last executing test programs:

3.145124526s ago: executing program 1 (id=3378):
r0 = socket(0x1d, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
sendmmsg$unix(r1, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000340)="90", 0x1}], 0x1, 0x0, 0x0, 0x8801}}], 0x1, 0x20004031)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYRESDEC=0x0], 0x8c}, 0x1, 0x0, 0x0, 0x200080c0}, 0x4080)
writev(r3, &(0x7f0000000040), 0x2)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f00000000c0), 0x4)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)=ANY=[@ANYRESHEX=r0], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000006c0)={r5}, 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x11, &(0x7f00000008c0)=ANY=[@ANYBLOB="18000000800000000000000001000000850000000f000000b7080000000000007b8af8ff00000000b7080000161300007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000003f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x15)
write(r2, &(0x7f0000000000)="0a000000010001", 0x7)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r0, &(0x7f0000000800)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000700)={0x44, 0x0, 0x800, 0x70bd2a, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xa0}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x800}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x20040040}, 0x20048000)
socket$inet6(0xa, 0x2, 0x0)
socketpair(0x23, 0x2, 0xffffffff, &(0x7f0000000180))
unshare(0x8000400)
socket(0x3, 0x5, 0x100)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_int(r8, 0x0, 0x2, 0x0)
r10 = socket$inet(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r10, 0x4000000000000, 0x40, 0x0, 0x0)
write$cgroup_subtree(r9, &(0x7f0000000100)=ANY=[@ANYBLOB='-7'], 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0xf, &(0x7f0000000940)=ANY=[@ANYBLOB="180000000000000000000000ffffff7f18110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000000d450100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000680)='GPL\x00', 0x5, 0x2a, &(0x7f0000000780)=""/42, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fffffff}, 0x94)

2.879550002s ago: executing program 1 (id=3381):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
r4 = socket$pppoe(0x18, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYRESHEX], 0x4c}, 0x1, 0x0, 0x0, 0x4010}, 0x40000)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.sectors\x00', 0x275a, 0x0)
write$cgroup_subtree(r5, &(0x7f00000004c0)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0)
connect$pppoe(r4, &(0x7f00000000c0)={0x18, 0x0, {0x4, @remote, 'pimreg1\x00'}}, 0x1e)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
read$nci(r0, &(0x7f0000000200)=""/100, 0x64)
write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
read$nci(r0, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r0, &(0x7f0000000380)=""/100, 0x64)
write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
read$nci(r0, &(0x7f0000000500)=""/100, 0x64)
write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f00000005c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f0000000680)=""/100, 0x64)
write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000000), r2)
write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
read$nci(r0, &(0x7f0000000840)=""/100, 0x64)
write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7)

2.119025146s ago: executing program 1 (id=3394):
accept4$x25(0xffffffffffffffff, &(0x7f0000000000)={0x9, @remote}, &(0x7f0000000040)=0x12, 0x0) (async)
r0 = accept4$x25(0xffffffffffffffff, &(0x7f0000000000)={0x9, @remote}, &(0x7f0000000040)=0x12, 0x0)
sendto$x25(r0, &(0x7f0000000080)="dcbdaf21ed3cf96def0eacd6b5bccb587dc6e31566dfa7d036d77ffc7504b9764dd8c931bb9e93a7ab29bb50c5dd8b5aad5d15d3c239a7455d0e5fed8c12928e33519a5f0e064b1962df2312f67e12fef56e8ba752ed21a594d21dd4aee6497ba050fcd53ec4c5a100", 0x69, 0x20000000, &(0x7f0000000100), 0x12)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x5410c3, 0x0) (async)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x5410c3, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8032, 0xffffffffffffffff, 0x0)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x28, r2, 0xbbff7b7924af81ff, 0x70bd2a, 0x25dfdbfd, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4000)

2.031446858s ago: executing program 3 (id=3397):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) (async)
setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000000040)={0x5, 0x5}, 0xc) (async)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='cdg', 0x3) (async)
shutdown(r0, 0x1)

1.934485894s ago: executing program 2 (id=3398):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x8932, &(0x7f0000000500)={'gre0\x00', 0x0}) (fail_nth: 3)

1.933883595s ago: executing program 4 (id=3399):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f00000000c0)={'dummy0\x00', 0x800})
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f00000001c0)={0x0, 0x1, [@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}]})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000401e0001000012005c00000000000700edff", @ANYRESHEX, @ANYBLOB="0000c000"], 0x1c}}, 0x0)

1.832792228s ago: executing program 0 (id=3401):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
unshare(0x2c020400)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0)
connect$802154_dgram(r0, &(0x7f0000000000)={0x24, @none={0x0, 0x3}}, 0x14)

1.775093401s ago: executing program 3 (id=3402):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x7ffffff7, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r1, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000280)="5338a3848b25", 0x6}], 0x1}}], 0x1, 0x20008000)
recvmsg(r1, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000000200)=""/112, 0x70}], 0x1}, 0x123)
shutdown(r1, 0x1)
socketpair(0x25, 0x4, 0x8, &(0x7f0000000000))
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x50}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x7}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x1, 0x7}}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x84}, 0x8000)
r6 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r6, &(0x7f00000000c0), 0x492492492492627, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e6, &(0x7f0000000080)="7c773d39aeef00")
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e6, &(0x7f0000000500)="d7")
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000520001000000000000000000020000000c00", @ANYRES16=r7], 0x20}}, 0x0)

1.534148341s ago: executing program 2 (id=3403):
unshare(0x22020400)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r1, &(0x7f0000000bc0)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000500)='p', 0x1}], 0x1}}, {{&(0x7f00000001c0)={0xa, 0x4e25, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000001440)="95", 0x1}], 0x1}}], 0x2, 0x20000004)
shutdown(r1, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e20, 0xffff, @empty, 0x1}}, 0x7}, &(0x7f0000000200)=0x90)
getsockname$packet(r0, 0x0, &(0x7f0000000200))

1.481963002s ago: executing program 1 (id=3404):
ioctl$XFS_IOC_START_COMMIT(0xffffffffffffffff, 0x80585882, &(0x7f0000000340)={<r0=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f00000003c0)={0x8001, 0x8002, 0xf, 0x1, <r1=>0x0}, &(0x7f0000000400)=0x10)
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f00000004c0)={r1, 0x7e, "c4c38c2107337f43d5d81c7187f337532fbde5e7ebe12d5e7a1aa3f79eaa3587341f5916b321b35efd96f717e0b417b7a03df1ab97210d43c622949a1cd0286a9f2b9bca28d2a97d46db5c845eb08abeb83f03d3897daa65928fd2a9e9532751afa0f654fd3c04a0256fae0889b216936ba8efa1071f006f4eb97612f533"}, &(0x7f0000000580)=0x86)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000140), 0xffffffffffffffff)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3ffd, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0x75}, @call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r2, 0x8982, &(0x7f0000000180))
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000000)={'veth1_to_batadv\x00', &(0x7f0000000080)=@ethtool_stats={0x15}})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000000080)={'wg2\x00', <r8=>0x0})
sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000d40)={0x0, 0xe0, &(0x7f0000000d00)={&(0x7f0000000600)=ANY=[@ANYBLOB="2c020000", @ANYRES16=r5, @ANYBLOB="010000000000000000000100000024000300a05ca84f6c9c8e3853e2fd7a70ae0fb20fa152600cb00845174f08076f8d7843e40108804441202024000100000000000100000000000000fdffff01000000000000000000000000000000001400040003000000ac1414bb00000000000000000600050000000000000100802400020073e591ec06154031d3954ac0e16752e72640f08b5281a8461d17d26d12f2bbb6060005000021000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39228c00098028000080060001000a0000001400020020010000000000000000000000000001050003000000000088000080060001000a0000001400020020010000000000000000000000000002050003000000001003800080060001008c0e000008000200ac1414aa05000300000000001c000080060001000200000008000200ac1414bb0500030000000000200004000e00000000000000fe800000000000000000000000000000000000009c0000802400020073961633df6dc9cb418b15afd0bae7b90f1e6cfed8bb423cf9285c474163154908000a00010000002400010000000000000000000000000000000000000000000000000000000000000000004800098028000080060001000a00000014000200fe8000000000000000000000000000bb05000300000000001c000080060001000200000008000200000000000500030000000000080005000100000008000100", @ANYRES32=r8], 0x22c}}, 0x0)
connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x380000, @loopback}, 0x1c)

1.37920748s ago: executing program 4 (id=3405):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000002600)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c0000001900010000000000fddbdf251d01000014000d"], 0x2c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000009b80)=@newchain={0x24, 0x64, 0x300, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x7, 0xfff2}, {0xf}, {0xa, 0x1ffe4}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.365523653s ago: executing program 0 (id=3406):
r0 = socket(0x1d, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
sendmmsg$unix(r1, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000340)="90", 0x1}], 0x1, 0x0, 0x0, 0x8801}}], 0x1, 0x20004031)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYRESDEC=0x0], 0x8c}, 0x1, 0x0, 0x0, 0x200080c0}, 0x4080)
writev(r3, &(0x7f0000000040), 0x2)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f00000000c0), 0x4)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)=ANY=[@ANYRESHEX=r0], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000006c0)={r5}, 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x11, &(0x7f00000008c0)=ANY=[@ANYBLOB="18000000800000000000000001000000850000000f000000b7080000000000007b8af8ff00000000b7080000161300007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000003f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x15)
write(r2, &(0x7f0000000000)="0a000000010001", 0x7)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r0, &(0x7f0000000800)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000700)={0x44, 0x0, 0x800, 0x70bd2a, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xa0}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x800}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x20040040}, 0x20048000)
socket$inet6(0xa, 0x2, 0x0)
socketpair(0x23, 0x2, 0xffffffff, &(0x7f0000000180))
unshare(0x8000400)
socket(0x3, 0x5, 0x100)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_int(r8, 0x0, 0x2, 0x0)
r10 = socket$inet(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r10, 0x4000000000000, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x8, 0x3, 0x1e8, 0xc8, 0x8, 0xfa04, 0x0, 0x6c02, 0x180, 0x194, 0x194, 0x180, 0x194, 0x3, 0x0, {[{{@ip={@remote, @broadcast, 0xff000000, 0x8fb2bd54e1114dfe, 'sit0\x00', 'ip6_vti0\x00', {0xff}, {}, 0x6, 0x1, 0x36}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@ip={@rand_addr=0x64010101, @empty, 0xff000000, 0xffffff00, 'veth1_to_batadv\x00', 'nr0\x00', {}, {0xff}, 0x5c, 0x1, 0x7f}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x4c, 0x1ff, 0xd, 'snmp_trap\x00', {0x4c18}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x248)
write$cgroup_subtree(r9, &(0x7f0000000100)=ANY=[@ANYBLOB='-7'], 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0xf, &(0x7f0000000940)=ANY=[@ANYBLOB="180000000000000000000000ffffff7f18110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000000d450100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000680)='GPL\x00', 0x5, 0x2a, &(0x7f0000000780)=""/42, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fffffff}, 0x94)

1.288392647s ago: executing program 2 (id=3407):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x4000000)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={<r2=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000280)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f0000000000)={r2, @in={{0x2, 0x0, @empty}}, 0x0, 0x7ffe}, 0x90)
r5 = accept$netrom(r0, &(0x7f0000000400)={{0x3, @bcast}, [@netrom, @rose, @bcast, @netrom, @bcast, @bcast, @null, @bcast]}, &(0x7f00000004c0)=0x48)
getsockopt$SO_TIMESTAMP(r5, 0x1, 0x1d, &(0x7f0000000500), 0x0)
r6 = socket(0xa, 0x3, 0x87)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'lo\x00', <r8=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000580)={@loopback={0xff000000}, 0x12, r8})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={r4, @in6={{0xa, 0x4e24, 0x5, @empty, 0x2800}}, 0xb, 0x1000, 0x20000, 0x0, 0x2e, 0x1000, 0x4}, 0x9c)
ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, &(0x7f0000002980))
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000005080)={0x0, 0x0, &(0x7f0000004e40)=[{0x0}], 0x1}, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, 0x0, 0x0)
setsockopt$TIPC_CONN_TIMEOUT(0xffffffffffffffff, 0x10f, 0x82, 0x0, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000005540)={0x0, 0x0, &(0x7f00000054c0)}, 0x2)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005640), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r9, &(0x7f00000060c0)={0x0, 0x0, &(0x7f0000006080)={&(0x7f0000005ec0)={0x38, r10, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x1d}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x54}, @NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x18}]}, 0x38}}, 0x20000000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
unshare(0x20000400)
r11 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
setsockopt$rose(r11, 0x104, 0x2, &(0x7f0000000040)=0x3, 0x4)

1.166572621s ago: executing program 3 (id=3408):
r0 = socket(0x1, 0x803, 0x0)
ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000480)=@add_del={0x2, &(0x7f0000000440)='ip_vti0\x00', 0x204})

1.054569302s ago: executing program 4 (id=3409):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0)
getsockname$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r4, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00090008000080", @ANYRES32=r4, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000010c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00090008000000", @ANYRES32=r4, @ANYBLOB="14000500fe80917a952a643f152befd0599ecd85f55afcd7d85070a802fc3c9b75011f7bb27cfa7e4e"], 0x3c}}, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000180)={@ifindex=r4, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

1.053994889s ago: executing program 2 (id=3410):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0), 0xc)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000180)="521692a1a8fa2c315c66d70eee715171a2a3221f6f13fbe57b1772ddbc1d8d5c85ffb5366377acf4de8af0f5e69cb01bd0c6596be438890950e5b47332b15880c29eb868763cb9bcb2b10fe6ed9d4cf23362eef4951af9827e4e51f5")
ioctl$F2FS_IOC_GET_FEATURES(r0, 0x8004f50c, 0x0)
accept$phonet_pipe(0xffffffffffffffff, 0x0, &(0x7f0000000280))
ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(0xffffffffffffffff, 0x4058587a, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f00000000c0)=0x7)
write$nci(0xffffffffffffffff, 0x0, 0x4)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, 0x0, 0x20000000)
ioctl$sock_rose_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x7, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f00000007c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bpq0, 0x5, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]})

1.048339092s ago: executing program 0 (id=3411):
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000340)={{0x1, <r0=>0xffffffffffffffff}, &(0x7f0000000200), 0x0}, 0x20)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, r0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x50)
bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'aead\x00', 0x11, 0x0, 'aegis256-generic\x00'}, 0x58)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000240)={0x0, 0x87, "7bf8ec152fa16d39e4553d9607191c01003f4f261459314625abafbae0dd3d3a415cb19b2f3f5bd1d92f8a3b28f86ac6911e26622113c1d519b46c2b1bb9b76cf8008d37a06e88b31100ae16fcb20ca3c5e2bc78d0014278c1e4c7fb4ab35e2c3ae32abc7bf205fd325765be5684ece2933f3325ec9cb8b4725605bf2722d1ded87089430c8a35"}, 0x0)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000100)="480000001400195a8563e43c12f461560a2972063700000000000000590000a2bc5603ca00000f7f89000004200000000101ff000000032fdc0e2d9d9b7373ed", 0x40}], 0x1)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}}, 0x40040)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)=',8Zz', 0x4)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000280)={0x0, 0x99, 0x7, 0x0, 0x1, 0x5392, 0xc, 0x9, {0x0, @in6={{0xa, 0x4e20, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10}}, 0x81, 0x3, 0xc, 0x4b, 0x9}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000001dc76dcd00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x3, 0x16, &(0x7f0000000280)=ANY=[@ANYBLOB="7912b8000000000061138c0000000000bf2000000000000015000000080063033d030100000000009500003a000000006916000000000000bf6700000000000066060500fcff03006706000002000000760300000ee60060bf050000000000003c6500bf000000006507f9ff01000000070700004cdfffff1e75040000000000bf54000000000000070400000400f9ffad43010000000000d5000000000000000500000000000000950000000000000032410000000000000054bb12dc8c27df8ecfc7bdd2d17f2f1754558f22dd399703d6c4f6f3be0b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf7a13ba1fcf1111ce4fc0d742a81762bab8395fa64810b5b40d893ea8fe0ffffff7f1b546cad3f1d5af65706fd4f68795cce6cf16ab689b555202da2e0ec2871a51445dc8da39e5b0ab71ca9b901627b562ed84b026002d4519af619e3cca4d69e0dee080006774a8f3e691700ec88158f02001b0000c81c8b297dff0445a13d0045fb3cda32a673a6bb55d8c80800dce431e56723888fb126a1403d2b63f16fb2ad9bc117aba7cbebe174aba210d739a018f9bbec63222d20cedbc4d03723f1c932b3a6aa57f1ad2e99e0e67a993716d20000009f0f53acbb40b401e3738270b3156268784f2af9e4bcf8b07a10d6735154be1602f9dd1d7d4301e00000000000460bcc5989ec85e3cbcb6bcfaf0000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d0861cd64722cf74686ebfbe2562671cd47840f81d2a8f8f9be3bcd19dc6840aa7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7eab049b1bd47287cd31cc43ea0ffb567b40407d000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014)

971.984386ms ago: executing program 3 (id=3412):
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000300000000bbfe8000000000000000000000000000aa11000001"], 0x0)

877.350073ms ago: executing program 0 (id=3413):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={0x0}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000240)=0x81, 0x4)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xb0}}, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
r3 = socket(0x2b, 0x1, 0x1)
connect$inet6(r3, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x40938, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0)
setsockopt$inet_mreqsrc(r0, 0x0, 0x28, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010000030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3200000000b0000000060a010400000000000000000100000008000b400000000088000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000500001800c0001006269747769736500400002800800034000000002080001400000000c08000240000000121c00078015000100e20814bed0d99d21351e3237557ea489f300000008000640000000030900010073797a3000000000000000000000000700000a"], 0x124}}, 0x0)

792.205254ms ago: executing program 2 (id=3414):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000f001000010000000000000000000000000a20000000000a050000e22dcbc80b47befa0000000900010073797a30000000002c000000030a01020000000000000000010000030900030073797a30000000000900010073797a3000000000540000001a0a010400000000000000000100000008000b4000000000090001"], 0xc8}}, 0x0)

731.13268ms ago: executing program 3 (id=3415):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r0, &(0x7f0000005c40)=[{{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000000d40)=""/213, 0xd5}, {&(0x7f0000000e40)=""/251, 0xfb}, {&(0x7f0000000f40)=""/239, 0xef}, {&(0x7f0000003bc0)=""/4096, 0x1000}, {&(0x7f00000005c0)=""/40, 0x28}, {&(0x7f0000001140)=""/242, 0xf2}], 0x6}, 0x9}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x3ff}], 0x4, 0x2120, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="180000002500010324bd5502ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4004088}, 0x0)

717.951014ms ago: executing program 4 (id=3416):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x4044830)

603.679885ms ago: executing program 2 (id=3417):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@filter={'filter\x00', 0xe, 0x4, 0x6b0, [0x0, 0x200000000040, 0x200000000206, 0x200000000236], 0x0, &(0x7f0000000000), &(0x7f0000000040)=[{0x0, '\x00', 0x0, 0xfffffffffffffffc, 0x1, [{0x11, 0x19, 0x2, 'veth0_to_team\x00', 'veth0_macvtap\x00', 'syz_tun\x00', 'ipvlan0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}, [0x0, 0x0, 0xff, 0x0, 0x0, 0xff], @random="2a62875a11cb", [0xff, 0xff, 0x0, 0x0, 0xff], 0xa6, 0x11e, 0x196, [@realm={{'realm\x00', 0x0, 0x10}, {{0x7, 0x40}}}], [@common=@ERROR={'ERROR\x00', 0x20, {"f6c554b32d24a68d079192a19ebbcc71d451a014139bc9a6dae15423ca9e"}}, @common=@CLASSIFY={'CLASSIFY\x00', 0x8, {{0x2}}}], @common=@nflog={'nflog\x00', 0x50, {{0x7, 0x9, 0x3, 0x0, 0x0, "2b329134baa57af3a8bafdefd02f29f1fb29089dd1c628c8c486bd22a4f351b286d917263c07d2754c9bd0e74b36771ecc17411d6f3a2561149b9cf1f5bd1b3d"}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe, 0x1, [{0x5, 0x8, 0x944, 'ip_vti0\x00', 'veth0_to_bridge\x00', 'ip_vti0\x00', 'pimreg1\x00', @multicast, [0x0, 0xff, 0x0, 0xff], @multicast, [0x0, 0x0, 0xff, 0x0, 0xff, 0xff], 0xae, 0xae, 0xde, [@connbytes={{'connbytes\x00', 0x0, 0x18}, {{[{0xfe}, {0x100000000}], 0x0, 0x1}}}], [], @common=@STANDARD={'\x00', 0x8, {0xfffffffffffffffb}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffe, 0x2, [{0x9, 0x32, 0x88fb, 'batadv0\x00', 'batadv_slave_0\x00', 'veth0_to_batadv\x00', 'bond_slave_1\x00', @multicast, [0xff, 0xff, 0x0, 0x0, 0x0, 0xff], @remote, [0xff, 0xff, 0xff], 0x6e, 0x9e, 0xce, [], [@common=@NFQUEUE0={'NFQUEUE\x00', 0x8, {{0x5}}}], @common=@STANDARD={'\x00', 0x8, {0xffffffffffffffff}}}, {0x5, 0x44, 0x8906, 'veth1_to_bond\x00', 'bond_slave_0\x00', 'pim6reg1\x00', 'hsr0\x00', @multicast, [0xff, 0xff], @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}, [0xff, 0xff, 0x0, 0x0, 0xff], 0xbe, 0x17e, 0x2ae, [@nfacct={{'nfacct\x00', 0x0, 0x28}, {{'syz0\x00', 0xc19}}}], [@common=@ERROR={'ERROR\x00', 0x20, {"ba2b2a10db7a16ccddd71db86c2765918fcbccdcef63a36af6da40492426"}}, @common=@NFLOG={'NFLOG\x00', 0x50, {{0x2, 0x1, 0x4, 0x1, 0x0, "51811b768db86f65b892d951f316a5729a1f3187a76a3a1fa7b549cfdf1ebac8bc427d11249ed42a3955a98cbb93b572af25b9e1e2cfeb3800426c3daa0bb3ef"}}}], @common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x68b9, 'system_u:object_r:apt_lock_t:s0\x00'}}}}]}]}, 0x728)
write$tun(r0, &(0x7f0000000780)={@val={0x0, 0x10}, @void, @x25={0x0, 0x3, 0x17, "ade0d7e29300c2ae271ce98b472199832cf049749e882e242c7d54956b2267b239c13d601727c9cf96d5b57c5ffa1fcf1d10474e19b7681bf65ccb78c50352cf75368a12aed8704d4568035e64a14cccf81c7db132692f12a514490d341b8f54bd21f6afe66a32f7eb697d432a74bf13e591ddddf9964d8ce2edb7e689b5bddb9cb9e1ff299dd0b494444709c41e260cb2fcd866946f97e2d252a7d2ab9088d9abaa47abf8fe1cf9a8436c8d467e4efdaf9678e9e13596f02f7b33e6e0e431d000b99e3ab6"}}, 0xcc)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000880)={'virt_wifi0\x00', 0x1})
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$int_in(r1, 0x5421, &(0x7f00000008c0)=0x9)
r2 = accept(r0, 0x0, &(0x7f0000000900))
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000980), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r2, &(0x7f0000000a40)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x3c, r3, 0x100, 0x70bd28, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x26}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0xfa}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x38}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0xf6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000014}, 0x4000004)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
recvmsg$can_bcm(r4, &(0x7f0000000c80)={&(0x7f0000000a80)=@pppol2tpv3={0x18, 0x1, {0x0, <r5=>0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000000b80)=[{&(0x7f0000000b00)=""/109, 0x6d}], 0x1, &(0x7f0000000bc0)=""/181, 0xb5}, 0x1)
getsockname$qrtr(r5, &(0x7f0000000cc0), &(0x7f0000000d00)=0xc)
sendmsg$tipc(r5, &(0x7f0000001f80)={&(0x7f0000000d40)=@name={0x1e, 0x2, 0x0, {{0x40, 0x4}}}, 0x10, &(0x7f0000001f40)=[{&(0x7f0000000d80)="fc0979ad0272df931f9dddba257af427c3eebdba303c0a31d3dd9ec6b7303c9da1ca36842ec1a13909127d51177ad17da47fedf02f675fc2fe18bfebb7c8277802063bb7c8a72a03d63ea6c60616d6f63719a2caed732c4735ca4d77002b713760ab4b60dce87626d32e94942f3de4cf633081f3d484afbc6912f6a00e434b617eab5a3c3e13625dcc024ae1d66fc376c1e4f5d47f6de8b7c00d9e80546f434f0f6c8e6d0389d85a332e810baed7886c8fa70735659beeb2fe764141c8a7c7990632792a427a6e26bfc65ee82cbdebe567867338e0ac5a", 0xd7}, {&(0x7f0000000e80)="2ee2964234547fa9f443ca68de881b5a9dd75d7e2328cb86bed2ca14101373419b15b200ff981f4bb7981b1495526684ae2931819747b4f6a0c639e4609779a8529b96c134d626ec8c8d6fc481513a98fbc5d26a2c14", 0x56}, {&(0x7f0000000f00)="cd660114480bb5a3052ac22518289d7e09ead7abcc5044960de9675f9f61e43cd2a7f8235deab622d89607cf7530ee2952fe008987f0f8d499", 0x39}, {&(0x7f0000000f40)="040d0ffa18435cd71952a32a99d8f472fe05c185975f80de55e1359837201c0b32f5812a3386222ed747508c4f922ed2b1de3627dc4533ed40551253e810bce5b69a2ddb39391fa917e05941e1c0ce51b37ed6706412711771d2febdd9ec6b947dbf744afa85ab64f9a9ce00c64a33978e6ddf096b03f74a15aadfe4f0440e6f0ce32bfe56ff3b11c6e88d84486f80992ca7d2c72d43297d1a324d57091b0ea619ea81bf9b318c56fdb62ee14e04cf99040384ba56c3372bf1c2086f2099612f2ff2f96aaf02f481764dc52881cc7e837f69a6eea8c9306621c89213e6e3cc338a658ec1a736bef90405ba633214533e5ca9db913e45878b42fbc77047538b2e9264eda9598f09325c648ebe8cc928345cce439428dae496e12bcff54214a971177ef2b2b4ffbf43dc6da1204fff47950e393138f2dab1260515ee16936568240aca81011550717a220ba38a541382f44662e58eb722b0467c4675ed701fa49eb4e3ffca45e9c22d8083c89ecc1d37cc13281ab0880de70831fbf3afd6350da9587263b489d8ecae0a23485f3960885d7f79729902e0d89645f56a98331ff7ec29d3af082cc831db7b91738e20b0e3a7ad4c63ac0115a0b316c315160e0cf0b4018a77bc9b021e00ea47f1ea0662cdb6afd8e63d3517e17d9dd0eb9d8500efa74f052778b9bcd944da6263a8c5e6e26453d61c27ddbccc115f89b4e495b3ab9af35249a1ca23a61f04eb4e6207098761557ef07b181e105a6cf5605391f6f53d38920810fb29ee2da197ced51f0439c299b4fcfc9c8caa8b942103af09b65ee7f7f27503e0ebfe0f10bb38c6ad9a34dd54f8f4d30015d9f86a1be03c76ebce8602565cfed114fac9981f710ec56492a2a376699729c6c7170fb51bffbfe8296ac294534d37ab3cbf50818742410407be888f9a3ff9bcc52d031d773170f5453ef7ad54acd32289f0779e364b580271ab6aff44131a9edfa2ad7a4f4d7b8b44606622965d31ad79995ce4c3db6041a37e22e194e2c0924c34abc92ce22f14d2da99dad73c3d7029a7652a55340d059a1b4f21cc55bce239f47728ba6dc4d38dfc4fd495b7596913c9c88e6a02e8644db09e780c9f65014e97e10d5a6efb6838b7544fe99f7d0da086a8321de21f107a75a6de81b0da2c9010f634abb4b8ec38c4282876a4325b85ae904e8436c35cf5ba91d283b3496876400ad82c7f1a38c9c74142a14e630947365df8da6c069f1f2b5545ea84d8b6aadcf56814b3226fd5a92196291e96e80aa384b1d56bff067e37a4f3cd4628e9d141d53f981aa7aa2811890a91af906a36e838a7a7cb44f3ea8ba0dd3b0cce83680536ec8ba76afda0268f6ac989fcdccc602676191b6bb357588980d31e6b19b6ab9550949a106debfcf186951dbbad405757f3296643b77252530c73da1d16076e9ccfc3885405f2c3effe29f91dedbeb586ebb7da1da77a3b48b28197cdfa1d298cdea4790fd8194f3a1534a7a2830239dfd3f860d1c91ee7903a8d1eb65f8a3d5794d0a3e30fb7c97ace573a6db3706b7259dc709b9b518b9a44505360fe6de538453319ea6ff7e90cdb734ed7ef877b2b583b3388a29a1f4531bdba6c7364b42bbe4c6b63fbdd57be5e56e5aec7e44c73c43d34b75c326f5e1e93c5aa40749ec48861df225dee752a19f7ae3126f8e2fc0d0545b5dc877d0a7ddd92c56a63a00319e41eb61379ece1fcdc0d20c94d0125a7fa510bfd9f449cf802f350c4f4db164275d804941d19ecdccd0bcaa7d9062c1d93d59e182c748c8cc68ed981da4475ce249a5c88f66affa8b847fda6067e0cd31b1b8ac5b05dc333124498fd906b30d53832656208e15ddf10b24447937a0d50b905bbb2573c30cff7f539efb8ad020cb52875a4a4b8c26877cb8ee007f067acc8dda97d2a07eb4723131da6a8e7942cc7a0442997a0602ffcaabd74c73573a2471b7e381f9561197bd84f2587698986c7379cc159ee6e2fd03bc80cfa0de749a06b7bdd7083363f0f30113fd7da801e78f621f0205a98d4c3c52130ef05ed49be253b18188047aecd4016a76603ba298d207e7ea3c8bfaccb419b0da0c199dd85eabdd63ecf32cc81b4c3caa5426a395b1dc0e1a6c1dbc51798dc5a67788decae74df82ccc10dba22f6f49be9ae45c5383b7fc729b57e1d3b56f9106913eb1c99698d461496473ab487ca65ab3d6a987a86182beb3fc78dbc0f21645eb7e149f0a4e5bdba916230fd7cccfaf229caa1eaca73a7ae49c2c5ecb3a27a470fa12c72f8e0e7f7f7c5364394e1964ea3c02a341de29b41190514414101db5c2ed24c07e448bf64e053e1c7caa4da9d5413181c56f498875aab96c11d5c525e663c82e69900baa9e928fc4d879a534a51a2b7ed837a33a7eb528e7a7ce482ab4a345c8f1491727bbb9ee82723c48e15274a2063a8943301255bbbfca4309e23925cf65c15c2189ee9fa7d6637b400c2cc7fe549e9e59b2efd2d88b1307ca8161806a76e1379f25004df6e8bc1d950f82c00eecbd0d2cef8f7db0568531ced7ee6bb4b0aed17074534325cb001c05db06d2ccf3b507d0633f6932348d4511767d1e565e98683b8708838ca800cd3154074fa5722f53803d7a76e303bc723a5011f465d7788e29f1b3ad58854c6347cbebcdec6c6cf81d651f6a07e7d403ae8145b77db46bfe292f8044c1859d93e92478c030b7e6d4750a0c1bf64940b113855aaa4cd1ed7094cd5b729a38bfb0d14ff6173f1aa5c3ea4736b52a0c7dc67a143b1fd6a959601a53a923375a198238c6a4076fbfcd43d2913dceb9b93e4978cc489ca923ce2e0b3c8623fd7944ccab707ac18242df8d71b070c18cab82f44ae0da9152051c5c7561e643d3cb9c370538396377f9d8f039a4ce9d8a234acf2c955e575bf1307e9eb4e3fa5a8457efb83f0390f496b896cbbd005e0fd9d4b0e611e4a4bb2b9f926bbd665c214d80b9ef65ad10a4182a96729794b4d4f625c673a8ecd61a8cc017705c4e561902630630d5447e47e98f7500c559a5811df4dd69e8faad8782f5316966d9931540648a5e6267ef3f1625febcdd2c09109277a3e9d4929d6f4b0642a02e203f2bde0600604611f4c8f97917eb795987d15562e755424a08de6ea8b43359c38a29534a972b64504dc3287773242bf40a775b6a3737fbb3d8c7ee04593a10a66bdb26537bf35e0d8a2e6e9307a670d73f900f4f09e291e432effbd2db380052f08655253828effaf6102a4cbf96e4271f3b7b89d461b9db7f2c7932f027f56ebd100c6f83b07f19f06d967a83aea11aafba24d761c1e154d2f6c5e2ea20aa4ca824735524cd02e9e2f949b9f9454b903ee744454b4b50f60797954fc9cb82e59bad9113cad5f678ebc2c799fd06ffca0eac9e4421de2f31093ef6cb0fe954088f70812a0aa870cbc7914c8ac5a498d00bd792957600db70ce4dc78e5175c550b8a1216fa907e114380f8e9e96802aa51332e8504060823a77dc3187a319af26b21d1dc8baa3410026753b56c61952c3cb620d56f918611bde023f26a0a2b470b58004ef535bb0bbf490beb27963463c9cb51bd776f14df85a5c0bef27d501f371784fc02059e8b9235d95bfbd227ec57d0d042b9f4c640fd1af699a671330175e6944fdc2ab05b14b3ef9bd158155b418665e55e85ff91bc3142bb485c034d50818fef182d24cb2d715c653549a917bd953a767a01597943bf805a62f5b3b9f640a738b5a8374b46df17085797e9a107fbee8603060345dd4dd033628a1eafa2493048dfc50e1b0359ff79d96bce9a218695542002c9d1576e330def6830af50149685c84dbadec24d6786df0f91a8a35bed6f7d351e4c72ec4cfa61ee2de70be2595ee9115a4f082616bb688686354b7c011eb2293adee97a97a6cb02cf2f5d91bc687a56b80504af4282dd38ddebd915807b8c927fe4e1b3f96f162a79375687abb2c47bd0342c143d513caa13e89c4c6db27156293f18781f649f306f608eec0479b4703aca1d2fa26dcbe93074a8ea9d38c35be6eee89293352e73627c18f3ec9ca49366d734a31b7236b069774651767f8e414c67f92d2e8a19b64fd92023e78ef9090009db46644c53d13724acadf9457ed046ef3e0d73460ad6edd47307c2e7c10bf7a24bb6b5786e4c9cc8aa4596a665fedb5b4a6fb82d1be410991c68bce7a0f1306801ec0ad2a14322349dc559eb3a7d5c1a573ba16322983deb627d6c2a1ddd9cad089f65eccad1ebcdd1d5c69c7bcb056ae3f892c6b9fdc70f2c548fa1c93a35f757fd434401158fcfecd7ba14c8870ec4e9e127279a3a8ee876ec2b7b0b0ba4c264da9ce2d818d4ca6b840db0b8cc9f78b2ef2cb783d79d7e0a6e29f85da6662ca66c2e8bc6345cac17afc1740a3b81f7ab40210d78f6313ccda839926d7e67a537f37ebbcb63d72c476ab1630cb973eb7df4610df086d0a18ecb4d78852ccdde9cd2882a5c40a2a7a9f065a183c04afe24d1df0abd87d2ad0a41fdd5702f2c5aa22ea9449f20312e5bd8ec206dc19db4d48d71fed4719aed4a3935afd489c909cca7d4ed77c4fbcd2e57df36e8fa6b742782466dc754fd187444fd0e9371c9a3fa6f44f9fa0b3a44e75104703020237afbd8d3c777e8808e16011ea66289e608c4e2716c328898e895c2a8afa4920b8d658a0a32ac31c4e0e4835d83618266d012516707372ce23243635ba8b1295716aeb1d4fdd105ffe0acc4e2f6c2131ca89ec8aa953e0a0ce8fb0b8cdb22988450a63d13fa8e9563ba3dd4173ccac34086a6edc3ff4555e20b514d23c624ec634958306394e5449b2db4f31c76dfdded9f00ba469eb7036f6cedfb7dbfceae6ce557bb37275bcba03194ae691911bd8b682dc73fabf4eefb7a97a779c130561d15ed3563d7b8019d4a22487591b4d399d157f000a8ae3ee8e03ec0b9c3f120f1c336fa31eea4c69d1bf016e5d940e90446bb8cce9a3eff78aac66d8a7cdfd96007b16db54fd0e8e0ad4ca939c67c28c36e30b051411413b12bd3aca883a53de431787c0f8d504221b55151aa49a1d4fa0d79705dac76cf6561a53d6e9700be9dbe0cb4b48a9f751744afb08e79864ed75fb6139e9ecebcd2d0b573615dc2c77e00a1318f64930619393d8aad5515588fdc4dea81140f1d645092f8e8e0c4d8882a67ce155d39d33e58f77dc92fd1c8afc823f5133badba0f06b1c1a3d5427f559f8f2c72c97555827ada17f4db6635da12518547fd5cb777b8e05522745593b536a84fd4b8a2252ac923d13ae74098fb54086bf12f3b8f2ee4b4d3ac814a27bf16c6b8fdf12f7fdf76ab8c383ef0beff8d96bf248d2e466e460c55b869998ae729189b978c2211ac83ebc442faab0c3402365ab2546f01163b8638caa6871adc98fca2af25b2ae00fb65085c7c0d6e47b0d84d6a86514b0f500d308893440c49228fc0dd250073e7daa6a24c0109c962972d51adaf96d9bafe96b321be99a9c8d23889db15874f4be8d2d319c3e7a9d042e2129dc1ed2beeaefce63a51e821e5f567581c2e46d4fe48d3ef7b49632ba99a7ccfd54c8a1c0582bc53267a5928df5e79f7f3e440ac9abcca93b865e85f27f4683ac2b1d4823d7e8567f21674ea8581506580d592bf72b58cf792ec3796195c236c4f190d84307c1647975fd4a3e154856c00d674d6bce2d8d0498b5e37c7bfd10d57b5f59feccd72294c07ed5da35649cde68059cf7702f4756fc92624f215f057468b7a1e8b442b65867351c92121389a326a560c4b3884fcca7e7a20eb3388fd4a5e649b8e3fbb", 0x1000}], 0x4, 0x0, 0x0, 0x10}, 0x4004)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001fc0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x5}, 0x50)
ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000002040)={'macvtap0\x00', {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x2a}}})
setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r2, 0x84, 0x15, &(0x7f0000002080), 0x1)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000020c0)='./cgroup/syz1\x00', 0x200002, 0x0)
mkdirat$cgroup(r6, &(0x7f0000002100)='syz1\x00', 0x1ff)
r7 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$NILFS_IOCTL_SET_ALLOC_RANGE(r7, 0x40106e8c, &(0x7f0000002140)=[0x2])
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000002180))
socket$netlink(0x10, 0x3, 0x13)
r9 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000021c0)={<r10=>0x0, @in6={{0xa, 0x4e21, 0x1, @loopback, 0x2}}, 0x8, 0x3, 0x9, 0x4b, 0x4, 0xffff, 0x4}, &(0x7f0000002280)=0x9c)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r9, 0x84, 0x1, &(0x7f00000022c0)={r10, 0x0, 0x63b, 0x9, 0x0, 0x9}, &(0x7f0000002300)=0x14)
socket$inet_sctp(0x2, 0x5, 0x84)
splice(r8, &(0x7f0000002340)=0x2, r6, &(0x7f0000002380)=0x2, 0xcb72, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f00000023c0)={r7})

549.82487ms ago: executing program 1 (id=3418):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x7ffffff7, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r1, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000280)="5338a3848b25", 0x6}], 0x1}}], 0x1, 0x20008000)
recvmsg(r1, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000000200)=""/112, 0x70}], 0x1}, 0x123)
shutdown(r1, 0x1)
socketpair(0x25, 0x4, 0x8, &(0x7f0000000000))
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x50}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x7}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x1, 0x7}}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x84}, 0x8000)
r6 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r6, &(0x7f00000000c0), 0x492492492492627, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e6, &(0x7f0000000080)="7c773d39aeef00")
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e6, &(0x7f0000000500)="d7")
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000520001000000000000000000020000000c00", @ANYRES16=r7], 0x20}}, 0x0)

524.050527ms ago: executing program 4 (id=3419):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
getsockopt$WPAN_WANTACK(r0, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000080)=0x410, 0x4)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f00000000c0)=0x123c1ef8ad729bba, 0x4)
getsockopt$sock_timeval(r0, 0x1, 0x57, &(0x7f0000000100), &(0x7f0000000140)=0x10)
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f0000000180)=0x2000, 0x4)
r3 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r4, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x20, r5, 0x100, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}]}, 0x20}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r6, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x3c, r7, 0x400, 0x7fff, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x8800)
r9 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000480)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r9, &(0x7f00000004c0)={'c', ' *:* ', 'w\x00'}, 0x8)
ioctl$XFS_IOC_SCRUBV_METADATA(r9, 0xc0285840, &(0x7f0000000540)={0x6, 0x9, 0xe, 0x0, 0x80, 0x2, 0x0, &(0x7f0000000500)=[{0x7, 0x1ff, 0x37a}, {0xf, 0x101, 0x7}]})
ioctl$XFS_IOC_START_COMMIT(r1, 0x80585882, &(0x7f0000000580)={<r10=>0xffffffffffffffff})
epoll_pwait(r10, &(0x7f0000000600)=[{}, {}], 0x2, 0x7f, &(0x7f0000000640)={[0x8]}, 0x8)
ioctl$sock_bt_bnep_BNEPGETCONNLIST(r3, 0x800442d2, &(0x7f0000000700)={0x4, &(0x7f0000000680)=[{0x0, 0x0, 0x0, @random}, {0x0, 0x0, 0x0, @local}, {0x0, 0x0, 0x0, @broadcast}, {0x0, 0x0, 0x0, @random}]})
sendmsg$NFT_BATCH(r10, &(0x7f0000000b00)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000780)={{0x14}, [@NFT_MSG_NEWSET={0x38, 0x9, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0xd00d}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x16}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWSET={0x22c, 0x9, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x2a}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @notrack={{0xc}, @void}}, @NFTA_SET_OBJ_TYPE={0x8}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_SET_USERDATA={0x4e, 0xd, 0x1, 0x0, "a76e7f5a7036758c0e2b975906e3ee2d69c3df3c231a0704b43975e304e45200811776235cb620d5c911f3e1cf97aed98204a63719f6d562a1e6d8563b3306f4d0c664f11bc56e1528dc"}, @NFTA_SET_EXPR={0x180, 0x11, 0x0, 0x1, @target={{0xb}, @val={0x170, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x5e, 0x3, "d17b5aec72fe88e8987c3397ce548ab0f7d7fdc515ac04ddeffa814692d0bd563d649903a4e1989ec4e703c4e9c8c459056188984920a88ff6da46c0c888498f0516dc64cc2e7c9f31b70338292975b8dde133ade51784466eee"}, @NFTA_TARGET_NAME={0xe, 0x1, 'IDLETIMER\x00'}, @NFTA_TARGET_NAME={0xf, 0x1, 'MASQUERADE\x00'}, @NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_TARGET_INFO={0xc9, 0x3, "cb3d3fe150c711c9160d28eb2d87026f8b9cbc1e79bd5fca6fc8db98ddb71dc7ec6ac368e4f0d4a31b6f6945f98c6ea077026a0ac58f8eed4d0020551439c2ef8bc708cb7a7f5119772cd11397cdd8f8ffc3d9d2bbc89b2549699da0ea1aa608869a367d3dedcb0b675a1a52572171775155f83a4e92cf60b4c78c389234016db192ffcbe5c8843828689078af0fba34c26282f97c8814920a59e402561d61bf08356d74e4294683d80653d388d9c946730a42048ab8f0ee39acd43fc59eb9ff7a92bd62ab"}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TARGET_NAME={0x8, 0x1, 'LED\x00'}]}}}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0xfffffffffffffff9}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x4}]}, @NFT_MSG_DELCHAIN={0x88, 0x5, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x1}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xffffffffffffffff}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x5}, @NFTA_CHAIN_TYPE={0xb, 0x7, 'filter\x00'}, @NFTA_CHAIN_HOOK={0x30, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x2ef51279}, @NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth0_to_batadv\x00'}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_CHAIN_TYPE={0xb, 0x7, 'filter\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x314}}, 0x4040)
pipe(&(0x7f0000000b40)={<r11=>0xffffffffffffffff})
sendmsg$kcm(r11, &(0x7f0000000d00)={&(0x7f0000000b80)=@llc={0x1a, 0x6, 0xff, 0xf8, 0x1, 0x6, @multicast}, 0x80, &(0x7f0000000cc0)=[{&(0x7f0000000c00)="8e280fc14584a060a83e53686f73ddab94521fd407c08c9da2d235b0cba6af49f5c0d7a61f5b34902f399786e7f8d361b74b3ca5c18d5734fb8313bc1b49de0210f35c663fe1868c13ea1effd335cbe2f072a728c6f4d4c8a905da02cba2ed610098a7f69a6e687314ee826aa0daae25bed2e4f4c212eef5db79b843266df63524c6ea1c00252b", 0x87}], 0x1}, 0x0)
r12 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000d80), r11)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r11, 0x89f1, &(0x7f0000000e40)={'ip6gre0\x00', &(0x7f0000000dc0)={'ip6tnl0\x00', <r13=>0x0, 0x4, 0x5, 0x5a, 0x0, 0x20, @mcast1, @loopback, 0x10, 0x20, 0xb6, 0x6}})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r11, 0x89f3, &(0x7f0000000f00)={'gre0\x00', &(0x7f0000000e80)={'syztnl2\x00', <r14=>0x0, 0x700, 0x8, 0x7, 0x5, {{0x17, 0x4, 0x3, 0x3e, 0x5c, 0x68, 0x0, 0x9f, 0x29, 0x0, @private=0xa010102, @private=0xa010101, {[@ssrr={0x89, 0x1b, 0x3d, [@multicast2, @empty, @rand_addr=0x64010101, @loopback, @loopback, @dev={0xac, 0x14, 0x14, 0x3d}]}, @lsrr={0x83, 0x2b, 0x35, [@rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x37}, @private=0xa010100, @loopback, @rand_addr=0x64010101, @rand_addr=0x64010102, @loopback, @local, @private=0xa010100, @loopback]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(r11, 0x8933, &(0x7f0000000f40)={'team0\x00', <r15=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001400)={&(0x7f0000001340)={0xc0, r12, 0x300, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0xda}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x2}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0xd8}, @ETHTOOL_A_LINKINFO_HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x6}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x6}, @ETHTOOL_A_LINKINFO_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x80}, 0x40)

427.657167ms ago: executing program 3 (id=3420):
socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x2c, 0x3, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x4, 0x4)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c00000010001fff000000008000000000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00?\x00\x00\b\x00\n\x00', @ANYRES32=<r6=>r5, @ANYBLOB="240012800b000100627269646765"], 0x4c}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x2)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r8)
getsockname$packet(r8, &(0x7f0000000680)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYRESDEC=r10, @ANYRESHEX=r9, @ANYRES64=r6, @ANYRES32=r6, @ANYRES32=r5], 0x3c}}, 0x10)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r4, 0x8008f511, 0x0)
r11 = socket$nl_route(0x10, 0x3, 0x0)
r12 = socket(0x1, 0x803, 0x0)
getsockname$packet(r12, 0x0, 0x0)
sendmsg$nl_route(r11, 0x0, 0x884)
socket$netlink(0x10, 0x3, 0x400000000000004)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/cgroup\x00')
socket$pppl2tp(0x18, 0x1, 0x1)
socket$kcm(0x29, 0x2, 0x0)

343.645212ms ago: executing program 0 (id=3421):
r0 = socket(0x1d, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
sendmmsg$unix(r1, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000340)="90", 0x1}], 0x1, 0x0, 0x0, 0x8801}}], 0x1, 0x20004031)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYRESDEC=0x0], 0x8c}, 0x1, 0x0, 0x0, 0x200080c0}, 0x4080)
writev(r3, &(0x7f0000000040), 0x2)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f00000000c0), 0x4)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)=ANY=[@ANYRESHEX=r0], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000006c0)={r5}, 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x11, &(0x7f00000008c0)=ANY=[@ANYBLOB="18000000800000000000000001000000850000000f000000b7080000000000007b8af8ff00000000b7080000161300007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000003f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x15)
write(r2, &(0x7f0000000000)="0a000000010001", 0x7)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r0, &(0x7f0000000800)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000700)={0x44, 0x0, 0x800, 0x70bd2a, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xa0}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x800}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x20040040}, 0x20048000)
socket$inet6(0xa, 0x2, 0x0)
socketpair(0x23, 0x2, 0xffffffff, &(0x7f0000000180))
unshare(0x8000400)
socket(0x3, 0x5, 0x100)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_int(r8, 0x0, 0x2, 0x0)
r10 = socket$inet(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r10, 0x4000000000000, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x8, 0x3, 0x1e8, 0xc8, 0x8, 0xfa04, 0x0, 0x6c02, 0x180, 0x194, 0x194, 0x180, 0x194, 0x3, 0x0, {[{{@ip={@remote, @broadcast, 0xff000000, 0x8fb2bd54e1114dfe, 'sit0\x00', 'ip6_vti0\x00', {0xff}, {}, 0x6, 0x1, 0x36}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@ip={@rand_addr=0x64010101, @empty, 0xff000000, 0xffffff00, 'veth1_to_batadv\x00', 'nr0\x00', {}, {0xff}, 0x5c, 0x1, 0x7f}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x4c, 0x1ff, 0xd, 'snmp_trap\x00', {0x4c18}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x248)
write$cgroup_subtree(r9, &(0x7f0000000100)=ANY=[@ANYBLOB='-7'], 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0xf, &(0x7f0000000940)=ANY=[@ANYBLOB="180000000000000000000000ffffff7f18110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000000d450100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000680)='GPL\x00', 0x5, 0x2a, &(0x7f0000000780)=""/42, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fffffff}, 0x94)

253.130218ms ago: executing program 4 (id=3422):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
close(0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, &(0x7f0000001040)=[{}], &(0x7f0000000100)=0x41)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0x15, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x86}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r5, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x3}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x800)
sendmsg$NFT_BATCH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWFLOWTABLE={0x48, 0x16, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'geneve0\x00'}]}]}]}], {0x6d}}, 0x70}}, 0x24040884)

129.484512ms ago: executing program 1 (id=3423):
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000340)={{0x1, <r0=>0xffffffffffffffff}, &(0x7f0000000200), 0x0}, 0x20)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, r0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x50)
bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'aead\x00', 0x11, 0x0, 'aegis256-generic\x00'}, 0x58)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000240)={0x0, 0x87, "7bf8ec152fa16d39e4553d9607191c01003f4f261459314625abafbae0dd3d3a415cb19b2f3f5bd1d92f8a3b28f86ac6911e26622113c1d519b46c2b1bb9b76cf8008d37a06e88b31100ae16fcb20ca3c5e2bc78d0014278c1e4c7fb4ab35e2c3ae32abc7bf205fd325765be5684ece2933f3325ec9cb8b4725605bf2722d1ded87089430c8a35"}, 0x0)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000100)="480000001400195a8563e43c12f461560a2972063700000000000000590000a2bc5603ca00000f7f89000004200000000101ff000000032fdc0e2d9d9b7373ed", 0x40}], 0x1)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}}, 0x40040)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000001dc76dcd00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x3, 0x16, &(0x7f0000000280)=ANY=[@ANYBLOB="7912b8000000000061138c0000000000bf2000000000000015000000080063033d030100000000009500003a000000006916000000000000bf6700000000000066060500fcff03006706000002000000760300000ee60060bf050000000000003c6500bf000000006507f9ff01000000070700004cdfffff1e75040000000000bf54000000000000070400000400f9ffad43010000000000d5000000000000000500000000000000950000000000000032410000000000000054bb12dc8c27df8ecfc7bdd2d17f2f1754558f22dd399703d6c4f6f3be0b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf7a13ba1fcf1111ce4fc0d742a81762bab8395fa64810b5b40d893ea8fe0ffffff7f1b546cad3f1d5af65706fd4f68795cce6cf16ab689b555202da2e0ec2871a51445dc8da39e5b0ab71ca9b901627b562ed84b026002d4519af619e3cca4d69e0dee080006774a8f3e691700ec88158f02001b0000c81c8b297dff0445a13d0045fb3cda32a673a6bb55d8c80800dce431e56723888fb126a1403d2b63f16fb2ad9bc117aba7cbebe174aba210d739a018f9bbec63222d20cedbc4d03723f1c932b3a6aa57f1ad2e99e0e67a993716d20000009f0f53acbb40b401e3738270b3156268784f2af9e4bcf8b07a10d6735154be1602f9dd1d7d4301e00000000000460bcc5989ec85e3cbcb6bcfaf0000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d0861cd64722cf74686ebfbe2562671cd47840f81d2a8f8f9be3bcd19dc6840aa7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7eab049b1bd47287cd31cc43ea0ffb567b40407d000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014)

0s ago: executing program 0 (id=3424):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0), 0xc)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000180)="521692a1a8fa2c315c66d70eee715171a2a3221f6f13fbe57b1772ddbc1d8d5c85ffb5366377acf4de8af0f5e69cb01bd0c6596be438890950e5b47332b15880c29eb868763cb9bcb2b10fe6ed9d4cf23362eef4951af9827e4e51f5")
ioctl$F2FS_IOC_GET_FEATURES(r0, 0x8004f50c, 0x0)
accept$phonet_pipe(0xffffffffffffffff, 0x0, &(0x7f0000000280))
ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(0xffffffffffffffff, 0x4058587a, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f00000000c0)=0x7)
write$nci(0xffffffffffffffff, 0x0, 0x4)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x7, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r3, 0x890b, &(0x7f00000007c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bpq0, 0x5, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]})

kernel console output (not intermixed with test programs):

 bond0: (slave dummy0): Enslaving as an active interface with an up link
[  407.506916][T15503] net_ratelimit: 10 callbacks suppressed
[  407.506927][T15503] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  407.551093][T15501] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  407.806879][T15512] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2699'.
[  407.836739][T15514] netlink: 'syz.4.2701': attribute type 10 has an invalid length.
[  407.858509][T15514] bond0: (slave dummy0): Releasing backup interface
[  407.882836][T15514] netlink: 'syz.4.2701': attribute type 10 has an invalid length.
[  407.902912][T15514] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  407.961998][T15514] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2701'.
[  408.057769][T15521] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  408.402759][T15529] lo speed is unknown, defaulting to 1000
[  408.504764][T15529] lo speed is unknown, defaulting to 1000
[  408.536789][T15539] lo speed is unknown, defaulting to 1000
[  408.892641][T15545] netlink: 'syz.2.2707': attribute type 10 has an invalid length.
[  408.930088][T15545] bond0: (slave dummy0): Releasing backup interface
[  408.940931][T15545] dummy0: left promiscuous mode
[  408.948057][T15545] dummy0: left allmulticast mode
[  408.949715][T15547] netlink: 'syz.2.2707': attribute type 10 has an invalid length.
[  408.974449][T15545] team0: Port device dummy0 added
[  409.003234][T15539] lo speed is unknown, defaulting to 1000
[  409.026749][T15545] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2707'.
[  409.027354][T15547] team0: Port device dummy0 removed
[  409.056256][T15547] dummy0: entered promiscuous mode
[  409.070845][T15547] dummy0: entered allmulticast mode
[  409.082143][T15547] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  409.122985][T15535] pim6reg: entered allmulticast mode
[  409.320987][T15555] netlink: 'syz.4.2709': attribute type 10 has an invalid length.
[  409.388723][T15556] netlink: 'syz.4.2709': attribute type 10 has an invalid length.
[  409.431201][T15555] bond0: (slave dummy0): Releasing backup interface
[  409.460911][T15559] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2709'.
[  409.530534][T15556] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  409.584608][T15558] IPVS: set_ctl: invalid protocol: 108 255.255.255.255:20001
[  410.104351][T15567] lo speed is unknown, defaulting to 1000
[  410.120475][T15567] lo speed is unknown, defaulting to 1000
[  410.308028][T15577] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2713'.
[  410.327530][T15574] can: request_module (can-proto-0) failed.
[  410.385600][T15574] xt_l2tp: missing protocol rule (udp|l2tpip)
[  410.522158][T15585] FAULT_INJECTION: forcing a failure.
[  410.522158][T15585] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  410.539807][T15588] IPVS: set_ctl: invalid protocol: 108 255.255.255.255:20001
[  410.583658][T15585] CPU: 0 UID: 0 PID: 15585 Comm: syz.4.2715 Not tainted syzkaller #0 PREEMPT(full) 
[  410.583685][T15585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  410.583705][T15585] Call Trace:
[  410.583784][T15585]  <TASK>
[  410.583792][T15585]  dump_stack_lvl+0xe8/0x150
[  410.583953][T15585]  should_fail_ex+0x412/0x560
[  410.584050][T15585]  _copy_to_user+0x31/0xb0
[  410.584100][T15585]  simple_read_from_buffer+0xe1/0x170
[  410.584148][T15585]  proc_fail_nth_read+0x1bb/0x230
[  410.584190][T15585]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  410.584247][T15585]  ? rw_verify_area+0x2a6/0x4d0
[  410.584270][T15585]  ? tun_chr_write_iter+0xe0/0x200
[  410.584369][T15585]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  410.584395][T15585]  vfs_read+0x20c/0xa70
[  410.584411][T15585]  ? fdget_pos+0x246/0x320
[  410.584438][T15585]  ? __pfx___mutex_lock+0x10/0x10
[  410.584560][T15585]  ? __pfx_vfs_read+0x10/0x10
[  410.584581][T15585]  ? __fget_files+0x2a/0x420
[  410.584609][T15585]  ? __fget_files+0x3a0/0x420
[  410.584631][T15585]  ? __fget_files+0x2a/0x420
[  410.584659][T15585]  ksys_read+0x150/0x270
[  410.584681][T15585]  ? __pfx_ksys_read+0x10/0x10
[  410.584709][T15585]  do_syscall_64+0x14d/0xf80
[  410.584758][T15585]  ? trace_irq_disable+0x3b/0x150
[  410.584798][T15585]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.584832][T15585]  ? clear_bhb_loop+0x40/0x90
[  410.584852][T15585]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.584873][T15585] RIP: 0033:0x7f2ab315cfce
[  410.584895][T15585] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  410.584911][T15585] RSP: 002b:00007f2ab40e8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  410.584935][T15585] RAX: ffffffffffffffda RBX: 00007f2ab40e96c0 RCX: 00007f2ab315cfce
[  410.584947][T15585] RDX: 000000000000000f RSI: 00007f2ab40e90a0 RDI: 0000000000000003
[  410.584958][T15585] RBP: 00007f2ab40e9090 R08: 0000000000000000 R09: 0000000000000000
[  410.584969][T15585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  410.584980][T15585] R13: 00007f2ab3416038 R14: 00007f2ab3415fa0 R15: 00007fff05b481b8
[  410.585008][T15585]  </TASK>
[  411.010029][T15593] netlink: 'syz.1.2717': attribute type 1 has an invalid length.
[  411.031543][T15595] netlink: 'syz.4.2718': attribute type 25 has an invalid length.
[  411.203448][T15600] lo speed is unknown, defaulting to 1000
[  411.211172][T15600] lo speed is unknown, defaulting to 1000
[  411.238558][T15607] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2720'.
[  411.314710][T15611] IPVS: set_ctl: invalid protocol: 108 255.255.255.255:20001
[  411.549690][T15618] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2723'.
[  411.566828][T15621] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2724'.
[  411.697878][T15602] lo speed is unknown, defaulting to 1000
[  411.716528][T15602] lo speed is unknown, defaulting to 1000
[  411.747919][T15624] lo speed is unknown, defaulting to 1000
[  411.865647][ T2339] block nbd11: Possible stuck request ffff888026e50000: control (read@0,1024B). Runtime 180 seconds
[  411.877093][ T2339] block nbd11: Possible stuck request ffff888026e50200: control (read@1024,1024B). Runtime 180 seconds
[  411.889739][ T2339] block nbd11: Possible stuck request ffff888026e50400: control (read@2048,1024B). Runtime 180 seconds
[  411.901462][ T2339] block nbd11: Possible stuck request ffff888026e50600: control (read@3072,1024B). Runtime 180 seconds
[  412.077107][T15624] lo speed is unknown, defaulting to 1000
[  412.210532][T15639] bond0: (slave dummy0): Releasing backup interface
[  412.240077][T15639] dummy0: left promiscuous mode
[  412.245147][T15639] dummy0: left allmulticast mode
[  412.258575][T15639] team0: Port device dummy0 added
[  412.280197][T15640] team0: Port device dummy0 removed
[  412.307249][T15639] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2729'.
[  412.312054][T15640] dummy0: entered promiscuous mode
[  412.348414][T15640] dummy0: entered allmulticast mode
[  412.361702][T15640] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  413.405572][T15655] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2735'.
[  413.524486][T15658] bond3: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0)
[  413.546245][T15658] bond3 (unregistering): Released all slaves
[  413.598822][T15667] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  413.645183][T15659] lo speed is unknown, defaulting to 1000
[  413.670183][T15659] lo speed is unknown, defaulting to 1000
[  413.739693][T15674] FAULT_INJECTION: forcing a failure.
[  413.739693][T15674] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  413.789610][T15674] CPU: 1 UID: 0 PID: 15674 Comm: syz.0.2741 Not tainted syzkaller #0 PREEMPT(full) 
[  413.789639][T15674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  413.789649][T15674] Call Trace:
[  413.789657][T15674]  <TASK>
[  413.789665][T15674]  dump_stack_lvl+0xe8/0x150
[  413.789695][T15674]  should_fail_ex+0x412/0x560
[  413.789723][T15674]  _copy_from_user+0x2d/0xb0
[  413.789750][T15674]  ___sys_sendmsg+0x1c6/0x360
[  413.789899][T15674]  ? __pfx____sys_sendmsg+0x10/0x10
[  413.789950][T15674]  ? __fget_files+0x2a/0x420
[  413.789975][T15674]  ? __fget_files+0x3a0/0x420
[  413.790009][T15674]  __x64_sys_sendmsg+0x1bd/0x2a0
[  413.790030][T15674]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  413.790057][T15674]  ? __pfx_ksys_write+0x10/0x10
[  413.790087][T15674]  do_syscall_64+0x14d/0xf80
[  413.790111][T15674]  ? trace_irq_disable+0x3b/0x150
[  413.790135][T15674]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.790153][T15674]  ? clear_bhb_loop+0x40/0x90
[  413.790176][T15674]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.790194][T15674] RIP: 0033:0x7f1b7a99c799
[  413.790211][T15674] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  413.790226][T15674] RSP: 002b:00007f1b7b77c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  413.790246][T15674] RAX: ffffffffffffffda RBX: 00007f1b7ac15fa0 RCX: 00007f1b7a99c799
[  413.790259][T15674] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000006
[  413.790271][T15674] RBP: 00007f1b7b77c090 R08: 0000000000000000 R09: 0000000000000000
[  413.790282][T15674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  413.790292][T15674] R13: 00007f1b7ac16038 R14: 00007f1b7ac15fa0 R15: 00007ffd18cc4b88
[  413.790322][T15674]  </TASK>
[  414.235929][T15679] syzkaller0: entered promiscuous mode
[  414.254808][T15679] syzkaller0: entered allmulticast mode
[  414.414437][T15693] FAULT_INJECTION: forcing a failure.
[  414.414437][T15693] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  414.460740][T15689] lo speed is unknown, defaulting to 1000
[  414.479623][T15693] CPU: 1 UID: 0 PID: 15693 Comm: syz.4.2746 Not tainted syzkaller #0 PREEMPT(full) 
[  414.479652][T15693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  414.479663][T15693] Call Trace:
[  414.479670][T15693]  <TASK>
[  414.479679][T15693]  dump_stack_lvl+0xe8/0x150
[  414.479710][T15693]  should_fail_ex+0x412/0x560
[  414.479739][T15693]  _copy_from_user+0x2d/0xb0
[  414.479766][T15693]  kstrtouint_from_user+0xd6/0x180
[  414.479872][T15693]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  414.479912][T15693]  proc_fail_nth_write+0x8e/0x210
[  414.479938][T15693]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  414.479969][T15693]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  414.479995][T15693]  vfs_write+0x29a/0xb90
[  414.480023][T15693]  ? __pfx_vfs_write+0x10/0x10
[  414.480044][T15693]  ? __fget_files+0x2a/0x420
[  414.480072][T15693]  ? __fget_files+0x3a0/0x420
[  414.480095][T15693]  ? __fget_files+0x2a/0x420
[  414.480128][T15693]  ksys_write+0x150/0x270
[  414.480156][T15693]  ? __pfx_ksys_write+0x10/0x10
[  414.480186][T15693]  do_syscall_64+0x14d/0xf80
[  414.480211][T15693]  ? trace_irq_disable+0x3b/0x150
[  414.480236][T15693]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.480255][T15693]  ? clear_bhb_loop+0x40/0x90
[  414.480277][T15693]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.480297][T15693] RIP: 0033:0x7f2ab315cfce
[  414.480314][T15693] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  414.480337][T15693] RSP: 002b:00007f2ab40e8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  414.480356][T15693] RAX: ffffffffffffffda RBX: 00007f2ab40e96c0 RCX: 00007f2ab315cfce
[  414.480369][T15693] RDX: 0000000000000001 RSI: 00007f2ab40e90a0 RDI: 0000000000000003
[  414.480381][T15693] RBP: 00007f2ab40e9090 R08: 0000000000000000 R09: 0000000000000000
[  414.480392][T15693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  414.480402][T15693] R13: 00007f2ab3416038 R14: 00007f2ab3415fa0 R15: 00007fff05b481b8
[  414.480433][T15693]  </TASK>
[  414.757587][T15689] lo speed is unknown, defaulting to 1000
[  414.857271][T15700] FAULT_INJECTION: forcing a failure.
[  414.857271][T15700] name failslab, interval 1, probability 0, space 0, times 1
[  414.949359][T15700] CPU: 0 UID: 0 PID: 15700 Comm: syz.2.2747 Not tainted syzkaller #0 PREEMPT(full) 
[  414.949393][T15700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  414.949403][T15700] Call Trace:
[  414.949410][T15700]  <TASK>
[  414.949418][T15700]  dump_stack_lvl+0xe8/0x150
[  414.949448][T15700]  should_fail_ex+0x412/0x560
[  414.949477][T15700]  should_failslab+0xa8/0x100
[  414.949536][T15700]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  414.949557][T15700]  ? __alloc_skb+0x186/0x7d0
[  414.949645][T15700]  ? __alloc_skb+0x1d0/0x7d0
[  414.949667][T15700]  ? __local_bh_enable_ip+0xd0/0x130
[  414.949709][T15700]  __alloc_skb+0x1d0/0x7d0
[  414.949736][T15700]  netlink_sendmsg+0x5d4/0xb40
[  414.949848][T15700]  ? __pfx_netlink_sendmsg+0x10/0x10
[  414.949875][T15700]  ? aa_sock_msg_perm+0xf1/0x1b0
[  414.949949][T15700]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  414.949984][T15700]  ____sys_sendmsg+0x972/0x9f0
[  414.950008][T15700]  ? __pfx_____sys_sendmsg+0x10/0x10
[  414.950036][T15700]  ? import_iovec+0x73/0xa0
[  414.950106][T15700]  ___sys_sendmsg+0x2a5/0x360
[  414.950130][T15700]  ? __pfx____sys_sendmsg+0x10/0x10
[  414.950181][T15700]  ? __fget_files+0x2a/0x420
[  414.950206][T15700]  ? __fget_files+0x3a0/0x420
[  414.950239][T15700]  __x64_sys_sendmsg+0x1bd/0x2a0
[  414.950259][T15700]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  414.950287][T15700]  ? __pfx_ksys_write+0x10/0x10
[  414.950317][T15700]  do_syscall_64+0x14d/0xf80
[  414.950342][T15700]  ? trace_irq_disable+0x3b/0x150
[  414.950365][T15700]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.950392][T15700]  ? clear_bhb_loop+0x40/0x90
[  414.950414][T15700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.950432][T15700] RIP: 0033:0x7f0ee9f9c799
[  414.950449][T15700] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  414.950465][T15700] RSP: 002b:00007f0eeae96028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  414.950484][T15700] RAX: ffffffffffffffda RBX: 00007f0eea215fa0 RCX: 00007f0ee9f9c799
[  414.950497][T15700] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  414.950508][T15700] RBP: 00007f0eeae96090 R08: 0000000000000000 R09: 0000000000000000
[  414.950519][T15700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  414.950530][T15700] R13: 00007f0eea216038 R14: 00007f0eea215fa0 R15: 00007ffc50231538
[  414.950558][T15700]  </TASK>
[  415.218178][T15703] validate_nla: 2 callbacks suppressed
[  415.218199][T15703] netlink: 'syz.4.2748': attribute type 2 has an invalid length.
[  415.351048][T15705] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2749'.
[  415.751902][T15707] netlink: 'syz.2.2750': attribute type 1 has an invalid length.
[  415.760003][T15707] netlink: 'syz.2.2750': attribute type 2 has an invalid length.
[  415.811575][T15709] FAULT_INJECTION: forcing a failure.
[  415.811575][T15709] name failslab, interval 1, probability 0, space 0, times 0
[  415.824548][T15709] CPU: 0 UID: 0 PID: 15709 Comm: syz.2.2751 Not tainted syzkaller #0 PREEMPT(full) 
[  415.824573][T15709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  415.824584][T15709] Call Trace:
[  415.824591][T15709]  <TASK>
[  415.824600][T15709]  dump_stack_lvl+0xe8/0x150
[  415.824630][T15709]  should_fail_ex+0x412/0x560
[  415.824659][T15709]  should_failslab+0xa8/0x100
[  415.824683][T15709]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  415.824703][T15709]  ? __alloc_skb+0x186/0x7d0
[  415.824727][T15709]  ? __alloc_skb+0x1d0/0x7d0
[  415.824749][T15709]  ? __local_bh_enable_ip+0xd0/0x130
[  415.824776][T15709]  __alloc_skb+0x1d0/0x7d0
[  415.824805][T15709]  netlink_sendmsg+0x5d4/0xb40
[  415.824839][T15709]  ? __pfx_netlink_sendmsg+0x10/0x10
[  415.824866][T15709]  ? aa_sock_msg_perm+0xf1/0x1b0
[  415.824890][T15709]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  415.824913][T15709]  ____sys_sendmsg+0x972/0x9f0
[  415.824940][T15709]  ? __pfx_____sys_sendmsg+0x10/0x10
[  415.824966][T15709]  ? import_iovec+0x73/0xa0
[  415.824996][T15709]  ___sys_sendmsg+0x2a5/0x360
[  415.825019][T15709]  ? __pfx____sys_sendmsg+0x10/0x10
[  415.825070][T15709]  ? __fget_files+0x2a/0x420
[  415.825094][T15709]  ? __fget_files+0x3a0/0x420
[  415.825128][T15709]  __x64_sys_sendmsg+0x1bd/0x2a0
[  415.825149][T15709]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  415.825176][T15709]  ? __pfx_ksys_write+0x10/0x10
[  415.825207][T15709]  do_syscall_64+0x14d/0xf80
[  415.825231][T15709]  ? trace_irq_disable+0x3b/0x150
[  415.825255][T15709]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.825282][T15709]  ? clear_bhb_loop+0x40/0x90
[  415.825304][T15709]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.825321][T15709] RIP: 0033:0x7f0ee9f9c799
[  415.825338][T15709] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  415.825353][T15709] RSP: 002b:00007f0eeae96028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  415.825371][T15709] RAX: ffffffffffffffda RBX: 00007f0eea215fa0 RCX: 00007f0ee9f9c799
[  415.825384][T15709] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[  415.825395][T15709] RBP: 00007f0eeae96090 R08: 0000000000000000 R09: 0000000000000000
[  415.825407][T15709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  415.825416][T15709] R13: 00007f0eea216038 R14: 00007f0eea215fa0 R15: 00007ffc50231538
[  415.825442][T15709]  </TASK>
[  415.930744][T15703] �9: entered promiscuous mode
[  416.088399][T15711] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2752'.
[  416.346160][T15718] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  416.585693][T15727] FAULT_INJECTION: forcing a failure.
[  416.585693][T15727] name failslab, interval 1, probability 0, space 0, times 0
[  416.610783][T15730] FAULT_INJECTION: forcing a failure.
[  416.610783][T15730] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  416.634817][T15727] CPU: 0 UID: 0 PID: 15727 Comm: syz.4.2759 Not tainted syzkaller #0 PREEMPT(full) 
[  416.634844][T15727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  416.634855][T15727] Call Trace:
[  416.634861][T15727]  <TASK>
[  416.634870][T15727]  dump_stack_lvl+0xe8/0x150
[  416.634900][T15727]  should_fail_ex+0x412/0x560
[  416.634928][T15727]  should_failslab+0xa8/0x100
[  416.634951][T15727]  __kmalloc_cache_noprof+0x88/0x660
[  416.634971][T15727]  ? tcx_prog_attach+0x2f4/0x730
[  416.635000][T15727]  tcx_prog_attach+0x2f4/0x730
[  416.635027][T15727]  ? __pfx_tcx_prog_attach+0x10/0x10
[  416.635048][T15727]  ? __fget_files+0x3a0/0x420
[  416.635071][T15727]  ? __fget_files+0x2a/0x420
[  416.635097][T15727]  ? bpf_prog_attach_check_attach_type+0x1e5/0x540
[  416.635168][T15727]  bpf_prog_attach+0x532/0x6e0
[  416.635184][T15727]  ? bpf_lsm_bpf+0x9/0x20
[  416.635217][T15727]  __sys_bpf+0x426/0x950
[  416.635244][T15727]  ? __pfx___sys_bpf+0x10/0x10
[  416.635280][T15727]  ? ksys_write+0x242/0x270
[  416.635299][T15727]  ? __pfx_ksys_write+0x10/0x10
[  416.635322][T15727]  __x64_sys_bpf+0x7c/0x90
[  416.635344][T15727]  do_syscall_64+0x14d/0xf80
[  416.635366][T15727]  ? trace_irq_disable+0x3b/0x150
[  416.635388][T15727]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.635406][T15727]  ? clear_bhb_loop+0x40/0x90
[  416.635428][T15727]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.635444][T15727] RIP: 0033:0x7f2ab319c799
[  416.635462][T15727] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  416.635477][T15727] RSP: 002b:00007f2ab40e9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  416.635496][T15727] RAX: ffffffffffffffda RBX: 00007f2ab3415fa0 RCX: 00007f2ab319c799
[  416.635509][T15727] RDX: 0000000000000020 RSI: 0000200000000180 RDI: 0000000000000008
[  416.635520][T15727] RBP: 00007f2ab40e9090 R08: 0000000000000000 R09: 0000000000000000
[  416.635531][T15727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  416.635541][T15727] R13: 00007f2ab3416038 R14: 00007f2ab3415fa0 R15: 00007fff05b481b8
[  416.635568][T15727]  </TASK>
[  416.643932][T15730] CPU: 1 UID: 0 PID: 15730 Comm: syz.2.2760 Not tainted syzkaller #0 PREEMPT(full) 
[  416.643958][T15730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  416.643969][T15730] Call Trace:
[  416.643976][T15730]  <TASK>
[  416.643984][T15730]  dump_stack_lvl+0xe8/0x150
[  416.644019][T15730]  should_fail_ex+0x412/0x560
[  416.644046][T15730]  _copy_from_user+0x2d/0xb0
[  416.644073][T15730]  do_ip6t_set_ctl+0x6ae/0xe10
[  416.644221][T15730]  ? rcu_is_watching+0x15/0xb0
[  416.644257][T15730]  ? trace_contention_end+0x3d/0x150
[  416.644290][T15730]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  416.644326][T15730]  ? __pfx___mutex_lock+0x10/0x10
[  416.644353][T15730]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  416.644384][T15730]  ? __pfx_aa_sk_perm+0x10/0x10
[  416.644443][T15730]  nf_setsockopt+0x26f/0x290
[  416.644505][T15730]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  416.644529][T15730]  do_sock_setsockopt+0x17c/0x1b0
[  416.644590][T15730]  __x64_sys_setsockopt+0x13d/0x1b0
[  416.644620][T15730]  do_syscall_64+0x14d/0xf80
[  416.644643][T15730]  ? trace_irq_disable+0x3b/0x150
[  416.644667][T15730]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.644685][T15730]  ? clear_bhb_loop+0x40/0x90
[  416.644713][T15730]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.644730][T15730] RIP: 0033:0x7f0ee9f9c799
[  416.644747][T15730] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  416.644762][T15730] RSP: 002b:00007f0eeae96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  416.644782][T15730] RAX: ffffffffffffffda RBX: 00007f0eea215fa0 RCX: 00007f0ee9f9c799
[  416.644794][T15730] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  416.644805][T15730] RBP: 00007f0eeae96090 R08: 00000000000003d8 R09: 0000000000000000
[  416.644816][T15730] R10: 0000200000000400 R11: 0000000000000246 R12: 0000000000000001
[  416.644827][T15730] R13: 00007f0eea216038 R14: 00007f0eea215fa0 R15: 00007ffc50231538
[  416.644855][T15730]  </TASK>
[  417.210921][T15740] IPv6: NLM_F_CREATE should be specified when creating new route
[  417.251770][T15729] lo speed is unknown, defaulting to 1000
[  417.261955][T15729] lo speed is unknown, defaulting to 1000
[  417.390505][T15745] syzkaller0: entered promiscuous mode
[  417.403320][T15745] syzkaller0: entered allmulticast mode
[  417.429299][T15743] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2763'.
[  417.451508][T15745] 0: reclassify loop, rule prio 0, protocol 800
[  417.595125][T15747] bond1: option min_links: invalid value (18446744073709551612)
[  417.603015][T15747] bond1: option min_links: allowed values 0 - 2147483647
[  417.621506][T15747] bond1 (unregistering): Released all slaves
[  417.671106][T15752] netlink: 'syz.4.2767': attribute type 10 has an invalid length.
[  417.729783][T15755] netlink: 'syz.4.2767': attribute type 10 has an invalid length.
[  417.778943][T15756] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2767'.
[  417.895016][T15752] bond0: (slave dummy0): Releasing backup interface
[  417.945101][T15762] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2769'.
[  417.994362][T15755] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  418.262355][ T2339] block nbd12: Possible stuck request ffff888026ef8000: control (read@0,1024B). Runtime 180 seconds
[  418.273287][ T2339] block nbd12: Possible stuck request ffff888026ef8200: control (read@1024,1024B). Runtime 180 seconds
[  418.284433][ T2339] block nbd12: Possible stuck request ffff888026ef8400: control (read@2048,1024B). Runtime 180 seconds
[  418.295580][ T2339] block nbd12: Possible stuck request ffff888026ef8600: control (read@3072,1024B). Runtime 180 seconds
[  418.438938][T15783] netlink: 'syz.1.2779': attribute type 1 has an invalid length.
[  418.530928][T15789] FAULT_INJECTION: forcing a failure.
[  418.530928][T15789] name failslab, interval 1, probability 0, space 0, times 0
[  418.554293][T15789] CPU: 1 UID: 0 PID: 15789 Comm: syz.1.2780 Not tainted syzkaller #0 PREEMPT(full) 
[  418.554322][T15789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  418.554333][T15789] Call Trace:
[  418.554341][T15789]  <TASK>
[  418.554349][T15789]  dump_stack_lvl+0xe8/0x150
[  418.554380][T15789]  should_fail_ex+0x412/0x560
[  418.554417][T15789]  should_failslab+0xa8/0x100
[  418.554441][T15789]  ? security_inode_alloc+0x39/0x310
[  418.554590][T15789]  kmem_cache_alloc_noprof+0x87/0x650
[  418.554617][T15789]  security_inode_alloc+0x39/0x310
[  418.554642][T15789]  inode_init_always_gfp+0x9ed/0xdc0
[  418.554679][T15789]  ? __pfx_sock_alloc_inode+0x10/0x10
[  418.554738][T15789]  alloc_inode+0x82/0x1b0
[  418.554764][T15789]  __sock_create+0x12d/0x9d0
[  418.554796][T15789]  __sys_socket+0xd6/0x1b0
[  418.554822][T15789]  __x64_sys_socket+0x7a/0x90
[  418.554847][T15789]  do_syscall_64+0x14d/0xf80
[  418.554872][T15789]  ? trace_irq_disable+0x3b/0x150
[  418.554896][T15789]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.554915][T15789]  ? clear_bhb_loop+0x40/0x90
[  418.554937][T15789]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.554955][T15789] RIP: 0033:0x7f16f519c799
[  418.554972][T15789] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  418.554988][T15789] RSP: 002b:00007f16f60de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  418.555007][T15789] RAX: ffffffffffffffda RBX: 00007f16f5415fa0 RCX: 00007f16f519c799
[  418.555020][T15789] RDX: 0000000000000002 RSI: 0000000000000003 RDI: 000000000000000f
[  418.555030][T15789] RBP: 00007f16f60de090 R08: 0000000000000000 R09: 0000000000000000
[  418.555042][T15789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  418.555053][T15789] R13: 00007f16f5416038 R14: 00007f16f5415fa0 R15: 00007ffd8545a1e8
[  418.555082][T15789]  </TASK>
[  418.555122][T15789] socket: no more sockets
[  418.785008][T15792] netlink: 'syz.0.2782': attribute type 10 has an invalid length.
[  418.836375][T15795] netlink: 'syz.0.2782': attribute type 10 has an invalid length.
[  418.903499][T15798] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2782'.
[  418.923449][T15792] bond0: (slave dummy0): Releasing backup interface
[  418.970082][T15792] dummy0: left promiscuous mode
[  419.030177][T15803] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2784'.
[  419.095516][T15795] dummy0: entered promiscuous mode
[  419.164064][T15795] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  419.260700][T15820] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2790'.
[  419.276399][T15820] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2790'.
[  419.287396][T15820] netlink: 'syz.2.2790': attribute type 18 has an invalid length.
[  419.319037][T15822] FAULT_INJECTION: forcing a failure.
[  419.319037][T15822] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  419.358965][T15822] CPU: 0 UID: 0 PID: 15822 Comm: syz.3.2788 Not tainted syzkaller #0 PREEMPT(full) 
[  419.358991][T15822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  419.359002][T15822] Call Trace:
[  419.359010][T15822]  <TASK>
[  419.359018][T15822]  dump_stack_lvl+0xe8/0x150
[  419.359048][T15822]  should_fail_ex+0x412/0x560
[  419.359098][T15822]  _copy_from_user+0x2d/0xb0
[  419.359126][T15822]  bpf_test_init+0xd8/0x150
[  419.359241][T15822]  bpf_prog_test_run_xdp+0x529/0x1160
[  419.359279][T15822]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  419.359309][T15822]  ? __fget_files+0x2a/0x420
[  419.359349][T15822]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  419.359371][T15822]  bpf_prog_test_run+0x2c7/0x340
[  419.359391][T15822]  __sys_bpf+0x643/0x950
[  419.359416][T15822]  ? __pfx___sys_bpf+0x10/0x10
[  419.359454][T15822]  ? ksys_write+0x242/0x270
[  419.359475][T15822]  ? __pfx_ksys_write+0x10/0x10
[  419.359501][T15822]  __x64_sys_bpf+0x7c/0x90
[  419.359526][T15822]  do_syscall_64+0x14d/0xf80
[  419.359551][T15822]  ? trace_irq_disable+0x3b/0x150
[  419.359574][T15822]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.359592][T15822]  ? clear_bhb_loop+0x40/0x90
[  419.359614][T15822]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.359632][T15822] RIP: 0033:0x7f7aee19c799
[  419.359649][T15822] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  419.359665][T15822] RSP: 002b:00007f7aec3f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  419.359684][T15822] RAX: ffffffffffffffda RBX: 00007f7aee415fa0 RCX: 00007f7aee19c799
[  419.359697][T15822] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  419.359709][T15822] RBP: 00007f7aec3f6090 R08: 0000000000000000 R09: 0000000000000000
[  419.359720][T15822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  419.359730][T15822] R13: 00007f7aee416038 R14: 00007f7aee415fa0 R15: 00007ffe0a74bd58
[  419.359758][T15822]  </TASK>
[  419.710657][T15827] FAULT_INJECTION: forcing a failure.
[  419.710657][T15827] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  419.762224][T15827] CPU: 0 UID: 0 PID: 15827 Comm: syz.3.2794 Not tainted syzkaller #0 PREEMPT(full) 
[  419.762250][T15827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  419.762261][T15827] Call Trace:
[  419.762268][T15827]  <TASK>
[  419.762276][T15827]  dump_stack_lvl+0xe8/0x150
[  419.762305][T15827]  should_fail_ex+0x412/0x560
[  419.762333][T15827]  _copy_from_iter+0x1d3/0x1670
[  419.762360][T15827]  ? rcu_is_watching+0x15/0xb0
[  419.762388][T15827]  ? __pfx__copy_from_iter+0x10/0x10
[  419.762417][T15827]  ? netlink_sendmsg+0x650/0xb40
[  419.762438][T15827]  ? skb_put+0x11b/0x210
[  419.762464][T15827]  netlink_sendmsg+0x6c0/0xb40
[  419.762492][T15827]  ? __pfx_netlink_sendmsg+0x10/0x10
[  419.762517][T15827]  ? aa_sock_msg_perm+0xf1/0x1b0
[  419.762540][T15827]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  419.762563][T15827]  ____sys_sendmsg+0x972/0x9f0
[  419.762589][T15827]  ? __pfx_____sys_sendmsg+0x10/0x10
[  419.762612][T15827]  ? import_iovec+0x73/0xa0
[  419.762639][T15827]  ___sys_sendmsg+0x2a5/0x360
[  419.762663][T15827]  ? __pfx____sys_sendmsg+0x10/0x10
[  419.762714][T15827]  ? __fget_files+0x2a/0x420
[  419.762738][T15827]  ? __fget_files+0x3a0/0x420
[  419.762773][T15827]  __x64_sys_sendmsg+0x1bd/0x2a0
[  419.762793][T15827]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  419.762821][T15827]  ? __pfx_ksys_write+0x10/0x10
[  419.762852][T15827]  do_syscall_64+0x14d/0xf80
[  419.762876][T15827]  ? trace_irq_disable+0x3b/0x150
[  419.762901][T15827]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.762918][T15827]  ? clear_bhb_loop+0x40/0x90
[  419.762937][T15827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.762954][T15827] RIP: 0033:0x7f7aee19c799
[  419.762971][T15827] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  419.762995][T15827] RSP: 002b:00007f7aec3f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  419.763014][T15827] RAX: ffffffffffffffda RBX: 00007f7aee415fa0 RCX: 00007f7aee19c799
[  419.763027][T15827] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  419.763038][T15827] RBP: 00007f7aec3f6090 R08: 0000000000000000 R09: 0000000000000000
[  419.763049][T15827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  419.763059][T15827] R13: 00007f7aee416038 R14: 00007f7aee415fa0 R15: 00007ffe0a74bd58
[  419.763088][T15827]  </TASK>
[  419.813659][T15830] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2792'.
[  420.004729][T15843] vlan2: entered allmulticast mode
[  420.227476][T15861] netlink: 'syz.1.2803': attribute type 10 has an invalid length.
[  420.267375][T15861] netlink: 'syz.1.2803': attribute type 10 has an invalid length.
[  420.290946][T15861] team0: Port device dummy0 removed
[  420.301462][T15861] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  420.323234][T15866] FAULT_INJECTION: forcing a failure.
[  420.323234][T15866] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  420.354881][T15866] CPU: 1 UID: 0 PID: 15866 Comm: syz.2.2805 Not tainted syzkaller #0 PREEMPT(full) 
[  420.354908][T15866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  420.354918][T15866] Call Trace:
[  420.354925][T15866]  <TASK>
[  420.354932][T15866]  dump_stack_lvl+0xe8/0x150
[  420.354960][T15866]  should_fail_ex+0x412/0x560
[  420.354986][T15866]  _copy_from_user+0x2d/0xb0
[  420.355014][T15866]  dev_ethtool+0xcf/0x1ae0
[  420.355040][T15866]  ? kasan_quarantine_put+0xbb/0x1f0
[  420.355063][T15866]  ? __pfx_dev_ethtool+0x10/0x10
[  420.355091][T15866]  ? dev_load+0x21/0x1f0
[  420.355241][T15866]  ? dev_load+0x21/0x1f0
[  420.355265][T15866]  dev_ioctl+0x392/0x1150
[  420.355292][T15866]  sock_do_ioctl+0x23e/0x320
[  420.355317][T15866]  ? __pfx_sock_do_ioctl+0x10/0x10
[  420.355335][T15866]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  420.355377][T15866]  sock_ioctl+0x5c6/0x7f0
[  420.355399][T15866]  ? __pfx_sock_ioctl+0x10/0x10
[  420.355420][T15866]  ? __fget_files+0x2a/0x420
[  420.355444][T15866]  ? __fget_files+0x3a0/0x420
[  420.355470][T15866]  ? __fget_files+0x2a/0x420
[  420.355498][T15866]  ? bpf_lsm_file_ioctl+0x9/0x20
[  420.355521][T15866]  ? __pfx_sock_ioctl+0x10/0x10
[  420.355541][T15866]  __se_sys_ioctl+0xfc/0x170
[  420.355564][T15866]  do_syscall_64+0x14d/0xf80
[  420.355588][T15866]  ? trace_irq_disable+0x3b/0x150
[  420.355611][T15866]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.355629][T15866]  ? clear_bhb_loop+0x40/0x90
[  420.355651][T15866]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.355669][T15866] RIP: 0033:0x7f0ee9f9c799
[  420.355687][T15866] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  420.355702][T15866] RSP: 002b:00007f0eeae96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  420.355729][T15866] RAX: ffffffffffffffda RBX: 00007f0eea215fa0 RCX: 00007f0ee9f9c799
[  420.355742][T15866] RDX: 0000200000000040 RSI: 0000000000008946 RDI: 0000000000000003
[  420.355754][T15866] RBP: 00007f0eeae96090 R08: 0000000000000000 R09: 0000000000000000
[  420.355765][T15866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  420.355775][T15866] R13: 00007f0eea216038 R14: 00007f0eea215fa0 R15: 00007ffc50231538
[  420.355804][T15866]  </TASK>
[  420.755861][T15875] netlink: 'syz.0.2807': attribute type 10 has an invalid length.
[  420.800533][T15875] bond0: (slave dummy0): Releasing backup interface
[  420.818543][T15876] netlink: 'syz.0.2807': attribute type 10 has an invalid length.
[  420.819248][T15878] netlink: 'syz.0.2807': attribute type 10 has an invalid length.
[  420.837086][T15875] dummy0: left promiscuous mode
[  420.838792][ T2339] block nbd2: Possible stuck request ffff88802676a800: control (read@0,1024B). Runtime 210 seconds
[  420.852874][ T2339] block nbd2: Possible stuck request ffff88802676aa00: control (read@1024,1024B). Runtime 210 seconds
[  420.863907][ T2339] block nbd2: Possible stuck request ffff88802676ac00: control (read@2048,1024B). Runtime 210 seconds
[  420.875023][ T2339] block nbd2: Possible stuck request ffff88802676ae00: control (read@3072,1024B). Runtime 210 seconds
[  420.928064][T15876] dummy0: entered promiscuous mode
[  420.968242][T15876] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  421.092366][T15884] __nla_validate_parse: 3 callbacks suppressed
[  421.092386][T15884] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2808'.
[  421.287521][T15894] netlink: 'syz.1.2811': attribute type 6 has an invalid length.
[  421.296568][T15894] IPv6: NLM_F_CREATE should be specified when creating new route
[  422.109643][ T2339] block nbd3: Possible stuck request ffff8880267c8000: control (read@0,1024B). Runtime 210 seconds
[  422.120752][ T2339] block nbd3: Possible stuck request ffff8880267c8200: control (read@1024,1024B). Runtime 210 seconds
[  422.132339][ T2339] block nbd3: Possible stuck request ffff8880267c8400: control (read@2048,1024B). Runtime 210 seconds
[  422.143345][ T2339] block nbd3: Possible stuck request ffff8880267c8600: control (read@3072,1024B). Runtime 210 seconds
[  422.741219][ T2295] block nbd13: Possible stuck request ffff888026f28000: control (read@0,1024B). Runtime 180 seconds
[  422.752161][ T2295] block nbd13: Possible stuck request ffff888026f28200: control (read@1024,1024B). Runtime 180 seconds
[  422.763398][ T2295] block nbd13: Possible stuck request ffff888026f28400: control (read@2048,1024B). Runtime 180 seconds
[  422.774560][ T2295] block nbd13: Possible stuck request ffff888026f28600: control (read@3072,1024B). Runtime 180 seconds
[  424.019943][ T2295] block nbd4: Possible stuck request ffff888026c08000: control (read@0,1024B). Runtime 210 seconds
[  424.030848][ T2295] block nbd4: Possible stuck request ffff888026c08200: control (read@1024,1024B). Runtime 210 seconds
[  424.042012][ T2295] block nbd4: Possible stuck request ffff888026c08400: control (read@2048,1024B). Runtime 210 seconds
[  424.053171][ T2295] block nbd4: Possible stuck request ffff888026c08600: control (read@3072,1024B). Runtime 210 seconds
[  424.215497][T15891] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  424.493583][T15929] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2821'.
[  424.534079][T15934] FAULT_INJECTION: forcing a failure.
[  424.534079][T15934] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  424.548677][T15934] CPU: 1 UID: 0 PID: 15934 Comm: syz.2.2824 Not tainted syzkaller #0 PREEMPT(full) 
[  424.548703][T15934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  424.548715][T15934] Call Trace:
[  424.548722][T15934]  <TASK>
[  424.548730][T15934]  dump_stack_lvl+0xe8/0x150
[  424.548760][T15934]  should_fail_ex+0x412/0x560
[  424.548789][T15934]  _copy_from_iter+0x1d3/0x1670
[  424.548817][T15934]  ? rcu_is_watching+0x15/0xb0
[  424.548847][T15934]  ? __pfx__copy_from_iter+0x10/0x10
[  424.548879][T15934]  ? netlink_sendmsg+0x650/0xb40
[  424.548902][T15934]  ? skb_put+0x11b/0x210
[  424.548931][T15934]  netlink_sendmsg+0x6c0/0xb40
[  424.548964][T15934]  ? __pfx_netlink_sendmsg+0x10/0x10
[  424.548991][T15934]  ? aa_sock_msg_perm+0xf1/0x1b0
[  424.549017][T15934]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  424.549040][T15934]  ____sys_sendmsg+0x972/0x9f0
[  424.549066][T15934]  ? __pfx_____sys_sendmsg+0x10/0x10
[  424.549093][T15934]  ? import_iovec+0x73/0xa0
[  424.549122][T15934]  ___sys_sendmsg+0x2a5/0x360
[  424.549145][T15934]  ? __pfx____sys_sendmsg+0x10/0x10
[  424.549197][T15934]  ? __fget_files+0x2a/0x420
[  424.549221][T15934]  ? __fget_files+0x3a0/0x420
[  424.549255][T15934]  __x64_sys_sendmsg+0x1bd/0x2a0
[  424.549277][T15934]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  424.549304][T15934]  ? __pfx_ksys_write+0x10/0x10
[  424.549348][T15934]  do_syscall_64+0x14d/0xf80
[  424.549371][T15934]  ? trace_irq_disable+0x3b/0x150
[  424.549393][T15934]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.549409][T15934]  ? clear_bhb_loop+0x40/0x90
[  424.549429][T15934]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.549445][T15934] RIP: 0033:0x7f0ee9f9c799
[  424.549461][T15934] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  424.549475][T15934] RSP: 002b:00007f0eeae96028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  424.549492][T15934] RAX: ffffffffffffffda RBX: 00007f0eea215fa0 RCX: 00007f0ee9f9c799
[  424.549504][T15934] RDX: 0000000000000010 RSI: 0000200000000680 RDI: 0000000000000005
[  424.549514][T15934] RBP: 00007f0eeae96090 R08: 0000000000000000 R09: 0000000000000000
[  424.549524][T15934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  424.549533][T15934] R13: 00007f0eea216038 R14: 00007f0eea215fa0 R15: 00007ffc50231538
[  424.549559][T15934]  </TASK>
[  424.922740][T15943] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2825'.
[  425.196319][T15958] netlink: 'syz.3.2832': attribute type 10 has an invalid length.
[  425.272276][T15958] netlink: 'syz.3.2832': attribute type 10 has an invalid length.
[  425.279809][T15956] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2828'.
[  425.308296][T15963] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2832'.
[  425.309640][ T2295] block nbd5: Possible stuck request ffff888026c58000: control (read@0,1024B). Runtime 210 seconds
[  425.318611][T15958] team0: Port device dummy0 removed
[  425.328612][ T2295] block nbd5: Possible stuck request ffff888026c58200: control (read@1024,1024B). Runtime 210 seconds
[  425.344897][ T2295] block nbd5: Possible stuck request ffff888026c58400: control (read@2048,1024B). Runtime 210 seconds
[  425.356084][ T2295] block nbd5: Possible stuck request ffff888026c58600: control (read@3072,1024B). Runtime 210 seconds
[  425.382565][T15958] dummy0: entered promiscuous mode
[  425.388697][T15958] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  425.912687][T15984] ÿÿÿÿÿÿ: renamed from vlan1
[  426.078449][T15987] lo speed is unknown, defaulting to 1000
[  426.096260][T15987] lo speed is unknown, defaulting to 1000
[  426.354036][T16010] netlink: 'syz.2.2848': attribute type 10 has an invalid length.
[  426.363403][T16010] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  426.376481][T16010] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  426.401571][T16010] team0: Port device hsr0 added
[  426.431188][T16013] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2849'.
[  426.702515][T16017] FAULT_INJECTION: forcing a failure.
[  426.702515][T16017] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  426.729492][T16017] CPU: 1 UID: 0 PID: 16017 Comm: syz.3.2851 Not tainted syzkaller #0 PREEMPT(full) 
[  426.729518][T16017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  426.729528][T16017] Call Trace:
[  426.729536][T16017]  <TASK>
[  426.729543][T16017]  dump_stack_lvl+0xe8/0x150
[  426.729573][T16017]  should_fail_ex+0x412/0x560
[  426.729600][T16017]  _copy_from_user+0x2d/0xb0
[  426.729625][T16017]  ___sys_recvmsg+0x175/0x590
[  426.729652][T16017]  ? __lock_acquire+0x6b5/0x2cf0
[  426.729712][T16017]  ? __pfx____sys_recvmsg+0x10/0x10
[  426.729733][T16017]  ? ktime_get_ts64+0xa9/0x3f0
[  426.729778][T16017]  do_recvmmsg+0x334/0x800
[  426.729798][T16017]  ? __pfx_do_recvmmsg+0x10/0x10
[  426.729821][T16017]  ? _copy_from_user+0x94/0xb0
[  426.729851][T16017]  __x64_sys_recvmmsg+0x1b7/0x250
[  426.729868][T16017]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  426.729890][T16017]  do_syscall_64+0x14d/0xf80
[  426.729909][T16017]  ? trace_irq_disable+0x3b/0x150
[  426.729929][T16017]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.729943][T16017]  ? clear_bhb_loop+0x40/0x90
[  426.729961][T16017]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.729975][T16017] RIP: 0033:0x7f7aee19c799
[  426.729990][T16017] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  426.730003][T16017] RSP: 002b:00007f7aec3f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  426.730022][T16017] RAX: ffffffffffffffda RBX: 00007f7aee415fa0 RCX: 00007f7aee19c799
[  426.730036][T16017] RDX: 00000000000006f5 RSI: 0000200000000440 RDI: 0000000000000003
[  426.730044][T16017] RBP: 00007f7aec3f6090 R08: 0000200000000480 R09: 0000000000000000
[  426.730052][T16017] R10: 0000002000000022 R11: 0000000000000246 R12: 0000000000000001
[  426.730060][T16017] R13: 00007f7aee416038 R14: 00007f7aee415fa0 R15: 00007ffe0a74bd58
[  426.730080][T16017]  </TASK>
[  426.963661][T16015] block nbd39: server does not support multiple connections per device.
[  426.974401][T16015] block nbd39: shutting down sockets
[  427.048752][T16024] dummy0: mtu less than device minimum
[  427.859997][ T2295] block nbd6: Possible stuck request ffff888026cd8000: control (read@0,1024B). Runtime 210 seconds
[  427.870899][ T2295] block nbd6: Possible stuck request ffff888026cd8200: control (read@1024,1024B). Runtime 210 seconds
[  427.881938][ T2295] block nbd6: Possible stuck request ffff888026cd8400: control (read@2048,1024B). Runtime 210 seconds
[  427.893119][ T2295] block nbd6: Possible stuck request ffff888026cd8600: control (read@3072,1024B). Runtime 210 seconds
[  429.580046][T16015] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  429.739500][T16062] netlink: 'syz.2.2863': attribute type 1 has an invalid length.
[  429.747284][T16062] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2863'.
[  429.876178][T16069] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2866'.
[  430.013538][T16081] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2869'.
[  430.053667][T16081] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2869'.
[  430.060653][T16086] netlink: 'syz.3.2873': attribute type 10 has an invalid length.
[  430.112902][T16086] bond0: (slave dummy0): Releasing backup interface
[  430.143551][T16086] dummy0: left promiscuous mode
[  430.154513][T16091] netlink: 'syz.3.2873': attribute type 10 has an invalid length.
[  430.173719][T16086] team0: Port device dummy0 added
[  430.179463][T16092] syzkaller0: entered promiscuous mode
[  430.185004][T16092] syzkaller0: entered allmulticast mode
[  430.200482][T16091] team0: Port device dummy0 removed
[  430.210556][T16087] netlink: 'syz.4.2870': attribute type 11 has an invalid length.
[  430.223110][T16091] dummy0: entered promiscuous mode
[  430.230344][T16087] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2870'.
[  430.263081][T16091] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  430.294472][T16096] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2875'.
[  430.296117][T16086] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2873'.
[  430.380227][T16101] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2876'.
[  430.443151][ T2339] block nbd7: Possible stuck request ffff888026d00000: control (read@0,1024B). Runtime 210 seconds
[  430.454692][T16106] FAULT_INJECTION: forcing a failure.
[  430.454692][T16106] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  430.458498][ T2339] block nbd7: Possible stuck request ffff888026d00200: control (read@1024,1024B). Runtime 210 seconds
[  430.478983][ T2339] block nbd7: Possible stuck request ffff888026d00400: control (read@2048,1024B). Runtime 210 seconds
[  430.490940][ T2339] block nbd7: Possible stuck request ffff888026d00600: control (read@3072,1024B). Runtime 210 seconds
[  430.510707][T16106] CPU: 0 UID: 0 PID: 16106 Comm: syz.4.2878 Not tainted syzkaller #0 PREEMPT(full) 
[  430.510731][T16106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  430.510743][T16106] Call Trace:
[  430.510754][T16106]  <TASK>
[  430.510761][T16106]  dump_stack_lvl+0xe8/0x150
[  430.510792][T16106]  should_fail_ex+0x412/0x560
[  430.510821][T16106]  _copy_to_user+0x31/0xb0
[  430.510847][T16106]  simple_read_from_buffer+0xe1/0x170
[  430.510872][T16106]  proc_fail_nth_read+0x1bb/0x230
[  430.510900][T16106]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  430.510935][T16106]  ? rw_verify_area+0x2a6/0x4d0
[  430.510953][T16106]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  430.510984][T16106]  vfs_read+0x20c/0xa70
[  430.511001][T16106]  ? fdget_pos+0x246/0x320
[  430.511030][T16106]  ? __pfx___mutex_lock+0x10/0x10
[  430.511058][T16106]  ? __pfx_vfs_read+0x10/0x10
[  430.511078][T16106]  ? __fget_files+0x2a/0x420
[  430.511107][T16106]  ? __fget_files+0x3a0/0x420
[  430.511130][T16106]  ? __fget_files+0x2a/0x420
[  430.511163][T16106]  ksys_read+0x150/0x270
[  430.511184][T16106]  ? __pfx_ksys_read+0x10/0x10
[  430.511222][T16106]  do_syscall_64+0x14d/0xf80
[  430.511246][T16106]  ? trace_irq_disable+0x3b/0x150
[  430.511270][T16106]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.511289][T16106]  ? clear_bhb_loop+0x40/0x90
[  430.511310][T16106]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.511327][T16106] RIP: 0033:0x7f2ab315cfce
[  430.511343][T16106] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  430.511357][T16106] RSP: 002b:00007f2ab40e8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  430.511374][T16106] RAX: ffffffffffffffda RBX: 00007f2ab40e96c0 RCX: 00007f2ab315cfce
[  430.511387][T16106] RDX: 000000000000000f RSI: 00007f2ab40e90a0 RDI: 0000000000000004
[  430.511398][T16106] RBP: 00007f2ab40e9090 R08: 0000000000000000 R09: 0000000000000000
[  430.511409][T16106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  430.511420][T16106] R13: 00007f2ab3416038 R14: 00007f2ab3415fa0 R15: 00007fff05b481b8
[  430.511448][T16106]  </TASK>
[  430.771389][T16103] bond4 (unregistering): Released all slaves
[  430.960893][T16115] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2881'.
[  430.998891][T16115] netlink: 'syz.2.2881': attribute type 1 has an invalid length.
[  431.069520][ T2295] block nbd8: Possible stuck request ffff888026d60000: control (read@0,1024B). Runtime 210 seconds
[  431.080367][ T2295] block nbd8: Possible stuck request ffff888026d60200: control (read@1024,1024B). Runtime 210 seconds
[  431.099442][ T2295] block nbd8: Possible stuck request ffff888026d60400: control (read@2048,1024B). Runtime 210 seconds
[  431.110630][ T2295] block nbd8: Possible stuck request ffff888026d60600: control (read@3072,1024B). Runtime 210 seconds
[  431.424425][T16136] netlink: 'syz.1.2891': attribute type 1 has an invalid length.
[  431.439551][T16136] netlink: 'syz.1.2891': attribute type 2 has an invalid length.
[  431.472875][T16141] xt_hashlimit: size too large, truncated to 1048576
[  431.490195][T16141] xt_hashlimit: max too large, truncated to 1048576
[  431.620857][T16151] xt_time: invalid argument - start or stop time greater than 23:59:59
[  431.687936][T16154] syzkaller0: entered promiscuous mode
[  431.693840][T16154] syzkaller0: entered allmulticast mode
[  431.798521][T16158] __nla_validate_parse: 3 callbacks suppressed
[  431.798534][T16158] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2899'.
[  431.892930][T16158] lo speed is unknown, defaulting to 1000
[  431.901603][T16158] lo speed is unknown, defaulting to 1000
[  432.371080][T16171] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2902'.
[  432.397044][T16175] netlink: 'syz.4.2904': attribute type 10 has an invalid length.
[  432.473257][T16178] netlink: 'syz.4.2904': attribute type 10 has an invalid length.
[  432.526437][T16182] netlink: 'syz.0.2905': attribute type 58 has an invalid length.
[  432.536564][T16186] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2904'.
[  432.578010][T16190] netlink: 'syz.0.2905': attribute type 58 has an invalid length.
[  432.670152][T16175] bond0: (slave dummy0): Releasing backup interface
[  432.747931][T16198] netlink: 'syz.3.2908': attribute type 10 has an invalid length.
[  432.766759][T16178] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  432.835699][T16202] netlink: 'syz.3.2908': attribute type 10 has an invalid length.
[  432.889159][T16204] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2908'.
[  432.973252][T16198] bond0: (slave dummy0): Releasing backup interface
[  433.125180][T16198] dummy0: left promiscuous mode
[  433.159998][T16212] FAULT_INJECTION: forcing a failure.
[  433.159998][T16212] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  433.210272][T16212] CPU: 1 UID: 0 PID: 16212 Comm: syz.0.2910 Not tainted syzkaller #0 PREEMPT(full) 
[  433.210299][T16212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  433.210309][T16212] Call Trace:
[  433.210316][T16212]  <TASK>
[  433.210322][T16212]  dump_stack_lvl+0xe8/0x150
[  433.210352][T16212]  should_fail_ex+0x412/0x560
[  433.210380][T16212]  _copy_from_user+0x2d/0xb0
[  433.210409][T16212]  __sys_connect+0x156/0x450
[  433.210437][T16212]  ? __pfx___sys_connect+0x10/0x10
[  433.210472][T16212]  ? __pfx_ksys_write+0x10/0x10
[  433.210499][T16212]  __x64_sys_connect+0x7a/0x90
[  433.210523][T16212]  do_syscall_64+0x14d/0xf80
[  433.210548][T16212]  ? trace_irq_disable+0x3b/0x150
[  433.210571][T16212]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.210589][T16212]  ? clear_bhb_loop+0x40/0x90
[  433.210610][T16212]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.210627][T16212] RIP: 0033:0x7f1b7a99c799
[  433.210645][T16212] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  433.210660][T16212] RSP: 002b:00007f1b7b77c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  433.210678][T16212] RAX: ffffffffffffffda RBX: 00007f1b7ac15fa0 RCX: 00007f1b7a99c799
[  433.210691][T16212] RDX: 0000000000000010 RSI: 0000200000000180 RDI: 0000000000000004
[  433.210702][T16212] RBP: 00007f1b7b77c090 R08: 0000000000000000 R09: 0000000000000000
[  433.210714][T16212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  433.210724][T16212] R13: 00007f1b7ac16038 R14: 00007f1b7ac15fa0 R15: 00007ffd18cc4b88
[  433.210753][T16212]  </TASK>
[  433.403472][T16198] team0: Port device dummy0 added
[  433.493618][T16216] FAULT_INJECTION: forcing a failure.
[  433.493618][T16216] name failslab, interval 1, probability 0, space 0, times 0
[  433.516588][T16216] CPU: 0 UID: 0 PID: 16216 Comm: syz.0.2911 Not tainted syzkaller #0 PREEMPT(full) 
[  433.516614][T16216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  433.516626][T16216] Call Trace:
[  433.516634][T16216]  <TASK>
[  433.516642][T16216]  dump_stack_lvl+0xe8/0x150
[  433.516680][T16216]  should_fail_ex+0x412/0x560
[  433.516708][T16216]  should_failslab+0xa8/0x100
[  433.516733][T16216]  __kmalloc_noprof+0xe8/0x760
[  433.516757][T16216]  ? seg6_local_build_state+0x153/0xe00
[  433.516901][T16216]  seg6_local_build_state+0x153/0xe00
[  433.516928][T16216]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  433.516961][T16216]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  433.516991][T16216]  ? __pfx_seg6_local_build_state+0x10/0x10
[  433.517029][T16216]  ? lwtunnel_build_state+0xe2/0x4c0
[  433.517090][T16216]  lwtunnel_build_state+0x384/0x4c0
[  433.517113][T16216]  ? lwtunnel_build_state+0xe2/0x4c0
[  433.517134][T16216]  fib_nh_common_init+0x131/0x3d0
[  433.517192][T16216]  ? in6_dev_get+0x1a/0x290
[  433.517249][T16216]  ? __pfx_fib_nh_common_init+0x10/0x10
[  433.517267][T16216]  ? in6_dev_get+0x1a/0x290
[  433.517287][T16216]  ? in6_dev_get+0x1a/0x290
[  433.517310][T16216]  fib6_nh_init+0xf3a/0x1f90
[  433.517344][T16216]  ? __pfx_fib6_nh_init+0x10/0x10
[  433.517363][T16216]  ? __kasan_kmalloc+0x93/0xb0
[  433.517381][T16216]  ? __kmalloc_noprof+0x35c/0x760
[  433.517399][T16216]  ? fib6_info_alloc+0x30/0xf0
[  433.517439][T16216]  ? ip6_route_info_create+0x142/0x860
[  433.517460][T16216]  ? ip6_route_add+0x49/0x1b0
[  433.517480][T16216]  ? inet6_rtm_newroute+0x268/0x19e0
[  433.517496][T16216]  ? rtnetlink_rcv_msg+0x7d5/0xbe0
[  433.517564][T16216]  ? netlink_rcv_skb+0x232/0x4b0
[  433.517594][T16216]  ? netlink_unicast+0x80f/0x9b0
[  433.517613][T16216]  ? netlink_sendmsg+0x813/0xb40
[  433.517655][T16216]  ? ____sys_sendmsg+0x972/0x9f0
[  433.517671][T16216]  ? ___sys_sendmsg+0x2a5/0x360
[  433.517687][T16216]  ? __x64_sys_sendmsg+0x1bd/0x2a0
[  433.517703][T16216]  ? do_syscall_64+0x14d/0xf80
[  433.517726][T16216]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.517776][T16216]  ? ip_fib_metrics_init+0x421/0x710
[  433.517825][T16216]  ? trace_kmalloc+0x2a/0x110
[  433.517849][T16216]  ip6_route_info_create_nh+0x16a/0xad0
[  433.517877][T16216]  ? __pfx_ip6_route_info_create_nh+0x10/0x10
[  433.517904][T16216]  ? ip6_route_info_create+0x508/0x860
[  433.517931][T16216]  ip6_route_add+0x6e/0x1b0
[  433.517955][T16216]  inet6_rtm_newroute+0x268/0x19e0
[  433.517982][T16216]  ? kasan_quarantine_put+0xbb/0x1f0
[  433.518001][T16216]  ? lockdep_hardirqs_on+0x7a/0x110
[  433.518028][T16216]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[  433.518047][T16216]  ? kmem_cache_free+0x187/0x630
[  433.518065][T16216]  ? nlmon_xmit+0xb0/0x100
[  433.518161][T16216]  ? __lock_acquire+0x6b5/0x2cf0
[  433.518188][T16216]  ? __local_bh_enable_ip+0xd0/0x130
[  433.518212][T16216]  ? lockdep_hardirqs_on+0x7a/0x110
[  433.518262][T16216]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[  433.518281][T16216]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  433.518309][T16216]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[  433.518333][T16216]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  433.518355][T16216]  ? ref_tracker_free+0x693/0x840
[  433.518409][T16216]  ? __copy_skb_header+0xa3/0x4a0
[  433.518430][T16216]  ? __pfx_ref_tracker_free+0x10/0x10
[  433.518463][T16216]  netlink_rcv_skb+0x232/0x4b0
[  433.518488][T16216]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  433.518515][T16216]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  433.518548][T16216]  ? netlink_deliver_tap+0x2e/0x1b0
[  433.518589][T16216]  netlink_unicast+0x80f/0x9b0
[  433.518619][T16216]  ? __pfx_netlink_unicast+0x10/0x10
[  433.518643][T16216]  ? netlink_sendmsg+0x650/0xb40
[  433.518665][T16216]  ? skb_put+0x11b/0x210
[  433.518692][T16216]  netlink_sendmsg+0x813/0xb40
[  433.518725][T16216]  ? __pfx_netlink_sendmsg+0x10/0x10
[  433.518752][T16216]  ? aa_sock_msg_perm+0xf1/0x1b0
[  433.518777][T16216]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  433.518801][T16216]  ____sys_sendmsg+0x972/0x9f0
[  433.518827][T16216]  ? __pfx_____sys_sendmsg+0x10/0x10
[  433.518854][T16216]  ? import_iovec+0x73/0xa0
[  433.518883][T16216]  ___sys_sendmsg+0x2a5/0x360
[  433.518907][T16216]  ? __pfx____sys_sendmsg+0x10/0x10
[  433.518957][T16216]  ? __fget_files+0x2a/0x420
[  433.518983][T16216]  ? __fget_files+0x3a0/0x420
[  433.519016][T16216]  __x64_sys_sendmsg+0x1bd/0x2a0
[  433.519038][T16216]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  433.519065][T16216]  ? __pfx_ksys_write+0x10/0x10
[  433.519095][T16216]  do_syscall_64+0x14d/0xf80
[  433.519119][T16216]  ? trace_irq_disable+0x3b/0x150
[  433.519143][T16216]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.519161][T16216]  ? clear_bhb_loop+0x40/0x90
[  433.519183][T16216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.519201][T16216] RIP: 0033:0x7f1b7a99c799
[  433.519220][T16216] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  433.519235][T16216] RSP: 002b:00007f1b7b77c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  433.519255][T16216] RAX: ffffffffffffffda RBX: 00007f1b7ac15fa0 RCX: 00007f1b7a99c799
[  433.519268][T16216] RDX: 0000000000000010 RSI: 0000200000000680 RDI: 0000000000000005
[  433.519280][T16216] RBP: 00007f1b7b77c090 R08: 0000000000000000 R09: 0000000000000000
[  433.519291][T16216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  433.519301][T16216] R13: 00007f1b7ac16038 R14: 00007f1b7ac15fa0 R15: 00007ffd18cc4b88
[  433.519330][T16216]  </TASK>
[  434.108431][T16202] team0: Port device dummy0 removed
[  434.120578][T16202] dummy0: entered promiscuous mode
[  434.126505][T16202] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  434.170248][T16192] lo speed is unknown, defaulting to 1000
[  434.188260][T16192] lo speed is unknown, defaulting to 1000
[  434.259820][ T2295] block nbd9: Possible stuck request ffff888026dc0000: control (read@0,1024B). Runtime 210 seconds
[  434.274641][ T2295] block nbd9: Possible stuck request ffff888026dc0200: control (read@1024,1024B). Runtime 210 seconds
[  434.285779][ T2295] block nbd9: Possible stuck request ffff888026dc0400: control (read@2048,1024B). Runtime 210 seconds
[  434.296913][ T2295] block nbd9: Possible stuck request ffff888026dc0600: control (read@3072,1024B). Runtime 210 seconds
[  434.364074][T16222] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2914'.
[  434.374787][T16224] netlink: 211792 bytes leftover after parsing attributes in process `syz.2.2914'.
[  434.376174][T16225] FAULT_INJECTION: forcing a failure.
[  434.376174][T16225] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  434.398147][T16225] CPU: 0 UID: 0 PID: 16225 Comm: syz.0.2913 Not tainted syzkaller #0 PREEMPT(full) 
[  434.398170][T16225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  434.398180][T16225] Call Trace:
[  434.398186][T16225]  <TASK>
[  434.398193][T16225]  dump_stack_lvl+0xe8/0x150
[  434.398221][T16225]  should_fail_ex+0x412/0x560
[  434.398245][T16225]  _copy_to_user+0x31/0xb0
[  434.398271][T16225]  ethtool_get_sset_info+0x4f0/0x600
[  434.398300][T16225]  ? __pfx_ethtool_get_sset_info+0x10/0x10
[  434.398328][T16225]  dev_ethtool+0x136d/0x1ae0
[  434.398353][T16225]  ? __pfx_dev_ethtool+0x10/0x10
[  434.398381][T16225]  ? dev_load+0x21/0x1f0
[  434.398404][T16225]  dev_ioctl+0x392/0x1150
[  434.398428][T16225]  sock_do_ioctl+0x23e/0x320
[  434.398449][T16225]  ? __pfx_sock_do_ioctl+0x10/0x10
[  434.398466][T16225]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  434.398512][T16225]  sock_ioctl+0x5c6/0x7f0
[  434.398532][T16225]  ? __pfx_sock_ioctl+0x10/0x10
[  434.398550][T16225]  ? __fget_files+0x2a/0x420
[  434.398573][T16225]  ? __fget_files+0x3a0/0x420
[  434.398593][T16225]  ? __fget_files+0x2a/0x420
[  434.398617][T16225]  ? bpf_lsm_file_ioctl+0x9/0x20
[  434.398639][T16225]  ? __pfx_sock_ioctl+0x10/0x10
[  434.398655][T16225]  __se_sys_ioctl+0xfc/0x170
[  434.398676][T16225]  do_syscall_64+0x14d/0xf80
[  434.398698][T16225]  ? trace_irq_disable+0x3b/0x150
[  434.398718][T16225]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.398736][T16225]  ? clear_bhb_loop+0x40/0x90
[  434.398757][T16225]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.398774][T16225] RIP: 0033:0x7f1b7a99c799
[  434.398792][T16225] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  434.398807][T16225] RSP: 002b:00007f1b7b77c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  434.398825][T16225] RAX: ffffffffffffffda RBX: 00007f1b7ac15fa0 RCX: 00007f1b7a99c799
[  434.398837][T16225] RDX: 0000200000000040 RSI: 0000000000008946 RDI: 0000000000000003
[  434.398848][T16225] RBP: 00007f1b7b77c090 R08: 0000000000000000 R09: 0000000000000000
[  434.398859][T16225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  434.398869][T16225] R13: 00007f1b7ac16038 R14: 00007f1b7ac15fa0 R15: 00007ffd18cc4b88
[  434.398898][T16225]  </TASK>
[  435.030157][T16243] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2920'.
[  435.420469][T16254] netlink: 208240 bytes leftover after parsing attributes in process `syz.4.2922'.
[  435.493102][T16254] geneve2: entered promiscuous mode
[  435.542490][ T1003] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 35446 - 0
[  435.553751][ T1003] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 35446 - 0
[  435.593074][ T1003] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 35446 - 0
[  435.614929][ T1003] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 35446 - 0
[  435.640406][T16254] ip6tnl0: Caught tx_queue_len zero misconfig
[  436.026141][T16273] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  436.180741][ T2339] block nbd10: Possible stuck request ffff888026df8000: control (read@0,1024B). Runtime 210 seconds
[  436.191785][ T2339] block nbd10: Possible stuck request ffff888026df8200: control (read@1024,1024B). Runtime 210 seconds
[  436.203047][ T2339] block nbd10: Possible stuck request ffff888026df8400: control (read@2048,1024B). Runtime 210 seconds
[  436.214321][ T2339] block nbd10: Possible stuck request ffff888026df8600: control (read@3072,1024B). Runtime 210 seconds
[  436.284109][T16281] netlink: 'syz.4.2933': attribute type 1 has an invalid length.
[  436.355041][T16287] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap2
[  436.412777][T16287] ip6gretap2: entered promiscuous mode
[  436.451340][T16287] ip6gretap2: entered allmulticast mode
[  436.474573][T16291] gretap1: entered allmulticast mode
[  436.484195][T16291] bond1: (slave gretap1): making interface the new active one
[  436.498914][T16291] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  436.519811][T16292] netlink: 'syz.2.2935': attribute type 13 has an invalid length.
[  436.527772][T16292] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2935'.
[  436.651370][T16306] netlink: 'syz.0.2941': attribute type 2 has an invalid length.
[  436.673730][T16306] hmac(sha224): entered promiscuous mode
[  436.798811][T16317] netlink: 'syz.3.2945': attribute type 10 has an invalid length.
[  436.805554][T16316] netlink: 'syz.0.2944': attribute type 1 has an invalid length.
[  436.821485][T16317] bond0: (slave dummy0): Releasing backup interface
[  436.829884][T16317] dummy0: left promiscuous mode
[  436.840861][T16317] team0: Port device dummy0 added
[  436.854129][T16317] netlink: 'syz.3.2945': attribute type 10 has an invalid length.
[  436.870332][T16317] team0: Port device dummy0 removed
[  436.880739][T16317] dummy0: entered promiscuous mode
[  436.888606][T16317] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  436.895739][T16319] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2947'.
[  436.952339][T16323] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2948'.
[  436.976308][T16319] 8021q: adding VLAN 0 to HW filter on device bond3
[  437.115024][T16323] 8021q: adding VLAN 0 to HW filter on device bond4
[  437.150746][T16323] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2948'.
[  437.195506][T16323] 8021q: VLANs not supported on gre0
[  437.421929][T16341] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2952'.
[  437.660920][T16350] FAULT_INJECTION: forcing a failure.
[  437.660920][T16350] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  437.687851][T16350] CPU: 0 UID: 0 PID: 16350 Comm: syz.1.2956 Not tainted syzkaller #0 PREEMPT(full) 
[  437.687876][T16350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  437.687887][T16350] Call Trace:
[  437.687894][T16350]  <TASK>
[  437.687901][T16350]  dump_stack_lvl+0xe8/0x150
[  437.687934][T16350]  should_fail_ex+0x412/0x560
[  437.687965][T16350]  _copy_from_user+0x2d/0xb0
[  437.688000][T16350]  ___sys_recvmsg+0x175/0x590
[  437.688021][T16350]  ? __lock_acquire+0x6b5/0x2cf0
[  437.688050][T16350]  ? __pfx____sys_recvmsg+0x10/0x10
[  437.688074][T16350]  ? ktime_get_ts64+0xa9/0x3f0
[  437.688118][T16350]  do_recvmmsg+0x334/0x800
[  437.688141][T16350]  ? __pfx_do_recvmmsg+0x10/0x10
[  437.688170][T16350]  ? _copy_from_user+0x94/0xb0
[  437.688208][T16350]  __x64_sys_recvmmsg+0x1b7/0x250
[  437.688231][T16350]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  437.688261][T16350]  do_syscall_64+0x14d/0xf80
[  437.688288][T16350]  ? trace_irq_disable+0x3b/0x150
[  437.688312][T16350]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.688330][T16350]  ? clear_bhb_loop+0x40/0x90
[  437.688351][T16350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.688366][T16350] RIP: 0033:0x7f16f519c799
[  437.688382][T16350] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  437.688396][T16350] RSP: 002b:00007f16f60de028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  437.688415][T16350] RAX: ffffffffffffffda RBX: 00007f16f5415fa0 RCX: 00007f16f519c799
[  437.688428][T16350] RDX: 00000000000006f5 RSI: 0000200000000440 RDI: 0000000000000003
[  437.688439][T16350] RBP: 00007f16f60de090 R08: 0000200000000480 R09: 0000000000000000
[  437.688449][T16350] R10: 0000002000000022 R11: 0000000000000246 R12: 0000000000000002
[  437.688460][T16350] R13: 00007f16f5416038 R14: 00007f16f5415fa0 R15: 00007ffd8545a1e8
[  437.688487][T16350]  </TASK>
[  437.957155][T16362] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2961'.
[  438.020980][T16366] IPVS: set_ctl: invalid protocol: 44 224.0.0.2:20000
[  438.021504][T16367] IPVS: set_ctl: invalid protocol: 60 172.30.0.3:20001
[  438.041907][T16367] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  438.545983][T16388] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  438.575946][T16394] xt_hashlimit: size too large, truncated to 1048576
[  438.585595][T16392] netlink: 6032 bytes leftover after parsing attributes in process `syz.4.2972'.
[  438.628686][T16394] xt_hashlimit: max too large, truncated to 1048576
[  438.697469][T16400] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[  438.810876][T16402] skbuff: bad partial csum: csum=65535/2 headroom=4 headlen=65543
[  439.159896][T16428] FAULT_INJECTION: forcing a failure.
[  439.159896][T16428] name failslab, interval 1, probability 0, space 0, times 0
[  439.181432][T16428] CPU: 1 UID: 0 PID: 16428 Comm: syz.3.2985 Not tainted syzkaller #0 PREEMPT(full) 
[  439.181463][T16428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  439.181474][T16428] Call Trace:
[  439.181482][T16428]  <TASK>
[  439.181490][T16428]  dump_stack_lvl+0xe8/0x150
[  439.181519][T16428]  should_fail_ex+0x412/0x560
[  439.181548][T16428]  should_failslab+0xa8/0x100
[  439.181574][T16428]  __kmalloc_cache_noprof+0x88/0x660
[  439.181595][T16428]  ? nfnetlink_rcv+0xfe1/0x27b0
[  439.181623][T16428]  nfnetlink_rcv+0xfe1/0x27b0
[  439.181678][T16428]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  439.181715][T16428]  ? ref_tracker_free+0x693/0x840
[  439.181765][T16428]  ? __netlink_deliver_tap+0x807/0x850
[  439.181790][T16428]  ? netlink_deliver_tap+0x2e/0x1b0
[  439.181830][T16428]  netlink_unicast+0x80f/0x9b0
[  439.181859][T16428]  ? __pfx_netlink_unicast+0x10/0x10
[  439.181883][T16428]  ? netlink_sendmsg+0x650/0xb40
[  439.181904][T16428]  ? skb_put+0x11b/0x210
[  439.181934][T16428]  netlink_sendmsg+0x813/0xb40
[  439.181966][T16428]  ? __pfx_netlink_sendmsg+0x10/0x10
[  439.181993][T16428]  ? aa_sock_msg_perm+0xf1/0x1b0
[  439.182023][T16428]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  439.182047][T16428]  ____sys_sendmsg+0x972/0x9f0
[  439.182074][T16428]  ? __pfx_____sys_sendmsg+0x10/0x10
[  439.182101][T16428]  ? import_iovec+0x73/0xa0
[  439.182135][T16428]  ___sys_sendmsg+0x2a5/0x360
[  439.182159][T16428]  ? __pfx____sys_sendmsg+0x10/0x10
[  439.182212][T16428]  ? __fget_files+0x2a/0x420
[  439.182236][T16428]  ? __fget_files+0x3a0/0x420
[  439.182270][T16428]  __x64_sys_sendmsg+0x1bd/0x2a0
[  439.182291][T16428]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  439.182318][T16428]  ? __pfx_ksys_write+0x10/0x10
[  439.182358][T16428]  do_syscall_64+0x14d/0xf80
[  439.182383][T16428]  ? trace_irq_disable+0x3b/0x150
[  439.182406][T16428]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.182424][T16428]  ? clear_bhb_loop+0x40/0x90
[  439.182446][T16428]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.182463][T16428] RIP: 0033:0x7f7aee19c799
[  439.182481][T16428] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  439.182496][T16428] RSP: 002b:00007f7aec3f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  439.182516][T16428] RAX: ffffffffffffffda RBX: 00007f7aee415fa0 RCX: 00007f7aee19c799
[  439.182528][T16428] RDX: 0000000004044830 RSI: 00002000000000c0 RDI: 0000000000000003
[  439.182540][T16428] RBP: 00007f7aec3f6090 R08: 0000000000000000 R09: 0000000000000000
[  439.182551][T16428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  439.182561][T16428] R13: 00007f7aee416038 R14: 00007f7aee415fa0 R15: 00007ffe0a74bd58
[  439.182591][T16428]  </TASK>
[  439.206917][T16430] xt_hashlimit: size too large, truncated to 1048576
[  439.494437][T16430] xt_hashlimit: max too large, truncated to 1048576
[  439.495316][T16438] netlink: 'syz.0.2988': attribute type 2 has an invalid length.
[  439.528382][T16438] FAULT_INJECTION: forcing a failure.
[  439.528382][T16438] name failslab, interval 1, probability 0, space 0, times 0
[  439.556356][T16438] CPU: 0 UID: 0 PID: 16438 Comm: syz.0.2988 Not tainted syzkaller #0 PREEMPT(full) 
[  439.556381][T16438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  439.556392][T16438] Call Trace:
[  439.556400][T16438]  <TASK>
[  439.556408][T16438]  dump_stack_lvl+0xe8/0x150
[  439.556438][T16438]  should_fail_ex+0x412/0x560
[  439.556467][T16438]  should_failslab+0xa8/0x100
[  439.556491][T16438]  __kmalloc_cache_noprof+0x88/0x660
[  439.556513][T16438]  ? ovs_flow_tbl_init+0x57/0x7f0
[  439.556661][T16438]  ovs_flow_tbl_init+0x57/0x7f0
[  439.556682][T16438]  ? ovs_dp_cmd_new+0x1cc/0xb30
[  439.556702][T16438]  ? __kmalloc_cache_noprof+0x15b/0x660
[  439.556726][T16438]  ovs_dp_cmd_new+0x264/0xb30
[  439.556754][T16438]  ? trace_kmalloc+0x2a/0x110
[  439.556779][T16438]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  439.556808][T16438]  ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0
[  439.556829][T16438]  ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0
[  439.556856][T16438]  genl_family_rcv_msg_doit+0x22a/0x330
[  439.556883][T16438]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  439.556915][T16438]  ? bpf_lsm_capable+0x9/0x20
[  439.556938][T16438]  ? security_capable+0x7e/0x2c0
[  439.556967][T16438]  genl_rcv_msg+0x61c/0x7a0
[  439.556993][T16438]  ? __pfx_genl_rcv_msg+0x10/0x10
[  439.557011][T16438]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  439.557057][T16438]  ? __lock_acquire+0x6b5/0x2cf0
[  439.557091][T16438]  netlink_rcv_skb+0x232/0x4b0
[  439.557117][T16438]  ? __pfx_genl_rcv_msg+0x10/0x10
[  439.557137][T16438]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  439.557179][T16438]  ? down_read+0x272/0x2e0
[  439.557196][T16438]  ? genl_rcv+0xd/0x40
[  439.557217][T16438]  genl_rcv+0x28/0x40
[  439.557233][T16438]  netlink_unicast+0x80f/0x9b0
[  439.557264][T16438]  ? __pfx_netlink_unicast+0x10/0x10
[  439.557294][T16438]  ? netlink_sendmsg+0x650/0xb40
[  439.557314][T16438]  ? skb_put+0x11b/0x210
[  439.557338][T16438]  netlink_sendmsg+0x813/0xb40
[  439.557370][T16438]  ? __pfx_netlink_sendmsg+0x10/0x10
[  439.557398][T16438]  ? aa_sock_msg_perm+0xf1/0x1b0
[  439.557423][T16438]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  439.557447][T16438]  ____sys_sendmsg+0x972/0x9f0
[  439.557475][T16438]  ? __pfx_____sys_sendmsg+0x10/0x10
[  439.557503][T16438]  ? import_iovec+0x73/0xa0
[  439.557533][T16438]  ___sys_sendmsg+0x2a5/0x360
[  439.557558][T16438]  ? __pfx____sys_sendmsg+0x10/0x10
[  439.557612][T16438]  ? __fget_files+0x2a/0x420
[  439.557636][T16438]  ? __fget_files+0x3a0/0x420
[  439.557672][T16438]  __x64_sys_sendmsg+0x1bd/0x2a0
[  439.557693][T16438]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  439.557721][T16438]  ? __pfx_ksys_write+0x10/0x10
[  439.557753][T16438]  do_syscall_64+0x14d/0xf80
[  439.557776][T16438]  ? trace_irq_disable+0x3b/0x150
[  439.557801][T16438]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.557820][T16438]  ? clear_bhb_loop+0x40/0x90
[  439.557842][T16438]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.557860][T16438] RIP: 0033:0x7f1b7a99c799
[  439.557879][T16438] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  439.557895][T16438] RSP: 002b:00007f1b7b77c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  439.557914][T16438] RAX: ffffffffffffffda RBX: 00007f1b7ac15fa0 RCX: 00007f1b7a99c799
[  439.557928][T16438] RDX: 000000000000c000 RSI: 0000200000000040 RDI: 0000000000000003
[  439.557939][T16438] RBP: 00007f1b7b77c090 R08: 0000000000000000 R09: 0000000000000000
[  439.557951][T16438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  439.557961][T16438] R13: 00007f1b7ac16038 R14: 00007f1b7ac15fa0 R15: 00007ffd18cc4b88
[  439.557990][T16438]  </TASK>
[  440.018559][T16443] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2992'.
[  440.037877][ T1300] lec:lec_start_xmit: lec0:No lecd attached
[  440.085454][ T5828] block nbd39: Receive control failed (result -1)
[  440.443636][T16443] lo speed is unknown, defaulting to 1000
[  440.511782][T16443] lo speed is unknown, defaulting to 1000
[  440.561726][T16471] syzkaller0: entered promiscuous mode
[  440.570126][T16471] syzkaller0: entered allmulticast mode
[  440.582751][T16456] lo speed is unknown, defaulting to 1000
[  440.700546][T16481] netlink: 'syz.2.3004': attribute type 1 has an invalid length.
[  440.717837][T16481] netlink: 'syz.2.3004': attribute type 2 has an invalid length.
[  441.942452][ T2339] block nbd11: Possible stuck request ffff888026e50000: control (read@0,1024B). Runtime 210 seconds
[  441.953517][ T2339] block nbd11: Possible stuck request ffff888026e50200: control (read@1024,1024B). Runtime 210 seconds
[  441.964674][ T2339] block nbd11: Possible stuck request ffff888026e50400: control (read@2048,1024B). Runtime 210 seconds
[  441.976163][ T2339] block nbd11: Possible stuck request ffff888026e50600: control (read@3072,1024B). Runtime 210 seconds
[  442.177563][T16472] lo speed is unknown, defaulting to 1000
[  442.199613][T16456] lo speed is unknown, defaulting to 1000
[  442.748869][T16508] syzkaller1: entered promiscuous mode
[  442.764789][T16508] syzkaller1: entered allmulticast mode
[  442.786325][T16472] lo speed is unknown, defaulting to 1000
[  443.634458][T16548] netlink: 'syz.1.3027': attribute type 1 has an invalid length.
[  443.646077][T16548] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3027'.
[  443.991572][T16551] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  444.002019][T16551] syzkaller0: mtu less than device minimum
[  444.252991][T16568] netlink: 'syz.1.3034': attribute type 10 has an invalid length.
[  444.272953][ T3011] tipc: Resetting bearer <eth:syzkaller0>
[  444.300208][T16571] FAULT_INJECTION: forcing a failure.
[  444.300208][T16571] name failslab, interval 1, probability 0, space 0, times 0
[  444.313827][T16568] bond0: (slave dummy0): Releasing backup interface
[  444.320655][T16573] netlink: 'syz.1.3034': attribute type 10 has an invalid length.
[  444.325206][T16572] netlink: 'syz.3.3035': attribute type 10 has an invalid length.
[  444.344963][T16571] CPU: 1 UID: 0 PID: 16571 Comm: syz.2.3036 Not tainted syzkaller #0 PREEMPT(full) 
[  444.344990][T16571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  444.345001][T16571] Call Trace:
[  444.345007][T16571]  <TASK>
[  444.345015][T16571]  dump_stack_lvl+0xe8/0x150
[  444.345044][T16571]  should_fail_ex+0x412/0x560
[  444.345073][T16571]  should_failslab+0xa8/0x100
[  444.345097][T16571]  __kmalloc_noprof+0xe8/0x760
[  444.345118][T16571]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  444.345255][T16571]  tomoyo_realpath_from_path+0xe3/0x5d0
[  444.345289][T16571]  ? tomoyo_path_number_perm+0x219/0x630
[  444.345310][T16571]  tomoyo_path_number_perm+0x246/0x630
[  444.345333][T16571]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  444.345355][T16571]  ? __lock_acquire+0x6b5/0x2cf0
[  444.345386][T16571]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  444.345437][T16571]  ? __fget_files+0x2a/0x420
[  444.345463][T16571]  ? __fget_files+0x2a/0x420
[  444.345485][T16571]  ? __fget_files+0x3a0/0x420
[  444.345506][T16571]  ? __fget_files+0x2a/0x420
[  444.345532][T16571]  security_file_ioctl+0xc3/0x2a0
[  444.345552][T16571]  __se_sys_ioctl+0x47/0x170
[  444.345575][T16571]  do_syscall_64+0x14d/0xf80
[  444.345597][T16571]  ? trace_irq_disable+0x3b/0x150
[  444.345620][T16571]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  444.345636][T16571]  ? clear_bhb_loop+0x40/0x90
[  444.345657][T16571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  444.345673][T16571] RIP: 0033:0x7f0ee9f9c799
[  444.345689][T16571] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  444.345705][T16571] RSP: 002b:00007f0eeae96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  444.345723][T16571] RAX: ffffffffffffffda RBX: 00007f0eea215fa0 RCX: 00007f0ee9f9c799
[  444.345736][T16571] RDX: 0000200000000500 RSI: 00000000000089f3 RDI: 0000000000000003
[  444.345748][T16571] RBP: 00007f0eeae96090 R08: 0000000000000000 R09: 0000000000000000
[  444.345760][T16571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  444.345771][T16571] R13: 00007f0eea216038 R14: 00007f0eea215fa0 R15: 00007ffc50231538
[  444.345800][T16571]  </TASK>
[  444.345815][T16571] ERROR: Out of memory at tomoyo_realpath_from_path.
[  444.491515][T16578] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3034'.
[  444.510743][T16577] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3035'.
[  444.518579][T16568] team0: Port device dummy0 added
[  444.631176][T16573] team0: Port device dummy0 removed
[  444.650800][T16573] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  444.693047][T16572] team0: Port device netdevsim0 added
[  444.705679][T16576] veth2: entered allmulticast mode
[  445.181092][T16610] FAULT_INJECTION: forcing a failure.
[  445.181092][T16610] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  445.207818][T16612] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3048'.
[  445.239989][T16610] CPU: 0 UID: 0 PID: 16610 Comm: syz.0.3046 Not tainted syzkaller #0 PREEMPT(full) 
[  445.240018][T16610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  445.240030][T16610] Call Trace:
[  445.240038][T16610]  <TASK>
[  445.240047][T16610]  dump_stack_lvl+0xe8/0x150
[  445.240076][T16610]  should_fail_ex+0x412/0x560
[  445.240105][T16610]  _copy_to_user+0x31/0xb0
[  445.240134][T16610]  simple_read_from_buffer+0xe1/0x170
[  445.240165][T16610]  proc_fail_nth_read+0x1bb/0x230
[  445.240194][T16610]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  445.240231][T16610]  ? rw_verify_area+0x2a6/0x4d0
[  445.240250][T16610]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  445.240276][T16610]  vfs_read+0x20c/0xa70
[  445.240294][T16610]  ? fdget_pos+0x246/0x320
[  445.240324][T16610]  ? __pfx___mutex_lock+0x10/0x10
[  445.240352][T16610]  ? __pfx_vfs_read+0x10/0x10
[  445.240373][T16610]  ? __fget_files+0x2a/0x420
[  445.240402][T16610]  ? __fget_files+0x3a0/0x420
[  445.240423][T16610]  ? __fget_files+0x2a/0x420
[  445.240456][T16610]  ksys_read+0x150/0x270
[  445.240478][T16610]  ? __pfx_ksys_read+0x10/0x10
[  445.240506][T16610]  do_syscall_64+0x14d/0xf80
[  445.240530][T16610]  ? trace_irq_disable+0x3b/0x150
[  445.240575][T16610]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  445.240593][T16610]  ? clear_bhb_loop+0x40/0x90
[  445.240626][T16610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  445.240643][T16610] RIP: 0033:0x7f1b7a95cfce
[  445.240659][T16610] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  445.240673][T16610] RSP: 002b:00007f1b7b77bfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  445.240691][T16610] RAX: ffffffffffffffda RBX: 00007f1b7b77c6c0 RCX: 00007f1b7a95cfce
[  445.240703][T16610] RDX: 000000000000000f RSI: 00007f1b7b77c0a0 RDI: 0000000000000003
[  445.240713][T16610] RBP: 00007f1b7b77c090 R08: 0000000000000000 R09: 0000000000000000
[  445.240723][T16610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  445.240733][T16610] R13: 00007f1b7ac16038 R14: 00007f1b7ac15fa0 R15: 00007ffd18cc4b88
[  445.240758][T16610]  </TASK>
[  445.661771][T16624] tap0: tun_chr_ioctl cmd 1074025681
[  445.748743][T16623] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3053'.
[  445.859423][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5820 ms
[  445.867553][    C1] lec:lec_tx_timeout: lec0
[  446.050790][T16644] nbd: must specify an index to disconnect
[  446.271303][T16658] sctp: [Deprecated]: syz.1.3063 (pid 16658) Use of int in maxseg socket option.
[  446.271303][T16658] Use struct sctp_assoc_value instead
[  446.312237][T16658] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3063'.
[  446.433453][T16664] vti0: entered promiscuous mode
[  446.474293][T16664] bond0: entered promiscuous mode
[  446.479864][T16664] bond_slave_0: entered promiscuous mode
[  446.485770][T16664] bond_slave_1: entered promiscuous mode
[  446.505997][T16664] dummy0: entered promiscuous mode
[  446.528881][T16671] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  446.545337][T16664] batadv0: entered promiscuous mode
[  446.564332][T16664] debugfs: 'hsr1' already exists in 'hsr'
[  446.575138][T16664] Cannot create hsr debugfs directory
[  446.586355][T16664] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network
[  446.631502][T16664] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network
[  446.665680][T16664] 8021q: adding VLAN 0 to HW filter on device hsr1
[  446.871792][T16686] FAULT_INJECTION: forcing a failure.
[  446.871792][T16686] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  446.891269][T16686] CPU: 1 UID: 0 PID: 16686 Comm: syz.2.3073 Not tainted syzkaller #0 PREEMPT(full) 
[  446.891298][T16686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  446.891309][T16686] Call Trace:
[  446.891315][T16686]  <TASK>
[  446.891323][T16686]  dump_stack_lvl+0xe8/0x150
[  446.891354][T16686]  should_fail_ex+0x412/0x560
[  446.891382][T16686]  _copy_from_user+0x2d/0xb0
[  446.891411][T16686]  xsk_setsockopt+0x33e/0x990
[  446.891547][T16686]  ? __pfx_xsk_setsockopt+0x10/0x10
[  446.891569][T16686]  ? __pfx_aa_sk_perm+0x10/0x10
[  446.891593][T16686]  ? aa_sock_opt_perm+0xff/0x1a0
[  446.891617][T16686]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  446.891636][T16686]  ? __pfx_xsk_setsockopt+0x10/0x10
[  446.891659][T16686]  do_sock_setsockopt+0x17c/0x1b0
[  446.891694][T16686]  __x64_sys_setsockopt+0x13d/0x1b0
[  446.891726][T16686]  do_syscall_64+0x14d/0xf80
[  446.891750][T16686]  ? trace_irq_disable+0x3b/0x150
[  446.891773][T16686]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  446.891791][T16686]  ? clear_bhb_loop+0x40/0x90
[  446.891813][T16686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  446.891831][T16686] RIP: 0033:0x7f0ee9f9c799
[  446.891848][T16686] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  446.891863][T16686] RSP: 002b:00007f0eeae96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  446.891882][T16686] RAX: ffffffffffffffda RBX: 00007f0eea215fa0 RCX: 00007f0ee9f9c799
[  446.891895][T16686] RDX: 0000000000000005 RSI: 000000000000011b RDI: 0000000000000003
[  446.891906][T16686] RBP: 00007f0eeae96090 R08: 0000000000000004 R09: 0000000000000000
[  446.891917][T16686] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  446.891929][T16686] R13: 00007f0eea216038 R14: 00007f0eea215fa0 R15: 00007ffc50231538
[  446.891959][T16686]  </TASK>
[  447.084561][T16664] bond0: left promiscuous mode
[  447.093762][T16664] bond_slave_0: left promiscuous mode
[  447.100638][T16664] bond_slave_1: left promiscuous mode
[  447.106222][T16664] dummy0: left promiscuous mode
[  447.184947][T16664] batadv0: left promiscuous mode
[  447.185307][T16690] netlink: 180 bytes leftover after parsing attributes in process `syz.0.3074'.
[  447.279455][T16684] lo speed is unknown, defaulting to 1000
[  447.287088][T16684] lo speed is unknown, defaulting to 1000
[  447.594599][T16709] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3081'.
[  447.693143][T16707] netlink: 'syz.3.3079': attribute type 2 has an invalid length.
[  447.806071][T16717] syzkaller0: entered promiscuous mode
[  447.811969][T16717] syzkaller0: entered allmulticast mode
[  447.898624][T16717] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  448.346548][ T2339] block nbd12: Possible stuck request ffff888026ef8000: control (read@0,1024B). Runtime 210 seconds
[  448.357868][ T2339] block nbd12: Possible stuck request ffff888026ef8200: control (read@1024,1024B). Runtime 210 seconds
[  448.369898][ T2339] block nbd12: Possible stuck request ffff888026ef8400: control (read@2048,1024B). Runtime 210 seconds
[  448.382421][ T2339] block nbd12: Possible stuck request ffff888026ef8600: control (read@3072,1024B). Runtime 210 seconds
[  448.685716][T16760] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3095'.
[  448.820355][T16760] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3095'.
[  448.938903][T16774] netlink: 'syz.2.3105': attribute type 10 has an invalid length.
[  448.977360][T16774] bond0: (slave dummy0): Releasing backup interface
[  449.000789][T16779] netlink: 'syz.2.3105': attribute type 10 has an invalid length.
[  449.022605][T16774] dummy0: left promiscuous mode
[  449.029288][T16774] dummy0: left allmulticast mode
[  449.063361][T16774] team0: Port device dummy0 added
[  449.113051][T16781] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3105'.
[  449.157990][T16779] team0: Port device dummy0 removed
[  449.172165][T16779] dummy0: entered promiscuous mode
[  449.177870][T16779] dummy0: entered allmulticast mode
[  449.184692][T16779] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  449.300124][ T8594] lo speed is unknown, defaulting to 1000
[  449.624328][T16792] xt_TPROXY: Can be used only with -p tcp or -p udp
[  449.792114][T16796] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3111'.
[  449.951725][T16799] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  449.975002][T16799] syzkaller0: entered promiscuous mode
[  450.001097][T16799] syzkaller0: entered allmulticast mode
[  450.076921][T16807] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3116'.
[  450.174212][T16812] netlink: 'syz.2.3118': attribute type 10 has an invalid length.
[  450.193530][T16812] bond0: (slave dummy0): Releasing backup interface
[  450.216385][T16812] dummy0: left promiscuous mode
[  450.236813][T16812] dummy0: left allmulticast mode
[  450.247617][T16815] netlink: 'syz.2.3118': attribute type 10 has an invalid length.
[  450.257241][T16812] team0: Port device dummy0 added
[  450.263918][T16817] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3120'.
[  450.274872][T16799] tipc: Resetting bearer <eth:syzkaller0>
[  450.312610][T16812] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3118'.
[  450.361026][T16815] team0: Port device dummy0 removed
[  450.387938][T16815] dummy0: entered promiscuous mode
[  450.405324][T16815] dummy0: entered allmulticast mode
[  450.411869][T16815] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  450.442223][T16798] tipc: Resetting bearer <eth:syzkaller0>
[  450.586859][T16798] tipc: Disabling bearer <eth:syzkaller0>
[  450.924854][ T2339] block nbd2: Possible stuck request ffff88802676a800: control (read@0,1024B). Runtime 240 seconds
[  450.939758][ T2339] block nbd2: Possible stuck request ffff88802676aa00: control (read@1024,1024B). Runtime 240 seconds
[  450.950152][ T8148] lec:lec_start_xmit: lec0:No lecd attached
[  450.951343][ T2339] block nbd2: Possible stuck request ffff88802676ac00: control (read@2048,1024B). Runtime 240 seconds
[  450.967908][ T2339] block nbd2: Possible stuck request ffff88802676ae00: control (read@3072,1024B). Runtime 240 seconds
[  451.236176][T16852] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3133'.
[  451.565916][T16868] syzkaller0: entered promiscuous mode
[  451.578934][T16868] syzkaller0: entered allmulticast mode
[  451.790739][T16880] xt_hashlimit: size too large, truncated to 1048576
[  451.801272][T16880] xt_hashlimit: max too large, truncated to 1048576
[  452.189448][ T2339] block nbd3: Possible stuck request ffff8880267c8000: control (read@0,1024B). Runtime 240 seconds
[  452.200393][ T2339] block nbd3: Possible stuck request ffff8880267c8200: control (read@1024,1024B). Runtime 240 seconds
[  452.217376][ T2339] block nbd3: Possible stuck request ffff8880267c8400: control (read@2048,1024B). Runtime 240 seconds
[  452.228721][ T2339] block nbd3: Possible stuck request ffff8880267c8600: control (read@3072,1024B). Runtime 240 seconds
[  452.362050][T16898] netlink: 'syz.4.3151': attribute type 3 has an invalid length.
[  452.386667][T16912] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3155'.
[  452.403263][T16898] netlink: 3 bytes leftover after parsing attributes in process `syz.4.3151'.
[  452.616628][T16916] netlink: zone id is out of range
[  452.650352][T16916] netlink: zone id is out of range
[  452.660410][T16916] netlink: zone id is out of range
[  452.665563][T16916] netlink: zone id is out of range
[  452.669931][T16923] netlink: 'syz.2.3157': attribute type 33 has an invalid length.
[  452.813766][T16931] tipc: Invalid UDP bearer configuration
[  452.813819][T16931] tipc: Enabling of bearer <udp:sy{±> rejected, failed to enable media
[  452.834078][ T2295] block nbd13: Possible stuck request ffff888026f28000: control (read@0,1024B). Runtime 210 seconds
[  452.845626][ T2295] block nbd13: Possible stuck request ffff888026f28200: control (read@1024,1024B). Runtime 210 seconds
[  452.857355][ T2295] block nbd13: Possible stuck request ffff888026f28400: control (read@2048,1024B). Runtime 210 seconds
[  452.869064][ T2295] block nbd13: Possible stuck request ffff888026f28600: control (read@3072,1024B). Runtime 210 seconds
[  452.892573][T16933] syzkaller0: entered promiscuous mode
[  452.898111][T16933] syzkaller0: entered allmulticast mode
[  453.320647][T16956] netlink: 'syz.3.3172': attribute type 1 has an invalid length.
[  453.328796][T16956] netlink: 'syz.3.3172': attribute type 2 has an invalid length.
[  453.350524][T16957] netlink: 'syz.2.3170': attribute type 1 has an invalid length.
[  453.996333][T16974] lo speed is unknown, defaulting to 1000
[  454.009790][T16974] lo speed is unknown, defaulting to 1000
[  454.066111][T16980] __nla_validate_parse: 5 callbacks suppressed
[  454.066133][T16980] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3178'.
[  454.100944][ T2295] block nbd4: Possible stuck request ffff888026c08000: control (read@0,1024B). Runtime 240 seconds
[  454.112640][ T2295] block nbd4: Possible stuck request ffff888026c08200: control (read@1024,1024B). Runtime 240 seconds
[  454.124444][ T2295] block nbd4: Possible stuck request ffff888026c08400: control (read@2048,1024B). Runtime 240 seconds
[  454.136236][ T2295] block nbd4: Possible stuck request ffff888026c08600: control (read@3072,1024B). Runtime 240 seconds
[  454.159551][T16978] netlink: 92 bytes leftover after parsing attributes in process `syz.0.3178'.
[  454.188874][T16978] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3178'.
[  454.762794][T16995] netlink: 'syz.0.3184': attribute type 1 has an invalid length.
[  454.798421][T16995] netlink: 'syz.0.3184': attribute type 2 has an invalid length.
[  455.061567][T17017] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  455.382995][ T2295] block nbd5: Possible stuck request ffff888026c58000: control (read@0,1024B). Runtime 240 seconds
[  455.399437][ T2295] block nbd5: Possible stuck request ffff888026c58200: control (read@1024,1024B). Runtime 240 seconds
[  455.411773][ T2295] block nbd5: Possible stuck request ffff888026c58400: control (read@2048,1024B). Runtime 240 seconds
[  455.425143][ T2295] block nbd5: Possible stuck request ffff888026c58600: control (read@3072,1024B). Runtime 240 seconds
[  455.661097][   T30] audit: type=1800 audit(1773720568.872:4): pid=17026 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3192" name="memory.events" dev="tmpfs" ino=3248 res=0 errno=0
[  455.869073][T17050] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.3202'.
[  455.969403][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[  455.977615][    C1] lec:lec_tx_timeout: lec0
[  456.160350][T17069] netlink: 'syz.0.3209': attribute type 10 has an invalid length.
[  456.219946][T17074] netlink: 'syz.0.3209': attribute type 10 has an invalid length.
[  456.224049][T17069] bond0: (slave dummy0): Releasing backup interface
[  456.242541][T17069] dummy0: left promiscuous mode
[  456.258974][T17074] dummy0: entered promiscuous mode
[  456.273108][T17074] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  456.294673][T17069] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3209'.
[  456.378797][T17083] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3213'.
[  456.423497][T17083] netlink: 'syz.1.3213': attribute type 1 has an invalid length.
[  456.432871][T17083] netlink: 'syz.1.3213': attribute type 2 has an invalid length.
[  456.525634][T17054] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  456.727100][T17097] FAULT_INJECTION: forcing a failure.
[  456.727100][T17097] name failslab, interval 1, probability 0, space 0, times 0
[  456.784660][T17097] CPU: 0 UID: 0 PID: 17097 Comm: syz.1.3215 Not tainted syzkaller #0 PREEMPT(full) 
[  456.784685][T17097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  456.784694][T17097] Call Trace:
[  456.784700][T17097]  <TASK>
[  456.784706][T17097]  dump_stack_lvl+0xe8/0x150
[  456.784734][T17097]  should_fail_ex+0x412/0x560
[  456.784760][T17097]  should_failslab+0xa8/0x100
[  456.784781][T17097]  __kmalloc_noprof+0xe8/0x760
[  456.784798][T17097]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  456.784826][T17097]  tomoyo_realpath_from_path+0xe3/0x5d0
[  456.784855][T17097]  ? tomoyo_path_number_perm+0x219/0x630
[  456.784873][T17097]  tomoyo_path_number_perm+0x246/0x630
[  456.784893][T17097]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  456.784913][T17097]  ? __lock_acquire+0x6b5/0x2cf0
[  456.784943][T17097]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  456.784984][T17097]  ? __fget_files+0x2a/0x420
[  456.785008][T17097]  ? __fget_files+0x2a/0x420
[  456.785027][T17097]  ? __fget_files+0x3a0/0x420
[  456.785046][T17097]  ? __fget_files+0x2a/0x420
[  456.785070][T17097]  security_file_ioctl+0xc3/0x2a0
[  456.785091][T17097]  __se_sys_ioctl+0x47/0x170
[  456.785112][T17097]  do_syscall_64+0x14d/0xf80
[  456.785133][T17097]  ? trace_irq_disable+0x3b/0x150
[  456.785154][T17097]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.785169][T17097]  ? clear_bhb_loop+0x40/0x90
[  456.785188][T17097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.785203][T17097] RIP: 0033:0x7f16f519c799
[  456.785219][T17097] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  456.785234][T17097] RSP: 002b:00007f16f60de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  456.785251][T17097] RAX: ffffffffffffffda RBX: 00007f16f5415fa0 RCX: 00007f16f519c799
[  456.785262][T17097] RDX: 0000000000000000 RSI: 0000000000008941 RDI: 0000000000000003
[  456.785271][T17097] RBP: 00007f16f60de090 R08: 0000000000000000 R09: 0000000000000000
[  456.785281][T17097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  456.785290][T17097] R13: 00007f16f5416038 R14: 00007f16f5415fa0 R15: 00007ffd8545a1e8
[  456.785317][T17097]  </TASK>
[  456.785325][T17097] ERROR: Out of memory at tomoyo_realpath_from_path.
[  457.037106][T17095] team0: Port device veth3 added
[  457.136325][T17108] netlink: 'syz.0.3219': attribute type 1 has an invalid length.
[  457.155701][T17119] netlink: 'syz.3.3220': attribute type 21 has an invalid length.
[  457.207600][T17108] 8021q: adding VLAN 0 to HW filter on device bond5
[  457.430319][T17132] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3226'.
[  457.455114][T17110] bond5: (slave veth3): Enslaving as an active interface with a down link
[  457.520483][T17133] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3226'.
[  457.539276][T17134] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3226'.
[  457.557656][T17132] team1: entered promiscuous mode
[  457.562933][T17132] team1: entered allmulticast mode
[  457.568584][T17132] 8021q: adding VLAN 0 to HW filter on device team1
[  457.584369][T17133] team2 (uninitialized): Failed to send options change via netlink (err -105)
[  457.586819][T17139] xt_hashlimit: size too large, truncated to 1048576
[  457.612912][T17133] team2: entered promiscuous mode
[  457.618087][T17133] team2: entered allmulticast mode
[  457.624183][T17133] 8021q: adding VLAN 0 to HW filter on device team2
[  457.633639][T17134] team3 (uninitialized): Failed to send options change via netlink (err -105)
[  457.665215][T17134] team3: entered promiscuous mode
[  457.670976][T17134] team3: entered allmulticast mode
[  457.676615][T17134] 8021q: adding VLAN 0 to HW filter on device team3
[  457.804289][T17144] syzkaller1: entered promiscuous mode
[  457.810071][T17144] syzkaller1: entered allmulticast mode
[  457.859031][T17150] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3230'.
[  457.951570][ T2295] block nbd6: Possible stuck request ffff888026cd8000: control (read@0,1024B). Runtime 240 seconds
[  457.965238][ T2295] block nbd6: Possible stuck request ffff888026cd8200: control (read@1024,1024B). Runtime 240 seconds
[  457.977022][ T2295] block nbd6: Possible stuck request ffff888026cd8400: control (read@2048,1024B). Runtime 240 seconds
[  457.988705][ T2295] block nbd6: Possible stuck request ffff888026cd8600: control (read@3072,1024B). Runtime 240 seconds
[  458.028816][T17156] xt_TCPMSS: Only works on TCP SYN packets
[  459.829205][T17105] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  460.192839][T17171] lo speed is unknown, defaulting to 1000
[  460.202802][T17173] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3237'.
[  460.234997][T17171] lo speed is unknown, defaulting to 1000
[  460.292554][T17178] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3239'.
[  460.324852][T17178] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3239'.
[  460.512369][ T2339] block nbd7: Possible stuck request ffff888026d00000: control (read@0,1024B). Runtime 240 seconds
[  460.523262][ T2339] block nbd7: Possible stuck request ffff888026d00200: control (read@1024,1024B). Runtime 240 seconds
[  460.534593][ T2339] block nbd7: Possible stuck request ffff888026d00400: control (read@2048,1024B). Runtime 240 seconds
[  460.545871][ T2339] block nbd7: Possible stuck request ffff888026d00600: control (read@3072,1024B). Runtime 240 seconds
[  460.736794][T17186] smc: removing ib device syz0
[  460.952746][T17200] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3245'.
[  461.147571][ T2295] block nbd8: Possible stuck request ffff888026d60000: control (read@0,1024B). Runtime 240 seconds
[  461.159221][ T2295] block nbd8: Possible stuck request ffff888026d60200: control (read@1024,1024B). Runtime 240 seconds
[  461.179477][ T2295] block nbd8: Possible stuck request ffff888026d60400: control (read@2048,1024B). Runtime 240 seconds
[  461.183671][T17210] FAULT_INJECTION: forcing a failure.
[  461.183671][T17210] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  461.194732][ T2295] block nbd8: Possible stuck request ffff888026d60600: control (read@3072,1024B). Runtime 240 seconds
[  461.222686][T17210] CPU: 0 UID: 0 PID: 17210 Comm: syz.0.3247 Not tainted syzkaller #0 PREEMPT(full) 
[  461.222715][T17210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  461.222725][T17210] Call Trace:
[  461.222733][T17210]  <TASK>
[  461.222740][T17210]  dump_stack_lvl+0xe8/0x150
[  461.222771][T17210]  should_fail_ex+0x412/0x560
[  461.222799][T17210]  _copy_from_iter+0x1d3/0x1670
[  461.222827][T17210]  ? rcu_is_watching+0x15/0xb0
[  461.222857][T17210]  ? __pfx__copy_from_iter+0x10/0x10
[  461.222888][T17210]  ? netlink_sendmsg+0x650/0xb40
[  461.222911][T17210]  ? skb_put+0x11b/0x210
[  461.222940][T17210]  netlink_sendmsg+0x6c0/0xb40
[  461.222972][T17210]  ? __pfx_netlink_sendmsg+0x10/0x10
[  461.222998][T17210]  ? aa_sock_msg_perm+0xf1/0x1b0
[  461.223022][T17210]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  461.223044][T17210]  ____sys_sendmsg+0x972/0x9f0
[  461.223070][T17210]  ? __pfx_____sys_sendmsg+0x10/0x10
[  461.223096][T17210]  ? import_iovec+0x73/0xa0
[  461.223123][T17210]  ___sys_sendmsg+0x2a5/0x360
[  461.223146][T17210]  ? __pfx____sys_sendmsg+0x10/0x10
[  461.223195][T17210]  ? __fget_files+0x2a/0x420
[  461.223219][T17210]  ? __fget_files+0x3a0/0x420
[  461.223252][T17210]  __x64_sys_sendmsg+0x1bd/0x2a0
[  461.223272][T17210]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  461.223298][T17210]  ? __pfx_ksys_write+0x10/0x10
[  461.223328][T17210]  do_syscall_64+0x14d/0xf80
[  461.223352][T17210]  ? trace_irq_disable+0x3b/0x150
[  461.223375][T17210]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.223393][T17210]  ? clear_bhb_loop+0x40/0x90
[  461.223413][T17210]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.223431][T17210] RIP: 0033:0x7f1b7a99c799
[  461.223449][T17210] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  461.223463][T17210] RSP: 002b:00007f1b78bf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  461.223482][T17210] RAX: ffffffffffffffda RBX: 00007f1b7ac16090 RCX: 00007f1b7a99c799
[  461.223494][T17210] RDX: 571f68543cec8180 RSI: 0000200000000580 RDI: 0000000000000004
[  461.223506][T17210] RBP: 00007f1b78bf6090 R08: 0000000000000000 R09: 0000000000000000
[  461.223516][T17210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  461.223526][T17210] R13: 00007f1b7ac16128 R14: 00007f1b7ac16090 R15: 00007ffd18cc4b88
[  461.223555][T17210]  </TASK>
[  461.503811][T17205] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3246'.
[  461.514992][T17207] netlink: 'syz.1.3246': attribute type 3 has an invalid length.
[  461.580589][T17212] xt_HMARK: spi-set and port-set can't be combined
[  462.489034][T17230] IPVS: length: 36 != 8
[  462.671710][T17232] xt_hashlimit: size too large, truncated to 1048576
[  462.698848][T17232] xt_hashlimit: max too large, truncated to 1048576
[  463.040833][T17249] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  463.319822][T17257] debugfs: 'netdev:syzkaller0' already exists in 'phy12'
[  463.342789][T17260] netlink: 'syz.0.3268': attribute type 1 has an invalid length.
[  463.857159][T17289] FAULT_INJECTION: forcing a failure.
[  463.857159][T17289] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  463.872420][T17289] CPU: 0 UID: 0 PID: 17289 Comm: syz.0.3275 Not tainted syzkaller #0 PREEMPT(full) 
[  463.872446][T17289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  463.872457][T17289] Call Trace:
[  463.872464][T17289]  <TASK>
[  463.872472][T17289]  dump_stack_lvl+0xe8/0x150
[  463.872501][T17289]  should_fail_ex+0x412/0x560
[  463.872529][T17289]  _copy_from_user+0x2d/0xb0
[  463.872556][T17289]  get_user_ifreq+0x6b/0x180
[  463.872580][T17289]  sock_ioctl+0x704/0x7f0
[  463.872603][T17289]  ? __pfx_sock_ioctl+0x10/0x10
[  463.872626][T17289]  ? __fget_files+0x3a0/0x420
[  463.872650][T17289]  ? __fget_files+0x2a/0x420
[  463.872677][T17289]  ? bpf_lsm_file_ioctl+0x9/0x20
[  463.872700][T17289]  ? __pfx_sock_ioctl+0x10/0x10
[  463.872721][T17289]  __se_sys_ioctl+0xfc/0x170
[  463.872744][T17289]  do_syscall_64+0x14d/0xf80
[  463.872769][T17289]  ? trace_irq_disable+0x3b/0x150
[  463.872792][T17289]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.872811][T17289]  ? clear_bhb_loop+0x40/0x90
[  463.872833][T17289]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.872850][T17289] RIP: 0033:0x7f1b7a99c799
[  463.872866][T17289] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  463.872881][T17289] RSP: 002b:00007f1b7b77c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  463.872900][T17289] RAX: ffffffffffffffda RBX: 00007f1b7ac15fa0 RCX: 00007f1b7a99c799
[  463.872913][T17289] RDX: 0000200000000480 RSI: 00000000000089f3 RDI: 0000000000000003
[  463.872925][T17289] RBP: 00007f1b7b77c090 R08: 0000000000000000 R09: 0000000000000000
[  463.872936][T17289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  463.872946][T17289] R13: 00007f1b7ac16038 R14: 00007f1b7ac15fa0 R15: 00007ffd18cc4b88
[  463.872975][T17289]  </TASK>
[  464.059072][T17257] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  464.066259][T17257] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  464.134163][T17257] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  464.154113][T17257] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  464.163367][T17291] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3276'.
[  464.176124][T17257] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  464.193190][T17257] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  464.209668][T17257] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  464.217258][T17257] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  464.230156][T17257] tipc: Resetting bearer <eth:syzkaller0>
[  464.238581][T17291] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  464.341784][ T2295] block nbd9: Possible stuck request ffff888026dc0000: control (read@0,1024B). Runtime 240 seconds
[  464.356410][ T2295] block nbd9: Possible stuck request ffff888026dc0200: control (read@1024,1024B). Runtime 240 seconds
[  464.368135][ T2295] block nbd9: Possible stuck request ffff888026dc0400: control (read@2048,1024B). Runtime 240 seconds
[  464.380834][ T2295] block nbd9: Possible stuck request ffff888026dc0600: control (read@3072,1024B). Runtime 240 seconds
[  464.465404][T17297] FAULT_INJECTION: forcing a failure.
[  464.465404][T17297] name failslab, interval 1, probability 0, space 0, times 0
[  464.478671][T17297] CPU: 0 UID: 0 PID: 17297 Comm: syz.0.3280 Not tainted syzkaller #0 PREEMPT(full) 
[  464.478694][T17297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  464.478702][T17297] Call Trace:
[  464.478708][T17297]  <TASK>
[  464.478714][T17297]  dump_stack_lvl+0xe8/0x150
[  464.478739][T17297]  should_fail_ex+0x412/0x560
[  464.478760][T17297]  should_failslab+0xa8/0x100
[  464.478779][T17297]  __kmalloc_noprof+0xe8/0x760
[  464.478795][T17297]  ? genl_family_rcv_msg_attrs_parse+0xd0/0x2f0
[  464.478816][T17297]  genl_family_rcv_msg_attrs_parse+0xd0/0x2f0
[  464.478837][T17297]  genl_family_rcv_msg_doit+0xd9/0x330
[  464.478856][T17297]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  464.478876][T17297]  ? apparmor_capable+0x126/0x170
[  464.478987][T17297]  ? bpf_lsm_capable+0x9/0x20
[  464.479009][T17297]  ? security_capable+0x7e/0x2c0
[  464.479036][T17297]  genl_rcv_msg+0x61c/0x7a0
[  464.479058][T17297]  ? __pfx_genl_rcv_msg+0x10/0x10
[  464.479074][T17297]  ? __pfx_netlbl_cipsov4_add+0x10/0x10
[  464.479154][T17297]  ? __lock_acquire+0x6b5/0x2cf0
[  464.479188][T17297]  netlink_rcv_skb+0x232/0x4b0
[  464.479212][T17297]  ? __pfx_genl_rcv_msg+0x10/0x10
[  464.479232][T17297]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  464.479272][T17297]  ? down_read+0x272/0x2e0
[  464.479288][T17297]  ? genl_rcv+0xd/0x40
[  464.479306][T17297]  genl_rcv+0x28/0x40
[  464.479322][T17297]  netlink_unicast+0x80f/0x9b0
[  464.479352][T17297]  ? __pfx_netlink_unicast+0x10/0x10
[  464.479373][T17297]  ? netlink_sendmsg+0x650/0xb40
[  464.479403][T17297]  ? skb_put+0x11b/0x210
[  464.479431][T17297]  netlink_sendmsg+0x813/0xb40
[  464.479462][T17297]  ? __pfx_netlink_sendmsg+0x10/0x10
[  464.479486][T17297]  ? aa_sock_msg_perm+0xf1/0x1b0
[  464.479508][T17297]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  464.479530][T17297]  ____sys_sendmsg+0x972/0x9f0
[  464.479554][T17297]  ? __pfx_____sys_sendmsg+0x10/0x10
[  464.479579][T17297]  ? import_iovec+0x73/0xa0
[  464.479607][T17297]  ___sys_sendmsg+0x2a5/0x360
[  464.479628][T17297]  ? __pfx____sys_sendmsg+0x10/0x10
[  464.479676][T17297]  ? __fget_files+0x2a/0x420
[  464.479698][T17297]  ? __fget_files+0x3a0/0x420
[  464.479732][T17297]  __x64_sys_sendmsg+0x1bd/0x2a0
[  464.479753][T17297]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  464.479781][T17297]  ? __pfx_ksys_write+0x10/0x10
[  464.479812][T17297]  do_syscall_64+0x14d/0xf80
[  464.479838][T17297]  ? trace_irq_disable+0x3b/0x150
[  464.479861][T17297]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  464.479880][T17297]  ? clear_bhb_loop+0x40/0x90
[  464.479901][T17297]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  464.479918][T17297] RIP: 0033:0x7f1b7a99c799
[  464.479936][T17297] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  464.479950][T17297] RSP: 002b:00007f1b7b77c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  464.479969][T17297] RAX: ffffffffffffffda RBX: 00007f1b7ac15fa0 RCX: 00007f1b7a99c799
[  464.479982][T17297] RDX: 571f68543cec8180 RSI: 0000200000000580 RDI: 0000000000000004
[  464.479994][T17297] RBP: 00007f1b7b77c090 R08: 0000000000000000 R09: 0000000000000000
[  464.480005][T17297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  464.480016][T17297] R13: 00007f1b7ac16038 R14: 00007f1b7ac15fa0 R15: 00007ffd18cc4b88
[  464.480046][T17297]  </TASK>
[  464.819474][T17299] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3281'.
[  464.903098][T17302] netlink: 'syz.1.3279': attribute type 1 has an invalid length.
[  464.912394][T17302] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3279'.
[  465.001604][T17299] 8021q: adding VLAN 0 to HW filter on device bond1
[  465.075661][T17303] bond1: (slave ip6gretap3): Enslaving as an active interface with an up link
[  465.100411][T17307] netlink: 830 bytes leftover after parsing attributes in process `syz.1.3284'.
[  465.415527][T17316] syzkaller0: entered promiscuous mode
[  465.421457][T17316] syzkaller0: entered allmulticast mode
[  465.441351][T17323] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3289'.
[  465.541970][T17335] netlink: 'syz.2.3293': attribute type 10 has an invalid length.
[  465.593389][T17337] netlink: 'syz.2.3293': attribute type 10 has an invalid length.
[  465.648751][T17341] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3293'.
[  465.665710][T17340] netlink: 36752 bytes leftover after parsing attributes in process `syz.3.3294'.
[  465.762692][T17351] netlink: 165 bytes leftover after parsing attributes in process `syz.3.3296'.
[  466.261119][ T2339] block nbd10: Possible stuck request ffff888026df8000: control (read@0,1024B). Runtime 240 seconds
[  466.272190][ T2339] block nbd10: Possible stuck request ffff888026df8200: control (read@1024,1024B). Runtime 240 seconds
[  466.284071][ T2339] block nbd10: Possible stuck request ffff888026df8400: control (read@2048,1024B). Runtime 240 seconds
[  466.295732][ T2339] block nbd10: Possible stuck request ffff888026df8600: control (read@3072,1024B). Runtime 240 seconds
[  467.742030][T17335] bond0: (slave dummy0): Releasing backup interface
[  467.750090][T17335] dummy0: left promiscuous mode
[  467.755427][T17335] dummy0: left allmulticast mode
[  467.763158][T17335] team0: Port device dummy0 added
[  467.781190][T17337] team0: Port device dummy0 removed
[  467.790676][T17337] dummy0: entered promiscuous mode
[  467.796019][T17337] dummy0: entered allmulticast mode
[  467.803776][T17337] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  467.951040][T17387] netlink: 'syz.4.3305': attribute type 1 has an invalid length.
[  467.970353][T17387] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3305'.
[  468.034279][T17391] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3306'.
[  468.110854][T17393] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  468.118447][T17393] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  468.192882][T17397] dummy0: Caught tx_queue_len zero misconfig
[  468.299086][T17406] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3311'.
[  468.346388][T17406] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3311'.
[  468.449076][T17416] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3315'.
[  468.535324][T17413] syzkaller1: entered promiscuous mode
[  468.542459][T17413] syzkaller1: entered allmulticast mode
[  468.627398][T17419] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3316'.
[  469.133148][T17450] netlink: 'syz.3.3327': attribute type 1 has an invalid length.
[  469.354755][T17462] ip6gretap1: entered allmulticast mode
[  469.391466][T17466] tunl0: Caught tx_queue_len zero misconfig
[  469.502346][T17464] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  469.811068][T17473] mac80211_hwsim hwsim11 syzkaller0: left promiscuous mode
[  469.820781][T17473] mac80211_hwsim hwsim11 syzkaller0: left allmulticast mode
[  469.922984][T17494] netlink: 'syz.2.3340': attribute type 1 has an invalid length.
[  470.194186][T17511] bond6: peer notification delay (9) is not a multiple of miimon (100), value rounded to 0 ms
[  470.241399][T17515] bond7: peer notification delay (9) is not a multiple of miimon (100), value rounded to 0 ms
[  470.351553][T17525] IPVS: set_ctl: invalid protocol: 29 172.20.20.33:20004
[  470.575506][T17535] __nla_validate_parse: 5 callbacks suppressed
[  470.575527][T17535] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3356'.
[  470.693438][T17545] FAULT_INJECTION: forcing a failure.
[  470.693438][T17545] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  470.727448][T17545] CPU: 1 UID: 0 PID: 17545 Comm: syz.4.3358 Not tainted syzkaller #0 PREEMPT(full) 
[  470.727476][T17545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  470.727485][T17545] Call Trace:
[  470.727491][T17545]  <TASK>
[  470.727497][T17545]  dump_stack_lvl+0xe8/0x150
[  470.727521][T17545]  should_fail_ex+0x412/0x560
[  470.727542][T17545]  _copy_to_user+0x31/0xb0
[  470.727563][T17545]  simple_read_from_buffer+0xe1/0x170
[  470.727586][T17545]  proc_fail_nth_read+0x1bb/0x230
[  470.727607][T17545]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  470.727627][T17545]  ? rw_verify_area+0x2a6/0x4d0
[  470.727641][T17545]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  470.727660][T17545]  vfs_read+0x20c/0xa70
[  470.727678][T17545]  ? __pfx_vfs_read+0x10/0x10
[  470.727692][T17545]  ? __asan_memset+0x22/0x50
[  470.727708][T17545]  ? _copy_from_user+0x4c/0xb0
[  470.727732][T17545]  ? __sys_connect+0x335/0x450
[  470.727758][T17545]  ? __pfx___sys_connect+0x10/0x10
[  470.727785][T17545]  ksys_read+0x150/0x270
[  470.727801][T17545]  ? __pfx_ksys_read+0x10/0x10
[  470.727823][T17545]  do_syscall_64+0x14d/0xf80
[  470.727841][T17545]  ? trace_irq_disable+0x3b/0x150
[  470.727859][T17545]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.727873][T17545]  ? clear_bhb_loop+0x40/0x90
[  470.727888][T17545]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.727901][T17545] RIP: 0033:0x7f2ab315cfce
[  470.727915][T17545] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  470.727927][T17545] RSP: 002b:00007f2ab40e8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  470.727941][T17545] RAX: ffffffffffffffda RBX: 00007f2ab40e96c0 RCX: 00007f2ab315cfce
[  470.727951][T17545] RDX: 000000000000000f RSI: 00007f2ab40e90a0 RDI: 0000000000000003
[  470.727959][T17545] RBP: 00007f2ab40e9090 R08: 0000000000000000 R09: 0000000000000000
[  470.727966][T17545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  470.727974][T17545] R13: 00007f2ab3416038 R14: 00007f2ab3415fa0 R15: 00007fff05b481b8
[  470.727996][T17545]  </TASK>
[  470.956751][T17547] lo speed is unknown, defaulting to 1000
[  471.383402][T17549] Cannot find add_set index 1 as target
[  471.405370][T17562] can: request_module (can-proto-0) failed.
[  471.410309][T17549] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3360'.
[  471.463303][T17549] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3360'.
[  471.665858][T17576] netlink: 'syz.4.3369': attribute type 10 has an invalid length.
[  471.725318][T17578] netlink: 'syz.4.3369': attribute type 10 has an invalid length.
[  471.737848][T17580] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3368'.
[  471.760780][T17579] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3370'.
[  471.784384][T17585] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3369'.
[  471.805804][T17576] bond0: (slave dummy0): Releasing backup interface
[  471.825175][T17578] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  471.850495][T17574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3368'.
[  471.871838][T17580] hsr_slave_0: left promiscuous mode
[  471.887846][T17580] hsr_slave_1: left promiscuous mode
[  472.037646][ T2339] block nbd11: Possible stuck request ffff888026e50000: control (read@0,1024B). Runtime 240 seconds
[  472.049794][ T2339] block nbd11: Possible stuck request ffff888026e50200: control (read@1024,1024B). Runtime 240 seconds
[  472.061810][ T2339] block nbd11: Possible stuck request ffff888026e50400: control (read@2048,1024B). Runtime 240 seconds
[  472.073082][ T2339] block nbd11: Possible stuck request ffff888026e50600: control (read@3072,1024B). Runtime 240 seconds
[  472.376069][T17605] can: request_module (can-proto-0) failed.
[  472.763076][T17635] syzkaller1: entered promiscuous mode
[  472.771325][T17635] syzkaller1: entered allmulticast mode
[  472.795664][T17638] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3384'.
[  472.981451][T17644] bond2: entered promiscuous mode
[  472.987502][T17644] 8021q: adding VLAN 0 to HW filter on device bond2
[  473.063237][T17655] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3390'.
[  473.183144][T17659] can: request_module (can-proto-0) failed.
[  473.538146][T17683] FAULT_INJECTION: forcing a failure.
[  473.538146][T17683] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  473.599395][T17683] CPU: 0 UID: 0 PID: 17683 Comm: syz.2.3398 Not tainted syzkaller #0 PREEMPT(full) 
[  473.599421][T17683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  473.599430][T17683] Call Trace:
[  473.599437][T17683]  <TASK>
[  473.599444][T17683]  dump_stack_lvl+0xe8/0x150
[  473.599475][T17683]  should_fail_ex+0x412/0x560
[  473.599502][T17683]  _copy_from_user+0x2d/0xb0
[  473.599538][T17683]  sock_do_ioctl+0x195/0x320
[  473.599564][T17683]  ? __pfx_sock_do_ioctl+0x10/0x10
[  473.599583][T17683]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  473.599625][T17683]  sock_ioctl+0x5c6/0x7f0
[  473.599648][T17683]  ? __pfx_sock_ioctl+0x10/0x10
[  473.599669][T17683]  ? __fget_files+0x2a/0x420
[  473.599695][T17683]  ? __fget_files+0x3a0/0x420
[  473.599718][T17683]  ? __fget_files+0x2a/0x420
[  473.599745][T17683]  ? bpf_lsm_file_ioctl+0x9/0x20
[  473.599770][T17683]  ? __pfx_sock_ioctl+0x10/0x10
[  473.599790][T17683]  __se_sys_ioctl+0xfc/0x170
[  473.599814][T17683]  do_syscall_64+0x14d/0xf80
[  473.599837][T17683]  ? trace_irq_disable+0x3b/0x150
[  473.599862][T17683]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.599880][T17683]  ? clear_bhb_loop+0x40/0x90
[  473.599902][T17683]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.599920][T17683] RIP: 0033:0x7f0ee9f9c799
[  473.599937][T17683] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  473.599952][T17683] RSP: 002b:00007f0eeae96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  473.599972][T17683] RAX: ffffffffffffffda RBX: 00007f0eea215fa0 RCX: 00007f0ee9f9c799
[  473.599985][T17683] RDX: 0000200000000500 RSI: 0000000000008932 RDI: 0000000000000003
[  473.599996][T17683] RBP: 00007f0eeae96090 R08: 0000000000000000 R09: 0000000000000000
[  473.600008][T17683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  473.600017][T17683] R13: 00007f0eea216038 R14: 00007f0eea215fa0 R15: 00007ffc50231538
[  473.600046][T17683]  </TASK>
[  474.176792][T17711] netlink: 'syz.4.3405': attribute type 13 has an invalid length.
[  474.209958][T17711] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3405'.
[  474.230194][T17707] can: request_module (can-proto-0) failed.
[  474.463524][T17725] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  474.471047][T17725] IPv6: NLM_F_CREATE should be set when creating new route
[  474.538451][T17725] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  474.546152][T17725] IPv6: NLM_F_CREATE should be set when creating new route
[  474.941467][T17752] virt_wifi0: mtu less than device minimum
[  475.084195][T17763] netlink: 'syz.3.3420': attribute type 1 has an invalid length.
[  475.207355][T17769] can: request_module (can-proto-0) failed.
[  475.859641][    C1] ==================================================================
[  475.867811][    C1] BUG: KASAN: slab-use-after-free in rose_t0timer_expiry+0x1aa/0x560
[  475.876020][    C1] Read of size 8 at addr ffff888055b88c20 by task swapper/1/0
[  475.883583][    C1] 
[  475.886132][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  475.886157][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  475.886171][    C1] Call Trace:
[  475.886182][    C1]  <IRQ>
[  475.886192][    C1]  dump_stack_lvl+0xe8/0x150
[  475.886226][    C1]  print_report+0xba/0x230
[  475.886267][    C1]  ? rose_t0timer_expiry+0x1aa/0x560
[  475.886293][    C1]  kasan_report+0x117/0x150
[  475.886323][    C1]  ? rose_t0timer_expiry+0x1aa/0x560
[  475.886371][    C1]  rose_t0timer_expiry+0x1aa/0x560
[  475.886400][    C1]  call_timer_fn+0x192/0x640
[  475.886427][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  475.886453][    C1]  ? call_timer_fn+0xd4/0x640
[  475.886478][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  475.886507][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  475.886580][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  475.886606][    C1]  __run_timer_base+0x652/0x8b0
[  475.886629][    C1]  ? ktime_get+0x45/0x200
[  475.886654][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  475.886680][    C1]  ? sched_clock_cpu+0x74/0x440
[  475.886710][    C1]  run_timer_softirq+0xb7/0x170
[  475.886734][    C1]  handle_softirqs+0x22a/0x870
[  475.886763][    C1]  ? __irq_exit_rcu+0x5f/0x150
[  475.886793][    C1]  __irq_exit_rcu+0x5f/0x150
[  475.886819][    C1]  irq_exit_rcu+0x9/0x30
[  475.886842][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  475.886872][    C1]  </IRQ>
[  475.886879][    C1]  <TASK>
[  475.886887][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  475.886910][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  475.886941][    C1] Code: de 6e 02 c3 cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 92 1a 00 fb f4 <e9> fc e9 02 00 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90
[  475.886960][    C1] RSP: 0018:ffffc90000197e20 EFLAGS: 00000246
[  475.886980][    C1] RAX: 00000000000dedf9 RBX: ffffffff819a8c8d RCX: 0000000080000001
[  475.886995][    C1] RDX: 0000000000000001 RSI: ffffffff8df20a67 RDI: ffffffff8c27b500
[  475.887011][    C1] RBP: ffffc90000197f10 R08: ffff8880b873395b R09: 1ffff110170e672b
[  475.887027][    C1] R10: dffffc0000000000 R11: ffffed10170e672c R12: ffffffff90112cb0
[  475.887043][    C1] R13: 1ffff11003ad9000 R14: 0000000000000001 R15: 0000000000000001
[  475.887059][    C1]  ? do_idle+0x1bd/0x500
[  475.887092][    C1]  default_idle+0x9/0x20
[  475.887111][    C1]  default_idle_call+0x72/0xb0
[  475.887132][    C1]  do_idle+0x1bd/0x500
[  475.887161][    C1]  ? __pfx_do_idle+0x10/0x10
[  475.887207][    C1]  ? do_idle+0xa/0x500
[  475.887237][    C1]  cpu_startup_entry+0x43/0x60
[  475.887264][    C1]  start_secondary+0x101/0x110
[  475.887298][    C1]  common_startup_64+0x13e/0x147
[  475.887335][    C1]  </TASK>
[  475.887348][    C1] 
[  476.151056][    C1] Allocated by task 11865:
[  476.155559][    C1]  kasan_save_track+0x3e/0x80
[  476.160253][    C1]  __kasan_kmalloc+0x93/0xb0
[  476.164854][    C1]  __kmalloc_cache_noprof+0x31c/0x660
[  476.170346][    C1]  rose_add_node+0x23c/0xf00
[  476.175055][    C1]  rose_rt_ioctl+0xd35/0x12a0
[  476.179770][    C1]  rose_ioctl+0x3fb/0x8f0
[  476.184733][    C1]  sock_do_ioctl+0x101/0x320
[  476.189441][    C1]  sock_ioctl+0x5c6/0x7f0
[  476.193792][    C1]  __se_sys_ioctl+0xfc/0x170
[  476.198406][    C1]  do_syscall_64+0x14d/0xf80
[  476.203028][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.209268][    C1] 
[  476.211885][    C1] Freed by task 17775:
[  476.216136][    C1]  kasan_save_track+0x3e/0x80
[  476.221186][    C1]  kasan_save_free_info+0x46/0x50
[  476.226335][    C1]  __kasan_slab_free+0x5c/0x80
[  476.231470][    C1]  kfree+0x1c1/0x630
[  476.235386][    C1]  rose_timer_expiry+0x4cb/0x600
[  476.240427][    C1]  call_timer_fn+0x192/0x640
[  476.245123][    C1]  __run_timer_base+0x652/0x8b0
[  476.249982][    C1]  run_timer_softirq+0xb7/0x170
[  476.254860][    C1]  handle_softirqs+0x22a/0x870
[  476.259737][    C1]  do_softirq+0x76/0xd0
[  476.263924][    C1]  __local_bh_enable_ip+0xf8/0x130
[  476.269211][    C1]  bpf_test_run_xdp_live+0x1a47/0x1cf0
[  476.274694][    C1]  bpf_prog_test_run_xdp+0x81c/0x1160
[  476.280100][    C1]  bpf_prog_test_run+0x2c7/0x340
[  476.285051][    C1]  __sys_bpf+0x643/0x950
[  476.289311][    C1]  __x64_sys_bpf+0x7c/0x90
[  476.293741][    C1]  do_syscall_64+0x14d/0xf80
[  476.298446][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.304435][    C1] 
[  476.306766][    C1] The buggy address belongs to the object at ffff888055b88c00
[  476.306766][    C1]  which belongs to the cache kmalloc-512 of size 512
[  476.320913][    C1] The buggy address is located 32 bytes inside of
[  476.320913][    C1]  freed 512-byte region [ffff888055b88c00, ffff888055b88e00)
[  476.335252][    C1] 
[  476.337591][    C1] The buggy address belongs to the physical page:
[  476.344012][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55b88
[  476.352874][    C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  476.362347][    C1] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  476.369936][    C1] page_type: f5(slab)
[  476.373941][    C1] raw: 00fff00000000040 ffff88813fea8c80 dead000000000100 dead000000000122
[  476.382622][    C1] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[  476.391238][    C1] head: 00fff00000000040 ffff88813fea8c80 dead000000000100 dead000000000122
[  476.399925][    C1] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[  476.408613][    C1] head: 00fff00000000002 ffffea000156e201 00000000ffffffff 00000000ffffffff
[  476.417312][    C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  476.426133][    C1] page dumped because: kasan: bad access detected
[  476.432568][    C1] page_owner tracks the page as allocated
[  476.438370][    C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5873, tgid 5873 (kworker/1:4), ts 71272836920, free_ts 19706502478
[  476.460014][    C1]  post_alloc_hook+0x231/0x280
[  476.465378][    C1]  get_page_from_freelist+0x24dc/0x2580
[  476.471518][    C1]  __alloc_frozen_pages_noprof+0x18d/0x380
[  476.477634][    C1]  allocate_slab+0x77/0x660
[  476.482176][    C1]  refill_objects+0x331/0x3c0
[  476.487226][    C1]  __pcs_replace_empty_main+0x2f9/0x5e0
[  476.492915][    C1]  __kmalloc_noprof+0x474/0x760
[  476.497800][    C1]  switchdev_deferred_enqueue+0x2d/0x240
[  476.503576][    C1]  switchdev_port_obj_add+0x1f4/0x300
[  476.509063][    C1]  br_switchdev_mdb_notify+0x3cd/0x480
[  476.514658][    C1]  __br_mdb_notify+0x73/0x970
[  476.519464][    C1]  __br_multicast_add_group+0x6b5/0xa30
[  476.525153][    C1]  br_multicast_rcv+0x3b8f/0x7650
[  476.530815][    C1]  br_handle_frame_finish+0x775/0x1bb0
[  476.536352][    C1]  br_nf_hook_thresh+0x3dd/0x4c0
[  476.541305][    C1]  br_nf_pre_routing_finish_ipv6+0xa3a/0xd70
[  476.547385][    C1] page last free pid 1 tgid 1 stack trace:
[  476.553195][    C1]  __free_frozen_pages+0xc2b/0xdb0
[  476.558338][    C1]  free_contig_range+0xbb/0x170
[  476.563308][    C1]  destroy_args+0x4e5/0x570
[  476.568046][    C1]  debug_vm_pgtable+0x3f8/0x410
[  476.573486][    C1]  do_one_initcall+0x250/0x8d0
[  476.578288][    C1]  do_initcall_level+0x104/0x190
[  476.584015][    C1]  do_initcalls+0x59/0xa0
[  476.588668][    C1]  kernel_init_freeable+0x2a6/0x3e0
[  476.594925][    C1]  kernel_init+0x1d/0x1d0
[  476.599266][    C1]  ret_from_fork+0x51e/0xb90
[  476.603895][    C1]  ret_from_fork_asm+0x1a/0x30
[  476.608675][    C1] 
[  476.610994][    C1] Memory state around the buggy address:
[  476.616697][    C1]  ffff888055b88b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  476.624778][    C1]  ffff888055b88b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  476.632849][    C1] >ffff888055b88c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  476.641344][    C1]                                ^
[  476.648394][    C1]  ffff888055b88c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  476.657701][    C1]  ffff888055b88d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  476.666564][    C1] ==================================================================
[  476.675277][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  476.683907][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  476.693054][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  476.703171][    C1] Call Trace:
[  476.706469][    C1]  <IRQ>
[  476.709328][    C1]  vpanic+0x56c/0xa60
[  476.713327][    C1]  ? __pfx_vpanic+0x10/0x10
[  476.717946][    C1]  panic+0xc5/0xd0
[  476.721769][    C1]  ? __pfx_panic+0x10/0x10
[  476.726199][    C1]  ? lockdep_hardirqs_on+0x7a/0x110
[  476.731417][    C1]  ? rose_t0timer_expiry+0x1aa/0x560
[  476.737002][    C1]  ? rose_t0timer_expiry+0x1aa/0x560
[  476.742311][    C1]  check_panic_on_warn+0x89/0xb0
[  476.747303][    C1]  ? rose_t0timer_expiry+0x1aa/0x560
[  476.752708][    C1]  end_report+0x73/0x180
[  476.756997][    C1]  ? rose_t0timer_expiry+0x1aa/0x560
[  476.762299][    C1]  kasan_report+0x128/0x150
[  476.766818][    C1]  ? rose_t0timer_expiry+0x1aa/0x560
[  476.772123][    C1]  rose_t0timer_expiry+0x1aa/0x560
[  476.777282][    C1]  call_timer_fn+0x192/0x640
[  476.781896][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  476.787607][    C1]  ? call_timer_fn+0xd4/0x640
[  476.792313][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  476.797555][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  476.802779][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  476.808433][    C1]  __run_timer_base+0x652/0x8b0
[  476.813426][    C1]  ? ktime_get+0x45/0x200
[  476.817772][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  476.823244][    C1]  ? sched_clock_cpu+0x74/0x440
[  476.828113][    C1]  run_timer_softirq+0xb7/0x170
[  476.832998][    C1]  handle_softirqs+0x22a/0x870
[  476.837896][    C1]  ? __irq_exit_rcu+0x5f/0x150
[  476.842685][    C1]  __irq_exit_rcu+0x5f/0x150
[  476.847298][    C1]  irq_exit_rcu+0x9/0x30
[  476.851559][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  476.857312][    C1]  </IRQ>
[  476.860253][    C1]  <TASK>
[  476.863286][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  476.869280][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  476.874929][    C1] Code: de 6e 02 c3 cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 92 1a 00 fb f4 <e9> fc e9 02 00 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90
[  476.894545][    C1] RSP: 0018:ffffc90000197e20 EFLAGS: 00000246
[  476.900632][    C1] RAX: 00000000000dedf9 RBX: ffffffff819a8c8d RCX: 0000000080000001
[  476.908608][    C1] RDX: 0000000000000001 RSI: ffffffff8df20a67 RDI: ffffffff8c27b500
[  476.916627][    C1] RBP: ffffc90000197f10 R08: ffff8880b873395b R09: 1ffff110170e672b
[  476.924626][    C1] R10: dffffc0000000000 R11: ffffed10170e672c R12: ffffffff90112cb0
[  476.932607][    C1] R13: 1ffff11003ad9000 R14: 0000000000000001 R15: 0000000000000001
[  476.940588][    C1]  ? do_idle+0x1bd/0x500
[  476.944858][    C1]  default_idle+0x9/0x20
[  476.949122][    C1]  default_idle_call+0x72/0xb0
[  476.953896][    C1]  do_idle+0x1bd/0x500
[  476.957987][    C1]  ? __pfx_do_idle+0x10/0x10
[  476.962603][    C1]  ? do_idle+0xa/0x500
[  476.966683][    C1]  cpu_startup_entry+0x43/0x60
[  476.971458][    C1]  start_secondary+0x101/0x110
[  476.976233][    C1]  common_startup_64+0x13e/0x147
[  476.981188][    C1]  </TASK>
[  476.984375][    C1] Kernel Offset: disabled
[  476.988687][    C1] Rebooting in 86400 seconds..