x3 [ 1004.174071][T30209] xt_NFQUEUE: number of total queues is 0 [ 1004.275103][T30209] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6211'. [ 1004.358296][T30209] netlink: 348 bytes leftover after parsing attributes in process `syz.2.6211'. [ 1004.437749][T30209] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6211'. [ 1004.477053][T30226] netlink: 'syz.3.6216': attribute type 4 has an invalid length. [ 1004.563608][T30209] netlink: 348 bytes leftover after parsing attributes in process `syz.2.6211'. [ 1004.586998][T30226] netlink: 'syz.3.6216': attribute type 4 has an invalid length. [ 1004.713085][T30209] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6211'. [ 1005.876738][T30261] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6225'. [ 1005.933554][T30261] openvswitch: netlink: Flow key attr not present in new flow. [ 1006.373162][T30274] FAULT_INJECTION: forcing a failure. [ 1006.373162][T30274] name failslab, interval 1, probability 0, space 0, times 0 [ 1006.448275][T30274] CPU: 0 UID: 0 PID: 30274 Comm: syz.3.6230 Not tainted syzkaller #0 PREEMPT(full) [ 1006.448306][T30274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1006.448321][T30274] Call Trace: [ 1006.448330][T30274] [ 1006.448340][T30274] dump_stack_lvl+0xe8/0x150 [ 1006.448373][T30274] should_fail_ex+0x412/0x560 [ 1006.448411][T30274] should_failslab+0xa8/0x100 [ 1006.448435][T30274] ? mas_alloc_nodes+0x291/0x350 [ 1006.448458][T30274] kmem_cache_alloc_noprof+0x87/0x650 [ 1006.448500][T30274] mas_alloc_nodes+0x291/0x350 [ 1006.448528][T30274] mas_preallocate+0x2d6/0x640 [ 1006.448554][T30274] ? rcu_is_watching+0x15/0xb0 [ 1006.448583][T30274] ? __pfx_mas_preallocate+0x10/0x10 [ 1006.448620][T30274] ? __mas_set_range+0x12f/0x3c0 [ 1006.448654][T30274] __split_vma+0x318/0xa50 [ 1006.448693][T30274] ? __pfx___split_vma+0x10/0x10 [ 1006.448733][T30274] ? mas_find+0xb0e/0xd30 [ 1006.448768][T30274] vms_gather_munmap_vmas+0x4fa/0x1380 [ 1006.448812][T30274] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 1006.448835][T30274] ? rcu_is_watching+0x15/0xb0 [ 1006.448861][T30274] ? vm_unmapped_area+0xde/0x230 [ 1006.448906][T30274] do_vmi_align_munmap+0x2b4/0x4b0 [ 1006.448953][T30274] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 1006.449011][T30274] do_vmi_munmap+0x252/0x2d0 [ 1006.449044][T30274] __vm_munmap+0x22c/0x3d0 [ 1006.449073][T30274] ? __pfx___vm_munmap+0x10/0x10 [ 1006.449097][T30274] ? vm_mmap_pgoff+0x3b1/0x4f0 [ 1006.449145][T30274] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1006.449170][T30274] __x64_sys_munmap+0x60/0x70 [ 1006.449201][T30274] do_syscall_64+0x174/0x580 [ 1006.449224][T30274] ? trace_irq_disable+0x3b/0x140 [ 1006.449258][T30274] ? clear_bhb_loop+0x40/0x90 [ 1006.449285][T30274] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1006.449307][T30274] RIP: 0033:0x7f8c4b19cc87 [ 1006.449328][T30274] Code: 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1006.449348][T30274] RSP: 002b:00007f8c4bf9ad18 EFLAGS: 00000206 ORIG_RAX: 000000000000000b [ 1006.449371][T30274] RAX: ffffffffffffffda RBX: 00007f8c44000000 RCX: 00007f8c4b19cc87 [ 1006.449395][T30274] RDX: 0000000000000000 RSI: 0000000002e00000 RDI: 00007f8c41200000 [ 1006.449410][T30274] RBP: 0000000000021000 R08: 00000000ffffffff R09: 0000000000000000 [ 1006.449424][T30274] R10: 0000000000000022 R11: 0000000000000206 R12: 0000000004000000 [ 1006.449439][T30274] R13: 0000000000001000 R14: 00007f8c48000000 R15: 0000000002e00000 [ 1006.449474][T30274] [ 1007.773006][T30311] netlink: 'syz.0.6239': attribute type 1 has an invalid length. [ 1008.031515][T30311] 8021q: adding VLAN 0 to HW filter on device bond13 [ 1009.988024][T30375] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6250'. [ 1010.027533][T30375] netlink: 'syz.1.6250': attribute type 14 has an invalid length. [ 1010.066632][T30375] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6250'. [ 1010.112358][T30380] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6252'. [ 1010.747560][T30399] netlink: 'syz.4.6256': attribute type 10 has an invalid length. [ 1010.828256][T30399] team0: Failed to send options change via netlink (err -105) [ 1010.875530][T30399] team0: Port device dummy0 added [ 1011.005655][T30404] lo speed is unknown, defaulting to 1000 [ 1011.246928][T30415] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6259'. [ 1011.282797][T30393] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 1011.343604][T30415] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 1011.370490][T30415] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6259'. [ 1011.565482][T30426] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1011.726005][T30426] bond0: left allmulticast mode [ 1011.761676][T30426] bond0: left promiscuous mode [ 1011.791154][T30426] bridge0: port 1(bond0) entered disabled state [ 1012.832357][T30458] geneve5: entered promiscuous mode [ 1013.051470][T30466] netlink: 'syz.3.6273': attribute type 21 has an invalid length. [ 1013.090512][T30468] bond0: Caught tx_queue_len zero misconfig [ 1013.496447][T30479] netlink: 'syz.2.6276': attribute type 1 has an invalid length. [ 1013.915477][T23236] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1013.927526][T23236] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1013.936467][T23236] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1013.947261][T23236] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1013.959412][T23236] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1014.100320][T30485] bond18: (slave gretap2): making interface the new active one [ 1014.151600][T30485] bond18: (slave gretap2): Enslaving as an active interface with an up link [ 1014.216201][T30489] macvlan2: entered promiscuous mode [ 1014.243762][T30489] macvlan2: entered allmulticast mode [ 1014.266623][T30489] bond18: entered promiscuous mode [ 1014.278115][T30489] gretap2: entered promiscuous mode [ 1014.287448][T30489] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1014.312751][T30489] bond18: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 1014.346755][T30489] bond18: left promiscuous mode [ 1014.358614][T30489] gretap2: left promiscuous mode [ 1014.851914][T30515] netlink: 'syz.2.6282': attribute type 1 has an invalid length. [ 1014.984838][T30516] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6282'. [ 1015.919810][T30532] sctp: [Deprecated]: syz.0.6286 (pid 30532) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1015.919810][T30532] Use struct sctp_sack_info instead [ 1015.972584][T30533] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6286'. [ 1016.049612][ T5637] Bluetooth: hci4: command tx timeout [ 1018.135092][ T5637] Bluetooth: hci4: command tx timeout [ 1020.209719][ T5637] Bluetooth: hci4: command tx timeout [ 1020.817103][T30507] tipc: Enabling of bearer rejected, already enabled [ 1020.825627][T30511] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6282'. [ 1020.827039][T30515] workqueue: Failed to create a rescuer kthread for wq "bond19": -EINTR [ 1021.088197][ T13] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1021.162779][ T13] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1021.303030][T30563] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6290'. [ 1021.322786][T30555] netlink: 'syz.2.6289': attribute type 1 has an invalid length. [ 1021.359757][T30555] netlink: 'syz.2.6289': attribute type 2 has an invalid length. [ 1021.555087][ T13] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1021.583636][ T13] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1021.625576][T30563] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6290'. [ 1021.700862][T30494] lo speed is unknown, defaulting to 1000 [ 1021.738293][ T13] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1021.771077][ T13] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1022.012048][ T13] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1022.051052][ T13] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1022.289605][ T5637] Bluetooth: hci4: command tx timeout [ 1022.422383][T30584] lo speed is unknown, defaulting to 1000 [ 1022.984734][T30616] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.6302'. [ 1023.190584][ T13] bridge_slave_1: left allmulticast mode [ 1023.204496][ T13] bridge_slave_1: left promiscuous mode [ 1023.224424][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1023.259939][ T13] bridge_slave_0: left allmulticast mode [ 1023.272045][ T13] bridge_slave_0: left promiscuous mode [ 1023.283383][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1023.634631][ T13] bond3 (unregistering): (slave erspan1): Releasing active interface [ 1023.643622][ T13] erspan1 (unregistering): left promiscuous mode [ 1023.757354][ T13] bond9 (unregistering): (slave bridge1): Releasing backup interface [ 1023.766141][ T13] bridge1 (unregistering): left promiscuous mode [ 1023.773502][ T13] bridge1 (unregistering): left allmulticast mode [ 1023.788552][ T13] bond12 (unregistering): (slave bridge2): Releasing backup interface [ 1023.797920][ T13] bridge2 (unregistering): left promiscuous mode [ 1023.807241][ T13] bridge2 (unregistering): left allmulticast mode [ 1023.828156][ T13] bond13 (unregistering): (slave bridge3): Releasing backup interface [ 1023.837241][ T13] bridge3 (unregistering): left promiscuous mode [ 1023.844307][ T13] bridge3 (unregistering): left allmulticast mode [ 1023.861388][ T13] bond14 (unregistering): (slave bridge4): Releasing backup interface [ 1023.873629][ T13] bridge4 (unregistering): left promiscuous mode [ 1023.880937][ T13] bridge4 (unregistering): left allmulticast mode [ 1023.894095][ T13] bond15 (unregistering): (slave bridge5): Releasing backup interface [ 1023.903249][ T13] bridge5 (unregistering): left promiscuous mode [ 1023.910347][ T13] bridge5 (unregistering): left allmulticast mode [ 1023.923721][ T13] bond16 (unregistering): (slave bridge6): Releasing backup interface [ 1023.935262][ T13] bridge6 (unregistering): left promiscuous mode [ 1023.942405][ T13] bridge6 (unregistering): left allmulticast mode [ 1023.977279][ T13] bond0 (unregistering): left promiscuous mode [ 1023.987506][ T13] bond_slave_0: left promiscuous mode [ 1023.995490][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1024.005973][ T13] bond0 (unregistering): Released all slaves [ 1024.019559][ T13] bond1 (unregistering): (slave veth0_to_bond): Releasing active interface [ 1024.030474][ T13] bond1 (unregistering): Released all slaves [ 1024.046701][ T13] bond2 (unregistering): Released all slaves [ 1024.076745][ T13] bond3 (unregistering): Released all slaves [ 1024.094610][ T13] bond4 (unregistering): Released all slaves [ 1024.111865][ T13] bond5 (unregistering): Released all slaves [ 1024.134186][ T13] bond6 (unregistering): Released all slaves [ 1024.151765][ T13] bond7 (unregistering): Released all slaves [ 1024.168496][ T13] bond8 (unregistering): Released all slaves [ 1024.198397][ T13] bond9 (unregistering): Released all slaves [ 1024.216705][ T13] bond10 (unregistering): Released all slaves [ 1024.234100][ T13] bond11 (unregistering): Released all slaves [ 1024.251078][ T13] bond12 (unregistering): Released all slaves [ 1024.271199][ T13] bond13 (unregistering): Released all slaves [ 1024.303879][ T13] bond14 (unregistering): Released all slaves [ 1024.322330][ T13] bond15 (unregistering): Released all slaves [ 1024.344145][ T13] bond16 (unregistering): Released all slaves [ 1024.360415][ T13] bond17 (unregistering): Released all slaves [ 1024.378620][ T13] bond18 (unregistering): Released all slaves [ 1024.506795][T30600] lo speed is unknown, defaulting to 1000 [ 1024.598240][ T13] : left promiscuous mode [ 1024.812825][ T13] tipc: Disabling bearer [ 1024.823639][ T13] tipc: Left network mode [ 1024.894121][T30642] syzkaller0: entered promiscuous mode [ 1024.938144][T30642] syzkaller0: entered allmulticast mode [ 1026.600607][ T5294] 8021q: adding VLAN 0 to HW filter on device eth1 [ 1027.524208][T30494] bridge0: port 1(bridge_slave_0) entered blocking state [ 1027.542796][T30494] bridge0: port 1(bridge_slave_0) entered disabled state [ 1027.580011][T30494] bridge_slave_0: entered allmulticast mode [ 1027.597001][T30494] bridge_slave_0: entered promiscuous mode [ 1027.636175][T30494] bridge0: port 2(bridge_slave_1) entered blocking state [ 1027.660344][T30494] bridge0: port 2(bridge_slave_1) entered disabled state [ 1027.674798][T30494] bridge_slave_1: entered allmulticast mode [ 1027.696556][T30494] bridge_slave_1: entered promiscuous mode [ 1027.772427][T30691] netlink: 80 bytes leftover after parsing attributes in process `syz.3.6312'. [ 1027.818245][T30691] netlink: 80 bytes leftover after parsing attributes in process `syz.3.6312'. [ 1027.828971][T30690] netlink: 'syz.3.6312': attribute type 7 has an invalid length. [ 1027.851775][T30690] netlink: 'syz.3.6312': attribute type 8 has an invalid length. [ 1027.976986][T30494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1028.021552][T30494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1028.195882][T30494] team0: Port device team_slave_0 added [ 1028.232658][T30494] team0: Port device team_slave_1 added [ 1028.540972][T30494] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1028.567840][T30494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1028.640495][T30494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1028.693270][T30494] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1028.723768][T30494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1028.771791][T30494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1028.902750][T30722] netlink: 67 bytes leftover after parsing attributes in process `syz.3.6317'. [ 1029.049696][T30717] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1029.062997][T30717] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1029.084018][T30730] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6321'. [ 1029.133003][T30728] block nbd0: server does not support multiple connections per device. [ 1029.159847][T30728] block nbd0: shutting down sockets [ 1029.492332][T30724] bridge0: port 2(bridge_slave_1) entered disabled state [ 1029.500484][T30724] bridge0: port 1(bridge_slave_0) entered disabled state [ 1029.634641][T30724] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1029.653397][T30724] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1030.492714][ T5294] 8021q: adding VLAN 0 to HW filter on device eth2 [ 1030.510999][ T93] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1030.529241][ T93] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1030.559108][ T5967] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1030.591352][T30728] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1030.607485][T30728] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 1030.654441][T30494] hsr_slave_0: entered promiscuous mode [ 1030.684138][T30494] hsr_slave_1: entered promiscuous mode [ 1030.705382][T30494] debugfs: 'hsr0' already exists in 'hsr' [ 1030.718856][T30494] Cannot create hsr debugfs directory [ 1030.735850][ T5967] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1030.919031][T30728] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1030.931489][T30728] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 1031.086700][T30728] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1031.097706][T30728] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 1031.303887][T30728] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1031.319042][T30728] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 1031.408702][T30565] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN PTI [ 1031.420763][T30565] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f] [ 1031.429221][T30565] CPU: 1 UID: 0 PID: 30565 Comm: kbnepd bnep0 Not tainted syzkaller #0 PREEMPT(full) [ 1031.438819][T30565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1031.448907][T30565] RIP: 0010:klist_del+0x49/0x110 [ 1031.453994][T30565] Code: f6 49 89 dd 49 c1 ed 03 43 80 7c 25 00 00 74 08 48 89 df e8 99 f5 90 f6 4c 8b 33 49 83 e6 fe 49 8d 7e 58 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 05 e8 7b f5 90 f6 4d 8b 7e 58 4c 89 f7 e8 4f 45 [ 1031.473636][T30565] RSP: 0018:ffffc90003457848 EFLAGS: 00010202 [ 1031.479759][T30565] RAX: 000000000000000b RBX: ffff88807ccf2460 RCX: ffff88807b6b9f00 [ 1031.487929][T30565] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000058 [ 1031.495995][T30565] RBP: ffffc90003457970 R08: ffff88802b945003 R09: 1ffff11005728a00 [ 1031.504083][T30565] R10: dffffc0000000000 R11: ffffed1005728a01 R12: dffffc0000000000 [ 1031.512191][T30565] R13: 1ffff1100f99e48c R14: 0000000000000000 R15: ffff8880537607e0 [ 1031.520278][T30565] FS: 0000000000000000(0000) GS:ffff88812538b000(0000) knlGS:0000000000000000 [ 1031.529427][T30565] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1031.536122][T30565] CR2: 00007ff606d459e0 CR3: 000000005a938000 CR4: 00000000003526f0 [ 1031.544311][T30565] Call Trace: [ 1031.547648][T30565] [ 1031.550685][T30565] device_del+0x27f/0x8f0 [ 1031.555172][T30565] ? pm_runtime_set_memalloc_noio+0x1f4/0x260 [ 1031.561327][T30565] ? __pfx_device_del+0x10/0x10 [ 1031.566302][T30565] ? netdev_unregister_kobject+0x344/0x450 [ 1031.572374][T30565] unregister_netdevice_many_notify+0x1b5a/0x20c0 [ 1031.578867][T30565] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1031.585679][T30565] ? rtnl_net_dev_lock+0x36/0x2f0 [ 1031.591236][T30565] ? rtnl_net_dev_lock+0x36/0x2f0 [ 1031.596291][T30565] unregister_netdev+0x15f/0x200 [ 1031.601303][T30565] ? __pfx_unregister_netdev+0x10/0x10 [ 1031.606839][T30565] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1031.612833][T30565] bnep_session+0x2b04/0x2d30 [ 1031.617800][T30565] ? __lock_acquire+0x6b5/0x2cf0 [ 1031.622792][T30565] ? __pfx_bnep_session+0x10/0x10 [ 1031.628023][T30565] ? __pfx_woken_wake_function+0x10/0x10 [ 1031.633723][T30565] ? __kthread_parkme+0x7a/0x1f0 [ 1031.638778][T30565] ? __kthread_parkme+0x19c/0x1f0 [ 1031.643934][T30565] kthread+0x389/0x470 [ 1031.648204][T30565] ? __pfx_bnep_session+0x10/0x10 [ 1031.653331][T30565] ? __pfx_kthread+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1031.657992][T30565] ret_from_fork+0x514/0xb70 [ 1031.662651][T30565] ? __pfx_ret_from_fork+0x10/0x10 [ 1031.667829][T30565] ? __switch_to+0xc79/0x1410 [ 1031.672554][T30565] ? __pfx_kthread+0x10/0x10 [ 1031.677173][T30565] ret_from_fork_asm+0x1a/0x30 [ 1031.682059][T30565] [ 1031.685111][T30565] Modules linked in: [ 1031.691079][T30565] ---[ end trace 0000000000000000 ]--- [ 1031.706999][T30565] RIP: 0010:klist_del+0x49/0x110 [ 1031.713331][T30565] Code: f6 49 89 dd 49 c1 ed 03 43 80 7c 25 00 00 74 08 48 89 df e8 99 f5 90 f6 4c 8b 33 49 83 e6 fe 49 8d 7e 58 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 05 e8 7b f5 90 f6 4d 8b 7e 58 4c 89 f7 e8 4f 45 [ 1031.736070][T30565] RSP: 0018:ffffc90003457848 EFLAGS: 00010202 [ 1031.742585][T30565] RAX: 000000000000000b RBX: ffff88807ccf2460 RCX: ffff88807b6b9f00 [ 1031.751550][T30565] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000058 [ 1031.759943][T30565] RBP: ffffc90003457970 R08: ffff88802b945003 R09: 1ffff11005728a00 [ 1031.768255][T30565] R10: dffffc0000000000 R11: ffffed1005728a01 R12: dffffc0000000000 [ 1031.778401][T30565] R13: 1ffff1100f99e48c R14: 0000000000000000 R15: ffff8880537607e0 [ 1031.787065][T30565] FS: 0000000000000000(0000) GS:ffff88812528b000(0000) knlGS:0000000000000000 [ 1031.797394][T30565] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1031.804503][T30565] CR2: 00007fc456b47e20 CR3: 0000000033364000 CR4: 00000000003526f0 [ 1031.813441][T30565] Kernel panic - not syncing: Fatal exception [ 1031.820188][T30565] Kernel Offset: disabled [ 1031.824699][T30565] Rebooting in 86400 seconds..