last executing test programs: 1m11.978735839s ago: executing program 3 (id=2768): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a03000000000000000000020000050900020073797a310000000008000740000000390900010073797a3000000000080003400000000120010000140a050000000000000000000200ffff0900010073797a300000000008000340000000010c000640000000000000000263fe020073797a3100000000d6000800e706e998f92935071e4d057da2265b18ca94403d5de7270de65e832b8f5185b13afac5afef3c2c4942e184825073ba9d956a6a16"], 0x184}, 0x1, 0x0, 0xf5}, 0x0) 1m11.978230942s ago: executing program 3 (id=2769): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000d40)=@raw={'raw\x00', 0x8, 0x3, 0x370, 0x0, 0xffffffff, 0xffffffff, 0x110, 0xffffffff, 0x2a0, 0xffffffff, 0xffffffff, 0x2a0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {}, {}, 0x0, 0x0, 0x0, 0x41}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x1, 0x401, 0x8, 0x0, 'netbios-ns\x00', 'syz0\x00', {0x840}}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x128, 0x190, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x5, 0x0, 0x7, 0x3ff}}}, @inet=@rpfilter={{0x28}, {0xc}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x6, 0x4, 0xa, 0x8, 'syz0\x00', 'syz1\x00', {0x4}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x3d0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000001940)=ANY=[@ANYBLOB="b4000000000b00007910000000000000c310000401000000950074000000000031fb0d3a42319fa204399d17d34e075fdcda533ab1aa71ab1d764152e6cb25dadc7ded5dbe11b62ac5ea9fca11027d29066927603deb92de3141e8ed7ac5b8902070213cdfdc5d6c4890cdeb50347c32060581172b94c6ba22a2b58eb6cbad46ed6e7965a2ba103b0b36f790bb41931f9a3d4dd127c1b4e49f7468f5e623950c4f67581c92ef9e7e8ece17d566c93a114d68c577d694b9844e0d9e306404cfc3bfbead9e1b96c6a6cb639bca6d"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x20040010) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x6c, 0x30, 0x1, 0x70bd27, 0x800001, {}, [{0x58, 0x1, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x5c, 0x7ffc, 0x3, 0x5, 0xfffffff8}, @loopback, @multicast1, 0xffffffff, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x6c}}, 0x4) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000001c0)={'tunl0\x00', 0x0, 0x700, 0x700, 0x2af4, 0x80000000, {{0x35, 0x4, 0x3, 0x1c, 0xd4, 0x68, 0x0, 0x7, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x13}, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp={0x44, 0x18, 0x75, 0x0, 0x3, [0x46, 0x0, 0xf, 0x1, 0x1aed]}, @timestamp={0x44, 0xc, 0x3b, 0x0, 0x3, [0x8000, 0x3]}, @lsrr={0x83, 0x1b, 0x23, [@remote, @multicast1, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @loopback]}, @timestamp={0x44, 0x18, 0x9, 0x0, 0xc, [0x7fffffff, 0xe81, 0xfff, 0x9, 0x3]}, @ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x3c, 0xd6, 0x1, 0x0, [{@multicast2, 0x3ba4}, {@rand_addr=0x64010101, 0x2}, {@dev={0xac, 0x14, 0x14, 0x1b}, 0x6}, {@empty, 0x8}, {@multicast1, 0x7f}, {@multicast2, 0x80000000}, {@dev={0xac, 0x14, 0x14, 0x3f}, 0x9}]}, @noop, @ssrr={0x89, 0x13, 0x8c, [@loopback, @local, @multicast2, @rand_addr=0x64010100]}, @noop, @timestamp={0x44, 0x14, 0x4f, 0x0, 0x4, [0xffff, 0x5, 0x9, 0x10001]}]}}}}}) r4 = syz_genetlink_get_family_id$devlink(&(0x7f00000009c0), r1) sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000c00)={&(0x7f0000000980), 0xc, &(0x7f0000000bc0)={&(0x7f0000000a00)={0x184, r4, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0x3e, 0xa8, @random="24eb2d789fc1892c1f33d9479ca9ef2ffb54636850a0c72f788580209d398c11d036393208ee9a5001b9bd4785f87a38605a198c534374891bb4"}, @DEVLINK_ATTR_RATE_NODE_NAME={0x4d, 0xa8, @random="9c61871465fdf2a9b5dbbe88199f57de9555a2d17970afef1facecc39e892130e47860d9fdc76dcfd2ecfc920d8827ba2927d3d310f838d47113eca7e2f1e43d767c51cf6022a897f7"}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0x6c, 0xa9, @random="352fd3c89c68aa8653fab38da6589ba1079d3b08e34571ec30db352e90fdac0602a5b2e366c54e940be3f99f0c0451edcec0b0bc4774282cc6fd8627c97200bf7b97adba3d70b11f995da132769038f91b6e942d02137b92d7cc79805d85d29e395428c24815f99a"}, @DEVLINK_ATTR_RATE_NODE_NAME={0x21, 0xa8, @random="4477af62e5a311272f84a2826fbae7955e8aea53fa010cbf8aec4410de"}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_TX_MAX={0xc}]}, 0x184}, 0x1, 0x0, 0x0, 0x811}, 0x4000010) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000080)=0x14) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r2) sendmsg$NL80211_CMD_SET_STATION(r1, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="000125bd7000fddbdf25120000000500c200060000000500c200020000008800bd00cd070080a6ad47f613a957c30600360007000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x2) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000006a0000012cbd7000fedbdf250000000000000000080001000200008308000500", @ANYRES32=r3, @ANYBLOB="08000500", @ANYRES32=r5, @ANYBLOB="0800010001000000040009000800010000000000"], 0x44}}, 0x0) 1m11.976785415s ago: executing program 3 (id=2772): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x20004}, 0x1c) getsockopt$sock_buf(r3, 0x1, 0x19, &(0x7f0000002f80)=""/217, &(0x7f0000003080)=0xd9) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000004c0)={'syzkaller0\x00', @link_local}) syz_emit_ethernet(0x1be, &(0x7f0000000540)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0x188, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "8bb91d", 0x0, 0x11, 0x0, @loopback, @empty, [@fragment={0x87, 0x0, 0x5, 0x1, 0x0, 0x3, 0x68}, @hopopts={0x0, 0x28, '\x00', [@ra, @padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @generic={0x0, 0x9d, "a17e9ab13f6e142b20582c8d220c698a74dbf13dfc0ad1f526dfc43313759300929090dd4792ce67ea9f8769d3246f94412c56e0247939ed4b318e4b6066b72d91d9aff97fcf30977dfd4028dea535a8e9d1682c4794d255d62089716f2f97577f9bef264da3cfd3e5511fb253122f61808a73cc2e760f93ceb68a0db2613cf0956b23235f057c2f980a19266a6bb4a33a17f550a571c5b4211c6fa371"}, @ra, @generic={0x0, 0x8c, "65fd1a52737fa1ec91495f4d25a766a5dd36bcffb376f4b35d4a5bc51b0f8fb9a273282a9c8ef192a4de26c8732765dbeb6ce083e81cebf0612d1cc7956b78fb34ce0e4a867c8b4094bab04b23680ba97ad5c624055e8504a7a121cf38a402a7aa80e05dbe56fecab8b014420231c0e997cbfda9bdc7f29e3a8b13dcfc396cf6ff1fcd8a7f43a107871fdd7e"}, @padn={0x1, 0x2, [0x0, 0x0]}, @pad1, @generic={0x1}]}]}}}}}}}, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) close(r5) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x7a05, 0x1700) getsockopt$inet_sctp6_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000180)=@assoc_value, &(0x7f00000001c0)=0x8) splice(r4, 0x0, r2, &(0x7f00000002c0), 0x6, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000000)={'macvtap0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) ioctl$AUTOFS_IOC_FAIL(0xffffffffffffffff, 0x9361, 0x100000000) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)={0x24, 0x40, 0x107, 0x0, 0x25dfdbfc, {0x4, 0x7c}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x18, 0x0, 0x0, @ipv4=@multicast1}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x48800}, 0x0) 1m11.972689465s ago: executing program 3 (id=2778): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x40) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x4004) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000116c07010033d43afffe800000000000000000000000000010ff02000000000000000000000000000189"], 0x340a) 1m11.755235521s ago: executing program 3 (id=2784): r0 = socket$inet(0x10, 0x3, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) bind$netlink(r3, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r3, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r4, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x4}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40040}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xa00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x44}}, 0x0) 1m11.438508958s ago: executing program 3 (id=2792): r0 = socket(0x28, 0x5, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000005c0)=""/151, 0x97}], 0x1, &(0x7f0000002f40)=""/229, 0xe5}, 0x0) sendmsg$tipc(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="b8d3d8e4", 0x4}], 0x1, 0x0, 0x0, 0x84}, 0x8084) close(r2) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r3 = socket(0x2a, 0x80000, 0x0) r4 = openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$F2FS_IOC_SEC_TRIM_FILE(r4, 0x4018f514, &(0x7f0000000100)={0x0, 0x64, 0x3}) getsockname$packet(r3, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r3, 0x84, 0x1c, &(0x7f0000000000), &(0x7f0000000080)=0x4) r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_IDLE(r5, 0x103, 0x7, &(0x7f0000000040)=0x2000000, 0x4) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r6, 0x0, 0x60, &(0x7f0000000f00)={'filter\x00', 0x104, 0x4, 0x3c8, 0x0, 0x0, 0x1f8, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0xffffff00, 0x0, 0x0, {@mac=@local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'macvlan1\x00', 'macvlan0\x00'}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28}}, {{@arp={@loopback, @multicast2, 0x0, 0x0, 0x0, 0x0, {@mac=@local}, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pim6reg0\x00', 'veth0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast2, @local, 0x2, 0xffffffff}}}, {{@arp={@broadcast, @private=0xa010100, 0xff000000, 0xffffffff, 0xa, 0x4, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, {[0x0, 0xff, 0xff, 0xff, 0xff, 0xff]}}, {@empty, {[0xff]}}, 0x96, 0x4, 0xfff8, 0x19, 0x6, 0x7ff, 'ip_vti0\x00', 'wlan1\x00', {0xff}, {0xff}, 0x0, 0x8}, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x1f8}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) 19.329754593s ago: executing program 32 (id=2792): r0 = socket(0x28, 0x5, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000005c0)=""/151, 0x97}], 0x1, &(0x7f0000002f40)=""/229, 0xe5}, 0x0) sendmsg$tipc(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="b8d3d8e4", 0x4}], 0x1, 0x0, 0x0, 0x84}, 0x8084) close(r2) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r3 = socket(0x2a, 0x80000, 0x0) r4 = openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$F2FS_IOC_SEC_TRIM_FILE(r4, 0x4018f514, &(0x7f0000000100)={0x0, 0x64, 0x3}) getsockname$packet(r3, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r3, 0x84, 0x1c, &(0x7f0000000000), &(0x7f0000000080)=0x4) r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_IDLE(r5, 0x103, 0x7, &(0x7f0000000040)=0x2000000, 0x4) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r6, 0x0, 0x60, &(0x7f0000000f00)={'filter\x00', 0x104, 0x4, 0x3c8, 0x0, 0x0, 0x1f8, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0xffffff00, 0x0, 0x0, {@mac=@local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'macvlan1\x00', 'macvlan0\x00'}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28}}, {{@arp={@loopback, @multicast2, 0x0, 0x0, 0x0, 0x0, {@mac=@local}, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pim6reg0\x00', 'veth0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast2, @local, 0x2, 0xffffffff}}}, {{@arp={@broadcast, @private=0xa010100, 0xff000000, 0xffffffff, 0xa, 0x4, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, {[0x0, 0xff, 0xff, 0xff, 0xff, 0xff]}}, {@empty, {[0xff]}}, 0x96, 0x4, 0xfff8, 0x19, 0x6, 0x7ff, 'ip_vti0\x00', 'wlan1\x00', {0xff}, {0xff}, 0x0, 0x8}, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x1f8}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) 18.593224026s ago: executing program 4 (id=2832): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000100000000000a40000000060a0b040000000000000000020000001400048010000180090001006d617371000000000900010073797a30000000000900020073797a3200fff500f500000a73737a3e134a72da6c72de100b1bd1fe545e6c0564dcd4bd5aebf7a40000000000001e611d7fec5142e40800000000000000969d01934c639dccba9a998ff7fa74e4907bd5e19e2e64e5b22314016912c3426f39c9747d2c53ac39a88f43af9dace63d0f33049db21aaf869e3a9a4ab44f48d560daa9806c2cd3d04d3a624e919d332bec03237c2c4ffeaf14e300"/245], 0x68}}, 0x0) 18.49083s ago: executing program 4 (id=2834): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adffa87d2255f674412d020000000000005ab527ee3697f1ec4436dd1164aa93cc5800075557165397000a63f6b9b3f427f6ba6b34f98125f30e697fffffffffffffffa30b273683626e0003254d570dca6b78ad833488cfe4109eaf009edd3e69613d3cd6aaa300006eee8501000000520a0000151d010000000100bf00000000cc587424363dc6ad7f3bbd424c6e6cafbe9309aba218a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e470a000517ebc406e89dcbb7677e6528b0856e31ed9474ac24cf609068f645ce971fc0480737a55ebb0bd701f7ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bed759ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56d06c759da324a39f7f51b870b2851c3f0a1aab71587a21c8f1b3369ebfcba105a6ccdd01b0f04edb256c604f068773f6ff000000000000006ffbfe5ca32142b0195531458b7d1e341c6f864f983d745f5865aad41d2915aae7602a2d6cd415e8351ebc4223f54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121ad6eb372713255012e028cb2654d493a0b4b35faae176c89b745eda2967199cc936859a537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0cff28235a3cbb5d33b09bc30cf2880c586272c3f4d79bc36305745cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec66ea6c718bbd1aa59114000f0be4c6f8df084c5e9734ae30aa9afdc719bf01ab03a9b1074407136b4506000f0916a39d3057d50183612b39e73aeeb6eaf14652dda68e98ef938e6515a94a71836469e2051d9b7eb85f3f2d5ae2c51944da8d7391d6d6b97419a3b7660df4c5124ca425d374b371867a79b31c6617fc3327191fbf514573f0e30d1d60be2168fe6c2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257b84000000b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c786eeca22debc99335583b54c13c3130978fa069af8223b38ced735c2d905f51ca85ffa4add5647489b3960127696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c5341877386ec55d7dc958fd235d6071619a65d4b82d9c162f3556076b80550d961ca74f1ffdaccf0ea5f02e0fca8b27ff3983ab74fd3d560700a1fbb44e77e312b3b129e000302d613916c9bcf9f0000fac73adb6bfb27f88dba816020be760f7b45e001efada800000000000000fdaf4660402f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6542e597300eb82a184c96ffde5a30e5433d86666cb045bdd02c804c22ff2635c7bfbf5c0d586cda5e1e88a4d41dee7cc74f822278d124638fec58faeb48afe324369cc51204158bb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a635edb2dd163e863315e84498dfb52b7f54da6398cbedaa42cc17c4563c859656a357770289a61faa95a82bf1cfb7f2fd7252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b226900110635376413c29f7c6f7b7e29b9f4bddd5e328661f4046e01f7d7dc22174e5e627a6f608ad53a4168d4d8f7fbc71104512efe8e5d7d934aa289b4db2b870000000000000000000000000000000000000000009b777883a0f9cf4ad155110cd3ace2b322ac31bfa27847dc99c8a69a1ea5b98e525e6393ad7fd9795170e7b11e4fa990b9386910a6a1a66a70eaff01247603c2ff49d3979676bffb3049166ab84a0f061991bd57c2566c10c282352a5105b6164e3f2491e4793e590dcc71de10da96fdff40dd44a2c9882d3aa0f8a797b8fea6efcfb5046b7679f15559cdaa977504c40b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22ade17556abb722d9c085b189b5fd1f30e8dc813f60400fde1f88d830b11002135e8e7262f299ed7923bfbe00ad88be179e56b41ff3792cee2fc37eee739c3e3af923e8738d93d583a9cf00b946960fc38cf85aae7cf708f9a9d166f2e352a06d99b8be476d1cc2a53a859ae4fdab2a987925d12422474ac044ffe9fe2bf9bf9bbdf36c4ca89c516647542ac45545337829fa7039d155ebda42d4c14f4ca7f8b5d5842658c62d0a03092b94fa1b19f190000000000000000000000000000009e75a32b9fafeffd890f2759b0fe3add33fa43a4c3995458f86a926ad56b23571c46728c039cd3b4bb7d69dfa27782b953a7b81cc161912b3e5716360686e126311a7e21bfa2efd0f57b90c203528c8f620d3c7b31c7abcffae382f53500f7cd5d00159e5f741d3e2d2cbd1a04b3f39b50a4683daa7d117b7f4a149c954d69d8ab001339e464c8eb5f0c63899010757c9a3b69f4920531b83f71d5a34ef9405819afee15b77c015ea755c95127ff2274bb9a8463ce4b8c08ad70596ad2b2b044e660ed144b9dce372450ea69d25da2b6deed67fac26e765aa7d5532ba1044f62db049486acde2294127cb767c23da7d8f9844d3be5b6aa83ee4ce1876af5130efe1b64ccb6bbd349bcc0e8deec8ab3bd1b35bbc8ab8a152771744baa576b9223d26b5603a7f091be1264cabaf661fe2dbe7990a61f710f923f2337818a3983d06c11a6bee7fccb78a53c56db5c18f920d2194374db665dcadf53b8d0014e682ec721d67a7ab6c817fe53c86f8900000000000000000000000000000060b7b827c56e973a2ab5bc5c558ada68c4ec3762f5957b20b919af5d53c87de056a397bdcb614c34761e2c815698e1f9f5521a385c2910850929040a4eba573e91ca21fc855358120ecd79a5d7007693ef3ff9d2b993d114443d53c53094e516f675b2a7074584714e7a2015e05e507811b4ca89c39281c9ada5f58ceb55893cca783ab09c9a19836a3a2c715b10436a5731549e364679ecd8461a68433ab52b1108831edb9654dc602183c1170d6881647f6dca15d57fb76357d815c5f1000000000000000000f49e327c0b6e511494466cec78650f0a6267"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x7}, 0x48) r1 = socket$kcm(0x29, 0x2, 0x0) r2 = socket$inet6(0xa, 0x803, 0x6) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e2b, 0x6, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3f}}, 0x77f}, 0x1c) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000400)={r2}) sendmsg$NL80211_CMD_SET_POWER_SAVE(r3, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x811}, 0x80) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000180)={r2, r0}) 18.451408367s ago: executing program 4 (id=2835): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newtaction={0x48, 0x32, 0x1, 0x80, 0x25dfdbfe, {}, [{0x34, 0x1, [@m_vlan={0x30, 0x1, 0x0, 0x0, {{0x9, 0x3}, {0xfffffffffffffd97}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x48}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg(r0, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000700)='t', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000002040)=[{&(0x7f0000000cc0)="dc", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00{'], 0x10}}], 0x2, 0x4048814) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x7, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000851000000200000085100000010000009500007b0000000085000000080000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x9b, &(0x7f0000000300)=""/155, 0x0, 0x3}, 0x94) 18.429534616s ago: executing program 1 (id=2836): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x40) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="a0010000100001000000000000000000fc010000000000000000000000000000ac1414bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000fc01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000ff07000002000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000001c001700000000000000000000000001003924ad324f0e4f410000004c001400636d61632861657329"], 0x1a0}}, 0x0) 18.334271072s ago: executing program 4 (id=2838): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c40)=ANY=[@ANYRESOCT=r1], 0x98}}, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r5, 0x0) ioctl$PPPIOCSMRRU(r5, 0x4004743b, &(0x7f0000000040)=0x4a) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x87}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x101}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r7, 0x0, 0xe, 0x0, &(0x7f00000003c0)="c274386d178550cb864bd57221bc", 0x0, 0x1200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r8 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r8, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) bind$tipc(r8, &(0x7f0000000100)=@name={0x1e, 0x2, 0x6212633ef4a2b82, {{0x42}}}, 0x10) r9 = socket(0x1, 0x803, 0x0) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r10}, @IFLA_MASTER={0x8, 0xa, r10}]}, 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0) 18.28138236s ago: executing program 1 (id=2840): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000090a010200000000006400000000000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000340000000300c000b4047"], 0x78}}, 0x0) 18.276264192s ago: executing program 2 (id=2841): r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x83, &(0x7f0000000000)={r2, 0x2}, 0x8) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={r2, 0x4}, &(0x7f0000000040)=0x8) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x8}, 0x9) write(r3, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000000500000000000000050008000d000000", 0x24) listen(r0, 0x8) r4 = accept4(r0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x84, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x4}, &(0x7f0000000200)=0x90) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb01001800000000000000940000009400000005000000020000000900000f0200000003000000400000000800000003000000070b1000ed0000000400000008000000f7ffffff01000000d3d8000006000000050000000600000004000000020000001b0c0000007f000004000000000400000800000004000000020000000e0000000500000080000000cb0d0000d04b004600000100000f020000000500000000100000020000009e52000078300081671625d4fc2e03b504e8dc1c8a416475646746a86b196591f39df38c541eee94e46b055950952e2cd356dbb6a921d6935acbd61b62840dfd6b20540b06a9271be03cc8e5be9cb0d556"], &(0x7f00000020c0)=""/144, 0xb1, 0x90, 0x1}, 0x28) 18.154470343s ago: executing program 1 (id=2842): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="07000000040000008001000004"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000010000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='tlb_flush\x00', r2}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xc, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000091108c000000000095"], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000900)={0x1c, 0x52, 0x1, 0x0, 0x0, {0x2, 0x3}, [@typed={0x8, 0x1, 0x0, 0x0, @binary="feffffff"}]}, 0x1c}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="a0010000100001000000000000000000fc010000000000000000000000000000ac1414bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000fc01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000ff07000002000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000001c001700000000000000000000000001003924ad324f0e4f410000004c001400636d61632861657329"], 0x1a0}}, 0x0) r4 = socket$l2tp6(0xa, 0x2, 0x73) getsockopt$inet6_IPV6_IPSEC_POLICY(r4, 0x29, 0x22, &(0x7f0000000300)={{{@in6=@empty, @in=@private}}, {{@in=@local}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) 18.139341055s ago: executing program 1 (id=2843): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x38, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x2000}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0xc, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x73878f7a}]}]}], {0x14}}, 0xb4}, 0x1, 0x0, 0x4c00000000000000}, 0x800) 18.0572105s ago: executing program 4 (id=2845): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x1a8, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0xd}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0xd8}]}}, @TCA_RATE={0x6, 0x5, {0xb, 0x40}}, @filter_kind_options=@f_bpf={{0x8}, {0x160, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x148, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_simple={0x114, 0x1e, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x9, 0x4, 0x10000000, 0x633, 0xe2d}}]}, {0xcd, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bfb320865cee27f05adfbc7dae04880a34e7bf775010128401ec5a80f551da79136f2a4ff74f3588c03c976e1c54366c6747dbbdd2e1e0d6da659b84a2ea14191b4223d2b6eeb465498ad518ee2114b5e4ab0d52289fe809788321e04d9b1d9f82a03fbb49229585f49ce943954da5ad28e25a9ba91b24d4c96612e2188dd3fa1dea6994033514d8f93add809a6ee955d65ac8c2ae97714a5c600000ddb671382ebf29bf9b3697264083e1c85729597a"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}}]}, 0x1a8}, 0x1, 0x0, 0x0, 0x40008c5}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}, 0x4000000}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 17.995264803s ago: executing program 1 (id=2847): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x40) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x4004) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d43afffe800020000000000000000000000010ff02000000000000000000000000000189"], 0x340a) 17.994666202s ago: executing program 4 (id=2848): syz_emit_ethernet(0x3e, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffffffff0000000000000800450000140000000000fc03d44a1e0001ac1414aa050090000000000000000000000000ffffc083000000000000000000"], 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)) r2 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00'}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="3800000040000701feffffff02000000017c0000040042800c00018006000600800a000014000280100014800c0009000800b600884700"], 0x38}, 0x1, 0x0, 0x0, 0x4048011}, 0xc800) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)) write$nci(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB="7105050402050603ac0408025d9ac5613540eda5070406f803a4797d59321fb486e43117a1462d8a3644c0437046f374d6088a0ca25f373511cdcc45f7ffffffcdb7a6abe495b07c6a954a14d714a004fbdc388e62b9343847d92375a9c7992268a30103e699bf95a37422e2cab0916afdc4812800"/128], 0x1c) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x4, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_AUTORATE={0x8}]}}]}, 0x3c}}, 0x0) sendmsg$NFC_CMD_FW_DOWNLOAD(r0, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002e80)={&(0x7f00000004c0)=ANY=[@ANYRES16, @ANYRESOCT=r1, @ANYRES64=r4, @ANYRESHEX=r3], 0x24}, 0x1, 0x0, 0x0, 0x20048801}, 0x440) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) syz_extract_tcp_res(&(0x7f0000000180), 0xffff, 0x4) setsockopt$inet_sctp6_SCTP_NODELAY(r8, 0x84, 0x3, &(0x7f0000000000)=0x83, 0x4) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r8, 0x84, 0x77, &(0x7f0000000080)={0x0, 0x8, 0x7, [0x400, 0xd, 0xa2, 0x1, 0x9, 0x6, 0x7]}, &(0x7f00000000c0)=0x16) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r8, 0x84, 0x13, &(0x7f0000000100)={r9, 0xfffffffd}, &(0x7f0000000140)=0x8) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x8c000, 0x0) socket$inet(0x2, 0x1, 0x2) 17.900601919s ago: executing program 1 (id=2849): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x4, 0x7}, 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff3}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x6c1, 0x35, 0x10}}}}]}, 0x44}}, 0x20040084) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000b00)=@newqdisc={0x24, 0x29, 0x4ee4e6a52ff56541, 0x4001, 0xfffdfdfc, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x2, 0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1d, 0x12, &(0x7f0000000080)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @jmp={0x5, 0x1, 0x1, 0x7, 0xb, 0x100}, @jmp={0x5, 0x0, 0x2, 0x6, 0x1, 0xffffffffffffffff, 0x10}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x10, 0x95e1}, 0x94) 17.391560354s ago: executing program 2 (id=2850): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0) recvmmsg(r1, &(0x7f0000001000)=[{{0x0, 0x0, &(0x7f0000002740)=[{&(0x7f00000005c0)=""/248, 0xf8}, {&(0x7f0000000140)=""/114, 0x72}, {&(0x7f0000001480)=""/217, 0xd9}, {&(0x7f0000001600)=""/103, 0x67}, {&(0x7f0000001680)=""/4096, 0x1000}], 0x5}}, {{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000002f80)=""/4096, 0x1000}, {&(0x7f0000000440)=""/170, 0xaa}, {&(0x7f0000000500)=""/159, 0x9f}, {&(0x7f0000001200)=""/237, 0xed}, {&(0x7f00000001c0)=""/126, 0x7e}, {&(0x7f00000007c0)=""/70, 0x46}], 0x6}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000004080)=@base={0x2, 0x4, 0x4, 0xbf22, 0x480}, 0x48) mmap(&(0x7f0000fa2000/0x4000)=nil, 0x4000, 0x2, 0x82011, r2, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000002700090025bd7000ffd3008001000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x4000811}, 0x4000) 17.303461221s ago: executing program 2 (id=2851): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000090a010200000000ffef00000000000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000340000000300c000b4047"], 0x78}}, 0x0) 17.302408033s ago: executing program 2 (id=2852): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x2, 0xa, 0x0, 0x9, 0x7, 0x0, 0x70bd2a, 0x25dfdbfe, [@sadb_x_filter={0x5, 0x1a, @in=@multicast2, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1e, 0x10}]}, 0x38}}, 0x8000) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=@newtaction={0x88, 0x30, 0xb, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x70, 0x1, 0x0, 0x0, {{0x7}, {0x48, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @private1}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_PORT_MAX={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}}, 0x0) 17.279564844s ago: executing program 2 (id=2853): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x10, 0x0, 0x20040001, 0x4, 0x5, 0x76c5, 0x2, 0x0, 0x80000000}}) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x2c}, 0x245}, 0x1c) getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000000c0)=0x98) r2 = socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x3, 0x8000000003c) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f00000000c0), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r3, &(0x7f00000002c0)={&(0x7f0000000100)={0x1d, r4}, 0x10, &(0x7f0000000280)={&(0x7f0000000000)={0x1, 0x59b, 0x5, {}, {}, {0x0, 0x0, 0x0, 0x1}, 0x1, @can={{0x1, 0x1, 0x1, 0x1}, 0x1, 0x3}}, 0x48}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000140)={'syztnl0\x00', r4, 0x29, 0x1, 0x1, 0xffffff67, 0x32, @empty, @mcast1, 0x7800, 0x8000, 0xc, 0x36a}}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0xf00) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000012c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000040)={@cgroup=r6, r6, 0x2f}, 0x20) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, 0x0}, 0x8) r8 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000002c0)=r7, 0x4) bpf$LINK_DETACH(0x22, &(0x7f0000000340)=r8, 0x4) bpf$LINK_DETACH(0x22, &(0x7f0000000500)=r8, 0x4) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r2, 0x0, 0x810) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000680)={0x0, 0xfffffe2f, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r9, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r5], 0x38}}, 0x10) 17.196645103s ago: executing program 2 (id=2854): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x40) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x4004) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d43afffe800040000000000000000000000010ff02000000000000000000000000000189"], 0x340a) 16.611182532s ago: executing program 0 (id=2861): r0 = socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x3, 0x8000000003c) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0xf00) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r0, 0x0, 0x810) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000680)={0x0, 0xfffffe2f, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="38000000180001000000000000000b000a000000000000000000000008000400", @ANYRES32=r2, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r1], 0x38}}, 0x10) 16.610810991s ago: executing program 0 (id=2862): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000090a010200000000fff000000000000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000340000000300c000b4047"], 0x78}}, 0x0) 16.594054484s ago: executing program 0 (id=2863): r0 = socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x3, 0x8000000003c) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0xf00) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r0, 0x0, 0x810) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x5}}}}]}, 0x44}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newtfilter={0x58, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {}, {0x1, 0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0xfffffd6d, 0x2, [@TCA_CGROUP_EMATCHES={0x24, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x14, 0x1, 0x0, 0x0, {{0x3, 0x9, 0x80}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}]}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}]}]}}]}, 0x58}}, 0x1) r5 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="020d000010000000000000000000000008001200020002000000000000000000100032001e000000000000000000000010003300000000000000000000000000fc02000000000000000000000000000003000500000000000200000dac1414aa0000000000000000030006000000000002"], 0x80}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000680)={0x0, 0xfffffe2f, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r2, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r1], 0x38}}, 0x10) 16.547195823s ago: executing program 0 (id=2864): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x1, 0xffffffff, [{0x0, 0x2, 0xc1}]}, @restrict={0x0, 0x0, 0x0, 0x6, 0x2}]}}, 0x0, 0x3e}, 0x20) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000180)={0x0, 0x2, 0x5, 0x5}) socket$nl_route(0x10, 0x3, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000002c0)) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="ffffffffffffffff0001006d6163766c9d23d89eca4aa230a63d2afe616e0004000280d4b457b5c0f1ed40bbbb00003f6efde90000000000"], 0x40}}, 0x0) 16.463238979s ago: executing program 0 (id=2865): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r6 = socket$pppl2tp(0x18, 0x1, 0x1) r7 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r8 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCDELRT(r8, 0x8912, &(0x7f00000001c0)={0x2000000, {0x2, 0x4e20, @broadcast}, {0x2, 0x1, @remote}, {0x2, 0x0, @broadcast}}) getsockopt$EBT_SO_GET_INIT_INFO(r8, 0x0, 0x82, &(0x7f0000000240)={'nat\x00', 0x0, 0x0, 0x0, [0x0, 0xe, 0x1000, 0x10001, 0x0, 0x8553]}, &(0x7f00000001c0)=0x78) r9 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r9, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2, 0x1}}, 0x2e) ioctl$PPPIOCGMRU(r9, 0x80047453, &(0x7f0000000100)) r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)={0x24, r10, 0x1, 0x0, 0x40000, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x51}]}, 0x24}}, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r10, 0x10, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x2400e001}, 0x20008800) r11 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r11, @ANYBLOB="01002c9d7000ffdbdf2504"], 0x14}}, 0x800) 15.643087147s ago: executing program 0 (id=2866): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x4004) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d433fffe800000000000000000000000000010ff02000000000000000000000000000189"], 0x340a) 2.500153497s ago: executing program 33 (id=2849): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x4, 0x7}, 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff3}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x6c1, 0x35, 0x10}}}}]}, 0x44}}, 0x20040084) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000b00)=@newqdisc={0x24, 0x29, 0x4ee4e6a52ff56541, 0x4001, 0xfffdfdfc, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x2, 0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1d, 0x12, &(0x7f0000000080)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @jmp={0x5, 0x1, 0x1, 0x7, 0xb, 0x100}, @jmp={0x5, 0x0, 0x2, 0x6, 0x1, 0xffffffffffffffff, 0x10}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x10, 0x95e1}, 0x94) 2.480951532s ago: executing program 34 (id=2848): syz_emit_ethernet(0x3e, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffffffff0000000000000800450000140000000000fc03d44a1e0001ac1414aa050090000000000000000000000000ffffc083000000000000000000"], 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)) r2 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00'}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="3800000040000701feffffff02000000017c0000040042800c00018006000600800a000014000280100014800c0009000800b600884700"], 0x38}, 0x1, 0x0, 0x0, 0x4048011}, 0xc800) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)) write$nci(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB="7105050402050603ac0408025d9ac5613540eda5070406f803a4797d59321fb486e43117a1462d8a3644c0437046f374d6088a0ca25f373511cdcc45f7ffffffcdb7a6abe495b07c6a954a14d714a004fbdc388e62b9343847d92375a9c7992268a30103e699bf95a37422e2cab0916afdc4812800"/128], 0x1c) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x4, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_AUTORATE={0x8}]}}]}, 0x3c}}, 0x0) sendmsg$NFC_CMD_FW_DOWNLOAD(r0, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002e80)={&(0x7f00000004c0)=ANY=[@ANYRES16, @ANYRESOCT=r1, @ANYRES64=r4, @ANYRESHEX=r3], 0x24}, 0x1, 0x0, 0x0, 0x20048801}, 0x440) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) syz_extract_tcp_res(&(0x7f0000000180), 0xffff, 0x4) setsockopt$inet_sctp6_SCTP_NODELAY(r8, 0x84, 0x3, &(0x7f0000000000)=0x83, 0x4) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r8, 0x84, 0x77, &(0x7f0000000080)={0x0, 0x8, 0x7, [0x400, 0xd, 0xa2, 0x1, 0x9, 0x6, 0x7]}, &(0x7f00000000c0)=0x16) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r8, 0x84, 0x13, &(0x7f0000000100)={r9, 0xfffffffd}, &(0x7f0000000140)=0x8) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x8c000, 0x0) socket$inet(0x2, 0x1, 0x2) 2.000514878s ago: executing program 35 (id=2854): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x40) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x4004) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d43afffe800040000000000000000000000010ff02000000000000000000000000000189"], 0x340a) 0s ago: executing program 36 (id=2866): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x4004) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d433fffe800000000000000000000000000010ff02000000000000000000000000000189"], 0x340a) kernel console output (not intermixed with test programs): .827900][T10561] __x64_sys_connect+0x7a/0x90 [ 190.827923][T10561] do_syscall_64+0xfa/0xf80 [ 190.827945][T10561] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.827962][T10561] ? clear_bhb_loop+0x60/0xb0 [ 190.827983][T10561] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.827999][T10561] RIP: 0033:0x7ff56238f749 [ 190.828015][T10561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 190.828030][T10561] RSP: 002b:00007ff56319a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 190.828048][T10561] RAX: ffffffffffffffda RBX: 00007ff5625e5fa0 RCX: 00007ff56238f749 [ 190.828061][T10561] RDX: 000000000000005f RSI: 0000200000000180 RDI: 0000000000000003 [ 190.828072][T10561] RBP: 00007ff56319a090 R08: 0000000000000000 R09: 0000000000000000 [ 190.828082][T10561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 190.828093][T10561] R13: 00007ff5625e6038 R14: 00007ff5625e5fa0 R15: 00007ffc636cc308 [ 190.828123][T10561] [ 191.193999][T10567] bond1: option mode: unable to set because the bond device is up [ 191.319576][T10571] Cannot find add_set index 2 as target [ 191.349559][T10573] FAULT_INJECTION: forcing a failure. [ 191.349559][T10573] name failslab, interval 1, probability 0, space 0, times 0 [ 191.404489][T10573] CPU: 1 UID: 0 PID: 10573 Comm: syz.0.1511 Not tainted syzkaller #0 PREEMPT(full) [ 191.404514][T10573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 191.404525][T10573] Call Trace: [ 191.404533][T10573] [ 191.404541][T10573] dump_stack_lvl+0x189/0x250 [ 191.404564][T10573] ? __pfx____ratelimit+0x10/0x10 [ 191.404586][T10573] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.404604][T10573] ? __pfx__printk+0x10/0x10 [ 191.404626][T10573] ? rcu_is_watching+0x15/0xb0 [ 191.404647][T10573] ? trace_fib_table_lookup+0x85/0x1e0 [ 191.404675][T10573] should_fail_ex+0x414/0x560 [ 191.404701][T10573] should_failslab+0xa8/0x100 [ 191.404726][T10573] kmem_cache_alloc_noprof+0x74/0x6f0 [ 191.404745][T10573] ? __pfx_find_exception+0x10/0x10 [ 191.404766][T10573] ? dst_alloc+0x105/0x170 [ 191.404783][T10573] ? fib_lookup+0x76/0x440 [ 191.404807][T10573] dst_alloc+0x105/0x170 [ 191.404830][T10573] ip_route_output_key_hash_rcu+0x1560/0x23e0 [ 191.404863][T10573] ? ip_route_output_key_hash+0xc1/0x280 [ 191.404887][T10573] ip_route_output_key_hash+0x174/0x280 [ 191.404914][T10573] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 191.404955][T10573] tcp_v4_connect+0x710/0x1a90 [ 191.404999][T10573] ? __pfx_tcp_v4_connect+0x10/0x10 [ 191.405027][T10573] mptcp_connect+0x56b/0x830 [ 191.405053][T10573] __inet_stream_connect+0x2ae/0xe70 [ 191.405079][T10573] ? __local_bh_enable_ip+0x12d/0x1c0 [ 191.405095][T10573] ? __pfx___inet_stream_connect+0x10/0x10 [ 191.405112][T10573] ? __local_bh_enable_ip+0x12d/0x1c0 [ 191.405128][T10573] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 191.405156][T10573] inet_stream_connect+0x66/0xa0 [ 191.405177][T10573] __sys_connect+0x316/0x440 [ 191.405258][T10573] ? __fget_files+0x3a0/0x420 [ 191.405274][T10573] ? __pfx___sys_connect+0x10/0x10 [ 191.405309][T10573] ? __pfx_ksys_write+0x10/0x10 [ 191.405336][T10573] __x64_sys_connect+0x7a/0x90 [ 191.405359][T10573] do_syscall_64+0xfa/0xf80 [ 191.405391][T10573] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.405407][T10573] ? clear_bhb_loop+0x60/0xb0 [ 191.405428][T10573] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.405444][T10573] RIP: 0033:0x7f7beeb8f749 [ 191.405458][T10573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.405473][T10573] RSP: 002b:00007f7befacc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 191.405492][T10573] RAX: ffffffffffffffda RBX: 00007f7beede5fa0 RCX: 00007f7beeb8f749 [ 191.405504][T10573] RDX: 0000000000000010 RSI: 00002000000009c0 RDI: 0000000000000003 [ 191.405515][T10573] RBP: 00007f7befacc090 R08: 0000000000000000 R09: 0000000000000000 [ 191.405525][T10573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 191.405535][T10573] R13: 00007f7beede6038 R14: 00007f7beede5fa0 R15: 00007ffc58f18a48 [ 191.405567][T10573] [ 191.874186][T10592] FAULT_INJECTION: forcing a failure. [ 191.874186][T10592] name failslab, interval 1, probability 0, space 0, times 0 [ 191.888688][T10592] CPU: 0 UID: 0 PID: 10592 Comm: syz.1.1520 Not tainted syzkaller #0 PREEMPT(full) [ 191.888713][T10592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 191.888724][T10592] Call Trace: [ 191.888731][T10592] [ 191.888738][T10592] dump_stack_lvl+0x189/0x250 [ 191.888762][T10592] ? __pfx____ratelimit+0x10/0x10 [ 191.888783][T10592] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.888800][T10592] ? __pfx__printk+0x10/0x10 [ 191.888827][T10592] ? __pfx___might_resched+0x10/0x10 [ 191.888849][T10592] ? fs_reclaim_acquire+0x7d/0x100 [ 191.888880][T10592] should_fail_ex+0x414/0x560 [ 191.888904][T10592] should_failslab+0xa8/0x100 [ 191.888928][T10592] __kmalloc_noprof+0xcb/0x800 [ 191.888945][T10592] ? rcu_is_watching+0x15/0xb0 [ 191.888962][T10592] ? security_sk_alloc+0x52/0x390 [ 191.888981][T10592] ? trace_kmem_cache_alloc+0x1f/0xb0 [ 191.889002][T10592] security_sk_alloc+0x52/0x390 [ 191.889023][T10592] sk_prot_alloc+0x101/0x220 [ 191.889049][T10592] sk_alloc+0x3a/0x390 [ 191.889075][T10592] inet6_create+0x7f0/0x1260 [ 191.889099][T10592] ? inet6_create+0x83/0x1260 [ 191.889133][T10592] __sock_create+0x4b3/0x9d0 [ 191.889162][T10592] mptcp_subflow_create_socket+0xf0/0x7d0 [ 191.889192][T10592] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 191.889216][T10592] ? look_up_lock_class+0x74/0x150 [ 191.889244][T10592] __mptcp_nmpc_sk+0x148/0x760 [ 191.889270][T10592] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 191.889302][T10592] mptcp_connect+0x71/0x830 [ 191.889339][T10592] __inet_stream_connect+0x2ae/0xe70 [ 191.889366][T10592] ? __local_bh_enable_ip+0x12d/0x1c0 [ 191.889388][T10592] ? __pfx___inet_stream_connect+0x10/0x10 [ 191.889407][T10592] ? __local_bh_enable_ip+0x12d/0x1c0 [ 191.889422][T10592] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 191.889449][T10592] inet_stream_connect+0x66/0xa0 [ 191.889470][T10592] __sys_connect+0x316/0x440 [ 191.889490][T10592] ? __fget_files+0x3a0/0x420 [ 191.889506][T10592] ? __pfx___sys_connect+0x10/0x10 [ 191.889546][T10592] ? __pfx_ksys_write+0x10/0x10 [ 191.889572][T10592] __x64_sys_connect+0x7a/0x90 [ 191.889594][T10592] do_syscall_64+0xfa/0xf80 [ 191.889616][T10592] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.889632][T10592] ? clear_bhb_loop+0x60/0xb0 [ 191.889659][T10592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.889675][T10592] RIP: 0033:0x7efd1798f749 [ 191.889690][T10592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.889705][T10592] RSP: 002b:00007efd187be038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 191.889731][T10592] RAX: ffffffffffffffda RBX: 00007efd17be5fa0 RCX: 00007efd1798f749 [ 191.889741][T10592] RDX: 000000000000005f RSI: 0000200000000180 RDI: 0000000000000003 [ 191.889752][T10592] RBP: 00007efd187be090 R08: 0000000000000000 R09: 0000000000000000 [ 191.889762][T10592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 191.889772][T10592] R13: 00007efd17be6038 R14: 00007efd17be5fa0 R15: 00007ffd2e1dbfa8 [ 191.889802][T10592] [ 192.248518][T10600] bond1: option mode: unable to set because the bond device is up [ 192.399544][T10610] Cannot find add_set index 2 as target [ 192.470147][T10612] 8021q: VLANs not supported on gre0 [ 192.715902][T10636] FAULT_INJECTION: forcing a failure. [ 192.715902][T10636] name failslab, interval 1, probability 0, space 0, times 0 [ 192.765238][T10636] CPU: 1 UID: 0 PID: 10636 Comm: syz.0.1534 Not tainted syzkaller #0 PREEMPT(full) [ 192.765264][T10636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 192.765275][T10636] Call Trace: [ 192.765282][T10636] [ 192.765289][T10636] dump_stack_lvl+0x189/0x250 [ 192.765312][T10636] ? __pfx____ratelimit+0x10/0x10 [ 192.765331][T10636] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.765348][T10636] ? __pfx__printk+0x10/0x10 [ 192.765376][T10636] ? __pfx___might_resched+0x10/0x10 [ 192.765392][T10636] ? fs_reclaim_acquire+0x7d/0x100 [ 192.765418][T10636] should_fail_ex+0x414/0x560 [ 192.765442][T10636] should_failslab+0xa8/0x100 [ 192.765467][T10636] __kmalloc_cache_noprof+0x6f/0x6f0 [ 192.765487][T10636] ? subflow_ulp_init+0xd0/0x5c0 [ 192.765508][T10636] subflow_ulp_init+0xd0/0x5c0 [ 192.765523][T10636] ? tcp_set_ulp+0xb1/0x5f0 [ 192.765547][T10636] tcp_set_ulp+0x53c/0x5f0 [ 192.765569][T10636] mptcp_subflow_create_socket+0x34b/0x7d0 [ 192.765599][T10636] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 192.765622][T10636] ? look_up_lock_class+0x74/0x150 [ 192.765648][T10636] __mptcp_nmpc_sk+0x148/0x760 [ 192.765675][T10636] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 192.765706][T10636] mptcp_connect+0x71/0x830 [ 192.765728][T10636] __inet_stream_connect+0x2ae/0xe70 [ 192.765755][T10636] ? __local_bh_enable_ip+0x12d/0x1c0 [ 192.765771][T10636] ? __pfx___inet_stream_connect+0x10/0x10 [ 192.765789][T10636] ? __local_bh_enable_ip+0x12d/0x1c0 [ 192.765805][T10636] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 192.765832][T10636] inet_stream_connect+0x66/0xa0 [ 192.765852][T10636] __sys_connect+0x316/0x440 [ 192.765873][T10636] ? __fget_files+0x3a0/0x420 [ 192.765889][T10636] ? __pfx___sys_connect+0x10/0x10 [ 192.765922][T10636] ? __pfx_ksys_write+0x10/0x10 [ 192.765949][T10636] __x64_sys_connect+0x7a/0x90 [ 192.765971][T10636] do_syscall_64+0xfa/0xf80 [ 192.765994][T10636] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.766010][T10636] ? clear_bhb_loop+0x60/0xb0 [ 192.766031][T10636] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.766047][T10636] RIP: 0033:0x7f7beeb8f749 [ 192.766062][T10636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.766084][T10636] RSP: 002b:00007f7befacc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 192.766102][T10636] RAX: ffffffffffffffda RBX: 00007f7beede5fa0 RCX: 00007f7beeb8f749 [ 192.766115][T10636] RDX: 000000000000005f RSI: 0000200000000180 RDI: 0000000000000003 [ 192.766125][T10636] RBP: 00007f7befacc090 R08: 0000000000000000 R09: 0000000000000000 [ 192.766135][T10636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 192.766145][T10636] R13: 00007f7beede6038 R14: 00007f7beede5fa0 R15: 00007ffc58f18a48 [ 192.766176][T10636] [ 193.181500][T10650] syzkaller1: entered promiscuous mode [ 193.187471][T10650] syzkaller1: entered allmulticast mode [ 193.603110][T10673] __nla_validate_parse: 9 callbacks suppressed [ 193.603123][T10673] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1550'. [ 193.631409][T10677] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1552'. [ 193.665157][T10680] FAULT_INJECTION: forcing a failure. [ 193.665157][T10680] name failslab, interval 1, probability 0, space 0, times 0 [ 193.678144][T10680] CPU: 0 UID: 0 PID: 10680 Comm: syz.0.1553 Not tainted syzkaller #0 PREEMPT(full) [ 193.678168][T10680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 193.678179][T10680] Call Trace: [ 193.678186][T10680] [ 193.678193][T10680] dump_stack_lvl+0x189/0x250 [ 193.678217][T10680] ? __pfx____ratelimit+0x10/0x10 [ 193.678238][T10680] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.678263][T10680] ? __pfx__printk+0x10/0x10 [ 193.678289][T10680] ? __rt6_find_exception_rcu+0x127/0x4c0 [ 193.678305][T10680] ? is_bpf_text_address+0x26/0x2b0 [ 193.678331][T10680] should_fail_ex+0x414/0x560 [ 193.678355][T10680] should_failslab+0xa8/0x100 [ 193.678377][T10680] ? __pfx_ip6_dst_gc+0x10/0x10 [ 193.678397][T10680] kmem_cache_alloc_noprof+0x74/0x6f0 [ 193.678418][T10680] ? dst_alloc+0x105/0x170 [ 193.678437][T10680] ? __pfx_ip6_dst_gc+0x10/0x10 [ 193.678457][T10680] dst_alloc+0x105/0x170 [ 193.678479][T10680] ip6_pol_route+0xa21/0x1180 [ 193.678499][T10680] ? ip6_pol_route+0x162/0x1180 [ 193.678524][T10680] ? __pfx_ip6_pol_route+0x10/0x10 [ 193.678545][T10680] ? __lock_acquire+0x6b6/0x2cf0 [ 193.678577][T10680] fib6_rule_lookup+0x348/0x6f0 [ 193.678602][T10680] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 193.678624][T10680] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 193.678660][T10680] ? dev_get_by_index_rcu+0xf4/0x110 [ 193.678686][T10680] ip6_route_output_flags+0x364/0x5d0 [ 193.678708][T10680] ? ip6_route_output_flags+0x2e/0x5d0 [ 193.678732][T10680] ip6_dst_lookup_tail+0x1ae/0x1510 [ 193.678763][T10680] ? __pfx_ip6_dst_lookup_tail+0x10/0x10 [ 193.678777][T10680] ? register_lock_class+0x51/0x320 [ 193.678798][T10680] ? look_up_lock_class+0x74/0x150 [ 193.678821][T10680] ? register_lock_class+0x51/0x320 [ 193.678844][T10680] ip6_dst_lookup_flow+0x47/0xe0 [ 193.678864][T10680] tcp_v6_connect+0xbdb/0x18a0 [ 193.678900][T10680] ? __pfx_tcp_v6_connect+0x10/0x10 [ 193.678936][T10680] ? __local_bh_enable_ip+0x12d/0x1c0 [ 193.678952][T10680] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 193.678979][T10680] mptcp_connect+0x56b/0x830 [ 193.679004][T10680] __inet_stream_connect+0x2ae/0xe70 [ 193.679033][T10680] ? __local_bh_enable_ip+0x12d/0x1c0 [ 193.679048][T10680] ? __pfx___inet_stream_connect+0x10/0x10 [ 193.679066][T10680] ? __local_bh_enable_ip+0x12d/0x1c0 [ 193.679082][T10680] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 193.679113][T10680] inet_stream_connect+0x66/0xa0 [ 193.679134][T10680] __sys_connect+0x316/0x440 [ 193.679153][T10680] ? __fget_files+0x3a0/0x420 [ 193.679167][T10680] ? __pfx___sys_connect+0x10/0x10 [ 193.679201][T10680] ? __pfx_ksys_write+0x10/0x10 [ 193.679228][T10680] __x64_sys_connect+0x7a/0x90 [ 193.679257][T10680] do_syscall_64+0xfa/0xf80 [ 193.679279][T10680] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.679294][T10680] ? clear_bhb_loop+0x60/0xb0 [ 193.679316][T10680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.679332][T10680] RIP: 0033:0x7f7beeb8f749 [ 193.679348][T10680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.679363][T10680] RSP: 002b:00007f7befacc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 193.679381][T10680] RAX: ffffffffffffffda RBX: 00007f7beede5fa0 RCX: 00007f7beeb8f749 [ 193.679393][T10680] RDX: 000000000000005f RSI: 0000200000000180 RDI: 0000000000000003 [ 193.679403][T10680] RBP: 00007f7befacc090 R08: 0000000000000000 R09: 0000000000000000 [ 193.679414][T10680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.679424][T10680] R13: 00007f7beede6038 R14: 00007f7beede5fa0 R15: 00007ffc58f18a48 [ 193.679455][T10680] [ 194.091138][T10684] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1555'. [ 194.208235][T10693] Cannot find add_set index 2 as target [ 194.351953][T10703] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1564'. [ 194.391098][T10705] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1565'. [ 194.495147][T10712] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1567'. [ 194.577982][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.587003][T10718] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 194.587376][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.854098][T10739] openvswitch: netlink: ct_state flags 010000e0 unsupported [ 194.874805][T10743] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1580'. [ 194.903546][T10742] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1581'. [ 194.925160][T10742] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1581'. [ 194.937969][T10748] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1582'. [ 195.466735][T10779] xt_CT: You must specify a L4 protocol and not use inversions on it [ 195.604419][T10783] Cannot find add_set index 2 as target [ 195.901129][T10793] openvswitch: netlink: ct_state flags 010000e0 unsupported [ 196.203570][T10806] x_tables: duplicate underflow at hook 3 [ 196.269967][T10812] tunl0: entered promiscuous mode [ 196.294915][T10812] netlink: 'syz.3.1606': attribute type 3 has an invalid length. [ 196.306700][T10812] mac80211_hwsim hwsim12 syzkaller0: entered promiscuous mode [ 196.314815][T10812] mac80211_hwsim hwsim12 syzkaller0: entered allmulticast mode [ 196.447028][T10822] Cannot find add_set index 2 as target [ 196.716214][T10841] netlink: 'syz.3.1613': attribute type 39 has an invalid length. [ 196.987812][T10856] tipc: Enabled bearer , priority 0 [ 196.996300][T10855] tipc: Disabling bearer [ 197.081845][T10858] Cannot find add_set index 2 as target [ 197.525613][T10879] vlan0: Caught tx_queue_len zero misconfig [ 197.606100][T10883] xt_l2tp: v2 doesn't support IP mode [ 197.627503][T10885] FAULT_INJECTION: forcing a failure. [ 197.627503][T10885] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 197.663855][T10885] CPU: 1 UID: 0 PID: 10885 Comm: syz.0.1630 Not tainted syzkaller #0 PREEMPT(full) [ 197.663881][T10885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 197.663892][T10885] Call Trace: [ 197.663899][T10885] [ 197.663906][T10885] dump_stack_lvl+0x189/0x250 [ 197.663930][T10885] ? __pfx____ratelimit+0x10/0x10 [ 197.663950][T10885] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.663968][T10885] ? __pfx__printk+0x10/0x10 [ 197.663990][T10885] ? __might_fault+0xb0/0x130 [ 197.664019][T10885] should_fail_ex+0x414/0x560 [ 197.664043][T10885] _copy_from_user+0x2d/0xb0 [ 197.664065][T10885] ___sys_sendmsg+0x158/0x2a0 [ 197.664092][T10885] ? __pfx____sys_sendmsg+0x10/0x10 [ 197.664121][T10885] ? rcu_read_lock_any_held+0xb3/0x120 [ 197.664166][T10885] ? __fget_files+0x2a/0x420 [ 197.664180][T10885] ? __fget_files+0x3a0/0x420 [ 197.664204][T10885] __x64_sys_sendmsg+0x19b/0x260 [ 197.664230][T10885] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 197.664262][T10885] ? __pfx_ksys_write+0x10/0x10 [ 197.664285][T10885] ? do_syscall_64+0xbe/0xf80 [ 197.664309][T10885] do_syscall_64+0xfa/0xf80 [ 197.664329][T10885] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.664346][T10885] ? clear_bhb_loop+0x60/0xb0 [ 197.664365][T10885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.664381][T10885] RIP: 0033:0x7f7beeb8f749 [ 197.664396][T10885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.664411][T10885] RSP: 002b:00007f7befacc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 197.664430][T10885] RAX: ffffffffffffffda RBX: 00007f7beede5fa0 RCX: 00007f7beeb8f749 [ 197.664442][T10885] RDX: 0000000000000010 RSI: 0000200000000680 RDI: 0000000000000006 [ 197.664452][T10885] RBP: 00007f7befacc090 R08: 0000000000000000 R09: 0000000000000000 [ 197.664462][T10885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 197.664472][T10885] R13: 00007f7beede6038 R14: 00007f7beede5fa0 R15: 00007ffc58f18a48 [ 197.664501][T10885] [ 197.955477][T10892] tipc: Enabled bearer , priority 0 [ 197.969747][T10891] tipc: Disabling bearer [ 198.065470][T10901] syzkaller0: entered promiscuous mode [ 198.072869][T10901] syzkaller0: entered allmulticast mode [ 198.345129][T10920] FAULT_INJECTION: forcing a failure. [ 198.345129][T10920] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 198.358594][T10920] CPU: 1 UID: 0 PID: 10920 Comm: syz.4.1642 Not tainted syzkaller #0 PREEMPT(full) [ 198.358618][T10920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 198.358628][T10920] Call Trace: [ 198.358636][T10920] [ 198.358641][T10920] dump_stack_lvl+0x189/0x250 [ 198.358665][T10920] ? __pfx____ratelimit+0x10/0x10 [ 198.358685][T10920] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.358701][T10920] ? __pfx__printk+0x10/0x10 [ 198.358721][T10920] ? __might_fault+0xb0/0x130 [ 198.358750][T10920] should_fail_ex+0x414/0x560 [ 198.358772][T10920] _copy_from_iter+0x1cd/0x1630 [ 198.358794][T10920] ? policy_nodemask+0x27c/0x720 [ 198.358831][T10920] ? __pfx__copy_from_iter+0x10/0x10 [ 198.358848][T10920] ? __sk_mem_raise_allocated+0x290/0x1270 [ 198.358863][T10920] ? set_page_refcounted+0xa0/0x1e0 [ 198.358886][T10920] ? __sk_mem_schedule+0x7f/0xf0 [ 198.358900][T10920] ? skb_page_frag_refill+0x199/0x320 [ 198.358919][T10920] mptcp_sendmsg+0xd76/0x1980 [ 198.358967][T10920] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 198.358986][T10920] ? sock_rps_record_flow+0x19/0x410 [ 198.359006][T10920] ? inet_sendmsg+0x2f4/0x370 [ 198.359021][T10920] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 198.359045][T10920] __sock_sendmsg+0x19c/0x270 [ 198.359065][T10920] sock_write_iter+0x279/0x360 [ 198.359083][T10920] ? __pfx_sock_write_iter+0x10/0x10 [ 198.359116][T10920] ? kstrtoull+0x12f/0x1d0 [ 198.359141][T10920] do_iter_readv_writev+0x623/0x8c0 [ 198.359169][T10920] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 198.359187][T10920] ? common_file_perm+0x1b5/0x220 [ 198.359209][T10920] ? bpf_lsm_file_permission+0x9/0x20 [ 198.359230][T10920] ? security_file_permission+0x75/0x290 [ 198.359252][T10920] ? rw_verify_area+0x255/0x4d0 [ 198.359274][T10920] vfs_writev+0x31a/0x960 [ 198.359288][T10920] ? vfs_write+0x956/0xb30 [ 198.359315][T10920] ? __pfx_vfs_writev+0x10/0x10 [ 198.359344][T10920] ? __fget_files+0x2a/0x420 [ 198.359364][T10920] ? __fget_files+0x3a0/0x420 [ 198.359377][T10920] ? __fget_files+0x2a/0x420 [ 198.359399][T10920] do_writev+0x14d/0x2d0 [ 198.359417][T10920] ? __pfx_do_writev+0x10/0x10 [ 198.359436][T10920] ? do_syscall_64+0xbe/0xf80 [ 198.359461][T10920] do_syscall_64+0xfa/0xf80 [ 198.359481][T10920] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.359498][T10920] ? clear_bhb_loop+0x60/0xb0 [ 198.359519][T10920] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.359534][T10920] RIP: 0033:0x7ff56238f749 [ 198.359549][T10920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.359563][T10920] RSP: 002b:00007ff56319a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 198.359583][T10920] RAX: ffffffffffffffda RBX: 00007ff5625e5fa0 RCX: 00007ff56238f749 [ 198.359595][T10920] RDX: 0000000000000001 RSI: 0000200000000200 RDI: 0000000000000004 [ 198.359605][T10920] RBP: 00007ff56319a090 R08: 0000000000000000 R09: 0000000000000000 [ 198.359615][T10920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 198.359625][T10920] R13: 00007ff5625e6038 R14: 00007ff5625e5fa0 R15: 00007ffc636cc308 [ 198.359655][T10920] [ 198.856997][T10928] __nla_validate_parse: 12 callbacks suppressed [ 198.857014][T10928] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1646'. [ 198.904300][T10937] xt_CT: You must specify a L4 protocol and not use inversions on it [ 198.904946][T10937] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1648'. [ 199.027110][T10947] SET target dimension over the limit! [ 199.152245][T10957] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1650'. [ 199.238299][T10963] FAULT_INJECTION: forcing a failure. [ 199.238299][T10963] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 199.251543][T10963] CPU: 0 UID: 0 PID: 10963 Comm: syz.3.1659 Not tainted syzkaller #0 PREEMPT(full) [ 199.251567][T10963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 199.251577][T10963] Call Trace: [ 199.251585][T10963] [ 199.251592][T10963] dump_stack_lvl+0x189/0x250 [ 199.251614][T10963] ? __pfx____ratelimit+0x10/0x10 [ 199.251635][T10963] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.251653][T10963] ? __pfx__printk+0x10/0x10 [ 199.251674][T10963] ? __might_fault+0xb0/0x130 [ 199.251711][T10963] should_fail_ex+0x414/0x560 [ 199.251735][T10963] _copy_to_iter+0x1de/0x1790 [ 199.251759][T10963] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 199.251779][T10963] ? lockdep_hardirqs_on+0x98/0x140 [ 199.251803][T10963] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 199.251824][T10963] ? __pfx__copy_to_iter+0x10/0x10 [ 199.251841][T10963] ? __skb_try_recv_from_queue+0x58f/0x730 [ 199.251865][T10963] ? __skb_try_recv_datagram+0x3d5/0x4d0 [ 199.251888][T10963] __skb_datagram_iter+0xf8/0x990 [ 199.251907][T10963] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 199.251933][T10963] skb_copy_datagram_iter+0xb5/0x210 [ 199.251955][T10963] netlink_recvmsg+0x2ab/0xa30 [ 199.251981][T10963] ? __pfx_netlink_recvmsg+0x10/0x10 [ 199.252002][T10963] ? __lock_acquire+0x6b6/0x2cf0 [ 199.252022][T10963] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 199.252043][T10963] ? __pfx_netlink_recvmsg+0x10/0x10 [ 199.252060][T10963] sock_recvmsg_nosec+0x186/0x1c0 [ 199.252084][T10963] ____sys_recvmsg+0x3aa/0x460 [ 199.252110][T10963] ? __pfx_____sys_recvmsg+0x10/0x10 [ 199.252141][T10963] ? import_iovec+0x74/0xa0 [ 199.252167][T10963] ___sys_recvmsg+0x1b5/0x510 [ 199.252188][T10963] ? __pfx____sys_recvmsg+0x10/0x10 [ 199.252234][T10963] ? __might_fault+0xb0/0x130 [ 199.252258][T10963] do_recvmmsg+0x307/0x770 [ 199.252281][T10963] ? __pfx_do_recvmmsg+0x10/0x10 [ 199.252308][T10963] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 199.252345][T10963] __x64_sys_recvmmsg+0x190/0x240 [ 199.252364][T10963] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 199.252383][T10963] ? do_syscall_64+0xbe/0xf80 [ 199.252405][T10963] do_syscall_64+0xfa/0xf80 [ 199.252424][T10963] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.252440][T10963] ? clear_bhb_loop+0x60/0xb0 [ 199.252459][T10963] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.252475][T10963] RIP: 0033:0x7f77f498f749 [ 199.252490][T10963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.252504][T10963] RSP: 002b:00007f77f58c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 199.252522][T10963] RAX: ffffffffffffffda RBX: 00007f77f4be5fa0 RCX: 00007f77f498f749 [ 199.252535][T10963] RDX: 040000000000002e RSI: 0000200000000000 RDI: 0000000000000003 [ 199.252546][T10963] RBP: 00007f77f58c7090 R08: 0000000000000000 R09: 0000000000000000 [ 199.252556][T10963] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 199.252566][T10963] R13: 00007f77f4be6038 R14: 00007f77f4be5fa0 R15: 00007ffc0cdd3788 [ 199.252596][T10963] [ 199.305727][T10966] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1660'. [ 199.918731][T10993] Cannot find add_set index 2 as target [ 199.965345][T10995] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1670'. [ 199.976787][T10998] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1671'. [ 199.986058][T10998] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1671'. [ 200.550404][T11008] FAULT_INJECTION: forcing a failure. [ 200.550404][T11008] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 200.563775][T11008] CPU: 1 UID: 0 PID: 11008 Comm: syz.0.1673 Not tainted syzkaller #0 PREEMPT(full) [ 200.563799][T11008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 200.563809][T11008] Call Trace: [ 200.563816][T11008] [ 200.563823][T11008] dump_stack_lvl+0x189/0x250 [ 200.563845][T11008] ? __pfx____ratelimit+0x10/0x10 [ 200.563863][T11008] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.563880][T11008] ? __pfx__printk+0x10/0x10 [ 200.563899][T11008] ? __might_fault+0xb0/0x130 [ 200.563926][T11008] should_fail_ex+0x414/0x560 [ 200.563947][T11008] _copy_to_iter+0x1de/0x1790 [ 200.563969][T11008] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 200.563987][T11008] ? lockdep_hardirqs_on+0x98/0x140 [ 200.564008][T11008] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 200.564026][T11008] ? __pfx__copy_to_iter+0x10/0x10 [ 200.564042][T11008] ? __skb_try_recv_from_queue+0x58f/0x730 [ 200.564063][T11008] ? __skb_try_recv_datagram+0x3d5/0x4d0 [ 200.564084][T11008] __skb_datagram_iter+0xf8/0x990 [ 200.564100][T11008] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 200.564122][T11008] skb_copy_datagram_iter+0xb5/0x210 [ 200.564143][T11008] netlink_recvmsg+0x2ab/0xa30 [ 200.564169][T11008] ? __pfx_netlink_recvmsg+0x10/0x10 [ 200.564187][T11008] ? __lock_acquire+0x6b6/0x2cf0 [ 200.564202][T11008] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 200.564220][T11008] ? __pfx_netlink_recvmsg+0x10/0x10 [ 200.564235][T11008] sock_recvmsg_nosec+0x186/0x1c0 [ 200.564254][T11008] ____sys_recvmsg+0x3aa/0x460 [ 200.564274][T11008] ? __pfx_____sys_recvmsg+0x10/0x10 [ 200.564316][T11008] ? import_iovec+0x74/0xa0 [ 200.564338][T11008] ___sys_recvmsg+0x1b5/0x510 [ 200.564356][T11008] ? __pfx____sys_recvmsg+0x10/0x10 [ 200.564394][T11008] ? __might_fault+0xb0/0x130 [ 200.564413][T11008] do_recvmmsg+0x307/0x770 [ 200.564434][T11008] ? __pfx_do_recvmmsg+0x10/0x10 [ 200.564457][T11008] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 200.564489][T11008] __x64_sys_recvmmsg+0x190/0x240 [ 200.564505][T11008] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 200.564522][T11008] ? do_syscall_64+0xbe/0xf80 [ 200.564542][T11008] do_syscall_64+0xfa/0xf80 [ 200.564610][T11008] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.564633][T11008] ? clear_bhb_loop+0x60/0xb0 [ 200.564652][T11008] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.564665][T11008] RIP: 0033:0x7f7beeb8f749 [ 200.564679][T11008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.564691][T11008] RSP: 002b:00007f7befacc038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 200.564706][T11008] RAX: ffffffffffffffda RBX: 00007f7beede5fa0 RCX: 00007f7beeb8f749 [ 200.564715][T11008] RDX: 040000000000002e RSI: 0000200000000000 RDI: 0000000000000003 [ 200.564725][T11008] RBP: 00007f7befacc090 R08: 0000000000000000 R09: 0000000000000000 [ 200.564732][T11008] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 200.564740][T11008] R13: 00007f7beede6038 R14: 00007f7beede5fa0 R15: 00007ffc58f18a48 [ 200.564764][T11008] [ 200.729950][T10999] FAULT_INJECTION: forcing a failure. [ 200.729950][T10999] name fail_futex, interval 1, probability 0, space 0, times 1 [ 200.884341][T10999] CPU: 0 UID: 0 PID: 10999 Comm: syz.1.1668 Not tainted syzkaller #0 PREEMPT(full) [ 200.884364][T10999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 200.884375][T10999] Call Trace: [ 200.884382][T10999] [ 200.884388][T10999] dump_stack_lvl+0x189/0x250 [ 200.884410][T10999] ? __pfx____ratelimit+0x10/0x10 [ 200.884430][T10999] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.884447][T10999] ? __pfx__printk+0x10/0x10 [ 200.884469][T10999] ? remove_wait_queue+0x33/0x120 [ 200.884490][T10999] ? look_up_lock_class+0x74/0x150 [ 200.884511][T10999] should_fail_ex+0x414/0x560 [ 200.884532][T10999] get_futex_key+0x1a8/0x1660 [ 200.884561][T10999] ? __pfx_get_futex_key+0x10/0x10 [ 200.884591][T10999] futex_wake+0xf8/0x560 [ 200.884613][T10999] ? __pfx_futex_wake+0x10/0x10 [ 200.884652][T10999] do_futex+0x395/0x420 [ 200.884672][T10999] ? __pfx_do_futex+0x10/0x10 [ 200.884688][T10999] ? __might_fault+0xb0/0x130 [ 200.884709][T10999] mm_release+0x188/0x390 [ 200.884724][T10999] ? __pfx_mm_release+0x10/0x10 [ 200.884737][T10999] ? lockdep_hardirqs_on+0x98/0x140 [ 200.884764][T10999] exit_mm+0xa8/0x2c0 [ 200.884783][T10999] ? __pfx_exit_mm+0x10/0x10 [ 200.884809][T10999] do_exit+0x658/0x2310 [ 200.884832][T10999] ? do_raw_spin_lock+0x121/0x290 [ 200.884856][T10999] ? __pfx_do_exit+0x10/0x10 [ 200.884869][T10999] ? aa_sk_perm+0x7ee/0x920 [ 200.884900][T10999] do_group_exit+0x21c/0x2d0 [ 200.884916][T10999] ? lockdep_hardirqs_on+0x98/0x140 [ 200.884933][T10999] get_signal+0x1285/0x1340 [ 200.884968][T10999] arch_do_signal_or_restart+0x9a/0x7a0 [ 200.884989][T10999] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 200.885017][T10999] ? exit_to_user_mode_loop+0x55/0x4f0 [ 200.885033][T10999] exit_to_user_mode_loop+0x87/0x4f0 [ 200.885045][T10999] ? rcu_is_watching+0x15/0xb0 [ 200.885063][T10999] do_syscall_64+0x2e3/0xf80 [ 200.885080][T10999] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.885094][T10999] ? clear_bhb_loop+0x60/0xb0 [ 200.885111][T10999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.885123][T10999] RIP: 0033:0x7efd1798f749 [ 200.885137][T10999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.885148][T10999] RSP: 002b:00007efd1877c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 200.885164][T10999] RAX: 0000000000000000 RBX: 00007efd17be6180 RCX: 00007efd1798f749 [ 200.885173][T10999] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 200.885180][T10999] RBP: 00007efd1877c090 R08: 0000000000000000 R09: 0000000000000000 [ 200.885188][T10999] R10: 00000000c9100120 R11: 0000000000000246 R12: 0000000000000001 [ 200.885196][T10999] R13: 00007efd17be6218 R14: 00007efd17be6180 R15: 00007ffd2e1dbfa8 [ 200.885221][T10999] [ 201.724486][T11019] mac80211_hwsim hwsim12 syzkaller0: left promiscuous mode [ 201.742399][T11019] mac80211_hwsim hwsim12 syzkaller0: left allmulticast mode [ 201.781379][T11027] openvswitch: netlink: ct_state flags 010000e0 unsupported [ 201.804940][T11030] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1682'. [ 201.856205][T11034] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1683'. [ 201.951271][T11040] FAULT_INJECTION: forcing a failure. [ 201.951271][T11040] name failslab, interval 1, probability 0, space 0, times 0 [ 202.042274][T11040] CPU: 0 UID: 0 PID: 11040 Comm: syz.0.1686 Not tainted syzkaller #0 PREEMPT(full) [ 202.042299][T11040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 202.042309][T11040] Call Trace: [ 202.042317][T11040] [ 202.042324][T11040] dump_stack_lvl+0x189/0x250 [ 202.042347][T11040] ? __pfx____ratelimit+0x10/0x10 [ 202.042367][T11040] ? __pfx_dump_stack_lvl+0x10/0x10 [ 202.042385][T11040] ? __pfx__printk+0x10/0x10 [ 202.042410][T11040] ? __pfx___might_resched+0x10/0x10 [ 202.042426][T11040] ? fs_reclaim_acquire+0x7d/0x100 [ 202.042453][T11040] should_fail_ex+0x414/0x560 [ 202.042476][T11040] should_failslab+0xa8/0x100 [ 202.042500][T11040] __kmalloc_noprof+0xcb/0x800 [ 202.042517][T11040] ? fib6_info_alloc+0x30/0xf0 [ 202.042542][T11040] fib6_info_alloc+0x30/0xf0 [ 202.042563][T11040] ip6_route_info_create+0x142/0x860 [ 202.042591][T11040] ip6_route_add+0x49/0x1b0 [ 202.042615][T11040] inet6_rtm_newroute+0x1cf/0x18c0 [ 202.042638][T11040] ? kasan_quarantine_put+0xdd/0x220 [ 202.042656][T11040] ? lockdep_hardirqs_on+0x98/0x140 [ 202.042680][T11040] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 202.042699][T11040] ? kmem_cache_free+0x197/0x620 [ 202.042717][T11040] ? nlmon_xmit+0xb0/0x100 [ 202.042741][T11040] ? __lock_acquire+0x6b6/0x2cf0 [ 202.042760][T11040] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 202.042778][T11040] ? __dev_queue_xmit+0x289/0x3140 [ 202.042796][T11040] ? __dev_queue_xmit+0x289/0x3140 [ 202.042839][T11040] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 202.042859][T11040] rtnetlink_rcv_msg+0x7cf/0xb70 [ 202.042885][T11040] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 202.042905][T11040] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 202.042924][T11040] ? ref_tracker_free+0x63a/0x7d0 [ 202.042944][T11040] ? __asan_memcpy+0x40/0x70 [ 202.042962][T11040] ? __pfx_ref_tracker_free+0x10/0x10 [ 202.042989][T11040] netlink_rcv_skb+0x208/0x470 [ 202.043007][T11040] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 202.043030][T11040] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 202.043057][T11040] ? netlink_deliver_tap+0x2e/0x1b0 [ 202.043081][T11040] netlink_unicast+0x82f/0x9e0 [ 202.043111][T11040] ? __pfx_netlink_unicast+0x10/0x10 [ 202.043135][T11040] ? netlink_sendmsg+0x642/0xb30 [ 202.043149][T11040] ? skb_put+0x11b/0x210 [ 202.043183][T11040] netlink_sendmsg+0x805/0xb30 [ 202.043208][T11040] ? __pfx_netlink_sendmsg+0x10/0x10 [ 202.043228][T11040] ? aa_sock_msg_perm+0xf1/0x1b0 [ 202.043247][T11040] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 202.043268][T11040] ? __pfx_netlink_sendmsg+0x10/0x10 [ 202.043285][T11040] __sock_sendmsg+0x21c/0x270 [ 202.043307][T11040] ____sys_sendmsg+0x505/0x820 [ 202.043336][T11040] ? __pfx_____sys_sendmsg+0x10/0x10 [ 202.043368][T11040] ? import_iovec+0x74/0xa0 [ 202.043392][T11040] ___sys_sendmsg+0x21f/0x2a0 [ 202.043416][T11040] ? __pfx____sys_sendmsg+0x10/0x10 [ 202.043446][T11040] ? rcu_read_lock_any_held+0xb3/0x120 [ 202.043487][T11040] ? __fget_files+0x2a/0x420 [ 202.043501][T11040] ? __fget_files+0x3a0/0x420 [ 202.043525][T11040] __x64_sys_sendmsg+0x19b/0x260 [ 202.043551][T11040] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 202.043583][T11040] ? __pfx_ksys_write+0x10/0x10 [ 202.043607][T11040] ? do_syscall_64+0xbe/0xf80 [ 202.043630][T11040] do_syscall_64+0xfa/0xf80 [ 202.043650][T11040] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.043667][T11040] ? clear_bhb_loop+0x60/0xb0 [ 202.043687][T11040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.043701][T11040] RIP: 0033:0x7f7beeb8f749 [ 202.043716][T11040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 202.043731][T11040] RSP: 002b:00007f7befacc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 202.043749][T11040] RAX: ffffffffffffffda RBX: 00007f7beede5fa0 RCX: 00007f7beeb8f749 [ 202.043761][T11040] RDX: 0000000000000010 RSI: 0000200000000680 RDI: 0000000000000006 [ 202.043772][T11040] RBP: 00007f7befacc090 R08: 0000000000000000 R09: 0000000000000000 [ 202.043786][T11040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 202.043796][T11040] R13: 00007f7beede6038 R14: 00007f7beede5fa0 R15: 00007ffc58f18a48 [ 202.043825][T11040] [ 202.514882][T11050] netlink: 'syz.0.1690': attribute type 1 has an invalid length. [ 202.581502][T11054] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1690'. [ 202.644459][T11050] 8021q: adding VLAN 0 to HW filter on device bond5 [ 202.874005][T11054] bond5: (slave veth0_to_bond): making interface the new active one [ 202.884874][T11054] bond5: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 202.924805][T11057] bond5: entered promiscuous mode [ 202.944761][T11057] veth0_to_bond: entered promiscuous mode [ 202.963127][T11057] bond5: entered allmulticast mode [ 202.982129][T11057] veth0_to_bond: entered allmulticast mode [ 203.029751][T11070] netlink: 'syz.3.1695': attribute type 1 has an invalid length. [ 203.061784][T11073] openvswitch: netlink: ct_state flags 010000e0 unsupported [ 203.088237][T11070] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 203.091410][T11074] mac80211_hwsim hwsim12 syzkaller0: entered promiscuous mode [ 203.107148][T11074] mac80211_hwsim hwsim12 syzkaller0: entered allmulticast mode [ 203.134837][T11070] netem: change failed [ 203.426098][T11099] tipc: Enabling of bearer rejected, already enabled [ 203.483300][T11097] xt_CT: You must specify a L4 protocol and not use inversions on it [ 203.499266][T11097] : entered promiscuous mode [ 203.633992][T11111] openvswitch: netlink: ct_state flags 010000e0 unsupported [ 203.662012][T11112] vlan2: entered promiscuous mode [ 203.668580][T11112] bond0: entered promiscuous mode [ 203.986636][T11136] netlink: 'syz.1.1717': attribute type 10 has an invalid length. [ 204.017423][T11136] team0: Device veth1_macvtap failed to register rx_handler [ 204.071634][T11138] __nla_validate_parse: 4 callbacks suppressed [ 204.071653][T11138] netlink: 212 bytes leftover after parsing attributes in process `syz.3.1718'. [ 204.176840][T11147] openvswitch: netlink: ct_state flags 010000e0 unsupported [ 204.295041][T11151] netlink: 'syz.0.1723': attribute type 2 has an invalid length. [ 204.401059][T11160] netlink: 'syz.4.1726': attribute type 1 has an invalid length. [ 204.572011][T11175] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1726'. [ 204.610566][T11165] bond3: (slave xfrm1): The slave device specified does not support setting the MAC address [ 204.624919][T11165] bond3: (slave xfrm1): Setting fail_over_mac to active for active-backup mode [ 204.637990][T11165] bond3: (slave xfrm1): making interface the new active one [ 204.646105][T11165] bond3: (slave xfrm1): Enslaving as an active interface with an up link [ 204.666037][T11172] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1730'. [ 204.687973][T11175] bond3 (unregistering): (slave xfrm1): Releasing backup interface [ 204.715579][T11175] bond3 (unregistering): Released all slaves [ 204.857716][T11183] mac80211_hwsim hwsim12 syzkaller0: left promiscuous mode [ 204.885239][T11183] mac80211_hwsim hwsim12 syzkaller0: left allmulticast mode [ 204.901521][T11183] openvswitch: netlink: ct_state flags 010000e0 unsupported [ 205.027773][T11189] netlink: 'syz.2.1737': attribute type 2 has an invalid length. [ 205.046121][T11189] netlink: 'syz.2.1737': attribute type 8 has an invalid length. [ 205.065129][T11189] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1737'. [ 205.165862][T11204] Cannot find add_set index 2 as target [ 205.391032][T11212] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1746'. [ 205.707352][T11236] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1756'. [ 205.788561][T11245] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1759'. [ 205.806503][T11245] tipc: Enabling of bearer rejected, already enabled [ 205.901725][T11250] netlink: 580 bytes leftover after parsing attributes in process `syz.2.1761'. [ 206.389779][T11270] netlink: 'syz.1.1767': attribute type 9 has an invalid length. [ 206.415404][T11270] netlink: 'syz.1.1767': attribute type 11 has an invalid length. [ 206.436721][T11270] netlink: 'syz.1.1767': attribute type 12 has an invalid length. [ 206.452250][T11270] netlink: 210020 bytes leftover after parsing attributes in process `syz.1.1767'. [ 206.508652][T11270] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1767'. [ 206.657081][T11278] Cannot find add_set index 2 as target [ 206.719220][T11280] mac80211_hwsim hwsim6 syzkaller0: entered promiscuous mode [ 206.733500][T11280] mac80211_hwsim hwsim6 syzkaller0: entered allmulticast mode [ 206.855871][T11289] Bluetooth: MGMT ver 1.23 [ 206.894118][T11290] tipc: Enabled bearer , priority 0 [ 206.913114][T11288] tipc: Disabling bearer [ 207.149253][T11307] tipc: Enabling of bearer rejected, already enabled [ 207.161313][T11311] Cannot find add_set index 2 as target [ 207.552036][T11337] tipc: Enabled bearer , priority 0 [ 207.575931][T11337] syzkaller0: entered promiscuous mode [ 207.588180][T11337] syzkaller0: entered allmulticast mode [ 207.658593][T11346] tipc: Enabling of bearer rejected, already enabled [ 207.686278][T11348] tipc: Resetting bearer [ 207.969921][T11363] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 208.001755][T11363] validate_nla: 2 callbacks suppressed [ 208.001773][T11363] netlink: 'syz.3.1803': attribute type 7 has an invalid length. [ 208.028815][T11363] netlink: 'syz.3.1803': attribute type 8 has an invalid length. [ 208.181324][T11373] FAULT_INJECTION: forcing a failure. [ 208.181324][T11373] name failslab, interval 1, probability 0, space 0, times 0 [ 208.194814][T11373] CPU: 1 UID: 0 PID: 11373 Comm: syz.2.1805 Not tainted syzkaller #0 PREEMPT(full) [ 208.194839][T11373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 208.194850][T11373] Call Trace: [ 208.194857][T11373] [ 208.194872][T11373] dump_stack_lvl+0x189/0x250 [ 208.194893][T11373] ? __pfx____ratelimit+0x10/0x10 [ 208.194911][T11373] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.194927][T11373] ? __pfx__printk+0x10/0x10 [ 208.194951][T11373] ? __pfx___might_resched+0x10/0x10 [ 208.194969][T11373] ? fs_reclaim_acquire+0x7d/0x100 [ 208.194993][T11373] should_fail_ex+0x414/0x560 [ 208.195016][T11373] should_failslab+0xa8/0x100 [ 208.195041][T11373] kmem_cache_alloc_node_noprof+0x77/0x710 [ 208.195061][T11373] ? __alloc_skb+0x255/0x430 [ 208.195079][T11373] ? napi_skb_cache_get+0x4a5/0x780 [ 208.195099][T11373] ? napi_skb_cache_get+0x151/0x780 [ 208.195123][T11373] __alloc_skb+0x255/0x430 [ 208.195147][T11373] ? __pfx___alloc_skb+0x10/0x10 [ 208.195176][T11373] alloc_skb_with_frags+0xca/0x890 [ 208.195203][T11373] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 208.195227][T11373] sock_alloc_send_pskb+0x84d/0x980 [ 208.195261][T11373] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 208.195281][T11373] ? aa_file_perm+0x139/0x1530 [ 208.195298][T11373] ? aa_sk_perm+0x15f/0x920 [ 208.195322][T11373] ? aa_sk_perm+0x7ee/0x920 [ 208.195347][T11373] hci_sock_sendmsg+0x207/0xef0 [ 208.195372][T11373] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 208.195393][T11373] ? aa_sock_msg_perm+0xf1/0x1b0 [ 208.195411][T11373] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 208.195432][T11373] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 208.195452][T11373] __sock_sendmsg+0x21c/0x270 [ 208.195474][T11373] sock_write_iter+0x279/0x360 [ 208.195495][T11373] ? __pfx_sock_write_iter+0x10/0x10 [ 208.195523][T11373] ? bpf_lsm_file_permission+0x9/0x20 [ 208.195545][T11373] ? security_file_permission+0x75/0x290 [ 208.195573][T11373] vfs_write+0x5c9/0xb30 [ 208.195597][T11373] ? __pfx_sock_write_iter+0x10/0x10 [ 208.195615][T11373] ? __pfx_vfs_write+0x10/0x10 [ 208.195644][T11373] ? __fget_files+0x2a/0x420 [ 208.195669][T11373] ksys_write+0x145/0x250 [ 208.195691][T11373] ? __pfx_ksys_write+0x10/0x10 [ 208.195715][T11373] ? do_syscall_64+0xbe/0xf80 [ 208.195743][T11373] do_syscall_64+0xfa/0xf80 [ 208.195764][T11373] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.195781][T11373] ? clear_bhb_loop+0x60/0xb0 [ 208.195801][T11373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.195816][T11373] RIP: 0033:0x7f5a3e98f749 [ 208.195830][T11373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.195845][T11373] RSP: 002b:00007f5a3f8b3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 208.195870][T11373] RAX: ffffffffffffffda RBX: 00007f5a3ebe5fa0 RCX: 00007f5a3e98f749 [ 208.195883][T11373] RDX: 0000000000000006 RSI: 0000200000000080 RDI: 0000000000000004 [ 208.195893][T11373] RBP: 00007f5a3f8b3090 R08: 0000000000000000 R09: 0000000000000000 [ 208.195904][T11373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.195914][T11373] R13: 00007f5a3ebe6038 R14: 00007f5a3ebe5fa0 R15: 00007fff83150d58 [ 208.195943][T11373] [ 208.252706][T11375] batman_adv: batadv0: Adding interface: dummy0 [ 208.556936][T11375] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.651280][T11375] batman_adv: batadv0: Interface activated: dummy0 [ 208.661715][T11336] tipc: Resetting bearer [ 208.685214][T11336] tipc: Disabling bearer [ 208.856047][T11406] Cannot find add_set index 2 as target [ 208.904270][T11402] veth0: entered promiscuous mode [ 209.156897][T11400] veth0: left promiscuous mode [ 209.158111][T11417] __nla_validate_parse: 14 callbacks suppressed [ 209.158126][T11417] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1820'. [ 209.238658][T11422] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1822'. [ 209.295083][T11425] netlink: 'syz.2.1824': attribute type 1 has an invalid length. [ 209.298999][T11422] tipc: Enabling of bearer rejected, already enabled [ 209.439650][T11433] openvswitch: netlink: IP tunnel dst address not specified [ 209.687749][T11452] tipc: Enabling of bearer rejected, already enabled [ 209.769123][T11455] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1837'. [ 209.836321][T11455] dvmrp0: entered allmulticast mode [ 209.863987][T11465] A link change request failed with some changes committed already. Interface may have been left with an inconsistent configuration, please check. [ 210.103937][T11474] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1844'. [ 210.161823][ T4569] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 210.162014][T11478] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1846'. [ 210.200846][ T4569] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 210.230804][ T4569] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 210.253419][ T4569] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 210.372342][T11489] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1849'. [ 210.860797][T11521] Cannot find add_set index 2 as target [ 210.936450][T11523] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1862'. [ 210.949767][T11523] tipc: Enabling of bearer rejected, already enabled [ 211.295176][T11545] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1869'. [ 211.330259][T11545] openvswitch: netlink: Flow actions attr not present in new flow. [ 211.384215][T11548] netlink: 'syz.4.1871': attribute type 3 has an invalid length. [ 211.514940][T11559] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1875'. [ 211.989365][T11587] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1884'. [ 212.013056][ T52] Bluetooth: hci0: command 0x0406 tx timeout [ 212.015960][ T5843] Bluetooth: hci3: command 0x0406 tx timeout [ 212.019105][ T52] Bluetooth: hci2: command 0x0406 tx timeout [ 212.031396][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 212.192735][T11597] tipc: Enabling of bearer rejected, already enabled [ 212.537472][T11623] Cannot find add_set index 2 as target [ 212.790261][T11639] FAULT_INJECTION: forcing a failure. [ 212.790261][T11639] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 212.867118][T11639] CPU: 0 UID: 0 PID: 11639 Comm: syz.1.1906 Not tainted syzkaller #0 PREEMPT(full) [ 212.867143][T11639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 212.867162][T11639] Call Trace: [ 212.867169][T11639] [ 212.867176][T11639] dump_stack_lvl+0x189/0x250 [ 212.867198][T11639] ? __pfx____ratelimit+0x10/0x10 [ 212.867216][T11639] ? __pfx_dump_stack_lvl+0x10/0x10 [ 212.867234][T11639] ? __pfx__printk+0x10/0x10 [ 212.867265][T11639] should_fail_ex+0x414/0x560 [ 212.867290][T11639] _copy_to_user+0x31/0xb0 [ 212.867316][T11639] simple_read_from_buffer+0xe1/0x170 [ 212.867345][T11639] proc_fail_nth_read+0x1b3/0x220 [ 212.867370][T11639] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 212.867393][T11639] ? rw_verify_area+0x2a6/0x4d0 [ 212.867410][T11639] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 212.867431][T11639] vfs_read+0x200/0xa30 [ 212.867447][T11639] ? fdget_pos+0x247/0x320 [ 212.867466][T11639] ? __pfx___mutex_lock+0x10/0x10 [ 212.867486][T11639] ? __pfx_vfs_read+0x10/0x10 [ 212.867506][T11639] ? __fget_files+0x2a/0x420 [ 212.867524][T11639] ? __fget_files+0x3a0/0x420 [ 212.867536][T11639] ? __fget_files+0x2a/0x420 [ 212.867557][T11639] ksys_read+0x145/0x250 [ 212.867577][T11639] ? __pfx_ksys_read+0x10/0x10 [ 212.867599][T11639] ? do_syscall_64+0xbe/0xf80 [ 212.867619][T11639] do_syscall_64+0xfa/0xf80 [ 212.867639][T11639] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.867656][T11639] ? clear_bhb_loop+0x60/0xb0 [ 212.867677][T11639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.867693][T11639] RIP: 0033:0x7efd1798e15c [ 212.867709][T11639] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 212.867724][T11639] RSP: 002b:00007efd187be030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 212.867742][T11639] RAX: ffffffffffffffda RBX: 00007efd17be5fa0 RCX: 00007efd1798e15c [ 212.867754][T11639] RDX: 000000000000000f RSI: 00007efd187be0a0 RDI: 0000000000000003 [ 212.867765][T11639] RBP: 00007efd187be090 R08: 0000000000000000 R09: 0000000000000000 [ 212.867776][T11639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.867786][T11639] R13: 00007efd17be6038 R14: 00007efd17be5fa0 R15: 00007ffd2e1dbfa8 [ 212.867817][T11639] [ 213.599082][T11664] netlink: 'syz.4.1916': attribute type 2 has an invalid length. [ 214.276405][T11649] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 214.312110][T11649] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 214.604763][T11651] geneve3: entered promiscuous mode [ 214.611081][T11654] A link change request failed with some changes committed already. Interface may have been left with an inconsistent configuration, please check. [ 214.635254][T11286] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 214.683475][T11286] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.714679][T11286] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20002 - 0 [ 214.731873][T11286] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 214.746543][T11286] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.766587][T11286] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20002 - 0 [ 214.785574][T11678] __nla_validate_parse: 8 callbacks suppressed [ 214.785590][T11678] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1921'. [ 214.796556][T11684] netlink: 'syz.1.1923': attribute type 10 has an invalid length. [ 214.811901][T11678] tipc: Enabling of bearer rejected, already enabled [ 214.823565][T11286] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 214.861120][T11286] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.873638][T11286] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20002 - 0 [ 214.905689][T11691] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1924'. [ 214.909230][T11286] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 214.942264][T11286] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.953543][T11286] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20002 - 0 [ 215.137505][T11703] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1927'. [ 215.148708][T11703] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1927'. [ 215.194366][T11703] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1927'. [ 215.201018][T11709] FAULT_INJECTION: forcing a failure. [ 215.201018][T11709] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 215.204320][T11703] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1927'. [ 215.243338][T11709] CPU: 1 UID: 0 PID: 11709 Comm: syz.2.1931 Not tainted syzkaller #0 PREEMPT(full) [ 215.243361][T11709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 215.243369][T11709] Call Trace: [ 215.243374][T11709] [ 215.243380][T11709] dump_stack_lvl+0x189/0x250 [ 215.243399][T11709] ? __pfx____ratelimit+0x10/0x10 [ 215.243417][T11709] ? __pfx_dump_stack_lvl+0x10/0x10 [ 215.243435][T11709] ? __pfx__printk+0x10/0x10 [ 215.243455][T11709] ? __might_fault+0xb0/0x130 [ 215.243481][T11709] should_fail_ex+0x414/0x560 [ 215.243505][T11709] _copy_from_user+0x2d/0xb0 [ 215.243526][T11709] ___sys_recvmsg+0x12e/0x510 [ 215.243546][T11709] ? __pfx____sys_recvmsg+0x10/0x10 [ 215.243591][T11709] ? __might_fault+0xb0/0x130 [ 215.243614][T11709] do_recvmmsg+0x307/0x770 [ 215.243639][T11709] ? __pfx_do_recvmmsg+0x10/0x10 [ 215.243666][T11709] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 215.243704][T11709] __x64_sys_recvmmsg+0x190/0x240 [ 215.243723][T11709] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 215.243743][T11709] ? do_syscall_64+0xbe/0xf80 [ 215.243767][T11709] do_syscall_64+0xfa/0xf80 [ 215.243788][T11709] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.243805][T11709] ? clear_bhb_loop+0x60/0xb0 [ 215.243825][T11709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.243841][T11709] RIP: 0033:0x7f5a3e98f749 [ 215.243856][T11709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.243871][T11709] RSP: 002b:00007f5a3f8b3038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 215.243889][T11709] RAX: ffffffffffffffda RBX: 00007f5a3ebe5fa0 RCX: 00007f5a3e98f749 [ 215.243902][T11709] RDX: 040000000000002e RSI: 0000200000000000 RDI: 0000000000000003 [ 215.243913][T11709] RBP: 00007f5a3f8b3090 R08: 0000000000000000 R09: 0000000000000000 [ 215.243924][T11709] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 215.243942][T11709] R13: 00007f5a3ebe6038 R14: 00007f5a3ebe5fa0 R15: 00007fff83150d58 [ 215.243972][T11709] [ 215.262568][T11713] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.1932'. [ 215.344668][T11710] delete_channel: no stack [ 215.720629][T11725] tipc: Enabled bearer , priority 0 [ 215.740346][T11724] tipc: Disabling bearer [ 215.878113][T11744] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1939'. [ 215.907656][T11746] bond1: option mode: unable to set because the bond device has slaves [ 215.948899][T11746] bond1: (slave macvlan0): Error -98 calling set_mac_address [ 216.018925][T11749] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1943'. [ 216.256253][T11764] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1950'. [ 216.289578][T11764] tipc: Enabling of bearer rejected, already enabled [ 216.301217][T11770] 8021q: VLANs not supported on gre0 [ 216.516684][T11783] tipc: Enabling of bearer rejected, already enabled [ 216.562140][T11769] tipc: Enabled bearer , priority 0 [ 216.610087][T11773] mac80211_hwsim hwsim12 syzkaller0: entered promiscuous mode [ 216.646722][T11773] mac80211_hwsim hwsim12 syzkaller0: entered allmulticast mode [ 217.037021][T11819] 8021q: VLANs not supported on gre0 [ 217.799608][T11864] 8021q: VLANs not supported on gre0 [ 217.832038][T11869] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 217.863410][T11868] tipc: Enabling of bearer rejected, already enabled [ 217.994005][T11881] tipc: Enabling of bearer rejected, already enabled [ 218.073127][T11889] xt_policy: output policy not valid in PREROUTING and INPUT [ 218.389227][T11907] bond3: option resend_igmp: invalid value (32767) [ 218.396555][T11907] bond3: option resend_igmp: allowed values 0 - 255 [ 218.405708][T11907] bond3 (unregistering): Released all slaves [ 218.594986][T11927] 8021q: VLANs not supported on gre0 [ 218.708487][T11938] openvswitch: netlink: ct_state flags 010000e0 unsupported [ 218.735783][T11935] 8021q: adding VLAN 0 to HW filter on device bond1 [ 218.896836][T11949] netlink: 'syz.0.2023': attribute type 23 has an invalid length. [ 218.923983][T11954] Cannot find add_set index 2 as target [ 219.205243][T11961] team0 (unregistering): Port device team_slave_0 removed [ 219.238293][T11961] team0 (unregistering): Port device team_slave_1 removed [ 219.253952][T11976] openvswitch: netlink: ct_state flags 010000e0 unsupported [ 219.268853][T11973] mac80211_hwsim hwsim6 syzkaller0: left promiscuous mode [ 219.278313][T11973] mac80211_hwsim hwsim6 syzkaller0: left allmulticast mode [ 219.470024][T11986] bond1: option mode: unable to set because the bond device has slaves [ 220.379207][T12016] __nla_validate_parse: 19 callbacks suppressed [ 220.379226][T12016] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2043'. [ 220.397755][T12016] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 220.459641][T12018] Cannot find add_set index 2 as target [ 220.850279][T11990] bond1: (slave macvlan0): Error -98 calling set_mac_address [ 220.862822][T12009] mac80211_hwsim hwsim12 syzkaller0: left promiscuous mode [ 220.870424][T12009] mac80211_hwsim hwsim12 syzkaller0: left allmulticast mode [ 220.975779][T12030] netlink: 236 bytes leftover after parsing attributes in process `syz.4.2048'. [ 221.010749][T12032] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2049'. [ 221.143905][T12041] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2054'. [ 221.160798][T12043] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2055'. [ 221.202109][T12048] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2052'. [ 221.763978][T12084] bond1: option mode: unable to set because the bond device has slaves [ 221.789315][T12084] bond1: (slave macvlan3): Error -98 calling set_mac_address [ 221.838085][T12085] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 221.865520][T12085] netlink: 'syz.4.2066': attribute type 2 has an invalid length. [ 221.882895][T12089] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2067'. [ 221.891990][T12085] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2066'. [ 221.979833][T12094] FAULT_INJECTION: forcing a failure. [ 221.979833][T12094] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 221.993359][T12094] CPU: 1 UID: 0 PID: 12094 Comm: syz.1.2071 Not tainted syzkaller #0 PREEMPT(full) [ 221.993393][T12094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 221.993403][T12094] Call Trace: [ 221.993408][T12094] [ 221.993415][T12094] dump_stack_lvl+0x189/0x250 [ 221.993437][T12094] ? __pfx____ratelimit+0x10/0x10 [ 221.993457][T12094] ? __pfx_dump_stack_lvl+0x10/0x10 [ 221.993473][T12094] ? __pfx__printk+0x10/0x10 [ 221.993506][T12094] should_fail_ex+0x414/0x560 [ 221.993527][T12094] _copy_to_user+0x31/0xb0 [ 221.993549][T12094] move_addr_to_user+0x119/0x1f0 [ 221.993570][T12094] ____sys_recvmsg+0x228/0x460 [ 221.993593][T12094] ? __pfx_____sys_recvmsg+0x10/0x10 [ 221.993623][T12094] ? import_iovec+0x74/0xa0 [ 221.993646][T12094] ___sys_recvmsg+0x1b5/0x510 [ 221.993667][T12094] ? __pfx____sys_recvmsg+0x10/0x10 [ 221.993709][T12094] ? __might_fault+0xb0/0x130 [ 221.993733][T12094] do_recvmmsg+0x307/0x770 [ 221.993757][T12094] ? __pfx_do_recvmmsg+0x10/0x10 [ 221.993785][T12094] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 221.993823][T12094] __x64_sys_recvmmsg+0x190/0x240 [ 221.993842][T12094] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 221.993862][T12094] ? do_syscall_64+0xbe/0xf80 [ 221.993886][T12094] do_syscall_64+0xfa/0xf80 [ 221.993908][T12094] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.993924][T12094] ? clear_bhb_loop+0x60/0xb0 [ 221.993944][T12094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.993960][T12094] RIP: 0033:0x7efd1798f749 [ 221.993975][T12094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 221.993989][T12094] RSP: 002b:00007efd187be038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 221.994005][T12094] RAX: ffffffffffffffda RBX: 00007efd17be5fa0 RCX: 00007efd1798f749 [ 221.994016][T12094] RDX: 040000000000002e RSI: 0000200000000000 RDI: 0000000000000003 [ 221.994027][T12094] RBP: 00007efd187be090 R08: 0000000000000000 R09: 0000000000000000 [ 221.994038][T12094] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 221.994047][T12094] R13: 00007efd17be6038 R14: 00007efd17be5fa0 R15: 00007ffd2e1dbfa8 [ 221.994075][T12094] [ 222.038742][T12096] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.2070'. [ 222.245890][T12085] bond2: (slave syz_tun): Releasing backup interface [ 222.282235][T12085] bond_slave_0: left promiscuous mode [ 222.301356][T12101] Cannot find add_set index 2 as target [ 222.365039][T12103] netlink: 'syz.0.2074': attribute type 10 has an invalid length. [ 222.389591][T12085] bridge_slave_0: left allmulticast mode [ 222.395456][T12085] bridge_slave_0: left promiscuous mode [ 222.401297][T12085] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.417108][T12106] netlink: 'syz.0.2074': attribute type 10 has an invalid length. [ 222.427984][T12085] bridge_slave_1: left allmulticast mode [ 222.433854][T12085] bridge_slave_1: left promiscuous mode [ 222.439687][T12085] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.444066][T12108] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2076'. [ 222.463521][T12085] bond0: (slave bond_slave_0): Releasing backup interface [ 222.477183][T12085] bond0: (slave bond_slave_1): Releasing backup interface [ 222.494455][T12085] team0: Port device team_slave_0 removed [ 222.506460][T12085] team0: Port device team_slave_1 removed [ 222.519325][T12085] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 222.530616][T12085] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 222.542862][T12085] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 222.553148][T12085] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 222.568422][T12085] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 222.621038][T12103] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 222.634673][T12103] batadv0: entered promiscuous mode [ 222.640645][T12103] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 222.651958][T12106] batadv0: entered allmulticast mode [ 222.663206][T12106] bond0: (slave batadv0): Releasing backup interface [ 222.684592][T12106] bridge0: port 3(batadv0) entered blocking state [ 222.691296][T12106] bridge0: port 3(batadv0) entered disabled state [ 222.705260][T12108] 8021q: VLANs not supported on gre0 [ 222.885334][ T2129] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 222.895907][ T2129] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 222.995178][T12129] tipc: Enabling of bearer rejected, already enabled [ 223.606005][T12169] Cannot find add_set index 2 as target [ 223.693692][T12173] tipc: Enabling of bearer rejected, already enabled [ 224.056142][T12202] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 224.240120][T12211] netlink: 'syz.1.2105': attribute type 10 has an invalid length. [ 224.258837][T12211] netlink: 'syz.1.2105': attribute type 10 has an invalid length. [ 224.279400][T12211] batadv0: entered allmulticast mode [ 224.286974][T12211] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 224.347314][T12215] bond1: option mode: unable to set because the bond device has slaves [ 224.366348][T12215] bond1: (slave macvlan0): Error -98 calling set_mac_address [ 224.828029][T12245] Cannot find add_set index 2 as target [ 225.159254][T12261] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 225.244465][T12263] tipc: Enabling of bearer rejected, already enabled [ 225.470611][T12281] bond1: option mode: unable to set because the bond device has slaves [ 225.509781][T12285] netlink: 'syz.4.2134': attribute type 1 has an invalid length. [ 225.525630][T12281] bond1: (slave macvlan0): Error -98 calling set_mac_address [ 225.566382][T12289] __nla_validate_parse: 14 callbacks suppressed [ 225.566401][T12289] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2134'. [ 225.604047][T12285] 8021q: adding VLAN 0 to HW filter on device bond4 [ 225.633656][T12285] team_slave_1: Caught tx_queue_len zero misconfig [ 225.735869][T12296] can: request_module (can-proto-0) failed. [ 225.743601][T12285] bond4: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 225.790922][T12289] bond4: entered promiscuous mode [ 225.798346][T12289] bond4: entered allmulticast mode [ 225.913582][T12311] tipc: Enabled bearer , priority 0 [ 225.967121][T12310] tipc: Disabling bearer [ 226.010180][T12321] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 226.198164][T12331] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2152'. [ 226.256639][ T5840] block nbd0: Receive control failed (result -107) [ 226.286330][T12342] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2156'. [ 226.456234][T12350] bond1: option mode: unable to set because the bond device has slaves [ 226.499292][T12350] bond1: (slave macvlan0): Error -98 calling set_mac_address [ 226.615212][T12354] tipc: Enabled bearer , priority 2 [ 226.691036][T12363] netlink: 'syz.1.2161': attribute type 9 has an invalid length. [ 226.962835][T12375] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2167'. [ 227.167598][T12389] tipc: Enabling of bearer rejected, already enabled [ 227.175028][T12390] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2173'. [ 227.203614][T12390] 8021q: VLANs not supported on gre0 [ 227.546791][T12413] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2182'. [ 227.625651][T12413] bond5 (unregistering): Released all slaves [ 227.736465][T12425] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 227.759812][T12426] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 227.783844][T12428] tipc: Enabled bearer , priority 0 [ 227.804678][T12427] tipc: Disabling bearer [ 227.846400][T12433] netlink: 'syz.1.2187': attribute type 1 has an invalid length. [ 227.880580][T12433] 8021q: adding VLAN 0 to HW filter on device bond3 [ 227.890122][T12433] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2187'. [ 227.904487][T12434] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2188'. [ 227.909166][T12433] bond3: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 227.929750][T12433] bond3: entered promiscuous mode [ 227.940720][T12433] bond3: entered allmulticast mode [ 227.945282][T12437] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 227.958742][T12437] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 228.049954][T12444] Cannot find add_set index 2 as target [ 228.108984][T12440] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2190'. [ 228.139331][T12441] syzkaller1: entered promiscuous mode [ 228.162542][T12441] syzkaller1: entered allmulticast mode [ 228.569541][T12467] netlink: 'syz.2.2197': attribute type 9 has an invalid length. [ 228.578001][T12467] netlink: 'syz.2.2197': attribute type 11 has an invalid length. [ 228.592794][T12467] netlink: 'syz.2.2197': attribute type 12 has an invalid length. [ 228.605775][T12467] netlink: 210020 bytes leftover after parsing attributes in process `syz.2.2197'. [ 228.626319][T12471] bond1: option mode: unable to set because the bond device has slaves [ 228.636048][T12477] netlink: 'syz.4.2201': attribute type 1 has an invalid length. [ 228.663569][T12471] bond1: (slave macvlan3): Error -98 calling set_mac_address [ 228.751244][T12477] 8021q: adding VLAN 0 to HW filter on device bond5 [ 228.798816][T12477] bond4: (slave veth0_to_bond): Releasing active interface [ 228.813418][ T5907] page_pool_release_retry() stalled pool shutdown: id 36, 1 inflight 60 sec [ 228.835543][T12477] bond5: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 228.886029][T12482] bond5: entered promiscuous mode [ 228.894131][T12482] bond5: entered allmulticast mode [ 228.910320][T12487] netlink: 'syz.2.2205': attribute type 1 has an invalid length. [ 229.460159][T12523] netlink: 'syz.2.2221': attribute type 1 has an invalid length. [ 229.593298][T12523] 8021q: adding VLAN 0 to HW filter on device bond4 [ 229.621824][T12527] bond4: entered promiscuous mode [ 229.627599][T12527] bond4: entered allmulticast mode [ 229.807374][T12547] 8021q: VLANs not supported on gre0 [ 230.349226][T12585] sctp: [Deprecated]: syz.3.2242 (pid 12585) Use of struct sctp_assoc_value in delayed_ack socket option. [ 230.349226][T12585] Use struct sctp_sack_info instead [ 230.375980][T12589] netlink: 'syz.2.2241': attribute type 10 has an invalid length. [ 230.550990][T12599] FAULT_INJECTION: forcing a failure. [ 230.550990][T12599] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 230.565067][T12599] CPU: 0 UID: 0 PID: 12599 Comm: syz.2.2246 Not tainted syzkaller #0 PREEMPT(full) [ 230.565092][T12599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 230.565103][T12599] Call Trace: [ 230.565110][T12599] [ 230.565117][T12599] dump_stack_lvl+0x189/0x250 [ 230.565140][T12599] ? __pfx____ratelimit+0x10/0x10 [ 230.565160][T12599] ? __pfx_dump_stack_lvl+0x10/0x10 [ 230.565178][T12599] ? __pfx__printk+0x10/0x10 [ 230.565199][T12599] ? __might_fault+0xb0/0x130 [ 230.565230][T12599] should_fail_ex+0x414/0x560 [ 230.565254][T12599] _copy_from_user+0x2d/0xb0 [ 230.565276][T12599] ___sys_recvmsg+0x12e/0x510 [ 230.565297][T12599] ? __pfx____sys_recvmsg+0x10/0x10 [ 230.565342][T12599] ? __might_fault+0xb0/0x130 [ 230.565363][T12599] do_recvmmsg+0x307/0x770 [ 230.565386][T12599] ? __pfx_do_recvmmsg+0x10/0x10 [ 230.565411][T12599] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 230.565449][T12599] __x64_sys_recvmmsg+0x190/0x240 [ 230.565468][T12599] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 230.565489][T12599] ? do_syscall_64+0xbe/0xf80 [ 230.565512][T12599] do_syscall_64+0xfa/0xf80 [ 230.565533][T12599] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.565549][T12599] ? clear_bhb_loop+0x60/0xb0 [ 230.565570][T12599] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.565585][T12599] RIP: 0033:0x7f5a3e98f749 [ 230.565601][T12599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.565616][T12599] RSP: 002b:00007f5a3f8b3038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 230.565634][T12599] RAX: ffffffffffffffda RBX: 00007f5a3ebe5fa0 RCX: 00007f5a3e98f749 [ 230.565647][T12599] RDX: 040000000000002e RSI: 0000200000000000 RDI: 0000000000000003 [ 230.565658][T12599] RBP: 00007f5a3f8b3090 R08: 0000000000000000 R09: 0000000000000000 [ 230.565669][T12599] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 230.565679][T12599] R13: 00007f5a3ebe6038 R14: 00007f5a3ebe5fa0 R15: 00007fff83150d58 [ 230.565708][T12599] [ 230.857428][T12602] __nla_validate_parse: 11 callbacks suppressed [ 230.857447][T12602] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2247'. [ 231.065068][T12612] netlink: 'syz.3.2256': attribute type 10 has an invalid length. [ 231.079977][T12612] team0: Device veth1_macvtap failed to register rx_handler [ 231.128037][T12621] Cannot find add_set index 2 as target [ 231.220581][T12628] bond1: option mode: unable to set because the bond device has slaves [ 231.246779][T12628] bond1: (slave macvlan0): Error -98 calling set_mac_address [ 231.406651][T12638] syzkaller1: entered promiscuous mode [ 231.412682][T12638] syzkaller1: entered allmulticast mode [ 231.421424][T12639] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2262'. [ 231.453838][T12639] 8021q: VLANs not supported on gre0 [ 231.716151][T12670] netlink: 'syz.3.2275': attribute type 22 has an invalid length. [ 231.768502][T12667] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2276'. [ 232.084453][T12689] bond1: option mode: unable to set because the bond device has slaves [ 232.120498][T12689] bond1: (slave macvlan3): Error -98 calling set_mac_address [ 232.459989][T12713] netlink: 'syz.0.2291': attribute type 1 has an invalid length. [ 232.517656][T12719] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2291'. [ 232.527992][T12713] 8021q: adding VLAN 0 to HW filter on device bond7 [ 232.596304][T12720] tipc: Enabled bearer , priority 0 [ 232.653153][T12713] bond5: (slave veth0_to_bond): Releasing active interface [ 232.675678][T12713] veth0_to_bond: left promiscuous mode [ 232.687240][T12713] veth0_to_bond: left allmulticast mode [ 232.703591][T12731] Cannot find add_set index 2 as target [ 232.705256][T12713] bond7: (slave veth0_to_bond): making interface the new active one [ 232.728851][T12713] bond7: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 232.745343][T12714] tipc: Disabling bearer [ 232.777488][T12719] bond7: entered promiscuous mode [ 232.789618][T12719] veth0_to_bond: entered promiscuous mode [ 232.797256][T12719] bond7: entered allmulticast mode [ 232.802924][T12719] veth0_to_bond: entered allmulticast mode [ 232.918434][T12742] bond1: option mode: unable to set because the bond device is up [ 232.964622][T12744] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2303'. [ 233.018158][T12748] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2304'. [ 233.060619][T12754] netlink: 16215 bytes leftover after parsing attributes in process `syz.3.2307'. [ 233.088677][T12748] veth0: entered promiscuous mode [ 233.106572][T12748] veth0: left promiscuous mode [ 233.281802][T12764] netlink: 236 bytes leftover after parsing attributes in process `syz.0.2310'. [ 233.307883][T12766] Cannot find add_set index 2 as target [ 233.473770][T12775] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2314'. [ 233.523968][T12770] IPVS: persistence engine module ip_vs_pe_ not found [ 233.531981][T12778] tipc: Enabling of bearer rejected, already enabled [ 233.741732][T12789] bond1: option mode: unable to set because the bond device has slaves [ 233.764067][T12789] bond1: (slave macvlan3): Error -98 calling set_mac_address [ 233.832779][T12797] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2322'. [ 233.842070][T12797] 8021q: VLANs not supported on gre0 [ 234.409894][ T44] IPVS: starting estimator thread 0... [ 234.420112][T12838] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 234.443263][T12841] 8021q: VLANs not supported on gre0 [ 234.515516][T12839] IPVS: using max 29 ests per chain, 69600 per kthread [ 234.525719][T12845] ieee802154 phy0 wpan0: encryption failed: -22 [ 234.696366][T12859] Cannot find add_set index 2 as target [ 234.982454][ T44] page_pool_release_retry() stalled pool shutdown: id 39, 1 inflight 60 sec [ 235.432366][T12899] Driver unsupported XDP return value 0 on prog (id 331) dev N/A, expect packet loss! [ 235.897185][T12923] netlink: 'syz.4.2367': attribute type 1 has an invalid length. [ 235.913184][T12928] __nla_validate_parse: 4 callbacks suppressed [ 235.913202][T12928] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2364'. [ 236.000577][T12935] netlink: 236 bytes leftover after parsing attributes in process `syz.2.2368'. [ 236.100397][T12940] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2370'. [ 236.172070][T12942] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2372'. [ 236.188011][T12946] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 236.241192][T12952] FAULT_INJECTION: forcing a failure. [ 236.241192][T12952] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 236.241991][T12950] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2375'. [ 236.255537][T12952] CPU: 0 UID: 0 PID: 12952 Comm: syz.1.2374 Not tainted syzkaller #0 PREEMPT(full) [ 236.255560][T12952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 236.255571][T12952] Call Trace: [ 236.255578][T12952] [ 236.255586][T12952] dump_stack_lvl+0x189/0x250 [ 236.255609][T12952] ? __pfx____ratelimit+0x10/0x10 [ 236.255629][T12952] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.255647][T12952] ? __pfx__printk+0x10/0x10 [ 236.255667][T12952] ? __might_fault+0xb0/0x130 [ 236.255697][T12952] should_fail_ex+0x414/0x560 [ 236.255720][T12952] _copy_from_user+0x2d/0xb0 [ 236.255742][T12952] ___sys_recvmsg+0x12e/0x510 [ 236.255758][T12952] ? lockdep_hardirqs_on+0x98/0x140 [ 236.255778][T12952] ? ktime_get_ts64+0xa9/0x3d0 [ 236.255801][T12952] ? __pfx____sys_recvmsg+0x10/0x10 [ 236.255839][T12952] ? __fget_files+0x3a0/0x420 [ 236.255864][T12952] do_recvmmsg+0x307/0x770 [ 236.255887][T12952] ? __pfx_do_recvmmsg+0x10/0x10 [ 236.255915][T12952] ? _copy_from_user+0x94/0xb0 [ 236.255950][T12952] __x64_sys_recvmmsg+0x1af/0x240 [ 236.255968][T12952] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 236.255988][T12952] ? do_syscall_64+0xbe/0xf80 [ 236.256012][T12952] do_syscall_64+0xfa/0xf80 [ 236.256032][T12952] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.256047][T12952] ? clear_bhb_loop+0x60/0xb0 [ 236.256066][T12952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.256082][T12952] RIP: 0033:0x7efd1798f749 [ 236.256097][T12952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.256112][T12952] RSP: 002b:00007efd187be038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 236.256130][T12952] RAX: ffffffffffffffda RBX: 00007efd17be5fa0 RCX: 00007efd1798f749 [ 236.256141][T12952] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 236.256152][T12952] RBP: 00007efd187be090 R08: 0000200000003700 R09: 0000000000000000 [ 236.256162][T12952] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001 [ 236.256172][T12952] R13: 00007efd17be6038 R14: 00007efd17be5fa0 R15: 00007ffd2e1dbfa8 [ 236.256200][T12952] [ 236.378181][T12954] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2377'. [ 236.378475][T12954] 8021q: VLANs not supported on gre0 [ 236.525329][T12961] tipc: Resetting bearer [ 236.552779][T12961] tipc: Resetting bearer [ 236.791903][T12982] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 236.902964][T12987] bond1: option mode: unable to set because the bond device has slaves [ 236.947907][T12992] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 236.958758][T12987] bond1: (slave macvlan3): Error -98 calling set_mac_address [ 236.977103][T12994] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2390'. [ 237.155982][T12999] netlink: 'syz.3.2391': attribute type 1 has an invalid length. [ 237.178088][T13000] netlink: 'syz.4.2392': attribute type 2 has an invalid length. [ 237.223022][T13006] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2391'. [ 237.223694][T12999] 8021q: adding VLAN 0 to HW filter on device bond3 [ 237.319232][T12999] bond3: (slave veth0_to_bond): making interface the new active one [ 237.330735][T13003] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2393'. [ 237.341442][T12999] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 237.377615][T13000] 9: entered promiscuous mode [ 237.437481][T13013] bond3: entered promiscuous mode [ 237.447608][T13013] veth0_to_bond: entered promiscuous mode [ 237.470861][T13013] bond3: entered allmulticast mode [ 237.481264][T13013] veth0_to_bond: entered allmulticast mode [ 237.879606][T13042] tipc: Enabling of bearer rejected, already enabled [ 237.894729][T13048] Cannot find add_set index 2 as target [ 238.043128][T13060] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2413'. [ 238.439604][T13092] tipc: Enabled bearer , priority 0 [ 238.459849][T13091] tipc: Disabling bearer [ 238.591978][T13097] mac80211_hwsim hwsim12 syzkaller0: entered promiscuous mode [ 238.606361][T13097] mac80211_hwsim hwsim12 syzkaller0: entered allmulticast mode [ 238.666573][T13105] bond1: option mode: unable to set because the bond device has slaves [ 238.717160][T13105] bond1: (slave macvlan3): Error -98 calling set_mac_address [ 238.811588][T13115] netlink: 'syz.2.2430': attribute type 9 has an invalid length. [ 238.933821][T13118] netlink: 'syz.1.2432': attribute type 10 has an invalid length. [ 239.064853][T13120] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 239.070933][T13120] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 239.120341][T13120] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 239.153444][T13120] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 239.172105][T13120] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 239.180037][T13120] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 239.189248][T13135] tipc: Enabled bearer , priority 0 [ 239.201206][T13132] tipc: Disabling bearer [ 239.210564][T13120] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 239.221922][T13120] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 239.255713][T13120] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 239.261647][T13120] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 239.502024][T13162] Cannot find add_set index 2 as target [ 239.714410][T13177] tipc: Enabled bearer , priority 0 [ 239.724967][T13174] tipc: Disabling bearer [ 239.974301][T13195] netlink: 'syz.2.2464': attribute type 1 has an invalid length. [ 240.054943][T13195] 8021q: adding VLAN 0 to HW filter on device bond5 [ 240.117114][T13195] bond5: (slave veth0_to_bond): making interface the new active one [ 240.137618][T13195] bond5: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 240.166782][T13203] bond5: entered promiscuous mode [ 240.179175][T13203] veth0_to_bond: entered promiscuous mode [ 240.200317][T13203] bond5: entered allmulticast mode [ 240.206254][T13203] veth0_to_bond: entered allmulticast mode [ 240.223970][T13215] FAULT_INJECTION: forcing a failure. [ 240.223970][T13215] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 240.257196][T13215] CPU: 0 UID: 0 PID: 13215 Comm: syz.0.2471 Not tainted syzkaller #0 PREEMPT(full) [ 240.257222][T13215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 240.257233][T13215] Call Trace: [ 240.257240][T13215] [ 240.257248][T13215] dump_stack_lvl+0x189/0x250 [ 240.257270][T13215] ? __pfx____ratelimit+0x10/0x10 [ 240.257288][T13215] ? __pfx_dump_stack_lvl+0x10/0x10 [ 240.257305][T13215] ? __pfx__printk+0x10/0x10 [ 240.257326][T13215] ? __might_fault+0xb0/0x130 [ 240.257356][T13215] should_fail_ex+0x414/0x560 [ 240.257378][T13215] _copy_to_iter+0x589/0x1790 [ 240.257413][T13215] ? __pfx__copy_to_iter+0x10/0x10 [ 240.257430][T13215] ? __skb_try_recv_from_queue+0x2b2/0x730 [ 240.257453][T13215] ? __skb_try_recv_datagram+0x3d5/0x4d0 [ 240.257476][T13215] __skb_datagram_iter+0xf8/0x990 [ 240.257495][T13215] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 240.257520][T13215] skb_copy_datagram_iter+0xb5/0x210 [ 240.257541][T13215] netlink_recvmsg+0x2ab/0xa30 [ 240.257567][T13215] ? __pfx_netlink_recvmsg+0x10/0x10 [ 240.257589][T13215] ? aa_sock_msg_perm+0xf1/0x1b0 [ 240.257607][T13215] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 240.257627][T13215] ? security_socket_recvmsg+0x7e/0x2e0 [ 240.257654][T13215] ? __pfx_netlink_recvmsg+0x10/0x10 [ 240.257671][T13215] sock_recvmsg+0x22c/0x270 [ 240.257694][T13215] ____sys_recvmsg+0x1c9/0x460 [ 240.257718][T13215] ? __pfx_____sys_recvmsg+0x10/0x10 [ 240.257749][T13215] ? import_iovec+0x74/0xa0 [ 240.257773][T13215] ___sys_recvmsg+0x1b5/0x510 [ 240.257793][T13215] ? __pfx____sys_recvmsg+0x10/0x10 [ 240.257832][T13215] ? __fget_files+0x3a0/0x420 [ 240.257857][T13215] do_recvmmsg+0x307/0x770 [ 240.257882][T13215] ? __pfx_do_recvmmsg+0x10/0x10 [ 240.257910][T13215] ? _copy_from_user+0x94/0xb0 [ 240.257946][T13215] __x64_sys_recvmmsg+0x1af/0x240 [ 240.257965][T13215] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 240.257986][T13215] ? do_syscall_64+0xbe/0xf80 [ 240.258010][T13215] do_syscall_64+0xfa/0xf80 [ 240.258030][T13215] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.258046][T13215] ? clear_bhb_loop+0x60/0xb0 [ 240.258066][T13215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.258082][T13215] RIP: 0033:0x7f7beeb8f749 [ 240.258097][T13215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.258111][T13215] RSP: 002b:00007f7befacc038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 240.258130][T13215] RAX: ffffffffffffffda RBX: 00007f7beede5fa0 RCX: 00007f7beeb8f749 [ 240.258142][T13215] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 240.258154][T13215] RBP: 00007f7befacc090 R08: 0000200000003700 R09: 0000000000000000 [ 240.258165][T13215] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001 [ 240.258176][T13215] R13: 00007f7beede6038 R14: 00007f7beede5fa0 R15: 00007ffc58f18a48 [ 240.258205][T13215] [ 241.155437][T13256] netlink: 'syz.4.2485': attribute type 1 has an invalid length. [ 241.169284][T13259] __nla_validate_parse: 11 callbacks suppressed [ 241.169302][T13259] netlink: 236 bytes leftover after parsing attributes in process `syz.3.2487'. [ 241.220991][T13264] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2485'. [ 241.231767][T13262] FAULT_INJECTION: forcing a failure. [ 241.231767][T13262] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 241.242509][T13256] 8021q: adding VLAN 0 to HW filter on device bond6 [ 241.261770][T13256] bond5: (slave veth0_to_bond): Releasing active interface [ 241.268355][T13262] CPU: 0 UID: 0 PID: 13262 Comm: syz.2.2486 Not tainted syzkaller #0 PREEMPT(full) [ 241.268380][T13262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 241.268391][T13262] Call Trace: [ 241.268399][T13262] [ 241.268406][T13262] dump_stack_lvl+0x189/0x250 [ 241.268429][T13262] ? __pfx____ratelimit+0x10/0x10 [ 241.268458][T13262] ? __pfx_dump_stack_lvl+0x10/0x10 [ 241.268478][T13262] ? __pfx__printk+0x10/0x10 [ 241.268499][T13262] ? __might_fault+0xb0/0x130 [ 241.268536][T13262] should_fail_ex+0x414/0x560 [ 241.268559][T13262] _copy_from_user+0x2d/0xb0 [ 241.268581][T13262] ___sys_sendmsg+0x158/0x2a0 [ 241.268607][T13262] ? __pfx____sys_sendmsg+0x10/0x10 [ 241.268635][T13262] ? rcu_read_lock_any_held+0xb3/0x120 [ 241.268680][T13262] ? __fget_files+0x2a/0x420 [ 241.268694][T13262] ? __fget_files+0x3a0/0x420 [ 241.268718][T13262] __x64_sys_sendmsg+0x19b/0x260 [ 241.268742][T13262] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 241.268774][T13262] ? __pfx_ksys_write+0x10/0x10 [ 241.268796][T13262] ? do_syscall_64+0xbe/0xf80 [ 241.268819][T13262] do_syscall_64+0xfa/0xf80 [ 241.268839][T13262] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.268856][T13262] ? clear_bhb_loop+0x60/0xb0 [ 241.268875][T13262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.268889][T13262] RIP: 0033:0x7f5a3e98f749 [ 241.268906][T13262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.268920][T13262] RSP: 002b:00007f5a3f892038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 241.268938][T13262] RAX: ffffffffffffffda RBX: 00007f5a3ebe6090 RCX: 00007f5a3e98f749 [ 241.268950][T13262] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000006 [ 241.268961][T13262] RBP: 00007f5a3f892090 R08: 0000000000000000 R09: 0000000000000000 [ 241.268971][T13262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 241.268980][T13262] R13: 00007f5a3ebe6128 R14: 00007f5a3ebe6090 R15: 00007fff83150d58 [ 241.269006][T13262] [ 241.483220][T13256] bond6: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 241.500241][T13264] bond6: entered promiscuous mode [ 241.505793][T13264] bond6: entered allmulticast mode [ 241.910936][T13289] netlink: 236 bytes leftover after parsing attributes in process `syz.2.2498'. [ 241.971482][T13292] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2499'. [ 242.048519][T13298] FAULT_INJECTION: forcing a failure. [ 242.048519][T13298] name failslab, interval 1, probability 0, space 0, times 0 [ 242.062272][T13298] CPU: 1 UID: 0 PID: 13298 Comm: syz.1.2500 Not tainted syzkaller #0 PREEMPT(full) [ 242.062298][T13298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 242.062309][T13298] Call Trace: [ 242.062316][T13298] [ 242.062324][T13298] dump_stack_lvl+0x189/0x250 [ 242.062347][T13298] ? __pfx____ratelimit+0x10/0x10 [ 242.062377][T13298] ? __pfx_dump_stack_lvl+0x10/0x10 [ 242.062396][T13298] ? __pfx__printk+0x10/0x10 [ 242.062420][T13298] ? __pfx___might_resched+0x10/0x10 [ 242.062438][T13298] ? fs_reclaim_acquire+0x7d/0x100 [ 242.062465][T13298] should_fail_ex+0x414/0x560 [ 242.062489][T13298] should_failslab+0xa8/0x100 [ 242.062514][T13298] kmem_cache_alloc_node_noprof+0x77/0x710 [ 242.062535][T13298] ? __alloc_skb+0x255/0x430 [ 242.062559][T13298] ? napi_skb_cache_get+0x4a5/0x780 [ 242.062579][T13298] ? napi_skb_cache_get+0x151/0x780 [ 242.062604][T13298] __alloc_skb+0x255/0x430 [ 242.062627][T13298] ? __pfx___alloc_skb+0x10/0x10 [ 242.062648][T13298] ? netlink_autobind+0xdb/0x300 [ 242.062662][T13298] ? netlink_autobind+0x2c2/0x300 [ 242.062681][T13298] netlink_sendmsg+0x5c6/0xb30 [ 242.062704][T13298] ? __pfx_netlink_sendmsg+0x10/0x10 [ 242.062722][T13298] ? aa_sock_msg_perm+0xf1/0x1b0 [ 242.062740][T13298] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 242.062762][T13298] ? __pfx_netlink_sendmsg+0x10/0x10 [ 242.062778][T13298] __sock_sendmsg+0x21c/0x270 [ 242.062798][T13298] ____sys_sendmsg+0x505/0x820 [ 242.062825][T13298] ? __pfx_____sys_sendmsg+0x10/0x10 [ 242.062854][T13298] ? import_iovec+0x74/0xa0 [ 242.062877][T13298] ___sys_sendmsg+0x21f/0x2a0 [ 242.062899][T13298] ? __pfx____sys_sendmsg+0x10/0x10 [ 242.062927][T13298] ? rcu_read_lock_any_held+0xb3/0x120 [ 242.062966][T13298] ? __fget_files+0x2a/0x420 [ 242.062980][T13298] ? __fget_files+0x3a0/0x420 [ 242.063004][T13298] __x64_sys_sendmsg+0x19b/0x260 [ 242.063030][T13298] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 242.063061][T13298] ? __pfx_ksys_write+0x10/0x10 [ 242.063085][T13298] ? do_syscall_64+0xbe/0xf80 [ 242.063106][T13298] do_syscall_64+0xfa/0xf80 [ 242.063125][T13298] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.063142][T13298] ? clear_bhb_loop+0x60/0xb0 [ 242.063162][T13298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.063178][T13298] RIP: 0033:0x7efd1798f749 [ 242.063193][T13298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 242.063206][T13298] RSP: 002b:00007efd1879d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 242.063224][T13298] RAX: ffffffffffffffda RBX: 00007efd17be6090 RCX: 00007efd1798f749 [ 242.063236][T13298] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000006 [ 242.063247][T13298] RBP: 00007efd1879d090 R08: 0000000000000000 R09: 0000000000000000 [ 242.063255][T13298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 242.063265][T13298] R13: 00007efd17be6128 R14: 00007efd17be6090 R15: 00007ffd2e1dbfa8 [ 242.063292][T13298] [ 242.098500][T13300] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2502'. [ 242.386194][T13308] bond1: option mode: unable to set because the bond device has slaves [ 242.423653][T13300] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2502'. [ 242.463980][T13308] bond1: (slave macvlan0): Error -98 calling set_mac_address [ 242.471756][T13310] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2505'. [ 242.707732][T13330] Unsupported ieee802154 address type: 0 [ 242.726055][T13330] openvswitch: netlink: Flow key attr not present in new flow. [ 242.818917][T13334] bond8: entered promiscuous mode [ 242.825368][T13334] bond8: entered allmulticast mode [ 242.831013][T13334] 8021q: adding VLAN 0 to HW filter on device bond8 [ 242.941044][T13346] FAULT_INJECTION: forcing a failure. [ 242.941044][T13346] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 242.986450][T13346] CPU: 1 UID: 0 PID: 13346 Comm: syz.3.2519 Not tainted syzkaller #0 PREEMPT(full) [ 242.986476][T13346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 242.986487][T13346] Call Trace: [ 242.986495][T13346] [ 242.986502][T13346] dump_stack_lvl+0x189/0x250 [ 242.986524][T13346] ? __pfx____ratelimit+0x10/0x10 [ 242.986545][T13346] ? __pfx_dump_stack_lvl+0x10/0x10 [ 242.986562][T13346] ? __pfx__printk+0x10/0x10 [ 242.986584][T13346] ? __might_fault+0xb0/0x130 [ 242.986615][T13346] should_fail_ex+0x414/0x560 [ 242.986639][T13346] _copy_to_iter+0x589/0x1790 [ 242.986674][T13346] ? __pfx__copy_to_iter+0x10/0x10 [ 242.986693][T13346] ? __skb_try_recv_from_queue+0x2b2/0x730 [ 242.986717][T13346] ? __skb_try_recv_datagram+0x3d5/0x4d0 [ 242.986740][T13346] __skb_datagram_iter+0xf8/0x990 [ 242.986758][T13346] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 242.986791][T13346] skb_copy_datagram_iter+0xb5/0x210 [ 242.986812][T13346] netlink_recvmsg+0x2ab/0xa30 [ 242.986839][T13346] ? __pfx_netlink_recvmsg+0x10/0x10 [ 242.986860][T13346] ? aa_sock_msg_perm+0xf1/0x1b0 [ 242.986880][T13346] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 242.986900][T13346] ? security_socket_recvmsg+0x7e/0x2e0 [ 242.986918][T13346] ? __pfx_netlink_recvmsg+0x10/0x10 [ 242.986935][T13346] sock_recvmsg+0x22c/0x270 [ 242.986958][T13346] ____sys_recvmsg+0x1c9/0x460 [ 242.986983][T13346] ? __pfx_____sys_recvmsg+0x10/0x10 [ 242.987014][T13346] ? import_iovec+0x74/0xa0 [ 242.987039][T13346] ___sys_recvmsg+0x1b5/0x510 [ 242.987061][T13346] ? __pfx____sys_recvmsg+0x10/0x10 [ 242.987102][T13346] ? __fget_files+0x3a0/0x420 [ 242.987127][T13346] do_recvmmsg+0x307/0x770 [ 242.987151][T13346] ? __pfx_do_recvmmsg+0x10/0x10 [ 242.987179][T13346] ? _copy_from_user+0x94/0xb0 [ 242.987216][T13346] __x64_sys_recvmmsg+0x1af/0x240 [ 242.987235][T13346] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 242.987256][T13346] ? do_syscall_64+0xbe/0xf80 [ 242.987280][T13346] do_syscall_64+0xfa/0xf80 [ 242.987300][T13346] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.987324][T13346] ? clear_bhb_loop+0x60/0xb0 [ 242.987344][T13346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.987360][T13346] RIP: 0033:0x7f77f498f749 [ 242.987375][T13346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 242.987389][T13346] RSP: 002b:00007f77f58c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 242.987407][T13346] RAX: ffffffffffffffda RBX: 00007f77f4be5fa0 RCX: 00007f77f498f749 [ 242.987420][T13346] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 242.987432][T13346] RBP: 00007f77f58c7090 R08: 0000200000003700 R09: 0000000000000000 [ 242.987443][T13346] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001 [ 242.987454][T13346] R13: 00007f77f4be6038 R14: 00007f77f4be5fa0 R15: 00007ffc0cdd3788 [ 242.987484][T13346] [ 243.078992][T13354] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2524'. [ 243.316115][T13354] 8021q: VLANs not supported on gre0 [ 243.539303][T13381] FAULT_INJECTION: forcing a failure. [ 243.539303][T13381] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 243.554096][T13381] CPU: 0 UID: 0 PID: 13381 Comm: syz.2.2530 Not tainted syzkaller #0 PREEMPT(full) [ 243.554122][T13381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 243.554132][T13381] Call Trace: [ 243.554138][T13381] [ 243.554144][T13381] dump_stack_lvl+0x189/0x250 [ 243.554167][T13381] ? __pfx____ratelimit+0x10/0x10 [ 243.554188][T13381] ? __pfx_dump_stack_lvl+0x10/0x10 [ 243.554204][T13381] ? __pfx__printk+0x10/0x10 [ 243.554226][T13381] ? __might_fault+0xb0/0x130 [ 243.554267][T13381] should_fail_ex+0x414/0x560 [ 243.554290][T13381] _copy_from_iter+0x1cd/0x1630 [ 243.554313][T13381] ? __build_skb_around+0x22d/0x3c0 [ 243.554338][T13381] ? __pfx__copy_from_iter+0x10/0x10 [ 243.554356][T13381] ? __alloc_skb+0x2f1/0x430 [ 243.554379][T13381] ? __pfx___alloc_skb+0x10/0x10 [ 243.554400][T13381] ? netlink_sendmsg+0x642/0xb30 [ 243.554415][T13381] ? skb_put+0x11b/0x210 [ 243.554440][T13381] netlink_sendmsg+0x6b2/0xb30 [ 243.554466][T13381] ? __pfx_netlink_sendmsg+0x10/0x10 [ 243.554487][T13381] ? aa_sock_msg_perm+0xf1/0x1b0 [ 243.554505][T13381] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 243.554528][T13381] ? __pfx_netlink_sendmsg+0x10/0x10 [ 243.554545][T13381] __sock_sendmsg+0x21c/0x270 [ 243.554566][T13381] ____sys_sendmsg+0x505/0x820 [ 243.554594][T13381] ? __pfx_____sys_sendmsg+0x10/0x10 [ 243.554626][T13381] ? import_iovec+0x74/0xa0 [ 243.554650][T13381] ___sys_sendmsg+0x21f/0x2a0 [ 243.554676][T13381] ? __pfx____sys_sendmsg+0x10/0x10 [ 243.554707][T13381] ? rcu_read_lock_any_held+0xb3/0x120 [ 243.554750][T13381] ? __fget_files+0x2a/0x420 [ 243.554763][T13381] ? __fget_files+0x3a0/0x420 [ 243.554785][T13381] __x64_sys_sendmsg+0x19b/0x260 [ 243.554809][T13381] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 243.554839][T13381] ? __pfx_ksys_write+0x10/0x10 [ 243.554863][T13381] ? do_syscall_64+0xbe/0xf80 [ 243.554885][T13381] do_syscall_64+0xfa/0xf80 [ 243.554907][T13381] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.554923][T13381] ? clear_bhb_loop+0x60/0xb0 [ 243.554943][T13381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.554959][T13381] RIP: 0033:0x7f5a3e98f749 [ 243.554974][T13381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.554987][T13381] RSP: 002b:00007f5a3f892038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 243.555004][T13381] RAX: ffffffffffffffda RBX: 00007f5a3ebe6090 RCX: 00007f5a3e98f749 [ 243.555016][T13381] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000006 [ 243.555026][T13381] RBP: 00007f5a3f892090 R08: 0000000000000000 R09: 0000000000000000 [ 243.555037][T13381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 243.555046][T13381] R13: 00007f5a3ebe6128 R14: 00007f5a3ebe6090 R15: 00007fff83150d58 [ 243.555076][T13381] [ 244.105669][T13399] openvswitch: netlink: ct_state flags 010000e0 unsupported [ 244.166388][T13406] netlink: 236 bytes leftover after parsing attributes in process `syz.2.2541'. [ 244.194202][T13409] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2543'. [ 244.220176][T13409] 8021q: VLANs not supported on gre0 [ 244.489456][T13430] netlink: 'syz.0.2548': attribute type 1 has an invalid length. [ 244.502771][ T5884] IPVS: starting estimator thread 0... [ 244.515516][T13430] netlink: 'syz.0.2548': attribute type 3 has an invalid length. [ 244.602748][T13431] IPVS: using max 30 ests per chain, 72000 per kthread [ 244.737260][T13443] bond0: Caught tx_queue_len zero misconfig [ 244.811767][T13446] mac80211_hwsim hwsim11 wlan1: Caught tx_queue_len zero misconfig [ 245.003663][T13451] veth0: entered promiscuous mode [ 245.009642][T13451] netlink: 'syz.2.2559': attribute type 2 has an invalid length. [ 245.023234][T13449] veth0: left promiscuous mode [ 245.295038][T13471] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 245.874834][T13501] FAULT_INJECTION: forcing a failure. [ 245.874834][T13501] name failslab, interval 1, probability 0, space 0, times 0 [ 245.910868][T13501] CPU: 1 UID: 0 PID: 13501 Comm: syz.0.2576 Not tainted syzkaller #0 PREEMPT(full) [ 245.910893][T13501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 245.910903][T13501] Call Trace: [ 245.910910][T13501] [ 245.910917][T13501] dump_stack_lvl+0x189/0x250 [ 245.910939][T13501] ? __pfx____ratelimit+0x10/0x10 [ 245.910959][T13501] ? __pfx_dump_stack_lvl+0x10/0x10 [ 245.910977][T13501] ? __pfx__printk+0x10/0x10 [ 245.911004][T13501] ? __pfx___might_resched+0x10/0x10 [ 245.911020][T13501] ? fs_reclaim_acquire+0x7d/0x100 [ 245.911047][T13501] should_fail_ex+0x414/0x560 [ 245.911069][T13501] should_failslab+0xa8/0x100 [ 245.911093][T13501] __kmalloc_noprof+0xcb/0x800 [ 245.911112][T13501] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 245.911140][T13501] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 245.911169][T13501] genl_family_rcv_msg_doit+0xb8/0x300 [ 245.911196][T13501] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 245.911225][T13501] ? apparmor_capable+0x137/0x1a0 [ 245.911248][T13501] ? bpf_lsm_capable+0x9/0x20 [ 245.911262][T13501] ? security_capable+0x7e/0x2e0 [ 245.911289][T13501] genl_rcv_msg+0x60e/0x790 [ 245.911323][T13501] ? __pfx_genl_rcv_msg+0x10/0x10 [ 245.911342][T13501] ? __pfx_ovs_flow_cmd_set+0x10/0x10 [ 245.911375][T13501] netlink_rcv_skb+0x208/0x470 [ 245.911393][T13501] ? __pfx_genl_rcv_msg+0x10/0x10 [ 245.911414][T13501] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 245.911449][T13501] ? down_read+0x274/0x2e0 [ 245.911469][T13501] ? genl_rcv+0xd/0x40 [ 245.911490][T13501] genl_rcv+0x28/0x40 [ 245.911508][T13501] netlink_unicast+0x82f/0x9e0 [ 245.911541][T13501] ? __pfx_netlink_unicast+0x10/0x10 [ 245.911566][T13501] ? netlink_sendmsg+0x642/0xb30 [ 245.911580][T13501] ? skb_put+0x11b/0x210 [ 245.911607][T13501] netlink_sendmsg+0x805/0xb30 [ 245.911633][T13501] ? __pfx_netlink_sendmsg+0x10/0x10 [ 245.911654][T13501] ? aa_sock_msg_perm+0xf1/0x1b0 [ 245.911673][T13501] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 245.911694][T13501] ? __pfx_netlink_sendmsg+0x10/0x10 [ 245.911711][T13501] __sock_sendmsg+0x21c/0x270 [ 245.911734][T13501] ____sys_sendmsg+0x505/0x820 [ 245.911764][T13501] ? __pfx_____sys_sendmsg+0x10/0x10 [ 245.911798][T13501] ? import_iovec+0x74/0xa0 [ 245.911824][T13501] ___sys_sendmsg+0x21f/0x2a0 [ 245.911850][T13501] ? __pfx____sys_sendmsg+0x10/0x10 [ 245.911881][T13501] ? rcu_read_lock_any_held+0xb3/0x120 [ 245.911930][T13501] ? __fget_files+0x2a/0x420 [ 245.911944][T13501] ? __fget_files+0x3a0/0x420 [ 245.911971][T13501] __x64_sys_sendmsg+0x19b/0x260 [ 245.911997][T13501] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 245.912031][T13501] ? __pfx_ksys_write+0x10/0x10 [ 245.912055][T13501] ? do_syscall_64+0xbe/0xf80 [ 245.912080][T13501] do_syscall_64+0xfa/0xf80 [ 245.912101][T13501] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.912118][T13501] ? clear_bhb_loop+0x60/0xb0 [ 245.912138][T13501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.912157][T13501] RIP: 0033:0x7f7beeb8f749 [ 245.912171][T13501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 245.912184][T13501] RSP: 002b:00007f7befacc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 245.912201][T13501] RAX: ffffffffffffffda RBX: 00007f7beede5fa0 RCX: 00007f7beeb8f749 [ 245.912212][T13501] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000006 [ 245.912223][T13501] RBP: 00007f7befacc090 R08: 0000000000000000 R09: 0000000000000000 [ 245.912233][T13501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 245.912244][T13501] R13: 00007f7beede6038 R14: 00007f7beede5fa0 R15: 00007ffc58f18a48 [ 245.912274][T13501] [ 245.981570][T13509] tipc: Enabled bearer , priority 0 [ 246.058964][T13511] openvswitch: netlink: Invalid VLAN frame [ 246.323975][T13512] tipc: Resetting bearer [ 246.420554][T13507] tipc: Disabling bearer [ 246.445991][T13525] __nla_validate_parse: 7 callbacks suppressed [ 246.446005][T13525] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2581'. [ 246.482803][T13525] openvswitch: netlink: ct_state flags 010000e0 unsupported [ 246.482914][T13527] tipc: Enabled bearer , priority 0 [ 246.505213][T13527] +: renamed from syzkaller0 [ 246.514194][T13527] tipc: Disabling bearer [ 246.579339][T13531] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2584'. [ 246.749353][T13543] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 246.957705][T13556] bond1: option mode: unable to set because the bond device has slaves [ 246.982018][T13561] bond1: (slave macvlan3): Error -98 calling set_mac_address [ 247.314053][T13576] mac80211_hwsim hwsim12 syzkaller0: left promiscuous mode [ 247.333116][T13576] mac80211_hwsim hwsim12 syzkaller0: left allmulticast mode [ 247.349107][T13576] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2600'. [ 247.595746][T13592] netlink: 'syz.4.2607': attribute type 1 has an invalid length. [ 247.642355][T13595] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2607'. [ 247.673054][T13597] FAULT_INJECTION: forcing a failure. [ 247.673054][T13597] name failslab, interval 1, probability 0, space 0, times 0 [ 247.729218][T13597] CPU: 0 UID: 0 PID: 13597 Comm: syz.3.2609 Not tainted syzkaller #0 PREEMPT(full) [ 247.729242][T13597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 247.729252][T13597] Call Trace: [ 247.729259][T13597] [ 247.729266][T13597] dump_stack_lvl+0x189/0x250 [ 247.729286][T13597] ? __pfx____ratelimit+0x10/0x10 [ 247.729307][T13597] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.729321][T13597] ? __pfx__printk+0x10/0x10 [ 247.729334][T13597] ? kmalloc_reserve+0xbd/0x290 [ 247.729349][T13597] ? __lock_acquire+0x6b6/0x2cf0 [ 247.729364][T13597] should_fail_ex+0x414/0x560 [ 247.729378][T13597] should_failslab+0xa8/0x100 [ 247.729393][T13597] kmem_cache_alloc_noprof+0x74/0x6f0 [ 247.729406][T13597] ? skb_clone+0x212/0x3a0 [ 247.729418][T13597] skb_clone+0x212/0x3a0 [ 247.729429][T13597] __netlink_deliver_tap+0x404/0x850 [ 247.729445][T13597] ? netlink_deliver_tap+0x2e/0x1b0 [ 247.729455][T13597] netlink_deliver_tap+0x19c/0x1b0 [ 247.729465][T13597] netlink_unicast+0x7fa/0x9e0 [ 247.729484][T13597] ? __pfx_netlink_unicast+0x10/0x10 [ 247.729498][T13597] ? netlink_sendmsg+0x642/0xb30 [ 247.729506][T13597] ? skb_put+0x11b/0x210 [ 247.729521][T13597] netlink_sendmsg+0x805/0xb30 [ 247.729536][T13597] ? __pfx_netlink_sendmsg+0x10/0x10 [ 247.729547][T13597] ? aa_sock_msg_perm+0xf1/0x1b0 [ 247.729558][T13597] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 247.729571][T13597] ? __pfx_netlink_sendmsg+0x10/0x10 [ 247.729581][T13597] __sock_sendmsg+0x21c/0x270 [ 247.729594][T13597] ____sys_sendmsg+0x505/0x820 [ 247.729612][T13597] ? __pfx_____sys_sendmsg+0x10/0x10 [ 247.729631][T13597] ? import_iovec+0x74/0xa0 [ 247.729646][T13597] ___sys_sendmsg+0x21f/0x2a0 [ 247.729662][T13597] ? __pfx____sys_sendmsg+0x10/0x10 [ 247.729680][T13597] ? rcu_read_lock_any_held+0xb3/0x120 [ 247.729706][T13597] ? __fget_files+0x2a/0x420 [ 247.729714][T13597] ? __fget_files+0x3a0/0x420 [ 247.729728][T13597] __x64_sys_sendmsg+0x19b/0x260 [ 247.729744][T13597] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 247.729764][T13597] ? __pfx_ksys_write+0x10/0x10 [ 247.729778][T13597] ? do_syscall_64+0xbe/0xf80 [ 247.729792][T13597] do_syscall_64+0xfa/0xf80 [ 247.729805][T13597] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.729814][T13597] ? clear_bhb_loop+0x60/0xb0 [ 247.729825][T13597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.729834][T13597] RIP: 0033:0x7f77f498f749 [ 247.729844][T13597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.729863][T13597] RSP: 002b:00007f77f58c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 247.729875][T13597] RAX: ffffffffffffffda RBX: 00007f77f4be5fa0 RCX: 00007f77f498f749 [ 247.729882][T13597] RDX: 0000000000000010 RSI: 0000200000000680 RDI: 0000000000000006 [ 247.729888][T13597] RBP: 00007f77f58c7090 R08: 0000000000000000 R09: 0000000000000000 [ 247.729894][T13597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 247.729899][T13597] R13: 00007f77f4be6038 R14: 00007f77f4be5fa0 R15: 00007ffc0cdd3788 [ 247.729916][T13597] [ 247.730744][T13595] bond6: (slave veth0_to_bond): Releasing active interface [ 248.127857][T13592] 8021q: adding VLAN 0 to HW filter on device bond7 [ 248.150954][T13598] bond7: entered promiscuous mode [ 248.158980][T13598] bond7: entered allmulticast mode [ 248.168038][T13600] bond1: option mode: unable to set because the bond device is up [ 248.540571][T13636] ipt_REJECT: TCP_RESET invalid for non-tcp [ 248.648535][T13650] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 248.955216][ T986] IPVS: starting estimator thread 0... [ 249.082704][T13676] IPVS: using max 28 ests per chain, 67200 per kthread [ 249.089463][T13674] openvswitch: netlink: ct_state flags 010000e0 unsupported [ 249.425856][T13701] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2644'. [ 249.598344][T13711] netlink: 'syz.4.2649': attribute type 1 has an invalid length. [ 249.700116][T13723] netlink: 'syz.1.2655': attribute type 1 has an invalid length. [ 249.754414][T13728] netlink: 'syz.2.2656': attribute type 83 has an invalid length. [ 249.764523][T13729] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2655'. [ 249.781706][T13719] bond8: (slave bridge2): making interface the new active one [ 249.799563][T13711] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2649'. [ 249.807676][T13719] bond8: (slave bridge2): Enslaving as an active interface with an up link [ 249.810563][T13711] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2649'. [ 249.852087][T13723] 8021q: adding VLAN 0 to HW filter on device bond4 [ 249.873414][T13723] bond3: (slave veth0_to_bond): Releasing active interface [ 249.886312][T13723] bond4: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 249.905841][T13723] bond4: entered promiscuous mode [ 249.922811][T13723] bond4: entered allmulticast mode [ 249.940746][T13711] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2649'. [ 250.153986][T13749] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2663'. [ 250.175697][T13754] FAULT_INJECTION: forcing a failure. [ 250.175697][T13754] name failslab, interval 1, probability 0, space 0, times 0 [ 250.232786][T13754] CPU: 0 UID: 0 PID: 13754 Comm: syz.0.2665 Not tainted syzkaller #0 PREEMPT(full) [ 250.232813][T13754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 250.232824][T13754] Call Trace: [ 250.232831][T13754] [ 250.232839][T13754] dump_stack_lvl+0x189/0x250 [ 250.232862][T13754] ? __pfx____ratelimit+0x10/0x10 [ 250.232883][T13754] ? __pfx_dump_stack_lvl+0x10/0x10 [ 250.232901][T13754] ? __pfx__printk+0x10/0x10 [ 250.232942][T13754] should_fail_ex+0x414/0x560 [ 250.232967][T13754] should_failslab+0xa8/0x100 [ 250.232993][T13754] kmem_cache_alloc_noprof+0x74/0x6f0 [ 250.233013][T13754] ? skb_clone+0x212/0x3a0 [ 250.233035][T13754] skb_clone+0x212/0x3a0 [ 250.233056][T13754] __netlink_deliver_tap+0x404/0x850 [ 250.233086][T13754] ? netlink_deliver_tap+0x2e/0x1b0 [ 250.233104][T13754] netlink_deliver_tap+0x19c/0x1b0 [ 250.233123][T13754] netlink_sendskb+0x68/0x140 [ 250.233148][T13754] netlink_unicast+0x397/0x9e0 [ 250.233169][T13754] ? __asan_memcpy+0x40/0x70 [ 250.233195][T13754] ? __pfx_netlink_unicast+0x10/0x10 [ 250.233229][T13754] netlink_rcv_skb+0x28c/0x470 [ 250.233247][T13754] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 250.233271][T13754] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 250.233300][T13754] ? netlink_deliver_tap+0x2e/0x1b0 [ 250.233325][T13754] netlink_unicast+0x82f/0x9e0 [ 250.233357][T13754] ? __pfx_netlink_unicast+0x10/0x10 [ 250.233381][T13754] ? netlink_sendmsg+0x642/0xb30 [ 250.233395][T13754] ? skb_put+0x11b/0x210 [ 250.233420][T13754] netlink_sendmsg+0x805/0xb30 [ 250.233447][T13754] ? __pfx_netlink_sendmsg+0x10/0x10 [ 250.233468][T13754] ? aa_sock_msg_perm+0xf1/0x1b0 [ 250.233488][T13754] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 250.233510][T13754] ? __pfx_netlink_sendmsg+0x10/0x10 [ 250.233528][T13754] __sock_sendmsg+0x21c/0x270 [ 250.233551][T13754] ____sys_sendmsg+0x505/0x820 [ 250.233581][T13754] ? __pfx_____sys_sendmsg+0x10/0x10 [ 250.233615][T13754] ? import_iovec+0x74/0xa0 [ 250.233641][T13754] ___sys_sendmsg+0x21f/0x2a0 [ 250.233668][T13754] ? __pfx____sys_sendmsg+0x10/0x10 [ 250.233699][T13754] ? rcu_read_lock_any_held+0xb3/0x120 [ 250.233749][T13754] ? __fget_files+0x2a/0x420 [ 250.233763][T13754] ? __fget_files+0x3a0/0x420 [ 250.233793][T13754] __x64_sys_sendmsg+0x19b/0x260 [ 250.233820][T13754] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 250.233855][T13754] ? __pfx_ksys_write+0x10/0x10 [ 250.233880][T13754] ? do_syscall_64+0xbe/0xf80 [ 250.233905][T13754] do_syscall_64+0xfa/0xf80 [ 250.233931][T13754] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.233948][T13754] ? clear_bhb_loop+0x60/0xb0 [ 250.233970][T13754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.233987][T13754] RIP: 0033:0x7f7beeb8f749 [ 250.234002][T13754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.234018][T13754] RSP: 002b:00007f7befacc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 250.234036][T13754] RAX: ffffffffffffffda RBX: 00007f7beede5fa0 RCX: 00007f7beeb8f749 [ 250.234048][T13754] RDX: 0000000000000010 RSI: 0000200000000680 RDI: 0000000000000006 [ 250.234060][T13754] RBP: 00007f7befacc090 R08: 0000000000000000 R09: 0000000000000000 [ 250.234070][T13754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 250.234080][T13754] R13: 00007f7beede6038 R14: 00007f7beede5fa0 R15: 00007ffc58f18a48 [ 250.234112][T13754] [ 250.706882][T13766] bond1: option mode: unable to set because the bond device has slaves [ 250.768470][T13766] bond1: (slave macvlan3): Error -98 calling set_mac_address [ 250.897879][T13777] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 251.176208][T13796] mac80211_hwsim hwsim6 syzkaller0: entered promiscuous mode [ 251.184458][T13796] mac80211_hwsim hwsim6 syzkaller0: entered allmulticast mode [ 251.223229][T13799] Cannot find add_set index 2 as target [ 251.425610][T13818] bond1: option mode: unable to set because the bond device has slaves [ 251.434939][T13822] openvswitch: netlink: EtherType 50a is less than min 600 [ 251.441689][T13818] bond1: (slave macvlan4): Error -98 calling set_mac_address [ 251.569193][T13830] xt_CT: You must specify a L4 protocol and not use inversions on it [ 251.599471][T13832] Cannot find add_set index 2 as target [ 252.208855][T13843] bond_slave_0: left promiscuous mode [ 252.232823][T13843] bond_slave_1: left promiscuous mode [ 252.624223][T13843] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 252.669115][T13843] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 253.166416][T13844] __nla_validate_parse: 4 callbacks suppressed [ 253.166437][T13844] netlink: 240 bytes leftover after parsing attributes in process `syz.3.2700'. [ 253.238333][ T12] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 253.303665][ T12] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.346812][ T12] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 253.358089][ T12] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.377572][ T12] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 253.412297][ T12] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.456639][ T12] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 253.482653][ T12] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.706466][T13913] netlink: 'syz.1.2725': attribute type 1 has an invalid length. [ 253.736782][T13913] netlink: 760 bytes leftover after parsing attributes in process `syz.1.2725'. [ 253.741809][T13916] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2723'. [ 253.752678][T13913] netlink: 1 bytes leftover after parsing attributes in process `syz.1.2725'. [ 253.769466][T13917] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2724'. [ 253.841236][T13925] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2727'. [ 253.960177][T13932] netlink: 'syz.3.2730': attribute type 12 has an invalid length. [ 254.186651][T13954] netlink: 'syz.2.2736': attribute type 1 has an invalid length. [ 254.253477][ T9] page_pool_release_retry() stalled pool shutdown: id 51, 1 inflight 60 sec [ 254.272138][T13954] 8021q: adding VLAN 0 to HW filter on device bond6 [ 254.297567][T13965] bond5: (slave veth0_to_bond): Releasing active interface [ 254.311850][T13965] veth0_to_bond: left promiscuous mode [ 254.318897][T13965] veth0_to_bond: left allmulticast mode [ 254.338733][T13965] bond6: (slave veth0_to_bond): making interface the new active one [ 254.365606][T13965] bond6: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 254.381013][T13960] workqueue: name exceeds WQ_NAME_LEN. Truncating to: .qMs%#\\cӡp[ [ 254.404679][T13954] bond6: entered promiscuous mode [ 254.421979][T13954] veth0_to_bond: entered promiscuous mode [ 254.437662][T13954] bond6: entered allmulticast mode [ 254.447991][T13954] veth0_to_bond: entered allmulticast mode [ 254.699152][T13980] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2746'. [ 254.726761][T13980] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2746'. [ 254.773376][T13980] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2746'. [ 255.065206][T13994] netlink: 236 bytes leftover after parsing attributes in process `syz.2.2753'. [ 255.190810][T14003] sctp: [Deprecated]: syz.4.2757 (pid 14003) Use of struct sctp_assoc_value in delayed_ack socket option. [ 255.190810][T14003] Use struct sctp_sack_info instead [ 255.262054][T14011] netlink: 'syz.1.2759': attribute type 64 has an invalid length. [ 255.708664][T14042] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 255.759572][T14048] bond1: option mode: unable to set because the bond device is up [ 255.896960][T14055] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 256.015302][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.021686][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.581690][T14080] bond1: option mode: unable to set because the bond device has slaves [ 256.617321][T14080] bond1: (slave macvlan3): Error -98 calling set_mac_address [ 257.045499][T14102] 8021q: adding VLAN 0 to HW filter on device bond6 [ 257.069596][T14102] bond5: (slave bond6): Enslaving as an active interface with an up link [ 257.130259][T14121] bond5 (unregistering): (slave bond6): Releasing backup interface [ 257.146226][T14121] bond5 (unregistering): Released all slaves [ 257.239660][T14133] openvswitch: netlink: Port -1 exceeds max allowable 65535 [ 257.248179][T14133] netlink: 'syz.0.2799': attribute type 9 has an invalid length. [ 257.390429][T14141] netlink: 'syz.2.2802': attribute type 4 has an invalid length. [ 257.436075][T14150] 8021q: VLANs not supported on gre0 [ 257.528232][T14158] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 257.640136][T14169] openvswitch: netlink: Key 32 has unexpected len 4 expected 2 [ 301.532531][ T24] page_pool_release_retry() stalled pool shutdown: id 77, 1 inflight 60 sec [ 309.287705][T14193] __nla_validate_parse: 5 callbacks suppressed [ 309.287725][T14193] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2820'. [ 309.316538][T14193] 8021q: VLANs not supported on gre0 [ 309.497158][T14208] openvswitch: netlink: ct_state flags 010000e0 unsupported [ 309.514383][T14209] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2825'. [ 309.875530][T14234] netlink: 'syz.4.2835': attribute type 3 has an invalid length. [ 309.889990][T14234] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2835'. [ 310.025420][T14242] netlink: 'syz.4.2838': attribute type 1 has an invalid length. [ 310.064459][T14242] 8021q: adding VLAN 0 to HW filter on device bond9 [ 310.131125][T14242] bond9: (slave veth5): Enslaving as an active interface with a down link [ 310.370345][T14269] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 311.378853][T14308] xt_TCPMSS: Only works on TCP SYN packets [ 311.403712][T14308] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2858'. [ 311.536922][T14313] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2859'. [ 311.603977][T14315] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2860'. [ 311.715039][T14321] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2863'. [ 311.758211][T14323] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2864'. [ 317.456395][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.463057][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.895492][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.901871][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 408.972944][ T31] INFO: task kworker/1:1:44 blocked for more than 143 seconds. [ 408.980526][ T31] Not tainted syzkaller #0 [ 408.985821][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 408.994798][ T31] task:kworker/1:1 state:D stack:23832 pid:44 tgid:44 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 409.007043][ T31] Workqueue: events rfkill_sync_work [ 409.012589][ T31] Call Trace: [ 409.015852][ T31] [ 409.018768][ T31] __schedule+0x14bc/0x5000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 409.023554][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 409.029196][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 409.036350][ T31] ? preempt_schedule+0xae/0xc0 [ 409.041227][ T31] ? preempt_schedule+0xae/0xc0 [ 409.046629][ T31] ? __pfx___schedule+0x10/0x10 [ 409.072669][ T31] ? schedule+0x91/0x360 [ 409.076965][ T31] schedule+0x165/0x360 [ 409.081131][ T31] schedule_preempt_disabled+0x13/0x30 [ 409.101257][ T31] __mutex_lock+0x7e6/0x1350 [ 409.106485][ T31] ? __mutex_lock+0x5bb/0x1350 [ 409.111271][ T31] ? nfc_rfkill_set_block+0x50/0x2e0 [ 409.117495][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 409.123716][ T31] ? lockdep_hardirqs_on+0x98/0x140 [ 409.128932][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 409.135778][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 409.142107][ T31] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 409.148085][ T31] nfc_rfkill_set_block+0x50/0x2e0 [ 409.153503][ T31] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 409.159228][ T31] rfkill_set_block+0x1d2/0x440 [ 409.164336][ T31] rfkill_sync_work+0x114/0x200 [ 409.169193][ T31] ? process_scheduled_works+0x9ef/0x1770 [ 409.175216][ T31] process_scheduled_works+0xad1/0x1770 [ 409.180768][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 409.186997][ T31] worker_thread+0x8a0/0xda0 [ 409.191586][ T31] kthread+0x711/0x8a0 [ 409.195897][ T31] ? __pfx_worker_thread+0x10/0x10 [ 409.200988][ T31] ? __pfx_kthread+0x10/0x10 [ 409.206050][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 409.211240][ T31] ? lockdep_hardirqs_on+0x98/0x140 [ 409.217234][ T31] ? __pfx_kthread+0x10/0x10 [ 409.221823][ T31] ret_from_fork+0x599/0xb30 [ 409.226667][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 409.231767][ T31] ? __switch_to_asm+0x39/0x70 [ 409.236579][ T31] ? __switch_to_asm+0x33/0x70 [ 409.241325][ T31] ? __pfx_kthread+0x10/0x10 [ 409.245927][ T31] ret_from_fork_asm+0x1a/0x30 [ 409.250681][ T31] [ 409.253777][ T31] INFO: task kworker/1:2:938 blocked for more than 143 seconds. [ 409.261396][ T31] Not tainted syzkaller #0 [ 409.266578][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 409.275486][ T31] task:kworker/1:2 state:D stack:23160 pid:938 tgid:938 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 409.287822][ T31] Workqueue: events rfkill_global_led_trigger_worker [ 409.295107][ T31] Call Trace: [ 409.298389][ T31] [ 409.301305][ T31] __schedule+0x14bc/0x5000 [ 409.306383][ T31] ? __pfx___schedule+0x10/0x10 [ 409.311252][ T31] ? schedule+0x91/0x360 [ 409.315883][ T31] schedule+0x165/0x360 [ 409.320031][ T31] schedule_preempt_disabled+0x13/0x30 [ 409.325792][ T31] __mutex_lock+0x7e6/0x1350 [ 409.330384][ T31] ? __mutex_lock+0x5bb/0x1350 [ 409.335499][ T31] ? rfkill_global_led_trigger_worker+0x27/0xd0 [ 409.341765][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 409.347277][ T31] ? process_scheduled_works+0x9ef/0x1770 [ 409.353292][ T31] ? process_scheduled_works+0x9ef/0x1770 [ 409.359004][ T31] rfkill_global_led_trigger_worker+0x27/0xd0 [ 409.365321][ T31] ? process_scheduled_works+0x9ef/0x1770 [ 409.371033][ T31] process_scheduled_works+0xad1/0x1770 [ 409.377068][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 409.384000][ T31] worker_thread+0x8a0/0xda0 [ 409.388606][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 409.395179][ T31] ? __kthread_parkme+0x7b/0x200 [ 409.400103][ T31] kthread+0x711/0x8a0 [ 409.404469][ T31] ? __pfx_worker_thread+0x10/0x10 [ 409.409596][ T31] ? __pfx_kthread+0x10/0x10 [ 409.414440][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 409.419630][ T31] ? lockdep_hardirqs_on+0x98/0x140 [ 409.425186][ T31] ? __pfx_kthread+0x10/0x10 [ 409.429767][ T31] ret_from_fork+0x599/0xb30 [ 409.434671][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 409.439789][ T31] ? __switch_to_asm+0x39/0x70 [ 409.444789][ T31] ? __switch_to_asm+0x33/0x70 [ 409.449545][ T31] ? __pfx_kthread+0x10/0x10 [ 409.454607][ T31] ret_from_fork_asm+0x1a/0x30 [ 409.459373][ T31] [ 409.462771][ T31] INFO: task syz.3.2792:14103 blocked for more than 143 seconds. [ 409.470473][ T31] Not tainted syzkaller #0 [ 409.475924][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 409.485062][ T31] task:syz.3.2792 state:D stack:24568 pid:14103 tgid:14103 ppid:5847 task_flags:0x400040 flags:0x00080002 [ 409.497491][ T31] Call Trace: [ 409.500766][ T31] [ 409.504180][ T31] __schedule+0x14bc/0x5000 [ 409.508705][ T31] ? stack_trace_save+0x9c/0xe0 [ 409.513810][ T31] ? __pfx___schedule+0x10/0x10 [ 409.518649][ T31] ? schedule+0x91/0x360 [ 409.522950][ T31] schedule+0x165/0x360 [ 409.527086][ T31] schedule_timeout+0x9a/0x270 [ 409.531827][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 409.537316][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 409.542615][ T31] ? lockdep_hardirqs_on+0x98/0x140 [ 409.547816][ T31] ? wait_for_completion+0x267/0x5d0 [ 409.553343][ T31] wait_for_completion+0x2bf/0x5d0 [ 409.558445][ T31] ? __pfx_wait_for_completion+0x10/0x10 [ 409.564314][ T31] ? __flush_work+0xd2/0xbc0 [ 409.568886][ T31] ? __flush_work+0xd2/0xbc0 [ 409.573721][ T31] __flush_work+0x9b9/0xbc0 [ 409.578210][ T31] ? __flush_work+0xd2/0xbc0 [ 409.583038][ T31] ? __pfx___flush_work+0x10/0x10 [ 409.588067][ T31] ? __pfx_wq_barrier_func+0x10/0x10 [ 409.593610][ T31] ? __pfx___cancel_work+0x10/0x10 [ 409.598705][ T31] ? nfc_genl_device_removed+0x23c/0x330 [ 409.604590][ T31] ? __cancel_work_sync+0x5c/0x110 [ 409.609687][ T31] __cancel_work_sync+0xbe/0x110 [ 409.614861][ T31] rfkill_unregister+0x92/0x220 [ 409.619700][ T31] nfc_unregister_device+0x96/0x2a0 [ 409.625376][ T31] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 409.631103][ T31] virtual_ncidev_close+0x56/0x90 [ 409.636442][ T31] __fput+0x44c/0xa70 [ 409.640415][ T31] task_work_run+0x1d4/0x260 [ 409.645338][ T31] ? __pfx_task_work_run+0x10/0x10 [ 409.650434][ T31] ? __se_sys_close_range+0x4ed/0x650 [ 409.656105][ T31] ? exit_to_user_mode_loop+0x55/0x4f0 [ 409.661550][ T31] exit_to_user_mode_loop+0xff/0x4f0 [ 409.667109][ T31] ? rcu_is_watching+0x15/0xb0 [ 409.671875][ T31] do_syscall_64+0x2e3/0xf80 [ 409.676707][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.683011][ T31] ? clear_bhb_loop+0x60/0xb0 [ 409.687760][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.694794][ T31] RIP: 0033:0x7f77f498f749 [ 409.699218][ T31] RSP: 002b:00007ffc0cdd38e8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 409.707878][ T31] RAX: 0000000000000000 RBX: 000000000003eb5b RCX: 00007f77f498f749 [ 409.716149][ T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 409.724379][ T31] RBP: 00007f77f4be7da0 R08: 0000000000000001 R09: 000000100cdd3bdf [ 409.732590][ T31] R10: 0000001b30820000 R11: 0000000000000246 R12: 00007f77f4be5fac [ 409.740542][ T31] R13: 00007f77f4be5fa0 R14: ffffffffffffffff R15: 00007ffc0cdd3a00 [ 409.748772][ T31] [ 409.751826][ T31] [ 409.751826][ T31] Showing all locks held in the system: [ 409.761875][ T31] 1 lock held by rcu_preempt/16: [ 409.767127][ T31] #0: ffff8880b893a7d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 409.777698][ T31] 1 lock held by khungtaskd/31: [ 409.783683][ T31] #0: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 409.794172][ T31] 4 locks held by kworker/1:1/44: [ 409.799188][ T31] #0: ffff88801a055948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 [ 409.810460][ T31] #1: ffffc90000b57b80 ((work_completion)(&rfkill->sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 [ 409.822939][ T31] #2: ffffffff8f5e15e8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_sync_work+0x2e/0x200 [ 409.833083][ T31] #3: ffff8880794c8100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0 [ 409.842803][ T31] 3 locks held by kworker/1:2/938: [ 409.847892][ T31] #0: ffff88801a055948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 [ 409.859505][ T31] #1: ffffc90003a37b80 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 [ 409.873399][ T31] #2: ffffffff8f5e15e8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0 [ 409.885008][ T31] 2 locks held by getty/5604: [ 409.889667][ T31] #0: ffff88814d4c20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 409.899850][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 409.910284][ T31] 1 lock held by syz.3.2792/14103: [ 409.915636][ T31] #0: ffff8880794c8100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0 [ 409.925633][ T31] 2 locks held by syz-executor/14199: [ 409.930981][ T31] #0: ffff888075e7a918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650 [ 409.941550][ T31] #1: ffffffff8f5e15e8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 409.951869][ T31] 3 locks held by syz.4.2848/14265: [ 409.957318][ T31] #0: ffffffff8e78ce48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 409.966008][ T31] #1: ffff88801a7a5100 (&dev->mutex){....}-{4:4}, at: nfc_register_device+0xa1/0x320 [ 409.975808][ T31] #2: ffffffff8f5e15e8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 409.986070][ T31] 1 lock held by syz.4.2848/14269: [ 409.991159][ T31] #0: ffffffff8e78ce48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 409.999856][ T31] 1 lock held by syz.4.2848/14272: [ 410.005308][ T31] #0: ffffffff8e78ce48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 410.014017][ T31] 1 lock held by syz.1.2849/14271: [ 410.019110][ T31] #0: ffffffff8e78ce48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 410.027799][ T31] 1 lock held by syz.2.2854/14291: [ 410.033136][ T31] #0: ffffffff8e78ce48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 410.041563][ T31] 1 lock held by syz.0.2866/14329: [ 410.046914][ T31] #0: ffffffff8e78ce48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 410.055689][ T31] 1 lock held by syz-executor/14338: [ 410.060962][ T31] #0: ffffffff8e78ce48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 410.069909][ T31] 1 lock held by syz-executor/14339: [ 410.075447][ T31] #0: ffffffff8e78ce48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 410.084129][ T31] 1 lock held by syz-executor/14341: [ 410.089390][ T31] #0: ffffffff8e78ce48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 410.098178][ T31] 1 lock held by syz-executor/14343: [ 410.106347][ T31] #0: ffffffff8e78ce48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 410.115279][ T31] 1 lock held by syz-executor/14345: [ 410.120546][ T31] #0: ffffffff8e78ce48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 410.129054][ T31] 1 lock held by syz-executor/14352: [ 410.134386][ T31] #0: ffffffff8e78ce48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 410.142876][ T31] 1 lock held by syz-executor/14353: [ 410.148136][ T31] #0: ffffffff8e78ce48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 410.156813][ T31] 1 lock held by syz-executor/14355: [ 410.162073][ T31] #0: ffffffff8e78ce48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 410.170761][ T31] 1 lock held by syz-executor/14357: [ 410.176616][ T31] #0: ffffffff8e78ce48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 410.185594][ T31] [ 410.187924][ T31] ============================================= [ 410.187924][ T31] [ 410.196881][ T31] NMI backtrace for cpu 0 [ 410.196894][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 410.196905][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 410.196911][ T31] Call Trace: [ 410.196915][ T31] [ 410.196920][ T31] dump_stack_lvl+0x189/0x250 [ 410.196936][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 410.196946][ T31] ? __pfx__printk+0x10/0x10 [ 410.196965][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 410.196977][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 410.196987][ T31] ? __pfx__printk+0x10/0x10 [ 410.197001][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 410.197016][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 410.197027][ T31] watchdog+0xf3c/0xf80 [ 410.197041][ T31] ? watchdog+0x1e2/0xf80 [ 410.197055][ T31] kthread+0x711/0x8a0 [ 410.197068][ T31] ? __pfx_watchdog+0x10/0x10 [ 410.197079][ T31] ? __pfx_kthread+0x10/0x10 [ 410.197091][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 410.197102][ T31] ? lockdep_hardirqs_on+0x98/0x140 [ 410.197113][ T31] ? __pfx_kthread+0x10/0x10 [ 410.197124][ T31] ret_from_fork+0x599/0xb30 [ 410.197139][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 410.197157][ T31] ? __switch_to_asm+0x39/0x70 [ 410.197167][ T31] ? __switch_to_asm+0x33/0x70 [ 410.197177][ T31] ? __pfx_kthread+0x10/0x10 [ 410.197189][ T31] ret_from_fork_asm+0x1a/0x30 [ 410.197207][ T31] [ 410.197211][ T31] Sending NMI from CPU 0 to CPUs 1: [ 410.346275][ C1] NMI backtrace for cpu 1 [ 410.346294][ C1] CPU: 1 UID: 0 PID: 5972 Comm: kworker/1:9 Not tainted syzkaller #0 PREEMPT(full) [ 410.346313][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 410.346324][ C1] Workqueue: events_power_efficient wg_ratelimiter_gc_entries [ 410.346353][ C1] RIP: 0010:do_raw_spin_unlock+0x7/0x240 [ 410.346376][ C1] Code: c1 0f 8c 6a ff ff ff e8 87 5d 88 00 e9 60 ff ff ff 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 55 41 57 <41> 56 41 55 41 54 53 48 89 fb 49 bc 00 00 00 00 00 fc ff df 4c 8d [ 410.346391][ C1] RSP: 0018:ffffc900050879c0 EFLAGS: 00000286 [ 410.346404][ C1] RAX: 93a4ca3afc908100 RBX: ffffffff8ea52b40 RCX: 93a4ca3afc908100 [ 410.346416][ C1] RDX: 0000000000000002 RSI: ffffffff8d952009 RDI: ffffffff8ea52b40 [ 410.346427][ C1] RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004 [ 410.346437][ C1] R10: dffffc0000000000 R11: fffff52000a10f2c R12: ffff88805a09b690 [ 410.346449][ C1] R13: ffff8880339c2818 R14: ffff88805a0ab690 R15: ffffffffffffffa0 [ 410.346462][ C1] FS: 0000000000000000(0000) GS:ffff8881261b1000(0000) knlGS:0000000000000000 [ 410.346475][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 410.346487][ C1] CR2: 000055f9ddfc1000 CR3: 000000000dd3a000 CR4: 00000000003526f0 [ 410.346502][ C1] Call Trace: [ 410.346509][ C1] [ 410.346518][ C1] _raw_spin_unlock+0x1e/0x50 [ 410.346537][ C1] wg_ratelimiter_gc_entries+0x384/0x450 [ 410.346569][ C1] ? process_scheduled_works+0x9ef/0x1770 [ 410.346594][ C1] process_scheduled_works+0xad1/0x1770 [ 410.346630][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 410.346661][ C1] worker_thread+0x8a0/0xda0 [ 410.346685][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 410.346708][ C1] ? __kthread_parkme+0x7b/0x200 [ 410.346728][ C1] kthread+0x711/0x8a0 [ 410.346748][ C1] ? __pfx_worker_thread+0x10/0x10 [ 410.346763][ C1] ? __pfx_kthread+0x10/0x10 [ 410.346782][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 410.346799][ C1] ? lockdep_hardirqs_on+0x98/0x140 [ 410.346818][ C1] ? __pfx_kthread+0x10/0x10 [ 410.346837][ C1] ret_from_fork+0x599/0xb30 [ 410.346861][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 410.346887][ C1] ? __switch_to_asm+0x39/0x70 [ 410.346905][ C1] ? __switch_to_asm+0x33/0x70 [ 410.346923][ C1] ? __pfx_kthread+0x10/0x10 [ 410.346941][ C1] ret_from_fork_asm+0x1a/0x30 [ 410.346967][ C1]