last executing test programs: 3.334622641s ago: executing program 2 (id=4322): r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000580), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x4c, r0, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x8, 0x8e}}]}, 0x4c}}, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000014007910480000000000790028000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x21) 2.789186914s ago: executing program 2 (id=4325): r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)={0x14, 0x25, 0x800, 0x70bd29, 0x25dfdbfd, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4008}, 0x4091) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r1, 0x0, 0x20000090) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x5ad2, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) recvmmsg(r2, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000840)=""/258, 0x102}], 0x1}, 0x2}], 0x2, 0x161, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0xd, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x0, 0x0, 0x0, 0x2000004, 0x0, 0x0, 0x1f00, 0x39, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x6, 0x200008, 0x5, 0x20003}, 0x10}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r4], 0x4c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$XFS_IOC_SET_RESBLKS(r3, 0xc0105872, &(0x7f00000001c0)={0x6, 0x1}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="2800000010000108000000000000000002000000", @ANYRES32=0x0, @ANYBLOB="b40200000000000008001b"], 0x28}}, 0x0) 1.350844128s ago: executing program 2 (id=4340): socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b0000000500000000040000090000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0xb4a02fe0ce239f93, '\x00', 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @sk_skb=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 1.107645327s ago: executing program 0 (id=4348): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r1, &(0x7f0000001d00)={0x0, 0x0, 0x0}, 0x40000000) sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002500010324bd5502ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) recvmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000004700)=""/4074, 0xfea}, {&(0x7f0000000080)=""/83, 0x53}, {&(0x7f0000003700)=""/4080, 0xff0}, {&(0x7f0000000100)=""/20, 0x14}, {&(0x7f0000000000)=""/21, 0x15}, {&(0x7f00000006c0)=""/4094, 0xffe}, {&(0x7f00000016c0)=""/183, 0xb7}, {&(0x7f0000000040)=""/51, 0x33}], 0x8}, 0x40010000) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, r2}, 0x38) syz_emit_ethernet(0xdb, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa0800417400cd0064000007029078ac1414aa0a0101008323f90a010102ffffffff64010102ac1414aaac1414aa00000000ac14141e64010100440cd401ac1414bb00000001001eff9078ac1414bbf721b55c379ac0d049c3d490a4df1fb5f16c69765cccb9e87f3a47d17969d685600d4815b41a13e63574e56c8e2e77f150f890fa64bfa700a3cef853e606f9c76c1121c4ecbb1774255c60d881bce923d77820051a82571973dba3a381d9d8e7d0b176f7582e41d038f2ea8bed7020659b59cfafcde61f38f03b38d17a73903fe13c17692d3f0488e7695a11feb66219274440b6f07b9bfe294d4d703898b4e71658cc3f342ba92937d40703e46ed305300dc1a2e3347783d87f837e5dc62e4f019fd8"], &(0x7f0000000000)={0x0, 0x1, [0x338, 0xe8b, 0xf6d, 0xc55]}) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000010900010073797a300000000054000000060a010400000000000000000100000008000b40000000000900010073797a30000000002c0004802800018008000100666962001c00028008000140000000110800034000000005080002"], 0xdc}}, 0x0) 1.025811403s ago: executing program 3 (id=4350): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x2, 0x4, 0x0, 0x9, 0xe, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}, @sadb_sa={0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1}}]}, 0x70}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x0, 0x3}]}]}}, 0x0, 0x2e, 0x0, 0x1, 0x9}, 0x20) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x10, 0x1402, 0x1}, 0x10}, 0x1, 0x0, 0x0, 0x40080}, 0x0) 890.745162ms ago: executing program 4 (id=4352): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x800, 0x4) r1 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca98000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1) 890.408429ms ago: executing program 3 (id=4353): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @multicast}) write$tun(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000088000000000000000000860090780000000000000000010000000000ee3f000000002b036f8c006e75021d"], 0xfdef) 874.603799ms ago: executing program 0 (id=4354): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f00000001c0)=0x51) r1 = socket$unix(0x1, 0x1, 0x0) getsockopt$sock_cred(r1, 0x1, 0x28, 0x0, &(0x7f0000000580)) pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000180)="80fd02000040", 0x6}], 0x1, 0x0, 0x0) socket$kcm(0xa, 0x3, 0x87) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) pselect6(0x40, &(0x7f0000000040)={0x7fffffffa, 0x0, 0x103, 0xfffefffffffffffb, 0x4, 0x1, 0x2880040000000009, 0x2}, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd010000000000140000006000000003088700fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x9, @dev={0xfe, 0x80, '\x00', 0x3b}, 0x1}, 0x1c) recvmmsg(r4, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}, 0x80000001}], 0x1, 0x102, 0x0) close(0xffffffffffffffff) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e23, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c) 816.701043ms ago: executing program 4 (id=4356): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073319e310000000008000a40fffffffc14000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c80)={0x2c, 0xa, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24048014}, 0x4000) syz_emit_ethernet(0x6a, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x4, 0x5c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x48, 0x0, @wg=@cookie={0x3, 0x2, "a0fcc73b5ef32a884b2033728e956f3f20d16734af14637c", "85eff9728117c4c62162a8a6a5340ad7eccbe4a1c68802028d6ef0a4df21f4a9"}}}}}}, 0x0) 713.936887ms ago: executing program 1 (id=4357): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_ADD(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)={0x268, 0x0, 0x5, 0x705, 0x0, 0x0, {0x0, 0x0, 0x6}, [{{0x254, 0x1, {{0x3, 0x4}, 0x9, 0x0, 0x4, 0xed, 0x25, 'syz0\x00', "4b34cb41f1be56dedcad442f40f044cef779a2454b24376b56a55be909f4daf2", "90f8a7b00ad8e5677af90d3596b822739b162b6e968183467b2f2f9b0b53381d", [{0xc6d, 0x4, {0x1, 0x2}}, {0x9, 0x28, {0x1, 0x7f}}, {0xfffc, 0x800, {0x2, 0x100}}, {0x2, 0x9cf, {0x0, 0x3}}, {0x7ff, 0x87de, {0x1, 0x6}}, {0xfffe, 0xffff, {0x0, 0x324a}}, {0x3, 0x8, {0x1, 0x1}}, {0x17, 0x80, {0x3, 0x61e1e934}}, {0x5, 0x71d7, {0x2, 0x9}}, {0x0, 0x9, {0x3, 0xffff}}, {0x0, 0xa7f, {0x3, 0xd24}}, {0x7, 0x811, {0x28000000, 0x3}}, {0x2, 0xfc00, {0x3, 0x7}}, {0x7, 0x7f, {0x1, 0x4}}, {0x3, 0x8, {0x2, 0x6}}, {0x3, 0x200, {0x2, 0x40}}, {0x5, 0x3, {0x0, 0x3}}, {0x7fff, 0x7ff, {0x2, 0x7f}}, {0xa, 0x7fff, {0x3, 0x7}}, {0x3, 0x5, {0x2, 0x3}}, {0xace, 0x0, {0x2, 0x8}}, {0x1, 0x5, {0x1, 0x71de}}, {0x394d, 0x165f, {0x2, 0x3}}, {0x800, 0xd42a, {0x0, 0x7}}, {0x40, 0x7, {0x1, 0x9}}, {0x4, 0x200, {0x1, 0x983ad223}}, {0x2, 0xcc41, {0x2, 0x9}}, {0x0, 0x1, {0x1, 0xb}}, {0x1, 0xf, {0x2, 0x5}}, {0x7fdf, 0x6, {0x1, 0x7ff}}, {0xfffe, 0xd9, {0x0, 0x3}}, {0x5, 0x1, {0x3, 0x5}}, {0xd05d, 0xce5, {0x2, 0xfffffffc}}, {0x5, 0xffff, {0x1, 0x81}}, {0xf, 0x0, {0x3, 0x5}}, {0x8, 0x7f, {0x2, 0x4}}, {0x9, 0xd3, {0x3, 0xcc}}, {0x3, 0x7, {0x2, 0xffffffff}}, {0x4, 0x8f, {0x1, 0x5}}, {0x0, 0x8, {0x2, 0x1}}]}}}]}, 0x268}, 0x1, 0x0, 0x0, 0x10}, 0x24000800) 697.603035ms ago: executing program 4 (id=4358): r0 = socket$can_bcm(0x1d, 0x2, 0x2) close(r0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="40000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="1922000000000000140002800b0001006261746164760000040002800a000100bbbbbbbbbbbb0000"], 0x40}}, 0x0) 689.597969ms ago: executing program 1 (id=4359): r0 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000940)={0x7c, r0, 0x1, 0x4000000, 0x0, {0x1a}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 572.7688ms ago: executing program 3 (id=4360): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r1) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYRES16=r2, @ANYBLOB="05000000000000000000077400060800020000000000080003"], 0x30}, 0x1, 0xffffffff00000003, 0x0, 0x4000001}, 0x0) 572.353225ms ago: executing program 4 (id=4361): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmmsg(r0, 0x0, 0x0, 0x800) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_DEAUTHENTICATE(r1, 0x0, 0x40800) r2 = socket$igmp6(0xa, 0x3, 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000004000a5012b"], 0x2c}, 0x1, 0x0, 0x0, 0x4048011}, 0xc800) ioctl(r2, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r4) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r5, 0x84, 0x12, &(0x7f0000000080)=0x7, 0x4) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x5, @loopback}], 0x1c) sendto$inet6(r5, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x1008, @loopback, 0xffffffff}, 0x1c) 572.084054ms ago: executing program 1 (id=4362): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0xf5ff}}, 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x0) 514.383378ms ago: executing program 3 (id=4363): r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8994, &(0x7f0000000040)={'pim6reg1\x00'}) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000100)={{0x2, 0x4e22, @empty}, {0x304, @local}, 0x5a, {0x2, 0x4e25, @private=0xa010102}}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="280100"], 0x128}, 0x0) (async) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="280100"], 0x128}, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'netdevsim0\x00', 0x1000}) 500.326658ms ago: executing program 0 (id=4364): r0 = socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0x2}, {}, {0xfff1, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x24000810}, 0x20084084) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000017c0)) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a0b04000000000000000002000000200004801c000180090001006861736800000000f4ff018008000740000000010900010073797a3000000900020073797a320000000005000740db000004140000001100010000000000000000000000000a"], 0x7c}}, 0x0) (async) ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r0, 0x4048587b, &(0x7f0000001700)={{r0, &(0x7f0000000000)='$K\':\xe9,(\'#\x00', 0x10b080, &(0x7f0000000040)={@_ha_fsid={[0x8, 0xffffffff]}, {0x1ff, 0x7, 0x6, 0x7f}}, 0x5, &(0x7f0000000080), &(0x7f00000000c0)=0xb268c868}, 0x5, &(0x7f0000001640)=[{0x3, 0x200, &(0x7f0000000100)='/,\x00', &(0x7f00000002c0)="4fad21bd162e632b8f03a532ad61d5a8b035a115c56cf399facef824951cf8af89444d12d61b4b3dfb75d7cdc071ac45169e8ddf40aed242832372c12ed9921ff0dbf04eb5a741bc41af5a2242765c7a60a6a262347c35c1daa630aa05b1835694edc3e90d9ca717a944f5e5e1b600f46e120be9bb039e4f3cbf7c3ef67cf6bc49cf238cb224f804893ebfa0deb7edd489fa4a26eab10df43b2abb2521cd077f86cebdda9188cf78a68489890b85175f8a0fee6b09ca59c36f1fab31f398fa5787ea6c019f2d1d2d98904804cb39de42abdd7f41f1b04139a7355032abec5498bf6e95eaa39b957a1fdc5238ab6704ee755c046362eb", 0xf6, 0x1a}, {0x1, 0x3, &(0x7f0000000180)='^#\x00', &(0x7f00000003c0)="77c1b230a2d29d4759f463b802fa9efcd5b808fe59916075117a7bbc2777c43dda44601c4f190b77bee70d1ab68ece740652e2bd1d4b520aaab7792f1bc1a33153530551e48a5f3f0f1d193d025f", 0x4e, 0x1}, {0x1, 0x2, &(0x7f00000001c0)='-\x00', &(0x7f0000000440)="11fdb98579f5f0c5928a66a1df99971388cae6d196055d52160a6c611cb03818d54b7be59372a761fb9fa3b8b85bfbd32d3f4dd1e38768c71fc6ec4014b87ff7e11782f98803d20a7caf927666bec6708de27e9efcb0e7474bcadf9c913339", 0x5f, 0x8}, {0x1, 0x80000000, &(0x7f0000000240)='\x00', &(0x7f0000000640)="2f8f9d93e3cfb5918b7d316883f21e54f7373a61d6788f5a290276bcbbab8683a73401ccf87c75152249043e2e5bec849add32365cb9122eeb82ec5099ab9953629fe22c0145bd5e663400115bb2082a671f522fb4c861e455b6ac167464fa40360686c4c4b3749fd34caf7d9aad5cacdc7c974be188f41b16507ef839de163ed21f58cfed4d2b5bcbccc11edc2a9b39c18c1c1d62e7ead4bbd5f5ea3d8384bee75f0c14e1a083d81c492156d9c3e2ec2948f27fbdf9b86ca0dd517213be05f6819616c83c4fbf89b0546073a41723252f87e37bd7d92aafa743b207bbb65d5578757ec01bda9f3c449b5fc34faf4c835d56ea84704295f0ca4e9f28754240f5db11c4b947885c829534c28a97273f9ca3b5a6fc1ef2be209b56d6f5d8a39d4f488f3291e8c0e590f95720a3544cf38a4fe1134477d5fcb707d28b3de564ab1e2f8632caf5cb4ffdd18618676f75fed1fecaa3d0a15e4a20c1513b5e70405681a36adcfdfd7b14ad47a0fe9354b361318925ecc570ad439df615ec455785ab14546bca0e0d94b997eeb498d7ec9c971838711b2e88f64b85ec2c41d29857e6c3b185c9f661c20439eec64cb4d14b9d3a4cb5d41267c35da1246e54cb0d52f3fdadcc7946d2c34a9df7001c618f2cfb0755a2fb1fa6854470ff9135153711183e9607d32cd9cb5451d34ffc1219b96fe3cf6e664452a640411bde33734b1a961e1962b33d9b7baef60d7a87b7fdc0bd25884db926b4e62c143bf02f96b7d775107f2a1d6d1ce4defe3453d5ced6ef2696d84b613c0e98525cf7b71d913037ca9287ffc85b8f41b599493b0ca3c2b51eefdc6947ec699ecffaf0e377bc1d830d2e609b5e86a056f0d69ef3babe508f954db8ddcbb2768cd63eb0bd5cba3edb3709668bf1e542e6c366e6fb531aa1440945f286a127c720c2a419da04318386eff9b71a9d1d744654b2baed3d9d85a1824ee203b47dbec2a659f09adcc118cc8bd440d27a98c6db6331edd3ecee796afecf7a45185acfc7df61ee76f8563fa66bce27ae72e86cd2e0103dc0af123fd34adacab2243514c49f0f26c8393a959d775743db8347e4d67e5d8b3c340d362d06bf660ce1713654e84fd45fed9a7603b73fbc9e16f5757470dc699c63d4aedbfca49863a6f44646948642e75b918534449e0c560b7d16add597f8567a6d407dba27e87284399d24327fe7e86381e502aaf900a0228e75c520642fb26d0ee45c1fb1e306987c795e778b2c74e89261eedfddddeb6fb4735b1ccf95d060b107316686eb79cf69bb3f9dca397239397f4d6238cc245197f2171d942b314274a68157eec35beb3f7cbe661504f54baedddb2225b9bf00b2f9d370eefaef2d31757afd15f92d98ea4509785a47d9194473247f533b455325ee885ecd16864de5f3d6bea33f42dcfbdeb857cd3c7f93486a2696fc6094a986f818fe8dd5737d0a8533d8c40c17eeea0b4277a2cbdf08425f292bb48ce053b43581f1e04ff1c07cc7710a0ce2b7bebc7abae46f6e9fb19be6c71993ac6b907fc09b9867d53ff9744af517140d729a5e2357eff0752bc9c687d69bd3899caf1fb44c1b40fa6f9f6142a3283347b9c7d775a1da5c545f4925e6596c9fdb0074b461585cabde0143be818884b7283f277d4dc6b81487b26291e8d2c4ed86b4d45eab70d8e6054515fbee9d3c3ea21411bb35c1110d77a2ed5ff7b4afb88a22e28b956c940509bfb39c3e7228db028572763ecf1121ac56aa6b0cac8463a0eb13dbd009705f569af4ba887d6a71d9dc6c1b46b12d77a81bb7d16be3d076bedd605041336b11bb791c18e9ec7479ff151268499f71ef28b23596d61107189786b0b4c66e746476b7ce81ad5ef9a5f9a43a227c14e3df5648470022324032bb55a02a8f5bca222f1eb1f16e30a1e346d0a1a54460aabf300e798e12c24c5bf090ba7f34a2b47a2daa3800f38d9602e06b0de6739d9cf09fe7091564f9e3e4d25dae3d4be67e43f8b834f700e2fe050382f5bbfbf6de9e933993c8f2c626910e34bd3e2a225db06b0220a20ea2f9ac5f0aed7283def0c0ce69c7fafe99973cdfc4a38680552541c0e5b1d1bb176593bf239e5ce90cf7c07af151158a1e4f06c67139e5d25b9fa7f20d07b29d72336fdd6f55ce1a6dd3aad18fd37307ebb637962b735f32634559a9ea8f5e52c2d194d1a91cdc0fa8496f060628f9f30c112d38ffc70b3cb98d6cdf55e4aa10d42601462f71f5be3fc9bc3e8ffb42a62db134ea4cca29abdae1f966a42d3ad7e1d5807497507fe3e62806a1c3661b17042d0177ef5799bd42ed8033ae19fec1ea865872de7bc5c2ab45805935ed98291e4222e233204267657dece15f64d0876f06c69c901a29f73055ece2aa531abe1a76ab709402b656945eb4dd8caedebd0adb3403a892e1961913d3dc34c8a779aa7683480f2aa2bf9e1eea2f6eca099d26ccdef6a79c18285ab27aa00a0a972b28b6419333d800b446b8d5c2bdb0d39d0fd57846eeee87ab8a6f275a549eef846160b923b1cd003ff254d9f0e68bc211432a584ba8e6a8214471bdfc97498712027a5cb6b435b148a4ad522ebaa2676b1ce814b3aa7605db4edb39c28ac1f0579438c6ed590a42ff2f9e1f57324984bf109e8b11576810dbd95289141e75981da758945dd5e892b24ef8e380bddb50088c7d2c168a58a0382f3116336844f00fc9031edf229241343710bb3728b79af623c43bc71d569c564a45d334285f8602c8a1c11b3cbba984c253850b949bc14b5ffebc7b1139461601538ec2561bc0a10965cbc4bd28c6844b94407e1535bc3510ac56ef56f59e3f5b8ebdd139832f02810b9f3ca5e4e7ffa69eab33d4010b7a2a2dbac389eed4f693e54b0f5685a39ac4a0e3ac032d19a9093bda297af7ad927e0ebfc4112350df2fb32342b7e18a5ba9800a1cee2f67fe478532a2ad69059e7895397f55101fbe4064274380cf2d85bb22ae85ec9048617af5cd46ca3c5e638a041536422725afd2d96faf2aa6506f754735b784b79a742032fb74a47cc85aef3b2a3e79b1f73afcbefeeaa9b7ce5d1abab52cdd959459c69b106b171255c535ca4a4d51185180fdf34f4b336a5dc7a858ae88914701763844ab7861633668d84816596cbb9f8fadc8f44872b0b3c6786175abd3abf6890481873ddc55ddab2862d8a93f82ea72cacced766cad5fda77328f8a0f985c04bd486f1d36090a9f0847a72f56cedb185493815587eec025f0d59e4ec63f45685448c3d8bd3542ad75f8a38c3ee5c433bddd180ff2227057080157ceefb4e2effd1ae2910dc17fb0288876b1b90757c2b1c2253cad45942d55b9296d5855c566771627e5f4546d3c5b33699d73743cd3d0a25021e5bac0c0c34428c70343671704abc9563aedb89499cd93dd9e2dd9dfe6dd2e93bd2b8fcbd54bf2de732bfa9be74eedb98d1023eb452e6d60a2e371e234005d9a2c076aeafdfcb8a3589317801e1d4a8194b7296d66346906f0a222dac9c158c9edf981dec06ca6eb41fe6eed879149b223c2b83f43a477ff0473e425ba1ab4ef82cc64a6af4641fb3c80b721838604152d06a4829eb3faace0acefa749917c987cbc0cd240ca62e4ebff539d6bd99e15f1483a2023ac51af870d5646bce30b1af37ed64c1340bd61b405690fc7fd5c2d44ae5880045ff0adc48ef43e7ebbec1b143cc300bcc7c41c95a106fe605cf5fa3eb8c0bf5b0f7db35b2c4c594bc3257e6a97ee32dc3fdf6cca8d1e460fabcbca18924c3ecf83083aeb542296cb27ee8137c5486115a3ea810d052c2064187fdcfcc2c907600ecb47ee93ea3a000f926d89ba96de0ef4b35af0eb44ecd8024727d78b6af4ee1332facb7e43ea5a8ecc7528e5279eb49cebeebe8b16420cc435fc46b654701aeaab1f9d38396aac867bf26af220d3f9f9d1559598cdaac0cb85cb02d7919a71f99492138d01b515d2d137808ace4dda4d3c8cf3e22327ebf509defcb325e51b5723cfa08a8f0166602210c6a40fb2819958245a7e965ac74321e76fd02afeaeebe9fce49f7834dbb573c8dba389d0b393e900452192b186eed822251fdbcc4764f71bea71b95b91e2b17ce8fedeb194f95d43f3a195a1a10f9be3b3ad44632a80cc1e528ec0db2327bbbeed89ea54402652f8eece441fb0adb8fb42b67571ea8c54a38964c7dde28a552d2191f01ec18a7b239db4f9625028f487c2f6f7f112779127ce2dbf158e28232ce2984c2e3816db363d3295479624e40762e07ac06c487a891b976afd203b57f327d68129bc0cc91f4b97d421b9994009038ddd650167597438067b02ab1e66b2d36cc18f97299ded252b0e1fd2605465efa9f7358243542d2e16bdece944bff7d77d92e652c14364ce0e781792af1346d37fe45257f9995c973fa351757c33a3b3d477d945efe6267d9bc0fbbae0caa1cf80262883ae40caad35c8db42038755df32f21c97aa48e31a3e0f253530f8a2c5221f025ee5a9e55049e75285ac298f618af958a4e7e18023bc9e87d98054006d450aefb331d31686e30cc2db9cc9cd3806b73238aea8ea4490622839d88493e6e2504c2d3e3dd750ea0d442575a75f1eb028d431f2e45cb4ec73cec05af33cbf2ed61bb14150c68b5fc9616e84a51bccab428f6456c9878f47b7cf159f1754b6f1dde2388754b8b236d1d4304c07c9c4996ceb5ab5c14a607cf35404f2463e3e3e61b0a3c924686b681568ae9fd57c4b1648acd26d3212b84558c9b11e4005ad2cedacd0fde1e09d0779249e0ea27d38f452de4b284e2ff564e9641dfb48357a456fe9d2d982fab37e50d6ce8b174a2b9ece0176c03a33add05cb4d04be1830904170e74ba7ae86daa3f75865741be47d4d5a19cb60a0463e7a4af96a69399608b89a7438de4c51f9bf07a3c4c4830a4f615bd839d321937189493b0b3beefed14d3fe9630ca935bfeebf40beb546d92c493e5458b823179e58baf53c0585a0d62145354fd1036eb74c897f67c18e0c5aa82174203393f94d07f790e2780e8d2421d2c1bb9f953ec57259a5a6bcc39e5a7109f6cb4abf16cab9821fd25d3c9c0bb8b7e62ebdc8f771f91817d271f28d68b6c99c67e00619b01b0ac8d92a6385cc5d7b4f44cf74da923427805091268db2e55a9b89a1c2d77722833bdde17a50a16595445a59d86367166958384ad1ba23cd4061270c6a725c29e233622f107f423d45045caed684a6abd45f88f42b9009bea69cfb71f48f7e5c1d125999d153d2c272c9a3613a2430638192cc949476dd764ce972ab36161e097aa5a07ee17b0ca1f996cc368df4efff3d79637099d21e0316aa9de13e4d16a232025038d1a90b2c7f1cbef70d37a6038105c7d4fbae506bbb83b367e34f28afca1174b7c8526cf9a36481519bf22a1925b16d8f5b8ee897456dbc3a33ee34f805e72deffb31b36f33eddaa8cfcdb7af0bd97a485f27ae98fbd704648917ceaee52db7064df56ada61ddb17458cc164621e3132ad73e49e543c0abed4869561f358181c5dc859b9108e310c52ce6349465980c5a8dc3f7601b30906f0fd0329c66b87c9c2ec5a03ec78d036d932103b2b4cc20c9f3c1d3ccfa6bd77dda6ada2346e643995f0e5ee47bb66b197bc50700a60e0c716d609900a7355e96609062d6b551474ffc48cdcc037a8192467e0b2b76536725219b67ecc9559a6f715b0abb4c42378bb12a238eea52523c7808f10e0a97867c1d5ee665364a8d5f3d4ba1f10ceb7ef16b0456eaefe461ffc9dcfe20538ee5f7b207c3c8d1dd47b2f", 0x1000, 0x2}, {0x1, 0x5, &(0x7f00000004c0)='\x00', &(0x7f0000000500)="9278af1b39c960db05e26729447ef0ff92558e3de4ba817d33064582e4cff4512989d9c4e9211457da5c41de7146b11b7fb501cb6ff50412c0debbfb4dc3e555436f6a587d42ddfebe7afc6a", 0x4c, 0x31}]}) syz_emit_ethernet(0x46, &(0x7f0000000340)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x88}}}}}}, 0x0) (async) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r2, 0x800442d4, &(0x7f0000001780)=0x7) (async) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="740000001000210400000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa8886004000024001280090001007866726d000000001400028008000100010000000800020011000000050021000000000008000a00", @ANYRES32, @ANYBLOB='\n\x00:'], 0x74}}, 0x0) 442.086491ms ago: executing program 1 (id=4365): sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000006c0)={0x4c, 0x0, 0x9, 0x5, 0x0, 0x0, {0x1}}, 0x4c}}, 0x800) sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x14, 0x0, 0x4, 0x0, 0x25dfdbfe}, 0x14}}, 0x0) r0 = socket(0x10, 0x803, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000300)={'erspan0\x00', &(0x7f0000000080)={'erspan0\x00', 0x0, 0x20, 0x700, 0x4, 0x10000, {{0x23, 0x4, 0x1, 0x1d, 0x8c, 0x67, 0x0, 0x7, 0x4, 0x0, @loopback, @private=0xa010100, {[@timestamp={0x44, 0x24, 0xea, 0x0, 0x1, [0x0, 0x9, 0xb2, 0x519, 0x9, 0x80000001, 0x7, 0x3]}, @generic={0x89, 0x5, "b84245"}, @lsrr={0x83, 0xb, 0x9b, [@local, @dev={0xac, 0x14, 0x14, 0x23}]}, @timestamp_addr={0x44, 0x1c, 0x7b, 0x1, 0xd, [{@loopback, 0x6}, {@broadcast, 0x2}, {@rand_addr=0x64010102, 0x200}]}, @ssrr={0x89, 0xb, 0x72, [@empty, @local]}, @ssrr={0x89, 0x1b, 0xd5, [@private=0xa010102, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @multicast1, @rand_addr=0x64010101]}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000340)={'syztnl0\x00', &(0x7f0000000880)={'ip_vti0\x00', r1, 0x7, 0x40, 0xc4, 0x1f, {{0x16, 0x4, 0x0, 0x2, 0x58, 0x65, 0x0, 0xf6, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x21}, @local, {[@timestamp_prespec={0x44, 0x44, 0xcc, 0x3, 0xd, [{@multicast1, 0xfffffffb}, {@dev={0xac, 0x14, 0x14, 0x3e}, 0x8c5}, {@private=0xa010101, 0x1}, {@broadcast, 0x3}, {@multicast2, 0x4}, {@private=0xa010101, 0xfff}, {@remote, 0x4}, {@dev={0xac, 0x14, 0x14, 0x37}, 0x8}]}]}}}}}) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x4000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x4c}, 0x1, 0xba01, 0x0, 0x6000000}, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r2, 0x84, 0x78, &(0x7f0000000000), 0x4) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x1c}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0xbe8}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 441.809354ms ago: executing program 4 (id=4366): r0 = socket(0xa, 0x3, 0xff) setsockopt$inet6_int(r0, 0x29, 0x38, &(0x7f0000000040)=0xfffffffa, 0x4) syz_emit_ethernet(0x4e, &(0x7f00000020c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c8900182b01fe800000000000000000000000000025fe80000000000000000000"], 0x0) recvmmsg(r0, &(0x7f0000001680)=[{{0x0, 0x0, 0x0}, 0xffe}], 0x1, 0x40010142, 0x0) 409.043042ms ago: executing program 2 (id=4367): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000340)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="df48006c0000000000000c0000002c00038028000380140001010400000002000000050002000000000010000180fdff01007369743000000000180001801400020073697430"], 0x58}}, 0x0) 325.452162ms ago: executing program 0 (id=4368): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c00000012000301000000000000000000039db7000000000000010004000000000000000000000000000000000000000000000000000000691d0f76e77044d1eb94e56239"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) 265.655069ms ago: executing program 1 (id=4369): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_RENAME(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, 0x5, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) read(r0, &(0x7f0000000000)=""/98, 0x62) ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r0, 0x4048587b, &(0x7f00000005c0)={{r0, &(0x7f0000000080)=':{:\x06}@)^#/*)d\x00', 0x101000, &(0x7f0000000100)={@_ha_fsid={[0xf6, 0x8]}, {0xf, 0x2, 0x9, 0x41be}}, 0x8, &(0x7f00000001c0), &(0x7f0000000200)=0x5}, 0x3, &(0x7f0000000540)=[{0x1, 0x7f, &(0x7f0000000240)='\x00', &(0x7f0000000280)="0fbf8ff7f4d94b7a06c7ba2c648957b5dccecaac3b4bb3394da752bdddd656f560600ee122c6a535efa80746f9a876bf87e283fd2f881b23406d4b37082042c1c2d71d7db1d1cd8f1df71e6d89b0a59c8c", 0x51, 0x50}, {0x3, 0x4, &(0x7f0000000300)='\'/\x00', &(0x7f0000000340)="bddd44fffa42bfb88ab3a9867bfec4e8e126d3898356bef9c570cde066b6a816f121415c4ac2ac2887ec026dc8d3426bd6c0e969527086532c8b89531328fc18333521e0b198164bfaf44983741f1d6785b6d42e973d2fd1dc497ef61efdf7d75e3da55650c6355db116cc280744862e0e24f45ba48635dac707ccacbde59b022c93f497ecd4cec3a921fb3fbd00ee38bf2219845c9a37a281898a1e1313ab3b59cb0cd527eb189ae77bec3f1832e595850bbe6f7cfadae7d1b8d444831b93e3e136387cbaffaf6fd5eca4e5d2731caa8401b0917509", 0xd6, 0x20}, {0x1, 0xfffffffe, &(0x7f0000000440)='}%&://\x00', &(0x7f0000000480)="5d5108e2a9b8f70b06e0f31b07b06b398ffd261d70cce8996a656a75322454894dbefa794c64f3113b03e98209f7c7c56bb9b31f27819895887d85b8b1c4e598ab0c003d28ed3493afc8480eedf441768380269d80b8084513d3d3ff44a8e01a6d1fdbba43afe0483e6a07dab7a537fe6d1a9592196e63da822f7f89964f286751218ba8085f3b01d85a6a712991a1ad0d7623e8ec014efbf2c068bfc2c5284d9586e5f075a5d00d1d26477370827cc89da4ced3647ced", 0xb7, 0x30}]}) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000640)={0x7, {{0xa, 0x4e22, 0x200, @private1={0xfc, 0x1, '\x00', 0x1}, 0x39}}, 0x0, 0x5, [{{0xa, 0x4e22, 0x10000, @mcast1, 0xc99a}}, {{0xa, 0x4e24, 0x9, @private2, 0x373}}, {{0xa, 0x4e22, 0x2, @local, 0x8000}}, {{0xa, 0x4e23, 0x1000, @mcast1, 0x9}}, {{0xa, 0x4e24, 0x0, @private1, 0x100}}]}, 0x310) 214.389792ms ago: executing program 4 (id=4370): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000004000900041122000b00000001"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000380), &(0x7f00000000c0), 0x80000002, r0}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000080)={0x0, &(0x7f0000000000)=""/56, &(0x7f00000001c0), &(0x7f00000000c0), 0x1, r0, 0x4}, 0x38) 130.887734ms ago: executing program 3 (id=4371): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000000c0)=@bridge_delneigh={0x28, 0x1c, 0x1, 0x70bd27, 0x25dfdbff, {0x7, 0x0, 0x0, r3, 0x80, 0xce, 0x4}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}]}, 0x28}, 0x1, 0x0, 0x0, 0x200440c5}, 0x14) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000040)=0x2, 0x4) 118.991577ms ago: executing program 2 (id=4372): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019800)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x3000000, 0x7b, 0x11, 0x30}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x76}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x7, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) 118.75629ms ago: executing program 0 (id=4373): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r1) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYRES16=r2, @ANYBLOB="05000000000000000000077400060800020000000000080003"], 0x30}, 0x1, 0xffffffff00000003, 0x0, 0x4000001}, 0x0) 114.216194ms ago: executing program 1 (id=4374): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x60, 0x2, 0x6, 0x3, 0x0, 0xa00, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x8}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xc30e}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x60}}, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f00000009c0)=0x6) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) r4 = socket$inet6(0xa, 0x3, 0x8000000003c) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4ea3, 0x10, @mcast2, 0x3}, 0x1c) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket(0x1, 0x803, 0x0) socket$kcm(0x2, 0x922000000001, 0x106) r6 = socket$igmp6(0xa, 0x3, 0x2) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a48000000030a210200000000000000000a0000050900030073797a30000000000900010073797a3100000000080007006e6174001400048008000140000000030800024054dd5e5414000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x80111500, &(0x7f0000000040)={'wlan0\x00'}) sendmsg(r4, &(0x7f00000000c0)={0x0, 0x9584, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff) r10 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r11, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r11, {0x2, 0xa}, {0x0, 0x9}, {0xffff, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_TTL={0x5, 0x43, 0xf}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4010}, 0x0) sendmsg$BATADV_CMD_TP_METER_CANCEL(r5, &(0x7f0000000980)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0xc0040080}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x34, r9, 0x501, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x80000000}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r11}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x840}, 0x48000) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x4, 0x3, 0x0, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newqdisc={0x178, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x2, 0xfff3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x148, 0x2, [@TCA_GRED_PARMS={0x38, 0x1, {0x100, 0x5, 0x400, 0x9, 0x80, 0x101, 0xe, 0xc40, 0x3, 0xfffffffd, 0x20, 0xb, 0xff, 0x6, 0xca11, 0xfffe}}, @TCA_GRED_STAB={0x104, 0x2, "abcc61b4e508c02286f1bafc7a22c407a52b0e13291c865d493f15736245f220cd4e40006df455836aa3bd3aaa2c9b95578719c46f89e01798d28b6d63cf7465ea95bd97b018b7afaccdcb28bb42d677b73c44e790f0875fb4b795ca95b7dd712d2c5d69945535f92f74a71236743acd06103cd77bd07f2df5989ee40e409b077cc85e96554beb53c986a216051bd5979a8cfcfe9f98be58ffcf44f6cfda8579dbaedceee578bfd1fb554b6e185e9315425ef0a3fc69d17ede93fc7c46357990f7acfdb8216ea52f604b9f12033688caa4b04adecfc926b3f6ca25bcb5432905e3f30ccbf10cf0f2d00858ba2bbd2702b8d4a7a7c744fbaa2fa35b1c586020d6"}, @TCA_GRED_MAX_P={0x8, 0x4, 0x9}]}}]}, 0x178}, 0x1, 0x0, 0x0, 0x845}, 0x24008804) 36.694631ms ago: executing program 2 (id=4375): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x28, 0x0, 0x7, 0x401, 0x0, 0x0, {0x3, 0x0, 0x1}, [@NFACCT_FILTER={0x4}, @NFACCT_FILTER={0x4}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000) setsockopt$MRT_DEL_MFC(0xffffffffffffffff, 0x0, 0xcd, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) write(r1, &(0x7f0000000080)="1400000052004f030e78", 0xa) recvmmsg(r1, &(0x7f0000005c80)=[{{0x0, 0x41, 0x0}}], 0x344, 0x10122, 0x0) 18.078647ms ago: executing program 0 (id=4376): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0xfff5}}, 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x0) 0s ago: executing program 3 (id=4377): socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b0000000500000000040000090000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0xb4a02fe0ce239f93, '\x00', 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @sk_skb=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) kernel console output (not intermixed with test programs): d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 384.071510][T15891] RSP: 002b:00007f7ee6267028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 384.071532][T15891] RAX: ffffffffffffffda RBX: 00007f7ee5615fa0 RCX: 00007f7ee539c799 [ 384.071547][T15891] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 0000000000000004 [ 384.071558][T15891] RBP: 00007f7ee6267090 R08: 0000000000000000 R09: 0000000000000000 [ 384.071571][T15891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 384.071582][T15891] R13: 00007f7ee5616038 R14: 00007f7ee5615fa0 R15: 00007ffd353cafc8 [ 384.071615][T15891] [ 384.095730][T15897] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3141'. [ 384.596248][T15919] sit1: entered promiscuous mode [ 384.604241][T15919] sit1: entered allmulticast mode [ 384.614374][T15919] mac80211_hwsim hwsim3 syzkaller0: left promiscuous mode [ 384.634111][T15919] mac80211_hwsim hwsim3 syzkaller0: left allmulticast mode [ 384.687325][T15923] tipc: Enabling of bearer rejected, already enabled [ 384.731547][T15925] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3152'. [ 384.745069][T15925] openvswitch: netlink: EtherType 0 is less than min 600 [ 385.144932][T15946] FAULT_INJECTION: forcing a failure. [ 385.144932][T15946] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 385.162274][T15946] CPU: 1 UID: 0 PID: 15946 Comm: syz.4.3164 Not tainted syzkaller #0 PREEMPT(full) [ 385.162302][T15946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 385.162314][T15946] Call Trace: [ 385.162321][T15946] [ 385.162330][T15946] dump_stack_lvl+0xe8/0x150 [ 385.162382][T15946] should_fail_ex+0x412/0x560 [ 385.162417][T15946] _copy_to_iter+0x404/0x17d0 [ 385.162443][T15946] ? unwind_get_return_address+0x4d/0x90 [ 385.162477][T15946] ? do_raw_spin_lock+0x12b/0x2f0 [ 385.162508][T15946] ? __pfx__copy_to_iter+0x10/0x10 [ 385.162535][T15946] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 385.162557][T15946] ? lockdep_hardirqs_on+0x7a/0x110 [ 385.162579][T15946] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 385.162599][T15946] ? __skb_try_recv_datagram+0x3d4/0x4d0 [ 385.162631][T15946] __skb_datagram_iter+0xf8/0x980 [ 385.162657][T15946] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 385.162689][T15946] skb_copy_datagram_iter+0xb5/0x270 [ 385.162719][T15946] netlink_recvmsg+0x2c3/0xa50 [ 385.162760][T15946] ? __pfx_netlink_recvmsg+0x10/0x10 [ 385.162795][T15946] ? aa_sock_msg_perm+0xf1/0x1b0 [ 385.162826][T15946] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 385.162848][T15946] ? security_socket_recvmsg+0x7e/0x2c0 [ 385.162868][T15946] ? __pfx_netlink_recvmsg+0x10/0x10 [ 385.162898][T15946] sock_recvmsg+0x172/0x1b0 [ 385.162928][T15946] ____sys_recvmsg+0x1e6/0x4a0 [ 385.162960][T15946] ? __pfx_____sys_recvmsg+0x10/0x10 [ 385.163001][T15946] ? import_iovec+0x73/0xa0 [ 385.163025][T15946] ___sys_recvmsg+0x215/0x590 [ 385.163055][T15946] ? __pfx____sys_recvmsg+0x10/0x10 [ 385.163103][T15946] ? __fget_files+0x3a0/0x420 [ 385.163145][T15946] do_recvmmsg+0x334/0x800 [ 385.163175][T15946] ? __pfx_do_recvmmsg+0x10/0x10 [ 385.163214][T15946] ? _copy_from_user+0x94/0xb0 [ 385.163251][T15946] __x64_sys_recvmmsg+0x1b7/0x250 [ 385.163280][T15946] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 385.163317][T15946] do_syscall_64+0x14d/0xf80 [ 385.163337][T15946] ? trace_irq_disable+0x3b/0x150 [ 385.163372][T15946] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.163393][T15946] ? clear_bhb_loop+0x40/0x90 [ 385.163417][T15946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.163437][T15946] RIP: 0033:0x7f3effb9c799 [ 385.163458][T15946] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 385.163474][T15946] RSP: 002b:00007f3f00b25028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 385.163496][T15946] RAX: ffffffffffffffda RBX: 00007f3effe15fa0 RCX: 00007f3effb9c799 [ 385.163511][T15946] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 385.163525][T15946] RBP: 00007f3f00b25090 R08: 0000200000003700 R09: 0000000000000000 [ 385.163537][T15946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 385.163549][T15946] R13: 00007f3effe16038 R14: 00007f3effe15fa0 R15: 00007ffecb4f2ab8 [ 385.163582][T15946] [ 385.655531][T15949] nbd0: detected capacity change from 0 to 127 [ 385.761364][T15949] nbd1: detected capacity change from 0 to 127 [ 385.784107][T15954] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3166'. [ 385.894007][T15975] can: request_module (can-proto-0) failed. [ 385.942602][ T5839] block nbd0: Receive control failed (result -104) [ 385.954076][ T5835] block nbd1: Receive control failed (result -32) [ 386.180808][T15987] netlink: 'syz.3.3177': attribute type 1 has an invalid length. [ 386.188608][T15987] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3177'. [ 386.248495][T15973] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3173'. [ 386.533797][T16004] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3186'. [ 386.561707][T16007] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3187'. [ 386.633841][T16009] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3188'. [ 386.663314][T16007] FAULT_INJECTION: forcing a failure. [ 386.663314][T16007] name failslab, interval 1, probability 0, space 0, times 0 [ 386.710511][T16007] CPU: 1 UID: 0 PID: 16007 Comm: syz.2.3187 Not tainted syzkaller #0 PREEMPT(full) [ 386.710540][T16007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 386.710552][T16007] Call Trace: [ 386.710561][T16007] [ 386.710569][T16007] dump_stack_lvl+0xe8/0x150 [ 386.710603][T16007] should_fail_ex+0x412/0x560 [ 386.710638][T16007] should_failslab+0xa8/0x100 [ 386.710667][T16007] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 386.710690][T16007] ? __alloc_skb+0x186/0x7d0 [ 386.710709][T16007] ? __alloc_skb+0x1d0/0x7d0 [ 386.710726][T16007] ? __local_bh_enable_ip+0xd0/0x130 [ 386.710759][T16007] __alloc_skb+0x1d0/0x7d0 [ 386.710784][T16007] netlink_sendmsg+0x5d4/0xb40 [ 386.710827][T16007] ? __pfx_netlink_sendmsg+0x10/0x10 [ 386.710860][T16007] ? aa_sock_msg_perm+0xf1/0x1b0 [ 386.710893][T16007] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 386.710920][T16007] ____sys_sendmsg+0x972/0x9f0 [ 386.710952][T16007] ? __pfx_____sys_sendmsg+0x10/0x10 [ 386.710986][T16007] ? import_iovec+0x73/0xa0 [ 386.711012][T16007] ___sys_sendmsg+0x2a5/0x360 [ 386.711041][T16007] ? __pfx____sys_sendmsg+0x10/0x10 [ 386.711102][T16007] ? __fget_files+0x2a/0x420 [ 386.711129][T16007] ? __fget_files+0x3a0/0x420 [ 386.711170][T16007] __x64_sys_sendmsg+0x1bd/0x2a0 [ 386.711196][T16007] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 386.711231][T16007] ? __pfx_ksys_write+0x10/0x10 [ 386.711266][T16007] do_syscall_64+0x14d/0xf80 [ 386.711287][T16007] ? trace_irq_disable+0x3b/0x150 [ 386.711313][T16007] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.711334][T16007] ? clear_bhb_loop+0x40/0x90 [ 386.711358][T16007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.711387][T16007] RIP: 0033:0x7f363bb9c799 [ 386.711407][T16007] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 386.711425][T16007] RSP: 002b:00007f363caf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 386.711448][T16007] RAX: ffffffffffffffda RBX: 00007f363be15fa0 RCX: 00007f363bb9c799 [ 386.711462][T16007] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 386.711475][T16007] RBP: 00007f363caf6090 R08: 0000000000000000 R09: 0000000000000000 [ 386.711488][T16007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 386.711500][T16007] R13: 00007f363be16038 R14: 00007f363be15fa0 R15: 00007fff231fdfd8 [ 386.711533][T16007] [ 387.015743][T16022] netlink: 'syz.0.3192': attribute type 1 has an invalid length. [ 387.024424][T16022] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3192'. [ 387.486803][T16043] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 387.503654][T16043] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.610866][T16046] tipc: Enabled bearer , priority 0 [ 387.691726][T16043] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 387.711544][T16043] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.925383][T16051] syzkaller0: entered promiscuous mode [ 387.935419][T16051] syzkaller0: entered allmulticast mode [ 387.942210][T16051] tipc: Resetting bearer [ 388.061588][T16043] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 388.098637][T16043] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.250960][T16043] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 388.266649][T16043] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.288515][T16042] tipc: Resetting bearer [ 388.309850][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 388.317955][ C1] lec:lec_tx_timeout: lec0 [ 388.322579][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 388.464994][T16089] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 389.424272][T16108] __nla_validate_parse: 4 callbacks suppressed [ 389.424295][T16108] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3225'. [ 389.440340][T16108] openvswitch: netlink: EtherType 0 is less than min 600 [ 389.733750][T16117] xt_ecn: cannot match TCP bits for non-tcp packets [ 389.850832][T16042] tipc: Disabling bearer [ 389.898098][T16117] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3228'. [ 390.027208][ T1074] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 390.055226][ T1074] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.106840][ T36] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 390.129450][ T36] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.305187][ T1074] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 390.315571][ T1074] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.366117][ T1074] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 390.389221][ T1074] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.589114][T16155] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3238'. [ 390.661739][T16155] FAULT_INJECTION: forcing a failure. [ 390.661739][T16155] name failslab, interval 1, probability 0, space 0, times 0 [ 390.717000][T16155] CPU: 0 UID: 0 PID: 16155 Comm: syz.3.3238 Not tainted syzkaller #0 PREEMPT(full) [ 390.717029][T16155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 390.717041][T16155] Call Trace: [ 390.717049][T16155] [ 390.717057][T16155] dump_stack_lvl+0xe8/0x150 [ 390.717091][T16155] should_fail_ex+0x412/0x560 [ 390.717125][T16155] should_failslab+0xa8/0x100 [ 390.717163][T16155] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 390.717187][T16155] ? __alloc_skb+0x186/0x7d0 [ 390.717205][T16155] ? __alloc_skb+0x1d0/0x7d0 [ 390.717223][T16155] ? __local_bh_enable_ip+0xd0/0x130 [ 390.717253][T16155] __alloc_skb+0x1d0/0x7d0 [ 390.717273][T16155] ? netlink_ack_tlv_len+0x6c/0x210 [ 390.717306][T16155] netlink_ack+0x146/0xa50 [ 390.717332][T16155] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 390.717359][T16155] ? ref_tracker_free+0x693/0x840 [ 390.717386][T16155] ? __copy_skb_header+0xa3/0x4a0 [ 390.717409][T16155] ? __pfx_ref_tracker_free+0x10/0x10 [ 390.717448][T16155] netlink_rcv_skb+0x2b6/0x4b0 [ 390.717478][T16155] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 390.717510][T16155] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 390.717552][T16155] ? netlink_deliver_tap+0x2e/0x1b0 [ 390.717590][T16155] netlink_unicast+0x80f/0x9b0 [ 390.717627][T16155] ? __pfx_netlink_unicast+0x10/0x10 [ 390.717656][T16155] ? netlink_sendmsg+0x650/0xb40 [ 390.717684][T16155] ? skb_put+0x11b/0x210 [ 390.717708][T16155] netlink_sendmsg+0x813/0xb40 [ 390.717748][T16155] ? __pfx_netlink_sendmsg+0x10/0x10 [ 390.717779][T16155] ? aa_sock_msg_perm+0xf1/0x1b0 [ 390.717809][T16155] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 390.717836][T16155] ____sys_sendmsg+0x972/0x9f0 [ 390.717869][T16155] ? __pfx_____sys_sendmsg+0x10/0x10 [ 390.717903][T16155] ? import_iovec+0x73/0xa0 [ 390.717929][T16155] ___sys_sendmsg+0x2a5/0x360 [ 390.717958][T16155] ? __pfx____sys_sendmsg+0x10/0x10 [ 390.718020][T16155] ? __fget_files+0x2a/0x420 [ 390.718048][T16155] ? __fget_files+0x3a0/0x420 [ 390.718090][T16155] __x64_sys_sendmsg+0x1bd/0x2a0 [ 390.718117][T16155] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 390.718160][T16155] ? __pfx_ksys_write+0x10/0x10 [ 390.718195][T16155] do_syscall_64+0x14d/0xf80 [ 390.718218][T16155] ? trace_irq_disable+0x3b/0x150 [ 390.718246][T16155] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.718267][T16155] ? clear_bhb_loop+0x40/0x90 [ 390.718291][T16155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.718312][T16155] RIP: 0033:0x7f7ee539c799 [ 390.718332][T16155] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 390.718349][T16155] RSP: 002b:00007f7ee6267028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 390.718371][T16155] RAX: ffffffffffffffda RBX: 00007f7ee5615fa0 RCX: 00007f7ee539c799 [ 390.718386][T16155] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 390.718398][T16155] RBP: 00007f7ee6267090 R08: 0000000000000000 R09: 0000000000000000 [ 390.718411][T16155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 390.718423][T16155] R13: 00007f7ee5616038 R14: 00007f7ee5615fa0 R15: 00007ffd353cafc8 [ 390.718456][T16155] [ 391.200994][T16173] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 64993 [ 391.228576][T16170] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3245'. [ 391.617362][T16202] openvswitch: netlink: IP tunnel dst address not specified [ 391.657391][T16205] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3259'. [ 391.667497][T16205] team1 (uninitialized): Failed to send options change via netlink (err -105) [ 391.843131][T16205] team1: entered promiscuous mode [ 391.873123][T16205] team1: entered allmulticast mode [ 391.918611][T16221] syzkaller0: entered promiscuous mode [ 391.927715][T16221] syzkaller0: entered allmulticast mode [ 392.100760][T16223] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3263'. [ 392.211112][T16237] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3263'. [ 392.220895][T16237] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3263'. [ 392.267564][T16231] syzkaller1: entered promiscuous mode [ 392.273796][T16231] syzkaller1: entered allmulticast mode [ 392.357319][T16246] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3270'. [ 392.430695][T16249] openvswitch: netlink: IP tunnel dst address not specified [ 392.556845][T16251] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 392.677881][T16251] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 392.826235][T16266] syzkaller0: entered promiscuous mode [ 392.849854][T16266] syzkaller0: entered allmulticast mode [ 393.239207][T16278] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3283'. [ 393.329808][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 393.337861][ C1] lec:lec_tx_timeout: lec0 [ 393.344830][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 393.710765][T16292] syzkaller0: entered promiscuous mode [ 393.718733][T16292] syzkaller0: entered allmulticast mode [ 394.007360][T16303] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 394.137077][T16316] netlink: 'syz.3.3299': attribute type 1 has an invalid length. [ 394.449401][T16332] mac80211_hwsim hwsim3 syzkaller0: entered promiscuous mode [ 394.458506][T16332] mac80211_hwsim hwsim3 syzkaller0: entered allmulticast mode [ 394.541429][T16336] __nla_validate_parse: 2 callbacks suppressed [ 394.541451][T16336] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3306'. [ 394.905141][T16347] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 395.362075][T16360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3317'. [ 395.591839][T16362] syzkaller0: entered promiscuous mode [ 395.597383][T16362] syzkaller0: entered allmulticast mode [ 397.152748][T16389] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 397.232118][T16392] tipc: Enabling of bearer rejected, failed to enable media [ 397.368666][T16396] FAULT_INJECTION: forcing a failure. [ 397.368666][T16396] name failslab, interval 1, probability 0, space 0, times 0 [ 397.419897][T16396] CPU: 1 UID: 0 PID: 16396 Comm: syz.1.3328 Not tainted syzkaller #0 PREEMPT(full) [ 397.419927][T16396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 397.419939][T16396] Call Trace: [ 397.419947][T16396] [ 397.419957][T16396] dump_stack_lvl+0xe8/0x150 [ 397.419989][T16396] should_fail_ex+0x412/0x560 [ 397.420025][T16396] should_failslab+0xa8/0x100 [ 397.420053][T16396] __kmalloc_noprof+0xe8/0x760 [ 397.420076][T16396] ? tomoyo_encode+0x28b/0x550 [ 397.420122][T16396] tomoyo_encode+0x28b/0x550 [ 397.420160][T16396] tomoyo_realpath_from_path+0x58d/0x5d0 [ 397.420214][T16396] ? tomoyo_path_number_perm+0x219/0x630 [ 397.420242][T16396] tomoyo_path_number_perm+0x246/0x630 [ 397.420272][T16396] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 397.420302][T16396] ? __lock_acquire+0x6b5/0x2cf0 [ 397.420341][T16396] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 397.420386][T16396] ? __fget_files+0x2a/0x420 [ 397.420418][T16396] ? __fget_files+0x2a/0x420 [ 397.420444][T16396] ? __fget_files+0x3a0/0x420 [ 397.420470][T16396] ? __fget_files+0x2a/0x420 [ 397.420505][T16396] security_file_ioctl+0xc3/0x2a0 [ 397.420533][T16396] __se_sys_ioctl+0x47/0x170 [ 397.420561][T16396] do_syscall_64+0x14d/0xf80 [ 397.420582][T16396] ? trace_irq_disable+0x3b/0x150 [ 397.420611][T16396] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.420633][T16396] ? clear_bhb_loop+0x40/0x90 [ 397.420658][T16396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.420679][T16396] RIP: 0033:0x7f8f5999c799 [ 397.420699][T16396] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 397.420716][T16396] RSP: 002b:00007f8f5a8f9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 397.420739][T16396] RAX: ffffffffffffffda RBX: 00007f8f59c15fa0 RCX: 00007f8f5999c799 [ 397.420754][T16396] RDX: 0000200000000940 RSI: 00000000000089f3 RDI: 0000000000000003 [ 397.420767][T16396] RBP: 00007f8f5a8f9090 R08: 0000000000000000 R09: 0000000000000000 [ 397.420780][T16396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 397.420792][T16396] R13: 00007f8f59c16038 R14: 00007f8f59c15fa0 R15: 00007ffc046dd508 [ 397.420827][T16396] [ 397.420904][T16396] ERROR: Out of memory at tomoyo_realpath_from_path. [ 397.486725][T16403] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3331'. [ 397.556078][T16408] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3334'. [ 397.566060][T16404] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3332'. [ 397.702309][T16404] gre1: entered promiscuous mode [ 397.707593][T16404] gre1: entered allmulticast mode [ 397.738614][T16414] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3335'. [ 397.760735][T16414] lo: Caught tx_queue_len zero misconfig [ 397.777108][T16411] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 397.877313][T16421] FAULT_INJECTION: forcing a failure. [ 397.877313][T16421] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 397.911935][T16420] syzkaller0: entered promiscuous mode [ 397.917459][T16420] syzkaller0: entered allmulticast mode [ 397.926148][T16423] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3340'. [ 397.942977][T16421] CPU: 1 UID: 0 PID: 16421 Comm: syz.2.3339 Not tainted syzkaller #0 PREEMPT(full) [ 397.943005][T16421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 397.943018][T16421] Call Trace: [ 397.943026][T16421] [ 397.943035][T16421] dump_stack_lvl+0xe8/0x150 [ 397.943068][T16421] should_fail_ex+0x412/0x560 [ 397.943104][T16421] _copy_from_user+0x2d/0xb0 [ 397.943126][T16421] ___sys_sendmsg+0x1c6/0x360 [ 397.943157][T16421] ? __pfx____sys_sendmsg+0x10/0x10 [ 397.943215][T16421] ? __fget_files+0x2a/0x420 [ 397.943244][T16421] ? __fget_files+0x3a0/0x420 [ 397.943283][T16421] __x64_sys_sendmsg+0x1bd/0x2a0 [ 397.943308][T16421] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 397.943339][T16421] ? __pfx_ksys_write+0x10/0x10 [ 397.943390][T16421] do_syscall_64+0x14d/0xf80 [ 397.943413][T16421] ? trace_irq_disable+0x3b/0x150 [ 397.943439][T16421] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.943459][T16421] ? clear_bhb_loop+0x40/0x90 [ 397.943483][T16421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.943504][T16421] RIP: 0033:0x7f363bb9c799 [ 397.943524][T16421] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 397.943541][T16421] RSP: 002b:00007f363caf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 397.943563][T16421] RAX: ffffffffffffffda RBX: 00007f363be15fa0 RCX: 00007f363bb9c799 [ 397.943577][T16421] RDX: 0000000004004080 RSI: 0000200000000040 RDI: 0000000000000003 [ 397.943589][T16421] RBP: 00007f363caf6090 R08: 0000000000000000 R09: 0000000000000000 [ 397.943600][T16421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 397.943611][T16421] R13: 00007f363be16038 R14: 00007f363be15fa0 R15: 00007fff231fdfd8 [ 397.943643][T16421] [ 398.184094][T16423] hsr_slave_0 (unregistering): left promiscuous mode [ 398.359777][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 398.368011][ C1] lec:lec_tx_timeout: lec0 [ 398.372787][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 398.373885][T16432] FAULT_INJECTION: forcing a failure. [ 398.373885][T16432] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 398.417160][T16432] CPU: 0 UID: 0 PID: 16432 Comm: syz.1.3344 Not tainted syzkaller #0 PREEMPT(full) [ 398.417190][T16432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 398.417201][T16432] Call Trace: [ 398.417210][T16432] [ 398.417219][T16432] dump_stack_lvl+0xe8/0x150 [ 398.417254][T16432] should_fail_ex+0x412/0x560 [ 398.417291][T16432] _copy_from_user+0x2d/0xb0 [ 398.417315][T16432] ___sys_recvmsg+0x175/0x590 [ 398.417339][T16432] ? __lock_acquire+0x6b5/0x2cf0 [ 398.417370][T16432] ? __pfx____sys_recvmsg+0x10/0x10 [ 398.417437][T16432] do_recvmmsg+0x334/0x800 [ 398.417472][T16432] ? __pfx_do_recvmmsg+0x10/0x10 [ 398.417510][T16432] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 398.417555][T16432] __x64_sys_recvmmsg+0x198/0x250 [ 398.417583][T16432] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 398.417621][T16432] do_syscall_64+0x14d/0xf80 [ 398.417643][T16432] ? trace_irq_disable+0x3b/0x150 [ 398.417672][T16432] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.417693][T16432] ? clear_bhb_loop+0x40/0x90 [ 398.417720][T16432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.417740][T16432] RIP: 0033:0x7f8f5999c799 [ 398.417760][T16432] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 398.417778][T16432] RSP: 002b:00007f8f5a8f9028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 398.417801][T16432] RAX: ffffffffffffffda RBX: 00007f8f59c15fa0 RCX: 00007f8f5999c799 [ 398.417816][T16432] RDX: 0400000000000284 RSI: 0000200000000040 RDI: 0000000000000003 [ 398.417830][T16432] RBP: 00007f8f5a8f9090 R08: 0000000000000000 R09: 0000000000000000 [ 398.417843][T16432] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 398.417855][T16432] R13: 00007f8f59c16038 R14: 00007f8f59c15fa0 R15: 00007ffc046dd508 [ 398.417889][T16432] [ 398.731200][T16442] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3350'. [ 399.307544][T16483] SET target dimension over the limit! [ 399.957590][T16503] FAULT_INJECTION: forcing a failure. [ 399.957590][T16503] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 400.002513][T16503] CPU: 0 UID: 0 PID: 16503 Comm: syz.0.3367 Not tainted syzkaller #0 PREEMPT(full) [ 400.002543][T16503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 400.002556][T16503] Call Trace: [ 400.002564][T16503] [ 400.002573][T16503] dump_stack_lvl+0xe8/0x150 [ 400.002607][T16503] should_fail_ex+0x412/0x560 [ 400.002642][T16503] _copy_from_iter+0x1d3/0x1670 [ 400.002678][T16503] ? rcu_is_watching+0x15/0xb0 [ 400.002713][T16503] ? __pfx__copy_from_iter+0x10/0x10 [ 400.002753][T16503] ? netlink_sendmsg+0x650/0xb40 [ 400.002782][T16503] ? skb_put+0x11b/0x210 [ 400.002808][T16503] netlink_sendmsg+0x6c0/0xb40 [ 400.002848][T16503] ? __pfx_netlink_sendmsg+0x10/0x10 [ 400.002882][T16503] ? aa_sock_msg_perm+0xf1/0x1b0 [ 400.002914][T16503] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 400.002940][T16503] ____sys_sendmsg+0x972/0x9f0 [ 400.002974][T16503] ? __pfx_____sys_sendmsg+0x10/0x10 [ 400.003007][T16503] ? import_iovec+0x73/0xa0 [ 400.003033][T16503] ___sys_sendmsg+0x2a5/0x360 [ 400.003063][T16503] ? __pfx____sys_sendmsg+0x10/0x10 [ 400.003134][T16503] ? __fget_files+0x2a/0x420 [ 400.003163][T16503] ? __fget_files+0x3a0/0x420 [ 400.003204][T16503] __x64_sys_sendmsg+0x1bd/0x2a0 [ 400.003232][T16503] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 400.003266][T16503] ? __pfx_ksys_write+0x10/0x10 [ 400.003301][T16503] do_syscall_64+0x14d/0xf80 [ 400.003324][T16503] ? trace_irq_disable+0x3b/0x150 [ 400.003352][T16503] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.003372][T16503] ? clear_bhb_loop+0x40/0x90 [ 400.003398][T16503] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.003419][T16503] RIP: 0033:0x7f070399c799 [ 400.003440][T16503] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 400.003457][T16503] RSP: 002b:00007f070488c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 400.003480][T16503] RAX: ffffffffffffffda RBX: 00007f0703c15fa0 RCX: 00007f070399c799 [ 400.003495][T16503] RDX: 0000000004004080 RSI: 0000200000000040 RDI: 0000000000000003 [ 400.003508][T16503] RBP: 00007f070488c090 R08: 0000000000000000 R09: 0000000000000000 [ 400.003521][T16503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 400.003533][T16503] R13: 00007f0703c16038 R14: 00007f0703c15fa0 R15: 00007ffe123bd568 [ 400.003567][T16503] [ 400.955090][T16547] syzkaller1: entered promiscuous mode [ 400.960883][T16547] syzkaller1: entered allmulticast mode [ 401.136659][T16553] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3386'. [ 401.165465][T16555] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3385'. [ 401.332780][T16558] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3388'. [ 401.397878][T16561] syzkaller1: tun_chr_ioctl cmd 2153273474 [ 401.430896][T16561] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 401.436957][T16561] syzkaller1: linktype set to 823 [ 401.500357][T16567] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3392'. [ 401.534207][T16568] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.3391'. [ 401.605190][T16571] tipc: Enabled bearer , priority 0 [ 401.818073][T16582] FAULT_INJECTION: forcing a failure. [ 401.818073][T16582] name failslab, interval 1, probability 0, space 0, times 0 [ 401.853267][T16582] CPU: 1 UID: 0 PID: 16582 Comm: syz.4.3398 Not tainted syzkaller #0 PREEMPT(full) [ 401.853298][T16582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 401.853311][T16582] Call Trace: [ 401.853320][T16582] [ 401.853329][T16582] dump_stack_lvl+0xe8/0x150 [ 401.853364][T16582] should_fail_ex+0x412/0x560 [ 401.853408][T16582] should_failslab+0xa8/0x100 [ 401.853433][T16582] ? skb_clone+0x212/0x3a0 [ 401.853459][T16582] kmem_cache_alloc_noprof+0x87/0x650 [ 401.853488][T16582] ? apparmor_capable+0x126/0x170 [ 401.853524][T16582] skb_clone+0x212/0x3a0 [ 401.853552][T16582] ? nfnetlink_rcv+0x4b0/0x27b0 [ 401.853589][T16582] nfnetlink_rcv+0x4e2/0x27b0 [ 401.853619][T16582] ? preempt_schedule_common+0x82/0xd0 [ 401.853649][T16582] ? preempt_schedule_thunk+0x16/0x30 [ 401.853679][T16582] ? __local_bh_enable_ip+0xe1/0x130 [ 401.853705][T16582] ? __dev_queue_xmit+0x1e78/0x3890 [ 401.853729][T16582] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.853766][T16582] ? __dev_queue_xmit+0x277/0x3890 [ 401.853797][T16582] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 401.853853][T16582] ? ref_tracker_free+0x693/0x840 [ 401.853882][T16582] ? __copy_skb_header+0xa3/0x4a0 [ 401.853907][T16582] ? __pfx_ref_tracker_free+0x10/0x10 [ 401.853954][T16582] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 401.853983][T16582] ? lockdep_hardirqs_on+0x7a/0x110 [ 401.854013][T16582] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 401.854035][T16582] ? rcu_preempt_deferred_qs_irqrestore+0x7b9/0xbc0 [ 401.854082][T16582] netlink_unicast+0x80f/0x9b0 [ 401.854120][T16582] ? __pfx_netlink_unicast+0x10/0x10 [ 401.854149][T16582] ? netlink_sendmsg+0x650/0xb40 [ 401.854185][T16582] ? skb_put+0x11b/0x210 [ 401.854210][T16582] netlink_sendmsg+0x813/0xb40 [ 401.854251][T16582] ? __pfx_netlink_sendmsg+0x10/0x10 [ 401.854291][T16582] ? aa_sock_msg_perm+0xf1/0x1b0 [ 401.854319][T16582] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 401.854346][T16582] ____sys_sendmsg+0x972/0x9f0 [ 401.854388][T16582] ? __pfx_____sys_sendmsg+0x10/0x10 [ 401.854422][T16582] ? import_iovec+0x73/0xa0 [ 401.854449][T16582] ___sys_sendmsg+0x2a5/0x360 [ 401.854479][T16582] ? __pfx____sys_sendmsg+0x10/0x10 [ 401.854550][T16582] ? __fget_files+0x2a/0x420 [ 401.854579][T16582] ? __fget_files+0x3a0/0x420 [ 401.854620][T16582] __x64_sys_sendmsg+0x1bd/0x2a0 [ 401.854647][T16582] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 401.854680][T16582] ? __pfx_ksys_write+0x10/0x10 [ 401.854715][T16582] do_syscall_64+0x14d/0xf80 [ 401.854737][T16582] ? trace_irq_disable+0x3b/0x150 [ 401.854767][T16582] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.854787][T16582] ? clear_bhb_loop+0x40/0x90 [ 401.854812][T16582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.854833][T16582] RIP: 0033:0x7f3effb9c799 [ 401.854852][T16582] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 401.854870][T16582] RSP: 002b:00007f3f00b25028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 401.854892][T16582] RAX: ffffffffffffffda RBX: 00007f3effe15fa0 RCX: 00007f3effb9c799 [ 401.854907][T16582] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 401.854920][T16582] RBP: 00007f3f00b25090 R08: 0000000000000000 R09: 0000000000000000 [ 401.854932][T16582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 401.854944][T16582] R13: 00007f3effe16038 R14: 00007f3effe15fa0 R15: 00007ffecb4f2ab8 [ 401.854978][T16582] [ 402.294957][T16585] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3400'. [ 402.379475][T16586] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3399'. [ 402.395484][T16586] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 402.452216][T16586] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 402.715890][T16603] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3405'. [ 402.771259][T16604] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3405'. [ 402.837045][T16606] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3406'. [ 402.898245][T16606] netlink: 'syz.4.3406': attribute type 30 has an invalid length. [ 402.946514][ T12] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 402.949991][T16606] netlink: 'syz.4.3406': attribute type 30 has an invalid length. [ 402.960503][ T12] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 402.988184][ T12] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 403.024087][ T12] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 403.561234][T16628] delete_channel: no stack [ 404.199819][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5830 ms [ 404.207894][ C1] lec:lec_tx_timeout: lec0 [ 404.212805][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 404.371864][T16664] syzkaller0: entered promiscuous mode [ 404.377477][T16664] syzkaller0: entered allmulticast mode [ 404.793138][T16693] netlink: 'syz.0.3440': attribute type 1 has an invalid length. [ 405.064628][T16714] Cannot find del_set index 4 as target [ 405.211554][T16724] netlink: 'syz.4.3453': attribute type 1 has an invalid length. [ 405.599927][T16746] sctp: [Deprecated]: syz.2.3459 (pid 16746) Use of struct sctp_assoc_value in delayed_ack socket option. [ 405.599927][T16746] Use struct sctp_sack_info instead [ 405.811781][T16758] syzkaller0: entered promiscuous mode [ 405.832153][T16758] syzkaller0: entered allmulticast mode [ 405.873399][T16758] 0: reclassify loop, rule prio 0, protocol 800 [ 405.966556][T16766] netlink: 'syz.3.3468': attribute type 1 has an invalid length. [ 406.047741][T16771] netlink: 'syz.4.3469': attribute type 1 has an invalid length. [ 406.096893][T16771] 8021q: adding VLAN 0 to HW filter on device bond4 [ 406.152624][T16771] bond4: (slave geneve3): making interface the new active one [ 406.164875][T16771] bond4: (slave geneve3): Enslaving as an active interface with an up link [ 406.174944][ T36] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 20004 - 0 [ 406.192521][ T36] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 20004 - 0 [ 406.212990][T16771] __nla_validate_parse: 12 callbacks suppressed [ 406.213012][T16771] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3469'. [ 406.236034][ T36] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 20004 - 0 [ 406.244880][ T36] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 20004 - 0 [ 406.284194][T16781] sctp: [Deprecated]: syz.0.3473 (pid 16781) Use of struct sctp_assoc_value in delayed_ack socket option. [ 406.284194][T16781] Use struct sctp_sack_info instead [ 406.328877][T16783] openvswitch: netlink: IPv4 tunnel dst address is zero [ 406.484536][T16791] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 406.860422][T16801] FAULT_INJECTION: forcing a failure. [ 406.860422][T16801] name failslab, interval 1, probability 0, space 0, times 0 [ 406.934180][T16801] CPU: 0 UID: 0 PID: 16801 Comm: syz.3.3481 Not tainted syzkaller #0 PREEMPT(full) [ 406.934212][T16801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 406.934224][T16801] Call Trace: [ 406.934233][T16801] [ 406.934243][T16801] dump_stack_lvl+0xe8/0x150 [ 406.934280][T16801] should_fail_ex+0x412/0x560 [ 406.934318][T16801] should_failslab+0xa8/0x100 [ 406.934360][T16801] __kmalloc_node_track_caller_noprof+0xeb/0x7b0 [ 406.934387][T16801] ? ethnl_default_set_doit+0x595/0xad0 [ 406.934409][T16801] ? __kmalloc_noprof+0x37d/0x760 [ 406.934436][T16801] kmemdup_noprof+0x2b/0x70 [ 406.934467][T16801] ethnl_default_set_doit+0x595/0xad0 [ 406.934493][T16801] ? genl_family_rcv_msg_attrs_parse+0x212/0x2a0 [ 406.934529][T16801] genl_family_rcv_msg_doit+0x22a/0x330 [ 406.934555][T16801] ? __asan_memcpy+0x40/0x70 [ 406.934580][T16801] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 406.934617][T16801] ? bpf_lsm_capable+0x9/0x20 [ 406.934642][T16801] ? security_capable+0x7e/0x2c0 [ 406.934676][T16801] genl_rcv_msg+0x61c/0x7a0 [ 406.934705][T16801] ? __pfx_genl_rcv_msg+0x10/0x10 [ 406.934728][T16801] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 406.934750][T16801] ? __lock_acquire+0x6b5/0x2cf0 [ 406.934791][T16801] netlink_rcv_skb+0x232/0x4b0 [ 406.934821][T16801] ? __pfx_genl_rcv_msg+0x10/0x10 [ 406.934846][T16801] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 406.934897][T16801] ? down_read+0x272/0x2e0 [ 406.934918][T16801] ? genl_rcv+0xd/0x40 [ 406.934943][T16801] genl_rcv+0x28/0x40 [ 406.934964][T16801] netlink_unicast+0x80f/0x9b0 [ 406.934997][T16801] ? __pfx_netlink_unicast+0x10/0x10 [ 406.935027][T16801] ? netlink_sendmsg+0x650/0xb40 [ 406.935053][T16801] ? skb_put+0x11b/0x210 [ 406.935079][T16801] netlink_sendmsg+0x813/0xb40 [ 406.935120][T16801] ? __pfx_netlink_sendmsg+0x10/0x10 [ 406.935155][T16801] ? aa_sock_msg_perm+0xf1/0x1b0 [ 406.935187][T16801] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 406.935212][T16801] ____sys_sendmsg+0x972/0x9f0 [ 406.935248][T16801] ? __pfx_____sys_sendmsg+0x10/0x10 [ 406.935281][T16801] ? import_iovec+0x73/0xa0 [ 406.935310][T16801] ___sys_sendmsg+0x2a5/0x360 [ 406.935350][T16801] ? __pfx____sys_sendmsg+0x10/0x10 [ 406.935419][T16801] ? __fget_files+0x2a/0x420 [ 406.935447][T16801] ? __fget_files+0x3a0/0x420 [ 406.935490][T16801] __x64_sys_sendmsg+0x1bd/0x2a0 [ 406.935516][T16801] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 406.935553][T16801] ? __pfx_ksys_write+0x10/0x10 [ 406.935590][T16801] do_syscall_64+0x14d/0xf80 [ 406.935612][T16801] ? trace_irq_disable+0x3b/0x150 [ 406.935641][T16801] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.935663][T16801] ? clear_bhb_loop+0x40/0x90 [ 406.935689][T16801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.935709][T16801] RIP: 0033:0x7f7ee539c799 [ 406.935730][T16801] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 406.935747][T16801] RSP: 002b:00007f7ee6267028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 406.935769][T16801] RAX: ffffffffffffffda RBX: 00007f7ee5615fa0 RCX: 00007f7ee539c799 [ 406.935783][T16801] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 000000000000001a [ 406.935795][T16801] RBP: 00007f7ee6267090 R08: 0000000000000000 R09: 0000000000000000 [ 406.935807][T16801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 406.935818][T16801] R13: 00007f7ee5616038 R14: 00007f7ee5615fa0 R15: 00007ffd353cafc8 [ 406.935854][T16801] [ 407.563962][T16818] FAULT_INJECTION: forcing a failure. [ 407.563962][T16818] name failslab, interval 1, probability 0, space 0, times 0 [ 407.610381][T16818] CPU: 0 UID: 0 PID: 16818 Comm: syz.4.3487 Not tainted syzkaller #0 PREEMPT(full) [ 407.610411][T16818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 407.610423][T16818] Call Trace: [ 407.610432][T16818] [ 407.610441][T16818] dump_stack_lvl+0xe8/0x150 [ 407.610476][T16818] should_fail_ex+0x412/0x560 [ 407.610512][T16818] should_failslab+0xa8/0x100 [ 407.610541][T16818] __kmalloc_noprof+0xe8/0x760 [ 407.610563][T16818] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 407.610603][T16818] tomoyo_realpath_from_path+0xe3/0x5d0 [ 407.610645][T16818] ? tomoyo_path_number_perm+0x219/0x630 [ 407.610672][T16818] tomoyo_path_number_perm+0x246/0x630 [ 407.610702][T16818] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 407.610732][T16818] ? __lock_acquire+0x6b5/0x2cf0 [ 407.610771][T16818] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 407.610819][T16818] ? __fget_files+0x2a/0x420 [ 407.610852][T16818] ? __fget_files+0x2a/0x420 [ 407.610880][T16818] ? __fget_files+0x3a0/0x420 [ 407.610908][T16818] ? __fget_files+0x2a/0x420 [ 407.610942][T16818] security_file_ioctl+0xc3/0x2a0 [ 407.610969][T16818] __se_sys_ioctl+0x47/0x170 [ 407.610996][T16818] do_syscall_64+0x14d/0xf80 [ 407.611017][T16818] ? trace_irq_disable+0x3b/0x150 [ 407.611045][T16818] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.611066][T16818] ? clear_bhb_loop+0x40/0x90 [ 407.611092][T16818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.611111][T16818] RIP: 0033:0x7f3effb9c799 [ 407.611129][T16818] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 407.611146][T16818] RSP: 002b:00007f3f00b25028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 407.611168][T16818] RAX: ffffffffffffffda RBX: 00007f3effe15fa0 RCX: 00007f3effb9c799 [ 407.611181][T16818] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000006 [ 407.611193][T16818] RBP: 00007f3f00b25090 R08: 0000000000000000 R09: 0000000000000000 [ 407.611205][T16818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 407.611216][T16818] R13: 00007f3effe16038 R14: 00007f3effe15fa0 R15: 00007ffecb4f2ab8 [ 407.611250][T16818] [ 407.611258][T16818] ERROR: Out of memory at tomoyo_realpath_from_path. [ 407.626963][T16822] sctp: [Deprecated]: syz.4.3487 (pid 16822) Use of struct sctp_assoc_value in delayed_ack socket option. [ 407.626963][T16822] Use struct sctp_sack_info instead [ 407.724580][T16827] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3492'. [ 407.995878][T16832] openvswitch: netlink: IP tunnel dst address not specified [ 408.041676][T16829] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3493'. [ 408.060515][T16829] openvswitch: netlink: Flow actions attr not present in new flow. [ 408.160285][T16839] 8021q: VLANs not supported on syzkaller1 [ 408.182139][T16838] 8021q: VLANs not supported on syzkaller1 [ 408.519425][T16861] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.3507'. [ 408.526963][T16864] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3505'. [ 408.754552][T16878] netlink: 'syz.2.3512': attribute type 1 has an invalid length. [ 408.771995][T16878] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3512'. [ 408.911216][T16884] pim6reg: entered allmulticast mode [ 408.919279][T16884] pim6reg: left allmulticast mode [ 408.973699][T16895] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3519'. [ 409.000610][T16897] SET target dimension over the limit! [ 409.219767][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 409.227854][ C1] lec:lec_tx_timeout: lec0 [ 409.233980][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 409.319129][T16907] sctp: [Deprecated]: syz.4.3524 (pid 16907) Use of struct sctp_assoc_value in delayed_ack socket option. [ 409.319129][T16907] Use struct sctp_sack_info instead [ 409.474270][T16895] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3519'. [ 409.504169][T16915] tipc: Enabling of bearer rejected, failed to enable media [ 409.587312][T16918] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2 [ 409.683892][T16924] netlink: 'syz.2.3533': attribute type 3 has an invalid length. [ 409.691870][T16924] netlink: 'syz.2.3533': attribute type 3 has an invalid length. [ 409.871133][T16928] ieee802154 phy1 wpan1: encryption failed: -22 [ 409.961788][T16942] sctp: [Deprecated]: syz.1.3539 (pid 16942) Use of struct sctp_assoc_value in delayed_ack socket option. [ 409.961788][T16942] Use struct sctp_sack_info instead [ 410.024360][T16944] netlink: 'syz.4.3537': attribute type 10 has an invalid length. [ 410.032600][T16944] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3537'. [ 410.095934][T16944] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3537'. [ 410.947284][T16987] netlink: 'syz.4.3554': attribute type 3 has an invalid length. [ 411.570540][T17025] __nla_validate_parse: 1 callbacks suppressed [ 411.570561][T17025] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3569'. [ 411.591991][T17031] erspan0: entered allmulticast mode [ 412.068047][T17067] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3583'. [ 412.072948][T17068] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3584'. [ 412.151543][T17072] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3585'. [ 412.374720][T17094] FAULT_INJECTION: forcing a failure. [ 412.374720][T17094] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 412.413173][T17094] CPU: 0 UID: 0 PID: 17094 Comm: syz.4.3590 Not tainted syzkaller #0 PREEMPT(full) [ 412.413206][T17094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 412.413218][T17094] Call Trace: [ 412.413227][T17094] [ 412.413235][T17094] dump_stack_lvl+0xe8/0x150 [ 412.413271][T17094] should_fail_ex+0x412/0x560 [ 412.413306][T17094] _copy_from_user+0x2d/0xb0 [ 412.413330][T17094] ___sys_sendmsg+0x1c6/0x360 [ 412.413361][T17094] ? __pfx____sys_sendmsg+0x10/0x10 [ 412.413425][T17094] ? __fget_files+0x2a/0x420 [ 412.413454][T17094] ? __fget_files+0x3a0/0x420 [ 412.413496][T17094] __x64_sys_sendmsg+0x1bd/0x2a0 [ 412.413523][T17094] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 412.413558][T17094] ? __pfx_ksys_write+0x10/0x10 [ 412.413594][T17094] do_syscall_64+0x14d/0xf80 [ 412.413616][T17094] ? trace_irq_disable+0x3b/0x150 [ 412.413646][T17094] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.413666][T17094] ? clear_bhb_loop+0x40/0x90 [ 412.413692][T17094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.413713][T17094] RIP: 0033:0x7f3effb9c799 [ 412.413733][T17094] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 412.413751][T17094] RSP: 002b:00007f3f00b25028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 412.413774][T17094] RAX: ffffffffffffffda RBX: 00007f3effe15fa0 RCX: 00007f3effb9c799 [ 412.413789][T17094] RDX: 0000000004000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 412.413803][T17094] RBP: 00007f3f00b25090 R08: 0000000000000000 R09: 0000000000000000 [ 412.413815][T17094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 412.413827][T17094] R13: 00007f3effe16038 R14: 00007f3effe15fa0 R15: 00007ffecb4f2ab8 [ 412.413861][T17094] [ 413.352585][T17147] netlink: 'syz.0.3613': attribute type 1 has an invalid length. [ 413.419158][T17147] 8021q: adding VLAN 0 to HW filter on device bond4 [ 413.422062][T17152] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3613'. [ 413.484866][T17156] netlink: 'syz.3.3615': attribute type 1 has an invalid length. [ 413.503060][T17156] netlink: 'syz.3.3615': attribute type 2 has an invalid length. [ 413.734331][T17175] x_tables: unsorted entry at hook 2 [ 413.886640][T17186] netlink: 'syz.3.3626': attribute type 1 has an invalid length. [ 413.888173][T17185] openvswitch: netlink: Message has 8 unknown bytes. [ 413.905909][T17185] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 413.910909][T17186] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3626'. [ 414.116265][T17193] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3628'. [ 414.249770][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 414.257839][ C1] lec:lec_tx_timeout: lec0 [ 414.262835][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 414.612886][T17228] netlink: 'syz.0.3640': attribute type 1 has an invalid length. [ 414.658211][T17228] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3640'. [ 414.740241][T17236] openvswitch: netlink: Flow actions attr not present in new flow. [ 414.939903][T17245] bond5: option all_slaves_active: invalid value (222) [ 414.960310][T17245] bond5 (unregistering): Released all slaves [ 415.033446][T17255] syzkaller1: entered promiscuous mode [ 415.049267][T17255] syzkaller1: entered allmulticast mode [ 415.158540][T17264] FAULT_INJECTION: forcing a failure. [ 415.158540][T17264] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 415.195990][T17264] CPU: 0 UID: 0 PID: 17264 Comm: syz.3.3654 Not tainted syzkaller #0 PREEMPT(full) [ 415.196020][T17264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 415.196032][T17264] Call Trace: [ 415.196041][T17264] [ 415.196050][T17264] dump_stack_lvl+0xe8/0x150 [ 415.196084][T17264] should_fail_ex+0x412/0x560 [ 415.196119][T17264] _copy_from_iter+0x1d3/0x1670 [ 415.196154][T17264] ? rcu_is_watching+0x15/0xb0 [ 415.196190][T17264] ? __pfx__copy_from_iter+0x10/0x10 [ 415.196231][T17264] ? netlink_sendmsg+0x650/0xb40 [ 415.196261][T17264] ? skb_put+0x11b/0x210 [ 415.196287][T17264] netlink_sendmsg+0x6c0/0xb40 [ 415.196328][T17264] ? __pfx_netlink_sendmsg+0x10/0x10 [ 415.196373][T17264] ? aa_sock_msg_perm+0xf1/0x1b0 [ 415.196405][T17264] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 415.196433][T17264] ____sys_sendmsg+0x972/0x9f0 [ 415.196467][T17264] ? __pfx_____sys_sendmsg+0x10/0x10 [ 415.196501][T17264] ? import_iovec+0x73/0xa0 [ 415.196526][T17264] ___sys_sendmsg+0x2a5/0x360 [ 415.196556][T17264] ? __pfx____sys_sendmsg+0x10/0x10 [ 415.196619][T17264] ? __fget_files+0x2a/0x420 [ 415.196648][T17264] ? __fget_files+0x3a0/0x420 [ 415.196689][T17264] __x64_sys_sendmsg+0x1bd/0x2a0 [ 415.196716][T17264] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 415.196751][T17264] ? __pfx_ksys_write+0x10/0x10 [ 415.196786][T17264] do_syscall_64+0x14d/0xf80 [ 415.196808][T17264] ? trace_irq_disable+0x3b/0x150 [ 415.196838][T17264] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.196859][T17264] ? clear_bhb_loop+0x40/0x90 [ 415.196885][T17264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.196905][T17264] RIP: 0033:0x7f7ee539c799 [ 415.196925][T17264] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 415.196942][T17264] RSP: 002b:00007f7ee6267028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 415.196965][T17264] RAX: ffffffffffffffda RBX: 00007f7ee5615fa0 RCX: 00007f7ee539c799 [ 415.196980][T17264] RDX: 0000000004000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 415.196994][T17264] RBP: 00007f7ee6267090 R08: 0000000000000000 R09: 0000000000000000 [ 415.197007][T17264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 415.197019][T17264] R13: 00007f7ee5616038 R14: 00007f7ee5615fa0 R15: 00007ffd353cafc8 [ 415.197052][T17264] [ 415.745863][T17284] bond6: up delay (5) is not a multiple of miimon (4), value rounded to 4 ms [ 416.001012][T17299] FAULT_INJECTION: forcing a failure. [ 416.001012][T17299] name failslab, interval 1, probability 0, space 0, times 0 [ 416.035924][ T25] block nbd0: Possible stuck request ffff888026768000: control (read@0,1024B). Runtime 30 seconds [ 416.047689][ T1644] block nbd1: Possible stuck request ffff8880267e0000: control (read@0,1024B). Runtime 30 seconds [ 416.059477][ T25] block nbd0: Possible stuck request ffff888026768200: control (read@1024,1024B). Runtime 30 seconds [ 416.064325][T17299] CPU: 0 UID: 0 PID: 17299 Comm: syz.4.3670 Not tainted syzkaller #0 PREEMPT(full) [ 416.064351][T17299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 416.064361][T17299] Call Trace: [ 416.064368][T17299] [ 416.064377][T17299] dump_stack_lvl+0xe8/0x150 [ 416.064408][T17299] should_fail_ex+0x412/0x560 [ 416.064440][T17299] should_failslab+0xa8/0x100 [ 416.064466][T17299] __kmalloc_cache_noprof+0x88/0x660 [ 416.064486][T17299] ? __mutex_trylock_common+0x158/0x260 [ 416.064512][T17299] ? ctnetlink_alloc_filter+0xb2/0xb50 [ 416.064541][T17299] ctnetlink_alloc_filter+0xb2/0xb50 [ 416.064566][T17299] ? __pfx_ctnetlink_alloc_filter+0x10/0x10 [ 416.064589][T17299] ? __mutex_lock+0x319/0x1300 [ 416.064610][T17299] ? __pfx___nla_validate_parse+0x10/0x10 [ 416.064637][T17299] ctnetlink_del_conntrack+0x6f9/0x930 [ 416.064663][T17299] ? __pfx_ctnetlink_del_conntrack+0x10/0x10 [ 416.064707][T17299] nfnetlink_rcv_msg+0xc00/0x12c0 [ 416.064731][T17299] ? unwind_get_return_address+0x4d/0x90 [ 416.064757][T17299] ? nfnetlink_rcv_msg+0x229/0x12c0 [ 416.064800][T17299] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 416.064871][T17299] netlink_rcv_skb+0x232/0x4b0 [ 416.064899][T17299] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 416.064925][T17299] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 416.064968][T17299] ? bpf_lsm_capable+0x9/0x20 [ 416.064992][T17299] ? security_capable+0x7e/0x2c0 [ 416.065024][T17299] nfnetlink_rcv+0x2c0/0x27b0 [ 416.065057][T17299] ? __local_bh_enable_ip+0xd0/0x130 [ 416.065081][T17299] ? lockdep_hardirqs_on+0x7a/0x110 [ 416.065100][T17299] ? __dev_queue_xmit+0x277/0x3890 [ 416.065120][T17299] ? __local_bh_enable_ip+0xd0/0x130 [ 416.065141][T17299] ? __dev_queue_xmit+0x277/0x3890 [ 416.065162][T17299] ? __dev_queue_xmit+0x1e78/0x3890 [ 416.065182][T17299] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.065208][T17299] ? __dev_queue_xmit+0x277/0x3890 [ 416.065235][T17299] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 416.065265][T17299] ? __pfx___dev_queue_xmit+0x10/0x10 [ 416.065294][T17299] ? ref_tracker_free+0x693/0x840 [ 416.065326][T17299] ? __copy_skb_header+0xa3/0x4a0 [ 416.065349][T17299] ? __pfx_ref_tracker_free+0x10/0x10 [ 416.065391][T17299] ? skb_clone+0x246/0x3a0 [ 416.065416][T17299] ? __netlink_deliver_tap+0x807/0x850 [ 416.065442][T17299] ? netlink_deliver_tap+0x2e/0x1b0 [ 416.065474][T17299] ? netlink_deliver_tap+0x2e/0x1b0 [ 416.065508][T17299] netlink_unicast+0x80f/0x9b0 [ 416.065542][T17299] ? __pfx_netlink_unicast+0x10/0x10 [ 416.065568][T17299] ? netlink_sendmsg+0x650/0xb40 [ 416.065591][T17299] ? skb_put+0x11b/0x210 [ 416.065613][T17299] netlink_sendmsg+0x813/0xb40 [ 416.065649][T17299] ? __pfx_netlink_sendmsg+0x10/0x10 [ 416.065678][T17299] ? aa_sock_msg_perm+0xf1/0x1b0 [ 416.065706][T17299] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 416.065729][T17299] ____sys_sendmsg+0x972/0x9f0 [ 416.065760][T17299] ? __pfx_____sys_sendmsg+0x10/0x10 [ 416.065790][T17299] ? import_iovec+0x73/0xa0 [ 416.065814][T17299] ___sys_sendmsg+0x2a5/0x360 [ 416.065841][T17299] ? __pfx____sys_sendmsg+0x10/0x10 [ 416.065898][T17299] ? __fget_files+0x2a/0x420 [ 416.065922][T17299] ? __fget_files+0x3a0/0x420 [ 416.065958][T17299] __x64_sys_sendmsg+0x1bd/0x2a0 [ 416.065982][T17299] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 416.066012][T17299] ? __pfx_ksys_write+0x10/0x10 [ 416.066044][T17299] do_syscall_64+0x14d/0xf80 [ 416.066064][T17299] ? trace_irq_disable+0x3b/0x150 [ 416.066089][T17299] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.066107][T17299] ? clear_bhb_loop+0x40/0x90 [ 416.066130][T17299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.066147][T17299] RIP: 0033:0x7f3effb9c799 [ 416.066165][T17299] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 416.066180][T17299] RSP: 002b:00007f3f00b25028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 416.066200][T17299] RAX: ffffffffffffffda RBX: 00007f3effe15fa0 RCX: 00007f3effb9c799 [ 416.066213][T17299] RDX: 0000000004000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 416.066224][T17299] RBP: 00007f3f00b25090 R08: 0000000000000000 R09: 0000000000000000 [ 416.066236][T17299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 416.066246][T17299] R13: 00007f3effe16038 R14: 00007f3effe15fa0 R15: 00007ffecb4f2ab8 [ 416.066276][T17299] [ 416.104685][T17303] xt_CT: You must specify a L4 protocol and not use inversions on it [ 416.106734][ T1644] block nbd1: Possible stuck request ffff8880267e0200: control (read@1024,1024B). Runtime 30 seconds [ 416.513865][ T25] block nbd0: Possible stuck request ffff888026768400: control (read@2048,1024B). Runtime 30 seconds [ 416.524881][ T25] block nbd0: Possible stuck request ffff888026768600: control (read@3072,1024B). Runtime 30 seconds [ 416.535996][ T1644] block nbd1: Possible stuck request ffff8880267e0400: control (read@2048,1024B). Runtime 30 seconds [ 416.546986][ T1644] block nbd1: Possible stuck request ffff8880267e0600: control (read@3072,1024B). Runtime 30 seconds [ 417.344960][T17364] SET target dimension over the limit! [ 417.415738][T17367] netlink: 'syz.0.3695': attribute type 1 has an invalid length. [ 417.699548][T17393] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3705'. [ 417.836706][T17397] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3706'. [ 417.903305][T17406] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3709'. [ 418.075114][T17418] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3714'. [ 418.085851][T17418] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3714'. [ 418.137081][T17416] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3713'. [ 418.146124][T17416] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3713'. [ 418.162471][T17416] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3713'. [ 418.186910][T17416] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3713'. [ 418.332711][T17432] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3720'. [ 418.583027][T17452] FAULT_INJECTION: forcing a failure. [ 418.583027][T17452] name failslab, interval 1, probability 0, space 0, times 0 [ 418.650608][T17452] CPU: 1 UID: 0 PID: 17452 Comm: syz.0.3725 Not tainted syzkaller #0 PREEMPT(full) [ 418.650639][T17452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 418.650651][T17452] Call Trace: [ 418.650658][T17452] [ 418.650667][T17452] dump_stack_lvl+0xe8/0x150 [ 418.650701][T17452] should_fail_ex+0x412/0x560 [ 418.650735][T17452] should_failslab+0xa8/0x100 [ 418.650764][T17452] __kmalloc_cache_noprof+0x88/0x660 [ 418.650785][T17452] ? __pfx_stack_trace_save+0x10/0x10 [ 418.650806][T17452] ? rtnl_newlink+0x136/0x1be0 [ 418.650838][T17452] rtnl_newlink+0x136/0x1be0 [ 418.650867][T17452] ? kasan_save_track+0x4f/0x80 [ 418.650887][T17452] ? kasan_save_track+0x3e/0x80 [ 418.650905][T17452] ? kasan_save_free_info+0x46/0x50 [ 418.650930][T17452] ? __kasan_slab_free+0x5c/0x80 [ 418.650949][T17452] ? kmem_cache_free+0x187/0x630 [ 418.650971][T17452] ? __dev_queue_xmit+0x16d1/0x3890 [ 418.650995][T17452] ? __netlink_deliver_tap+0x5ad/0x850 [ 418.651022][T17452] ? netlink_deliver_tap+0x19c/0x1b0 [ 418.651049][T17452] ? netlink_unicast+0x7e3/0x9b0 [ 418.651073][T17452] ? netlink_sendmsg+0x813/0xb40 [ 418.651113][T17452] ? __pfx_rtnl_newlink+0x10/0x10 [ 418.651141][T17452] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.651199][T17452] ? kasan_quarantine_put+0xbb/0x1f0 [ 418.651219][T17452] ? lockdep_hardirqs_on+0x7a/0x110 [ 418.651246][T17452] ? kmem_cache_free+0x187/0x630 [ 418.651267][T17452] ? nlmon_xmit+0xb0/0x100 [ 418.651300][T17452] ? __lock_acquire+0x6b5/0x2cf0 [ 418.651331][T17452] ? __local_bh_enable_ip+0xd0/0x130 [ 418.651355][T17452] ? lockdep_hardirqs_on+0x7a/0x110 [ 418.651375][T17452] ? __dev_queue_xmit+0x277/0x3890 [ 418.651396][T17452] ? __local_bh_enable_ip+0xd0/0x130 [ 418.651419][T17452] ? __dev_queue_xmit+0x277/0x3890 [ 418.651468][T17452] ? __pfx_rtnl_newlink+0x10/0x10 [ 418.651496][T17452] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 418.651529][T17452] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 418.651558][T17452] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 418.651585][T17452] ? ref_tracker_free+0x693/0x840 [ 418.651612][T17452] ? __copy_skb_header+0xa3/0x4a0 [ 418.651636][T17452] ? __pfx_ref_tracker_free+0x10/0x10 [ 418.651676][T17452] netlink_rcv_skb+0x232/0x4b0 [ 418.651706][T17452] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 418.651737][T17452] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 418.651777][T17452] ? netlink_deliver_tap+0x2e/0x1b0 [ 418.651813][T17452] netlink_unicast+0x80f/0x9b0 [ 418.651848][T17452] ? __pfx_netlink_unicast+0x10/0x10 [ 418.651876][T17452] ? netlink_sendmsg+0x650/0xb40 [ 418.651904][T17452] ? skb_put+0x11b/0x210 [ 418.651927][T17452] netlink_sendmsg+0x813/0xb40 [ 418.651965][T17452] ? __pfx_netlink_sendmsg+0x10/0x10 [ 418.651998][T17452] ? aa_sock_msg_perm+0xf1/0x1b0 [ 418.652028][T17452] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 418.652054][T17452] ____sys_sendmsg+0x972/0x9f0 [ 418.652086][T17452] ? __pfx_____sys_sendmsg+0x10/0x10 [ 418.652125][T17452] ? import_iovec+0x73/0xa0 [ 418.652149][T17452] ___sys_sendmsg+0x2a5/0x360 [ 418.652177][T17452] ? __pfx____sys_sendmsg+0x10/0x10 [ 418.652236][T17452] ? __fget_files+0x2a/0x420 [ 418.652263][T17452] ? __fget_files+0x3a0/0x420 [ 418.652302][T17452] __x64_sys_sendmsg+0x1bd/0x2a0 [ 418.652327][T17452] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 418.652358][T17452] ? __pfx_ksys_write+0x10/0x10 [ 418.652392][T17452] do_syscall_64+0x14d/0xf80 [ 418.652413][T17452] ? trace_irq_disable+0x3b/0x150 [ 418.652440][T17452] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.652459][T17452] ? clear_bhb_loop+0x40/0x90 [ 418.652483][T17452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.652502][T17452] RIP: 0033:0x7f070399c799 [ 418.652522][T17452] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 418.652539][T17452] RSP: 002b:00007f070488c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 418.652560][T17452] RAX: ffffffffffffffda RBX: 00007f0703c15fa0 RCX: 00007f070399c799 [ 418.652574][T17452] RDX: 0000000000000040 RSI: 0000200000000280 RDI: 0000000000000007 [ 418.652586][T17452] RBP: 00007f070488c090 R08: 0000000000000000 R09: 0000000000000000 [ 418.652598][T17452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 418.652610][T17452] R13: 00007f0703c16038 R14: 00007f0703c15fa0 R15: 00007ffe123bd568 [ 418.652641][T17452] [ 419.118745][ T5835] block nbd2: Receive control failed (result -107) [ 419.124888][T17461] x_tables: unsorted underflow at hook 4 [ 419.162637][T17455] nbd2: detected capacity change from 0 to 127 [ 419.181908][T16066] block nbd2: Dead connection, failed to find a fallback [ 419.189321][T16066] block nbd2: shutting down sockets [ 419.200171][T16066] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 419.215513][T16066] Buffer I/O error on dev nbd2, logical block 0, async page read [ 419.227260][T16066] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 419.240511][T16066] Buffer I/O error on dev nbd2, logical block 1, async page read [ 419.248339][T16066] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 419.258097][T16066] Buffer I/O error on dev nbd2, logical block 2, async page read [ 419.266024][T16066] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 419.275549][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 419.275618][ C1] lec:lec_tx_timeout: lec0 [ 419.275775][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 419.294503][T16066] Buffer I/O error on dev nbd2, logical block 3, async page read [ 419.302446][T16066] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 419.312011][T16066] Buffer I/O error on dev nbd2, logical block 0, async page read [ 419.321761][T16066] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 419.331303][T16066] Buffer I/O error on dev nbd2, logical block 1, async page read [ 419.339202][T16066] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 419.345133][T17466] netlink: 'syz.0.3729': attribute type 1 has an invalid length. [ 419.348865][T16066] Buffer I/O error on dev nbd2, logical block 2, async page read [ 419.364296][T16066] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 419.373942][T16066] Buffer I/O error on dev nbd2, logical block 3, async page read [ 419.381857][T16066] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 419.391450][T16066] Buffer I/O error on dev nbd2, logical block 0, async page read [ 419.399252][T16066] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 419.408795][T16066] Buffer I/O error on dev nbd2, logical block 1, async page read [ 419.417390][T16066] ldm_validate_partition_table(): Disk read failed. [ 419.424990][T16066] Dev nbd2: unable to read RDB block 0 [ 419.432520][T16066] nbd2: unable to read partition table [ 419.448624][T16066] ldm_validate_partition_table(): Disk read failed. [ 419.455809][T16066] Dev nbd2: unable to read RDB block 0 [ 419.462093][T16066] nbd2: unable to read partition table [ 419.725635][T17483] netlink: 'syz.3.3736': attribute type 18 has an invalid length. [ 419.863015][T17496] SET target dimension over the limit! [ 420.119889][ T852] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 420.140265][T17503] netlink: 'syz.0.3744': attribute type 3 has an invalid length. [ 420.148564][ T852] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 420.174694][ T852] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 420.202260][ T852] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 420.254644][T17511] netlink: 'syz.3.3745': attribute type 1 has an invalid length. [ 420.624820][T17532] netlink: 'syz.4.3754': attribute type 4 has an invalid length. [ 420.786737][T17538] netlink: 'syz.1.3755': attribute type 1 has an invalid length. [ 420.795322][T17538] netlink: 'syz.1.3755': attribute type 2 has an invalid length. [ 420.843365][T17542] netlink: 'syz.4.3758': attribute type 7 has an invalid length. [ 420.981663][T17545] netlink: 'syz.0.3759': attribute type 14 has an invalid length. [ 421.832556][T17587] sctp: [Deprecated]: syz.1.3776 (pid 17587) Use of struct sctp_assoc_value in delayed_ack socket option. [ 421.832556][T17587] Use struct sctp_sack_info instead [ 421.902440][T17591] tipc: Enabling of bearer rejected, failed to enable media [ 422.386600][T17614] FAULT_INJECTION: forcing a failure. [ 422.386600][T17614] name failslab, interval 1, probability 0, space 0, times 0 [ 422.399709][T17611] netlink: 'syz.1.3786': attribute type 29 has an invalid length. [ 422.403948][T17614] CPU: 0 UID: 0 PID: 17614 Comm: syz.4.3788 Not tainted syzkaller #0 PREEMPT(full) [ 422.403973][T17614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 422.403984][T17614] Call Trace: [ 422.403992][T17614] [ 422.404000][T17614] dump_stack_lvl+0xe8/0x150 [ 422.404031][T17614] should_fail_ex+0x412/0x560 [ 422.404080][T17614] should_failslab+0xa8/0x100 [ 422.404106][T17614] __kvmalloc_node_noprof+0x178/0x8a0 [ 422.404129][T17614] ? nf_tables_commit+0xc2c/0xa400 [ 422.404150][T17614] ? nf_tables_commit+0x936/0xa400 [ 422.404175][T17614] nf_tables_commit+0xc2c/0xa400 [ 422.404196][T17614] ? do_raw_spin_lock+0x12b/0x2f0 [ 422.404251][T17614] ? __pfx_nf_tables_commit+0x10/0x10 [ 422.404273][T17614] ? __free_frozen_pages+0x706/0xdb0 [ 422.404303][T17614] ? nf_tables_newrule+0x2590/0x28b0 [ 422.404339][T17614] ? __pfx_nf_tables_newrule+0x10/0x10 [ 422.404390][T17614] nfnetlink_rcv+0x1c1b/0x27b0 [ 422.404448][T17614] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 422.404489][T17614] ? ref_tracker_free+0x693/0x840 [ 422.404544][T17614] ? __netlink_deliver_tap+0x807/0x850 [ 422.404570][T17614] ? netlink_deliver_tap+0x2e/0x1b0 [ 422.404614][T17614] netlink_unicast+0x80f/0x9b0 [ 422.404646][T17614] ? __pfx_netlink_unicast+0x10/0x10 [ 422.404679][T17614] ? netlink_sendmsg+0x650/0xb40 [ 422.404703][T17614] ? skb_put+0x11b/0x210 [ 422.404725][T17614] netlink_sendmsg+0x813/0xb40 [ 422.404761][T17614] ? __pfx_netlink_sendmsg+0x10/0x10 [ 422.404791][T17614] ? aa_sock_msg_perm+0xf1/0x1b0 [ 422.404818][T17614] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 422.404842][T17614] ____sys_sendmsg+0x972/0x9f0 [ 422.404872][T17614] ? __pfx_____sys_sendmsg+0x10/0x10 [ 422.404902][T17614] ? import_iovec+0x73/0xa0 [ 422.404925][T17614] ___sys_sendmsg+0x2a5/0x360 [ 422.404952][T17614] ? __pfx____sys_sendmsg+0x10/0x10 [ 422.405009][T17614] ? __fget_files+0x2a/0x420 [ 422.405034][T17614] ? __fget_files+0x3a0/0x420 [ 422.405069][T17614] __x64_sys_sendmsg+0x1bd/0x2a0 [ 422.405093][T17614] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 422.405124][T17614] ? __pfx_ksys_write+0x10/0x10 [ 422.405156][T17614] do_syscall_64+0x14d/0xf80 [ 422.405176][T17614] ? trace_irq_disable+0x3b/0x150 [ 422.405200][T17614] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.405219][T17614] ? clear_bhb_loop+0x40/0x90 [ 422.405241][T17614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.405259][T17614] RIP: 0033:0x7f3effb9c799 [ 422.405277][T17614] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 422.405292][T17614] RSP: 002b:00007f3f00b25028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 422.405313][T17614] RAX: ffffffffffffffda RBX: 00007f3effe15fa0 RCX: 00007f3effb9c799 [ 422.405325][T17614] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 422.405337][T17614] RBP: 00007f3f00b25090 R08: 0000000000000000 R09: 0000000000000000 [ 422.405355][T17614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 422.405366][T17614] R13: 00007f3effe16038 R14: 00007f3effe15fa0 R15: 00007ffecb4f2ab8 [ 422.405397][T17614] [ 422.712675][T17611] __nla_validate_parse: 5 callbacks suppressed [ 422.712694][T17611] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3786'. [ 422.789154][T17619] bond7: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 422.869418][T17619] bond7: (slave lo): Enslaving as an active interface with an up link [ 422.898846][T17619] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 422.928727][T17617] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3786'. [ 423.122218][T17621] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3789'. [ 423.446387][T17645] 8021q: adding VLAN 0 to HW filter on device bond3 [ 423.466170][T17652] 8021q: adding VLAN 0 to HW filter on device bond3 [ 423.481709][T17652] bond3: (slave vcan0): The slave device specified does not support setting the MAC address [ 423.515022][T17652] bond3: (slave vcan0): Error -95 calling set_mac_address [ 423.662989][T17654] bond3: (slave gretap2): making interface the new active one [ 423.700695][T17654] bond3: (slave gretap2): Enslaving as an active interface with an up link [ 423.753284][T17658] macvlan2: entered promiscuous mode [ 423.758655][T17658] macvlan2: entered allmulticast mode [ 423.793108][T17658] bond3: (slave macvlan2): Error -98 calling set_mac_address [ 424.281091][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 424.289163][ C1] lec:lec_tx_timeout: lec0 [ 424.293785][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 424.651499][T17699] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 424.783182][T17701] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 424.943735][T17711] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 425.234034][T17725] FAULT_INJECTION: forcing a failure. [ 425.234034][T17725] name failslab, interval 1, probability 0, space 0, times 0 [ 425.280969][T17725] CPU: 0 UID: 0 PID: 17725 Comm: syz.0.3816 Not tainted syzkaller #0 PREEMPT(full) [ 425.280999][T17725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 425.281011][T17725] Call Trace: [ 425.281020][T17725] [ 425.281029][T17725] dump_stack_lvl+0xe8/0x150 [ 425.281063][T17725] should_fail_ex+0x412/0x560 [ 425.281098][T17725] should_failslab+0xa8/0x100 [ 425.281127][T17725] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 425.281159][T17725] ? __alloc_skb+0x186/0x7d0 [ 425.281178][T17725] ? __alloc_skb+0x1d0/0x7d0 [ 425.281195][T17725] ? __local_bh_enable_ip+0xd0/0x130 [ 425.281227][T17725] __alloc_skb+0x1d0/0x7d0 [ 425.281252][T17725] netlink_sendmsg+0x5d4/0xb40 [ 425.281293][T17725] ? __pfx_netlink_sendmsg+0x10/0x10 [ 425.281327][T17725] ? aa_sock_msg_perm+0xf1/0x1b0 [ 425.281358][T17725] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 425.281385][T17725] ____sys_sendmsg+0x972/0x9f0 [ 425.281419][T17725] ? __pfx_____sys_sendmsg+0x10/0x10 [ 425.281453][T17725] ? import_iovec+0x73/0xa0 [ 425.281479][T17725] ___sys_sendmsg+0x2a5/0x360 [ 425.281514][T17725] ? __pfx____sys_sendmsg+0x10/0x10 [ 425.281576][T17725] ? __fget_files+0x2a/0x420 [ 425.281604][T17725] ? __fget_files+0x3a0/0x420 [ 425.281645][T17725] __x64_sys_sendmsg+0x1bd/0x2a0 [ 425.281671][T17725] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 425.281705][T17725] ? __pfx_ksys_write+0x10/0x10 [ 425.281739][T17725] do_syscall_64+0x14d/0xf80 [ 425.281761][T17725] ? trace_irq_disable+0x3b/0x150 [ 425.281789][T17725] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.281810][T17725] ? clear_bhb_loop+0x40/0x90 [ 425.281835][T17725] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.281855][T17725] RIP: 0033:0x7f070399c799 [ 425.281875][T17725] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 425.281892][T17725] RSP: 002b:00007f070486b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 425.281915][T17725] RAX: ffffffffffffffda RBX: 00007f0703c16090 RCX: 00007f070399c799 [ 425.281929][T17725] RDX: 0000000000040004 RSI: 0000200000000280 RDI: 0000000000000004 [ 425.281942][T17725] RBP: 00007f070486b090 R08: 0000000000000000 R09: 0000000000000000 [ 425.281959][T17725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 425.281971][T17725] R13: 00007f0703c16128 R14: 00007f0703c16090 R15: 00007ffe123bd568 [ 425.282005][T17725] [ 426.190178][ T852] wlan1: Trigger new scan to find an IBSS to join [ 426.334824][T17754] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3825'. [ 426.367407][T17754] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3825'. [ 426.389957][T17754] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3825'. [ 426.550042][T17762] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3829'. [ 426.559492][T17762] openvswitch: netlink: Flow key attr not present in new flow. [ 426.602420][T17769] FAULT_INJECTION: forcing a failure. [ 426.602420][T17769] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 426.654008][T17769] CPU: 0 UID: 0 PID: 17769 Comm: syz.2.3830 Not tainted syzkaller #0 PREEMPT(full) [ 426.654039][T17769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 426.654052][T17769] Call Trace: [ 426.654060][T17769] [ 426.654069][T17769] dump_stack_lvl+0xe8/0x150 [ 426.654113][T17769] should_fail_ex+0x412/0x560 [ 426.654149][T17769] _copy_from_user+0x2d/0xb0 [ 426.654173][T17769] __copy_msghdr+0x3c5/0x5b0 [ 426.654202][T17769] ___sys_sendmsg+0x213/0x360 [ 426.654231][T17769] ? __pfx____sys_sendmsg+0x10/0x10 [ 426.654295][T17769] ? __fget_files+0x2a/0x420 [ 426.654324][T17769] ? __fget_files+0x3a0/0x420 [ 426.654363][T17769] __x64_sys_sendmsg+0x1bd/0x2a0 [ 426.654390][T17769] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 426.654421][T17769] ? __pfx_ksys_write+0x10/0x10 [ 426.654454][T17769] do_syscall_64+0x14d/0xf80 [ 426.654477][T17769] ? trace_irq_disable+0x3b/0x150 [ 426.654506][T17769] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.654527][T17769] ? clear_bhb_loop+0x40/0x90 [ 426.654553][T17769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.654573][T17769] RIP: 0033:0x7f363bb9c799 [ 426.654592][T17769] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 426.654609][T17769] RSP: 002b:00007f363caf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 426.654632][T17769] RAX: ffffffffffffffda RBX: 00007f363be15fa0 RCX: 00007f363bb9c799 [ 426.654646][T17769] RDX: 00000000000408d1 RSI: 0000200000000340 RDI: 0000000000000003 [ 426.654659][T17769] RBP: 00007f363caf6090 R08: 0000000000000000 R09: 0000000000000000 [ 426.654671][T17769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 426.654683][T17769] R13: 00007f363be16038 R14: 00007f363be15fa0 R15: 00007fff231fdfd8 [ 426.654717][T17769] [ 426.921652][T17775] FAULT_INJECTION: forcing a failure. [ 426.921652][T17775] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 426.949835][T17775] CPU: 1 UID: 0 PID: 17775 Comm: syz.4.3831 Not tainted syzkaller #0 PREEMPT(full) [ 426.949864][T17775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 426.949876][T17775] Call Trace: [ 426.949884][T17775] [ 426.949892][T17775] dump_stack_lvl+0xe8/0x150 [ 426.949926][T17775] should_fail_ex+0x412/0x560 [ 426.949961][T17775] _copy_from_iter+0x1d3/0x1670 [ 426.949993][T17775] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 426.950025][T17775] ? __pfx_policy_nodemask+0x10/0x10 [ 426.950054][T17775] ? __pfx__copy_from_iter+0x10/0x10 [ 426.950092][T17775] ? set_page_refcounted+0xa0/0x1e0 [ 426.950116][T17775] ? page_copy_sane+0x4e/0x270 [ 426.950148][T17775] copy_page_from_iter+0xdd/0x170 [ 426.950185][T17775] tun_get_user+0x1d4b/0x3dd0 [ 426.950205][T17775] ? tun_get_user+0x6ff/0x3dd0 [ 426.950244][T17775] ? aa_file_perm+0x50e/0x15e0 [ 426.950265][T17775] ? __pfx_tun_get_user+0x10/0x10 [ 426.950283][T17775] ? aa_file_perm+0x192/0x15e0 [ 426.950322][T17775] ? ref_tracker_alloc+0x35c/0x4c0 [ 426.950356][T17775] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 426.950401][T17775] ? tun_get+0x1c/0x2f0 [ 426.950428][T17775] ? tun_get+0x1c/0x2f0 [ 426.950448][T17775] ? tun_get+0x1c/0x2f0 [ 426.950473][T17775] tun_chr_write_iter+0x113/0x200 [ 426.950497][T17775] vfs_write+0x61d/0xb90 [ 426.950529][T17775] ? __pfx_vfs_write+0x10/0x10 [ 426.950562][T17775] ? __fget_files+0x2a/0x420 [ 426.950603][T17775] ksys_write+0x150/0x270 [ 426.950629][T17775] ? __pfx_ksys_write+0x10/0x10 [ 426.950663][T17775] do_syscall_64+0x14d/0xf80 [ 426.950685][T17775] ? trace_irq_disable+0x3b/0x150 [ 426.950714][T17775] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.950736][T17775] ? clear_bhb_loop+0x40/0x90 [ 426.950761][T17775] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.950782][T17775] RIP: 0033:0x7f3effb5cfce [ 426.950802][T17775] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 426.950819][T17775] RSP: 002b:00007f3f00b24fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 426.950842][T17775] RAX: ffffffffffffffda RBX: 00007f3f00b256c0 RCX: 00007f3effb5cfce [ 426.950856][T17775] RDX: 000000000000004e RSI: 0000200000000600 RDI: 00000000000000c8 [ 426.950869][T17775] RBP: 00007f3f00b25090 R08: 0000000000000000 R09: 0000000000000000 [ 426.950882][T17775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 426.950894][T17775] R13: 00007f3effe16038 R14: 00007f3effe15fa0 R15: 00007ffecb4f2ab8 [ 426.950928][T17775] [ 427.285868][T17778] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3832'. [ 427.340812][T17778] validate_nla: 3 callbacks suppressed [ 427.340833][T17778] netlink: 'syz.0.3832': attribute type 32 has an invalid length. [ 427.358719][T17785] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3836'. [ 427.390231][T17778] netlink: 776 bytes leftover after parsing attributes in process `syz.0.3832'. [ 427.856805][T17813] netlink: 272 bytes leftover after parsing attributes in process `syz.0.3846'. [ 428.042956][T17824] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3848'. [ 428.071145][T17824] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3848'. [ 428.099983][T17824] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3848'. [ 428.275109][T17831] FAULT_INJECTION: forcing a failure. [ 428.275109][T17831] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 428.312192][T17831] CPU: 1 UID: 0 PID: 17831 Comm: syz.3.3850 Not tainted syzkaller #0 PREEMPT(full) [ 428.312224][T17831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 428.312236][T17831] Call Trace: [ 428.312244][T17831] [ 428.312253][T17831] dump_stack_lvl+0xe8/0x150 [ 428.312289][T17831] should_fail_ex+0x412/0x560 [ 428.312332][T17831] _copy_from_user+0x2d/0xb0 [ 428.312357][T17831] __copy_msghdr+0x3c5/0x5b0 [ 428.312385][T17831] ___sys_sendmsg+0x213/0x360 [ 428.312415][T17831] ? __pfx____sys_sendmsg+0x10/0x10 [ 428.312477][T17831] ? __fget_files+0x2a/0x420 [ 428.312505][T17831] ? __fget_files+0x3a0/0x420 [ 428.312544][T17831] __x64_sys_sendmsg+0x1bd/0x2a0 [ 428.312571][T17831] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 428.312606][T17831] ? __pfx_ksys_write+0x10/0x10 [ 428.312640][T17831] do_syscall_64+0x14d/0xf80 [ 428.312663][T17831] ? trace_irq_disable+0x3b/0x150 [ 428.312692][T17831] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.312713][T17831] ? clear_bhb_loop+0x40/0x90 [ 428.312738][T17831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.312758][T17831] RIP: 0033:0x7f7ee539c799 [ 428.312778][T17831] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 428.312796][T17831] RSP: 002b:00007f7ee6267028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 428.312820][T17831] RAX: ffffffffffffffda RBX: 00007f7ee5615fa0 RCX: 00007f7ee539c799 [ 428.312834][T17831] RDX: 0000000000044890 RSI: 0000200000000bc0 RDI: 0000000000000003 [ 428.312847][T17831] RBP: 00007f7ee6267090 R08: 0000000000000000 R09: 0000000000000000 [ 428.312859][T17831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 428.312871][T17831] R13: 00007f7ee5616038 R14: 00007f7ee5615fa0 R15: 00007ffd353cafc8 [ 428.312904][T17831] [ 428.631939][T17806] netlink: 'syz.2.3843': attribute type 1 has an invalid length. [ 428.954309][T17838] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3854'. [ 429.035637][T17838] netlink: 'syz.4.3854': attribute type 1 has an invalid length. [ 429.044392][T17838] netlink: 'syz.4.3854': attribute type 1 has an invalid length. [ 429.052383][T17838] netlink: 9172 bytes leftover after parsing attributes in process `syz.4.3854'. [ 429.286832][T17856] netlink: 348 bytes leftover after parsing attributes in process `syz.0.3856'. [ 429.309763][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 429.317858][ C1] lec:lec_tx_timeout: lec0 [ 429.322538][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 429.340582][T17846] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.3856'. [ 429.352633][T17846] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 429.692113][T17867] FAULT_INJECTION: forcing a failure. [ 429.692113][T17867] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 429.738568][T17871] batman_adv: batadv0: Adding interface: dummy0 [ 429.745257][T17871] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 429.771882][T17871] batman_adv: batadv0: Interface activated: dummy0 [ 429.783585][T17867] CPU: 1 UID: 0 PID: 17867 Comm: syz.3.3863 Not tainted syzkaller #0 PREEMPT(full) [ 429.783617][T17867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 429.783629][T17867] Call Trace: [ 429.783637][T17867] [ 429.783645][T17867] dump_stack_lvl+0xe8/0x150 [ 429.783678][T17867] should_fail_ex+0x412/0x560 [ 429.783711][T17867] _copy_to_user+0x31/0xb0 [ 429.783735][T17867] simple_read_from_buffer+0xe1/0x170 [ 429.783770][T17867] proc_fail_nth_read+0x1bb/0x230 [ 429.783800][T17867] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 429.783831][T17867] ? rw_verify_area+0x2a6/0x4d0 [ 429.783853][T17867] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 429.783881][T17867] vfs_read+0x20c/0xa70 [ 429.783901][T17867] ? fdget_pos+0x246/0x320 [ 429.783935][T17867] ? __pfx___mutex_lock+0x10/0x10 [ 429.783958][T17867] ? __pfx_vfs_read+0x10/0x10 [ 429.783981][T17867] ? __fget_files+0x2a/0x420 [ 429.784014][T17867] ? __fget_files+0x3a0/0x420 [ 429.784040][T17867] ? __fget_files+0x2a/0x420 [ 429.784095][T17867] ksys_read+0x150/0x270 [ 429.784118][T17867] ? __pfx_ksys_read+0x10/0x10 [ 429.784152][T17867] do_syscall_64+0x14d/0xf80 [ 429.784174][T17867] ? trace_irq_disable+0x3b/0x150 [ 429.784202][T17867] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.784222][T17867] ? clear_bhb_loop+0x40/0x90 [ 429.784247][T17867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.784267][T17867] RIP: 0033:0x7f7ee535cfce [ 429.784287][T17867] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 429.784304][T17867] RSP: 002b:00007f7ee6266fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 429.784326][T17867] RAX: ffffffffffffffda RBX: 00007f7ee62676c0 RCX: 00007f7ee535cfce [ 429.784348][T17867] RDX: 000000000000000f RSI: 00007f7ee62670a0 RDI: 0000000000000004 [ 429.784361][T17867] RBP: 00007f7ee6267090 R08: 0000000000000000 R09: 0000000000000000 [ 429.784373][T17867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 429.784384][T17867] R13: 00007f7ee5616038 R14: 00007f7ee5615fa0 R15: 00007ffd353cafc8 [ 429.784417][T17867] [ 430.194050][ T852] wlan1: Trigger new scan to find an IBSS to join [ 430.194644][T17871] batadv0: mtu less than device minimum [ 430.210146][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.227273][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.239229][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.251240][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.263194][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.275436][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.287439][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.299359][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.392902][T17885] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 430.700849][T17905] Cannot find del_set index 0 as target [ 431.053535][T17920] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 431.132494][ T12] wlan1: Creating new IBSS network, BSSID 6a:29:f8:87:ea:62 [ 431.393575][T17942] IPVS: set_ctl: invalid protocol: 1 172.20.20.170:20003 [ 431.402398][T17941] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3894'. [ 431.916781][T17969] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 432.076456][T17973] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3905'. [ 432.752291][T18005] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 432.945006][T18009] __nla_validate_parse: 1 callbacks suppressed [ 432.945027][T18009] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3919'. [ 433.042023][T18019] netlink: 'syz.4.3923': attribute type 1 has an invalid length. [ 433.081621][T18019] 8021q: adding VLAN 0 to HW filter on device bond6 [ 433.160395][T18025] ipt_rpfilter: unknown options [ 433.866428][T18057] ip6gre0: Master is either lo or non-ether device [ 434.103131][T18066] netlink: 84 bytes leftover after parsing attributes in process `syz.1.3935'. [ 434.153350][T18070] netlink: 'syz.4.3939': attribute type 25 has an invalid length. [ 434.162212][T18070] netlink: 'syz.4.3939': attribute type 9 has an invalid length. [ 434.260253][ T5835] block nbd4: Receive control failed (result -32) [ 434.330302][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 434.338411][ C1] lec:lec_tx_timeout: lec0 [ 434.344177][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 434.397063][T18083] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3943'. [ 434.405325][T18077] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3942'. [ 434.427043][T18077] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3942'. [ 434.753305][T18098] netlink: 'syz.3.3948': attribute type 1 has an invalid length. [ 434.761535][T18098] netlink: 136 bytes leftover after parsing attributes in process `syz.3.3948'. [ 434.771073][T18098] netlink: 'syz.3.3948': attribute type 1 has an invalid length. [ 434.778909][T18098] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3948'. [ 434.810315][T18102] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3950'. [ 434.815956][T18098] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3948'. [ 434.849240][T18098] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3948'. [ 434.984217][T18113] netlink: 'syz.2.3952': attribute type 9 has an invalid length. [ 435.355013][T18136] netlink: 'syz.2.3960': attribute type 1 has an invalid length. [ 435.382564][T18144] sctp: [Deprecated]: syz.3.3964 (pid 18144) Use of struct sctp_assoc_value in delayed_ack socket option. [ 435.382564][T18144] Use struct sctp_sack_info instead [ 435.669192][T18156] SET target dimension over the limit! [ 435.774337][T18162] sctp: [Deprecated]: syz.1.3972 (pid 18162) Use of int in max_burst socket option. [ 435.774337][T18162] Use struct sctp_assoc_value instead [ 436.034665][T18177] netlink: 'syz.1.3978': attribute type 1 has an invalid length. [ 436.124434][T18181] netlink: 'syz.4.3982': attribute type 2 has an invalid length. [ 436.179113][T18181] 9: entered promiscuous mode [ 436.703632][T18217] netlink: 'syz.4.3993': attribute type 1 has an invalid length. [ 436.850581][T18223] FAULT_INJECTION: forcing a failure. [ 436.850581][T18223] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 436.878093][T18223] CPU: 0 UID: 0 PID: 18223 Comm: syz.4.3997 Not tainted syzkaller #0 PREEMPT(full) [ 436.878123][T18223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 436.878134][T18223] Call Trace: [ 436.878142][T18223] [ 436.878151][T18223] dump_stack_lvl+0xe8/0x150 [ 436.878183][T18223] should_fail_ex+0x412/0x560 [ 436.878217][T18223] _copy_from_iter+0x1d3/0x1670 [ 436.878243][T18223] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 436.878268][T18223] ? __pfx_policy_nodemask+0x10/0x10 [ 436.878291][T18223] ? __pfx__copy_from_iter+0x10/0x10 [ 436.878321][T18223] ? set_page_refcounted+0xa0/0x1e0 [ 436.878342][T18223] ? page_copy_sane+0x4e/0x270 [ 436.878377][T18223] copy_page_from_iter+0xdd/0x170 [ 436.878406][T18223] tun_get_user+0x1d4b/0x3dd0 [ 436.878424][T18223] ? tun_get_user+0x6ff/0x3dd0 [ 436.878458][T18223] ? aa_file_perm+0x50e/0x15e0 [ 436.878477][T18223] ? __pfx_tun_get_user+0x10/0x10 [ 436.878494][T18223] ? aa_file_perm+0x192/0x15e0 [ 436.878529][T18223] ? ref_tracker_alloc+0x35c/0x4c0 [ 436.878560][T18223] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 436.878593][T18223] ? tun_get+0x1c/0x2f0 [ 436.878620][T18223] ? tun_get+0x1c/0x2f0 [ 436.878640][T18223] ? tun_get+0x1c/0x2f0 [ 436.878664][T18223] tun_chr_write_iter+0x113/0x200 [ 436.878687][T18223] vfs_write+0x61d/0xb90 [ 436.878718][T18223] ? __pfx_vfs_write+0x10/0x10 [ 436.878750][T18223] ? __fget_files+0x2a/0x420 [ 436.878788][T18223] ksys_write+0x150/0x270 [ 436.878811][T18223] ? __pfx_ksys_write+0x10/0x10 [ 436.878843][T18223] do_syscall_64+0x14d/0xf80 [ 436.878864][T18223] ? trace_irq_disable+0x3b/0x150 [ 436.878892][T18223] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.878912][T18223] ? clear_bhb_loop+0x40/0x90 [ 436.878936][T18223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.878954][T18223] RIP: 0033:0x7f3effb5cfce [ 436.878974][T18223] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 436.878992][T18223] RSP: 002b:00007f3f00b24fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 436.879014][T18223] RAX: ffffffffffffffda RBX: 00007f3f00b256c0 RCX: 00007f3effb5cfce [ 436.879029][T18223] RDX: 000000000000007e RSI: 00002000000001c0 RDI: 00000000000000c8 [ 436.879042][T18223] RBP: 00007f3f00b25090 R08: 0000000000000000 R09: 0000000000000000 [ 436.879055][T18223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 436.879067][T18223] R13: 00007f3effe16038 R14: 00007f3effe15fa0 R15: 00007ffecb4f2ab8 [ 436.879100][T18223] [ 437.195376][T18233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 437.216774][T18232] syzkaller1: entered promiscuous mode [ 437.223722][T18232] syzkaller1: entered allmulticast mode [ 437.283262][T18235] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 437.422207][T18243] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 437.439512][T18236] syzkaller0: entered promiscuous mode [ 437.447700][T18236] syzkaller0: entered allmulticast mode [ 438.123717][T18285] bond4: entered allmulticast mode [ 438.138790][T18285] bridge2: entered promiscuous mode [ 438.144678][T18285] bridge2: entered allmulticast mode [ 438.156878][T18285] bond4: (slave bridge2): Enslaving as an active interface with an up link [ 438.211157][T18289] __nla_validate_parse: 10 callbacks suppressed [ 438.211180][T18289] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4017'. [ 438.910804][T18334] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4032'. [ 439.060544][T18338] netlink: 'syz.4.4034': attribute type 2 has an invalid length. [ 439.360053][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 439.368133][ C1] lec:lec_tx_timeout: lec0 [ 439.373680][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 439.673052][T18370] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4046'. [ 439.687056][T18372] netlink: 'syz.3.4047': attribute type 1 has an invalid length. [ 439.707923][T18372] netlink: 228 bytes leftover after parsing attributes in process `syz.3.4047'. [ 439.727473][T18372] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4047'. [ 439.848152][T18377] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4049'. [ 439.862222][T18374] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4048'. [ 440.021969][T18387] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4052'. [ 440.103360][T18393] netlink: 'syz.1.4053': attribute type 3 has an invalid length. [ 440.115028][T18393] netlink: 'syz.1.4053': attribute type 3 has an invalid length. [ 440.365193][T18387] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4052'. [ 440.390663][T18407] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4059'. [ 440.612657][T18407] xt_hashlimit: Unknown mode mask C4, kernel too old? [ 440.621005][T18419] bond5: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 440.637531][T18419] bond5 (unregistering): Released all slaves [ 440.738441][T18426] net_ratelimit: 12 callbacks suppressed [ 440.738461][T18426] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 440.903085][T18431] sctp: [Deprecated]: syz.1.4067 (pid 18431) Use of int in max_burst socket option deprecated. [ 440.903085][T18431] Use struct sctp_assoc_value instead [ 441.011203][T18437] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 441.096224][T18441] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 441.275777][T18447] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 441.338555][T18450] tipc: Enabling of bearer rejected, already enabled [ 441.357294][T18450] mac80211_hwsim hwsim3 +: renamed from syzkaller0 [ 441.386833][T18450] tipc: Disabling bearer [ 441.405526][T18450] ⃳B1l: renamed from veth0_vlan [ 441.494276][T18455] 8021q: adding VLAN 0 to HW filter on device bond8 [ 441.551251][T18457] macvlan2: entered promiscuous mode [ 441.556767][T18457] macvlan2: entered allmulticast mode [ 441.564466][T18457] bond8: entered allmulticast mode [ 441.580065][T18457] bond8: entered promiscuous mode [ 441.585988][T18457] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 441.600006][T18457] team0: Port device macvlan2 added [ 441.772767][T18466] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 442.020350][T18477] bond8: option mode: invalid value (133) [ 442.062323][T18477] bond8 (unregistering): Released all slaves [ 442.141733][T18484] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 442.297657][T18489] netlink: 'syz.3.4086': attribute type 1 has an invalid length. [ 442.557582][T18500] IPVS: set_ctl: invalid protocol: 135 172.20.20.187:20002 [ 442.781816][T18509] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 442.833787][T18512] netlink: 'syz.4.4096': attribute type 1 has an invalid length. [ 443.403227][T18534] __nla_validate_parse: 5 callbacks suppressed [ 443.403249][T18534] netlink: 216 bytes leftover after parsing attributes in process `syz.3.4103'. [ 443.441473][T18534] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4103'. [ 443.482830][T18543] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 443.583882][T18545] netlink: 'syz.4.4107': attribute type 1 has an invalid length. [ 443.592048][T18545] netlink: 224 bytes leftover after parsing attributes in process `syz.4.4107'. [ 443.907446][T18557] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4113'. [ 444.344637][T18579] net veth1_virt_wifi : renamed from virt_wifi0 [ 444.386978][T18579] pimreg: entered allmulticast mode [ 444.622977][T18592] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 445.149750][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5780 ms [ 445.157808][ C1] lec:lec_tx_timeout: lec0 [ 445.163035][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 445.479410][T18636] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 445.630864][T18644] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 446.112762][ T25] block nbd1: Possible stuck request ffff8880267e0000: control (read@0,1024B). Runtime 60 seconds [ 446.125904][ T1644] block nbd0: Possible stuck request ffff888026768000: control (read@0,1024B). Runtime 60 seconds [ 446.197125][T18671] netlink: 'syz.3.4160': attribute type 1 has an invalid length. [ 446.205124][T18671] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4160'. [ 446.279691][T18675] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 446.407592][T18687] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4166'. [ 446.525390][ T1644] block nbd0: Possible stuck request ffff888026768200: control (read@1024,1024B). Runtime 60 seconds [ 446.536601][ T1644] block nbd0: Possible stuck request ffff888026768400: control (read@2048,1024B). Runtime 60 seconds [ 446.557833][ T25] block nbd1: Possible stuck request ffff8880267e0200: control (read@1024,1024B). Runtime 60 seconds [ 446.568896][ T25] block nbd1: Possible stuck request ffff8880267e0400: control (read@2048,1024B). Runtime 60 seconds [ 446.602612][ T1644] block nbd0: Possible stuck request ffff888026768600: control (read@3072,1024B). Runtime 60 seconds [ 446.613763][ T25] block nbd1: Possible stuck request ffff8880267e0600: control (read@3072,1024B). Runtime 60 seconds [ 447.438426][T18728] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4181'. [ 447.447515][T18728] netlink: 'syz.0.4181': attribute type 7 has an invalid length. [ 447.459756][T18728] netlink: 'syz.0.4181': attribute type 8 has an invalid length. [ 447.467528][T18728] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4181'. [ 447.532111][T18728] bridge0: entered promiscuous mode [ 447.555840][T18728] gretap0: entered promiscuous mode [ 447.570997][T18728] erspan0: entered promiscuous mode [ 447.582110][T18728] hsr1: Slave A (bridge0) is not up; please bring it up to get a fully working HSR network [ 448.316932][T18758] netlink: 'syz.2.4190': attribute type 1 has an invalid length. [ 448.349260][T18763] openvswitch: netlink: Flow key attr not present in new flow. [ 448.447868][T18766] netlink: 'syz.4.4193': attribute type 1 has an invalid length. [ 448.479172][T18766] netlink: 224 bytes leftover after parsing attributes in process `syz.4.4193'. [ 448.570678][T18770] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 448.964546][T18793] netlink: 27 bytes leftover after parsing attributes in process `syz.3.4203'. [ 450.189771][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5030 ms [ 450.197855][ C1] lec:lec_tx_timeout: lec0 [ 450.202943][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 450.704168][T18852] netlink: 'syz.3.4224': attribute type 5 has an invalid length. [ 450.716753][T18873] netlink: 'syz.3.4224': attribute type 3 has an invalid length. [ 450.971095][T18886] syzkaller1: entered promiscuous mode [ 450.976829][T18886] syzkaller1: entered allmulticast mode [ 450.998689][T18887] bond2: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 451.056500][T18887] bond2: (slave lo): Enslaving as an active interface with an up link [ 451.092268][T18887] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 451.285609][T18901] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 451.329374][T18901] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 451.360940][T18901] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 451.611436][T18924] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4244'. [ 452.096595][T18943] netlink: 'syz.0.4251': attribute type 1 has an invalid length. [ 452.129921][T18943] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4251'. [ 452.369984][T18951] syzkaller0: entered promiscuous mode [ 452.386105][T18951] syzkaller0: entered allmulticast mode [ 452.531523][T18959] x_tables: ip6_tables: tcp match: only valid for protocol 6 [ 452.579355][T18956] xt_CT: No such helper "snmp_trap" [ 452.748583][T18956] netlink: 'syz.2.4257': attribute type 22 has an invalid length. [ 452.904986][T18976] syzkaller1: entered promiscuous mode [ 452.929391][T18976] syzkaller1: entered allmulticast mode [ 452.953632][T18978] IPVS: set_ctl: invalid protocol: 94 127.0.0.1:20004 [ 453.055146][T18984] netlink: 'syz.1.4265': attribute type 1 has an invalid length. [ 453.079101][T18984] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4265'. [ 453.655845][T19009] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 454.214103][T19036] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 454.289261][T19039] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 454.332484][T19041] syzkaller1: entered promiscuous mode [ 454.349938][T19041] syzkaller1: entered allmulticast mode [ 454.450177][T19047] netlink: 'syz.3.4291': attribute type 12 has an invalid length. [ 454.470666][T19048] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 455.151960][T19079] FAULT_INJECTION: forcing a failure. [ 455.151960][T19079] name failslab, interval 1, probability 0, space 0, times 0 [ 455.163333][T19081] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 455.200261][T19079] CPU: 0 UID: 0 PID: 19079 Comm: syz.2.4304 Not tainted syzkaller #0 PREEMPT(full) [ 455.200292][T19079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 455.200304][T19079] Call Trace: [ 455.200311][T19079] [ 455.200320][T19079] dump_stack_lvl+0xe8/0x150 [ 455.200354][T19079] should_fail_ex+0x412/0x560 [ 455.200388][T19079] should_failslab+0xa8/0x100 [ 455.200417][T19079] __kmalloc_cache_noprof+0x88/0x660 [ 455.200442][T19079] ? sctp_add_bind_addr+0x8c/0x370 [ 455.200477][T19079] sctp_add_bind_addr+0x8c/0x370 [ 455.200510][T19079] sctp_copy_local_addr_list+0x314/0x4f0 [ 455.200542][T19079] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 455.200570][T19079] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 455.200602][T19079] ? sctp_v6_is_any+0x64/0x80 [ 455.200634][T19079] ? sctp_copy_one_addr+0x93/0x360 [ 455.200667][T19079] sctp_bind_addr_copy+0xb3/0x3c0 [ 455.200696][T19079] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 455.200726][T19079] sctp_connect_new_asoc+0x2ff/0x6b0 [ 455.200753][T19079] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 455.200783][T19079] ? __local_bh_enable_ip+0xd0/0x130 [ 455.200808][T19079] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 455.200833][T19079] ? security_sctp_bind_connect+0x7e/0x2c0 [ 455.200862][T19079] sctp_sendmsg+0x1528/0x2c10 [ 455.200902][T19079] ? __pfx_sctp_sendmsg+0x10/0x10 [ 455.200927][T19079] ? aa_sk_perm+0x6d5/0x900 [ 455.200964][T19079] ? __pfx_aa_sk_perm+0x10/0x10 [ 455.200997][T19079] ? sock_rps_record_flow+0x19/0x400 [ 455.201021][T19079] ? __pfx_inet_sendmsg+0x10/0x10 [ 455.201046][T19079] ? inet_sendmsg+0x2f4/0x370 [ 455.201071][T19079] ? __pfx_inet_sendmsg+0x10/0x10 [ 455.201095][T19079] __sys_sendto+0x5de/0x710 [ 455.201122][T19079] ? __pfx___sys_sendto+0x10/0x10 [ 455.201150][T19079] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 455.201189][T19079] ? __fget_files+0x3a0/0x420 [ 455.201230][T19079] ? ksys_write+0x242/0x270 [ 455.201255][T19079] ? __pfx_ksys_write+0x10/0x10 [ 455.201281][T19079] __x64_sys_sendto+0xde/0x100 [ 455.201306][T19079] do_syscall_64+0x14d/0xf80 [ 455.201328][T19079] ? trace_irq_disable+0x3b/0x150 [ 455.201355][T19079] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.201376][T19079] ? clear_bhb_loop+0x40/0x90 [ 455.201400][T19079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.201420][T19079] RIP: 0033:0x7f363bb9c799 [ 455.201439][T19079] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 455.201456][T19079] RSP: 002b:00007f363caf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 455.201479][T19079] RAX: ffffffffffffffda RBX: 00007f363be15fa0 RCX: 00007f363bb9c799 [ 455.201494][T19079] RDX: 0000000000034000 RSI: 0000200000000500 RDI: 0000000000000008 [ 455.201508][T19079] RBP: 00007f363caf6090 R08: 0000200000000140 R09: 000000000000001c [ 455.201520][T19079] R10: 000000002000c851 R11: 0000000000000246 R12: 0000000000000002 [ 455.201532][T19079] R13: 00007f363be16038 R14: 00007f363be15fa0 R15: 00007fff231fdfd8 [ 455.201565][T19079] [ 455.219837][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 455.514820][ C1] lec:lec_tx_timeout: lec0 [ 455.519801][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 455.594896][T19084] netlink: 'syz.4.4306': attribute type 1 has an invalid length. [ 455.603612][ T5193] udevd[5193]: worker [15452] /devices/virtual/block/nbd0 is taking a long time [ 455.623198][ T5193] udevd[5193]: worker [15971] /devices/virtual/block/nbd1 is taking a long time [ 455.646834][T19091] netlink: 268 bytes leftover after parsing attributes in process `syz.4.4306'. [ 455.669956][T19091] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4306'. [ 455.689199][T19091] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4306'. [ 455.748165][T19084] 8021q: adding VLAN 0 to HW filter on device bond9 [ 456.080821][T19108] netlink: 10 bytes leftover after parsing attributes in process `syz.2.4313'. [ 456.465399][T19120] FAULT_INJECTION: forcing a failure. [ 456.465399][T19120] name failslab, interval 1, probability 0, space 0, times 0 [ 456.478272][T19120] CPU: 0 UID: 0 PID: 19120 Comm: syz.1.4318 Not tainted syzkaller #0 PREEMPT(full) [ 456.478300][T19120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 456.478312][T19120] Call Trace: [ 456.478321][T19120] [ 456.478330][T19120] dump_stack_lvl+0xe8/0x150 [ 456.478363][T19120] should_fail_ex+0x412/0x560 [ 456.478394][T19120] should_failslab+0xa8/0x100 [ 456.478418][T19120] __kmalloc_cache_noprof+0x88/0x660 [ 456.478437][T19120] ? __sctp_v6_cmp_addr+0x1e6/0x510 [ 456.478463][T19120] ? sctp_add_bind_addr+0x8c/0x370 [ 456.478491][T19120] sctp_add_bind_addr+0x8c/0x370 [ 456.478519][T19120] sctp_copy_local_addr_list+0x314/0x4f0 [ 456.478546][T19120] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 456.478570][T19120] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 456.478596][T19120] ? sctp_v6_is_any+0x64/0x80 [ 456.478621][T19120] ? sctp_copy_one_addr+0x93/0x360 [ 456.478648][T19120] sctp_bind_addr_copy+0xb3/0x3c0 [ 456.478672][T19120] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 456.478697][T19120] sctp_connect_new_asoc+0x2ff/0x6b0 [ 456.478719][T19120] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 456.478743][T19120] ? __local_bh_enable_ip+0xd0/0x130 [ 456.478764][T19120] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 456.478784][T19120] ? security_sctp_bind_connect+0x7e/0x2c0 [ 456.478808][T19120] sctp_sendmsg+0x1528/0x2c10 [ 456.478840][T19120] ? __pfx_sctp_sendmsg+0x10/0x10 [ 456.478861][T19120] ? aa_sk_perm+0x6d5/0x900 [ 456.478891][T19120] ? __pfx_aa_sk_perm+0x10/0x10 [ 456.478916][T19120] ? sock_rps_record_flow+0x19/0x400 [ 456.478935][T19120] ? __pfx_inet_sendmsg+0x10/0x10 [ 456.478956][T19120] ? inet_sendmsg+0x2f4/0x370 [ 456.478975][T19120] ? __pfx_inet_sendmsg+0x10/0x10 [ 456.478995][T19120] __sys_sendto+0x5de/0x710 [ 456.479015][T19120] ? __pfx___sys_sendto+0x10/0x10 [ 456.479030][T19120] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 456.479068][T19120] ? __fget_files+0x3a0/0x420 [ 456.479102][T19120] ? ksys_write+0x242/0x270 [ 456.479122][T19120] ? __pfx_ksys_write+0x10/0x10 [ 456.479145][T19120] __x64_sys_sendto+0xde/0x100 [ 456.479165][T19120] do_syscall_64+0x14d/0xf80 [ 456.479183][T19120] ? trace_irq_disable+0x3b/0x150 [ 456.479206][T19120] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.479222][T19120] ? clear_bhb_loop+0x40/0x90 [ 456.479243][T19120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.479259][T19120] RIP: 0033:0x7f8f5999c799 [ 456.479276][T19120] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 456.479291][T19120] RSP: 002b:00007f8f5a8f9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 456.479310][T19120] RAX: ffffffffffffffda RBX: 00007f8f59c15fa0 RCX: 00007f8f5999c799 [ 456.479323][T19120] RDX: 0000000000034000 RSI: 0000200000000500 RDI: 0000000000000008 [ 456.479334][T19120] RBP: 00007f8f5a8f9090 R08: 0000200000000140 R09: 000000000000001c [ 456.479345][T19120] R10: 000000002000c851 R11: 0000000000000246 R12: 0000000000000002 [ 456.479356][T19120] R13: 00007f8f59c16038 R14: 00007f8f59c15fa0 R15: 00007ffc046dd508 [ 456.479383][T19120] [ 456.893119][T19128] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4321'. [ 456.933970][T19128] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4321'. [ 457.075085][T19134] lo: entered allmulticast mode [ 457.080595][T19134] tunl0: entered allmulticast mode [ 457.086090][T19134] gre0: entered allmulticast mode [ 457.086511][T19137] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 457.091571][T19134] gretap0: entered allmulticast mode [ 457.105470][T19134] erspan0: entered allmulticast mode [ 457.111128][T19134] ip_vti0: entered allmulticast mode [ 457.117872][T19134] ip6_vti0: entered allmulticast mode [ 457.124304][T19134] sit0: entered allmulticast mode [ 457.130019][T19134] ip6tnl0: entered allmulticast mode [ 457.135471][T19134] ip6gre0: entered allmulticast mode [ 457.141218][T19134] syz_tun: entered allmulticast mode [ 457.146709][T19134] ip6gretap0: entered allmulticast mode [ 457.153403][T19134] bond0: entered allmulticast mode [ 457.158554][T19134] bond_slave_0: entered allmulticast mode [ 457.164605][T19134] bond_slave_1: entered allmulticast mode [ 457.170658][T19134] team0: entered allmulticast mode [ 457.175992][T19134] team_slave_0: entered allmulticast mode [ 457.182160][T19134] team_slave_1: entered allmulticast mode [ 457.188317][T19134] dummy0: entered allmulticast mode [ 457.193874][T19134] nlmon0: entered allmulticast mode [ 457.199476][T19134] caif0: entered allmulticast mode [ 457.204893][T19134] batadv0: entered allmulticast mode [ 457.210675][T19134] vxcan0: entered allmulticast mode [ 457.216081][T19134] vxcan1: entered allmulticast mode [ 457.221780][T19134] veth0: entered allmulticast mode [ 457.227137][T19134] veth1: entered allmulticast mode [ 457.233274][T19134] wg0: entered allmulticast mode [ 457.238405][T19134] wg1: entered allmulticast mode [ 457.243860][T19134] wg2: entered allmulticast mode [ 457.249025][T19134] veth0_to_bridge: entered allmulticast mode [ 457.255684][T19134] veth1_to_bridge: entered allmulticast mode [ 457.261974][T19134] bridge_slave_1: entered allmulticast mode [ 457.268276][T19134] veth0_to_bond: entered allmulticast mode [ 457.274544][T19134] veth1_to_bond: entered allmulticast mode [ 457.281002][T19134] veth0_to_team: entered allmulticast mode [ 457.310448][T19134] veth1_to_team: entered allmulticast mode [ 457.316643][T19134] veth0_to_batadv: entered allmulticast mode [ 457.345770][T19134] batadv_slave_0: entered allmulticast mode [ 457.355437][T19134] xfrm0: entered allmulticast mode [ 457.362115][T19134] veth0_to_hsr: entered allmulticast mode [ 457.378354][T19134] hsr_slave_0: entered allmulticast mode [ 457.388507][T19134] veth1_to_hsr: entered allmulticast mode [ 457.408839][T19134] hsr_slave_1: entered allmulticast mode [ 457.420045][T19134] hsr0: entered allmulticast mode [ 457.425255][T19134] veth1_virt_wifi: entered allmulticast mode [ 457.439490][T19134] veth0_virt_wifi: entered allmulticast mode [ 457.446124][T19134] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 457.454420][T19134] veth1_vlan: entered allmulticast mode [ 457.479617][T19134] ⃳B1l: entered allmulticast mode [ 457.488680][T19134] vlan0: entered allmulticast mode [ 457.494971][T19134] vlan1: entered allmulticast mode [ 457.500579][T19134] macvlan0: entered allmulticast mode [ 457.506333][T19134] macvlan1: entered allmulticast mode [ 457.512979][T19134] ipvlan0: entered allmulticast mode [ 457.513613][T19155] netlink: 'syz.1.4332': attribute type 1 has an invalid length. [ 457.518550][T19134] ipvlan1: entered allmulticast mode [ 457.532056][T19134] veth1_macvtap: entered allmulticast mode [ 457.538029][T19134] veth0_macvtap: entered allmulticast mode [ 457.544523][T19134] macvtap0: entered allmulticast mode [ 457.550479][T19134] macsec0: entered allmulticast mode [ 457.555948][T19134] geneve0: entered allmulticast mode [ 457.561463][T19134] geneve1: entered allmulticast mode [ 457.566934][T19134] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 457.574590][T19134] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 457.581929][T19134] syztnl1: entered allmulticast mode [ 457.587301][T19134] bond1: entered allmulticast mode [ 457.592880][T19134] gretap1: entered allmulticast mode [ 457.598609][T19134] gre1: entered allmulticast mode [ 457.603779][T19134] bridge1: entered allmulticast mode [ 457.609146][T19134] ip6gre1: entered allmulticast mode [ 457.614750][T19134] mac80211_hwsim hwsim3 pimreg: entered allmulticast mode [ 457.622316][T19134] netdevsim netdevsim2 eth0: entered allmulticast mode [ 457.629325][T19134] netdevsim netdevsim2 eth1: entered allmulticast mode [ 457.636688][T19134] netdevsim netdevsim2 eth2: entered allmulticast mode [ 457.643741][T19134] netdevsim netdevsim2 eth3: entered allmulticast mode [ 457.650883][T19134] @: entered allmulticast mode [ 457.655740][T19134] mac80211_hwsim hwsim3 +: left promiscuous mode [ 457.662440][T19134] veth2: entered allmulticast mode [ 457.667748][T19134] veth3: entered allmulticast mode [ 457.673461][T19134] ip6tnl1: entered allmulticast mode [ 457.681038][T19134] gre2: entered allmulticast mode [ 457.686706][T19134] veth4: entered allmulticast mode [ 457.692208][T19134] veth5: entered allmulticast mode [ 457.697465][T19134] bridge0: entered allmulticast mode [ 457.703045][T19134] mac80211_hwsim hwsim19 wlan2: entered allmulticast mode [ 457.711277][T19134] vti60: entered allmulticast mode [ 457.716482][T19134] bond2: entered allmulticast mode [ 457.721992][T19134] sit1: left promiscuous mode [ 457.728695][T19134] veth6: entered allmulticast mode [ 457.734405][T19134] veth7: entered allmulticast mode [ 457.739630][T19134] syztnl0: entered allmulticast mode [ 457.745168][T19134] veth8: entered allmulticast mode [ 457.750605][T19134] veth9: entered allmulticast mode [ 457.755868][T19134] veth10: entered allmulticast mode [ 457.761326][T19134] veth11: entered allmulticast mode [ 457.766644][T19134] bond3: entered allmulticast mode [ 457.772470][T19134] gretap2: entered allmulticast mode [ 457.780957][T19134] wireguard0: entered allmulticast mode [ 457.787745][T19134] bridge2: left promiscuous mode [ 457.794067][T19134] veth0_to_team.2: entered allmulticast mode [ 457.800583][T19134] bond5: entered allmulticast mode [ 457.805838][T19134] bridge3: entered allmulticast mode [ 457.811824][T19134] erspan1: entered allmulticast mode [ 457.881329][T19155] bond5: entered promiscuous mode [ 457.886922][T19155] 8021q: adding VLAN 0 to HW filter on device bond5 [ 457.921879][T19163] FAULT_INJECTION: forcing a failure. [ 457.921879][T19163] name failslab, interval 1, probability 0, space 0, times 0 [ 457.935485][T19163] CPU: 0 UID: 0 PID: 19163 Comm: syz.4.4334 Not tainted syzkaller #0 PREEMPT(full) [ 457.935513][T19163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 457.935525][T19163] Call Trace: [ 457.935534][T19163] [ 457.935542][T19163] dump_stack_lvl+0xe8/0x150 [ 457.935576][T19163] should_fail_ex+0x412/0x560 [ 457.935610][T19163] should_failslab+0xa8/0x100 [ 457.935634][T19163] ? sctp_chunkify+0x5a/0x260 [ 457.935663][T19163] kmem_cache_alloc_noprof+0x87/0x650 [ 457.935694][T19163] sctp_chunkify+0x5a/0x260 [ 457.935728][T19163] _sctp_make_chunk+0x122/0x290 [ 457.935760][T19163] sctp_make_datafrag_empty+0x12a/0x240 [ 457.935791][T19163] ? __pfx_sctp_make_datafrag_empty+0x10/0x10 [ 457.935822][T19163] ? sctp_user_addto_chunk+0xa8/0x240 [ 457.935858][T19163] sctp_datamsg_from_user+0x729/0xef0 [ 457.935905][T19163] sctp_sendmsg_to_asoc+0x1416/0x1900 [ 457.935926][T19163] ? __asan_memcpy+0x40/0x70 [ 457.935954][T19163] ? sctp_assoc_add_peer+0xce1/0x13b0 [ 457.935993][T19163] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 457.936015][T19163] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 457.936041][T19163] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 457.936071][T19163] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 457.936092][T19163] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 457.936115][T19163] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 457.936140][T19163] ? security_sctp_bind_connect+0x7e/0x2c0 [ 457.936168][T19163] sctp_sendmsg+0x1b3d/0x2c10 [ 457.936208][T19163] ? __pfx_sctp_sendmsg+0x10/0x10 [ 457.936234][T19163] ? aa_sk_perm+0x6d5/0x900 [ 457.936270][T19163] ? __pfx_aa_sk_perm+0x10/0x10 [ 457.936303][T19163] ? sock_rps_record_flow+0x19/0x400 [ 457.936326][T19163] ? __pfx_inet_sendmsg+0x10/0x10 [ 457.936351][T19163] ? inet_sendmsg+0x2f4/0x370 [ 457.936372][T19163] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 457.936401][T19163] ? __pfx_inet_sendmsg+0x10/0x10 [ 457.936426][T19163] __sys_sendto+0x5de/0x710 [ 457.936450][T19163] ? __pfx___sys_sendto+0x10/0x10 [ 457.936469][T19163] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 457.936507][T19163] ? __fget_files+0x3a0/0x420 [ 457.936545][T19163] ? ksys_write+0x242/0x270 [ 457.936568][T19163] ? __pfx_ksys_write+0x10/0x10 [ 457.936593][T19163] __x64_sys_sendto+0xde/0x100 [ 457.936616][T19163] do_syscall_64+0x14d/0xf80 [ 457.936636][T19163] ? trace_irq_disable+0x3b/0x150 [ 457.936661][T19163] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.936679][T19163] ? clear_bhb_loop+0x40/0x90 [ 457.936704][T19163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.936723][T19163] RIP: 0033:0x7f3effb9c799 [ 457.936744][T19163] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 457.936761][T19163] RSP: 002b:00007f3f00b25028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 457.936784][T19163] RAX: ffffffffffffffda RBX: 00007f3effe15fa0 RCX: 00007f3effb9c799 [ 457.936798][T19163] RDX: 0000000000034000 RSI: 0000200000000500 RDI: 0000000000000008 [ 457.936811][T19163] RBP: 00007f3f00b25090 R08: 0000200000000140 R09: 000000000000001c [ 457.936825][T19163] R10: 000000002000c851 R11: 0000000000000246 R12: 0000000000000002 [ 457.936837][T19163] R13: 00007f3effe16038 R14: 00007f3effe15fa0 R15: 00007ffecb4f2ab8 [ 457.936871][T19163] [ 457.938539][T19157] 8021q: adding VLAN 0 to HW filter on device bond5 [ 458.272361][T19157] bond5: (slave vcan0): The slave device specified does not support setting the MAC address [ 458.288666][T19157] bond5: (slave vcan0): Setting fail_over_mac to active for active-backup mode [ 458.302342][T19157] bond5: (slave vcan0): making interface the new active one [ 458.311173][T19157] vcan0: entered promiscuous mode [ 458.318686][T19157] bond5: (slave vcan0): Enslaving as an active interface with an up link [ 458.349970][T19174] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 458.404755][T19180] SET target dimension over the limit! [ 458.534364][T19188] netlink: 'syz.1.4341': attribute type 12 has an invalid length. [ 458.551262][T19188] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4341'. [ 458.574731][T19194] netlink: 'syz.1.4341': attribute type 12 has an invalid length. [ 458.595286][T19194] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4341'. [ 459.019165][T19215] syzkaller1: entered promiscuous mode [ 459.029254][T19215] syzkaller1: entered allmulticast mode [ 459.351459][T19239] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4364'. [ 459.411219][T19239] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4364'. [ 459.931477][T19276] xt_hashlimit: size too large, truncated to 1048576 [ 460.093386][T19288] netlink: 'syz.4.4379': attribute type 12 has an invalid length. [ 460.181461][T19288] bond10: option primary_reselect: invalid value (255) [ 460.197396][T19288] bond10 (unregistering): Released all slaves [ 461.149781][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5630 ms [ 461.157953][ C1] lec:lec_tx_timeout: lec0 [ 461.163822][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 463.391597][ T852] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 466.189824][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms [ 466.197856][ C1] lec:lec_tx_timeout: lec0 [ 466.202585][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 471.209850][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 471.217854][ C1] lec:lec_tx_timeout: lec0 [ 471.222470][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 476.191916][ T25] block nbd1: Possible stuck request ffff8880267e0000: control (read@0,1024B). Runtime 90 seconds [ 476.202818][ T1644] block nbd0: Possible stuck request ffff888026768000: control (read@0,1024B). Runtime 90 seconds [ 476.229818][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 476.237862][ C1] lec:lec_tx_timeout: lec0 [ 476.242518][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 476.540231][ T1644] block nbd0: Possible stuck request ffff888026768200: control (read@1024,1024B). Runtime 90 seconds [ 476.551377][ T1644] block nbd0: Possible stuck request ffff888026768400: control (read@2048,1024B). Runtime 90 seconds [ 476.570086][ T1644] block nbd1: Possible stuck request ffff8880267e0200: control (read@1024,1024B). Runtime 90 seconds [ 476.600135][ T1644] block nbd1: Possible stuck request ffff8880267e0400: control (read@2048,1024B). Runtime 90 seconds [ 476.640203][ T25] block nbd0: Possible stuck request ffff888026768600: control (read@3072,1024B). Runtime 90 seconds [ 476.651411][ T1644] block nbd1: Possible stuck request ffff8880267e0600: control (read@3072,1024B). Runtime 90 seconds [ 481.249827][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 481.257853][ C1] lec:lec_tx_timeout: lec0 [ 481.310203][ C0] ================================================================== [ 481.318311][ C0] BUG: KASAN: slab-use-after-free in ax25_send_frame+0x67c/0x9f0 [ 481.326040][ C0] Read of size 7 at addr ffff8880319f7808 by task swapper/0/0 [ 481.333492][ C0] [ 481.335825][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) [ 481.335838][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 481.335845][ C0] Call Trace: [ 481.335851][ C0] [ 481.335857][ C0] dump_stack_lvl+0xe8/0x150 [ 481.335875][ C0] print_report+0xba/0x230 [ 481.335889][ C0] ? ax25_send_frame+0x67c/0x9f0 [ 481.335904][ C0] kasan_report+0x117/0x150 [ 481.335918][ C0] ? ax25_send_frame+0x67c/0x9f0 [ 481.335936][ C0] kasan_check_range+0x264/0x2c0 [ 481.335949][ C0] ? ax25_send_frame+0x67c/0x9f0 [ 481.335964][ C0] __asan_memcpy+0x29/0x70 [ 481.335975][ C0] ax25_send_frame+0x67c/0x9f0 [ 481.335990][ C0] ? ax25_send_frame+0x326/0x9f0 [ 481.336007][ C0] rose_t0timer_expiry+0x255/0x560 [ 481.336020][ C0] call_timer_fn+0x192/0x640 [ 481.336034][ C0] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 481.336045][ C0] ? call_timer_fn+0xd4/0x640 [ 481.336058][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 481.336116][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 481.336127][ C0] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 481.336138][ C0] __run_timer_base+0x652/0x8b0 [ 481.336150][ C0] ? ktime_get+0x45/0x200 [ 481.336163][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 481.336178][ C0] ? sched_clock_cpu+0x74/0x440 [ 481.336194][ C0] run_timer_softirq+0xb7/0x170 [ 481.336207][ C0] handle_softirqs+0x22a/0x870 [ 481.336222][ C0] ? __irq_exit_rcu+0x5f/0x150 [ 481.336238][ C0] __irq_exit_rcu+0x5f/0x150 [ 481.336252][ C0] irq_exit_rcu+0x9/0x30 [ 481.336265][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 481.336277][ C0] [ 481.336281][ C0] [ 481.336286][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 481.336298][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 481.336310][ C0] Code: 8e 6c 02 c3 cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 e2 1a 00 fb f4 fc e9 02 00 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 481.336321][ C0] RSP: 0018:ffffffff8e407dc0 EFLAGS: 00000242 [ 481.336333][ C0] RAX: 00000000001a0ccd RBX: ffffffff819a900a RCX: 0000000080000001 [ 481.336341][ C0] RDX: 0000000000000001 RSI: ffffffff8def7965 RDI: ffffffff8c27c200 [ 481.336349][ C0] RBP: ffffffff8e407eb0 R08: ffff8880b863395b R09: 1ffff110170c672b [ 481.336357][ C0] R10: dffffc0000000000 R11: ffffed10170c672c R12: 0000000000000000 [ 481.336365][ C0] R13: 1ffffffff1c929d8 R14: 0000000000000000 R15: 1ffffffff1c929d8 [ 481.336373][ C0] ? do_idle+0x36a/0x5f0 [ 481.336391][ C0] default_idle+0x9/0x20 [ 481.336404][ C0] default_idle_call+0x72/0xb0 [ 481.336417][ C0] do_idle+0x36a/0x5f0 [ 481.336432][ C0] ? __pfx_do_idle+0x10/0x10 [ 481.336450][ C0] cpu_startup_entry+0x43/0x60 [ 481.336464][ C0] rest_init+0x2de/0x300 [ 481.336479][ C0] start_kernel+0x385/0x3d0 [ 481.336492][ C0] x86_64_start_reservations+0x24/0x30 [ 481.336507][ C0] x86_64_start_kernel+0x143/0x1c0 [ 481.336522][ C0] common_startup_64+0x13e/0x147 [ 481.336536][ C0] [ 481.336541][ C0] [ 481.631685][ C0] Allocated by task 12237: [ 481.636093][ C0] kasan_save_track+0x3e/0x80 [ 481.640780][ C0] __kasan_kmalloc+0x93/0xb0 [ 481.645376][ C0] __kmalloc_cache_noprof+0x31c/0x660 [ 481.650761][ C0] rose_add_node+0x23c/0xf00 [ 481.655357][ C0] rose_rt_ioctl+0xd35/0x12a0 [ 481.660048][ C0] rose_ioctl+0x3fb/0x8f0 [ 481.664377][ C0] sock_do_ioctl+0x101/0x320 [ 481.668962][ C0] sock_ioctl+0x5c6/0x7f0 [ 481.673297][ C0] __se_sys_ioctl+0xfc/0x170 [ 481.677878][ C0] do_syscall_64+0x14d/0xf80 [ 481.682470][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 481.688353][ C0] [ 481.690667][ C0] Freed by task 0: [ 481.694369][ C0] kasan_save_track+0x3e/0x80 [ 481.699031][ C0] kasan_save_free_info+0x46/0x50 [ 481.704060][ C0] __kasan_slab_free+0x5c/0x80 [ 481.708811][ C0] kfree+0x1c1/0x630 [ 481.712691][ C0] rose_timer_expiry+0x4cb/0x600 [ 481.717627][ C0] call_timer_fn+0x192/0x640 [ 481.722232][ C0] __run_timer_base+0x652/0x8b0 [ 481.727087][ C0] run_timer_softirq+0xb7/0x170 [ 481.731944][ C0] handle_softirqs+0x22a/0x870 [ 481.736708][ C0] __irq_exit_rcu+0x5f/0x150 [ 481.741293][ C0] irq_exit_rcu+0x9/0x30 [ 481.745527][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 481.751148][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 481.757124][ C0] [ 481.759453][ C0] The buggy address belongs to the object at ffff8880319f7800 [ 481.759453][ C0] which belongs to the cache kmalloc-512 of size 512 [ 481.773488][ C0] The buggy address is located 8 bytes inside of [ 481.773488][ C0] freed 512-byte region [ffff8880319f7800, ffff8880319f7a00) [ 481.787104][ C0] [ 481.789428][ C0] The buggy address belongs to the physical page: [ 481.795911][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x319f4 [ 481.804666][ C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 481.813148][ C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 481.820692][ C0] page_type: f5(slab) [ 481.824693][ C0] raw: 00fff00000000040 ffff88813fea5c80 dead000000000100 dead000000000122 [ 481.833261][ C0] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 481.841830][ C0] head: 00fff00000000040 ffff88813fea5c80 dead000000000100 dead000000000122 [ 481.850487][ C0] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 481.859142][ C0] head: 00fff00000000002 ffffea0000c67d01 00000000ffffffff 00000000ffffffff [ 481.867971][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 481.876799][ C0] page dumped because: kasan: bad access detected [ 481.883198][ C0] page_owner tracks the page as allocated [ 481.888896][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5829, tgid 5829 (syz-executor), ts 93295352248, free_ts 37092832997 [ 481.910238][ C0] post_alloc_hook+0x231/0x280 [ 481.914996][ C0] get_page_from_freelist+0x24dc/0x2580 [ 481.920532][ C0] __alloc_frozen_pages_noprof+0x18d/0x380 [ 481.926327][ C0] allocate_slab+0x77/0x660 [ 481.930824][ C0] refill_objects+0x331/0x3c0 [ 481.935491][ C0] __pcs_replace_empty_main+0x2e6/0x730 [ 481.941028][ C0] __kmalloc_noprof+0x474/0x760 [ 481.945881][ C0] fib6_info_alloc+0x30/0xf0 [ 481.950473][ C0] ip6_route_info_create+0x142/0x860 [ 481.955770][ C0] ip6_route_add+0x49/0x1b0 [ 481.960261][ C0] addrconf_add_mroute+0x2d1/0x370 [ 481.965364][ C0] addrconf_init_auto_addrs+0x4d7/0xa50 [ 481.970899][ C0] addrconf_notify+0xb1e/0x1050 [ 481.975736][ C0] notifier_call_chain+0x1be/0x400 [ 481.980841][ C0] __dev_notify_flags+0x1a9/0x310 [ 481.985943][ C0] netif_change_flags+0xe8/0x1a0 [ 481.990870][ C0] page last free pid 5202 tgid 5202 stack trace: [ 481.997177][ C0] __free_frozen_pages+0xc2b/0xdb0 [ 482.002274][ C0] __slab_free+0x263/0x2b0 [ 482.006678][ C0] qlist_free_all+0x97/0x100 [ 482.011255][ C0] kasan_quarantine_reduce+0x148/0x160 [ 482.016699][ C0] __kasan_slab_alloc+0x22/0x80 [ 482.021536][ C0] kmem_cache_alloc_noprof+0x2bc/0x650 [ 482.026980][ C0] do_getname+0x2e/0x250 [ 482.031216][ C0] do_sys_openat2+0xca/0x200 [ 482.035823][ C0] __x64_sys_openat+0x138/0x170 [ 482.040687][ C0] do_syscall_64+0x14d/0xf80 [ 482.045264][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.051143][ C0] [ 482.053454][ C0] Memory state around the buggy address: [ 482.059120][ C0] ffff8880319f7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 482.067165][ C0] ffff8880319f7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 482.075212][ C0] >ffff8880319f7800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 482.083258][ C0] ^ [ 482.087572][ C0] ffff8880319f7880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 482.095616][ C0] ffff8880319f7900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 482.103678][ C0] ================================================================== [ 482.111884][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 482.119112][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) [ 482.128131][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 482.138268][ C0] Call Trace: [ 482.141544][ C0] [ 482.144379][ C0] vpanic+0x56c/0xa60 [ 482.148355][ C0] ? __pfx_vpanic+0x10/0x10 [ 482.152852][ C0] panic+0xc5/0xd0 [ 482.156565][ C0] ? __pfx_panic+0x10/0x10 [ 482.160984][ C0] ? lockdep_hardirqs_on+0x7a/0x110 [ 482.166259][ C0] ? ax25_send_frame+0x67c/0x9f0 [ 482.171191][ C0] ? ax25_send_frame+0x67c/0x9f0 [ 482.176122][ C0] check_panic_on_warn+0x89/0xb0 [ 482.181049][ C0] ? ax25_send_frame+0x67c/0x9f0 [ 482.185980][ C0] end_report+0x73/0x180 [ 482.190223][ C0] ? ax25_send_frame+0x67c/0x9f0 [ 482.195179][ C0] kasan_report+0x128/0x150 [ 482.199677][ C0] ? ax25_send_frame+0x67c/0x9f0 [ 482.204622][ C0] kasan_check_range+0x264/0x2c0 [ 482.209560][ C0] ? ax25_send_frame+0x67c/0x9f0 [ 482.214492][ C0] __asan_memcpy+0x29/0x70 [ 482.218895][ C0] ax25_send_frame+0x67c/0x9f0 [ 482.223650][ C0] ? ax25_send_frame+0x326/0x9f0 [ 482.228592][ C0] rose_t0timer_expiry+0x255/0x560 [ 482.233691][ C0] call_timer_fn+0x192/0x640 [ 482.238270][ C0] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 482.243887][ C0] ? call_timer_fn+0xd4/0x640 [ 482.248553][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 482.253654][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 482.258840][ C0] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 482.264460][ C0] __run_timer_base+0x652/0x8b0 [ 482.269297][ C0] ? ktime_get+0x45/0x200 [ 482.273616][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 482.278980][ C0] ? sched_clock_cpu+0x74/0x440 [ 482.283824][ C0] run_timer_softirq+0xb7/0x170 [ 482.288669][ C0] handle_softirqs+0x22a/0x870 [ 482.293424][ C0] ? __irq_exit_rcu+0x5f/0x150 [ 482.298198][ C0] __irq_exit_rcu+0x5f/0x150 [ 482.302778][ C0] irq_exit_rcu+0x9/0x30 [ 482.307012][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 482.312638][ C0] [ 482.315562][ C0] [ 482.318481][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 482.324451][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 482.330075][ C0] Code: 8e 6c 02 c3 cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 e2 1a 00 fb f4 fc e9 02 00 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 482.349677][ C0] RSP: 0018:ffffffff8e407dc0 EFLAGS: 00000242 [ 482.355754][ C0] RAX: 00000000001a0ccd RBX: ffffffff819a900a RCX: 0000000080000001 [ 482.363728][ C0] RDX: 0000000000000001 RSI: ffffffff8def7965 RDI: ffffffff8c27c200 [ 482.371690][ C0] RBP: ffffffff8e407eb0 R08: ffff8880b863395b R09: 1ffff110170c672b [ 482.379650][ C0] R10: dffffc0000000000 R11: ffffed10170c672c R12: 0000000000000000 [ 482.387611][ C0] R13: 1ffffffff1c929d8 R14: 0000000000000000 R15: 1ffffffff1c929d8 [ 482.395579][ C0] ? do_idle+0x36a/0x5f0 [ 482.399830][ C0] default_idle+0x9/0x20 [ 482.404069][ C0] default_idle_call+0x72/0xb0 [ 482.408826][ C0] do_idle+0x36a/0x5f0 [ 482.412890][ C0] ? __pfx_do_idle+0x10/0x10 [ 482.417476][ C0] cpu_startup_entry+0x43/0x60 [ 482.422248][ C0] rest_init+0x2de/0x300 [ 482.426492][ C0] start_kernel+0x385/0x3d0 [ 482.430985][ C0] x86_64_start_reservations+0x24/0x30 [ 482.436440][ C0] x86_64_start_kernel+0x143/0x1c0 [ 482.441559][ C0] common_startup_64+0x13e/0x147 [ 482.446493][ C0] [ 482.449964][ C0] Kernel Offset: disabled [ 482.454290][ C0] Rebooting in 86400 seconds..