last executing test programs: 1m1.158421524s ago: executing program 4 (id=4687): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x3}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0) r3 = socket(0x400000000010, 0x3, 0x7) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) sendto$packet(r4, &(0x7f0000000080)="18", 0x1, 0x4000080, &(0x7f00000000c0)={0x11, 0xd, r5, 0x1, 0x6, 0x6, @multicast}, 0x14) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0x1000, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1002}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x13, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="8500000011000000350000000000020085000000230000009500073d000000003c8ea5932cf6fec5eade4bb02aa4f152b8bdfdf8ffffffffffeeff547930a8abf35fd3908aa4e150e020a1a45f8d6700ff00000000f669011b4504090bc057a5cdb706ceac9856bad67505a783d6f5d0542b83f636ab45c12311d14da9bf"], 0x0, 0x4}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000600)={r9, 0x58, &(0x7f0000000580)}, 0x10) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r7, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) 1m0.723107539s ago: executing program 4 (id=4696): r0 = socket(0xa, 0x5, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, 0xffffffffffffffff, 0x0) socket$tipc(0x1e, 0x5, 0x0) r2 = socket(0x14, 0x2, 0x4) ioctl$sock_inet_udp_SIOCINQ(r2, 0x541b, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280), 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000240)={0x93, 0xa, 0x4, 0x3, r3}, &(0x7f0000000280)=0x10) 1m0.294000663s ago: executing program 3 (id=4704): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket(0x2, 0x80805, 0x0) r3 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r2, 0x84, 0x23, &(0x7f0000000100)={r4, 0xa11c}, 0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000000c0)={0x6, 0x6, 0x5, 0x59f93542, r4}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000000)) 1m0.136909521s ago: executing program 3 (id=4708): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'macvlan0\x00', 0x0}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000940)={0x0, 0x8, 0x7}) sendmsg$nl_route(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2c000000130339c3000000000000000000000800", @ANYRES32=r2, @ANYBLOB="0000d400000000000a000100003b"], 0x2c}}, 0x0) 59.944820995s ago: executing program 4 (id=4709): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$key(0xf, 0x3, 0x2) recvmmsg(r1, &(0x7f0000004bc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000c00)=""/193, 0xc1}, 0x8}], 0x1, 0x2, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0) setsockopt$sock_int(r1, 0x1, 0x4b, &(0x7f0000000040)=0xfd87, 0x4) socketpair(0xa, 0x5, 0x3, &(0x7f0000000000)={0xffffffffffffffff}) socket$unix(0x1, 0x5, 0x0) (async) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f00000000c0)={r3}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'syzkaller1\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'syzkaller1\x00', 0x0}) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240), 0x4) (async) r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240), 0x4) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x10, 0x5, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x52d, 0x0, 0x0, 0x0, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}, @ldst={0x3, 0x2, 0x4, 0x8, 0x9, 0x100, 0x8}]}, &(0x7f0000000480)='GPL\x00', 0x101, 0xc8, &(0x7f0000000540)=""/200, 0x41000, 0xe, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000680)={0x2, 0xd, 0x6d754775, 0x81}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1]}, 0x94) r8 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000007c0)={0xffffffffffffffff, 0xfffffff0, 0x18}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x10, 0x3, &(0x7f0000000100)=@raw=[@map_fd={0x18, 0x1, 0x1, 0x0, 0x1}, @generic={0x9, 0x5, 0x3, 0x0, 0x9}], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0xe2, &(0x7f0000000300)=""/226, 0x41100, 0x3a, '\x00', r5, @fallback=0x16, r6, 0x8, &(0x7f0000000280)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x3, 0xf, 0x3, 0x5}, 0x10, 0x0, r7, 0x7, &(0x7f0000000800)=[0xffffffffffffffff, r8], &(0x7f0000000840)=[{0x2, 0x2, 0xf, 0x6}, {0x4, 0x4, 0x10, 0xb}, {0x1, 0x5, 0x7, 0xa}, {0x5, 0x2, 0xe}, {0x3, 0x2, 0x7, 0x4}, {0x0, 0x5, 0x5, 0x7}, {0x0, 0x3, 0x3, 0x5}], 0x10, 0x5}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x10, 0x3, &(0x7f0000000100)=@raw=[@map_fd={0x18, 0x1, 0x1, 0x0, 0x1}, @generic={0x9, 0x5, 0x3, 0x0, 0x9}], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0xe2, &(0x7f0000000300)=""/226, 0x41100, 0x3a, '\x00', r5, @fallback=0x16, r6, 0x8, &(0x7f0000000280)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x3, 0xf, 0x3, 0x5}, 0x10, 0x0, r7, 0x7, &(0x7f0000000800)=[0xffffffffffffffff, r8], &(0x7f0000000840)=[{0x2, 0x2, 0xf, 0x6}, {0x4, 0x4, 0x10, 0xb}, {0x1, 0x5, 0x7, 0xa}, {0x5, 0x2, 0xe}, {0x3, 0x2, 0x7, 0x4}, {0x0, 0x5, 0x5, 0x7}, {0x0, 0x3, 0x3, 0x5}], 0x10, 0x5}, 0x94) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c0002800800010001000000140007000000000000000005000000000000000108000f"], 0x74}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000bc0)={'sit0\x00', &(0x7f0000000b80)={'gre0\x00', 0x0, 0x7800, 0x80, 0x9, 0x7, {{0x5, 0x4, 0x2, 0xf, 0xffffffffffffffc7, 0x67, 0x0, 0xa, 0x4, 0x0, @rand_addr=0x64010101, @broadcast}}}}) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000bc0)={'sit0\x00', &(0x7f0000000b80)={'gre0\x00', 0x0, 0x7800, 0x80, 0x9, 0x7, {{0x5, 0x4, 0x2, 0xf, 0xffffffffffffffc7, 0x67, 0x0, 0xa, 0x4, 0x0, @rand_addr=0x64010101, @broadcast}}}}) 59.853954598s ago: executing program 3 (id=4711): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x70bd2d, 0x4, {0x0, 0x0, 0x0, 0x0, {0xe, 0xfff2}, {0x6, 0xd}, {0x6, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x4080}, 0x40004) r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_VERDICT(r1, &(0x7f0000000800)={&(0x7f0000000280), 0xc, &(0x7f00000007c0)={&(0x7f00000002c0)={0x500, 0x1, 0x3, 0x201, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffe, 0x4}}, @NFQA_CT={0xf8, 0xb, 0x0, 0x1, [@CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x2}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x20}]}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x4}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x1}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x1}, @CTA_LABELS_MASK={0x20, 0x17, [0x8, 0x1c000000, 0x1, 0x5, 0x993f, 0x4, 0x64]}, @CTA_SEQ_ADJ_REPLY={0x4c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x384}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x10000}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x157}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x20e}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x4}]}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0xb, 0x1, 'amanda\x00'}}, @CTA_NAT_SRC={0x44, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @rand_addr=0x64010102}, @CTA_NAT_V4_MINIP={0x8, 0x1, @multicast2}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @mcast2}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x1}]}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xffffffffffffffff}}, @NFQA_CT={0x58, 0xb, 0x0, 0x1, [@CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @loopback}}}]}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x2000000}, @CTA_LABELS={0x20, 0x16, 0x1, 0x0, [0x8001, 0x4, 0x1, 0x3, 0x6, 0x8000, 0xffffffff]}]}, @NFQA_CT={0x11c, 0xb, 0x0, 0x1, [@CTA_TUPLE_MASTER={0x80, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x21}}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_LABELS={0x2c, 0x16, 0x1, 0x0, [0x9, 0x8, 0xfc85, 0x800, 0x7f, 0x6, 0x1, 0xffff, 0x8, 0x4]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x2}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_REPLY={0xc, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x1}]}, @CTA_HELP={0x14, 0x5, 0x0, 0x1, {0xf, 0x1, 'netbios-ns\x00'}}, @CTA_SYNPROXY={0x34, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x8001}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x2}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0xe}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_SYNPROXY_ISN={0x8}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x1}]}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x7}]}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x3}, @NFQA_PAYLOAD={0x28, 0xa, "f1cad51f6472f845c75a1af90829ed3c2c084dc65e8a281f4de2d564f8f432a565c6a806"}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x400}, @NFQA_VLAN={0x4c, 0x13, 0x0, 0x1, [@NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x9}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x4}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x3}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x8}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x8100}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x8100}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x88a8}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x9}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x9a8}]}, @NFQA_CT={0x1e4, 0xb, 0x0, 0x1, [@CTA_TUPLE_MASTER={0xb4, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x41}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x40}}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x22}}, {0x14, 0x4, @local}}}]}, @CTA_MARK={0x8}, @CTA_TUPLE_MASTER={0xc0, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @local}}}]}, @CTA_TUPLE_MASTER={0x5c, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x4}]}]}, 0x500}, 0x1, 0x0, 0x0, 0x800}, 0x40000d0) bind$llc(r0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x58, 0x3, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x40) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x70bd2d, 0x4, {0x0, 0x0, 0x0, 0x0, {0xe, 0xfff2}, {0x6, 0xd}, {0x6, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x4080}, 0x40004) (async) syz_init_net_socket$llc(0x1a, 0x801, 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFQNL_MSG_VERDICT(r1, &(0x7f0000000800)={&(0x7f0000000280), 0xc, &(0x7f00000007c0)={&(0x7f00000002c0)={0x500, 0x1, 0x3, 0x201, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffe, 0x4}}, @NFQA_CT={0xf8, 0xb, 0x0, 0x1, [@CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x2}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x20}]}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x4}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x1}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x1}, @CTA_LABELS_MASK={0x20, 0x17, [0x8, 0x1c000000, 0x1, 0x5, 0x993f, 0x4, 0x64]}, @CTA_SEQ_ADJ_REPLY={0x4c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x384}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x10000}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x157}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x20e}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x4}]}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0xb, 0x1, 'amanda\x00'}}, @CTA_NAT_SRC={0x44, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @rand_addr=0x64010102}, @CTA_NAT_V4_MINIP={0x8, 0x1, @multicast2}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @mcast2}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x1}]}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xffffffffffffffff}}, @NFQA_CT={0x58, 0xb, 0x0, 0x1, [@CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @loopback}}}]}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x2000000}, @CTA_LABELS={0x20, 0x16, 0x1, 0x0, [0x8001, 0x4, 0x1, 0x3, 0x6, 0x8000, 0xffffffff]}]}, @NFQA_CT={0x11c, 0xb, 0x0, 0x1, [@CTA_TUPLE_MASTER={0x80, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x21}}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_LABELS={0x2c, 0x16, 0x1, 0x0, [0x9, 0x8, 0xfc85, 0x800, 0x7f, 0x6, 0x1, 0xffff, 0x8, 0x4]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x2}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_REPLY={0xc, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x1}]}, @CTA_HELP={0x14, 0x5, 0x0, 0x1, {0xf, 0x1, 'netbios-ns\x00'}}, @CTA_SYNPROXY={0x34, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x8001}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x2}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0xe}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_SYNPROXY_ISN={0x8}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x1}]}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x7}]}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x3}, @NFQA_PAYLOAD={0x28, 0xa, "f1cad51f6472f845c75a1af90829ed3c2c084dc65e8a281f4de2d564f8f432a565c6a806"}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x400}, @NFQA_VLAN={0x4c, 0x13, 0x0, 0x1, [@NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x9}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x4}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x3}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x8}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x8100}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x8100}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x88a8}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x9}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x9a8}]}, @NFQA_CT={0x1e4, 0xb, 0x0, 0x1, [@CTA_TUPLE_MASTER={0xb4, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x41}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x40}}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x22}}, {0x14, 0x4, @local}}}]}, @CTA_MARK={0x8}, @CTA_TUPLE_MASTER={0xc0, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @local}}}]}, @CTA_TUPLE_MASTER={0x5c, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x4}]}]}, 0x500}, 0x1, 0x0, 0x0, 0x800}, 0x40000d0) (async) bind$llc(r0, 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x58, 0x3, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x40) (async) 59.737040778s ago: executing program 3 (id=4712): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)=',', 0x1) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000009c0)=@deltclass={0x24, 0x29, 0x300, 0x70bd29, 0x25d7dbff, {0x0, 0x0, 0x0, 0x0, {0x10, 0xfff3}, {0x4, 0xf}, {0xe, 0xa}}}, 0x24}}, 0x4000000) recvmmsg(r1, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)=""/15, 0xf}], 0x1}, 0x8}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/113, 0x71}], 0x1}, 0x5}], 0x2, 0x2, 0x0) 59.179691867s ago: executing program 1 (id=4722): r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x34, r0, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}]}, 0x34}}, 0xc800) sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)={0x14, r0, 0xe27, 0x70bd28, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000, 0x21}, 0x0) 59.03721353s ago: executing program 1 (id=4724): r0 = socket$netlink(0x10, 0x3, 0x10) socket(0x2, 0x80805, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) r1 = socket$kcm(0x10, 0x2, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 59.037037782s ago: executing program 4 (id=4725): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="4400000010000904000000020000000000000000", @ANYRES32=r2, @ANYBLOB="000000000000000024001280110001006272696467655f736c617665000000000c00058008002200", @ANYRES32=r2], 0x44}}, 0x4894) 58.959644181s ago: executing program 2 (id=4726): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$PPPIOCGMRU(r0, 0x80047453, &(0x7f00000001c0)) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={r1, 0x35, 0xffffffffffffffff}, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000a80)={&(0x7f0000000940)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x3, [@fwd={0x1}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x0, 0x1}]}]}, {0x0, [0x5f]}}, 0x0, 0x3f, 0x0, 0x1}, 0x20) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r2) sendmsg$NLBL_MGMT_C_ADDDEF(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x14, r3, 0x511, 0x0, 0xfffffffe, {0x5}}, 0x21}}, 0xa000000) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r2) sendmsg$NFC_CMD_GET_SE(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2d1bcbc84f94ba6e}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r4, 0x1, 0x70bd2b, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x40020) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={0xffffffffffffffff, 0x8}, 0xc) 58.948460678s ago: executing program 4 (id=4727): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) socket$netlink(0x10, 0x3, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r2, 0x84, 0x81, 0x0, 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x5, 0x25, 0x0, &(0x7f0000000000)="259a53f271a76d2608004c6588a80a38667d2f15", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000038000000060a010400000000000000000100000008000b4000000000100004800c00018008000100636d70000900010073797a3000000000140000001100010000000000000000000000000a7de6d0bf234c6007114fb63ae25de05a17971158fe75435460f227861274b5"], 0xac}}, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000240)={'ip6_vti0\x00', 0x0, 0x4, 0xfc, 0x2, 0x800, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}, @ipv4={'\x00', '\xff\xff', @empty}, 0x7800, 0x7800, 0x0, 0x401}}) sendmsg$nl_route(r0, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000007c0)=@bridge_setlink={0x1c8, 0x13, 0x20, 0x70bd2b, 0x25dfdbff, {0x7, 0x0, 0x0, 0x0, 0x401, 0x8040}, [@IFLA_NUM_RX_QUEUES={0x8, 0x20, 0xfffffff7}, @IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_IGNORE_DF={0x5}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_LINK={0x8, 0x1, r7}, @IFLA_GRE_OKEY={0x8, 0x5, 0x3}]}}}, @IFLA_VFINFO_LIST={0x170, 0x16, 0x0, 0x1, [{0x84, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x0, 0x4}}, @IFLA_VF_VLAN_LIST={0x18, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x8, 0x26b, 0xc1, 0x8100}}]}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x8, 0x5}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x9d69, 0x8}}, @IFLA_VF_MAC={0x28, 0x1, {0x8, @local}}, @IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x6, 0x29e4c366}}]}, {0xa8, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x8, 0xecb}}, @IFLA_VF_MAC={0x28, 0x1, {0x2}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x0, 0x50}}, @IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x8, 0x6b}}, @IFLA_VF_RATE={0x10, 0x6, {0x100, 0x7ff}}, @IFLA_VF_VLAN_LIST={0x18, 0xc, 0x0, 0x1, [{0x14, 0x1, {0xa0000000, 0x813, 0x1, 0x88a8}}]}, @IFLA_VF_VLAN={0x10, 0x2, {0x0, 0xa94, 0xfffffffb}}, @IFLA_VF_VLAN={0x10, 0x2, {0x3, 0xf82, 0x7ff}}]}, {0x40, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x6, 0x21}}, @IFLA_VF_RATE={0x10, 0x6, {0x6, 0x0, 0xb}}, @IFLA_VF_LINK_STATE={0xc, 0x5, {0x5, 0x7}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x4, 0x7}}]}]}]}, 0x1c8}, 0x1, 0x0, 0x0, 0x20004000}, 0x24000005) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x0, 0xa000}, 0x4) sendmsg$IPSET_CMD_SAVE(r1, &(0x7f0000000200)={0x0, 0x27, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000080601080000000000000004000000040500010006"], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x10) 58.835172057s ago: executing program 1 (id=4729): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r0}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$sock_int(r1, 0x1, 0x22, &(0x7f0000000140)=0x81, 0x4) syz_genetlink_get_family_id$ethtool(&(0x7f0000005ec0), r1) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000dc0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GET(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000fbdbdf25270000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c0053"], 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000ff7f000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f00000000c0)={0x1f, 0xffff, 0x3}, 0x6) write(r5, &(0x7f0000000000)="3f000000010000", 0x7) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r6, &(0x7f0000000280)="ca", &(0x7f0000000000)=""/3, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r6, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r6, &(0x7f0000000600), &(0x7f0000000700)=""/127}, 0x20) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000b80)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x2}, 0x50) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c00)={0x1b, 0x0, 0x0, 0xfffffffe, 0x0, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x1}, 0x50) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000c80)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x3}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d40)={{0x1, 0xffffffffffffffff}, &(0x7f0000000a80), &(0x7f0000000d00)='%pI4 \x00'}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000e40)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000d80), &(0x7f0000000e00)=r0}, 0x20) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000f00)=@bpf_lsm={0x1d, 0x19, &(0x7f0000000680)=@raw=[@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}, @generic={0x4, 0x5, 0x1, 0x3, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @jmp={0x5, 0x1, 0x9, 0x1, 0xb, 0xfffffffffffffff0, 0x4}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r11}}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xffffffff}], &(0x7f00000002c0)='syzkaller\x00', 0x8, 0x82, &(0x7f0000000300)=""/130, 0x40f00, 0x6, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0xa, 0x4}, 0x8, 0x10, &(0x7f00000008c0)={0x3, 0x7, 0x2, 0x8}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000e80)=[r6, r7, r8, r9, 0xffffffffffffffff, r10, 0x1, r11], &(0x7f0000000ec0)=[{0x4, 0x4, 0xf}], 0x10, 0x2}, 0x94) r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r12) sendmsg$IEEE802154_LLSEC_SETPARAMS(r12, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000003c0)={0x20, r13, 0x5, 0x0, 0x0, {0x22}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}}, 0x2000c094) r14 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r14, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB="20001401002cdf25080003000120000008000100021000003e93e11cda88a7e243ca246d000000"], 0x20}, 0x1, 0x0, 0x0, 0x24044836}, 0xc094) 58.831377896s ago: executing program 2 (id=4730): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket(0x2, 0x80805, 0x0) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000000)) 58.761153549s ago: executing program 0 (id=4731): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={{0x14, 0x10, 0x1, 0x24}, [@NFT_MSG_NEWRULE={0x84, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x58, 0x4, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_INFO={0x2c, 0x3, "5c8f022482395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6ce2316334e8278ad"}, @NFTA_MATCH_NAME={0x9, 0x1, 'ipvs\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xac}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800) 58.759589127s ago: executing program 2 (id=4732): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="140100002e00010000000000000000000401ff800c0000000800000000000000140001"], 0x114}], 0x1, 0x0, 0x0, 0xfffffffd}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x43, 0x0, 0x0, 0x3}, 0x10) bind$tipc(r2, 0x0, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r3, &(0x7f0000000380)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x3, {0x43, 0x2, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x24004000}, 0x800) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2688ca4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000440)={0x0, 0x1005}, 0x4) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="ac0000001a000100000000000000000002000000000000000000000005001b000000000085"], 0xac}}, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x8) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r6, 0x0, 0x0) getsockopt$bt_BT_DEFER_SETUP(r6, 0x112, 0x7, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 58.723584771s ago: executing program 3 (id=4733): r0 = socket$inet_sctp(0x2, 0x0, 0x84) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000140), &(0x7f0000000180)=0x4) r1 = syz_init_net_socket$ax25(0x3, 0x3, 0xce) getsockopt$ax25_int(r1, 0x101, 0x3, &(0x7f0000000000), &(0x7f00000000c0)=0x4) r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x8) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r3) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01400000000000000000067400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a733000080002000000e6ff05000700263a3a0914000600626f6e64300000400000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000fc020000000000000000000000000000ac1e000100000000000000000000000000000000000000000a00008088000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fdffffffffffffffffffffffffffffff00000000000000004fc4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000020000000000000000000000000000000000000000000000000000000000000084010500ac1414bb000000000000000000000000000000006c0000000a0000007f0000010000000000000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb000004d63200000000000000200100000000000000000000000000000000000000000000000000000700000000000000fc020000000000000000000000000001000000003c00000002000000ac1414250000000000000000000000000435000001"], 0x23c}}, 0x4004000) sendto$ax25(r2, 0x0, 0x0, 0x40, 0x0, 0x0) 58.699350494s ago: executing program 0 (id=4734): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0}, 0x1, 0x0, 0x0, 0x80c4}, 0x4000) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000600000700ff0200000000000000"], 0xfdef) 58.664347175s ago: executing program 1 (id=4735): r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) setsockopt$ax25_int(r0, 0x101, 0x5, &(0x7f0000000280)=0x9, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffff000000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x48, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000e}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0xfe}, 0x18) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_WOL_GET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100b11b700000feffff1a000000180001801400020064756d6d7930"], 0x2c}}, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@broadcast, @local, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @remote, @dev={0xac, 0x14, 0x14, 0x19}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @multicast2}}}}, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x3, 0x8}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newtfilter={0xc0, 0x2c, 0x927, 0x70bd28, 0x6000000, {0x0, 0x0, 0x0, r7, {0x7, 0xfff1}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_fw={{0x7}, {0x8c, 0x2, [@TCA_FW_ACT={0x88, 0x4, [@m_nat={0x84, 0x0, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xfffffc00, 0x8, 0x10000000, 0x200000b, 0xff}, @broadcast, @local, 0xff, 0x1}}]}, {0x33, 0x6, "c01611a3c059ad45961f80a2f99e77ace747c564879a72526ebeb04113e6e9a76029526251bceb9274a4044fc890ae"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x11, 0x8}}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4}, 0x4000800) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x4804}, 0x80) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c0002800800050001000000140007000000000000000005000000000000000108000f"], 0x74}}, 0x0) r9 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCDELRT(r9, 0x890c, &(0x7f0000000100)={@ipv4={'\x00', '\xff\xff', @multicast2}, @private2={0xfc, 0x2, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x2, 0x8000, 0x2, 0x100, 0x0, 0x42010008}) r10 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_netrom_SIOCADDRT(r10, 0x890b, &(0x7f0000000440)={0x7ffffffe, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x8, 'syz1\x00', @default, 0x7, 0x4, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) 58.662712832s ago: executing program 4 (id=4736): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000"], 0x0, 0x3, 0x0, 0x0, 0x0, 0xc0}, 0x94) recvmmsg(r0, &(0x7f0000003d40)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x2, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 58.443693242s ago: executing program 2 (id=4737): r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/net\x00') bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup=r0, 0x11, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@fallback, 0x10, 0x0, 0x3300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 58.368941221s ago: executing program 3 (id=4738): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) syz_emit_ethernet(0x2e, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x80000000, @local}, {0x0, 0x37c1, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xb, 0x1c, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYRESDEC=r1, @ANYRES32=r1, @ANYBLOB="0000f569e8f6e8c9f6b7050000080000004600000076000000bf910000f8ffffff30480000000000008500000085000000b700"], &(0x7f0000000980)='GPL\x00', 0xb, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e23, @empty}], 0x10) sendto$inet6(r7, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r7, 0x84, 0x76, 0x0, &(0x7f0000000040)) r8 = socket$packet(0x11, 0x3, 0x300) splice(r6, 0x0, r8, 0x0, 0x10500, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000300)='sys_enter\x00', r10}, 0x10) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_CT_DREG={0x8, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f00000000c0)={r4, @in={{0x2, 0x4e21, @loopback}}}, &(0x7f0000000040)=0x84) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010027bd70000000000067db000008000334", @ANYRES32=0x0, @ANYBLOB="0c00990001"], 0x34}}, 0x8080) 58.368661689s ago: executing program 1 (id=4739): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newsa={0x14c, 0x10, 0x413, 0x70bd28, 0x0, {{@in=@local, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x4e24, 0x0, 0x2, 0x20, 0x20}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x32}, @in=@private=0xa010100, {0x4, 0x7, 0x0, 0x40000000000004, 0xffffffffffffffff, 0x6, 0x7f}, {0xfff, 0xffffffffffffffff, 0x4}, {0xf6, 0x4, 0x4}, 0x0, 0x0, 0x2, 0x1, 0xfe}, [@algo_aead={0x5a, 0x12, {{'rfc4309(ccm(aes))\x00'}, 0x70, 0x60, "6fc3070b4f8f7330202b93875f2d"}}]}, 0x14c}}, 0x804) 58.363629983s ago: executing program 0 (id=4740): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @remote, 0x6}]}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000040)={r2, @in6={{0xa, 0x4e21, 0x6e, @private0}}, 0x5, 0xb, 0x2, 0x80, 0x45, 0x0, 0x2}, &(0x7f0000000100)=0x9c) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000180)={0x9, 0x21, 0x2, 0x7, 0x0, 0x7550, 0x80b1ce, 0x7f, r3}, &(0x7f0000000240)=0x20) 58.331834757s ago: executing program 2 (id=4741): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0x800000000f, &(0x7f0000000080)=0x7, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4) r2 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg(r2, &(0x7f0000005200)=[{{&(0x7f0000000100)=@nl=@unspec, 0x80, 0x0}}, {{&(0x7f00000015c0)=@vsock={0x28, 0x0, 0x2710, @local}, 0x80, &(0x7f0000000080)}}], 0x2, 0x4000) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c) listen(r0, 0x0) listen(r1, 0x4) r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNDEL(r3, 0x400448c9, &(0x7f0000000040)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1}) 58.230284035s ago: executing program 0 (id=4742): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket(0x2, 0x80805, 0x0) socket$inet(0x2, 0x80001, 0x84) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000000)) 58.223809808s ago: executing program 1 (id=4743): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000680)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000140)=@RTM_DELMDB={0x18, 0x54, 0x93d, 0x0, 0x0, {0x7, r2}}, 0x18}}, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_GET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)={0x150, r3, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0xcc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x49, 0x4, {'gcm(aes)\x00', 0x21, "55e7a3cf64bdd48a3f3ff20f7dbcf7a8e17abad43c4099da17e7d6b52d3be26aef"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ID={0x66, 0x3, "f7f784b17b9dc0708606004e9469fa2ec09df896600edde86010dca46bf5eab007bb041632ee9b4362bd1af909bab8cfae4c93b8ea6979c9454f4f0fe1f780060e43777c3708a540f62a0c2762be207bfaf51a7200399dee6d8d2cbd75f2d0828b77"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_LINK={0x70, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffff81}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4dbf}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}]}]}, 0x150}, 0x1, 0x0, 0x0, 0x20040095}, 0x44048040) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r5, 0x400452c8, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'vlan0\x00'}) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000140)=0x90) write$tun(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="a69c2ec659a3"], 0xfdef) 58.211570462s ago: executing program 2 (id=4744): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)=',', 0x1) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x4000000) recvmmsg(r1, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)=""/15, 0xf}], 0x1}, 0x8}], 0x1, 0x2, 0x0) 58.204690593s ago: executing program 0 (id=4745): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000200), 0x806000) ioctl$FS_IOC_RESVSP(r0, 0x40305829, &(0x7f0000000740)={0x0, 0x2, 0x2, 0x8000000000400}) (async) writev(r0, &(0x7f0000000440)=[{0x0}], 0x1) (async) accept$inet6(r0, 0x0, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) socket$netlink(0x10, 0x3, 0x0) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000100)=@ipv6_getaddrlabel={0x5c, 0x4a, 0x10, 0x9d14, 0x25dfdbfc, {0xa, 0x0, 0x9fcddc0927770f0e, 0x0, r2, 0x2}, [@IFAL_LABEL={0x8, 0x2, 0x3}, @IFAL_ADDRESS={0x14, 0x1, @mcast1}, @IFAL_LABEL={0x8, 0x2, 0x3}, @IFAL_ADDRESS={0x14, 0x1, @mcast1}, @IFAL_LABEL={0x8, 0x2, 0xb}]}, 0x5c}}, 0x8004) 58.105052181s ago: executing program 0 (id=4746): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) socket$netlink(0x10, 0x3, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r2, 0x84, 0x81, 0x0, 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x5, 0x25, 0x0, &(0x7f0000000000)="259a53f271a76d2608004c6588a80a38667d2f15", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000038000000060a010400000000000000000100000008000b4000000000100004800c00018008000100636d70000900010073797a3000000000140000001100010000000000000000000000000a7de6d0bf234c6007114fb63ae25de05a17971158fe75435460f227861274b5"], 0xac}}, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000240)={'ip6_vti0\x00', 0x0, 0x4, 0xfc, 0x2, 0x800, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}, @ipv4={'\x00', '\xff\xff', @empty}, 0x7800, 0x7800, 0x0, 0x401}}) sendmsg$nl_route(r0, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000007c0)=@bridge_setlink={0x1c8, 0x13, 0x20, 0x70bd2b, 0x25dfdbff, {0x7, 0x0, 0x0, 0x0, 0x401, 0x8040}, [@IFLA_NUM_RX_QUEUES={0x8, 0x20, 0xfffffff7}, @IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_IGNORE_DF={0x5}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_LINK={0x8, 0x1, r7}, @IFLA_GRE_OKEY={0x8, 0x5, 0x3}]}}}, @IFLA_VFINFO_LIST={0x170, 0x16, 0x0, 0x1, [{0x84, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x0, 0x4}}, @IFLA_VF_VLAN_LIST={0x18, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x8, 0x26b, 0xc1, 0x8100}}]}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x8, 0x5}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x9d69, 0x8}}, @IFLA_VF_MAC={0x28, 0x1, {0x8, @local}}, @IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x6, 0x29e4c366}}]}, {0xa8, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x8, 0xecb}}, @IFLA_VF_MAC={0x28, 0x1, {0x2}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x0, 0x50}}, @IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x8, 0x6b}}, @IFLA_VF_RATE={0x10, 0x6, {0x100, 0x7ff}}, @IFLA_VF_VLAN_LIST={0x18, 0xc, 0x0, 0x1, [{0x14, 0x1, {0xa0000000, 0x813, 0x1, 0x88a8}}]}, @IFLA_VF_VLAN={0x10, 0x2, {0x0, 0xa94, 0xfffffffb}}, @IFLA_VF_VLAN={0x10, 0x2, {0x3, 0xf82, 0x7ff}}]}, {0x40, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x6, 0x21}}, @IFLA_VF_RATE={0x10, 0x6, {0x6, 0x0, 0xb}}, @IFLA_VF_LINK_STATE={0xc, 0x5, {0x5, 0x7}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x4, 0x7}}]}]}]}, 0x1c8}, 0x1, 0x0, 0x0, 0x20004000}, 0x24000005) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x0, 0xa000}, 0x4) sendmsg$IPSET_CMD_SAVE(r1, &(0x7f0000000200)={0x0, 0x27, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000080601080000000000000004000000040500010006"], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x10) 217.046366ms ago: executing program 32 (id=4746): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) socket$netlink(0x10, 0x3, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r2, 0x84, 0x81, 0x0, 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x5, 0x25, 0x0, &(0x7f0000000000)="259a53f271a76d2608004c6588a80a38667d2f15", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000038000000060a010400000000000000000100000008000b4000000000100004800c00018008000100636d70000900010073797a3000000000140000001100010000000000000000000000000a7de6d0bf234c6007114fb63ae25de05a17971158fe75435460f227861274b5"], 0xac}}, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000240)={'ip6_vti0\x00', 0x0, 0x4, 0xfc, 0x2, 0x800, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}, @ipv4={'\x00', '\xff\xff', @empty}, 0x7800, 0x7800, 0x0, 0x401}}) sendmsg$nl_route(r0, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000007c0)=@bridge_setlink={0x1c8, 0x13, 0x20, 0x70bd2b, 0x25dfdbff, {0x7, 0x0, 0x0, 0x0, 0x401, 0x8040}, [@IFLA_NUM_RX_QUEUES={0x8, 0x20, 0xfffffff7}, @IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_IGNORE_DF={0x5}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_LINK={0x8, 0x1, r7}, @IFLA_GRE_OKEY={0x8, 0x5, 0x3}]}}}, @IFLA_VFINFO_LIST={0x170, 0x16, 0x0, 0x1, [{0x84, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x0, 0x4}}, @IFLA_VF_VLAN_LIST={0x18, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x8, 0x26b, 0xc1, 0x8100}}]}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x8, 0x5}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x9d69, 0x8}}, @IFLA_VF_MAC={0x28, 0x1, {0x8, @local}}, @IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x6, 0x29e4c366}}]}, {0xa8, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x8, 0xecb}}, @IFLA_VF_MAC={0x28, 0x1, {0x2}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x0, 0x50}}, @IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x8, 0x6b}}, @IFLA_VF_RATE={0x10, 0x6, {0x100, 0x7ff}}, @IFLA_VF_VLAN_LIST={0x18, 0xc, 0x0, 0x1, [{0x14, 0x1, {0xa0000000, 0x813, 0x1, 0x88a8}}]}, @IFLA_VF_VLAN={0x10, 0x2, {0x0, 0xa94, 0xfffffffb}}, @IFLA_VF_VLAN={0x10, 0x2, {0x3, 0xf82, 0x7ff}}]}, {0x40, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x6, 0x21}}, @IFLA_VF_RATE={0x10, 0x6, {0x6, 0x0, 0xb}}, @IFLA_VF_LINK_STATE={0xc, 0x5, {0x5, 0x7}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x4, 0x7}}]}]}]}, 0x1c8}, 0x1, 0x0, 0x0, 0x20004000}, 0x24000005) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x0, 0xa000}, 0x4) sendmsg$IPSET_CMD_SAVE(r1, &(0x7f0000000200)={0x0, 0x27, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000080601080000000000000004000000040500010006"], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x10) 171.052109ms ago: executing program 33 (id=4743): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000680)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000140)=@RTM_DELMDB={0x18, 0x54, 0x93d, 0x0, 0x0, {0x7, r2}}, 0x18}}, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_GET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)={0x150, r3, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0xcc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x49, 0x4, {'gcm(aes)\x00', 0x21, "55e7a3cf64bdd48a3f3ff20f7dbcf7a8e17abad43c4099da17e7d6b52d3be26aef"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ID={0x66, 0x3, "f7f784b17b9dc0708606004e9469fa2ec09df896600edde86010dca46bf5eab007bb041632ee9b4362bd1af909bab8cfae4c93b8ea6979c9454f4f0fe1f780060e43777c3708a540f62a0c2762be207bfaf51a7200399dee6d8d2cbd75f2d0828b77"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_LINK={0x70, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffff81}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4dbf}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}]}]}, 0x150}, 0x1, 0x0, 0x0, 0x20040095}, 0x44048040) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r5, 0x400452c8, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'vlan0\x00'}) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000140)=0x90) write$tun(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="a69c2ec659a3"], 0xfdef) 114.018256ms ago: executing program 34 (id=4744): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)=',', 0x1) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x4000000) recvmmsg(r1, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)=""/15, 0xf}], 0x1}, 0x8}], 0x1, 0x2, 0x0) 92.486536ms ago: executing program 35 (id=4738): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) syz_emit_ethernet(0x2e, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x80000000, @local}, {0x0, 0x37c1, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xb, 0x1c, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYRESDEC=r1, @ANYRES32=r1, @ANYBLOB="0000f569e8f6e8c9f6b7050000080000004600000076000000bf910000f8ffffff30480000000000008500000085000000b700"], &(0x7f0000000980)='GPL\x00', 0xb, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e23, @empty}], 0x10) sendto$inet6(r7, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r7, 0x84, 0x76, 0x0, &(0x7f0000000040)) r8 = socket$packet(0x11, 0x3, 0x300) splice(r6, 0x0, r8, 0x0, 0x10500, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000300)='sys_enter\x00', r10}, 0x10) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_CT_DREG={0x8, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f00000000c0)={r4, @in={{0x2, 0x4e21, @loopback}}}, &(0x7f0000000040)=0x84) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010027bd70000000000067db000008000334", @ANYRES32=0x0, @ANYBLOB="0c00990001"], 0x34}}, 0x8080) 0s ago: executing program 36 (id=4736): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000"], 0x0, 0x3, 0x0, 0x0, 0x0, 0xc0}, 0x94) recvmmsg(r0, &(0x7f0000003d40)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x2, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) kernel console output (not intermixed with test programs): 00000 [ 385.120859][T17932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 385.120870][T17932] R13: 00007f3ef53b6038 R14: 00007f3ef53b5fa0 R15: 00007ffc7a370208 [ 385.120905][T17932] [ 385.425887][T17936] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 385.445787][T17938] __nla_validate_parse: 3 callbacks suppressed [ 385.445808][T17938] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3937'. [ 385.474875][T17936] bridge3: left promiscuous mode [ 385.479953][T17936] bridge3: left allmulticast mode [ 385.534173][T17936] veth1_to_bond: left allmulticast mode [ 385.539783][T17936] veth1_to_bond: left promiscuous mode [ 385.593576][T17936] team0: left allmulticast mode [ 385.603574][T17936] team_slave_0: left allmulticast mode [ 385.609312][T17936] team_slave_1: left allmulticast mode [ 385.619602][T17936] geneve0: left allmulticast mode [ 385.626466][T17936] bond16: left allmulticast mode [ 385.632766][T17936] macvlan4: left allmulticast mode [ 385.648789][T17936] macsec1: left promiscuous mode [ 385.654090][T17936] macsec1: left allmulticast mode [ 385.971367][T17964] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3948'. [ 386.105691][T17972] smc: net device bond0 applied user defined pnetid SYZ2 [ 386.137147][T17972] smc: net device bond0 erased user defined pnetid SYZ2 [ 386.207170][T17977] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 386.215446][T17978] netlink: 'syz.0.3954': attribute type 10 has an invalid length. [ 386.230746][T17978] team0: Device hsr_slave_0 failed to register rx_handler [ 386.643369][T17998] "syz.4.3961" (17998) uses obsolete ecb(arc4) skcipher [ 386.763796][T18006] "syz.2.3964" (18006) uses obsolete ecb(arc4) skcipher [ 386.804963][T18008] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3965'. [ 386.826130][T18008] netlink: 'syz.3.3965': attribute type 1 has an invalid length. [ 386.840916][T18010] "syz.2.3966" (18010) uses obsolete ecb(arc4) skcipher [ 386.848684][T18010] FAULT_INJECTION: forcing a failure. [ 386.848684][T18010] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 386.868697][T18010] CPU: 0 UID: 0 PID: 18010 Comm: syz.2.3966 Not tainted syzkaller #0 PREEMPT(full) [ 386.868723][T18010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 386.868733][T18010] Call Trace: [ 386.868741][T18010] [ 386.868749][T18010] dump_stack_lvl+0x189/0x250 [ 386.868782][T18010] ? __pfx____ratelimit+0x10/0x10 [ 386.868806][T18010] ? __pfx_dump_stack_lvl+0x10/0x10 [ 386.868826][T18010] ? __pfx__printk+0x10/0x10 [ 386.868864][T18010] should_fail_ex+0x414/0x560 [ 386.868890][T18010] _copy_to_user+0x31/0xb0 [ 386.868911][T18010] simple_read_from_buffer+0xe1/0x170 [ 386.868939][T18010] proc_fail_nth_read+0x1b3/0x220 [ 386.868962][T18010] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 386.868983][T18010] ? rw_verify_area+0x2a6/0x4d0 [ 386.869003][T18010] ? __lock_acquire+0xab9/0xd20 [ 386.869023][T18010] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 386.869043][T18010] vfs_read+0x200/0xa30 [ 386.869061][T18010] ? fdget_pos+0x247/0x320 [ 386.869080][T18010] ? __pfx___mutex_lock+0x10/0x10 [ 386.869103][T18010] ? __pfx_vfs_read+0x10/0x10 [ 386.869125][T18010] ? __fget_files+0x2a/0x420 [ 386.869153][T18010] ? __fget_files+0x3a0/0x420 [ 386.869174][T18010] ? __fget_files+0x2a/0x420 [ 386.869205][T18010] ksys_read+0x145/0x250 [ 386.869229][T18010] ? __pfx_ksys_read+0x10/0x10 [ 386.869255][T18010] ? do_syscall_64+0xbe/0x3b0 [ 386.869281][T18010] do_syscall_64+0xfa/0x3b0 [ 386.869301][T18010] ? lockdep_hardirqs_on+0x9c/0x150 [ 386.869322][T18010] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.869336][T18010] ? clear_bhb_loop+0x60/0xb0 [ 386.869354][T18010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.869371][T18010] RIP: 0033:0x7f31d418d5fc [ 386.869388][T18010] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 386.869404][T18010] RSP: 002b:00007f31d4fb8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 386.869423][T18010] RAX: ffffffffffffffda RBX: 00007f31d43b5fa0 RCX: 00007f31d418d5fc [ 386.869436][T18010] RDX: 000000000000000f RSI: 00007f31d4fb80a0 RDI: 0000000000000004 [ 386.869448][T18010] RBP: 00007f31d4fb8090 R08: 0000000000000000 R09: 0000000000000000 [ 386.869458][T18010] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 386.869473][T18010] R13: 00007f31d43b6038 R14: 00007f31d43b5fa0 R15: 00007ffe86913168 [ 386.869503][T18010] [ 387.153196][T18012] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 387.281601][T18019] FAULT_INJECTION: forcing a failure. [ 387.281601][T18019] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 387.298245][T18019] CPU: 0 UID: 0 PID: 18019 Comm: syz.3.3969 Not tainted syzkaller #0 PREEMPT(full) [ 387.298268][T18019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 387.298279][T18019] Call Trace: [ 387.298286][T18019] [ 387.298294][T18019] dump_stack_lvl+0x189/0x250 [ 387.298319][T18019] ? __pfx____ratelimit+0x10/0x10 [ 387.298341][T18019] ? __pfx_dump_stack_lvl+0x10/0x10 [ 387.298362][T18019] ? __pfx__printk+0x10/0x10 [ 387.298396][T18019] should_fail_ex+0x414/0x560 [ 387.298430][T18019] _copy_to_user+0x31/0xb0 [ 387.298452][T18019] simple_read_from_buffer+0xe1/0x170 [ 387.298478][T18019] proc_fail_nth_read+0x1b3/0x220 [ 387.298500][T18019] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 387.298523][T18019] ? rw_verify_area+0x2a6/0x4d0 [ 387.298544][T18019] ? __lock_acquire+0xab9/0xd20 [ 387.298566][T18019] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 387.298587][T18019] vfs_read+0x200/0xa30 [ 387.298607][T18019] ? fdget_pos+0x247/0x320 [ 387.298627][T18019] ? __pfx___mutex_lock+0x10/0x10 [ 387.298651][T18019] ? __pfx_vfs_read+0x10/0x10 [ 387.298681][T18019] ? __fget_files+0x2a/0x420 [ 387.298709][T18019] ? __fget_files+0x3a0/0x420 [ 387.298729][T18019] ? __fget_files+0x2a/0x420 [ 387.298761][T18019] ksys_read+0x145/0x250 [ 387.298784][T18019] ? __pfx_ksys_read+0x10/0x10 [ 387.298803][T18019] ? fput+0xa0/0xd0 [ 387.298825][T18019] ? do_syscall_64+0xbe/0x3b0 [ 387.298852][T18019] do_syscall_64+0xfa/0x3b0 [ 387.298871][T18019] ? lockdep_hardirqs_on+0x9c/0x150 [ 387.298892][T18019] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.298908][T18019] ? clear_bhb_loop+0x60/0xb0 [ 387.298925][T18019] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.298939][T18019] RIP: 0033:0x7ffb5d98d5fc [ 387.298956][T18019] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 387.298971][T18019] RSP: 002b:00007ffb5e87d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 387.298987][T18019] RAX: ffffffffffffffda RBX: 00007ffb5dbb5fa0 RCX: 00007ffb5d98d5fc [ 387.298998][T18019] RDX: 000000000000000f RSI: 00007ffb5e87d0a0 RDI: 0000000000000005 [ 387.299007][T18019] RBP: 00007ffb5e87d090 R08: 0000000000000000 R09: 0000000000000000 [ 387.299017][T18019] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001 [ 387.299027][T18019] R13: 00007ffb5dbb6038 R14: 00007ffb5dbb5fa0 R15: 00007fff69d49d18 [ 387.299057][T18019] [ 387.712284][T18030] FAULT_INJECTION: forcing a failure. [ 387.712284][T18030] name failslab, interval 1, probability 0, space 0, times 0 [ 387.757475][T18030] CPU: 1 UID: 0 PID: 18030 Comm: syz.2.3973 Not tainted syzkaller #0 PREEMPT(full) [ 387.757502][T18030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 387.757513][T18030] Call Trace: [ 387.757521][T18030] [ 387.757528][T18030] dump_stack_lvl+0x189/0x250 [ 387.757554][T18030] ? __pfx____ratelimit+0x10/0x10 [ 387.757577][T18030] ? __pfx_dump_stack_lvl+0x10/0x10 [ 387.757598][T18030] ? __pfx__printk+0x10/0x10 [ 387.757625][T18030] ? __pfx___might_resched+0x10/0x10 [ 387.757648][T18030] should_fail_ex+0x414/0x560 [ 387.757682][T18030] should_failslab+0xa8/0x100 [ 387.757708][T18030] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 387.757731][T18030] ? __alloc_skb+0x112/0x2d0 [ 387.757760][T18030] __alloc_skb+0x112/0x2d0 [ 387.757788][T18030] netlink_sendmsg+0x5c6/0xb30 [ 387.757822][T18030] ? __pfx_netlink_sendmsg+0x10/0x10 [ 387.757850][T18030] ? aa_sock_msg_perm+0xf1/0x1d0 [ 387.757878][T18030] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 387.757896][T18030] ? __pfx_netlink_sendmsg+0x10/0x10 [ 387.757920][T18030] __sock_sendmsg+0x219/0x270 [ 387.757945][T18030] ____sys_sendmsg+0x505/0x830 [ 387.757970][T18030] ? __pfx_____sys_sendmsg+0x10/0x10 [ 387.757998][T18030] ? import_iovec+0x74/0xa0 [ 387.758022][T18030] ___sys_sendmsg+0x21f/0x2a0 [ 387.758044][T18030] ? __pfx____sys_sendmsg+0x10/0x10 [ 387.758099][T18030] ? __fget_files+0x2a/0x420 [ 387.758123][T18030] ? __fget_files+0x3a0/0x420 [ 387.758157][T18030] __x64_sys_sendmsg+0x19b/0x260 [ 387.758179][T18030] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 387.758208][T18030] ? __pfx_ksys_write+0x10/0x10 [ 387.758227][T18030] ? rcu_is_watching+0x15/0xb0 [ 387.758248][T18030] ? do_syscall_64+0xbe/0x3b0 [ 387.758269][T18030] do_syscall_64+0xfa/0x3b0 [ 387.758287][T18030] ? lockdep_hardirqs_on+0x9c/0x150 [ 387.758304][T18030] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.758318][T18030] ? clear_bhb_loop+0x60/0xb0 [ 387.758334][T18030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.758347][T18030] RIP: 0033:0x7f31d418ebe9 [ 387.758361][T18030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 387.758380][T18030] RSP: 002b:00007f31d4fb8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 387.758396][T18030] RAX: ffffffffffffffda RBX: 00007f31d43b5fa0 RCX: 00007f31d418ebe9 [ 387.758406][T18030] RDX: 0000000000000080 RSI: 0000200000000180 RDI: 0000000000000004 [ 387.758415][T18030] RBP: 00007f31d4fb8090 R08: 0000000000000000 R09: 0000000000000000 [ 387.758423][T18030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 387.758431][T18030] R13: 00007f31d43b6038 R14: 00007f31d43b5fa0 R15: 00007ffe86913168 [ 387.758456][T18030] [ 387.786388][T18034] FAULT_INJECTION: forcing a failure. [ 387.786388][T18034] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 388.052908][T18034] CPU: 1 UID: 0 PID: 18034 Comm: syz.3.3976 Not tainted syzkaller #0 PREEMPT(full) [ 388.052934][T18034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 388.052944][T18034] Call Trace: [ 388.052952][T18034] [ 388.052960][T18034] dump_stack_lvl+0x189/0x250 [ 388.052987][T18034] ? __pfx____ratelimit+0x10/0x10 [ 388.053011][T18034] ? __pfx_dump_stack_lvl+0x10/0x10 [ 388.053031][T18034] ? __pfx__printk+0x10/0x10 [ 388.053055][T18034] ? __might_fault+0xb0/0x130 [ 388.053090][T18034] should_fail_ex+0x414/0x560 [ 388.053117][T18034] _copy_from_user+0x2d/0xb0 [ 388.053139][T18034] ___sys_sendmsg+0x158/0x2a0 [ 388.053160][T18034] ? __pfx____sys_sendmsg+0x10/0x10 [ 388.053216][T18034] ? __fget_files+0x2a/0x420 [ 388.053240][T18034] ? __fget_files+0x3a0/0x420 [ 388.053274][T18034] __x64_sys_sendmsg+0x19b/0x260 [ 388.053296][T18034] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 388.053324][T18034] ? __pfx_ksys_write+0x10/0x10 [ 388.053343][T18034] ? rcu_is_watching+0x15/0xb0 [ 388.053372][T18034] ? do_syscall_64+0xbe/0x3b0 [ 388.053400][T18034] do_syscall_64+0xfa/0x3b0 [ 388.053421][T18034] ? lockdep_hardirqs_on+0x9c/0x150 [ 388.053443][T18034] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.053461][T18034] ? clear_bhb_loop+0x60/0xb0 [ 388.053482][T18034] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.053499][T18034] RIP: 0033:0x7ffb5d98ebe9 [ 388.053516][T18034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.053531][T18034] RSP: 002b:00007ffb5e87d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 388.053551][T18034] RAX: ffffffffffffffda RBX: 00007ffb5dbb5fa0 RCX: 00007ffb5d98ebe9 [ 388.053564][T18034] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004 [ 388.053575][T18034] RBP: 00007ffb5e87d090 R08: 0000000000000000 R09: 0000000000000000 [ 388.053587][T18034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 388.053598][T18034] R13: 00007ffb5dbb6038 R14: 00007ffb5dbb5fa0 R15: 00007fff69d49d18 [ 388.053627][T18034] [ 388.286159][T18041] FAULT_INJECTION: forcing a failure. [ 388.286159][T18041] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 388.299421][T18041] CPU: 1 UID: 0 PID: 18041 Comm: syz.0.3975 Not tainted syzkaller #0 PREEMPT(full) [ 388.299446][T18041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 388.299457][T18041] Call Trace: [ 388.299465][T18041] [ 388.299472][T18041] dump_stack_lvl+0x189/0x250 [ 388.299498][T18041] ? __pfx____ratelimit+0x10/0x10 [ 388.299521][T18041] ? __pfx_dump_stack_lvl+0x10/0x10 [ 388.299542][T18041] ? __pfx__printk+0x10/0x10 [ 388.299565][T18041] ? __might_fault+0xb0/0x130 [ 388.299601][T18041] should_fail_ex+0x414/0x560 [ 388.299633][T18041] _copy_from_iter+0x1db/0x16f0 [ 388.299655][T18041] ? rcu_is_watching+0x15/0xb0 [ 388.299674][T18041] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 388.299699][T18041] ? __pfx__copy_from_iter+0x10/0x10 [ 388.299719][T18041] ? __build_skb_around+0x257/0x3e0 [ 388.299747][T18041] ? netlink_sendmsg+0x642/0xb30 [ 388.299769][T18041] ? skb_put+0x11b/0x210 [ 388.299789][T18041] netlink_sendmsg+0x6b2/0xb30 [ 388.299822][T18041] ? __pfx_netlink_sendmsg+0x10/0x10 [ 388.299849][T18041] ? aa_sock_msg_perm+0xf1/0x1d0 [ 388.299876][T18041] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 388.299895][T18041] ? __pfx_netlink_sendmsg+0x10/0x10 [ 388.299920][T18041] __sock_sendmsg+0x219/0x270 [ 388.299944][T18041] ____sys_sendmsg+0x505/0x830 [ 388.299968][T18041] ? __pfx_____sys_sendmsg+0x10/0x10 [ 388.299995][T18041] ? import_iovec+0x74/0xa0 [ 388.300019][T18041] ___sys_sendmsg+0x21f/0x2a0 [ 388.300039][T18041] ? __pfx____sys_sendmsg+0x10/0x10 [ 388.300094][T18041] ? __fget_files+0x2a/0x420 [ 388.300117][T18041] ? __fget_files+0x3a0/0x420 [ 388.300151][T18041] __x64_sys_sendmsg+0x19b/0x260 [ 388.300172][T18041] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 388.300199][T18041] ? __pfx_ksys_write+0x10/0x10 [ 388.300227][T18041] ? do_syscall_64+0xbe/0x3b0 [ 388.300254][T18041] do_syscall_64+0xfa/0x3b0 [ 388.300275][T18041] ? lockdep_hardirqs_on+0x9c/0x150 [ 388.300297][T18041] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.300314][T18041] ? clear_bhb_loop+0x60/0xb0 [ 388.300339][T18041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.300355][T18041] RIP: 0033:0x7f3ef518ebe9 [ 388.300372][T18041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.300387][T18041] RSP: 002b:00007f3ef5f7a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 388.300411][T18041] RAX: ffffffffffffffda RBX: 00007f3ef53b6090 RCX: 00007f3ef518ebe9 [ 388.300425][T18041] RDX: 0000000004000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 388.300436][T18041] RBP: 00007f3ef5f7a090 R08: 0000000000000000 R09: 0000000000000000 [ 388.300447][T18041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 388.300457][T18041] R13: 00007f3ef53b6128 R14: 00007f3ef53b6090 R15: 00007ffc7a370208 [ 388.300487][T18041] [ 388.624132][T18043] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3980'. [ 388.674745][T18046] netlink: 'syz.2.3981': attribute type 62 has an invalid length. [ 388.798279][T18051] FAULT_INJECTION: forcing a failure. [ 388.798279][T18051] name failslab, interval 1, probability 0, space 0, times 0 [ 388.816733][T18051] CPU: 0 UID: 0 PID: 18051 Comm: syz.3.3982 Not tainted syzkaller #0 PREEMPT(full) [ 388.816759][T18051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 388.816770][T18051] Call Trace: [ 388.816777][T18051] [ 388.816785][T18051] dump_stack_lvl+0x189/0x250 [ 388.816811][T18051] ? __pfx____ratelimit+0x10/0x10 [ 388.816834][T18051] ? __pfx_dump_stack_lvl+0x10/0x10 [ 388.816855][T18051] ? __pfx__printk+0x10/0x10 [ 388.816885][T18051] ? __pfx___might_resched+0x10/0x10 [ 388.816908][T18051] should_fail_ex+0x414/0x560 [ 388.816937][T18051] should_failslab+0xa8/0x100 [ 388.816963][T18051] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 388.816988][T18051] ? __alloc_skb+0x112/0x2d0 [ 388.817017][T18051] __alloc_skb+0x112/0x2d0 [ 388.817046][T18051] netlink_sendmsg+0x5c6/0xb30 [ 388.817080][T18051] ? __pfx_netlink_sendmsg+0x10/0x10 [ 388.817105][T18051] ? aa_sock_msg_perm+0xf1/0x1d0 [ 388.817132][T18051] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 388.817150][T18051] ? __pfx_netlink_sendmsg+0x10/0x10 [ 388.817173][T18051] __sock_sendmsg+0x219/0x270 [ 388.817196][T18051] ____sys_sendmsg+0x505/0x830 [ 388.817219][T18051] ? __pfx_____sys_sendmsg+0x10/0x10 [ 388.817245][T18051] ? import_iovec+0x74/0xa0 [ 388.817267][T18051] ___sys_sendmsg+0x21f/0x2a0 [ 388.817284][T18051] ? __pfx____sys_sendmsg+0x10/0x10 [ 388.817334][T18051] ? __fget_files+0x2a/0x420 [ 388.817358][T18051] ? __fget_files+0x3a0/0x420 [ 388.817394][T18051] __x64_sys_sendmsg+0x19b/0x260 [ 388.817415][T18051] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 388.817444][T18051] ? __pfx_ksys_write+0x10/0x10 [ 388.817464][T18051] ? rcu_is_watching+0x15/0xb0 [ 388.817487][T18051] ? do_syscall_64+0xbe/0x3b0 [ 388.817512][T18051] do_syscall_64+0xfa/0x3b0 [ 388.817533][T18051] ? lockdep_hardirqs_on+0x9c/0x150 [ 388.817556][T18051] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.817573][T18051] ? clear_bhb_loop+0x60/0xb0 [ 388.817603][T18051] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.817621][T18051] RIP: 0033:0x7ffb5d98ebe9 [ 388.817639][T18051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.817656][T18051] RSP: 002b:00007ffb5e87d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 388.817676][T18051] RAX: ffffffffffffffda RBX: 00007ffb5dbb5fa0 RCX: 00007ffb5d98ebe9 [ 388.817689][T18051] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 388.817700][T18051] RBP: 00007ffb5e87d090 R08: 0000000000000000 R09: 0000000000000000 [ 388.817711][T18051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 388.817726][T18051] R13: 00007ffb5dbb6038 R14: 00007ffb5dbb5fa0 R15: 00007fff69d49d18 [ 388.817758][T18051] [ 389.286010][T18066] sctp: [Deprecated]: syz.2.3987 (pid 18066) Use of struct sctp_assoc_value in delayed_ack socket option. [ 389.286010][T18066] Use struct sctp_sack_info instead [ 389.399640][T18068] smc: net device bond0 applied user defined pnetid SYZ2 [ 389.416033][T18070] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.3991'. [ 389.427476][T18068] smc: net device bond0 erased user defined pnetid SYZ2 [ 389.580301][T18073] tipc: Enabled bearer , priority 0 [ 389.611881][T18073] syzkaller0: entered promiscuous mode [ 389.627367][T18073] syzkaller0: entered allmulticast mode [ 389.705913][T18073] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 389.767270][T18078] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3992'. [ 389.806049][T18073] tipc: Resetting bearer [ 389.844991][T18072] tipc: Resetting bearer [ 389.852423][T18086] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3998'. [ 389.903087][T18072] tipc: Disabling bearer [ 389.923859][T18085] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3997'. [ 389.972629][T18085] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3997'. [ 390.405510][T18105] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4006'. [ 390.634503][T18111] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4010'. [ 390.656432][ T5873] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 390.666330][ T5873] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 390.674719][ T5873] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 390.694421][ T5873] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 390.711003][ T5873] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 390.788240][T18124] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4012'. [ 390.839554][T18121] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4011'. [ 390.851220][T18125] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4011'. [ 390.904398][T18129] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4014'. [ 390.946599][ T76] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.982146][T18113] hsr0 speed is unknown, defaulting to 1000 [ 391.144098][ T76] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 391.417288][ T76] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 391.478290][T18152] "syz.3.4018" (18152) uses obsolete ecb(arc4) skcipher [ 391.501293][T18113] lo speed is unknown, defaulting to 1000 [ 391.566905][T18158] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4024'. [ 391.584432][ T76] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 391.778860][T18167] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4027'. [ 392.070917][T18185] sctp: [Deprecated]: syz.2.4032 (pid 18185) Use of int in max_burst socket option deprecated. [ 392.070917][T18185] Use struct sctp_assoc_value instead [ 392.086986][ T1094] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 392.142702][ T36] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 392.152120][T18187] FAULT_INJECTION: forcing a failure. [ 392.152120][T18187] name failslab, interval 1, probability 0, space 0, times 0 [ 392.163943][ T36] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 392.194366][T18187] CPU: 1 UID: 0 PID: 18187 Comm: syz.4.4034 Not tainted syzkaller #0 PREEMPT(full) [ 392.194392][T18187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 392.194403][T18187] Call Trace: [ 392.194411][T18187] [ 392.194419][T18187] dump_stack_lvl+0x189/0x250 [ 392.194447][T18187] ? __pfx____ratelimit+0x10/0x10 [ 392.194471][T18187] ? __pfx_dump_stack_lvl+0x10/0x10 [ 392.194491][T18187] ? __pfx__printk+0x10/0x10 [ 392.194521][T18187] ? __pfx___might_resched+0x10/0x10 [ 392.194538][T18187] ? fs_reclaim_acquire+0x7d/0x100 [ 392.194569][T18187] should_fail_ex+0x414/0x560 [ 392.194597][T18187] should_failslab+0xa8/0x100 [ 392.194625][T18187] __kmalloc_cache_noprof+0x70/0x3d0 [ 392.194648][T18187] ? genl_start+0x1c9/0x6c0 [ 392.194673][T18187] genl_start+0x1c9/0x6c0 [ 392.194691][T18187] ? netlink_lookup+0x30/0x200 [ 392.194722][T18187] __netlink_dump_start+0x469/0x7e0 [ 392.194755][T18187] genl_family_rcv_msg_dumpit+0x1e7/0x2c0 [ 392.194780][T18187] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 392.194809][T18187] ? __pfx_genl_start+0x10/0x10 [ 392.194825][T18187] ? __pfx_genl_dumpit+0x10/0x10 [ 392.194842][T18187] ? __pfx_genl_done+0x10/0x10 [ 392.194867][T18187] ? bpf_lsm_capable+0x9/0x20 [ 392.194888][T18187] ? security_capable+0x7e/0x2e0 [ 392.194920][T18187] genl_rcv_msg+0x5da/0x790 [ 392.194948][T18187] ? __pfx_genl_rcv_msg+0x10/0x10 [ 392.194965][T18187] ? __pfx_batadv_orig_dump+0x10/0x10 [ 392.195006][T18187] netlink_rcv_skb+0x205/0x470 [ 392.195027][T18187] ? __lock_acquire+0xab9/0xd20 [ 392.195052][T18187] ? __pfx_genl_rcv_msg+0x10/0x10 [ 392.195073][T18187] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 392.195115][T18187] ? down_read+0x1ad/0x2e0 [ 392.195144][T18187] genl_rcv+0x28/0x40 [ 392.195161][T18187] netlink_unicast+0x82f/0x9e0 [ 392.195192][T18187] ? __pfx_netlink_unicast+0x10/0x10 [ 392.195217][T18187] ? netlink_sendmsg+0x642/0xb30 [ 392.195239][T18187] ? skb_put+0x11b/0x210 [ 392.195261][T18187] netlink_sendmsg+0x805/0xb30 [ 392.195303][T18187] ? __pfx_netlink_sendmsg+0x10/0x10 [ 392.195331][T18187] ? aa_sock_msg_perm+0xf1/0x1d0 [ 392.195360][T18187] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 392.195384][T18187] ? __pfx_netlink_sendmsg+0x10/0x10 [ 392.195409][T18187] __sock_sendmsg+0x219/0x270 [ 392.195436][T18187] ____sys_sendmsg+0x505/0x830 [ 392.195470][T18187] ? __pfx_____sys_sendmsg+0x10/0x10 [ 392.195499][T18187] ? import_iovec+0x74/0xa0 [ 392.195524][T18187] ___sys_sendmsg+0x21f/0x2a0 [ 392.195554][T18187] ? __pfx____sys_sendmsg+0x10/0x10 [ 392.195618][T18187] ? __fget_files+0x2a/0x420 [ 392.195643][T18187] ? __fget_files+0x3a0/0x420 [ 392.195680][T18187] __x64_sys_sendmsg+0x19b/0x260 [ 392.195703][T18187] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 392.195733][T18187] ? __pfx_ksys_write+0x10/0x10 [ 392.195764][T18187] ? do_syscall_64+0xbe/0x3b0 [ 392.195797][T18187] do_syscall_64+0xfa/0x3b0 [ 392.195819][T18187] ? lockdep_hardirqs_on+0x9c/0x150 [ 392.195842][T18187] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.195861][T18187] ? clear_bhb_loop+0x60/0xb0 [ 392.195883][T18187] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.195901][T18187] RIP: 0033:0x7f48f3d8ebe9 [ 392.195919][T18187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.195934][T18187] RSP: 002b:00007f48f1ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 392.195954][T18187] RAX: ffffffffffffffda RBX: 00007f48f3fb6090 RCX: 00007f48f3d8ebe9 [ 392.195969][T18187] RDX: 0000000000000000 RSI: 0000200000004340 RDI: 0000000000000003 [ 392.195981][T18187] RBP: 00007f48f1ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 392.195993][T18187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 392.196005][T18187] R13: 00007f48f3fb6128 R14: 00007f48f3fb6090 R15: 00007ffe06ea0d18 [ 392.196033][T18187] [ 392.617443][ T1054] netdevsim netdevsim1 eth4: set [1, 0] type 2 family 0 port 6081 - 0 [ 392.647559][ T76] bridge_slave_1: left allmulticast mode [ 392.655932][ T76] bridge_slave_1: left promiscuous mode [ 392.669885][ T76] bridge0: port 2(bridge_slave_1) entered disabled state [ 392.763527][ T76] bridge_slave_0: left allmulticast mode [ 392.777321][T18199] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4035'. [ 392.787539][ T51] Bluetooth: hci0: command tx timeout [ 392.789578][ T76] bridge_slave_0: left promiscuous mode [ 392.799575][ T76] bridge0: port 1(bridge_slave_0) entered disabled state [ 392.979207][T18211] FAULT_INJECTION: forcing a failure. [ 392.979207][T18211] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 392.995414][T18211] CPU: 1 UID: 0 PID: 18211 Comm: syz.2.4037 Not tainted syzkaller #0 PREEMPT(full) [ 392.995439][T18211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 392.995449][T18211] Call Trace: [ 392.995455][T18211] [ 392.995463][T18211] dump_stack_lvl+0x189/0x250 [ 392.995488][T18211] ? __pfx____ratelimit+0x10/0x10 [ 392.995512][T18211] ? __pfx_dump_stack_lvl+0x10/0x10 [ 392.995532][T18211] ? __pfx__printk+0x10/0x10 [ 392.995554][T18211] ? __might_fault+0xb0/0x130 [ 392.995586][T18211] should_fail_ex+0x414/0x560 [ 392.995611][T18211] _copy_from_iter+0x1db/0x16f0 [ 392.995631][T18211] ? rcu_is_watching+0x15/0xb0 [ 392.995649][T18211] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 392.995672][T18211] ? __pfx__copy_from_iter+0x10/0x10 [ 392.995691][T18211] ? __build_skb_around+0x257/0x3e0 [ 392.995720][T18211] ? netlink_sendmsg+0x642/0xb30 [ 392.995741][T18211] ? skb_put+0x11b/0x210 [ 392.995762][T18211] netlink_sendmsg+0x6b2/0xb30 [ 392.995795][T18211] ? __pfx_netlink_sendmsg+0x10/0x10 [ 392.995821][T18211] ? aa_sock_msg_perm+0xf1/0x1d0 [ 392.995846][T18211] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 392.995863][T18211] ? __pfx_netlink_sendmsg+0x10/0x10 [ 392.995888][T18211] __sock_sendmsg+0x219/0x270 [ 392.995914][T18211] ____sys_sendmsg+0x505/0x830 [ 392.995937][T18211] ? __pfx_____sys_sendmsg+0x10/0x10 [ 392.995977][T18211] ? import_iovec+0x74/0xa0 [ 392.995998][T18211] ___sys_sendmsg+0x21f/0x2a0 [ 392.996016][T18211] ? __pfx____sys_sendmsg+0x10/0x10 [ 392.996058][T18211] ? __fget_files+0x2a/0x420 [ 392.996077][T18211] ? __fget_files+0x3a0/0x420 [ 392.996106][T18211] __x64_sys_sendmsg+0x19b/0x260 [ 392.996122][T18211] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 392.996144][T18211] ? __pfx_ksys_write+0x10/0x10 [ 392.996167][T18211] ? do_syscall_64+0xbe/0x3b0 [ 392.996190][T18211] do_syscall_64+0xfa/0x3b0 [ 392.996208][T18211] ? lockdep_hardirqs_on+0x9c/0x150 [ 392.996226][T18211] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.996240][T18211] ? clear_bhb_loop+0x60/0xb0 [ 392.996258][T18211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.996271][T18211] RIP: 0033:0x7f31d418ebe9 [ 392.996286][T18211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.996298][T18211] RSP: 002b:00007f31d4f97038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 392.996314][T18211] RAX: ffffffffffffffda RBX: 00007f31d43b6090 RCX: 00007f31d418ebe9 [ 392.996324][T18211] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004 [ 392.996333][T18211] RBP: 00007f31d4f97090 R08: 0000000000000000 R09: 0000000000000000 [ 392.996342][T18211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 392.996351][T18211] R13: 00007f31d43b6128 R14: 00007f31d43b6090 R15: 00007ffe86913168 [ 392.996373][T18211] [ 393.613947][ T76] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 393.625157][ T76] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 393.635701][ T76] bond0 (unregistering): Released all slaves [ 393.649104][T18113] chnl_net:caif_netlink_parms(): no params data found [ 393.718372][T18210] smc: net device bond0 applied user defined pnetid SYZ2 [ 393.814775][T18220] netlink: 'syz.4.4039': attribute type 1 has an invalid length. [ 393.828508][T18220] netlink: 224 bytes leftover after parsing attributes in process `syz.4.4039'. [ 393.861744][T18224] netlink: 'syz.3.4038': attribute type 1 has an invalid length. [ 393.869764][T18224] netlink: 'syz.3.4038': attribute type 4 has an invalid length. [ 393.878804][T18224] netlink: 192 bytes leftover after parsing attributes in process `syz.3.4038'. [ 394.092167][T18234] FAULT_INJECTION: forcing a failure. [ 394.092167][T18234] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 394.110012][T18234] CPU: 0 UID: 0 PID: 18234 Comm: syz.3.4045 Not tainted syzkaller #0 PREEMPT(full) [ 394.110038][T18234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 394.110048][T18234] Call Trace: [ 394.110055][T18234] [ 394.110061][T18234] dump_stack_lvl+0x189/0x250 [ 394.110085][T18234] ? __pfx____ratelimit+0x10/0x10 [ 394.110110][T18234] ? __pfx_dump_stack_lvl+0x10/0x10 [ 394.110131][T18234] ? __pfx__printk+0x10/0x10 [ 394.110167][T18234] should_fail_ex+0x414/0x560 [ 394.110196][T18234] _copy_to_user+0x31/0xb0 [ 394.110219][T18234] simple_read_from_buffer+0xe1/0x170 [ 394.110249][T18234] proc_fail_nth_read+0x1b3/0x220 [ 394.110277][T18234] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 394.110300][T18234] ? rw_verify_area+0x2a6/0x4d0 [ 394.110319][T18234] ? __lock_acquire+0xab9/0xd20 [ 394.110341][T18234] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 394.110360][T18234] vfs_read+0x200/0xa30 [ 394.110379][T18234] ? fdget_pos+0x247/0x320 [ 394.110397][T18234] ? __pfx___mutex_lock+0x10/0x10 [ 394.110421][T18234] ? __pfx_vfs_read+0x10/0x10 [ 394.110443][T18234] ? __fget_files+0x2a/0x420 [ 394.110475][T18234] ? __fget_files+0x3a0/0x420 [ 394.110496][T18234] ? __fget_files+0x2a/0x420 [ 394.110527][T18234] ksys_read+0x145/0x250 [ 394.110550][T18234] ? __pfx_ksys_read+0x10/0x10 [ 394.110568][T18234] ? fput+0xa0/0xd0 [ 394.110588][T18234] ? do_syscall_64+0xbe/0x3b0 [ 394.110641][T18234] do_syscall_64+0xfa/0x3b0 [ 394.110663][T18234] ? lockdep_hardirqs_on+0x9c/0x150 [ 394.110685][T18234] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.110703][T18234] ? clear_bhb_loop+0x60/0xb0 [ 394.110726][T18234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.110743][T18234] RIP: 0033:0x7ffb5d98d5fc [ 394.110761][T18234] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 394.110778][T18234] RSP: 002b:00007ffb5e87d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 394.110874][T18234] RAX: ffffffffffffffda RBX: 00007ffb5dbb5fa0 RCX: 00007ffb5d98d5fc [ 394.110888][T18234] RDX: 000000000000000f RSI: 00007ffb5e87d0a0 RDI: 0000000000000005 [ 394.110900][T18234] RBP: 00007ffb5e87d090 R08: 0000000000000000 R09: 0000000000000000 [ 394.110912][T18234] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001 [ 394.110924][T18234] R13: 00007ffb5dbb6038 R14: 00007ffb5dbb5fa0 R15: 00007fff69d49d18 [ 394.110956][T18234] [ 394.528083][T18113] bridge0: port 1(bridge_slave_0) entered blocking state [ 394.542996][T18247] IPVS: set_ctl: invalid protocol: 43 172.30.0.4:20000 [ 394.551617][T18113] bridge0: port 1(bridge_slave_0) entered disabled state [ 394.585391][T18113] bridge_slave_0: entered allmulticast mode [ 394.609026][T18113] bridge_slave_0: entered promiscuous mode [ 394.666930][T18113] bridge0: port 2(bridge_slave_1) entered blocking state [ 394.675647][T18113] bridge0: port 2(bridge_slave_1) entered disabled state [ 394.683518][T18113] bridge_slave_1: entered allmulticast mode [ 394.693795][T18113] bridge_slave_1: entered promiscuous mode [ 394.767568][T18252] hsr0 speed is unknown, defaulting to 1000 [ 394.860834][ T51] Bluetooth: hci0: command tx timeout [ 394.883817][T18269] Bluetooth: MGMT ver 1.23 [ 394.925228][T18113] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 394.940194][T18113] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 395.044158][T18274] netlink: 'syz.4.4054': attribute type 25 has an invalid length. [ 395.059724][T18113] team0: Port device team_slave_0 added [ 395.077635][T18113] team0: Port device team_slave_1 added [ 395.195394][T18113] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 395.205772][T18113] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 395.240352][T18113] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 395.268590][T18283] sctp: [Deprecated]: syz.2.4057 (pid 18283) Use of struct sctp_assoc_value in delayed_ack socket option. [ 395.268590][T18283] Use struct sctp_sack_info instead [ 395.288064][T18113] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 395.306123][T18113] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 395.306679][T18283] FAULT_INJECTION: forcing a failure. [ 395.306679][T18283] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 395.345941][T18113] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 395.393064][T18283] CPU: 0 UID: 0 PID: 18283 Comm: syz.2.4057 Not tainted syzkaller #0 PREEMPT(full) [ 395.393090][T18283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 395.393099][T18283] Call Trace: [ 395.393108][T18283] [ 395.393116][T18283] dump_stack_lvl+0x189/0x250 [ 395.393142][T18283] ? __pfx____ratelimit+0x10/0x10 [ 395.393165][T18283] ? __pfx_dump_stack_lvl+0x10/0x10 [ 395.393186][T18283] ? __pfx__printk+0x10/0x10 [ 395.393221][T18283] should_fail_ex+0x414/0x560 [ 395.393249][T18283] _copy_to_user+0x31/0xb0 [ 395.393272][T18283] sctp_getsockopt_delayed_ack+0x586/0x7b0 [ 395.393301][T18283] ? __pfx_sctp_getsockopt_delayed_ack+0x10/0x10 [ 395.393335][T18283] sctp_getsockopt+0x7b3/0xb60 [ 395.393358][T18283] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 395.393382][T18283] do_sock_getsockopt+0x372/0x450 [ 395.393404][T18283] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 395.393421][T18283] ? write_ibpb+0x30/0x40 [ 395.393444][T18283] ? __fget_files+0x3a0/0x420 [ 395.393470][T18283] ? __fget_files+0x2a/0x420 [ 395.393509][T18283] __x64_sys_getsockopt+0x1a5/0x250 [ 395.393527][T18283] ? write_ibpb+0x30/0x40 [ 395.393551][T18283] ? write_ibpb+0x30/0x40 [ 395.393578][T18283] do_syscall_64+0xfa/0x3b0 [ 395.393601][T18283] ? lockdep_hardirqs_on+0x9c/0x150 [ 395.393624][T18283] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 395.393644][T18283] ? clear_bhb_loop+0x60/0xb0 [ 395.393666][T18283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 395.393684][T18283] RIP: 0033:0x7f31d418ebe9 [ 395.393701][T18283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 395.393717][T18283] RSP: 002b:00007f31d4fb8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 395.393738][T18283] RAX: ffffffffffffffda RBX: 00007f31d43b5fa0 RCX: 00007f31d418ebe9 [ 395.393752][T18283] RDX: 0000000000000010 RSI: 0000000000000084 RDI: 0000000000000003 [ 395.393762][T18283] RBP: 00007f31d4fb8090 R08: 0000200000000300 R09: 0000000000000000 [ 395.393774][T18283] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001 [ 395.393786][T18283] R13: 00007f31d43b6038 R14: 00007f31d43b5fa0 R15: 00007ffe86913168 [ 395.393816][T18283] [ 395.847577][T18297] __nla_validate_parse: 1 callbacks suppressed [ 395.847596][T18297] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4061'. [ 395.877961][T18113] hsr_slave_0: entered promiscuous mode [ 395.893758][T18113] hsr_slave_1: entered promiscuous mode [ 395.926219][T18113] debugfs: 'hsr0' already exists in 'hsr' [ 395.932352][T18113] Cannot create hsr debugfs directory [ 396.134238][T18310] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4065'. [ 396.257867][T18318] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4065'. [ 396.378492][T18252] lo speed is unknown, defaulting to 1000 [ 396.945691][ T51] Bluetooth: hci0: command tx timeout [ 397.392673][T18355] netlink: 'syz.4.4075': attribute type 1 has an invalid length. [ 397.396786][T18113] netdevsim netdevsim1 eth4 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.400451][T18355] netlink: 224 bytes leftover after parsing attributes in process `syz.4.4075'. [ 397.493705][ T76] hsr_slave_0: left promiscuous mode [ 397.530694][ T76] hsr_slave_1: left promiscuous mode [ 397.542505][ T76] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 397.562119][ T76] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 397.577300][ T76] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 397.595666][ T76] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 397.680254][ T76] veth1_macvtap: left promiscuous mode [ 397.694116][ T76] veth0_macvtap: left promiscuous mode [ 397.707218][ T76] veth1_vlan: left promiscuous mode [ 397.714721][ T76] veth0_vlan: left promiscuous mode [ 397.865140][T18373] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 398.349007][ T76] team0 (unregistering): Port device team_slave_1 removed [ 398.394130][ T76] team0 (unregistering): Port device team_slave_0 removed [ 398.849919][T18113] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.021358][ T51] Bluetooth: hci0: command tx timeout [ 399.041319][T18388] netlink: 'syz.0.4085': attribute type 1 has an invalid length. [ 399.049374][T18388] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4085'. [ 399.096437][T18113] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.346580][T18113] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.636242][T18416] IPVS: set_ctl: invalid protocol: 100 224.0.0.2:20004 [ 399.650799][T18416] netlink: 104 bytes leftover after parsing attributes in process `syz.4.4091'. [ 399.739882][T18421] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4093'. [ 399.849099][T18113] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 399.869962][T18113] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 399.887446][T18113] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 399.917293][T18113] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 400.169915][T18438] netlink: 'syz.0.4096': attribute type 1 has an invalid length. [ 400.190779][T18438] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4096'. [ 400.236116][T18113] 8021q: adding VLAN 0 to HW filter on device bond0 [ 400.329745][T18113] 8021q: adding VLAN 0 to HW filter on device team0 [ 400.369087][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 400.376443][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 400.385007][T18446] FAULT_INJECTION: forcing a failure. [ 400.385007][T18446] name failslab, interval 1, probability 0, space 0, times 0 [ 400.432928][T18446] CPU: 1 UID: 0 PID: 18446 Comm: syz.0.4098 Not tainted syzkaller #0 PREEMPT(full) [ 400.432954][T18446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 400.432966][T18446] Call Trace: [ 400.432974][T18446] [ 400.432983][T18446] dump_stack_lvl+0x189/0x250 [ 400.433011][T18446] ? __pfx____ratelimit+0x10/0x10 [ 400.433036][T18446] ? __pfx_dump_stack_lvl+0x10/0x10 [ 400.433058][T18446] ? __pfx__printk+0x10/0x10 [ 400.433084][T18446] ? __pfx___might_resched+0x10/0x10 [ 400.433102][T18446] ? fs_reclaim_acquire+0x7d/0x100 [ 400.433133][T18446] should_fail_ex+0x414/0x560 [ 400.433160][T18446] should_failslab+0xa8/0x100 [ 400.433183][T18446] __kmalloc_noprof+0xcb/0x4f0 [ 400.433201][T18446] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 400.433222][T18446] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 400.433250][T18446] genl_family_rcv_msg_doit+0xb8/0x300 [ 400.433278][T18446] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 400.433307][T18446] ? apparmor_capable+0x137/0x1b0 [ 400.433331][T18446] ? bpf_lsm_capable+0x9/0x20 [ 400.433353][T18446] ? security_capable+0x7e/0x2e0 [ 400.433386][T18446] genl_rcv_msg+0x60e/0x790 [ 400.433413][T18446] ? __pfx_genl_rcv_msg+0x10/0x10 [ 400.433440][T18446] ? __pfx_netlbl_mgmt_removedef+0x10/0x10 [ 400.433484][T18446] netlink_rcv_skb+0x205/0x470 [ 400.433506][T18446] ? __lock_acquire+0xab9/0xd20 [ 400.433532][T18446] ? __pfx_genl_rcv_msg+0x10/0x10 [ 400.433554][T18446] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 400.433600][T18446] ? down_read+0x1ad/0x2e0 [ 400.433629][T18446] genl_rcv+0x28/0x40 [ 400.433646][T18446] netlink_unicast+0x82f/0x9e0 [ 400.433679][T18446] ? __pfx_netlink_unicast+0x10/0x10 [ 400.433704][T18446] ? netlink_sendmsg+0x642/0xb30 [ 400.433727][T18446] ? skb_put+0x11b/0x210 [ 400.433748][T18446] netlink_sendmsg+0x805/0xb30 [ 400.433784][T18446] ? __pfx_netlink_sendmsg+0x10/0x10 [ 400.433813][T18446] ? aa_sock_msg_perm+0xf1/0x1d0 [ 400.433839][T18446] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 400.433856][T18446] ? __pfx_netlink_sendmsg+0x10/0x10 [ 400.433880][T18446] __sock_sendmsg+0x219/0x270 [ 400.433904][T18446] ____sys_sendmsg+0x505/0x830 [ 400.433929][T18446] ? __pfx_____sys_sendmsg+0x10/0x10 [ 400.433959][T18446] ? import_iovec+0x74/0xa0 [ 400.433984][T18446] ___sys_sendmsg+0x21f/0x2a0 [ 400.434006][T18446] ? __pfx____sys_sendmsg+0x10/0x10 [ 400.434052][T18446] ? __fget_files+0x2a/0x420 [ 400.434072][T18446] ? __fget_files+0x3a0/0x420 [ 400.434106][T18446] __x64_sys_sendmsg+0x19b/0x260 [ 400.434127][T18446] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 400.434153][T18446] ? __pfx_ksys_write+0x10/0x10 [ 400.434172][T18446] ? rcu_is_watching+0x15/0xb0 [ 400.434192][T18446] ? do_syscall_64+0xbe/0x3b0 [ 400.434216][T18446] do_syscall_64+0xfa/0x3b0 [ 400.434237][T18446] ? lockdep_hardirqs_on+0x9c/0x150 [ 400.434259][T18446] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.434275][T18446] ? clear_bhb_loop+0x60/0xb0 [ 400.434296][T18446] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.434312][T18446] RIP: 0033:0x7f3ef518ebe9 [ 400.434327][T18446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 400.434341][T18446] RSP: 002b:00007f3ef5f9b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 400.434359][T18446] RAX: ffffffffffffffda RBX: 00007f3ef53b5fa0 RCX: 00007f3ef518ebe9 [ 400.434371][T18446] RDX: 000000000a000000 RSI: 00002000000002c0 RDI: 0000000000000004 [ 400.434381][T18446] RBP: 00007f3ef5f9b090 R08: 0000000000000000 R09: 0000000000000000 [ 400.434390][T18446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 400.434400][T18446] R13: 00007f3ef53b6038 R14: 00007f3ef53b5fa0 R15: 00007ffc7a370208 [ 400.434441][T18446] [ 400.892196][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 400.899550][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 400.999952][T18456] netem: incorrect gi model size [ 401.005453][T18456] netem: change failed [ 401.199256][T18468] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4105'. [ 401.211539][T18468] netlink: 'syz.3.4105': attribute type 1 has an invalid length. [ 401.576355][T18113] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 401.756302][T18113] veth0_vlan: entered promiscuous mode [ 401.788828][T18113] veth1_vlan: entered promiscuous mode [ 401.892568][T18496] sctp: [Deprecated]: syz.0.4110 (pid 18496) Use of struct sctp_assoc_value in delayed_ack socket option. [ 401.892568][T18496] Use struct sctp_sack_info instead [ 401.923693][T18113] veth0_macvtap: entered promiscuous mode [ 401.969263][T18113] veth1_macvtap: entered promiscuous mode [ 402.049734][T18113] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 402.110723][T18113] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 402.137401][ T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.179748][ T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.223632][ T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.337650][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.549624][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 402.568561][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 402.663691][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 402.684849][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 402.850994][T18533] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4120'. [ 402.896298][T18533] dummy0: entered promiscuous mode [ 402.925530][T18533] batadv_slave_1: entered promiscuous mode [ 403.209069][T18546] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4125'. [ 403.707142][ T5873] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 403.729577][ T5873] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 403.740750][ T5873] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 403.753933][ T5873] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 403.764581][ T5873] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 403.779291][T18561] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.4128'. [ 403.793313][T18561] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16) [ 403.923245][T18565] hsr0 speed is unknown, defaulting to 1000 [ 403.944017][T18574] "syz.1.4132" (18574) uses obsolete ecb(arc4) skcipher [ 404.101084][T18581] bpq0: entered promiscuous mode [ 404.122158][T18582] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4136'. [ 404.225658][T18582] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4136'. [ 404.591888][T18565] lo speed is unknown, defaulting to 1000 [ 404.785584][T18614] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4144'. [ 404.791513][T18608] syzkaller1: entered promiscuous mode [ 404.800434][T18608] syzkaller1: entered allmulticast mode [ 404.915688][T18619] "syz.0.4145" (18619) uses obsolete ecb(arc4) skcipher [ 404.968769][T18565] chnl_net:caif_netlink_parms(): no params data found [ 405.274190][T18565] bridge0: port 1(bridge_slave_0) entered blocking state [ 405.282997][T18565] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.290446][T18565] bridge_slave_0: entered allmulticast mode [ 405.299197][T18565] bridge_slave_0: entered promiscuous mode [ 405.310445][T18565] bridge0: port 2(bridge_slave_1) entered blocking state [ 405.318154][T18565] bridge0: port 2(bridge_slave_1) entered disabled state [ 405.326006][T18565] bridge_slave_1: entered allmulticast mode [ 405.335766][T18565] bridge_slave_1: entered promiscuous mode [ 405.363762][T18643] netlink: 'syz.0.4153': attribute type 1 has an invalid length. [ 405.380849][T18643] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4153'. [ 405.461686][T18565] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 405.488947][T18565] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 405.509568][T18649] netlink: 'syz.1.4157': attribute type 5 has an invalid length. [ 405.669104][T18565] team0: Port device team_slave_0 added [ 405.694349][T18565] team0: Port device team_slave_1 added [ 405.790342][T18659] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4159'. [ 405.810023][T18565] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 405.818320][T18565] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 405.844825][ T5873] Bluetooth: hci1: command tx timeout [ 405.879485][T18565] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 405.910350][T18565] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 405.917976][T18565] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 405.944631][T18565] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 406.015484][T18565] hsr_slave_0: entered promiscuous mode [ 406.022711][T18565] hsr_slave_1: entered promiscuous mode [ 406.029007][T18565] debugfs: 'hsr0' already exists in 'hsr' [ 406.035352][T18565] Cannot create hsr debugfs directory [ 406.124654][T18680] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 406.277195][T18683] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.874913][T18565] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 406.901391][T18565] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 406.915326][T18565] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 406.934561][T18565] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 406.971053][T18710] nbd0: detected capacity change from 0 to 549764202496 [ 406.998636][ T5873] block nbd0: Receive control failed (result -104) [ 407.133535][T18565] 8021q: adding VLAN 0 to HW filter on device bond0 [ 407.166480][T18565] 8021q: adding VLAN 0 to HW filter on device team0 [ 407.196353][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.203567][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 407.228040][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.235308][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 407.245907][T18726] netlink: 232 bytes leftover after parsing attributes in process `syz.4.4178'. [ 407.437010][T18730] netlink: 'syz.1.4180': attribute type 5 has an invalid length. [ 407.751887][T18565] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 407.879386][T18565] veth0_vlan: entered promiscuous mode [ 407.901890][ T5873] Bluetooth: hci1: command tx timeout [ 407.927877][T18565] veth1_vlan: entered promiscuous mode [ 407.983564][T18565] veth0_macvtap: entered promiscuous mode [ 408.001195][T18565] veth1_macvtap: entered promiscuous mode [ 408.036250][T18565] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 408.054035][T18565] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 408.081830][ T76] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.091855][ T76] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.103002][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.113895][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.291415][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 408.299290][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 408.378538][T18777] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4193'. [ 408.392422][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 408.403611][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 408.420880][T18779] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.4197'. [ 408.445123][T18777] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 408.566837][T18786] netlink: 'syz.0.4198': attribute type 1 has an invalid length. [ 408.582604][T18791] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4199'. [ 408.604466][T18786] netlink: 'syz.0.4198': attribute type 1 has an invalid length. [ 408.789718][T18800] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4200'. [ 409.216366][T18813] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4204'. [ 409.236635][T18816] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4210'. [ 409.255614][T18816] netlink: 'syz.2.4210': attribute type 1 has an invalid length. [ 409.437986][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 409.448231][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 409.459423][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 409.468643][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 409.476792][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 409.612791][T18825] FAULT_INJECTION: forcing a failure. [ 409.612791][T18825] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 409.651068][T18825] CPU: 1 UID: 0 PID: 18825 Comm: syz.0.4215 Not tainted syzkaller #0 PREEMPT(full) [ 409.651096][T18825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 409.651107][T18825] Call Trace: [ 409.651116][T18825] [ 409.651124][T18825] dump_stack_lvl+0x189/0x250 [ 409.651151][T18825] ? __pfx____ratelimit+0x10/0x10 [ 409.651175][T18825] ? __pfx_dump_stack_lvl+0x10/0x10 [ 409.651196][T18825] ? __pfx__printk+0x10/0x10 [ 409.651220][T18825] ? __might_fault+0xb0/0x130 [ 409.651256][T18825] should_fail_ex+0x414/0x560 [ 409.651284][T18825] _copy_from_user+0x2d/0xb0 [ 409.651306][T18825] ___sys_sendmsg+0x158/0x2a0 [ 409.651328][T18825] ? __pfx____sys_sendmsg+0x10/0x10 [ 409.651384][T18825] ? __fget_files+0x2a/0x420 [ 409.651408][T18825] ? __fget_files+0x3a0/0x420 [ 409.651444][T18825] __x64_sys_sendmsg+0x19b/0x260 [ 409.651466][T18825] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 409.651494][T18825] ? __pfx_ksys_write+0x10/0x10 [ 409.651511][T18825] ? rcu_is_watching+0x15/0xb0 [ 409.651546][T18825] ? do_syscall_64+0xbe/0x3b0 [ 409.651573][T18825] do_syscall_64+0xfa/0x3b0 [ 409.651594][T18825] ? lockdep_hardirqs_on+0x9c/0x150 [ 409.651613][T18825] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.651627][T18825] ? clear_bhb_loop+0x60/0xb0 [ 409.651644][T18825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.651657][T18825] RIP: 0033:0x7f3ef518ebe9 [ 409.651671][T18825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 409.651684][T18825] RSP: 002b:00007f3ef5f9b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 409.651700][T18825] RAX: ffffffffffffffda RBX: 00007f3ef53b5fa0 RCX: 00007f3ef518ebe9 [ 409.651711][T18825] RDX: 0000000004008094 RSI: 0000200000001200 RDI: 0000000000000003 [ 409.651720][T18825] RBP: 00007f3ef5f9b090 R08: 0000000000000000 R09: 0000000000000000 [ 409.651729][T18825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 409.651738][T18825] R13: 00007f3ef53b6038 R14: 00007f3ef53b5fa0 R15: 00007ffc7a370208 [ 409.651760][T18825] [ 409.654411][T18830] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4213'. [ 409.691764][T18821] hsr0 speed is unknown, defaulting to 1000 [ 409.983426][ T5873] Bluetooth: hci1: command tx timeout [ 410.067985][T18841] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4219'. [ 410.279229][T18852] FAULT_INJECTION: forcing a failure. [ 410.279229][T18852] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 410.301884][T18852] CPU: 0 UID: 0 PID: 18852 Comm: syz.2.4223 Not tainted syzkaller #0 PREEMPT(full) [ 410.301912][T18852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 410.301923][T18852] Call Trace: [ 410.301932][T18852] [ 410.301941][T18852] dump_stack_lvl+0x189/0x250 [ 410.301968][T18852] ? __pfx____ratelimit+0x10/0x10 [ 410.301993][T18852] ? __pfx_dump_stack_lvl+0x10/0x10 [ 410.302011][T18852] ? __pfx__printk+0x10/0x10 [ 410.302033][T18852] ? __might_fault+0xb0/0x130 [ 410.302066][T18852] should_fail_ex+0x414/0x560 [ 410.302093][T18852] _copy_from_user+0x2d/0xb0 [ 410.302114][T18852] ___sys_sendmsg+0x158/0x2a0 [ 410.302135][T18852] ? __pfx____sys_sendmsg+0x10/0x10 [ 410.302186][T18852] ? __fget_files+0x2a/0x420 [ 410.302211][T18852] ? __fget_files+0x3a0/0x420 [ 410.302246][T18852] __x64_sys_sendmsg+0x19b/0x260 [ 410.302268][T18852] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 410.302309][T18852] ? __pfx_ksys_write+0x10/0x10 [ 410.302330][T18852] ? rcu_is_watching+0x15/0xb0 [ 410.302354][T18852] ? do_syscall_64+0xbe/0x3b0 [ 410.302383][T18852] do_syscall_64+0xfa/0x3b0 [ 410.302405][T18852] ? lockdep_hardirqs_on+0x9c/0x150 [ 410.302428][T18852] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.302446][T18852] ? clear_bhb_loop+0x60/0xb0 [ 410.302469][T18852] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.302486][T18852] RIP: 0033:0x7fc845d8ebe9 [ 410.302504][T18852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 410.302520][T18852] RSP: 002b:00007fc846c22038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 410.302541][T18852] RAX: ffffffffffffffda RBX: 00007fc845fb5fa0 RCX: 00007fc845d8ebe9 [ 410.302555][T18852] RDX: 0000000004000800 RSI: 0000200000000000 RDI: 0000000000000003 [ 410.302568][T18852] RBP: 00007fc846c22090 R08: 0000000000000000 R09: 0000000000000000 [ 410.302579][T18852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 410.302591][T18852] R13: 00007fc845fb6038 R14: 00007fc845fb5fa0 R15: 00007ffcda610788 [ 410.302623][T18852] [ 410.348067][T18821] lo speed is unknown, defaulting to 1000 [ 410.536195][T18855] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4224'. [ 410.651291][ T5927] IPVS: starting estimator thread 0... [ 410.723763][T18861] bridge0: port 1(bridge_slave_0) entered disabled state [ 410.751465][T18862] IPVS: using max 31 ests per chain, 74400 per kthread [ 410.846499][T18861] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 410.861740][T18861] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 411.004961][ T49] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.030734][ T49] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.069982][ T49] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.096687][ T49] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.139054][T18876] netlink: 'syz.2.4230': attribute type 1 has an invalid length. [ 411.175245][T18876] netlink: 'syz.2.4230': attribute type 4 has an invalid length. [ 411.313541][T18882] bond0: entered promiscuous mode [ 411.330801][T18882] bond_slave_0: entered promiscuous mode [ 411.339898][T18882] bond_slave_1: entered promiscuous mode [ 411.349516][T18882] batadv0: entered promiscuous mode [ 411.358032][T18882] debugfs: 'hsr1' already exists in 'hsr' [ 411.366343][T18882] Cannot create hsr debugfs directory [ 411.372778][T18882] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 411.391059][T18882] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network [ 411.406642][T18882] hsr1: entered allmulticast mode [ 411.414985][T18882] bond0: entered allmulticast mode [ 411.425393][T18882] bond_slave_0: entered allmulticast mode [ 411.432798][T18882] bond_slave_1: entered allmulticast mode [ 411.438753][T18882] batadv0: entered allmulticast mode [ 411.449128][T18882] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 411.464989][T18882] bond0: left promiscuous mode [ 411.480351][T18882] bond_slave_0: left promiscuous mode [ 411.495225][T18882] bond_slave_1: left promiscuous mode [ 411.507770][T18882] batadv0: left promiscuous mode [ 411.561981][T18821] chnl_net:caif_netlink_parms(): no params data found [ 411.580918][ T5873] Bluetooth: hci4: command tx timeout [ 412.013849][T18821] bridge0: port 1(bridge_slave_0) entered blocking state [ 412.022767][T18821] bridge0: port 1(bridge_slave_0) entered disabled state [ 412.030268][T18821] bridge_slave_0: entered allmulticast mode [ 412.047637][T18821] bridge_slave_0: entered promiscuous mode [ 412.066905][T18821] bridge0: port 2(bridge_slave_1) entered blocking state [ 412.074703][ T5873] Bluetooth: hci1: command tx timeout [ 412.103157][T18821] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.114869][T18821] bridge_slave_1: entered allmulticast mode [ 412.124849][T18821] bridge_slave_1: entered promiscuous mode [ 412.163450][T18931] netlink: 'syz.2.4240': attribute type 5 has an invalid length. [ 412.196165][T18821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 412.229947][T18821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 412.318604][T18929] __nla_validate_parse: 3 callbacks suppressed [ 412.318622][T18929] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4239'. [ 412.369139][T18821] team0: Port device team_slave_0 added [ 412.399107][T18821] team0: Port device team_slave_1 added [ 412.488541][T18929] netlink: 'syz.3.4239': attribute type 1 has an invalid length. [ 412.501968][T18940] netlink: 'syz.0.4243': attribute type 1 has an invalid length. [ 412.504812][T18821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 412.509897][T18940] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4243'. [ 412.537256][T18821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 412.613933][T18821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 412.642137][T18821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 412.657021][T18821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 412.687522][T18821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 412.802130][T18956] smc: net device bond0 erased user defined pnetid SYZ2 [ 412.965761][T18821] hsr_slave_0: entered promiscuous mode [ 413.001861][T18821] hsr_slave_1: entered promiscuous mode [ 413.008383][T18821] debugfs: 'hsr0' already exists in 'hsr' [ 413.014892][T18821] Cannot create hsr debugfs directory [ 413.073318][T18970] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4255'. [ 413.185853][T18979] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4255'. [ 413.304888][T18982] IPv6: addrconf: prefix option has invalid lifetime [ 413.449222][T18988] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4262'. [ 413.583271][T18992] bond0: entered promiscuous mode [ 413.588698][T18992] bond_slave_0: entered promiscuous mode [ 413.595709][T18992] bond_slave_1: entered promiscuous mode [ 413.603693][T18992] batadv0: entered promiscuous mode [ 413.609491][T18992] debugfs: 'hsr1' already exists in 'hsr' [ 413.615393][T18992] Cannot create hsr debugfs directory [ 413.621184][T18992] hsr1: entered allmulticast mode [ 413.626389][T18992] bond0: entered allmulticast mode [ 413.633186][T18992] bond_slave_0: entered allmulticast mode [ 413.639516][T18992] bond_slave_1: entered allmulticast mode [ 413.645965][T18992] batadv0: entered allmulticast mode [ 413.651887][T18992] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 413.660402][T18992] bond0: left promiscuous mode [ 413.666544][ T5873] Bluetooth: hci4: command tx timeout [ 413.667037][T18992] bond_slave_0: left promiscuous mode [ 413.677991][T18992] bond_slave_1: left promiscuous mode [ 413.684709][T18992] batadv0: left promiscuous mode [ 413.723478][T18821] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.765750][T18999] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4265'. [ 413.967485][T19004] syzkaller0: entered promiscuous mode [ 413.973205][T19004] syzkaller0: entered allmulticast mode [ 414.030223][T19004] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 414.095390][T19013] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4267'. [ 414.117902][T19007] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4266'. [ 414.220052][T18821] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 414.295836][T18821] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 414.330077][T18821] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 414.375370][T18821] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 414.420349][T19021] hsr0 speed is unknown, defaulting to 1000 [ 414.749412][T18821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 414.797690][T18821] 8021q: adding VLAN 0 to HW filter on device team0 [ 414.816454][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 414.823869][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 414.846935][T19021] lo speed is unknown, defaulting to 1000 [ 414.853220][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 414.860561][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 414.964731][T19049] netlink: 'syz.2.4277': attribute type 1 has an invalid length. [ 414.973705][T19049] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4277'. [ 415.414875][T18821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 415.516266][T19069] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 415.604742][T19073] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4283'. [ 415.747182][ T5873] Bluetooth: hci4: command tx timeout [ 415.998734][T19090] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.109558][T19100] netlink: 'syz.2.4291': attribute type 83 has an invalid length. [ 416.216436][T18821] veth0_vlan: entered promiscuous mode [ 416.232581][T19104] nbd1: detected capacity change from 0 to 549764202496 [ 416.242413][T18821] veth1_vlan: entered promiscuous mode [ 416.246612][ T5873] block nbd1: Receive control failed (result -32) [ 416.254693][T16149] block nbd1: Send control failed (result -32) [ 416.255068][T16149] block nbd1: Request send failed, requeueing [ 416.265591][ T55] block nbd1: Dead connection, failed to find a fallback [ 416.279021][ T55] block nbd1: shutting down sockets [ 416.285039][ T55] blk_print_req_error: 138 callbacks suppressed [ 416.285055][ T55] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 416.303718][ T55] buffer_io_error: 138 callbacks suppressed [ 416.303735][ T55] Buffer I/O error on dev nbd1, logical block 0, async page read [ 416.318794][T16149] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 416.325113][T19111] bpq0: left promiscuous mode [ 416.361515][T16149] Buffer I/O error on dev nbd1, logical block 0, async page read [ 416.369586][T16149] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 416.381350][T16149] Buffer I/O error on dev nbd1, logical block 0, async page read [ 416.389357][T16149] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 416.402710][T16149] Buffer I/O error on dev nbd1, logical block 0, async page read [ 416.411064][T16149] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 416.420126][T16149] Buffer I/O error on dev nbd1, logical block 0, async page read [ 416.429260][T16149] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 416.435470][T18821] veth0_macvtap: entered promiscuous mode [ 416.439193][T16149] Buffer I/O error on dev nbd1, logical block 0, async page read [ 416.453902][T16149] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 416.474187][T18821] veth1_macvtap: entered promiscuous mode [ 416.484453][T16149] Buffer I/O error on dev nbd1, logical block 0, async page read [ 416.505527][T16149] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 416.508052][T18821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 416.542776][T16149] Buffer I/O error on dev nbd1, logical block 0, async page read [ 416.547472][T18821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 416.567115][T16149] ldm_validate_partition_table(): Disk read failed. [ 416.589586][T16149] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 416.612945][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.631284][T16149] Buffer I/O error on dev nbd1, logical block 0, async page read [ 416.639235][T16149] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 416.648814][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.665041][T16149] Buffer I/O error on dev nbd1, logical block 0, async page read [ 416.674938][T16149] Dev nbd1: unable to read RDB block 0 [ 416.682998][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.693673][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.704189][T16149] nbd1: unable to read partition table [ 416.727626][T16149] ldm_validate_partition_table(): Disk read failed. [ 416.735155][T16149] Dev nbd1: unable to read RDB block 0 [ 416.743325][T16149] nbd1: unable to read partition table [ 416.895136][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 416.923265][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 416.960565][T19128] sctp: [Deprecated]: syz.2.4300 (pid 19128) Use of struct sctp_assoc_value in delayed_ack socket option. [ 416.960565][T19128] Use struct sctp_sack_info instead [ 417.020355][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 417.042692][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 417.589971][T19163] netlink: 'syz.3.4305': attribute type 1 has an invalid length. [ 417.599172][T19163] __nla_validate_parse: 4 callbacks suppressed [ 417.599189][T19163] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4305'. [ 417.599443][T19155] veth5: entered allmulticast mode [ 417.627686][T19162] netlink: 'syz.0.4311': attribute type 1 has an invalid length. [ 417.649425][T19162] netlink: 'syz.0.4311': attribute type 3 has an invalid length. [ 417.675521][T19154] delete_channel: no stack [ 417.684236][T19162] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4311'. [ 417.698865][T19162] NCSI netlink: No device for ifindex 0 [ 417.821011][ T5873] Bluetooth: hci4: command tx timeout [ 417.898177][T19174] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4316'. [ 418.055576][T19183] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 418.077248][T19183] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4320'. [ 418.351196][T19202] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4325'. [ 418.361641][T19203] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4325'. [ 418.641006][T19218] nbd4: detected capacity change from 0 to 549764202496 [ 418.666271][ T5873] block nbd4: Receive control failed (result -32) [ 418.667201][T16149] block nbd4: Send control failed (result -32) [ 418.695031][T19227] FAULT_INJECTION: forcing a failure. [ 418.695031][T19227] name failslab, interval 1, probability 0, space 0, times 0 [ 418.709174][T19227] CPU: 1 UID: 0 PID: 19227 Comm: syz.3.4334 Not tainted syzkaller #0 PREEMPT(full) [ 418.709201][T19227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 418.709213][T19227] Call Trace: [ 418.709221][T19227] [ 418.709230][T19227] dump_stack_lvl+0x189/0x250 [ 418.709257][T19227] ? __pfx____ratelimit+0x10/0x10 [ 418.709281][T19227] ? __pfx_dump_stack_lvl+0x10/0x10 [ 418.709302][T19227] ? __pfx__printk+0x10/0x10 [ 418.709333][T19227] ? __pfx___might_resched+0x10/0x10 [ 418.709356][T19227] should_fail_ex+0x414/0x560 [ 418.709382][T19227] should_failslab+0xa8/0x100 [ 418.709408][T19227] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 418.709432][T19227] ? __alloc_skb+0x112/0x2d0 [ 418.709462][T19227] __alloc_skb+0x112/0x2d0 [ 418.709491][T19227] netlink_sendmsg+0x5c6/0xb30 [ 418.709526][T19227] ? __pfx_netlink_sendmsg+0x10/0x10 [ 418.709553][T19227] ? aa_sock_msg_perm+0xf1/0x1d0 [ 418.709582][T19227] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 418.709600][T19227] ? __pfx_netlink_sendmsg+0x10/0x10 [ 418.709632][T19227] __sock_sendmsg+0x219/0x270 [ 418.709658][T19227] ____sys_sendmsg+0x505/0x830 [ 418.709683][T19227] ? __pfx_____sys_sendmsg+0x10/0x10 [ 418.709711][T19227] ? import_iovec+0x74/0xa0 [ 418.709736][T19227] ___sys_sendmsg+0x21f/0x2a0 [ 418.709757][T19227] ? __pfx____sys_sendmsg+0x10/0x10 [ 418.709814][T19227] ? __fget_files+0x2a/0x420 [ 418.709838][T19227] ? __fget_files+0x3a0/0x420 [ 418.709873][T19227] __x64_sys_sendmsg+0x19b/0x260 [ 418.709895][T19227] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 418.709925][T19227] ? __pfx_ksys_write+0x10/0x10 [ 418.709945][T19227] ? rcu_is_watching+0x15/0xb0 [ 418.709969][T19227] ? do_syscall_64+0xbe/0x3b0 [ 418.709997][T19227] do_syscall_64+0xfa/0x3b0 [ 418.710019][T19227] ? lockdep_hardirqs_on+0x9c/0x150 [ 418.710041][T19227] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.710059][T19227] ? clear_bhb_loop+0x60/0xb0 [ 418.710082][T19227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.710100][T19227] RIP: 0033:0x7ffb5d98ebe9 [ 418.710118][T19227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.710134][T19227] RSP: 002b:00007ffb5e87d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 418.710153][T19227] RAX: ffffffffffffffda RBX: 00007ffb5dbb5fa0 RCX: 00007ffb5d98ebe9 [ 418.710167][T19227] RDX: 0000000040008044 RSI: 0000200000000780 RDI: 0000000000000003 [ 418.710180][T19227] RBP: 00007ffb5e87d090 R08: 0000000000000000 R09: 0000000000000000 [ 418.710191][T19227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 418.710203][T19227] R13: 00007ffb5dbb6038 R14: 00007ffb5dbb5fa0 R15: 00007fff69d49d18 [ 418.710234][T19227] [ 418.710429][T16149] block nbd4: Request send failed, requeueing [ 418.752458][T19229] netlink: 'syz.2.4335': attribute type 10 has an invalid length. [ 418.759050][ T25] block nbd4: Dead connection, failed to find a fallback [ 418.864885][T19229] team0: Port device dummy0 added [ 418.867352][ T25] block nbd4: shutting down sockets [ 419.024474][T16149] ldm_validate_partition_table(): Disk read failed. [ 419.031651][T16149] Dev nbd4: unable to read RDB block 0 [ 419.037861][T16149] nbd4: unable to read partition table [ 419.062947][T16149] ldm_validate_partition_table(): Disk read failed. [ 419.070181][T16149] Dev nbd4: unable to read RDB block 0 [ 419.076728][T16149] nbd4: unable to read partition table [ 419.209711][T19244] FAULT_INJECTION: forcing a failure. [ 419.209711][T19244] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 419.223443][T19244] CPU: 1 UID: 0 PID: 19244 Comm: syz.2.4342 Not tainted syzkaller #0 PREEMPT(full) [ 419.223468][T19244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 419.223479][T19244] Call Trace: [ 419.223488][T19244] [ 419.223497][T19244] dump_stack_lvl+0x189/0x250 [ 419.223523][T19244] ? __pfx____ratelimit+0x10/0x10 [ 419.223547][T19244] ? __pfx_dump_stack_lvl+0x10/0x10 [ 419.223568][T19244] ? __pfx__printk+0x10/0x10 [ 419.223592][T19244] ? __might_fault+0xb0/0x130 [ 419.223626][T19244] should_fail_ex+0x414/0x560 [ 419.223654][T19244] _copy_from_iter+0x1db/0x16f0 [ 419.223677][T19244] ? rcu_is_watching+0x15/0xb0 [ 419.223697][T19244] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 419.223722][T19244] ? __pfx__copy_from_iter+0x10/0x10 [ 419.223742][T19244] ? __build_skb_around+0x257/0x3e0 [ 419.223772][T19244] ? netlink_sendmsg+0x642/0xb30 [ 419.223795][T19244] ? skb_put+0x11b/0x210 [ 419.223816][T19244] netlink_sendmsg+0x6b2/0xb30 [ 419.223851][T19244] ? __pfx_netlink_sendmsg+0x10/0x10 [ 419.223878][T19244] ? __lock_acquire+0xab9/0xd20 [ 419.223901][T19244] ? aa_sock_msg_perm+0xf1/0x1d0 [ 419.223929][T19244] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 419.223949][T19244] ? __pfx_netlink_sendmsg+0x10/0x10 [ 419.223974][T19244] __sock_sendmsg+0x219/0x270 [ 419.224000][T19244] ____sys_sendmsg+0x505/0x830 [ 419.224026][T19244] ? __pfx_____sys_sendmsg+0x10/0x10 [ 419.224054][T19244] ? import_iovec+0x74/0xa0 [ 419.224078][T19244] ___sys_sendmsg+0x21f/0x2a0 [ 419.224099][T19244] ? __pfx____sys_sendmsg+0x10/0x10 [ 419.224156][T19244] ? __fget_files+0x2a/0x420 [ 419.224179][T19244] ? __fget_files+0x3a0/0x420 [ 419.224215][T19244] __x64_sys_sendmsg+0x19b/0x260 [ 419.224237][T19244] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 419.224266][T19244] ? __pfx_ksys_write+0x10/0x10 [ 419.224286][T19244] ? rcu_is_watching+0x15/0xb0 [ 419.224309][T19244] ? do_syscall_64+0xbe/0x3b0 [ 419.224338][T19244] do_syscall_64+0xfa/0x3b0 [ 419.224366][T19244] ? lockdep_hardirqs_on+0x9c/0x150 [ 419.224389][T19244] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.224407][T19244] ? clear_bhb_loop+0x60/0xb0 [ 419.224430][T19244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.224447][T19244] RIP: 0033:0x7fc845d8ebe9 [ 419.224464][T19244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.224479][T19244] RSP: 002b:00007fc846c22038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 419.224501][T19244] RAX: ffffffffffffffda RBX: 00007fc845fb5fa0 RCX: 00007fc845d8ebe9 [ 419.224515][T19244] RDX: 0000000000000000 RSI: 0000200000003dc0 RDI: 0000000000000004 [ 419.224527][T19244] RBP: 00007fc846c22090 R08: 0000000000000000 R09: 0000000000000000 [ 419.224538][T19244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 419.224549][T19244] R13: 00007fc845fb6038 R14: 00007fc845fb5fa0 R15: 00007ffcda610788 [ 419.224581][T19244] [ 419.730873][T19254] FAULT_INJECTION: forcing a failure. [ 419.730873][T19254] name failslab, interval 1, probability 0, space 0, times 0 [ 419.733516][T19258] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4347'. [ 419.779395][T19254] CPU: 1 UID: 0 PID: 19254 Comm: syz.0.4346 Not tainted syzkaller #0 PREEMPT(full) [ 419.779420][T19254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 419.779431][T19254] Call Trace: [ 419.779438][T19254] [ 419.779446][T19254] dump_stack_lvl+0x189/0x250 [ 419.779471][T19254] ? __pfx____ratelimit+0x10/0x10 [ 419.779494][T19254] ? __pfx_dump_stack_lvl+0x10/0x10 [ 419.779513][T19254] ? __pfx__printk+0x10/0x10 [ 419.779538][T19254] ? __pfx___might_resched+0x10/0x10 [ 419.779555][T19254] ? fs_reclaim_acquire+0x7d/0x100 [ 419.779584][T19254] should_fail_ex+0x414/0x560 [ 419.779611][T19254] should_failslab+0xa8/0x100 [ 419.779637][T19254] __kmalloc_cache_node_noprof+0x73/0x3d0 [ 419.779662][T19254] ? page_pool_create_percpu+0x76/0xbe0 [ 419.779687][T19254] page_pool_create_percpu+0x76/0xbe0 [ 419.779706][T19254] ? __kvmalloc_node_noprof+0x331/0x5f0 [ 419.779729][T19254] ? bpf_test_run_xdp_live+0x1b5/0x1b10 [ 419.779758][T19254] bpf_test_run_xdp_live+0x1ca/0x1b10 [ 419.779787][T19254] ? __mutex_unlock_slowpath+0x1a1/0x760 [ 419.779818][T19254] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 419.779850][T19254] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 419.779872][T19254] ? 0xffffffffa02057c0 [ 419.779890][T19254] ? 0xffffffffa02057c0 [ 419.779954][T19254] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 419.779988][T19254] ? _copy_from_user+0x94/0xb0 [ 419.780008][T19254] ? bpf_test_init+0x133/0x170 [ 419.780029][T19254] ? xdp_convert_md_to_buff+0x5b/0x330 [ 419.780055][T19254] bpf_prog_test_run_xdp+0x713/0x1000 [ 419.780097][T19254] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 419.780125][T19254] ? __fget_files+0x2a/0x420 [ 419.780154][T19254] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 419.780179][T19254] bpf_prog_test_run+0x2c7/0x340 [ 419.780209][T19254] __sys_bpf+0x581/0x870 [ 419.780233][T19254] ? __pfx___sys_bpf+0x10/0x10 [ 419.780277][T19254] ? ksys_write+0x22a/0x250 [ 419.780309][T19254] ? __pfx_ksys_write+0x10/0x10 [ 419.780329][T19254] ? rcu_is_watching+0x15/0xb0 [ 419.780356][T19254] __x64_sys_bpf+0x7c/0x90 [ 419.780379][T19254] do_syscall_64+0xfa/0x3b0 [ 419.780403][T19254] ? lockdep_hardirqs_on+0x9c/0x150 [ 419.780426][T19254] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.780445][T19254] ? clear_bhb_loop+0x60/0xb0 [ 419.780467][T19254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.780487][T19254] RIP: 0033:0x7f3ef518ebe9 [ 419.780502][T19254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.780516][T19254] RSP: 002b:00007f3ef5f9b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 419.780536][T19254] RAX: ffffffffffffffda RBX: 00007f3ef53b5fa0 RCX: 00007f3ef518ebe9 [ 419.780549][T19254] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 419.780560][T19254] RBP: 00007f3ef5f9b090 R08: 0000000000000000 R09: 0000000000000000 [ 419.780570][T19254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 419.780580][T19254] R13: 00007f3ef53b6038 R14: 00007f3ef53b5fa0 R15: 00007ffc7a370208 [ 419.780610][T19254] [ 422.301341][T19344] "syz.0.4379" (19344) uses obsolete ecb(arc4) skcipher [ 422.504394][T19354] smc: net device bond0 applied user defined pnetid SYZ2 [ 422.545034][T19354] smc: net device bond0 erased user defined pnetid SYZ2 [ 422.694523][T19365] netlink: 'syz.0.4389': attribute type 25 has an invalid length. [ 422.765365][T19368] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4383'. [ 422.804005][T19368] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4383'. [ 422.997632][T19384] "syz.0.4397" (19384) uses obsolete ecb(arc4) skcipher [ 423.147630][T19391] tipc: Started in network mode [ 423.153017][T19391] tipc: Node identity fe9759ddbd1f, cluster identity 4711 [ 423.160719][T19391] tipc: Enabled bearer , priority 0 [ 423.178950][T19391] syzkaller0: entered promiscuous mode [ 423.186906][T19391] syzkaller0: entered allmulticast mode [ 423.214636][T19391] tipc: Resetting bearer [ 423.224760][T19393] hsr0 speed is unknown, defaulting to 1000 [ 423.245637][T19390] tipc: Resetting bearer [ 423.487008][T19390] tipc: Disabling bearer [ 423.510705][T19393] lo speed is unknown, defaulting to 1000 [ 423.804749][T19400] netlink: 666 bytes leftover after parsing attributes in process `syz.1.4402'. [ 424.285583][T19418] netlink: 'syz.0.4408': attribute type 1 has an invalid length. [ 424.320810][T19418] netlink: 'syz.0.4408': attribute type 3 has an invalid length. [ 424.347910][T19418] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4408'. [ 424.382531][T19389] hsr0 speed is unknown, defaulting to 1000 [ 424.388954][T19418] NCSI netlink: No device for ifindex 131080 [ 424.431643][T19424] "syz.1.4410" (19424) uses obsolete ecb(arc4) skcipher [ 424.697983][T19427] netlink: 'syz.1.4411': attribute type 1 has an invalid length. [ 424.744351][T19427] netlink: 236 bytes leftover after parsing attributes in process `syz.1.4411'. [ 425.186497][T19444] netlink: 68 bytes leftover after parsing attributes in process `syz.2.4417'. [ 425.753228][T19457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4423'. [ 425.845320][T19463] netlink: 'syz.2.4424': attribute type 25 has an invalid length. [ 425.945441][T19470] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4426'. [ 426.064441][T19472] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4427'. [ 426.113912][T19474] netlink: 'syz.1.4428': attribute type 12 has an invalid length. [ 426.182760][T19480] sctp: [Deprecated]: syz.1.4428 (pid 19480) Use of struct sctp_assoc_value in delayed_ack socket option. [ 426.182760][T19480] Use struct sctp_sack_info instead [ 426.226305][T19472] bridge0: port 1(bridge_slave_0) entered disabled state [ 426.357802][T19472] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 426.372184][T19472] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 426.497571][T19474] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (255) [ 426.514927][T19389] lo speed is unknown, defaulting to 1000 [ 426.528473][ T36] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.558119][ T36] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.589672][T19484] netlink: 'syz.0.4430': attribute type 1 has an invalid length. [ 426.598746][T19484] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4430'. [ 426.654411][ T36] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.666068][ T36] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.978225][T19504] bond0: entered promiscuous mode [ 426.985050][T19504] bond_slave_0: entered promiscuous mode [ 426.991672][T19504] bond_slave_1: entered promiscuous mode [ 426.998862][T19504] batadv0: entered promiscuous mode [ 427.017027][T19504] debugfs: 'hsr1' already exists in 'hsr' [ 427.029537][T19504] Cannot create hsr debugfs directory [ 427.039879][T19504] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 427.050239][T19504] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network [ 427.061508][T19504] hsr1: entered allmulticast mode [ 427.067167][T19504] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 427.075590][T19504] bond0: left promiscuous mode [ 427.082538][T19504] bond_slave_0: left promiscuous mode [ 427.088307][T19504] bond_slave_1: left promiscuous mode [ 427.095899][T19504] batadv0: left promiscuous mode [ 427.270084][T19518] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 427.444732][T19531] netlink: 'syz.0.4445': attribute type 1 has an invalid length. [ 427.654589][T19535] syzkaller0: entered promiscuous mode [ 427.660374][T19535] syzkaller0: entered allmulticast mode [ 427.861053][T19545] nbd5: detected capacity change from 0 to 549764202496 [ 427.876841][ T5873] block nbd5: Receive control failed (result -104) [ 428.068392][T19559] __nla_validate_parse: 4 callbacks suppressed [ 428.068413][T19559] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4456'. [ 428.123400][T19560] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 430.150158][T19583] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4458'. [ 430.203404][T19585] syzkaller0: entered promiscuous mode [ 430.215014][T19585] syzkaller0: entered allmulticast mode [ 430.245419][T19585] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 430.319864][T19590] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4463'. [ 430.332028][T19589] nbd6: detected capacity change from 0 to 549764202496 [ 430.343369][ T5873] block nbd6: Receive control failed (result -104) [ 430.505552][T19603] netlink: 'syz.1.4470': attribute type 5 has an invalid length. [ 430.519367][T19603] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4470'. [ 430.643958][T19615] netlink: 'syz.1.4474': attribute type 7 has an invalid length. [ 430.652214][T19615] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4474'. [ 430.673224][T19615] FAULT_INJECTION: forcing a failure. [ 430.673224][T19615] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 430.686717][T19615] CPU: 1 UID: 0 PID: 19615 Comm: syz.1.4474 Not tainted syzkaller #0 PREEMPT(full) [ 430.686740][T19615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 430.686751][T19615] Call Trace: [ 430.686759][T19615] [ 430.686766][T19615] dump_stack_lvl+0x189/0x250 [ 430.686792][T19615] ? __pfx____ratelimit+0x10/0x10 [ 430.686817][T19615] ? __pfx_dump_stack_lvl+0x10/0x10 [ 430.686838][T19615] ? __pfx__printk+0x10/0x10 [ 430.686857][T19615] ? __might_fault+0xb0/0x130 [ 430.686878][T19615] should_fail_ex+0x414/0x560 [ 430.686894][T19615] _copy_from_user+0x2d/0xb0 [ 430.686906][T19615] __sys_sendto+0x25c/0x520 [ 430.686923][T19615] ? __pfx___sys_sendto+0x10/0x10 [ 430.686936][T19615] ? __mutex_unlock_slowpath+0x1a1/0x760 [ 430.686957][T19615] ? __fget_files+0x3a0/0x420 [ 430.686978][T19615] ? ksys_write+0x22a/0x250 [ 430.686992][T19615] ? __pfx_ksys_write+0x10/0x10 [ 430.687003][T19615] ? rcu_is_watching+0x15/0xb0 [ 430.687017][T19615] __x64_sys_sendto+0xde/0x100 [ 430.687034][T19615] do_syscall_64+0xfa/0x3b0 [ 430.687047][T19615] ? lockdep_hardirqs_on+0x9c/0x150 [ 430.687060][T19615] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.687070][T19615] ? clear_bhb_loop+0x60/0xb0 [ 430.687099][T19615] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.687109][T19615] RIP: 0033:0x7f082e78ebe9 [ 430.687120][T19615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 430.687130][T19615] RSP: 002b:00007f082f6cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 430.687142][T19615] RAX: ffffffffffffffda RBX: 00007f082e9b5fa0 RCX: 00007f082e78ebe9 [ 430.687149][T19615] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 430.687155][T19615] RBP: 00007f082f6cc090 R08: 00002000000003c0 R09: 0000000000000014 [ 430.687161][T19615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 430.687167][T19615] R13: 00007f082e9b6038 R14: 00007f082e9b5fa0 R15: 00007ffc7b660348 [ 430.687183][T19615] [ 431.005809][T19622] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4477'. [ 431.065996][T19626] netlink: 'syz.1.4479': attribute type 10 has an invalid length. [ 431.078610][T19626] team0: Port device dummy0 added [ 431.150688][T19624] nbd7: detected capacity change from 0 to 549764202496 [ 431.162615][T19628] syzkaller0: entered promiscuous mode [ 431.168309][T19628] syzkaller0: entered allmulticast mode [ 431.176225][ T5873] block nbd7: Receive control failed (result -104) [ 431.177895][T19631] syzkaller0: entered promiscuous mode [ 431.215701][T19631] syzkaller0: entered allmulticast mode [ 431.237902][T19634] netlink: 'syz.3.4482': attribute type 1 has an invalid length. [ 431.249172][T19634] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4482'. [ 431.393770][T19631] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 431.416057][T19640] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4481'. [ 431.499060][T19642] sctp: [Deprecated]: syz.2.4485 (pid 19642) Use of struct sctp_assoc_value in delayed_ack socket option. [ 431.499060][T19642] Use struct sctp_sack_info instead [ 431.744102][T19653] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4490'. [ 431.824130][T19662] netlink: 'syz.4.4492': attribute type 1 has an invalid length. [ 431.833239][T19662] netlink: 17 bytes leftover after parsing attributes in process `syz.4.4492'. [ 431.867025][T19664] netlink: 'syz.3.4491': attribute type 10 has an invalid length. [ 431.883410][T19664] bond0: (slave dummy0): Releasing backup interface [ 431.945144][T19664] team0: Port device dummy0 added [ 431.990207][T19670] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 432.189716][T19679] syzkaller0: entered promiscuous mode [ 432.197467][T19679] syzkaller0: entered allmulticast mode [ 432.206807][T19679] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 432.251666][T19682] netlink: 'syz.2.4502': attribute type 1 has an invalid length. [ 432.289595][T19685] netlink: 'syz.3.4503': attribute type 2 has an invalid length. [ 432.380928][ T51] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 432.389193][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 432.665863][T19702] openvswitch: netlink: Unknown nsh attribute 0 [ 432.680715][T19702] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 432.887282][T19715] FAULT_INJECTION: forcing a failure. [ 432.887282][T19715] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 432.901014][T19715] CPU: 1 UID: 0 PID: 19715 Comm: syz.1.4513 Not tainted syzkaller #0 PREEMPT(full) [ 432.901048][T19715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 432.901060][T19715] Call Trace: [ 432.901068][T19715] [ 432.901077][T19715] dump_stack_lvl+0x189/0x250 [ 432.901104][T19715] ? __pfx____ratelimit+0x10/0x10 [ 432.901128][T19715] ? __pfx_dump_stack_lvl+0x10/0x10 [ 432.901149][T19715] ? __pfx__printk+0x10/0x10 [ 432.901172][T19715] ? __might_fault+0xb0/0x130 [ 432.901208][T19715] should_fail_ex+0x414/0x560 [ 432.901236][T19715] _copy_from_iter+0x1db/0x16f0 [ 432.901259][T19715] ? rcu_is_watching+0x15/0xb0 [ 432.901279][T19715] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 432.901304][T19715] ? __pfx__copy_from_iter+0x10/0x10 [ 432.901324][T19715] ? __build_skb_around+0x257/0x3e0 [ 432.901353][T19715] ? netlink_sendmsg+0x642/0xb30 [ 432.901376][T19715] ? skb_put+0x11b/0x210 [ 432.901397][T19715] netlink_sendmsg+0x6b2/0xb30 [ 432.901431][T19715] ? __pfx_netlink_sendmsg+0x10/0x10 [ 432.901458][T19715] ? aa_sock_msg_perm+0xf1/0x1d0 [ 432.901484][T19715] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 432.901503][T19715] ? __pfx_netlink_sendmsg+0x10/0x10 [ 432.901527][T19715] __sock_sendmsg+0x219/0x270 [ 432.901550][T19715] ____sys_sendmsg+0x505/0x830 [ 432.901573][T19715] ? __pfx_____sys_sendmsg+0x10/0x10 [ 432.901602][T19715] ? import_iovec+0x74/0xa0 [ 432.901626][T19715] ___sys_sendmsg+0x21f/0x2a0 [ 432.901647][T19715] ? __pfx____sys_sendmsg+0x10/0x10 [ 432.901705][T19715] ? __fget_files+0x2a/0x420 [ 432.901730][T19715] ? __fget_files+0x3a0/0x420 [ 432.901764][T19715] __x64_sys_sendmsg+0x19b/0x260 [ 432.901786][T19715] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 432.901812][T19715] ? __pfx_ksys_write+0x10/0x10 [ 432.901832][T19715] ? rcu_is_watching+0x15/0xb0 [ 432.901856][T19715] ? do_syscall_64+0xbe/0x3b0 [ 432.901883][T19715] do_syscall_64+0xfa/0x3b0 [ 432.901905][T19715] ? lockdep_hardirqs_on+0x9c/0x150 [ 432.901927][T19715] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.901945][T19715] ? clear_bhb_loop+0x60/0xb0 [ 432.901967][T19715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.901985][T19715] RIP: 0033:0x7f082e78ebe9 [ 432.902002][T19715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 432.902017][T19715] RSP: 002b:00007f082f6cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 432.902043][T19715] RAX: ffffffffffffffda RBX: 00007f082e9b5fa0 RCX: 00007f082e78ebe9 [ 432.902056][T19715] RDX: 0000000020000000 RSI: 0000200000006040 RDI: 0000000000000004 [ 432.902068][T19715] RBP: 00007f082f6cc090 R08: 0000000000000000 R09: 0000000000000000 [ 432.902080][T19715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 432.902091][T19715] R13: 00007f082e9b6038 R14: 00007f082e9b5fa0 R15: 00007ffc7b660348 [ 432.902122][T19715] [ 433.292773][T19709] netlink: 'syz.2.4512': attribute type 7 has an invalid length. [ 433.306947][T19709] __nla_validate_parse: 5 callbacks suppressed [ 433.306965][T19709] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4512'. [ 433.478056][T19729] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4519'. [ 433.552015][T19729] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 433.575613][T19731] netlink: 'syz.2.4521': attribute type 4 has an invalid length. [ 433.808165][T19744] netlink: 11562 bytes leftover after parsing attributes in process `syz.4.4524'. [ 433.928528][T19756] FAULT_INJECTION: forcing a failure. [ 433.928528][T19756] name failslab, interval 1, probability 0, space 0, times 0 [ 433.949702][T19756] CPU: 0 UID: 0 PID: 19756 Comm: syz.0.4528 Not tainted syzkaller #0 PREEMPT(full) [ 433.949728][T19756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 433.949740][T19756] Call Trace: [ 433.949746][T19756] [ 433.949755][T19756] dump_stack_lvl+0x189/0x250 [ 433.949781][T19756] ? __pfx____ratelimit+0x10/0x10 [ 433.949806][T19756] ? __pfx_dump_stack_lvl+0x10/0x10 [ 433.949827][T19756] ? __pfx__printk+0x10/0x10 [ 433.949856][T19756] ? __pfx___might_resched+0x10/0x10 [ 433.949873][T19756] ? fs_reclaim_acquire+0x7d/0x100 [ 433.949904][T19756] should_fail_ex+0x414/0x560 [ 433.949931][T19756] should_failslab+0xa8/0x100 [ 433.949958][T19756] __kmalloc_cache_noprof+0x70/0x3d0 [ 433.949980][T19756] ? nf_tables_commit+0x79d/0x8700 [ 433.950005][T19756] nf_tables_commit+0x79d/0x8700 [ 433.950023][T19756] ? __free_frozen_pages+0x65e/0xd30 [ 433.950068][T19756] ? __pfx_nf_tables_commit+0x10/0x10 [ 433.950094][T19756] ? free_large_kmalloc+0x13a/0x1f0 [ 433.950120][T19756] ? nf_tables_newrule+0x23bc/0x2890 [ 433.950158][T19756] ? __pfx_nf_tables_newrule+0x10/0x10 [ 433.950202][T19756] nfnetlink_rcv+0x1a4e/0x2520 [ 433.950268][T19756] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 433.950342][T19756] ? netlink_deliver_tap+0x2e/0x1b0 [ 433.950385][T19756] netlink_unicast+0x82f/0x9e0 [ 433.950418][T19756] ? __pfx_netlink_unicast+0x10/0x10 [ 433.950442][T19756] ? netlink_sendmsg+0x642/0xb30 [ 433.950463][T19756] ? skb_put+0x11b/0x210 [ 433.950486][T19756] netlink_sendmsg+0x805/0xb30 [ 433.950517][T19756] ? __pfx_netlink_sendmsg+0x10/0x10 [ 433.950543][T19756] ? aa_sock_msg_perm+0xf1/0x1d0 [ 433.950570][T19756] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 433.950588][T19756] ? __pfx_netlink_sendmsg+0x10/0x10 [ 433.950612][T19756] __sock_sendmsg+0x219/0x270 [ 433.950638][T19756] ____sys_sendmsg+0x505/0x830 [ 433.950663][T19756] ? __pfx_____sys_sendmsg+0x10/0x10 [ 433.950691][T19756] ? import_iovec+0x74/0xa0 [ 433.950714][T19756] ___sys_sendmsg+0x21f/0x2a0 [ 433.950735][T19756] ? __pfx____sys_sendmsg+0x10/0x10 [ 433.950788][T19756] ? __fget_files+0x2a/0x420 [ 433.950810][T19756] ? __fget_files+0x3a0/0x420 [ 433.950845][T19756] __x64_sys_sendmsg+0x19b/0x260 [ 433.950866][T19756] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 433.950901][T19756] ? __pfx_ksys_write+0x10/0x10 [ 433.950922][T19756] ? rcu_is_watching+0x15/0xb0 [ 433.950944][T19756] ? do_syscall_64+0xbe/0x3b0 [ 433.950969][T19756] do_syscall_64+0xfa/0x3b0 [ 433.950991][T19756] ? lockdep_hardirqs_on+0x9c/0x150 [ 433.951012][T19756] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.951028][T19756] ? clear_bhb_loop+0x60/0xb0 [ 433.951050][T19756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.951067][T19756] RIP: 0033:0x7f3ef518ebe9 [ 433.951084][T19756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 433.951100][T19756] RSP: 002b:00007f3ef5f9b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 433.951119][T19756] RAX: ffffffffffffffda RBX: 00007f3ef53b5fa0 RCX: 00007f3ef518ebe9 [ 433.951132][T19756] RDX: 0000000004000800 RSI: 0000200000000000 RDI: 0000000000000003 [ 433.951144][T19756] RBP: 00007f3ef5f9b090 R08: 0000000000000000 R09: 0000000000000000 [ 433.951157][T19756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 433.951168][T19756] R13: 00007f3ef53b6038 R14: 00007f3ef53b5fa0 R15: 00007ffc7a370208 [ 433.951199][T19756] [ 434.339747][T19763] "syz.1.4532" (19763) uses obsolete ecb(arc4) skcipher [ 434.376354][T19760] netlink: 360 bytes leftover after parsing attributes in process `syz.4.4530'. [ 434.702823][T19782] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4539'. [ 434.728636][T19782] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 434.844943][T19791] netlink: 80 bytes leftover after parsing attributes in process `syz.4.4541'. [ 435.017170][T19799] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4545'. [ 435.046427][T19799] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4545'. [ 435.144924][T19805] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4547'. [ 435.207837][T19807] smc: net device bond0 applied user defined pnetid SYZ2 [ 435.216718][T19807] smc: net device bond0 erased user defined pnetid SYZ2 [ 435.408952][T19817] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 435.558951][T19825] validate_nla: 1 callbacks suppressed [ 435.558971][T19825] netlink: 'syz.4.4556': attribute type 9 has an invalid length. [ 435.706465][T19835] netlink: 'syz.2.4560': attribute type 7 has an invalid length. [ 435.721671][T19837] netlink: 'syz.0.4561': attribute type 1 has an invalid length. [ 435.723418][T19835] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4560'. [ 435.957297][T19844] 8021q: adding VLAN 0 to HW filter on device bond1 [ 435.967494][T19844] bond1: entered allmulticast mode [ 435.974464][T19844] bond0: (slave bond1): Enslaving as an active interface with an up link [ 436.154944][T19864] openvswitch: netlink: Actions may not be safe on all matching packets [ 436.693219][T19897] bond4: entered promiscuous mode [ 436.698666][T19897] bond4: entered allmulticast mode [ 436.704964][T19897] 8021q: adding VLAN 0 to HW filter on device bond4 [ 436.739321][T19900] syzkaller0: entered promiscuous mode [ 436.746087][T19900] syzkaller0: entered allmulticast mode [ 436.760387][T19900] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 437.088877][T19923] netlink: 'syz.1.4592': attribute type 7 has an invalid length. [ 437.468370][T19943] "syz.2.4599" (19943) uses obsolete ecb(arc4) skcipher [ 437.588299][ T25] block nbd0: Possible stuck request ffff8880255a7380: control (read@0,4096B). Runtime 30 seconds [ 438.417169][T19997] sctp: [Deprecated]: syz.0.4616 (pid 19997) Use of struct sctp_assoc_value in delayed_ack socket option. [ 438.417169][T19997] Use struct sctp_sack_info instead [ 438.762183][T19999] __nla_validate_parse: 9 callbacks suppressed [ 438.762202][T19999] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4618'. [ 438.778530][T19999] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4618'. [ 438.792584][T19999] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4618'. [ 438.819716][T20001] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4619'. [ 439.110373][T20016] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.4625'. [ 439.331816][T20021] FAULT_INJECTION: forcing a failure. [ 439.331816][T20021] name failslab, interval 1, probability 0, space 0, times 0 [ 439.346561][T20021] CPU: 1 UID: 0 PID: 20021 Comm: syz.0.4627 Not tainted syzkaller #0 PREEMPT(full) [ 439.346587][T20021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 439.346598][T20021] Call Trace: [ 439.346606][T20021] [ 439.346615][T20021] dump_stack_lvl+0x189/0x250 [ 439.346642][T20021] ? __pfx____ratelimit+0x10/0x10 [ 439.346671][T20021] ? __pfx_dump_stack_lvl+0x10/0x10 [ 439.346691][T20021] ? __pfx__printk+0x10/0x10 [ 439.346723][T20021] ? __pfx___might_resched+0x10/0x10 [ 439.346741][T20021] ? fs_reclaim_acquire+0x7d/0x100 [ 439.346773][T20021] should_fail_ex+0x414/0x560 [ 439.346802][T20021] should_failslab+0xa8/0x100 [ 439.346829][T20021] __kmalloc_cache_noprof+0x70/0x3d0 [ 439.346853][T20021] ? kobject_uevent_env+0x27c/0x8c0 [ 439.346870][T20021] ? devres_release_all+0x1ca/0x230 [ 439.346895][T20021] ? __pfx_dev_uevent_name+0x10/0x10 [ 439.346917][T20021] kobject_uevent_env+0x27c/0x8c0 [ 439.346948][T20021] device_del+0x73a/0x8e0 [ 439.346977][T20021] ? __pfx_device_del+0x10/0x10 [ 439.346997][T20021] ? read_tsc+0x9/0x20 [ 439.347031][T20021] device_unregister+0x20/0xc0 [ 439.347051][T20021] wakeup_source_unregister+0x179/0x3f0 [ 439.347082][T20021] __ep_remove+0x516/0x710 [ 439.347112][T20021] eventpoll_release_file+0xdb/0x310 [ 439.347141][T20021] __fput+0x839/0xa70 [ 439.347174][T20021] task_work_run+0x1d1/0x260 [ 439.347201][T20021] ? __pfx_task_work_run+0x10/0x10 [ 439.347230][T20021] ? exit_to_user_mode_loop+0x40/0x110 [ 439.347260][T20021] exit_to_user_mode_loop+0xec/0x110 [ 439.347284][T20021] do_syscall_64+0x2bd/0x3b0 [ 439.347308][T20021] ? lockdep_hardirqs_on+0x9c/0x150 [ 439.347330][T20021] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.347348][T20021] ? clear_bhb_loop+0x60/0xb0 [ 439.347370][T20021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.347386][T20021] RIP: 0033:0x7f3ef518ebe9 [ 439.347402][T20021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 439.347416][T20021] RSP: 002b:00007f3ef5f9b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000119 [ 439.347432][T20021] RAX: 0000000000000001 RBX: 00007f3ef53b5fa0 RCX: 00007f3ef518ebe9 [ 439.347444][T20021] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000007 [ 439.347455][T20021] RBP: 00007f3ef5f9b090 R08: 0000000000000000 R09: 0000000000000000 [ 439.347467][T20021] R10: 0000000080000000 R11: 0000000000000246 R12: 0000000000000001 [ 439.347476][T20021] R13: 00007f3ef53b6038 R14: 00007f3ef53b5fa0 R15: 00007ffc7a370208 [ 439.347504][T20021] [ 439.396783][T20030] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4630'. [ 439.487775][T20037] "syz.3.4633" (20037) uses obsolete ecb(arc4) skcipher [ 439.504895][T20030] syzkaller1: entered promiscuous mode [ 439.601611][T20035] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 324 [ 439.628702][T20030] syzkaller1: entered allmulticast mode [ 439.739586][T20046] smc: net device bond0 applied user defined pnetid SYZ2 [ 439.753151][T20046] smc: net device bond0 erased user defined pnetid SYZ2 [ 440.066650][T20063] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4642'. [ 440.687143][T20090] netlink: 14544 bytes leftover after parsing attributes in process `syz.0.4651'. [ 441.123331][T20118] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 441.439856][T20133] netlink: 9 bytes leftover after parsing attributes in process `syz.2.4668'. [ 441.455495][T20133] gretap0: entered promiscuous mode [ 441.465245][T20133] netlink: 5 bytes leftover after parsing attributes in process `syz.2.4668'. [ 441.474801][T20133] 0{X功: renamed from gretap0 [ 441.489348][T20133] 0{X功: left promiscuous mode [ 441.497127][T20133] 0{X功: entered allmulticast mode [ 441.511147][T20133] A link change request failed with some changes committed already. Interface 30{X功 may have been left with an inconsistent configuration, please check. [ 441.629818][T20143] netlink: 'syz.0.4672': attribute type 1 has an invalid length. [ 441.639668][T20143] netlink: 'syz.0.4672': attribute type 4 has an invalid length. [ 441.651146][T20141] FAULT_INJECTION: forcing a failure. [ 441.651146][T20141] name failslab, interval 1, probability 0, space 0, times 0 [ 441.677188][T20141] CPU: 0 UID: 0 PID: 20141 Comm: syz.4.4673 Not tainted syzkaller #0 PREEMPT(full) [ 441.677212][T20141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 441.677221][T20141] Call Trace: [ 441.677227][T20141] [ 441.677236][T20141] dump_stack_lvl+0x189/0x250 [ 441.677263][T20141] ? __pfx____ratelimit+0x10/0x10 [ 441.677286][T20141] ? __pfx_dump_stack_lvl+0x10/0x10 [ 441.677307][T20141] ? __pfx__printk+0x10/0x10 [ 441.677332][T20141] ? __pfx___might_resched+0x10/0x10 [ 441.677350][T20141] ? fs_reclaim_acquire+0x7d/0x100 [ 441.677377][T20141] should_fail_ex+0x414/0x560 [ 441.677400][T20141] should_failslab+0xa8/0x100 [ 441.677425][T20141] __kmalloc_noprof+0xcb/0x4f0 [ 441.677458][T20141] ? kobject_get_path+0xc5/0x2d0 [ 441.677487][T20141] kobject_get_path+0xc5/0x2d0 [ 441.677519][T20141] kobject_uevent_env+0x292/0x8c0 [ 441.677548][T20141] device_del+0x73a/0x8e0 [ 441.677578][T20141] ? __pfx_device_del+0x10/0x10 [ 441.677597][T20141] ? read_tsc+0x9/0x20 [ 441.677630][T20141] device_unregister+0x20/0xc0 [ 441.677650][T20141] wakeup_source_unregister+0x179/0x3f0 [ 441.677680][T20141] __ep_remove+0x516/0x710 [ 441.677710][T20141] eventpoll_release_file+0xdb/0x310 [ 441.677738][T20141] __fput+0x839/0xa70 [ 441.677768][T20141] task_work_run+0x1d1/0x260 [ 441.677794][T20141] ? __pfx_task_work_run+0x10/0x10 [ 441.677821][T20141] ? exit_to_user_mode_loop+0x40/0x110 [ 441.677849][T20141] exit_to_user_mode_loop+0xec/0x110 [ 441.677873][T20141] do_syscall_64+0x2bd/0x3b0 [ 441.677896][T20141] ? lockdep_hardirqs_on+0x9c/0x150 [ 441.677918][T20141] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.677935][T20141] ? clear_bhb_loop+0x60/0xb0 [ 441.677957][T20141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.677975][T20141] RIP: 0033:0x7f430cd8ebe9 [ 441.677992][T20141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.678007][T20141] RSP: 002b:00007f430dbb2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000119 [ 441.678026][T20141] RAX: 0000000000000001 RBX: 00007f430cfb5fa0 RCX: 00007f430cd8ebe9 [ 441.678039][T20141] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000007 [ 441.678050][T20141] RBP: 00007f430dbb2090 R08: 0000000000000000 R09: 0000000000000000 [ 441.678061][T20141] R10: 0000000080000000 R11: 0000000000000246 R12: 0000000000000001 [ 441.678073][T20141] R13: 00007f430cfb6038 R14: 00007f430cfb5fa0 R15: 00007fff6b38ff98 [ 441.678102][T20141] [ 441.937640][T20153] netlink: 'syz.0.4676': attribute type 1 has an invalid length. [ 442.159097][T20163] netlink: 'syz.3.4680': attribute type 10 has an invalid length. [ 442.172561][T20163] FAULT_INJECTION: forcing a failure. [ 442.172561][T20163] name failslab, interval 1, probability 0, space 0, times 0 [ 442.188005][T20163] CPU: 0 UID: 0 PID: 20163 Comm: syz.3.4680 Not tainted syzkaller #0 PREEMPT(full) [ 442.188031][T20163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 442.188042][T20163] Call Trace: [ 442.188051][T20163] [ 442.188059][T20163] dump_stack_lvl+0x189/0x250 [ 442.188085][T20163] ? __pfx____ratelimit+0x10/0x10 [ 442.188110][T20163] ? __pfx_dump_stack_lvl+0x10/0x10 [ 442.188131][T20163] ? __pfx__printk+0x10/0x10 [ 442.188170][T20163] ? __pfx___might_resched+0x10/0x10 [ 442.188194][T20163] should_fail_ex+0x414/0x560 [ 442.188219][T20163] should_failslab+0xa8/0x100 [ 442.188243][T20163] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 442.188268][T20163] ? __alloc_skb+0x112/0x2d0 [ 442.188298][T20163] __alloc_skb+0x112/0x2d0 [ 442.188327][T20163] netlink_sendmsg+0x5c6/0xb30 [ 442.188362][T20163] ? __pfx_netlink_sendmsg+0x10/0x10 [ 442.188390][T20163] ? aa_sock_msg_perm+0xf1/0x1d0 [ 442.188413][T20163] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 442.188433][T20163] ? __pfx_netlink_sendmsg+0x10/0x10 [ 442.188458][T20163] __sock_sendmsg+0x219/0x270 [ 442.188484][T20163] ____sys_sendmsg+0x505/0x830 [ 442.188509][T20163] ? __pfx_____sys_sendmsg+0x10/0x10 [ 442.188537][T20163] ? import_iovec+0x74/0xa0 [ 442.188562][T20163] ___sys_sendmsg+0x21f/0x2a0 [ 442.188583][T20163] ? __pfx____sys_sendmsg+0x10/0x10 [ 442.188640][T20163] ? __fget_files+0x2a/0x420 [ 442.188664][T20163] ? __fget_files+0x3a0/0x420 [ 442.188694][T20163] __x64_sys_sendmsg+0x19b/0x260 [ 442.188715][T20163] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 442.188739][T20163] ? __pfx_ksys_write+0x10/0x10 [ 442.188758][T20163] ? rcu_is_watching+0x15/0xb0 [ 442.188781][T20163] ? do_syscall_64+0xbe/0x3b0 [ 442.188809][T20163] do_syscall_64+0xfa/0x3b0 [ 442.188832][T20163] ? lockdep_hardirqs_on+0x9c/0x150 [ 442.188854][T20163] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.188872][T20163] ? clear_bhb_loop+0x60/0xb0 [ 442.188895][T20163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.188913][T20163] RIP: 0033:0x7ffb5d98ebe9 [ 442.188931][T20163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 442.188947][T20163] RSP: 002b:00007ffb5e87d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 442.188967][T20163] RAX: ffffffffffffffda RBX: 00007ffb5dbb5fa0 RCX: 00007ffb5d98ebe9 [ 442.188981][T20163] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000005 [ 442.188992][T20163] RBP: 00007ffb5e87d090 R08: 0000000000000000 R09: 0000000000000000 [ 442.189004][T20163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 442.189015][T20163] R13: 00007ffb5dbb6038 R14: 00007ffb5dbb5fa0 R15: 00007fff69d49d18 [ 442.189046][T20163] [ 442.480418][ T5864] Bluetooth: hci0: command 0x0c1a tx timeout [ 442.480442][ T5183] Bluetooth: hci2: command 0x0406 tx timeout [ 442.486783][ T5864] Bluetooth: hci5: command 0x0406 tx timeout [ 442.496655][ T5873] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 442.682520][T20178] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 443.468392][T20214] 1{X功: renamed from 30{X功 (while UP) [ 443.485168][T20214] A link change request failed with some changes committed already. Interface 31{X功 may have been left with an inconsistent configuration, please check. [ 443.698500][T20227] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 443.773011][T20231] netlink: 'syz.2.4706': attribute type 1 has an invalid length. [ 443.781371][T20231] __nla_validate_parse: 9 callbacks suppressed [ 443.781389][T20231] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4706'. [ 443.883896][T20233] netlink: 136 bytes leftover after parsing attributes in process `syz.2.4706'. [ 443.925011][T20234] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4707'. [ 443.941645][T20234] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 444.037865][T20234] bond4: left promiscuous mode [ 444.049937][T20234] bond4: left allmulticast mode [ 444.142272][T20247] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 444.210144][T20253] "syz.3.4712" (20253) uses obsolete ecb(arc4) skcipher [ 444.267361][T20255] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4713'. [ 444.316117][T20258] "syz.0.4714" (20258) uses obsolete ecb(arc4) skcipher [ 444.526790][T20269] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 444.605234][T20273] netlink: 'syz.1.4720': attribute type 1 has an invalid length. [ 444.613302][T20273] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4720'. [ 444.679252][T20275] syzkaller0: entered promiscuous mode [ 444.683532][T20276] netlink: 136 bytes leftover after parsing attributes in process `syz.1.4720'. [ 444.689890][T20275] syzkaller0: entered allmulticast mode [ 444.818202][T20278] smc: net device bond0 applied user defined pnetid SYZ2 [ 444.853807][T20280] netlink: 88 bytes leftover after parsing attributes in process `syz.0.4723'. [ 444.898628][T20280] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4723'. [ 444.922525][T20284] netlink: 'syz.1.4724': attribute type 10 has an invalid length. [ 444.940196][T20280] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4723'. [ 444.952437][T20281] netlink: 88 bytes leftover after parsing attributes in process `syz.0.4723'. [ 444.971858][T20284] netlink: 'syz.1.4724': attribute type 10 has an invalid length. [ 444.992971][T20284] team0: Port device dummy0 removed [ 445.029677][T20284] dummy0: entered allmulticast mode [ 445.035844][T20284] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 445.188266][T20298] netlink: 'syz.1.4729': attribute type 83 has an invalid length. [ 445.266317][T20302] netlink: 'syz.2.4732': attribute type 1 has an invalid length. [ 445.670774][ T51] Bluetooth: hci4: command tx timeout [ 445.717079][T20327] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 445.806447][T20334] "syz.2.4744" (20334) uses obsolete ecb(arc4) skcipher [ 458.070670][ T25] block nbd5: Possible stuck request ffff888025745080: control (read@0,4096B). Runtime 30 seconds [ 460.621260][ T55] block nbd6: Possible stuck request ffff888025767000: control (read@0,4096B). Runtime 30 seconds [ 461.270659][ T25] block nbd7: Possible stuck request ffff88802579e000: control (read@0,4096B). Runtime 30 seconds [ 467.681575][ T25] block nbd0: Possible stuck request ffff8880255a7380: control (read@0,4096B). Runtime 60 seconds [ 488.160576][ T25] block nbd5: Possible stuck request ffff888025745080: control (read@0,4096B). Runtime 60 seconds [ 490.710719][ T55] block nbd6: Possible stuck request ffff888025767000: control (read@0,4096B). Runtime 60 seconds [ 491.361421][ T25] block nbd7: Possible stuck request ffff88802579e000: control (read@0,4096B). Runtime 60 seconds [ 497.761553][ T25] block nbd0: Possible stuck request ffff8880255a7380: control (read@0,4096B). Runtime 90 seconds [ 504.815761][ T5871] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 504.854247][ T5871] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 504.869510][ T5871] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 504.881946][ T5871] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 504.891503][ T5871] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 504.922567][ T5183] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 504.951774][ T5183] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 504.991049][ T5183] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 505.045975][ T5183] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 505.069978][ T5183] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 505.163709][ T51] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 505.180105][ T51] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 505.189214][ T51] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 505.209570][ T51] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 505.221602][ T51] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 505.254732][ T5873] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 505.266012][ T5873] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 505.274901][ T5868] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 505.321192][ T5873] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 505.322562][ T5868] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 505.335701][ T5873] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 505.337238][ T5868] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 505.351771][ T5868] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 505.360108][ T5873] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 505.367422][ T5868] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 505.680707][T20356] hsr0 speed is unknown, defaulting to 1000 [ 505.845528][ T1054] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.927325][T20356] lo speed is unknown, defaulting to 1000 [ 505.928687][T20359] hsr0 speed is unknown, defaulting to 1000 [ 505.986932][ T1054] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 506.066913][ T1054] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 506.148967][T20354] hsr0 speed is unknown, defaulting to 1000 [ 506.174780][ T1054] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 506.201015][T20359] lo speed is unknown, defaulting to 1000 [ 506.370033][T20356] chnl_net:caif_netlink_parms(): no params data found [ 506.406658][T20354] lo speed is unknown, defaulting to 1000 [ 506.412652][T20352] hsr0 speed is unknown, defaulting to 1000 [ 506.492679][ T49] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 506.517769][ T76] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 506.699361][ T76] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 506.721385][ T76] netdevsim netdevsim4 eth4: set [1, 0] type 2 family 0 port 6081 - 0 [ 506.766665][T20352] lo speed is unknown, defaulting to 1000 [ 506.766696][T20357] hsr0 speed is unknown, defaulting to 1000 [ 506.773110][ T1054] bridge_slave_1: left allmulticast mode [ 506.789629][ T1054] bridge_slave_1: left promiscuous mode [ 506.795652][ T1054] bridge0: port 2(bridge_slave_1) entered disabled state [ 506.812257][ T1054] bridge_slave_0: left allmulticast mode [ 506.817941][ T1054] bridge_slave_0: left promiscuous mode [ 506.828409][ T1054] bridge0: port 1(bridge_slave_0) entered disabled state [ 506.947794][ T5871] Bluetooth: hci3: command tx timeout [ 507.265207][ T5871] Bluetooth: hci2: command tx timeout [ 507.315349][ T1054] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 507.326975][ T1054] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 507.338529][ T1054] bond0 (unregistering): Released all slaves [ 507.392800][T20357] lo speed is unknown, defaulting to 1000 [ 507.432767][ T5871] Bluetooth: hci7: command tx timeout [ 507.432785][ T51] Bluetooth: hci6: command tx timeout [ 507.433146][ T5873] Bluetooth: hci8: command tx timeout [ 507.586737][T20356] bridge0: port 1(bridge_slave_0) entered blocking state [ 507.594389][T20356] bridge0: port 1(bridge_slave_0) entered disabled state [ 507.607849][T20356] bridge_slave_0: entered allmulticast mode [ 507.616286][T20356] bridge_slave_0: entered promiscuous mode [ 507.673848][T20356] bridge0: port 2(bridge_slave_1) entered blocking state [ 507.686857][T20356] bridge0: port 2(bridge_slave_1) entered disabled state [ 507.697578][T20356] bridge_slave_1: entered allmulticast mode [ 507.706064][T20356] bridge_slave_1: entered promiscuous mode [ 507.735387][T20359] chnl_net:caif_netlink_parms(): no params data found [ 507.847453][T20356] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 507.962863][T20356] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 508.220165][T20356] team0: Port device team_slave_0 added [ 508.302704][T20356] team0: Port device team_slave_1 added [ 508.355820][ T1054] hsr_slave_0: left promiscuous mode [ 508.363569][ T1054] hsr_slave_1: left promiscuous mode [ 508.369519][ T1054] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 508.377320][ T1054] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 508.386247][ T1054] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 508.394429][ T1054] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 508.420234][ T1054] veth1_macvtap: left promiscuous mode [ 508.426182][ T1054] veth0_macvtap: left promiscuous mode [ 508.432175][ T1054] veth1_vlan: left promiscuous mode [ 508.437505][ T1054] veth0_vlan: left promiscuous mode [ 508.465496][ T1054] ------------[ cut here ]------------ [ 508.471314][ T1054] WARNING: CPU: 0 PID: 1054 at net/ipv6/route.c:4857 rt6_multipath_rebalance+0x455/0x8b0 [ 508.481207][ T1054] Modules linked in: [ 508.485442][ T1054] CPU: 0 UID: 0 PID: 1054 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full) [ 508.494960][ T1054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 508.505414][ T1054] Workqueue: netns cleanup_net SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 508.510264][ T1054] RIP: 0010:rt6_multipath_rebalance+0x455/0x8b0 [ 508.516551][ T1054] Code: ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 85 fe ff ff 4c 89 e7 e8 6d 90 f2 f7 e9 78 fe ff ff e8 a3 27 8f f7 eb 05 e8 9c 27 8f f7 90 <0f> 0b 90 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc [ 508.536387][ T1054] RSP: 0018:ffffc90003fe6ea0 EFLAGS: 00010293 [ 508.542529][ T1054] RAX: ffffffff8a30848d RBX: ffff888075f7e400 RCX: ffff8880268a5a00 [ 508.550592][ T1054] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 508.558577][ T1054] RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004 [ 508.566632][ T1054] R10: dffffc0000000000 R11: fffff520007fcdcc R12: ffff8880788104de [ 508.575012][ T1054] R13: ffff888075f7e490 R14: 0000000000000000 R15: 1ffff1100ebefc92 [ 508.583065][ T1054] FS: 0000000000000000(0000) GS:ffff888125c1b000(0000) knlGS:0000000000000000 [ 508.592235][ T1054] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 508.598935][ T1054] CR2: 00007fcebc5aa6b0 CR3: 000000007b874000 CR4: 00000000003526f0 [ 508.607009][ T1054] Call Trace: [ 508.610310][ T1054] [ 508.613323][ T1054] fib6_ifdown+0x401/0x4c0 [ 508.617773][ T1054] ? __pfx_fib6_ifdown+0x10/0x10 [ 508.622852][ T1054] fib6_clean_node+0x24a/0x590 [ 508.627685][ T1054] ? __pfx_fib6_clean_node+0x10/0x10 [ 508.633125][ T1054] ? __lock_acquire+0xab9/0xd20 [ 508.638099][ T1054] ? __local_bh_enable_ip+0x12d/0x1c0 [ 508.643974][ T1054] fib6_walk_continue+0x678/0x910 [ 508.649055][ T1054] fib6_walk+0x149/0x290 [ 508.653396][ T1054] __fib6_clean_all+0x234/0x380 [ 508.658381][ T1054] ? __fib6_clean_all+0x9b/0x380 [ 508.663405][ T1054] ? __pfx_fib6_ifdown+0x10/0x10 [ 508.668364][ T1054] ? __pfx___fib6_clean_all+0x10/0x10 [ 508.673795][ T1054] ? __pfx_fib6_clean_node+0x10/0x10 [ 508.679113][ T1054] ? __pfx_fib6_ifdown+0x10/0x10 [ 508.684125][ T1054] ? __mutex_trylock_common+0x153/0x260 [ 508.689689][ T1054] rt6_disable_ip+0x120/0x720 [ 508.694546][ T1054] ? rcu_is_watching+0x15/0xb0 [ 508.699459][ T1054] ? trace_contention_end+0x39/0x120 [ 508.704931][ T1054] ? __pfx_rt6_disable_ip+0x10/0x10 [ 508.710174][ T1054] addrconf_ifdown+0x15d/0x1880 [ 508.715127][ T1054] ? __mutex_unlock_slowpath+0x1a1/0x760 [ 508.720836][ T1054] ? tls_dev_event+0x717/0xec0 [ 508.725618][ T1054] ? __pfx_addrconf_ifdown+0x10/0x10 [ 508.730966][ T1054] addrconf_notify+0x1bc/0x1010 [ 508.735840][ T1054] notifier_call_chain+0x1b3/0x3e0 [ 508.741108][ T1054] netif_close_many+0x29c/0x410 [ 508.745970][ T1054] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 508.752019][ T1054] ? __pfx_netif_close_many+0x10/0x10 [ 508.757433][ T1054] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 508.762870][ T1054] unregister_netdevice_many_notify+0x7b9/0x1ff0 [ 508.769228][ T1054] ? __local_bh_enable_ip+0x12d/0x1c0 [ 508.774647][ T1054] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 508.780686][ T1054] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 508.787568][ T1054] ? unregister_netdevice_queue+0x1b3/0x380 [ 508.793596][ T1054] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 508.799868][ T1054] ? batadv_meshif_destroy_netlink+0x1b0/0x250 [ 508.806161][ T1054] default_device_exit_batch+0x819/0x890 [ 508.811964][ T1054] ? __pfx___might_resched+0x10/0x10 [ 508.817281][ T1054] ? __pfx_default_device_exit_batch+0x10/0x10 [ 508.823504][ T1054] ? __pfx_rdma_dev_exit_net+0x10/0x10 [ 508.828997][ T1054] ? net_generic+0x1e/0x240 [ 508.833611][ T1054] ? __pfx_default_device_exit_batch+0x10/0x10 [ 508.839799][ T1054] ops_undo_list+0x522/0x990 [ 508.844503][ T1054] ? __pfx_ops_undo_list+0x10/0x10 [ 508.849710][ T1054] ? do_raw_spin_unlock+0x122/0x240 [ 508.854985][ T1054] cleanup_net+0x4c5/0x800 [ 508.859421][ T1054] ? __pfx_cleanup_net+0x10/0x10 [ 508.864423][ T1054] ? _raw_spin_unlock_irq+0x23/0x50 [ 508.870026][ T1054] ? process_scheduled_works+0x9ef/0x17b0 [ 508.875832][ T1054] ? process_scheduled_works+0x9ef/0x17b0 [ 508.881771][ T1054] process_scheduled_works+0xae1/0x17b0 [ 508.887379][ T1054] ? __pfx_process_scheduled_works+0x10/0x10 [ 508.893454][ T1054] worker_thread+0x8a0/0xda0 [ 508.898075][ T1054] kthread+0x711/0x8a0 [ 508.902213][ T1054] ? __pfx_worker_thread+0x10/0x10 [ 508.907352][ T1054] ? __pfx_kthread+0x10/0x10 [ 508.912029][ T1054] ? _raw_spin_unlock_irq+0x23/0x50 [ 508.917261][ T1054] ? lockdep_hardirqs_on+0x9c/0x150 [ 508.922703][ T1054] ? __pfx_kthread+0x10/0x10 [ 508.927329][ T1054] ret_from_fork+0x3f9/0x770 [ 508.931961][ T1054] ? __pfx_ret_from_fork+0x10/0x10 [ 508.937112][ T1054] ? __switch_to_asm+0x39/0x70 [ 508.942060][ T1054] ? __switch_to_asm+0x33/0x70 [ 508.946843][ T1054] ? __pfx_kthread+0x10/0x10 [ 508.951503][ T1054] ret_from_fork_asm+0x1a/0x30 [ 508.956306][ T1054] [ 508.959519][ T1054] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 508.966905][ T1054] CPU: 0 UID: 0 PID: 1054 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full) [ 508.976559][ T1054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 508.986618][ T1054] Workqueue: netns cleanup_net [ 508.991398][ T1054] Call Trace: [ 508.994665][ T1054] [ 508.997684][ T1054] dump_stack_lvl+0x99/0x250 [ 509.002308][ T1054] ? __asan_memcpy+0x40/0x70 [ 509.007071][ T1054] ? __pfx_dump_stack_lvl+0x10/0x10 [ 509.012354][ T1054] ? __pfx__printk+0x10/0x10 [ 509.016997][ T1054] vpanic+0x281/0x750 [ 509.020973][ T1054] ? __pfx__printk+0x10/0x10 [ 509.025658][ T1054] ? __pfx_vpanic+0x10/0x10 [ 509.030160][ T1054] ? is_bpf_text_address+0x26/0x2b0 [ 509.035351][ T1054] panic+0xb9/0xc0 [ 509.039050][ T1054] ? __pfx_panic+0x10/0x10 [ 509.043471][ T1054] __warn+0x31b/0x4b0 [ 509.047446][ T1054] ? rt6_multipath_rebalance+0x455/0x8b0 [ 509.053085][ T1054] ? rt6_multipath_rebalance+0x455/0x8b0 [ 509.058870][ T1054] report_bug+0x2be/0x4f0 [ 509.063280][ T1054] ? rt6_multipath_rebalance+0x455/0x8b0 [ 509.068904][ T1054] ? rt6_multipath_rebalance+0x455/0x8b0 [ 509.074530][ T1054] ? rt6_multipath_rebalance+0x457/0x8b0 [ 509.080189][ T1054] handle_bug+0x84/0x160 [ 509.084416][ T1054] exc_invalid_op+0x1a/0x50 [ 509.088904][ T1054] asm_exc_invalid_op+0x1a/0x20 [ 509.093756][ T1054] RIP: 0010:rt6_multipath_rebalance+0x455/0x8b0 [ 509.100029][ T1054] Code: ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 85 fe ff ff 4c 89 e7 e8 6d 90 f2 f7 e9 78 fe ff ff e8 a3 27 8f f7 eb 05 e8 9c 27 8f f7 90 <0f> 0b 90 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc [ 509.119879][ T1054] RSP: 0018:ffffc90003fe6ea0 EFLAGS: 00010293 [ 509.125944][ T1054] RAX: ffffffff8a30848d RBX: ffff888075f7e400 RCX: ffff8880268a5a00 [ 509.133908][ T1054] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 509.141958][ T1054] RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004 [ 509.149921][ T1054] R10: dffffc0000000000 R11: fffff520007fcdcc R12: ffff8880788104de [ 509.157959][ T1054] R13: ffff888075f7e490 R14: 0000000000000000 R15: 1ffff1100ebefc92 [ 509.165933][ T1054] ? rt6_multipath_rebalance+0x44d/0x8b0 [ 509.171573][ T1054] fib6_ifdown+0x401/0x4c0 [ 509.175981][ T1054] ? __pfx_fib6_ifdown+0x10/0x10 [ 509.180910][ T1054] fib6_clean_node+0x24a/0x590 [ 509.185661][ T1054] ? __pfx_fib6_clean_node+0x10/0x10 [ 509.190924][ T1054] ? __lock_acquire+0xab9/0xd20 [ 509.196644][ T1054] ? __local_bh_enable_ip+0x12d/0x1c0 [ 509.202025][ T1054] fib6_walk_continue+0x678/0x910 [ 509.207058][ T1054] fib6_walk+0x149/0x290 [ 509.211310][ T1054] __fib6_clean_all+0x234/0x380 [ 509.216189][ T1054] ? __fib6_clean_all+0x9b/0x380 [ 509.221117][ T1054] ? __pfx_fib6_ifdown+0x10/0x10 [ 509.226039][ T1054] ? __pfx___fib6_clean_all+0x10/0x10 [ 509.231592][ T1054] ? __pfx_fib6_clean_node+0x10/0x10 [ 509.236891][ T1054] ? __pfx_fib6_ifdown+0x10/0x10 [ 509.241832][ T1054] ? __mutex_trylock_common+0x153/0x260 [ 509.247489][ T1054] rt6_disable_ip+0x120/0x720 [ 509.252241][ T1054] ? rcu_is_watching+0x15/0xb0 [ 509.257015][ T1054] ? trace_contention_end+0x39/0x120 [ 509.262403][ T1054] ? __pfx_rt6_disable_ip+0x10/0x10 [ 509.267638][ T1054] addrconf_ifdown+0x15d/0x1880 [ 509.272515][ T1054] ? __mutex_unlock_slowpath+0x1a1/0x760 [ 509.278250][ T1054] ? tls_dev_event+0x717/0xec0 [ 509.283029][ T1054] ? __pfx_addrconf_ifdown+0x10/0x10 [ 509.288333][ T1054] addrconf_notify+0x1bc/0x1010 [ 509.293215][ T1054] notifier_call_chain+0x1b3/0x3e0 [ 509.298321][ T1054] netif_close_many+0x29c/0x410 [ 509.303166][ T1054] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 509.309151][ T1054] ? __pfx_netif_close_many+0x10/0x10 [ 509.314516][ T1054] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 509.319974][ T1054] unregister_netdevice_many_notify+0x7b9/0x1ff0 [ 509.326286][ T1054] ? __local_bh_enable_ip+0x12d/0x1c0 [ 509.331637][ T1054] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 509.337347][ T1054] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 509.344129][ T1054] ? unregister_netdevice_queue+0x1b3/0x380 [ 509.350130][ T1054] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 509.356368][ T1054] ? batadv_meshif_destroy_netlink+0x1b0/0x250 [ 509.362535][ T1054] default_device_exit_batch+0x819/0x890 [ 509.368200][ T1054] ? __pfx___might_resched+0x10/0x10 [ 509.373496][ T1054] ? __pfx_default_device_exit_batch+0x10/0x10 [ 509.379695][ T1054] ? __pfx_rdma_dev_exit_net+0x10/0x10 [ 509.385245][ T1054] ? net_generic+0x1e/0x240 [ 509.389758][ T1054] ? __pfx_default_device_exit_batch+0x10/0x10 [ 509.395914][ T1054] ops_undo_list+0x522/0x990 [ 509.400525][ T1054] ? __pfx_ops_undo_list+0x10/0x10 [ 509.405719][ T1054] ? do_raw_spin_unlock+0x122/0x240 [ 509.410931][ T1054] cleanup_net+0x4c5/0x800 [ 509.415361][ T1054] ? __pfx_cleanup_net+0x10/0x10 [ 509.420292][ T1054] ? _raw_spin_unlock_irq+0x23/0x50 [ 509.425475][ T1054] ? process_scheduled_works+0x9ef/0x17b0 [ 509.431261][ T1054] ? process_scheduled_works+0x9ef/0x17b0 [ 509.436984][ T1054] process_scheduled_works+0xae1/0x17b0 [ 509.442639][ T1054] ? __pfx_process_scheduled_works+0x10/0x10 [ 509.448664][ T1054] worker_thread+0x8a0/0xda0 [ 509.453266][ T1054] kthread+0x711/0x8a0 [ 509.457325][ T1054] ? __pfx_worker_thread+0x10/0x10 [ 509.462428][ T1054] ? __pfx_kthread+0x10/0x10 [ 509.467027][ T1054] ? _raw_spin_unlock_irq+0x23/0x50 [ 509.472211][ T1054] ? lockdep_hardirqs_on+0x9c/0x150 [ 509.477480][ T1054] ? __pfx_kthread+0x10/0x10 [ 509.482057][ T1054] ret_from_fork+0x3f9/0x770 [ 509.486731][ T1054] ? __pfx_ret_from_fork+0x10/0x10 [ 509.491827][ T1054] ? __switch_to_asm+0x39/0x70 [ 509.496576][ T1054] ? __switch_to_asm+0x33/0x70 [ 509.501320][ T1054] ? __pfx_kthread+0x10/0x10 [ 509.505982][ T1054] ret_from_fork_asm+0x1a/0x30 [ 509.510757][ T1054] [ 509.514184][ T1054] Kernel Offset: disabled [ 509.518559][ T1054] Rebooting in 86400 seconds..