last executing test programs: 11.901519999s ago: executing program 4 (id=3002): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000600)=ANY=[], 0x10448) select(0x4, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x6, 0x8000000000000001}) 11.90090148s ago: executing program 4 (id=3003): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) ppoll(0x0, 0x0, &(0x7f00000000c0)={0x77359400}, &(0x7f0000000100)={[0x4]}, 0x8) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3cf50000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc580000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000002c0003800c0000800800034000000002100000800c000180060001"], 0xbc}}, 0x40) 11.179823769s ago: executing program 4 (id=3006): ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f00000002c0)={'rose0\x00', 0x1}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000300)={'rose0\x00', 0x4000}) listen(0xffffffffffffffff, 0x8000) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) r2 = syz_open_procfs$namespace(0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r4 = socket(0x1e, 0x805, 0x0) sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8080}, 0x20000000) setsockopt$sock_int(r4, 0x1, 0x2b, &(0x7f0000000180)=0x5, 0x4) sendfile(r0, r2, &(0x7f0000000040)=0x5, 0x2) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{0x0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)}, {&(0x7f00000003c0)}], 0x2}, 0x0) syz_open_procfs$namespace(0x0, 0x0) unshare(0x6a040000) shutdown(0xffffffffffffffff, 0x1) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r5, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r5, 0x5) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x80fe, @loopback}, 0x1c) accept(r5, 0x0, 0x0) 3.289871763s ago: executing program 3 (id=3076): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="b80000001300e99900000000fedbdf2500000000000000000000000000000000fe80000000f7ffffffffffffff0000bb00000033000000000a006080ff000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000007f00000000000000030000000000000000000000000000000000000000000000ffffffffffffffff0002000000000000fffffffffffffffe0300000000000000000000000000000000000000000000000100000000000000060000000000000001"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) 3.119634312s ago: executing program 3 (id=3079): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000000100000400000020000000", @ANYRES32, @ANYBLOB="000000e46b000000000000000000000000a778bb596dd9e3f46d394537fbded30823a359d744792b92d3f507d813ce30f1d058e61efd40d8090718c746c07ed648cee06d887fc3eab86551efb5f084f0cfea141c9ee9fa45a541a84aa651cf32beef30f660252ff39ef28603def9b1a38b1f216a68b952c02d2ae89365cd6f17de1be0acae774a916de93142378d2a5a70cc4bcd3f840c632d4851cc19f3726e90be52103e075c02650e911ba35cd6b79ce898b724d52951bf7b8db583796fe6c04ed11b8689b5fa0873eb68c6e9785bc710f0f161658e339261c358ac12ad7f01784f86134601c08b2bc640af18b546d4c2a9639779c18b683b97ff8d9e6da25d49032fd90d008896c7e6713507f32cd3d3bc1fd4f4b3506c80b7db8c0b3b340bd8e133404162419515b6066d9968fd5be6bfd4be62e6bbc880e619ed90d83528a2bacac03a403cf5af0180424d34", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x50) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000100)=0x8) r2 = accept(r0, &(0x7f0000000140)=@rc={0x1f, @none}, &(0x7f00000001c0)=0x80) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000440)={r1, 0xd3, "b633e75a338bed7e7c6cf386f142ecd8270784280c705fd5e8c16e0eb7f5e8cdc2abba62b7c5ea969b64141c2e30446ca1a1ec09ff703084c480e03f24f9cf9d92a89ec6f3f953864774a98df4dfe99dbbef26c2a610e1ec4e4993a4fff5243f8d77788044e06df6fa8adf153a6e06f397bc32dd58bae782adaa03bee0962d81cbd6f5e097cfa9ad9cc83bdbdc0fa98f543ef5792ff501b17f25d7c249ebf51e5b4b603ac7f53d31a233b51323168783d0e5098f63af0daba58ad0398ddc104f9e85575307ad3875e210a383ccbd59fbd73a60"}, &(0x7f0000000540)=0xdb) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000200)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r4, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x1, 0x80002}) (fail_nth: 73) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x10, &(0x7f0000000200)=ANY=[@ANYBLOB="1800"/15, @ANYBLOB="0000000000000000b703000000050000850000001b000000b700000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000c098078500000006000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r5}, 0x18) 2.996679814s ago: executing program 2 (id=3080): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) (async) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) (async) sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x44, 0x14, 0x1, 0x0, 0x0, {0x2, 0x88}, [@INET_DIAG_REQ_BYTECODE={0x2e, 0x1, "fd2929bf64daedcfeb488e63463d8554add1da6e87f783980a4d1634c6450559443c29240956451306cf"}]}, 0x44}}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x4c, &(0x7f0000000000), 0x4) (async) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) (async) recvmsg$unix(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) (async) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) ppoll(&(0x7f0000000500)=[{r4}], 0x1, 0x0, 0x0, 0x0) getsockname$packet(r3, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000400)=0x14) (async) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x0, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) (async) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000001c40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af9cc9e5ef6bda9df2c3af36effff9af2551ce935b0f327cb3f011a2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7511d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1525320e716660000000000b02b001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10738d3c9f7a98eccb26f7e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe977076ce7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d1a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1c77a211bfa02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc084075ad10727522934a87a4ddcdb112754ca5bdec0ead14b6c0f19a4b126bbe0c2b8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcb1a47a87baf63e4edf11c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c158ae8f44bfbfa7c2730302b66a99f66705b71e6205e7cbf36435e1eabb9a63fcd604d5cc27e1317ad94cf438d7187a2fe4e06fa6cbf84ef1efa82cb2c4af6bd1370616cdbe2b98fd89b79824ba089df1f81e6fcef073059f5f1d6a221d791839d7826ed1759c2153532c393fd1bd7be2e7f5abf2f0800000000ea46c07adee10d0f2bc85cf37182256e4fd8f56942726efc07180eaa5421d697665c8bacd39cdb392e6153af80bc1a69e3bfab032e78c9a96eab13be845a0d44ef2a4ab414ac2e4802a3b5d3aa2a4a4fc259206d97d0cc1602d6b45ff414c53fc9f5f68438f0423e168a97923ca0464b40b2f797841fb2bb2e5ad9feff37220ab7c34f4c382c247e7735adb55c209f7c0f8880733dbd3f5a095cc6a2"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r7, 0x44}, 0x10) (async) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000800), r8) sendmsg$NLBL_MGMT_C_LISTALL(r8, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000980)=ANY=[@ANYBLOB="14000000", @ANYRES16=r9, @ANYBLOB="819b00"/14], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x40008c4) (async) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2031}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r0}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20048054}, 0x0) syz_emit_ethernet(0x9a, &(0x7f0000000540)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd6000008000641100fe80000000f0ffffffffffffff0000bbff02000000000000000000000000000100004e22004d9078020000000000000000000000eaf12af8010d4894322fd8f9f39c6526ece5d2603725b9cabfc2c9f4513d3dfb201f3a70a41ef6c2fca06a9bd768d5f176c198150020000000000000000010009514b06796dbf2ea9e520f1475c8f65b13efcfbfc9b1d0e5c58b4be6608c9608e393ff14c36c9c3390f375043be439a02b275fa5b79c00e7ae925b94dcc6a70a1afb34cb5cb991a40a2f23322648ac95f7"], 0x0) r11 = socket$inet(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8b04, &(0x7f0000000200)={'wlan1\x00'}) (async) bind$inet(r11, &(0x7f0000000100)={0x2, 0x4e23, @remote}, 0x10) close(0x4) 2.57171333s ago: executing program 3 (id=3082): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000dc0)=@mangle={'mangle\x00', 0x2, 0x6, 0x758, 0x190, 0x360, 0x450, 0x0, 0x0, 0x688, 0x688, 0x688, 0x688, 0x688, 0x6, 0x0, {[{{@ipv6={@mcast1, @empty, [0x0, 0x0, 0x0, 0x22c], [], 'bond_slave_0\x00', 'vlan1\x00', {}, {0xff}, 0x21}, 0x0, 0x168, 0x190, 0x0, {0x7a00000010000000}, [@common=@srh1={{0x90}, {0x32, 0x0, 0x0, 0x0, 0x0, @empty, @mcast2, @private2, [], [0x0, 0xffffffff], [0x0, 0x0, 0x0, 0xffffffff], 0x2022, 0x50}}, @common=@inet=@dccp={{0x30}, {[0x4e24, 0x4e24], [0x4e23, 0x4e24], 0xd, 0x0, 0x4, 0x7}}]}, @HL={0x28}}, {{@ipv6={@mcast2, @dev={0xfe, 0x80, '\x00', 0x2}, [], [0x0, 0x0, 0x8000007f], 'bridge0\x00', 'veth1_vlan\x00', {}, {}, 0x0, 0x3}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{}, {}, {0x0, 0xfd}, 0x300, 0x4}}}, {{@ipv6={@ipv4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0x0, 0x0, 0x0, 0xff], [], 'bridge0\x00', 'bond_slave_0\x00', {0xff}}, 0x0, 0xa8, 0xf0, 0x48000000}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@loopback, @ipv6=@loopback, 0x5, 0xc}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv6=@private1, 0x0, 0x37}}}, {{@uncond, 0x0, 0x210, 0x238, 0x0, {}, [@common=@ah={{0x30}, {[0x4d3, 0x4d3], 0x1, 0x9, 0x3}}, @common=@rt={{0x138}, {0x0, [0x0, 0xc], 0x0, 0x0, 0x1, [@empty, @private2={0xfc, 0x2, '\x00', 0x1}, @private0, @empty, @remote, @empty, @mcast2, @mcast2, @private0, @empty, @loopback, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @remote, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0]}}]}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x7b8) 2.489298252s ago: executing program 2 (id=3085): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='D', @ANYRES16=r3, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008001400070010000800130008000300080012"], 0x44}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000040)={'ip6gre0\x00', &(0x7f0000000140)={'syztnl2\x00', 0x0, 0x2f, 0xc, 0x8, 0x2b, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}, @loopback, 0x700, 0x7800, 0x0, 0xf4c5}}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000280)={'syztnl1\x00', &(0x7f00000001c0)={'ip6_vti0\x00', 0x0, 0x29, 0x4, 0xfb, 0x80, 0x12, @private2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40, 0x10, 0x80, 0x7}}) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f00000002c0)={@multicast1, @rand_addr, 0x0}, &(0x7f0000000300)=0xc) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'gretap0\x00', &(0x7f0000000340)={'syztnl1\x00', 0x0, 0x1, 0x40, 0xb, 0x360889ba, {{0x2f, 0x4, 0x2, 0x3f, 0xbc, 0x68, 0x0, 0x1, 0x4, 0x0, @multicast2, @rand_addr=0x64010102, {[@noop, @ssrr={0x89, 0x1b, 0xcd, [@local, @loopback, @multicast2, @rand_addr=0x64010102, @multicast2, @remote]}, @lsrr={0x83, 0x1f, 0xcb, [@multicast1, @dev={0xac, 0x14, 0x14, 0x1f}, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0xb}, @broadcast, @local]}, @cipso={0x86, 0x45, 0x3, [{0x2, 0x10, "6394f5ec1e1d1bc6e5df46a0529f"}, {0x6, 0x7, "4fd68c3285"}, {0x2, 0xa, "ff45658e26112a0d"}, {0x0, 0x10, "e5b5e12d4172f296f91f79aa2d49"}, {0x0, 0xe, "eb5fbd8b4578d4d523e72ff4"}]}, @timestamp={0x44, 0x10, 0xf7, 0x0, 0x1, [0x7, 0x8b3, 0x7]}, @ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x13, 0x1, [{0x2, 0x3, "eb"}, {0x6, 0xa, "63b794a2be9662d8"}]}]}}}}}) r8 = socket(0x10, 0x803, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9) r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r10, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r10, &(0x7f0000000340)="18000000010005", 0x7) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r9, @ANYBLOB="020000000000800080001200080001007674693674000200"], 0xa0}}, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) r12 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r12) getsockname$packet(r12, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route_sched(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@delchain={0x24, 0x2c, 0xf31, 0x0, 0x2000, {0x0, 0x0, 0x0, r13, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000480)={@private, @loopback, 0x0}, &(0x7f00000004c0)=0xc) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000500)={0x0, @multicast2, @initdev}, &(0x7f0000000540)=0xc) sendmsg$ETHTOOL_MSG_RINGS_GET(r1, &(0x7f00000005c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000680)={0xb0, r3, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x4}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x44800}, 0x1) r16 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$netlink(r16, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="8801000010000905000000000000000008004f00", @ANYRES32, @ANYBLOB="a90000002b0e13e735a3184f123d6da2f1acfac0ee2dd2b184b27db1f302de337c0004060000000000bf852c8986626691b01b2d44e4ce2871282d28"], 0x188}], 0x1}, 0x40040) r17 = socket(0x10, 0x3, 0x0) sendto$inet6(r17, &(0x7f0000000080)="7800000018002507b9409b02ffff48000203be04020406050a02040c5c000900580006080a0000000d0085a168d0bf46d32345653600648d040015000a00050049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000407160012000a0000000000e000e218d1dd3b6ed538f2523250", 0x78, 0x0, 0x0, 0x52) 2.336169559s ago: executing program 3 (id=3086): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) writev(r1, &(0x7f00000008c0)=[{&(0x7f0000000580)='`', 0x1}], 0x1) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000080)=0x6, 0x26) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f00000000c0)=0x3e1, 0x4) recvmmsg(r0, &(0x7f0000000300), 0x40000000000049e, 0x1000000000fe, 0x0) (fail_nth: 40) 2.0075684s ago: executing program 1 (id=3087): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x238, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.956970113s ago: executing program 3 (id=3088): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x7) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x4000000, {}, {0x2, 0x0, @empty}, {0x2, 0x0, @empty}, 0x2a0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x700}) 1.941767719s ago: executing program 2 (id=3089): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xa, 0xb, 0x42, 0x3e, 0x42}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000180)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1, 0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000280)}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0xf8ff, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0xc}, 0x94) 1.756845909s ago: executing program 1 (id=3091): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) ppoll(0x0, 0x0, &(0x7f00000000c0)={0x77359400}, &(0x7f0000000100)={[0x4]}, 0x8) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3cffef00090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc580000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000002c0003800c0000800800034000000002100000800c000180060001"], 0xbc}}, 0x40) 1.659015566s ago: executing program 2 (id=3093): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {}, {}, {}, {}, {}]}, @func, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x96}, 0x20) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000002000000000000000000000009500000000000000"], &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r2, 0xd8, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001000), 0x8, 0x0, 0x8, 0x0, 0x0}}, 0x10) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r0, 0x0) unshare(0x20000400) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000380)=[{&(0x7f0000002040)="162dd3cad75f87", 0x7}], 0x1, 0x6) 1.508201549s ago: executing program 2 (id=3094): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xf0) ioctl$sock_ax25_SIOCADDRT(r0, 0x891e, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) syz_emit_ethernet(0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000040), &(0x7f0000000240)=0xfffffffffffffffa) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x8810) r3 = socket$can_j1939(0x1d, 0x2, 0x7) getsockopt$SO_J1939_PROMISC(r3, 0x6b, 0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, 0x0}, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmmsg(r4, &(0x7f00000000c0), 0x2c8, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000060000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a03000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000180003801400020000007468305f746f5f68737200000000080002"], 0xe8}}, 0x0) 1.36053635s ago: executing program 0 (id=3095): bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0), 0x8) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340), 0x4) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000003c0)={0xffffffffffffffff, 0x7, 0x10}, 0xc) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000002740)) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008001400070010000800130008000300080012"], 0x44}, 0x1, 0x0, 0x0, 0x100007}, 0x0) 1.282217793s ago: executing program 2 (id=3096): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r0, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) r1 = socket$netlink(0x10, 0x3, 0x9) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x8, 0x4, 0x4, 0x10002, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff, 0x0, 0x0, @void, @value, @void, @value=0x180}, 0x50) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14, 0x3ec}, [], {0x14, 0x3f8}}, 0x28}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, &(0x7f0000000000)={0x8, 0x4, 0x7, 0x3}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x928, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x8fc, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}, {0x8e0, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_DATA={0x8dc, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x7c4, 0x1, "b01dc3f4d2ebe6c4d2a0a6caff61ccec014a8587b46892a9882b06495b04b594e88e53c1745918adc67d50fa4de3feb6a6acc9c1e299f6244bdfa1e889eb6f24ddda13d1c6d817e8485a9912237e02dc642a762ca5d2e6243a06a83a95e0e2c8400f4ccaa7386059000a9a06a3adcf684aa2ce97765f7e6147ac9b6a036ce0d42cb5d3dd045ebd76b1fa334690744068c49c9c09066c5e146cf4b68eaa4f6501dda2bcb907289a23ff7d18df3ac0111f22dc410156077f1fb37186de56d137b2c4f115a650a3dc2d0bbaf0d88cd8356807087818e611ff824bddf7a765943cfd79624da2731f1464fc2ad05c00ffd6ac747c7af1a9a52555a390fd31db69649840c5e84b31dac3bc9d3f7c1106c05c9cf1b4ac1171d101811044325ce8754d7f58ec5fef5bdf869b9e4f8f7e15c397828c984b362766a18ab3bbba5ec85e63b00647b2c3fe5094e7703c6f7a3ead5d03c2ec24e28ed91b8c640f3cff9c9ad8dd142d26f3f6b92176e242235376de464be9f45bd4d438cb939d95bb9b90fd7b98be9819a38d2917ac484656e404e4b3f845f0bf5626a349685492b31b54a422f9afcba018ff2a740e0321b15e6809fb09621957c5ec9dcdaca4b8c05b164d4dfa30f60c4c8c9f4ee1cb372d1b192dc1fc1b146eb542666016d3e1ad82cee8483c41cc8aa9ba408ea62e1281732d8e75fe38aeb5cf58acb7fabfba08618e7d20c765199a744d8c46ac7ec2a6bdb8dae4bb564e6711c357f5d0491613aa4b46b3441d0fcbc10167e17b7637a957dcd71303c1ac5c262e1fde287a67b2048db5041fe20e1f3d0d52198bcad7a023177f5916599f9a375ee3af9b4d613240e91c740d2186e0f7ce759ded2d0ada3c606886d9279ab5da5b8863a9a2e98c7f582b722fda3db5d02eede59210ed8f087e8eb321448759fb3c834d638cea2fdfd0730891d359c1862e3d8b91c3eea5d79a5681872426f745eae64eaf14ac5b463f4ad13b19aee4fefd4cf6cdb63ebf6309e6b5979cfe8d83ab0a00958d66a13087f902eeb2eef27213ffdc121106283ef60f500dd8ded690161854fb9ae5a02bc2938f52a1f468bcf7f2cfb678d89a43219f9c43a4a61bf07bccacf91e04a0fc8eef8da8ad6cf5b7b4a084018a39ef9f8281afba4d9528b1d200e92c586ede0feb18d48c650f4ecf454383da534bc3b3046462789c5cffc8e332a7bc1cc8087b8d7c1899db42ebcb12219f4cdbc973380145b865c1cd9852c8d0f6ae326067c2b2ade8dec6878a10bae22401f93168a142efadffc72573dc37cf78994dcb4b5867e23fba69f64b584cd06abe9ffb656d8d2d77cb7df83c50604acaf0a0ffed4171723496b54a19edff0b5d31f238ffd1258596bb2f7582b836c9e0946272da4f60857e7430b6a11aacc3b749dbe44ba6143bf247de724418165d6731a5c4217ce31908ffd878f6d5bb8b27581c4c440835bd9cf16cf8ba5459c59e746f3833b0906f99cd39b0f3a78fcaad78314c20ba2a50eca8bd1b21371e14b757e338bcbe88cbbdf186d83fe2f161a7183edae10b9d60170d3b1adea67bfd3d43955cad5130252cc79236d14d552adf267fc285c15671386ee84353ae2308f2e963ee73bf7fb48ad6748d8f9ab9aa4c6de5dcb74499c5b0a98a22adb830980b9e68ac36f557460f900de763812f505b4270edee63d7c0f8995a042eaa3bfb6cb81fd13c4e8a013b98515eef0bc5fe38f7fb7a3c4ea9f74c5c306a25757662b5ff1b7eb757fd97b570f8e545b0a51c5bf081f27a59de14a7c3fc89b1de9df92644330bc41c191dccc6a0a0f87355a1ee2a204a9bbbd364a12c26cfbee1bc0a3b3c047792835306f9b6a050f6b8a1509355b32e9b3d96460636cbc6339fb18f5f3bdfd37da8b32c3f9f96af8e3537fa26c85d0b76b3ced9d896cf5d6956fa465c41fede05a39f2db3b901a3d6d6994bb4b51b309fcef1cd68d06ead264d190223fe2a20be14b0e319e6dbdefb074fa7097c23538ef6402f6ed86c9c3f629ba3d6a4dbc3eba35d6e5216b9d9f1f3fcb3735fe92c5f3b5ababfaced0db047b3d70d770b78697be0f059d4db45d041cbdb484781930a3e944267fd66e9b0b8dbbcac6b57633deefc92d612e4bb7adf589a63ae308320fa47ab977d956cc27c801db5a8bbcc4ae13b1ecf11ba47e2feaf08b7c5409878514991e84abeddf058bd20928e2a0e8b0d2e08fa56773fbdbded193c2d740349b808e9c2292b22092d8181e4f6c78d7efcc215ba36ec6de1df6269d93b202a7992e3a6741d11dbc7a4929e2ccb8c7f8859cdd6d9b00fc63224e2229e798d42e73a613c1f20b1bcf7309b38bf23ee4fe1303e8a9aa2816154b617c77a554a4adae8649d8bd702fd16191c06feedb4df1116c1fe20f5b0ab7f31c442bc147ebdcf8904757b8d3097806df039f709bb967e8f60868251e2be5a067193fd8d399039bfed185f42182ef3f349bdc5ab35f5528af31f19db8af6836962272991470fa7d6b4ac3c60349174aa786338cc5a67787841573ba564f8edf1cddb602596aa3022a234b72915e9f11ef91bc1d7977ce70353852939a8aee8b557f6178d09665c35047a642bc09db43320a21957ac2c5b4650bd5aba0e71d3ae49dc7265e841e75c1169d9b6c09e4b7fd988ad0c47e44793afb06c15bd0a4e1d4680c94c15283b5cbd6e03ff80cea7ef2e1d5ea2f020c53a415bf2bf71a87499802e8d7352898c777644c06569b500064577035929c8f28e15a43d228690324d1442ce5cf82b93dff09994ef52190279772083baf384616fb6b82e7d"}, @NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VALUE={0x8b, 0x1, "4c5158ae560a528ff9f1050275f2f06dbb6a916939beed63d688644eed0a3e05a8082e9339ca9e1c93f83cc917ac819616d2a236b02726635cd21ef6909e53d804fd9352707430587910cdc1e59d251f7d0dce836510b6acf34cbdfbc2f451d36b70bd5029b0ca908e08a70aca9575daf94103c3b01688d3676d5bb9856ba4b231e191b2e1af34"}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x9a4}}, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x3d}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x76}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) listen(0xffffffffffffffff, 0xa596) sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x140, 0x1, 0x1, 0x201, 0x0, 0x0, {0x1, 0x0, 0x6}, [@CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x2}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x4}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1112}, @CTA_NAT_DST={0x80, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010101}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MINIP={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x32}}, @CTA_NAT_V6_MINIP={0x14, 0x4, @loopback}, @CTA_NAT_PROTO={0x34, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}]}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private1}]}, @CTA_TUPLE_REPLY={0x40, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @private0}}}]}, @CTA_TUPLE_REPLY={0x4c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1b}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x3}]}, 0x140}, 0x1, 0x0, 0x0, 0x10000}, 0x2000c000) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) r4 = socket(0x840000000002, 0x3, 0x100) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000600)=@newtfilter={0xb4, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0x0, 0x3}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_u32={{0x8}, {0x88, 0x2, [@TCA_U32_SEL={0x74, 0x5, {0x5, 0x6, 0x6, 0x5, 0x400, 0x2, 0x1, 0xc, [{0xfffffff9, 0x9df8, 0x5, 0xfffffffe}, {0x80000000, 0xabac, 0x5d9, 0x6}, {0x7365, 0x200, 0x2, 0x3}, {0xaa2, 0x80000000, 0xc06f, 0x7ffe}, {0x9, 0x8001, 0x80, 0x7ff}, {0xc00, 0x23e, 0x10000, 0x2}]}}, @TCA_U32_LINK={0x8, 0x3, 0x5}, @TCA_U32_CLASSID={0x8, 0x1, {0xb}}]}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x50}, 0x0) setsockopt$inet_msfilter(r4, 0x0, 0x29, 0x0, 0xffad) setsockopt$PNPIPE_HANDLE(r4, 0x113, 0x3, &(0x7f00000000c0)=0x7f, 0x4) r9 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r9) 1.15258414s ago: executing program 0 (id=3097): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c00000010004b0422000000210000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c00028008000400000000000800157fff000000050016"], 0x4c}, 0x1, 0x0, 0x0, 0x200400a0}, 0x0) 1.017112609s ago: executing program 0 (id=3098): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000200000000000000000000000004"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0}, 0x4) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) r2 = socket(0x22, 0x6, 0x1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x80, 0x3, 0x18, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, @dev={0xfe, 0x80, '\x00', 0x13}, 0x1, 0x80, 0xfffffffe, 0x80}}) getsockopt$inet_opts(r1, 0x0, 0x0, &(0x7f0000000200)=""/4096, &(0x7f00000000c0)=0x1000) write$cgroup_int(r1, &(0x7f0000000080), 0x12) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000009c0)=ANY=[@ANYBLOB="c0010000100003040000000000", @ANYRES32=0x0, @ANYBLOB="00000000480000004800128009000100766c616e00000000380002800c0003000000000005000000280004800c000100ff0f0000000000000c00010006000000050000000c000100060000000900000014000300766c616e30000000000000000000000008002c00ff030000"], 0x1c0}, 0x1, 0xba01}, 0x20048050) sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, 0x0, 0x8000) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r6, &(0x7f0000000140)={0x0, 0x4f, &(0x7f00000002c0)={&(0x7f0000001400)=ANY=[@ANYRES32=r5, @ANYRES64=r5, @ANYRES16=r4], 0x28}, 0x1, 0x0, 0x0, 0x44844}, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r7, 0x29, 0x37, &(0x7f0000001200)=ANY=[@ANYBLOB="0005000000000000050207010104000000000708000000010006060004f84b0af1b614660109c20402000000c910fec00000000000000000d2422006684d4396cac30c9e6546318d147e31d4408f4f977587c7db2e20d02a9aebd4be8cd97d33e77de7424d58644a0335301b3c75a0792acb94f502e5f000aace8a87af6c75442b7a7a12969566b2f9bfbd62e325633de00eb4fa0361edaf"], 0x38) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000000)) r8 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r8, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="020300030c000000ff0e0000000000000200090040000000700000000000000003000600000000000200002000000000000000000000000002000100000004d300000502000000e0030005003c00000002"], 0x60}, 0x1, 0x7}, 0x0) 951.02526ms ago: executing program 3 (id=3099): socket$nl_xfrm(0x10, 0x3, 0x6) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0) splice(r0, 0x0, r4, 0x0, 0x80, 0x4) read(r0, &(0x7f0000000240)=""/233, 0xe9) write(r2, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_type(r5, &(0x7f0000000140), 0x2, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x8004) sendfile(r1, r6, 0x0, 0x6) connect$inet6(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r7 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1000}, 0x4) syz_emit_ethernet(0x4e, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd60ecff8000181100fc000000000000000000000000000000ff02000000000000000000000000000100004e22"], 0x0) r8 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r8, 0x107, 0x12, &(0x7f0000000040)={0x3, 0x1000}, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r10 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r10, 0x8914, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) close(0x4) 727.995667ms ago: executing program 0 (id=3100): socket$inet_sctp(0x2, 0x5, 0x84) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0xa) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@gettfilter={0x2c, 0x2e, 0x1, 0x70bd26, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0xfff1}, {0xfff3, 0x9}, {0xc, 0x8}}, [{0x8, 0xb, 0xfffffffb}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20048850) 727.38814ms ago: executing program 4 (id=3013): r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x400, 0x0, 0x150, 0x150, 0x0, 0xf8010000, 0x330, 0x238, 0x238, 0x330, 0x238, 0x3, 0x0, {[{{@ipv6={@mcast1, @empty, [], [], 'veth0_to_team\x00', 'macvlan1\x00', {}, {}, 0x84}, 0x0, 0x218, 0x260, 0x0, {0x6000000}, [@common=@eui64={{0x28}}, @common=@inet=@sctp={{0x148}, {[0x4e21], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', {0x4000000000000000}}}}, {{@ipv6={@empty, @mcast1, [], [], 'batadv_slave_0\x00', 'gre0\x00'}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x460) 727.020314ms ago: executing program 1 (id=3101): socket(0x2, 0x80805, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.time\x00', 0x26e1, 0x0) close(r0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) ioctl$SIOCSIFHWADDR(r0, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"}) 511.90129ms ago: executing program 4 (id=3103): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x2844, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r1, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100280000000000000004000000200001800d0001007564703a73797a32"], 0x34}, 0x1, 0xffffff7f00000000}, 0x4040) 330.307429ms ago: executing program 1 (id=3104): ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', 0x0}) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 295.904767ms ago: executing program 0 (id=3105): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="020300030c000000ff0e0000000000000200090040000000700000000000000002000600000000000a"], 0x60}, 0x1, 0x7}, 0x0) 87.590854ms ago: executing program 4 (id=3106): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x398, 0x0, 0xa, 0x148, 0x0, 0x10, 0x300, 0x2a8, 0x2a8, 0x300, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xb0, 0x0, {0x200003ae, 0x7f00}}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x1, 0x1, {0xc9e5}}}}, {{@uncond, 0x0, 0x1f0, 0x250, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'wg2\x00', {0xffffffffffffffff, 0xff, 0x88, 0x0, 0x0, 0x7fff, 0x200}}}, @inet=@rpfilter={{0x28}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x3, [0x2, 0x2, 0x6, 0x0, 0x3, 0x1], 0x3, 0x3}, {0x2, [0x0, 0x8, 0x1, 0x5, 0x7, 0x7], 0x2, 0x5}}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x3f8) 86.336595ms ago: executing program 1 (id=3107): r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0x5}, 0x20) syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60f91e2e00107300fc0400000097ffffffffffffff000000ff02000000000000000000000000000100000000ff"], 0x0) 63.036285ms ago: executing program 0 (id=3108): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) unshare(0x6a040000) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x9, 0xffffffff, 0x4e, 0x567}, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000003680)=ANY=[@ANYBLOB="1c00000002faa5e34ec132ef01800000000020000000000000000000"], 0x1c}}, 0x0) unshare(0x44000000) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r4) r5 = socket$key(0xf, 0x3, 0x2) socket$igmp6(0xa, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000b00)=ANY=[@ANYBLOB="020300000b0000000000000000000000030006000000000002000000e000000100000000000000000200010000001c000000fb18000000000300050000000000020000007f0000010000000000000000010018"], 0x58}, 0x1, 0x7}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x0, 0x4}, 0x28) r6 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x7, &(0x7f00000001c0)=ANY=[@ANYRESDEC=r4, @ANYRES32, @ANYRESOCT=r2], &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r6, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000140), 0x10}, 0x94) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f0000000080)={0xa, 0x2, 0x4, @loopback, 0x7f}, 0x1c) sendto$inet6(r7, 0x0, 0x0, 0x20000045, &(0x7f0000000100)={0xa, 0x4e21, 0xfffa, @empty, 0x3}, 0x1c) r8 = socket$inet6_udp(0xa, 0x2, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x300000a, 0x12, r8, 0x852ac000) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4c000000e705010400000000000000000500ffff240031457a4b5bca830d9cfa499acb542407801800018014000240fe8000000000000000000000000000aa08000a40000000020900020073797a31000000000500010007000000"], 0x4c}}, 0x4000080) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000020000000a3c000000120a01010000000000000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000002"], 0x64}, 0x1, 0x0, 0x0, 0x800}, 0x0) 0s ago: executing program 1 (id=3109): r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$inet_buf(r1, 0x0, 0x29, &(0x7f00000000c0)="bcfe489a37fd781a301b912268582860", 0x10) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x8, 0x3, 0x320, 0x130, 0xffffffff, 0xffffffff, 0x130, 0xffffffff, 0x250, 0xffffffff, 0xffffffff, 0x250, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x100, 0x130, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@hashlimit1={{0x58}, {'\x00', {0x10, 0x9, 0xac, 0xfffffffa, 0x3, 0x7, 0x1, 0x80, 0x40}, {0x3}}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0xb2, 0x7000000, 0x8000}}}, {{@ipv6={@remote, @private2, [0xffffffff, 0xffffffff, 0x0, 0xffffff00], [0xffffff00, 0xffffff00, 0xffffffff, 0xff000000], 'team_slave_0\x00', 'ip6_vti0\x00', {}, {0xff}, 0x2b, 0x2, 0x5, 0x5}, 0x0, 0x100, 0x120, 0x0, {}, [@common=@srh={{0x30}, {0x2, 0xb7, 0x4, 0xe8, 0x6, 0x1268, 0xb2a}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380) r3 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r3, &(0x7f0000001840)={0x0, 0x0, 0x0, 0x0, &(0x7f00000017c0)=[@assoc={0x18, 0x117, 0x4, 0x80}], 0x18}, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000000)='kfree\x00', r4}, 0x10) ppoll(&(0x7f0000000000)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x51, &(0x7f0000000040), &(0x7f0000000080)={[0xfffffffffffffffb]}, 0x8) sendmmsg$alg(r3, &(0x7f0000000180)=[{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000001640)="553e12df315719c9cddfbe1f0377431d49d6fc51d5b185", 0x17}, {&(0x7f0000001680)="33caaff65bbb49384ba3fa03220c730c8531786e424bfa1ee6d344e5ca70fa4e68f9ad2bd7a154c3da71f3d9548c", 0x2e}, {&(0x7f0000001700)="7082b8d45f4cc86d0267eabd24340e1911fe3ceeb757ca4a090897a00b8d106a8ceb5beaa118a5652769ec67e809e68ca18f0241349d", 0x36}, {&(0x7f0000001880)="371f6caa2f6c27730337ec033b032851897cee7054e7e1e0702321a402356d2f7728fc212abddf577e94277f3d9ceea00b26d2cd0d", 0x35}], 0x4}], 0x1, 0x840) recvmmsg(r3, &(0x7f00000019c0)=[{{0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f0000007500)=""/159, 0x9f}, {&(0x7f0000005100)=""/229, 0xe5}], 0x2}, 0x4}], 0x1, 0x1, 0x0) kernel console output (not intermixed with test programs): e5fe5fa0 R15: 00007ffc502e6108 [ 287.407036][T13847] [ 288.016807][T13874] FAULT_INJECTION: forcing a failure. [ 288.016807][T13874] name failslab, interval 1, probability 0, space 0, times 0 [ 288.030101][T13874] CPU: 0 UID: 0 PID: 13874 Comm: syz.4.2317 Not tainted syzkaller #0 PREEMPT(full) [ 288.030123][T13874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 288.030133][T13874] Call Trace: [ 288.030141][T13874] [ 288.030148][T13874] dump_stack_lvl+0x189/0x250 [ 288.030175][T13874] ? __pfx____ratelimit+0x10/0x10 [ 288.030195][T13874] ? __pfx_dump_stack_lvl+0x10/0x10 [ 288.030217][T13874] ? __pfx__printk+0x10/0x10 [ 288.030248][T13874] should_fail_ex+0x414/0x560 [ 288.030277][T13874] should_failslab+0xa8/0x100 [ 288.030295][T13874] __kmalloc_cache_noprof+0x6f/0x6f0 [ 288.030318][T13874] ? __sctp_v6_cmp_addr+0x1dc/0x510 [ 288.030335][T13874] ? sctp_v6_cmp_addr+0x15/0xd0 [ 288.030352][T13874] ? sctp_add_bind_addr+0x8c/0x370 [ 288.030377][T13874] sctp_add_bind_addr+0x8c/0x370 [ 288.030402][T13874] sctp_copy_local_addr_list+0x30b/0x4e0 [ 288.030426][T13874] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 288.030446][T13874] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 288.030469][T13874] ? sctp_v6_is_any+0x64/0x80 [ 288.030490][T13874] ? sctp_copy_one_addr+0x93/0x360 [ 288.030514][T13874] sctp_bind_addr_copy+0xb3/0x3c0 [ 288.030536][T13874] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 288.030558][T13874] sctp_connect_new_asoc+0x2e0/0x690 [ 288.030585][T13874] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 288.030605][T13874] ? __local_bh_enable_ip+0x12d/0x1c0 [ 288.030631][T13874] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 288.030649][T13874] ? security_sctp_bind_connect+0x7e/0x2e0 [ 288.030672][T13874] sctp_sendmsg+0x155c/0x2810 [ 288.030706][T13874] ? __pfx_sctp_sendmsg+0x10/0x10 [ 288.030732][T13874] ? aa_sk_perm+0x81e/0x950 [ 288.030760][T13874] ? __pfx_aa_sk_perm+0x10/0x10 [ 288.030786][T13874] ? sock_rps_record_flow+0x19/0x410 [ 288.030810][T13874] ? inet_sendmsg+0x2f4/0x370 [ 288.030843][T13874] __sock_sendmsg+0x19c/0x270 [ 288.030872][T13874] __sys_sendto+0x3bd/0x520 [ 288.030894][T13874] ? __pfx___sys_sendto+0x10/0x10 [ 288.030909][T13874] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 288.030946][T13874] ? __fget_files+0x3a0/0x420 [ 288.030973][T13874] ? ksys_write+0x22a/0x250 [ 288.030997][T13874] ? __pfx_ksys_write+0x10/0x10 [ 288.031022][T13874] __x64_sys_sendto+0xde/0x100 [ 288.031043][T13874] do_syscall_64+0xfa/0xfa0 [ 288.031062][T13874] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.031083][T13874] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.031099][T13874] ? clear_bhb_loop+0x60/0xb0 [ 288.031120][T13874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.031137][T13874] RIP: 0033:0x7f899018f749 [ 288.031153][T13874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 288.031168][T13874] RSP: 002b:00007f8990f91038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 288.031188][T13874] RAX: ffffffffffffffda RBX: 00007f89903e5fa0 RCX: 00007f899018f749 [ 288.031201][T13874] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 288.031211][T13874] RBP: 00007f8990f91090 R08: 0000200000000080 R09: 000000000000001c [ 288.031223][T13874] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002 [ 288.031233][T13874] R13: 00007f89903e6038 R14: 00007f89903e5fa0 R15: 00007ffe364cf5e8 [ 288.031266][T13874] [ 288.091799][T13877] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2318'. [ 288.252358][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 288.594058][T13889] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2322'. [ 288.709568][T13896] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2323'. [ 288.944628][T13907] FAULT_INJECTION: forcing a failure. [ 288.944628][T13907] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 288.995702][T13907] CPU: 1 UID: 0 PID: 13907 Comm: syz.4.2329 Not tainted syzkaller #0 PREEMPT(full) [ 288.995725][T13907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 288.995735][T13907] Call Trace: [ 288.995742][T13907] [ 288.995750][T13907] dump_stack_lvl+0x189/0x250 [ 288.995776][T13907] ? __pfx____ratelimit+0x10/0x10 [ 288.995796][T13907] ? __pfx_dump_stack_lvl+0x10/0x10 [ 288.995818][T13907] ? __pfx__printk+0x10/0x10 [ 288.995835][T13907] ? __might_fault+0xb0/0x130 [ 288.995867][T13907] should_fail_ex+0x414/0x560 [ 288.995897][T13907] _copy_from_user+0x2d/0xb0 [ 288.995919][T13907] ___sys_recvmsg+0x12e/0x510 [ 288.995946][T13907] ? __pfx____sys_recvmsg+0x10/0x10 [ 288.996003][T13907] ? __might_fault+0xb0/0x130 [ 288.996029][T13907] do_recvmmsg+0x307/0x770 [ 288.996059][T13907] ? __pfx_do_recvmmsg+0x10/0x10 [ 288.996089][T13907] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 288.996129][T13907] __x64_sys_recvmmsg+0x190/0x240 [ 288.996154][T13907] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 288.996180][T13907] ? do_syscall_64+0xbe/0xfa0 [ 288.996205][T13907] do_syscall_64+0xfa/0xfa0 [ 288.996225][T13907] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.996246][T13907] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.996262][T13907] ? clear_bhb_loop+0x60/0xb0 [ 288.996283][T13907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.996300][T13907] RIP: 0033:0x7f899018f749 [ 288.996314][T13907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 288.996329][T13907] RSP: 002b:00007f8990f91038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 288.996348][T13907] RAX: ffffffffffffffda RBX: 00007f89903e5fa0 RCX: 00007f899018f749 [ 288.996361][T13907] RDX: 040000000000049e RSI: 0000200000000300 RDI: 0000000000000003 [ 288.996372][T13907] RBP: 00007f8990f91090 R08: 0000000000000000 R09: 0000000000000000 [ 288.996383][T13907] R10: 00001000000000fe R11: 0000000000000246 R12: 0000000000000002 [ 288.996393][T13907] R13: 00007f89903e6038 R14: 00007f89903e5fa0 R15: 00007ffe364cf5e8 [ 288.996424][T13907] [ 289.282082][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 289.296058][T13913] tipc: New replicast peer: 255.255.255.255 [ 289.326856][T13913] tipc: Enabled bearer , priority 10 [ 289.347091][T13913] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2331'. [ 289.733880][T13942] siw: device registration error -23 [ 289.755159][T13941] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2337'. [ 289.782887][T13938] FAULT_INJECTION: forcing a failure. [ 289.782887][T13938] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 289.827141][T13938] CPU: 1 UID: 0 PID: 13938 Comm: syz.3.2338 Not tainted syzkaller #0 PREEMPT(full) [ 289.827165][T13938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 289.827175][T13938] Call Trace: [ 289.827183][T13938] [ 289.827190][T13938] dump_stack_lvl+0x189/0x250 [ 289.827218][T13938] ? __pfx____ratelimit+0x10/0x10 [ 289.827240][T13938] ? __pfx_dump_stack_lvl+0x10/0x10 [ 289.827262][T13938] ? __pfx__printk+0x10/0x10 [ 289.827284][T13938] ? fs_reclaim_acquire+0x7d/0x100 [ 289.827311][T13938] should_fail_ex+0x414/0x560 [ 289.827342][T13938] prepare_alloc_pages+0x213/0x610 [ 289.827368][T13938] __alloc_frozen_pages_noprof+0x123/0x370 [ 289.827391][T13938] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 289.827417][T13938] ? policy_nodemask+0x27c/0x720 [ 289.827441][T13938] alloc_pages_mpol+0x232/0x4a0 [ 289.827466][T13938] folio_alloc_mpol_noprof+0x39/0x70 [ 289.827486][T13938] shmem_alloc_and_add_folio+0x423/0xf40 [ 289.827516][T13938] ? filemap_get_entry+0xad/0x2f0 [ 289.827531][T13938] ? filemap_get_entry+0xad/0x2f0 [ 289.827548][T13938] ? filemap_get_entry+0x28f/0x2f0 [ 289.827568][T13938] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 289.827607][T13938] shmem_get_folio_gfp+0x59d/0x1660 [ 289.827650][T13938] shmem_fallocate+0x80f/0xde0 [ 289.827704][T13938] ? __pfx_shmem_fallocate+0x10/0x10 [ 289.827735][T13938] ? rcu_read_lock_any_held+0xb3/0x120 [ 289.827757][T13938] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 289.827794][T13938] vfs_fallocate+0x669/0x7e0 [ 289.827826][T13938] ? __pfx_vfs_fallocate+0x10/0x10 [ 289.827862][T13938] file_ioctl+0x611/0x780 [ 289.827886][T13938] ? __pfx_file_ioctl+0x10/0x10 [ 289.827938][T13938] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 289.827966][T13938] do_vfs_ioctl+0xb33/0x1430 [ 289.827990][T13938] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 289.828014][T13938] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 289.828078][T13938] ? __fget_files+0x2a/0x420 [ 289.828100][T13938] ? __fget_files+0x3a0/0x420 [ 289.828116][T13938] ? __fget_files+0x2a/0x420 [ 289.828137][T13938] ? bpf_lsm_file_ioctl+0x9/0x20 [ 289.828160][T13938] __se_sys_ioctl+0x82/0x170 [ 289.828185][T13938] do_syscall_64+0xfa/0xfa0 [ 289.828206][T13938] ? lockdep_hardirqs_on+0x9c/0x150 [ 289.828227][T13938] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.828245][T13938] ? clear_bhb_loop+0x60/0xb0 [ 289.828267][T13938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.828284][T13938] RIP: 0033:0x7fe4e5d8f749 [ 289.828300][T13938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 289.828315][T13938] RSP: 002b:00007fe4e6d07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 289.828335][T13938] RAX: ffffffffffffffda RBX: 00007fe4e5fe5fa0 RCX: 00007fe4e5d8f749 [ 289.828348][T13938] RDX: 0000200000000080 RSI: 0000000040305828 RDI: 0000000000000006 [ 289.828361][T13938] RBP: 00007fe4e6d07090 R08: 0000000000000000 R09: 0000000000000000 [ 289.828372][T13938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 289.828383][T13938] R13: 00007fe4e5fe6038 R14: 00007fe4e5fe5fa0 R15: 00007ffc502e6108 [ 289.828416][T13938] [ 290.322230][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 290.343067][ T6702] tipc: Node number set to 2234688979 [ 290.410092][T13957] netlink: 160 bytes leftover after parsing attributes in process `syz.4.2343'. [ 290.452925][T13960] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2344'. [ 290.781954][T13974] xt_TPROXY: Can be used only with -p tcp or -p udp [ 290.993417][T13988] FAULT_INJECTION: forcing a failure. [ 290.993417][T13988] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 291.006927][T13988] CPU: 1 UID: 0 PID: 13988 Comm: syz.0.2356 Not tainted syzkaller #0 PREEMPT(full) [ 291.006950][T13988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 291.006961][T13988] Call Trace: [ 291.006968][T13988] [ 291.006976][T13988] dump_stack_lvl+0x189/0x250 [ 291.007002][T13988] ? __pfx____ratelimit+0x10/0x10 [ 291.007024][T13988] ? __pfx_dump_stack_lvl+0x10/0x10 [ 291.007046][T13988] ? __pfx__printk+0x10/0x10 [ 291.007065][T13988] ? __might_fault+0xb0/0x130 [ 291.007099][T13988] should_fail_ex+0x414/0x560 [ 291.007128][T13988] _copy_from_user+0x2d/0xb0 [ 291.007150][T13988] ___sys_recvmsg+0x12e/0x510 [ 291.007178][T13988] ? __pfx____sys_recvmsg+0x10/0x10 [ 291.007232][T13988] ? __might_fault+0xb0/0x130 [ 291.007259][T13988] do_recvmmsg+0x307/0x770 [ 291.007289][T13988] ? __pfx_do_recvmmsg+0x10/0x10 [ 291.007324][T13988] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 291.007365][T13988] __x64_sys_recvmmsg+0x190/0x240 [ 291.007390][T13988] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 291.007416][T13988] ? do_syscall_64+0xbe/0xfa0 [ 291.007441][T13988] do_syscall_64+0xfa/0xfa0 [ 291.007460][T13988] ? lockdep_hardirqs_on+0x9c/0x150 [ 291.007481][T13988] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.007498][T13988] ? clear_bhb_loop+0x60/0xb0 [ 291.007519][T13988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.007535][T13988] RIP: 0033:0x7fba5878f749 [ 291.007551][T13988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.007566][T13988] RSP: 002b:00007fba596ba038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 291.007591][T13988] RAX: ffffffffffffffda RBX: 00007fba589e5fa0 RCX: 00007fba5878f749 [ 291.007604][T13988] RDX: 040000000000049e RSI: 0000200000000300 RDI: 0000000000000003 [ 291.007616][T13988] RBP: 00007fba596ba090 R08: 0000000000000000 R09: 0000000000000000 [ 291.007627][T13988] R10: 00001000000000fe R11: 0000000000000246 R12: 0000000000000002 [ 291.007638][T13988] R13: 00007fba589e6038 R14: 00007fba589e5fa0 R15: 00007fff1ce1b0f8 [ 291.007670][T13988] [ 291.355675][T13997] tipc: Enabling of bearer rejected, already enabled [ 291.363630][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 291.407469][T13997] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2361'. [ 291.618177][T14012] syzkaller0: entered promiscuous mode [ 291.626516][T14012] syzkaller0: entered allmulticast mode [ 291.981568][T14032] netlink: 416 bytes leftover after parsing attributes in process `syz.2.2372'. [ 292.057215][T14034] tipc: Enabled bearer , priority 0 [ 292.076227][T14033] tipc: Disabling bearer [ 292.319590][T14043] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2377'. [ 292.402271][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 293.116459][T14066] siw: device registration error -23 [ 293.158303][T14071] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2377'. [ 293.201585][T14075] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2380'. [ 293.452242][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 293.698000][T14087] netlink: 'syz.3.2391': attribute type 12 has an invalid length. [ 293.780321][T14090] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2387'. [ 293.800580][T14090] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2387'. [ 294.153562][T14109] netlink: 'syz.3.2401': attribute type 11 has an invalid length. [ 294.343939][T14123] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2404'. [ 294.482146][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 294.753190][T14142] set match dimension is over the limit! [ 294.781385][T14146] FAULT_INJECTION: forcing a failure. [ 294.781385][T14146] name failslab, interval 1, probability 0, space 0, times 0 [ 294.796024][T14146] CPU: 1 UID: 0 PID: 14146 Comm: syz.0.2411 Not tainted syzkaller #0 PREEMPT(full) [ 294.796048][T14146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 294.796059][T14146] Call Trace: [ 294.796066][T14146] [ 294.796074][T14146] dump_stack_lvl+0x189/0x250 [ 294.796102][T14146] ? __pfx____ratelimit+0x10/0x10 [ 294.796124][T14146] ? __pfx_dump_stack_lvl+0x10/0x10 [ 294.796146][T14146] ? __pfx__printk+0x10/0x10 [ 294.796181][T14146] should_fail_ex+0x414/0x560 [ 294.796212][T14146] should_failslab+0xa8/0x100 [ 294.796232][T14146] __kmalloc_cache_noprof+0x6f/0x6f0 [ 294.796255][T14146] ? __sctp_v6_cmp_addr+0x1dc/0x510 [ 294.796275][T14146] ? sctp_v6_cmp_addr+0x15/0xd0 [ 294.796293][T14146] ? sctp_add_bind_addr+0x8c/0x370 [ 294.796310][T14146] ? sctp_add_bind_addr+0xb0/0x370 [ 294.796335][T14146] sctp_add_bind_addr+0x8c/0x370 [ 294.796360][T14146] sctp_copy_local_addr_list+0x30b/0x4e0 [ 294.796384][T14146] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 294.796404][T14146] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 294.796426][T14146] ? sctp_v6_is_any+0x64/0x80 [ 294.796448][T14146] ? sctp_copy_one_addr+0x93/0x360 [ 294.796472][T14146] sctp_bind_addr_copy+0xb3/0x3c0 [ 294.796493][T14146] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 294.796515][T14146] sctp_connect_new_asoc+0x2e0/0x690 [ 294.796548][T14146] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 294.796569][T14146] ? __local_bh_enable_ip+0x12d/0x1c0 [ 294.796597][T14146] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 294.796615][T14146] ? security_sctp_bind_connect+0x7e/0x2e0 [ 294.796640][T14146] sctp_sendmsg+0x155c/0x2810 [ 294.796676][T14146] ? __pfx_sctp_sendmsg+0x10/0x10 [ 294.796703][T14146] ? aa_sk_perm+0x81e/0x950 [ 294.796733][T14146] ? __pfx_aa_sk_perm+0x10/0x10 [ 294.796759][T14146] ? sock_rps_record_flow+0x19/0x410 [ 294.796783][T14146] ? inet_sendmsg+0x2f4/0x370 [ 294.796810][T14146] __sock_sendmsg+0x19c/0x270 [ 294.796838][T14146] __sys_sendto+0x3bd/0x520 [ 294.796861][T14146] ? __pfx___sys_sendto+0x10/0x10 [ 294.796877][T14146] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 294.796915][T14146] ? __fget_files+0x3a0/0x420 [ 294.796944][T14146] ? ksys_write+0x22a/0x250 [ 294.796970][T14146] ? __pfx_ksys_write+0x10/0x10 [ 294.796998][T14146] __x64_sys_sendto+0xde/0x100 [ 294.797025][T14146] do_syscall_64+0xfa/0xfa0 [ 294.797045][T14146] ? lockdep_hardirqs_on+0x9c/0x150 [ 294.797067][T14146] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.797084][T14146] ? clear_bhb_loop+0x60/0xb0 [ 294.797105][T14146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.797122][T14146] RIP: 0033:0x7fba5878f749 [ 294.797138][T14146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 294.797154][T14146] RSP: 002b:00007fba596ba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 294.797173][T14146] RAX: ffffffffffffffda RBX: 00007fba589e5fa0 RCX: 00007fba5878f749 [ 294.797186][T14146] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 294.797198][T14146] RBP: 00007fba596ba090 R08: 0000200000000080 R09: 000000000000001c [ 294.797210][T14146] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002 [ 294.797221][T14146] R13: 00007fba589e6038 R14: 00007fba589e5fa0 R15: 00007fff1ce1b0f8 [ 294.797254][T14146] [ 294.804696][T14147] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2412'. [ 294.879785][T14143] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2408'. [ 295.168887][ T3441] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 295.189425][ T3441] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 295.233787][ T3441] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 295.266793][ T3441] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 295.532073][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 295.959540][T14187] netlink: 'syz.4.2427': attribute type 1 has an invalid length. [ 296.419344][T14217] FAULT_INJECTION: forcing a failure. [ 296.419344][T14217] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 296.434198][T14217] CPU: 1 UID: 0 PID: 14217 Comm: syz.1.2438 Not tainted syzkaller #0 PREEMPT(full) [ 296.434222][T14217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 296.434232][T14217] Call Trace: [ 296.434240][T14217] [ 296.434247][T14217] dump_stack_lvl+0x189/0x250 [ 296.434274][T14217] ? __pfx____ratelimit+0x10/0x10 [ 296.434295][T14217] ? __pfx_dump_stack_lvl+0x10/0x10 [ 296.434317][T14217] ? __pfx__printk+0x10/0x10 [ 296.434349][T14217] should_fail_ex+0x414/0x560 [ 296.434379][T14217] _copy_to_user+0x31/0xb0 [ 296.434410][T14217] do_bnep_sock_ioctl+0x4c5/0x640 [ 296.434427][T14217] ? kasan_quarantine_put+0xdd/0x220 [ 296.434453][T14217] ? __pfx_do_bnep_sock_ioctl+0x10/0x10 [ 296.434477][T14217] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 296.434506][T14217] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 296.434538][T14217] sock_do_ioctl+0xdc/0x300 [ 296.434566][T14217] ? __pfx_sock_do_ioctl+0x10/0x10 [ 296.434606][T14217] sock_ioctl+0x576/0x790 [ 296.434632][T14217] ? __pfx_sock_ioctl+0x10/0x10 [ 296.434659][T14217] ? __fget_files+0x3a0/0x420 [ 296.434676][T14217] ? __fget_files+0x2a/0x420 [ 296.434696][T14217] ? bpf_lsm_file_ioctl+0x9/0x20 [ 296.434716][T14217] ? __pfx_sock_ioctl+0x10/0x10 [ 296.434738][T14217] __se_sys_ioctl+0xfc/0x170 [ 296.434763][T14217] do_syscall_64+0xfa/0xfa0 [ 296.434783][T14217] ? lockdep_hardirqs_on+0x9c/0x150 [ 296.434806][T14217] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.434823][T14217] ? clear_bhb_loop+0x60/0xb0 [ 296.434845][T14217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.434861][T14217] RIP: 0033:0x7fa1afb8f749 [ 296.434877][T14217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 296.434892][T14217] RSP: 002b:00007fa1b0a70038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 296.434912][T14217] RAX: ffffffffffffffda RBX: 00007fa1afde5fa0 RCX: 00007fa1afb8f749 [ 296.434925][T14217] RDX: 00002000000000c0 RSI: 00000000800442d2 RDI: 0000000000000005 [ 296.434938][T14217] RBP: 00007fa1b0a70090 R08: 0000000000000000 R09: 0000000000000000 [ 296.434949][T14217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 296.434964][T14217] R13: 00007fa1afde6038 R14: 00007fa1afde5fa0 R15: 00007fff790e11e8 [ 296.434996][T14217] [ 296.592107][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 296.814788][T14227] FAULT_INJECTION: forcing a failure. [ 296.814788][T14227] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 296.858346][T14227] CPU: 1 UID: 0 PID: 14227 Comm: syz.2.2441 Not tainted syzkaller #0 PREEMPT(full) [ 296.858370][T14227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 296.858389][T14227] Call Trace: [ 296.858396][T14227] [ 296.858403][T14227] dump_stack_lvl+0x189/0x250 [ 296.858429][T14227] ? __pfx____ratelimit+0x10/0x10 [ 296.858451][T14227] ? __pfx_dump_stack_lvl+0x10/0x10 [ 296.858472][T14227] ? __pfx__printk+0x10/0x10 [ 296.858504][T14227] should_fail_ex+0x414/0x560 [ 296.858533][T14227] _copy_to_user+0x31/0xb0 [ 296.858555][T14227] finalize_log+0xe1/0x160 [ 296.858574][T14227] ? __pfx_finalize_log+0x10/0x10 [ 296.858587][T14227] ? btf_check_type_tags+0x679/0x680 [ 296.858610][T14227] btf_new_fd+0x6ff/0xc90 [ 296.858627][T14227] ? apparmor_capable+0x137/0x1b0 [ 296.858654][T14227] ? __pfx_btf_new_fd+0x10/0x10 [ 296.858672][T14227] ? bpf_token_put+0x143/0x160 [ 296.858692][T14227] ? bpf_btf_load+0x126/0x190 [ 296.858713][T14227] __sys_bpf+0x3ed/0x860 [ 296.858732][T14227] ? __pfx___sys_bpf+0x10/0x10 [ 296.858764][T14227] ? ksys_write+0x22a/0x250 [ 296.858790][T14227] ? __pfx_ksys_write+0x10/0x10 [ 296.858819][T14227] __x64_sys_bpf+0x7c/0x90 [ 296.858843][T14227] do_syscall_64+0xfa/0xfa0 [ 296.858863][T14227] ? lockdep_hardirqs_on+0x9c/0x150 [ 296.858883][T14227] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.858900][T14227] ? clear_bhb_loop+0x60/0xb0 [ 296.858921][T14227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.858938][T14227] RIP: 0033:0x7f0bc0b8f749 [ 296.858954][T14227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 296.858968][T14227] RSP: 002b:00007f0bc1b10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 296.858987][T14227] RAX: ffffffffffffffda RBX: 00007f0bc0de5fa0 RCX: 00007f0bc0b8f749 [ 296.858999][T14227] RDX: 0000000000000020 RSI: 0000200000000280 RDI: 0000000000000012 [ 296.859009][T14227] RBP: 00007f0bc1b10090 R08: 0000000000000000 R09: 0000000000000000 [ 296.859020][T14227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 296.859030][T14227] R13: 00007f0bc0de6038 R14: 00007f0bc0de5fa0 R15: 00007ffd9c53e308 [ 296.859060][T14227] [ 297.329010][T14239] __nla_validate_parse: 7 callbacks suppressed [ 297.329027][T14239] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2447'. [ 297.476613][T14247] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2449'. [ 297.602073][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 297.765965][T14257] FAULT_INJECTION: forcing a failure. [ 297.765965][T14257] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 297.784800][T14257] CPU: 1 UID: 0 PID: 14257 Comm: syz.1.2451 Not tainted syzkaller #0 PREEMPT(full) [ 297.784823][T14257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 297.784834][T14257] Call Trace: [ 297.784841][T14257] [ 297.784848][T14257] dump_stack_lvl+0x189/0x250 [ 297.784876][T14257] ? __pfx____ratelimit+0x10/0x10 [ 297.784897][T14257] ? __pfx_dump_stack_lvl+0x10/0x10 [ 297.784920][T14257] ? __pfx__printk+0x10/0x10 [ 297.784939][T14257] ? __might_fault+0xb0/0x130 [ 297.784973][T14257] should_fail_ex+0x414/0x560 [ 297.785003][T14257] _copy_from_user+0x2d/0xb0 [ 297.785025][T14257] kstrtouint_from_user+0xc4/0x170 [ 297.785047][T14257] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 297.785091][T14257] proc_fail_nth_write+0x88/0x200 [ 297.785113][T14257] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 297.785141][T14257] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 297.785163][T14257] vfs_write+0x27e/0xb30 [ 297.785196][T14257] ? __pfx_vfs_write+0x10/0x10 [ 297.785220][T14257] ? __fget_files+0x2a/0x420 [ 297.785243][T14257] ? __fget_files+0x3a0/0x420 [ 297.785258][T14257] ? __fget_files+0x2a/0x420 [ 297.785285][T14257] ksys_write+0x145/0x250 [ 297.785310][T14257] ? __pfx_ksys_write+0x10/0x10 [ 297.785336][T14257] ? do_syscall_64+0xbe/0xfa0 [ 297.785362][T14257] do_syscall_64+0xfa/0xfa0 [ 297.785383][T14257] ? lockdep_hardirqs_on+0x9c/0x150 [ 297.785404][T14257] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.785421][T14257] ? clear_bhb_loop+0x60/0xb0 [ 297.785442][T14257] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.785458][T14257] RIP: 0033:0x7fa1afb8e1ff [ 297.785473][T14257] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 297.785489][T14257] RSP: 002b:00007fa1b0a2e030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 297.785508][T14257] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa1afb8e1ff [ 297.785521][T14257] RDX: 0000000000000001 RSI: 00007fa1b0a2e0a0 RDI: 0000000000000007 [ 297.785532][T14257] RBP: 00007fa1b0a2e090 R08: 0000000000000000 R09: 0000000000000000 [ 297.785544][T14257] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 297.785555][T14257] R13: 00007fa1afde6218 R14: 00007fa1afde6180 R15: 00007fff790e11e8 [ 297.785589][T14257] [ 298.186052][T14260] xt_CT: No such helper "netbios-ns" [ 298.210921][T14264] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2453'. [ 298.340153][T14272] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2456'. [ 298.643483][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 299.602317][T14289] tipc: Enabled bearer , priority 0 [ 299.642312][T14290] syzkaller0: entered promiscuous mode [ 299.653017][T14290] syzkaller0: entered allmulticast mode [ 299.682145][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 299.695445][T14301] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2460'. [ 299.797825][T14303] netlink: 'syz.4.2461': attribute type 10 has an invalid length. [ 299.816110][T14294] tipc: Resetting bearer [ 299.837907][T14294] tipc: Disabling bearer [ 299.968935][T14321] tipc: Enabling of bearer rejected, failed to enable media [ 300.040762][T14324] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2465'. [ 300.052369][T14324] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2465'. [ 300.235284][T14333] syzkaller0: entered promiscuous mode [ 300.241198][T14333] syzkaller0: entered allmulticast mode [ 300.308841][T14335] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2471'. [ 300.321526][T14335] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2471'. [ 300.627645][T14350] lo speed is unknown, defaulting to 1000 [ 300.722078][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 301.014999][T14369] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2479'. [ 301.293455][T14388] set match dimension is over the limit! [ 301.326222][T14390] netlink: 'syz.4.2485': attribute type 1 has an invalid length. [ 301.527246][T14396] tipc: Enabled bearer , priority 0 [ 301.543577][T14396] syzkaller0: entered promiscuous mode [ 301.556565][T14396] syzkaller0: entered allmulticast mode [ 301.616730][T14396] tipc: Resetting bearer [ 301.645552][T14395] tipc: Resetting bearer [ 301.733185][T14395] tipc: Disabling bearer [ 301.762071][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 302.027176][T14413] netlink: 'syz.0.2492': attribute type 6 has an invalid length. [ 302.508811][T14429] lo speed is unknown, defaulting to 1000 [ 302.580807][T14434] syzkaller0: entered promiscuous mode [ 302.594072][T14434] syzkaller0: entered allmulticast mode [ 302.616158][ T30] audit: type=1800 audit(1764726116.505:4): pid=14410 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2491" name="cgroup.controllers" dev="tmpfs" ino=2558 res=0 errno=0 [ 302.699049][T14434] tipc: Enabling of bearer rejected, failed to enable media [ 302.802145][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 302.924012][T14440] __nla_validate_parse: 5 callbacks suppressed [ 302.924028][T14440] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2499'. [ 302.962182][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 302.978991][T14442] netlink: 168 bytes leftover after parsing attributes in process `syz.0.2499'. [ 303.400261][T14458] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2506'. [ 303.634135][T14458] syzkaller0: entered promiscuous mode [ 303.639631][T14458] syzkaller0: entered allmulticast mode [ 303.659144][ T5882] udevd[5882]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 303.842064][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 304.491777][T14491] xt_TPROXY: Can be used only with -p tcp or -p udp [ 304.758439][T14506] netlink: 416 bytes leftover after parsing attributes in process `syz.2.2518'. [ 304.821262][T14507] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2516'. [ 304.882750][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 305.916804][T14517] SET target dimension over the limit! [ 305.922386][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 305.976609][T14519] FAULT_INJECTION: forcing a failure. [ 305.976609][T14519] name failslab, interval 1, probability 0, space 0, times 0 [ 305.994776][T14519] CPU: 1 UID: 0 PID: 14519 Comm: syz.2.2523 Not tainted syzkaller #0 PREEMPT(full) [ 305.994798][T14519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 305.994810][T14519] Call Trace: [ 305.994817][T14519] [ 305.994826][T14519] dump_stack_lvl+0x189/0x250 [ 305.994852][T14519] ? __pfx____ratelimit+0x10/0x10 [ 305.994873][T14519] ? __pfx_dump_stack_lvl+0x10/0x10 [ 305.994894][T14519] ? __pfx__printk+0x10/0x10 [ 305.994918][T14519] ? __pfx___might_resched+0x10/0x10 [ 305.994936][T14519] ? fs_reclaim_acquire+0x7d/0x100 [ 305.994956][T14519] should_fail_ex+0x414/0x560 [ 305.994985][T14519] should_failslab+0xa8/0x100 [ 305.995005][T14519] kmem_cache_alloc_noprof+0x74/0x6e0 [ 305.995028][T14519] ? alloc_empty_file+0x55/0x1d0 [ 305.995052][T14519] alloc_empty_file+0x55/0x1d0 [ 305.995071][T14519] alloc_file_pseudo+0x13d/0x210 [ 305.995094][T14519] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 305.995127][T14519] anon_inode_getfd+0xca/0x1b0 [ 305.995151][T14519] btf_new_fd+0x9aa/0xc90 [ 305.995167][T14519] ? apparmor_capable+0x137/0x1b0 [ 305.995194][T14519] ? __pfx_btf_new_fd+0x10/0x10 [ 305.995212][T14519] ? bpf_token_put+0x143/0x160 [ 305.995233][T14519] ? bpf_btf_load+0x126/0x190 [ 305.995253][T14519] __sys_bpf+0x3ed/0x860 [ 305.995273][T14519] ? __pfx___sys_bpf+0x10/0x10 [ 305.995306][T14519] ? ksys_write+0x22a/0x250 [ 305.995331][T14519] ? __pfx_ksys_write+0x10/0x10 [ 305.995360][T14519] __x64_sys_bpf+0x7c/0x90 [ 305.995385][T14519] do_syscall_64+0xfa/0xfa0 [ 305.995405][T14519] ? lockdep_hardirqs_on+0x9c/0x150 [ 305.995434][T14519] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.995451][T14519] ? clear_bhb_loop+0x60/0xb0 [ 305.995472][T14519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.995488][T14519] RIP: 0033:0x7f0bc0b8f749 [ 305.995504][T14519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.995519][T14519] RSP: 002b:00007f0bc1b10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 305.995538][T14519] RAX: ffffffffffffffda RBX: 00007f0bc0de5fa0 RCX: 00007f0bc0b8f749 [ 305.995552][T14519] RDX: 0000000000000020 RSI: 0000200000000280 RDI: 0000000000000012 [ 305.995563][T14519] RBP: 00007f0bc1b10090 R08: 0000000000000000 R09: 0000000000000000 [ 305.995575][T14519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 305.995586][T14519] R13: 00007f0bc0de6038 R14: 00007f0bc0de5fa0 R15: 00007ffd9c53e308 [ 305.995617][T14519] [ 306.359686][T14525] syzkaller0: entered promiscuous mode [ 306.376059][T14525] syzkaller0: entered allmulticast mode [ 306.513704][T14525] tipc: Enabling of bearer rejected, failed to enable media [ 306.633158][T14544] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2533'. [ 306.734527][T14548] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2532'. [ 306.962151][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 306.971695][T14562] ipt_ECN: cannot use operation on non-tcp rule [ 306.982426][T14558] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2537'. [ 306.996720][T14565] tipc: Enabled bearer , priority 0 [ 307.004775][T14565] syzkaller0: entered promiscuous mode [ 307.012052][T14565] syzkaller0: entered allmulticast mode [ 307.027109][T14565] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2539'. [ 307.105284][T14564] tipc: Resetting bearer [ 307.139733][T14564] tipc: Disabling bearer [ 307.271518][T14575] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2544'. [ 307.744574][T14602] veth1_vlan: left allmulticast mode [ 307.763766][T14602] macvtap0: left promiscuous mode [ 307.786060][T14602] bond1: left promiscuous mode [ 307.819077][T14602] ipvlan2: left promiscuous mode [ 307.840087][T14602] ipvlan2: left allmulticast mode [ 307.859441][T14602] geneve1: left allmulticast mode [ 307.877307][T14602] macsec1: left promiscuous mode [ 307.907809][T14602] macsec1: left allmulticast mode [ 308.002105][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 308.004839][T14599] __nla_validate_parse: 3 callbacks suppressed [ 308.004853][T14599] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2549'. [ 308.052722][T14619] FAULT_INJECTION: forcing a failure. [ 308.052722][T14619] name failslab, interval 1, probability 0, space 0, times 0 [ 308.077266][T14619] CPU: 1 UID: 0 PID: 14619 Comm: syz.0.2555 Not tainted syzkaller #0 PREEMPT(full) [ 308.077288][T14619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 308.077299][T14619] Call Trace: [ 308.077306][T14619] [ 308.077313][T14619] dump_stack_lvl+0x189/0x250 [ 308.077340][T14619] ? __pfx____ratelimit+0x10/0x10 [ 308.077360][T14619] ? __pfx_dump_stack_lvl+0x10/0x10 [ 308.077380][T14619] ? __pfx__printk+0x10/0x10 [ 308.077399][T14619] ? __pfx___might_resched+0x10/0x10 [ 308.077418][T14619] should_fail_ex+0x414/0x560 [ 308.077442][T14619] should_failslab+0xa8/0x100 [ 308.077458][T14619] kmem_cache_alloc_noprof+0x74/0x6e0 [ 308.077477][T14619] ? security_file_alloc+0x34/0x330 [ 308.077497][T14619] security_file_alloc+0x34/0x330 [ 308.077515][T14619] init_file+0x93/0x2f0 [ 308.077540][T14619] alloc_empty_file+0x6e/0x1d0 [ 308.077556][T14619] alloc_file_pseudo+0x13d/0x210 [ 308.077573][T14619] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 308.077600][T14619] anon_inode_getfd+0xca/0x1b0 [ 308.077619][T14619] btf_new_fd+0x9aa/0xc90 [ 308.077632][T14619] ? apparmor_capable+0x137/0x1b0 [ 308.077654][T14619] ? __pfx_btf_new_fd+0x10/0x10 [ 308.077669][T14619] ? bpf_token_put+0x143/0x160 [ 308.077685][T14619] ? bpf_btf_load+0x126/0x190 [ 308.077702][T14619] __sys_bpf+0x3ed/0x860 [ 308.077717][T14619] ? __pfx___sys_bpf+0x10/0x10 [ 308.077747][T14619] ? ksys_write+0x22a/0x250 [ 308.077767][T14619] ? __pfx_ksys_write+0x10/0x10 [ 308.077790][T14619] __x64_sys_bpf+0x7c/0x90 [ 308.077810][T14619] do_syscall_64+0xfa/0xfa0 [ 308.077826][T14619] ? lockdep_hardirqs_on+0x9c/0x150 [ 308.077844][T14619] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.077857][T14619] ? clear_bhb_loop+0x60/0xb0 [ 308.077874][T14619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.077887][T14619] RIP: 0033:0x7fba5878f749 [ 308.077899][T14619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.077912][T14619] RSP: 002b:00007fba596ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 308.077927][T14619] RAX: ffffffffffffffda RBX: 00007fba589e5fa0 RCX: 00007fba5878f749 [ 308.077938][T14619] RDX: 0000000000000020 RSI: 0000200000000280 RDI: 0000000000000012 [ 308.077946][T14619] RBP: 00007fba596ba090 R08: 0000000000000000 R09: 0000000000000000 [ 308.077955][T14619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 308.077964][T14619] R13: 00007fba589e6038 R14: 00007fba589e5fa0 R15: 00007fff1ce1b0f8 [ 308.077988][T14619] [ 308.356993][T14577] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 308.401272][T14617] lo speed is unknown, defaulting to 1000 [ 308.621060][T14622] tipc: Enabled bearer , priority 0 [ 308.648495][T14622] syzkaller0: entered promiscuous mode [ 308.660249][T14622] syzkaller0: entered allmulticast mode [ 308.677384][T14622] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2556'. [ 308.769646][T14621] tipc: Resetting bearer [ 308.847523][T14624] can: request_module (can-proto-5) failed. [ 308.868449][T14621] tipc: Disabling bearer [ 308.914552][T14624] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2558'. [ 309.052176][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 309.373146][ T5836] Bluetooth: hci0: command 0x0406 tx timeout [ 309.608550][T14650] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2562'. [ 309.922557][T14673] netlink: 216 bytes leftover after parsing attributes in process `syz.3.2569'. [ 309.946081][T14667] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2563'. [ 310.082212][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 310.171452][T14683] tipc: Enabled bearer , priority 0 [ 310.209709][T14685] syzkaller0: entered promiscuous mode [ 310.216669][T14685] syzkaller0: entered allmulticast mode [ 310.227657][T14683] syzkaller0: entered promiscuous mode [ 310.233299][T14683] syzkaller0: entered allmulticast mode [ 310.243318][T14683] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2572'. [ 310.263426][T14685] tipc: Enabling of bearer rejected, failed to enable media [ 310.296979][T14682] tipc: Resetting bearer [ 310.319482][T14682] tipc: Disabling bearer [ 310.398040][T14688] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2574'. [ 310.565368][T14692] SET target dimension over the limit! [ 310.837298][T14702] FAULT_INJECTION: forcing a failure. [ 310.837298][T14702] name failslab, interval 1, probability 0, space 0, times 0 [ 310.842862][T14703] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2581'. [ 310.884962][T14702] CPU: 1 UID: 0 PID: 14702 Comm: syz.2.2580 Not tainted syzkaller #0 PREEMPT(full) [ 310.884986][T14702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 310.884996][T14702] Call Trace: [ 310.885003][T14702] [ 310.885019][T14702] dump_stack_lvl+0x189/0x250 [ 310.885045][T14702] ? __pfx____ratelimit+0x10/0x10 [ 310.885066][T14702] ? __pfx_dump_stack_lvl+0x10/0x10 [ 310.885087][T14702] ? __pfx__printk+0x10/0x10 [ 310.885120][T14702] should_fail_ex+0x414/0x560 [ 310.885149][T14702] should_failslab+0xa8/0x100 [ 310.885169][T14702] __kmalloc_cache_noprof+0x6f/0x6f0 [ 310.885191][T14702] ? __sctp_v6_cmp_addr+0x1dc/0x510 [ 310.885208][T14702] ? sctp_v6_cmp_addr+0x15/0xd0 [ 310.885224][T14702] ? sctp_add_bind_addr+0x8c/0x370 [ 310.885240][T14702] ? sctp_add_bind_addr+0xb0/0x370 [ 310.885263][T14702] sctp_add_bind_addr+0x8c/0x370 [ 310.885285][T14702] sctp_copy_local_addr_list+0x30b/0x4e0 [ 310.885308][T14702] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 310.885326][T14702] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 310.885345][T14702] ? sctp_v6_is_any+0x64/0x80 [ 310.885365][T14702] ? sctp_copy_one_addr+0x93/0x360 [ 310.885387][T14702] sctp_bind_addr_copy+0xb3/0x3c0 [ 310.885408][T14702] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 310.885429][T14702] sctp_connect_new_asoc+0x2e0/0x690 [ 310.885450][T14702] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 310.885463][T14702] ? __local_bh_enable_ip+0x12d/0x1c0 [ 310.885479][T14702] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 310.885493][T14702] ? security_sctp_bind_connect+0x7e/0x2e0 [ 310.885507][T14702] sctp_sendmsg+0x155c/0x2810 [ 310.885526][T14702] ? __pfx_sctp_sendmsg+0x10/0x10 [ 310.885541][T14702] ? aa_sk_perm+0x81e/0x950 [ 310.885557][T14702] ? __pfx_aa_sk_perm+0x10/0x10 [ 310.885572][T14702] ? sock_rps_record_flow+0x19/0x410 [ 310.885586][T14702] ? inet_sendmsg+0x2f4/0x370 [ 310.885600][T14702] __sock_sendmsg+0x19c/0x270 [ 310.885616][T14702] __sys_sendto+0x3bd/0x520 [ 310.885629][T14702] ? __pfx___sys_sendto+0x10/0x10 [ 310.885638][T14702] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 310.885659][T14702] ? __fget_files+0x3a0/0x420 [ 310.885675][T14702] ? ksys_write+0x22a/0x250 [ 310.885690][T14702] ? __pfx_ksys_write+0x10/0x10 [ 310.885704][T14702] __x64_sys_sendto+0xde/0x100 [ 310.885717][T14702] do_syscall_64+0xfa/0xfa0 [ 310.885729][T14702] ? lockdep_hardirqs_on+0x9c/0x150 [ 310.885741][T14702] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.885751][T14702] ? clear_bhb_loop+0x60/0xb0 [ 310.885763][T14702] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.885772][T14702] RIP: 0033:0x7f0bc0b8f749 [ 310.885782][T14702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.885791][T14702] RSP: 002b:00007f0bc1b10038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 310.885802][T14702] RAX: ffffffffffffffda RBX: 00007f0bc0de5fa0 RCX: 00007f0bc0b8f749 [ 310.885810][T14702] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 310.885816][T14702] RBP: 00007f0bc1b10090 R08: 0000200000000080 R09: 000000000000001c [ 310.885823][T14702] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002 [ 310.885829][T14702] R13: 00007f0bc0de6038 R14: 00007f0bc0de5fa0 R15: 00007ffd9c53e308 [ 310.885850][T14702] [ 311.142179][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 311.214120][T14705] netlink: 168 bytes leftover after parsing attributes in process `syz.4.2581'. [ 311.355034][T14699] bridge10: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 311.355882][T14716] FAULT_INJECTION: forcing a failure. [ 311.355882][T14716] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 311.401252][T14716] CPU: 0 UID: 0 PID: 14716 Comm: syz.2.2583 Not tainted syzkaller #0 PREEMPT(full) [ 311.401276][T14716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 311.401286][T14716] Call Trace: [ 311.401293][T14716] [ 311.401300][T14716] dump_stack_lvl+0x189/0x250 [ 311.401325][T14716] ? __pfx____ratelimit+0x10/0x10 [ 311.401346][T14716] ? __pfx_dump_stack_lvl+0x10/0x10 [ 311.401367][T14716] ? __pfx__printk+0x10/0x10 [ 311.401398][T14716] should_fail_ex+0x414/0x560 [ 311.401427][T14716] _copy_to_user+0x31/0xb0 [ 311.401451][T14716] simple_read_from_buffer+0xe1/0x170 [ 311.401479][T14716] proc_fail_nth_read+0x1b3/0x220 [ 311.401503][T14716] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 311.401527][T14716] ? rw_verify_area+0x2a6/0x4d0 [ 311.401547][T14716] ? __lock_acquire+0xab9/0xd20 [ 311.401561][T14716] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 311.401581][T14716] vfs_read+0x200/0xa30 [ 311.401599][T14716] ? fdget_pos+0x247/0x320 [ 311.401617][T14716] ? __pfx___mutex_lock+0x10/0x10 [ 311.401637][T14716] ? __pfx_vfs_read+0x10/0x10 [ 311.401655][T14716] ? __fget_files+0x2a/0x420 [ 311.401670][T14716] ? __fget_files+0x3a0/0x420 [ 311.401682][T14716] ? __fget_files+0x2a/0x420 [ 311.401706][T14716] ksys_read+0x145/0x250 [ 311.401728][T14716] ? __pfx_ksys_read+0x10/0x10 [ 311.401754][T14716] ? do_syscall_64+0xbe/0xfa0 [ 311.401778][T14716] do_syscall_64+0xfa/0xfa0 [ 311.401797][T14716] ? lockdep_hardirqs_on+0x9c/0x150 [ 311.401817][T14716] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.401833][T14716] ? clear_bhb_loop+0x60/0xb0 [ 311.401855][T14716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.401871][T14716] RIP: 0033:0x7f0bc0b8e15c [ 311.401888][T14716] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 311.401903][T14716] RSP: 002b:00007f0bc1b10030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 311.401922][T14716] RAX: ffffffffffffffda RBX: 00007f0bc0de5fa0 RCX: 00007f0bc0b8e15c [ 311.401935][T14716] RDX: 000000000000000f RSI: 00007f0bc1b100a0 RDI: 0000000000000003 [ 311.401946][T14716] RBP: 00007f0bc1b10090 R08: 0000000000000000 R09: 0000000000000000 [ 311.401957][T14716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 311.401977][T14716] R13: 00007f0bc0de6038 R14: 00007f0bc0de5fa0 R15: 00007ffd9c53e308 [ 311.402010][T14716] [ 311.408155][T14714] syzkaller0: entered promiscuous mode [ 311.678293][T14714] syzkaller0: entered allmulticast mode [ 311.756989][T14726] tipc: Enabling of bearer rejected, failed to enable media [ 311.810005][T14728] tipc: Enabled bearer , priority 0 [ 311.817720][T14728] syzkaller0: entered promiscuous mode [ 311.826939][T14728] syzkaller0: entered allmulticast mode [ 311.844267][T14727] tipc: Resetting bearer [ 311.903543][T14727] tipc: Disabling bearer [ 312.022615][T14741] xt_CT: No such helper "netbios-ns" [ 312.162066][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 312.634773][T14777] syzkaller0: entered promiscuous mode [ 312.650204][T14777] syzkaller0: entered allmulticast mode [ 312.779705][T14777] syzkaller1: entered promiscuous mode [ 312.808342][T14777] syzkaller1: entered allmulticast mode [ 313.202381][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 313.281941][T14804] __nla_validate_parse: 3 callbacks suppressed [ 313.281958][T14804] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2605'. [ 313.382538][T14784] netlink: 'syz.3.2601': attribute type 30 has an invalid length. [ 313.536623][T14784] bond5: option arp_missed_max: invalid value (0) [ 313.544319][T14784] bond5: option arp_missed_max: allowed values 1 - 255 [ 313.545601][T14815] FAULT_INJECTION: forcing a failure. [ 313.545601][T14815] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 313.571968][T14815] CPU: 1 UID: 0 PID: 14815 Comm: syz.0.2608 Not tainted syzkaller #0 PREEMPT(full) [ 313.571995][T14815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 313.572005][T14815] Call Trace: [ 313.572012][T14815] [ 313.572020][T14815] dump_stack_lvl+0x189/0x250 [ 313.572048][T14815] ? __pfx____ratelimit+0x10/0x10 [ 313.572070][T14815] ? __pfx_dump_stack_lvl+0x10/0x10 [ 313.572092][T14815] ? __pfx__printk+0x10/0x10 [ 313.572109][T14815] ? __might_fault+0xb0/0x130 [ 313.572142][T14815] should_fail_ex+0x414/0x560 [ 313.572171][T14815] _copy_from_user+0x2d/0xb0 [ 313.572193][T14815] __sys_sendto+0x25c/0x520 [ 313.572216][T14815] ? __pfx___sys_sendto+0x10/0x10 [ 313.572232][T14815] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 313.572265][T14815] ? __fget_files+0x3a0/0x420 [ 313.572292][T14815] ? ksys_write+0x22a/0x250 [ 313.572318][T14815] ? __pfx_ksys_write+0x10/0x10 [ 313.572343][T14815] __x64_sys_sendto+0xde/0x100 [ 313.572366][T14815] do_syscall_64+0xfa/0xfa0 [ 313.572385][T14815] ? lockdep_hardirqs_on+0x9c/0x150 [ 313.572406][T14815] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.572423][T14815] ? clear_bhb_loop+0x60/0xb0 [ 313.572442][T14815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.572459][T14815] RIP: 0033:0x7fba5878f749 [ 313.572475][T14815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.572490][T14815] RSP: 002b:00007fba59699038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 313.572508][T14815] RAX: ffffffffffffffda RBX: 00007fba589e6090 RCX: 00007fba5878f749 [ 313.572521][T14815] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000009 [ 313.572531][T14815] RBP: 00007fba59699090 R08: 000020000005ffe4 R09: 000000000000001c [ 313.572543][T14815] R10: 00000000000000e0 R11: 0000000000000246 R12: 0000000000000001 [ 313.572553][T14815] R13: 00007fba589e6128 R14: 00007fba589e6090 R15: 00007fff1ce1b0f8 [ 313.572584][T14815] [ 313.597303][T14784] bond5 (unregistering): Released all slaves [ 313.869218][T14809] lo speed is unknown, defaulting to 1000 [ 313.878878][T14819] lo speed is unknown, defaulting to 1000 [ 314.171158][T14831] lo speed is unknown, defaulting to 1000 [ 314.242061][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 314.610269][T14842] syzkaller0: entered promiscuous mode [ 314.645225][T14842] syzkaller0: entered allmulticast mode [ 314.667181][T14848] tipc: Enabled bearer , priority 0 [ 314.872319][T14845] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2620'. [ 314.924072][T14848] tipc: Resetting bearer [ 314.969967][T14864] syzkaller0: entered promiscuous mode [ 314.981292][T14864] syzkaller0: entered allmulticast mode [ 315.227575][T14870] lo speed is unknown, defaulting to 1000 [ 315.292058][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 315.306822][T14875] bond0: (slave dummy0): Releasing backup interface [ 315.315888][T14875] bridge_slave_0: left allmulticast mode [ 315.321564][T14875] bridge_slave_0: left promiscuous mode [ 315.330366][T14875] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.351301][T14875] bridge_slave_1: left allmulticast mode [ 315.357345][T14875] bridge_slave_1: left promiscuous mode [ 315.363797][T14875] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.374184][T14875] bond0: (slave bond_slave_0): Releasing backup interface [ 315.384492][T14875] bond0: (slave bond_slave_1): Releasing backup interface [ 315.394070][T14875] team0: Port device team_slave_0 removed [ 315.401712][T14875] team0: Port device team_slave_1 removed [ 315.409010][T14875] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 315.419135][T14875] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 315.442583][T14840] tipc: Resetting bearer [ 315.455389][T14840] tipc: Disabling bearer [ 315.648527][T14879] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2631'. [ 315.921459][T14896] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2637'. [ 315.935896][T14891] bond0: (slave team0): Releasing backup interface [ 315.954900][T14891] team0: left promiscuous mode [ 315.959688][T14891] team_slave_0: left promiscuous mode [ 315.974185][T14891] team_slave_1: left promiscuous mode [ 316.033655][T14891] bridge_slave_0: left allmulticast mode [ 316.039325][T14891] bridge_slave_0: left promiscuous mode [ 316.055393][T14891] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.063927][T14905] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 316.074375][T14905] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2633'. [ 316.085316][T14891] bridge_slave_1: left allmulticast mode [ 316.090973][T14891] bridge_slave_1: left promiscuous mode [ 316.092364][T14905] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 316.099089][T14891] bridge0: port 2(bridge_slave_1) entered disabled state [ 316.119099][T14891] bond0: (slave bond_slave_0): Releasing backup interface [ 316.137990][T14891] bond_slave_0: left promiscuous mode [ 316.155194][T14891] bond0: (slave bond_slave_1): Releasing backup interface [ 316.170597][T14891] bond_slave_1: left promiscuous mode [ 316.178248][T14891] team0: Port device team_slave_0 removed [ 316.185967][T14891] team0: Port device team_slave_1 removed [ 316.193074][T14891] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 316.201096][T14891] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 316.211376][T14891] bond2: (slave bridge6): Releasing backup interface [ 316.221421][T14891] bond3: (slave bridge7): Releasing active interface [ 316.230670][T14891] bond3: (slave bridge8): Releasing active interface [ 316.283577][T14887] lo speed is unknown, defaulting to 1000 [ 316.322060][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 316.336365][T14902] lo speed is unknown, defaulting to 1000 [ 316.410356][T14915] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2641'. [ 317.362508][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 317.465106][T14954] tipc: Enabled bearer , priority 0 [ 317.510548][T14952] lo speed is unknown, defaulting to 1000 [ 317.517663][T14961] tipc: Enabled bearer , priority 0 [ 317.571744][T14963] syzkaller0: entered promiscuous mode [ 317.577869][T14963] syzkaller0: entered allmulticast mode [ 317.586400][T14965] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2654'. [ 317.596285][T14951] lo speed is unknown, defaulting to 1000 [ 317.649192][T14961] syzkaller0: entered promiscuous mode [ 317.655085][T14961] syzkaller0: entered allmulticast mode [ 317.665709][T14960] tipc: Resetting bearer [ 317.698159][T14960] tipc: Disabling bearer [ 317.720568][T14953] tipc: Resetting bearer [ 317.749683][T14953] tipc: Disabling bearer [ 317.961639][T14970] lo speed is unknown, defaulting to 1000 [ 318.388387][T14980] lo speed is unknown, defaulting to 1000 [ 318.395400][T14990] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 318.412181][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 318.938213][T15017] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2666'. [ 319.034742][T15002] tipc: Enabled bearer , priority 0 [ 319.089244][T15011] syzkaller0: entered promiscuous mode [ 319.112971][T15011] syzkaller0: entered allmulticast mode [ 319.128970][T15008] tipc: Enabled bearer , priority 0 [ 319.150820][T15013] syzkaller0: entered promiscuous mode [ 319.156653][T15013] syzkaller0: entered allmulticast mode [ 319.183756][T15007] tipc: Resetting bearer [ 319.223497][T15007] tipc: Disabling bearer [ 319.235265][T15001] tipc: Resetting bearer [ 319.255948][T15001] tipc: Disabling bearer [ 319.442150][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 319.732869][T15036] lo speed is unknown, defaulting to 1000 [ 319.867956][T15053] lo speed is unknown, defaulting to 1000 [ 320.271145][T15063] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2680'. [ 320.318434][T15076] ipt_ECN: cannot use operation on non-tcp rule [ 320.482123][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 320.654400][T15086] tipc: Enabled bearer , priority 0 [ 320.673647][T15088] netlink: 'syz.0.2688': attribute type 6 has an invalid length. [ 320.690113][T15086] syzkaller0: entered promiscuous mode [ 320.698917][T15086] syzkaller0: entered allmulticast mode [ 320.747672][T15086] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2687'. [ 320.748588][T15088] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2688'. [ 320.780457][T15093] tipc: Enabling of bearer rejected, already enabled [ 320.817597][T15093] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2690'. [ 320.827995][T15084] tipc: Resetting bearer [ 320.903596][T15084] tipc: Disabling bearer [ 321.066327][T15095] lo speed is unknown, defaulting to 1000 [ 321.199870][T15109] FAULT_INJECTION: forcing a failure. [ 321.199870][T15109] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 321.249117][T15104] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2693'. [ 321.250167][T15109] CPU: 0 UID: 0 PID: 15109 Comm: syz.2.2696 Not tainted syzkaller #0 PREEMPT(full) [ 321.250190][T15109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 321.250201][T15109] Call Trace: [ 321.250208][T15109] [ 321.250216][T15109] dump_stack_lvl+0x189/0x250 [ 321.250243][T15109] ? __pfx____ratelimit+0x10/0x10 [ 321.250265][T15109] ? __pfx_dump_stack_lvl+0x10/0x10 [ 321.250287][T15109] ? __pfx__printk+0x10/0x10 [ 321.250307][T15109] ? fs_reclaim_acquire+0x7d/0x100 [ 321.250332][T15109] should_fail_ex+0x414/0x560 [ 321.250362][T15109] prepare_alloc_pages+0x213/0x610 [ 321.250387][T15109] __alloc_frozen_pages_noprof+0x123/0x370 [ 321.250409][T15109] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 321.250435][T15109] ? policy_nodemask+0x27c/0x720 [ 321.250463][T15109] alloc_pages_mpol+0x232/0x4a0 [ 321.250486][T15109] folio_alloc_mpol_noprof+0x39/0x70 [ 321.250506][T15109] shmem_alloc_and_add_folio+0x423/0xf40 [ 321.250535][T15109] ? filemap_get_entry+0xad/0x2f0 [ 321.250550][T15109] ? filemap_get_entry+0xad/0x2f0 [ 321.250566][T15109] ? filemap_get_entry+0x28f/0x2f0 [ 321.250585][T15109] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 321.250625][T15109] shmem_get_folio_gfp+0x59d/0x1660 [ 321.250666][T15109] shmem_fallocate+0x80f/0xde0 [ 321.250710][T15109] ? __pfx_shmem_fallocate+0x10/0x10 [ 321.250740][T15109] ? rcu_read_lock_any_held+0xb3/0x120 [ 321.250760][T15109] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 321.250795][T15109] vfs_fallocate+0x669/0x7e0 [ 321.250826][T15109] ? __pfx_vfs_fallocate+0x10/0x10 [ 321.250860][T15109] file_ioctl+0x611/0x780 [ 321.250884][T15109] ? __pfx_file_ioctl+0x10/0x10 [ 321.250935][T15109] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 321.250961][T15109] do_vfs_ioctl+0xb33/0x1430 [ 321.250981][T15109] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 321.251003][T15109] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 321.251064][T15109] ? __fget_files+0x2a/0x420 [ 321.251084][T15109] ? __fget_files+0x3a0/0x420 [ 321.251100][T15109] ? __fget_files+0x2a/0x420 [ 321.251120][T15109] ? bpf_lsm_file_ioctl+0x9/0x20 [ 321.251142][T15109] __se_sys_ioctl+0x82/0x170 [ 321.251165][T15109] do_syscall_64+0xfa/0xfa0 [ 321.251185][T15109] ? lockdep_hardirqs_on+0x9c/0x150 [ 321.251206][T15109] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.251223][T15109] ? clear_bhb_loop+0x60/0xb0 [ 321.251244][T15109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.251259][T15109] RIP: 0033:0x7f0bc0b8f749 [ 321.251275][T15109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.251290][T15109] RSP: 002b:00007f0bc1b10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 321.251309][T15109] RAX: ffffffffffffffda RBX: 00007f0bc0de5fa0 RCX: 00007f0bc0b8f749 [ 321.251322][T15109] RDX: 0000200000000080 RSI: 0000000040305828 RDI: 0000000000000006 [ 321.251333][T15109] RBP: 00007f0bc1b10090 R08: 0000000000000000 R09: 0000000000000000 [ 321.251344][T15109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 321.251354][T15109] R13: 00007f0bc0de6038 R14: 00007f0bc0de5fa0 R15: 00007ffd9c53e308 [ 321.251386][T15109] [ 321.532055][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 321.785705][T15124] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2698'. [ 321.866563][T15124] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2698'. [ 321.898197][T15124] block nbd0: not configured, cannot reconfigure [ 321.926915][T15124] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2698'. [ 322.175230][T15128] ipt_ECN: cannot use operation on non-tcp rule [ 322.341521][T15140] veth3: entered promiscuous mode [ 322.358317][T15140] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2705'. [ 322.401901][T15142] tipc: Enabled bearer , priority 0 [ 322.427367][T15142] syzkaller0: entered promiscuous mode [ 322.436067][T15142] syzkaller0: entered allmulticast mode [ 322.498890][T15141] tipc: Resetting bearer [ 322.536034][T15141] tipc: Disabling bearer [ 322.572208][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 323.015487][T15174] FAULT_INJECTION: forcing a failure. [ 323.015487][T15174] name failslab, interval 1, probability 0, space 0, times 0 [ 323.029156][T15174] CPU: 1 UID: 0 PID: 15174 Comm: syz.1.2717 Not tainted syzkaller #0 PREEMPT(full) [ 323.029180][T15174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 323.029190][T15174] Call Trace: [ 323.029198][T15174] [ 323.029206][T15174] dump_stack_lvl+0x189/0x250 [ 323.029233][T15174] ? __pfx____ratelimit+0x10/0x10 [ 323.029255][T15174] ? __pfx_dump_stack_lvl+0x10/0x10 [ 323.029277][T15174] ? __pfx__printk+0x10/0x10 [ 323.029309][T15174] should_fail_ex+0x414/0x560 [ 323.029340][T15174] should_failslab+0xa8/0x100 [ 323.029360][T15174] __kmalloc_cache_noprof+0x6f/0x6f0 [ 323.029382][T15174] ? __sctp_v6_cmp_addr+0x1dc/0x510 [ 323.029404][T15174] ? sctp_v6_cmp_addr+0x15/0xd0 [ 323.029420][T15174] ? sctp_add_bind_addr+0x8c/0x370 [ 323.029445][T15174] sctp_add_bind_addr+0x8c/0x370 [ 323.029470][T15174] sctp_copy_local_addr_list+0x30b/0x4e0 [ 323.029494][T15174] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 323.029514][T15174] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 323.029537][T15174] ? sctp_v6_is_any+0x64/0x80 [ 323.029558][T15174] ? sctp_copy_one_addr+0x93/0x360 [ 323.029579][T15174] sctp_bind_addr_copy+0xb3/0x3c0 [ 323.029599][T15174] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 323.029619][T15174] sctp_connect_new_asoc+0x2e0/0x690 [ 323.029644][T15174] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 323.029664][T15174] ? __local_bh_enable_ip+0x12d/0x1c0 [ 323.029691][T15174] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 323.029709][T15174] ? security_sctp_bind_connect+0x7e/0x2e0 [ 323.029732][T15174] sctp_sendmsg+0x155c/0x2810 [ 323.029766][T15174] ? __pfx_sctp_sendmsg+0x10/0x10 [ 323.029792][T15174] ? aa_sk_perm+0x81e/0x950 [ 323.029820][T15174] ? __pfx_aa_sk_perm+0x10/0x10 [ 323.029845][T15174] ? sock_rps_record_flow+0x19/0x410 [ 323.029870][T15174] ? inet_sendmsg+0x2f4/0x370 [ 323.029894][T15174] __sock_sendmsg+0x19c/0x270 [ 323.029921][T15174] __sys_sendto+0x3bd/0x520 [ 323.029943][T15174] ? __pfx___sys_sendto+0x10/0x10 [ 323.029959][T15174] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 323.029996][T15174] ? __fget_files+0x3a0/0x420 [ 323.030024][T15174] ? ksys_write+0x22a/0x250 [ 323.030056][T15174] ? __pfx_ksys_write+0x10/0x10 [ 323.030081][T15174] __x64_sys_sendto+0xde/0x100 [ 323.030103][T15174] do_syscall_64+0xfa/0xfa0 [ 323.030123][T15174] ? lockdep_hardirqs_on+0x9c/0x150 [ 323.030144][T15174] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.030160][T15174] ? clear_bhb_loop+0x60/0xb0 [ 323.030181][T15174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.030197][T15174] RIP: 0033:0x7fa1afb8f749 [ 323.030213][T15174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.030228][T15174] RSP: 002b:00007fa1b0a70038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 323.030246][T15174] RAX: ffffffffffffffda RBX: 00007fa1afde5fa0 RCX: 00007fa1afb8f749 [ 323.030259][T15174] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 323.030270][T15174] RBP: 00007fa1b0a70090 R08: 0000200000000080 R09: 000000000000001c [ 323.030282][T15174] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002 [ 323.030292][T15174] R13: 00007fa1afde6038 R14: 00007fa1afde5fa0 R15: 00007fff790e11e8 [ 323.030324][T15174] [ 323.579591][T15178] syzkaller0: entered promiscuous mode [ 323.585677][T15178] syzkaller0: entered allmulticast mode [ 323.602083][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 323.639130][T15185] netlink: 'syz.4.2723': attribute type 29 has an invalid length. [ 324.614352][T15232] __nla_validate_parse: 5 callbacks suppressed [ 324.614370][T15232] netlink: 7052 bytes leftover after parsing attributes in process `syz.0.2735'. [ 324.630484][T15232] openvswitch: netlink: Message has 8 unknown bytes. [ 324.642067][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 324.715515][T15233] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2732'. [ 324.939819][T15240] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2736'. [ 325.692080][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 326.233756][T15247] IPVS: set_ctl: invalid protocol: 59 172.30.0.1:20001 [ 326.445620][T15257] syzkaller0: entered promiscuous mode [ 326.451123][T15257] syzkaller0: entered allmulticast mode [ 326.603896][T15267] FAULT_INJECTION: forcing a failure. [ 326.603896][T15267] name failslab, interval 1, probability 0, space 0, times 0 [ 326.624664][T15267] CPU: 0 UID: 0 PID: 15267 Comm: syz.4.2746 Not tainted syzkaller #0 PREEMPT(full) [ 326.624689][T15267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 326.624700][T15267] Call Trace: [ 326.624708][T15267] [ 326.624716][T15267] dump_stack_lvl+0x189/0x250 [ 326.624744][T15267] ? __pfx____ratelimit+0x10/0x10 [ 326.624764][T15267] ? __pfx_dump_stack_lvl+0x10/0x10 [ 326.624783][T15267] ? __pfx__printk+0x10/0x10 [ 326.624816][T15267] should_fail_ex+0x414/0x560 [ 326.624848][T15267] should_failslab+0xa8/0x100 [ 326.624869][T15267] __kmalloc_cache_noprof+0x6f/0x6f0 [ 326.624892][T15267] ? __sctp_v6_cmp_addr+0x1dc/0x510 [ 326.624912][T15267] ? sctp_v6_cmp_addr+0x15/0xd0 [ 326.624930][T15267] ? sctp_add_bind_addr+0x8c/0x370 [ 326.624948][T15267] ? sctp_add_bind_addr+0xb0/0x370 [ 326.624973][T15267] sctp_add_bind_addr+0x8c/0x370 [ 326.624998][T15267] sctp_copy_local_addr_list+0x30b/0x4e0 [ 326.625031][T15267] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 326.625052][T15267] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 326.625075][T15267] ? sctp_v6_is_any+0x64/0x80 [ 326.625097][T15267] ? sctp_copy_one_addr+0x93/0x360 [ 326.625122][T15267] sctp_bind_addr_copy+0xb3/0x3c0 [ 326.625144][T15267] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 326.625168][T15267] sctp_connect_new_asoc+0x2e0/0x690 [ 326.625195][T15267] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 326.625216][T15267] ? __local_bh_enable_ip+0x12d/0x1c0 [ 326.625245][T15267] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 326.625264][T15267] ? security_sctp_bind_connect+0x7e/0x2e0 [ 326.625289][T15267] sctp_sendmsg+0x155c/0x2810 [ 326.625326][T15267] ? __pfx_sctp_sendmsg+0x10/0x10 [ 326.625353][T15267] ? aa_sk_perm+0x81e/0x950 [ 326.625382][T15267] ? __pfx_aa_sk_perm+0x10/0x10 [ 326.625410][T15267] ? sock_rps_record_flow+0x19/0x410 [ 326.625435][T15267] ? inet_sendmsg+0x2f4/0x370 [ 326.625463][T15267] __sock_sendmsg+0x19c/0x270 [ 326.625492][T15267] __sys_sendto+0x3bd/0x520 [ 326.625516][T15267] ? __pfx___sys_sendto+0x10/0x10 [ 326.625533][T15267] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 326.625571][T15267] ? __fget_files+0x3a0/0x420 [ 326.625601][T15267] ? ksys_write+0x22a/0x250 [ 326.625627][T15267] ? __pfx_ksys_write+0x10/0x10 [ 326.625655][T15267] __x64_sys_sendto+0xde/0x100 [ 326.625680][T15267] do_syscall_64+0xfa/0xfa0 [ 326.625701][T15267] ? lockdep_hardirqs_on+0x9c/0x150 [ 326.625733][T15267] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.625751][T15267] ? clear_bhb_loop+0x60/0xb0 [ 326.625773][T15267] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.625791][T15267] RIP: 0033:0x7f899018f749 [ 326.625808][T15267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 326.625823][T15267] RSP: 002b:00007f8990f91038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 326.625843][T15267] RAX: ffffffffffffffda RBX: 00007f89903e5fa0 RCX: 00007f899018f749 [ 326.625856][T15267] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 326.625867][T15267] RBP: 00007f8990f91090 R08: 0000200000000080 R09: 000000000000001c [ 326.625880][T15267] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002 [ 326.625892][T15267] R13: 00007f89903e6038 R14: 00007f89903e5fa0 R15: 00007ffe364cf5e8 [ 326.625925][T15267] [ 326.952512][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 327.281040][T15285] netlink: 'syz.3.2752': attribute type 4 has an invalid length. [ 327.312040][ T30] audit: type=1800 audit(1764726141.195:5): pid=15285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2752" name=CB dev="tmpfs" ino=2822 res=0 errno=0 [ 327.499384][T15300] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2759'. [ 327.553635][T15300] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2759'. [ 327.592198][T15300] block nbd0: not configured, cannot reconfigure [ 327.615103][T15301] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2758'. [ 327.643530][T15300] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2759'. [ 327.663050][T15301] 8021q: VLANs not supported on sit0 [ 327.703374][T15312] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2762'. [ 327.735276][T15312] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2762'. [ 327.927183][T15314] sit0: entered promiscuous mode [ 327.933335][T15314] netlink: 1 bytes leftover after parsing attributes in process `syz.4.2763'. [ 328.002145][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 328.048071][T15314] syzkaller0: entered promiscuous mode [ 328.075173][T15314] syzkaller0: entered allmulticast mode [ 328.111162][T15323] syzkaller0: entered promiscuous mode [ 328.121270][T15323] syzkaller0: entered allmulticast mode [ 328.227965][T15333] netlink: 'syz.0.2768': attribute type 8 has an invalid length. [ 329.052475][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 329.759634][T15350] lo speed is unknown, defaulting to 1000 [ 329.902653][T15362] __nla_validate_parse: 1 callbacks suppressed [ 329.902671][T15362] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2776'. [ 330.012181][T15370] netlink: 'syz.2.2779': attribute type 8 has an invalid length. [ 330.045328][T15367] xt_CT: No such helper "netbios-ns" [ 330.082154][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 330.522893][T15395] bridge_slave_1: left allmulticast mode [ 330.536989][T15395] bridge_slave_1: left promiscuous mode [ 330.550053][T15395] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.599684][T15395] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 330.675029][T15397] syzkaller0: entered promiscuous mode [ 330.680624][T15397] syzkaller0: entered allmulticast mode [ 330.764901][T15411] netlink: 'syz.1.2796': attribute type 1 has an invalid length. [ 330.774137][T15411] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2796'. [ 330.931555][T15419] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2799'. [ 330.966640][T15415] tipc: Enabled bearer , priority 0 [ 330.975209][T15415] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2797'. [ 331.029185][T15414] tipc: Disabling bearer [ 331.122559][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 331.126664][T15425] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2803'. [ 331.347769][T15435] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2808'. [ 331.474215][T15445] FAULT_INJECTION: forcing a failure. [ 331.474215][T15445] name failslab, interval 1, probability 0, space 0, times 0 [ 331.524138][T15445] CPU: 1 UID: 0 PID: 15445 Comm: syz.1.2813 Not tainted syzkaller #0 PREEMPT(full) [ 331.524162][T15445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 331.524173][T15445] Call Trace: [ 331.524181][T15445] [ 331.524189][T15445] dump_stack_lvl+0x189/0x250 [ 331.524217][T15445] ? __pfx____ratelimit+0x10/0x10 [ 331.524239][T15445] ? __pfx_dump_stack_lvl+0x10/0x10 [ 331.524260][T15445] ? __pfx__printk+0x10/0x10 [ 331.524294][T15445] should_fail_ex+0x414/0x560 [ 331.524325][T15445] should_failslab+0xa8/0x100 [ 331.524344][T15445] __kmalloc_cache_noprof+0x6f/0x6f0 [ 331.524368][T15445] ? __sctp_v6_cmp_addr+0x1dc/0x510 [ 331.524388][T15445] ? sctp_v6_cmp_addr+0x15/0xd0 [ 331.524406][T15445] ? sctp_add_bind_addr+0x8c/0x370 [ 331.524424][T15445] ? sctp_add_bind_addr+0xb0/0x370 [ 331.524448][T15445] sctp_add_bind_addr+0x8c/0x370 [ 331.524473][T15445] sctp_copy_local_addr_list+0x30b/0x4e0 [ 331.524498][T15445] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 331.524519][T15445] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 331.524541][T15445] ? sctp_v6_is_any+0x64/0x80 [ 331.524563][T15445] ? sctp_copy_one_addr+0x93/0x360 [ 331.524595][T15445] sctp_bind_addr_copy+0xb3/0x3c0 [ 331.524617][T15445] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 331.524639][T15445] sctp_connect_new_asoc+0x2e0/0x690 [ 331.524666][T15445] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 331.524685][T15445] ? __local_bh_enable_ip+0x12d/0x1c0 [ 331.524710][T15445] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 331.524728][T15445] ? security_sctp_bind_connect+0x7e/0x2e0 [ 331.524750][T15445] sctp_sendmsg+0x155c/0x2810 [ 331.524787][T15445] ? __pfx_sctp_sendmsg+0x10/0x10 [ 331.524812][T15445] ? aa_sk_perm+0x81e/0x950 [ 331.524842][T15445] ? __pfx_aa_sk_perm+0x10/0x10 [ 331.524868][T15445] ? sock_rps_record_flow+0x19/0x410 [ 331.524893][T15445] ? inet_sendmsg+0x2f4/0x370 [ 331.524918][T15445] __sock_sendmsg+0x19c/0x270 [ 331.524947][T15445] __sys_sendto+0x3bd/0x520 [ 331.524969][T15445] ? __pfx___sys_sendto+0x10/0x10 [ 331.524987][T15445] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 331.525023][T15445] ? __fget_files+0x3a0/0x420 [ 331.525053][T15445] ? ksys_write+0x22a/0x250 [ 331.525079][T15445] ? __pfx_ksys_write+0x10/0x10 [ 331.525106][T15445] __x64_sys_sendto+0xde/0x100 [ 331.525130][T15445] do_syscall_64+0xfa/0xfa0 [ 331.525151][T15445] ? lockdep_hardirqs_on+0x9c/0x150 [ 331.525172][T15445] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.525190][T15445] ? clear_bhb_loop+0x60/0xb0 [ 331.525210][T15445] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.525227][T15445] RIP: 0033:0x7fa1afb8f749 [ 331.525242][T15445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 331.525258][T15445] RSP: 002b:00007fa1b0a70038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 331.525279][T15445] RAX: ffffffffffffffda RBX: 00007fa1afde5fa0 RCX: 00007fa1afb8f749 [ 331.525292][T15445] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 331.525303][T15445] RBP: 00007fa1b0a70090 R08: 0000200000000080 R09: 000000000000001c [ 331.525315][T15445] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002 [ 331.525326][T15445] R13: 00007fa1afde6038 R14: 00007fa1afde5fa0 R15: 00007fff790e11e8 [ 331.525373][T15445] [ 331.525786][T15448] syzkaller0: entered promiscuous mode [ 331.677825][T15451] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2814'. [ 331.722033][T15448] syzkaller0: entered allmulticast mode [ 331.781182][T15461] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2811'. [ 331.907252][T15447] lo speed is unknown, defaulting to 1000 [ 331.948150][T15455] lo speed is unknown, defaulting to 1000 [ 331.981287][T15453] lo speed is unknown, defaulting to 1000 [ 331.991726][T15465] tipc: Enabled bearer , priority 0 [ 332.005781][T15465] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2815'. [ 332.110679][T15463] tipc: Disabling bearer [ 332.162101][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 332.564896][T15482] lo speed is unknown, defaulting to 1000 [ 332.798338][T15504] tipc: Enabled bearer , priority 0 [ 332.822691][T15500] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2826'. [ 332.885431][T15503] tipc: Disabling bearer [ 333.202733][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 333.682183][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 333.710474][T15540] syzkaller0: entered promiscuous mode [ 333.739431][T15540] syzkaller0: entered allmulticast mode [ 333.799424][ T5882] udevd[5882]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 334.019371][ T36] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 334.029402][ T36] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 334.059570][ T36] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 334.082957][ T36] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 334.106914][T15565] syzkaller0: entered promiscuous mode [ 334.122502][T15565] syzkaller0: entered allmulticast mode [ 334.175555][T15573] bond3: left promiscuous mode [ 334.180359][T15573] wireguard0: left promiscuous mode [ 334.206572][T15573] ip6gre1: left promiscuous mode [ 334.211543][T15573] ip6gre1: left allmulticast mode [ 334.240411][T15573] gtp0: left promiscuous mode [ 334.245731][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 334.256906][T15573] gtp0: left allmulticast mode [ 335.292545][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 335.859720][T15610] xt_hashlimit: overflow, try lower: 18446674185775620864/255 [ 335.976139][T15616] __nla_validate_parse: 10 callbacks suppressed [ 335.976157][T15616] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2863'. [ 336.073843][T15617] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2859'. [ 336.085974][T15621] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2860'. [ 336.214224][T15630] tipc: Enabling of bearer rejected, already enabled [ 336.215151][T15626] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2865'. [ 336.233879][T15628] lo speed is unknown, defaulting to 1000 [ 336.240187][T15630] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2866'. [ 336.322066][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 336.524685][T15649] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2869'. [ 336.999367][T15668] syzkaller0: entered promiscuous mode [ 337.014006][T15668] syzkaller0: entered allmulticast mode [ 337.254517][T15685] Bluetooth: MGMT ver 1.23 [ 337.362570][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 337.405315][T15694] sit0: left promiscuous mode [ 337.552672][T15696] IPVS: Scheduler module ip_vs_ not found [ 337.634124][T15689] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2879'. [ 337.673191][T15703] netlink: 'syz.0.2881': attribute type 9 has an invalid length. [ 337.681165][T15703] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2881'. [ 337.863143][T15712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2882'. [ 338.105669][T15724] syzkaller0: entered promiscuous mode [ 338.114280][T15724] syzkaller0: entered allmulticast mode [ 338.123911][T15730] raw_sendmsg: syz.3.2886 forgot to set AF_INET. Fix it! [ 338.145915][T15730] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2886'. [ 338.207381][T15734] syzkaller1: entered promiscuous mode [ 338.236118][T15734] syzkaller1: entered allmulticast mode [ 338.342352][T15731] bond7: option arp_validate: invalid value (18446744073491447809) [ 338.375389][T15731] bond7 (unregistering): Released all slaves [ 338.402103][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 338.573397][T15749] xt_hashlimit: overflow, try lower: 18446744069514584319/255 [ 338.636789][T15751] netlink: 'syz.1.2893': attribute type 3 has an invalid length. [ 338.905410][T15756] tipc: Enabled bearer , priority 0 [ 338.929014][T15756] syzkaller0: entered promiscuous mode [ 338.947130][T15756] syzkaller0: entered allmulticast mode [ 338.990523][T15762] netlink: 'syz.0.2896': attribute type 10 has an invalid length. [ 339.005779][T15756] tipc: Resetting bearer [ 339.025321][T15762] bond0: (slave dummy0): Releasing backup interface [ 339.033891][T15758] xt_CT: No such helper "netbios-ns" [ 339.053182][T15769] netlink: 'syz.0.2896': attribute type 10 has an invalid length. [ 339.095761][T15762] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 339.123868][T15762] team0: Failed to send options change via netlink (err -105) [ 339.147508][T15762] team0: Port device dummy0 added [ 339.158944][T15755] tipc: Resetting bearer [ 339.188281][T15755] tipc: Disabling bearer [ 339.200559][T15769] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 339.229966][T15769] team0: Failed to send options change via netlink (err -105) [ 339.238685][T15769] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 339.267310][T15769] team0: Port device dummy0 removed [ 339.282181][ T5150] Bluetooth: hci2: command 0x0406 tx timeout [ 339.288539][ T5836] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 339.299159][T15769] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 339.442580][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 339.546857][T15799] syzkaller1: entered promiscuous mode [ 339.554223][T15799] syzkaller1: entered allmulticast mode [ 339.615975][T15785] bond6: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 339.632547][T15785] bond6 (unregistering): Released all slaves [ 339.808864][T15813] tipc: Enabled bearer , priority 0 [ 339.816704][T15813] syzkaller0: entered promiscuous mode [ 339.822344][T15813] syzkaller0: entered allmulticast mode [ 339.845196][T15813] tipc: Resetting bearer [ 339.854812][T15812] tipc: Resetting bearer [ 339.878075][T15812] tipc: Disabling bearer [ 340.155024][T15828] FAULT_INJECTION: forcing a failure. [ 340.155024][T15828] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 340.157995][T15826] block nbd0: not configured, cannot reconfigure [ 340.168982][T15828] CPU: 0 UID: 0 PID: 15828 Comm: syz.0.2919 Not tainted syzkaller #0 PREEMPT(full) [ 340.169005][T15828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 340.169016][T15828] Call Trace: [ 340.169024][T15828] [ 340.169032][T15828] dump_stack_lvl+0x189/0x250 [ 340.169059][T15828] ? __pfx____ratelimit+0x10/0x10 [ 340.169081][T15828] ? __pfx_dump_stack_lvl+0x10/0x10 [ 340.169104][T15828] ? __pfx__printk+0x10/0x10 [ 340.169122][T15828] ? __might_fault+0xb0/0x130 [ 340.169156][T15828] should_fail_ex+0x414/0x560 [ 340.169185][T15828] _copy_from_user+0x2d/0xb0 [ 340.169208][T15828] ___sys_sendmsg+0x158/0x2a0 [ 340.169232][T15828] ? __pfx____sys_sendmsg+0x10/0x10 [ 340.169288][T15828] ? __fget_files+0x2a/0x420 [ 340.169304][T15828] ? __fget_files+0x3a0/0x420 [ 340.169331][T15828] __x64_sys_sendmsg+0x19b/0x260 [ 340.169355][T15828] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 340.169385][T15828] ? __pfx_ksys_write+0x10/0x10 [ 340.169411][T15828] ? do_syscall_64+0xbe/0xfa0 [ 340.169436][T15828] do_syscall_64+0xfa/0xfa0 [ 340.169456][T15828] ? lockdep_hardirqs_on+0x9c/0x150 [ 340.169477][T15828] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.169494][T15828] ? clear_bhb_loop+0x60/0xb0 [ 340.169515][T15828] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.169531][T15828] RIP: 0033:0x7fba5878f749 [ 340.169547][T15828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 340.169562][T15828] RSP: 002b:00007fba596ba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 340.169581][T15828] RAX: ffffffffffffffda RBX: 00007fba589e5fa0 RCX: 00007fba5878f749 [ 340.169595][T15828] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 340.169606][T15828] RBP: 00007fba596ba090 R08: 0000000000000000 R09: 0000000000000000 [ 340.169618][T15828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 340.169629][T15828] R13: 00007fba589e6038 R14: 00007fba589e5fa0 R15: 00007fff1ce1b0f8 [ 340.169665][T15828] [ 340.482172][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 340.622571][T15839] xt_hashlimit: max too large, truncated to 1048576 [ 340.707610][T15844] netlink: 'syz.4.2926': attribute type 8 has an invalid length. [ 340.817693][T15839] x_tables: duplicate underflow at hook 3 [ 340.878118][T15856] macvtap1: entered allmulticast mode [ 340.889605][T15856] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode [ 340.925430][T15856] mac80211_hwsim hwsim10 wlan0: left allmulticast mode [ 341.010002][T15860] netlink: 'syz.0.2933': attribute type 7 has an invalid length. [ 341.034199][T15860] __nla_validate_parse: 8 callbacks suppressed [ 341.034215][T15860] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2933'. [ 341.120898][T15860] netlink: 'syz.0.2933': attribute type 7 has an invalid length. [ 341.146199][T15867] syzkaller0: entered promiscuous mode [ 341.168975][T15860] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2933'. [ 341.178988][T15867] syzkaller0: entered allmulticast mode [ 341.255420][T15873] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2938'. [ 341.268993][T15873] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2938'. [ 341.278499][T15873] netlink: 'syz.3.2938': attribute type 4 has an invalid length. [ 341.289208][T15875] tipc: Enabling of bearer rejected, already enabled [ 341.312359][T15877] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2939'. [ 341.348454][T15867] syzkaller1: entered promiscuous mode [ 341.378416][T15880] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2940'. [ 341.402520][T15867] syzkaller1: entered allmulticast mode [ 341.522646][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 341.612693][T15889] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2944'. [ 341.715746][T15893] netlink: 352 bytes leftover after parsing attributes in process `syz.4.2945'. [ 341.729165][T15893] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2945'. [ 341.875908][T15895] syzkaller0: entered promiscuous mode [ 341.922332][T15895] syzkaller0: entered allmulticast mode [ 342.022782][ T5150] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 342.034302][ T5150] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 342.058348][ T5150] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 342.060950][T15905] netlink: 416 bytes leftover after parsing attributes in process `syz.3.2950'. [ 342.081789][ T5150] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 342.109899][ T5150] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 342.166352][T15895] syzkaller1: entered promiscuous mode [ 342.180050][T15895] syzkaller1: entered allmulticast mode [ 342.266325][T15904] lo speed is unknown, defaulting to 1000 [ 342.340187][T15911] syzkaller0: entered promiscuous mode [ 342.351569][T15911] syzkaller0: entered allmulticast mode [ 342.368030][T15911] tipc: Enabled bearer , priority 0 [ 342.387692][T15910] tipc: Resetting bearer [ 342.416901][T15910] tipc: Disabling bearer [ 342.459864][T15917] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only [ 342.562338][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 342.591152][T15920] macvtap1: entered allmulticast mode [ 342.597853][T15920] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 342.630221][T15920] mac80211_hwsim hwsim8 wlan0: left allmulticast mode [ 342.725284][T15922] syzkaller0: entered promiscuous mode [ 342.730785][T15922] syzkaller0: entered allmulticast mode [ 342.741749][T15926] lo speed is unknown, defaulting to 1000 [ 343.030948][T15938] netlink: 'syz.3.2960': attribute type 8 has an invalid length. [ 343.039456][T15939] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 3, id = 0 [ 343.371554][T15904] chnl_net:caif_netlink_parms(): no params data found [ 343.602758][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 343.744623][T15959] xt_CT: You must specify a L4 protocol and not use inversions on it [ 343.805592][T15904] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.822929][T15904] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.850814][T15904] bridge_slave_0: entered allmulticast mode [ 343.871305][T15904] bridge_slave_0: entered promiscuous mode [ 343.879592][T15953] lo speed is unknown, defaulting to 1000 [ 343.893705][T15904] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.908737][T15904] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.924283][T15904] bridge_slave_1: entered allmulticast mode [ 343.945058][T15904] bridge_slave_1: entered promiscuous mode [ 344.093695][T15904] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 344.122412][T15904] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 344.168579][ T5836] Bluetooth: hci5: command tx timeout [ 344.205507][T15978] FAULT_INJECTION: forcing a failure. [ 344.205507][T15978] name failslab, interval 1, probability 0, space 0, times 0 [ 344.218362][T15978] CPU: 0 UID: 0 PID: 15978 Comm: syz.0.2972 Not tainted syzkaller #0 PREEMPT(full) [ 344.218385][T15978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 344.218394][T15978] Call Trace: [ 344.218399][T15978] [ 344.218404][T15978] dump_stack_lvl+0x189/0x250 [ 344.218422][T15978] ? __pfx____ratelimit+0x10/0x10 [ 344.218436][T15978] ? __pfx_dump_stack_lvl+0x10/0x10 [ 344.218449][T15978] ? __pfx__printk+0x10/0x10 [ 344.218467][T15978] should_fail_ex+0x414/0x560 [ 344.218485][T15978] should_failslab+0xa8/0x100 [ 344.218497][T15978] __kmalloc_cache_noprof+0x6f/0x6f0 [ 344.218510][T15978] ? __sctp_v6_cmp_addr+0x1dc/0x510 [ 344.218522][T15978] ? sctp_v6_cmp_addr+0x15/0xd0 [ 344.218532][T15978] ? sctp_add_bind_addr+0x8c/0x370 [ 344.218542][T15978] ? sctp_add_bind_addr+0xb0/0x370 [ 344.218556][T15978] sctp_add_bind_addr+0x8c/0x370 [ 344.218569][T15978] sctp_copy_local_addr_list+0x30b/0x4e0 [ 344.218583][T15978] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 344.218595][T15978] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 344.218610][T15978] ? sctp_v6_is_any+0x64/0x80 [ 344.218622][T15978] ? sctp_copy_one_addr+0x93/0x360 [ 344.218636][T15978] sctp_bind_addr_copy+0xb3/0x3c0 [ 344.218648][T15978] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 344.218660][T15978] sctp_connect_new_asoc+0x2e0/0x690 [ 344.218675][T15978] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 344.218688][T15978] ? __local_bh_enable_ip+0x12d/0x1c0 [ 344.218703][T15978] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 344.218714][T15978] ? security_sctp_bind_connect+0x7e/0x2e0 [ 344.218728][T15978] sctp_sendmsg+0x155c/0x2810 [ 344.218747][T15978] ? __pfx_sctp_sendmsg+0x10/0x10 [ 344.218762][T15978] ? aa_sk_perm+0x81e/0x950 [ 344.218778][T15978] ? __pfx_aa_sk_perm+0x10/0x10 [ 344.218793][T15978] ? sock_rps_record_flow+0x19/0x410 [ 344.218807][T15978] ? inet_sendmsg+0x2f4/0x370 [ 344.218822][T15978] __sock_sendmsg+0x19c/0x270 [ 344.218839][T15978] __sys_sendto+0x3bd/0x520 [ 344.218851][T15978] ? __pfx___sys_sendto+0x10/0x10 [ 344.218861][T15978] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 344.218882][T15978] ? __fget_files+0x3a0/0x420 [ 344.218898][T15978] ? ksys_write+0x22a/0x250 [ 344.218913][T15978] ? __pfx_ksys_write+0x10/0x10 [ 344.218928][T15978] __x64_sys_sendto+0xde/0x100 [ 344.218942][T15978] do_syscall_64+0xfa/0xfa0 [ 344.218956][T15978] ? lockdep_hardirqs_on+0x9c/0x150 [ 344.218968][T15978] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.218978][T15978] ? clear_bhb_loop+0x60/0xb0 [ 344.218991][T15978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.219000][T15978] RIP: 0033:0x7fba5878f749 [ 344.219010][T15978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 344.219019][T15978] RSP: 002b:00007fba596ba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 344.219031][T15978] RAX: ffffffffffffffda RBX: 00007fba589e5fa0 RCX: 00007fba5878f749 [ 344.219038][T15978] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 344.219045][T15978] RBP: 00007fba596ba090 R08: 0000200000000080 R09: 000000000000001c [ 344.219051][T15978] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002 [ 344.219057][T15978] R13: 00007fba589e6038 R14: 00007fba589e5fa0 R15: 00007fff1ce1b0f8 [ 344.219075][T15978] [ 344.594087][T15904] team0: Port device team_slave_0 added [ 344.633400][T15904] team0: Port device team_slave_1 added [ 344.642139][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 344.699070][T15976] syzkaller0: entered promiscuous mode [ 344.706367][T15976] syzkaller0: entered allmulticast mode [ 344.767914][T15904] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 344.775446][T15904] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 344.801871][T15904] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 344.815927][T15904] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 344.823635][T15904] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 344.850216][T15904] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 344.976538][T15904] hsr_slave_0: entered promiscuous mode [ 344.983419][T15904] hsr_slave_1: entered promiscuous mode [ 344.991281][T15990] syzkaller0: entered promiscuous mode [ 344.997820][T15990] syzkaller0: entered allmulticast mode [ 345.079272][T15990] tipc: Enabled bearer , priority 0 [ 345.099130][T15989] tipc: Resetting bearer [ 345.127053][T15989] tipc: Disabling bearer [ 345.170097][T15994] netlink: 'syz.4.2978': attribute type 8 has an invalid length. [ 345.281510][T15997] xt_CT: No such helper "netbios-ns" [ 345.628125][T16012] xt_TPROXY: Can be used only with -p tcp or -p udp [ 345.682577][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 345.691336][T16014] syzkaller0: entered promiscuous mode [ 345.698177][T16014] syzkaller0: entered allmulticast mode [ 345.979171][T15904] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 346.017342][T15904] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 346.053961][T15904] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 346.077862][T15904] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 346.180173][T16031] syzkaller0: entered promiscuous mode [ 346.193316][T16031] syzkaller0: entered allmulticast mode [ 346.243753][ T5836] Bluetooth: hci5: command tx timeout [ 346.275257][T16031] tipc: Enabled bearer , priority 0 [ 346.289029][T16024] tipc: Resetting bearer [ 346.327372][T16024] tipc: Disabling bearer [ 346.379356][T16043] syzkaller0: entered promiscuous mode [ 346.386649][T16043] syzkaller0: entered allmulticast mode [ 346.507897][T16049] FAULT_INJECTION: forcing a failure. [ 346.507897][T16049] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 346.548484][T16049] CPU: 0 UID: 0 PID: 16049 Comm: syz.4.2999 Not tainted syzkaller #0 PREEMPT(full) [ 346.548510][T16049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 346.548521][T16049] Call Trace: [ 346.548529][T16049] [ 346.548537][T16049] dump_stack_lvl+0x189/0x250 [ 346.548565][T16049] ? __pfx____ratelimit+0x10/0x10 [ 346.548588][T16049] ? __pfx_dump_stack_lvl+0x10/0x10 [ 346.548610][T16049] ? __pfx__printk+0x10/0x10 [ 346.548629][T16049] ? __might_fault+0xb0/0x130 [ 346.548664][T16049] should_fail_ex+0x414/0x560 [ 346.548695][T16049] _copy_from_iter+0x1de/0x1790 [ 346.548733][T16049] ? __pfx__copy_from_iter+0x10/0x10 [ 346.548750][T16049] ? __lock_acquire+0xab9/0xd20 [ 346.548784][T16049] bcm_tx_setup+0x11c2/0x1bd0 [ 346.548828][T16049] bcm_sendmsg+0x45c/0x6a0 [ 346.548858][T16049] ? __pfx_bcm_sendmsg+0x10/0x10 [ 346.548888][T16049] ? aa_sock_msg_perm+0xf1/0x1d0 [ 346.548916][T16049] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 346.548934][T16049] ? __pfx_bcm_sendmsg+0x10/0x10 [ 346.548957][T16049] __sock_sendmsg+0x21c/0x270 [ 346.548986][T16049] ____sys_sendmsg+0x505/0x830 [ 346.549014][T16049] ? __pfx_____sys_sendmsg+0x10/0x10 [ 346.549046][T16049] ? import_iovec+0x74/0xa0 [ 346.549071][T16049] ___sys_sendmsg+0x21f/0x2a0 [ 346.549095][T16049] ? __pfx____sys_sendmsg+0x10/0x10 [ 346.549156][T16049] ? __fget_files+0x2a/0x420 [ 346.549172][T16049] ? __fget_files+0x3a0/0x420 [ 346.549201][T16049] __x64_sys_sendmsg+0x19b/0x260 [ 346.549226][T16049] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 346.549258][T16049] ? __pfx_ksys_write+0x10/0x10 [ 346.549286][T16049] ? do_syscall_64+0xbe/0xfa0 [ 346.549312][T16049] do_syscall_64+0xfa/0xfa0 [ 346.549332][T16049] ? lockdep_hardirqs_on+0x9c/0x150 [ 346.549355][T16049] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.549372][T16049] ? clear_bhb_loop+0x60/0xb0 [ 346.549395][T16049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.549418][T16049] RIP: 0033:0x7f899018f749 [ 346.549434][T16049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 346.549451][T16049] RSP: 002b:00007f8990f91038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 346.549471][T16049] RAX: ffffffffffffffda RBX: 00007f89903e5fa0 RCX: 00007f899018f749 [ 346.549486][T16049] RDX: 0000000020000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 346.549498][T16049] RBP: 00007f8990f91090 R08: 0000000000000000 R09: 0000000000000000 [ 346.549510][T16049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 346.549522][T16049] R13: 00007f89903e6038 R14: 00007f89903e5fa0 R15: 00007ffe364cf5e8 [ 346.549555][T16049] [ 346.812360][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 346.835247][T15904] 8021q: adding VLAN 0 to HW filter on device bond0 [ 346.855704][T15904] 8021q: adding VLAN 0 to HW filter on device team0 [ 346.869705][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.876898][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 346.916601][T15904] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 346.927691][T15904] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 346.949637][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.956802][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 347.145298][T15904] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 347.215662][T15904] veth0_vlan: entered promiscuous mode [ 347.239254][T15904] veth1_vlan: entered promiscuous mode [ 347.279401][T15904] veth0_macvtap: entered promiscuous mode [ 347.293777][T15904] veth1_macvtap: entered promiscuous mode [ 347.320518][T15904] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 347.339907][T15904] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 347.358985][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 347.399788][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 347.440163][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 347.461547][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 347.497413][T16070] __nla_validate_parse: 2 callbacks suppressed [ 347.497429][T16070] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3005'. [ 347.604474][ T2995] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 347.614194][ T2995] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 347.686150][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 347.722192][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 347.764147][T16075] lo speed is unknown, defaulting to 1000 [ 347.842664][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 347.950443][T16081] syzkaller0: entered promiscuous mode [ 347.959870][T16081] syzkaller0: entered allmulticast mode [ 348.039722][T16081] tipc: Enabled bearer , priority 0 [ 348.050888][T16079] tipc: Resetting bearer [ 348.065633][T16085] FAULT_INJECTION: forcing a failure. [ 348.065633][T16085] name failslab, interval 1, probability 0, space 0, times 0 [ 348.084944][T16085] CPU: 1 UID: 0 PID: 16085 Comm: syz.1.2943 Not tainted syzkaller #0 PREEMPT(full) [ 348.084967][T16085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 348.084978][T16085] Call Trace: [ 348.084986][T16085] [ 348.084995][T16085] dump_stack_lvl+0x189/0x250 [ 348.085022][T16085] ? __pfx____ratelimit+0x10/0x10 [ 348.085045][T16085] ? __pfx_dump_stack_lvl+0x10/0x10 [ 348.085068][T16085] ? __pfx__printk+0x10/0x10 [ 348.085084][T16085] ? crng_make_state+0x34c/0x700 [ 348.085108][T16085] ? crng_make_state+0x3fc/0x700 [ 348.085129][T16085] ? crng_make_state+0x13a/0x700 [ 348.085151][T16085] should_fail_ex+0x414/0x560 [ 348.085182][T16085] should_failslab+0xa8/0x100 [ 348.085203][T16085] __kmalloc_cache_noprof+0x6f/0x6f0 [ 348.085227][T16085] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 348.085245][T16085] ? sctp_add_bind_addr+0x8c/0x370 [ 348.085272][T16085] sctp_add_bind_addr+0x8c/0x370 [ 348.085304][T16085] sctp_copy_local_addr_list+0x30b/0x4e0 [ 348.085331][T16085] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 348.085352][T16085] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 348.085375][T16085] ? sctp_v6_is_any+0x64/0x80 [ 348.085397][T16085] ? sctp_copy_one_addr+0x93/0x360 [ 348.085422][T16085] sctp_bind_addr_copy+0xb3/0x3c0 [ 348.085444][T16085] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 348.085466][T16085] sctp_connect_new_asoc+0x2e0/0x690 [ 348.085493][T16085] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 348.085515][T16085] ? __local_bh_enable_ip+0x12d/0x1c0 [ 348.085542][T16085] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 348.085562][T16085] ? security_sctp_bind_connect+0x7e/0x2e0 [ 348.085587][T16085] sctp_sendmsg+0x155c/0x2810 [ 348.085622][T16085] ? __pfx_sctp_sendmsg+0x10/0x10 [ 348.085649][T16085] ? aa_sk_perm+0x81e/0x950 [ 348.085676][T16085] ? __pfx_aa_sk_perm+0x10/0x10 [ 348.085702][T16085] ? sock_rps_record_flow+0x19/0x410 [ 348.085727][T16085] ? inet_sendmsg+0x2f4/0x370 [ 348.085752][T16085] __sock_sendmsg+0x19c/0x270 [ 348.085781][T16085] __sys_sendto+0x3bd/0x520 [ 348.085801][T16085] ? __pfx___sys_sendto+0x10/0x10 [ 348.085817][T16085] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 348.085852][T16085] ? __fget_files+0x3a0/0x420 [ 348.085880][T16085] ? ksys_write+0x22a/0x250 [ 348.085906][T16085] ? __pfx_ksys_write+0x10/0x10 [ 348.085931][T16085] __x64_sys_sendto+0xde/0x100 [ 348.085954][T16085] do_syscall_64+0xfa/0xfa0 [ 348.085975][T16085] ? lockdep_hardirqs_on+0x9c/0x150 [ 348.085996][T16085] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.086013][T16085] ? clear_bhb_loop+0x60/0xb0 [ 348.086035][T16085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.086052][T16085] RIP: 0033:0x7f4f91b8f749 [ 348.086069][T16085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 348.086084][T16085] RSP: 002b:00007f4f929f1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 348.086104][T16085] RAX: ffffffffffffffda RBX: 00007f4f91de5fa0 RCX: 00007f4f91b8f749 [ 348.086117][T16085] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000009 [ 348.086129][T16085] RBP: 00007f4f929f1090 R08: 000020000005ffe4 R09: 000000000000001c [ 348.086141][T16085] R10: 00000000000000e0 R11: 0000000000000246 R12: 0000000000000001 [ 348.086152][T16085] R13: 00007f4f91de6038 R14: 00007f4f91de5fa0 R15: 00007ffefcbd36d8 [ 348.086183][T16085] [ 348.087548][T16079] tipc: Disabling bearer [ 348.326994][ T5836] Bluetooth: hci5: command tx timeout [ 348.438735][T16096] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3010'. [ 348.467519][T16090] lo speed is unknown, defaulting to 1000 [ 348.728214][T16110] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3012'. [ 348.797661][T16109] block nbd0: server does not support multiple connections per device. [ 348.824445][T16109] block nbd0: shutting down sockets [ 348.831472][T16088] lo speed is unknown, defaulting to 1000 [ 348.882283][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 348.935381][T16093] lo speed is unknown, defaulting to 1000 [ 349.089592][T16122] Cannot find set identified by id 0 to match [ 349.509430][T16129] lo speed is unknown, defaulting to 1000 [ 349.617276][ T5150] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 349.627548][ T5150] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 349.637516][ T5150] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 349.646738][ T5150] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 349.655439][ T5150] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 349.922459][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 349.990460][T16132] lo speed is unknown, defaulting to 1000 [ 350.158503][T16146] syzkaller0: entered promiscuous mode [ 350.166214][T16146] syzkaller0: entered allmulticast mode [ 350.237601][T16146] tipc: Enabled bearer , priority 0 [ 350.249781][T16145] tipc: Resetting bearer [ 350.282879][T16145] tipc: Disabling bearer [ 350.404983][ T5836] Bluetooth: hci5: command tx timeout [ 350.520352][T16156] netlink: 'syz.0.3025': attribute type 12 has an invalid length. [ 350.581233][T16156] netlink: 'syz.0.3025': attribute type 4 has an invalid length. [ 350.719113][T16162] syzkaller0: entered promiscuous mode [ 350.737770][T16162] syzkaller0: entered allmulticast mode [ 350.746600][T16166] lo speed is unknown, defaulting to 1000 [ 350.760492][T16132] chnl_net:caif_netlink_parms(): no params data found [ 350.881407][T16162] tipc: Enabled bearer , priority 0 [ 350.917972][T16158] tipc: Resetting bearer [ 350.949458][T16158] tipc: Disabling bearer [ 350.962469][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 351.318822][T16187] netlink: 'syz.1.3035': attribute type 2 has an invalid length. [ 351.334498][T16132] bridge0: port 1(bridge_slave_0) entered blocking state [ 351.341643][T16132] bridge0: port 1(bridge_slave_0) entered disabled state [ 351.351472][T16132] bridge_slave_0: entered allmulticast mode [ 351.370660][T16196] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3034'. [ 351.383471][T16132] bridge_slave_0: entered promiscuous mode [ 351.420732][T16185] lo speed is unknown, defaulting to 1000 [ 351.432189][T16132] bridge0: port 2(bridge_slave_1) entered blocking state [ 351.439324][T16132] bridge0: port 2(bridge_slave_1) entered disabled state [ 351.512948][T16132] bridge_slave_1: entered allmulticast mode [ 351.545132][T16132] bridge_slave_1: entered promiscuous mode [ 351.601175][T16203] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3040'. [ 351.664433][T16204] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3040'. [ 351.725037][T16188] lo speed is unknown, defaulting to 1000 [ 351.762732][ T5836] Bluetooth: hci1: command tx timeout [ 351.775805][T16132] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 351.827782][T16132] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 351.979206][T16132] team0: Port device team_slave_0 added [ 352.013015][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 352.024001][T16132] team0: Port device team_slave_1 added [ 352.110639][ T6702] IPVS: starting estimator thread 0... [ 352.179101][T16212] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3042'. [ 352.202122][T16215] IPVS: using max 26 ests per chain, 62400 per kthread [ 352.220935][T16132] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 352.229950][T16132] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 352.259951][T16132] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 352.311302][T16214] netlink: 'syz.3.3042': attribute type 23 has an invalid length. [ 352.324690][T16132] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 352.352415][T16132] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 352.412318][T16132] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 352.591597][T16132] hsr_slave_0: entered promiscuous mode [ 352.621942][T16132] hsr_slave_1: entered promiscuous mode [ 352.633629][T16132] debugfs: 'hsr0' already exists in 'hsr' [ 352.649900][T16132] Cannot create hsr debugfs directory [ 352.831831][T16227] syzkaller0: entered promiscuous mode [ 352.849771][T16227] syzkaller0: entered allmulticast mode [ 353.026196][T16241] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3053'. [ 353.042361][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 353.249287][T16243] syzkaller0: entered promiscuous mode [ 353.257330][T16243] syzkaller0: entered allmulticast mode [ 353.431310][T16250] lo speed is unknown, defaulting to 1000 [ 353.590120][T16257] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3059'. [ 353.634823][T16256] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3059'. [ 353.842236][ T5836] Bluetooth: hci1: command tx timeout [ 354.021186][T16132] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 354.083247][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 354.107722][T16276] syzkaller0: entered promiscuous mode [ 354.117253][T16276] syzkaller0: entered allmulticast mode [ 354.154588][T16132] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 354.169778][T16282] syzkaller0: entered promiscuous mode [ 354.176878][T16282] syzkaller0: entered allmulticast mode [ 354.209371][T16132] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 354.233100][T16282] tipc: Enabled bearer , priority 0 [ 354.243770][T16132] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 354.259905][T16281] tipc: Resetting bearer [ 354.288206][T16281] tipc: Disabling bearer [ 354.480667][T16292] ipt_ECN: cannot use operation on non-tcp rule [ 354.597829][T16296] FAULT_INJECTION: forcing a failure. [ 354.597829][T16296] name failslab, interval 1, probability 0, space 0, times 0 [ 354.622625][T16296] CPU: 1 UID: 0 PID: 16296 Comm: syz.2.3067 Not tainted syzkaller #0 PREEMPT(full) [ 354.622671][T16296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 354.622686][T16296] Call Trace: [ 354.622694][T16296] [ 354.622702][T16296] dump_stack_lvl+0x189/0x250 [ 354.622730][T16296] ? __pfx____ratelimit+0x10/0x10 [ 354.622761][T16296] ? __pfx_dump_stack_lvl+0x10/0x10 [ 354.622783][T16296] ? __pfx__printk+0x10/0x10 [ 354.622806][T16296] ? __pfx___might_resched+0x10/0x10 [ 354.622823][T16296] ? fs_reclaim_acquire+0x7d/0x100 [ 354.622842][T16296] should_fail_ex+0x414/0x560 [ 354.622874][T16296] should_failslab+0xa8/0x100 [ 354.622894][T16296] kmem_cache_alloc_noprof+0x74/0x6e0 [ 354.622917][T16296] ? skb_clone+0x212/0x3a0 [ 354.622945][T16296] skb_clone+0x212/0x3a0 [ 354.622965][T16296] ? pfkey_broadcast_one+0x7d/0x360 [ 354.622986][T16296] pfkey_broadcast_one+0x9b/0x360 [ 354.623002][T16296] ? pfkey_broadcast+0x39c/0x3e0 [ 354.623021][T16296] pfkey_broadcast+0x3a9/0x3e0 [ 354.623037][T16296] ? pfkey_broadcast+0x48/0x3e0 [ 354.623056][T16296] pfkey_sendmsg+0xdd8/0x1090 [ 354.623088][T16296] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 354.623131][T16296] ? aa_sock_msg_perm+0xf1/0x1d0 [ 354.623157][T16296] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 354.623175][T16296] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 354.623194][T16296] __sock_sendmsg+0x21c/0x270 [ 354.623221][T16296] ____sys_sendmsg+0x505/0x830 [ 354.623248][T16296] ? __pfx_____sys_sendmsg+0x10/0x10 [ 354.623278][T16296] ? import_iovec+0x74/0xa0 [ 354.623304][T16296] ___sys_sendmsg+0x21f/0x2a0 [ 354.623328][T16296] ? __pfx____sys_sendmsg+0x10/0x10 [ 354.623384][T16296] ? __fget_files+0x2a/0x420 [ 354.623401][T16296] ? __fget_files+0x3a0/0x420 [ 354.623427][T16296] __x64_sys_sendmsg+0x19b/0x260 [ 354.623451][T16296] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 354.623500][T16296] ? __pfx_ksys_write+0x10/0x10 [ 354.623528][T16296] ? do_syscall_64+0xbe/0xfa0 [ 354.623552][T16296] do_syscall_64+0xfa/0xfa0 [ 354.623572][T16296] ? lockdep_hardirqs_on+0x9c/0x150 [ 354.623594][T16296] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.623612][T16296] ? clear_bhb_loop+0x60/0xb0 [ 354.623634][T16296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.623651][T16296] RIP: 0033:0x7f0bc0b8f749 [ 354.623669][T16296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 354.623685][T16296] RSP: 002b:00007f0bc1b10038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 354.623706][T16296] RAX: ffffffffffffffda RBX: 00007f0bc0de5fa0 RCX: 00007f0bc0b8f749 [ 354.623720][T16296] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 354.623732][T16296] RBP: 00007f0bc1b10090 R08: 0000000000000000 R09: 0000000000000000 [ 354.623750][T16296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 354.623762][T16296] R13: 00007f0bc0de6038 R14: 00007f0bc0de5fa0 R15: 00007ffd9c53e308 [ 354.623793][T16296] [ 354.947620][T16132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 354.966485][T16132] 8021q: adding VLAN 0 to HW filter on device team0 [ 354.980130][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.987277][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 355.086149][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 355.093337][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 355.122334][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 355.206370][T16300] syzkaller0: entered promiscuous mode [ 355.220925][T16300] syzkaller0: entered allmulticast mode [ 355.352774][T16318] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3070'. [ 355.537022][T16328] syzkaller0: entered promiscuous mode [ 355.543347][T16328] syzkaller0: entered allmulticast mode [ 355.712097][T16335] FAULT_INJECTION: forcing a failure. [ 355.712097][T16335] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 355.736832][T16132] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 355.739430][T16335] CPU: 0 UID: 0 PID: 16335 Comm: syz.3.3079 Not tainted syzkaller #0 PREEMPT(full) [ 355.739454][T16335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 355.739465][T16335] Call Trace: [ 355.739473][T16335] [ 355.739481][T16335] dump_stack_lvl+0x189/0x250 [ 355.739509][T16335] ? __pfx____ratelimit+0x10/0x10 [ 355.739532][T16335] ? __pfx_dump_stack_lvl+0x10/0x10 [ 355.739554][T16335] ? __pfx__printk+0x10/0x10 [ 355.739575][T16335] ? fs_reclaim_acquire+0x7d/0x100 [ 355.739601][T16335] should_fail_ex+0x414/0x560 [ 355.739631][T16335] prepare_alloc_pages+0x213/0x610 [ 355.739657][T16335] __alloc_frozen_pages_noprof+0x123/0x370 [ 355.739679][T16335] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 355.739704][T16335] ? policy_nodemask+0x27c/0x720 [ 355.739728][T16335] alloc_pages_mpol+0x232/0x4a0 [ 355.739752][T16335] folio_alloc_mpol_noprof+0x39/0x70 [ 355.739771][T16335] shmem_alloc_and_add_folio+0x423/0xf40 [ 355.739801][T16335] ? filemap_get_entry+0xad/0x2f0 [ 355.739816][T16335] ? filemap_get_entry+0xad/0x2f0 [ 355.739834][T16335] ? filemap_get_entry+0x28f/0x2f0 [ 355.739853][T16335] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 355.739892][T16335] shmem_get_folio_gfp+0x59d/0x1660 [ 355.739934][T16335] shmem_fallocate+0x80f/0xde0 [ 355.739978][T16335] ? __pfx_shmem_fallocate+0x10/0x10 [ 355.740009][T16335] ? rcu_read_lock_any_held+0xb3/0x120 [ 355.740030][T16335] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 355.740064][T16335] vfs_fallocate+0x669/0x7e0 [ 355.740095][T16335] ? __pfx_vfs_fallocate+0x10/0x10 [ 355.740129][T16335] file_ioctl+0x611/0x780 [ 355.740154][T16335] ? __pfx_file_ioctl+0x10/0x10 [ 355.740204][T16335] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 355.740230][T16335] do_vfs_ioctl+0xb33/0x1430 [ 355.740251][T16335] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 355.740273][T16335] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 355.740333][T16335] ? __fget_files+0x2a/0x420 [ 355.740355][T16335] ? __fget_files+0x3a0/0x420 [ 355.740370][T16335] ? __fget_files+0x2a/0x420 [ 355.740390][T16335] ? bpf_lsm_file_ioctl+0x9/0x20 [ 355.740418][T16335] __se_sys_ioctl+0x82/0x170 [ 355.740443][T16335] do_syscall_64+0xfa/0xfa0 [ 355.740463][T16335] ? lockdep_hardirqs_on+0x9c/0x150 [ 355.740485][T16335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.740501][T16335] ? clear_bhb_loop+0x60/0xb0 [ 355.740523][T16335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.740540][T16335] RIP: 0033:0x7fe4e5d8f749 [ 355.740556][T16335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 355.740570][T16335] RSP: 002b:00007fe4e6d07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 355.740589][T16335] RAX: ffffffffffffffda RBX: 00007fe4e5fe5fa0 RCX: 00007fe4e5d8f749 [ 355.740602][T16335] RDX: 0000200000000080 RSI: 0000000040305828 RDI: 0000000000000006 [ 355.740615][T16335] RBP: 00007fe4e6d07090 R08: 0000000000000000 R09: 0000000000000000 [ 355.740626][T16335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 355.740637][T16335] R13: 00007fe4e5fe6038 R14: 00007fe4e5fe5fa0 R15: 00007ffc502e6108 [ 355.740668][T16335] [ 355.901628][T16341] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3081'. [ 355.923334][ T5836] Bluetooth: hci1: command tx timeout [ 356.163220][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 356.263302][T16352] SET target dimension over the limit! [ 356.289785][T16353] netlink: 112 bytes leftover after parsing attributes in process `syz.2.3085'. [ 356.333463][T16353] netlink: 168 bytes leftover after parsing attributes in process `syz.2.3085'. [ 356.397200][T16357] FAULT_INJECTION: forcing a failure. [ 356.397200][T16357] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 356.442343][T16357] CPU: 1 UID: 0 PID: 16357 Comm: syz.3.3086 Not tainted syzkaller #0 PREEMPT(full) [ 356.442377][T16357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 356.442388][T16357] Call Trace: [ 356.442395][T16357] [ 356.442404][T16357] dump_stack_lvl+0x189/0x250 [ 356.442430][T16357] ? __pfx____ratelimit+0x10/0x10 [ 356.442452][T16357] ? __pfx_dump_stack_lvl+0x10/0x10 [ 356.442473][T16357] ? __pfx__printk+0x10/0x10 [ 356.442492][T16357] ? __might_fault+0xb0/0x130 [ 356.442526][T16357] should_fail_ex+0x414/0x560 [ 356.442556][T16357] _copy_from_user+0x2d/0xb0 [ 356.442579][T16357] ___sys_recvmsg+0x12e/0x510 [ 356.442608][T16357] ? __pfx____sys_recvmsg+0x10/0x10 [ 356.442661][T16357] ? __might_fault+0xb0/0x130 [ 356.442688][T16357] do_recvmmsg+0x307/0x770 [ 356.442719][T16357] ? __pfx_do_recvmmsg+0x10/0x10 [ 356.442753][T16357] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 356.442794][T16357] __x64_sys_recvmmsg+0x190/0x240 [ 356.442819][T16357] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 356.442845][T16357] ? do_syscall_64+0xbe/0xfa0 [ 356.442870][T16357] do_syscall_64+0xfa/0xfa0 [ 356.442891][T16357] ? lockdep_hardirqs_on+0x9c/0x150 [ 356.442912][T16357] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.442929][T16357] ? clear_bhb_loop+0x60/0xb0 [ 356.442951][T16357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.442967][T16357] RIP: 0033:0x7fe4e5d8f749 [ 356.442984][T16357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 356.442999][T16357] RSP: 002b:00007fe4e6d07038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 356.443018][T16357] RAX: ffffffffffffffda RBX: 00007fe4e5fe5fa0 RCX: 00007fe4e5d8f749 [ 356.443032][T16357] RDX: 040000000000049e RSI: 0000200000000300 RDI: 0000000000000003 [ 356.443045][T16357] RBP: 00007fe4e6d07090 R08: 0000000000000000 R09: 0000000000000000 [ 356.443056][T16357] R10: 00001000000000fe R11: 0000000000000246 R12: 0000000000000002 [ 356.443068][T16357] R13: 00007fe4e5fe6038 R14: 00007fe4e5fe5fa0 R15: 00007ffc502e6108 [ 356.443100][T16357] [ 356.807705][T16364] lo speed is unknown, defaulting to 1000 [ 357.006605][T16132] veth0_vlan: entered promiscuous mode [ 357.039703][T16132] veth1_vlan: entered promiscuous mode [ 357.094962][T16375] syzkaller0: entered promiscuous mode [ 357.103844][T16375] syzkaller0: entered allmulticast mode [ 357.181255][T16132] veth0_macvtap: entered promiscuous mode [ 357.195796][T16132] veth1_macvtap: entered promiscuous mode [ 357.202469][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 357.271853][T16132] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 357.309810][T16132] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 357.339585][ T3441] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.366645][ T3441] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.413277][ T3441] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.436609][ T3441] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.723879][ T3441] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 357.731711][ T3441] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 357.825062][T16396] netlink: 416 bytes leftover after parsing attributes in process `syz.0.3098'. [ 357.846558][ T2995] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 357.855252][ T2995] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 358.078477][T16406] xt_CT: No such helper "netbios-ns" [ 358.084836][ T5836] Bluetooth: hci1: command tx timeout [ 358.243359][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 358.321441][T16413] tipc: Started in network mode [ 358.335726][T16413] tipc: Node identity ac14140f, cluster identity 4711 [ 358.354940][T16413] tipc: New replicast peer: 255.255.255.255 [ 358.365967][T16413] tipc: Enabled bearer , priority 10 [ 358.402357][T16414] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3103'. [ 358.469968][ T5150] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 358.481871][ T5150] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 358.491295][ T5150] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 358.500688][ T5150] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 358.509287][ T5150] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 358.713565][T16416] lo speed is unknown, defaulting to 1000 [ 358.778063][T16424] lo speed is unknown, defaulting to 1000 [ 358.792876][T16426] xt_hashlimit: Unknown mode mask 88, kernel too old? [ 358.846086][ T36] [ 358.848440][ T36] ============================================ [ 358.854581][ T36] WARNING: possible recursive locking detected [ 358.860721][ T36] syzkaller #0 Not tainted [ 358.865116][ T36] -------------------------------------------- [ 358.871242][ T36] kworker/u8:2/36 is trying to acquire lock: [ 358.877202][ T36] ffffe8ffffd87170 (&pd_list->lock){+...}-{3:3}, at: padata_do_serial+0x707/0xb80 [ 358.886411][ T36] [ 358.886411][ T36] but task is already holding lock: [ 358.893756][ T36] ffffe8ffffc92770 (&pd_list->lock){+...}-{3:3}, at: padata_do_serial+0x590/0xb80 [ 358.902970][ T36] [ 358.902970][ T36] other info that might help us debug this: [ 358.911011][ T36] Possible unsafe locking scenario: [ 358.911011][ T36] [ 358.918450][ T36] CPU0 [ 358.921713][ T36] ---- [ 358.924976][ T36] lock(&pd_list->lock); [ 358.929292][ T36] lock(&pd_list->lock); [ 358.933606][ T36] [ 358.933606][ T36] *** DEADLOCK *** [ 358.933606][ T36] [ 358.941728][ T36] May be due to missing lock nesting notation [ 358.941728][ T36] [ 358.950025][ T36] 3 locks held by kworker/u8:2/36: [ 358.955116][ T36] #0: ffff8881462f2948 ((wq_completion)pdecrypt_parallel){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 358.967023][ T36] #1: ffffc90000ac7ba0 ((work_completion)(&pw->pw_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 358.978836][ T36] #2: ffffe8ffffc92770 (&pd_list->lock){+...}-{3:3}, at: padata_do_serial+0x590/0xb80 [ 358.988481][ T36] [ 358.988481][ T36] stack backtrace: [ 358.994361][ T36] CPU: 1 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) [ 358.994378][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 358.994389][ T36] Workqueue: pdecrypt_parallel padata_parallel_worker [ 358.994409][ T36] Call Trace: [ 358.994416][ T36] [ 358.994423][ T36] dump_stack_lvl+0x189/0x250 [ 358.994445][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 358.994462][ T36] ? __pfx__printk+0x10/0x10 [ 358.994477][ T36] ? print_lock_name+0xde/0x100 [ 358.994492][ T36] print_deadlock_bug+0x28b/0x2a0 [ 358.994510][ T36] validate_chain+0x1a3f/0x2140 [ 358.994528][ T36] ? __queue_work+0x102/0xfb0 [ 358.994543][ T36] ? look_up_lock_class+0x74/0x170 [ 358.994562][ T36] ? register_lock_class+0x51/0x320 [ 358.994576][ T36] __lock_acquire+0xab9/0xd20 [ 358.994592][ T36] ? padata_do_serial+0x707/0xb80 [ 358.994608][ T36] lock_acquire+0x120/0x360 [ 358.994620][ T36] ? padata_do_serial+0x707/0xb80 [ 358.994641][ T36] _raw_spin_lock+0x2e/0x40 [ 358.994656][ T36] ? padata_do_serial+0x707/0xb80 [ 358.994672][ T36] padata_do_serial+0x707/0xb80 [ 358.994693][ T36] ? padata_parallel_worker+0x44/0x1d0 [ 358.994709][ T36] padata_parallel_worker+0x75/0x1d0 [ 358.994725][ T36] ? process_scheduled_works+0x9ef/0x17b0 [ 358.994740][ T36] process_scheduled_works+0xae1/0x17b0 [ 358.994764][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 358.994784][ T36] worker_thread+0x8a0/0xda0 [ 358.994800][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 358.994819][ T36] ? __kthread_parkme+0x7b/0x200 [ 358.994837][ T36] kthread+0x711/0x8a0 [ 358.994856][ T36] ? __pfx_worker_thread+0x10/0x10 [ 358.994870][ T36] ? __pfx_kthread+0x10/0x10 [ 358.994887][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 358.994903][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [ 358.994919][ T36] ? __pfx_kthread+0x10/0x10 [ 358.994935][ T36] ret_from_fork+0x4bc/0x870 [ 358.994951][ T36] ? __pfx_ret_from_fork+0x10/0x10 [ 358.994967][ T36] ? __switch_to_asm+0x39/0x70 [ 358.994978][ T36] ? __switch_to_asm+0x33/0x70 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 358.994989][ T36] ? __pfx_kthread+0x10/0x10 [ 358.995006][ T36] ret_from_fork_asm+0x1a/0x30 [ 358.995024][ T36] [ 359.235591][T16428] lo speed is unknown, defaulting to 1000 [ 359.282242][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 359.430764][T16424] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3108'. [ 359.654913][ T6718] tipc: Node number set to 2886997007 [ 360.062105][ T36] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.135655][ T36] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.195908][ T36] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.235356][ T36] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.308801][ T36] bridge_slave_1: left allmulticast mode [ 360.314668][ T36] bridge_slave_1: left promiscuous mode [ 360.320282][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.329995][ T36] bridge_slave_0: left allmulticast mode [ 360.336003][ T36] bridge_slave_0: left promiscuous mode [ 360.341604][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 360.417769][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 360.428016][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 360.437479][ T36] bond0 (unregistering): Released all slaves [ 360.501142][ T36] tipc: Disabling bearer [ 360.506900][ T36] tipc: Left network mode [ 360.648310][ T36] hsr_slave_0: left promiscuous mode [ 360.654055][ T36] hsr_slave_1: left promiscuous mode [ 360.659640][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 360.667061][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 360.674626][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 360.682529][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 360.692643][ T36] veth1_macvtap: left promiscuous mode [ 360.698114][ T36] veth0_macvtap: left promiscuous mode [ 360.703774][ T36] veth1_vlan: left promiscuous mode [ 360.708995][ T36] veth0_vlan: left promiscuous mode [ 360.820355][ T36] team0 (unregistering): Port device team_slave_1 removed [ 360.840674][ T36] team0 (unregistering): Port device team_slave_0 removed [ 361.256559][ T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.305878][ T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.376578][ T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.416962][ T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.487510][ T36] bridge_slave_1: left allmulticast mode [ 361.493289][ T36] bridge_slave_1: left promiscuous mode [ 361.498896][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 361.506950][ T36] bridge_slave_0: left allmulticast mode [ 361.513840][ T36] bridge_slave_0: left promiscuous mode [ 361.519447][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.604716][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 361.614477][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 361.623897][ T36] bond0 (unregistering): Released all slaves [ 361.829585][ T36] hsr_slave_0: left promiscuous mode [ 361.835555][ T36] hsr_slave_1: left promiscuous mode [ 361.841118][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 361.848872][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 361.856776][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 361.864215][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 361.875314][ T36] veth1_macvtap: left promiscuous mode [ 361.880782][ T36] veth0_macvtap: left promiscuous mode [ 361.886909][ T36] veth1_vlan: left promiscuous mode [ 361.892229][ T36] veth0_vlan: left promiscuous mode [ 362.002023][ T36] team0 (unregistering): Port device team_slave_1 removed [ 362.013503][ T36] team0 (unregistering): Port device team_slave_0 removed [ 362.338991][ T36] IPVS: stop unused estimator thread 0...