last executing test programs: 2.252244888s ago: executing program 1 (id=4781): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000011c0)=@newtaction={0xe98, 0x30, 0x25, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x4}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xe4}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0) 2.058339573s ago: executing program 1 (id=4784): socket$inet6_sctp(0xa, 0x1, 0x84) bind$alg(0xffffffffffffffff, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58) r0 = socket$packet(0x11, 0x3, 0x300) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="050000003500000000000000", @ANYRES32=0x0, @ANYRES64=0x0], 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x20}}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000005800)={&(0x7f0000000540)=ANY=[@ANYRESDEC=r1, @ANYRESHEX=r2], 0x4c}}, 0x804) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) r8 = socket$netlink(0x10, 0x3, 0x1) sendmsg$nl_route_sched(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xc3, 0xc}, {}, {0xe, 0xa}}, [@TCA_RATE={0x6, 0x5, {0x0, 0x7d}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2}}, {0x8, 0x1b, [0x10, 0x0]}}]}]}, 0x54}}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000000)="0800d907000000000000", 0xa) 1.93849467s ago: executing program 2 (id=4788): ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @link_local}) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="b80000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000009000128009000100766c616e00000000800002800c0002000e0000000a000000340004802000390017900000020000000c000100f04ae965cb0b06040c00010004000000002000000c000100001000000900000006000100020000000c0002000a0000000c000000280003800c00010008000000090000000c00010009000000030000000c000100090000000080000008000500", @ANYRES32=r2], 0xb8}}, 0x2) 1.86188746s ago: executing program 1 (id=4789): r0 = socket$key(0xf, 0x3, 0x2) socket$key(0xf, 0x3, 0x2) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20000004) sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast2, 0x0, 0x0, 0xffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x28c, 0x1}, {0x7}, 0x0, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x2000000, 0x33}, 0x0, @in6=@loopback, 0x0, 0x3, 0x0, 0xb7, 0x0, 0x8000000}}, 0xe8) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8915, &(0x7f0000000280)={'vlan0\x00', {0x2, 0x4, @multicast1=0xac141432}}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b400000000000000791048000000000071003300000000009500000000000000db74589d4b38cc306ac390649f72dea0e50e2317db042855d6c74ff3493c7e31e3f6c643155a8e2e01d50bc3347475750472719cc516fa14b769e7f385ba72c60242263c05ddab05e37efe81b8bffc35cdf2ac0d93263ff755d611c4cca1684b1470af6a83366aa430ad2d700b186da622d6fba70000000000000000000000000200"/173], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) 1.817370048s ago: executing program 2 (id=4790): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000040)={0x0, 0x6, 0xffff}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000000c0)={0x9, 0x8000, 0x20c, 0x3803, 0x0, 0x0, 0x100, 0x3, r1}, &(0x7f0000000140)=0x20) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)=ANY=[@ANYBLOB="05000000030000004d6d000000000000", @ANYRES64=0x0, @ANYRES64], 0x48}}, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r4, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_HOP_PENALTY={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x44000}, 0x20004000) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r6 = accept4(r5, 0x0, 0x0, 0x800) sendmmsg$alg(r6, &(0x7f0000000800)=[{0x0, 0x0, &(0x7f0000001e80)=[{&(0x7f0000000340)="7d7a68e25d38566c61856d6817441a9caa9b23557af3d00f974cd91d1b33a9d6077fd480051346d814913f8a3ef2e1a781a2bbfc8d55dca693d39139f04047784190d93b5301b4abe27c9242396d40a5c2b7789629214281c8e09a6c1f1e0db5d1e74e1f27a89b2c25c2316fcddc9ff2a71eceb3094ba465389e", 0x7a}, {&(0x7f0000000700)="ce2ede98d4a7e4b9a7938b050ddf51835e71aa0857d0f79d3ce502000000b5cc4397be", 0x23}, {&(0x7f0000000600)="5fec9dec1e9d48e2b3a02e29dcaadb6d242c08b8b6e2a34dd08e48e34000000000000000d6bf39fd7dac80fedaaab8ff4258ecbc4e025305fab94303f773d083bb47da24c3341e27416f38e3251fe082c8f8ff2308cd2f7dc846c93e62a8d53d22fcabce47b5531463290c970dccfaa7da3e4ee56136f44b991100e3db7c750c3ccb3e01d6598d53d05ca7503d7430f3ff2b79ab629faa1dfb2d0899dd807d28174305bd600e50112aa4d0ec230a89b3078bb60a198e5a7169d91005cda3fc9870956d72773bd700", 0xc8}, {&(0x7f0000002dc0)="c615271a9dc3c1d27eee864db95e0b71f8e4965515323d75357cb0914b03d9b18c63ca3692399e0aa8be01a5b9883f1e4830cd8b777bb75c27cba21f087b8a8a92bb4353b5e825f3837bfcce5681589bd0ce90380fed43b1ebc4d4c4e3efe4c1a60e3d56753ebac731ddf0a80a42e71cd2fa58a5779bd29d2b7e65", 0x7b}], 0x4, 0x0, 0x0, 0x4004845}], 0x1, 0x48800) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000280), &(0x7f0000000100)=0x8) 1.25436974s ago: executing program 3 (id=4794): socket$qrtr(0x2a, 0x2, 0x0) socket$qrtr(0x2a, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000980)) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet(r0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000007000000890704e000006a001c000000000000000000000008000000", @ANYRES64=r0], 0x48}, 0x0) 1.143744831s ago: executing program 3 (id=4797): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_inet_SIOCGIFADDR(r1, 0x8915, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt(r0, 0x84, 0x81, &(0x7f0000000040)="1a000000", 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'bond0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="400d0000000000003000128008000100687372002400028008000200", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r4], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) sendmsg$nl_route(r2, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=@bridge_setlink={0xa4, 0x13, 0x215, 0x70bd27, 0x25dfdbfc, {0x7, 0x0, 0x0, 0x0, 0x20000, 0x40008}, [@IFLA_MASTER={0x8, 0xa, r4}, @IFLA_LINK={0x8}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0x165d0}, @IFLA_PHYS_PORT_ID={0x5, 0x22, 'V'}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x5}, @IFLA_LINKINFO={0x54, 0x12, 0x0, 0x1, @bond={{0x9}, {0x44, 0x2, 0x0, 0x1, [@IFLA_BOND_PRIMARY_RESELECT={0x5}, @IFLA_BOND_MIIMON={0x8, 0x3, 0x7}, @IFLA_BOND_ALL_SLAVES_ACTIVE={0x5, 0x11, 0x55}, @IFLA_BOND_AD_ACTOR_SYS_PRIO={0x6, 0x18, 0x3ff}, @IFLA_BOND_XMIT_HASH_POLICY={0x5, 0xe, 0x1}, @IFLA_BOND_USE_CARRIER={0x5, 0x6, 0x8}, @IFLA_BOND_DOWNDELAY={0x8, 0x5, 0xfffffff9}, @IFLA_BOND_AD_LACP_RATE={0x5}]}}}, @IFLA_TXQLEN={0x8, 0xd, 0x6e}]}, 0xa4}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) socket(0x11, 0x800000003, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xffff}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}]}}]}, 0xa4}}, 0x0) r6 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000005c80)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x4, {0x0, 0x0, 0x12, r7, {0x0, 0xfff3}, {0xe, 0xffff}, {0xc}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}}, 0xffffffffffff0000) 1.057334392s ago: executing program 0 (id=4799): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xc4) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc43", 0xf) r2 = accept4(r1, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) r3 = socket(0x11, 0x3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) bind$packet(r3, &(0x7f00000001c0)={0x11, 0x0, r5, 0x1, 0x2, 0x6, @broadcast}, 0x14) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a", 0x23}], 0x1}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB="640000000906010200000000000000000400fffe0900020073797a310000000005000100070000003c0007800c00018008000140ffffffff0c00148008e00040ac1414bb080009400000007f1800028014000240fc0200"/99], 0x64}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$alg(r2, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x200}], 0x18}, 0x28000054) sendmsg$nl_route_sched_retired(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000700)=@delqdisc={0x11c, 0x25, 0x200, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, r5, {0x5, 0xb}, {0x9, 0x8}, {0xfff2, 0xd}}, [@q_dsmark={{0xb}, {0x30, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x9}, @TCA_DSMARK_INDICES={0x6}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x1}, @TCA_DSMARK_SET_TC_INDEX={0x4}]}}, @q_dsmark={{0xb}, {0xc, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xf}]}}, @q_dsmark={{0xb}, {0x44, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x7}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x5}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x9}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x3}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0xa}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x20}, @TCA_DSMARK_SET_TC_INDEX={0x4}]}}, @q_dsmark={{0xb}, {0x24, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x10}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x3}]}}, @q_dsmark={{0xb}, {0x18, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x4}]}}]}, 0x11c}}, 0xd0) recvmmsg(r2, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000500)=""/216, 0xd8}, {&(0x7f0000000840)=""/127, 0x7f}, {&(0x7f0000000600)=""/134, 0x86}, {&(0x7f0000000480)=""/21, 0x15}, {&(0x7f00000006c0)=""/21, 0x15}], 0x5}, 0x4}], 0x2, 0x60, 0x0) ioctl$sock_proto_private(r0, 0x89e0, &(0x7f0000000040)="9bc8922f7e5cc01feb6288daca37a8dce4cb59d8a4b7198f52c84041c2473658ec4228f2399fc5e950910ab0cdaa2d3be784823a4e212dd37985e42fcea0b651") 1.054376863s ago: executing program 4 (id=4800): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) bind$alg(0xffffffffffffffff, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58) r1 = socket$packet(0x11, 0x3, 0x300) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32, @ANYRES32=r0, @ANYBLOB="050000003500000000000000", @ANYRES32=0x0, @ANYRES64=0x0], 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x20}}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000005800)={&(0x7f0000000540)=ANY=[@ANYRESDEC=r2, @ANYRESHEX=r3], 0x4c}}, 0x804) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r5 = accept4(r4, 0x0, 0x0, 0x800) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r8, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) r9 = socket$netlink(0x10, 0x3, 0x1) sendmsg$nl_route_sched(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xc3, 0xc}, {}, {0xe, 0xa}}, [@TCA_RATE={0x6, 0x5, {0x0, 0x7d}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2}}, {0x8, 0x1b, [0x10, 0x0]}}]}]}, 0x54}}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000000)="0800d907000000000000", 0xa) 834.288321ms ago: executing program 0 (id=4801): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) (async) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) (async) setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000000)={0x2}) (async) r5 = socket(0xa, 0x3, 0x3a) (async) ioctl$INCFS_IOC_FILL_BLOCKS(r3, 0x80106720, &(0x7f0000000440)={0x3, &(0x7f00000003c0)=[{0x9, 0x59, &(0x7f0000000300)="127cc49aae7ad6df470ccb56b83aacc80ddcafcd2abae085989bd518183e18dd75353996b2bfcac70c6de236ba938aabb9e448c7ac9439410b92d44c4b5e8d286371864d6e40518a81632464367a2828cb8cb59415fa2fbc94", 0x1, 0x1}, {0xe, 0x27, &(0x7f0000000240)="a1ea35e56a479b802fa61826d9d012fb2d1a8bed33ddf6c9f23c7601677093b36005ea3366bedd"}, {0x101, 0x24, &(0x7f0000000380)="e98fc25c1ec001878106d247105a62583fa7cc955628ce3d969943a277ce72f0e8240687", 0x1}]}) setsockopt$MRT6_ADD_MFC_PROXY(r5, 0x29, 0xd3, 0x0, 0x0) (async) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000100)={'macvlan0\x00', &(0x7f0000002fc0)=@ethtool_link_settings={0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0x0, 0x10, 0x0, 0x0, 0x400000]}}) socket$kcm(0x2, 0xa, 0x2) (async) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000280)={'batadv_slave_1\x00', @random="2353e399fad5"}) (async) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4) (async) write$tun(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="339ed397e389aaaaaaaaaa0f88a80a0081004f0008004500005c0000e0"], 0x72) (async) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_CONNINFO(r7, 0x11, 0x2, &(0x7f0000000140)=""/229, 0xfffffffffffffffe) 819.677684ms ago: executing program 2 (id=4802): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="f800000016000100b7de5100000000000000000a010100000000f7ffffffffff000000000000000000000000000080a000"/63, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000ffffac141428"], 0xf8}}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2001000012001307000000000080ff00e0000001000000000000000000000000fc00"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fc020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000072c42572f64a264410b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbc18c8582fc7800000000000000000000000050019000000000028001a"], 0x120}}, 0x0) 798.452678ms ago: executing program 3 (id=4803): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="deaa00000000000071101900000000009500080000000000"], &(0x7f0000000480)='syzkaller\x00'}, 0x80) 726.447026ms ago: executing program 4 (id=4804): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f00000009c0)=ANY=[@ANYBLOB="9feb0100180000000000000038000000380000000c0000000a0000000000001104000000ffffffff000000000000000200000000000000000000001302000000020000000000000e0300000000000000000061000000000000002e"], 0x0, 0x5c, 0x0, 0x1}, 0x28) 726.028672ms ago: executing program 1 (id=4805): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000100)=ANY=[@ANYBLOB="180000002d00010026bdf000fcdbdf25041a0000040010"], 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = epoll_create1(0x0) r4 = socket(0x1, 0x80802, 0x0) r5 = epoll_create1(0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0x11}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xd}, {0x85, 0x0, 0x0, 0x17}}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x2b}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r6, 0x0, 0xe, 0x0, &(0x7f00000004c0)="e0b95400f2810301004e7e6f5bec", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000100)={0xa000000d}) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f00000000c0)={0x10000001}) shutdown(r4, 0x0) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000300), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r2) close(0x3) 694.463112ms ago: executing program 4 (id=4806): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500001f61000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 637.200359ms ago: executing program 3 (id=4807): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x5c4, 0x404c844, &(0x7f0000000540)={0x2, 0x4e24, 0x0, @local, 0x4000000}, 0x1c) 566.48606ms ago: executing program 2 (id=4808): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="000000000020000014001280090001007665746800000000040002800800200001"], 0x3c}}, 0x0) 565.857209ms ago: executing program 0 (id=4809): socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) socket$alg(0x26, 0x5, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x8000) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000680)={'wlan0\x00', 0x0}) r3 = socket(0x10, 0x803, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x60, &(0x7f0000012c40)={0x0, 0x989680}) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)={0x14, 0x38, 0x701, 0x0, 0x0, {0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x4044840}, 0x4000000) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=r2, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r5], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x1, 0x803, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r10 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'veth1\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c000000100003041b00"/20, @ANYRES32=0x0, @ANYBLOB="46060900000000001cef128009000100766c616e000000000c000280060001000400000008000500", @ANYRES32=r11, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r9], 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0) 521.057971ms ago: executing program 3 (id=4810): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x1c, 0x0, 0x701, 0x0, 0x0, {0x16}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x1c}}, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r0) 490.981415ms ago: executing program 4 (id=4811): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000009b80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000020000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000002110001180090001006c61737400000000085a00000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000001c0003800c00008008000340000000020c00008008000340000000020900020073797a32000000000900020073797a3100000000a85903804c0400800c0004400000000000000009a8010a80240002800900020073797a300000000008000340000000030900020073797a3200000000100002800900020073797a3100000000240002800900020073797a31000000000900020073797a30000000000800034000000001e4000100e8cca7c8480ad3bddccdbb47ddc50c2cfa342d582193086601c4d8fe5487de16fe308ef18c068c6ef9ee86bb347a1def8d3001be0db1ee645ff82cc4501175104078fb80dfe4ed20aefa130fc580e99f678bb6144bdd9e1a2805994c94a2715891751780c82323afda37eed83766f0ddea60583d65f24a8ceadea745ee3e2e784282415b33e44c2116dc2082ef5f8738e83a1d28509662268f7388c95d8a6152485e8e8839b8b16e8e24a44d6272fa508ce49294316831faa4b8fd0d2f77a96873393b2b7eee9eedcec800ef367c04eab04f03aa6c9ff49d27f9abec46deb6862000028008000340000000040900020073797a320000000008000340000000044800028008000180fffffffc0900020073797a310000000008150180fffffffc08000340000000010900020073797a320000000008000180000000060900020073797a310000000068010280180002800900020073797a31000000000800034000000002200002800900020073797a32000000000800034000000003080003400000000360000280080003400000000108000340000000030900020073797a320000000008000340000000020800034000000003080003400000000208000180fffffffc08000180000000000900020073797a32000000000900020073797a30000000001c00028008000180fffffffd08000180fffffffc08000180fffffffe460001000e426c538832d61a8970a1bc3a9a3d0ef103a2e80179f525dc8c51ad5c061699957e3e194c56e643afd270ce53853eb4f2cc00954761c74827a35d8e81059dbc3a46000014000280080003400000000108000180fffffff92c00028008000340000000010900020073797a310000000008000340000000030900020073797a31000000002700010099e3f54ca2a52facc52409ee823468fadc2b8a9b626a2118e0bcc1cc8f22fd04ce2f9b00080003400000000190000b800c0001800800010064757000100001800c0001007061796c6f6164000c0001800700010063740000640001800b00010074756e6e656c000054000280080003400000000208000240000000020800014000000001080001400000000008000340000000000800024000000000080001400000000108000240000000100800034000000002080002400000001094"], 0x5a9c}}, 0x0) 464.380491ms ago: executing program 3 (id=4812): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000040)={0x0, 0x6, 0xffff}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000000c0)={0x9, 0x8000, 0x20c, 0x3803, 0x0, 0x0, 0x100, 0x3, r1}, &(0x7f0000000140)=0x20) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)=ANY=[@ANYBLOB="05000000030000004d6d000000000000", @ANYRES64=0x0, @ANYRES64], 0x48}}, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r4, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_HOP_PENALTY={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x44000}, 0x20004000) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r6 = accept4(r5, 0x0, 0x0, 0x800) sendmmsg$alg(r6, &(0x7f0000000800)=[{0x0, 0x0, &(0x7f0000001e80)=[{&(0x7f0000000340)="7d7a68e25d38566c61856d6817441a9caa9b23557af3d00f974cd91d1b33a9d6077fd480051346d814913f8a3ef2e1a781a2bbfc8d55dca693d39139f04047784190d93b5301b4abe27c9242396d40a5c2b7789629214281c8e09a6c1f1e0db5d1e74e1f27a89b2c25c2316fcddc9ff2a71eceb3094ba465389e", 0x7a}, {&(0x7f0000000700)="ce2ede98d4a7e4b9a7938b050ddf51835e71aa0857d0f79d3ce502000000b5cc4397be", 0x23}, {&(0x7f0000000600)="5fec9dec1e9d48e2b3a02e29dcaadb6d242c08b8b6e2a34dd08e48e34000000000000000d6bf39fd7dac80fedaaab8ff4258ecbc4e025305fab94303f773d083bb47da24c3341e27416f38e3251fe082c8f8ff2308cd2f7dc846c93e62a8d53d22fcabce47b5531463290c970dccfaa7da3e4ee56136f44b991100e3db7c750c3ccb3e01d6598d53d05ca7503d7430f3ff2b79ab629faa1dfb2d0899dd807d28174305bd600e50112aa4d0ec230a89b3078bb60a198e5a7169d91005cda3fc9870956d72773bd700", 0xc8}, {&(0x7f0000002dc0)="c615271a9dc3c1d27eee864db95e0b71f8e4965515323d75357cb0914b03d9b18c63ca3692399e0aa8be01a5b9883f1e4830cd8b777bb75c27cba21f087b8a8a92bb4353b5e825f3837bfcce5681589bd0ce90380fed43b1ebc4d4c4e3efe4c1a60e3d56753ebac731ddf0a80a42e71cd2fa58a5779bd29d2b7e65", 0x7b}], 0x4, 0x0, 0x0, 0x4004845}], 0x1, 0x48800) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000280), &(0x7f0000000100)=0x8) 318.488154ms ago: executing program 2 (id=4813): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="020300001600000003000000000000000400030007000000b90800000000000007000000000000000000000000000000050006006c0000000a00000000000000fe8800000080ffffff00000000000001000010000000000004000400000000000700000000000000000000000000000000000020000000000200010000000000000000070000000005000500008000000a"], 0xb0}}, 0x40) 296.032271ms ago: executing program 0 (id=4814): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a31000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e6400000008000240000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e64000000080002"], 0x10c}}, 0x0) 292.23021ms ago: executing program 4 (id=4815): bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40800000000000061106a00000000000600004e000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xfd90, &(0x7f000000cf3d)=""/195, 0x4000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x0, 0x10, &(0x7f0000000080), 0xffffffffffffffb2}, 0x48) 222.151864ms ago: executing program 1 (id=4816): r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000100)={0x0, 0x7}, 0x8) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="01000000040000000400000008"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=@getqdisc={0x28, 0x26, 0x400, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0xf}, {0x5, 0x2}, {0xf, 0x10}}, [{0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f00000191c0)=ANY=[@ANYBLOB="010000000b000000050010000200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=r4, @ANYRES32, @ANYBLOB="0000000002"], 0x48) (async) bpf$MAP_CREATE(0x0, &(0x7f00000191c0)=ANY=[@ANYBLOB="010000000b000000050010000200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=r4, @ANYRES32, @ANYBLOB="0000000002"], 0x48) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) socket$pppl2tp(0x18, 0x1, 0x1) (async) r5 = socket$pppl2tp(0x18, 0x1, 0x1) r6 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r6, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26) r7 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r7, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x4e22, @broadcast}, 0x2, 0x9800}}, 0x2e) (async) connect$pppl2tp(r7, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x4e22, @broadcast}, 0x2, 0x9800}}, 0x2e) sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000000000ba30b28e994c1a08d1ca4eb6b8b4889cdd4e786eb807e04eb88b935d785f3d3201c58033c88e160d2745a91b08363bcc34006d0009788455ec9ad10b24"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000000000ba30b28e994c1a08d1ca4eb6b8b4889cdd4e786eb807e04eb88b935d785f3d3201c58033c88e160d2745a91b08363bcc34006d0009788455ec9ad10b24"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000000)={'syztnl2\x00', &(0x7f00000004c0)={'sit0\x00', r4, 0x700, 0x7800, 0x5, 0x6, {{0x10, 0x4, 0x0, 0x2, 0x40, 0x64, 0x0, 0xc, 0x29, 0x0, @remote, @empty, {[@cipso={0x86, 0x21, 0x1, [{0x5, 0x2}, {0x2, 0xd, "7d4eead094506e20f920c1"}, {0x5, 0xc, "7fb81f8b2ebfb67ee899"}]}, @ssrr={0x89, 0x7, 0xcb, [@multicast2]}, @ra={0x94, 0x4}]}}}}}) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000000)={'syztnl2\x00', &(0x7f00000004c0)={'sit0\x00', r4, 0x700, 0x7800, 0x5, 0x6, {{0x10, 0x4, 0x0, 0x2, 0x40, 0x64, 0x0, 0xc, 0x29, 0x0, @remote, @empty, {[@cipso={0x86, 0x21, 0x1, [{0x5, 0x2}, {0x2, 0xd, "7d4eead094506e20f920c1"}, {0x5, 0xc, "7fb81f8b2ebfb67ee899"}]}, @ssrr={0x89, 0x7, 0xcb, [@multicast2]}, @ra={0x94, 0x4}]}}}}}) 215.582205ms ago: executing program 0 (id=4817): socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) socket$kcm(0x2, 0xa, 0x2) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuacct.usage_sys\x00', 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000500)) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x19, 0x5, 0xd0, 0x0, 0x13018, 0x1, 0x2, '\x00', r2, r4, 0x5, 0x1, 0x3, 0x0, @void, @value, @value=r3}, 0x50) r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800110000000000000000000000ca6c9500000000000000ffdb360734076d08000d0ba8897489c522ba66c5439753d3e0c9b47bef3c2879fc55ce1649fcc6cff6b7eddc1ae3947efadabc0399ee4099902841e1c394783c541a69c0b2af1dcd8598b5c388992876d8e7858aed8e2f5308e47d9b93e38f092f022e25a098b85645ea1b65d5b5e38355cb7d53cb83ed9d6bc2756c81b8692e12b1b572660c0d83d23e57f5ffa19bad8b1feca88786116725e92d6d6e399a37a38899d361337c02c04a0dbda849dc41b918a60e7830677446f3280ea4f0e5"], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r7, 0xc, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd1}, 0x90) r8 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000380)={0x0, 0x8, 0x10}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x18, &(0x7f00000001c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x200}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xe}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000280)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x1, '\x00', r2, 0x0, r7, 0x8, &(0x7f00000002c0)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x2, 0x1, 0x6, 0x1}, 0x10, 0x0, 0x0, 0x7, &(0x7f00000003c0)=[r0, r8], &(0x7f0000000400)=[{0x1, 0x5, 0x1, 0xa}, {0x0, 0x2, 0x1, 0x7}, {0x1, 0x2, 0x2, 0x8}, {0x2, 0x2, 0x4, 0x3}, {0x2, 0x4, 0x6, 0x5}, {0x0, 0x1, 0x2, 0x1}, {0x0, 0x3, 0xc, 0x5}], 0x10, 0xff}, 0x94) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x21}, 0x50) 191.480358ms ago: executing program 2 (id=4818): socket$inet6_sctp(0xa, 0x1, 0x84) bind$alg(0xffffffffffffffff, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58) r0 = socket$packet(0x11, 0x3, 0x300) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="050000003500000000000000", @ANYRES32=0x0, @ANYRES64=0x0], 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x20}}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000005800)={&(0x7f0000000540)=ANY=[@ANYRESDEC=r1, @ANYRESHEX=r2], 0x4c}}, 0x804) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) r8 = socket$netlink(0x10, 0x3, 0x1) sendmsg$nl_route_sched(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xc3, 0xc}, {}, {0xe, 0xa}}, [@TCA_RATE={0x6, 0x5, {0x0, 0x7d}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2}}, {0x8, 0x1b, [0x10, 0x0]}}]}]}, 0x54}}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000000)="0800d907000000000000", 0xa) 160.393079ms ago: executing program 4 (id=4819): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8894}, 0x0) write$nci(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="40010421f9252ea3"], 0x8) r4 = socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000062102000100000008000500", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00]'], 0x54}, 0x1, 0x0, 0x0, 0x280608c0}, 0x0) r7 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000180)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x17, 0x0, 0x4, 0x7ffa, 0x0, 0xffffffffffffffff, 0x0, '\x00', r8, r5, 0x2, 0x0, 0x2}, 0x50) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r9}, 0x10) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r11}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0900000002000000020000000400000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) 54.527804ms ago: executing program 1 (id=4820): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001700)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab000e271f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1ff032aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f757036303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e0800000092e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9be7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa5200002fe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb0972d39e4b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e501ddddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b605908000000f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c332c34812382e57c0e0d83f3f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217b6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b4783d66661a92f174f2b88cd544b2a8e1b05ea7cf51578169fff7765f9978883b4b5983b42a35a05dabfc325ec2a2ec2f9b0882fdcf5d6f72272d2ff0d8eea60f5494ba42b4d40f144f0ab680a6f40f9094d3afb58a1efd6109894b8605c6b3b3f020c222f6446195b2274f634fbb737948a1f36ea729467e132385e9da614e4625175f4443b97a675934db90010e4b884200c3546c4d86d712c3939e11be3343f693846f509ad4c445ade5cd6d126d5694462ac5d3b527c3bd51c0a715a28d65fe94b255d02cdc1fab99b5b9c352f1b284115e4046285a824d22b6f0afbed8d6096a72fef72ebd6aae78b02fa1993e8fe2020ae93aae2bcfffa40b98549f1fb9fcefa74329909a207336d07f6f59da423ac5fa47852055d5ce6d2c56bdbbcdbf3458ba478c669f39d5272e65c90908ea2cb86d38f8ebf80a8cb85d8399b42403c94b8662af5cf1411526f177b4d476169a5d5a8c37d0d8893a77d0bd47b8a0bba60b3e26094209c889585f997ff556bcd2cc223f9c0c44de9d0fe1b5a8a815f652e79747d3e1f413fa0575d51f652d22883e143065c5ad74bdc864754ba3dad5a8fc8fc2c807d1a51dfb29884adee415c13f2ce14d307bd6165ec6ba68a766adfcbe444ea72d586bb47dd98a225467aab538a77667d19bae2e51727ba6d190e6d7"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x26, 0x0, &(0x7f0000000100)="b9ff0b078059268cb89e14f088a82de0ffff200000000067000aac14140ce000000149e832f0", 0x0, 0x1ff, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000}, 0x50) 0s ago: executing program 0 (id=4821): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) sendto$inet6(r0, 0x0, 0x0, 0x404c844, 0x0, 0x0) kernel console output (not intermixed with test programs): ve_1: left promiscuous mode [ 380.483444][T17115] veth9: entered promiscuous mode [ 380.941060][T17147] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3445'. [ 381.520840][T17165] netlink: 'syz.4.3447': attribute type 21 has an invalid length. [ 381.581843][T17165] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3447'. [ 381.628156][T17173] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_bond, syncid = 0, id = 0 [ 381.681692][T17172] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3450'. [ 381.781114][T17183] netlink: 'syz.0.3454': attribute type 13 has an invalid length. [ 381.815913][T17182] netlink: 'syz.0.3454': attribute type 13 has an invalid length. [ 381.824360][T17182] netlink: 'syz.0.3454': attribute type 17 has an invalid length. [ 381.838840][T17183] netlink: 'syz.0.3454': attribute type 17 has an invalid length. [ 381.882176][T17188] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3456'. [ 381.891570][T17182] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 381.932239][T17194] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3458'. [ 381.936883][T17195] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3455'. [ 381.952028][T17194] vlan3: entered promiscuous mode [ 381.963024][T17194] team0: entered promiscuous mode [ 381.968630][T17194] team_slave_0: entered promiscuous mode [ 381.984735][T17194] team_slave_1: entered promiscuous mode [ 381.992341][T17194] team0: Device vlan3 is already an upper device of the team interface [ 382.031205][T17183] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 382.053774][T17188] bond0: entered promiscuous mode [ 382.061360][T17188] bond_slave_0: entered promiscuous mode [ 382.071303][T17188] bond_slave_1: entered promiscuous mode [ 382.083661][T17188] bond0: left promiscuous mode [ 382.094535][T17188] bond_slave_0: left promiscuous mode [ 382.103457][T17188] bond_slave_1: left promiscuous mode [ 382.117277][T17204] netlink: 'syz.0.3460': attribute type 4 has an invalid length. [ 382.135421][T17204] netlink: 'syz.0.3460': attribute type 4 has an invalid length. [ 382.255108][T17208] sctp: [Deprecated]: syz.0.3462 (pid 17208) Use of struct sctp_assoc_value in delayed_ack socket option. [ 382.255108][T17208] Use struct sctp_sack_info instead [ 382.768875][T17249] vlan3: entered promiscuous mode [ 382.777478][T17249] team0: Device vlan3 is already an upper device of the team interface [ 383.519660][T17321] __nla_validate_parse: 12 callbacks suppressed [ 383.519679][T17321] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3491'. [ 383.611987][T17329] FAULT_INJECTION: forcing a failure. [ 383.611987][T17329] name failslab, interval 1, probability 0, space 0, times 0 [ 383.622101][T17331] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3495'. [ 383.624982][T17329] CPU: 0 UID: 0 PID: 17329 Comm: syz.2.3496 Not tainted syzkaller #0 PREEMPT(full) [ 383.625003][T17329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 383.625012][T17329] Call Trace: [ 383.625019][T17329] [ 383.625027][T17329] dump_stack_lvl+0x189/0x250 [ 383.625052][T17329] ? __pfx____ratelimit+0x10/0x10 [ 383.625071][T17329] ? __pfx_dump_stack_lvl+0x10/0x10 [ 383.625091][T17329] ? __pfx__printk+0x10/0x10 [ 383.625126][T17329] should_fail_ex+0x414/0x560 [ 383.625154][T17329] should_failslab+0xa8/0x100 [ 383.625178][T17329] kmem_cache_alloc_noprof+0x73/0x3c0 [ 383.625199][T17329] ? skb_clone+0x212/0x3a0 [ 383.625225][T17329] skb_clone+0x212/0x3a0 [ 383.625249][T17329] maybe_deliver+0x98/0x160 [ 383.625275][T17329] br_flood+0x31a/0x6a0 [ 383.625303][T17329] ? br_dev_xmit+0x185/0x1840 [ 383.625318][T17329] br_dev_xmit+0x11b3/0x1840 [ 383.625333][T17329] ? kernel_text_address+0xa5/0xe0 [ 383.625354][T17329] ? br_dev_xmit+0x185/0x1840 [ 383.625378][T17329] ? __pfx_br_dev_xmit+0x10/0x10 [ 383.625392][T17329] ? validate_xmit_xfrm+0xbf/0x1160 [ 383.625419][T17329] ? __pfx_validate_xmit_xfrm+0x10/0x10 [ 383.625440][T17329] ? __lock_acquire+0xab9/0xd20 [ 383.625479][T17329] dev_hard_start_xmit+0x2d4/0x830 [ 383.625520][T17329] __dev_queue_xmit+0x1b8d/0x3b50 [ 383.625553][T17329] ? __dev_queue_xmit+0x27b/0x3b50 [ 383.625599][T17329] ? lockdep_hardirqs_on+0x9c/0x150 [ 383.625621][T17329] ? __pfx___dev_queue_xmit+0x10/0x10 [ 383.625649][T17329] ? stack_depot_save_flags+0x40/0x860 [ 383.625671][T17329] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 383.625697][T17329] ? __lock_acquire+0xab9/0xd20 [ 383.625722][T17329] ? __lock_acquire+0xab9/0xd20 [ 383.625764][T17329] ? ip_finish_output2+0xae7/0x1160 [ 383.625786][T17329] ip_finish_output2+0xd03/0x1160 [ 383.625800][T17329] ? ip_skb_dst_mtu+0x18d/0xb70 [ 383.625828][T17329] ? ip_finish_output2+0x452/0x1160 [ 383.625847][T17329] ? __pfx_ip_finish_output2+0x10/0x10 [ 383.625866][T17329] ? ip_skb_dst_mtu+0x917/0xb70 [ 383.625891][T17329] ? ip_finish_output+0x33a/0x3f0 [ 383.625915][T17329] iptunnel_xmit+0x5f8/0xa90 [ 383.625952][T17329] ip_tunnel_xmit+0x1c41/0x2390 [ 383.625999][T17329] ? __pfx_ip_tunnel_xmit+0x10/0x10 [ 383.626012][T17329] ? gre_build_header+0x31c/0xa40 [ 383.626044][T17329] ? __pfx_gre_build_header+0x10/0x10 [ 383.626066][T17329] ? iptunnel_handle_offloads+0x2fd/0x630 [ 383.626094][T17329] ipgre_xmit+0x89e/0xc50 [ 383.626126][T17329] ? __pfx_ipgre_xmit+0x10/0x10 [ 383.626159][T17329] dev_hard_start_xmit+0x2d4/0x830 [ 383.626198][T17329] __dev_queue_xmit+0x1b8d/0x3b50 [ 383.626218][T17329] ? do_syscall_64+0xfa/0x3b0 [ 383.626234][T17329] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.626260][T17329] ? __dev_queue_xmit+0x27b/0x3b50 [ 383.626298][T17329] ? __pfx___dev_queue_xmit+0x10/0x10 [ 383.626334][T17329] ? rcu_is_watching+0x15/0xb0 [ 383.626371][T17329] ? pskb_expand_head+0xa70/0x1150 [ 383.626394][T17329] ? __bpf_redirect+0x56d/0xe40 [ 383.626417][T17329] __bpf_tx_skb+0x18e/0x260 [ 383.626442][T17329] bpf_clone_redirect+0x272/0x3d0 [ 383.626465][T17329] ? bpf_test_run+0x197/0x7b0 [ 383.626484][T17329] bpf_prog_208b094576c80b22+0x5f/0x68 [ 383.626506][T17329] ? preempt_schedule+0xae/0xc0 [ 383.626520][T17329] ? bpf_test_run+0x197/0x7b0 [ 383.626539][T17329] ? preempt_schedule_common+0x83/0xd0 [ 383.626556][T17329] ? preempt_schedule+0xae/0xc0 [ 383.626571][T17329] ? __pfx_preempt_schedule+0x10/0x10 [ 383.626589][T17329] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 383.626616][T17329] ? preempt_schedule_thunk+0x16/0x30 [ 383.626647][T17329] ? __local_bh_disable_ip+0xf1/0x190 [ 383.626664][T17329] ? __pfx___cant_migrate+0x10/0x10 [ 383.626678][T17329] ? __local_bh_enable_ip+0x13e/0x1c0 [ 383.626694][T17329] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 383.626715][T17329] ? bpf_test_timer_continue+0x136/0x350 [ 383.626739][T17329] bpf_test_run+0x318/0x7b0 [ 383.626781][T17329] ? __pfx_bpf_test_run+0x10/0x10 [ 383.626825][T17329] ? slab_build_skb+0x273/0x3e0 [ 383.626843][T17329] ? convert___skb_to_skb+0x3d/0x590 [ 383.626865][T17329] bpf_prog_test_run_skb+0xb30/0x1560 [ 383.626900][T17329] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 383.626919][T17329] bpf_prog_test_run+0x2c7/0x340 [ 383.626944][T17329] __sys_bpf+0x581/0x870 [ 383.626967][T17329] ? __pfx___sys_bpf+0x10/0x10 [ 383.627002][T17329] ? ksys_write+0x22a/0x250 [ 383.627025][T17329] ? __pfx_ksys_write+0x10/0x10 [ 383.627042][T17329] ? rcu_is_watching+0x15/0xb0 [ 383.627067][T17329] __x64_sys_bpf+0x7c/0x90 [ 383.627086][T17329] do_syscall_64+0xfa/0x3b0 [ 383.627103][T17329] ? lockdep_hardirqs_on+0x9c/0x150 [ 383.627119][T17329] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.627134][T17329] ? clear_bhb_loop+0x60/0xb0 [ 383.627154][T17329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.627170][T17329] RIP: 0033:0x7fc717d8eec9 [ 383.627186][T17329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 383.627200][T17329] RSP: 002b:00007fc718b61038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 383.627218][T17329] RAX: ffffffffffffffda RBX: 00007fc717fe5fa0 RCX: 00007fc717d8eec9 [ 383.627230][T17329] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 000000000000000a [ 383.627241][T17329] RBP: 00007fc718b61090 R08: 0000000000000000 R09: 0000000000000000 [ 383.627251][T17329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 383.627261][T17329] R13: 00007fc717fe6038 R14: 00007fc717fe5fa0 R15: 00007ffc3b1e6f38 [ 383.627291][T17329] [ 383.943483][T17333] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3497'. [ 384.299062][T17340] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3499'. [ 384.353795][T17345] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3501'. [ 384.369699][T17345] bond0: entered promiscuous mode [ 384.385607][T17345] bond_slave_0: entered promiscuous mode [ 384.391498][T17345] bond_slave_1: entered promiscuous mode [ 384.402474][T17345] bond0: left promiscuous mode [ 384.410663][T17345] bond_slave_0: left promiscuous mode [ 384.448024][T17345] bond_slave_1: left promiscuous mode [ 384.457398][T17352] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3504'. [ 384.459511][T17350] netlink: 'syz.4.3503': attribute type 39 has an invalid length. [ 384.615771][T17360] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3508'. [ 384.626323][T17360] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 384.633960][T17360] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 384.655634][T17357] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3507'. [ 384.656424][T17360] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 384.673279][T17360] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 384.705353][T17357] vlan3: entered promiscuous mode [ 384.711219][T17357] team0: entered promiscuous mode [ 384.716725][T17357] team_slave_0: entered promiscuous mode [ 384.722528][T17357] team_slave_1: entered promiscuous mode [ 384.728409][T17357] bond1: entered promiscuous mode [ 384.735018][T17357] team0: Device vlan3 is already an upper device of the team interface [ 385.323846][T17370] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3513'. [ 385.331413][T17372] netlink: 'syz.2.3511': attribute type 1 has an invalid length. [ 385.370978][T17372] 8021q: adding VLAN 0 to HW filter on device bond2 [ 385.521529][T17372] bond2: (slave wlan0): Enslaving as an active interface with a down link [ 385.547543][T17390] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3517'. [ 385.661957][T17372] veth1: entered promiscuous mode [ 385.673494][T17372] veth1: left promiscuous mode [ 385.680904][T17372] bond2: (slave vlan3): making interface the new active one [ 385.688570][T17372] bond2: (slave wlan0): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 385.707295][T17372] veth1: entered promiscuous mode [ 385.713049][T17372] vlan3: entered promiscuous mode [ 385.718925][T17372] bond2: (slave vlan3): Enslaving as an active interface with an up link [ 385.735699][T17392] bond0: entered promiscuous mode [ 385.741547][T17392] bond_slave_0: entered promiscuous mode [ 385.747667][T17392] bond_slave_1: entered promiscuous mode [ 385.755707][T17392] bond0: left promiscuous mode [ 385.760589][T17392] bond_slave_0: left promiscuous mode [ 385.766508][T17392] bond_slave_1: left promiscuous mode [ 385.977651][T17411] netlink: 'syz.1.3525': attribute type 13 has an invalid length. [ 385.988742][T17411] netlink: 'syz.1.3525': attribute type 17 has an invalid length. [ 386.095024][T17411] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 386.127383][T17407] vlan4: entered promiscuous mode [ 386.155362][T17407] team0: Device vlan4 is already an upper device of the team interface [ 386.236462][T17419] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 386.578967][T17441] IPv6: NLM_F_CREATE should be specified when creating new route [ 386.606402][T17438] veth17: entered promiscuous mode [ 387.251128][T17464] bridge_slave_1 (unregistering): left allmulticast mode [ 387.263737][T17464] bridge_slave_1 (unregistering): left promiscuous mode [ 387.271781][T17464] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.320100][T17469] vlan4: entered promiscuous mode [ 387.333020][T17469] team0: Device vlan4 is already an upper device of the team interface [ 388.174498][ T55] block nbd1: Possible stuck request ffff888025245080: control (read@0,1024B). Runtime 270 seconds [ 388.185306][ T55] block nbd1: Possible stuck request ffff888025245240: control (read@1024,1024B). Runtime 270 seconds [ 388.196469][ T55] block nbd1: Possible stuck request ffff888025245400: control (read@2048,1024B). Runtime 270 seconds [ 388.207497][ T55] block nbd1: Possible stuck request ffff8880252455c0: control (read@3072,1024B). Runtime 270 seconds [ 388.564351][T17510] __nla_validate_parse: 17 callbacks suppressed [ 388.564371][T17510] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3556'. [ 388.677669][T17289] vlan2: left promiscuous mode [ 388.687128][T17515] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3558'. [ 388.955718][T17533] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3565'. [ 389.861448][T17579] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3580'. [ 389.943785][T17588] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3582'. [ 389.948657][T17586] macvtap1: entered allmulticast mode [ 389.966730][T17586] veth0_macvtap: entered allmulticast mode [ 390.239627][T17601] bond2: (slave wlan0): Releasing active interface [ 390.254953][T17601] bond2: (slave wlan0): the permanent HWaddr of slave - 08:02:11:00:00:00 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 390.372209][T17605] netlink: 830 bytes leftover after parsing attributes in process `syz.1.3591'. [ 390.388400][T17606] netlink: 830 bytes leftover after parsing attributes in process `syz.1.3591'. [ 390.400160][T17605] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3591'. [ 390.417748][T17606] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3591'. [ 390.444480][T17611] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3592'. [ 390.464667][T17611] vlan4: entered promiscuous mode [ 390.471686][T17611] team0: Device vlan4 is already an upper device of the team interface [ 390.865902][T17622] bond0: entered promiscuous mode [ 390.877612][T17622] bond_slave_0: entered promiscuous mode [ 390.890385][T17622] bond_slave_1: entered promiscuous mode [ 390.924629][T17622] bond0: left promiscuous mode [ 390.944937][T17622] bond_slave_0: left promiscuous mode [ 390.971529][T17622] bond_slave_1: left promiscuous mode [ 390.999661][T17632] netlink: 'syz.3.3600': attribute type 4 has an invalid length. [ 391.138559][T17637] 8021q: adding VLAN 0 to HW filter on device bond3 [ 391.146557][T17637] bond3: entered promiscuous mode [ 391.153061][T17637] team0: Port device bond3 added [ 391.161827][T17640] netlink: 'syz.3.3602': attribute type 1 has an invalid length. [ 391.259063][T17640] 8021q: adding VLAN 0 to HW filter on device bond1 [ 391.344293][T17293] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 391.372178][T17293] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 391.535610][T17659] FAULT_INJECTION: forcing a failure. [ 391.535610][T17659] name failslab, interval 1, probability 0, space 0, times 0 [ 391.549021][T17659] CPU: 1 UID: 0 PID: 17659 Comm: syz.3.3611 Not tainted syzkaller #0 PREEMPT(full) [ 391.549046][T17659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 391.549057][T17659] Call Trace: [ 391.549064][T17659] [ 391.549072][T17659] dump_stack_lvl+0x189/0x250 [ 391.549096][T17659] ? __pfx____ratelimit+0x10/0x10 [ 391.549115][T17659] ? __pfx_dump_stack_lvl+0x10/0x10 [ 391.549133][T17659] ? __pfx__printk+0x10/0x10 [ 391.549160][T17659] ? __pfx___might_resched+0x10/0x10 [ 391.549180][T17659] should_fail_ex+0x414/0x560 [ 391.549208][T17659] should_failslab+0xa8/0x100 [ 391.549238][T17659] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 391.549261][T17659] ? __alloc_skb+0x112/0x2d0 [ 391.549285][T17659] __alloc_skb+0x112/0x2d0 [ 391.549308][T17659] netlink_sendmsg+0x5c6/0xb30 [ 391.549338][T17659] ? __pfx_netlink_sendmsg+0x10/0x10 [ 391.549360][T17659] ? aa_sock_msg_perm+0xf1/0x1d0 [ 391.549387][T17659] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 391.549404][T17659] ? __pfx_netlink_sendmsg+0x10/0x10 [ 391.549424][T17659] __sock_sendmsg+0x21c/0x270 [ 391.549445][T17659] ____sys_sendmsg+0x505/0x830 [ 391.549472][T17659] ? __pfx_____sys_sendmsg+0x10/0x10 [ 391.549502][T17659] ? import_iovec+0x74/0xa0 [ 391.549527][T17659] ___sys_sendmsg+0x21f/0x2a0 [ 391.549550][T17659] ? __pfx____sys_sendmsg+0x10/0x10 [ 391.549605][T17659] ? __fget_files+0x2a/0x420 [ 391.549620][T17659] ? __fget_files+0x3a0/0x420 [ 391.549647][T17659] __x64_sys_sendmsg+0x19b/0x260 [ 391.549671][T17659] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 391.549702][T17659] ? __pfx_ksys_write+0x10/0x10 [ 391.549721][T17659] ? rcu_is_watching+0x15/0xb0 [ 391.549743][T17659] ? do_syscall_64+0xbe/0x3b0 [ 391.549764][T17659] do_syscall_64+0xfa/0x3b0 [ 391.549781][T17659] ? lockdep_hardirqs_on+0x9c/0x150 [ 391.549797][T17659] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.549814][T17659] ? clear_bhb_loop+0x60/0xb0 [ 391.549834][T17659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.549850][T17659] RIP: 0033:0x7f100598eec9 [ 391.549865][T17659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 391.549879][T17659] RSP: 002b:00007f10067eb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 391.549897][T17659] RAX: ffffffffffffffda RBX: 00007f1005be5fa0 RCX: 00007f100598eec9 [ 391.549910][T17659] RDX: 000000002000c000 RSI: 0000200000000200 RDI: 0000000000000003 [ 391.549921][T17659] RBP: 00007f10067eb090 R08: 0000000000000000 R09: 0000000000000000 [ 391.549931][T17659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 391.549941][T17659] R13: 00007f1005be6038 R14: 00007f1005be5fa0 R15: 00007ffc436f6498 [ 391.549971][T17659] [ 392.892592][T17689] netlink: 'syz.4.3623': attribute type 2 has an invalid length. [ 393.022405][T17678] netlink: 'syz.1.3620': attribute type 1 has an invalid length. [ 393.029411][T17680] netlink: 'syz.1.3620': attribute type 1 has an invalid length. [ 393.104093][T17680] 8021q: adding VLAN 0 to HW filter on device bond2 [ 393.139191][T17678] bond2: (slave veth7): Enslaving as an active interface with a down link [ 393.212412][T17678] bond2: (slave dummy0): making interface the new active one [ 393.279967][T17678] dummy0: entered promiscuous mode [ 393.293856][T17678] bond2: (slave dummy0): Enslaving as an active interface with an up link [ 393.626075][T17711] __nla_validate_parse: 8 callbacks suppressed [ 393.626093][T17711] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3632'. [ 393.645303][T17709] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3631'. [ 393.655559][T17709] syzkaller1: entered promiscuous mode [ 393.661049][T17709] syzkaller1: entered allmulticast mode [ 393.700603][T17715] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3633'. [ 393.713212][T17715] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3633'. [ 393.897690][T17724] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3636'. [ 393.911166][T17727] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3638'. [ 394.155133][T17746] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3642'. [ 394.223697][T17753] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3645'. [ 394.443109][T17763] FAULT_INJECTION: forcing a failure. [ 394.443109][T17763] name failslab, interval 1, probability 0, space 0, times 0 [ 394.473406][T17763] CPU: 1 UID: 0 PID: 17763 Comm: syz.2.3646 Not tainted syzkaller #0 PREEMPT(full) [ 394.473431][T17763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 394.473442][T17763] Call Trace: [ 394.473448][T17763] [ 394.473456][T17763] dump_stack_lvl+0x189/0x250 [ 394.473479][T17763] ? __pfx____ratelimit+0x10/0x10 [ 394.473498][T17763] ? __pfx_dump_stack_lvl+0x10/0x10 [ 394.473516][T17763] ? __pfx__printk+0x10/0x10 [ 394.473540][T17763] ? __lock_acquire+0xab9/0xd20 [ 394.473572][T17763] should_fail_ex+0x414/0x560 [ 394.473600][T17763] should_failslab+0xa8/0x100 [ 394.473625][T17763] kmem_cache_alloc_noprof+0x73/0x3c0 [ 394.473644][T17763] ? skb_clone+0x212/0x3a0 [ 394.473669][T17763] skb_clone+0x212/0x3a0 [ 394.473693][T17763] __netlink_deliver_tap+0x404/0x850 [ 394.473723][T17763] ? netlink_deliver_tap+0x2e/0x1b0 [ 394.473744][T17763] netlink_deliver_tap+0x19c/0x1b0 [ 394.473763][T17763] netlink_unicast+0x7fa/0x9e0 [ 394.473788][T17763] ? __pfx_netlink_unicast+0x10/0x10 [ 394.473805][T17763] ? netlink_sendmsg+0x642/0xb30 [ 394.473819][T17763] ? skb_put+0x11b/0x210 [ 394.473840][T17763] netlink_sendmsg+0x805/0xb30 [ 394.473877][T17763] ? __pfx_netlink_sendmsg+0x10/0x10 [ 394.473900][T17763] ? aa_sock_msg_perm+0xf1/0x1d0 [ 394.473919][T17763] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 394.473937][T17763] ? __pfx_netlink_sendmsg+0x10/0x10 [ 394.473957][T17763] __sock_sendmsg+0x21c/0x270 [ 394.473978][T17763] ____sys_sendmsg+0x505/0x830 [ 394.474004][T17763] ? __pfx_____sys_sendmsg+0x10/0x10 [ 394.474034][T17763] ? import_iovec+0x74/0xa0 [ 394.474059][T17763] ___sys_sendmsg+0x21f/0x2a0 [ 394.474086][T17763] ? __pfx____sys_sendmsg+0x10/0x10 [ 394.474146][T17763] ? __fget_files+0x2a/0x420 [ 394.474159][T17763] ? __fget_files+0x3a0/0x420 [ 394.474185][T17763] __x64_sys_sendmsg+0x19b/0x260 [ 394.474206][T17763] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 394.474235][T17763] ? __pfx_ksys_write+0x10/0x10 [ 394.474252][T17763] ? rcu_is_watching+0x15/0xb0 [ 394.474276][T17763] ? do_syscall_64+0xbe/0x3b0 [ 394.474299][T17763] do_syscall_64+0xfa/0x3b0 [ 394.474316][T17763] ? lockdep_hardirqs_on+0x9c/0x150 [ 394.474332][T17763] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.474349][T17763] ? clear_bhb_loop+0x60/0xb0 [ 394.474369][T17763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.474385][T17763] RIP: 0033:0x7fc717d8eec9 [ 394.474402][T17763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 394.474417][T17763] RSP: 002b:00007fc718b40038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 394.474436][T17763] RAX: ffffffffffffffda RBX: 00007fc717fe6090 RCX: 00007fc717d8eec9 [ 394.474450][T17763] RDX: 000000002000c000 RSI: 0000200000000200 RDI: 0000000000000003 [ 394.474461][T17763] RBP: 00007fc718b40090 R08: 0000000000000000 R09: 0000000000000000 [ 394.474473][T17763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 394.474482][T17763] R13: 00007fc717fe6128 R14: 00007fc717fe6090 R15: 00007ffc3b1e6f38 [ 394.474513][T17763] [ 394.935989][T17770] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3652'. [ 395.659074][T17808] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3662'. [ 395.821730][T17815] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 397.573777][T17888] 8021q: adding VLAN 0 to HW filter on device bond3 [ 397.582158][T17888] bond3: entered promiscuous mode [ 397.606711][T17888] team0: Port device bond3 added [ 398.087379][T17905] bond1: (slave wlan0): Releasing active interface [ 398.093948][T17905] bond1: (slave wlan0): the permanent HWaddr of slave - 08:02:11:00:00:00 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 398.127179][T17905] vlan2: entered promiscuous mode [ 398.257855][T17915] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 398.400535][T17921] 8021q: adding VLAN 0 to HW filter on device bond2 [ 398.409842][T17921] team0: Port device bond2 added [ 398.492952][T17925] bond4: entered promiscuous mode [ 398.510164][T17925] bond4: entered allmulticast mode [ 398.517825][T17925] 8021q: adding VLAN 0 to HW filter on device bond4 [ 398.729935][T17939] __nla_validate_parse: 14 callbacks suppressed [ 398.729954][T17939] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3707'. [ 399.073564][T17957] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3713'. [ 399.330699][T17970] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3719'. [ 399.342818][T17970] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3719'. [ 399.355719][T17973] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3721'. [ 399.380153][T17973] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3721'. [ 400.184518][T18019] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3732'. [ 400.200705][T18021] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3733'. [ 400.484538][T18027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3736'. [ 400.586230][T18033] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3738'. [ 401.495612][T18067] syz_tun: entered promiscuous mode [ 401.529640][T18067] syz_tun: left promiscuous mode [ 401.775548][T18073] netlink: 'syz.2.3754': attribute type 11 has an invalid length. [ 401.832552][T18073] netlink: 'syz.2.3754': attribute type 11 has an invalid length. [ 401.853459][T17293] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 401.874379][T17293] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 401.893969][T17293] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 401.914944][T17293] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 402.000168][T15458] IPVS: starting estimator thread 0... [ 402.081057][T17283] vlan3: left promiscuous mode [ 402.114382][T18086] IPVS: using max 34 ests per chain, 81600 per kthread [ 402.237460][ T1166] block nbd4: Possible stuck request ffff8880252f0000: control (read@0,1024B). Runtime 30 seconds [ 402.249455][ T1166] block nbd4: Possible stuck request ffff8880252f01c0: control (read@1024,1024B). Runtime 30 seconds [ 402.260497][ T1166] block nbd4: Possible stuck request ffff8880252f0380: control (read@2048,1024B). Runtime 30 seconds [ 402.271895][ T1166] block nbd4: Possible stuck request ffff8880252f0540: control (read@3072,1024B). Runtime 30 seconds [ 402.438187][T18112] FAULT_INJECTION: forcing a failure. [ 402.438187][T18112] name failslab, interval 1, probability 0, space 0, times 0 [ 402.456208][T18112] CPU: 0 UID: 0 PID: 18112 Comm: syz.2.3769 Not tainted syzkaller #0 PREEMPT(full) [ 402.456234][T18112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 402.456244][T18112] Call Trace: [ 402.456251][T18112] [ 402.456259][T18112] dump_stack_lvl+0x189/0x250 [ 402.456283][T18112] ? __pfx____ratelimit+0x10/0x10 [ 402.456302][T18112] ? __pfx_dump_stack_lvl+0x10/0x10 [ 402.456321][T18112] ? __pfx__printk+0x10/0x10 [ 402.456344][T18112] ? __lock_acquire+0xab9/0xd20 [ 402.456375][T18112] should_fail_ex+0x414/0x560 [ 402.456403][T18112] should_failslab+0xa8/0x100 [ 402.456427][T18112] kmem_cache_alloc_noprof+0x73/0x3c0 [ 402.456446][T18112] ? skb_clone+0x212/0x3a0 [ 402.456471][T18112] skb_clone+0x212/0x3a0 [ 402.456496][T18112] __netlink_deliver_tap+0x404/0x850 [ 402.456526][T18112] ? netlink_deliver_tap+0x2e/0x1b0 [ 402.456545][T18112] netlink_deliver_tap+0x19c/0x1b0 [ 402.456565][T18112] netlink_unicast+0x7fa/0x9e0 [ 402.456589][T18112] ? __pfx_netlink_unicast+0x10/0x10 [ 402.456617][T18112] ? netlink_sendmsg+0x642/0xb30 [ 402.456633][T18112] ? skb_put+0x11b/0x210 [ 402.456653][T18112] netlink_sendmsg+0x805/0xb30 [ 402.456680][T18112] ? __pfx_netlink_sendmsg+0x10/0x10 [ 402.456702][T18112] ? aa_sock_msg_perm+0xf1/0x1d0 [ 402.456721][T18112] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 402.456737][T18112] ? __pfx_netlink_sendmsg+0x10/0x10 [ 402.456756][T18112] __sock_sendmsg+0x21c/0x270 [ 402.456775][T18112] ____sys_sendmsg+0x505/0x830 [ 402.456801][T18112] ? __pfx_____sys_sendmsg+0x10/0x10 [ 402.456830][T18112] ? import_iovec+0x74/0xa0 [ 402.456855][T18112] ___sys_sendmsg+0x21f/0x2a0 [ 402.456878][T18112] ? __pfx____sys_sendmsg+0x10/0x10 [ 402.456933][T18112] ? __fget_files+0x2a/0x420 [ 402.456947][T18112] ? __fget_files+0x3a0/0x420 [ 402.456974][T18112] __x64_sys_sendmsg+0x19b/0x260 [ 402.456998][T18112] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 402.457024][T18112] ? __pfx_ksys_write+0x10/0x10 [ 402.457041][T18112] ? rcu_is_watching+0x15/0xb0 [ 402.457062][T18112] ? do_syscall_64+0xbe/0x3b0 [ 402.457084][T18112] do_syscall_64+0xfa/0x3b0 [ 402.457100][T18112] ? lockdep_hardirqs_on+0x9c/0x150 [ 402.457117][T18112] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.457133][T18112] ? clear_bhb_loop+0x60/0xb0 [ 402.457153][T18112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.457169][T18112] RIP: 0033:0x7fc717d8eec9 [ 402.457185][T18112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 402.457199][T18112] RSP: 002b:00007fc718b61038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 402.457218][T18112] RAX: ffffffffffffffda RBX: 00007fc717fe5fa0 RCX: 00007fc717d8eec9 [ 402.457230][T18112] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 402.457241][T18112] RBP: 00007fc718b61090 R08: 0000000000000000 R09: 0000000000000000 [ 402.457251][T18112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 402.457261][T18112] R13: 00007fc717fe6038 R14: 00007fc717fe5fa0 R15: 00007ffc3b1e6f38 [ 402.457290][T18112] [ 402.460568][T18104] bond4: (slave wlan0): Releasing active interface [ 402.633443][T18121] sctp: [Deprecated]: syz.1.3772 (pid 18121) Use of int in maxseg socket option. [ 402.633443][T18121] Use struct sctp_assoc_value instead [ 403.048180][T18142] tipc: Started in network mode [ 403.054399][T18142] tipc: Node identity fa7a5d4eda5d, cluster identity 4711 [ 403.061798][T18142] tipc: Enabled bearer , priority 0 [ 403.084641][T18142] syzkaller0: entered promiscuous mode [ 403.093425][T18142] syzkaller0: entered allmulticast mode [ 403.180393][T18143] tipc: Resetting bearer [ 403.258151][T18143] tipc: Disabling bearer [ 403.478336][T18169] netlink: 'syz.3.3786': attribute type 1 has an invalid length. [ 403.540158][T18169] bond3: (slave geneve2): making interface the new active one [ 403.550223][ T30] audit: type=1800 audit(1758628721.653:7): pid=18166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3783" name="memory.events" dev="tmpfs" ino=1138 res=0 errno=0 [ 403.551245][T18169] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 403.597099][T17292] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 403.614399][T17292] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 403.624658][T17292] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 403.633479][T17292] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 403.652199][T18169] 8021q: adding VLAN 0 to HW filter on device bond3 [ 403.738952][T18177] __nla_validate_parse: 20 callbacks suppressed [ 403.738971][T18177] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3788'. [ 403.882358][T18184] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3790'. [ 404.062281][T18197] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3794'. [ 404.350544][T18210] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3798'. [ 404.359134][T18213] netlink: 1 bytes leftover after parsing attributes in process `syz.1.3801'. [ 404.399610][T18213] netlink: 'syz.1.3801': attribute type 6 has an invalid length. [ 404.469631][T18220] tc_dump_action: action bad kind [ 404.644874][T18229] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3807'. [ 404.722978][T18231] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 404.737660][T18231] netlink: 14 bytes leftover after parsing attributes in process `syz.1.3808'. [ 404.832529][T18242] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 404.889399][T18247] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3811'. [ 404.920532][T18249] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3812'. [ 405.085760][T18253] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3813'. [ 405.110239][T18231] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 405.126156][T18231] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 405.139383][T18231] bond0 (unregistering): Released all slaves [ 405.354701][T18264] xt_l2tp: wrong L2TP version: 1 [ 405.485865][T17292] dummy0: left promiscuous mode [ 405.487054][T18273] netlink: 'syz.1.3821': attribute type 1 has an invalid length. [ 405.592577][T18273] 8021q: adding VLAN 0 to HW filter on device bond0 [ 405.845765][T18277] 8021q: adding VLAN 0 to HW filter on device bond0 [ 405.862183][T18277] bond0: (slave vxcan5): The slave device specified does not support setting the MAC address [ 405.898661][T18277] bond0: (slave vxcan5): Error -95 calling set_mac_address [ 405.980713][T18273] veth9: entered promiscuous mode [ 405.996913][T18273] bond0: (slave veth9): Enslaving as an active interface with a down link [ 406.288643][T18316] FAULT_INJECTION: forcing a failure. [ 406.288643][T18316] name failslab, interval 1, probability 0, space 0, times 0 [ 406.301353][T18316] CPU: 0 UID: 0 PID: 18316 Comm: syz.3.3832 Not tainted syzkaller #0 PREEMPT(full) [ 406.301377][T18316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 406.301388][T18316] Call Trace: [ 406.301396][T18316] [ 406.301406][T18316] dump_stack_lvl+0x189/0x250 [ 406.301430][T18316] ? __pfx____ratelimit+0x10/0x10 [ 406.301450][T18316] ? __pfx_dump_stack_lvl+0x10/0x10 [ 406.301469][T18316] ? __pfx__printk+0x10/0x10 [ 406.301508][T18316] should_fail_ex+0x414/0x560 [ 406.301537][T18316] should_failslab+0xa8/0x100 [ 406.301561][T18316] kmem_cache_alloc_noprof+0x73/0x3c0 [ 406.301582][T18316] ? skb_clone+0x212/0x3a0 [ 406.301607][T18316] skb_clone+0x212/0x3a0 [ 406.301633][T18316] maybe_deliver+0x98/0x160 [ 406.301658][T18316] br_flood+0x31a/0x6a0 [ 406.301688][T18316] ? br_dev_xmit+0x185/0x1840 [ 406.301704][T18316] br_dev_xmit+0x11b3/0x1840 [ 406.301720][T18316] ? kernel_text_address+0xa5/0xe0 [ 406.301741][T18316] ? br_dev_xmit+0x185/0x1840 [ 406.301767][T18316] ? __pfx_br_dev_xmit+0x10/0x10 [ 406.301780][T18316] ? validate_xmit_xfrm+0xbf/0x1160 [ 406.301808][T18316] ? __pfx_validate_xmit_xfrm+0x10/0x10 [ 406.301831][T18316] ? __lock_acquire+0xab9/0xd20 [ 406.301872][T18316] dev_hard_start_xmit+0x2d4/0x830 [ 406.301912][T18316] __dev_queue_xmit+0x1b8d/0x3b50 [ 406.301947][T18316] ? __dev_queue_xmit+0x27b/0x3b50 [ 406.301979][T18316] ? lockdep_hardirqs_on+0x9c/0x150 [ 406.302001][T18316] ? __pfx___dev_queue_xmit+0x10/0x10 [ 406.302024][T18316] ? stack_depot_save_flags+0x40/0x860 [ 406.302045][T18316] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 406.302071][T18316] ? __lock_acquire+0xab9/0xd20 [ 406.302096][T18316] ? __lock_acquire+0xab9/0xd20 [ 406.302142][T18316] ? ip_finish_output2+0xae7/0x1160 [ 406.302165][T18316] ip_finish_output2+0xd03/0x1160 [ 406.302181][T18316] ? ip_skb_dst_mtu+0x18d/0xb70 [ 406.302209][T18316] ? ip_finish_output2+0x452/0x1160 [ 406.302229][T18316] ? __pfx_ip_finish_output2+0x10/0x10 [ 406.302250][T18316] ? ip_skb_dst_mtu+0x917/0xb70 [ 406.302275][T18316] ? ip_finish_output+0x33a/0x3f0 [ 406.302300][T18316] iptunnel_xmit+0x5f8/0xa90 [ 406.302341][T18316] ip_tunnel_xmit+0x1c41/0x2390 [ 406.302397][T18316] ? __pfx_ip_tunnel_xmit+0x10/0x10 [ 406.302411][T18316] ? gre_build_header+0x31c/0xa40 [ 406.302445][T18316] ? __pfx_gre_build_header+0x10/0x10 [ 406.302468][T18316] ? iptunnel_handle_offloads+0x2fd/0x630 [ 406.302497][T18316] ipgre_xmit+0x89e/0xc50 [ 406.302532][T18316] ? __pfx_ipgre_xmit+0x10/0x10 [ 406.302566][T18316] dev_hard_start_xmit+0x2d4/0x830 [ 406.302608][T18316] __dev_queue_xmit+0x1b8d/0x3b50 [ 406.302628][T18316] ? do_syscall_64+0xfa/0x3b0 [ 406.302644][T18316] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.302670][T18316] ? __dev_queue_xmit+0x27b/0x3b50 [ 406.302709][T18316] ? __pfx___dev_queue_xmit+0x10/0x10 [ 406.302747][T18316] ? rcu_is_watching+0x15/0xb0 [ 406.302784][T18316] ? pskb_expand_head+0xa70/0x1150 [ 406.302807][T18316] ? __bpf_redirect+0x56d/0xe40 [ 406.302832][T18316] __bpf_tx_skb+0x18e/0x260 [ 406.302857][T18316] bpf_clone_redirect+0x272/0x3d0 [ 406.302881][T18316] ? bpf_test_run+0x197/0x7b0 [ 406.302901][T18316] bpf_prog_208b094576c80b22+0x5f/0x68 [ 406.302924][T18316] ? ktime_get+0x3e/0x1f0 [ 406.302955][T18316] ? __pfx_do_softirq+0x10/0x10 [ 406.302972][T18316] ? ktime_get+0x3e/0x1f0 [ 406.302987][T18316] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 406.303016][T18316] ? __local_bh_disable_ip+0xf1/0x190 [ 406.303033][T18316] ? __pfx___cant_migrate+0x10/0x10 [ 406.303048][T18316] ? __local_bh_enable_ip+0x12d/0x1c0 [ 406.303065][T18316] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 406.303087][T18316] ? bpf_test_timer_continue+0x136/0x350 [ 406.303112][T18316] bpf_test_run+0x318/0x7b0 [ 406.303157][T18316] ? __pfx_bpf_test_run+0x10/0x10 [ 406.303205][T18316] ? slab_build_skb+0x273/0x3e0 [ 406.303224][T18316] ? convert___skb_to_skb+0x3d/0x590 [ 406.303246][T18316] bpf_prog_test_run_skb+0xb30/0x1560 [ 406.303284][T18316] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 406.303305][T18316] bpf_prog_test_run+0x2c7/0x340 [ 406.303332][T18316] __sys_bpf+0x581/0x870 [ 406.303361][T18316] ? __pfx___sys_bpf+0x10/0x10 [ 406.303398][T18316] ? ksys_write+0x22a/0x250 [ 406.303422][T18316] ? __pfx_ksys_write+0x10/0x10 [ 406.303441][T18316] ? rcu_is_watching+0x15/0xb0 [ 406.303466][T18316] __x64_sys_bpf+0x7c/0x90 [ 406.303487][T18316] do_syscall_64+0xfa/0x3b0 [ 406.303503][T18316] ? lockdep_hardirqs_on+0x9c/0x150 [ 406.303520][T18316] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.303536][T18316] ? clear_bhb_loop+0x60/0xb0 [ 406.303558][T18316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.303574][T18316] RIP: 0033:0x7f100598eec9 [ 406.303590][T18316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 406.303604][T18316] RSP: 002b:00007f10067eb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 406.303623][T18316] RAX: ffffffffffffffda RBX: 00007f1005be5fa0 RCX: 00007f100598eec9 [ 406.303636][T18316] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 000000000000000a [ 406.303647][T18316] RBP: 00007f10067eb090 R08: 0000000000000000 R09: 0000000000000000 [ 406.303657][T18316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 406.303668][T18316] R13: 00007f1005be6038 R14: 00007f1005be5fa0 R15: 00007ffc436f6498 [ 406.303700][T18316] [ 407.295190][T18352] FAULT_INJECTION: forcing a failure. [ 407.295190][T18352] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 407.312345][T18352] CPU: 0 UID: 0 PID: 18352 Comm: syz.3.3850 Not tainted syzkaller #0 PREEMPT(full) [ 407.312368][T18352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 407.312378][T18352] Call Trace: [ 407.312385][T18352] [ 407.312393][T18352] dump_stack_lvl+0x189/0x250 [ 407.312418][T18352] ? __pfx____ratelimit+0x10/0x10 [ 407.312436][T18352] ? __pfx_dump_stack_lvl+0x10/0x10 [ 407.312454][T18352] ? __pfx__printk+0x10/0x10 [ 407.312487][T18352] should_fail_ex+0x414/0x560 [ 407.312515][T18352] _copy_to_user+0x31/0xb0 [ 407.312535][T18352] simple_read_from_buffer+0xe1/0x170 [ 407.312561][T18352] proc_fail_nth_read+0x1b3/0x220 [ 407.312584][T18352] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 407.312605][T18352] ? rw_verify_area+0x2a6/0x4d0 [ 407.312623][T18352] ? __lock_acquire+0xab9/0xd20 [ 407.312643][T18352] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 407.312663][T18352] vfs_read+0x1fd/0xa30 [ 407.312682][T18352] ? fdget_pos+0x247/0x320 [ 407.312702][T18352] ? __pfx___mutex_lock+0x10/0x10 [ 407.312720][T18352] ? __pfx_vfs_read+0x10/0x10 [ 407.312741][T18352] ? __fget_files+0x2a/0x420 [ 407.312761][T18352] ? __fget_files+0x3a0/0x420 [ 407.312775][T18352] ? __fget_files+0x2a/0x420 [ 407.312800][T18352] ksys_read+0x145/0x250 [ 407.312821][T18352] ? __pfx_ksys_read+0x10/0x10 [ 407.312836][T18352] ? rcu_is_watching+0x15/0xb0 [ 407.312857][T18352] ? do_syscall_64+0xbe/0x3b0 [ 407.312878][T18352] do_syscall_64+0xfa/0x3b0 [ 407.312892][T18352] ? lockdep_hardirqs_on+0x9c/0x150 [ 407.312907][T18352] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.312922][T18352] ? clear_bhb_loop+0x60/0xb0 [ 407.312941][T18352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.312954][T18352] RIP: 0033:0x7f100598d8dc [ 407.312970][T18352] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 407.312984][T18352] RSP: 002b:00007f10067eb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 407.313001][T18352] RAX: ffffffffffffffda RBX: 00007f1005be5fa0 RCX: 00007f100598d8dc [ 407.313014][T18352] RDX: 000000000000000f RSI: 00007f10067eb0a0 RDI: 0000000000000004 [ 407.313034][T18352] RBP: 00007f10067eb090 R08: 0000000000000000 R09: 0000000000000000 [ 407.313044][T18352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 407.313054][T18352] R13: 00007f1005be6038 R14: 00007f1005be5fa0 R15: 00007ffc436f6498 [ 407.313080][T18352] [ 407.802055][T18368] erspan0: entered promiscuous mode [ 407.811301][T18368] macvtap2: entered promiscuous mode [ 407.838251][T18368] macvtap2: entered allmulticast mode [ 407.852774][T18368] erspan0: entered allmulticast mode [ 408.096499][T18377] vlan4: entered promiscuous mode [ 408.101577][T18377] syz_tun: entered promiscuous mode [ 408.666975][T18416] netlink: 'syz.2.3870': attribute type 4 has an invalid length. [ 408.763566][T18421] netlink: 'syz.2.3870': attribute type 4 has an invalid length. [ 409.917913][T17289] vlan2: left promiscuous mode [ 410.734306][T17289] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 410.754327][T17289] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 410.762555][T17289] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 410.820329][T17289] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 411.249777][T18474] __nla_validate_parse: 23 callbacks suppressed [ 411.249796][T18474] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3888'. [ 411.271431][T18473] netlink: 'syz.3.3887': attribute type 1 has an invalid length. [ 411.357100][T18473] 8021q: adding VLAN 0 to HW filter on device bond4 [ 411.381428][T18474] bond0: entered promiscuous mode [ 411.387007][T18474] bond_slave_0: entered promiscuous mode [ 411.392881][T18474] bond_slave_1: entered promiscuous mode [ 411.403658][T18474] batadv0: entered promiscuous mode [ 411.415300][T18474] debugfs: 'hsr1' already exists in 'hsr' [ 411.417466][T18485] netlink: 'syz.4.3891': attribute type 4 has an invalid length. [ 411.424676][T18474] Cannot create hsr debugfs directory [ 411.441172][T18474] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network [ 411.452268][T18474] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 411.473246][T18489] netlink: 'syz.4.3891': attribute type 4 has an invalid length. [ 411.514144][T18492] netlink: 248 bytes leftover after parsing attributes in process `syz.1.3892'. [ 411.525388][T18479] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3890'. [ 411.573212][T18481] 8021q: adding VLAN 0 to HW filter on device bond4 [ 411.589138][T18481] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address [ 411.603888][T18481] bond4: (slave vxcan3): Error -95 calling set_mac_address [ 411.713328][T18498] netlink: 'syz.0.3893': attribute type 1 has an invalid length. [ 411.722240][T18473] veth5: entered promiscuous mode [ 411.731219][T18473] bond4: (slave veth5): Enslaving as an active interface with a down link [ 411.762941][T18487] macsec1: entered promiscuous mode [ 411.781055][T18487] macsec0: entered promiscuous mode [ 411.788806][T18487] macsec1: entered allmulticast mode [ 411.801253][T18487] macsec0: entered allmulticast mode [ 411.811402][T18487] veth1_macvtap: entered allmulticast mode [ 411.908416][T18498] 8021q: adding VLAN 0 to HW filter on device bond2 [ 411.927781][T18496] bond2: (slave vlan0): Opening slave failed [ 411.955579][T18509] netlink: 'syz.4.3896': attribute type 10 has an invalid length. [ 412.135449][T18517] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3899'. [ 413.508940][T18507] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3896'. [ 413.538594][T18509] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 413.555371][T18509] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 413.761031][T18529] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3906'. [ 413.903668][T18540] netlink: 'syz.4.3908': attribute type 4 has an invalid length. [ 413.912692][T18540] netlink: 'syz.4.3908': attribute type 4 has an invalid length. [ 414.042996][T18545] Bluetooth: MGMT ver 1.23 [ 414.223794][T18557] netlink: 'syz.4.3914': attribute type 1 has an invalid length. [ 414.279396][T18557] 8021q: adding VLAN 0 to HW filter on device bond5 [ 414.320848][T18557] bond5: (slave wlan0): Enslaving as an active interface with a down link [ 414.580486][T18572] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 414.673393][T18578] delete_channel: no stack [ 415.219320][T18598] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3929'. [ 415.273451][T18601] netlink: 'syz.3.3930': attribute type 1 has an invalid length. [ 415.387735][T18601] 8021q: adding VLAN 0 to HW filter on device bond5 [ 415.452563][T18615] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3933'. [ 415.479490][T18617] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3936'. [ 415.496796][T18603] bond5: (slave wlan0): Enslaving as an active interface with a down link [ 415.512818][T18612] veth1: entered promiscuous mode [ 415.519365][T18612] veth1: left promiscuous mode [ 415.526575][T18612] bond5: (slave vlan2): making interface the new active one [ 415.534873][T18612] bond5: (slave wlan0): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 415.553663][T18612] veth1: entered promiscuous mode [ 415.565339][T18612] vlan2: entered promiscuous mode [ 415.571265][T18612] bond5: (slave vlan2): Enslaving as an active interface with an up link [ 415.711051][T18626] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3938'. [ 415.733042][T18626] bond0: entered promiscuous mode [ 415.740100][T18626] batadv0: entered promiscuous mode [ 415.746730][T18626] debugfs: 'hsr1' already exists in 'hsr' [ 415.752785][T18626] Cannot create hsr debugfs directory [ 415.758760][T18626] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 415.774684][T18626] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 415.800186][T18634] netlink: 'syz.2.3941': attribute type 4 has an invalid length. [ 415.819936][T18634] netlink: 'syz.2.3941': attribute type 4 has an invalid length. [ 416.430158][T18671] veth0_macvtap: mtu less than device minimum [ 416.732607][T18699] netlink: 'syz.1.3965': attribute type 1 has an invalid length. [ 416.745195][T18698] __nla_validate_parse: 3 callbacks suppressed [ 416.745214][T18698] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3966'. [ 416.775800][T18699] 8021q: adding VLAN 0 to HW filter on device bond6 [ 416.812555][T18701] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3967'. [ 417.078587][T18716] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3971'. [ 417.112739][T18719] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3972'. [ 417.230094][T18722] netlink: 'syz.1.3973': attribute type 4 has an invalid length. [ 417.270927][T18722] netlink: 'syz.1.3973': attribute type 4 has an invalid length. [ 417.433183][T18737] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3979'. [ 417.562620][T18748] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3984'. [ 417.600825][T18748] netlink: 'syz.1.3984': attribute type 2 has an invalid length. [ 417.719343][T18758] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3989'. [ 417.800256][T18755] block nbd5: server does not support multiple connections per device. [ 417.831253][T18755] block nbd5: shutting down sockets [ 417.914669][T18775] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3994'. [ 418.232744][T18798] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3998'. [ 418.243538][ T55] block nbd1: Possible stuck request ffff888025245080: control (read@0,1024B). Runtime 300 seconds [ 418.254880][ T55] block nbd1: Possible stuck request ffff888025245240: control (read@1024,1024B). Runtime 300 seconds [ 418.266846][ T55] block nbd1: Possible stuck request ffff888025245400: control (read@2048,1024B). Runtime 300 seconds [ 418.280183][ T55] block nbd1: Possible stuck request ffff8880252455c0: control (read@3072,1024B). Runtime 300 seconds [ 418.442610][T18807] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4001'. [ 418.911027][T18832] tipc: Started in network mode [ 418.928696][T18832] tipc: Node identity eea71255eb61, cluster identity 4711 [ 418.966873][T18832] tipc: Enabled bearer , priority 0 [ 419.071524][T18833] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 419.088029][T18834] tipc: Enabling of bearer rejected, already enabled [ 419.220825][T18834] tipc: Disabling bearer [ 419.764331][T18897] FAULT_INJECTION: forcing a failure. [ 419.764331][T18897] name failslab, interval 1, probability 0, space 0, times 0 [ 419.786872][T18897] CPU: 1 UID: 0 PID: 18897 Comm: syz.1.4033 Not tainted syzkaller #0 PREEMPT(full) [ 419.786898][T18897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 419.786908][T18897] Call Trace: [ 419.786916][T18897] [ 419.786925][T18897] dump_stack_lvl+0x189/0x250 [ 419.786950][T18897] ? __pfx____ratelimit+0x10/0x10 [ 419.786969][T18897] ? __pfx_dump_stack_lvl+0x10/0x10 [ 419.786988][T18897] ? __pfx__printk+0x10/0x10 [ 419.787011][T18897] ? __lock_acquire+0xab9/0xd20 [ 419.787042][T18897] should_fail_ex+0x414/0x560 [ 419.787071][T18897] should_failslab+0xa8/0x100 [ 419.787095][T18897] kmem_cache_alloc_noprof+0x73/0x3c0 [ 419.787115][T18897] ? skb_clone+0x212/0x3a0 [ 419.787140][T18897] skb_clone+0x212/0x3a0 [ 419.787163][T18897] __netlink_deliver_tap+0x404/0x850 [ 419.787194][T18897] ? netlink_deliver_tap+0x2e/0x1b0 [ 419.787214][T18897] netlink_deliver_tap+0x19c/0x1b0 [ 419.787234][T18897] netlink_unicast+0x7fa/0x9e0 [ 419.787259][T18897] ? __pfx_netlink_unicast+0x10/0x10 [ 419.787279][T18897] ? netlink_sendmsg+0x642/0xb30 [ 419.787296][T18897] ? skb_put+0x11b/0x210 [ 419.787319][T18897] netlink_sendmsg+0x805/0xb30 [ 419.787349][T18897] ? __pfx_netlink_sendmsg+0x10/0x10 [ 419.787372][T18897] ? aa_sock_msg_perm+0xf1/0x1d0 [ 419.787391][T18897] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 419.787409][T18897] ? __pfx_netlink_sendmsg+0x10/0x10 [ 419.787429][T18897] __sock_sendmsg+0x21c/0x270 [ 419.787449][T18897] ____sys_sendmsg+0x505/0x830 [ 419.787475][T18897] ? __pfx_____sys_sendmsg+0x10/0x10 [ 419.787513][T18897] ? import_iovec+0x74/0xa0 [ 419.787538][T18897] ___sys_sendmsg+0x21f/0x2a0 [ 419.787562][T18897] ? __pfx____sys_sendmsg+0x10/0x10 [ 419.787621][T18897] ? __fget_files+0x2a/0x420 [ 419.787635][T18897] ? __fget_files+0x3a0/0x420 [ 419.787662][T18897] __x64_sys_sendmsg+0x19b/0x260 [ 419.787686][T18897] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 419.787717][T18897] ? __pfx_ksys_write+0x10/0x10 [ 419.787744][T18897] ? do_syscall_64+0xbe/0x3b0 [ 419.787767][T18897] do_syscall_64+0xfa/0x3b0 [ 419.787786][T18897] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.787802][T18897] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 419.787818][T18897] ? clear_bhb_loop+0x60/0xb0 [ 419.787839][T18897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.787855][T18897] RIP: 0033:0x7f00a578eec9 [ 419.787872][T18897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.787887][T18897] RSP: 002b:00007f00a65f1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 419.787906][T18897] RAX: ffffffffffffffda RBX: 00007f00a59e5fa0 RCX: 00007f00a578eec9 [ 419.787918][T18897] RDX: 0000000000000050 RSI: 0000200000000100 RDI: 000000000000000d [ 419.787929][T18897] RBP: 00007f00a65f1090 R08: 0000000000000000 R09: 0000000000000000 [ 419.787940][T18897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 419.787950][T18897] R13: 00007f00a59e6038 R14: 00007f00a59e5fa0 R15: 00007ffc3e5a97b8 [ 419.787980][T18897] [ 420.112873][T18901] openvswitch: netlink: IPv4 frag type 255 is out of range max 2 [ 420.309524][T18913] validate_nla: 2 callbacks suppressed [ 420.309541][T18913] netlink: 'syz.3.4038': attribute type 4 has an invalid length. [ 420.340169][T18913] netlink: 'syz.3.4038': attribute type 4 has an invalid length. [ 420.425308][T18923] netlink: 'syz.0.4039': attribute type 1 has an invalid length. [ 420.532784][T18923] 8021q: adding VLAN 0 to HW filter on device bond3 [ 420.638026][T18918] vlan0: entered allmulticast mode [ 420.657548][T18918] bond3: (slave vlan0): Opening slave failed [ 421.108491][T18961] mac80211_hwsim hwsim44 wlan1: entered promiscuous mode [ 421.133795][T18961] macvtap1: entered promiscuous mode [ 421.390907][T18982] FAULT_INJECTION: forcing a failure. [ 421.390907][T18982] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 421.420061][T18982] CPU: 0 UID: 0 PID: 18982 Comm: syz.4.4061 Not tainted syzkaller #0 PREEMPT(full) [ 421.420089][T18982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 421.420099][T18982] Call Trace: [ 421.420115][T18982] [ 421.420122][T18982] dump_stack_lvl+0x189/0x250 [ 421.420147][T18982] ? __pfx____ratelimit+0x10/0x10 [ 421.420166][T18982] ? __pfx_dump_stack_lvl+0x10/0x10 [ 421.420185][T18982] ? __pfx__printk+0x10/0x10 [ 421.420207][T18982] ? __might_fault+0xb0/0x130 [ 421.420240][T18982] should_fail_ex+0x414/0x560 [ 421.420269][T18982] core_sys_select+0x724/0xa20 [ 421.420303][T18982] ? __pfx_core_sys_select+0x10/0x10 [ 421.420349][T18982] ? __pfx_set_user_sigmask+0x10/0x10 [ 421.420366][T18982] ? do_sys_openat2+0x154/0x1c0 [ 421.420383][T18982] ? kmem_cache_free+0x18f/0x400 [ 421.420416][T18982] __se_sys_pselect6+0x27a/0x300 [ 421.420445][T18982] ? __pfx___se_sys_pselect6+0x10/0x10 [ 421.420466][T18982] ? __pfx_ksys_write+0x10/0x10 [ 421.420485][T18982] ? rcu_is_watching+0x15/0xb0 [ 421.420505][T18982] ? __x64_sys_pselect6+0x21/0xf0 [ 421.420529][T18982] do_syscall_64+0xfa/0x3b0 [ 421.420546][T18982] ? lockdep_hardirqs_on+0x9c/0x150 [ 421.420562][T18982] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.420578][T18982] ? clear_bhb_loop+0x60/0xb0 [ 421.420598][T18982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.420614][T18982] RIP: 0033:0x7efe6cd8eec9 [ 421.420631][T18982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.420645][T18982] RSP: 002b:00007efe6aff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 421.420665][T18982] RAX: ffffffffffffffda RBX: 00007efe6cfe5fa0 RCX: 00007efe6cd8eec9 [ 421.420677][T18982] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000040 [ 421.420688][T18982] RBP: 00007efe6aff6090 R08: 0000000000000000 R09: 0000000000000000 [ 421.420699][T18982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 421.420709][T18982] R13: 00007efe6cfe6038 R14: 00007efe6cfe5fa0 R15: 00007fff3d2e4d68 [ 421.420738][T18982] [ 421.830046][T18999] __nla_validate_parse: 18 callbacks suppressed [ 421.830064][T18999] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4064'. [ 421.863048][T19003] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4067'. [ 421.880622][T19005] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4066'. [ 422.382063][T19034] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 422.875125][T19050] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4079'. [ 422.916162][T19055] netlink: 'syz.1.4080': attribute type 1 has an invalid length. [ 422.931604][T19048] netlink: 'syz.3.4078': attribute type 39 has an invalid length. [ 423.022245][T19055] 8021q: adding VLAN 0 to HW filter on device bond7 [ 423.419321][T19074] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4086'. [ 423.477703][T19076] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4087'. [ 423.554908][T19082] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4090'. [ 423.567456][T19078] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4088'. [ 423.697409][T19088] FAULT_INJECTION: forcing a failure. [ 423.697409][T19088] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 423.711163][T19088] CPU: 1 UID: 0 PID: 19088 Comm: syz.1.4091 Not tainted syzkaller #0 PREEMPT(full) [ 423.711188][T19088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 423.711199][T19088] Call Trace: [ 423.711205][T19088] [ 423.711212][T19088] dump_stack_lvl+0x189/0x250 [ 423.711247][T19088] ? __pfx____ratelimit+0x10/0x10 [ 423.711266][T19088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 423.711285][T19088] ? __pfx__printk+0x10/0x10 [ 423.711320][T19088] should_fail_ex+0x414/0x560 [ 423.711347][T19088] _copy_to_user+0x31/0xb0 [ 423.711370][T19088] simple_read_from_buffer+0xe1/0x170 [ 423.711394][T19088] proc_fail_nth_read+0x1b3/0x220 [ 423.711416][T19088] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 423.711438][T19088] ? rw_verify_area+0x2a6/0x4d0 [ 423.711458][T19088] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 423.711478][T19088] vfs_read+0x1fd/0xa30 [ 423.711503][T19088] ? __pfx_poll_select_finish+0x10/0x10 [ 423.711527][T19088] ? __pfx_vfs_read+0x10/0x10 [ 423.711548][T19088] ? __pfx_set_user_sigmask+0x10/0x10 [ 423.711564][T19088] ? do_sys_openat2+0x154/0x1c0 [ 423.711580][T19088] ? kmem_cache_free+0x18f/0x400 [ 423.711616][T19088] ksys_read+0x145/0x250 [ 423.711640][T19088] ? __pfx_ksys_read+0x10/0x10 [ 423.711657][T19088] ? rcu_is_watching+0x15/0xb0 [ 423.711679][T19088] ? do_syscall_64+0xbe/0x3b0 [ 423.711701][T19088] do_syscall_64+0xfa/0x3b0 [ 423.711717][T19088] ? lockdep_hardirqs_on+0x9c/0x150 [ 423.711734][T19088] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.711751][T19088] ? clear_bhb_loop+0x60/0xb0 [ 423.711771][T19088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.711787][T19088] RIP: 0033:0x7f00a578d8dc [ 423.711804][T19088] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 423.711819][T19088] RSP: 002b:00007f00a65f1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 423.711838][T19088] RAX: ffffffffffffffda RBX: 00007f00a59e5fa0 RCX: 00007f00a578d8dc [ 423.711851][T19088] RDX: 000000000000000f RSI: 00007f00a65f10a0 RDI: 0000000000000004 [ 423.711862][T19088] RBP: 00007f00a65f1090 R08: 0000000000000000 R09: 0000000000000000 [ 423.711873][T19088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 423.711884][T19088] R13: 00007f00a59e6038 R14: 00007f00a59e5fa0 R15: 00007ffc3e5a97b8 [ 423.711913][T19088] [ 424.248316][T19098] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4095'. [ 424.551360][T19117] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4101'. [ 424.560582][T19117] netlink: 'syz.4.4101': attribute type 1 has an invalid length. [ 425.218282][T19132] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 425.853091][T19181] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 426.480358][T19206] netlink: 'syz.1.4130': attribute type 4 has an invalid length. [ 426.533119][T19207] netlink: 'syz.1.4130': attribute type 4 has an invalid length. [ 426.882333][T19219] __nla_validate_parse: 10 callbacks suppressed [ 426.882354][T19219] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4134'. [ 426.934083][T19223] netlink: 8192 bytes leftover after parsing attributes in process `syz.4.4136'. [ 426.975274][T19219] netlink: 268 bytes leftover after parsing attributes in process `syz.0.4134'. [ 426.999071][T19219] tc_dump_action: action bad kind [ 427.382122][T19244] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4143'. [ 427.617049][T19258] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4149'. [ 427.695607][ T6730] vlan2: left promiscuous mode [ 428.029962][T19278] netlink: 'syz.1.4155': attribute type 4 has an invalid length. [ 428.058315][T19275] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 428.106825][T19280] netlink: 56 bytes leftover after parsing attributes in process `syz.4.4156'. [ 428.118526][T19278] netlink: 'syz.1.4155': attribute type 4 has an invalid length. [ 428.194518][T19284] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4158'. [ 428.293622][T19293] netlink: 136 bytes leftover after parsing attributes in process `syz.2.4161'. [ 428.308735][T19293] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4161'. [ 428.325104][T19293] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4161'. [ 428.578735][T19316] netlink: 'syz.2.4168': attribute type 10 has an invalid length. [ 429.652306][T19370] netlink: 'syz.1.4184': attribute type 10 has an invalid length. [ 429.998725][T19386] syz_tun: entered promiscuous mode [ 430.016918][T19386] macvtap1: entered promiscuous mode [ 430.022456][T19386] macvtap1: entered allmulticast mode [ 430.058486][T19386] syz_tun: entered allmulticast mode [ 430.651620][T19426] netlink: 'syz.2.4199': attribute type 10 has an invalid length. [ 430.710786][T19424] dvmrp8: entered allmulticast mode [ 430.790842][T19423] dvmrp8: left allmulticast mode [ 431.319181][T19455] macvlan2: entered promiscuous mode [ 431.339647][T19455] vlan0: entered promiscuous mode [ 431.820668][T19482] FAULT_INJECTION: forcing a failure. [ 431.820668][T19482] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 431.844020][T19482] CPU: 0 UID: 0 PID: 19482 Comm: syz.0.4214 Not tainted syzkaller #0 PREEMPT(full) [ 431.844047][T19482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 431.844058][T19482] Call Trace: [ 431.844065][T19482] [ 431.844073][T19482] dump_stack_lvl+0x189/0x250 [ 431.844098][T19482] ? __pfx____ratelimit+0x10/0x10 [ 431.844117][T19482] ? __pfx_dump_stack_lvl+0x10/0x10 [ 431.844136][T19482] ? __pfx__printk+0x10/0x10 [ 431.844158][T19482] ? __might_fault+0xb0/0x130 [ 431.844193][T19482] should_fail_ex+0x414/0x560 [ 431.844219][T19482] _copy_from_user+0x2d/0xb0 [ 431.844239][T19482] ___sys_sendmsg+0x158/0x2a0 [ 431.844262][T19482] ? __pfx____sys_sendmsg+0x10/0x10 [ 431.844313][T19482] ? __fget_files+0x2a/0x420 [ 431.844327][T19482] ? __fget_files+0x3a0/0x420 [ 431.844351][T19482] __x64_sys_sendmsg+0x19b/0x260 [ 431.844372][T19482] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 431.844401][T19482] ? __pfx_ksys_write+0x10/0x10 [ 431.844419][T19482] ? rcu_is_watching+0x15/0xb0 [ 431.844442][T19482] ? do_syscall_64+0xbe/0x3b0 [ 431.844463][T19482] do_syscall_64+0xfa/0x3b0 [ 431.844480][T19482] ? lockdep_hardirqs_on+0x9c/0x150 [ 431.844497][T19482] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.844513][T19482] ? clear_bhb_loop+0x60/0xb0 [ 431.844532][T19482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.844548][T19482] RIP: 0033:0x7f087318eec9 [ 431.844564][T19482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 431.844578][T19482] RSP: 002b:00007f087402f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 431.844596][T19482] RAX: ffffffffffffffda RBX: 00007f08733e6090 RCX: 00007f087318eec9 [ 431.844609][T19482] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 000000000000000a [ 431.844619][T19482] RBP: 00007f087402f090 R08: 0000000000000000 R09: 0000000000000000 [ 431.844630][T19482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 431.844640][T19482] R13: 00007f08733e6128 R14: 00007f08733e6090 R15: 00007fffc5ad5878 [ 431.844669][T19482] [ 432.175785][T19490] netlink: 'syz.0.4217': attribute type 27 has an invalid length. [ 432.327209][ T1166] block nbd4: Possible stuck request ffff8880252f0000: control (read@0,1024B). Runtime 60 seconds [ 432.338174][ T1166] block nbd4: Possible stuck request ffff8880252f01c0: control (read@1024,1024B). Runtime 60 seconds [ 432.350381][ T1166] block nbd4: Possible stuck request ffff8880252f0380: control (read@2048,1024B). Runtime 60 seconds [ 432.361666][ T1166] block nbd4: Possible stuck request ffff8880252f0540: control (read@3072,1024B). Runtime 60 seconds [ 432.412237][T19501] FAULT_INJECTION: forcing a failure. [ 432.412237][T19501] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 432.425700][T19501] CPU: 1 UID: 0 PID: 19501 Comm: syz.2.4224 Not tainted syzkaller #0 PREEMPT(full) [ 432.425725][T19501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 432.425735][T19501] Call Trace: [ 432.425743][T19501] [ 432.425751][T19501] dump_stack_lvl+0x189/0x250 [ 432.425775][T19501] ? __pfx____ratelimit+0x10/0x10 [ 432.425794][T19501] ? __pfx_dump_stack_lvl+0x10/0x10 [ 432.425813][T19501] ? __pfx__printk+0x10/0x10 [ 432.425848][T19501] should_fail_ex+0x414/0x560 [ 432.425877][T19501] _copy_to_user+0x31/0xb0 [ 432.425899][T19501] simple_read_from_buffer+0xe1/0x170 [ 432.425927][T19501] proc_fail_nth_read+0x1b3/0x220 [ 432.425949][T19501] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 432.425971][T19501] ? rw_verify_area+0x2a6/0x4d0 [ 432.425990][T19501] ? __lock_acquire+0xab9/0xd20 [ 432.426010][T19501] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 432.426030][T19501] vfs_read+0x1fd/0xa30 [ 432.426048][T19501] ? fdget_pos+0x247/0x320 [ 432.426066][T19501] ? __pfx___mutex_lock+0x10/0x10 [ 432.426085][T19501] ? __pfx_vfs_read+0x10/0x10 [ 432.426106][T19501] ? __fget_files+0x2a/0x420 [ 432.426125][T19501] ? __fget_files+0x3a0/0x420 [ 432.426139][T19501] ? __fget_files+0x2a/0x420 [ 432.426163][T19501] ksys_read+0x145/0x250 [ 432.426186][T19501] ? __pfx_ksys_read+0x10/0x10 [ 432.426203][T19501] ? rcu_is_watching+0x15/0xb0 [ 432.426224][T19501] ? do_syscall_64+0xbe/0x3b0 [ 432.426245][T19501] do_syscall_64+0xfa/0x3b0 [ 432.426260][T19501] ? lockdep_hardirqs_on+0x9c/0x150 [ 432.426275][T19501] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.426291][T19501] ? clear_bhb_loop+0x60/0xb0 [ 432.426312][T19501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.426329][T19501] RIP: 0033:0x7fc717d8d8dc [ 432.426354][T19501] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 432.426369][T19501] RSP: 002b:00007fc718b61030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 432.426388][T19501] RAX: ffffffffffffffda RBX: 00007fc717fe5fa0 RCX: 00007fc717d8d8dc [ 432.426401][T19501] RDX: 000000000000000f RSI: 00007fc718b610a0 RDI: 0000000000000004 [ 432.426413][T19501] RBP: 00007fc718b61090 R08: 0000000000000000 R09: 0000000000000000 [ 432.426424][T19501] R10: 0000000040010000 R11: 0000000000000246 R12: 0000000000000001 [ 432.426436][T19501] R13: 00007fc717fe6038 R14: 00007fc717fe5fa0 R15: 00007ffc3b1e6f38 [ 432.426466][T19501] [ 432.751628][T19507] netlink: 'syz.2.4226': attribute type 4 has an invalid length. [ 432.806157][T19507] netlink: 'syz.2.4226': attribute type 4 has an invalid length. [ 432.841520][T19500] __nla_validate_parse: 18 callbacks suppressed [ 432.841539][T19500] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4222'. [ 432.995000][T19515] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 433.285527][T19541] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 433.397364][T19541] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4238'. [ 433.722941][T19570] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4245'. [ 433.952621][T19585] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4248'. [ 434.030270][T19591] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4251'. [ 434.046874][T19594] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4252'. [ 434.059986][T19594] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4252'. [ 434.223313][T19596] 8021q: adding VLAN 0 to HW filter on device bond4 [ 434.232239][T19596] bond4: entered promiscuous mode [ 434.243370][T19596] bond0: (slave bond4): Enslaving as an active interface with an up link [ 434.264868][T19606] dvmrp8: entered allmulticast mode [ 434.272952][T19603] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4258'. [ 434.283187][T19604] dvmrp8: left allmulticast mode [ 434.438104][T19620] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4261'. [ 434.455804][T19621] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4263'. [ 434.519152][T19625] FAULT_INJECTION: forcing a failure. [ 434.519152][T19625] name failslab, interval 1, probability 0, space 0, times 0 [ 434.539092][T19625] CPU: 0 UID: 0 PID: 19625 Comm: syz.1.4263 Not tainted syzkaller #0 PREEMPT(full) [ 434.539117][T19625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 434.539129][T19625] Call Trace: [ 434.539137][T19625] [ 434.539145][T19625] dump_stack_lvl+0x189/0x250 [ 434.539169][T19625] ? __pfx____ratelimit+0x10/0x10 [ 434.539187][T19625] ? __pfx_dump_stack_lvl+0x10/0x10 [ 434.539206][T19625] ? __pfx__printk+0x10/0x10 [ 434.539229][T19625] ? __pfx___might_resched+0x10/0x10 [ 434.539250][T19625] should_fail_ex+0x414/0x560 [ 434.539277][T19625] should_failslab+0xa8/0x100 [ 434.539301][T19625] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 434.539322][T19625] ? __alloc_skb+0x112/0x2d0 [ 434.539345][T19625] __alloc_skb+0x112/0x2d0 [ 434.539369][T19625] netlink_sendmsg+0x5c6/0xb30 [ 434.539396][T19625] ? __pfx_netlink_sendmsg+0x10/0x10 [ 434.539419][T19625] ? aa_sock_msg_perm+0xf1/0x1d0 [ 434.539447][T19625] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 434.539464][T19625] ? __pfx_netlink_sendmsg+0x10/0x10 [ 434.539484][T19625] __sock_sendmsg+0x21c/0x270 [ 434.539501][T19625] ____sys_sendmsg+0x505/0x830 [ 434.539527][T19625] ? __pfx_____sys_sendmsg+0x10/0x10 [ 434.539556][T19625] ? import_iovec+0x74/0xa0 [ 434.539580][T19625] ___sys_sendmsg+0x21f/0x2a0 [ 434.539603][T19625] ? __pfx____sys_sendmsg+0x10/0x10 [ 434.539656][T19625] ? __fget_files+0x2a/0x420 [ 434.539670][T19625] ? __fget_files+0x3a0/0x420 [ 434.539694][T19625] __x64_sys_sendmsg+0x19b/0x260 [ 434.539718][T19625] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 434.539752][T19625] ? __pfx_ksys_write+0x10/0x10 [ 434.539772][T19625] ? rcu_is_watching+0x15/0xb0 [ 434.539795][T19625] ? do_syscall_64+0xbe/0x3b0 [ 434.539817][T19625] do_syscall_64+0xfa/0x3b0 [ 434.539834][T19625] ? lockdep_hardirqs_on+0x9c/0x150 [ 434.539855][T19625] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.539871][T19625] ? clear_bhb_loop+0x60/0xb0 [ 434.539893][T19625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.539910][T19625] RIP: 0033:0x7f00a578eec9 [ 434.539926][T19625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 434.539944][T19625] RSP: 002b:00007f00a65d0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 434.539962][T19625] RAX: ffffffffffffffda RBX: 00007f00a59e6090 RCX: 00007f00a578eec9 [ 434.539974][T19625] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 000000000000000a [ 434.539984][T19625] RBP: 00007f00a65d0090 R08: 0000000000000000 R09: 0000000000000000 [ 434.539994][T19625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 434.540004][T19625] R13: 00007f00a59e6128 R14: 00007f00a59e6090 R15: 00007ffc3e5a97b8 [ 434.540031][T19625] [ 435.372132][T19671] netlink: 'syz.2.4280': attribute type 4 has an invalid length. [ 435.430563][T19671] netlink: 'syz.2.4280': attribute type 4 has an invalid length. [ 435.484756][T19679] netlink: 'syz.0.4284': attribute type 1 has an invalid length. [ 436.208357][T19725] syz_tun: entered promiscuous mode [ 436.218625][T19725] macvtap2: entered promiscuous mode [ 436.235226][T19725] macvtap2: entered allmulticast mode [ 436.240721][T19725] syz_tun: entered allmulticast mode [ 436.291674][T19729] syz_tun: left allmulticast mode [ 436.323815][T19729] syz_tun: left promiscuous mode [ 436.507601][T19735] 8021q: adding VLAN 0 to HW filter on device bond6 [ 436.516312][T19735] team0: Port device bond6 added [ 436.995368][T19766] netlink: 'syz.4.4314': attribute type 1 has an invalid length. [ 437.095924][T19766] 8021q: adding VLAN 0 to HW filter on device bond6 [ 437.119654][T19775] bond5: (slave wlan0): Releasing active interface [ 437.146994][T19775] bond6: (slave wlan0): Opening slave failed [ 437.411246][T19794] netlink: 'syz.4.4323': attribute type 4 has an invalid length. [ 437.461242][T19797] netlink: 'syz.4.4323': attribute type 4 has an invalid length. [ 438.536164][T19816] __nla_validate_parse: 14 callbacks suppressed [ 438.536185][T19816] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4331'. [ 438.629164][T19816] bond0: entered promiscuous mode [ 438.664477][T19816] bond_slave_0: entered promiscuous mode [ 438.673520][T19816] bond_slave_1: entered promiscuous mode [ 438.698562][T19816] bond0: left promiscuous mode [ 438.703371][T19816] bond_slave_0: left promiscuous mode [ 438.725921][T19816] bond_slave_1: left promiscuous mode [ 438.748557][T19829] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4334'. [ 438.952553][T19839] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4337'. [ 439.156583][T19857] netlink: 14212 bytes leftover after parsing attributes in process `syz.3.4341'. [ 439.402116][T19871] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4345'. [ 439.456372][T19865] 8021q: adding VLAN 0 to HW filter on device bond5 [ 439.464378][T19865] bond5: entered promiscuous mode [ 439.470481][T19865] team0: Port device bond5 added [ 439.519630][T19875] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4348'. [ 439.534469][T19875] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4348'. [ 439.640602][T19875] geneve3: entered promiscuous mode [ 439.685288][T19875] geneve3: entered allmulticast mode [ 439.704686][T19885] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4352'. [ 439.820388][T19890] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4353'. [ 440.317716][T19922] netlink: 'syz.3.4362': attribute type 1 has an invalid length. [ 440.330003][T19924] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4363'. [ 440.368832][T19922] 8021q: adding VLAN 0 to HW filter on device bond7 [ 440.466232][T19924] erspan0: entered promiscuous mode [ 440.471655][T19924] macvtap1: entered promiscuous mode [ 440.477313][T19924] macvtap1: entered allmulticast mode [ 440.482696][T19924] erspan0: entered allmulticast mode [ 440.491157][T19928] bond5: (slave wlan0): Releasing active interface [ 440.498351][T19928] bond5: (slave wlan0): the permanent HWaddr of slave - 08:02:11:00:00:00 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 440.520999][T19928] vlan2: entered promiscuous mode [ 440.559696][T19928] bond7: (slave wlan0): Opening slave failed [ 440.674585][T19939] netlink: 'syz.4.4369': attribute type 4 has an invalid length. [ 440.706117][T19939] netlink: 'syz.4.4369': attribute type 4 has an invalid length. [ 441.015766][T19963] bond0: entered promiscuous mode [ 441.021892][T19963] bond_slave_0: entered promiscuous mode [ 441.028404][T19963] bond_slave_1: entered promiscuous mode [ 441.036742][T19963] bond0: left promiscuous mode [ 441.041648][T19963] bond_slave_0: left promiscuous mode [ 441.047928][T19963] bond_slave_1: left promiscuous mode [ 441.397118][T19990] sctp: [Deprecated]: syz.1.4386 (pid 19990) Use of struct sctp_assoc_value in delayed_ack socket option. [ 441.397118][T19990] Use struct sctp_sack_info instead [ 441.428657][T19990] netlink: 'syz.1.4386': attribute type 4 has an invalid length. [ 441.784678][T20004] 8021q: adding VLAN 0 to HW filter on device bond8 [ 441.793159][T20004] team0: Port device bond8 added [ 442.298760][T20039] macvtap2: entered promiscuous mode [ 442.304696][T20039] macvtap2: entered allmulticast mode [ 442.628890][T20059] macvtap3: entered promiscuous mode [ 442.635137][T20059] macvtap3: entered allmulticast mode [ 442.642418][T20059] FAULT_INJECTION: forcing a failure. [ 442.642418][T20059] name failslab, interval 1, probability 0, space 0, times 0 [ 442.650452][T20058] ip6gretap0: entered promiscuous mode [ 442.655816][T20059] CPU: 1 UID: 0 PID: 20059 Comm: syz.1.4408 Not tainted syzkaller #0 PREEMPT(full) [ 442.655841][T20059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 442.655852][T20059] Call Trace: [ 442.655860][T20059] [ 442.655868][T20059] dump_stack_lvl+0x189/0x250 [ 442.655893][T20059] ? __pfx____ratelimit+0x10/0x10 [ 442.655912][T20059] ? __pfx_dump_stack_lvl+0x10/0x10 [ 442.655931][T20059] ? __pfx__printk+0x10/0x10 [ 442.655958][T20059] ? __pfx___might_resched+0x10/0x10 [ 442.655980][T20059] should_fail_ex+0x414/0x560 [ 442.656008][T20059] should_failslab+0xa8/0x100 [ 442.656033][T20059] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 442.656055][T20059] ? __alloc_skb+0x112/0x2d0 [ 442.656079][T20059] __alloc_skb+0x112/0x2d0 [ 442.656100][T20059] netlink_sendmsg+0x5c6/0xb30 [ 442.656129][T20059] ? __pfx_netlink_sendmsg+0x10/0x10 [ 442.656152][T20059] ? aa_sock_msg_perm+0xf1/0x1d0 [ 442.656170][T20059] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 442.656188][T20059] ? __pfx_netlink_sendmsg+0x10/0x10 [ 442.656208][T20059] __sock_sendmsg+0x21c/0x270 [ 442.656228][T20059] ____sys_sendmsg+0x505/0x830 [ 442.656253][T20059] ? __pfx_____sys_sendmsg+0x10/0x10 [ 442.656283][T20059] ? import_iovec+0x74/0xa0 [ 442.656307][T20059] ___sys_sendmsg+0x21f/0x2a0 [ 442.656330][T20059] ? __pfx____sys_sendmsg+0x10/0x10 [ 442.656385][T20059] ? __fget_files+0x2a/0x420 [ 442.656399][T20059] ? __fget_files+0x3a0/0x420 [ 442.656425][T20059] __x64_sys_sendmsg+0x19b/0x260 [ 442.656448][T20059] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 442.656478][T20059] ? __pfx_ksys_write+0x10/0x10 [ 442.656497][T20059] ? rcu_is_watching+0x15/0xb0 [ 442.656519][T20059] ? do_syscall_64+0xbe/0x3b0 [ 442.656541][T20059] do_syscall_64+0xfa/0x3b0 [ 442.656558][T20059] ? lockdep_hardirqs_on+0x9c/0x150 [ 442.656575][T20059] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.656592][T20059] ? clear_bhb_loop+0x60/0xb0 [ 442.656613][T20059] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.656628][T20059] RIP: 0033:0x7f00a578eec9 [ 442.656645][T20059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 442.656659][T20059] RSP: 002b:00007f00a65f1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 442.656676][T20059] RAX: ffffffffffffffda RBX: 00007f00a59e5fa0 RCX: 00007f00a578eec9 [ 442.656689][T20059] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000009 [ 442.656700][T20059] RBP: 00007f00a65f1090 R08: 0000000000000000 R09: 0000000000000000 [ 442.656716][T20059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 442.656727][T20059] R13: 00007f00a59e6038 R14: 00007f00a59e5fa0 R15: 00007ffc3e5a97b8 [ 442.656756][T20059] [ 442.944941][T20058] macvtap3: entered promiscuous mode [ 442.950764][T20058] macvtap3: entered allmulticast mode [ 442.964088][T20058] ip6gretap0: entered allmulticast mode [ 442.988332][T20062] ip6gretap0: left allmulticast mode [ 442.993833][T20062] ip6gretap0: left promiscuous mode [ 443.166867][T20077] netlink: 'syz.0.4414': attribute type 4 has an invalid length. [ 443.194168][T20077] netlink: 'syz.0.4414': attribute type 4 has an invalid length. [ 443.567107][T20102] netlink: 'syz.0.4422': attribute type 10 has an invalid length. [ 443.580277][T20102] 8021q: adding VLAN 0 to HW filter on device team0 [ 443.603483][T20102] team0: entered promiscuous mode [ 443.608796][T20102] team_slave_0: entered promiscuous mode [ 443.620734][T20102] team_slave_1: entered promiscuous mode [ 443.627858][T20102] bond0: (slave team0): Enslaving as an active interface with an up link [ 443.712679][T20109] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 444.272886][T20137] __nla_validate_parse: 17 callbacks suppressed [ 444.272904][T20137] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4432'. [ 444.307814][T20140] tipc: Started in network mode [ 444.312897][T20140] tipc: Node identity 0000000000000000005885d6a76549cc, cluster identity 4711 [ 444.323736][T20140] tipc: Enabling of bearer rejected, failed to enable media [ 444.439985][T20145] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4435'. [ 444.534583][T20147] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4436'. [ 444.664085][T20154] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4438'. [ 445.225307][T20181] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4444'. [ 445.435521][T20192] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4449'. [ 445.482411][T20196] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4451'. [ 445.527960][T20196] macvtap4: entered promiscuous mode [ 445.540072][T20196] macvtap4: entered allmulticast mode [ 445.813515][T20213] netlink: 'syz.3.4457': attribute type 4 has an invalid length. [ 445.907926][T20213] netlink: 'syz.3.4457': attribute type 4 has an invalid length. [ 446.043598][T20224] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4459'. [ 446.183953][T20226] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4461'. [ 446.197364][T20232] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4464'. [ 446.291053][T20233] FAULT_INJECTION: forcing a failure. [ 446.291053][T20233] name failslab, interval 1, probability 0, space 0, times 0 [ 446.304315][T20233] CPU: 1 UID: 0 PID: 20233 Comm: syz.1.4461 Not tainted syzkaller #0 PREEMPT(full) [ 446.304340][T20233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 446.304352][T20233] Call Trace: [ 446.304360][T20233] [ 446.304369][T20233] dump_stack_lvl+0x189/0x250 [ 446.304394][T20233] ? __pfx____ratelimit+0x10/0x10 [ 446.304423][T20233] ? __pfx_dump_stack_lvl+0x10/0x10 [ 446.304440][T20233] ? __pfx__printk+0x10/0x10 [ 446.304466][T20233] ? __pfx___might_resched+0x10/0x10 [ 446.304482][T20233] ? fs_reclaim_acquire+0x7d/0x100 [ 446.304503][T20233] should_fail_ex+0x414/0x560 [ 446.304532][T20233] should_failslab+0xa8/0x100 [ 446.304557][T20233] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 446.304580][T20233] ? __alloc_skb+0x112/0x2d0 [ 446.304605][T20233] __alloc_skb+0x112/0x2d0 [ 446.304628][T20233] netlink_ack+0x146/0xa50 [ 446.304643][T20233] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 446.304660][T20233] ? ref_tracker_free+0x63a/0x7d0 [ 446.304676][T20233] ? __asan_memcpy+0x40/0x70 [ 446.304695][T20233] ? __pfx_ref_tracker_free+0x10/0x10 [ 446.304722][T20233] netlink_rcv_skb+0x28c/0x470 [ 446.304743][T20233] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 446.304763][T20233] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 446.304794][T20233] ? netlink_deliver_tap+0x2e/0x1b0 [ 446.304821][T20233] netlink_unicast+0x82f/0x9e0 [ 446.304849][T20233] ? __pfx_netlink_unicast+0x10/0x10 [ 446.304869][T20233] ? netlink_sendmsg+0x642/0xb30 [ 446.304887][T20233] ? skb_put+0x11b/0x210 [ 446.304911][T20233] netlink_sendmsg+0x805/0xb30 [ 446.304941][T20233] ? __pfx_netlink_sendmsg+0x10/0x10 [ 446.304963][T20233] ? aa_sock_msg_perm+0xf1/0x1d0 [ 446.304982][T20233] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 446.305000][T20233] ? __pfx_netlink_sendmsg+0x10/0x10 [ 446.305020][T20233] __sock_sendmsg+0x21c/0x270 [ 446.305041][T20233] ____sys_sendmsg+0x505/0x830 [ 446.305070][T20233] ? __pfx_____sys_sendmsg+0x10/0x10 [ 446.305102][T20233] ? import_iovec+0x74/0xa0 [ 446.305127][T20233] ___sys_sendmsg+0x21f/0x2a0 [ 446.305150][T20233] ? __pfx____sys_sendmsg+0x10/0x10 [ 446.305203][T20233] ? __fget_files+0x2a/0x420 [ 446.305218][T20233] ? __fget_files+0x3a0/0x420 [ 446.305244][T20233] __x64_sys_sendmsg+0x19b/0x260 [ 446.305267][T20233] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 446.305298][T20233] ? __pfx_ksys_write+0x10/0x10 [ 446.305315][T20233] ? rcu_is_watching+0x15/0xb0 [ 446.305380][T20233] ? do_syscall_64+0xbe/0x3b0 [ 446.305403][T20233] do_syscall_64+0xfa/0x3b0 [ 446.305425][T20233] ? lockdep_hardirqs_on+0x9c/0x150 [ 446.305443][T20233] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.305460][T20233] ? clear_bhb_loop+0x60/0xb0 [ 446.305480][T20233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.305497][T20233] RIP: 0033:0x7f00a578eec9 [ 446.305514][T20233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 446.305529][T20233] RSP: 002b:00007f00a65d0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 446.305549][T20233] RAX: ffffffffffffffda RBX: 00007f00a59e6090 RCX: 00007f00a578eec9 [ 446.305562][T20233] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 000000000000000a [ 446.305575][T20233] RBP: 00007f00a65d0090 R08: 0000000000000000 R09: 0000000000000000 [ 446.305586][T20233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 446.305597][T20233] R13: 00007f00a59e6128 R14: 00007f00a59e6090 R15: 00007ffc3e5a97b8 [ 446.305625][T20233] [ 448.314872][ T55] block nbd1: Possible stuck request ffff888025245080: control (read@0,1024B). Runtime 330 seconds [ 448.327139][ T55] block nbd1: Possible stuck request ffff888025245240: control (read@1024,1024B). Runtime 330 seconds [ 448.338291][ T55] block nbd1: Possible stuck request ffff888025245400: control (read@2048,1024B). Runtime 330 seconds [ 448.349447][ T55] block nbd1: Possible stuck request ffff8880252455c0: control (read@3072,1024B). Runtime 330 seconds [ 449.184918][T20354] macsec1: entered promiscuous mode [ 449.200428][T20354] macsec1: entered allmulticast mode [ 449.255693][T20354] sctp: [Deprecated]: syz.3.4503 (pid 20354) Use of int in max_burst socket option. [ 449.255693][T20354] Use struct sctp_assoc_value instead [ 449.392786][T20367] vlan4: entered promiscuous mode [ 449.409739][T20367] vlan4: entered allmulticast mode [ 449.422525][T20367] hsr_slave_1: entered allmulticast mode [ 449.463048][T20367] __nla_validate_parse: 7 callbacks suppressed [ 449.463065][T20367] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4506'. [ 449.616945][T20380] netlink: 'syz.0.4517': attribute type 1 has an invalid length. [ 449.758481][T20391] netlink: 'syz.4.4510': attribute type 4 has an invalid length. [ 449.811302][T20393] netlink: 'syz.4.4510': attribute type 4 has an invalid length. [ 449.857155][T20380] 8021q: adding VLAN 0 to HW filter on device bond4 [ 449.873785][T20371] bond4: (slave vlan0): Opening slave failed [ 449.962875][T20384] syzkaller0: entered promiscuous mode [ 449.969847][T20384] syzkaller0: entered allmulticast mode [ 450.061895][T20400] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4512'. [ 450.062365][T20399] netlink: 248 bytes leftover after parsing attributes in process `syz.4.4513'. [ 451.929149][T20403] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4513'. [ 452.440980][T20441] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4523'. [ 452.480578][T20441] vlan4: entered promiscuous mode [ 452.550163][T17265] vlan2: left promiscuous mode [ 452.587837][T20446] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4525'. [ 452.683906][T20454] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4527'. [ 452.694687][T20454] 8021q: VLANs not supported on xfrm0 [ 452.710998][T20454] macsec2: entered promiscuous mode [ 452.716424][T20454] macsec2: entered allmulticast mode [ 452.730283][T20454] sctp: [Deprecated]: syz.2.4527 (pid 20454) Use of int in max_burst socket option. [ 452.730283][T20454] Use struct sctp_assoc_value instead [ 452.740627][T20455] 8021q: adding VLAN 0 to HW filter on device team0 [ 452.758358][T20455] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 453.026964][T20464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4530'. [ 453.477790][T20489] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4536'. [ 453.479478][T20491] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4535'. [ 453.503148][T20489] ip6gretap0: entered promiscuous mode [ 453.523319][T20489] macvtap2: entered promiscuous mode [ 453.529052][T20489] macvtap2: entered allmulticast mode [ 453.534890][T20489] ip6gretap0: entered allmulticast mode [ 453.667898][T20503] netlink: 'syz.2.4539': attribute type 1 has an invalid length. [ 453.850701][T20503] 8021q: adding VLAN 0 to HW filter on device bond6 [ 454.149086][T20528] FAULT_INJECTION: forcing a failure. [ 454.149086][T20528] name failslab, interval 1, probability 0, space 0, times 0 [ 454.165788][T20530] bond0: entered promiscuous mode [ 454.170861][T20530] bond_slave_0: entered promiscuous mode [ 454.172244][T20528] CPU: 0 UID: 0 PID: 20528 Comm: syz.4.4543 Not tainted syzkaller #0 PREEMPT(full) [ 454.172268][T20528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 454.172279][T20528] Call Trace: [ 454.172288][T20528] [ 454.172297][T20528] dump_stack_lvl+0x189/0x250 [ 454.172322][T20528] ? __pfx____ratelimit+0x10/0x10 [ 454.172340][T20528] ? __pfx_dump_stack_lvl+0x10/0x10 [ 454.172360][T20528] ? __pfx__printk+0x10/0x10 [ 454.172379][T20528] ? netlink_unicast+0x82f/0x9e0 [ 454.172398][T20528] ? ___sys_sendmsg+0x21f/0x2a0 [ 454.172420][T20528] ? do_syscall_64+0xfa/0x3b0 [ 454.172449][T20528] should_fail_ex+0x414/0x560 [ 454.172478][T20528] should_failslab+0xa8/0x100 [ 454.172503][T20528] kmem_cache_alloc_noprof+0x73/0x3c0 [ 454.172523][T20528] ? skb_clone+0x212/0x3a0 [ 454.172549][T20528] skb_clone+0x212/0x3a0 [ 454.172574][T20528] __netlink_deliver_tap+0x404/0x850 [ 454.172606][T20528] ? netlink_deliver_tap+0x2e/0x1b0 [ 454.172626][T20528] netlink_deliver_tap+0x19c/0x1b0 [ 454.172647][T20528] netlink_sendskb+0x68/0x140 [ 454.172667][T20528] netlink_unicast+0x397/0x9e0 [ 454.172682][T20528] ? __asan_memcpy+0x40/0x70 [ 454.172710][T20528] ? __pfx_netlink_unicast+0x10/0x10 [ 454.172738][T20528] netlink_rcv_skb+0x28c/0x470 [ 454.172758][T20528] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 454.172780][T20528] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 454.172810][T20528] ? netlink_deliver_tap+0x2e/0x1b0 [ 454.172836][T20528] netlink_unicast+0x82f/0x9e0 [ 454.172862][T20528] ? __pfx_netlink_unicast+0x10/0x10 [ 454.172882][T20528] ? netlink_sendmsg+0x642/0xb30 [ 454.172899][T20528] ? skb_put+0x11b/0x210 [ 454.172921][T20528] netlink_sendmsg+0x805/0xb30 [ 454.172950][T20528] ? __pfx_netlink_sendmsg+0x10/0x10 [ 454.172973][T20528] ? aa_sock_msg_perm+0xf1/0x1d0 [ 454.172992][T20528] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 454.173011][T20528] ? __pfx_netlink_sendmsg+0x10/0x10 [ 454.173031][T20528] __sock_sendmsg+0x21c/0x270 [ 454.173051][T20528] ____sys_sendmsg+0x505/0x830 [ 454.173078][T20528] ? __pfx_____sys_sendmsg+0x10/0x10 [ 454.173108][T20528] ? import_iovec+0x74/0xa0 [ 454.173133][T20528] ___sys_sendmsg+0x21f/0x2a0 [ 454.173156][T20528] ? __pfx____sys_sendmsg+0x10/0x10 [ 454.173219][T20528] ? __fget_files+0x2a/0x420 [ 454.173234][T20528] ? __fget_files+0x3a0/0x420 [ 454.173260][T20528] __x64_sys_sendmsg+0x19b/0x260 [ 454.173287][T20528] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 454.173318][T20528] ? __pfx_ksys_write+0x10/0x10 [ 454.173337][T20528] ? rcu_is_watching+0x15/0xb0 [ 454.173360][T20528] ? do_syscall_64+0xbe/0x3b0 [ 454.173382][T20528] do_syscall_64+0xfa/0x3b0 [ 454.173399][T20528] ? lockdep_hardirqs_on+0x9c/0x150 [ 454.173416][T20528] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.173432][T20528] ? clear_bhb_loop+0x60/0xb0 [ 454.173453][T20528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.173469][T20528] RIP: 0033:0x7efe6cd8eec9 [ 454.173485][T20528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.173500][T20528] RSP: 002b:00007efe6afb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 454.173518][T20528] RAX: ffffffffffffffda RBX: 00007efe6cfe6180 RCX: 00007efe6cd8eec9 [ 454.173531][T20528] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 000000000000000a [ 454.173541][T20528] RBP: 00007efe6afb4090 R08: 0000000000000000 R09: 0000000000000000 [ 454.173552][T20528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 454.173563][T20528] R13: 00007efe6cfe6218 R14: 00007efe6cfe6180 R15: 00007fff3d2e4d68 [ 454.173592][T20528] [ 454.528901][T20530] bond_slave_1: entered promiscuous mode [ 454.538344][T20530] bond0: left promiscuous mode [ 454.543414][T20530] bond_slave_0: left promiscuous mode [ 454.552113][T20530] bond_slave_1: left promiscuous mode [ 454.784895][T20549] __nla_validate_parse: 3 callbacks suppressed [ 454.784914][T20549] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4551'. [ 454.959925][T20556] netlink: 256 bytes leftover after parsing attributes in process `syz.4.4554'. [ 455.015604][T20556] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4554'. [ 455.192032][T20565] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4559'. [ 455.216581][T20566] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4558'. [ 455.247818][T20569] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4562'. [ 455.349596][T20579] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 455.446554][T20585] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4566'. [ 455.579893][T20589] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4561'. [ 455.817358][T20605] netlink: 'syz.3.4571': attribute type 13 has an invalid length. [ 455.849223][T20605] netlink: 'syz.3.4571': attribute type 17 has an invalid length. [ 455.849388][T20598] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4569'. [ 455.986330][T20605] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 456.535481][T20624] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4575'. [ 456.556996][T20624] netlink: 'syz.4.4575': attribute type 5 has an invalid length. [ 456.587463][T20624] geneve4: entered promiscuous mode [ 456.593660][T20624] geneve4: entered allmulticast mode [ 456.633812][T17293] netdevsim netdevsim4 netdevsim0: set [1, 2] type 2 family 0 port 256 - 0 [ 456.663886][T17293] netdevsim netdevsim4 netdevsim1: set [1, 2] type 2 family 0 port 256 - 0 [ 456.695748][T17293] netdevsim netdevsim4 netdevsim2: set [1, 2] type 2 family 0 port 256 - 0 [ 456.711323][T17293] netdevsim netdevsim4 netdevsim3: set [1, 2] type 2 family 0 port 256 - 0 [ 456.819603][T20639] netlink: 'syz.2.4578': attribute type 1 has an invalid length. [ 456.991892][T20651] netlink: 'syz.0.4580': attribute type 10 has an invalid length. [ 457.012396][T20639] 8021q: adding VLAN 0 to HW filter on device bond7 [ 457.050727][T20647] netlink: 'syz.1.4582': attribute type 16 has an invalid length. [ 457.317416][T20664] bond0: entered promiscuous mode [ 457.322707][T20664] bond_slave_0: entered promiscuous mode [ 457.333000][T20664] bond_slave_1: entered promiscuous mode [ 457.349037][T20664] bond0: left promiscuous mode [ 457.355249][T20664] bond_slave_0: left promiscuous mode [ 457.361048][T20664] bond_slave_1: left promiscuous mode [ 457.376230][T20670] FAULT_INJECTION: forcing a failure. [ 457.376230][T20670] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 457.390412][T20670] CPU: 1 UID: 0 PID: 20670 Comm: syz.3.4587 Not tainted syzkaller #0 PREEMPT(full) [ 457.390437][T20670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 457.390435][T20669] vcan0: tx drop: invalid da for name 0x00000000000000c7 [ 457.390449][T20670] Call Trace: [ 457.390458][T20670] [ 457.390466][T20670] dump_stack_lvl+0x189/0x250 [ 457.390489][T20670] ? __pfx____ratelimit+0x10/0x10 [ 457.390507][T20670] ? __pfx_dump_stack_lvl+0x10/0x10 [ 457.390528][T20670] ? __pfx__printk+0x10/0x10 [ 457.390562][T20670] should_fail_ex+0x414/0x560 [ 457.390591][T20670] _copy_to_user+0x31/0xb0 [ 457.390614][T20670] simple_read_from_buffer+0xe1/0x170 [ 457.390642][T20670] proc_fail_nth_read+0x1b3/0x220 [ 457.390665][T20670] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 457.390696][T20670] ? rw_verify_area+0x2a6/0x4d0 [ 457.390715][T20670] ? __lock_acquire+0xab9/0xd20 [ 457.390736][T20670] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 457.390756][T20670] vfs_read+0x1fd/0xa30 [ 457.390775][T20670] ? fdget_pos+0x247/0x320 [ 457.390796][T20670] ? __pfx___mutex_lock+0x10/0x10 [ 457.390818][T20670] ? __pfx_vfs_read+0x10/0x10 [ 457.390841][T20670] ? __fget_files+0x2a/0x420 [ 457.390861][T20670] ? __fget_files+0x3a0/0x420 [ 457.390875][T20670] ? __fget_files+0x2a/0x420 [ 457.390900][T20670] ksys_read+0x145/0x250 [ 457.390923][T20670] ? __pfx_ksys_read+0x10/0x10 [ 457.390941][T20670] ? rcu_is_watching+0x15/0xb0 [ 457.390963][T20670] ? do_syscall_64+0xbe/0x3b0 [ 457.390985][T20670] do_syscall_64+0xfa/0x3b0 [ 457.391002][T20670] ? lockdep_hardirqs_on+0x9c/0x150 [ 457.391019][T20670] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.391036][T20670] ? clear_bhb_loop+0x60/0xb0 [ 457.391056][T20670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.391073][T20670] RIP: 0033:0x7f100598d8dc [ 457.391089][T20670] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 457.391104][T20670] RSP: 002b:00007f10067a9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 457.391123][T20670] RAX: ffffffffffffffda RBX: 00007f1005be6180 RCX: 00007f100598d8dc [ 457.391136][T20670] RDX: 000000000000000f RSI: 00007f10067a90a0 RDI: 000000000000000b [ 457.391147][T20670] RBP: 00007f10067a9090 R08: 0000000000000000 R09: 0000000000000000 [ 457.391157][T20670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 457.391166][T20670] R13: 00007f1005be6218 R14: 00007f1005be6180 R15: 00007ffc436f6498 [ 457.391196][T20670] [ 457.987731][T20681] 8021q: adding VLAN 0 to HW filter on device bond9 [ 458.028825][T20681] team0: Port device bond9 added [ 458.068396][T20688] netlink: 'syz.2.4596': attribute type 11 has an invalid length. [ 458.153800][T20699] syzkaller1: entered promiscuous mode [ 458.160296][T20699] syzkaller1: entered allmulticast mode [ 458.280863][T20703] vlan3: entered promiscuous mode [ 458.286185][T20703] team0: entered promiscuous mode [ 458.291393][T20703] team_slave_0: entered promiscuous mode [ 458.297523][T20703] team_slave_1: entered promiscuous mode [ 458.303507][T20703] bond2: entered promiscuous mode [ 458.310794][T20703] bond6: entered promiscuous mode [ 458.316354][T20703] bond8: entered promiscuous mode [ 458.321704][T20703] bond9: entered promiscuous mode [ 458.347379][T20703] team0: Device vlan3 is already an upper device of the team interface [ 458.564690][T20720] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 458.616061][T20728] IPVS: set_ctl: invalid protocol: 229 0.0.0.0:20001 [ 459.136068][T20758] syzkaller0: entered promiscuous mode [ 459.142764][T20758] syzkaller0: entered allmulticast mode [ 460.197324][ T5233] udevd[5233]: worker [9855] /devices/virtual/block/nbd4 is taking a long time [ 461.048383][T17265] veth0_to_bond: left allmulticast mode [ 461.073038][T17265] veth0_to_bond: left promiscuous mode [ 461.092551][T17265] bridge4: port 2(veth0_to_bond) entered disabled state [ 461.155883][T17265] veth23: left allmulticast mode [ 461.161837][T17265] veth23: left promiscuous mode [ 461.171295][T17265] bridge4: port 1(veth23) entered disabled state [ 461.184025][T20783] __nla_validate_parse: 14 callbacks suppressed [ 461.184042][T20783] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4628'. [ 461.211414][T17265] tipc: Resetting bearer [ 461.357125][T17265] bond8 (unregistering): (slave ip6gretap1): Removing an active aggregator [ 461.370875][T17265] bond8 (unregistering): (slave ip6gretap1): Releasing backup interface [ 461.590044][T17265] erspan0 (unregistering): left allmulticast mode [ 461.841781][T17265] tipc: Disabling bearer [ 461.888214][T17265] bond6 (unregistering): (slave bridge1): Releasing backup interface [ 461.896426][T17265] bridge1 (unregistering): left promiscuous mode [ 462.213460][T17265] bond0 (unregistering): left promiscuous mode [ 462.220106][T17265] bond_slave_0: left promiscuous mode [ 462.225785][T17265] bond_slave_1: left promiscuous mode [ 462.232708][T17265] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 462.243834][T17265] bond_slave_0: left allmulticast mode [ 462.251274][T17265] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 462.260293][T17265] bond_slave_1: left allmulticast mode [ 462.267063][T17265] bond0 (unregistering): (slave team0): Releasing backup interface [ 462.275665][T17265] team0: left allmulticast mode [ 462.280629][T17265] team_slave_0: left allmulticast mode [ 462.286601][T17265] team_slave_1: left allmulticast mode [ 462.292095][T17265] bond1 (unregistering): left allmulticast mode [ 462.298857][T17265] bond2 (unregistering): left allmulticast mode [ 462.305243][T17265] bond3 (unregistering): left allmulticast mode [ 462.311589][T17265] bond5 (unregistering): left allmulticast mode [ 462.318000][T17265] bond7 (unregistering): left allmulticast mode [ 462.324764][T17265] bond12 (unregistering): left allmulticast mode [ 462.331099][T17265] bond13 (unregistering): left allmulticast mode [ 462.337545][T17265] bond14 (unregistering): left allmulticast mode [ 462.346837][T17265] bond0 (unregistering): Released all slaves [ 462.395629][ T1166] block nbd4: Possible stuck request ffff8880252f0000: control (read@0,1024B). Runtime 90 seconds [ 462.413785][ T1166] block nbd4: Possible stuck request ffff8880252f01c0: control (read@1024,1024B). Runtime 90 seconds [ 462.424749][ T1166] block nbd4: Possible stuck request ffff8880252f0380: control (read@2048,1024B). Runtime 90 seconds [ 462.435920][ T1166] block nbd4: Possible stuck request ffff8880252f0540: control (read@3072,1024B). Runtime 90 seconds [ 462.479028][T17265] bond1 (unregistering): left promiscuous mode [ 462.486267][T17265] team0: Port device bond1 removed [ 462.492322][T17265] bond1 (unregistering): Released all slaves [ 462.554528][ T51] Bluetooth: hci2: command 0x040f tx timeout [ 462.619782][T17265] bond2 (unregistering): left promiscuous mode [ 462.627147][T17265] team0: Port device bond2 removed [ 462.633310][T17265] bond2 (unregistering): Released all slaves [ 462.756272][T17265] bond3 (unregistering): left promiscuous mode [ 462.763139][T17265] team0: Port device bond3 removed [ 462.769345][T17265] bond3 (unregistering): Released all slaves [ 462.885498][T17265] bond4 (unregistering): Released all slaves [ 462.996113][T17265] bond5 (unregistering): left promiscuous mode [ 463.003090][T17265] team0: Port device bond5 removed [ 463.009250][T17265] bond5 (unregistering): Released all slaves [ 463.126058][T17265] bond6 (unregistering): Released all slaves [ 463.237522][T17265] bond7 (unregistering): left promiscuous mode [ 463.244803][T17265] team0: Port device bond7 removed [ 463.250887][T17265] bond7 (unregistering): Released all slaves [ 463.366651][T17265] bond8 (unregistering): Released all slaves [ 463.482142][T17265] bond9 (unregistering): Released all slaves [ 463.597021][T17265] bond10 (unregistering): Released all slaves [ 463.711951][T17265] bond11 (unregistering): Released all slaves [ 463.821222][T17265] bond12 (unregistering): left promiscuous mode [ 463.828474][T17265] team0: Port device bond12 removed [ 463.835212][T17265] bond12 (unregistering): Released all slaves [ 463.953820][T17265] bond13 (unregistering): left promiscuous mode [ 463.960975][T17265] team0: Port device bond13 removed [ 463.967504][T17265] bond13 (unregistering): Released all slaves [ 464.077525][T17265] bond14 (unregistering): left promiscuous mode [ 464.084658][T17265] team0: Port device bond14 removed [ 464.090975][T17265] bond14 (unregistering): Released all slaves [ 464.103694][T20780] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4625'. [ 464.122801][T20783] bridge0: entered promiscuous mode [ 464.133321][T20783] macvtap4: entered promiscuous mode [ 464.138919][T20783] macvtap4: entered allmulticast mode [ 464.145325][T20783] bridge0: entered allmulticast mode [ 464.167929][T20787] bridge0: left allmulticast mode [ 464.173181][T20787] bridge0: left promiscuous mode [ 464.321830][T20802] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4632'. [ 464.389415][T17265] tipc: Left network mode [ 464.535808][T20811] FAULT_INJECTION: forcing a failure. [ 464.535808][T20811] name failslab, interval 1, probability 0, space 0, times 0 [ 464.549990][T20811] CPU: 1 UID: 0 PID: 20811 Comm: syz.4.4636 Not tainted syzkaller #0 PREEMPT(full) [ 464.550023][T20811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 464.550035][T20811] Call Trace: [ 464.550042][T20811] [ 464.550051][T20811] dump_stack_lvl+0x189/0x250 [ 464.550076][T20811] ? __pfx____ratelimit+0x10/0x10 [ 464.550096][T20811] ? __pfx_dump_stack_lvl+0x10/0x10 [ 464.550115][T20811] ? __pfx__printk+0x10/0x10 [ 464.550143][T20811] ? __pfx___might_resched+0x10/0x10 [ 464.550166][T20811] should_fail_ex+0x414/0x560 [ 464.550194][T20811] should_failslab+0xa8/0x100 [ 464.550219][T20811] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 464.550241][T20811] ? __alloc_skb+0x112/0x2d0 [ 464.550266][T20811] __alloc_skb+0x112/0x2d0 [ 464.550289][T20811] netlink_sendmsg+0x5c6/0xb30 [ 464.550319][T20811] ? __pfx_netlink_sendmsg+0x10/0x10 [ 464.550342][T20811] ? aa_sock_msg_perm+0xf1/0x1d0 [ 464.550362][T20811] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 464.550381][T20811] ? __pfx_netlink_sendmsg+0x10/0x10 [ 464.550402][T20811] __sock_sendmsg+0x21c/0x270 [ 464.550423][T20811] ____sys_sendmsg+0x505/0x830 [ 464.550451][T20811] ? __pfx_____sys_sendmsg+0x10/0x10 [ 464.550487][T20811] ? import_iovec+0x74/0xa0 [ 464.550511][T20811] ___sys_sendmsg+0x21f/0x2a0 [ 464.550536][T20811] ? __pfx____sys_sendmsg+0x10/0x10 [ 464.550590][T20811] ? __fget_files+0x2a/0x420 [ 464.550605][T20811] ? __fget_files+0x3a0/0x420 [ 464.550631][T20811] __x64_sys_sendmsg+0x19b/0x260 [ 464.550655][T20811] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 464.550686][T20811] ? __pfx_ksys_write+0x10/0x10 [ 464.550706][T20811] ? rcu_is_watching+0x15/0xb0 [ 464.550729][T20811] ? do_syscall_64+0xbe/0x3b0 [ 464.550752][T20811] do_syscall_64+0xfa/0x3b0 [ 464.550769][T20811] ? lockdep_hardirqs_on+0x9c/0x150 [ 464.550787][T20811] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.550804][T20811] ? clear_bhb_loop+0x60/0xb0 [ 464.550825][T20811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.550841][T20811] RIP: 0033:0x7efe6cd8eec9 [ 464.550858][T20811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 464.550871][T20811] RSP: 002b:00007efe6aff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 464.550891][T20811] RAX: ffffffffffffffda RBX: 00007efe6cfe5fa0 RCX: 00007efe6cd8eec9 [ 464.550904][T20811] RDX: 0000000000000004 RSI: 00002000000000c0 RDI: 000000000000000d [ 464.550916][T20811] RBP: 00007efe6aff6090 R08: 0000000000000000 R09: 0000000000000000 [ 464.550926][T20811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 464.550937][T20811] R13: 00007efe6cfe6038 R14: 00007efe6cfe5fa0 R15: 00007fff3d2e4d68 [ 464.550965][T20811] [ 464.923815][T20818] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4637'. [ 465.435805][T20834] netlink: 'syz.2.4641': attribute type 1 has an invalid length. [ 465.492672][T20841] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4643'. [ 465.519017][T20834] 8021q: adding VLAN 0 to HW filter on device bond8 [ 465.549029][T17265] veth1_to_team: left promiscuous mode [ 465.571840][T17265] hsr_slave_0: left promiscuous mode [ 465.578544][T17265] hsr_slave_1: left promiscuous mode [ 465.590424][T17265] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 465.602485][T17265] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 466.245818][T17265] team_slave_1 (unregistering): left promiscuous mode [ 466.253340][T17265] team0 (unregistering): Port device team_slave_1 removed [ 466.297435][T17265] team_slave_0 (unregistering): left promiscuous mode [ 466.305877][T17265] team0 (unregistering): Port device team_slave_0 removed [ 466.640188][T20839] ipvlan2: entered allmulticast mode [ 466.647518][T20839] bond8: entered allmulticast mode [ 466.718094][T20834] bond8: (slave gretap1): making interface the new active one [ 466.718922][T20859] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4645'. [ 466.725839][T20834] gretap1: entered allmulticast mode [ 466.747886][T20834] bond8: (slave gretap1): Enslaving as an active interface with an up link [ 466.790524][T20846] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 466.823088][T20847] tipc: Enabling of bearer rejected, failed to enable media [ 467.085866][T20878] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4647'. [ 467.200672][T20874] syz_tun: left allmulticast mode [ 467.224950][T20876] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4649'. [ 467.236216][T17290] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 467.254406][T17290] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 467.281070][T17290] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 467.296509][T17270] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 467.478515][T17265] IPVS: stop unused estimator thread 0... [ 468.126317][T20908] netlink: 'syz.3.4656': attribute type 1 has an invalid length. [ 468.242175][T20908] 8021q: adding VLAN 0 to HW filter on device bond10 [ 468.304717][T20912] bond10: (slave wlan0): Opening slave failed [ 468.597871][T20926] netlink: 'syz.1.4660': attribute type 1 has an invalid length. [ 468.657910][T20926] 8021q: adding VLAN 0 to HW filter on device bond8 [ 468.740330][T20929] ipvlan2: entered allmulticast mode [ 468.755933][T20929] bond8: entered allmulticast mode [ 468.958613][T20926] bond8: (slave gretap1): making interface the new active one [ 469.020009][T20926] gretap1: entered allmulticast mode [ 469.048338][T20926] bond8: (slave gretap1): Enslaving as an active interface with an up link [ 469.110711][T20929] tipc: Enabling of bearer rejected, failed to enable media [ 469.211512][T20940] openvswitch: netlink: Key 6 has unexpected len 4096 expected 2 [ 469.241068][T20942] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4663'. [ 469.610823][T20959] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4669'. [ 469.647354][T20962] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4670'. [ 469.733512][T20962] bond0: entered promiscuous mode [ 469.751587][T20962] bond_slave_0: entered promiscuous mode [ 469.761947][T20962] bond_slave_1: entered promiscuous mode [ 469.772739][T20962] bond0: left promiscuous mode [ 469.777730][T20962] bond_slave_0: left promiscuous mode [ 469.783483][T20962] bond_slave_1: left promiscuous mode [ 469.863968][T20966] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.885761][T20970] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4671'. [ 469.979907][T20966] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.166437][T20966] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.346559][T20966] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.487739][T20997] netlink: 'syz.0.4682': attribute type 4 has an invalid length. [ 470.499328][T20997] netlink: 'syz.0.4682': attribute type 4 has an invalid length. [ 470.609269][T17270] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.648322][T21004] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4684'. [ 470.726919][T17265] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.753953][T17265] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.785774][T17270] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.914030][T21020] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4689'. [ 470.923411][T21014] xfrm0: left promiscuous mode [ 470.928576][T21014] xfrm0: left allmulticast mode [ 471.211746][T21040] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4698'. [ 471.530102][T21055] netlink: 'syz.1.4703': attribute type 1 has an invalid length. [ 471.580527][T21058] netlink: 'syz.0.4702': attribute type 1 has an invalid length. [ 471.715138][T21055] 8021q: adding VLAN 0 to HW filter on device bond9 [ 471.842920][T21058] 8021q: adding VLAN 0 to HW filter on device bond5 [ 471.861183][T21060] vlan4: entered promiscuous mode [ 471.866402][T21060] bond9: entered promiscuous mode [ 471.871601][T21060] vlan4: entered allmulticast mode [ 471.894341][T21060] bond9: entered allmulticast mode [ 471.942849][T21064] bond5: (slave vlan0): Opening slave failed [ 471.971142][T21068] bridge0: entered promiscuous mode [ 471.976792][T21068] macsec2: entered promiscuous mode [ 471.984044][T21068] bridge0: port 3(macsec2) entered blocking state [ 471.995227][T21068] bridge0: port 3(macsec2) entered disabled state [ 472.019097][T21068] macsec2: entered allmulticast mode [ 472.033946][T21068] bridge0: entered allmulticast mode [ 472.062783][T21068] macsec2: left allmulticast mode [ 472.074383][T21068] bridge0: left allmulticast mode [ 472.084128][T21068] bridge0: left promiscuous mode [ 472.152927][T21079] FAULT_INJECTION: forcing a failure. [ 472.152927][T21079] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 472.167040][T21079] CPU: 0 UID: 0 PID: 21079 Comm: syz.2.4707 Not tainted syzkaller #0 PREEMPT(full) [ 472.167088][T21079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 472.167113][T21079] Call Trace: [ 472.167120][T21079] [ 472.167129][T21079] dump_stack_lvl+0x189/0x250 [ 472.167155][T21079] ? __pfx____ratelimit+0x10/0x10 [ 472.167175][T21079] ? __pfx_dump_stack_lvl+0x10/0x10 [ 472.167195][T21079] ? __pfx__printk+0x10/0x10 [ 472.167218][T21079] ? __might_fault+0xb0/0x130 [ 472.167251][T21079] should_fail_ex+0x414/0x560 [ 472.167279][T21079] _copy_from_iter+0x1de/0x1790 [ 472.167306][T21079] ? rcu_is_watching+0x15/0xb0 [ 472.167326][T21079] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 472.167350][T21079] ? __pfx__copy_from_iter+0x10/0x10 [ 472.167370][T21079] ? __build_skb_around+0x257/0x3e0 [ 472.167395][T21079] ? netlink_sendmsg+0x642/0xb30 [ 472.167412][T21079] ? skb_put+0x11b/0x210 [ 472.167435][T21079] netlink_sendmsg+0x6b2/0xb30 [ 472.167476][T21079] ? __pfx_netlink_sendmsg+0x10/0x10 [ 472.167499][T21079] ? aa_sock_msg_perm+0xf1/0x1d0 [ 472.167519][T21079] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 472.167538][T21079] ? __pfx_netlink_sendmsg+0x10/0x10 [ 472.167564][T21079] __sock_sendmsg+0x21c/0x270 [ 472.167585][T21079] ____sys_sendmsg+0x505/0x830 [ 472.167616][T21079] ? __pfx_____sys_sendmsg+0x10/0x10 [ 472.167647][T21079] ? import_iovec+0x74/0xa0 [ 472.167676][T21079] ___sys_sendmsg+0x21f/0x2a0 [ 472.167704][T21079] ? __pfx____sys_sendmsg+0x10/0x10 [ 472.167761][T21079] ? __fget_files+0x2a/0x420 [ 472.167777][T21079] ? __fget_files+0x3a0/0x420 [ 472.167803][T21079] __x64_sys_sendmsg+0x19b/0x260 [ 472.167827][T21079] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 472.167858][T21079] ? __pfx_ksys_write+0x10/0x10 [ 472.167878][T21079] ? rcu_is_watching+0x15/0xb0 [ 472.167900][T21079] ? do_syscall_64+0xbe/0x3b0 [ 472.167923][T21079] do_syscall_64+0xfa/0x3b0 [ 472.167940][T21079] ? lockdep_hardirqs_on+0x9c/0x150 [ 472.167965][T21079] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.167982][T21079] ? clear_bhb_loop+0x60/0xb0 [ 472.168004][T21079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.168021][T21079] RIP: 0033:0x7fc717d8eec9 [ 472.168039][T21079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 472.168055][T21079] RSP: 002b:00007fc718b61038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 472.168074][T21079] RAX: ffffffffffffffda RBX: 00007fc717fe5fa0 RCX: 00007fc717d8eec9 [ 472.168088][T21079] RDX: 0000000000000004 RSI: 00002000000000c0 RDI: 000000000000000d [ 472.168099][T21079] RBP: 00007fc718b61090 R08: 0000000000000000 R09: 0000000000000000 [ 472.168111][T21079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 472.168122][T21079] R13: 00007fc717fe6038 R14: 00007fc717fe5fa0 R15: 00007ffc3b1e6f38 [ 472.168152][T21079] [ 472.500810][T21084] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4708'. [ 472.630034][T21088] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 472.640981][T21088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4710'. [ 472.858165][T21103] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4717'. [ 472.986415][T21107] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4720'. [ 473.537738][T21109] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4719'. [ 473.978036][T21157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4730'. [ 474.136659][T21153] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 474.189851][T21153] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.431094][T21153] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 474.462155][T21153] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.589896][T21193] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4742'. [ 474.668346][T21153] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 474.680116][T21153] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.789313][T21153] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 474.800385][T21153] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.933037][T17270] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 474.944575][T17270] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.970573][T17270] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 474.983208][T17270] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.050015][T21210] 8021q: adding VLAN 0 to HW filter on device bond10 [ 475.058275][T21210] bond10: entered promiscuous mode [ 475.064478][T21210] team0: Port device bond10 added [ 475.070453][T17270] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 475.083847][T17270] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.116943][T17292] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 475.134432][T17292] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.175318][T21222] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 475.279579][T21225] netlink: 'syz.3.4754': attribute type 1 has an invalid length. [ 475.335323][T21225] 8021q: adding VLAN 0 to HW filter on device bond11 [ 475.343379][T21230] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: invalid value (71) [ 475.359674][T21232] bond11: (slave wlan0): Opening slave failed [ 475.405812][T21225] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4754'. [ 475.616682][T21242] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4761'. [ 476.560599][T21292] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4775'. [ 476.601674][T21293] netlink: 'syz.3.4774': attribute type 1 has an invalid length. [ 476.609725][T21293] netlink: 'syz.3.4774': attribute type 2 has an invalid length. [ 476.628662][T21298] netlink: 'syz.0.4777': attribute type 1 has an invalid length. [ 476.642742][T21298] netlink: 'syz.0.4777': attribute type 2 has an invalid length. [ 476.659950][T21296] ip6tnl1: entered promiscuous mode [ 476.665673][T21296] ip6tnl1: entered allmulticast mode [ 476.672651][T21296] team0: Device ip6tnl1 is of different type [ 476.680599][T21300] netlink: 'syz.0.4777': attribute type 1 has an invalid length. [ 476.688522][T21300] netlink: 'syz.0.4777': attribute type 2 has an invalid length. [ 477.336871][T21346] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 477.915951][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 477.922732][T21373] __nla_validate_parse: 5 callbacks suppressed [ 477.922748][T21373] netlink: 56 bytes leftover after parsing attributes in process `syz.4.4796'. [ 478.072520][T21377] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4797'. [ 478.085295][ T5870] Bluetooth: hci1: command tx timeout [ 478.102476][T21382] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4799'. [ 478.111273][T21377] bond0: entered promiscuous mode [ 478.117152][T21377] bond_slave_0: entered promiscuous mode [ 478.124109][T21377] bond_slave_1: entered promiscuous mode [ 478.132486][T21377] bond0: left promiscuous mode [ 478.137731][T21377] bond_slave_0: left promiscuous mode [ 478.143442][T21377] bond_slave_1: left promiscuous mode [ 478.349014][T21394] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4802'. [ 478.395821][ T55] block nbd1: Possible stuck request ffff888025245080: control (read@0,1024B). Runtime 360 seconds [ 478.407040][ T55] block nbd1: Possible stuck request ffff888025245240: control (read@1024,1024B). Runtime 360 seconds [ 478.418331][ T55] block nbd1: Possible stuck request ffff888025245400: control (read@2048,1024B). Runtime 360 seconds [ 478.432047][ T55] block nbd1: Possible stuck request ffff8880252455c0: control (read@3072,1024B). Runtime 360 seconds [ 478.609064][T21412] netlink: 'syz.0.4809': attribute type 1 has an invalid length. [ 478.706490][T21412] 8021q: adding VLAN 0 to HW filter on device bond6 [ 478.730159][T21406] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4809'. [ 479.039789][ T31] INFO: task udevd:5880 blocked for more than 143 seconds. [ 479.077599][ T31] Not tainted syzkaller #0 [ 479.085841][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 479.117149][ T31] task:udevd state:D stack:19864 pid:5880 tgid:5880 ppid:5233 task_flags:0x400140 flags:0x00004006 [ 479.141657][ T31] Call Trace: [ 479.145209][ T31] [ 479.148911][ T31] __schedule+0x1798/0x4cc0 [ 479.153563][ T31] ? __pfx___schedule+0x10/0x10 [ 479.158608][ T31] ? schedule+0x91/0x360 [ 479.162989][ T31] schedule+0x165/0x360 [ 479.167323][ T31] io_schedule+0x80/0xd0 [ 479.171652][ T31] folio_wait_bit_common+0x6b0/0xb90 [ 479.177272][ T31] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 479.183170][ T31] ? __pfx_wake_page_function+0x10/0x10 [ 479.188827][ T31] ? __filemap_get_folio+0x6e0/0xaf0 [ 479.194153][ T31] ? do_read_cache_folio+0x4e9/0x590 [ 479.200379][ T31] do_read_cache_folio+0x1aa/0x590 [ 479.202530][T21452] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4819'. [ 479.205818][ T31] ? __pfx_blkdev_read_folio+0x10/0x10 [ 479.205856][ T31] read_part_sector+0xb6/0x2b0 [ 479.205886][ T31] adfspart_check_POWERTEC+0x8c/0xf30 [ 479.205906][ T31] ? __pfx_adfspart_check_ICS+0x10/0x10 [ 479.205926][ T31] ? __pfx_adfspart_check_POWERTEC+0x10/0x10 [ 479.205957][ T31] bdev_disk_changed+0x75c/0x14b0 [ 479.206001][ T31] ? __pfx_bdev_disk_changed+0x10/0x10 [ 479.206024][ T31] ? wait_on_inode+0xc0/0x230 [ 479.206052][ T31] blkdev_get_whole+0x380/0x510 [ 479.206078][ T31] bdev_open+0x31e/0xd30 [ 479.206108][ T31] blkdev_open+0x457/0x600 [ 479.206133][ T31] ? __pfx_blkdev_open+0x10/0x10 [ 479.206152][ T31] do_dentry_open+0x950/0x13f0 [ 479.206187][ T31] vfs_open+0x3b/0x340 [ 479.285031][ T31] ? path_openat+0x2ecd/0x3830 [ 479.289822][ T31] path_openat+0x2ee5/0x3830 [ 479.294476][ T31] ? arch_stack_walk+0xfc/0x150 [ 479.299359][ T31] ? stack_depot_save_flags+0x40/0x860 [ 479.304967][ T31] ? __pfx_path_openat+0x10/0x10 [ 479.309941][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.316065][ T31] do_filp_open+0x1fa/0x410 [ 479.320570][ T31] ? __lock_acquire+0xab9/0xd20 [ 479.325508][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 479.330575][ T31] ? _raw_spin_unlock+0x28/0x50 [ 479.335476][ T31] ? alloc_fd+0x64c/0x6c0 [ 479.339834][ T31] do_sys_openat2+0x121/0x1c0 [ 479.344571][ T31] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 479.350033][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 479.355352][ T31] __x64_sys_openat+0x138/0x170 [ 479.360211][ T31] do_syscall_64+0xfa/0x3b0 [ 479.364869][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.370965][ T31] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 479.377177][ T31] ? clear_bhb_loop+0x60/0xb0 [ 479.381869][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.387823][ T31] RIP: 0033:0x7f02baaa7407 [ 479.392240][ T31] RSP: 002b:00007ffe45e28090 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 479.400740][ T31] RAX: ffffffffffffffda RBX: 00007f02bb1c8880 RCX: 00007f02baaa7407 [ 479.408803][ T31] RDX: 00000000000a0800 RSI: 000055a63ba388e0 RDI: ffffffffffffff9c [ 479.416941][ T31] RBP: 000055a63ba10910 R08: 0000000000000000 R09: 0000000000000000 [ 479.424987][ T31] R10: 0000000000000000 R11: 0000000000000202 R12: 000055a63ba376d0 [ 479.432978][ T31] R13: 000055a63ba1e190 R14: 0000000000000000 R15: 000055a63ba376d0 [ 479.441053][ T31] [ 479.451713][ T31] [ 479.451713][ T31] Showing all locks held in the system: [ 479.474366][ T31] 1 lock held by khungtaskd/31: [ 479.479306][ T31] #0: ffffffff8e13a0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 479.495349][ T31] 2 locks held by getty/5620: [ 479.500185][ T31] #0: ffff88814ca810a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 479.510223][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 479.521218][ T31] 1 lock held by udevd/5880: [ 479.525942][ T31] #0: ffff888142bb8358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 [ 479.536374][ T31] 1 lock held by udevd/9855: [ 479.540972][ T31] #0: ffff8880251e3358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 [ 479.550292][ T31] 2 locks held by syz-executor/16591: [ 479.555737][ T31] #0: ffff8880b8739f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 479.566907][ T31] #1: ffff8880b8724008 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 [ 479.575855][ T31] 3 locks held by syz.3.4812/21414: [ 479.581065][ T31] #0: ffff88805227b208 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 479.591347][ T31] #1: ffff888030c8d258 (sk_lock-AF_CAN){+.+.}-{0:0}, at: bcm_release+0x1cd/0x940 [ 479.600635][ T31] #2: ffffffff8e13fb78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 [ 479.611661][ T31] [ 479.614003][ T31] ============================================= [ 479.614003][ T31] [ 479.623225][ T31] NMI backtrace for cpu 1 [ 479.623245][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 479.623265][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 479.623277][ T31] Call Trace: [ 479.623285][ T31] [ 479.623294][ T31] dump_stack_lvl+0x189/0x250 [ 479.623321][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 479.623342][ T31] ? __pfx__printk+0x10/0x10 [ 479.623376][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 479.623403][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 479.623428][ T31] ? __pfx__printk+0x10/0x10 [ 479.623454][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 479.623489][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 479.623516][ T31] watchdog+0xf93/0xfe0 [ 479.623544][ T31] ? watchdog+0x1de/0xfe0 [ 479.623571][ T31] kthread+0x70e/0x8a0 [ 479.623595][ T31] ? __pfx_watchdog+0x10/0x10 [ 479.623616][ T31] ? __pfx_kthread+0x10/0x10 [ 479.623639][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 479.623663][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 479.623679][ T31] ? __pfx_kthread+0x10/0x10 [ 479.623700][ T31] ret_from_fork+0x439/0x7d0 [ 479.623723][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 479.623747][ T31] ? __switch_to_asm+0x39/0x70 [ 479.623767][ T31] ? __switch_to_asm+0x33/0x70 [ 479.623785][ T31] ? __pfx_kthread+0x10/0x10 [ 479.623807][ T31] ret_from_fork_asm+0x1a/0x30 [ 479.623842][ T31] [ 479.623850][ T31] Sending NMI from CPU 1 to CPUs 0: [ 479.771204][ C0] NMI backtrace for cpu 0 [ 479.771222][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) [ 479.771240][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 479.771250][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 479.771271][ C0] Code: 53 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d b3 29 0d 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 479.771286][ C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2 [ 479.771301][ C0] RAX: 24f686b03d380400 RBX: ffffffff819683f8 RCX: 24f686b03d380400 [ 479.771314][ C0] RDX: 0000000000000001 RSI: ffffffff8d9ba51c RDI: ffffffff8be33f00 [ 479.771325][ C0] RBP: ffffffff8de07eb8 R08: ffff8880b8632f9b R09: 1ffff110170c65f3 [ 479.771338][ C0] R10: dffffc0000000000 R11: ffffed10170c65f4 R12: ffffffff8fa39030 [ 479.771350][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a20 [ 479.771361][ C0] FS: 0000000000000000(0000) GS:ffff888125c13000(0000) knlGS:0000000000000000 [ 479.771374][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 479.771385][ C0] CR2: 0000555581bdc5c8 CR3: 000000007b850000 CR4: 00000000003526f0 [ 479.771400][ C0] Call Trace: [ 479.771409][ C0] [ 479.771415][ C0] default_idle+0x13/0x20 [ 479.771433][ C0] default_idle_call+0x74/0xb0 [ 479.771452][ C0] do_idle+0x1e8/0x510 [ 479.771470][ C0] ? __pfx_do_idle+0x10/0x10 [ 479.771492][ C0] cpu_startup_entry+0x44/0x60 [ 479.771507][ C0] rest_init+0x2de/0x300 [ 479.771530][ C0] start_kernel+0x3a9/0x410 [ 479.771550][ C0] x86_64_start_reservations+0x24/0x30 [ 479.771571][ C0] x86_64_start_kernel+0x143/0x1c0 [ 479.771591][ C0] common_startup_64+0x13e/0x147 [ 479.771617][ C0] [ 479.772292][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 479.952499][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 479.961594][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 479.971639][ T31] Call Trace: [ 479.974997][ T31] [ 479.977916][ T31] dump_stack_lvl+0x99/0x250 [ 479.982497][ T31] ? __asan_memcpy+0x40/0x70 [ 479.987076][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 479.992263][ T31] ? __pfx__printk+0x10/0x10 [ 479.996856][ T31] vpanic+0x281/0x750 [ 480.000836][ T31] ? __pfx_vpanic+0x10/0x10 [ 480.005335][ T31] ? preempt_schedule+0xae/0xc0 [ 480.010175][ T31] ? preempt_schedule_common+0x83/0xd0 [ 480.015633][ T31] panic+0xb9/0xc0 [ 480.019365][ T31] ? __pfx_panic+0x10/0x10 [ 480.023772][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 480.029139][ T31] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 480.035294][ T31] watchdog+0xfd2/0xfe0 [ 480.039445][ T31] ? watchdog+0x1de/0xfe0 [ 480.043766][ T31] kthread+0x70e/0x8a0 [ 480.047826][ T31] ? __pfx_watchdog+0x10/0x10 [ 480.052496][ T31] ? __pfx_kthread+0x10/0x10 [ 480.057076][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 480.062360][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 480.067546][ T31] ? __pfx_kthread+0x10/0x10 [ 480.072128][ T31] ret_from_fork+0x439/0x7d0 [ 480.076708][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 480.081812][ T31] ? __switch_to_asm+0x39/0x70 [ 480.086574][ T31] ? __switch_to_asm+0x33/0x70 [ 480.091349][ T31] ? __pfx_kthread+0x10/0x10 [ 480.095939][ T31] ret_from_fork_asm+0x1a/0x30 [ 480.100718][ T31] [ 480.103984][ T31] Kernel Offset: disabled [ 480.108301][ T31] Rebooting in 86400 seconds..