last executing test programs: 23.097769419s ago: executing program 4 (id=1610): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vxcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000005c0)={0x1d, r1}, 0x10) sendmsg$can_bcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="05000000000400000000004000000000", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYBLOB="0000004001"], 0x48}}, 0x0) 22.929898683s ago: executing program 4 (id=1613): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd0100000000001400000060e1fd0003082f00fe88a43de1a400000000000000007d01ff0200000000000000000000040000010000883e"], 0xfdef) 22.738834805s ago: executing program 4 (id=1614): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000014007910480000000003690046000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0xa3}, 0x21) 22.660767772s ago: executing program 4 (id=1616): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x5, 0x8, 0x2, 0x4}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c3a00000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000080000850000002d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') unshare(0x6a040000) socket$packet(0x11, 0x2, 0x300) sendmsg(0xffffffffffffffff, 0x0, 0x844) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r3, &(0x7f0000005240), 0x4000095, 0x0) getsockname$packet(r3, 0x0, 0x0) connect$rose(r3, 0x0, 0x0) connect$inet(r2, &(0x7f0000000480)={0x2, 0x4e20, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) 20.617699682s ago: executing program 4 (id=1632): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) sendmsg$FOU_CMD_DEL(r1, &(0x7f0000001040)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001000)={&(0x7f0000000f80)={0x48, 0x0, 0x20, 0x70bd2b, 0x25dfdbff, {}, [@FOU_ATTR_PEER_V6={0x14, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e20}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x2e}, @FOU_ATTR_PEER_V4={0x8, 0x8, @multicast2}, @FOU_ATTR_PEER_V4={0x8, 0x8, @dev={0xac, 0x14, 0x14, 0x19}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000414}, 0x20004000) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00', 0x0}) sendmsg$inet(r0, &(0x7f0000000440)={&(0x7f0000000040)={0x2, 0x4e20, @multicast2}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000180)="6d52707ee8bd603eb55ad78f4646918db4f060c10c3af9b99f5985a4da0106eaa515bbfbe8d93bff9d36ec7b03d5b5f858e1b0cd023063c318cddf1bf7df386624da7d431f42264fde59a9b35c495d2342712c84c30b9aa77cdf226ecf9d61ef5bf1e5db7056ebcdb1fb15eaa829af97f58a7d39c93c043e733e1fe0fdbdcddad52523bc7e8422c613afe14db2e04b85d22a4b15302d0ede85e78cebdf3bdd212f9d4282b1f01490e299ac9e237a99ebe52e33c93ede671d51f6facfce213ff098d519573e2031dbaa69708d0c8945440b9c84a7d37f834d7806664d67b7160960b4af7ae619eaf2eced491ab7a71b204a470d1ded835d372f", 0xf9}, {&(0x7f0000000300)="602f33ba288c6020cf72615da2db9585c1343f0bc7f708073274def9241360d08bd94869b0c10175036f883f062661cbd4ff874a881ef0265626e4d46530a3ae39c67670a96843698813bc168dae1e01f5dde5370d626825ae23b69bf15b0df1562fefc007141d8cf5f410f908e046efe3d45e359d634de6cec2bec9286dfa4f5e", 0x81}, {&(0x7f0000000080)="20c22d60842d08a14ee0c1b1b3030d16d1b9005bfb3deb2babb4d4cc329d230a7ded1cb612a7ef70d675a7730575f6b15ced4b76ba64ac937d0ffdd51fb3e56e4bfb856d9edaeb62862de16d296c4daa645d1890ce2df0d19b692709036394f2", 0x60}, {&(0x7f0000000280)}], 0x4, &(0x7f0000000400)=[@ip_ttl={{0x14, 0x0, 0x2, 0x2}}, @ip_ttl={{0x14, 0x0, 0x2, 0x3}}], 0x30}, 0x4040044) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f7", 0x1}], 0x1}], 0x1, 0x40800) sendto$packet(r0, &(0x7f00000002c0)="05031600d3fc140000004788031c09103c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) 20.468392233s ago: executing program 4 (id=1638): syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) socket$packet(0x11, 0x2, 0x300) r1 = socket$rxrpc(0x21, 0x2, 0xa) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, &(0x7f0000000280), &(0x7f0000000300)=r2}, 0x20) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/14], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f0000000000)={0x0, 0x2, 0xffff, 0x4, 0x0, 0xfffffffffffffffc}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x8, 0x3af81ffd, 0x7fffffff}, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002280)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x57af, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f00000000c0)=0x0) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r9) sendmsg$NFC_CMD_DEV_UP(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="010023010000fcdbdf250200000008000100", @ANYRES32=r8, @ANYBLOB="a15013a8a389f7b8ebb2f8b98016ec133a5d9551274958dfaab89671a981eedc44f8d86c55309bf143c7db13f120c10cd33972fdfbd1b6aef0fab9f60369e7afabadba6052f76e596fbdf76af8ad305308ab69a45be1f7451fe1580be20e8940e2ac5b50bc4eb1f2c20cdd632c50d393eeb4db8f53df5c504eb6fe305f01e6421c0976e939c397090c10c6e95a255909b8cc1129eccfcb"], 0x1c}, 0x1, 0x0, 0x0, 0x8894}, 0x0) write$nci(r7, 0x0, 0x8) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYRES8=r8], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r11, 0x0, 0xd}, 0x18) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) 19.009029774s ago: executing program 2 (id=1653): r0 = socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000062102000100000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00]'], 0x54}, 0x1, 0x0, 0x0, 0x280608c0}, 0x0) 18.743265s ago: executing program 2 (id=1659): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00', 0x0}) sendmsg$inet(r0, &(0x7f0000000440)={&(0x7f0000000040)={0x2, 0x4e20, @multicast2}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000180)="6d52707ee8bd603eb55ad78f4646918db4f060c10c3af9b99f5985a4da0106eaa515bbfbe8d93bff9d36ec7b03d5b5f858e1b0cd023063c318cddf1bf7df386624da7d431f42264fde59a9b35c495d2342712c84c30b9aa77cdf226ecf9d61ef5bf1e5db7056ebcdb1fb15eaa829af97f58a7d39c93c043e733e1fe0fdbdcddad52523bc7e8422c613afe14db2e04b85d22a4b15302d0ede85e78cebdf3bdd212f9d4282b1f01490e299ac9e237a99ebe52e33c93ede671d51f6facfce213ff098d519573e2031dbaa69708d0c8945440b9c84a7d37f834d7806664d67b7160960b4af7ae619eaf2eced491ab7a71b204a470d1ded835d372f", 0xf9}, {&(0x7f0000000300)="602f33ba288c6020cf72615da2db9585c1343f0bc7f708073274def9241360d08bd94869b0c10175036f883f062661cbd4ff874a881ef0265626e4d46530a3ae39c67670a96843698813bc168dae1e01f5dde5370d626825ae23b69bf15b0df1562fefc007141d8cf5f410f908e046efe3d45e359d634de6cec2bec9286dfa4f5e", 0x81}, {&(0x7f0000000080)="20c22d60842d08a14ee0c1b1b3030d16d1b9005bfb3deb2babb4d4cc329d230a7ded1cb612a7ef70d675a7730575f6b15ced4b76ba64ac937d0ffdd51fb3e56e4bfb856d9edaeb62862de16d296c4daa645d1890ce2df0d19b692709036394f2", 0x60}, {&(0x7f0000000280)}], 0x4, &(0x7f0000000400)=[@ip_ttl={{0x14, 0x0, 0x2, 0x2}}, @ip_ttl={{0x14, 0x0, 0x2, 0x3}}], 0x30}, 0x4040044) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f7", 0x1}], 0x1}], 0x1, 0x40800) sendto$packet(r0, &(0x7f00000002c0)="05031600d3fc140000004788031c09103c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) 18.575227748s ago: executing program 2 (id=1663): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1f, 0x10, &(0x7f0000000200)=@framed={{}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {0x7, 0x1, 0xb, 0x4, 0xa, 0x0, 0xfff3}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}]}, &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x38, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 18.484999562s ago: executing program 2 (id=1665): socket$inet6_udplite(0xa, 0x2, 0x88) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x26e1, 0x0) close(r0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xd, 0x4, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f0000000400)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000002c0)={r1, 0x0, &(0x7f0000000500)=""/216}, 0x20) 18.432510647s ago: executing program 2 (id=1666): socket$nl_generic(0x10, 0x3, 0x10) socket$vsock_stream(0x28, 0x1, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x1, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e23, 0x80000, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, 0x0, 0x0, 0x0, 0x18}, 0x40c0) 18.089041193s ago: executing program 2 (id=1669): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r2) sendmsg$NFC_CMD_LLC_SET_PARAMS(r2, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000001080)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="150601010000ffdbdf251000000005000f003100000008000100", @ANYRES32=0x0, @ANYBLOB="050010004b"], 0x2c}, 0x1, 0x0, 0x0, 0x20044000}, 0x2000888c) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000100)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000140)=0x0) r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_DEV_UP(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x1c, 0x0, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) sendmsg$NFC_CMD_DEACTIVATE_TARGET(r1, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x5c, r3, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0xffffffffffffffff}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0xffffffffffffffff}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x1}, @NFC_ATTR_TARGET_INDEX={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x8004) 17.31333539s ago: executing program 0 (id=1682): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0x3, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000497000/0x2000)=nil, 0x2000, 0x2000002, 0x13, r1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r1) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="14002dbd7000fedbdf25420000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000d0087006c325f64726f7073000000000500830000000000080001007063690011000200303030303a30303a31302e30000000000d0087006c325f64726f70730000000005008300010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000d0087006c325f64726f7073000000000500830001000000080001007063690011000200303030303a30303a31302e30000000000d0087006c325f64726f70730000000005008300010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000d0087006c325f64726f70730000000005008300000000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000d0087006c325f64726f70730000000005008300000000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000d0087006c325f64726f7073000000000500830000000000"], 0x194}, 0x1, 0x0, 0x0, 0x40044}, 0x850) mmap(&(0x7f00004f1000/0x3000)=nil, 0x3000, 0x2000006, 0x12, r2, 0x913e0000) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f00005d5000/0x2000)=nil, 0x2000, 0x3, 0x28011, r6, 0x0) mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x1000000, 0x13, r5, 0x3000) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r7, 0x40305829, &(0x7f0000000540)={0x1100, 0x0, 0x2e36, 0x10000}) 17.169012884s ago: executing program 0 (id=1683): bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x4, 0xc, &(0x7f0000001180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000c2000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b200000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 17.143105063s ago: executing program 0 (id=1685): socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x26e1, 0x0) close(r0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xd, 0x4, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r2, 0xffffffffffffffff}, 0x0, &(0x7f0000000400)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000002c0)={r3, &(0x7f0000000000), &(0x7f0000000500)=""/216}, 0x20) 17.069154865s ago: executing program 0 (id=1686): r0 = socket$packet(0x11, 0x3, 0x300) socket(0x2, 0x80805, 0x0) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00', 0x0}) sendmsg$inet(r0, &(0x7f0000000440)={&(0x7f0000000040)={0x2, 0x4e20, @multicast2}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000180)="6d52707ee8bd603eb55ad78f4646918db4f060c10c3af9b99f5985a4da0106eaa515bbfbe8d93bff9d36ec7b03d5b5f858e1b0cd023063c318cddf1bf7df386624da7d431f42264fde59a9b35c495d2342712c84c30b9aa77cdf226ecf9d61ef5bf1e5db7056ebcdb1fb15eaa829af97f58a7d39c93c043e733e1fe0fdbdcddad52523bc7e8422c613afe14db2e04b85d22a4b15302d0ede85e78cebdf3bdd212f9d4282b1f01490e299ac9e237a99ebe52e33c93ede671d51f6facfce213ff098d519573e2031dbaa69708d0c8945440b9c84a7d37f834d7806664d67b7160960b4af7ae619eaf2eced491ab7a71b204a470d1ded835d372f", 0xf9}, {&(0x7f0000000300)="602f33ba288c6020cf72615da2db9585c1343f0bc7f708073274def9241360d08bd94869b0c10175036f883f062661cbd4ff874a881ef0265626e4d46530a3ae39c67670a96843698813bc168dae1e01f5dde5370d626825ae23b69bf15b0df1562fefc007141d8cf5f410f908e046efe3d45e359d634de6cec2bec9286dfa4f5e", 0x81}, {&(0x7f0000000080)="20c22d60842d08a14ee0c1b1b3030d16d1b9005bfb3deb2babb4d4cc329d230a7ded1cb612a7ef70d675a7730575f6b15ced4b76ba64ac937d0ffdd51fb3e56e4bfb856d9edaeb62862de16d296c4daa645d1890ce2df0d19b692709036394f2", 0x60}, {&(0x7f0000000280)}], 0x4, &(0x7f0000000400)=[@ip_ttl={{0x14, 0x0, 0x2, 0x2}}, @ip_ttl={{0x14, 0x0, 0x2, 0x3}}], 0x30}, 0x4040044) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f7", 0x1}], 0x1}], 0x1, 0x40800) sendto$packet(r0, &(0x7f00000002c0)="05031600d3fc140000004788031c09103c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) 16.91361956s ago: executing program 0 (id=1687): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f0000000040), &(0x7f0000000080)=0x4) (async) r1 = socket$unix(0x1, 0x1, 0x0) getsockopt$IP_SET_OP_GET_FNAME(r1, 0x1, 0x53, 0x0, &(0x7f0000000100)) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8) (async) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) (async, rerun: 32) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) (rerun: 32) close(r2) (async) ioctl$NS_GET_PARENT(r2, 0xb702, 0x0) recvmmsg(r0, &(0x7f0000003dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)=""/116, 0x74}, 0x81}, {{0x0, 0x0, 0x0}, 0x2}], 0x2, 0x0, &(0x7f0000004000)) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 16.201096405s ago: executing program 1 (id=1692): socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000048880000000000000c00090008000080", @ANYRES32=r2, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 16.037050768s ago: executing program 1 (id=1694): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="6c01000010001307feffff0e69575225fe8000000000000000000000000000bb20010000000000000000000000000001000000002da783ce0200a0206c000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000001900000000000000000002000000fe32000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000ff7fffffffffffff040000000000000043050000000000000400000000000000ffffffffffffff7f000000000000000000000000000000000000000000000000000000002cbd7000023500000a00"], 0x16c}, 0x1, 0x0, 0x0, 0x880}, 0x0) 16.036735754s ago: executing program 3 (id=1695): r0 = socket$inet6(0xa, 0x3, 0x3a) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$tun(r1, &(0x7f0000000800)=ANY=[@ANYRES32=0x0, @ANYBLOB="44ed36bdae1769eb45c0d322d295f13647b584719757dbe30ea41a055ebe7a212e34e34d2f49d59a14715ea618d8c901dbc9c121f90ba25f5b58c020ddd7266230c4117c61dc11dbdc7fc8658b57b89a40a9ea391478922ddac36e53ab703b047dc302907b050e1671a13a6d5e6f23a4b407d0d25ec1b1a6f4f3ae2ecb"], 0x141) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0xe, 0x12, r2, 0x952de000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001000)={&(0x7f0000000300)=ANY=[@ANYBLOB="9feb01001800000000000000365d0000000000000202000000030000002e000000000000000000000000000000000500000000000000a7b71c0f784d9953f3135d7a646dc529a506f0a81e465484bb0a394c0dad193b30649a4e677d73d3e35af3f9fcdcdcdf248d5a08165e3da824ce00a140796a5ce4be6ea89031e1619bb704f2f179fcaa65fdb2da5df38b040000000000000073f200e9554a521ad0e3b56c50a3154e8a69b3e3da4e4a2cbdfd93fffd819b2e0d90083c8b40b0bdab0cedb735c76009d4b7"], 0x0, 0x35}, 0x28) getsockopt$inet6_mreq(r0, 0x29, 0x7, 0x0, &(0x7f0000000100)) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x9000)=nil, 0x9000, 0x1000002, 0x100010, r3, 0xffffe000) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r4, &(0x7f0000000140)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) r6 = socket(0x10, 0x3, 0x0) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r4, 0xfffffffe, 0x81, &(0x7f0000000240)="4947053b1879a4e9035303245a1543342c7ca81aa526081c1d5704768bb55a5b4fc1b5dc13d3c662ced721f1070000009e44b2270bcf15a50aa1eab58469f1d147cf9babce03352107e8f8dd1e4265de3d8da0b6acdffff022a62878b4459900e3cbd80070fc688a5781a653682e8355425bb65752c08aec7607b4dfd245e95414783088285a38d6e9d0e22450b6b080987fabc5b85959cab7b6c849fb2b1305305394175acd0c4077a4e11c34", 0xad) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r7, 0x84, 0x16, 0x0, &(0x7f0000000040)) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10) sendmsg$kcm(r6, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e00000022008102e00f80ecdb4cb9020a", 0x11}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x20) sendmmsg$inet(r5, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_tcp_buf(r8, 0x6, 0x1a, 0x0, &(0x7f0000000000)) 15.995530237s ago: executing program 0 (id=1696): bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000004840)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="100000000000000018010000660000008d03923e88585794417bc7756336b4c270e96ac733212538c5e482b7e14ebbfef65d6e034c3f1da04873cf98ab891f5c1c"], 0x10}}], 0x1, 0x44085) socket$kcm(0x2, 0x3, 0x84) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1e00000003030000bb060000a99700d781bd24fd", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="03000000050000000500000008"], 0x50) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="2000000069840b000000000000000800010002"], 0x20}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="d4010000400000001800000000000000000000000000000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0xa5}, 0x94) syz_emit_ethernet(0x8e, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB], 0xfc}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="400000001000cff5000000000000000000000700f0ce6382448d1af9d8e4790008000000000000b27183106d3679a4fd389de016c6cf614d04e45246054b9813a6f7a15a706fb4fe35ddef462d0eea00", @ANYRES32=0x0, @ANYBLOB="00000000000000001d001280080001006873720014000280080002"], 0x40}}, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000340), 0x40201, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x4881}, 0x8000) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r3, 0x0, 0x0) 15.970424024s ago: executing program 3 (id=1697): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00', 0x0}) sendmsg$inet(r0, &(0x7f0000000440)={&(0x7f0000000040)={0x2, 0x4e20, @multicast2}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000180)="6d52707ee8bd603eb55ad78f4646918db4f060c10c3af9b99f5985a4da0106eaa515bbfbe8d93bff9d36ec7b03d5b5f858e1b0cd023063c318cddf1bf7df386624da7d431f42264fde59a9b35c495d2342712c84c30b9aa77cdf226ecf9d61ef5bf1e5db7056ebcdb1fb15eaa829af97f58a7d39c93c043e733e1fe0fdbdcddad52523bc7e8422c613afe14db2e04b85d22a4b15302d0ede85e78cebdf3bdd212f9d4282b1f01490e299ac9e237a99ebe52e33c93ede671d51f6facfce213ff098d519573e2031dbaa69708d0c8945440b9c84a7d37f834d7806664d67b7160960b4af7ae619eaf2eced491ab7a71b204a470d1ded835d372f", 0xf9}, {&(0x7f0000000300)="602f33ba288c6020cf72615da2db9585c1343f0bc7f708073274def9241360d08bd94869b0c10175036f883f062661cbd4ff874a881ef0265626e4d46530a3ae39c67670a96843698813bc168dae1e01f5dde5370d626825ae23b69bf15b0df1562fefc007141d8cf5f410f908e046efe3d45e359d634de6cec2bec9286dfa4f5e", 0x81}, {&(0x7f0000000080)="20c22d60842d08a14ee0c1b1b3030d16d1b9005bfb3deb2babb4d4cc329d230a7ded1cb612a7ef70d675a7730575f6b15ced4b76ba64ac937d0ffdd51fb3e56e4bfb856d9edaeb62862de16d296c4daa645d1890ce2df0d19b692709036394f2", 0x60}, {&(0x7f0000000280)}], 0x4, &(0x7f0000000400)=[@ip_ttl={{0x14, 0x0, 0x2, 0x2}}, @ip_ttl={{0x14, 0x0, 0x2, 0x3}}], 0x30}, 0x4040044) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f7", 0x1}], 0x1}], 0x1, 0x40800) sendto$packet(r0, &(0x7f00000002c0)="05031600d3fc140000004788031c09103c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) 15.893072324s ago: executing program 1 (id=1698): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x1, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e23, 0x80000, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="120000000000000029000000", @ANYRES16=r0], 0x18}, 0x40c0) 15.880875145s ago: executing program 3 (id=1699): ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) r1 = bpf$ITER_CREATE(0x21, &(0x7f00000002c0), 0x8) epoll_pwait(r1, &(0x7f0000000500)=[{}, {}, {}, {}], 0x4, 0x81, &(0x7f0000000580)={[0xffffffffffffffff]}, 0x8) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r2}, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000600)={'batadv_slave_1\x00'}) bind$alg(r3, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) r7 = socket$inet(0x2b, 0x801, 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(r7, 0x0, 0x48a, &(0x7f0000000040)={0xc, 0x0, 0x2}, 0xc) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0xf8}}, 0x0) sendmsg$nl_xfrm(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)}, 0x12012) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x5, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="85000000a4000000660000000000000016000000000000009500000000010000ac393a1e5ade17eddbcf186c1956617340ec8f546a8dd8a840c42124120af2c95171c6a063"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x99, &(0x7f0000000180)=""/153, 0x40f00, 0x4, '\x00', r0, @fallback=0x16, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) 15.873509865s ago: executing program 1 (id=1700): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x16c, 0x65, 0x200, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2}, {0x0, 0xfff3}, {0x0, 0xb}}}, 0x16c}, 0x1, 0x0, 0x0, 0x884}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000007100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x0, 0xe, 0x0, &(0x7f00000007c0)="c1188e99b95d02ff4284860186dd", 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x4001, 0xb, @loopback, 0x9}, 0x1c) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000004c0)) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) r5 = socket(0x10, 0x3, 0x0) sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x50) write(r5, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24) listen(r4, 0xfffffffc) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x14, 0x7, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0) connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) close(r0) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000180)=0x4e5, 0x4) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x20, 0x10, 0x100, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8100, 0xa0e1}}, 0x20}, 0x1, 0x0, 0x0, 0x4800}, 0x24000000) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x400c2}, 0x80c0) sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={{0x14}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x28}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="070000040000000000000200000014000180060001000200000008000300ac1414aa"], 0x28}}, 0x0) 15.775179459s ago: executing program 3 (id=1701): bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000640)="caaf58eb8907f5fb61d75a903456585f97491bccf6", 0x0, 0xc, 0xffffffffffffffff, 0x4}, 0x38) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="ec000000210001000000000000000000fc00000000000000000000000000f6ffffffffffffff0000000000000000000100000009000000000200ffffff950000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c0011"], 0xec}, 0x1, 0x0, 0x0, 0x40000}, 0x810) 15.707651902s ago: executing program 3 (id=1702): syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00'}}}}}}, 0x0) syz_emit_ethernet(0x9e, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x7c, 0x0, @wg=@data={0x4, 0x0, 0x0, '\x00'/100}}}}}}, 0x0) 15.652066573s ago: executing program 3 (id=1703): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="a03700002d00010026bd7000fcdbdf250400000005000b00", @ANYRES32=r0, @ANYBLOB="81120c"], 0x37a0}, 0x1, 0x0, 0x0, 0x4000d}, 0x200000e4) 15.522249689s ago: executing program 1 (id=1704): r0 = socket(0x2, 0x805, 0x0) r1 = socket$inet(0x2, 0x6, 0x84) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x14, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x5c}}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000000)={r2}, &(0x7f0000000040)=0x8) 15.37321005s ago: executing program 1 (id=1705): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), r0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="b4000000", @ANYRES16=r1, @ANYBLOB="05043fbd7000fddbdf250100000008000100", @ANYRES32=r2, @ANYBLOB="9800028040000100240001006d6f64650000000000000000000000000000000000000001000000000000000005000300050000000e00040062726f616463617374"], 0xb4}, 0x1, 0x0, 0x0, 0x20000401}, 0x44084) 5.113639276s ago: executing program 32 (id=1638): syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) socket$packet(0x11, 0x2, 0x300) r1 = socket$rxrpc(0x21, 0x2, 0xa) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, &(0x7f0000000280), &(0x7f0000000300)=r2}, 0x20) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/14], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f0000000000)={0x0, 0x2, 0xffff, 0x4, 0x0, 0xfffffffffffffffc}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x8, 0x3af81ffd, 0x7fffffff}, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002280)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x57af, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f00000000c0)=0x0) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r9) sendmsg$NFC_CMD_DEV_UP(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="010023010000fcdbdf250200000008000100", @ANYRES32=r8, @ANYBLOB="a15013a8a389f7b8ebb2f8b98016ec133a5d9551274958dfaab89671a981eedc44f8d86c55309bf143c7db13f120c10cd33972fdfbd1b6aef0fab9f60369e7afabadba6052f76e596fbdf76af8ad305308ab69a45be1f7451fe1580be20e8940e2ac5b50bc4eb1f2c20cdd632c50d393eeb4db8f53df5c504eb6fe305f01e6421c0976e939c397090c10c6e95a255909b8cc1129eccfcb"], 0x1c}, 0x1, 0x0, 0x0, 0x8894}, 0x0) write$nci(r7, 0x0, 0x8) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYRES8=r8], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r11, 0x0, 0xd}, 0x18) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) 3.110915397s ago: executing program 33 (id=1669): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r2) sendmsg$NFC_CMD_LLC_SET_PARAMS(r2, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000001080)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="150601010000ffdbdf251000000005000f003100000008000100", @ANYRES32=0x0, @ANYBLOB="050010004b"], 0x2c}, 0x1, 0x0, 0x0, 0x20044000}, 0x2000888c) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000100)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000140)=0x0) r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_DEV_UP(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x1c, 0x0, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) sendmsg$NFC_CMD_DEACTIVATE_TARGET(r1, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x5c, r3, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0xffffffffffffffff}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0xffffffffffffffff}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x1}, @NFC_ATTR_TARGET_INDEX={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x8004) 109.746145ms ago: executing program 34 (id=1696): bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000004840)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="100000000000000018010000660000008d03923e88585794417bc7756336b4c270e96ac733212538c5e482b7e14ebbfef65d6e034c3f1da04873cf98ab891f5c1c"], 0x10}}], 0x1, 0x44085) socket$kcm(0x2, 0x3, 0x84) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1e00000003030000bb060000a99700d781bd24fd", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="03000000050000000500000008"], 0x50) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="2000000069840b000000000000000800010002"], 0x20}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="d4010000400000001800000000000000000000000000000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0xa5}, 0x94) syz_emit_ethernet(0x8e, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB], 0xfc}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="400000001000cff5000000000000000000000700f0ce6382448d1af9d8e4790008000000000000b27183106d3679a4fd389de016c6cf614d04e45246054b9813a6f7a15a706fb4fe35ddef462d0eea00", @ANYRES32=0x0, @ANYBLOB="00000000000000001d001280080001006873720014000280080002"], 0x40}}, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000340), 0x40201, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x4881}, 0x8000) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r3, 0x0, 0x0) 70.653442ms ago: executing program 35 (id=1705): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), r0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="b4000000", @ANYRES16=r1, @ANYBLOB="05043fbd7000fddbdf250100000008000100", @ANYRES32=r2, @ANYBLOB="9800028040000100240001006d6f64650000000000000000000000000000000000000001000000000000000005000300050000000e00040062726f616463617374"], 0xb4}, 0x1, 0x0, 0x0, 0x20000401}, 0x44084) 0s ago: executing program 36 (id=1703): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="a03700002d00010026bd7000fcdbdf250400000005000b00", @ANYRES32=r0, @ANYBLOB="81120c"], 0x37a0}, 0x1, 0x0, 0x0, 0x4000d}, 0x200000e4) kernel console output (not intermixed with test programs): cess `syz.2.220'. [ 125.520628][ T6715] netlink: 'syz.3.222': attribute type 3 has an invalid length. [ 125.561149][ T6715] netlink: 4 bytes leftover after parsing attributes in process `syz.3.222'. [ 125.589725][ T6716] netlink: 'syz.3.222': attribute type 3 has an invalid length. [ 125.741584][ T6716] netlink: 4 bytes leftover after parsing attributes in process `syz.3.222'. [ 126.042292][ T6727] netlink: 'syz.0.225': attribute type 4 has an invalid length. [ 126.268601][ T6737] netlink: 124 bytes leftover after parsing attributes in process `syz.3.229'. [ 126.427740][ T6743] netlink: 8 bytes leftover after parsing attributes in process `syz.0.233'. [ 126.493137][ T6743] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 126.510054][ T6748] netlink: 8 bytes leftover after parsing attributes in process `syz.1.234'. [ 126.602045][ T6748] netlink: 'syz.1.234': attribute type 1 has an invalid length. [ 126.609757][ T6748] netlink: 'syz.1.234': attribute type 4 has an invalid length. [ 126.641085][ T6748] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.234'. [ 126.801693][ T6766] netlink: 'syz.3.238': attribute type 12 has an invalid length. [ 126.968924][ T6770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.241'. [ 127.002716][ T6770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.241'. [ 127.149365][ T6774] tipc: Started in network mode [ 127.163815][ T6774] tipc: Node identity f6bdcc28931e, cluster identity 4711 [ 127.186615][ T6774] tipc: Enabled bearer , priority 0 [ 127.236727][ T6778] syzkaller0: entered promiscuous mode [ 127.297259][ T6778] syzkaller0: entered allmulticast mode [ 127.336677][ T6771] netlink: 'syz.4.240': attribute type 2 has an invalid length. [ 127.400221][ T6771] þ: entered promiscuous mode [ 127.708137][ T6767] tipc: Resetting bearer [ 127.813799][ T6767] tipc: Disabling bearer [ 127.874512][ T6796] syzkaller0: entered promiscuous mode [ 127.924453][ T6796] syzkaller0: entered allmulticast mode [ 128.414439][ T6820] mac80211_hwsim hwsim9 wlan0: entered promiscuous mode [ 128.455970][ T6820] macvtap1: entered allmulticast mode [ 128.471236][ T6820] mac80211_hwsim hwsim9 wlan0: entered allmulticast mode [ 128.530837][ T6820] mac80211_hwsim hwsim9 wlan0: left allmulticast mode [ 128.560348][ T6820] mac80211_hwsim hwsim9 wlan0: left promiscuous mode [ 128.735814][ T6829] veth0: entered promiscuous mode [ 128.763180][ T6836] FAULT_INJECTION: forcing a failure. [ 128.763180][ T6836] name failslab, interval 1, probability 0, space 0, times 0 [ 128.795147][ T6836] CPU: 0 UID: 0 PID: 6836 Comm: syz.2.258 Not tainted syzkaller #0 PREEMPT(full) [ 128.795176][ T6836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 128.795189][ T6836] Call Trace: [ 128.795197][ T6836] [ 128.795206][ T6836] dump_stack_lvl+0x189/0x250 [ 128.795237][ T6836] ? __pfx____ratelimit+0x10/0x10 [ 128.795259][ T6836] ? __pfx_dump_stack_lvl+0x10/0x10 [ 128.795284][ T6836] ? __pfx__printk+0x10/0x10 [ 128.795309][ T6836] ? netlink_unicast+0x82f/0x9e0 [ 128.795331][ T6836] ? ___sys_sendmsg+0x21f/0x2a0 [ 128.795357][ T6836] ? do_syscall_64+0xfa/0x3b0 [ 128.795392][ T6836] should_fail_ex+0x414/0x560 [ 128.795430][ T6836] should_failslab+0xa8/0x100 [ 128.795462][ T6836] kmem_cache_alloc_noprof+0x73/0x3c0 [ 128.795491][ T6836] ? skb_clone+0x212/0x3a0 [ 128.795524][ T6836] skb_clone+0x212/0x3a0 [ 128.795556][ T6836] __netlink_deliver_tap+0x404/0x850 [ 128.795595][ T6836] ? netlink_deliver_tap+0x2e/0x1b0 [ 128.795621][ T6836] netlink_deliver_tap+0x19c/0x1b0 [ 128.795647][ T6836] netlink_sendskb+0x68/0x140 [ 128.795670][ T6836] netlink_unicast+0x397/0x9e0 [ 128.795689][ T6836] ? __asan_memcpy+0x40/0x70 [ 128.795728][ T6836] ? __pfx_netlink_unicast+0x10/0x10 [ 128.795761][ T6836] netlink_rcv_skb+0x28c/0x470 [ 128.795787][ T6836] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 128.795813][ T6836] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 128.795850][ T6836] ? netlink_deliver_tap+0x2e/0x1b0 [ 128.795884][ T6836] netlink_unicast+0x82f/0x9e0 [ 128.795915][ T6836] ? __pfx_netlink_unicast+0x10/0x10 [ 128.795938][ T6836] ? netlink_sendmsg+0x642/0xb30 [ 128.795960][ T6836] ? skb_put+0x11b/0x210 [ 128.795990][ T6836] netlink_sendmsg+0x805/0xb30 [ 128.796025][ T6836] ? __pfx_netlink_sendmsg+0x10/0x10 [ 128.796053][ T6836] ? aa_sock_msg_perm+0xf1/0x1d0 [ 128.796076][ T6836] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 128.796098][ T6836] ? __pfx_netlink_sendmsg+0x10/0x10 [ 128.796124][ T6836] __sock_sendmsg+0x21c/0x270 [ 128.796152][ T6836] ____sys_sendmsg+0x505/0x830 [ 128.796186][ T6836] ? __pfx_____sys_sendmsg+0x10/0x10 [ 128.796225][ T6836] ? import_iovec+0x74/0xa0 [ 128.796256][ T6836] ___sys_sendmsg+0x21f/0x2a0 [ 128.796286][ T6836] ? __pfx____sys_sendmsg+0x10/0x10 [ 128.796355][ T6836] ? __fget_files+0x2a/0x420 [ 128.796373][ T6836] ? __fget_files+0x3a0/0x420 [ 128.796403][ T6836] __x64_sys_sendmsg+0x19b/0x260 [ 128.796434][ T6836] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 128.796473][ T6836] ? __pfx_ksys_write+0x10/0x10 [ 128.796498][ T6836] ? rcu_is_watching+0x15/0xb0 [ 128.796525][ T6836] ? do_syscall_64+0xbe/0x3b0 [ 128.796553][ T6836] do_syscall_64+0xfa/0x3b0 [ 128.796575][ T6836] ? lockdep_hardirqs_on+0x9c/0x150 [ 128.796595][ T6836] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.796615][ T6836] ? clear_bhb_loop+0x60/0xb0 [ 128.796640][ T6836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.796660][ T6836] RIP: 0033:0x7f567c18ec29 [ 128.796677][ T6836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.796694][ T6836] RSP: 002b:00007f567cf46038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 128.796727][ T6836] RAX: ffffffffffffffda RBX: 00007f567c3d6090 RCX: 00007f567c18ec29 [ 128.796742][ T6836] RDX: 0000000000004000 RSI: 0000200000000000 RDI: 000000000000000a [ 128.796754][ T6836] RBP: 00007f567cf46090 R08: 0000000000000000 R09: 0000000000000000 [ 128.796766][ T6836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.796778][ T6836] R13: 00007f567c3d6128 R14: 00007f567c3d6090 R15: 00007ffdd9a742f8 [ 128.796811][ T6836] [ 129.376147][ T6841] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 129.585045][ T6847] block nbd0: shutting down sockets [ 130.316448][ T6881] __nla_validate_parse: 2 callbacks suppressed [ 130.316470][ T6881] netlink: 12 bytes leftover after parsing attributes in process `syz.2.271'. [ 130.436020][ T6885] netlink: 124 bytes leftover after parsing attributes in process `syz.0.272'. [ 130.814374][ T6888] IPVS: Scheduler module ip_vs_sip not found [ 130.828070][ T6895] IPv6: NLM_F_CREATE should be specified when creating new route [ 131.118107][ T6904] netlink: 124 bytes leftover after parsing attributes in process `syz.0.278'. [ 131.195702][ T6906] netlink: 8 bytes leftover after parsing attributes in process `syz.2.279'. [ 131.246123][ T6906] netlink: 8 bytes leftover after parsing attributes in process `syz.2.279'. [ 131.576591][ T6920] FAULT_INJECTION: forcing a failure. [ 131.576591][ T6920] name failslab, interval 1, probability 0, space 0, times 0 [ 131.589993][ T6920] CPU: 1 UID: 0 PID: 6920 Comm: syz.2.283 Not tainted syzkaller #0 PREEMPT(full) [ 131.590023][ T6920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 131.590036][ T6920] Call Trace: [ 131.590044][ T6920] [ 131.590053][ T6920] dump_stack_lvl+0x189/0x250 [ 131.590097][ T6920] ? __pfx____ratelimit+0x10/0x10 [ 131.590120][ T6920] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.590144][ T6920] ? __pfx__printk+0x10/0x10 [ 131.590172][ T6920] ? skb_network_protocol+0x4fe/0x760 [ 131.590202][ T6920] ? __lock_acquire+0xab9/0xd20 [ 131.590247][ T6920] should_fail_ex+0x414/0x560 [ 131.590284][ T6920] should_failslab+0xa8/0x100 [ 131.590316][ T6920] kmem_cache_alloc_noprof+0x73/0x3c0 [ 131.590345][ T6920] ? skb_clone+0x212/0x3a0 [ 131.590377][ T6920] skb_clone+0x212/0x3a0 [ 131.590404][ T6920] ? dev_queue_xmit_nit+0x25a/0xcc0 [ 131.590432][ T6920] dev_queue_xmit_nit+0x416/0xcc0 [ 131.590457][ T6920] ? dev_queue_xmit_nit+0x2d/0xcc0 [ 131.590494][ T6920] dev_hard_start_xmit+0x1be/0x830 [ 131.590540][ T6920] __dev_queue_xmit+0x1b8d/0x3b50 [ 131.590577][ T6920] ? __dev_queue_xmit+0x27b/0x3b50 [ 131.590603][ T6920] ? do_syscall_64+0xfa/0x3b0 [ 131.590621][ T6920] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.590653][ T6920] ? __pfx___dev_queue_xmit+0x10/0x10 [ 131.590693][ T6920] ? __copy_skb_header+0xa7/0x550 [ 131.590718][ T6920] ? __asan_memcpy+0x40/0x70 [ 131.590739][ T6920] ? __skb_clone+0x63/0x7a0 [ 131.590768][ T6920] ? __skb_clone+0x483/0x7a0 [ 131.590799][ T6920] ? skb_clone+0x246/0x3a0 [ 131.590826][ T6920] __netlink_deliver_tap+0x5ad/0x850 [ 131.590868][ T6920] ? netlink_deliver_tap+0x2e/0x1b0 [ 131.590893][ T6920] netlink_deliver_tap+0x19c/0x1b0 [ 131.590918][ T6920] netlink_sendskb+0x68/0x140 [ 131.590940][ T6920] netlink_unicast+0x397/0x9e0 [ 131.590957][ T6920] ? __asan_memcpy+0x40/0x70 [ 131.590988][ T6920] ? __pfx_netlink_unicast+0x10/0x10 [ 131.591020][ T6920] netlink_rcv_skb+0x28c/0x470 [ 131.591044][ T6920] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 131.591070][ T6920] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 131.591107][ T6920] ? netlink_deliver_tap+0x2e/0x1b0 [ 131.591138][ T6920] netlink_unicast+0x82f/0x9e0 [ 131.591169][ T6920] ? __pfx_netlink_unicast+0x10/0x10 [ 131.591191][ T6920] ? netlink_sendmsg+0x642/0xb30 [ 131.591213][ T6920] ? skb_put+0x11b/0x210 [ 131.591251][ T6920] netlink_sendmsg+0x805/0xb30 [ 131.591284][ T6920] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.591309][ T6920] ? aa_sock_msg_perm+0xf1/0x1d0 [ 131.591330][ T6920] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 131.591349][ T6920] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.591372][ T6920] __sock_sendmsg+0x21c/0x270 [ 131.591393][ T6920] ____sys_sendmsg+0x505/0x830 [ 131.591424][ T6920] ? __pfx_____sys_sendmsg+0x10/0x10 [ 131.591457][ T6920] ? import_iovec+0x74/0xa0 [ 131.591486][ T6920] ___sys_sendmsg+0x21f/0x2a0 [ 131.591513][ T6920] ? __pfx____sys_sendmsg+0x10/0x10 [ 131.591582][ T6920] ? __fget_files+0x2a/0x420 [ 131.591617][ T6920] ? __fget_files+0x3a0/0x420 [ 131.591646][ T6920] __x64_sys_sendmsg+0x19b/0x260 [ 131.591678][ T6920] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 131.591718][ T6920] ? __pfx_ksys_write+0x10/0x10 [ 131.591742][ T6920] ? rcu_is_watching+0x15/0xb0 [ 131.591769][ T6920] ? do_syscall_64+0xbe/0x3b0 [ 131.591797][ T6920] do_syscall_64+0xfa/0x3b0 [ 131.591818][ T6920] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.591839][ T6920] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.591859][ T6920] ? clear_bhb_loop+0x60/0xb0 [ 131.591884][ T6920] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.591903][ T6920] RIP: 0033:0x7f567c18ec29 [ 131.591923][ T6920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.591939][ T6920] RSP: 002b:00007f567cf67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 131.591961][ T6920] RAX: ffffffffffffffda RBX: 00007f567c3d5fa0 RCX: 00007f567c18ec29 [ 131.591976][ T6920] RDX: 0000000000004000 RSI: 0000200000000000 RDI: 000000000000000a [ 131.591988][ T6920] RBP: 00007f567cf67090 R08: 0000000000000000 R09: 0000000000000000 [ 131.592000][ T6920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 131.592012][ T6920] R13: 00007f567c3d6038 R14: 00007f567c3d5fa0 R15: 00007ffdd9a742f8 [ 131.592046][ T6920] [ 132.049866][ T6918] netdevsim netdevsim3 ÿÿÿÿÿÿ: renamed from netdevsim0 [ 132.544720][ T6928] netlink: 8 bytes leftover after parsing attributes in process `syz.3.285'. [ 132.601154][ T6928] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 132.876166][ T6937] IPVS: Scheduler module ip_vs_sip not found [ 132.948420][ T6947] netlink: 40 bytes leftover after parsing attributes in process `syz.3.291'. [ 132.998427][ T6949] netlink: 'syz.4.293': attribute type 1 has an invalid length. [ 133.044442][ T6949] netlink: 'syz.4.293': attribute type 1 has an invalid length. [ 133.051023][ T6952] netlink: 8 bytes leftover after parsing attributes in process `syz.4.293'. [ 133.091013][ T6952] netlink: 24 bytes leftover after parsing attributes in process `syz.4.293'. [ 133.100174][ T6952] netlink: 24 bytes leftover after parsing attributes in process `syz.4.293'. [ 134.002919][ T6993] syz_tun: entered promiscuous mode [ 134.812118][ T7034] FAULT_INJECTION: forcing a failure. [ 134.812118][ T7034] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 134.925580][ T7034] CPU: 1 UID: 0 PID: 7034 Comm: syz.0.312 Not tainted syzkaller #0 PREEMPT(full) [ 134.925610][ T7034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 134.925623][ T7034] Call Trace: [ 134.925631][ T7034] [ 134.925639][ T7034] dump_stack_lvl+0x189/0x250 [ 134.925670][ T7034] ? __pfx____ratelimit+0x10/0x10 [ 134.925693][ T7034] ? __pfx_dump_stack_lvl+0x10/0x10 [ 134.925717][ T7034] ? __pfx__printk+0x10/0x10 [ 134.925758][ T7034] should_fail_ex+0x414/0x560 [ 134.925796][ T7034] _copy_to_user+0x31/0xb0 [ 134.925824][ T7034] simple_read_from_buffer+0xe1/0x170 [ 134.925861][ T7034] proc_fail_nth_read+0x1b3/0x220 [ 134.925889][ T7034] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 134.925917][ T7034] ? rw_verify_area+0x2a6/0x4d0 [ 134.925941][ T7034] ? __lock_acquire+0xab9/0xd20 [ 134.925969][ T7034] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 134.925994][ T7034] vfs_read+0x1fd/0xa30 [ 134.926019][ T7034] ? fdget_pos+0x247/0x320 [ 134.926042][ T7034] ? __pfx___mutex_lock+0x10/0x10 [ 134.926066][ T7034] ? __pfx_vfs_read+0x10/0x10 [ 134.926094][ T7034] ? __fget_files+0x2a/0x420 [ 134.926117][ T7034] ? __fget_files+0x3a0/0x420 [ 134.926133][ T7034] ? __fget_files+0x2a/0x420 [ 134.926162][ T7034] ksys_read+0x145/0x250 [ 134.926202][ T7034] ? __pfx_ksys_read+0x10/0x10 [ 134.926226][ T7034] ? rcu_is_watching+0x15/0xb0 [ 134.926253][ T7034] ? do_syscall_64+0xbe/0x3b0 [ 134.926281][ T7034] do_syscall_64+0xfa/0x3b0 [ 134.926302][ T7034] ? lockdep_hardirqs_on+0x9c/0x150 [ 134.926323][ T7034] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.926342][ T7034] ? clear_bhb_loop+0x60/0xb0 [ 134.926372][ T7034] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.926391][ T7034] RIP: 0033:0x7f971618d63c [ 134.926409][ T7034] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 134.926424][ T7034] RSP: 002b:00007f9716fd1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 134.926446][ T7034] RAX: ffffffffffffffda RBX: 00007f97163d5fa0 RCX: 00007f971618d63c [ 134.926461][ T7034] RDX: 000000000000000f RSI: 00007f9716fd10a0 RDI: 000000000000000b [ 134.926473][ T7034] RBP: 00007f9716fd1090 R08: 0000000000000000 R09: 0000000000000000 [ 134.926486][ T7034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 134.926497][ T7034] R13: 00007f97163d6038 R14: 00007f97163d5fa0 R15: 00007ffc9b25c7e8 [ 134.926532][ T7034] [ 134.938409][ T7027] vlan2: entered promiscuous mode [ 135.947752][ T7075] __nla_validate_parse: 3 callbacks suppressed [ 135.947772][ T7075] netlink: 24 bytes leftover after parsing attributes in process `syz.2.322'. [ 136.403067][ T7091] netlink: 12 bytes leftover after parsing attributes in process `syz.3.329'. [ 136.437145][ T7091] netlink: 20 bytes leftover after parsing attributes in process `syz.3.329'. [ 136.487681][ T7095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.328'. [ 136.708095][ T7106] netlink: 104 bytes leftover after parsing attributes in process `syz.3.331'. [ 137.452607][ T7134] netlink: 56 bytes leftover after parsing attributes in process `syz.1.341'. [ 137.812350][ T7142] IPVS: Scheduler module ip_vs_sip not found [ 138.632057][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 139.111162][ T7201] netlink: 'syz.0.355': attribute type 1 has an invalid length. [ 139.706191][ T7217] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 139.825450][ T7217] netlink: 36 bytes leftover after parsing attributes in process `syz.2.357'. [ 140.066377][ T7230] netlink: 4 bytes leftover after parsing attributes in process `syz.1.356'. [ 140.138321][ T7227] IPVS: Scheduler module ip_vs_sip not found [ 140.192541][ T7213] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.201240][ T7213] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.572910][ T7213] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 140.592858][ T7213] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 140.616581][ T7259] netlink: 12 bytes leftover after parsing attributes in process `syz.0.364'. [ 140.907066][ T7033] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.926145][ T7033] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.968269][ T7033] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.999047][ T7271] netlink: 104 bytes leftover after parsing attributes in process `syz.2.370'. [ 141.210690][ T1153] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.781529][ T7278] syz.2.373 (7278) used greatest stack depth: 16088 bytes left [ 141.850747][ T7297] netlink: 24 bytes leftover after parsing attributes in process `syz.0.380'. [ 142.464230][ T7320] netlink: 'syz.0.385': attribute type 1 has an invalid length. [ 142.513760][ T7320] 8021q: adding VLAN 0 to HW filter on device bond1 [ 142.544769][ T7322] bond1: (slave geneve2): making interface the new active one [ 142.555636][ T7322] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 143.025068][ T7330] netlink: 32 bytes leftover after parsing attributes in process `syz.1.389'. [ 143.185878][ T7338] netlink: 104 bytes leftover after parsing attributes in process `syz.2.393'. [ 143.974378][ T7366] netlink: 56 bytes leftover after parsing attributes in process `syz.4.399'. [ 144.734810][ T7401] netlink: 60 bytes leftover after parsing attributes in process `syz.1.407'. [ 144.783556][ T7406] netlink: 8 bytes leftover after parsing attributes in process `syz.0.406'. [ 144.875164][ T7407] tipc: Started in network mode [ 144.901017][ T7407] tipc: Node identity 8a9c49b97c4, cluster identity 4711 [ 144.908562][ T7407] tipc: Enabled bearer , priority 0 [ 144.981430][ T7410] syzkaller0: entered promiscuous mode [ 144.986975][ T7410] syzkaller0: entered allmulticast mode [ 145.064888][ T7407] tipc: Resetting bearer [ 145.171196][ T7405] tipc: Resetting bearer [ 145.263361][ T7405] tipc: Disabling bearer [ 145.376817][ T7428] netlink: 104 bytes leftover after parsing attributes in process `syz.1.415'. [ 145.739269][ T7440] netlink: 124 bytes leftover after parsing attributes in process `syz.2.420'. [ 145.802086][ T7444] netlink: 144 bytes leftover after parsing attributes in process `syz.1.423'. [ 147.186974][ T7478] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.194879][ T7478] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.802816][ T7478] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 147.824394][ T7478] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 147.863965][ T7505] netlink: 48 bytes leftover after parsing attributes in process `syz.0.438'. [ 148.174914][ T3004] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.223198][ T3004] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.263482][ T7512] ±ÿ: renamed from batadv_slave_1 [ 148.294713][ T3004] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.319880][ T3004] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.420082][ T7522] netlink: 224 bytes leftover after parsing attributes in process `syz.1.443'. [ 148.430262][ T7522] netlink: 16 bytes leftover after parsing attributes in process `syz.1.443'. [ 148.475272][ T7526] warning: `syz.0.445' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 148.517734][ T7526] netlink: 4 bytes leftover after parsing attributes in process `syz.0.445'. [ 149.057417][ T7545] netlink: 8 bytes leftover after parsing attributes in process `syz.3.451'. [ 149.143559][ T7548] netlink: 'syz.2.450': attribute type 13 has an invalid length. [ 149.171542][ T7548] netlink: 'syz.2.450': attribute type 17 has an invalid length. [ 149.344752][ T7548] syz_tun: left promiscuous mode [ 149.382320][ T7548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 149.393288][ T7548] 8021q: adding VLAN 0 to HW filter on device team0 [ 149.413348][ T7548] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 149.445835][ T7549] xfrm0: entered promiscuous mode [ 149.463533][ T7549] xfrm0: entered allmulticast mode [ 149.703056][ T7561] tipc: Started in network mode [ 149.715941][ T7561] tipc: Node identity 080211000001, cluster identity 4711 [ 149.726399][ T7561] tipc: Enabled bearer , priority 0 [ 149.740016][ T7567] mac80211_hwsim hwsim11 syzkaller0: entered promiscuous mode [ 149.749177][ T7567] mac80211_hwsim hwsim11 syzkaller0: entered allmulticast mode [ 149.760407][ T7567] tipc: Resetting bearer [ 149.867159][ T7567] tipc: Resetting bearer [ 150.285355][ T7581] team0: Device gtp0 is of different type [ 150.390216][ T13] tipc: Resetting bearer [ 150.595666][ T7596] netlink: 144 bytes leftover after parsing attributes in process `syz.0.467'. [ 150.831765][ T7602] netlink: 8 bytes leftover after parsing attributes in process `syz.3.469'. [ 150.850729][ T5999] tipc: Node number set to 134418688 [ 150.894598][ T7604] netlink: 8 bytes leftover after parsing attributes in process `syz.0.471'. [ 150.945060][ T7606] netlink: 'syz.4.472': attribute type 1 has an invalid length. [ 151.056223][ T7611] netlink: 84 bytes leftover after parsing attributes in process `syz.3.475'. [ 151.114691][ T7606] 8021q: adding VLAN 0 to HW filter on device bond1 [ 151.195951][ T7614] bond1: (slave geneve2): making interface the new active one [ 151.223461][ T7614] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 151.247738][ T7611] team0: No ports can be present during mode change [ 151.677684][ T7631] IPVS: Scheduler module ip_vs_sip not found [ 151.712204][ T7640] netlink: 32 bytes leftover after parsing attributes in process `syz.3.485'. [ 152.195359][ T7657] netlink: 'syz.4.491': attribute type 1 has an invalid length. [ 153.609796][ T7696] IPVS: Scheduler module ip_vs_sip not found [ 153.638527][ T7706] netlink: 'syz.3.500': attribute type 1 has an invalid length. [ 153.808567][ T7712] __nla_validate_parse: 1 callbacks suppressed [ 153.808588][ T7712] netlink: 8 bytes leftover after parsing attributes in process `syz.1.502'. [ 153.885269][ T7712] erspan0: entered promiscuous mode [ 153.928696][ T7712] erspan0: left promiscuous mode [ 153.992100][ T7719] netlink: 2 bytes leftover after parsing attributes in process `syz.2.505'. [ 154.445850][ T7735] netlink: 12 bytes leftover after parsing attributes in process `syz.2.512'. [ 154.757819][ T7739] IPVS: Scheduler module ip_vs_sip not found [ 155.133476][ T7759] netlink: 104 bytes leftover after parsing attributes in process `syz.0.518'. [ 156.304003][ T7798] IPVS: Scheduler module ip_vs_sip not found [ 156.615340][ T7822] dummy0: entered allmulticast mode [ 156.623913][ T7818] FAULT_INJECTION: forcing a failure. [ 156.623913][ T7818] name failslab, interval 1, probability 0, space 0, times 0 [ 156.643948][ T7821] dummy0: left allmulticast mode [ 156.651652][ T7818] CPU: 1 UID: 0 PID: 7818 Comm: syz.3.535 Not tainted syzkaller #0 PREEMPT(full) [ 156.651679][ T7818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 156.651692][ T7818] Call Trace: [ 156.651700][ T7818] [ 156.651710][ T7818] dump_stack_lvl+0x189/0x250 [ 156.651740][ T7818] ? __pfx____ratelimit+0x10/0x10 [ 156.651762][ T7818] ? __pfx_dump_stack_lvl+0x10/0x10 [ 156.651787][ T7818] ? __pfx__printk+0x10/0x10 [ 156.651821][ T7818] ? __pfx___might_resched+0x10/0x10 [ 156.651846][ T7818] should_fail_ex+0x414/0x560 [ 156.651883][ T7818] should_failslab+0xa8/0x100 [ 156.651915][ T7818] __kmalloc_cache_noprof+0x70/0x3d0 [ 156.651943][ T7818] ? call_usermodehelper_setup+0x8e/0x270 [ 156.651991][ T7818] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 156.652025][ T7818] call_usermodehelper_setup+0x8e/0x270 [ 156.652055][ T7818] ? __pfx_free_modprobe_argv+0x10/0x10 [ 156.652096][ T7818] __request_module+0x39f/0x5e0 [ 156.652128][ T7818] ? __pfx___request_module+0x10/0x10 [ 156.652164][ T7818] ? __pfx___request_module+0x10/0x10 [ 156.652197][ T7818] ? apparmor_capable+0x137/0x1b0 [ 156.652235][ T7818] ? dev_load+0x21/0x1f0 [ 156.652261][ T7818] dev_ioctl+0x59f/0x1150 [ 156.652289][ T7818] sock_do_ioctl+0x22c/0x300 [ 156.652313][ T7818] ? __pfx_sock_do_ioctl+0x10/0x10 [ 156.652329][ T7818] ? __lock_acquire+0xab9/0xd20 [ 156.652378][ T7818] sock_ioctl+0x576/0x790 [ 156.652419][ T7818] ? __pfx_sock_ioctl+0x10/0x10 [ 156.652450][ T7818] ? __fget_files+0x2a/0x420 [ 156.652467][ T7818] ? __fget_files+0x3a0/0x420 [ 156.652484][ T7818] ? __fget_files+0x2a/0x420 [ 156.652506][ T7818] ? bpf_lsm_file_ioctl+0x9/0x20 [ 156.652531][ T7818] ? __pfx_sock_ioctl+0x10/0x10 [ 156.652560][ T7818] __se_sys_ioctl+0xf9/0x170 [ 156.652589][ T7818] do_syscall_64+0xfa/0x3b0 [ 156.652611][ T7818] ? lockdep_hardirqs_on+0x9c/0x150 [ 156.652631][ T7818] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.652657][ T7818] ? clear_bhb_loop+0x60/0xb0 [ 156.652681][ T7818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.652700][ T7818] RIP: 0033:0x7f581318ec29 [ 156.652718][ T7818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.652734][ T7818] RSP: 002b:00007f58140d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 156.652755][ T7818] RAX: ffffffffffffffda RBX: 00007f58133d5fa0 RCX: 00007f581318ec29 [ 156.652769][ T7818] RDX: 00002000000007c0 RSI: 0000000000008923 RDI: 0000000000000005 [ 156.652782][ T7818] RBP: 00007f58140d2090 R08: 0000000000000000 R09: 0000000000000000 [ 156.652794][ T7818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 156.652806][ T7818] R13: 00007f58133d6038 R14: 00007f58133d5fa0 R15: 00007ffc379c55c8 [ 156.652839][ T7818] [ 157.109153][ T7835] netlink: 144 bytes leftover after parsing attributes in process `syz.4.540'. [ 157.148793][ T7834] netlink: 'syz.2.541': attribute type 13 has an invalid length. [ 157.222703][ T7834] netlink: 'syz.2.541': attribute type 17 has an invalid length. [ 157.423165][ T7834] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 157.693832][ T7857] netlink: 40 bytes leftover after parsing attributes in process `syz.1.549'. [ 158.656663][ T7866] netlink: 'syz.4.551': attribute type 6 has an invalid length. [ 158.792112][ T7892] netlink: 8 bytes leftover after parsing attributes in process `syz.0.557'. [ 158.998325][ T7898] netlink: 8 bytes leftover after parsing attributes in process `syz.1.558'. [ 159.128207][ T7900] netlink: 4 bytes leftover after parsing attributes in process `syz.0.560'. [ 159.193248][ T5934] IPVS: starting estimator thread 0... [ 159.291270][ T7902] IPVS: using max 25 ests per chain, 60000 per kthread [ 159.527610][ T7914] netlink: 84 bytes leftover after parsing attributes in process `syz.1.563'. [ 159.550144][ T7914] netlink: 12 bytes leftover after parsing attributes in process `syz.1.563'. [ 159.585963][ T7914] netlink: 20 bytes leftover after parsing attributes in process `syz.1.563'. [ 159.625424][ T7916] netlink: 48 bytes leftover after parsing attributes in process `syz.2.566'. [ 159.990578][ T7936] netlink: 'syz.0.573': attribute type 10 has an invalid length. [ 160.041376][ T7936] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 160.119308][ T7931] netlink: 16 bytes leftover after parsing attributes in process `syz.1.572'. [ 160.664238][ T7950] veth3: entered promiscuous mode [ 160.689800][ T7950] bond0: (slave veth3): Enslaving as an active interface with an up link [ 160.899248][ T7963] netlink: 24 bytes leftover after parsing attributes in process `syz.2.580'. [ 160.978830][ T7966] netlink: 48 bytes leftover after parsing attributes in process `syz.0.581'. [ 161.363707][ T7965] block nbd0: server does not support multiple connections per device. [ 161.412030][ T7965] block nbd0: shutting down sockets [ 161.550609][ T7984] netlink: 12 bytes leftover after parsing attributes in process `syz.3.586'. [ 161.944542][ T8000] netlink: 'syz.4.593': attribute type 13 has an invalid length. [ 161.957688][ T8000] netlink: 'syz.4.593': attribute type 17 has an invalid length. [ 162.146637][ T8000] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 162.181490][ T8002] xfrm0: entered promiscuous mode [ 162.193876][ T8002] xfrm0: entered allmulticast mode [ 162.336902][ T8009] syzkaller0: entered promiscuous mode [ 162.374648][ T8009] syzkaller0: entered allmulticast mode [ 162.763130][ T8028] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 164.386430][ T8050] __nla_validate_parse: 4 callbacks suppressed [ 164.386453][ T8050] netlink: 124 bytes leftover after parsing attributes in process `syz.0.607'. [ 164.559626][ T8056] netlink: 'syz.1.608': attribute type 13 has an invalid length. [ 164.621313][ T8056] netlink: 'syz.1.608': attribute type 17 has an invalid length. [ 164.779932][ T8058] xfrm0: entered promiscuous mode [ 164.789229][ T8058] xfrm0: entered allmulticast mode [ 164.895392][ T8056] 8021q: adding VLAN 0 to HW filter on device bond0 [ 164.906507][ T8056] 8021q: adding VLAN 0 to HW filter on device team0 [ 164.920630][ T8056] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 165.358837][ T8085] netlink: 12 bytes leftover after parsing attributes in process `syz.1.617'. [ 165.360049][ T8083] bridge_slave_0: left allmulticast mode [ 165.383792][ T8083] bridge_slave_0: left promiscuous mode [ 165.390118][ T8083] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.397080][ T8080] netlink: 3 bytes leftover after parsing attributes in process `syz.4.615'. [ 165.422413][ T8083] bridge_slave_1: left allmulticast mode [ 165.428466][ T8083] bridge_slave_1: left promiscuous mode [ 165.437163][ T8083] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.451790][ T8090] netlink: 'syz.4.615': attribute type 10 has an invalid length. [ 165.468435][ T8083] bond0: (slave bond_slave_0): Releasing backup interface [ 165.483536][ T8083] bond0: (slave bond_slave_1): Releasing backup interface [ 165.556402][ T8083] team0: Port device team_slave_0 removed [ 165.560585][ T8095] netlink: 20 bytes leftover after parsing attributes in process `syz.1.617'. [ 165.579420][ T8083] team0: Port device team_slave_1 removed [ 165.588344][ T8083] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 165.598067][ T8083] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 165.612693][ T8083] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 165.621658][ T8083] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 165.632294][ T8083] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 165.830369][ T8090] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 166.163308][ T8115] netlink: 8 bytes leftover after parsing attributes in process `syz.4.625'. [ 166.367560][ T8125] netlink: 'syz.0.631': attribute type 9 has an invalid length. [ 166.397847][ T8125] netlink: 184 bytes leftover after parsing attributes in process `syz.0.631'. [ 166.558612][ T8137] netlink: 8 bytes leftover after parsing attributes in process `syz.3.634'. [ 166.604601][ T8133] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.632'. [ 166.714642][ T8141] netlink: 84 bytes leftover after parsing attributes in process `syz.3.636'. [ 166.730042][ T8141] team0: No ports can be present during mode change [ 166.821371][ T8145] netlink: 124 bytes leftover after parsing attributes in process `syz.4.638'. [ 167.015004][ T8148] IPVS: Scheduler module ip_vs_sip not found [ 167.604852][ T8182] vlan2: entered promiscuous mode [ 167.624423][ T8182] batadv0: entered promiscuous mode [ 167.855540][ T8191] IPVS: Scheduler module ip_vs_sip not found [ 167.929554][ T8196] netlink: 'syz.2.657': attribute type 1 has an invalid length. [ 168.057746][ T8196] 8021q: adding VLAN 0 to HW filter on device bond2 [ 168.184550][ T8202] bond2: (slave geneve3): making interface the new active one [ 168.238814][ T8202] bond2: (slave geneve3): Enslaving as an active interface with an up link [ 168.280390][ T61] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.309863][ T61] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.374946][ T8212] mac80211_hwsim hwsim9 wlan0: entered promiscuous mode [ 168.383099][ T8212] macvtap1: entered allmulticast mode [ 168.388553][ T8212] mac80211_hwsim hwsim9 wlan0: entered allmulticast mode [ 168.447292][ T8212] mac80211_hwsim hwsim9 wlan0: left allmulticast mode [ 168.456464][ T8212] mac80211_hwsim hwsim9 wlan0: left promiscuous mode [ 168.489241][ T61] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.521676][ T8216] macvtap1: entered allmulticast mode [ 168.527163][ T8216] mac80211_hwsim hwsim7 wlan0: entered allmulticast mode [ 168.544737][ T61] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.823566][ T8225] IPVS: Scheduler module ip_vs_sip not found [ 168.977977][ T8234] netdevsim netdevsim4 ÿÿÿÿÿÿ: renamed from netdevsim0 (while UP) [ 169.273679][ T8248] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 169.457514][ T8251] __nla_validate_parse: 8 callbacks suppressed [ 169.457534][ T8251] netlink: 8 bytes leftover after parsing attributes in process `syz.1.680'. [ 170.039814][ T8286] netlink: 48 bytes leftover after parsing attributes in process `syz.3.690'. [ 170.054669][ T8287] netlink: 8 bytes leftover after parsing attributes in process `syz.0.694'. [ 170.093469][ T8287] erspan0: entered promiscuous mode [ 170.102582][ T8287] erspan0: left promiscuous mode [ 170.387579][ T8299] netlink: 8 bytes leftover after parsing attributes in process `syz.4.696'. [ 170.772298][ T8309] netlink: 76 bytes leftover after parsing attributes in process `syz.4.702'. [ 170.798827][ T8309] netlink: 24 bytes leftover after parsing attributes in process `syz.4.702'. [ 170.941069][ T8316] netlink: 124 bytes leftover after parsing attributes in process `syz.1.705'. [ 171.600699][ T8346] netlink: 48 bytes leftover after parsing attributes in process `syz.3.713'. [ 171.870391][ T8360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.719'. [ 171.879549][ T8360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.719'. [ 172.197095][ T8367] mac80211_hwsim hwsim9 wlan0: entered promiscuous mode [ 172.209091][ T8367] macvtap1: entered allmulticast mode [ 172.215113][ T8367] mac80211_hwsim hwsim9 wlan0: entered allmulticast mode [ 172.250248][ T8367] mac80211_hwsim hwsim9 wlan0: left allmulticast mode [ 172.258388][ T8367] mac80211_hwsim hwsim9 wlan0: left promiscuous mode [ 172.493265][ T8369] netlink: 'syz.2.721': attribute type 4 has an invalid length. [ 172.794542][ T8386] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 173.037667][ T8395] team0: No ports can be present during mode change [ 173.443665][ T8416] netlink: 'syz.1.743': attribute type 10 has an invalid length. [ 173.717412][ T8432] ipvlan0: entered promiscuous mode [ 174.073789][ T8442] netlink: 'syz.2.749': attribute type 13 has an invalid length. [ 174.085462][ T8442] netlink: 'syz.2.749': attribute type 17 has an invalid length. [ 174.125575][ T8442] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 174.486448][ T8455] __nla_validate_parse: 3 callbacks suppressed [ 174.486467][ T8455] netlink: 48 bytes leftover after parsing attributes in process `syz.3.752'. [ 174.662201][ T8459] netlink: 12 bytes leftover after parsing attributes in process `syz.4.755'. [ 176.936469][ T8536] tipc: Enabling of bearer rejected, media not registered [ 176.945715][ T8536] netlink: 12 bytes leftover after parsing attributes in process `syz.0.774'. [ 176.968375][ T8537] netlink: 48 bytes leftover after parsing attributes in process `syz.3.772'. [ 176.994721][ T8536] bond0: (slave rose0): Enslaving as an active interface with an up link [ 178.311615][ T8575] netlink: 12 bytes leftover after parsing attributes in process `syz.2.786'. [ 178.345230][ T8575] vlan2: entered promiscuous mode [ 178.350450][ T8575] batadv0: entered promiscuous mode [ 179.610078][ T8623] tipc: New replicast peer: 0.0.0.0 [ 179.635029][ T8623] tipc: Enabled bearer , priority 10 [ 179.664863][ T8623] tipc: New replicast peer: 255.255.255.255 [ 180.441397][ T8656] netlink: 8 bytes leftover after parsing attributes in process `syz.4.809'. [ 180.559665][ T8656] mac80211_hwsim hwsim9 wlan0: entered promiscuous mode [ 180.609593][ T8656] macvtap1: entered allmulticast mode [ 180.621065][ T8656] mac80211_hwsim hwsim9 wlan0: entered allmulticast mode [ 180.719114][ T8660] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.728652][ T8660] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.385029][ T8703] IPVS: Scheduler module ip_vs_sip not found [ 182.622567][ T8723] netlink: 8 bytes leftover after parsing attributes in process `syz.0.824'. [ 182.913022][ T8733] tipc: Enabled bearer , priority 0 [ 182.943023][ T8733] syzkaller0: entered promiscuous mode [ 182.948735][ T8733] syzkaller0: entered allmulticast mode [ 182.979904][ T8733] tipc: Resetting bearer [ 183.013426][ T8739] FAULT_INJECTION: forcing a failure. [ 183.013426][ T8739] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 183.034334][ T8739] CPU: 1 UID: 0 PID: 8739 Comm: syz.4.830 Not tainted syzkaller #0 PREEMPT(full) [ 183.034363][ T8739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 183.034375][ T8739] Call Trace: [ 183.034384][ T8739] [ 183.034393][ T8739] dump_stack_lvl+0x189/0x250 [ 183.034425][ T8739] ? __pfx____ratelimit+0x10/0x10 [ 183.034447][ T8739] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.034472][ T8739] ? __pfx__printk+0x10/0x10 [ 183.034501][ T8739] ? __might_fault+0xb0/0x130 [ 183.034546][ T8739] should_fail_ex+0x414/0x560 [ 183.034584][ T8739] _copy_from_user+0x2d/0xb0 [ 183.034613][ T8739] ___sys_recvmsg+0x12e/0x510 [ 183.034649][ T8739] ? __pfx____sys_recvmsg+0x10/0x10 [ 183.034713][ T8739] ? __might_fault+0xb0/0x130 [ 183.034746][ T8739] do_recvmmsg+0x307/0x770 [ 183.034784][ T8739] ? __pfx_do_recvmmsg+0x10/0x10 [ 183.034827][ T8739] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 183.034872][ T8739] __x64_sys_recvmmsg+0x190/0x240 [ 183.034905][ T8739] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 183.034932][ T8739] ? rcu_is_watching+0x15/0xb0 [ 183.034966][ T8739] ? do_syscall_64+0xbe/0x3b0 [ 183.034993][ T8739] do_syscall_64+0xfa/0x3b0 [ 183.035015][ T8739] ? lockdep_hardirqs_on+0x9c/0x150 [ 183.035036][ T8739] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.035055][ T8739] ? clear_bhb_loop+0x60/0xb0 [ 183.035081][ T8739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.035100][ T8739] RIP: 0033:0x7fb66258ec29 [ 183.035119][ T8739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.035135][ T8739] RSP: 002b:00007fb6634d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 183.035155][ T8739] RAX: ffffffffffffffda RBX: 00007fb6627d5fa0 RCX: 00007fb66258ec29 [ 183.035169][ T8739] RDX: 0000000000040000 RSI: 0000200000002b80 RDI: 0000000000000004 [ 183.035182][ T8739] RBP: 00007fb6634d6090 R08: 0000000000000000 R09: 0000000000000000 [ 183.035194][ T8739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 183.035206][ T8739] R13: 00007fb6627d6038 R14: 00007fb6627d5fa0 R15: 00007ffd9c95b708 [ 183.035239][ T8739] [ 183.333460][ T8750] nbd: socks must be embedded in a SOCK_ITEM attr [ 183.859212][ T8732] tipc: Resetting bearer [ 183.927105][ T8732] tipc: Disabling bearer [ 184.034809][ T8766] workqueue: name exceeds WQ_NAME_LEN. Truncating to: žÀ^–>º>ùMv^µâ侦¸ÑKc'A¥»– [ 184.381967][ T8789] netlink: 36 bytes leftover after parsing attributes in process `syz.2.842'. [ 184.582550][ T5999] hid-generic 0005:16C0:5502.0001: item fetching failed at offset 0/3 [ 184.642105][ T5999] hid-generic 0005:16C0:5502.0001: probe with driver hid-generic failed with error -22 [ 184.694799][ T8807] netlink: 12 bytes leftover after parsing attributes in process `syz.4.847'. [ 185.447796][ T8835] netlink: 8 bytes leftover after parsing attributes in process `syz.4.851'. [ 185.847079][ T8851] netlink: 36 bytes leftover after parsing attributes in process `syz.4.858'. [ 186.274011][ T8875] netlink: 12 bytes leftover after parsing attributes in process `syz.4.864'. [ 186.343716][ T8878] netdevsim netdevsim0 ÿÿÿÿÿÿ: renamed from netdevsim0 (while UP) [ 186.612305][ T5877] Bluetooth: hci4: command 0x0405 tx timeout [ 186.820279][ T8897] netlink: 36 bytes leftover after parsing attributes in process `syz.4.870'. [ 187.568072][ T8917] netlink: 48 bytes leftover after parsing attributes in process `syz.2.874'. [ 187.764274][ T8925] netlink: 'syz.2.877': attribute type 5 has an invalid length. [ 187.796548][ T8925] netlink: 'syz.2.877': attribute type 5 has an invalid length. [ 187.820288][ T8930] netlink: 8 bytes leftover after parsing attributes in process `syz.4.879'. [ 187.847795][ T8930] erspan0: entered promiscuous mode [ 187.866057][ T8930] erspan0: left promiscuous mode [ 188.010063][ T8932] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.182662][ T8932] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.308668][ T8932] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.388972][ T8932] netdevsim netdevsim0 ÿÿÿÿÿÿ (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.500740][ T1153] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.584614][ T1153] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.624671][ T1153] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.773898][ T1153] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.791465][ T8947] netlink: 48 bytes leftover after parsing attributes in process `syz.1.883'. [ 188.802573][ T8948] netlink: 'syz.3.882': attribute type 1 has an invalid length. [ 188.953312][ T8948] 8021q: adding VLAN 0 to HW filter on device bond1 [ 189.089503][ T8952] bond1: (slave geneve2): making interface the new active one [ 189.166628][ T8952] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 189.229573][ T61] netdevsim netdevsim3 ÿÿÿÿÿÿ: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.267663][ T8968] netlink: 8 bytes leftover after parsing attributes in process `syz.4.887'. [ 189.281248][ T61] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.318550][ T61] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.374565][ T8968] macvtap2: entered allmulticast mode [ 189.401708][ T61] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.461635][ T9009] netlink: 48 bytes leftover after parsing attributes in process `syz.2.895'. [ 190.702214][ T9016] macvtap1: entered allmulticast mode [ 190.738927][ T9016] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 190.804575][ T9016] mac80211_hwsim hwsim8 wlan0: left allmulticast mode [ 190.901695][ T9021] netlink: 'syz.0.900': attribute type 5 has an invalid length. [ 191.201836][ T9042] netlink: 48 bytes leftover after parsing attributes in process `syz.1.904'. [ 191.691698][ T9054] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 191.827001][ T9066] netlink: 48 bytes leftover after parsing attributes in process `syz.4.908'. [ 192.505948][ T9062] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 192.529766][ T9062] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 192.623162][ T9088] netlink: 'syz.3.918': attribute type 1 has an invalid length. [ 192.798542][ T9088] bond2: entered promiscuous mode [ 192.805550][ T9088] 8021q: adding VLAN 0 to HW filter on device bond2 [ 192.891217][ T9102] netlink: 'syz.1.920': attribute type 13 has an invalid length. [ 192.896917][ T9090] 8021q: adding VLAN 0 to HW filter on device bond3 [ 192.906209][ T9102] netlink: 'syz.1.920': attribute type 17 has an invalid length. [ 192.918051][ T9090] bond2: (slave bond3): making interface the new active one [ 192.926196][ T9090] bond3: entered promiscuous mode [ 192.933246][ T9090] bond2: (slave bond3): Enslaving as an active interface with an up link [ 192.942440][ T61] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.954416][ T61] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.000221][ T9102] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 193.063100][ T61] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.106389][ T9108] netlink: 48 bytes leftover after parsing attributes in process `syz.4.922'. [ 193.136735][ T61] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.283824][ T9113] netlink: 'syz.3.924': attribute type 1 has an invalid length. [ 193.294050][ T9111] netlink: 8 bytes leftover after parsing attributes in process `syz.4.923'. [ 193.303908][ T9111] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 193.432668][ T9114] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address [ 193.445340][ T9114] bond4: (slave vxcan3): Error -95 calling set_mac_address [ 193.498707][ T9116] gretap1: entered promiscuous mode [ 193.514938][ T9116] bond4: (slave gretap1): making interface the new active one [ 193.524292][ T9116] bond4: (slave gretap1): Enslaving as an active interface with an up link [ 193.549155][ T9113] macvlan5: entered promiscuous mode [ 193.556325][ T9113] macvlan5: entered allmulticast mode [ 193.564465][ T9113] bond4: entered promiscuous mode [ 193.596994][ T9113] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 193.636665][ T9113] bond4: (slave macvlan5): the slave hw address is in use by the bond; giving it the hw address of gretap1 [ 193.652447][ T9113] bond4: left promiscuous mode [ 194.442389][ T9147] netlink: 12 bytes leftover after parsing attributes in process `syz.1.932'. [ 194.452101][ T9147] netlink: 8 bytes leftover after parsing attributes in process `syz.1.932'. [ 194.478133][ T9139] IPVS: Scheduler module ip_vs_sip not found [ 194.515569][ T9149] netlink: 48 bytes leftover after parsing attributes in process `syz.0.933'. [ 194.927965][ T9165] macvtap1: entered allmulticast mode [ 194.930184][ T9173] FAULT_INJECTION: forcing a failure. [ 194.930184][ T9173] name failslab, interval 1, probability 0, space 0, times 0 [ 194.951029][ T9165] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 194.959135][ T9173] CPU: 1 UID: 0 PID: 9173 Comm: syz.1.943 Not tainted syzkaller #0 PREEMPT(full) [ 194.959166][ T9173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 194.959179][ T9173] Call Trace: [ 194.959187][ T9173] [ 194.959205][ T9173] dump_stack_lvl+0x189/0x250 [ 194.959235][ T9173] ? __pfx____ratelimit+0x10/0x10 [ 194.959257][ T9173] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.959281][ T9173] ? __pfx__printk+0x10/0x10 [ 194.959315][ T9173] ? __pfx___might_resched+0x10/0x10 [ 194.959340][ T9173] should_fail_ex+0x414/0x560 [ 194.959374][ T9173] should_failslab+0xa8/0x100 [ 194.959406][ T9173] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 194.959435][ T9173] ? __alloc_skb+0x112/0x2d0 [ 194.959463][ T9173] __alloc_skb+0x112/0x2d0 [ 194.959490][ T9173] netlink_sendmsg+0x5c6/0xb30 [ 194.959524][ T9173] ? __pfx_netlink_sendmsg+0x10/0x10 [ 194.959552][ T9173] ? aa_sock_msg_perm+0xf1/0x1d0 [ 194.959574][ T9173] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 194.959596][ T9173] ? __pfx_netlink_sendmsg+0x10/0x10 [ 194.959621][ T9173] __sock_sendmsg+0x21c/0x270 [ 194.959644][ T9173] ____sys_sendmsg+0x505/0x830 [ 194.959676][ T9173] ? __pfx_____sys_sendmsg+0x10/0x10 [ 194.959714][ T9173] ? import_iovec+0x74/0xa0 [ 194.959745][ T9173] ___sys_sendmsg+0x21f/0x2a0 [ 194.959775][ T9173] ? __pfx____sys_sendmsg+0x10/0x10 [ 194.959840][ T9173] ? __fget_files+0x2a/0x420 [ 194.959857][ T9173] ? __fget_files+0x3a0/0x420 [ 194.959885][ T9173] __x64_sys_sendmsg+0x19b/0x260 [ 194.959915][ T9173] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 194.959951][ T9173] ? __pfx_ksys_write+0x10/0x10 [ 194.959976][ T9173] ? rcu_is_watching+0x15/0xb0 [ 194.960001][ T9173] ? do_syscall_64+0xbe/0x3b0 [ 194.960028][ T9173] do_syscall_64+0xfa/0x3b0 [ 194.960048][ T9173] ? lockdep_hardirqs_on+0x9c/0x150 [ 194.960069][ T9173] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.960088][ T9173] ? clear_bhb_loop+0x60/0xb0 [ 194.960111][ T9173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.960130][ T9173] RIP: 0033:0x7fb56598ec29 [ 194.960149][ T9173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 194.960165][ T9173] RSP: 002b:00007fb56680e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 194.960186][ T9173] RAX: ffffffffffffffda RBX: 00007fb565bd5fa0 RCX: 00007fb56598ec29 [ 194.960210][ T9173] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 194.960222][ T9173] RBP: 00007fb56680e090 R08: 0000000000000000 R09: 0000000000000000 [ 194.960233][ T9173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 194.960245][ T9173] R13: 00007fb565bd6038 R14: 00007fb565bd5fa0 R15: 00007ffcad7b5dd8 [ 194.960277][ T9173] [ 195.284378][ T9165] mac80211_hwsim hwsim8 wlan0: left allmulticast mode [ 195.372713][ T9181] netlink: 48 bytes leftover after parsing attributes in process `syz.1.946'. [ 195.855973][ T9204] netlink: 44 bytes leftover after parsing attributes in process `syz.3.954'. [ 196.042969][ T9209] netlink: 8 bytes leftover after parsing attributes in process `syz.4.957'. [ 196.165973][ T9209] macvtap3: entered allmulticast mode [ 196.356624][ T9223] netlink: 'syz.4.963': attribute type 13 has an invalid length. [ 196.373620][ T9221] syz_tun: entered promiscuous mode [ 196.382004][ T9223] netlink: 'syz.4.963': attribute type 17 has an invalid length. [ 196.385701][ T9221] syz_tun: left promiscuous mode [ 196.460357][ T9223] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 196.685487][ T9238] __nla_validate_parse: 1 callbacks suppressed [ 196.685511][ T9238] netlink: 24 bytes leftover after parsing attributes in process `syz.3.965'. [ 196.703665][ T9237] netlink: 8 bytes leftover after parsing attributes in process `syz.0.966'. [ 196.765846][ T9237] erspan0: entered promiscuous mode [ 196.783953][ T9237] erspan0: left promiscuous mode [ 197.727839][ T9283] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.974'. [ 197.811667][ T9278] tipc: Enabled bearer , priority 0 [ 197.835576][ T9278] syzkaller0: entered promiscuous mode [ 197.847333][ T9278] syzkaller0: entered allmulticast mode [ 197.864419][ T9278] tipc: Resetting bearer [ 198.861147][ T5981] tipc: Node number set to 1705233448 [ 200.058305][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 200.660493][ T9286] tipc: Resetting bearer [ 200.673699][ T7031] tipc: Resetting bearer [ 200.748863][ T9307] netlink: 'syz.1.985': attribute type 1 has an invalid length. [ 200.751249][ T9277] tipc: Resetting bearer [ 200.762252][ T9307] netlink: 'syz.1.985': attribute type 1 has an invalid length. [ 200.849169][ T9277] tipc: Disabling bearer [ 201.081013][ T9318] netlink: 8 bytes leftover after parsing attributes in process `syz.3.989'. [ 201.156839][ T9318] macvtap1: entered allmulticast mode [ 201.186195][ T9318] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 201.310478][ T9333] netlink: 8 bytes leftover after parsing attributes in process `syz.2.995'. [ 201.395023][ T9333] erspan0: entered promiscuous mode [ 201.432440][ T9333] erspan0: left promiscuous mode [ 201.438504][ T9327] IPVS: Scheduler module ip_vs_sip not found [ 201.467275][ T9343] netlink: 'syz.0.997': attribute type 1 has an invalid length. [ 201.581153][ T9351] netlink: 36 bytes leftover after parsing attributes in process `syz.0.997'. [ 201.594723][ T9351] netlink: 8 bytes leftover after parsing attributes in process `syz.0.997'. [ 201.769196][ T9345] bond2: (slave vcan1): The slave device specified does not support setting the MAC address [ 201.781263][ T9345] bond2: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 201.795300][ T9345] bond2: (slave vcan1): making interface the new active one [ 201.804459][ T9345] bond2: (slave vcan1): Enslaving as an active interface with an up link [ 201.835763][ T9359] netlink: 'syz.1.1001': attribute type 1 has an invalid length. [ 202.299892][ T9371] raw_sendmsg: syz.2.1003 forgot to set AF_INET. Fix it! [ 202.551789][ T9384] netlink: 124 bytes leftover after parsing attributes in process `syz.3.1010'. [ 202.576961][ T9381] IPVS: Scheduler module ip_vs_sip not found [ 204.058799][ T9454] netem: change failed [ 204.217761][ T9462] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1031'. [ 204.273384][ T9466] FAULT_INJECTION: forcing a failure. [ 204.273384][ T9466] name failslab, interval 1, probability 0, space 0, times 0 [ 204.293451][ T9466] CPU: 1 UID: 0 PID: 9466 Comm: syz.2.1032 Not tainted syzkaller #0 PREEMPT(full) [ 204.293490][ T9466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 204.293503][ T9466] Call Trace: [ 204.293511][ T9466] [ 204.293526][ T9466] dump_stack_lvl+0x189/0x250 [ 204.293563][ T9466] ? __pfx____ratelimit+0x10/0x10 [ 204.293600][ T9466] ? __pfx_dump_stack_lvl+0x10/0x10 [ 204.293630][ T9466] ? __pfx__printk+0x10/0x10 [ 204.293678][ T9466] ? __pfx___might_resched+0x10/0x10 [ 204.293703][ T9466] ? fs_reclaim_acquire+0x7d/0x100 [ 204.293746][ T9466] should_fail_ex+0x414/0x560 [ 204.293792][ T9466] should_failslab+0xa8/0x100 [ 204.293824][ T9466] kmem_cache_alloc_noprof+0x73/0x3c0 [ 204.293851][ T9466] ? skb_clone+0x212/0x3a0 [ 204.293906][ T9466] skb_clone+0x212/0x3a0 [ 204.293936][ T9466] ? nfnetlink_rcv+0x486/0x2520 [ 204.293965][ T9466] nfnetlink_rcv+0x4b4/0x2520 [ 204.293991][ T9466] ? __dev_queue_xmit+0x1d79/0x3b50 [ 204.294032][ T9466] ? __dev_queue_xmit+0x27b/0x3b50 [ 204.294081][ T9466] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 204.294120][ T9466] ? ref_tracker_free+0x63a/0x7d0 [ 204.294141][ T9466] ? __asan_memcpy+0x40/0x70 [ 204.294171][ T9466] ? __pfx_ref_tracker_free+0x10/0x10 [ 204.294189][ T9466] ? __skb_clone+0x63/0x7a0 [ 204.294220][ T9466] ? __skb_clone+0x483/0x7a0 [ 204.294255][ T9466] ? skb_clone+0x246/0x3a0 [ 204.294286][ T9466] ? __netlink_deliver_tap+0x807/0x850 [ 204.294309][ T9466] ? netlink_deliver_tap+0x2e/0x1b0 [ 204.294353][ T9466] netlink_unicast+0x82f/0x9e0 [ 204.294382][ T9466] ? __pfx_netlink_unicast+0x10/0x10 [ 204.294405][ T9466] ? netlink_sendmsg+0x642/0xb30 [ 204.294427][ T9466] ? skb_put+0x11b/0x210 [ 204.294455][ T9466] netlink_sendmsg+0x805/0xb30 [ 204.294490][ T9466] ? __pfx_netlink_sendmsg+0x10/0x10 [ 204.294519][ T9466] ? aa_sock_msg_perm+0xf1/0x1d0 [ 204.294542][ T9466] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 204.294566][ T9466] ? __pfx_netlink_sendmsg+0x10/0x10 [ 204.294593][ T9466] __sock_sendmsg+0x21c/0x270 [ 204.294617][ T9466] ____sys_sendmsg+0x505/0x830 [ 204.294651][ T9466] ? __pfx_____sys_sendmsg+0x10/0x10 [ 204.294689][ T9466] ? import_iovec+0x74/0xa0 [ 204.294720][ T9466] ___sys_sendmsg+0x21f/0x2a0 [ 204.294751][ T9466] ? __pfx____sys_sendmsg+0x10/0x10 [ 204.294820][ T9466] ? __fget_files+0x2a/0x420 [ 204.294837][ T9466] ? __fget_files+0x3a0/0x420 [ 204.294867][ T9466] __x64_sys_sendmsg+0x19b/0x260 [ 204.294897][ T9466] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 204.294947][ T9466] ? __pfx_ksys_write+0x10/0x10 [ 204.294972][ T9466] ? rcu_is_watching+0x15/0xb0 [ 204.294998][ T9466] ? do_syscall_64+0xbe/0x3b0 [ 204.295025][ T9466] do_syscall_64+0xfa/0x3b0 [ 204.295045][ T9466] ? lockdep_hardirqs_on+0x9c/0x150 [ 204.295066][ T9466] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.295084][ T9466] ? clear_bhb_loop+0x60/0xb0 [ 204.295108][ T9466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.295128][ T9466] RIP: 0033:0x7f567c18ec29 [ 204.295145][ T9466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.295162][ T9466] RSP: 002b:00007f567cf67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 204.295190][ T9466] RAX: ffffffffffffffda RBX: 00007f567c3d5fa0 RCX: 00007f567c18ec29 [ 204.295205][ T9466] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 204.295216][ T9466] RBP: 00007f567cf67090 R08: 0000000000000000 R09: 0000000000000000 [ 204.295228][ T9466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 204.295238][ T9466] R13: 00007f567c3d6038 R14: 00007f567c3d5fa0 R15: 00007ffdd9a742f8 [ 204.295271][ T9466] [ 205.053698][ T9486] netlink: 'syz.4.1038': attribute type 1 has an invalid length. [ 205.098798][ T9486] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1038'. [ 205.304659][ T9501] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1039'. [ 205.722863][ T9515] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1049'. [ 205.752271][ T9515] veth1: entered promiscuous mode [ 205.766324][ T9515] veth1: left promiscuous mode [ 205.875897][ T9517] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1050'. [ 205.913344][ T9517] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 205.947372][ T9519] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1051'. [ 206.436529][ T9540] netlink: 'syz.2.1058': attribute type 1 has an invalid length. [ 206.513611][ T9540] 8021q: adding VLAN 0 to HW filter on device bond3 [ 206.604045][ T9547] netlink: 124 bytes leftover after parsing attributes in process `syz.3.1059'. [ 206.625379][ T9543] bond3: (slave geneve4): making interface the new active one [ 206.635077][ T9543] bond3: (slave geneve4): Enslaving as an active interface with an up link [ 206.875944][ T9559] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1064'. [ 207.102854][ T9566] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1062'. [ 207.514193][ T9584] batadv1: entered promiscuous mode [ 207.522605][ T9584] batadv1: entered allmulticast mode [ 207.600002][ T9594] __nla_validate_parse: 2 callbacks suppressed [ 207.600022][ T9594] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1073'. [ 207.736387][ T9594] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1073'. [ 209.434470][ T9663] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1086'. [ 209.552813][ T9666] netlink: 'syz.2.1091': attribute type 13 has an invalid length. [ 209.579481][ T9666] netlink: 'syz.2.1091': attribute type 17 has an invalid length. [ 209.756000][ T9666] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 209.859164][ T9677] tipc: Enabling of bearer rejected, failed to enable media [ 210.727715][ T9713] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1103'. [ 211.552224][ T9751] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1117'. [ 211.581081][ T9751] team0: No ports can be present during mode change [ 211.799690][ T9762] netlink: 'syz.2.1122': attribute type 1 has an invalid length. [ 211.875755][ T9762] 8021q: adding VLAN 0 to HW filter on device bond4 [ 211.984853][ T9762] bond4: (slave geneve5): making interface the new active one [ 211.994545][ T9762] bond4: (slave geneve5): Enslaving as an active interface with an up link [ 212.006166][ T9770] netlink: 'syz.3.1125': attribute type 11 has an invalid length. [ 212.426039][ T9756] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.1119'. [ 212.463859][ T9756] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.1119'. [ 212.828682][ T9814] netlink: 'syz.0.1138': attribute type 13 has an invalid length. [ 212.841812][ T9814] netlink: 'syz.0.1138': attribute type 17 has an invalid length. [ 212.991324][ T9814] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.023172][ T9814] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.157564][ T9814] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 213.212812][ T9816] xfrm0: entered promiscuous mode [ 213.269290][ T9816] xfrm0: entered allmulticast mode [ 213.745486][ T9837] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1145'. [ 214.196888][ T9860] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1150'. [ 214.646323][ T9882] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1158'. [ 214.812120][ T9892] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1163'. [ 214.854681][ T9892] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16) [ 214.866893][ T9892] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 214.941130][ T9900] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1163'. [ 215.133741][ T9882] team0 (unregistering): Port device team_slave_0 removed [ 215.146023][ T9882] team0 (unregistering): Port device team_slave_1 removed [ 215.947705][ T9923] syzkaller1: entered promiscuous mode [ 215.991549][ T9923] syzkaller1: entered allmulticast mode [ 216.736243][ T9950] syz_tun: entered promiscuous mode [ 216.764873][ T9950] syz_tun: left promiscuous mode [ 217.035424][ T9964] ieee802154 phy0 wpan0: encryption failed: -22 [ 217.099216][ T9967] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1187'. [ 217.104069][ T9969] vlan0: entered promiscuous mode [ 217.354374][ T9979] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1192'. [ 217.491635][ T5879] Bluetooth: hci2: command 0x0406 tx timeout [ 217.498849][ T5879] Bluetooth: hci0: command 0x0406 tx timeout [ 217.500942][ T5867] Bluetooth: hci1: command 0x0406 tx timeout [ 217.507494][ T5879] Bluetooth: hci3: command 0x0406 tx timeout [ 217.797021][ T9979] team0: No ports can be present during mode change [ 217.800283][ T9988] netlink: 124 bytes leftover after parsing attributes in process `syz.1.1195'. [ 217.815573][ T9985] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1194'. [ 217.861055][ T7036] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.897056][ T7036] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.919144][ T7036] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.964138][ T7036] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.144700][ T9996] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1198'. [ 218.483392][ T5872] Bluetooth: hci4: link tx timeout [ 218.488983][ T5872] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 218.792857][T10021] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 218.817311][T10021] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1209'. [ 219.042254][T10032] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1214'. [ 219.424416][T10043] netlink: zone id is out of range [ 219.429612][T10043] netlink: del zone limit has 8 unknown bytes [ 219.448281][T10050] netlink: 124 bytes leftover after parsing attributes in process `syz.1.1222'. [ 219.465962][T10043] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode [ 219.486772][T10043] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 219.753234][T10063] tipc: Invalid UDP bearer configuration [ 219.753298][T10063] tipc: Enabling of bearer rejected, failed to enable media [ 220.278288][T10067] Bluetooth: MGMT ver 1.23 [ 220.309385][T10067] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 220.532785][ T5872] Bluetooth: hci4: command 0x0405 tx timeout [ 220.564748][T10079] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1226'. [ 220.615400][T10080] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1227'. [ 220.847856][T10084] netlink: 'syz.3.1229': attribute type 33 has an invalid length. [ 220.876330][T10084] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1229'. [ 220.921211][T10086] FAULT_INJECTION: forcing a failure. [ 220.921211][T10086] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 220.923580][T10080] nbd: socks must be embedded in a SOCK_ITEM attr [ 220.980785][T10086] CPU: 0 UID: 0 PID: 10086 Comm: syz.1.1230 Not tainted syzkaller #0 PREEMPT(full) [ 220.980820][T10086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 220.980832][T10086] Call Trace: [ 220.980841][T10086] [ 220.980849][T10086] dump_stack_lvl+0x189/0x250 [ 220.980878][T10086] ? __pfx____ratelimit+0x10/0x10 [ 220.980899][T10086] ? __pfx_dump_stack_lvl+0x10/0x10 [ 220.980924][T10086] ? __pfx__printk+0x10/0x10 [ 220.980965][T10086] should_fail_ex+0x414/0x560 [ 220.980999][T10086] _copy_to_user+0x31/0xb0 [ 220.981029][T10086] simple_read_from_buffer+0xe1/0x170 [ 220.981065][T10086] proc_fail_nth_read+0x1b3/0x220 [ 220.981090][T10086] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 220.981112][T10086] ? rw_verify_area+0x2a6/0x4d0 [ 220.981133][T10086] ? __lock_acquire+0xab9/0xd20 [ 220.981155][T10086] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 220.981179][T10086] vfs_read+0x1fd/0xa30 [ 220.981204][T10086] ? fdget_pos+0x247/0x320 [ 220.981225][T10086] ? __pfx___mutex_lock+0x10/0x10 [ 220.981245][T10086] ? __pfx_vfs_read+0x10/0x10 [ 220.981268][T10086] ? __fget_files+0x2a/0x420 [ 220.981287][T10086] ? __fget_files+0x3a0/0x420 [ 220.981300][T10086] ? __fget_files+0x2a/0x420 [ 220.981326][T10086] ksys_read+0x145/0x250 [ 220.981352][T10086] ? __pfx_ksys_read+0x10/0x10 [ 220.981372][T10086] ? fput+0xa0/0xd0 [ 220.981392][T10086] ? do_syscall_64+0xbe/0x3b0 [ 220.981414][T10086] do_syscall_64+0xfa/0x3b0 [ 220.981431][T10086] ? lockdep_hardirqs_on+0x9c/0x150 [ 220.981448][T10086] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.981464][T10086] ? clear_bhb_loop+0x60/0xb0 [ 220.981483][T10086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.981499][T10086] RIP: 0033:0x7fb56598d63c [ 220.981514][T10086] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 220.981527][T10086] RSP: 002b:00007fb56680e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 220.981545][T10086] RAX: ffffffffffffffda RBX: 00007fb565bd5fa0 RCX: 00007fb56598d63c [ 220.981557][T10086] RDX: 000000000000000f RSI: 00007fb56680e0a0 RDI: 0000000000000005 [ 220.981567][T10086] RBP: 00007fb56680e090 R08: 0000000000000000 R09: 0000000000000000 [ 220.981576][T10086] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 220.981586][T10086] R13: 00007fb565bd6038 R14: 00007fb565bd5fa0 R15: 00007ffcad7b5dd8 [ 220.981612][T10086] [ 221.225678][T10090] netlink: zone id is out of range [ 221.230980][T10090] netlink: del zone limit has 8 unknown bytes [ 221.688197][T10112] bond6: entered promiscuous mode [ 221.715142][T10112] bond6: entered allmulticast mode [ 221.721673][T10112] 8021q: adding VLAN 0 to HW filter on device bond6 [ 221.737788][T10114] syzkaller0: entered promiscuous mode [ 221.774686][T10114] syzkaller0: entered allmulticast mode [ 221.855934][T10124] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1240'. [ 221.862216][T10119] vlan2: entered promiscuous mode [ 221.873512][T10119] vlan2: entered allmulticast mode [ 221.886001][T10119] hsr_slave_1: entered allmulticast mode [ 222.066542][T10129] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1243'. [ 222.351544][T10134] IPVS: set_ctl: invalid protocol: 59 100.1.1.2:20001 [ 222.505545][T10150] tipc: Started in network mode [ 222.510675][T10150] tipc: Node identity 6aad4b6d53ed, cluster identity 4711 [ 222.518538][T10150] tipc: Enabled bearer , priority 0 [ 222.585780][T10150] syzkaller0: entered promiscuous mode [ 222.600969][T10150] syzkaller0: entered allmulticast mode [ 222.608004][T10155] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1252'. [ 222.646718][T10150] tipc: Resetting bearer [ 222.658216][T10149] tipc: Resetting bearer [ 222.683600][T10149] tipc: Disabling bearer [ 222.686211][T10158] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1255'. [ 222.934217][T10170] Bluetooth: MGMT ver 1.23 [ 223.265379][T10185] netlink: 'syz.0.1261': attribute type 7 has an invalid length. [ 223.277272][T10185] netlink: 'syz.0.1261': attribute type 8 has an invalid length. [ 223.348506][T10191] FAULT_INJECTION: forcing a failure. [ 223.348506][T10191] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 223.371605][T10191] CPU: 0 UID: 0 PID: 10191 Comm: syz.2.1264 Not tainted syzkaller #0 PREEMPT(full) [ 223.371635][T10191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 223.371647][T10191] Call Trace: [ 223.371655][T10191] [ 223.371664][T10191] dump_stack_lvl+0x189/0x250 [ 223.371694][T10191] ? __pfx____ratelimit+0x10/0x10 [ 223.371716][T10191] ? __pfx_dump_stack_lvl+0x10/0x10 [ 223.371741][T10191] ? __pfx__printk+0x10/0x10 [ 223.371770][T10191] ? __might_fault+0xb0/0x130 [ 223.371811][T10191] should_fail_ex+0x414/0x560 [ 223.371848][T10191] _copy_from_user+0x2d/0xb0 [ 223.371876][T10191] ____sys_sendmsg+0x2fe/0x830 [ 223.371911][T10191] ? __pfx_____sys_sendmsg+0x10/0x10 [ 223.371949][T10191] ? import_iovec+0x74/0xa0 [ 223.371979][T10191] ___sys_sendmsg+0x21f/0x2a0 [ 223.372007][T10191] ? __pfx____sys_sendmsg+0x10/0x10 [ 223.372066][T10191] ? __fget_files+0x2a/0x420 [ 223.372082][T10191] ? __fget_files+0x3a0/0x420 [ 223.372109][T10191] __x64_sys_sendmsg+0x19b/0x260 [ 223.372137][T10191] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 223.372172][T10191] ? __pfx_ksys_write+0x10/0x10 [ 223.372196][T10191] ? rcu_is_watching+0x15/0xb0 [ 223.372221][T10191] ? do_syscall_64+0xbe/0x3b0 [ 223.372247][T10191] do_syscall_64+0xfa/0x3b0 [ 223.372268][T10191] ? lockdep_hardirqs_on+0x9c/0x150 [ 223.372287][T10191] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.372307][T10191] ? clear_bhb_loop+0x60/0xb0 [ 223.372331][T10191] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.372349][T10191] RIP: 0033:0x7f567c18ec29 [ 223.372367][T10191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.372383][T10191] RSP: 002b:00007f567cf67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 223.372403][T10191] RAX: ffffffffffffffda RBX: 00007f567c3d5fa0 RCX: 00007f567c18ec29 [ 223.372417][T10191] RDX: 00000000000040c0 RSI: 00002000000000c0 RDI: 0000000000000005 [ 223.372428][T10191] RBP: 00007f567cf67090 R08: 0000000000000000 R09: 0000000000000000 [ 223.372440][T10191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 223.372451][T10191] R13: 00007f567c3d6038 R14: 00007f567c3d5fa0 R15: 00007ffdd9a742f8 [ 223.372482][T10191] [ 223.681866][T10165] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 223.704773][T10165] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 223.898045][T10165] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 223.932620][T10165] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 223.968573][T10205] __nla_validate_parse: 2 callbacks suppressed [ 223.968596][T10205] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1267'. [ 224.018383][T10165] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 224.039650][T10165] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 224.120409][T10165] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 224.140349][T10165] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 224.254275][T10165] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 224.260252][T10165] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 224.273257][T10221] FAULT_INJECTION: forcing a failure. [ 224.273257][T10221] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 224.294189][T10221] CPU: 0 UID: 0 PID: 10221 Comm: syz.4.1272 Not tainted syzkaller #0 PREEMPT(full) [ 224.294218][T10221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 224.294231][T10221] Call Trace: [ 224.294239][T10221] [ 224.294248][T10221] dump_stack_lvl+0x189/0x250 [ 224.294278][T10221] ? __pfx____ratelimit+0x10/0x10 [ 224.294301][T10221] ? __pfx_dump_stack_lvl+0x10/0x10 [ 224.294325][T10221] ? __pfx__printk+0x10/0x10 [ 224.294354][T10221] ? __might_fault+0xb0/0x130 [ 224.294395][T10221] should_fail_ex+0x414/0x560 [ 224.294431][T10221] _copy_from_user+0x2d/0xb0 [ 224.294460][T10221] ___sys_sendmsg+0x158/0x2a0 [ 224.294490][T10221] ? __pfx____sys_sendmsg+0x10/0x10 [ 224.294558][T10221] ? __fget_files+0x2a/0x420 [ 224.294576][T10221] ? __fget_files+0x3a0/0x420 [ 224.294606][T10221] __x64_sys_sendmsg+0x19b/0x260 [ 224.294638][T10221] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 224.294677][T10221] ? __pfx_ksys_write+0x10/0x10 [ 224.294701][T10221] ? rcu_is_watching+0x15/0xb0 [ 224.294728][T10221] ? do_syscall_64+0xbe/0x3b0 [ 224.294764][T10221] do_syscall_64+0xfa/0x3b0 [ 224.294784][T10221] ? lockdep_hardirqs_on+0x9c/0x150 [ 224.294805][T10221] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.294826][T10221] ? clear_bhb_loop+0x60/0xb0 [ 224.294851][T10221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.294870][T10221] RIP: 0033:0x7fb66258ec29 [ 224.294889][T10221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.294905][T10221] RSP: 002b:00007fb6634d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 224.294926][T10221] RAX: ffffffffffffffda RBX: 00007fb6627d5fa0 RCX: 00007fb66258ec29 [ 224.294941][T10221] RDX: 000000002004c040 RSI: 0000200000000080 RDI: 0000000000000004 [ 224.294954][T10221] RBP: 00007fb6634d6090 R08: 0000000000000000 R09: 0000000000000000 [ 224.294966][T10221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 224.294978][T10221] R13: 00007fb6627d6038 R14: 00007fb6627d5fa0 R15: 00007ffd9c95b708 [ 224.295011][T10221] [ 224.781777][T10165] tipc: Resetting bearer [ 224.964570][T10242] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1281'. [ 225.155331][T10248] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1282'. [ 225.222189][T10248] veth0: entered promiscuous mode [ 225.239680][T10251] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 225.272147][T10248] veth0: left promiscuous mode [ 225.502746][T10261] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1289'. [ 225.526960][T10261] team0: No ports can be present during mode change [ 225.822933][T10273] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.837330][T10278] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1295'. [ 226.050775][T10273] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.129237][T10273] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.347790][T10273] netdevsim netdevsim3 ÿÿÿÿÿÿ (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.818710][ T61] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.935596][ T7038] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.017174][T10322] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1309'. [ 227.046467][ T7038] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.223368][ T3017] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.302019][T10325] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 227.459926][T10328] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 227.582893][T10337] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1315'. [ 227.808987][T10347] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1322'. [ 228.086796][T10363] netlink: 'syz.0.1325': attribute type 8 has an invalid length. [ 228.105137][T10363] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1325'. [ 228.138291][T10365] netlink: 'syz.0.1325': attribute type 8 has an invalid length. [ 228.146059][T10363] bond0: entered promiscuous mode [ 228.146088][T10363] bond_slave_0: entered promiscuous mode [ 228.146336][T10363] bond_slave_1: entered promiscuous mode [ 228.166513][T10363] bond0: left promiscuous mode [ 228.201009][T10365] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1325'. [ 228.226571][T10363] bond_slave_0: left promiscuous mode [ 228.245473][T10363] bond_slave_1: left promiscuous mode [ 228.341656][T10365] bond0: entered promiscuous mode [ 228.365013][T10365] bond_slave_0: entered promiscuous mode [ 228.398484][T10365] bond_slave_1: entered promiscuous mode [ 228.441835][T10365] bond0: left promiscuous mode [ 228.449276][T10381] netlink: 'syz.3.1328': attribute type 4 has an invalid length. [ 228.456964][T10365] bond_slave_0: left promiscuous mode [ 228.474266][T10365] bond_slave_1: left promiscuous mode [ 228.942200][T10396] macvtap1: entered allmulticast mode [ 228.947661][T10396] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 229.008521][T10396] mac80211_hwsim hwsim4 wlan0: left allmulticast mode [ 229.131953][T10408] __nla_validate_parse: 4 callbacks suppressed [ 229.131976][T10408] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1345'. [ 229.172476][T10410] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1344'. [ 229.213860][T10415] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1344'. [ 229.489600][T10427] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 229.545818][T10427] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 229.573446][T10435] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1355'. [ 229.591858][T10433] FAULT_INJECTION: forcing a failure. [ 229.591858][T10433] name failslab, interval 1, probability 0, space 0, times 0 [ 229.618146][T10433] CPU: 0 UID: 0 PID: 10433 Comm: syz.1.1354 Not tainted syzkaller #0 PREEMPT(full) [ 229.618175][T10433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 229.618188][T10433] Call Trace: [ 229.618196][T10433] [ 229.618206][T10433] dump_stack_lvl+0x189/0x250 [ 229.618237][T10433] ? __pfx____ratelimit+0x10/0x10 [ 229.618259][T10433] ? __pfx_dump_stack_lvl+0x10/0x10 [ 229.618283][T10433] ? __pfx__printk+0x10/0x10 [ 229.618320][T10433] ? __pfx___might_resched+0x10/0x10 [ 229.618346][T10433] ? fs_reclaim_acquire+0x7d/0x100 [ 229.618370][T10433] should_fail_ex+0x414/0x560 [ 229.618406][T10433] should_failslab+0xa8/0x100 [ 229.618438][T10433] __kmalloc_noprof+0xcb/0x4f0 [ 229.618464][T10433] ? security_sk_alloc+0x52/0x390 [ 229.618494][T10433] security_sk_alloc+0x52/0x390 [ 229.618521][T10433] sk_prot_alloc+0x101/0x220 [ 229.618551][T10433] sk_alloc+0x3a/0x370 [ 229.618582][T10433] inet_create+0x7a0/0x1000 [ 229.618607][T10433] ? inet_create+0x9c/0x1000 [ 229.618635][T10433] __sock_create+0x4b0/0x9f0 [ 229.618667][T10433] mptcp_subflow_create_socket+0xf0/0x7d0 [ 229.618696][T10433] ? __lock_acquire+0xab9/0xd20 [ 229.618727][T10433] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 229.618766][T10433] __mptcp_nmpc_sk+0x148/0x760 [ 229.618793][T10433] ? __local_bh_enable_ip+0x12d/0x1c0 [ 229.618812][T10433] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 229.618847][T10433] mptcp_getsockopt+0xe7a/0x1be0 [ 229.618870][T10433] ? page_table_check_set+0x18d/0x730 [ 229.618905][T10433] ? __pfx_mptcp_getsockopt+0x10/0x10 [ 229.618928][T10433] ? page_table_check_set+0x18d/0x730 [ 229.618956][T10433] ? xas_find+0x842/0x990 [ 229.618990][T10433] ? filemap_map_pages+0x150/0x1740 [ 229.619016][T10433] ? filemap_map_pages+0x1374/0x1740 [ 229.619054][T10433] ? filemap_map_pages+0x150/0x1740 [ 229.619082][T10433] ? __pfx_filemap_map_pages+0x10/0x10 [ 229.619107][T10433] ? __handle_mm_fault+0x27b7/0x5440 [ 229.619142][T10433] ? __handle_mm_fault+0x27b7/0x5440 [ 229.619173][T10433] ? __handle_mm_fault+0x27b7/0x5440 [ 229.619199][T10433] ? __handle_mm_fault+0x27b7/0x5440 [ 229.619229][T10433] ? __handle_mm_fault+0x37e6/0x5440 [ 229.619263][T10433] ? css_rstat_updated+0x23a/0x4f0 [ 229.619293][T10433] ? __pfx_css_rstat_updated+0x10/0x10 [ 229.619321][T10433] ? count_memcg_event_mm+0x21/0x260 [ 229.619366][T10433] ? count_memcg_event_mm+0x21/0x260 [ 229.619396][T10433] ? __up_read+0x280/0x680 [ 229.619423][T10433] ? __pfx___up_read+0x10/0x10 [ 229.619446][T10433] ? do_user_addr_fault+0xbc1/0x1390 [ 229.619484][T10433] ? do_user_addr_fault+0xc8a/0x1390 [ 229.619524][T10433] ? irqentry_exit+0x74/0x90 [ 229.619545][T10433] ? lockdep_hardirqs_on+0x9c/0x150 [ 229.619568][T10433] ? irqentry_exit+0x74/0x90 [ 229.619587][T10433] ? exc_page_fault+0x9f/0xf0 [ 229.619625][T10433] ? rep_movs_alternative+0xf/0x90 [ 229.619653][T10433] ? sock_common_getsockopt+0x2d/0xb0 [ 229.619673][T10433] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 229.619698][T10433] do_sock_getsockopt+0x36f/0x450 [ 229.619729][T10433] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 229.619755][T10433] ? write_ibpb+0x30/0x40 [ 229.619776][T10433] ? __fget_files+0x3a0/0x420 [ 229.619794][T10433] ? __fget_files+0x2a/0x420 [ 229.619821][T10433] __x64_sys_getsockopt+0x1a5/0x250 [ 229.619847][T10433] ? write_ibpb+0x30/0x40 [ 229.619872][T10433] ? write_ibpb+0x30/0x40 [ 229.619899][T10433] do_syscall_64+0xfa/0x3b0 [ 229.619921][T10433] ? lockdep_hardirqs_on+0x9c/0x150 [ 229.619941][T10433] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.619961][T10433] ? clear_bhb_loop+0x60/0xb0 [ 229.619985][T10433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.620004][T10433] RIP: 0033:0x7fb56598ec29 [ 229.620023][T10433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.620039][T10433] RSP: 002b:00007fb56680e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 229.620059][T10433] RAX: ffffffffffffffda RBX: 00007fb565bd5fa0 RCX: 00007fb56598ec29 [ 229.620073][T10433] RDX: 000000000000001a RSI: 0000000000000006 RDI: 0000000000000004 [ 229.620084][T10433] RBP: 00007fb56680e090 R08: 0000200000000000 R09: 0000000000000000 [ 229.620097][T10433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 229.620108][T10433] R13: 00007fb565bd6038 R14: 00007fb565bd5fa0 R15: 00007ffcad7b5dd8 [ 229.620139][T10433] [ 230.387808][T10454] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1361'. [ 230.435963][T10456] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1363'. [ 230.721103][T10472] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1369'. [ 230.845680][T10476] macvtap1: entered allmulticast mode [ 230.866774][T10476] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 230.888726][T10476] mac80211_hwsim hwsim4 wlan0: left allmulticast mode [ 230.946759][T10486] netlink: 'syz.0.1378': attribute type 1 has an invalid length. [ 231.207192][T10486] 8021q: adding VLAN 0 to HW filter on device bond3 [ 231.273540][T10492] ipvlan2: entered allmulticast mode [ 231.291062][T10492] bond3: entered allmulticast mode [ 231.441603][T10499] bond3: (slave gretap1): making interface the new active one [ 231.466406][T10499] gretap1: entered allmulticast mode [ 231.499615][T10499] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 231.635724][T10521] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1385'. [ 231.672077][T10521] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1385'. [ 231.817726][T10524] FAULT_INJECTION: forcing a failure. [ 231.817726][T10524] name failslab, interval 1, probability 0, space 0, times 0 [ 231.842744][T10524] CPU: 1 UID: 0 PID: 10524 Comm: syz.4.1386 Not tainted syzkaller #0 PREEMPT(full) [ 231.842774][T10524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 231.842787][T10524] Call Trace: [ 231.842795][T10524] [ 231.842804][T10524] dump_stack_lvl+0x189/0x250 [ 231.842836][T10524] ? __pfx____ratelimit+0x10/0x10 [ 231.842859][T10524] ? __pfx_dump_stack_lvl+0x10/0x10 [ 231.842885][T10524] ? __pfx__printk+0x10/0x10 [ 231.842944][T10524] ? __pfx___might_resched+0x10/0x10 [ 231.842964][T10524] ? fs_reclaim_acquire+0x7d/0x100 [ 231.842993][T10524] should_fail_ex+0x414/0x560 [ 231.843031][T10524] ? alloc_netdev_mqs+0xa46/0x11b0 [ 231.843062][T10524] should_failslab+0xa8/0x100 [ 231.843094][T10524] __kvmalloc_node_noprof+0x161/0x5f0 [ 231.843125][T10524] ? alloc_netdev_mqs+0xa46/0x11b0 [ 231.843171][T10524] alloc_netdev_mqs+0xa46/0x11b0 [ 231.843210][T10524] rtnl_create_link+0x31f/0xd10 [ 231.843251][T10524] rtnl_newlink_create+0x25c/0xb00 [ 231.843284][T10524] ? __mutex_lock+0x5bb/0x1350 [ 231.843315][T10524] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 231.843346][T10524] ? __pfx___mutex_lock+0x10/0x10 [ 231.843379][T10524] ? ns_capable+0x8a/0xf0 [ 231.843404][T10524] rtnl_newlink+0x16e4/0x1c80 [ 231.843430][T10524] ? __dev_queue_xmit+0x1b8d/0x3b50 [ 231.843475][T10524] ? __pfx_rtnl_newlink+0x10/0x10 [ 231.843531][T10524] ? kasan_quarantine_put+0xdd/0x220 [ 231.843556][T10524] ? lockdep_hardirqs_on+0x9c/0x150 [ 231.843584][T10524] ? nlmon_xmit+0xb0/0x100 [ 231.843607][T10524] ? kmem_cache_free+0x18f/0x400 [ 231.843643][T10524] ? __local_bh_enable_ip+0x12d/0x1c0 [ 231.843663][T10524] ? lockdep_hardirqs_on+0x9c/0x150 [ 231.843686][T10524] ? __local_bh_enable_ip+0x12d/0x1c0 [ 231.843706][T10524] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 231.843730][T10524] ? __dev_queue_xmit+0x27b/0x3b50 [ 231.843764][T10524] ? __dev_queue_xmit+0x27b/0x3b50 [ 231.843791][T10524] ? __dev_queue_xmit+0x27b/0x3b50 [ 231.843821][T10524] ? __dev_queue_xmit+0x1d79/0x3b50 [ 231.843857][T10524] ? __lock_acquire+0xab9/0xd20 [ 231.843917][T10524] ? __pfx_rtnl_newlink+0x10/0x10 [ 231.843940][T10524] rtnetlink_rcv_msg+0x7cf/0xb70 [ 231.843967][T10524] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 231.843989][T10524] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 231.844010][T10524] ? ref_tracker_free+0x63a/0x7d0 [ 231.844032][T10524] ? __asan_memcpy+0x40/0x70 [ 231.844055][T10524] ? __pfx_ref_tracker_free+0x10/0x10 [ 231.844073][T10524] ? __skb_clone+0x63/0x7a0 [ 231.844113][T10524] netlink_rcv_skb+0x208/0x470 [ 231.844148][T10524] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 231.844174][T10524] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 231.844212][T10524] ? netlink_deliver_tap+0x2e/0x1b0 [ 231.844247][T10524] netlink_unicast+0x82f/0x9e0 [ 231.844280][T10524] ? __pfx_netlink_unicast+0x10/0x10 [ 231.844304][T10524] ? netlink_sendmsg+0x642/0xb30 [ 231.844327][T10524] ? skb_put+0x11b/0x210 [ 231.844357][T10524] netlink_sendmsg+0x805/0xb30 [ 231.844394][T10524] ? __pfx_netlink_sendmsg+0x10/0x10 [ 231.844424][T10524] ? aa_sock_msg_perm+0xf1/0x1d0 [ 231.844448][T10524] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 231.844471][T10524] ? __pfx_netlink_sendmsg+0x10/0x10 [ 231.844497][T10524] __sock_sendmsg+0x21c/0x270 [ 231.844522][T10524] ____sys_sendmsg+0x505/0x830 [ 231.844557][T10524] ? __pfx_____sys_sendmsg+0x10/0x10 [ 231.844596][T10524] ? import_iovec+0x74/0xa0 [ 231.844629][T10524] ___sys_sendmsg+0x21f/0x2a0 [ 231.844660][T10524] ? __pfx____sys_sendmsg+0x10/0x10 [ 231.844733][T10524] ? __fget_files+0x2a/0x420 [ 231.844751][T10524] ? __fget_files+0x3a0/0x420 [ 231.844783][T10524] __x64_sys_sendmsg+0x19b/0x260 [ 231.844815][T10524] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 231.844856][T10524] ? __pfx_ksys_write+0x10/0x10 [ 231.844881][T10524] ? rcu_is_watching+0x15/0xb0 [ 231.844910][T10524] ? do_syscall_64+0xbe/0x3b0 [ 231.844938][T10524] do_syscall_64+0xfa/0x3b0 [ 231.844958][T10524] ? lockdep_hardirqs_on+0x9c/0x150 [ 231.844979][T10524] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.844998][T10524] ? clear_bhb_loop+0x60/0xb0 [ 231.845023][T10524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.845043][T10524] RIP: 0033:0x7fb66258ec29 [ 231.845062][T10524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.845078][T10524] RSP: 002b:00007fb6634d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 231.845100][T10524] RAX: ffffffffffffffda RBX: 00007fb6627d5fa0 RCX: 00007fb66258ec29 [ 231.845114][T10524] RDX: 0000000004000840 RSI: 0000200000000080 RDI: 000000000000000c [ 231.845126][T10524] RBP: 00007fb6634d6090 R08: 0000000000000000 R09: 0000000000000000 [ 231.845138][T10524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 231.845156][T10524] R13: 00007fb6627d6038 R14: 00007fb6627d5fa0 R15: 00007ffd9c95b708 [ 231.845187][T10524] [ 232.337688][T10531] netlink: zone id is out of range [ 232.379026][T10544] netlink: zone id is out of range [ 232.385506][T10544] netlink: del zone limit has 8 unknown bytes [ 232.395319][T10544] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode [ 232.402562][T10544] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 232.415629][T10531] netlink: del zone limit has 8 unknown bytes [ 232.514236][T10531] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 232.538756][T10531] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 232.633472][T10549] tipc: Enabled bearer , priority 0 [ 232.865494][T10554] IPVS: Scheduler module ip_vs_sip not found [ 232.962133][T10549] syzkaller0: entered promiscuous mode [ 232.967678][T10549] syzkaller0: entered allmulticast mode [ 233.090410][T10572] tipc: Resetting bearer [ 233.171092][T10548] tipc: Resetting bearer [ 233.217845][T10590] netlink: 'syz.1.1399': attribute type 142 has an invalid length. [ 233.330610][T10548] tipc: Disabling bearer [ 233.666153][T10599] netlink: 'syz.0.1401': attribute type 1 has an invalid length. [ 233.953338][T10617] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1405'. [ 233.990666][T10603] IPVS: Scheduler module ip_vs_sip not found [ 234.120602][T10599] 8021q: adding VLAN 0 to HW filter on device bond4 [ 234.233750][T10606] bond4: (slave geneve3): making interface the new active one [ 234.258311][T10606] bond4: (slave geneve3): Enslaving as an active interface with an up link [ 234.426180][ T61] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.448637][ T1153] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.489559][ T1153] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.510927][ T1153] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.594767][T10645] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1412'. [ 234.735210][T10649] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1414'. [ 234.809588][T10653] bridge0: entered promiscuous mode [ 234.817700][T10653] bridge0: left promiscuous mode [ 234.867189][T10659] netlink: 124 bytes leftover after parsing attributes in process `syz.0.1418'. [ 235.013310][T10667] netlink: 'syz.1.1419': attribute type 2 has an invalid length. [ 235.051299][T10667] netlink: 'syz.1.1419': attribute type 8 has an invalid length. [ 235.086349][T10667] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1419'. [ 235.164396][T10671] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1421'. [ 235.748729][T10695] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1430'. [ 235.768022][T10699] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1434'. [ 235.815697][T10699] macvtap2: entered allmulticast mode [ 236.358184][T10727] FAULT_INJECTION: forcing a failure. [ 236.358184][T10727] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 236.411104][T10727] CPU: 0 UID: 0 PID: 10727 Comm: syz.2.1447 Not tainted syzkaller #0 PREEMPT(full) [ 236.411134][T10727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 236.411146][T10727] Call Trace: [ 236.411155][T10727] [ 236.411163][T10727] dump_stack_lvl+0x189/0x250 [ 236.411192][T10727] ? __pfx____ratelimit+0x10/0x10 [ 236.411214][T10727] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.411239][T10727] ? __pfx__printk+0x10/0x10 [ 236.411267][T10727] ? __might_fault+0xb0/0x130 [ 236.411308][T10727] should_fail_ex+0x414/0x560 [ 236.411345][T10727] _copy_from_iter+0x1de/0x1790 [ 236.411387][T10727] ? __pfx__copy_from_iter+0x10/0x10 [ 236.411407][T10727] ? bcm_rx_setup+0x488/0x1970 [ 236.411431][T10727] ? __kasan_kmalloc+0x93/0xb0 [ 236.411462][T10727] ? bcm_rx_setup+0x488/0x1970 [ 236.411494][T10727] bcm_rx_setup+0x797/0x1970 [ 236.411529][T10727] bcm_sendmsg+0x255/0x6a0 [ 236.411556][T10727] ? __pfx_bcm_sendmsg+0x10/0x10 [ 236.411582][T10727] ? aa_sock_msg_perm+0xf1/0x1d0 [ 236.411605][T10727] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 236.411628][T10727] ? __pfx_bcm_sendmsg+0x10/0x10 [ 236.411648][T10727] __sock_sendmsg+0x21c/0x270 [ 236.411672][T10727] ____sys_sendmsg+0x505/0x830 [ 236.411706][T10727] ? __pfx_____sys_sendmsg+0x10/0x10 [ 236.411745][T10727] ? import_iovec+0x74/0xa0 [ 236.411777][T10727] ___sys_sendmsg+0x21f/0x2a0 [ 236.411807][T10727] ? __pfx____sys_sendmsg+0x10/0x10 [ 236.411874][T10727] ? __fget_files+0x2a/0x420 [ 236.411892][T10727] ? __fget_files+0x3a0/0x420 [ 236.411922][T10727] __x64_sys_sendmsg+0x19b/0x260 [ 236.411952][T10727] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 236.411991][T10727] ? __pfx_ksys_write+0x10/0x10 [ 236.412022][T10727] ? rcu_is_watching+0x15/0xb0 [ 236.412048][T10727] ? do_syscall_64+0xbe/0x3b0 [ 236.412076][T10727] do_syscall_64+0xfa/0x3b0 [ 236.412097][T10727] ? lockdep_hardirqs_on+0x9c/0x150 [ 236.412118][T10727] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.412138][T10727] ? clear_bhb_loop+0x60/0xb0 [ 236.412163][T10727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.412182][T10727] RIP: 0033:0x7f567c18ec29 [ 236.412202][T10727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.412219][T10727] RSP: 002b:00007f567cf67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 236.412241][T10727] RAX: ffffffffffffffda RBX: 00007f567c3d5fa0 RCX: 00007f567c18ec29 [ 236.412256][T10727] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 236.412269][T10727] RBP: 00007f567cf67090 R08: 0000000000000000 R09: 0000000000000000 [ 236.412280][T10727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 236.412292][T10727] R13: 00007f567c3d6038 R14: 00007f567c3d5fa0 R15: 00007ffdd9a742f8 [ 236.412325][T10727] [ 236.962084][T10748] tun0: tun_chr_ioctl cmd 1074025673 [ 237.033825][T10751] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1453'. [ 237.130744][T10751] erspan0: entered promiscuous mode [ 237.162288][T10756] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1454'. [ 237.198562][T10751] erspan0: left promiscuous mode [ 237.386077][ T5925] IPVS: starting estimator thread 0... [ 237.481073][T10766] IPVS: using max 33 ests per chain, 79200 per kthread [ 237.529325][T10772] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1461'. [ 237.551928][T10772] team0: No ports can be present during mode change [ 238.215293][T10795] bridge1: entered promiscuous mode [ 238.223728][T10797] netlink: 'syz.0.1469': attribute type 4 has an invalid length. [ 238.254537][T10797] netlink: 'syz.0.1469': attribute type 4 has an invalid length. [ 238.592362][T10804] netlink: zone id is out of range [ 238.604339][T10804] netlink: del zone limit has 8 unknown bytes [ 238.989593][T10825] IPv6: NLM_F_CREATE should be specified when creating new route [ 239.415396][T10845] netlink: 'syz.1.1484': attribute type 13 has an invalid length. [ 239.433977][T10845] netlink: 'syz.1.1484': attribute type 17 has an invalid length. [ 239.492026][T10845] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 239.574852][T10851] netlink: 'syz.4.1486': attribute type 1 has an invalid length. [ 240.380187][T10887] __nla_validate_parse: 1 callbacks suppressed [ 240.380210][T10887] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1503'. [ 240.486474][T10897] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1505'. [ 240.819388][T10910] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.847861][T10910] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 240.922449][T10920] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1513'. [ 241.025174][T10925] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1514'. [ 241.192182][T10931] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1515'. [ 241.493026][T10943] netlink: 124 bytes leftover after parsing attributes in process `syz.3.1521'. [ 241.564775][T10945] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1522'. [ 241.598901][T10945] vlan2: entered promiscuous mode [ 241.613733][T10945] batadv0: entered promiscuous mode [ 241.663488][T10951] netlink: 1 bytes leftover after parsing attributes in process `syz.2.1525'. [ 241.675357][T10950] veth1_to_batadv: mtu less than device minimum [ 242.165535][T10969] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1530'. [ 242.181556][T10969] netlink: 'syz.3.1530': attribute type 10 has an invalid length. [ 242.189841][T10969] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1530'. [ 242.202337][T10969] dummy0: entered promiscuous mode [ 242.214901][T10969] bridge0: port 3(dummy0) entered blocking state [ 242.221718][T10969] bridge0: port 3(dummy0) entered disabled state [ 242.228506][T10969] dummy0: entered allmulticast mode [ 242.245799][T10969] bridge0: port 3(dummy0) entered blocking state [ 242.253058][T10969] bridge0: port 3(dummy0) entered forwarding state [ 242.768907][T10985] FAULT_INJECTION: forcing a failure. [ 242.768907][T10985] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 242.827325][T10985] CPU: 1 UID: 0 PID: 10985 Comm: syz.3.1535 Not tainted syzkaller #0 PREEMPT(full) [ 242.827356][T10985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 242.827383][T10985] Call Trace: [ 242.827392][T10985] [ 242.827401][T10985] dump_stack_lvl+0x189/0x250 [ 242.827432][T10985] ? __pfx____ratelimit+0x10/0x10 [ 242.827454][T10985] ? __pfx_dump_stack_lvl+0x10/0x10 [ 242.827478][T10985] ? __pfx__printk+0x10/0x10 [ 242.827507][T10985] ? __might_fault+0xb0/0x130 [ 242.827548][T10985] should_fail_ex+0x414/0x560 [ 242.827599][T10985] _copy_from_iter+0x1de/0x1790 [ 242.827633][T10985] ? rcu_is_watching+0x15/0xb0 [ 242.827655][T10985] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 242.827686][T10985] ? __pfx__copy_from_iter+0x10/0x10 [ 242.827713][T10985] ? __build_skb_around+0x257/0x3e0 [ 242.827742][T10985] ? netlink_sendmsg+0x642/0xb30 [ 242.827764][T10985] ? skb_put+0x11b/0x210 [ 242.827794][T10985] netlink_sendmsg+0x6b2/0xb30 [ 242.827829][T10985] ? __pfx_netlink_sendmsg+0x10/0x10 [ 242.827858][T10985] ? aa_sock_msg_perm+0xf1/0x1d0 [ 242.827881][T10985] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 242.827904][T10985] ? __pfx_netlink_sendmsg+0x10/0x10 [ 242.827938][T10985] __sock_sendmsg+0x21c/0x270 [ 242.827963][T10985] ____sys_sendmsg+0x505/0x830 [ 242.828004][T10985] ? __pfx_____sys_sendmsg+0x10/0x10 [ 242.828043][T10985] ? import_iovec+0x74/0xa0 [ 242.828074][T10985] ___sys_sendmsg+0x21f/0x2a0 [ 242.828105][T10985] ? __pfx____sys_sendmsg+0x10/0x10 [ 242.828175][T10985] ? __fget_files+0x2a/0x420 [ 242.828193][T10985] ? __fget_files+0x3a0/0x420 [ 242.828223][T10985] __x64_sys_sendmsg+0x19b/0x260 [ 242.828255][T10985] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 242.828293][T10985] ? __pfx_ksys_write+0x10/0x10 [ 242.828319][T10985] ? rcu_is_watching+0x15/0xb0 [ 242.828351][T10985] ? do_syscall_64+0xbe/0x3b0 [ 242.828379][T10985] do_syscall_64+0xfa/0x3b0 [ 242.828401][T10985] ? lockdep_hardirqs_on+0x9c/0x150 [ 242.828422][T10985] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.828443][T10985] ? clear_bhb_loop+0x60/0xb0 [ 242.828468][T10985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.828489][T10985] RIP: 0033:0x7f581318ec29 [ 242.828507][T10985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 242.828525][T10985] RSP: 002b:00007f58140d2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 242.828547][T10985] RAX: ffffffffffffffda RBX: 00007f58133d5fa0 RCX: 00007f581318ec29 [ 242.828562][T10985] RDX: 0000000000000040 RSI: 0000200000000080 RDI: 0000000000000003 [ 242.828582][T10985] RBP: 00007f58140d2090 R08: 0000000000000000 R09: 0000000000000000 [ 242.828595][T10985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 242.828607][T10985] R13: 00007f58133d6038 R14: 00007f58133d5fa0 R15: 00007ffc379c55c8 [ 242.828641][T10985] [ 244.113781][T11024] sctp: [Deprecated]: syz.2.1545 (pid 11024) Use of struct sctp_assoc_value in delayed_ack socket option. [ 244.113781][T11024] Use struct sctp_sack_info instead [ 244.597679][T11040] IPv6: NLM_F_CREATE should be specified when creating new route [ 245.723741][T11060] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 245.801362][ T31] audit: type=1804 audit(1758345756.476:2): pid=11062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1559" name="cgroup.controllers" dev="tmpfs" ino=1721 res=1 errno=0 [ 245.838695][T11063] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 245.865211][ T31] audit: type=1800 audit(1758345756.486:3): pid=11062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1559" name="cgroup.controllers" dev="tmpfs" ino=1721 res=0 errno=0 [ 246.468375][T11088] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 246.561817][T11089] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 247.725618][T11114] __nla_validate_parse: 2 callbacks suppressed [ 247.725641][T11114] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1573'. [ 247.751268][T11114] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 247.981783][T11121] tipc: Can't bind to reserved service type 1 [ 248.281599][T11131] macvtap4: entered promiscuous mode [ 248.353882][T11131] macvtap4: entered allmulticast mode [ 248.396490][T11131] bond0: entered allmulticast mode [ 248.421835][T11131] veth3: entered allmulticast mode [ 248.460177][T11131] mac80211_hwsim hwsim12 wlan1: entered allmulticast mode [ 248.529853][T11131] bond0: entered promiscuous mode [ 248.554711][T11144] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1572'. [ 248.581712][T11131] mac80211_hwsim hwsim12 wlan1: entered promiscuous mode [ 248.600641][T11131] 8021q: adding VLAN 0 to HW filter on device macvtap4 [ 248.667838][T11131] team0: Device macvtap4 failed to register rx_handler [ 248.687401][T11131] bond0: left allmulticast mode [ 248.702393][T11131] veth3: left allmulticast mode [ 248.715851][T11131] mac80211_hwsim hwsim12 wlan1: left allmulticast mode [ 248.735690][T11131] bond0: left promiscuous mode [ 248.743437][T11131] mac80211_hwsim hwsim12 wlan1: left promiscuous mode [ 249.126170][T11158] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 249.279349][T11162] netlink: 'syz.4.1584': attribute type 1 has an invalid length. [ 249.291443][T11163] netlink: 124 bytes leftover after parsing attributes in process `syz.2.1585'. [ 249.417832][T11168] netlink: 'syz.4.1584': attribute type 1 has an invalid length. [ 249.845786][T11174] netlink: 'syz.4.1589': attribute type 2 has an invalid length. [ 249.854000][T11174] netlink: 'syz.4.1589': attribute type 8 has an invalid length. [ 249.862848][T11174] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1589'. [ 249.974834][T11180] FAULT_INJECTION: forcing a failure. [ 249.974834][T11180] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 250.010414][T11180] CPU: 1 UID: 0 PID: 11180 Comm: syz.3.1592 Not tainted syzkaller #0 PREEMPT(full) [ 250.010443][T11180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 250.010456][T11180] Call Trace: [ 250.010464][T11180] [ 250.010472][T11180] dump_stack_lvl+0x189/0x250 [ 250.010502][T11180] ? __pfx____ratelimit+0x10/0x10 [ 250.010525][T11180] ? __pfx_dump_stack_lvl+0x10/0x10 [ 250.010550][T11180] ? __pfx__printk+0x10/0x10 [ 250.010579][T11180] ? __might_fault+0xb0/0x130 [ 250.010629][T11180] should_fail_ex+0x414/0x560 [ 250.010666][T11180] _copy_from_user+0x2d/0xb0 [ 250.010695][T11180] ___sys_sendmsg+0x158/0x2a0 [ 250.010725][T11180] ? __pfx____sys_sendmsg+0x10/0x10 [ 250.010793][T11180] ? __fget_files+0x2a/0x420 [ 250.010816][T11180] ? __fget_files+0x3a0/0x420 [ 250.010844][T11180] __x64_sys_sendmsg+0x19b/0x260 [ 250.010874][T11180] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 250.010913][T11180] ? __pfx_ksys_write+0x10/0x10 [ 250.010939][T11180] ? rcu_is_watching+0x15/0xb0 [ 250.010967][T11180] ? do_syscall_64+0xbe/0x3b0 [ 250.010994][T11180] do_syscall_64+0xfa/0x3b0 [ 250.011016][T11180] ? lockdep_hardirqs_on+0x9c/0x150 [ 250.011038][T11180] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.011076][T11180] ? clear_bhb_loop+0x60/0xb0 [ 250.011111][T11180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.011131][T11180] RIP: 0033:0x7f581318ec29 [ 250.011151][T11180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.011168][T11180] RSP: 002b:00007f58140d2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 250.011190][T11180] RAX: ffffffffffffffda RBX: 00007f58133d5fa0 RCX: 00007f581318ec29 [ 250.011205][T11180] RDX: 0000000020040051 RSI: 0000200000002ac0 RDI: 0000000000000003 [ 250.011218][T11180] RBP: 00007f58140d2090 R08: 0000000000000000 R09: 0000000000000000 [ 250.011231][T11180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 250.011244][T11180] R13: 00007f58133d6038 R14: 00007f58133d5fa0 R15: 00007ffc379c55c8 [ 250.011278][T11180] [ 250.375501][T11195] trusted_key: syz.0.1600 sent an empty control message without MSG_MORE. [ 250.698265][T11218] netlink: 'syz.3.1603': attribute type 6 has an invalid length. [ 251.202569][T11241] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1611'. [ 251.288879][T11242] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1612'. [ 251.337940][T11242] vlan2: entered promiscuous mode [ 252.160305][T11280] FAULT_INJECTION: forcing a failure. [ 252.160305][T11280] name failslab, interval 1, probability 0, space 0, times 0 [ 252.173685][T11280] CPU: 0 UID: 0 PID: 11280 Comm: syz.0.1622 Not tainted syzkaller #0 PREEMPT(full) [ 252.173714][T11280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 252.173727][T11280] Call Trace: [ 252.173735][T11280] [ 252.173744][T11280] dump_stack_lvl+0x189/0x250 [ 252.173775][T11280] ? __pfx____ratelimit+0x10/0x10 [ 252.173798][T11280] ? __pfx_dump_stack_lvl+0x10/0x10 [ 252.173823][T11280] ? __pfx__printk+0x10/0x10 [ 252.173852][T11280] ? __pfx___might_resched+0x10/0x10 [ 252.173867][T11280] ? fs_reclaim_acquire+0x7d/0x100 [ 252.173887][T11280] should_fail_ex+0x414/0x560 [ 252.173916][T11280] ? alloc_netdev_mqs+0xa3/0x11b0 [ 252.173941][T11280] should_failslab+0xa8/0x100 [ 252.173967][T11280] __kvmalloc_node_noprof+0x161/0x5f0 [ 252.173991][T11280] ? alloc_netdev_mqs+0xa3/0x11b0 [ 252.174014][T11280] ? snprintf+0xda/0x120 [ 252.174041][T11280] alloc_netdev_mqs+0xa3/0x11b0 [ 252.174064][T11280] ? __pfx_ip6_tnl_dev_setup+0x10/0x10 [ 252.174086][T11280] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 252.174107][T11280] rtnl_create_link+0x31f/0xd10 [ 252.174139][T11280] rtnl_newlink_create+0x25c/0xb00 [ 252.174165][T11280] ? __mutex_lock+0x5bb/0x1350 [ 252.174188][T11280] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 252.174300][T11280] ? __pfx___mutex_lock+0x10/0x10 [ 252.174334][T11280] ? ns_capable+0x8a/0xf0 [ 252.174356][T11280] rtnl_newlink+0x16e4/0x1c80 [ 252.174393][T11280] ? __pfx_rtnl_newlink+0x10/0x10 [ 252.174417][T11280] ? __pfx___schedule+0x10/0x10 [ 252.174451][T11280] ? preempt_schedule+0xae/0xc0 [ 252.174466][T11280] ? __dev_queue_xmit+0x27b/0x3b50 [ 252.174492][T11280] ? preempt_schedule_common+0x83/0xd0 [ 252.174509][T11280] ? preempt_schedule+0xae/0xc0 [ 252.174525][T11280] ? __pfx_preempt_schedule+0x10/0x10 [ 252.174543][T11280] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 252.174575][T11280] ? preempt_schedule_thunk+0x16/0x30 [ 252.174607][T11280] ? __local_bh_enable_ip+0x13e/0x1c0 [ 252.174624][T11280] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 252.174644][T11280] ? __dev_queue_xmit+0x27b/0x3b50 [ 252.174669][T11280] ? __dev_queue_xmit+0x27b/0x3b50 [ 252.174693][T11280] ? __dev_queue_xmit+0x27b/0x3b50 [ 252.174789][T11280] ? __dev_queue_xmit+0x1d79/0x3b50 [ 252.174822][T11280] ? __lock_acquire+0xab9/0xd20 [ 252.174870][T11280] ? __pfx_rtnl_newlink+0x10/0x10 [ 252.174889][T11280] rtnetlink_rcv_msg+0x7cf/0xb70 [ 252.174913][T11280] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 252.174931][T11280] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 252.174956][T11280] ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10 [ 252.174989][T11280] netlink_rcv_skb+0x208/0x470 [ 252.175007][T11280] ? rcu_is_watching+0x15/0xb0 [ 252.175024][T11280] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 252.175045][T11280] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 252.175074][T11280] ? netlink_deliver_tap+0x2e/0x1b0 [ 252.175101][T11280] netlink_unicast+0x82f/0x9e0 [ 252.175126][T11280] ? __pfx_netlink_unicast+0x10/0x10 [ 252.175146][T11280] ? netlink_sendmsg+0x642/0xb30 [ 252.175164][T11280] ? skb_put+0x11b/0x210 [ 252.175206][T11280] netlink_sendmsg+0x805/0xb30 [ 252.175235][T11280] ? __pfx_netlink_sendmsg+0x10/0x10 [ 252.175258][T11280] ? aa_sock_msg_perm+0xf1/0x1d0 [ 252.175278][T11280] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 252.175296][T11280] ? __pfx_netlink_sendmsg+0x10/0x10 [ 252.175318][T11280] __sock_sendmsg+0x21c/0x270 [ 252.175338][T11280] ____sys_sendmsg+0x505/0x830 [ 252.175366][T11280] ? __pfx_____sys_sendmsg+0x10/0x10 [ 252.175397][T11280] ? import_iovec+0x74/0xa0 [ 252.175424][T11280] ___sys_sendmsg+0x21f/0x2a0 [ 252.175450][T11280] ? __pfx____sys_sendmsg+0x10/0x10 [ 252.175505][T11280] ? __fget_files+0x2a/0x420 [ 252.175520][T11280] ? __fget_files+0x3a0/0x420 [ 252.175545][T11280] __x64_sys_sendmsg+0x19b/0x260 [ 252.175570][T11280] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 252.175611][T11280] ? do_syscall_64+0xbe/0x3b0 [ 252.175634][T11280] do_syscall_64+0xfa/0x3b0 [ 252.175654][T11280] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.175670][T11280] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 252.175687][T11280] ? clear_bhb_loop+0x60/0xb0 [ 252.175707][T11280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.175724][T11280] RIP: 0033:0x7f971618ec29 [ 252.175740][T11280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.175755][T11280] RSP: 002b:00007f9716fb0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 252.175773][T11280] RAX: ffffffffffffffda RBX: 00007f97163d6090 RCX: 00007f971618ec29 [ 252.175786][T11280] RDX: 0000000000000040 RSI: 0000200000000080 RDI: 0000000000000003 [ 252.175797][T11280] RBP: 00007f9716fb0090 R08: 0000000000000000 R09: 0000000000000000 [ 252.175807][T11280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 252.175817][T11280] R13: 00007f97163d6128 R14: 00007f97163d6090 R15: 00007ffc9b25c7e8 [ 252.175845][T11280] [ 252.862576][T11294] FAULT_INJECTION: forcing a failure. [ 252.862576][T11294] name failslab, interval 1, probability 0, space 0, times 0 [ 252.877541][T11294] CPU: 0 UID: 0 PID: 11294 Comm: syz.2.1628 Not tainted syzkaller #0 PREEMPT(full) [ 252.877570][T11294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 252.877583][T11294] Call Trace: [ 252.877593][T11294] [ 252.877601][T11294] dump_stack_lvl+0x189/0x250 [ 252.877632][T11294] ? __pfx____ratelimit+0x10/0x10 [ 252.877655][T11294] ? __pfx_dump_stack_lvl+0x10/0x10 [ 252.877679][T11294] ? __pfx__printk+0x10/0x10 [ 252.877711][T11294] ? __pfx___might_resched+0x10/0x10 [ 252.877731][T11294] ? fs_reclaim_acquire+0x7d/0x100 [ 252.877756][T11294] should_fail_ex+0x414/0x560 [ 252.877793][T11294] should_failslab+0xa8/0x100 [ 252.877822][T11294] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 252.877852][T11294] ? __kernfs_new_node+0x9c/0x7e0 [ 252.877876][T11294] ? is_bpf_text_address+0x292/0x2b0 [ 252.877912][T11294] kstrdup+0x42/0x100 [ 252.877936][T11294] __kernfs_new_node+0x9c/0x7e0 [ 252.877961][T11294] ? __lock_acquire+0xab9/0xd20 [ 252.877999][T11294] ? __pfx___kernfs_new_node+0x10/0x10 [ 252.878026][T11294] ? kernfs_root+0x1c/0x230 [ 252.878056][T11294] ? kernfs_root+0x1c/0x230 [ 252.878078][T11294] ? kernfs_root+0x1c/0x230 [ 252.878097][T11294] ? kernfs_root+0x1c/0x230 [ 252.878134][T11294] kernfs_new_node+0x102/0x210 [ 252.878165][T11294] kernfs_create_dir_ns+0x44/0x130 [ 252.878196][T11294] sysfs_create_dir_ns+0x123/0x280 [ 252.878224][T11294] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 252.878249][T11294] ? do_raw_spin_unlock+0x122/0x240 [ 252.878281][T11294] kobject_add_internal+0x59f/0xb40 [ 252.878317][T11294] kobject_add+0x155/0x220 [ 252.878349][T11294] ? __pfx_kobject_add+0x10/0x10 [ 252.878380][T11294] ? get_device_parent+0x366/0x3a0 [ 252.878410][T11294] device_add+0x408/0xb50 [ 252.878433][T11294] ? device_initialize+0x24b/0x440 [ 252.878460][T11294] netdev_register_kobject+0x178/0x310 [ 252.878497][T11294] register_netdevice+0x126c/0x1ae0 [ 252.878548][T11294] ? __pfx_register_netdevice+0x10/0x10 [ 252.878599][T11294] macvlan_common_newlink+0x120a/0x1980 [ 252.878627][T11294] ? alloc_netdev_mqs+0xc7c/0x11b0 [ 252.878670][T11294] ? __pfx_macvlan_common_newlink+0x10/0x10 [ 252.878704][T11294] ? __pfx_macvlan_newlink+0x10/0x10 [ 252.878737][T11294] rtnl_newlink_create+0x310/0xb00 [ 252.878771][T11294] ? __lock_acquire+0xab9/0xd20 [ 252.878807][T11294] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 252.878838][T11294] ? __pfx___mutex_lock+0x10/0x10 [ 252.878874][T11294] ? ns_capable+0x8a/0xf0 [ 252.878899][T11294] rtnl_newlink+0x16e4/0x1c80 [ 252.878943][T11294] ? __pfx_rtnl_newlink+0x10/0x10 [ 252.878981][T11294] ? is_bpf_text_address+0x26/0x2b0 [ 252.879020][T11294] ? __lock_acquire+0xab9/0xd20 [ 252.879065][T11294] ? __lock_acquire+0xab9/0xd20 [ 252.879127][T11294] ? is_bpf_text_address+0x26/0x2b0 [ 252.879164][T11294] ? is_bpf_text_address+0x292/0x2b0 [ 252.879193][T11294] ? is_bpf_text_address+0x26/0x2b0 [ 252.879233][T11294] ? __lock_acquire+0xab9/0xd20 [ 252.879294][T11294] ? __pfx_rtnl_newlink+0x10/0x10 [ 252.879316][T11294] rtnetlink_rcv_msg+0x7cf/0xb70 [ 252.879339][T11294] ? __lock_acquire+0xab9/0xd20 [ 252.879372][T11294] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 252.879395][T11294] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 252.879440][T11294] netlink_rcv_skb+0x208/0x470 [ 252.879462][T11294] ? __lock_acquire+0xab9/0xd20 [ 252.879491][T11294] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 252.879516][T11294] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 252.879554][T11294] ? netlink_deliver_tap+0x2e/0x1b0 [ 252.879588][T11294] netlink_unicast+0x82f/0x9e0 [ 252.879621][T11294] ? __pfx_netlink_unicast+0x10/0x10 [ 252.879645][T11294] ? netlink_sendmsg+0x642/0xb30 [ 252.879668][T11294] ? skb_put+0x11b/0x210 [ 252.879698][T11294] netlink_sendmsg+0x805/0xb30 [ 252.879734][T11294] ? __pfx_netlink_sendmsg+0x10/0x10 [ 252.879764][T11294] ? aa_sock_msg_perm+0xf1/0x1d0 [ 252.879787][T11294] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 252.879810][T11294] ? __pfx_netlink_sendmsg+0x10/0x10 [ 252.879836][T11294] __sock_sendmsg+0x21c/0x270 [ 252.879860][T11294] ____sys_sendmsg+0x505/0x830 [ 252.879896][T11294] ? __pfx_____sys_sendmsg+0x10/0x10 [ 252.879935][T11294] ? import_iovec+0x74/0xa0 [ 252.879968][T11294] ___sys_sendmsg+0x21f/0x2a0 [ 252.879998][T11294] ? __pfx____sys_sendmsg+0x10/0x10 [ 252.880071][T11294] ? __fget_files+0x2a/0x420 [ 252.880089][T11294] ? __fget_files+0x3a0/0x420 [ 252.880128][T11294] __x64_sys_sendmsg+0x19b/0x260 [ 252.880161][T11294] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 252.880201][T11294] ? __pfx_ksys_write+0x10/0x10 [ 252.880226][T11294] ? rcu_is_watching+0x15/0xb0 [ 252.880253][T11294] ? do_syscall_64+0xbe/0x3b0 [ 252.880281][T11294] do_syscall_64+0xfa/0x3b0 [ 252.880302][T11294] ? lockdep_hardirqs_on+0x9c/0x150 [ 252.880323][T11294] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.880344][T11294] ? clear_bhb_loop+0x60/0xb0 [ 252.880369][T11294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.880389][T11294] RIP: 0033:0x7f567c18ec29 [ 252.880409][T11294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.880426][T11294] RSP: 002b:00007f567cf67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 252.880449][T11294] RAX: ffffffffffffffda RBX: 00007f567c3d5fa0 RCX: 00007f567c18ec29 [ 252.880464][T11294] RDX: 0000000004000840 RSI: 0000200000000080 RDI: 000000000000000c [ 252.880478][T11294] RBP: 00007f567cf67090 R08: 0000000000000000 R09: 0000000000000000 [ 252.880491][T11294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 252.880503][T11294] R13: 00007f567c3d6038 R14: 00007f567c3d5fa0 R15: 00007ffdd9a742f8 [ 252.880539][T11294] [ 252.880621][T11294] kobject: kobject_add_internal failed for macvlan5 (error: -12 parent: net) [ 253.925948][T11324] netlink: 1 bytes leftover after parsing attributes in process `syz.2.1642'. [ 254.083887][T11342] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1641'. [ 254.102276][T11342] ..0·: renamed from hsr0 [ 254.197323][T11342] ..0·: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 254.252460][T11342] ..0·: entered allmulticast mode [ 254.278528][T11342] hsr_slave_0: entered allmulticast mode [ 254.343510][T11342] A link change request failed with some changes committed already. Interface ..0· may have been left with an inconsistent configuration, please check. [ 255.187268][T11382] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1653'. [ 255.240257][T11382] erspan0: entered promiscuous mode [ 255.249665][T11382] erspan0: left promiscuous mode [ 255.361116][T11389] netlink: 124 bytes leftover after parsing attributes in process `syz.1.1655'. [ 255.439177][T11392] netlink: 'syz.0.1657': attribute type 3 has an invalid length. [ 255.778755][T11413] FAULT_INJECTION: forcing a failure. [ 255.778755][T11413] name failslab, interval 1, probability 0, space 0, times 0 [ 255.805872][T11413] CPU: 1 UID: 0 PID: 11413 Comm: syz.1.1667 Not tainted syzkaller #0 PREEMPT(full) [ 255.805902][T11413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 255.805916][T11413] Call Trace: [ 255.805924][T11413] [ 255.805933][T11413] dump_stack_lvl+0x189/0x250 [ 255.805964][T11413] ? __pfx____ratelimit+0x10/0x10 [ 255.805987][T11413] ? __pfx_dump_stack_lvl+0x10/0x10 [ 255.806011][T11413] ? __pfx__printk+0x10/0x10 [ 255.806047][T11413] ? __pfx___might_resched+0x10/0x10 [ 255.806072][T11413] should_fail_ex+0x414/0x560 [ 255.806106][T11413] ? vmemdup_user+0x26/0xd0 [ 255.806135][T11413] should_failslab+0xa8/0x100 [ 255.806185][T11413] __kvmalloc_node_noprof+0x161/0x5f0 [ 255.806214][T11413] ? vmemdup_user+0x26/0xd0 [ 255.806242][T11413] vmemdup_user+0x26/0xd0 [ 255.806264][T11413] map_get_next_key+0x1be/0x5f0 [ 255.806293][T11413] ? bpf_lsm_bpf+0x9/0x20 [ 255.806318][T11413] ? security_bpf+0x7e/0x300 [ 255.806350][T11413] __sys_bpf+0x65e/0x870 [ 255.806380][T11413] ? __pfx___sys_bpf+0x10/0x10 [ 255.806421][T11413] ? ksys_write+0x22a/0x250 [ 255.806451][T11413] ? __pfx_ksys_write+0x10/0x10 [ 255.806476][T11413] ? rcu_is_watching+0x15/0xb0 [ 255.806504][T11413] __x64_sys_bpf+0x7c/0x90 [ 255.806529][T11413] do_syscall_64+0xfa/0x3b0 [ 255.806551][T11413] ? lockdep_hardirqs_on+0x9c/0x150 [ 255.806571][T11413] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.806591][T11413] ? clear_bhb_loop+0x60/0xb0 [ 255.806616][T11413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.806635][T11413] RIP: 0033:0x7fb56598ec29 [ 255.806654][T11413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.806672][T11413] RSP: 002b:00007fb56680e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 255.806693][T11413] RAX: ffffffffffffffda RBX: 00007fb565bd5fa0 RCX: 00007fb56598ec29 [ 255.806708][T11413] RDX: 0000000000000020 RSI: 00002000000002c0 RDI: 0000000000000004 [ 255.806722][T11413] RBP: 00007fb56680e090 R08: 0000000000000000 R09: 0000000000000000 [ 255.806734][T11413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 255.806746][T11413] R13: 00007fb565bd6038 R14: 00007fb565bd5fa0 R15: 00007ffcad7b5dd8 [ 255.806781][T11413] [ 256.050178][T11415] tipc: Enabling of bearer rejected, already enabled [ 257.015809][T11456] !: renamed from dummy0 (while UP) [ 257.624101][T11478] veth3: entered promiscuous mode [ 257.835456][T11492] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1691'. [ 257.990679][T11494] IPv6: NLM_F_CREATE should be specified when creating new route [ 258.098231][ T31] audit: type=1800 audit(1758345768.786:4): pid=11500 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1695" name=CB dev="tmpfs" ino=1802 res=0 errno=0 [ 258.101563][T11498] netlink: 124 bytes leftover after parsing attributes in process `syz.1.1694'. [ 258.313506][T11511] netlink: 'syz.1.1700': attribute type 10 has an invalid length. [ 258.330396][T11511] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 258.344849][T11511] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1700'. [ 258.355437][T11511] bridge_slave_1: left allmulticast mode [ 258.361780][T11511] bridge_slave_1: left promiscuous mode [ 258.367781][T11511] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.378309][T11511] bridge_slave_0: left allmulticast mode [ 258.384163][T11511] bridge_slave_0: left promiscuous mode [ 258.391489][T11511] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.448721][T11511] bond0: (slave bridge0): Releasing backup interface [ 258.499835][T11518] netlink: 'syz.3.1703': attribute type 12 has an invalid length. [ 258.507866][T11518] netlink: 9472 bytes leftover after parsing attributes in process `syz.3.1703'. [ 261.493733][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.935073][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.374329][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 417.011519][ T32] INFO: task kworker/1:3:5925 blocked for more than 143 seconds. [ 417.019362][ T32] Not tainted syzkaller #0 [ 417.024394][ T32] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 417.033214][ T32] task:kworker/1:3 state:D stack:23016 pid:5925 tgid:5925 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 417.045430][ T32] Workqueue: events rfkill_sync_work [ 417.050824][ T32] Call Trace: [ 417.054153][ T32] [ 417.057114][ T32] __schedule+0x1798/0x4cc0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 417.061785][ T32] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 417.067709][ T32] ? __pfx___schedule+0x10/0x10 [ 417.073026][ T32] ? schedule+0x91/0x360 [ 417.077987][ T32] schedule+0x165/0x360 [ 417.082835][ T32] schedule_preempt_disabled+0x13/0x30 [ 417.088356][ T32] __mutex_lock+0x7e6/0x1350 [ 417.093532][ T32] ? __mutex_lock+0x5bb/0x1350 [ 417.098606][ T32] ? nfc_rfkill_set_block+0x50/0x2e0 [ 417.130939][ T32] ? __pfx___mutex_lock+0x10/0x10 [ 417.136060][ T32] ? lockdep_hardirqs_on+0x9c/0x150 [ 417.160290][ T32] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 417.167939][ T32] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 417.175170][ T32] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 417.181688][ T32] nfc_rfkill_set_block+0x50/0x2e0 [ 417.186862][ T32] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 417.193242][ T32] rfkill_set_block+0x1cf/0x440 [ 417.198660][ T32] rfkill_sync_work+0x114/0x200 [ 417.203847][ T32] ? process_scheduled_works+0x9ef/0x17b0 [ 417.209623][ T32] process_scheduled_works+0xae1/0x17b0 [ 417.215268][ T32] ? __pfx_process_scheduled_works+0x10/0x10 [ 417.221372][ T32] worker_thread+0x8a0/0xda0 [ 417.226008][ T32] kthread+0x70e/0x8a0 [ 417.230085][ T32] ? __pfx_worker_thread+0x10/0x10 [ 417.235382][ T32] ? __pfx_kthread+0x10/0x10 [ 417.240024][ T32] ? _raw_spin_unlock_irq+0x23/0x50 [ 417.245360][ T32] ? lockdep_hardirqs_on+0x9c/0x150 [ 417.250592][ T32] ? __pfx_kthread+0x10/0x10 [ 417.255432][ T32] ret_from_fork+0x439/0x7d0 [ 417.260083][ T32] ? __pfx_ret_from_fork+0x10/0x10 [ 417.265310][ T32] ? __switch_to_asm+0x39/0x70 [ 417.270111][ T32] ? __switch_to_asm+0x33/0x70 [ 417.274945][ T32] ? __pfx_kthread+0x10/0x10 [ 417.279574][ T32] ret_from_fork_asm+0x1a/0x30 [ 417.284504][ T32] [ 417.287572][ T32] INFO: task kworker/1:5:5981 blocked for more than 143 seconds. [ 417.295448][ T32] Not tainted syzkaller #0 [ 417.300416][ T32] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 417.309227][ T32] task:kworker/1:5 state:D stack:23208 pid:5981 tgid:5981 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 417.321429][ T32] Workqueue: events rfkill_global_led_trigger_worker [ 417.328183][ T32] Call Trace: [ 417.331648][ T32] [ 417.334609][ T32] __schedule+0x1798/0x4cc0 [ 417.339135][ T32] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 417.345666][ T32] ? __pfx___schedule+0x10/0x10 [ 417.350665][ T32] ? schedule+0x91/0x360 [ 417.355040][ T32] schedule+0x165/0x360 [ 417.359236][ T32] schedule_preempt_disabled+0x13/0x30 [ 417.364790][ T32] __mutex_lock+0x7e6/0x1350 [ 417.369418][ T32] ? __mutex_lock+0x5bb/0x1350 [ 417.374251][ T32] ? rfkill_global_led_trigger_worker+0x27/0xd0 [ 417.380545][ T32] ? __pfx___mutex_lock+0x10/0x10 [ 417.385740][ T32] ? process_scheduled_works+0x9ef/0x17b0 [ 417.391555][ T32] ? process_scheduled_works+0x9ef/0x17b0 [ 417.397312][ T32] rfkill_global_led_trigger_worker+0x27/0xd0 [ 417.403480][ T32] ? process_scheduled_works+0x9ef/0x17b0 [ 417.409240][ T32] process_scheduled_works+0xae1/0x17b0 [ 417.415024][ T32] ? __pfx_process_scheduled_works+0x10/0x10 [ 417.421154][ T32] worker_thread+0x8a0/0xda0 [ 417.425797][ T32] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 417.432242][ T32] ? __kthread_parkme+0x7b/0x200 [ 417.437351][ T32] kthread+0x70e/0x8a0 [ 417.441575][ T32] ? __pfx_worker_thread+0x10/0x10 [ 417.446746][ T32] ? __pfx_kthread+0x10/0x10 [ 417.451437][ T32] ? _raw_spin_unlock_irq+0x23/0x50 [ 417.456750][ T32] ? lockdep_hardirqs_on+0x9c/0x150 [ 417.462244][ T32] ? __pfx_kthread+0x10/0x10 [ 417.466912][ T32] ret_from_fork+0x439/0x7d0 [ 417.471704][ T32] ? __pfx_ret_from_fork+0x10/0x10 [ 417.476861][ T32] ? __switch_to_asm+0x39/0x70 [ 417.481727][ T32] ? __switch_to_asm+0x33/0x70 [ 417.486522][ T32] ? __pfx_kthread+0x10/0x10 [ 417.491235][ T32] ret_from_fork_asm+0x1a/0x30 [ 417.496050][ T32] [ 417.499131][ T32] INFO: task syz.4.1638:11315 blocked for more than 143 seconds. [ 417.506963][ T32] Not tainted syzkaller #0 [ 417.511989][ T32] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 417.520687][ T32] task:syz.4.1638 state:D stack:24104 pid:11315 tgid:11315 ppid:5862 task_flags:0x400040 flags:0x00004004 [ 417.532824][ T32] Call Trace: [ 417.536116][ T32] [ 417.539076][ T32] __schedule+0x1798/0x4cc0 [ 417.543708][ T32] ? kernel_text_address+0xa5/0xe0 [ 417.548866][ T32] ? __kernel_text_address+0xd/0x40 [ 417.554136][ T32] ? unwind_get_return_address+0x4d/0x90 [ 417.559818][ T32] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 417.566128][ T32] ? __lock_acquire+0xab9/0xd20 [ 417.571097][ T32] ? __pfx___schedule+0x10/0x10 [ 417.576101][ T32] ? schedule+0x91/0x360 [ 417.580386][ T32] schedule+0x165/0x360 [ 417.584783][ T32] schedule_timeout+0x9a/0x270 [ 417.589593][ T32] ? __pfx_schedule_timeout+0x10/0x10 [ 417.595110][ T32] ? _raw_spin_unlock_irq+0x23/0x50 [ 417.600375][ T32] ? lockdep_hardirqs_on+0x9c/0x150 [ 417.605738][ T32] ? wait_for_completion+0x267/0x5d0 [ 417.611133][ T32] wait_for_completion+0x2bf/0x5d0 [ 417.616307][ T32] ? __pfx_wait_for_completion+0x10/0x10 [ 417.622046][ T32] ? __flush_work+0xd2/0xbc0 [ 417.626667][ T32] ? __flush_work+0xd2/0xbc0 [ 417.631369][ T32] __flush_work+0x9b9/0xbc0 [ 417.635923][ T32] ? __flush_work+0xd2/0xbc0 [ 417.640558][ T32] ? __pfx___flush_work+0x10/0x10 [ 417.645683][ T32] ? __pfx_wq_barrier_func+0x10/0x10 [ 417.651086][ T32] ? __pfx___cancel_work+0x10/0x10 [ 417.656236][ T32] ? nfc_genl_device_removed+0x23c/0x330 [ 417.661971][ T32] __cancel_work_sync+0xbe/0x110 [ 417.667073][ T32] rfkill_unregister+0x92/0x220 [ 417.672014][ T32] nfc_unregister_device+0x96/0x2a0 [ 417.677251][ T32] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 417.683075][ T32] virtual_ncidev_close+0x56/0x90 [ 417.690948][ T32] __fput+0x44c/0xa70 [ 417.695283][ T32] task_work_run+0x1d1/0x260 [ 417.700070][ T32] ? __pfx_task_work_run+0x10/0x10 [ 417.705496][ T32] ? exit_to_user_mode_loop+0x40/0x110 [ 417.711076][ T32] exit_to_user_mode_loop+0xec/0x110 [ 417.716409][ T32] do_syscall_64+0x2bd/0x3b0 [ 417.721100][ T32] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.727286][ T32] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 417.733522][ T32] ? clear_bhb_loop+0x60/0xb0 [ 417.738243][ T32] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.744256][ T32] RIP: 0033:0x7fb66258ec29 [ 417.748713][ T32] RSP: 002b:00007ffd9c95b868 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 417.757329][ T32] RAX: 0000000000000000 RBX: 00007fb6627d7da0 RCX: 00007fb66258ec29 [ 417.765484][ T32] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 417.773539][ T32] RBP: 00007fb6627d7da0 R08: 0000000000000cc0 R09: 0000001d9c95bb5f [ 417.781592][ T32] R10: 00007fb6627d7cb0 R11: 0000000000000246 R12: 000000000003e21f [ 417.789587][ T32] R13: 00007fb6627d6450 R14: ffffffffffffffff R15: 00007ffd9c95b980 [ 417.797782][ T32] [ 417.800920][ T32] INFO: task syz.2.1669:11419 blocked for more than 144 seconds. [ 417.808685][ T32] Not tainted syzkaller #0 [ 417.821120][ T32] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 417.829872][ T32] task:syz.2.1669 state:D stack:25640 pid:11419 tgid:11418 ppid:5871 task_flags:0x400140 flags:0x00004004 [ 417.842162][ T32] Call Trace: [ 417.845628][ T32] [ 417.848679][ T32] __schedule+0x1798/0x4cc0 [ 417.853442][ T32] ? __lock_acquire+0xab9/0xd20 [ 417.858344][ T32] ? __lock_acquire+0xab9/0xd20 [ 417.863349][ T32] ? __pfx___schedule+0x10/0x10 [ 417.868248][ T32] ? schedule+0x91/0x360 [ 417.872598][ T32] schedule+0x165/0x360 [ 417.876781][ T32] schedule_preempt_disabled+0x13/0x30 [ 417.882520][ T32] __mutex_lock+0x7e6/0x1350 [ 417.887150][ T32] ? __mutex_lock+0x5bb/0x1350 [ 417.891970][ T32] ? rfkill_register+0x37/0x8e0 [ 417.896858][ T32] ? __pfx___mutex_lock+0x10/0x10 [ 417.902033][ T32] ? __init_waitqueue_head+0xa9/0x150 [ 417.907456][ T32] ? device_initialize+0x24b/0x440 [ 417.912974][ T32] rfkill_register+0x37/0x8e0 [ 417.917710][ T32] nfc_register_device+0x14a/0x320 [ 417.922989][ T32] nci_register_device+0x87f/0x9d0 [ 417.928190][ T32] ? __pfx_nci_register_device+0x10/0x10 [ 417.933906][ T32] ? __raw_spin_lock_init+0x45/0x100 [ 417.939222][ T32] ? __init_waitqueue_head+0xa9/0x150 [ 417.944712][ T32] virtual_ncidev_open+0x129/0x1a0 [ 417.949868][ T32] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 417.955833][ T32] misc_open+0x2b9/0x330 [ 417.960129][ T32] chrdev_open+0x4c9/0x5e0 [ 417.964713][ T32] ? __pfx_chrdev_open+0x10/0x10 [ 417.969706][ T32] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 417.976160][ T32] ? __pfx_chrdev_open+0x10/0x10 [ 417.981178][ T32] do_dentry_open+0x950/0x13f0 [ 417.986003][ T32] vfs_open+0x3b/0x340 [ 417.990075][ T32] ? path_openat+0x2ecd/0x3830 [ 417.994980][ T32] path_openat+0x2ee5/0x3830 [ 417.999609][ T32] ? arch_stack_walk+0xfc/0x150 [ 418.004586][ T32] ? stack_depot_save_flags+0x40/0x860 [ 418.010098][ T32] ? __pfx_path_openat+0x10/0x10 [ 418.015156][ T32] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.021439][ T32] do_filp_open+0x1fa/0x410 [ 418.025977][ T32] ? __lock_acquire+0xab9/0xd20 [ 418.031111][ T32] ? __pfx_do_filp_open+0x10/0x10 [ 418.036378][ T32] ? _raw_spin_unlock+0x28/0x50 [ 418.041342][ T32] ? alloc_fd+0x64c/0x6c0 [ 418.045724][ T32] do_sys_openat2+0x121/0x1c0 [ 418.050411][ T32] ? __se_sys_futex+0x36f/0x400 [ 418.056792][ T32] ? __pfx_do_sys_openat2+0x10/0x10 [ 418.062262][ T32] ? rcu_is_watching+0x15/0xb0 [ 418.067070][ T32] __x64_sys_openat+0x138/0x170 [ 418.072057][ T32] do_syscall_64+0xfa/0x3b0 [ 418.076589][ T32] ? lockdep_hardirqs_on+0x9c/0x150 [ 418.081984][ T32] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.088083][ T32] ? clear_bhb_loop+0x60/0xb0 [ 418.092820][ T32] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.098737][ T32] RIP: 0033:0x7f567c18ec29 [ 418.103285][ T32] RSP: 002b:00007f567cf67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 418.111784][ T32] RAX: ffffffffffffffda RBX: 00007f567c3d5fa0 RCX: 00007f567c18ec29 [ 418.119781][ T32] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 418.127854][ T32] RBP: 00007f567c211e41 R08: 0000000000000000 R09: 0000000000000000 [ 418.136034][ T32] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 418.144116][ T32] R13: 00007f567c3d6038 R14: 00007f567c3d5fa0 R15: 00007ffdd9a742f8 [ 418.152173][ T32] [ 418.155255][ T32] INFO: task syz.0.1696:11502 blocked for more than 144 seconds. [ 418.164514][ T32] Not tainted syzkaller #0 [ 418.169491][ T32] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 418.178474][ T32] task:syz.0.1696 state:D stack:26504 pid:11502 tgid:11501 ppid:5864 task_flags:0x400140 flags:0x00004004 [ 418.190503][ T32] Call Trace: [ 418.193869][ T32] [ 418.196840][ T32] __schedule+0x1798/0x4cc0 [ 418.201497][ T32] ? kasan_save_free_info+0x46/0x50 [ 418.206768][ T32] ? __lock_acquire+0xab9/0xd20 [ 418.211736][ T32] ? __lock_acquire+0xab9/0xd20 [ 418.216630][ T32] ? __pfx___schedule+0x10/0x10 [ 418.221548][ T32] ? schedule+0x91/0x360 [ 418.225818][ T32] schedule+0x165/0x360 [ 418.229985][ T32] schedule_preempt_disabled+0x13/0x30 [ 418.235514][ T32] __mutex_lock+0x7e6/0x1350 [ 418.240141][ T32] ? __mutex_lock+0x5bb/0x1350 [ 418.245093][ T32] ? misc_open+0x51/0x330 [ 418.249598][ T32] ? __pfx___mutex_lock+0x10/0x10 [ 418.254730][ T32] misc_open+0x51/0x330 [ 418.258929][ T32] chrdev_open+0x4c9/0x5e0 [ 418.263400][ T32] ? __pfx_chrdev_open+0x10/0x10 [ 418.268380][ T32] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 418.274893][ T32] ? __pfx_chrdev_open+0x10/0x10 [ 418.279889][ T32] do_dentry_open+0x950/0x13f0 [ 418.285016][ T32] vfs_open+0x3b/0x340 [ 418.289120][ T32] ? path_openat+0x2ecd/0x3830 [ 418.294646][ T32] path_openat+0x2ee5/0x3830 [ 418.299421][ T32] ? arch_stack_walk+0xfc/0x150 [ 418.304393][ T32] ? stack_depot_save_flags+0x40/0x860 [ 418.309907][ T32] ? __pfx_path_openat+0x10/0x10 [ 418.315121][ T32] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.321331][ T32] do_filp_open+0x1fa/0x410 [ 418.325903][ T32] ? __lock_acquire+0xab9/0xd20 [ 418.330874][ T32] ? __pfx_do_filp_open+0x10/0x10 [ 418.335967][ T32] ? _raw_spin_unlock+0x28/0x50 [ 418.340916][ T32] ? alloc_fd+0x64c/0x6c0 [ 418.345396][ T32] do_sys_openat2+0x121/0x1c0 [ 418.350102][ T32] ? __se_sys_futex+0x36f/0x400 [ 418.355061][ T32] ? __pfx_do_sys_openat2+0x10/0x10 [ 418.360305][ T32] ? rcu_is_watching+0x15/0xb0 [ 418.365199][ T32] __x64_sys_openat+0x138/0x170 [ 418.370093][ T32] do_syscall_64+0xfa/0x3b0 [ 418.375049][ T32] ? lockdep_hardirqs_on+0x9c/0x150 [ 418.380310][ T32] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.386637][ T32] ? clear_bhb_loop+0x60/0xb0 [ 418.391450][ T32] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.397407][ T32] RIP: 0033:0x7f971618ec29 [ 418.402084][ T32] RSP: 002b:00007f9716fd1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 418.410566][ T32] RAX: ffffffffffffffda RBX: 00007f97163d5fa0 RCX: 00007f971618ec29 [ 418.418884][ T32] RDX: 0000000000040201 RSI: 0000200000000340 RDI: ffffffffffffff9c [ 418.426991][ T32] RBP: 00007f9716211e41 R08: 0000000000000000 R09: 0000000000000000 [ 418.435234][ T32] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 418.443355][ T32] R13: 00007f97163d6038 R14: 00007f97163d5fa0 R15: 00007ffc9b25c7e8 [ 418.451494][ T32] [ 418.454568][ T32] INFO: task syz.3.1703:11518 blocked for more than 144 seconds. [ 418.462959][ T32] Not tainted syzkaller #0 [ 418.467909][ T32] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 418.476632][ T32] task:syz.3.1703 state:D stack:24648 pid:11518 tgid:11517 ppid:5863 task_flags:0x400140 flags:0x00004004 [ 418.488631][ T32] Call Trace: [ 418.491977][ T32] [ 418.494954][ T32] __schedule+0x1798/0x4cc0 [ 418.499493][ T32] ? __lock_acquire+0xab9/0xd20 [ 418.504439][ T32] ? __lock_acquire+0xab9/0xd20 [ 418.509331][ T32] ? __pfx___schedule+0x10/0x10 [ 418.514272][ T32] ? schedule+0x91/0x360 [ 418.518571][ T32] schedule+0x165/0x360 [ 418.522846][ T32] schedule_preempt_disabled+0x13/0x30 [ 418.528343][ T32] __mutex_lock+0x7e6/0x1350 [ 418.533186][ T32] ? __mutex_lock+0x5bb/0x1350 [ 418.537993][ T32] ? rfkill_register+0x37/0x8e0 [ 418.543135][ T32] ? __pfx___mutex_lock+0x10/0x10 [ 418.548198][ T32] ? netdev_run_todo+0xe1d/0xea0 [ 418.553242][ T32] ? nl80211_common_reg_change_event+0x55d/0x6b0 [ 418.559640][ T32] ? __pfx_netdev_run_todo+0x10/0x10 [ 418.565059][ T32] ? __queue_delayed_work+0x212/0x2d0 [ 418.570465][ T32] rfkill_register+0x37/0x8e0 [ 418.575269][ T32] wiphy_register+0x2231/0x2aa0 [ 418.580176][ T32] ? __pfx_wiphy_register+0x10/0x10 [ 418.585507][ T32] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 418.591694][ T32] ieee80211_register_hw+0x3442/0x40a0 [ 418.597228][ T32] ? ieee80211_register_hw+0x13b1/0x40a0 [ 418.603087][ T32] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 418.608945][ T32] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 418.615374][ T32] ? __hrtimer_setup+0x187/0x210 [ 418.620523][ T32] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 418.626470][ T32] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 418.632683][ T32] ? __pfx__printk+0x10/0x10 [ 418.637361][ T32] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 418.643515][ T32] ? __nla_validate_parse+0x251c/0x2d40 [ 418.649093][ T32] ? __sock_sendmsg+0x21c/0x270 [ 418.654029][ T32] ? ____sys_sendmsg+0x505/0x830 [ 418.659040][ T32] hwsim_new_radio_nl+0xea4/0x1b10 [ 418.664343][ T32] ? __pfx___nla_validate_parse+0x10/0x10 [ 418.670124][ T32] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 418.675768][ T32] ? __nla_parse+0x40/0x60 [ 418.680216][ T32] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 418.686686][ T32] genl_family_rcv_msg_doit+0x215/0x300 [ 418.692331][ T32] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 418.698446][ T32] ? bpf_lsm_capable+0x9/0x20 [ 418.703237][ T32] ? security_capable+0x7e/0x2e0 [ 418.708216][ T32] genl_rcv_msg+0x60e/0x790 [ 418.712986][ T32] ? __pfx_genl_rcv_msg+0x10/0x10 [ 418.718044][ T32] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 418.723802][ T32] netlink_rcv_skb+0x208/0x470 [ 418.728604][ T32] ? __lock_acquire+0xab9/0xd20 [ 418.734090][ T32] ? __pfx_genl_rcv_msg+0x10/0x10 [ 418.739253][ T32] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 418.744682][ T32] ? down_read+0x1ad/0x2e0 [ 418.749331][ T32] genl_rcv+0x28/0x40 [ 418.753409][ T32] netlink_unicast+0x82f/0x9e0 [ 418.758230][ T32] ? __pfx_netlink_unicast+0x10/0x10 [ 418.763615][ T32] ? netlink_sendmsg+0x642/0xb30 [ 418.768621][ T32] ? skb_put+0x11b/0x210 [ 418.772977][ T32] netlink_sendmsg+0x805/0xb30 [ 418.777822][ T32] ? __pfx_netlink_sendmsg+0x10/0x10 [ 418.783309][ T32] ? aa_sock_msg_perm+0xf1/0x1d0 [ 418.788335][ T32] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 418.793725][ T32] ? __pfx_netlink_sendmsg+0x10/0x10 [ 418.799046][ T32] __sock_sendmsg+0x21c/0x270 [ 418.803819][ T32] ____sys_sendmsg+0x505/0x830 [ 418.808623][ T32] ? __pfx_____sys_sendmsg+0x10/0x10 [ 418.813983][ T32] ? import_iovec+0x74/0xa0 [ 418.818527][ T32] ___sys_sendmsg+0x21f/0x2a0 [ 418.823332][ T32] ? __pfx____sys_sendmsg+0x10/0x10 [ 418.828594][ T32] ? __fget_files+0x2a/0x420 [ 418.833257][ T32] ? __fget_files+0x3a0/0x420 [ 418.837978][ T32] __x64_sys_sendmsg+0x19b/0x260 [ 418.843053][ T32] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 418.848566][ T32] ? rcu_is_watching+0x15/0xb0 [ 418.853445][ T32] ? do_syscall_64+0xbe/0x3b0 [ 418.858197][ T32] do_syscall_64+0xfa/0x3b0 [ 418.862854][ T32] ? lockdep_hardirqs_on+0x9c/0x150 [ 418.868122][ T32] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.874356][ T32] ? clear_bhb_loop+0x60/0xb0 [ 418.879132][ T32] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.885105][ T32] RIP: 0033:0x7f581318ec29 [ 418.889554][ T32] RSP: 002b:00007f58140d2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 418.898157][ T32] RAX: ffffffffffffffda RBX: 00007f58133d5fa0 RCX: 00007f581318ec29 [ 418.906438][ T32] RDX: 00000000200000e4 RSI: 0000200000000140 RDI: 0000000000000003 [ 418.914582][ T32] RBP: 00007f5813211e41 R08: 0000000000000000 R09: 0000000000000000 [ 418.922741][ T32] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 418.930848][ T32] R13: 00007f58133d6038 R14: 00007f58133d5fa0 R15: 00007ffc379c55c8 [ 418.938879][ T32] [ 418.942053][ T32] INFO: task syz.1.1705:11525 blocked for more than 145 seconds. [ 418.949792][ T32] Not tainted syzkaller #0 [ 418.954792][ T32] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 418.963549][ T32] task:syz.1.1705 state:D stack:28360 pid:11525 tgid:11524 ppid:5861 task_flags:0x400040 flags:0x00004004 [ 418.975578][ T32] Call Trace: [ 418.978886][ T32] [ 418.981933][ T32] __schedule+0x1798/0x4cc0 [ 418.986483][ T32] ? __lock_acquire+0xab9/0xd20 [ 418.991478][ T32] ? __lock_acquire+0xab9/0xd20 [ 418.996420][ T32] ? __pfx___schedule+0x10/0x10 [ 419.001387][ T32] ? schedule+0x91/0x360 [ 419.005696][ T32] schedule+0x165/0x360 [ 419.009900][ T32] schedule_preempt_disabled+0x13/0x30 [ 419.015444][ T32] __mutex_lock+0x7e6/0x1350 [ 419.020078][ T32] ? __mutex_lock+0x5bb/0x1350 [ 419.024959][ T32] ? genl_rcv_msg+0x10d/0x790 [ 419.029684][ T32] ? __pfx___mutex_lock+0x10/0x10 [ 419.034849][ T32] ? __dev_queue_xmit+0x27b/0x3b50 [ 419.040018][ T32] ? radix_tree_lookup+0x240/0x290 [ 419.045260][ T32] genl_rcv_msg+0x10d/0x790 [ 419.049918][ T32] ? __pfx_genl_rcv_msg+0x10/0x10 [ 419.055041][ T32] ? ref_tracker_free+0x63a/0x7d0 [ 419.060104][ T32] ? __asan_memcpy+0x40/0x70 [ 419.064830][ T32] ? __pfx_ref_tracker_free+0x10/0x10 [ 419.070246][ T32] netlink_rcv_skb+0x208/0x470 [ 419.075111][ T32] ? __lock_acquire+0xab9/0xd20 [ 419.080003][ T32] ? __pfx_genl_rcv_msg+0x10/0x10 [ 419.085236][ T32] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 419.090573][ T32] ? down_read+0x1ad/0x2e0 [ 419.095604][ T32] genl_rcv+0x28/0x40 [ 419.099646][ T32] netlink_unicast+0x82f/0x9e0 [ 419.104544][ T32] ? __pfx_netlink_unicast+0x10/0x10 [ 419.109873][ T32] ? netlink_sendmsg+0x642/0xb30 [ 419.114970][ T32] ? skb_put+0x11b/0x210 [ 419.119286][ T32] netlink_sendmsg+0x805/0xb30 [ 419.124212][ T32] ? __pfx_netlink_sendmsg+0x10/0x10 [ 419.129562][ T32] ? aa_sock_msg_perm+0xf1/0x1d0 [ 419.134613][ T32] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 419.139931][ T32] ? __pfx_netlink_sendmsg+0x10/0x10 [ 419.145310][ T32] __sock_sendmsg+0x21c/0x270 [ 419.150053][ T32] __sys_sendto+0x3bd/0x520 [ 419.154659][ T32] ? __pfx___sys_sendto+0x10/0x10 [ 419.159721][ T32] ? count_memcg_event_mm+0x21/0x260 [ 419.165102][ T32] ? exc_page_fault+0x76/0xf0 [ 419.169915][ T32] ? do_user_addr_fault+0xc8a/0x1390 [ 419.175380][ T32] __x64_sys_sendto+0xde/0x100 [ 419.180188][ T32] do_syscall_64+0xfa/0x3b0 [ 419.184810][ T32] ? lockdep_hardirqs_on+0x9c/0x150 [ 419.190037][ T32] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.196235][ T32] ? clear_bhb_loop+0x60/0xb0 [ 419.201025][ T32] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.206946][ T32] RIP: 0033:0x7fb565990abc [ 419.211462][ T32] RSP: 002b:00007fb56680cec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 419.219908][ T32] RAX: ffffffffffffffda RBX: 00007fb56680cfc0 RCX: 00007fb565990abc [ 419.228133][ T32] RDX: 0000000000000020 RSI: 00007fb56680d010 RDI: 0000000000000003 [ 419.236190][ T32] RBP: 0000000000000000 R08: 00007fb56680cf14 R09: 000000000000000c [ 419.244293][ T32] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 419.252357][ T32] R13: 00007fb56680cf68 R14: 00007fb56680d010 R15: 0000000000000000 [ 419.260401][ T32] [ 419.263589][ T32] INFO: task syz-executor:11531 blocked for more than 145 seconds. [ 419.272370][ T32] Not tainted syzkaller #0 [ 419.277321][ T32] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 419.286185][ T32] task:syz-executor state:D stack:27640 pid:11531 tgid:11531 ppid:1 task_flags:0x400040 flags:0x00004000 [ 419.298471][ T32] Call Trace: [ 419.301846][ T32] [ 419.304897][ T32] __schedule+0x1798/0x4cc0 [ 419.309426][ T32] ? kasan_save_free_info+0x46/0x50 [ 419.314897][ T32] ? __lock_acquire+0xab9/0xd20 [ 419.319824][ T32] ? __lock_acquire+0xab9/0xd20 [ 419.324784][ T32] ? __pfx___schedule+0x10/0x10 [ 419.329680][ T32] ? schedule+0x91/0x360 [ 419.334178][ T32] schedule+0x165/0x360 [ 419.338371][ T32] schedule_preempt_disabled+0x13/0x30 [ 419.343933][ T32] __mutex_lock+0x7e6/0x1350 [ 419.348616][ T32] ? __mutex_lock+0x5bb/0x1350 [ 419.353580][ T32] ? misc_open+0x51/0x330 [ 419.357961][ T32] ? __pfx___mutex_lock+0x10/0x10 [ 419.363182][ T32] misc_open+0x51/0x330 [ 419.367388][ T32] chrdev_open+0x4c9/0x5e0 [ 419.371925][ T32] ? __pfx_chrdev_open+0x10/0x10 [ 419.377010][ T32] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 419.383536][ T32] ? __pfx_chrdev_open+0x10/0x10 [ 419.388534][ T32] do_dentry_open+0x950/0x13f0 [ 419.393415][ T32] vfs_open+0x3b/0x340 [ 419.397537][ T32] ? path_openat+0x2ecd/0x3830 [ 419.402437][ T32] path_openat+0x2ee5/0x3830 [ 419.407067][ T32] ? __pfx_css_rstat_updated+0x10/0x10 [ 419.413764][ T32] ? count_memcg_event_mm+0x21/0x260 [ 419.419202][ T32] ? __pfx_path_openat+0x10/0x10 [ 419.424359][ T32] ? __pfx___up_read+0x10/0x10 [ 419.429163][ T32] ? do_user_addr_fault+0xbc1/0x1390 [ 419.434650][ T32] do_filp_open+0x1fa/0x410 [ 419.439454][ T32] ? __lock_acquire+0xab9/0xd20 [ 419.444399][ T32] ? __pfx_do_filp_open+0x10/0x10 [ 419.449472][ T32] ? _raw_spin_unlock+0x28/0x50 [ 419.454410][ T32] ? alloc_fd+0x64c/0x6c0 [ 419.458784][ T32] do_sys_openat2+0x121/0x1c0 [ 419.463571][ T32] ? __pfx_do_sys_openat2+0x10/0x10 [ 419.468801][ T32] ? fd_install+0x97/0x540 [ 419.473348][ T32] ? fd_install+0x30d/0x540 [ 419.477897][ T32] __x64_sys_openat+0x138/0x170 [ 419.482858][ T32] do_syscall_64+0xfa/0x3b0 [ 419.487478][ T32] ? lockdep_hardirqs_on+0x9c/0x150 [ 419.492916][ T32] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.499035][ T32] ? clear_bhb_loop+0x60/0xb0 [ 419.503858][ T32] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.509881][ T32] RIP: 0033:0x7f3aa278d511 [ 419.514387][ T32] RSP: 002b:00007ffd9fc26a00 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 419.522908][ T32] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f3aa278d511 [ 419.530968][ T32] RDX: 0000000000000002 RSI: 00007f3aa281284a RDI: 00000000ffffff9c [ 419.539059][ T32] RBP: 00007f3aa281284a R08: 0000000000000000 R09: 00007f3aa350d6c0 [ 419.547236][ T32] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 419.555308][ T32] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 419.563417][ T32] [ 419.566474][ T32] INFO: task syz-executor:11533 blocked for more than 145 seconds. [ 419.574694][ T32] Not tainted syzkaller #0 [ 419.579657][ T32] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 419.588417][ T32] task:syz-executor state:D stack:28040 pid:11533 tgid:11533 ppid:1 task_flags:0x400040 flags:0x00004000 [ 419.600546][ T32] Call Trace: [ 419.603939][ T32] [ 419.606990][ T32] __schedule+0x1798/0x4cc0 [ 419.611557][ T32] ? kasan_save_free_info+0x46/0x50 [ 419.616805][ T32] ? __lock_acquire+0xab9/0xd20 [ 419.621783][ T32] ? __lock_acquire+0xab9/0xd20 [ 419.627269][ T32] ? __pfx___schedule+0x10/0x10 [ 419.632243][ T32] ? schedule+0x91/0x360 [ 419.636540][ T32] schedule+0x165/0x360 [ 419.640713][ T32] schedule_preempt_disabled+0x13/0x30 [ 419.646296][ T32] __mutex_lock+0x7e6/0x1350 [ 419.651002][ T32] ? __mutex_lock+0x5bb/0x1350 [ 419.655807][ T32] ? misc_open+0x51/0x330 [ 419.660213][ T32] ? __pfx___mutex_lock+0x10/0x10 [ 419.665420][ T32] misc_open+0x51/0x330 [ 419.669645][ T32] chrdev_open+0x4c9/0x5e0 [ 419.674242][ T32] ? __pfx_chrdev_open+0x10/0x10 [ 419.679249][ T32] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 419.685717][ T32] ? __pfx_chrdev_open+0x10/0x10 [ 419.690713][ T32] do_dentry_open+0x950/0x13f0 [ 419.695594][ T32] vfs_open+0x3b/0x340 [ 419.699694][ T32] ? path_openat+0x2ecd/0x3830 [ 419.704585][ T32] path_openat+0x2ee5/0x3830 [ 419.709295][ T32] ? __pfx_css_rstat_updated+0x10/0x10 [ 419.714878][ T32] ? count_memcg_event_mm+0x21/0x260 [ 419.720219][ T32] ? __pfx_path_openat+0x10/0x10 [ 419.725259][ T32] ? __pfx___up_read+0x10/0x10 [ 419.730062][ T32] ? do_user_addr_fault+0xbc1/0x1390 [ 419.735449][ T32] do_filp_open+0x1fa/0x410 [ 419.739983][ T32] ? __lock_acquire+0xab9/0xd20 [ 419.744967][ T32] ? __pfx_do_filp_open+0x10/0x10 [ 419.750056][ T32] ? _raw_spin_unlock+0x28/0x50 [ 419.754989][ T32] ? alloc_fd+0x64c/0x6c0 [ 419.759367][ T32] do_sys_openat2+0x121/0x1c0 [ 419.764129][ T32] ? __pfx_do_sys_openat2+0x10/0x10 [ 419.769362][ T32] ? fd_install+0x97/0x540 [ 419.773867][ T32] ? fd_install+0x30d/0x540 [ 419.778424][ T32] __x64_sys_openat+0x138/0x170 [ 419.783427][ T32] do_syscall_64+0xfa/0x3b0 [ 419.787983][ T32] ? lockdep_hardirqs_on+0x9c/0x150 [ 419.793330][ T32] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.799430][ T32] ? clear_bhb_loop+0x60/0xb0 [ 419.804257][ T32] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.810286][ T32] RIP: 0033:0x7f3cca58d511 [ 419.814891][ T32] RSP: 002b:00007ffeb7b9a930 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 419.823396][ T32] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f3cca58d511 [ 419.831532][ T32] RDX: 0000000000000002 RSI: 00007f3cca61284a RDI: 00000000ffffff9c [ 419.839532][ T32] RBP: 00007f3cca61284a R08: 0000000000000000 R09: 00007f3ccb30d6c0 [ 419.847609][ T32] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 419.855658][ T32] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 419.863740][ T32] [ 419.866825][ T32] [ 419.866825][ T32] Showing all locks held in the system: [ 419.874828][ T32] 1 lock held by khungtaskd/32: [ 419.879729][ T32] #0: ffffffff8e13a0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 419.889857][ T32] 1 lock held by klogd/5223: [ 419.894556][ T32] #0: ffff8880b8639f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 419.904737][ T32] 2 locks held by getty/5623: [ 419.909486][ T32] #0: ffff88802ff990a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 419.919413][ T32] #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 419.929650][ T32] 4 locks held by kworker/1:3/5925: [ 419.934976][ T32] #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.946053][ T32] #1: ffffc9000a8dfbc0 ((work_completion)(&rfkill->sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.958476][ T32] #2: ffffffff8f8130c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_sync_work+0x2e/0x200 [ 419.968622][ T32] #3: ffff888148325100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0 [ 419.978387][ T32] 3 locks held by kworker/1:5/5981: [ 419.983683][ T32] #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.994769][ T32] #1: ffffc9000ab57bc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 420.008383][ T32] #2: ffffffff8f8130c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0 [ 420.019802][ T32] 1 lock held by syz.4.1638/11315: [ 420.025041][ T32] #0: ffff888148325100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0 [ 420.034987][ T32] 3 locks held by syz.2.1669/11419: [ 420.040240][ T32] #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 420.048841][ T32] #1: ffff888055059100 (&dev->mutex){....}-{4:4}, at: nfc_register_device+0xa1/0x320 [ 420.058607][ T32] #2: ffffffff8f8130c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 420.068718][ T32] 1 lock held by syz.0.1696/11502: [ 420.073905][ T32] #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 420.082529][ T32] 3 locks held by syz.3.1703/11518: [ 420.087755][ T32] #0: ffffffff8f59fc50 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 420.096022][ T32] #1: ffffffff8f59fa68 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 420.105092][ T32] #2: ffffffff8f8130c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 420.115255][ T32] 2 locks held by syz.1.1705/11525: [ 420.120486][ T32] #0: ffffffff8f59fc50 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 420.128798][ T32] #1: ffffffff8f59fa68 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 420.137996][ T32] 1 lock held by syz-executor/11531: [ 420.143420][ T32] #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 420.152048][ T32] 1 lock held by syz-executor/11533: [ 420.157376][ T32] #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 420.165953][ T32] 1 lock held by syz-executor/11537: [ 420.171315][ T32] #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 420.179848][ T32] 1 lock held by syz-executor/11538: [ 420.185294][ T32] #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 420.193949][ T32] 1 lock held by syz-executor/11539: [ 420.199241][ T32] #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 420.207846][ T32] 1 lock held by syz-executor/11541: [ 420.213323][ T32] #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 420.221884][ T32] 1 lock held by syz-executor/11543: [ 420.227193][ T32] #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 420.235842][ T32] 1 lock held by syz-executor/11546: [ 420.241564][ T32] #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 420.250099][ T32] 1 lock held by syz-executor/11547: [ 420.255488][ T32] #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 420.264083][ T32] 1 lock held by syz-executor/11549: [ 420.269372][ T32] #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 420.277932][ T32] 1 lock held by syz-executor/11551: [ 420.283282][ T32] #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 420.291837][ T32] 1 lock held by syz-executor/11553: [ 420.297151][ T32] #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 420.305750][ T32] 1 lock held by syz-executor/11556: [ 420.311133][ T32] #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 420.319679][ T32] 1 lock held by syz-executor/11557: [ 420.325052][ T32] #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 420.333596][ T32] 1 lock held by syz-executor/11559: [ 420.338877][ T32] #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 420.347420][ T32] [ 420.349763][ T32] ============================================= [ 420.349763][ T32] [ 420.358260][ T32] NMI backtrace for cpu 1 [ 420.358284][ T32] CPU: 1 UID: 0 PID: 32 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 420.358304][ T32] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 420.358316][ T32] Call Trace: [ 420.358325][ T32] [ 420.358333][ T32] dump_stack_lvl+0x189/0x250 [ 420.358365][ T32] ? __pfx_dump_stack_lvl+0x10/0x10 [ 420.358390][ T32] ? __pfx__printk+0x10/0x10 [ 420.358430][ T32] nmi_cpu_backtrace+0x39e/0x3d0 [ 420.358472][ T32] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 420.358506][ T32] ? __pfx__printk+0x10/0x10 [ 420.358540][ T32] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 420.358576][ T32] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 420.358610][ T32] watchdog+0xf93/0xfe0 [ 420.358647][ T32] ? watchdog+0x1de/0xfe0 [ 420.358683][ T32] kthread+0x70e/0x8a0 [ 420.358713][ T32] ? __pfx_watchdog+0x10/0x10 [ 420.358741][ T32] ? __pfx_kthread+0x10/0x10 [ 420.358769][ T32] ? _raw_spin_unlock_irq+0x23/0x50 [ 420.358790][ T32] ? lockdep_hardirqs_on+0x9c/0x150 [ 420.358809][ T32] ? __pfx_kthread+0x10/0x10 [ 420.358836][ T32] ret_from_fork+0x439/0x7d0 [ 420.358861][ T32] ? __pfx_ret_from_fork+0x10/0x10 [ 420.358889][ T32] ? __switch_to_asm+0x39/0x70 [ 420.358915][ T32] ? __switch_to_asm+0x33/0x70 [ 420.358940][ T32] ? __pfx_kthread+0x10/0x10 [ 420.358967][ T32] ret_from_fork_asm+0x1a/0x30 [ 420.359011][ T32] [ 420.359020][ T32] Sending NMI from CPU 1 to CPUs 0: [ 420.504647][ C0] NMI backtrace for cpu 0 [ 420.504664][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) [ 420.504683][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 420.504694][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 420.504718][ C0] Code: 53 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d b3 29 0d 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 420.504733][ C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2 [ 420.504749][ C0] RAX: 0ee74e7e74fbf300 RBX: ffffffff819683f8 RCX: 0ee74e7e74fbf300 [ 420.504763][ C0] RDX: 0000000000000001 RSI: ffffffff8d9ba56b RDI: ffffffff8be33f00 [ 420.504775][ C0] RBP: ffffffff8de07eb8 R08: ffff8880b8632f9b R09: 1ffff110170c65f3 [ 420.504787][ C0] R10: dffffc0000000000 R11: ffffed10170c65f4 R12: ffffffff8fa39030 [ 420.504800][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a20 [ 420.504812][ C0] FS: 0000000000000000(0000) GS:ffff888125c13000(0000) knlGS:0000000000000000 [ 420.504826][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 420.504838][ C0] CR2: 00007fe0a084ae97 CR3: 000000000df36000 CR4: 00000000003526f0 [ 420.504853][ C0] Call Trace: [ 420.504862][ C0] [ 420.504868][ C0] default_idle+0x13/0x20 [ 420.504889][ C0] default_idle_call+0x74/0xb0 [ 420.504911][ C0] do_idle+0x1e8/0x510 [ 420.504932][ C0] ? __pfx_do_idle+0x10/0x10 [ 420.504958][ C0] cpu_startup_entry+0x44/0x60 [ 420.504974][ C0] rest_init+0x2de/0x300 [ 420.504998][ C0] start_kernel+0x3a9/0x410 [ 420.505020][ C0] x86_64_start_reservations+0x24/0x30 [ 420.505046][ C0] x86_64_start_kernel+0x143/0x1c0 [ 420.505072][ C0] common_startup_64+0x13e/0x147 [ 420.505105][ C0] [ 420.505685][ T32] Kernel panic - not syncing: hung_task: blocked tasks [ 420.686816][ T32] CPU: 1 UID: 0 PID: 32 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 420.695941][ T32] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 420.706007][ T32] Call Trace: [ 420.709298][ T32] [ 420.712244][ T32] dump_stack_lvl+0x99/0x250 [ 420.716853][ T32] ? __asan_memcpy+0x40/0x70 [ 420.721477][ T32] ? __pfx_dump_stack_lvl+0x10/0x10 [ 420.726709][ T32] ? __pfx__printk+0x10/0x10 [ 420.731336][ T32] vpanic+0x281/0x750 [ 420.735355][ T32] ? __pfx_vpanic+0x10/0x10 [ 420.739888][ T32] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 420.745470][ T32] ? preempt_schedule+0xae/0xc0 [ 420.750356][ T32] ? preempt_schedule_common+0x83/0xd0 [ 420.755859][ T32] panic+0xb9/0xc0 [ 420.759608][ T32] ? __pfx_panic+0x10/0x10 [ 420.764086][ T32] ? preempt_schedule_thunk+0x16/0x30 [ 420.769521][ T32] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 420.775735][ T32] watchdog+0xfd2/0xfe0 [ 420.779934][ T32] ? watchdog+0x1de/0xfe0 [ 420.784289][ T32] kthread+0x70e/0x8a0 [ 420.788396][ T32] ? __pfx_watchdog+0x10/0x10 [ 420.793107][ T32] ? __pfx_kthread+0x10/0x10 [ 420.797719][ T32] ? _raw_spin_unlock_irq+0x23/0x50 [ 420.802931][ T32] ? lockdep_hardirqs_on+0x9c/0x150 [ 420.808160][ T32] ? __pfx_kthread+0x10/0x10 [ 420.812764][ T32] ret_from_fork+0x439/0x7d0 [ 420.817380][ T32] ? __pfx_ret_from_fork+0x10/0x10 [ 420.822528][ T32] ? __switch_to_asm+0x39/0x70 [ 420.827321][ T32] ? __switch_to_asm+0x33/0x70 [ 420.832108][ T32] ? __pfx_kthread+0x10/0x10 [ 420.836722][ T32] ret_from_fork_asm+0x1a/0x30 [ 420.841513][ T32] [ 420.844820][ T32] Kernel Offset: disabled [ 420.849185][ T32] Rebooting in 86400 seconds..