last executing test programs: 12.281549553s ago: executing program 2 (id=3810): r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'vlan0\x00', 0x400}) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000040)={'wlan0\x00', 0xa00}) recvfrom$inet(r0, 0x0, 0x0, 0x10000, 0x0, 0x0) listen(r0, 0xda90) r1 = accept4(r0, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$kcm(0x2d, 0x2, 0x0) sendmsg$DCCPDIAG_GETSOCK(r1, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000700)={0x2ac, 0x13, 0x100, 0x70bd2d, 0x25dfdbfc, {0x21, 0x3, 0x30, 0x2d, {0x4e23, 0x4e24, [0x9, 0x8000, 0x2, 0x10e9e1e1], [0x60f, 0xfffff1b8, 0x5, 0x9], 0x0, [0x919, 0xfffffffc]}, 0xe, 0x79}, [@INET_DIAG_REQ_BYTECODE={0xb3, 0x1, "37ffec6af1b9cf31caf2bc110eabaaf5657fd4b36e340a0d10636b55d8b4a4a86f09f8b9585378a6a133577f1e9ede770d27bd1749d6a24d6a31e63d0428fa3760613a28cf57844be2f88c68452ab2ff2ac6c385cf07623ecbbde0f6d4de06a27f39550e041ed00b2548ced49c9b0c8707a93f0713692a099fb31f1a9396eda9d7e2561ca2b5b5bb003cd2789a87fbe5588427464bf2a2158b6951b72a982803151856e800157f63cb936f70745d66"}, @INET_DIAG_REQ_BYTECODE={0xb6, 0x1, "611311d54a7a6e65b43fc6d9dfb32f6ff4209cc6850d4a40819fc09a7a07532932ffd75a2df9bc8700401ba51816a3367549d992069a089e4e22ed0be9531f2b69c662686a33e33480dcdbf717f531171b728a3fe1c53388404c98d023ced639ac780c778e11d2286ed5da0e984bc21684aa92ab614ab7ee73eea6408df1533b3ecf7fc85d488dcf5e7885550615c13c636b66a0c594ccf74069487542952fa28956fe0c2cb36d99050407b6705b892596d0"}, @INET_DIAG_REQ_BYTECODE={0x6, 0x1, '|~'}, @INET_DIAG_REQ_BYTECODE={0xeb, 0x1, "41cd2d2f1d08298ae7f81906b342f2228b6efb561aea7c1bdf33090b9921220cb5d223c277819eaae5ad81999b684107c24d6282ac48d17e0381424f3531e57cda2d01d85fe0af007ae6b13479a6486f200860435ef03396c73a803bb42a3d3a195de19c86fb0835c79152ad0148d5eef2c4536b3d568bf8514c2da90c94c638342603c52f484198a54536bc3347769722cc9d9e2cb6038dc10778ab0a965f1b3d7e0d6dac7d7e39196e4f12dbd24341c9ec6f06808532c847c10ee845450cbe95e69c7f1332dad57085c076d508425c384e2c5761611a56caf534bc90159e0b3993891c6160ab"}]}, 0x2ac}, 0x1, 0x0, 0x0, 0x8004}, 0x5) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000100)) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000080)={r3}) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f00000000c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000540)={'bond0\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x3b, 0x2, [{0x301}, {0xfffffffd, 0x80000}]}}) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x40d, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, 0x99ffef750d96a51f, 0x40300}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_LACP_ACTIVE={0x5, 0x1d, 0x10}, @IFLA_BOND_PACKETS_PER_SLAVE={0x8, 0x14, 0x7}]}}}]}, 0x44}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000380)={0x0, r0}, 0x8) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x49, 0x49, 0x6, [@ptr={0x4, 0x0, 0x0, 0x2, 0x2}, @datasec={0xc, 0x4, 0x0, 0xf, 0x1, [{0x3, 0xe, 0x8}, {0x5, 0x4, 0x5}, {0x3, 0x1c740f2d, 0x4}, {0x2, 0x8, 0xffffffff}], '6'}]}, {0x0, [0x5f, 0x61, 0x61, 0x30]}}, &(0x7f0000000300)=""/26, 0x6a, 0x1a, 0x1, 0x6, 0x10000, @value=r6}, 0x28) socket$kcm(0xa, 0x2, 0x73) r7 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000040)={0x802, 0x0, 0x0, 0x7}, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000005200010003000000000000000a0000000c00", @ANYRES32=r7], 0x20}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r5) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/mnt\x00') 11.266310438s ago: executing program 2 (id=3815): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000003b40), r0) sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f0000003c40)={0x0, 0x0, &(0x7f0000003c00)={&(0x7f0000000080)={0x2d4, r1, 0x309, 0x70bd26, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_TAGLST={0x14, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x6}, {0x5, 0x3, 0x6}]}, @NLBL_CIPSOV4_A_MTYPE={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0xe4, 0x8, 0x0, 0x1, [{0x3c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x400}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x617e4964}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x2}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xe93521b}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x27}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe2}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xa2}]}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x43593f7a}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3f}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x75fac88d}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5c179328}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x19565cfc}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x55d894b9}]}, {0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x46}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xeb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x5e}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x76}]}, {0x4c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xa3}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1c3a79f9}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x6d}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xff}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x22551348}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x2800000}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x62}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x85}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x70, 0x8, 0x0, 0x1, [{0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x96}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6a2d6687}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x18a2d465}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x69}]}, {0x3c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x43023ec2}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4b0df402}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x67821208}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x693b8bc5}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3e}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x41}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x765006b0}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7197c69}]}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MLSCATLST={0xa0, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd7a7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x73f}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x303e}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6aff971e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2fc2}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xda34}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5465bbad}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x16d4b0b6}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7d71}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x80c2}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x11ce}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5982}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2817483b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5ee9}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdfe2}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2e88}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4072}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0xa0, 0xc, 0x0, 0x1, [{0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49eb9b85}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xb4d1}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4fca5fbd}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3e4b213d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f864298}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4330}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf068}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x295f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcced}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5fbc}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x81b1}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xde4b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad81}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xef05}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf184}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x51b6a881}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x702e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2900}]}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x2d4}, 0x1, 0x0, 0x0, 0x81}, 0x4044080) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000200)=0x1, 0x4) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r5, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) bind$xdp(r5, &(0x7f0000000100)={0x2c, 0x0, r7, 0x0, r5}, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000400)={'batadv_slave_0\x00', 0x0}) bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r8}, 0x10) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r0) 10.929259974s ago: executing program 2 (id=3818): r0 = socket(0x10, 0x3, 0x4) sendmsg$can_bcm(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x20048094) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x4, &(0x7f0000000600)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x9e}]}, 0x0}, 0x90) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)={0x90, r1, 0x229, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0xc}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0xa9a1}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x5}, @NL80211_ATTR_FRAME_MATCH={0x5b, 0x5b, "1db5f8a5088c5642b84298f69719ad68b3c324a03aa0f1f692402e285f29feb9792e1ea370038a2aea5f429c801c0df3b832e3d47140c2b46b60fb9305f467f98a0688c13f46e7790a6c004950f851c179cc2f04877a1c"}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x9}]}, 0x90}, 0x1, 0x0, 0x0, 0x40000000}, 0x40000c0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)={0x4c, r5, 0x511, 0x400000, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xd769}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_bond\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40850}, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f0000000780)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)={0x11c, r5, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x44, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'nq\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x4}}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}, @IPVS_CMD_ATTR_SERVICE={0x50, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x20, 0x20}}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@ipv4={'\x00', '\xff\xff', @remote}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x1, 0x4}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2b6a}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2020}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x11, 0x29}}, @IPVS_SVC_ATTR_PROTOCOL={0x6}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x24}]}, @IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x8}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x6}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x3}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x58}]}]}, 0x11c}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) vmsplice(r3, &(0x7f0000000180), 0x2ae, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001"], 0x254}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'ip6gre0\x00', &(0x7f0000000140)={'syztnl1\x00', 0x0, 0x4, 0xc7, 0x81, 0xb894, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x700, 0x10, 0x7, 0xffff}}) syz_extract_tcp_res$synack(&(0x7f0000000340), 0x1, 0x0) write$tun(r2, 0x0, 0x0) 10.392786796s ago: executing program 2 (id=3821): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002ec0)={0x18, 0x13, 0xa, 0x801, 0x70bd2a, 0x25dfdbfd, {0x3, 0x0, 0xa}, [@generic="ebae17"]}, 0x18}, 0x1, 0x0, 0x0, 0x4008000}, 0x4) r1 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001300)=[{0x10, 0x110, 0xb}], 0x10}, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b34, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'macvtap0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)=@o_path={&(0x7f0000000000)='./file0\x00'}, 0x18) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x8040044}, 0x810) bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000040)={r3, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000000)={r3, 0x1, 0x6, @random="790c7edd3d8d"}, 0x10) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0x0, 0x2000001, {0x0, 0x0, 0x0, r3, {0x7}, {0xd, 0xc}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054) 9.819259215s ago: executing program 2 (id=3823): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e24, @loopback}]}, &(0x7f0000000080)=0x10) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000280)={0x84, @multicast2, 0x4e24, 0x3, 'rr\x00', 0x24, 0x0, 0x7b}, 0x2c) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x9) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000017c0)=r3, 0x4) sendmsg$NFT_BATCH(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001640)=ANY=[@ANYBLOB="8addfe37291400000010000100000800000000000000a3412cd494114cb52a79d80000000500000a1400000011"], 0x28}, 0x1, 0x0, 0x0, 0x6008044}, 0x40840) r5 = socket$kcm(0xa, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x3, 0x81, 0xb}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e26, 0x3, 0x1cb, 0x12d61, 0x12d58}}, 0x44) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f00000001c0)={'veth1_to_batadv\x00', 0x0}) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000000), r7) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r8) sendmsg$IEEE802154_SCAN_REQ(r8, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000002940)={&(0x7f00000028c0)={0x24, r9, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x5}, @IEEE802154_ATTR_CHANNELS={0x8, 0x14, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x161b060f1436d4f2}, 0x10) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wpan3\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_KEY(r7, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, r9, 0x100, 0x70bd29, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r10}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4041) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r6) syz_genetlink_get_family_id$batadv(&(0x7f0000000440), r6) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000001680), 0x4) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x5, [@enum={0x3, 0x1, 0x0, 0xf, 0xffffff, [{0x1000002, 0x3}]}, @int={0x2, 0x0, 0x0, 0x1, 0x0, 0x48, 0x0, 0x6c, 0x3}]}, {0x0, [0x2e, 0x0, 0x2e]}}, 0x0, 0x41, 0x0, 0x1}, 0x28) recvmsg(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000600)=""/4113, 0x1011}, {&(0x7f0000000240)=""/70, 0x46}, {&(0x7f00000000c0)=""/50, 0x32}], 0x3}, 0x40012042) sendmsg$sock(r5, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4f22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 7.647795711s ago: executing program 2 (id=3828): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fedbdf250b0000000c00058008000100"], 0x20}, 0x1, 0x0, 0x0, 0x20004010}, 0x8000000) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0xfffc, @local}, 0x10) connect$inet(r3, &(0x7f0000000480)={0x2, 0xffff, @multicast2}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="430325bd7000fcffffff0c00000008000300", @ANYRES32=r6, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4000044}, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x3c, r5, 0x8, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40800) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0) syz_emit_ethernet(0x80, &(0x7f0000000200)={@multicast, @remote, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, '\x00', 0x4a, 0x2f, 0x0, @remote, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x22eb}, {0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x800, [0x5cc6, 0x4, 0x9]}, {}, {0x8, 0x88be, 0x1, {{0x0, 0x1, 0x7}, 0x1, {0x3}}}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0xfffffffe, 0x3}}}}}}}}}, 0x0) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'nq\x00', 0x3f, 0x84, 0x43}, 0x2c) syz_emit_ethernet(0x13, &(0x7f0000000200)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @remote, @void, {@llc={0x4, {@llc={0x42, 0xfe, "87", "a90e"}}}}}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="120000000d0000000400000002"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r8}, &(0x7f0000000040), &(0x7f0000000140)=r7}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$IPVS_CMD_FLUSH(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x7c, r10, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x34, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x6}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@remote}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x32, 0x12}}, @IPVS_SVC_ATTR_FWMARK={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfc}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0xc006}, 0x0) 4.193357369s ago: executing program 3 (id=3857): r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x8300, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000000)={'vlan0\x00', 0x400}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000040)={'wlan0\x00', 0xa00}) recvfrom$inet(r0, 0x0, 0x0, 0x10000, 0x0, 0x0) listen(r0, 0xda90) r2 = accept4(r0, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$kcm(0x2d, 0x2, 0x0) sendmsg$DCCPDIAG_GETSOCK(r2, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000700)={0x2ac, 0x13, 0x100, 0x70bd2d, 0x25dfdbfc, {0x21, 0x3, 0x30, 0x2d, {0x4e23, 0x4e24, [0x9, 0x8000, 0x2, 0x10e9e1e1], [0x60f, 0xfffff1b8, 0x5, 0x9], 0x0, [0x919, 0xfffffffc]}, 0xe, 0x79}, [@INET_DIAG_REQ_BYTECODE={0xb3, 0x1, "37ffec6af1b9cf31caf2bc110eabaaf5657fd4b36e340a0d10636b55d8b4a4a86f09f8b9585378a6a133577f1e9ede770d27bd1749d6a24d6a31e63d0428fa3760613a28cf57844be2f88c68452ab2ff2ac6c385cf07623ecbbde0f6d4de06a27f39550e041ed00b2548ced49c9b0c8707a93f0713692a099fb31f1a9396eda9d7e2561ca2b5b5bb003cd2789a87fbe5588427464bf2a2158b6951b72a982803151856e800157f63cb936f70745d66"}, @INET_DIAG_REQ_BYTECODE={0xb6, 0x1, "611311d54a7a6e65b43fc6d9dfb32f6ff4209cc6850d4a40819fc09a7a07532932ffd75a2df9bc8700401ba51816a3367549d992069a089e4e22ed0be9531f2b69c662686a33e33480dcdbf717f531171b728a3fe1c53388404c98d023ced639ac780c778e11d2286ed5da0e984bc21684aa92ab614ab7ee73eea6408df1533b3ecf7fc85d488dcf5e7885550615c13c636b66a0c594ccf74069487542952fa28956fe0c2cb36d99050407b6705b892596d0"}, @INET_DIAG_REQ_BYTECODE={0x6, 0x1, '|~'}, @INET_DIAG_REQ_BYTECODE={0xeb, 0x1, "41cd2d2f1d08298ae7f81906b342f2228b6efb561aea7c1bdf33090b9921220cb5d223c277819eaae5ad81999b684107c24d6282ac48d17e0381424f3531e57cda2d01d85fe0af007ae6b13479a6486f200860435ef03396c73a803bb42a3d3a195de19c86fb0835c79152ad0148d5eef2c4536b3d568bf8514c2da90c94c638342603c52f484198a54536bc3347769722cc9d9e2cb6038dc10778ab0a965f1b3d7e0d6dac7d7e39196e4f12dbd24341c9ec6f06808532c847c10ee845450cbe95e69c7f1332dad57085c076d508425c384e2c5761611a56caf534bc90159e0b3993891c6160ab"}]}, 0x2ac}, 0x1, 0x0, 0x0, 0x8004}, 0x5) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000100)) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000080)={r4}) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f00000000c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000540)={'bond0\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x3b, 0x2, [{0x301}, {0xfffffffd, 0x80000}]}}) sendmsg$nl_route(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x40d, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, 0x99ffef750d96a51f, 0x40300}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_LACP_ACTIVE={0x5, 0x1d, 0x10}, @IFLA_BOND_PACKETS_PER_SLAVE={0x8, 0x14, 0x7}]}}}]}, 0x44}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000380)={0x0, r0}, 0x8) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x49, 0x49, 0x6, [@ptr={0x4, 0x0, 0x0, 0x2, 0x2}, @datasec={0xc, 0x4, 0x0, 0xf, 0x1, [{0x3, 0xe, 0x8}, {0x5, 0x4, 0x5}, {0x3, 0x1c740f2d, 0x4}, {0x2, 0x8, 0xffffffff}], '6'}]}, {0x0, [0x5f, 0x61, 0x61, 0x30]}}, &(0x7f0000000300)=""/26, 0x6a, 0x1a, 0x1, 0x6, 0x10000, @value=r7}, 0x28) socket$kcm(0xa, 0x2, 0x73) r8 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000040)={0x802, 0x0, 0x0, 0x7}, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000005200010003000000000000000a0000000c00", @ANYRES32=r8], 0x20}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r6) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/mnt\x00') 3.321250667s ago: executing program 4 (id=3863): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x2000000, 0xd, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b9", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010000000"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r2, 0xffffffffffffffff}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000643200007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007041af64090aac40d6600000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) write(r1, &(0x7f0000001300)='-', 0x1) sendmsg$nl_xfrm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a000000fe88000000000000000000000000000000000000ff"], 0x254}}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000280)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x3, 0x0, 0x9, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast2}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}, @sadb_sa={0x2}, @sadb_x_sa2={0x2, 0x13, 0x3}]}, 0x60}, 0x1, 0x7}, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f00000000c0)={0x5, &(0x7f0000000000)=[{0x2d, 0x0, 0x3, 0xb}, {0x20}, {}, {0x0, 0x2}, {0x6}]}) 3.05469131s ago: executing program 3 (id=3866): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) r2 = syz_init_net_socket$ax25(0x3, 0x5, 0xc4) listen(r2, 0x8) setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000040)=@netrom={'nr', 0x0}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x34}, 0x94) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_opts(r3, 0x0, 0xf, &(0x7f0000000000)='\x00', 0x1) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0xc, &(0x7f0000000080)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r4, 0x2000300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000, 0x0, 0x1}, 0x20) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0a41, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002}) write$tun(r5, &(0x7f0000000240)={@val={0x0, 0x18}, @val={0x3, 0x1, 0x3, 0xffff, 0xc4, 0x10}, @ipv4=@tcp={{0x5, 0x4, 0x3, 0x4, 0xd4, 0x65, 0x0, 0x9, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, {{0x4e20, 0x4e22, 0x41424344, 0x41424344, 0x1, 0x0, 0x1c, 0x80, 0x7, 0x0, 0x9, {[@mptcp=@remove_addr={0x1e, 0x59, 0x6, 0x0, "3bcc55e2fb4b662a463b24b28a4fafb428a89d60f9547d33690c48bf9581455479f14cea31faf5212327c508ed14d3cc9f1b20adaecc3b4c664e61295f92adc7b03928e6f24a8ee8e299effe97537d57096d808d21b4"}]}}, {"13d3b3875dfd9a3f6328f33f09ceec09986b30406704e2560f04592cb4869c77658fcb3eca004c77b183c5840dbb0fd30bcd067737d3f07dff1755aac0e628d921d141b089c15306c066b177aab800b1"}}}}, 0xe2) socket$inet6_udplite(0xa, 0x2, 0x88) r6 = socket(0x2b, 0x80801, 0x1) listen(r6, 0x8) getsockopt$WPAN_WANTACK(r6, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000080)=0x4) r7 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) setsockopt$XDP_RX_RING(r7, 0x11b, 0x2, &(0x7f0000000480)=0x100000, 0x4) bind$xdp(r7, &(0x7f0000000100)={0x2c, 0x0, r9}, 0x10) ioctl$SIOCAX25ADDFWD(r6, 0x89ea, &(0x7f0000000140)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast}) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) 2.983429878s ago: executing program 4 (id=3867): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000400000000000000000000850000002c000000850000002a00000095"], &(0x7f0000000680)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x4b, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001680)={r2, r1, 0x25, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x4, 0x0, 0x1}}, 0x3c) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) connect$802154_dgram(r4, &(0x7f0000000000)={0x24, @none={0x0, 0x3}}, 0x14) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}, 0x1, 0x0, 0x0, 0x20008801}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched_retired(r7, 0x0, 0x14) openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) socket$alg(0x26, 0x5, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r8 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbbbbbbb8a0a63cdec590806000108"], 0x0) sendto$packet(r8, 0x0, 0x0, 0x0, 0x0, 0x0) 2.869926465s ago: executing program 0 (id=3868): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r3, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000680)="955232d6c924037daed352087a08237337131faef13945bfaaa58d01e5f858e96271cde18577054eb145e62abd8150646072c75137606c9eca87c894182ee54fa975990ac5f7b8f2ced1bc37588f08", 0x4f}, {&(0x7f00000001c0)="969f7e121729ff5ba084661b14fc7202e7b54c2be798", 0x16}, {&(0x7f0000000500)="648a6282c6e91b973836904a4a88affa0c371dd1b9c133c5e594714579d6bb3addfd43e78272aef64427ce5467d6994320cf139092452c7944ddab49e459f7e0c73f890e9e2463bd3390e20b1e472bd2aedb47094547a767a098a94a402e6aba65c0ef07eaa87f8663c763d9bb491243eb129eec434e5603956c8333a6ecdf4d3a601b9c8d3d63e3a4a57b38033e2b004f6c3e45f1645c3b7ca0d5ba5eea059b5aa4f0f80ac66904076cc60e47e1afc7d81ad937dee5efc0580e38d96cf0f53808f37d5a8811b07165e8b9aabceac06e4fa7f7668b8832877783a727a1fa8b972bfaeb232cf3e9b500965820f4adf64f1e5eddd65f5734fb43644347e98af7eb6abe95dcb6ed1acc22c8abdd5ea116242d5b7b2ecff3d9c635bce6a377112b4adbd75b71fcc8a6e3693c82ed7fd11ad63683cc89f0a35b", 0x137}], 0x3}}], 0x1, 0x4c801) splice(r2, 0x0, r1, 0x0, 0x10000008ebc, 0x0) splice(r0, 0x0, r3, 0x0, 0x8000000000025a5, 0x0) shutdown(r2, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) unshare(0x6a040000) socket$inet(0x2, 0x4000000000000001, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240)=0xffffffffffffffff, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, 0xffffffffffffffff}) socket$tipc(0x1e, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SIOCSIFHWADDR(r4, 0x8b04, &(0x7f0000000000)={'wlan1\x00', @random="020000000300"}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.idle_time\x00', 0x26e1, 0x0) r6 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_attach_bpf(r6, 0x1, 0x3e, &(0x7f00000002c0)=r5, 0x4) sendmsg$inet(r6, &(0x7f0000000440)={&(0x7f00000000c0)={0x2, 0x4e21, @multicast1}, 0x10, 0x0}, 0x20000040) 2.632482707s ago: executing program 4 (id=3871): r0 = socket$inet(0x2, 0x3, 0x6) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x24}}, 0x10) 2.533185596s ago: executing program 3 (id=3873): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x82543, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'\x00', 0x2}) ioctl$TUNSETDEBUG(r0, 0x400454c9, 0xffffffffffffffff) ioctl$TUNGETFILTER(r0, 0x801054db, &(0x7f0000000380)=""/96) 2.381852267s ago: executing program 0 (id=3874): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x86}}]}, 0x0, 0x3, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000280), &(0x7f0000000240)=r1}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 2.297978784s ago: executing program 4 (id=3875): bpf$PROG_LOAD(0x5, &(0x7f0000001880)={0x9, 0x4, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffe41, 0x0, 0x0, 0x0, 0x9}, [@generic={0x91, 0x1, 0x1, 0x1f}]}, &(0x7f0000001940)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}, 0x94) 2.183531562s ago: executing program 0 (id=3877): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x18, 0x3, 0x0, 0x0, 0x0, 0x8}}, &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xd4}, 0x94) 2.08192345s ago: executing program 4 (id=3878): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd"], 0xfdef) 2.013317719s ago: executing program 0 (id=3880): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="12000000090000000400000002"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000340), &(0x7f0000000140)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000540)={r1, &(0x7f0000000280)="e4", &(0x7f0000000680)=""/92}, 0x20) 1.872843148s ago: executing program 3 (id=3882): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a000000050000000200000004"], 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001c40)={0x14, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000080), &(0x7f0000000100)=r2}, 0x20) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4) sendmsg$unix(r4, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 1.872720102s ago: executing program 0 (id=3883): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x1, 0x7fe2, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x2, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="180000003f0a0000000000000900000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000006a000000839b8eb95d0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095000000000000005ef1fba18693d3b2956c5853d7f8bd0d2d81c9a82f3177c1174f2f3c96be73b813f468d53bb1125b3ff12e3cc852221f3292f22154f03f2f786b2968c668cb61103927151a0983bb59e846975b3b92e519eac2fbb8c9b6adb870ee2e26c77c502786e2ce07aecf17a51a5d708c7bf1d6c4b21cc58ec8bd592d7333be792ad2bcdd23cd371d99e5d8f92ec4c53f28924e11f301392e0e069fbc102fa60226e1ffaa676496f7742e33f19569dab21940655db734dbbc3315ea0cf6fbe5e4ca6cc8e04ae1582df52ada59225de2734338fe5b3688eb8fdb6509eb82b6dc3036a964b3f9bd9e14aa36611469c4fc5d09463b2420b3e8af436f7c58f5a58fbaa3a101a0803d8b286e24a6190c29de7d7af1504e7665bd2cb2823acbe8e9463de5a3d012959efd5bc6edff54168bbef7b3aacfdcefab4071"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x18, 0xfffffffffffffffc, 0x0, 0x0, '\x00', 0x0, 0x38, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) 1.798096113s ago: executing program 3 (id=3884): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) close(0x3) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000003c0)={r1, &(0x7f0000000080), &(0x7f00000008c0)=""/177}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000400)={r2}, 0xc) 1.717689388s ago: executing program 0 (id=3886): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b70200001a000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b70600007fffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e95d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e0ebc622003b538dfd8e012e79578e51bc5f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b803000000661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7b148ba532e6ea09c346dfebd38608b32a0080005d9a956773a90a0f4e62d86d00000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e14861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16b089f37b3591a15c0a9be6eb18208404c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b74cd36e7487afa447e2edfae4fa34274ab1ee31cc0cc461605390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f50714600fb6241c6e955031795b2c2f56411e48455b5a8b9988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced8468"], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'\x00', 0x6132}) write$cgroup_subtree(r0, &(0x7f0000000700)=ANY=[], 0xfe3a) 1.638129847s ago: executing program 3 (id=3888): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) ioctl$SIOCSIFHWADDR(r2, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random='\x00\a\x00'}) 1.380304801s ago: executing program 1 (id=3892): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x17, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xbb}}]}, &(0x7f0000000f40)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x28, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x94) 1.378771027s ago: executing program 1 (id=3893): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x15, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x400002}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x33}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x86}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000200)={r2, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000000c0)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe1, 0x8, 0x0, 0x0}}, 0x10) 1.324512115s ago: executing program 1 (id=3894): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x40600, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000700)=@base={0x13, 0x8, 0x8}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000e001400400000004000000041"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000006c0)="616f9fa04ac500025552d86563ddcd", &(0x7f0000000680), 0x1006, r1}, 0x38) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000000)={'ip6_vti0\x00', @random="010000201000"}) bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000080)={r1, &(0x7f00000014c0), &(0x7f00000000c0)=""/14}, 0x20) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xba98575a95aeb705) ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_subtree(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="8fedcb791f6f9875f37538e486dd6317ce81ea033c00fe08000e40000200875a65969ff57b00ff020000000000000000000000000001"], 0xfdef) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000140)={'team0\x00', @local}) ioctl$TUNSETVNETBE(r3, 0x400454de, &(0x7f0000000100)) 424.500593ms ago: executing program 1 (id=3895): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x3, 0x2, &(0x7f0000000100)=@raw=[@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0xffffffffffffffbc}, @jmp={0x5, 0x0, 0x9}], &(0x7f0000000280)='GPL\x00'}, 0x94) 317.166963ms ago: executing program 1 (id=3896): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fcdbdf25110000000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x804) 316.217027ms ago: executing program 1 (id=3897): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x9}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000200)={0x0, 0x0}, 0x6) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=r1, 0x4) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000000)={r2, 0x20, &(0x7f0000000280)={&(0x7f0000000080)=""/238, 0xffffffffffffff80, 0x0, 0x0}}, 0x1e) sendmmsg$inet6(r0, &(0x7f0000000480)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x80020}, 0x1c, &(0x7f0000000300)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x34000811) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000640)=ANY=[@ANYBLOB="12e01b398adda1"], 0x1000f) 0s ago: executing program 4 (id=3898): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000100)=@assoc_value={r1, 0xb9}, &(0x7f0000000180)=0x8) kernel console output (not intermixed with test programs): _ratelimit: 53 callbacks suppressed [ 327.964853][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 328.034558][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 328.046620][ T2308] block nbd2: Possible stuck request ffff888026728000: control (read@0,1024B). Runtime 210 seconds [ 328.050284][T16616] tipc: Enabled bearer , priority 0 [ 328.058152][ T2308] block nbd2: Possible stuck request ffff888026728200: control (read@1024,1024B). Runtime 210 seconds [ 328.075502][ T2308] block nbd2: Possible stuck request ffff888026728400: control (read@2048,1024B). Runtime 210 seconds [ 328.086641][ T2308] block nbd2: Possible stuck request ffff888026728600: control (read@3072,1024B). Runtime 210 seconds [ 328.127260][T16618] FAULT_INJECTION: forcing a failure. [ 328.127260][T16618] name failslab, interval 1, probability 0, space 0, times 0 [ 328.139997][T16618] CPU: 1 UID: 0 PID: 16618 Comm: syz.3.3333 Not tainted syzkaller #0 PREEMPT(full) [ 328.140020][T16618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 328.140032][T16618] Call Trace: [ 328.140040][T16618] [ 328.140048][T16618] dump_stack_lvl+0xe8/0x150 [ 328.140078][T16618] should_fail_ex+0x412/0x560 [ 328.140113][T16618] should_failslab+0xa8/0x100 [ 328.140134][T16618] ? skb_clone+0x212/0x3a0 [ 328.140151][T16618] kmem_cache_alloc_noprof+0x87/0x650 [ 328.140171][T16618] ? run_filter+0x23/0x270 [ 328.140196][T16618] skb_clone+0x212/0x3a0 [ 328.140212][T16618] ? packet_rcv+0x567/0x1720 [ 328.140236][T16618] packet_rcv+0x65b/0x1720 [ 328.140267][T16618] dev_queue_xmit_nit+0x5d5/0xad0 [ 328.140294][T16618] ? dev_queue_xmit_nit+0x2d/0xad0 [ 328.140327][T16618] dev_hard_start_xmit+0x1cf/0x870 [ 328.140361][T16618] __dev_queue_xmit+0x17a7/0x38d0 [ 328.140387][T16618] ? __dev_queue_xmit+0x28d/0x38d0 [ 328.140418][T16618] ? __pfx___dev_queue_xmit+0x10/0x10 [ 328.140445][T16618] ? __copy_skb_header+0xa3/0x4a0 [ 328.140463][T16618] ? __asan_memcpy+0x40/0x70 [ 328.140493][T16618] ? skb_clone+0x246/0x3a0 [ 328.140515][T16618] __netlink_deliver_tap+0x5ad/0x850 [ 328.140555][T16618] ? netlink_deliver_tap+0x2e/0x1b0 [ 328.140580][T16618] netlink_deliver_tap+0x19c/0x1b0 [ 328.140606][T16618] netlink_unicast+0x7e3/0x9b0 [ 328.140635][T16618] ? __pfx_netlink_unicast+0x10/0x10 [ 328.140658][T16618] ? netlink_sendmsg+0x650/0xb40 [ 328.140680][T16618] ? skb_put+0x11b/0x210 [ 328.140708][T16618] netlink_sendmsg+0x813/0xb40 [ 328.140795][T16618] ? __pfx_netlink_sendmsg+0x10/0x10 [ 328.140822][T16618] ? __fget_files+0x2a/0x420 [ 328.140847][T16618] ? aa_sock_msg_perm+0xf1/0x1b0 [ 328.140872][T16618] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 328.140892][T16618] ? __pfx_netlink_sendmsg+0x10/0x10 [ 328.140918][T16618] __sys_sendto+0x672/0x710 [ 328.140946][T16618] ? __pfx___sys_sendto+0x10/0x10 [ 328.140969][T16618] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 328.141002][T16618] ? __fget_files+0x3a0/0x420 [ 328.141037][T16618] ? ksys_write+0x242/0x270 [ 328.141059][T16618] ? __pfx_ksys_write+0x10/0x10 [ 328.141084][T16618] __x64_sys_sendto+0xde/0x100 [ 328.141120][T16618] do_syscall_64+0x14d/0xf80 [ 328.141138][T16618] ? trace_irq_disable+0x3b/0x150 [ 328.141163][T16618] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.141182][T16618] ? clear_bhb_loop+0x40/0x90 [ 328.141204][T16618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.141220][T16618] RIP: 0033:0x7f71eb39c799 [ 328.141238][T16618] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 328.141254][T16618] RSP: 002b:00007f71ec1e3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 328.141273][T16618] RAX: ffffffffffffffda RBX: 00007f71eb615fa0 RCX: 00007f71eb39c799 [ 328.141287][T16618] RDX: 0000000000000002 RSI: 0000200000000740 RDI: 0000000000000007 [ 328.141299][T16618] RBP: 00007f71ec1e3090 R08: 0000000000000000 R09: 0000000000000000 [ 328.141311][T16618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 328.141322][T16618] R13: 00007f71eb616038 R14: 00007f71eb615fa0 R15: 00007fff399eab28 [ 328.141352][T16618] [ 328.516260][ T981] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 328.525359][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 328.575110][T16627] FAULT_INJECTION: forcing a failure. [ 328.575110][T16627] name failslab, interval 1, probability 0, space 0, times 0 [ 328.577938][T16629] FAULT_INJECTION: forcing a failure. [ 328.577938][T16629] name failslab, interval 1, probability 0, space 0, times 0 [ 328.588046][T16627] CPU: 1 UID: 0 PID: 16627 Comm: syz.1.3335 Not tainted syzkaller #0 PREEMPT(full) [ 328.588071][T16627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 328.588083][T16627] Call Trace: [ 328.588091][T16627] [ 328.588099][T16627] dump_stack_lvl+0xe8/0x150 [ 328.588128][T16627] should_fail_ex+0x412/0x560 [ 328.588156][T16627] should_failslab+0xa8/0x100 [ 328.588181][T16627] __kmalloc_noprof+0xe8/0x760 [ 328.588202][T16627] ? bpf_test_init+0x9f/0x150 [ 328.588224][T16627] ? kstrtouint+0x6e/0xe0 [ 328.588247][T16627] bpf_test_init+0x9f/0x150 [ 328.588273][T16627] bpf_prog_test_run_xdp+0x529/0x1160 [ 328.588311][T16627] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 328.588339][T16627] ? __fget_files+0x2a/0x420 [ 328.588368][T16627] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 328.588393][T16627] bpf_prog_test_run+0x2c7/0x340 [ 328.588415][T16627] __sys_bpf+0x643/0x950 [ 328.588442][T16627] ? __pfx___sys_bpf+0x10/0x10 [ 328.588481][T16627] ? ksys_write+0x242/0x270 [ 328.588502][T16627] ? __pfx_ksys_write+0x10/0x10 [ 328.588528][T16627] __x64_sys_bpf+0x7c/0x90 [ 328.588551][T16627] do_syscall_64+0x14d/0xf80 [ 328.588568][T16627] ? trace_irq_disable+0x3b/0x150 [ 328.588591][T16627] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.588609][T16627] ? clear_bhb_loop+0x40/0x90 [ 328.588631][T16627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.588656][T16627] RIP: 0033:0x7f58cc99c799 [ 328.588674][T16627] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 328.588690][T16627] RSP: 002b:00007f58cd8a6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 328.588709][T16627] RAX: ffffffffffffffda RBX: 00007f58ccc15fa0 RCX: 00007f58cc99c799 [ 328.588722][T16627] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a [ 328.588734][T16627] RBP: 00007f58cd8a6090 R08: 0000000000000000 R09: 0000000000000000 [ 328.588746][T16627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 328.588756][T16627] R13: 00007f58ccc16038 R14: 00007f58ccc15fa0 R15: 00007ffdc25e3238 [ 328.588784][T16627] [ 328.813024][T16629] CPU: 0 UID: 0 PID: 16629 Comm: syz.0.3334 Not tainted syzkaller #0 PREEMPT(full) [ 328.813053][T16629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 328.813064][T16629] Call Trace: [ 328.813072][T16629] [ 328.813080][T16629] dump_stack_lvl+0xe8/0x150 [ 328.813109][T16629] should_fail_ex+0x412/0x560 [ 328.813137][T16629] should_failslab+0xa8/0x100 [ 328.813161][T16629] __kmalloc_noprof+0xe8/0x760 [ 328.813182][T16629] ? genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 328.813207][T16629] genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 328.813232][T16629] genl_family_rcv_msg_doit+0xd9/0x330 [ 328.813257][T16629] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 328.813285][T16629] ? apparmor_capable+0x126/0x170 [ 328.813307][T16629] ? bpf_lsm_capable+0x9/0x20 [ 328.813321][T16629] ? security_capable+0x7e/0x2c0 [ 328.813337][T16629] genl_rcv_msg+0x61c/0x7a0 [ 328.813351][T16629] ? __pfx_genl_rcv_msg+0x10/0x10 [ 328.813362][T16629] ? __pfx_ovs_meter_cmd_set+0x10/0x10 [ 328.813376][T16629] ? __lock_acquire+0x6b5/0x2cf0 [ 328.813396][T16629] netlink_rcv_skb+0x232/0x4b0 [ 328.813410][T16629] ? __pfx_genl_rcv_msg+0x10/0x10 [ 328.813422][T16629] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 328.813444][T16629] ? down_read+0x272/0x2e0 [ 328.813454][T16629] ? genl_rcv+0xd/0x40 [ 328.813465][T16629] genl_rcv+0x28/0x40 [ 328.813476][T16629] netlink_unicast+0x80f/0x9b0 [ 328.813495][T16629] ? __pfx_netlink_unicast+0x10/0x10 [ 328.813508][T16629] ? netlink_sendmsg+0x650/0xb40 [ 328.813521][T16629] ? skb_put+0x11b/0x210 [ 328.813537][T16629] netlink_sendmsg+0x813/0xb40 [ 328.813556][T16629] ? __pfx_netlink_sendmsg+0x10/0x10 [ 328.813571][T16629] ? aa_sock_msg_perm+0xf1/0x1b0 [ 328.813585][T16629] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 328.813599][T16629] ____sys_sendmsg+0x972/0x9f0 [ 328.813614][T16629] ? __pfx_____sys_sendmsg+0x10/0x10 [ 328.813630][T16629] ? import_iovec+0x73/0xa0 [ 328.813647][T16629] ___sys_sendmsg+0x2a5/0x360 [ 328.813661][T16629] ? __pfx____sys_sendmsg+0x10/0x10 [ 328.813689][T16629] ? __fget_files+0x2a/0x420 [ 328.813703][T16629] ? __fget_files+0x3a0/0x420 [ 328.813723][T16629] __x64_sys_sendmsg+0x1bd/0x2a0 [ 328.813735][T16629] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 328.813750][T16629] ? __pfx_ksys_write+0x10/0x10 [ 328.813776][T16629] do_syscall_64+0x14d/0xf80 [ 328.813786][T16629] ? trace_irq_disable+0x3b/0x150 [ 328.813801][T16629] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.813812][T16629] ? clear_bhb_loop+0x40/0x90 [ 328.813824][T16629] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.813835][T16629] RIP: 0033:0x7f0286d9c799 [ 328.813846][T16629] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 328.813856][T16629] RSP: 002b:00007f0287bb3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 328.813868][T16629] RAX: ffffffffffffffda RBX: 00007f0287015fa0 RCX: 00007f0286d9c799 [ 328.813875][T16629] RDX: 0000000000004040 RSI: 0000200000000100 RDI: 0000000000000004 [ 328.813882][T16629] RBP: 00007f0287bb3090 R08: 0000000000000000 R09: 0000000000000000 [ 328.813889][T16629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 328.813895][T16629] R13: 00007f0287016038 R14: 00007f0287015fa0 R15: 00007fff1bd40268 [ 328.813911][T16629] [ 329.135106][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 329.135626][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 329.154603][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 329.217553][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 329.233087][ T24] tipc: Node number set to 2886997007 [ 329.301774][T16632] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 329.469774][T16645] team_slave_0: left promiscuous mode [ 329.498868][T16645] team_slave_1: left promiscuous mode [ 329.685264][T16650] FAULT_INJECTION: forcing a failure. [ 329.685264][T16650] name failslab, interval 1, probability 0, space 0, times 0 [ 329.705246][T16650] CPU: 0 UID: 0 PID: 16650 Comm: syz.4.3342 Not tainted syzkaller #0 PREEMPT(full) [ 329.705275][T16650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 329.705287][T16650] Call Trace: [ 329.705295][T16650] [ 329.705303][T16650] dump_stack_lvl+0xe8/0x150 [ 329.705334][T16650] should_fail_ex+0x412/0x560 [ 329.705363][T16650] should_failslab+0xa8/0x100 [ 329.705388][T16650] __kmalloc_cache_noprof+0x88/0x660 [ 329.705410][T16650] ? rtnl_newlink+0x136/0x1be0 [ 329.705441][T16650] rtnl_newlink+0x136/0x1be0 [ 329.705474][T16650] ? unwind_next_frame+0xa5/0x23c0 [ 329.705509][T16650] ? __pfx_rtnl_newlink+0x10/0x10 [ 329.705543][T16650] ? __lock_acquire+0x6b5/0x2cf0 [ 329.705573][T16650] ? __lock_acquire+0x6b5/0x2cf0 [ 329.705598][T16650] ? __lock_acquire+0x6b5/0x2cf0 [ 329.705630][T16650] ? unwind_next_frame+0xa5/0x23c0 [ 329.705676][T16650] ? __lock_acquire+0x6b5/0x2cf0 [ 329.705702][T16650] ? is_bpf_text_address+0x26/0x2b0 [ 329.705726][T16650] ? kernel_text_address+0xa5/0xe0 [ 329.705772][T16650] ? __pfx_rtnl_newlink+0x10/0x10 [ 329.705796][T16650] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 329.705824][T16650] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 329.705848][T16650] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 329.705877][T16650] ? __lock_acquire+0x6b5/0x2cf0 [ 329.705909][T16650] netlink_rcv_skb+0x232/0x4b0 [ 329.705935][T16650] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 329.705961][T16650] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 329.705996][T16650] ? netlink_deliver_tap+0x2e/0x1b0 [ 329.706028][T16650] netlink_unicast+0x80f/0x9b0 [ 329.706059][T16650] ? __pfx_netlink_unicast+0x10/0x10 [ 329.706084][T16650] ? netlink_sendmsg+0x650/0xb40 [ 329.706107][T16650] ? skb_put+0x11b/0x210 [ 329.706136][T16650] netlink_sendmsg+0x813/0xb40 [ 329.706170][T16650] ? __pfx_netlink_sendmsg+0x10/0x10 [ 329.706198][T16650] ? aa_sock_msg_perm+0xf1/0x1b0 [ 329.706223][T16650] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 329.706248][T16650] ____sys_sendmsg+0x972/0x9f0 [ 329.706276][T16650] ? __pfx_____sys_sendmsg+0x10/0x10 [ 329.706304][T16650] ? import_iovec+0x73/0xa0 [ 329.706334][T16650] ___sys_sendmsg+0x2a5/0x360 [ 329.706359][T16650] ? __pfx____sys_sendmsg+0x10/0x10 [ 329.706411][T16650] ? __fget_files+0x2a/0x420 [ 329.706435][T16650] ? __fget_files+0x3a0/0x420 [ 329.706477][T16650] __x64_sys_sendmsg+0x1bd/0x2a0 [ 329.706499][T16650] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 329.706527][T16650] ? __pfx_ksys_write+0x10/0x10 [ 329.706559][T16650] do_syscall_64+0x14d/0xf80 [ 329.706577][T16650] ? trace_irq_disable+0x3b/0x150 [ 329.706602][T16650] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.706621][T16650] ? clear_bhb_loop+0x40/0x90 [ 329.706643][T16650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.706662][T16650] RIP: 0033:0x7f420599c799 [ 329.706680][T16650] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 329.706696][T16650] RSP: 002b:00007f42067ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 329.706717][T16650] RAX: ffffffffffffffda RBX: 00007f4205c15fa0 RCX: 00007f420599c799 [ 329.706731][T16650] RDX: 0000000000008044 RSI: 0000200000000440 RDI: 0000000000000004 [ 329.706743][T16650] RBP: 00007f42067ee090 R08: 0000000000000000 R09: 0000000000000000 [ 329.706755][T16650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 329.706767][T16650] R13: 00007f4205c16038 R14: 00007f4205c15fa0 R15: 00007ffda30f24b8 [ 329.706797][T16650] [ 330.075742][ T981] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 330.133072][T16645] team0 (unregistering): Port device team_slave_0 removed [ 330.166857][T16663] __nla_validate_parse: 8 callbacks suppressed [ 330.166877][T16663] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3343'. [ 330.202394][T16645] team0 (unregistering): Port device team_slave_1 removed [ 330.241271][T16655] wg1 speed is unknown, defaulting to 1000 [ 330.404296][T16666] bond16: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 330.425750][T16666] bond16 (unregistering): Released all slaves [ 330.487129][T16663] batman_adv: batadv0: Removing interface: ipvlan2 [ 330.590255][T16676] pim6reg: entered allmulticast mode [ 330.598459][T16681] tipc: Enabled bearer , priority 0 [ 330.612373][T16681] syzkaller0: entered promiscuous mode [ 330.640223][T16681] syzkaller0: entered allmulticast mode [ 330.659855][T16681] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3345'. [ 330.673373][T16675] pim6reg: left allmulticast mode [ 330.731685][T16681] tipc: Resetting bearer [ 330.739817][T16679] tipc: Resetting bearer [ 330.771289][T16679] tipc: Disabling bearer [ 330.844274][T16655] lo speed is unknown, defaulting to 1000 [ 330.982181][T16707] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3350'. [ 331.000622][T16708] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3348'. [ 331.133912][T16700] wg1 speed is unknown, defaulting to 1000 [ 331.149494][T16707] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3350'. [ 331.282142][T16713] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3351'. [ 331.402917][T16716] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3353'. [ 331.492999][T16716] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3353'. [ 331.589404][T16700] lo speed is unknown, defaulting to 1000 [ 331.801851][T16730] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3357'. [ 332.147722][T16748] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3360'. [ 332.213871][T16750] netlink: 'syz.3.3362': attribute type 1 has an invalid length. [ 332.495157][T16763] syzkaller1: entered promiscuous mode [ 332.500675][T16763] syzkaller1: entered allmulticast mode [ 332.697260][T16773] rdma_rxe: rxe_newlink: failed to add wg1 [ 332.749022][T16777] netlink: 'syz.4.3368': attribute type 1 has an invalid length. [ 332.838311][T16777] bond22 (unregistering): Released all slaves [ 333.166825][ T5934] net_ratelimit: 26 callbacks suppressed [ 333.166845][ T5934] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 333.203797][T16805] gre0: left promiscuous mode [ 333.208643][T16805] gre0: left allmulticast mode [ 333.253938][T16805] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 333.314942][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 333.332369][T16813] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 333.392332][T16818] syzkaller1: entered promiscuous mode [ 333.398320][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 333.410363][T16818] syzkaller1: entered allmulticast mode [ 333.442907][T16817] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 333.837268][T16848] netlink: 'syz.0.3385': attribute type 1 has an invalid length. [ 334.011011][T16838] bond25 (unregistering): Released all slaves [ 334.354994][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 334.624271][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 334.632936][ T5934] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 334.641800][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 334.749390][T16876] netlink: 'syz.0.3394': attribute type 1 has an invalid length. [ 334.785602][T16876] 8021q: adding VLAN 0 to HW filter on device bond25 [ 334.874532][T16876] macvlan2: entered promiscuous mode [ 334.879890][T16876] macvlan2: entered allmulticast mode [ 334.906209][T16876] bond25: entered allmulticast mode [ 334.911507][T16876] bond25: entered promiscuous mode [ 334.938151][T16876] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 334.950667][T16876] team0: Port device macvlan2 added [ 334.958275][T16885] syzkaller1: entered promiscuous mode [ 334.970452][T16885] syzkaller1: entered allmulticast mode [ 335.014694][T16883] bond25: (slave ip6gretap0): making interface the new active one [ 335.033935][T16883] ip6gretap0: entered promiscuous mode [ 335.041866][T16883] ip6gretap0: entered allmulticast mode [ 335.049734][T16883] bond25: (slave ip6gretap0): Enslaving as an active interface with an up link [ 335.218688][T16891] __nla_validate_parse: 13 callbacks suppressed [ 335.218710][T16891] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3398'. [ 335.246808][T16891] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3398'. [ 335.256481][T16905] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3404'. [ 335.265751][T16905] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3404'. [ 335.286324][T16907] pim6reg: entered allmulticast mode [ 335.294259][T16904] pim6reg: left allmulticast mode [ 335.311770][T16905] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3404'. [ 335.404393][T16905] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3404'. [ 335.413705][T16905] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3404'. [ 335.423514][T16905] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3404'. [ 335.473528][T16918] xt_hashlimit: size too large, truncated to 1048576 [ 335.539634][T16905] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3404'. [ 335.542034][T16925] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3409'. [ 335.858108][T16946] syzkaller1: entered promiscuous mode [ 335.873221][T16946] syzkaller1: entered allmulticast mode [ 336.787329][T16999] syzkaller1: entered promiscuous mode [ 336.813584][T16999] syzkaller1: entered allmulticast mode [ 336.854669][T17006] xt_hashlimit: size too large, truncated to 1048576 [ 337.065061][T17013] netlink: 'syz.4.3434': attribute type 2 has an invalid length. [ 337.100599][T17013] !©9: entered promiscuous mode [ 337.112746][T17013] netlink: 'syz.4.3434': attribute type 2 has an invalid length. [ 337.142123][T17013] !©9: left promiscuous mode [ 337.432451][T17032] 8021q: adding VLAN 0 to HW filter on device bond22 [ 337.573361][T17032] bond22: (slave ip6gretap0): Enslaving as an active interface with an up link [ 337.639765][T17040] tipc: Enabling of bearer rejected, already enabled [ 337.691339][T17038] wg1 speed is unknown, defaulting to 1000 [ 337.993450][T17038] lo speed is unknown, defaulting to 1000 [ 338.049973][T17070] netlink: 'syz.1.3450': attribute type 10 has an invalid length. [ 338.078942][T17070] team0: entered promiscuous mode [ 338.089768][T17070] team_slave_0: entered promiscuous mode [ 338.101919][T17070] team_slave_1: entered promiscuous mode [ 338.117284][T17070] team0: entered allmulticast mode [ 338.229097][T17070] team_slave_0: entered allmulticast mode [ 338.260097][T17070] team_slave_1: entered allmulticast mode [ 338.267017][T17070] bridge0: port 4(team0) entered blocking state [ 338.273558][T17070] bridge0: port 4(team0) entered disabled state [ 338.299518][T17070] bridge0: port 4(team0) entered blocking state [ 338.305983][T17070] bridge0: port 4(team0) entered forwarding state [ 338.515216][ T9855] net_ratelimit: 26 callbacks suppressed [ 338.515237][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 338.757617][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 338.831559][T17097] 8021q: adding VLAN 0 to HW filter on device bond16 [ 338.982571][T17107] tipc: Enabled bearer , priority 0 [ 339.005961][T17103] tipc: Resetting bearer [ 339.011193][T17117] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.020493][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.020590][T17100] wg1 speed is unknown, defaulting to 1000 [ 339.061574][T17117] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.070095][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.091062][T17117] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.099588][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.114847][T17112] syzkaller0: entered promiscuous mode [ 339.128353][T17112] syzkaller0: entered allmulticast mode [ 339.137086][T17117] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.145610][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.279188][T17102] tipc: Resetting bearer [ 339.327479][T17102] tipc: Disabling bearer [ 339.968455][T17130] syzkaller1: entered promiscuous mode [ 339.973979][T17130] syzkaller1: entered allmulticast mode [ 340.036909][T17143] FAULT_INJECTION: forcing a failure. [ 340.036909][T17143] name failslab, interval 1, probability 0, space 0, times 0 [ 340.094691][T17143] CPU: 1 UID: 0 PID: 17143 Comm: syz.3.3469 Not tainted syzkaller #0 PREEMPT(full) [ 340.094719][T17143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 340.094732][T17143] Call Trace: [ 340.094739][T17143] [ 340.094748][T17143] dump_stack_lvl+0xe8/0x150 [ 340.094778][T17143] should_fail_ex+0x412/0x560 [ 340.094807][T17143] should_failslab+0xa8/0x100 [ 340.094832][T17143] __kmalloc_noprof+0xe8/0x760 [ 340.094852][T17143] ? nla_strdup+0x9d/0x140 [ 340.094875][T17143] ? nft_pernet+0x23/0x240 [ 340.094900][T17143] nla_strdup+0x9d/0x140 [ 340.094926][T17143] nf_tables_updchain+0xb95/0x1fe0 [ 340.094967][T17143] ? nft_pernet+0x23/0x240 [ 340.094988][T17143] ? __pfx_nf_tables_updchain+0x10/0x10 [ 340.095022][T17143] nf_tables_newchain+0xdbd/0x2890 [ 340.095055][T17143] ? __pfx_nf_tables_newchain+0x10/0x10 [ 340.095086][T17143] ? __pfx___nla_validate_parse+0x10/0x10 [ 340.095126][T17143] ? nfnl_pernet+0x23/0x240 [ 340.095158][T17143] ? __nla_parse+0x40/0x60 [ 340.095187][T17143] nfnetlink_rcv+0x1240/0x27b0 [ 340.095249][T17143] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 340.095291][T17143] ? ref_tracker_free+0x693/0x840 [ 340.095341][T17143] ? __netlink_deliver_tap+0x807/0x850 [ 340.095366][T17143] ? netlink_deliver_tap+0x2e/0x1b0 [ 340.095404][T17143] netlink_unicast+0x80f/0x9b0 [ 340.095435][T17143] ? __pfx_netlink_unicast+0x10/0x10 [ 340.095458][T17143] ? netlink_sendmsg+0x650/0xb40 [ 340.095480][T17143] ? skb_put+0x11b/0x210 [ 340.095508][T17143] netlink_sendmsg+0x813/0xb40 [ 340.095541][T17143] ? __pfx_netlink_sendmsg+0x10/0x10 [ 340.095568][T17143] ? aa_sock_msg_perm+0xf1/0x1b0 [ 340.095593][T17143] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 340.095617][T17143] ____sys_sendmsg+0x972/0x9f0 [ 340.095644][T17143] ? __pfx_____sys_sendmsg+0x10/0x10 [ 340.095672][T17143] ? import_iovec+0x73/0xa0 [ 340.095701][T17143] ___sys_sendmsg+0x2a5/0x360 [ 340.095725][T17143] ? __pfx____sys_sendmsg+0x10/0x10 [ 340.095777][T17143] ? __fget_files+0x2a/0x420 [ 340.095801][T17143] ? __fget_files+0x3a0/0x420 [ 340.095836][T17143] __x64_sys_sendmsg+0x1bd/0x2a0 [ 340.095858][T17143] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 340.095885][T17143] ? __pfx_ksys_write+0x10/0x10 [ 340.095916][T17143] do_syscall_64+0x14d/0xf80 [ 340.095934][T17143] ? trace_irq_disable+0x3b/0x150 [ 340.095958][T17143] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.095976][T17143] ? clear_bhb_loop+0x40/0x90 [ 340.095998][T17143] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.096016][T17143] RIP: 0033:0x7f71eb39c799 [ 340.096035][T17143] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 340.096051][T17143] RSP: 002b:00007f71ec1e3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 340.096071][T17143] RAX: ffffffffffffffda RBX: 00007f71eb615fa0 RCX: 00007f71eb39c799 [ 340.096084][T17143] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 340.096096][T17143] RBP: 00007f71ec1e3090 R08: 0000000000000000 R09: 0000000000000000 [ 340.096107][T17143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 340.096118][T17143] R13: 00007f71eb616038 R14: 00007f71eb615fa0 R15: 00007fff399eab28 [ 340.096148][T17143] [ 340.422105][T17145] wg1 speed is unknown, defaulting to 1000 [ 340.436160][T17100] lo speed is unknown, defaulting to 1000 [ 340.627475][T17148] sch_tbf: burst 2 is lower than device tunl0 mtu (1536) ! [ 340.649232][ T6676] IPVS: starting estimator thread 0... [ 340.757295][T17155] IPVS: using max 35 ests per chain, 84000 per kthread [ 340.854977][T17159] tipc: Enabled bearer , priority 0 [ 340.873238][T17159] syzkaller0: entered promiscuous mode [ 340.882064][T17159] syzkaller0: entered allmulticast mode [ 340.887977][T17163] netlink: 'syz.3.3475': attribute type 11 has an invalid length. [ 340.913699][T17145] lo speed is unknown, defaulting to 1000 [ 340.915929][T17159] __nla_validate_parse: 19 callbacks suppressed [ 340.915947][T17159] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3474'. [ 340.934517][T17163] netlink: 'syz.3.3475': attribute type 23 has an invalid length. [ 340.946054][T17159] tipc: Resetting bearer [ 340.952971][T17163] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3475'. [ 340.985175][T17158] tipc: Resetting bearer [ 341.063020][T17158] tipc: Disabling bearer [ 341.524533][T17173] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3477'. [ 342.081031][T17197] nbd: must specify a size in bytes for the device [ 342.502475][T17201] FAULT_INJECTION: forcing a failure. [ 342.502475][T17201] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 342.530311][T17201] CPU: 0 UID: 0 PID: 17201 Comm: syz.4.3488 Not tainted syzkaller #0 PREEMPT(full) [ 342.530340][T17201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 342.530352][T17201] Call Trace: [ 342.530360][T17201] [ 342.530369][T17201] dump_stack_lvl+0xe8/0x150 [ 342.530400][T17201] should_fail_ex+0x412/0x560 [ 342.530429][T17201] _copy_from_iter+0x1d3/0x1670 [ 342.530455][T17201] ? rcu_is_watching+0x15/0xb0 [ 342.530484][T17201] ? __pfx__copy_from_iter+0x10/0x10 [ 342.530512][T17201] ? netlink_sendmsg+0x650/0xb40 [ 342.530533][T17201] ? skb_put+0x11b/0x210 [ 342.530561][T17201] netlink_sendmsg+0x6c0/0xb40 [ 342.530599][T17201] ? __pfx_netlink_sendmsg+0x10/0x10 [ 342.530624][T17201] ? aa_sock_msg_perm+0xf1/0x1b0 [ 342.530648][T17201] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 342.530673][T17201] ____sys_sendmsg+0x972/0x9f0 [ 342.530700][T17201] ? __pfx_____sys_sendmsg+0x10/0x10 [ 342.530724][T17201] ? import_iovec+0x73/0xa0 [ 342.530753][T17201] ___sys_sendmsg+0x2a5/0x360 [ 342.530775][T17201] ? __pfx____sys_sendmsg+0x10/0x10 [ 342.530819][T17201] ? __fget_files+0x2a/0x420 [ 342.530842][T17201] ? __fget_files+0x3a0/0x420 [ 342.530874][T17201] __x64_sys_sendmsg+0x1bd/0x2a0 [ 342.530893][T17201] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 342.530915][T17201] ? __pfx_ksys_write+0x10/0x10 [ 342.530946][T17201] do_syscall_64+0x14d/0xf80 [ 342.530962][T17201] ? trace_irq_disable+0x3b/0x150 [ 342.530983][T17201] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.531003][T17201] ? clear_bhb_loop+0x40/0x90 [ 342.531025][T17201] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.531043][T17201] RIP: 0033:0x7f420599c799 [ 342.531061][T17201] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 342.531077][T17201] RSP: 002b:00007f42067ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 342.531095][T17201] RAX: ffffffffffffffda RBX: 00007f4205c15fa0 RCX: 00007f420599c799 [ 342.531109][T17201] RDX: 0000000020000110 RSI: 0000200000000180 RDI: 0000000000000003 [ 342.531120][T17201] RBP: 00007f42067ee090 R08: 0000000000000000 R09: 0000000000000000 [ 342.531132][T17201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 342.531143][T17201] R13: 00007f4205c16038 R14: 00007f4205c15fa0 R15: 00007ffda30f24b8 [ 342.531170][T17201] [ 342.877662][T17202] bond18 (unregistering): Released all slaves [ 342.970170][T17212] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 342.990430][T17212] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 343.324821][T17226] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3496'. [ 343.471395][T17235] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3496'. [ 343.579345][T16467] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.594657][T16467] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.603605][T16467] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.619656][T16467] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.685659][T17239] FAULT_INJECTION: forcing a failure. [ 343.685659][T17239] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 343.709151][T17239] CPU: 0 UID: 0 PID: 17239 Comm: syz.2.3499 Not tainted syzkaller #0 PREEMPT(full) [ 343.709179][T17239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 343.709189][T17239] Call Trace: [ 343.709197][T17239] [ 343.709205][T17239] dump_stack_lvl+0xe8/0x150 [ 343.709233][T17239] should_fail_ex+0x412/0x560 [ 343.709261][T17239] _copy_from_user+0x2d/0xb0 [ 343.709287][T17239] get_timespec64+0x96/0x1b0 [ 343.709310][T17239] ? __pfx_get_timespec64+0x10/0x10 [ 343.709341][T17239] __x64_sys_recvmmsg+0x14b/0x250 [ 343.709364][T17239] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 343.709395][T17239] do_syscall_64+0x14d/0xf80 [ 343.709412][T17239] ? trace_irq_disable+0x3b/0x150 [ 343.709436][T17239] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.709454][T17239] ? clear_bhb_loop+0x40/0x90 [ 343.709475][T17239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.709494][T17239] RIP: 0033:0x7f721819c799 [ 343.709511][T17239] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 343.709525][T17239] RSP: 002b:00007f7218ffa028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 343.709543][T17239] RAX: ffffffffffffffda RBX: 00007f7218415fa0 RCX: 00007f721819c799 [ 343.709555][T17239] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 343.709567][T17239] RBP: 00007f7218ffa090 R08: 0000200000003700 R09: 0000000000000000 [ 343.709579][T17239] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001 [ 343.709590][T17239] R13: 00007f7218416038 R14: 00007f7218415fa0 R15: 00007ffd8efaabe8 [ 343.709626][T17239] [ 343.875725][ T5891] net_ratelimit: 2062 callbacks suppressed [ 343.875743][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 343.898952][T17244] netlink: 212328 bytes leftover after parsing attributes in process `syz.0.3502'. [ 343.908555][T17244] netlink: Unknown conntrack attr (type=2304, max=9) [ 343.950213][T17247] netlink: 'syz.3.3503': attribute type 1 has an invalid length. [ 343.983833][T17247] netlink: 'syz.3.3503': attribute type 1 has an invalid length. [ 343.992444][T17247] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3503'. [ 344.007445][T17250] FAULT_INJECTION: forcing a failure. [ 344.007445][T17250] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 344.026906][T17250] CPU: 1 UID: 0 PID: 17250 Comm: syz.0.3505 Not tainted syzkaller #0 PREEMPT(full) [ 344.026936][T17250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 344.026948][T17250] Call Trace: [ 344.026956][T17250] [ 344.026964][T17250] dump_stack_lvl+0xe8/0x150 [ 344.026995][T17250] should_fail_ex+0x412/0x560 [ 344.027024][T17250] _copy_from_user+0x2d/0xb0 [ 344.027053][T17250] ___sys_sendmsg+0x1c6/0x360 [ 344.027079][T17250] ? __pfx____sys_sendmsg+0x10/0x10 [ 344.027135][T17250] ? __fget_files+0x2a/0x420 [ 344.027160][T17250] ? __fget_files+0x3a0/0x420 [ 344.027195][T17250] __x64_sys_sendmsg+0x1bd/0x2a0 [ 344.027217][T17250] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 344.027245][T17250] ? __pfx_ksys_write+0x10/0x10 [ 344.027277][T17250] do_syscall_64+0x14d/0xf80 [ 344.027295][T17250] ? trace_irq_disable+0x3b/0x150 [ 344.027321][T17250] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.027340][T17250] ? clear_bhb_loop+0x40/0x90 [ 344.027362][T17250] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.027381][T17250] RIP: 0033:0x7f0286d9c799 [ 344.027399][T17250] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 344.027415][T17250] RSP: 002b:00007f0287bb3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 344.027435][T17250] RAX: ffffffffffffffda RBX: 00007f0287015fa0 RCX: 00007f0286d9c799 [ 344.027448][T17250] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 344.027460][T17250] RBP: 00007f0287bb3090 R08: 0000000000000000 R09: 0000000000000000 [ 344.027472][T17250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 344.027483][T17250] R13: 00007f0287016038 R14: 00007f0287015fa0 R15: 00007fff1bd40268 [ 344.027513][T17250] [ 344.213062][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 344.314224][T17259] siw: device registration error -23 [ 344.322256][T17259] smc: removing ib device syz0 [ 344.338275][T17264] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3508'. [ 344.350957][T17264] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3508'. [ 344.364655][T17264] netlink: 'syz.3.3508': attribute type 13 has an invalid length. [ 344.372545][T17264] netlink: 'syz.3.3508': attribute type 17 has an invalid length. [ 344.512031][T17270] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3510'. [ 344.723198][T17264] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 344.836702][T17279] Cannot find add_set index 1 as target [ 344.928103][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 344.993387][T17282] netlink: 'syz.1.3514': attribute type 21 has an invalid length. [ 345.243996][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.379471][T17305] FAULT_INJECTION: forcing a failure. [ 345.379471][T17305] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 345.440571][T17305] CPU: 0 UID: 0 PID: 17305 Comm: syz.4.3522 Not tainted syzkaller #0 PREEMPT(full) [ 345.440599][T17305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 345.440609][T17305] Call Trace: [ 345.440616][T17305] [ 345.440624][T17305] dump_stack_lvl+0xe8/0x150 [ 345.440653][T17305] should_fail_ex+0x412/0x560 [ 345.440679][T17305] _copy_from_user+0x2d/0xb0 [ 345.440706][T17305] __copy_msghdr+0x3c5/0x5b0 [ 345.440727][T17305] ___sys_sendmsg+0x213/0x360 [ 345.440749][T17305] ? __pfx____sys_sendmsg+0x10/0x10 [ 345.440796][T17305] ? __fget_files+0x2a/0x420 [ 345.440821][T17305] ? __fget_files+0x3a0/0x420 [ 345.440853][T17305] __x64_sys_sendmsg+0x1bd/0x2a0 [ 345.440873][T17305] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 345.440895][T17305] ? __pfx_ksys_write+0x10/0x10 [ 345.440922][T17305] do_syscall_64+0x14d/0xf80 [ 345.440939][T17305] ? trace_irq_disable+0x3b/0x150 [ 345.440962][T17305] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.440979][T17305] ? clear_bhb_loop+0x40/0x90 [ 345.441001][T17305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.441020][T17305] RIP: 0033:0x7f420599c799 [ 345.441037][T17305] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 345.441053][T17305] RSP: 002b:00007f42067ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 345.441073][T17305] RAX: ffffffffffffffda RBX: 00007f4205c15fa0 RCX: 00007f420599c799 [ 345.441087][T17305] RDX: 000000000000fc40 RSI: 0000200000000080 RDI: 0000000000000003 [ 345.441099][T17305] RBP: 00007f42067ee090 R08: 0000000000000000 R09: 0000000000000000 [ 345.441111][T17305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 345.441122][T17305] R13: 00007f4205c16038 R14: 00007f4205c15fa0 R15: 00007ffda30f24b8 [ 345.441151][T17305] [ 345.584873][T17314] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.658955][T17314] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.667454][T17314] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.697406][T17312] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.976373][T17328] FAULT_INJECTION: forcing a failure. [ 345.976373][T17328] name failslab, interval 1, probability 0, space 0, times 0 [ 346.031092][T17328] CPU: 0 UID: 0 PID: 17328 Comm: syz.4.3530 Not tainted syzkaller #0 PREEMPT(full) [ 346.031120][T17328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 346.031133][T17328] Call Trace: [ 346.031141][T17328] [ 346.031149][T17328] dump_stack_lvl+0xe8/0x150 [ 346.031181][T17328] should_fail_ex+0x412/0x560 [ 346.031209][T17328] should_failslab+0xa8/0x100 [ 346.031235][T17328] __kmalloc_cache_noprof+0x88/0x660 [ 346.031257][T17328] ? alloc_pipe_info+0xe8/0x4d0 [ 346.031282][T17328] alloc_pipe_info+0xe8/0x4d0 [ 346.031306][T17328] splice_direct_to_actor+0xa08/0xc70 [ 346.031343][T17328] ? __pfx_direct_splice_actor+0x10/0x10 [ 346.031371][T17328] ? __pfx_aa_file_perm+0x10/0x10 [ 346.031398][T17328] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 346.031422][T17328] ? get_pid_task+0x20/0x1f0 [ 346.031447][T17328] do_splice_direct+0x195/0x290 [ 346.031475][T17328] ? __pfx_do_splice_direct+0x10/0x10 [ 346.031502][T17328] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 346.031530][T17328] ? bpf_lsm_file_permission+0x9/0x20 [ 346.031558][T17328] ? security_file_permission+0x75/0x260 [ 346.031580][T17328] ? rw_verify_area+0x255/0x4d0 [ 346.031603][T17328] do_sendfile+0x535/0x7d0 [ 346.031636][T17328] ? __pfx_do_sendfile+0x10/0x10 [ 346.031661][T17328] ? __fget_files+0x3a0/0x420 [ 346.031694][T17328] __se_sys_sendfile64+0x144/0x1a0 [ 346.031721][T17328] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 346.031754][T17328] do_syscall_64+0x14d/0xf80 [ 346.031773][T17328] ? trace_irq_disable+0x3b/0x150 [ 346.031797][T17328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.031817][T17328] ? clear_bhb_loop+0x40/0x90 [ 346.031839][T17328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.031858][T17328] RIP: 0033:0x7f420599c799 [ 346.031876][T17328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 346.031892][T17328] RSP: 002b:00007f42067ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 346.031912][T17328] RAX: ffffffffffffffda RBX: 00007f4205c15fa0 RCX: 00007f420599c799 [ 346.031926][T17328] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 346.031936][T17328] RBP: 00007f42067ee090 R08: 0000000000000000 R09: 0000000000000000 [ 346.031947][T17328] R10: 0000000000008d5e R11: 0000000000000246 R12: 0000000000000001 [ 346.031959][T17328] R13: 00007f4205c16038 R14: 00007f4205c15fa0 R15: 00007ffda30f24b8 [ 346.031989][T17328] [ 346.802000][T17345] can: request_module (can-proto-0) failed. [ 346.916548][T17351] syzkaller0: entered allmulticast mode [ 346.980737][T17351] syzkaller0 (unregistering): left allmulticast mode [ 347.304148][T17359] bridge0: port 4(team0) entered disabled state [ 347.310784][T17359] bridge0: port 3(dummy0) entered disabled state [ 347.317653][T17359] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.325013][T17359] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.629581][T17359] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 347.665644][T17359] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 347.841613][T17359] veth1_vlan: left allmulticast mode [ 347.874655][ C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 348.164696][ T3573] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.209159][ T3573] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.234102][ T3573] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.259306][ T3573] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.354878][T17391] __nla_validate_parse: 3 callbacks suppressed [ 348.354899][T17391] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3549'. [ 348.409539][T17393] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3550'. [ 348.436662][T17395] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3551'. [ 348.449802][T17393] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3550'. [ 348.450570][T17395] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3551'. [ 348.491802][T17400] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3552'. [ 348.509440][T17395] netlink: 'syz.0.3551': attribute type 4 has an invalid length. [ 348.528282][T17395] netlink: 'syz.0.3551': attribute type 4 has an invalid length. [ 348.550229][T17400] netlink: 'syz.4.3552': attribute type 7 has an invalid length. [ 348.609535][T17400] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3552'. [ 348.619987][T16479] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 348.633930][T16479] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 348.652076][T17400] netlink: 'syz.4.3552': attribute type 7 has an invalid length. [ 348.661036][T17408] netlink: 'syz.3.3553': attribute type 11 has an invalid length. [ 348.676475][T16479] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 348.687159][T17400] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3552'. [ 348.713827][T16479] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 348.866893][T17417] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 348.969873][T17423] bond14: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 348.998759][T17423] bond14 (unregistering): Released all slaves [ 349.102129][T17426] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3561'. [ 349.156153][T17431] lo speed is unknown, defaulting to 1000 [ 349.159512][ T3573] net_ratelimit: 57 callbacks suppressed [ 349.159531][ T3573] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 349.176922][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 349.243838][T17426] xt_CT: No such helper "syz1" [ 349.505185][T17441] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3563'. [ 349.554861][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 349.799752][ T6679] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 349.808489][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 349.867867][T17451] netlink: 'syz.2.3569': attribute type 1 has an invalid length. [ 349.884891][T17454] bridge0: port 1(dummy0) entered disabled state [ 350.003107][T17454] batman_adv: batadv0: Adding interface: dummy0 [ 350.024637][T17454] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 350.074756][T17454] batman_adv: batadv0: Interface activated: dummy0 [ 350.190884][T17456] bond17 (unregistering): Released all slaves [ 350.269897][T17455] batadv0: mtu less than device minimum [ 350.319685][T17472] xt_addrtype: ipv6 does not support BROADCAST matching [ 350.327097][T17455] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 350.328478][T17455] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 350.350079][T17455] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 350.361783][T17455] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 350.457688][T17459] vlan4: entered allmulticast mode [ 350.805698][T17495] lo speed is unknown, defaulting to 1000 [ 351.116924][T17504] FAULT_INJECTION: forcing a failure. [ 351.116924][T17504] name failslab, interval 1, probability 0, space 0, times 0 [ 351.155006][T17504] CPU: 1 UID: 0 PID: 17504 Comm: syz.1.3581 Not tainted syzkaller #0 PREEMPT(full) [ 351.155037][T17504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 351.155049][T17504] Call Trace: [ 351.155058][T17504] [ 351.155066][T17504] dump_stack_lvl+0xe8/0x150 [ 351.155097][T17504] should_fail_ex+0x412/0x560 [ 351.155125][T17504] should_failslab+0xa8/0x100 [ 351.155151][T17504] __kmalloc_cache_noprof+0x88/0x660 [ 351.155173][T17504] ? sctp_add_bind_addr+0x8c/0x370 [ 351.155201][T17504] sctp_add_bind_addr+0x8c/0x370 [ 351.155228][T17504] sctp_copy_local_addr_list+0x314/0x4f0 [ 351.155254][T17504] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 351.155277][T17504] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 351.155302][T17504] ? sctp_v6_is_any+0x64/0x80 [ 351.155327][T17504] ? sctp_copy_one_addr+0x93/0x360 [ 351.155352][T17504] sctp_bind_addr_copy+0xb3/0x3c0 [ 351.155376][T17504] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 351.155399][T17504] sctp_connect_new_asoc+0x2ff/0x6b0 [ 351.155428][T17504] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 351.155459][T17504] ? __local_bh_enable_ip+0xd0/0x130 [ 351.155481][T17504] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 351.155507][T17504] ? security_sctp_bind_connect+0x7e/0x2c0 [ 351.155528][T17504] sctp_sendmsg+0x1528/0x2c10 [ 351.155566][T17504] ? __pfx_sctp_sendmsg+0x10/0x10 [ 351.155594][T17504] ? aa_sk_perm+0x6d5/0x900 [ 351.155624][T17504] ? __pfx_aa_sk_perm+0x10/0x10 [ 351.155649][T17504] ? sock_rps_record_flow+0x19/0x350 [ 351.155671][T17504] ? inet_sendmsg+0x2f4/0x370 [ 351.155692][T17504] ____sys_sendmsg+0x80a/0x9f0 [ 351.155720][T17504] ? __pfx_____sys_sendmsg+0x10/0x10 [ 351.155748][T17504] ? import_iovec+0x73/0xa0 [ 351.155778][T17504] ___sys_sendmsg+0x2a5/0x360 [ 351.155803][T17504] ? __pfx____sys_sendmsg+0x10/0x10 [ 351.155855][T17504] ? __fget_files+0x2a/0x420 [ 351.155880][T17504] ? __fget_files+0x3a0/0x420 [ 351.155911][T17504] __x64_sys_sendmsg+0x1bd/0x2a0 [ 351.155932][T17504] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 351.155964][T17504] ? __pfx_ksys_write+0x10/0x10 [ 351.155995][T17504] do_syscall_64+0x14d/0xf80 [ 351.156011][T17504] ? trace_irq_disable+0x3b/0x150 [ 351.156035][T17504] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.156054][T17504] ? clear_bhb_loop+0x40/0x90 [ 351.156074][T17504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.156091][T17504] RIP: 0033:0x7f58cc99c799 [ 351.156107][T17504] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 351.156121][T17504] RSP: 002b:00007f58cd8a6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 351.156140][T17504] RAX: ffffffffffffffda RBX: 00007f58ccc15fa0 RCX: 00007f58cc99c799 [ 351.156152][T17504] RDX: 0000000028008841 RSI: 0000200000001640 RDI: 0000000000000008 [ 351.156162][T17504] RBP: 00007f58cd8a6090 R08: 0000000000000000 R09: 0000000000000000 [ 351.156173][T17504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 351.156183][T17504] R13: 00007f58ccc16038 R14: 00007f58ccc15fa0 R15: 00007ffdc25e3238 [ 351.156208][T17504] [ 351.553993][T17513] FAULT_INJECTION: forcing a failure. [ 351.553993][T17513] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 351.565767][T17517] : entered promiscuous mode [ 351.575461][T17513] CPU: 0 UID: 0 PID: 17513 Comm: syz.2.3584 Not tainted syzkaller #0 PREEMPT(full) [ 351.575490][T17513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 351.575501][T17513] Call Trace: [ 351.575509][T17513] [ 351.575517][T17513] dump_stack_lvl+0xe8/0x150 [ 351.575547][T17513] should_fail_ex+0x412/0x560 [ 351.575582][T17513] _copy_from_iter+0x1d3/0x1670 [ 351.575609][T17513] ? rcu_is_watching+0x15/0xb0 [ 351.575637][T17513] ? __pfx__copy_from_iter+0x10/0x10 [ 351.575659][T17513] ? __kmalloc_node_track_caller_noprof+0x4f9/0x7b0 [ 351.575688][T17513] ? netlink_sendmsg+0x650/0xb40 [ 351.575712][T17513] ? skb_put+0x11b/0x210 [ 351.575741][T17513] netlink_sendmsg+0x6c0/0xb40 [ 351.575774][T17513] ? __pfx_netlink_sendmsg+0x10/0x10 [ 351.575801][T17513] ? aa_sock_msg_perm+0xf1/0x1b0 [ 351.575827][T17513] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 351.575850][T17513] ____sys_sendmsg+0x972/0x9f0 [ 351.575877][T17513] ? __pfx_____sys_sendmsg+0x10/0x10 [ 351.575904][T17513] ? import_iovec+0x73/0xa0 [ 351.575933][T17513] ___sys_sendmsg+0x2a5/0x360 [ 351.575957][T17513] ? __pfx____sys_sendmsg+0x10/0x10 [ 351.576003][T17513] ? __fget_files+0x2a/0x420 [ 351.576026][T17513] ? __fget_files+0x3a0/0x420 [ 351.576057][T17513] __x64_sys_sendmsg+0x1bd/0x2a0 [ 351.576078][T17513] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 351.576106][T17513] ? __pfx_ksys_write+0x10/0x10 [ 351.576138][T17513] do_syscall_64+0x14d/0xf80 [ 351.576156][T17513] ? trace_irq_disable+0x3b/0x150 [ 351.576181][T17513] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.576200][T17513] ? clear_bhb_loop+0x40/0x90 [ 351.576223][T17513] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.576242][T17513] RIP: 0033:0x7f721819c799 [ 351.576260][T17513] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 351.576277][T17513] RSP: 002b:00007f7218ffa028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 351.576298][T17513] RAX: ffffffffffffffda RBX: 00007f7218415fa0 RCX: 00007f721819c799 [ 351.576313][T17513] RDX: 0000000000000000 RSI: 0000200000000d40 RDI: 0000000000000003 [ 351.576325][T17513] RBP: 00007f7218ffa090 R08: 0000000000000000 R09: 0000000000000000 [ 351.576337][T17513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 351.576349][T17513] R13: 00007f7218416038 R14: 00007f7218415fa0 R15: 00007ffd8efaabe8 [ 351.576379][T17513] [ 351.929744][T17522] netlink: 'syz.3.3590': attribute type 1 has an invalid length. [ 352.069543][T17522] bond18 (unregistering): Released all slaves [ 352.352852][T17530] lo speed is unknown, defaulting to 1000 [ 352.432200][T17538] vlan2: entered allmulticast mode [ 352.562086][T17550] tipc: Enabled bearer , priority 0 [ 352.571418][T17550] syzkaller0: entered promiscuous mode [ 352.599998][T17550] syzkaller0: entered allmulticast mode [ 352.701813][T17550] tipc: Resetting bearer [ 352.739775][T17546] tipc: Resetting bearer [ 352.772469][T17574] x_tables: duplicate underflow at hook 1 [ 352.782896][T17546] tipc: Disabling bearer [ 353.070994][T17589] FAULT_INJECTION: forcing a failure. [ 353.070994][T17589] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 353.100424][T17589] CPU: 0 UID: 0 PID: 17589 Comm: syz.0.3611 Not tainted syzkaller #0 PREEMPT(full) [ 353.100453][T17589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 353.100465][T17589] Call Trace: [ 353.100473][T17589] [ 353.100481][T17589] dump_stack_lvl+0xe8/0x150 [ 353.100512][T17589] should_fail_ex+0x412/0x560 [ 353.100541][T17589] _copy_from_iter+0x1d3/0x1670 [ 353.100570][T17589] ? rcu_is_watching+0x15/0xb0 [ 353.100601][T17589] ? __pfx__copy_from_iter+0x10/0x10 [ 353.100633][T17589] ? netlink_sendmsg+0x650/0xb40 [ 353.100657][T17589] ? skb_put+0x11b/0x210 [ 353.100687][T17589] netlink_sendmsg+0x6c0/0xb40 [ 353.100721][T17589] ? __pfx_netlink_sendmsg+0x10/0x10 [ 353.100749][T17589] ? aa_sock_msg_perm+0xf1/0x1b0 [ 353.100774][T17589] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 353.100798][T17589] ____sys_sendmsg+0x972/0x9f0 [ 353.100826][T17589] ? __pfx_____sys_sendmsg+0x10/0x10 [ 353.100853][T17589] ? import_iovec+0x73/0xa0 [ 353.100883][T17589] ___sys_sendmsg+0x2a5/0x360 [ 353.100908][T17589] ? __pfx____sys_sendmsg+0x10/0x10 [ 353.100968][T17589] ? __fget_files+0x2a/0x420 [ 353.100993][T17589] ? __fget_files+0x3a0/0x420 [ 353.101028][T17589] __x64_sys_sendmsg+0x1bd/0x2a0 [ 353.101049][T17589] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 353.101078][T17589] ? __pfx_ksys_write+0x10/0x10 [ 353.101110][T17589] do_syscall_64+0x14d/0xf80 [ 353.101128][T17589] ? trace_irq_disable+0x3b/0x150 [ 353.101153][T17589] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.101172][T17589] ? clear_bhb_loop+0x40/0x90 [ 353.101194][T17589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.101213][T17589] RIP: 0033:0x7f0286d9c799 [ 353.101231][T17589] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 353.101247][T17589] RSP: 002b:00007f0287bb3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 353.101267][T17589] RAX: ffffffffffffffda RBX: 00007f0287015fa0 RCX: 00007f0286d9c799 [ 353.101280][T17589] RDX: 0000000020000110 RSI: 0000200000000180 RDI: 0000000000000003 [ 353.101293][T17589] RBP: 00007f0287bb3090 R08: 0000000000000000 R09: 0000000000000000 [ 353.101306][T17589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 353.101317][T17589] R13: 00007f0287016038 R14: 00007f0287015fa0 R15: 00007fff1bd40268 [ 353.101347][T17589] [ 353.265816][T17599] bond23: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 353.347390][T17599] bond23 (unregistering): Released all slaves [ 353.382345][T17598] lo speed is unknown, defaulting to 1000 [ 353.456962][T17593] __nla_validate_parse: 17 callbacks suppressed [ 353.456984][T17593] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3613'. [ 353.591972][T17611] lo speed is unknown, defaulting to 1000 [ 353.662295][T17614] bridge11: entered promiscuous mode [ 353.676095][T17614] bridge11: entered allmulticast mode [ 353.816034][T17623] FAULT_INJECTION: forcing a failure. [ 353.816034][T17623] name failslab, interval 1, probability 0, space 0, times 0 [ 353.874905][T17623] CPU: 1 UID: 0 PID: 17623 Comm: syz.0.3621 Not tainted syzkaller #0 PREEMPT(full) [ 353.874932][T17623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 353.874943][T17623] Call Trace: [ 353.874951][T17623] [ 353.874959][T17623] dump_stack_lvl+0xe8/0x150 [ 353.874988][T17623] should_fail_ex+0x412/0x560 [ 353.875017][T17623] should_failslab+0xa8/0x100 [ 353.875043][T17623] __kmalloc_cache_noprof+0x88/0x660 [ 353.875066][T17623] ? sctp_add_bind_addr+0x8c/0x370 [ 353.875093][T17623] sctp_add_bind_addr+0x8c/0x370 [ 353.875120][T17623] sctp_copy_local_addr_list+0x314/0x4f0 [ 353.875147][T17623] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 353.875167][T17623] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 353.875189][T17623] ? sctp_v6_is_any+0x64/0x80 [ 353.875212][T17623] ? sctp_copy_one_addr+0x93/0x360 [ 353.875235][T17623] sctp_bind_addr_copy+0xb3/0x3c0 [ 353.875256][T17623] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 353.875278][T17623] sctp_connect_new_asoc+0x2ff/0x6b0 [ 353.875305][T17623] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 353.875336][T17623] ? __local_bh_enable_ip+0xd0/0x130 [ 353.875356][T17623] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 353.875378][T17623] ? security_sctp_bind_connect+0x7e/0x2c0 [ 353.875401][T17623] sctp_sendmsg+0x1528/0x2c10 [ 353.875440][T17623] ? __pfx_sctp_sendmsg+0x10/0x10 [ 353.875466][T17623] ? aa_sk_perm+0x6d5/0x900 [ 353.875502][T17623] ? __pfx_aa_sk_perm+0x10/0x10 [ 353.875524][T17623] ? sock_rps_record_flow+0x19/0x350 [ 353.875543][T17623] ? inet_sendmsg+0x2f4/0x370 [ 353.875563][T17623] ____sys_sendmsg+0x80a/0x9f0 [ 353.875589][T17623] ? __pfx_____sys_sendmsg+0x10/0x10 [ 353.875616][T17623] ? import_iovec+0x73/0xa0 [ 353.875645][T17623] ___sys_sendmsg+0x2a5/0x360 [ 353.875668][T17623] ? __pfx____sys_sendmsg+0x10/0x10 [ 353.875719][T17623] ? __fget_files+0x2a/0x420 [ 353.875742][T17623] ? __fget_files+0x3a0/0x420 [ 353.875774][T17623] __x64_sys_sendmsg+0x1bd/0x2a0 [ 353.875793][T17623] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 353.875821][T17623] ? __pfx_ksys_write+0x10/0x10 [ 353.875850][T17623] do_syscall_64+0x14d/0xf80 [ 353.875867][T17623] ? trace_irq_disable+0x3b/0x150 [ 353.875891][T17623] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.875908][T17623] ? clear_bhb_loop+0x40/0x90 [ 353.875932][T17623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.875946][T17623] RIP: 0033:0x7f0286d9c799 [ 353.875964][T17623] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 353.875979][T17623] RSP: 002b:00007f0287bb3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 353.875998][T17623] RAX: ffffffffffffffda RBX: 00007f0287015fa0 RCX: 00007f0286d9c799 [ 353.876012][T17623] RDX: 0000000028008841 RSI: 0000200000001640 RDI: 0000000000000003 [ 353.876024][T17623] RBP: 00007f0287bb3090 R08: 0000000000000000 R09: 0000000000000000 [ 353.876036][T17623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 353.876046][T17623] R13: 00007f0287016038 R14: 00007f0287015fa0 R15: 00007fff1bd40268 [ 353.876075][T17623] [ 354.216731][ T24] net_ratelimit: 32 callbacks suppressed [ 354.216752][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 354.261363][T17639] netlink: 'syz.3.3627': attribute type 1 has an invalid length. [ 354.274936][T16467] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 354.283903][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 354.344071][T17639] 8021q: adding VLAN 0 to HW filter on device bond18 [ 354.379881][T17651] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3629'. [ 354.426124][T17651] macvtap0: entered promiscuous mode [ 354.462784][T17651] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3629'. [ 354.476346][T17651] veth0_macvtap: left promiscuous mode [ 354.513226][T17656] netlink: 'syz.1.3632': attribute type 1 has an invalid length. [ 354.545884][T17651] macvtap0 (unregistering): left promiscuous mode [ 354.565045][T17658] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 354.577562][T17658] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 354.586399][T17658] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 354.595054][T17658] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 354.603832][T17658] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 354.797747][T17663] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 354.814759][T17663] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.896157][T17669] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 354.953296][T17663] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 354.963378][T17663] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.095682][T17677] lo speed is unknown, defaulting to 1000 [ 355.254566][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 355.257559][T17663] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 355.272754][T17663] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.315082][T17683] FAULT_INJECTION: forcing a failure. [ 355.315082][T17683] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 355.328351][T17683] CPU: 0 UID: 0 PID: 17683 Comm: syz.2.3641 Not tainted syzkaller #0 PREEMPT(full) [ 355.328379][T17683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 355.328398][T17683] Call Trace: [ 355.328408][T17683] [ 355.328417][T17683] dump_stack_lvl+0xe8/0x150 [ 355.328447][T17683] should_fail_ex+0x412/0x560 [ 355.328475][T17683] _copy_to_user+0x31/0xb0 [ 355.328495][T17683] simple_read_from_buffer+0xe1/0x170 [ 355.328525][T17683] proc_fail_nth_read+0x1bb/0x230 [ 355.328553][T17683] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 355.328582][T17683] ? rw_verify_area+0x2a6/0x4d0 [ 355.328600][T17683] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 355.328626][T17683] vfs_read+0x20c/0xa70 [ 355.328643][T17683] ? fdget_pos+0x246/0x320 [ 355.328671][T17683] ? __pfx___mutex_lock+0x10/0x10 [ 355.328691][T17683] ? __pfx_vfs_read+0x10/0x10 [ 355.328711][T17683] ? __fget_files+0x2a/0x420 [ 355.328739][T17683] ? __fget_files+0x3a0/0x420 [ 355.328762][T17683] ? __fget_files+0x2a/0x420 [ 355.328795][T17683] ksys_read+0x150/0x270 [ 355.328817][T17683] ? __pfx_ksys_read+0x10/0x10 [ 355.328847][T17683] do_syscall_64+0x14d/0xf80 [ 355.328864][T17683] ? trace_irq_disable+0x3b/0x150 [ 355.328889][T17683] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.328907][T17683] ? clear_bhb_loop+0x40/0x90 [ 355.328929][T17683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.328947][T17683] RIP: 0033:0x7f721815cfce [ 355.328965][T17683] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 355.328980][T17683] RSP: 002b:00007f7218ff9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 355.329001][T17683] RAX: ffffffffffffffda RBX: 00007f7218ffa6c0 RCX: 00007f721815cfce [ 355.329015][T17683] RDX: 000000000000000f RSI: 00007f7218ffa0a0 RDI: 0000000000000004 [ 355.329027][T17683] RBP: 00007f7218ffa090 R08: 0000000000000000 R09: 0000000000000000 [ 355.329043][T17683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 355.329054][T17683] R13: 00007f7218416038 R14: 00007f7218415fa0 R15: 00007ffd8efaabe8 [ 355.329084][T17683] [ 355.557079][T17663] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 355.584566][T17663] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.964369][T16479] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 356.010596][T16479] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.059476][T16479] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 356.068201][T16479] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.103198][T16479] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 356.111918][T16479] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.134842][T17701] lo speed is unknown, defaulting to 1000 [ 356.211434][T16479] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 356.232181][T16479] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.273658][T17716] netlink: 'syz.2.3652': attribute type 1 has an invalid length. [ 356.334692][T17716] 8021q: adding VLAN 0 to HW filter on device bond17 [ 356.385856][T17724] FAULT_INJECTION: forcing a failure. [ 356.385856][T17724] name failslab, interval 1, probability 0, space 0, times 0 [ 356.399409][T17724] CPU: 0 UID: 0 PID: 17724 Comm: syz.3.3654 Not tainted syzkaller #0 PREEMPT(full) [ 356.399434][T17724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 356.399444][T17724] Call Trace: [ 356.399451][T17724] [ 356.399459][T17724] dump_stack_lvl+0xe8/0x150 [ 356.399484][T17724] should_fail_ex+0x412/0x560 [ 356.399511][T17724] should_failslab+0xa8/0x100 [ 356.399533][T17724] ? __kernfs_new_node+0xe9/0x8e0 [ 356.399557][T17724] kmem_cache_alloc_noprof+0x87/0x650 [ 356.399581][T17724] __kernfs_new_node+0xe9/0x8e0 [ 356.399608][T17724] ? __pfx___kernfs_new_node+0x10/0x10 [ 356.399633][T17724] ? kernfs_root+0x1c/0x230 [ 356.399657][T17724] ? kernfs_root+0x1c/0x230 [ 356.399678][T17724] ? kernfs_root+0x1c/0x230 [ 356.399698][T17724] ? kernfs_root+0x1c/0x230 [ 356.399723][T17724] kernfs_new_node+0x102/0x210 [ 356.399752][T17724] __kernfs_create_file+0x4b/0x2e0 [ 356.399775][T17724] sysfs_add_file_mode_ns+0x238/0x300 [ 356.399805][T17724] internal_create_group+0x673/0x1180 [ 356.399846][T17724] ? __pfx_internal_create_group+0x10/0x10 [ 356.399869][T17724] ? kernfs_add_one+0x477/0x5c0 [ 356.399899][T17724] ? up_write+0x1ab/0x410 [ 356.399921][T17724] sysfs_create_groups+0x59/0x120 [ 356.399949][T17724] device_add_attrs+0x1bf/0x5b0 [ 356.399967][T17724] ? kernfs_put+0x40e/0x470 [ 356.399994][T17724] ? __pfx_device_add_attrs+0x10/0x10 [ 356.400011][T17724] ? kobject_put+0x516/0x560 [ 356.400038][T17724] ? device_add_class_symlinks+0x21f/0x240 [ 356.400061][T17724] device_add+0x496/0xb70 [ 356.400080][T17724] ? device_initialize+0x24b/0x440 [ 356.400101][T17724] wakeup_source_sysfs_add+0x1d3/0x2c0 [ 356.400127][T17724] wakeup_source_register+0x18a/0x380 [ 356.400159][T17724] ? ep_insert+0xba7/0x1a40 [ 356.400184][T17724] ep_insert+0xf34/0x1a40 [ 356.400226][T17724] ? __pfx_ep_insert+0x10/0x10 [ 356.400264][T17724] ? ep_loop_check+0x50/0x1b0 [ 356.400298][T17724] do_epoll_ctl+0x7f4/0xe80 [ 356.400331][T17724] __x64_sys_epoll_ctl+0x165/0x1b0 [ 356.400359][T17724] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 356.400388][T17724] do_syscall_64+0x14d/0xf80 [ 356.400401][T17724] ? trace_irq_disable+0x3b/0x150 [ 356.400420][T17724] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.400434][T17724] ? clear_bhb_loop+0x40/0x90 [ 356.400451][T17724] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.400465][T17724] RIP: 0033:0x7f71eb39c799 [ 356.400480][T17724] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 356.400493][T17724] RSP: 002b:00007f71ec1c2028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 356.400509][T17724] RAX: ffffffffffffffda RBX: 00007f71eb616090 RCX: 00007f71eb39c799 [ 356.400519][T17724] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000006 [ 356.400528][T17724] RBP: 00007f71ec1c2090 R08: 0000000000000000 R09: 0000000000000000 [ 356.400537][T17724] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000002 [ 356.400545][T17724] R13: 00007f71eb616128 R14: 00007f71eb616090 R15: 00007fff399eab28 [ 356.400568][T17724] [ 356.726772][T17716] bond17: (slave veth5): Enslaving as an active interface with a down link [ 356.770573][T17727] FAULT_INJECTION: forcing a failure. [ 356.770573][T17727] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 356.791107][T17727] CPU: 1 UID: 0 PID: 17727 Comm: syz.1.3656 Not tainted syzkaller #0 PREEMPT(full) [ 356.791133][T17727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 356.791142][T17727] Call Trace: [ 356.791149][T17727] [ 356.791157][T17727] dump_stack_lvl+0xe8/0x150 [ 356.791189][T17727] should_fail_ex+0x412/0x560 [ 356.791222][T17727] _copy_from_iter+0x1d3/0x1670 [ 356.791249][T17727] ? rcu_is_watching+0x15/0xb0 [ 356.791279][T17727] ? __pfx__copy_from_iter+0x10/0x10 [ 356.791310][T17727] ? netlink_sendmsg+0x650/0xb40 [ 356.791332][T17727] ? skb_put+0x11b/0x210 [ 356.791361][T17727] netlink_sendmsg+0x6c0/0xb40 [ 356.791397][T17727] ? __pfx_netlink_sendmsg+0x10/0x10 [ 356.791427][T17727] ? aa_sock_msg_perm+0xf1/0x1b0 [ 356.791451][T17727] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 356.791475][T17727] ____sys_sendmsg+0x972/0x9f0 [ 356.791503][T17727] ? __pfx_____sys_sendmsg+0x10/0x10 [ 356.791530][T17727] ? import_iovec+0x73/0xa0 [ 356.791562][T17727] ___sys_sendmsg+0x2a5/0x360 [ 356.791586][T17727] ? __pfx____sys_sendmsg+0x10/0x10 [ 356.791644][T17727] ? __fget_files+0x2a/0x420 [ 356.791668][T17727] ? __fget_files+0x3a0/0x420 [ 356.791702][T17727] __x64_sys_sendmsg+0x1bd/0x2a0 [ 356.791724][T17727] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 356.791749][T17727] ? __pfx_ksys_write+0x10/0x10 [ 356.791778][T17727] do_syscall_64+0x14d/0xf80 [ 356.791794][T17727] ? trace_irq_disable+0x3b/0x150 [ 356.791819][T17727] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.791838][T17727] ? clear_bhb_loop+0x40/0x90 [ 356.791858][T17727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.791874][T17727] RIP: 0033:0x7f58cc99c799 [ 356.791891][T17727] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 356.791906][T17727] RSP: 002b:00007f58cd8a6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 356.791924][T17727] RAX: ffffffffffffffda RBX: 00007f58ccc15fa0 RCX: 00007f58cc99c799 [ 356.791936][T17727] RDX: 0000000020040000 RSI: 0000200000000100 RDI: 0000000000000003 [ 356.791949][T17727] RBP: 00007f58cd8a6090 R08: 0000000000000000 R09: 0000000000000000 [ 356.791960][T17727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 356.791970][T17727] R13: 00007f58ccc16038 R14: 00007f58ccc15fa0 R15: 00007ffdc25e3238 [ 356.791997][T17727] [ 357.089421][T17729] bond0: (slave gre0): Error: Device type is different from other slaves [ 357.165008][T17730] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 357.172138][T17730] bond17: (slave batadv0): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 357.280453][T17732] lo speed is unknown, defaulting to 1000 [ 357.575472][T17751] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3664'. [ 357.663176][T17753] lo speed is unknown, defaulting to 1000 [ 358.115409][ T2308] block nbd2: Possible stuck request ffff888026728000: control (read@0,1024B). Runtime 240 seconds [ 358.126743][ T2308] block nbd2: Possible stuck request ffff888026728200: control (read@1024,1024B). Runtime 240 seconds [ 358.138308][ T2308] block nbd2: Possible stuck request ffff888026728400: control (read@2048,1024B). Runtime 240 seconds [ 358.149687][ T2308] block nbd2: Possible stuck request ffff888026728600: control (read@3072,1024B). Runtime 240 seconds [ 358.268599][T17787] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3674'. [ 358.289387][T17787] netlink: 'syz.2.3674': attribute type 1 has an invalid length. [ 358.523780][T17787] bond18 (unregistering): Released all slaves [ 359.121324][T17814] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3682'. [ 359.183864][T17816] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 359.273325][T17834] net_ratelimit: 24 callbacks suppressed [ 359.273345][T17834] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 359.306320][T17829] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 02:04:00:bf:05:00 [ 359.367778][T17829] netlink: 'syz.0.3686': attribute type 10 has an invalid length. [ 359.368434][ T6676] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 02:04:00:bf:05:00 [ 359.398409][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 359.423405][T17829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 359.432517][T17829] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 359.541783][T17847] netlink: 'syz.0.3693': attribute type 11 has an invalid length. [ 359.550183][T17847] netlink: 140 bytes leftover after parsing attributes in process `syz.0.3693'. [ 359.760104][T17858] FAULT_INJECTION: forcing a failure. [ 359.760104][T17858] name failslab, interval 1, probability 0, space 0, times 0 [ 359.775767][T17858] CPU: 1 UID: 0 PID: 17858 Comm: syz.3.3698 Not tainted syzkaller #0 PREEMPT(full) [ 359.775795][T17858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 359.775807][T17858] Call Trace: [ 359.775815][T17858] [ 359.775823][T17858] dump_stack_lvl+0xe8/0x150 [ 359.775854][T17858] should_fail_ex+0x412/0x560 [ 359.775883][T17858] should_failslab+0xa8/0x100 [ 359.775908][T17858] __kmalloc_cache_noprof+0x88/0x660 [ 359.775927][T17858] ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0 [ 359.775948][T17858] ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0 [ 359.775968][T17858] ? genl_start+0x1c9/0x6c0 [ 359.775992][T17858] genl_start+0x1c9/0x6c0 [ 359.776009][T17858] ? netlink_lookup+0x30/0x200 [ 359.776038][T17858] __netlink_dump_start+0x469/0x7e0 [ 359.776079][T17858] genl_family_rcv_msg_dumpit+0x213/0x310 [ 359.776103][T17858] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 359.776122][T17858] ? genl_get_cmd+0x6cb/0x960 [ 359.776146][T17858] ? __pfx_genl_start+0x10/0x10 [ 359.776163][T17858] ? __pfx_genl_dumpit+0x10/0x10 [ 359.776180][T17858] ? __pfx_genl_done+0x10/0x10 [ 359.776211][T17858] genl_rcv_msg+0x5e8/0x7a0 [ 359.776238][T17858] ? __pfx_genl_rcv_msg+0x10/0x10 [ 359.776255][T17858] ? __pfx_ethnl_default_start+0x10/0x10 [ 359.776280][T17858] ? __pfx_ethnl_default_dumpit+0x10/0x10 [ 359.776304][T17858] ? __pfx_ethnl_default_done+0x10/0x10 [ 359.776329][T17858] ? __lock_acquire+0x6b5/0x2cf0 [ 359.776363][T17858] netlink_rcv_skb+0x232/0x4b0 [ 359.776389][T17858] ? __pfx_genl_rcv_msg+0x10/0x10 [ 359.776410][T17858] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 359.776450][T17858] ? down_read+0x272/0x2e0 [ 359.776465][T17858] ? genl_rcv+0xd/0x40 [ 359.776481][T17858] genl_rcv+0x28/0x40 [ 359.776493][T17858] netlink_unicast+0x80f/0x9b0 [ 359.776515][T17858] ? __pfx_netlink_unicast+0x10/0x10 [ 359.776534][T17858] ? netlink_sendmsg+0x650/0xb40 [ 359.776556][T17858] ? skb_put+0x11b/0x210 [ 359.776585][T17858] netlink_sendmsg+0x813/0xb40 [ 359.776613][T17858] ? __pfx_netlink_sendmsg+0x10/0x10 [ 359.776641][T17858] ? aa_sock_msg_perm+0xf1/0x1b0 [ 359.776666][T17858] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 359.776690][T17858] ____sys_sendmsg+0x972/0x9f0 [ 359.776717][T17858] ? __pfx_____sys_sendmsg+0x10/0x10 [ 359.776745][T17858] ? import_iovec+0x73/0xa0 [ 359.776774][T17858] ___sys_sendmsg+0x2a5/0x360 [ 359.776799][T17858] ? __pfx____sys_sendmsg+0x10/0x10 [ 359.776850][T17858] ? __fget_files+0x2a/0x420 [ 359.776874][T17858] ? __fget_files+0x3a0/0x420 [ 359.776906][T17858] __x64_sys_sendmsg+0x1bd/0x2a0 [ 359.776924][T17858] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 359.776949][T17858] ? __pfx_ksys_write+0x10/0x10 [ 359.776978][T17858] do_syscall_64+0x14d/0xf80 [ 359.776995][T17858] ? trace_irq_disable+0x3b/0x150 [ 359.777019][T17858] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.777036][T17858] ? clear_bhb_loop+0x40/0x90 [ 359.777064][T17858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.777081][T17858] RIP: 0033:0x7f71eb39c799 [ 359.777100][T17858] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 359.777115][T17858] RSP: 002b:00007f71ec1e3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 359.777135][T17858] RAX: ffffffffffffffda RBX: 00007f71eb615fa0 RCX: 00007f71eb39c799 [ 359.777148][T17858] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 359.777159][T17858] RBP: 00007f71ec1e3090 R08: 0000000000000000 R09: 0000000000000000 [ 359.777170][T17858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 359.777180][T17858] R13: 00007f71eb616038 R14: 00007f71eb615fa0 R15: 00007fff399eab28 [ 359.777209][T17858] [ 360.204635][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 360.213636][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 360.444659][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 360.560517][T17882] lo speed is unknown, defaulting to 1000 [ 360.741133][T17893] netlink: 11 bytes leftover after parsing attributes in process `syz.2.3708'. [ 360.765866][T17894] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3706'. [ 360.820599][T17898] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 360.829851][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 361.049020][T17909] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 361.133325][T17914] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3715'. [ 361.187123][T17914] netlink: 'syz.0.3715': attribute type 1 has an invalid length. [ 361.222625][T17920] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3718'. [ 361.241297][T17914] bond26 (unregistering): Released all slaves [ 361.282414][T17918] veth1: entered promiscuous mode [ 361.294457][T17918] veth1: entered allmulticast mode [ 361.317024][T17927] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3718'. [ 361.335479][T17926] FAULT_INJECTION: forcing a failure. [ 361.335479][T17926] name failslab, interval 1, probability 0, space 0, times 0 [ 361.350313][T17926] CPU: 0 UID: 0 PID: 17926 Comm: syz.4.3719 Not tainted syzkaller #0 PREEMPT(full) [ 361.350339][T17926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 361.350350][T17926] Call Trace: [ 361.350358][T17926] [ 361.350365][T17926] dump_stack_lvl+0xe8/0x150 [ 361.350393][T17926] should_fail_ex+0x412/0x560 [ 361.350419][T17926] should_failslab+0xa8/0x100 [ 361.350442][T17926] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 361.350462][T17926] ? __alloc_skb+0x1d0/0x7d0 [ 361.350484][T17926] ? __local_bh_enable_ip+0xd0/0x130 [ 361.350509][T17926] __alloc_skb+0x1d0/0x7d0 [ 361.350538][T17926] rtmsg_ifinfo_build_skb+0x84/0x260 [ 361.350566][T17926] rtmsg_ifinfo+0x8c/0x1a0 [ 361.350590][T17926] __dev_notify_flags+0xf2/0x310 [ 361.350618][T17926] ? __pfx___dev_notify_flags+0x10/0x10 [ 361.350642][T17926] ? dev_set_allmulti+0x202/0x260 [ 361.350665][T17926] ? dev_set_promiscuity+0x10e/0x260 [ 361.350686][T17926] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 361.350712][T17926] __dev_set_promiscuity+0x27f/0x710 [ 361.350736][T17926] ? mutex_is_locked+0x17/0x50 [ 361.350759][T17926] ? rtnl_is_locked+0x15/0x20 [ 361.350777][T17926] netif_set_promiscuity+0x50/0xe0 [ 361.350811][T17926] dev_set_promiscuity+0x126/0x260 [ 361.350841][T17926] del_nbp+0x12c/0xa60 [ 361.350869][T17926] br_del_if+0x143/0x1e0 [ 361.350889][T17926] do_set_master+0x312/0x6d0 [ 361.350919][T17926] do_setlink+0x1018/0x4590 [ 361.350946][T17926] ? trace_sched_exit_tp+0x3a/0x150 [ 361.350975][T17926] ? __pfx_do_setlink+0x10/0x10 [ 361.350999][T17926] ? __lock_acquire+0x6b5/0x2cf0 [ 361.351036][T17926] ? do_raw_spin_lock+0x12b/0x2f0 [ 361.351059][T17926] ? do_raw_spin_lock+0x12b/0x2f0 [ 361.351089][T17926] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 361.351116][T17926] ? lockdep_hardirqs_on+0x7a/0x110 [ 361.351135][T17926] ? __mutex_lock+0xd09/0x1300 [ 361.351158][T17926] ? __mutex_lock+0x5ac/0x1300 [ 361.351180][T17926] ? rtnl_newlink+0x8a1/0x1be0 [ 361.351209][T17926] ? __pfx___mutex_lock+0x10/0x10 [ 361.351236][T17926] ? ns_capable+0x89/0xe0 [ 361.351266][T17926] rtnl_newlink+0x147a/0x1be0 [ 361.351301][T17926] ? __pfx_rtnl_newlink+0x10/0x10 [ 361.351337][T17926] ? __lock_acquire+0x6b5/0x2cf0 [ 361.351365][T17926] ? __lock_acquire+0x6b5/0x2cf0 [ 361.351388][T17926] ? __lock_acquire+0x6b5/0x2cf0 [ 361.351412][T17926] ? __update_page_owner_handle+0x5a/0x570 [ 361.351435][T17926] ? unwind_next_frame+0xa5/0x23c0 [ 361.351480][T17926] ? __lock_acquire+0x6b5/0x2cf0 [ 361.351504][T17926] ? is_bpf_text_address+0x26/0x2b0 [ 361.351526][T17926] ? kernel_text_address+0xa5/0xe0 [ 361.351572][T17926] ? __pfx_rtnl_newlink+0x10/0x10 [ 361.351596][T17926] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 361.351624][T17926] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 361.351647][T17926] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 361.351675][T17926] ? __lock_acquire+0x6b5/0x2cf0 [ 361.351707][T17926] netlink_rcv_skb+0x232/0x4b0 [ 361.351731][T17926] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 361.351755][T17926] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 361.351788][T17926] ? netlink_deliver_tap+0x2e/0x1b0 [ 361.351825][T17926] netlink_unicast+0x80f/0x9b0 [ 361.351853][T17926] ? __pfx_netlink_unicast+0x10/0x10 [ 361.351876][T17926] ? netlink_sendmsg+0x650/0xb40 [ 361.351896][T17926] ? skb_put+0x11b/0x210 [ 361.351923][T17926] netlink_sendmsg+0x813/0xb40 [ 361.351954][T17926] ? __pfx_netlink_sendmsg+0x10/0x10 [ 361.351980][T17926] ? aa_sock_msg_perm+0xf1/0x1b0 [ 361.352003][T17926] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 361.352026][T17926] ____sys_sendmsg+0x972/0x9f0 [ 361.352052][T17926] ? __pfx_____sys_sendmsg+0x10/0x10 [ 361.352078][T17926] ? import_iovec+0x73/0xa0 [ 361.352105][T17926] ___sys_sendmsg+0x2a5/0x360 [ 361.352128][T17926] ? __pfx____sys_sendmsg+0x10/0x10 [ 361.352177][T17926] ? __fget_files+0x2a/0x420 [ 361.352199][T17926] ? __fget_files+0x3a0/0x420 [ 361.352231][T17926] __x64_sys_sendmsg+0x1bd/0x2a0 [ 361.352251][T17926] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 361.352277][T17926] ? __pfx_ksys_write+0x10/0x10 [ 361.352306][T17926] do_syscall_64+0x14d/0xf80 [ 361.352322][T17926] ? trace_irq_disable+0x3b/0x150 [ 361.352344][T17926] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.352362][T17926] ? clear_bhb_loop+0x40/0x90 [ 361.352383][T17926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.352399][T17926] RIP: 0033:0x7f420599c799 [ 361.352417][T17926] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 361.352432][T17926] RSP: 002b:00007f42067ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 361.352450][T17926] RAX: ffffffffffffffda RBX: 00007f4205c15fa0 RCX: 00007f420599c799 [ 361.352462][T17926] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 361.352473][T17926] RBP: 00007f42067ee090 R08: 0000000000000000 R09: 0000000000000000 [ 361.352484][T17926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 361.352494][T17926] R13: 00007f4205c16038 R14: 00007f4205c15fa0 R15: 00007ffda30f24b8 [ 361.352522][T17926] [ 361.414966][T17926] bridge0: port 3(dummy0) entered disabled state [ 361.864011][T17926] bridge_slave_0: left allmulticast mode [ 361.879437][T17926] bridge_slave_0: left promiscuous mode [ 361.887245][T17926] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.898448][T17926] bridge_slave_1: left allmulticast mode [ 361.904141][T17926] bridge_slave_1: left promiscuous mode [ 361.914897][T17926] bridge0: port 2(bridge_slave_1) entered disabled state [ 361.924713][T17926] bond0: (slave bond_slave_0): Releasing backup interface [ 361.933422][T17926] bond0: (slave bond_slave_1): Releasing backup interface [ 361.942519][T17926] team0: Port device team_slave_0 removed [ 361.949728][T17926] team0: Port device team_slave_1 removed [ 361.957147][T17926] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 361.968815][T17926] team0: Port device geneve0 removed [ 361.985482][T17926] netdevsim netdevsim4 netdevsim0: left allmulticast mode [ 361.992649][T17926] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 361.999991][T17926] bridge0: port 4(netdevsim0) entered disabled state [ 362.015274][T17926] bond7: (slave bridge7): Releasing backup interface [ 362.022017][T17926] bond7: (slave bridge7): the permanent HWaddr of slave - 0e:fb:0b:ef:8f:c0 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 362.044147][T17926] bond7: (slave bridge8): Releasing backup interface [ 362.053948][T17926] bond21: (slave gretap1): Releasing active interface [ 362.062843][T17926] gretap1: left allmulticast mode [ 362.071173][T17926] bond22: (slave ip6gretap0): Releasing backup interface [ 362.125010][T17930] lo speed is unknown, defaulting to 1000 [ 362.146747][T17942] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3723'. [ 362.205167][T17942] 8021q: adding VLAN 0 to HW filter on device bond26 [ 362.299513][T17946] tipc: Enabled bearer , priority 0 [ 362.315646][T17946] mac80211_hwsim hwsim14 syzkaller0: entered promiscuous mode [ 362.326222][T17954] netlink: 'syz.1.3727': attribute type 3 has an invalid length. [ 362.334252][T17946] mac80211_hwsim hwsim14 syzkaller0: entered allmulticast mode [ 362.550201][T17969] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3731'. [ 362.585786][T17969] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3731'. [ 362.807572][T17978] netlink: 'syz.0.3734': attribute type 1 has an invalid length. [ 362.945259][T17982] lo speed is unknown, defaulting to 1000 [ 363.096436][T17994] syzkaller1: entered promiscuous mode [ 363.102002][T17994] syzkaller1: entered allmulticast mode [ 363.439764][T18006] syzkaller1: entered promiscuous mode [ 363.460056][T18006] syzkaller1: entered allmulticast mode [ 363.687635][T18032] netlink: 'syz.1.3748': attribute type 22 has an invalid length. [ 363.720973][T18032] netlink: 'syz.1.3748': attribute type 22 has an invalid length. [ 363.954967][T18048] FAULT_INJECTION: forcing a failure. [ 363.954967][T18048] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 363.968253][T18048] CPU: 0 UID: 0 PID: 18048 Comm: syz.0.3754 Not tainted syzkaller #0 PREEMPT(full) [ 363.968278][T18048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 363.968323][T18048] Call Trace: [ 363.968403][T18048] [ 363.968443][T18048] dump_stack_lvl+0xe8/0x150 [ 363.968587][T18048] should_fail_ex+0x412/0x560 [ 363.968700][T18048] _copy_from_user+0x2d/0xb0 [ 363.968787][T18048] ___sys_sendmsg+0x1c6/0x360 [ 363.968878][T18048] ? __pfx____sys_sendmsg+0x10/0x10 [ 363.968936][T18048] ? __fget_files+0x2a/0x420 [ 363.968988][T18048] ? __fget_files+0x3a0/0x420 [ 363.969023][T18048] __x64_sys_sendmsg+0x1bd/0x2a0 [ 363.969044][T18048] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 363.969071][T18048] ? __pfx_ksys_write+0x10/0x10 [ 363.969111][T18048] do_syscall_64+0x14d/0xf80 [ 363.969187][T18048] ? trace_irq_disable+0x3b/0x150 [ 363.969229][T18048] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 363.969266][T18048] ? clear_bhb_loop+0x40/0x90 [ 363.969288][T18048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 363.969328][T18048] RIP: 0033:0x7f0286d9c799 [ 363.969375][T18048] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 363.969390][T18048] RSP: 002b:00007f0287b92028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 363.969417][T18048] RAX: ffffffffffffffda RBX: 00007f0287016090 RCX: 00007f0286d9c799 [ 363.969430][T18048] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 000000000000000b [ 363.969443][T18048] RBP: 00007f0287b92090 R08: 0000000000000000 R09: 0000000000000000 [ 363.969455][T18048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 363.969466][T18048] R13: 00007f0287016128 R14: 00007f0287016090 R15: 00007fff1bd40268 [ 363.969496][T18048] [ 364.371204][ T5823] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 364.381892][ T5823] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 364.390340][ T5823] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 364.399070][ T5823] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 364.407082][ T5823] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 364.445938][ T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 364.457953][ T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 364.465683][ T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 364.481328][ T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 364.490457][ T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 364.650508][T18056] lo speed is unknown, defaulting to 1000 [ 364.804511][T18066] lo speed is unknown, defaulting to 1000 [ 364.894885][T18073] netlink: 'syz.0.3760': attribute type 1 has an invalid length. [ 364.920672][T18074] __nla_validate_parse: 8 callbacks suppressed [ 364.920762][T18074] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3760'. [ 364.957137][T18073] net_ratelimit: 6 callbacks suppressed [ 364.957213][T18073] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 364.965980][T18063] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3759'. [ 364.995937][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 365.173072][T18078] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 365.176500][T18080] lo speed is unknown, defaulting to 1000 [ 365.317333][T16474] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 365.326278][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 365.393108][T18056] chnl_net:caif_netlink_parms(): no params data found [ 365.696230][T18056] bridge0: port 1(bridge_slave_0) entered blocking state [ 365.703605][T18056] bridge0: port 1(bridge_slave_0) entered disabled state [ 365.711348][T18056] bridge_slave_0: entered allmulticast mode [ 365.720907][T18056] bridge_slave_0: entered promiscuous mode [ 365.730275][T18056] bridge0: port 2(bridge_slave_1) entered blocking state [ 365.738410][T18056] bridge0: port 2(bridge_slave_1) entered disabled state [ 365.745980][T18056] bridge_slave_1: entered allmulticast mode [ 365.753975][T18056] bridge_slave_1: entered promiscuous mode [ 365.796935][T18056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 365.809816][T18056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 365.857174][T18111] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3769'. [ 365.862469][T18056] team0: Port device team_slave_0 added [ 365.872843][T18111] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3769'. [ 365.894536][T18111] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3769'. [ 365.903628][T18111] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3769'. [ 365.932296][T18056] team0: Port device team_slave_1 added [ 365.953872][T18111] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3769'. [ 365.969273][T18111] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3769'. [ 365.978680][T18111] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3769'. [ 366.037780][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 366.079954][T18116] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3770'. [ 366.111543][T18056] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 366.119502][T18056] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 366.146033][T18056] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 366.178763][T18056] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 366.188458][T18056] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 366.216460][T18056] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 366.282158][T18056] hsr_slave_0: entered promiscuous mode [ 366.288578][T18056] hsr_slave_1: entered promiscuous mode [ 366.295067][T18056] debugfs: 'hsr0' already exists in 'hsr' [ 366.300809][T18056] Cannot create hsr debugfs directory [ 366.404977][T18056] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 366.462239][T18056] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 366.596449][ T5823] Bluetooth: hci5: command tx timeout [ 367.079567][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 367.735496][ T5934] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 367.743926][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 367.782286][T18056] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 367.878352][T18056] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 367.976227][T18056] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 367.989991][T18056] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 368.000717][T18056] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 368.010426][T18056] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 368.072450][T18056] 8021q: adding VLAN 0 to HW filter on device bond0 [ 368.089478][T18056] 8021q: adding VLAN 0 to HW filter on device team0 [ 368.100818][T16475] bridge0: port 1(bridge_slave_0) entered blocking state [ 368.108017][T16475] bridge0: port 1(bridge_slave_0) entered forwarding state [ 368.116668][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 368.131188][T16470] bridge0: port 2(bridge_slave_1) entered blocking state [ 368.138467][T16470] bridge0: port 2(bridge_slave_1) entered forwarding state [ 368.285304][T18056] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 368.450618][T18056] veth0_vlan: entered promiscuous mode [ 368.461057][T18056] veth1_vlan: entered promiscuous mode [ 368.488315][T18056] veth0_macvtap: entered promiscuous mode [ 368.497939][T18056] veth1_macvtap: entered promiscuous mode [ 368.513637][T18056] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 368.528591][T18056] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 368.542375][T16479] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.552469][T16479] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.561753][T16479] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.572333][T16479] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.631745][T16475] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 368.646023][T16475] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 368.670748][T16474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 368.679479][ T5823] Bluetooth: hci5: command tx timeout [ 368.687307][T16474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 370.196813][ T9855] net_ratelimit: 3 callbacks suppressed [ 370.196834][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 370.754623][ T5823] Bluetooth: hci5: command tx timeout [ 370.915282][T16479] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 370.923923][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 371.235532][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 371.774595][ T5196] udevd[5196]: worker [5824] /devices/virtual/block/nbd2 timeout; kill it [ 371.783445][ T5196] udevd[5196]: seq 13338 '/devices/virtual/block/nbd2' killed [ 372.275126][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 372.834940][ T5823] Bluetooth: hci5: command tx timeout [ 373.315548][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 373.475702][T16479] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 373.484935][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 373.957770][ T5934] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 373.966477][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 375.395636][ T9855] net_ratelimit: 1 callbacks suppressed [ 375.395659][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 376.035275][T16475] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 376.044202][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 376.435625][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 377.475418][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 378.515522][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 378.598302][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.074765][ T6676] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 379.083367][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 379.235234][T16475] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 379.243517][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 380.595381][T15963] net_ratelimit: 1 callbacks suppressed [ 380.595398][T15963] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 380.909152][T18140] __nla_validate_parse: 4 callbacks suppressed [ 380.909174][T18140] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3774'. [ 380.919408][T18144] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 380.955426][T18144] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 380.984831][T18144] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 381.083677][T18152] lo speed is unknown, defaulting to 1000 [ 381.147989][T18144] lo speed is unknown, defaulting to 1000 [ 381.202789][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 381.213506][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 381.222605][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 381.231135][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 381.239851][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 381.598224][T18156] lo speed is unknown, defaulting to 1000 [ 381.635429][T15963] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 381.684970][T18153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 381.692787][T18163] lo speed is unknown, defaulting to 1000 [ 381.716091][T18153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 381.801632][T16475] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 381.810763][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 381.854287][T18174] bond1: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 381.854902][T18142] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 381.876183][T18174] bond1 (unregistering): Released all slaves [ 382.074281][T16474] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 382.087518][T16474] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.133058][T18156] chnl_net:caif_netlink_parms(): no params data found [ 382.179888][T16474] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 382.194279][T16474] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.346886][T16474] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 382.380194][T16474] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.494169][T16474] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 382.505616][T16474] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.546024][T18156] bridge0: port 1(bridge_slave_0) entered blocking state [ 382.572394][T18156] bridge0: port 1(bridge_slave_0) entered disabled state [ 382.584790][T18156] bridge_slave_0: entered allmulticast mode [ 382.612999][T18156] bridge_slave_0: entered promiscuous mode [ 382.649969][T18156] bridge0: port 2(bridge_slave_1) entered blocking state [ 382.682854][T18156] bridge0: port 2(bridge_slave_1) entered disabled state [ 382.706633][T18156] bridge_slave_1: entered allmulticast mode [ 382.741324][T18156] bridge_slave_1: entered promiscuous mode [ 382.930952][T18156] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 383.029084][T18156] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 383.315779][ T5823] Bluetooth: hci2: command tx timeout [ 383.496690][T18258] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3791'. [ 383.592555][T16474] bond25 (unregistering): (slave ip6gretap0): Releasing active interface [ 383.605224][T16474] ip6gretap0 (unregistering): left allmulticast mode [ 383.857208][T16474] team0: Port device geneve0 removed [ 384.099924][T16474] bond8 (unregistering): (slave bridge6): Releasing active interface [ 384.320106][T16474] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 384.330902][T16474] bond0 (unregistering): Released all slaves [ 384.341349][T16474] bond1 (unregistering): Released all slaves [ 384.353873][T16474] bond2 (unregistering): Released all slaves [ 384.368963][T16474] bond3 (unregistering): Released all slaves [ 384.381828][T16474] bond4 (unregistering): Released all slaves [ 384.401199][T16474] bond5 (unregistering): Released all slaves [ 384.415131][T16474] bond6 (unregistering): Released all slaves [ 384.427690][T16474] bond7 (unregistering): Released all slaves [ 384.440740][T16474] bond8 (unregistering): Released all slaves [ 384.456525][T16474] bond9 (unregistering): Released all slaves [ 384.471048][T16474] bond10 (unregistering): Released all slaves [ 384.484070][T16474] bond11 (unregistering): Released all slaves [ 384.497552][T16474] bond12 (unregistering): Released all slaves [ 384.517081][T16474] bond13 (unregistering): Released all slaves [ 384.529495][T16474] bond14 (unregistering): Released all slaves [ 384.542408][T16474] bond15 (unregistering): Released all slaves [ 384.561351][T16474] bond16 (unregistering): Released all slaves [ 384.574954][T16474] bond17 (unregistering): Released all slaves [ 384.587980][T16474] bond18 (unregistering): Released all slaves [ 384.600502][T16474] bond19 (unregistering): Released all slaves [ 384.622563][T16474] bond20 (unregistering): Released all slaves [ 384.635306][T16474] bond21 (unregistering): Released all slaves [ 384.648480][T16474] bond22 (unregistering): Released all slaves [ 384.666948][T16474] bond23 (unregistering): Released all slaves [ 384.679880][T16474] bond24 (unregistering): Released all slaves [ 384.692340][T16474] bond25 (unregistering): left allmulticast mode [ 384.699228][T16474] bond25 (unregistering): left promiscuous mode [ 384.708853][T16474] team0: Port device macvlan2 removed [ 384.719679][T16474] bond25 (unregistering): Released all slaves [ 384.732716][T16474] bond26 (unregistering): Released all slaves [ 384.749190][T18226] team_slave_0: entered promiscuous mode [ 384.754945][T18226] team_slave_1: entered promiscuous mode [ 384.760893][T18226] vlan2: entered promiscuous mode [ 384.766056][T18226] team0: entered promiscuous mode [ 384.787386][T18156] team0: Port device team_slave_0 added [ 384.893934][T18255] bridge8: entered promiscuous mode [ 384.908961][T18255] bridge8: entered allmulticast mode [ 384.935969][T18156] team0: Port device team_slave_1 added [ 385.021413][T18156] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 385.028566][T18156] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 385.055072][T18156] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 385.067615][T18156] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 385.075660][T18156] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 385.116634][T18156] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 385.153181][T16474] tipc: Left network mode [ 385.169640][T18259] lo speed is unknown, defaulting to 1000 [ 385.215416][T16474] IPVS: stopping backup sync thread 7074 ... [ 385.337653][T18274] bond18: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 385.366151][T18274] bond18 (unregistering): Released all slaves [ 385.394571][ T5823] Bluetooth: hci2: command tx timeout [ 385.471534][T18156] hsr_slave_0: entered promiscuous mode [ 385.499752][T18156] hsr_slave_1: entered promiscuous mode [ 385.519173][T18156] debugfs: 'hsr0' already exists in 'hsr' [ 385.525930][T18156] Cannot create hsr debugfs directory [ 385.796449][ T24] net_ratelimit: 13 callbacks suppressed [ 385.796468][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 386.488093][T18328] netlink: 'syz.1.3804': attribute type 11 has an invalid length. [ 386.493511][T18329] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3805'. [ 386.534974][T18329] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3805'. [ 386.563827][T18331] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3806'. [ 386.835481][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 386.856411][T18337] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3806'. [ 386.928784][T16479] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 386.937875][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 387.047846][T18337] bond0: (slave bond_slave_1): Releasing backup interface [ 387.155624][T16474] hsr_slave_0: left promiscuous mode [ 387.166218][T16474] hsr_slave_1: left promiscuous mode [ 387.172932][T16474] batman_adv: batadv0: Interface deactivated: dummy0 [ 387.181523][T16474] batman_adv: batadv0: Removing interface: dummy0 [ 387.212405][T16474] veth1_macvtap: left promiscuous mode [ 387.219973][T16474] veth1_vlan: left promiscuous mode [ 387.226380][T16474] veth0_vlan: left promiscuous mode [ 387.474667][ T5823] Bluetooth: hci2: command tx timeout [ 387.592015][T18346] syzkaller1: entered promiscuous mode [ 387.598823][T18346] syzkaller1: entered allmulticast mode [ 387.875541][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 387.984327][T18371] bond18: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 387.998064][T18371] bond18 (unregistering): Released all slaves [ 388.028105][T18156] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 388.078617][T18156] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 388.108092][T18370] netlink: 'syz.3.3811': attribute type 32 has an invalid length. [ 388.129310][T18156] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 388.158193][T18156] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 388.204833][ T2308] block nbd2: Possible stuck request ffff888026728000: control (read@0,1024B). Runtime 270 seconds [ 388.216172][ T2308] block nbd2: Possible stuck request ffff888026728200: control (read@1024,1024B). Runtime 270 seconds [ 388.231059][ T2308] block nbd2: Possible stuck request ffff888026728400: control (read@2048,1024B). Runtime 270 seconds [ 388.242256][ T2308] block nbd2: Possible stuck request ffff888026728600: control (read@3072,1024B). Runtime 270 seconds [ 388.258792][T18383] syzkaller1: entered promiscuous mode [ 388.264537][T18383] syzkaller1: entered allmulticast mode [ 388.307646][T16474] IPVS: stop unused estimator thread 0... [ 388.430099][T18156] 8021q: adding VLAN 0 to HW filter on device bond0 [ 388.453586][T18156] 8021q: adding VLAN 0 to HW filter on device team0 [ 388.467622][T16474] bridge0: port 1(bridge_slave_0) entered blocking state [ 388.475278][T16474] bridge0: port 1(bridge_slave_0) entered forwarding state [ 388.503116][T16479] bridge0: port 2(bridge_slave_1) entered blocking state [ 388.510433][T16479] bridge0: port 2(bridge_slave_1) entered forwarding state [ 388.562688][ T6679] IPVS: starting estimator thread 0... [ 388.669374][T18403] IPVS: using max 32 ests per chain, 76800 per kthread [ 388.938458][T15963] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 388.967170][T18418] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3816'. [ 388.977238][T18421] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_bond, syncid = 0, id = 0 [ 389.048173][T18156] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 389.197125][T18156] veth0_vlan: entered promiscuous mode [ 389.231637][T18425] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3818'. [ 389.239842][T18156] veth1_vlan: entered promiscuous mode [ 389.350599][T18428] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.546115][T18156] veth0_macvtap: entered promiscuous mode [ 389.566924][ T5823] Bluetooth: hci2: command tx timeout [ 389.568897][T18156] veth1_macvtap: entered promiscuous mode [ 389.662220][T18156] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 389.707712][T18447] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3821'. [ 389.837528][T18445] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3820'. [ 389.869157][T18428] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.904273][T18460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3821'. [ 389.955484][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 389.963642][ T6679] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 389.972618][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 390.062190][T18445] macvtap0: entered promiscuous mode [ 390.068011][T18445] virtio_net virtio1 eth0: entered promiscuous mode [ 390.086070][T18445] macvtap0: entered allmulticast mode [ 390.100532][T18445] virtio_net virtio1 eth0: entered allmulticast mode [ 390.114992][T16470] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 390.154080][T18156] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 390.178520][T18428] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.240412][T18463] syzkaller1: entered promiscuous mode [ 390.247148][T18463] syzkaller1: entered allmulticast mode [ 390.336268][T18428] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.373898][T16470] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.383028][T16470] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.413408][T16470] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.446636][T16470] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.622348][T16470] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.691668][T16474] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.702482][T16474] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.724824][T16470] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.996056][ T9855] net_ratelimit: 1 callbacks suppressed [ 390.996075][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 392.035420][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 392.043606][T16475] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 392.052224][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 392.227543][T18431] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 392.424713][T16474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 392.453150][T16474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 392.516653][T18531] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 392.541157][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 392.594543][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 393.025908][T18549] lo speed is unknown, defaulting to 1000 [ 393.083463][T15963] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 393.201194][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 393.212260][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 393.224888][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 393.235366][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 393.243054][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 393.383229][T18561] lo speed is unknown, defaulting to 1000 [ 393.890761][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 394.116223][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 394.276625][T18590] lo speed is unknown, defaulting to 1000 [ 394.367685][T18599] bond14: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 394.402801][T18599] bond14 (unregistering): Released all slaves [ 394.523077][ T5934] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 394.637174][T18561] chnl_net:caif_netlink_parms(): no params data found [ 394.962002][T18631] macvtap0: entered promiscuous mode [ 395.042863][T18631] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3847'. [ 395.080175][ T5836] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 395.089245][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 395.117945][T18636] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3848'. [ 395.145840][T18631] veth0_macvtap: left promiscuous mode [ 395.197466][T18631] macvtap0 (unregistering): left promiscuous mode [ 395.309820][T18561] bridge0: port 1(bridge_slave_0) entered blocking state [ 395.317272][ T5823] Bluetooth: hci0: command tx timeout [ 395.331608][T18561] bridge0: port 1(bridge_slave_0) entered disabled state [ 395.365129][T18561] bridge_slave_0: entered allmulticast mode [ 395.372911][T18561] bridge_slave_0: entered promiscuous mode [ 395.416232][T18561] bridge0: port 2(bridge_slave_1) entered blocking state [ 395.423417][T18561] bridge0: port 2(bridge_slave_1) entered disabled state [ 395.436766][T18561] bridge_slave_1: entered allmulticast mode [ 395.445188][T18561] bridge_slave_1: entered promiscuous mode [ 395.584638][T18561] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 395.616703][T18561] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 395.791899][T18561] team0: Port device team_slave_0 added [ 395.827378][T18561] team0: Port device team_slave_1 added [ 395.845241][T18666] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3855'. [ 395.954239][T18666] macvtap1: entered promiscuous mode [ 395.970883][T18666] macvtap1: entered allmulticast mode [ 396.025201][T18561] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 396.042418][T18561] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 396.094562][T18561] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 396.139850][T18561] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 396.164454][T18561] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 396.197789][ T24] net_ratelimit: 4 callbacks suppressed [ 396.197810][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 396.211716][T18561] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 396.338825][T18679] bond19: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 396.367844][T18679] bond19 (unregistering): Released all slaves [ 396.396923][T18689] netlink: 112 bytes leftover after parsing attributes in process `syz.0.3861'. [ 396.406427][T18689] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3861'. [ 396.421952][T18561] hsr_slave_0: entered promiscuous mode [ 396.429082][T18561] hsr_slave_1: entered promiscuous mode [ 396.438863][T18561] debugfs: 'hsr0' already exists in 'hsr' [ 396.445287][T18561] Cannot create hsr debugfs directory [ 396.459350][T18681] lo speed is unknown, defaulting to 1000 [ 396.758576][T18701] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3863'. [ 397.236163][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 397.333228][T18719] lo speed is unknown, defaulting to 1000 [ 397.396359][ T5823] Bluetooth: hci0: command tx timeout [ 397.797154][T16467] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 397.805968][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 397.941024][T18751] tap0: tun_chr_ioctl cmd 2148553947 [ 398.282891][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 399.315407][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 399.479493][ T5823] Bluetooth: hci0: command tx timeout [ 400.208271][T18814] pimreg: tun_chr_ioctl cmd 1074025677 [ 400.213957][T18814] pimreg: linktype set to 776 [ 400.235419][T18814] pimreg: tun_chr_ioctl cmd 2148553947 [ 400.290099][T18561] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 400.314268][T18561] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 400.358204][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 400.367748][T16470] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 400.376404][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 400.405539][T18561] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 400.419841][T18561] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 400.652151][T18561] 8021q: adding VLAN 0 to HW filter on device bond0 [ 400.696524][T18842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 400.708182][T18561] 8021q: adding VLAN 0 to HW filter on device team0 [ 400.723158][ T3573] bridge0: port 1(bridge_slave_0) entered blocking state [ 400.730461][ T3573] bridge0: port 1(bridge_slave_0) entered forwarding state [ 400.773228][ T3573] bridge0: port 2(bridge_slave_1) entered blocking state [ 400.780455][ T3573] bridge0: port 2(bridge_slave_1) entered forwarding state [ 400.974013][T18561] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 401.022326][T18561] veth0_vlan: entered promiscuous mode [ 401.036249][T18561] veth1_vlan: entered promiscuous mode [ 401.060571][T18561] veth0_macvtap: entered promiscuous mode [ 401.071636][T18561] veth1_macvtap: entered promiscuous mode [ 401.089559][T18561] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 401.102668][T18561] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 401.117211][T16470] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.127133][T16470] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.137160][T16470] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.146089][T16470] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.205450][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 401.213351][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 401.239361][ T3573] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 401.247738][ T3573] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 401.328305][T18851] lo speed is unknown, defaulting to 1000 [ 401.395674][ T5891] net_ratelimit: 2 callbacks suppressed [ 401.395695][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 401.554680][ T5823] Bluetooth: hci0: command tx timeout [ 402.437012][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 403.475327][ T9858] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 403.555313][T16475] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 403.563949][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 404.515348][ T9858] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 404.524053][ T3573] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 404.533764][ T6679] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 404.542850][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 405.555101][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 406.596833][ T9858] net_ratelimit: 2 callbacks suppressed [ 406.596853][ T9858] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 406.610698][ T5836] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 406.620055][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 407.635317][ T9858] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 408.675997][ T9858] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 409.315289][ T3573] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 409.324180][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 409.715181][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 410.755438][ T9855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 411.795965][ T9858] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 411.875070][T16479] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 411.883388][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 412.354888][ T5836] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 412.363484][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 412.835266][ T9858] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 413.875647][ T9858] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 414.435031][ C0] ================================================================== [ 414.443209][ C0] BUG: KASAN: slab-use-after-free in rose_t0timer_expiry+0x276/0x560 [ 414.451585][ C0] Write of size 8 at addr ffff888024a31018 by task swapper/0/0 [ 414.459444][ C0] [ 414.461816][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) [ 414.461830][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 414.461841][ C0] Call Trace: [ 414.461849][ C0] [ 414.461857][ C0] dump_stack_lvl+0xe8/0x150 [ 414.461877][ C0] print_report+0xba/0x230 [ 414.461902][ C0] ? rose_t0timer_expiry+0x276/0x560 [ 414.461919][ C0] kasan_report+0x117/0x150 [ 414.461940][ C0] ? rose_t0timer_expiry+0x276/0x560 [ 414.461956][ C0] rose_t0timer_expiry+0x276/0x560 [ 414.461972][ C0] call_timer_fn+0x192/0x640 [ 414.461992][ C0] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 414.462006][ C0] ? call_timer_fn+0xd4/0x640 [ 414.462019][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 414.462034][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 414.462159][ C0] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 414.462173][ C0] __run_timer_base+0x652/0x8b0 [ 414.462185][ C0] ? ktime_get+0x45/0x200 [ 414.462197][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 414.462210][ C0] ? sched_clock_cpu+0x74/0x440 [ 414.462236][ C0] run_timer_softirq+0xb7/0x170 [ 414.462248][ C0] handle_softirqs+0x22a/0x870 [ 414.462269][ C0] ? __irq_exit_rcu+0x5f/0x150 [ 414.462283][ C0] __irq_exit_rcu+0x5f/0x150 [ 414.462296][ C0] irq_exit_rcu+0x9/0x30 [ 414.462308][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 414.462325][ C0] [ 414.462329][ C0] [ 414.462333][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 414.462348][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 414.462365][ C0] Code: 4e 6c 02 c3 cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 72 1a 00 fb f4 fc e9 02 00 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 414.462375][ C0] RSP: 0018:ffffffff8e407dc0 EFLAGS: 00000246 [ 414.462386][ C0] RAX: 00000000001221bb RBX: ffffffff819a8c8d RCX: 0000000080000001 [ 414.462420][ C0] RDX: 0000000000000001 RSI: ffffffff8def963c RDI: ffffffff8c27b500 [ 414.462428][ C0] RBP: ffffffff8e407eb0 R08: ffff8880b863395b R09: 1ffff110170c672b [ 414.462436][ C0] R10: dffffc0000000000 R11: ffffed10170c672c R12: ffffffff90113eb0 [ 414.462443][ C0] R13: 1ffffffff1c929d8 R14: 0000000000000000 R15: 0000000000000000 [ 414.462452][ C0] ? do_idle+0x1bd/0x500 [ 414.462469][ C0] default_idle+0x9/0x20 [ 414.462480][ C0] default_idle_call+0x72/0xb0 [ 414.462491][ C0] do_idle+0x1bd/0x500 [ 414.462504][ C0] ? lockdep_hardirqs_on+0x7a/0x110 [ 414.462515][ C0] ? __pfx_do_idle+0x10/0x10 [ 414.462530][ C0] cpu_startup_entry+0x43/0x60 [ 414.462544][ C0] rest_init+0x2de/0x300 [ 414.462557][ C0] start_kernel+0x385/0x3d0 [ 414.462647][ C0] x86_64_start_reservations+0x24/0x30 [ 414.462687][ C0] x86_64_start_kernel+0x143/0x1c0 [ 414.462702][ C0] common_startup_64+0x13e/0x147 [ 414.462724][ C0] [ 414.462729][ C0] [ 414.741781][ C0] Allocated by task 12534: [ 414.746332][ C0] kasan_save_track+0x3e/0x80 [ 414.751013][ C0] __kasan_kmalloc+0x93/0xb0 [ 414.755609][ C0] __kmalloc_cache_noprof+0x31c/0x660 [ 414.761007][ C0] rose_add_node+0x23c/0xf00 [ 414.766004][ C0] rose_rt_ioctl+0xd35/0x12a0 [ 414.770687][ C0] rose_ioctl+0x3fb/0x8f0 [ 414.775021][ C0] sock_do_ioctl+0x101/0x320 [ 414.779809][ C0] sock_ioctl+0x5c6/0x7f0 [ 414.784335][ C0] __se_sys_ioctl+0xfc/0x170 [ 414.788947][ C0] do_syscall_64+0x14d/0xf80 [ 414.793544][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.799543][ C0] [ 414.801937][ C0] Freed by task 0: [ 414.805680][ C0] kasan_save_track+0x3e/0x80 [ 414.810383][ C0] kasan_save_free_info+0x46/0x50 [ 414.815932][ C0] __kasan_slab_free+0x5c/0x80 [ 414.821127][ C0] kfree+0x1c1/0x630 [ 414.825311][ C0] rose_timer_expiry+0x4cb/0x600 [ 414.830255][ C0] call_timer_fn+0x192/0x640 [ 414.834972][ C0] __run_timer_base+0x652/0x8b0 [ 414.839921][ C0] run_timer_softirq+0xb7/0x170 [ 414.844806][ C0] handle_softirqs+0x22a/0x870 [ 414.849573][ C0] __irq_exit_rcu+0x5f/0x150 [ 414.854154][ C0] irq_exit_rcu+0x9/0x30 [ 414.858406][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 414.864249][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 414.870612][ C0] [ 414.872939][ C0] The buggy address belongs to the object at ffff888024a31000 [ 414.872939][ C0] which belongs to the cache kmalloc-512 of size 512 [ 414.887015][ C0] The buggy address is located 24 bytes inside of [ 414.887015][ C0] freed 512-byte region [ffff888024a31000, ffff888024a31200) [ 414.900983][ C0] [ 414.903307][ C0] The buggy address belongs to the physical page: [ 414.909721][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888024a30400 pfn:0x24a30 [ 414.919879][ C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 414.928375][ C0] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 414.936890][ C0] page_type: f5(slab) [ 414.941055][ C0] raw: 00fff00000000240 ffff88813fea8c80 ffff88813fea37c8 ffffea00015aa110 [ 414.949656][ C0] raw: ffff888024a30400 000000080010000f 00000000f5000000 0000000000000000 [ 414.958237][ C0] head: 00fff00000000240 ffff88813fea8c80 ffff88813fea37c8 ffffea00015aa110 [ 414.966900][ C0] head: ffff888024a30400 000000080010000f 00000000f5000000 0000000000000000 [ 414.975581][ C0] head: 00fff00000000002 ffffea0000928c01 00000000ffffffff 00000000ffffffff [ 414.984538][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 414.993533][ C0] page dumped because: kasan: bad access detected [ 415.000087][ C0] page_owner tracks the page as allocated [ 415.005828][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5470, tgid 5470 (S30dbus), ts 40722923987, free_ts 34192239305 [ 415.025965][ C0] post_alloc_hook+0x231/0x280 [ 415.030843][ C0] get_page_from_freelist+0x24dc/0x2580 [ 415.036408][ C0] __alloc_frozen_pages_noprof+0x18d/0x380 [ 415.042205][ C0] allocate_slab+0x77/0x660 [ 415.047061][ C0] refill_objects+0x331/0x3c0 [ 415.051741][ C0] __pcs_replace_empty_main+0x2f9/0x5e0 [ 415.057300][ C0] __kmalloc_noprof+0x474/0x760 [ 415.062153][ C0] tomoyo_init_log+0x1aae/0x1fb0 [ 415.067229][ C0] tomoyo_supervisor+0x353/0x1570 [ 415.072247][ C0] tomoyo_path_permission+0x25a/0x380 [ 415.077670][ C0] tomoyo_path_perm+0x3f3/0x560 [ 415.078856][T16475] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 415.082530][ C0] security_inode_getattr+0x12b/0x310 [ 415.091586][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 415.096033][ C0] __x64_sys_newfstat+0x13b/0x270 [ 415.096064][ C0] do_syscall_64+0x14d/0xf80 [ 415.096081][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.119619][ C0] page last free pid 5202 tgid 5202 stack trace: [ 415.126017][ C0] __free_frozen_pages+0xc2b/0xdb0 [ 415.131115][ C0] __slab_free+0x263/0x2b0 [ 415.135518][ C0] qlist_free_all+0x97/0x100 [ 415.140102][ C0] kasan_quarantine_reduce+0x148/0x160 [ 415.145547][ C0] __kasan_slab_alloc+0x22/0x80 [ 415.150389][ C0] kmem_cache_alloc_noprof+0x2bc/0x650 [ 415.155850][ C0] do_getname+0x2e/0x250 [ 415.160078][ C0] do_readlinkat+0xc8/0x510 [ 415.164566][ C0] __x64_sys_readlink+0x7f/0x90 [ 415.169418][ C0] do_syscall_64+0x14d/0xf80 [ 415.173985][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.179867][ C0] [ 415.182176][ C0] Memory state around the buggy address: [ 415.187851][ C0] ffff888024a30f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 415.195924][ C0] ffff888024a30f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 415.203974][ C0] >ffff888024a31000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 415.212029][ C0] ^ [ 415.217160][ C0] ffff888024a31080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 415.225219][ C0] ffff888024a31100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 415.233339][ C0] ================================================================== [ 415.241603][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 415.248835][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) [ 415.257782][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 415.267861][ C0] Call Trace: [ 415.271246][ C0] [ 415.274198][ C0] vpanic+0x56c/0xa60 [ 415.278298][ C0] ? __pfx_vpanic+0x10/0x10 [ 415.282835][ C0] panic+0xc5/0xd0 [ 415.286592][ C0] ? __pfx_panic+0x10/0x10 [ 415.291191][ C0] ? lockdep_hardirqs_on+0x7a/0x110 [ 415.296396][ C0] ? rose_t0timer_expiry+0x276/0x560 [ 415.301691][ C0] ? rose_t0timer_expiry+0x276/0x560 [ 415.307071][ C0] check_panic_on_warn+0x89/0xb0 [ 415.312081][ C0] ? rose_t0timer_expiry+0x276/0x560 [ 415.317461][ C0] end_report+0x73/0x180 [ 415.321724][ C0] ? rose_t0timer_expiry+0x276/0x560 [ 415.327100][ C0] kasan_report+0x128/0x150 [ 415.331604][ C0] ? rose_t0timer_expiry+0x276/0x560 [ 415.336894][ C0] rose_t0timer_expiry+0x276/0x560 [ 415.342010][ C0] call_timer_fn+0x192/0x640 [ 415.346601][ C0] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 415.352241][ C0] ? call_timer_fn+0xd4/0x640 [ 415.356919][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 415.362036][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 415.367236][ C0] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 415.372872][ C0] __run_timer_base+0x652/0x8b0 [ 415.377719][ C0] ? ktime_get+0x45/0x200 [ 415.382048][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 415.387418][ C0] ? sched_clock_cpu+0x74/0x440 [ 415.392269][ C0] run_timer_softirq+0xb7/0x170 [ 415.397138][ C0] handle_softirqs+0x22a/0x870 [ 415.402026][ C0] ? __irq_exit_rcu+0x5f/0x150 [ 415.406826][ C0] __irq_exit_rcu+0x5f/0x150 [ 415.411437][ C0] irq_exit_rcu+0x9/0x30 [ 415.415686][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 415.421329][ C0] [ 415.424252][ C0] [ 415.427186][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 415.433163][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 415.438799][ C0] Code: 4e 6c 02 c3 cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 72 1a 00 fb f4 fc e9 02 00 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 415.458399][ C0] RSP: 0018:ffffffff8e407dc0 EFLAGS: 00000246 [ 415.464468][ C0] RAX: 00000000001221bb RBX: ffffffff819a8c8d RCX: 0000000080000001 [ 415.472443][ C0] RDX: 0000000000000001 RSI: ffffffff8def963c RDI: ffffffff8c27b500 [ 415.480407][ C0] RBP: ffffffff8e407eb0 R08: ffff8880b863395b R09: 1ffff110170c672b [ 415.488375][ C0] R10: dffffc0000000000 R11: ffffed10170c672c R12: ffffffff90113eb0 [ 415.496341][ C0] R13: 1ffffffff1c929d8 R14: 0000000000000000 R15: 0000000000000000 [ 415.504308][ C0] ? do_idle+0x1bd/0x500 [ 415.508559][ C0] default_idle+0x9/0x20 [ 415.512800][ C0] default_idle_call+0x72/0xb0 [ 415.517571][ C0] do_idle+0x1bd/0x500 [ 415.521643][ C0] ? lockdep_hardirqs_on+0x7a/0x110 [ 415.526849][ C0] ? __pfx_do_idle+0x10/0x10 [ 415.531467][ C0] cpu_startup_entry+0x43/0x60 [ 415.536241][ C0] rest_init+0x2de/0x300 [ 415.540585][ C0] start_kernel+0x385/0x3d0 [ 415.545180][ C0] x86_64_start_reservations+0x24/0x30 [ 415.550672][ C0] x86_64_start_kernel+0x143/0x1c0 [ 415.556089][ C0] common_startup_64+0x13e/0x147 [ 415.561050][ C0] [ 415.564409][ C0] Kernel Offset: disabled [ 415.568736][ C0] Rebooting in 86400 seconds..