last executing test programs: 6.246552421s ago: executing program 4 (id=8549): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x1000000, {0x1, 0x0, 0x2}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}]}], {0x14}}, 0xa4}, 0x1, 0x0, 0x0, 0x2000c045}, 0x24000004) 6.158848625s ago: executing program 4 (id=8550): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'lo\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) epoll_create1(0x0) socket$unix(0x1, 0x2, 0x0) unshare(0x8040600) socket(0x1d, 0x80802, 0x6) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414"], 0xfdef) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xc, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r2, 0x3e8, 0xe80, 0x0, &(0x7f0000000000)="c1df07000000d30a298ee68886dd87", 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) (fail_nth: 99) 5.339032451s ago: executing program 4 (id=8561): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="021800001c00000002000000fedbdf25050006006c8000000a000000000000000000000000000000000000000000000000000000000000000800120000000000feffff7f0000000006000000000000000000000000000000e000000200000000000000000a000000e0000002000000000000000000000000050005"], 0xe0}}, 0x0) 5.320870828s ago: executing program 4 (id=8562): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x60, 0x2, 0x6, 0x201, 0x0, 0x0, {0xa}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xfffffffa}, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x401}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x10}, 0x8800) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet(r1, &(0x7f0000000d00)=[{{&(0x7f0000000c80)={0x2, 0x4e21, @rand_addr=0x64010101}, 0x10, &(0x7f0000000c40)=[{&(0x7f0000000c00)='e', 0x1}], 0x1}}, {{&(0x7f0000000880)={0x2, 0x4ea3, @rand_addr=0x640100fe}, 0xfffffffffffffe17, &(0x7f0000000a80)}}], 0x2, 0x4000) shutdown(r1, 0x1) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={0x0, 0xfffff801, 0x5}, &(0x7f0000000100)=0xc) syz_emit_ethernet(0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000002f907864011702ac1414aa4001880b", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c00000090780000"], 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r4, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r5, @ANYBLOB="00001000252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r3) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r8, 0x601, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x20040844) sendmsg$NL80211_CMD_GET_POWER_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x408020}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, r6, 0x200, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r9}, @void}}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x80) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001cc0)=ANY=[@ANYBLOB="3c0000001000030500000000fcffffff00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001400128009000100626f6e640000000004000280", @ANYRES32=r5], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) r10 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f00000006c0)={r2, 0x353}, &(0x7f0000000700)=0xc) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$devlink(0x0, r11) sendmsg$DEVLINK_CMD_RATE_GET(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140002", @ANYRES16=r12, @ANYBLOB="010700000000fcdbdf2541000000"], 0x14}}, 0x24000040) r13 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000480), r7) sendmsg$IPVS_CMD_ZERO(r4, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000005c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="707ca31f", @ANYRES16=r13, @ANYBLOB="031428bd7000fedbdf25100000000800050002000000"], 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x4040080) sendmsg$nl_xfrm(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x30, 0x60, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0xfffffffffffffffc}, {0xfffffffffffffffd}}}, 0xb8}}, 0x0) sendmsg$nl_xfrm(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000150001000000000000000000e00000020000"], 0xb8}}, 0x0) sendmsg$NLBL_MGMT_C_PROTOCOLS(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB='/&\x00\x00', @ANYRES16=0x0, @ANYBLOB="000426bd7000fbdbdf250700000008000c000200000014000500ff0200000000000000000000000000010800020007000000"], 0x38}, 0x1, 0x0, 0x0, 0x40080c5}, 0xa9aeb87e44f7e6f1) ioctl$XFS_IOC_FSGEOMETRY_V1(r0, 0x80705864, &(0x7f0000000100)) 3.458987526s ago: executing program 4 (id=8577): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000000)={0x0, 0xfffffffe, 0x8001, 0x6}, 0x10) sendto$inet6(r0, &(0x7f0000000180)="51c8797e7920e481c97156", 0xb, 0x200088f5, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback, 0x80}, 0x1c) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_NET_GET(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000740)={0x170, 0x0, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0xb9}]}, @TIPC_NLA_NET={0x58, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7ff}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xf49}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}]}, @TIPC_NLA_SOCK={0x58, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8001}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8001}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x80000001}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}]}, @TIPC_NLA_MON={0x54, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7fff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x14a82dc2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x48}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffff9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3ff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xae31}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3b989b41}]}]}, 0x170}, 0x1, 0x0, 0x0, 0x15}, 0x4000) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000340)={0x254, 0x1, 0x2, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@CTA_EXPECT_FN={0xa, 0xb, 'Q.931\x00'}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x8}, @CTA_EXPECT_HELP_NAME={0xe, 0x6, 'ftp-20000\x00'}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0xe9}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x4}, @CTA_EXPECT_NAT={0x54, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_NAT_TUPLE={0x14, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_NAT={0xe0, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x34, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_EXPECT_NAT_TUPLE={0x64, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3c}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @loopback}}}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}]}, @CTA_EXPECT_CLASS={0x8}, @CTA_EXPECT_TUPLE={0x94, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x5b632a1fed5b96b9}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x3f}}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}]}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @multicast2}}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}}}}]}]}, 0x254}, 0x1, 0x0, 0x0, 0x40000}, 0x800) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e000000000000000a000000fbffff7f14000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50) 1.685845053s ago: executing program 1 (id=8607): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=@allocspi={0xf8, 0x16, 0x1, 0x3, 0x0, {{{@in=@dev={0xac, 0x14, 0x14, 0xd}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@dev={0xfe, 0x80, '\x00', 0x2a}, 0x0, 0x32}, @in=@broadcast, {0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x8}, {}, {0x8}, 0x0, 0x0, 0xa, 0x0, 0x2}}}, 0xf8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="f8000000160001000000000000000000ff010000000000000000000000000001ff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe880000000000000000000000000001160000003200000000000000000000000000ffffac14142900000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000ff0000000000000000000000000000000a"], 0xf8}}, 0x0) 1.562309571s ago: executing program 1 (id=8609): socket$nl_route(0x10, 0x3, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0xc) socket$kcm(0xa, 0x3, 0x87) socket(0x10, 0x803, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0003001c0000001f000000060001000700000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a0001000000"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 1.520080287s ago: executing program 1 (id=8610): syz_emit_ethernet(0x8e, &(0x7f0000001080)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000088a800008100000088a8450000780000000000119078000000000000000003004e20006490780200000004000000030000007fe77f731db8ab9c3f3509d6e7118104224a45f799a8fbc5252b1170535ac6fbc196168f72696bf9ad5b6dc51a703690aa72f4bd15c2580cdc3d66fdf23cb5a3a02ad2bc4f0c9415f88c3599baddc6ee"], 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224\x00'}, 0x7b) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB='\n\x00\x00\x00\t\x00\x00\x00\b\x00\x00\x00', @ANYRES32, @ANYBLOB="0200"], 0x50) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmsg(r1, &(0x7f0000001ec0)={0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000000180)="bf6fea", 0x3}, {&(0x7f0000000240)="838175", 0x3}], 0x2}, 0x44044) r2 = socket$inet(0xa, 0x801, 0x0) sendmsg$sock(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@timestamping={{0x14, 0x1, 0x4f, 0x1}}], 0x18}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={0x0, 0x8, 0x10}, 0xc) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="020300030f000000fcffffffbcdbdf2503000900800000001cdc0dca1d9f68846960e56de42944af030006000000000002004e22ac1414bb000000000000000002000100000000000020070c00000080030005000000000002004e22e000000200000000000000000200130002"], 0x78}, 0x1, 0x7}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xd8, 0x30, 0xffff, 0x0, 0x0, {}, [{0xc4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x31}, 0xfffffffe, 0x7}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_gact={0x54, 0x2, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x9, 0x6, 0xfffffffffffffffc, 0x57d, 0x3}}, @TCA_GACT_PROB={0xc, 0x3, {0x2, 0x18a0, 0x6}}]}, {0x4}, {0xc, 0x3, {0x20}}, {0xc, 0x8, {0x2}}}}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x400c4}, 0x0) r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$NILFS_IOCTL_GET_CPINFO(r6, 0x80186e82, &(0x7f0000000380)={&(0x7f0000000280)=[{0x0, 0x0, 0xd, 0x1, 0x1ff, 0x40000000009, 0x3}, {0x2, 0x0, 0x8, 0xe2, 0x0, 0x0, 0x6, 0x5}, {0x2, 0x0, 0x80, 0x9a, 0x7f, 0xb58, 0x422b7778, 0x8}, {0x1, 0x0, 0x5, 0xe, 0x3, 0x9, 0x1ff, 0x2}], 0x4, 0x38, 0x0, 0x8}) r7 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000100)={0x80000000, 0x0, 0xfffffffc, 0xd}, 0x10) write(r7, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe0000000000000008000f00fd000000", 0x24) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000", @ANYRES16=r9, @ANYBLOB="dbbf000000000000000004000000802e4af7c56361cf8cc136677cb345f81db1833a879f12f6ebbae223f2ed28a3da7a0b9a5504dbd54ec0453e93b2858e4c5eae0c81ef0d11efaf0c325e0e636e628436fb82f5ecf96e0193659ed07e9d068b82df54b7478d3967906e3054602ddd1e885ec461080c3eaea68de6bd1b"], 0x14}}, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r7, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r9, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x100}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040010}, 0x4000000) socket$igmp(0x2, 0x3, 0x2) r10 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@flushsa={0x14, 0x1c, 0x1, 0x70bd28, 0x25dfdbfc, {0xff}}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x20000002) sendmsg$nl_xfrm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="5c0100001000130700000000fcdbdf25e0000001000000000000000000000000ff020000000000000000000000000001000400004e2100020000002021000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000004d632000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000090000000000000001000000ffffffff0000000000000000010000800000000043050000000000000400000000000000ffffffffffffff7f000000000000000001000000000000000000000000000000000000002cbd70000035000002000000500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db9a200000000c538c7cb7a0c001c00", @ANYRES32, @ANYBLOB='\a'], 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2014) 1.338830962s ago: executing program 2 (id=8613): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$gtp(&(0x7f0000000000), 0xffffffffffffffff) r3 = socket(0x200000000000011, 0x2, 0x3c644) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000280)=@newtaction={0x70, 0x30, 0xb, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_skbedit={0x58, 0x1, 0x0, 0x0, {{0xc}, {0x48, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_MARK={0x8, 0x3}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x0, 0x80000}}, @TCA_SKBEDIT_PTYPE={0x2, 0x4}, @TCA_SKBEDIT_PRIORITY={0x0, 0x3, {0xfff1}}, @TCA_SKBEDIT_PRIORITY={0x0, 0x3, {0x9, 0x8}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x0, 0x4, 0xea37}]}, {0x10}, {0xc, 0xa}, {0xc, 0x9, {0xf5}}}}]}]}, 0x70}}, 0x0) bind$packet(r3, &(0x7f0000000080)={0x11, 0x800, r4, 0x1, 0x0, 0x6, @multicast}, 0x23) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x5f, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) r7 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x54, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xfdfbffff, {0x0, 0x0, 0x0, r2, {0x0, 0x8}, {0xffff, 0xffff}, {0xc, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x1c, 0x2, [@TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x9defcb4}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0xb}]}}, @TCA_RATE={0x6, 0x5, {0x4b, 0xe3}}]}, 0x54}, 0x1, 0x0, 0x0, 0x40001}, 0x8090) 1.194705669s ago: executing program 1 (id=8617): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25d7dbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x3, 0xae0, 0x6361, 0x5, 0xffffffff, 0x3}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x4, 0x7fffffffffffffff, 0x0, 0x1000, 0xc, 0x215}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x50}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x25dfdc01, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xb}, {0x4, 0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_AUTORATE={0x8, 0x9, 0x1}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x2}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x240408a0}, 0x4890) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380), r4) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r6) socket$unix(0x1, 0x5, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETSNDBUF(r7, 0x400454d4, &(0x7f0000000040)=0x2) r8 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r7, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x71c, 0x0, 0x1c, {[@window={0xa, 0x3}, @timestamp={0x5, 0x2, 0x40000046}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) 1.173990601s ago: executing program 3 (id=8618): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) syz_emit_ethernet(0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd601996460014060000000002e2ffffffffffff0000000000fe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='P\x00'], 0x0) 1.004052413s ago: executing program 0 (id=8619): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = socket(0x10, 0x80003, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xb, "0000000000020400000000000b00"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', 0x0}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4805}, 0x20000050) sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="6286b943c3deef7ac442061c6d5c5dd88df2a5b5e035fbeeeb713552806c695052f12e9e66c3901c09845461a88fa12283743b8305031a9db6d3b4ffe9a70b195313a72cc602d3346c76a751a4368139f712492615144ca7c4dc9d31d9b0a498d599d0b07e5af0ecd2fee8b6b533c3424c1dc5f69a65ff4f97aae0ec420f923b0926600cbd5c23f9175d9a0a3e0d9072fc81e06cdccec8b5666b529f9298b76885103e69dcf5c6fcd141a59243eeb22588602bf3396177ddd9aafef9523b9064333199bbdd6fe26faa04ebee1d318342df6aa719ed9570057da778d9a437"], 0x68}, 0x1, 0x0, 0x0, 0x24060891}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x3}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@delchain={0x24, 0x5f, 0x333, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0x5, 0x2}, {0x1, 0xe}}}, 0x24}}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEL_KEY(r8, &(0x7f0000003100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x24, r7, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_KEY_TYPE={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x2000c054}, 0x8080) sendmsg$nl_route(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000004c0)=@dellink={0x20, 0x11, 0x1, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, 0x20001, 0x9684}}, 0x20}, 0x1, 0x0, 0x0, 0x20000050}, 0x2000c006) 947.314134ms ago: executing program 3 (id=8620): socket$nl_route(0x10, 0x3, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0xc) socket$kcm(0xa, 0x3, 0x87) socket(0x10, 0x803, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0003001c0000001f000000060001000700000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a0001000000"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 873.891233ms ago: executing program 2 (id=8621): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="b80000001300e9990500000000000000fc000000030000000000000000000000fc000080ffffff00000000000000000000000000000000000a0030"], 0xb8}}, 0x4000) 823.757925ms ago: executing program 3 (id=8622): sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b7", 0x20}], 0x1}], 0x1, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="3800000002011d04000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001"], 0x38}}, 0x0) 752.950132ms ago: executing program 2 (id=8623): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0xfffffffffffffc61, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x40800) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) socket$tipc(0x1e, 0x5, 0x0) 752.250376ms ago: executing program 3 (id=8624): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r0) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1709000000000000000001000000050007000000000008640900fffffffe060002000000000008000a000100000008001800ac1414aa08001900e000"], 0x58}}, 0x0) 667.261998ms ago: executing program 0 (id=8625): syz_genetlink_get_family_id$mptcp(&(0x7f00000004c0), 0xffffffffffffffff) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61158c00000000006113770000000000bfa00000000000000705000008004ef02d3501000000000095000000000000006916000000000000bf67000000000000350605000fff07206706000004000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9d0cc7d3b4814261bdb94a050000a28a404be266df76965947c73c00c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b540dcfc7ad0500c4063b3b8754c0686cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a09040000000000000000020000000900010073797a30000000000900020073797a32000000002c00048028000180080001006e6174001c0002800800024000000002080003400000000a0800"], 0x80}}, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000500), &(0x7f0000000580)=0x68) socket$inet_mptcp(0x2, 0x1, 0x106) r1 = socket$kcm(0x10, 0x2, 0x10) ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(r1, 0x4058587a, &(0x7f0000000440)={{r0, &(0x7f0000000100)='syz1\x00', 0x80, &(0x7f00000002c0)={@align=0x8, {0x8001, 0x5, 0x6, 0xffffffffc8efa0f9}}, 0x7, &(0x7f0000000300), &(0x7f0000000380)}, {[0x2, 0x0, 0x7, 0x1]}, 0x2, 0x55, &(0x7f00000003c0)=""/85}) socket$inet(0x2, 0x3, 0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000080)=@ethtool_ringparam={0x7, 0x0, 0x5, 0x0, 0x2, 0x10004003, 0x7, 0x0, 0x7}}) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c000280080001400000000014000180090001006cdbf80789f3f947dd000280080003"], 0xe4}}, 0x20050840) sendmsg$IPSET_CMD_DEL(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x34, 0xa, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x9}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x5}, @IPSET_ATTR_ADT={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4800}, 0x48080) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) 666.565664ms ago: executing program 2 (id=8626): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000840)=@newqdisc={0x50, 0x24, 0x3fe3aa0262d8c783, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xc}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x24, 0x2, [@TCA_PIE_ALPHA={0x8, 0x4, 0x10}, @TCA_PIE_TUPDATE={0x8, 0x3, 0x1}, @TCA_PIE_TARGET={0x8, 0x1, 0x6}, @TCA_PIE_ALPHA={0x8}]}}]}, 0x50}}, 0x0) 644.526727ms ago: executing program 3 (id=8627): sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\x00F', @ANYRES16, @ANYBLOB="000429bd7000ffdbdf250e0000003400028008000800050000000800030000000000080006000001000005000d0001000000080006000900000006"], 0x48}, 0x1, 0x0, 0x0, 0x400c1c4}, 0x44002) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100626f6e640000000018000280140008"], 0x48}}, 0x0) sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @private2, 0x52}]}, &(0x7f0000000440)=0x10) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000100)={r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) setsockopt(r1, 0x84, 0x80, &(0x7f0000000000)="0000000000000002", 0x8) 586.381404ms ago: executing program 2 (id=8628): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=ANY=[@ANYBLOB="140000001000010000000000000000000006000a20000000000a0500f000000000000000010000000900010073797a300000000048000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a3000000000080007006e6174003c000000060a010400000000000000000100000008000b40000000000900010073797a300000000014000480100001800a000100726564697200000014000000110001"], 0xcc}}, 0x0) 498.99952ms ago: executing program 0 (id=8629): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x4, &(0x7f0000000200)=0x80000000, 0x4) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) unshare(0x20000400) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x50) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x11, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@map_val={0x18, 0x2, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x6}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000100)='syzkaller\x00', 0xff, 0x9d, &(0x7f0000000240)=""/157, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000300)={0x4, 0xd, 0x4, 0x4}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000340)=[r1, r1, r1, r1, r1, r1, r1, r1, r1, r1], &(0x7f0000000400)=[{0x3, 0x4, 0x6, 0x5}, {0x1, 0x1, 0x7, 0x1}], 0x10, 0xa}, 0x94) bpf$BPF_GET_PROG_INFO(0x3, &(0x7f0000000000)={r2, 0x0, 0x0}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[], 0x50}}, 0x0) r4 = socket$kcm(0x10, 0x3, 0x10) ioctl$XFS_IOC_START_COMMIT(r4, 0x80585882, 0x0) 490.296726ms ago: executing program 2 (id=8630): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r2, 0x0, 0x6, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r3, 0x0, 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) write$cgroup_devices(r2, 0x0, 0x6) write(r0, 0x0, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x100000d, 0x6031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000007, 0x31, r2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000040)) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r6 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000080)={'syzkaller1\x00', @broadcast}) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x0, {0x2, 0x4e20, @rand_addr=0x64010100}, {0x2, 0x4a2c, @remote}, {0x2, 0x4e25, @multicast2}, 0x204, 0x0, 0x0, 0x0, 0x2008, 0x0, 0x200003, 0x2, 0x2}) write$tun(r5, &(0x7f00000003c0)=ANY=[@ANYBLOB='\b\x00\x00'], 0xdc) 384.70424ms ago: executing program 1 (id=8631): socket(0x2a, 0x6, 0xde97) socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth0_macvtap\x00', 0x0}) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}}}, 0x24}}, 0x20000000) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0xc0189436, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r4, 0xfffffffc) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000980)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x6, '\x00', 0x0, 0x0}, 0x50) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xfffff7dd}, {{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa, 0x20}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x1}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r7}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000001b00)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xa, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000}, 0x94) r10 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x9, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000183600000500000000000000000000009d052000fcffffff9d720800010000000d64f4ff100000004d77c0ff000000009500"/72], &(0x7f0000000000)='syzkaller\x00', 0xa, 0xff1, &(0x7f0000002e00)=""/4081, 0x0, 0x0, '\x00', 0x0, 0x0, r9, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r11 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000600)="2e61b3e3dff01e19adc7beef915d564c90c200"/32, 0x20) r12 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r12, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r11, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r10) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r6, 0x1, 0x70bd2c, 0x1000000, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x37}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}, 0x1, 0xff07}, 0x2000000) 303.252301ms ago: executing program 0 (id=8632): socket$nl_route(0x10, 0x3, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0xc) socket$kcm(0xa, 0x3, 0x87) socket(0x10, 0x803, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0003001c0000001f000000060001000700000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 224.552584ms ago: executing program 4 (id=8633): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000100)={0x18, 0x0, {0x4, @local, 'ip_vti0\x00'}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="30000000100001006c4789ec390bca4900000000", @ANYRESHEX=r1, @ANYBLOB="211000000300000008001b0000000000080004000180"], 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x4000000) connect$pppoe(r1, &(0x7f0000000240)={0x18, 0x0, {0x0, @broadcast, 'gre0\x00'}}, 0x1e) r2 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000080)={[{0x2d, 'cpuset'}]}, 0x8) socket$nl_route(0x10, 0x3, 0x0) (async) socket$pppoe(0x18, 0x1, 0x0) (async) connect$pppoe(r1, &(0x7f0000000100)={0x18, 0x0, {0x4, @local, 'ip_vti0\x00'}}, 0x1e) (async) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="30000000100001006c4789ec390bca4900000000", @ANYRESHEX=r1, @ANYBLOB="211000000300000008001b0000000000080004000180"], 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x4000000) (async) connect$pppoe(r1, &(0x7f0000000240)={0x18, 0x0, {0x0, @broadcast, 'gre0\x00'}}, 0x1e) (async) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) (async) write$cgroup_subtree(r2, &(0x7f0000000080)={[{0x2d, 'cpuset'}]}, 0x8) (async) 204.676551ms ago: executing program 0 (id=8634): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x88, 0x2c, 0xe27, 0xfffffff9, 0x0, {0x0, 0x0, 0x0, r3, {0xc, 0xc}, {}, {0x5, 0xa}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x50, 0x2, [@TCA_CGROUP_ACT={0x4c, 0x1, [@m_sample={0x48, 0x1, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x7fff, 0x4, 0x20000000, 0x72b, 0x4}}]}, {0x4}, {0xc, 0x3f}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x6, 0x5}}]}, 0x88}, 0x1, 0x0, 0x0, 0x65580000}, 0x20040054) 95.027728ms ago: executing program 3 (id=8635): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000000)={0x0, 0xfffffffe, 0x8001, 0x6}, 0x10) sendto$inet6(r0, &(0x7f0000000180)="51c8797e7920e481c97156", 0xb, 0x200088f5, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback, 0x80}, 0x1c) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_NET_GET(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000740)={0x170, 0x0, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0xb9}]}, @TIPC_NLA_NET={0x58, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7ff}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xf49}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}]}, @TIPC_NLA_SOCK={0x58, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8001}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8001}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x80000001}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}]}, @TIPC_NLA_MON={0x54, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7fff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x14a82dc2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x48}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffff9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3ff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xae31}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3b989b41}]}]}, 0x170}, 0x1, 0x0, 0x0, 0x15}, 0x4000) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000340)={0x254, 0x1, 0x2, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@CTA_EXPECT_FN={0xa, 0xb, 'Q.931\x00'}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x8}, @CTA_EXPECT_HELP_NAME={0xe, 0x6, 'ftp-20000\x00'}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0xe9}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x4}, @CTA_EXPECT_NAT={0x54, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_NAT_TUPLE={0x14, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_NAT={0xe0, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x34, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_EXPECT_NAT_TUPLE={0x64, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3c}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @loopback}}}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}]}, @CTA_EXPECT_CLASS={0x8}, @CTA_EXPECT_TUPLE={0x94, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x5b632a1fed5b96b9}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x3f}}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}]}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @multicast2}}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}}}}]}]}, 0x254}, 0x1, 0x0, 0x0, 0x40000}, 0x800) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x50) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001) setsockopt$sock_attach_bpf(r4, 0x6, 0xd, &(0x7f0000000400), 0x4) setsockopt$sock_attach_bpf(r4, 0x1, 0x31, &(0x7f0000000000), 0x4) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e000000000000000a000000fbffff7f14000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="04000000020000000000000002000000000000000000000000000000f3d1876c1ef0b23315aedc2625390b516e589d6fc22edf6d0fd9edc0f631c9365e09a939"], 0x50) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r8, &(0x7f0000000140)='\x00', 0x1, 0x0, &(0x7f00000002c0)={0xa, 0x0, 0x1f0c, @private0={0xfc, 0x0, '\x00', 0x1}, 0xa}, 0x10) sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0xf, 0xc}}, [@qdisc_kind_options=@q_fq={{0x7, 0x20}, {0x4}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}]}, 0x38}}, 0x0) r9 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r9, 0x11b, 0x3, &(0x7f00000001c0)=0x100000, 0x4) r10 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r10, 0x8946, &(0x7f00000002c0)={'team_slave_0\x00', &(0x7f0000000040)=@ethtool_stats={0x37}}) setsockopt$packet_int(r10, 0x107, 0xb, &(0x7f0000000000)=0x9, 0x4) 94.703904ms ago: executing program 1 (id=8636): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$gtp(&(0x7f0000000000), 0xffffffffffffffff) r3 = socket(0x200000000000011, 0x2, 0x3c644) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) bind$packet(r3, &(0x7f0000000080)={0x11, 0x800, r4, 0x1, 0x0, 0x6, @multicast}, 0x23) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x5f, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) r6 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x54, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xfdfbffff, {0x0, 0x0, 0x0, r2, {0x0, 0x8}, {0xffff, 0xffff}, {0xc, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x1c, 0x2, [@TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x30}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0xb}]}}, @TCA_RATE={0x6, 0x5, {0x4b, 0xe3}}]}, 0x54}, 0x1, 0x0, 0x0, 0x40001}, 0x8090) 0s ago: executing program 0 (id=8637): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000080), 0x2, 0x0) sendfile(r2, r2, 0x0, 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f00000005c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x9, [@typedef={0x6, 0x0, 0x0, 0x8, 0x5}]}, {0x0, [0x30, 0x0, 0x5f, 0x61, 0x2e, 0x61, 0x2d]}}, 0x0, 0x2d, 0x0, 0x1}, 0x28) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000100)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x300, {0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xd1}, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0xfffffffd}]}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_devices(r5, &(0x7f0000000080)=ANY=[@ANYBLOB='b '], 0x9) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) socket$kcm(0x11, 0x200000000000002, 0x300) r7 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000000e00)=@raw={'raw\x00', 0xc08, 0x3, 0x480, 0x350, 0x5002004a, 0xb, 0x350, 0xea13, 0x3e8, 0x3c8, 0x3c8, 0x3e8, 0x3c8, 0x3, 0x0, {[{{@ip={@multicast2, @private=0xa010101, 0xff, 0xffffffff, 'bridge0\x00', 'veth0_macvtap\x00', {}, {0xff}, 0x5c, 0x3, 0x2}, 0x0, 0x308, 0x350, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{0x0, 0x0, 0x1}, {0x16}, {0x4}, {}, {}, {0x0, 0x0, 0x5e}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffe}, {0xfffd}, {}, {}, {}, {0x6}, {0x0, 0x0, 0x4}, {}, {0x4, 0x8}, {}, {0x0, 0x2}, {0x1}, {0x0, 0x0, 0x0, 0x7f}, {0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x9}, {}, {0xfffc}, {}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x52}, {}, {0x4}, {}, {0x0, 0x0, 0x40}, {}, {}, {}, {}, {}, {0x3, 0x2}, {}, {}, {}, {0x0, 0x0, 0x9}, {0x80}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfd}]}}, @common=@unspec=@physdev={{0x68}, {'ip6gretap0\x00', {0xff}, 'syzkaller1\x00', {}, 0x19, 0x10}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x401, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x3, 0x6, 0xc}, {0x3, 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4e0) r8 = socket$kcm(0x2, 0x1000000000000002, 0x0) sendmsg$inet(r8, &(0x7f0000000b40)={&(0x7f0000000200)={0x2, 0x4c20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @loopback}}}], 0x20}, 0xe900) sendmsg$sock(0xffffffffffffffff, &(0x7f00000016c0)={&(0x7f00000003c0)=@in={0x2, 0x4e20, @remote}, 0x80, 0x0}, 0x890) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001240)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d19f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d6356e4450d043ed20d313cd56a56d2e4cdf26f19af9a41695a58a9b6b45af1ca939b18d7b57791b99cfc6ec2a0848c29fea4eb8b82395a38e8aca5ab4bfc2ad8acf2e51b766f8ecd16194ad41ec097082f7fa32179ef99dafa6c2aa206a25ddc33e6f0a09169eeff428c71f54e1dfcfcd7cfc8f6e169f11c47d504"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r9, 0x18000000000002a0, 0x36, 0xfffffeb2, &(0x7f0000000500)="b9ff03076804268cb89e14f086dd47e0ffff2000000000010000ac141416e000000129a130112b92121f9ae0dd972fa104edcce40d8d", 0x0, 0x2800, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c) write$cgroup_subtree(r8, &(0x7f00000001c0)=ANY=[], 0xfe33) r10 = openat$cgroup_devices(r6, &(0x7f00000001c0)='devices.deny\x00', 0x2, 0x0) splice(r4, 0x0, r10, 0x0, 0x40000001000d, 0x0) write$cgroup_subtree(r3, &(0x7f0000000280)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x11fe726f7e78fcf0}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0x1, &(0x7f00000001c0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}], &(0x7f0000000000)='syzkaller\x00', 0x9, 0xfda, &(0x7f0000001e00)=""/4058}, 0x94) kernel console output (not intermixed with test programs): error on dev nbd74, logical block 0, async page read [ 692.095736][T23822] I/O error, dev nbd74, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 692.109152][T23822] Buffer I/O error on dev nbd74, logical block 1, async page read [ 692.117997][T23822] I/O error, dev nbd74, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 692.129527][T23822] Buffer I/O error on dev nbd74, logical block 2, async page read [ 692.146517][T23822] I/O error, dev nbd74, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 692.164663][T23822] Buffer I/O error on dev nbd74, logical block 3, async page read [ 692.173158][T23822] I/O error, dev nbd74, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 692.191682][T23822] Buffer I/O error on dev nbd74, logical block 0, async page read [ 692.206713][T23822] I/O error, dev nbd74, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 692.215945][T23822] Buffer I/O error on dev nbd74, logical block 1, async page read [ 692.226179][T23822] ldm_validate_partition_table(): Disk read failed. [ 692.235325][T23822] Dev nbd74: unable to read RDB block 0 [ 692.246103][T23822] nbd74: unable to read partition table [ 692.268525][T23822] ldm_validate_partition_table(): Disk read failed. [ 692.276606][T23822] Dev nbd74: unable to read RDB block 0 [ 692.284844][T23822] nbd74: unable to read partition table [ 692.343440][T29091] __nla_validate_parse: 2 callbacks suppressed [ 692.343455][T29091] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.7578'. [ 692.359208][T29092] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7577'. [ 692.672951][T29113] netlink: 'syz.3.7585': attribute type 3 has an invalid length. [ 692.725957][T29119] netlink: 'syz.1.7586': attribute type 58 has an invalid length. [ 692.844776][ C0] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 692.866449][T29127] syzkaller1: entered promiscuous mode [ 692.876251][T29127] syzkaller1: entered allmulticast mode [ 692.893908][T29127] FAULT_INJECTION: forcing a failure. [ 692.893908][T29127] name failslab, interval 1, probability 0, space 0, times 0 [ 692.928704][T29127] CPU: 0 UID: 0 PID: 29127 Comm: syz.1.7588 Not tainted syzkaller #0 PREEMPT(full) [ 692.928728][T29127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 692.928737][T29127] Call Trace: [ 692.928743][T29127] [ 692.928749][T29127] dump_stack_lvl+0xe8/0x150 [ 692.928769][T29127] should_fail_ex+0x40c/0x560 [ 692.928786][T29127] should_failslab+0xa8/0x100 [ 692.928805][T29127] kmem_cache_alloc_node_noprof+0x8f/0x680 [ 692.928822][T29127] ? rcu_is_watching+0x15/0xb0 [ 692.928835][T29127] ? __alloc_skb+0x1d7/0x7a0 [ 692.928853][T29127] ? trace_irq_enable+0x3b/0x140 [ 692.928872][T29127] __alloc_skb+0x1d7/0x7a0 [ 692.928892][T29127] alloc_skb_with_frags+0xc6/0x760 [ 692.928911][T29127] ? rcu_is_watching+0x15/0xb0 [ 692.928930][T29127] sock_alloc_send_pskb+0x878/0x990 [ 692.928948][T29127] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 692.928960][T29127] ? is_bpf_text_address+0x26/0x2b0 [ 692.928980][T29127] ? rcu_is_watching+0x15/0xb0 [ 692.928993][T29127] ? rcu_is_watching+0x15/0xb0 [ 692.929007][T29127] ? iov_iter_advance+0x8b/0x1c0 [ 692.929023][T29127] tun_get_user+0x94f/0x4350 [ 692.929140][T29127] ? is_bpf_text_address+0x292/0x2b0 [ 692.929162][T29127] ? lock_release+0x4b/0x3c0 [ 692.929182][T29127] ? arch_stack_walk+0xfb/0x150 [ 692.929201][T29127] ? aa_file_perm+0x4ed/0x15f0 [ 692.929217][T29127] ? __pfx_tun_get_user+0x10/0x10 [ 692.929235][T29127] ? kstrtoull+0x12f/0x1d0 [ 692.929252][T29127] ? ref_tracker_alloc+0x341/0x4b0 [ 692.929268][T29127] ? get_pid_task+0x20/0x1f0 [ 692.929281][T29127] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 692.929296][T29127] ? rcu_is_watching+0x15/0xb0 [ 692.929310][T29127] ? tun_get+0x1c/0x2f0 [ 692.929325][T29127] ? tun_get+0x1c/0x2f0 [ 692.929340][T29127] ? rcu_is_watching+0x15/0xb0 [ 692.929353][T29127] ? tun_get+0x1c/0x2f0 [ 692.929367][T29127] ? lock_release+0x4b/0x3c0 [ 692.929385][T29127] ? apparmor_file_permission+0x1f4/0x300 [ 692.929434][T29127] ? tun_get+0x1c/0x2f0 [ 692.929451][T29127] tun_chr_write_iter+0x113/0x200 [ 692.929468][T29127] vfs_write+0x612/0xba0 [ 692.929489][T29127] ? __pfx_vfs_write+0x10/0x10 [ 692.929509][T29127] ? __fget_files+0x2a/0x420 [ 692.929527][T29127] ksys_write+0x150/0x270 [ 692.929544][T29127] ? __pfx_ksys_write+0x10/0x10 [ 692.929561][T29127] ? rcu_is_watching+0x15/0xb0 [ 692.929574][T29127] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 692.929588][T29127] do_syscall_64+0x174/0x580 [ 692.929606][T29127] ? clear_bhb_loop+0x40/0x90 [ 692.929627][T29127] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 692.929641][T29127] RIP: 0033:0x7f8f0599ce59 [ 692.929657][T29127] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 692.929670][T29127] RSP: 002b:00007f8f0676e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 692.929685][T29127] RAX: ffffffffffffffda RBX: 00007f8f05c15fa0 RCX: 00007f8f0599ce59 [ 692.929695][T29127] RDX: 0000000000000152 RSI: 0000200000001400 RDI: 0000000000000003 [ 692.929704][T29127] RBP: 00007f8f0676e090 R08: 0000000000000000 R09: 0000000000000000 [ 692.929712][T29127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 692.929720][T29127] R13: 00007f8f05c16038 R14: 00007f8f05c15fa0 R15: 00007fff4ecba5f8 [ 692.929735][T29127] [ 693.302361][T29133] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7591'. [ 693.362160][T29138] netlink: 'syz.0.7592': attribute type 1 has an invalid length. [ 693.396452][T29140] FAULT_INJECTION: forcing a failure. [ 693.396452][T29140] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 693.409514][T29140] CPU: 0 UID: 0 PID: 29140 Comm: syz.4.7593 Not tainted syzkaller #0 PREEMPT(full) [ 693.409536][T29140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 693.409546][T29140] Call Trace: [ 693.409554][T29140] [ 693.409561][T29140] dump_stack_lvl+0xe8/0x150 [ 693.409583][T29140] should_fail_ex+0x40c/0x560 [ 693.409602][T29140] _copy_from_user+0x2d/0xb0 [ 693.409623][T29140] __sys_bind+0x1c6/0x410 [ 693.409644][T29140] ? __pfx___sys_bind+0x10/0x10 [ 693.409667][T29140] ? __pfx_ksys_write+0x10/0x10 [ 693.409690][T29140] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 693.409707][T29140] __x64_sys_bind+0x7a/0x90 [ 693.409725][T29140] do_syscall_64+0x174/0x580 [ 693.409745][T29140] ? trace_irq_disable+0x3b/0x140 [ 693.409765][T29140] ? clear_bhb_loop+0x40/0x90 [ 693.409783][T29140] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 693.409798][T29140] RIP: 0033:0x7fade039ce59 [ 693.409813][T29140] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 693.409826][T29140] RSP: 002b:00007fade12a7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 693.409844][T29140] RAX: ffffffffffffffda RBX: 00007fade0615fa0 RCX: 00007fade039ce59 [ 693.409857][T29140] RDX: 0000000000000012 RSI: 0000200000000400 RDI: 0000000000000005 [ 693.409867][T29140] RBP: 00007fade12a7090 R08: 0000000000000000 R09: 0000000000000000 [ 693.409878][T29140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 693.409888][T29140] R13: 00007fade0616038 R14: 00007fade0615fa0 R15: 00007ffcc2cc5968 [ 693.409908][T29140] [ 693.467557][T29142] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7594'. [ 693.484586][ C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 693.549323][T29151] 8021q: adding VLAN 0 to HW filter on device bond11 [ 693.713646][T29151] bond10: (slave bond11): making interface the new active one [ 693.734453][T29138] netlink: 104 bytes leftover after parsing attributes in process `syz.0.7592'. [ 693.749853][T29151] bond10: (slave bond11): Enslaving as an active interface with an up link [ 693.759890][T29158] IPVS: Scheduler module ip_vs_sip not found [ 693.846232][T29155] bond13: Unable to set up delay as MII monitoring is disabled [ 693.885629][T29174] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7599'. [ 693.886926][T29155] bond13 (unregistering): Released all slaves [ 693.895180][T29174] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7599'. [ 693.958143][T29156] netlink: 120 bytes leftover after parsing attributes in process `syz.1.7594'. [ 693.970543][T29156] netlink: 120 bytes leftover after parsing attributes in process `syz.1.7594'. [ 693.984786][T29176] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7602'. [ 694.016195][T29167] C: renamed from veth1_to_team [ 694.037051][T29167] netlink: 'syz.3.7598': attribute type 1 has an invalid length. [ 694.052108][T29167] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 694.092265][T29176] 8021q: adding VLAN 0 to HW filter on device bond12 [ 694.135260][T29188] 8021q: adding VLAN 0 to HW filter on device bond12 [ 694.142897][T29188] bond12: (slave ipip1): The slave device specified does not support setting the MAC address [ 694.154410][T29188] bond12: (slave ipip1): Error -95 calling set_mac_address [ 694.223210][T29182] ipvlan2: entered allmulticast mode [ 694.229851][T29182] bond12: entered allmulticast mode [ 694.240787][T29193] bridge_slave_1: left allmulticast mode [ 694.248942][T29193] bridge_slave_1: left promiscuous mode [ 694.255435][T29193] bridge0: port 2(bridge_slave_1) entered disabled state [ 694.264954][T29193] bridge_slave_0: left allmulticast mode [ 694.270745][T29193] bridge_slave_0: left promiscuous mode [ 694.276912][T29193] bridge0: port 1(bridge_slave_0) entered disabled state [ 694.357202][T29200] netlink: 'syz.1.7610': attribute type 1 has an invalid length. [ 694.531959][T29200] 8021q: adding VLAN 0 to HW filter on device bond14 [ 694.592265][T29200] bond13: (slave bond14): making interface the new active one [ 694.608179][T29200] bond13: (slave bond14): Enslaving as an active interface with an up link [ 694.885451][T29233] netlink: 'syz.1.7619': attribute type 1 has an invalid length. [ 694.903353][T29214] syzkaller1: entered promiscuous mode [ 694.910356][T29214] syzkaller1: entered allmulticast mode [ 694.919479][T29172] lo speed is unknown, defaulting to 1000 [ 694.943892][T29233] 8021q: adding VLAN 0 to HW filter on device bond15 [ 694.962657][T29237] netlink: 'syz.3.7620': attribute type 1 has an invalid length. [ 695.008084][T29235] vlan2: entered allmulticast mode [ 695.118742][T29238] bond6: (slave veth3): Enslaving as an active interface with a down link [ 695.133959][T29237] netlink: 'syz.3.7620': attribute type 10 has an invalid length. [ 695.189656][T29240] bond6: (slave dummy0): making interface the new active one [ 695.198408][T29240] bond6: (slave dummy0): Enslaving as an active interface with an up link [ 695.207483][T29237] dummy0: entered promiscuous mode [ 695.213613][T29237] bond6: (slave dummy0): Releasing active interface [ 695.239850][T29249] syzkaller1: entered promiscuous mode [ 695.245612][T29249] syzkaller1: entered allmulticast mode [ 695.258475][T29249] xt_CONNSECMARK: invalid mode: 254 [ 695.577960][T29274] netlink: 'syz.1.7630': attribute type 2 has an invalid length. [ 695.640592][T29277] tipc: Enabled bearer , priority 0 [ 695.660670][T29279] ip6gre2: entered promiscuous mode [ 695.666010][T29279] ip6gre2: entered allmulticast mode [ 695.672906][T29277] syzkaller0: entered promiscuous mode [ 695.680117][T29277] syzkaller0: entered allmulticast mode [ 695.720161][T29277] tipc: Resetting bearer [ 695.742967][T29276] tipc: Resetting bearer [ 695.760594][T29276] tipc: Disabling bearer [ 695.871557][T29287] FAULT_INJECTION: forcing a failure. [ 695.871557][T29287] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 695.886103][T29287] CPU: 0 UID: 0 PID: 29287 Comm: syz.3.7636 Not tainted syzkaller #0 PREEMPT(full) [ 695.886125][T29287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 695.886135][T29287] Call Trace: [ 695.886142][T29287] [ 695.886150][T29287] dump_stack_lvl+0xe8/0x150 [ 695.886172][T29287] should_fail_ex+0x40c/0x560 [ 695.886192][T29287] _copy_from_user+0x2d/0xb0 [ 695.886212][T29287] ___sys_sendmsg+0x1c6/0x360 [ 695.886233][T29287] ? rcu_is_watching+0x15/0xb0 [ 695.886249][T29287] ? get_pid_task+0x20/0x1f0 [ 695.886265][T29287] ? __pfx____sys_sendmsg+0x10/0x10 [ 695.886286][T29287] ? rcu_is_watching+0x15/0xb0 [ 695.886310][T29287] ? __fget_files+0x2a/0x420 [ 695.886326][T29287] ? __fget_files+0x3a2/0x420 [ 695.886345][T29287] __x64_sys_sendmsg+0x1b1/0x290 [ 695.886366][T29287] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 695.886392][T29287] ? rcu_is_watching+0x15/0xb0 [ 695.886408][T29287] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.886423][T29287] do_syscall_64+0x174/0x580 [ 695.886445][T29287] ? clear_bhb_loop+0x40/0x90 [ 695.886462][T29287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.886477][T29287] RIP: 0033:0x7f503ad9ce59 [ 695.886492][T29287] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 695.886505][T29287] RSP: 002b:00007f503bc85028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 695.886524][T29287] RAX: ffffffffffffffda RBX: 00007f503b015fa0 RCX: 00007f503ad9ce59 [ 695.886535][T29287] RDX: 0000000000048080 RSI: 00002000000002c0 RDI: 0000000000000004 [ 695.886546][T29287] RBP: 00007f503bc85090 R08: 0000000000000000 R09: 0000000000000000 [ 695.886555][T29287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 695.886565][T29287] R13: 00007f503b016038 R14: 00007f503b015fa0 R15: 00007fffb46caa88 [ 695.886583][T29287] [ 695.890756][T29289] sctp: [Deprecated]: syz.1.7637 (pid 29289) Use of int in max_burst socket option. [ 695.890756][T29289] Use struct sctp_assoc_value instead [ 696.018062][T29293] 8021q: adding VLAN 0 to HW filter on device bond7 [ 696.054686][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 696.342188][T29307] veth7: entered allmulticast mode [ 696.451433][T24932] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 696.459233][T24932] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 696.474392][T19328] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 696.571164][T29320] FAULT_INJECTION: forcing a failure. [ 696.571164][T29320] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 696.608399][T29320] CPU: 1 UID: 0 PID: 29320 Comm: syz.2.7649 Not tainted syzkaller #0 PREEMPT(full) [ 696.608421][T29320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 696.608431][T29320] Call Trace: [ 696.608438][T29320] [ 696.608445][T29320] dump_stack_lvl+0xe8/0x150 [ 696.608468][T29320] should_fail_ex+0x40c/0x560 [ 696.608489][T29320] _copy_to_user+0x31/0xb0 [ 696.608510][T29320] simple_read_from_buffer+0xe1/0x170 [ 696.608532][T29320] proc_fail_nth_read+0x1bb/0x230 [ 696.608554][T29320] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 696.608574][T29320] ? rw_verify_area+0x24a/0x4c0 [ 696.608595][T29320] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 696.608613][T29320] vfs_read+0x213/0xa80 [ 696.608632][T29320] ? __pfx_aa_sk_perm+0x10/0x10 [ 696.608657][T29320] ? __pfx_vfs_read+0x10/0x10 [ 696.608676][T29320] ? x25_bind+0xdd/0x450 [ 696.608765][T29320] ? __sys_bind+0x306/0x410 [ 696.608787][T29320] ? __pfx___sys_bind+0x10/0x10 [ 696.608808][T29320] ksys_read+0x150/0x270 [ 696.608828][T29320] ? __pfx_ksys_read+0x10/0x10 [ 696.608849][T29320] ? rcu_is_watching+0x15/0xb0 [ 696.608867][T29320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.608884][T29320] do_syscall_64+0x174/0x580 [ 696.608905][T29320] ? trace_irq_disable+0x3b/0x140 [ 696.608926][T29320] ? clear_bhb_loop+0x40/0x90 [ 696.608944][T29320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.608959][T29320] RIP: 0033:0x7f9516f5d68e [ 696.608974][T29320] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 696.608989][T29320] RSP: 002b:00007f9517e0afe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 696.609006][T29320] RAX: ffffffffffffffda RBX: 00007f9517e0b6c0 RCX: 00007f9516f5d68e [ 696.609019][T29320] RDX: 000000000000000f RSI: 00007f9517e0b0a0 RDI: 0000000000000004 [ 696.609029][T29320] RBP: 00007f9517e0b090 R08: 0000000000000000 R09: 0000000000000000 [ 696.609039][T29320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 696.609050][T29320] R13: 00007f9517216038 R14: 00007f9517215fa0 R15: 00007ffc6136aa38 [ 696.609069][T29320] [ 696.842915][T19328] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 697.408682][T19328] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 697.448995][T29365] lo speed is unknown, defaulting to 1000 [ 697.457814][T29368] __nla_validate_parse: 17 callbacks suppressed [ 697.457829][T29368] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7665'. [ 697.480831][T29368] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.7665'. [ 697.862397][T29384] netlink: 'syz.4.7672': attribute type 1 has an invalid length. [ 697.887864][T29386] syzkaller1: entered promiscuous mode [ 697.893537][T29386] syzkaller1: entered allmulticast mode [ 698.061288][T29384] 8021q: adding VLAN 0 to HW filter on device bond5 [ 698.079034][T29387] vlan2: entered allmulticast mode [ 698.298501][T29401] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7677'. [ 698.346734][T29401] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.7677'. [ 698.766726][T29420] netlink: 220 bytes leftover after parsing attributes in process `syz.2.7685'. [ 698.776595][T29420] netlink: 120 bytes leftover after parsing attributes in process `syz.2.7685'. [ 698.786035][T29420] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7685'. [ 698.796547][T29420] netlink: 220 bytes leftover after parsing attributes in process `syz.2.7685'. [ 698.806797][T29420] netlink: 120 bytes leftover after parsing attributes in process `syz.2.7685'. [ 698.816192][T29420] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7685'. [ 698.915900][T29415] syzkaller1: entered promiscuous mode [ 698.921865][T29415] syzkaller1: entered allmulticast mode [ 698.961273][T29429] lo speed is unknown, defaulting to 1000 [ 699.291306][T29440] syzkaller1: entered promiscuous mode [ 699.297684][T29440] syzkaller1: entered allmulticast mode [ 699.312528][T29440] FAULT_INJECTION: forcing a failure. [ 699.312528][T29440] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 699.339111][T29440] CPU: 1 UID: 0 PID: 29440 Comm: syz.3.7692 Not tainted syzkaller #0 PREEMPT(full) [ 699.339136][T29440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 699.339146][T29440] Call Trace: [ 699.339153][T29440] [ 699.339160][T29440] dump_stack_lvl+0xe8/0x150 [ 699.339182][T29440] should_fail_ex+0x40c/0x560 [ 699.339201][T29440] _copy_from_iter+0x1d3/0x1660 [ 699.339220][T29440] ? skb_set_owner_w+0x263/0x3d0 [ 699.339248][T29440] ? __pfx__copy_from_iter+0x10/0x10 [ 699.339271][T29440] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 699.339288][T29440] skb_copy_datagram_from_iter+0xe6/0x720 [ 699.339307][T29440] ? skb_put+0x112/0x210 [ 699.339327][T29440] tun_get_user+0xc71/0x4350 [ 699.339346][T29440] ? is_bpf_text_address+0x292/0x2b0 [ 699.339374][T29440] ? lock_release+0x4b/0x3c0 [ 699.339396][T29440] ? arch_stack_walk+0xfb/0x150 [ 699.339416][T29440] ? aa_file_perm+0x4ed/0x15f0 [ 699.339442][T29440] ? __pfx_tun_get_user+0x10/0x10 [ 699.339463][T29440] ? kstrtoull+0x12f/0x1d0 [ 699.339482][T29440] ? ref_tracker_alloc+0x341/0x4b0 [ 699.339499][T29440] ? get_pid_task+0x20/0x1f0 [ 699.339514][T29440] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 699.339531][T29440] ? rcu_is_watching+0x15/0xb0 [ 699.339548][T29440] ? tun_get+0x1c/0x2f0 [ 699.339565][T29440] ? tun_get+0x1c/0x2f0 [ 699.339583][T29440] ? rcu_is_watching+0x15/0xb0 [ 699.339598][T29440] ? tun_get+0x1c/0x2f0 [ 699.339614][T29440] ? lock_release+0x4b/0x3c0 [ 699.339635][T29440] ? apparmor_file_permission+0x1f4/0x300 [ 699.339656][T29440] ? tun_get+0x1c/0x2f0 [ 699.339676][T29440] tun_chr_write_iter+0x113/0x200 [ 699.339696][T29440] vfs_write+0x612/0xba0 [ 699.339719][T29440] ? __pfx_vfs_write+0x10/0x10 [ 699.339743][T29440] ? __fget_files+0x2a/0x420 [ 699.339764][T29440] ksys_write+0x150/0x270 [ 699.339785][T29440] ? __pfx_ksys_write+0x10/0x10 [ 699.339805][T29440] ? rcu_is_watching+0x15/0xb0 [ 699.339821][T29440] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 699.339838][T29440] do_syscall_64+0x174/0x580 [ 699.339859][T29440] ? trace_irq_disable+0x3b/0x140 [ 699.339879][T29440] ? clear_bhb_loop+0x40/0x90 [ 699.339896][T29440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 699.339912][T29440] RIP: 0033:0x7f503ad9ce59 [ 699.339927][T29440] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 699.339941][T29440] RSP: 002b:00007f503bc85028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 699.339958][T29440] RAX: ffffffffffffffda RBX: 00007f503b015fa0 RCX: 00007f503ad9ce59 [ 699.339970][T29440] RDX: 0000000000000152 RSI: 0000200000001400 RDI: 0000000000000003 [ 699.339981][T29440] RBP: 00007f503bc85090 R08: 0000000000000000 R09: 0000000000000000 [ 699.339991][T29440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 699.340002][T29440] R13: 00007f503b016038 R14: 00007f503b015fa0 R15: 00007fffb46caa88 [ 699.340021][T29440] [ 699.808630][T29447] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 699.818468][T29447] bridge1: entered allmulticast mode [ 699.838051][T29449] ip6gre2: entered promiscuous mode [ 699.843577][T29449] ip6gre2: entered allmulticast mode [ 699.856747][T24932] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 699.867897][T24932] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 699.887464][ T5716] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 700.280438][T29479] sctp: [Deprecated]: syz.1.7706 (pid 29479) Use of int in maxseg socket option. [ 700.280438][T29479] Use struct sctp_assoc_value instead [ 700.444307][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 700.453848][T29472] syzkaller1: entered promiscuous mode [ 700.461441][T29472] syzkaller1: entered allmulticast mode [ 700.607454][ T5716] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 700.885371][T29520] 8021q: adding VLAN 0 to HW filter on device bond13 [ 700.924626][ T5716] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 700.975520][T29520] bond13: entered promiscuous mode [ 700.982138][T29520] bond13: entered allmulticast mode [ 700.995669][T29520] 8021q: adding VLAN 0 to HW filter on device bond13 [ 701.014456][T29520] team0: Port device bond13 added [ 701.026886][T29515] syzkaller1: entered promiscuous mode [ 701.051539][T29515] syzkaller1: entered allmulticast mode [ 701.122550][T29534] 8021q: VLANs not supported on vcan0 [ 701.169121][ T1778] block nbd65: Possible stuck request ffff88809ff85080: control (read@0,1024B). Runtime 90 seconds [ 701.180698][ T1778] block nbd65: Possible stuck request ffff88809ff85240: control (read@1024,1024B). Runtime 90 seconds [ 701.192629][ T1778] block nbd65: Possible stuck request ffff88809ff85400: control (read@2048,1024B). Runtime 90 seconds [ 701.204071][ T1778] block nbd65: Possible stuck request ffff88809ff855c0: control (read@3072,1024B). Runtime 90 seconds [ 701.205339][T29526] gretap0: entered promiscuous mode [ 701.369566][T29526] ip6tnl0: left promiscuous mode [ 701.383306][T29526] 8021q: adding VLAN 0 to HW filter on device .` [ 701.392805][T29526] 8021q: adding VLAN 0 to HW filter on device team0 [ 701.408048][T29526] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 701.455294][T29526] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 701.496206][T29547] FAULT_INJECTION: forcing a failure. [ 701.496206][T29547] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 701.505140][T29526] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 701.514253][T29547] CPU: 1 UID: 0 PID: 29547 Comm: syz.0.7729 Not tainted syzkaller #0 PREEMPT(full) [ 701.514276][T29547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 701.514285][T29547] Call Trace: [ 701.514293][T29547] [ 701.514299][T29547] dump_stack_lvl+0xe8/0x150 [ 701.514322][T29547] should_fail_ex+0x40c/0x560 [ 701.514341][T29547] _copy_to_user+0x31/0xb0 [ 701.514361][T29547] simple_read_from_buffer+0xe1/0x170 [ 701.514383][T29547] proc_fail_nth_read+0x1bb/0x230 [ 701.514404][T29547] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 701.514424][T29547] ? rw_verify_area+0x24a/0x4c0 [ 701.514444][T29547] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 701.514462][T29547] vfs_read+0x213/0xa80 [ 701.514482][T29547] ? __pfx___mutex_lock+0x10/0x10 [ 701.514503][T29547] ? __pfx_vfs_read+0x10/0x10 [ 701.514524][T29547] ? __fget_files+0x3a2/0x420 [ 701.514540][T29547] ? __fget_files+0x2a/0x420 [ 701.514560][T29547] ksys_read+0x150/0x270 [ 701.514579][T29547] ? __pfx_ksys_read+0x10/0x10 [ 701.514597][T29547] ? __pfx_sock_ioctl+0x10/0x10 [ 701.514613][T29547] ? rcu_is_watching+0x15/0xb0 [ 701.514630][T29547] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.514647][T29547] do_syscall_64+0x174/0x580 [ 701.514665][T29547] ? trace_irq_disable+0x3b/0x140 [ 701.514686][T29547] ? clear_bhb_loop+0x40/0x90 [ 701.514703][T29547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.514717][T29547] RIP: 0033:0x7fc6b715d68e [ 701.514731][T29547] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 701.514745][T29547] RSP: 002b:00007fc6b80b1fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 701.514763][T29547] RAX: ffffffffffffffda RBX: 00007fc6b80b26c0 RCX: 00007fc6b715d68e [ 701.514774][T29547] RDX: 000000000000000f RSI: 00007fc6b80b20a0 RDI: 0000000000000009 [ 701.514784][T29547] RBP: 00007fc6b80b2090 R08: 0000000000000000 R09: 0000000000000000 [ 701.514794][T29547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 701.514804][T29547] R13: 00007fc6b7416038 R14: 00007fc6b7415fa0 R15: 00007fff09711138 [ 701.514823][T29547] [ 701.755587][T29526] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 701.766701][T29526] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 701.786397][T29526] veth1_vlan: left promiscuous mode [ 701.793145][T29526] veth0_vlan: left promiscuous mode [ 701.800184][T29526] veth0_vlan: entered promiscuous mode [ 701.812611][T29526] veth1_vlan: entered promiscuous mode [ 701.829089][T29526] veth1_macvtap: left promiscuous mode [ 701.837241][T29526] veth0_macvtap: left promiscuous mode [ 701.844785][T29526] veth0_macvtap: entered promiscuous mode [ 701.851840][T29526] veth1_macvtap: entered promiscuous mode [ 701.862830][T29526] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 701.871342][T29526] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 701.879553][T29526] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 701.888991][T29526] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 701.963407][T29526] 8021q: adding VLAN 0 to HW filter on device bond1 [ 701.972852][T29526] bond2: left promiscuous mode [ 701.978322][T29526] 8021q: adding VLAN 0 to HW filter on device bond2 [ 701.987192][T29526] 8021q: adding VLAN 0 to HW filter on device bond3 [ 701.997033][T29526] 8021q: adding VLAN 0 to HW filter on device bond0 [ 702.008816][T29526] ip6gre1: left promiscuous mode [ 702.015968][T29526] ip6gre2: left promiscuous mode [ 702.034933][ T7745] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 702.055921][ T7745] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 702.090644][T29551] syzkaller1: entered promiscuous mode [ 702.097321][T29551] syzkaller1: entered allmulticast mode [ 702.104459][T19321] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 702.115425][T24932] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 702.124160][T24932] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 702.186528][T24935] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 702.208884][T24932] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 702.227626][ T1090] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 702.233060][T29572] netlink: 'syz.3.7733': attribute type 1 has an invalid length. [ 702.277349][T29572] NCSI netlink: No device for ifindex 0 [ 702.309581][T29572] netlink: 'syz.3.7733': attribute type 3 has an invalid length. [ 702.393570][T29575] openvswitch: netlink: IPv4 frag type 127 is out of range max 2 [ 702.428626][T29575] block nbd0: Unsupported socket: should be TCP or UNIX. [ 702.479215][T29590] tipc: Started in network mode [ 702.491206][T29590] tipc: Node identity 2ac474d3a04a, cluster identity 4711 [ 702.531728][T29590] tipc: Enabled bearer , priority 0 [ 702.551320][T29596] syzkaller0: entered promiscuous mode [ 702.563586][T29596] syzkaller0: entered allmulticast mode [ 702.598604][T29590] tipc: Resetting bearer [ 702.613242][T29589] tipc: Resetting bearer [ 702.628904][T29589] tipc: Disabling bearer [ 702.890156][T29602] syzkaller1: entered promiscuous mode [ 702.895842][T29602] syzkaller1: entered allmulticast mode [ 702.919617][T29605] lo speed is unknown, defaulting to 1000 [ 703.034724][T29610] __nla_validate_parse: 113 callbacks suppressed [ 703.034742][T29610] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7748'. [ 703.094175][T29610] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.7748'. [ 703.129487][T29614] FAULT_INJECTION: forcing a failure. [ 703.129487][T29614] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 703.163502][T29615] FAULT_INJECTION: forcing a failure. [ 703.163502][T29615] name failslab, interval 1, probability 0, space 0, times 0 [ 703.168321][T29614] CPU: 0 UID: 0 PID: 29614 Comm: syz.0.7749 Not tainted syzkaller #0 PREEMPT(full) [ 703.168345][T29614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 703.168355][T29614] Call Trace: [ 703.168362][T29614] [ 703.168368][T29614] dump_stack_lvl+0xe8/0x150 [ 703.168391][T29614] should_fail_ex+0x40c/0x560 [ 703.168410][T29614] _copy_from_user+0x2d/0xb0 [ 703.168431][T29614] do_sock_getsockopt+0x200/0x7e0 [ 703.168456][T29614] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 703.168476][T29614] ? rcu_is_watching+0x15/0xb0 [ 703.168494][T29614] ? lock_release+0x4b/0x3c0 [ 703.168519][T29614] ? __fget_files+0x3a2/0x420 [ 703.168535][T29614] ? __fget_files+0x2a/0x420 [ 703.168553][T29614] __x64_sys_getsockopt+0x1a4/0x240 [ 703.168577][T29614] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.168592][T29614] do_syscall_64+0x174/0x580 [ 703.168612][T29614] ? trace_irq_disable+0x3b/0x140 [ 703.168632][T29614] ? clear_bhb_loop+0x40/0x90 [ 703.168650][T29614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.168665][T29614] RIP: 0033:0x7fc6b719ce59 [ 703.168680][T29614] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 703.168693][T29614] RSP: 002b:00007fc6b8091028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 703.168711][T29614] RAX: ffffffffffffffda RBX: 00007fc6b7416090 RCX: 00007fc6b719ce59 [ 703.168722][T29614] RDX: 0000000000000021 RSI: 0000000000000084 RDI: 0000000000000003 [ 703.168733][T29614] RBP: 00007fc6b8091090 R08: 0000200000000100 R09: 0000000000000000 [ 703.168743][T29614] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 703.168754][T29614] R13: 00007fc6b7416128 R14: 00007fc6b7416090 R15: 00007fff09711138 [ 703.168772][T29614] [ 703.244519][T29539] Bluetooth: hci4: command 0x0406 tx timeout [ 703.244775][T29615] CPU: 1 UID: 0 PID: 29615 Comm: syz.1.7752 Not tainted syzkaller #0 PREEMPT(full) [ 703.244794][T29615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 703.244803][T29615] Call Trace: [ 703.244809][T29615] [ 703.244817][T29615] dump_stack_lvl+0xe8/0x150 [ 703.244839][T29615] should_fail_ex+0x40c/0x560 [ 703.244858][T29615] should_failslab+0xa8/0x100 [ 703.244880][T29615] ? skb_clone+0x212/0x3a0 [ 703.244894][T29615] kmem_cache_alloc_noprof+0x87/0x650 [ 703.244917][T29615] skb_clone+0x212/0x3a0 [ 703.244932][T29615] bpf_clone_redirect+0x170/0x4b0 [ 703.244953][T29615] ? bpf_test_run+0x1d1/0x830 [ 703.244976][T29615] bpf_prog_4653d16e8163849f+0x22/0x2a [ 703.244990][T29615] bpf_test_run+0x354/0x830 [ 703.245019][T29615] ? __pfx_bpf_test_run+0x10/0x10 [ 703.245043][T29615] ? trace_kmem_cache_alloc+0x29/0xe0 [ 703.245059][T29615] ? csum_partial+0x239/0x2c0 [ 703.245084][T29615] ? skb_dst_set+0x72/0x140 [ 703.245105][T29615] bpf_prog_test_run_skb+0xe35/0x2230 [ 703.245126][T29615] ? get_pid_task+0x20/0x1f0 [ 703.245144][T29615] ? lock_acquire+0x5f/0x350 [ 703.245166][T29615] ? rcu_is_watching+0x15/0xb0 [ 703.245183][T29615] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 703.245203][T29615] bpf_prog_test_run+0x2c5/0x340 [ 703.245226][T29615] __sys_bpf+0x643/0x950 [ 703.245245][T29615] ? __pfx___sys_bpf+0x10/0x10 [ 703.245262][T29615] ? kmem_cache_free+0x182/0x650 [ 703.245287][T29615] ? ksys_write+0x1fc/0x270 [ 703.245307][T29615] ? __pfx_ksys_write+0x10/0x10 [ 703.245327][T29615] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.245343][T29615] __x64_sys_bpf+0x7c/0x90 [ 703.245361][T29615] do_syscall_64+0x174/0x580 [ 703.245381][T29615] ? clear_bhb_loop+0x40/0x90 [ 703.245398][T29615] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.245413][T29615] RIP: 0033:0x7f8f0599ce59 [ 703.245427][T29615] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 703.245440][T29615] RSP: 002b:00007f8f0676e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 703.245459][T29615] RAX: ffffffffffffffda RBX: 00007f8f05c15fa0 RCX: 00007f8f0599ce59 [ 703.245470][T29615] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a [ 703.245480][T29615] RBP: 00007f8f0676e090 R08: 0000000000000000 R09: 0000000000000000 [ 703.245490][T29615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 703.245500][T29615] R13: 00007f8f05c16038 R14: 00007f8f05c15fa0 R15: 00007fff4ecba5f8 [ 703.245518][T29615] [ 703.330278][ T5629] Bluetooth: hci1: command 0x0406 tx timeout [ 703.835789][T29619] syzkaller1: entered promiscuous mode [ 703.848434][T29619] syzkaller1: entered allmulticast mode [ 703.892028][T29641] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7757'. [ 703.959553][T29645] netlink: 'syz.0.7758': attribute type 9 has an invalid length. [ 704.069867][T29645] mac80211_hwsim hwsim105 wlan0: entered promiscuous mode [ 704.131048][T29649] openvswitch: netlink: VXLAN extension message has 3 unknown bytes. [ 704.201468][T29657] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7763'. [ 704.279930][T29645] batman_adv: batadv0: Adding interface: wlan0 [ 704.311731][T29645] batman_adv: batadv0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1532. [ 704.344855][T29645] batman_adv: batadv0: Interface activated: wlan0 [ 704.496453][T29658] syzkaller1: entered promiscuous mode [ 704.503459][T29658] syzkaller1: entered allmulticast mode [ 704.730294][T29608] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7742'. [ 704.797140][T29608] netlink: 40 bytes leftover after parsing attributes in process `syz.4.7742'. [ 705.120371][T29689] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 705.131540][T29689] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 705.142480][T29689] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 705.152880][T29689] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 705.171223][T29689] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 705.181654][T29689] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 705.190991][T29689] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 705.200955][T29689] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 705.453307][T29702] tipc: Enabled bearer , priority 0 [ 705.477292][T29698] syzkaller0: entered promiscuous mode [ 705.486149][T29698] syzkaller0: entered allmulticast mode [ 705.550078][T29698] tipc: Resetting bearer [ 705.760850][T29697] tipc: Resetting bearer [ 705.775293][T29697] tipc: Disabling bearer [ 705.833471][T29705] syzkaller1: entered promiscuous mode [ 705.847428][T29705] syzkaller1: entered allmulticast mode [ 706.044524][ C1] ip6_tnl_xmit_ctl: 2 callbacks suppressed [ 706.044543][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 706.221733][T29730] netlink: 'syz.0.7785': attribute type 4 has an invalid length. [ 706.284523][ C0] ip6_tunnel: ip6gre7 xmit: Local address not yet configured! [ 706.293331][ C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 706.563760][T29744] xt_hashlimit: size too large, truncated to 1048576 [ 707.006495][T29752] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7792'. [ 707.104168][T29752] ip6gre3: entered promiscuous mode [ 707.130855][T29752] ip6gre3: entered allmulticast mode [ 707.171064][T24935] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 707.199659][T24935] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 707.199683][ T6010] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 707.249510][T29754] tipc: Started in network mode [ 707.277367][T29754] tipc: Node identity eecb12666721, cluster identity 4711 [ 707.309926][T29754] tipc: Enabled bearer , priority 0 [ 707.348663][T29761] syzkaller0: entered promiscuous mode [ 707.374999][T29761] syzkaller0: entered allmulticast mode [ 707.430061][T29754] tipc: Resetting bearer [ 707.458035][ T6010] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 707.494583][T29753] tipc: Resetting bearer [ 707.518854][T29753] tipc: Disabling bearer [ 707.525427][T29768] netlink: 'syz.1.7797': attribute type 1 has an invalid length. [ 707.541435][T29757] syzkaller1: entered promiscuous mode [ 707.554834][T29757] syzkaller1: entered allmulticast mode [ 707.595189][T19328] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 707.731121][T29768] 8021q: adding VLAN 0 to HW filter on device bond17 [ 707.757330][T29768] bond16: (slave bond17): making interface the new active one [ 707.758504][T29773] netlink: 104 bytes leftover after parsing attributes in process `syz.1.7797'. [ 707.786520][T29768] bond16: (slave bond17): Enslaving as an active interface with an up link [ 708.047552][T29785] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7801'. [ 708.060888][T29791] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7804'. [ 708.082081][T29791] 8021q: VLANs not supported on vcan0 [ 708.146317][T29766] syzkaller1: entered promiscuous mode [ 708.154621][T29766] syzkaller1: entered allmulticast mode [ 708.175467][T29793] lo: Caught tx_queue_len zero misconfig [ 708.196712][T29793] sch_tbf: burst 2797 is lower than device lo mtu (65550) ! [ 708.204436][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 708.337735][T29800] tipc: Enabled bearer , priority 0 [ 708.363967][T29800] syzkaller0: entered promiscuous mode [ 708.382250][T29800] syzkaller0: entered allmulticast mode [ 708.397252][T29803] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7810'. [ 708.424496][T29800] tipc: Resetting bearer [ 708.458553][T29798] tipc: Resetting bearer [ 708.506791][T29798] tipc: Disabling bearer [ 708.550858][T29808] syzkaller1: entered promiscuous mode [ 708.577123][T29811] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7814'. [ 708.592425][T29808] syzkaller1: entered allmulticast mode [ 708.699633][ T30] audit: type=1107 audit(1781746455.313:10): pid=29818 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='öxà÷@G«3&~l÷}dËðDƒnÜzQeÂá×+÷ŠúMíÇ&‚rÎɈé+‚q}=öpÍjk[‹ÒE\Q£ò°«ÅA¯Ïæ7î …tªÌBã[Ö-~ÌCp*•rg¤i\)¦†)ÐÈ|ÿÈ|¹Æ7s»¦Ï' [ 708.853287][T29826] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7819'. [ 709.195262][T29843] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7824'. [ 709.251958][T29847] tipc: Enabled bearer , priority 0 [ 709.275699][T29847] syzkaller0: entered promiscuous mode [ 709.284354][T29847] syzkaller0: entered allmulticast mode [ 709.321970][T29847] tipc: Resetting bearer [ 709.425357][T29846] tipc: Resetting bearer [ 709.440864][T29846] tipc: Disabling bearer [ 709.484404][ C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 709.610867][T29866] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7833'. [ 709.621401][T29866] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7833'. [ 710.106085][T29876] batman_adv: batadv0: Interface deactivated: wlan0 [ 710.115813][T29876] mac80211_hwsim hwsim105 wlan0: left promiscuous mode [ 710.229506][T29876] ipip0: left promiscuous mode [ 710.238359][T29876] bond13: left promiscuous mode [ 710.243402][T29876] bond13: left allmulticast mode [ 710.265765][T29882] syzkaller1: entered promiscuous mode [ 710.278708][T29882] syzkaller1: entered allmulticast mode [ 710.310131][T10631] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 710.358797][T10631] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.389701][T10631] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 36372 - 0 [ 710.409086][T10631] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 710.418751][T10631] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.428391][T10631] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 36372 - 0 [ 710.458475][T10631] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 710.494279][T10631] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.514467][T10631] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 36372 - 0 [ 710.549826][T10631] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 710.563335][T29906] netlink: 32 bytes leftover after parsing attributes in process `syz.3.7843'. [ 710.567077][T10631] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.577441][T29905] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7844'. [ 710.582086][T10631] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 36372 - 0 [ 710.843704][T29927] netlink: 'syz.2.7852': attribute type 15 has an invalid length. [ 711.038682][T29931] bond14: Removing last ns target with arp_interval on [ 711.113616][T29932] macvlan3: entered allmulticast mode [ 711.213590][T29937] geneve2: entered promiscuous mode [ 711.240048][T10631] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.271720][T10631] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.301548][T10631] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.321347][T10631] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.350604][T29943] tipc: Enabled bearer , priority 0 [ 711.367630][T29943] syzkaller0: entered promiscuous mode [ 711.388593][T29943] syzkaller0: entered allmulticast mode [ 711.404681][ C0] ip6_tnl_xmit_ctl: 2 callbacks suppressed [ 711.404709][ C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 711.613228][T29943] tipc: Resetting bearer [ 711.643071][T29942] tipc: Resetting bearer [ 711.668024][T29942] tipc: Disabling bearer [ 712.054386][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 712.068046][T29979] can: request_module (can-proto-0) failed. [ 712.232934][T29982] syzkaller1: entered promiscuous mode [ 712.238614][T29982] syzkaller1: entered allmulticast mode [ 713.324363][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 713.332057][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 713.403214][T30021] syzkaller1: entered promiscuous mode [ 713.410785][T30021] syzkaller1: entered allmulticast mode [ 713.900860][T30029] syzkaller1: entered promiscuous mode [ 713.906417][T30029] syzkaller1: entered allmulticast mode [ 714.096627][T30035] netlink: 'syz.0.7892': attribute type 1 has an invalid length. [ 714.184532][T30037] 8021q: adding VLAN 0 to HW filter on device bond16 [ 714.193273][T30037] bond15: (slave bond16): making interface the new active one [ 714.201513][T30037] bond15: (slave bond16): Enslaving as an active interface with an up link [ 714.266499][T30039] __nla_validate_parse: 15 callbacks suppressed [ 714.266521][T30039] netlink: 104 bytes leftover after parsing attributes in process `syz.0.7892'. [ 714.945801][T29971] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 715.020945][T30043] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 715.031073][T30041] netlink: 84 bytes leftover after parsing attributes in process `syz.3.7893'. [ 715.193887][T30055] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7900'. [ 715.195384][T30049] bond9: Removing last ns target with arp_interval on [ 715.215721][T30056] netlink: 132 bytes leftover after parsing attributes in process `syz.2.7896'. [ 715.241038][T30055] macvlan6: entered allmulticast mode [ 715.253818][T30055] gretap0: entered allmulticast mode [ 715.342276][T30053] netlink: 'syz.1.7898': attribute type 61 has an invalid length. [ 715.354588][T30053] netlink: 'syz.1.7898': attribute type 105 has an invalid length. [ 715.483470][T30076] netlink: 'syz.2.7907': attribute type 1 has an invalid length. [ 715.578534][T30067] syzkaller1: entered promiscuous mode [ 715.585603][T30067] syzkaller1: entered allmulticast mode [ 715.649406][T30076] 8021q: adding VLAN 0 to HW filter on device bond15 [ 715.658160][T30081] netlink: 104 bytes leftover after parsing attributes in process `syz.2.7907'. [ 715.667326][T30076] bond14: (slave bond15): making interface the new active one [ 715.667993][T30076] bond14: (slave bond15): Enslaving as an active interface with an up link [ 715.846826][T30100] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 716.075387][T30058] syzkaller1: entered promiscuous mode [ 716.083278][T30058] syzkaller1: entered allmulticast mode [ 716.090441][T30120] netlink: 'syz.2.7919': attribute type 61 has an invalid length. [ 716.098822][T30120] netlink: 'syz.2.7919': attribute type 105 has an invalid length. [ 716.818156][T30129] netlink: 'syz.1.7923': attribute type 30 has an invalid length. [ 716.947148][T30129] bond18: option arp_missed_max: invalid value (0) [ 716.953696][T30129] bond18: option arp_missed_max: allowed values 1 - 255 [ 716.967311][T30129] bond18 (unregistering): Released all slaves [ 716.989351][T30141] block nbd0: Unsupported socket: should be TCP or UNIX. [ 717.018622][T30133] pim6reg: entered allmulticast mode [ 717.026949][T30139] pim6reg: left allmulticast mode [ 717.065412][T30131] FAULT_INJECTION: forcing a failure. [ 717.065412][T30131] name failslab, interval 1, probability 0, space 0, times 0 [ 717.080019][T30131] CPU: 0 UID: 0 PID: 30131 Comm: syz.3.7924 Not tainted syzkaller #0 PREEMPT(full) [ 717.080043][T30131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 717.080054][T30131] Call Trace: [ 717.080061][T30131] [ 717.080068][T30131] dump_stack_lvl+0xe8/0x150 [ 717.080092][T30131] should_fail_ex+0x40c/0x560 [ 717.080112][T30131] should_failslab+0xa8/0x100 [ 717.080135][T30131] __kmalloc_noprof+0xe8/0x750 [ 717.080155][T30131] ? __asan_memset+0x22/0x50 [ 717.080171][T30131] ? taprio_init+0x2e6/0xc00 [ 717.080268][T30131] ? __hrtimer_setup+0x1b7/0x260 [ 717.080286][T30131] taprio_init+0x2e6/0xc00 [ 717.080306][T30131] ? netlink_rcv_skb+0x226/0x4a0 [ 717.080326][T30131] ? netlink_unicast+0x7bb/0x940 [ 717.080344][T30131] ? netlink_sendmsg+0x813/0xb40 [ 717.080365][T30131] ? do_syscall_64+0x174/0x580 [ 717.080385][T30131] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.080405][T30131] ? __pfx_taprio_init+0x10/0x10 [ 717.080430][T30131] ? __pfx_taprio_init+0x10/0x10 [ 717.080450][T30131] qdisc_create+0x7b5/0xf00 [ 717.080512][T30131] tc_modify_qdisc+0x17af/0x2390 [ 717.080535][T30131] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 717.080551][T30131] ? rcu_is_watching+0x15/0xb0 [ 717.080569][T30131] ? trace_irq_enable+0x3b/0x140 [ 717.080600][T30131] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 717.080616][T30131] rtnetlink_rcv_msg+0x7b9/0xc00 [ 717.080636][T30131] ? kasan_save_track+0x3e/0x80 [ 717.080657][T30131] ? rtnetlink_rcv_msg+0x1c9/0xc00 [ 717.080676][T30131] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 717.080704][T30131] ? __netlink_lookup+0xc6/0x8b0 [ 717.080719][T30131] ? rcu_is_watching+0x15/0xb0 [ 717.080739][T30131] netlink_rcv_skb+0x226/0x4a0 [ 717.080760][T30131] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 717.080780][T30131] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 717.080805][T30131] ? net_generic+0x1e/0x240 [ 717.080821][T30131] ? net_generic+0x1e/0x240 [ 717.080839][T30131] ? netlink_deliver_tap+0x2e/0x1b0 [ 717.080862][T30131] netlink_unicast+0x7bb/0x940 [ 717.080886][T30131] netlink_sendmsg+0x813/0xb40 [ 717.080911][T30131] ? __pfx_netlink_sendmsg+0x10/0x10 [ 717.080933][T30131] ? aa_sock_msg_perm+0xf1/0x1b0 [ 717.080948][T30131] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 717.080966][T30131] ? __pfx_netlink_sendmsg+0x10/0x10 [ 717.080987][T30131] ____sys_sendmsg+0x9b9/0xa20 [ 717.081013][T30131] ? __pfx_____sys_sendmsg+0x10/0x10 [ 717.081034][T30131] ? lock_release+0x4b/0x3c0 [ 717.081056][T30131] ? import_iovec+0x73/0xa0 [ 717.081077][T30131] ___sys_sendmsg+0x2a5/0x360 [ 717.081097][T30131] ? rcu_is_watching+0x15/0xb0 [ 717.081111][T30131] ? get_pid_task+0x20/0x1f0 [ 717.081127][T30131] ? __pfx____sys_sendmsg+0x10/0x10 [ 717.081149][T30131] ? rcu_is_watching+0x15/0xb0 [ 717.081175][T30131] ? __fget_files+0x2a/0x420 [ 717.081191][T30131] ? __fget_files+0x3a2/0x420 [ 717.081211][T30131] __x64_sys_sendmsg+0x1b1/0x290 [ 717.081233][T30131] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 717.081259][T30131] ? rcu_is_watching+0x15/0xb0 [ 717.081275][T30131] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.081290][T30131] do_syscall_64+0x174/0x580 [ 717.081310][T30131] ? clear_bhb_loop+0x40/0x90 [ 717.081327][T30131] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.081342][T30131] RIP: 0033:0x7f503ad9ce59 [ 717.081358][T30131] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 717.081372][T30131] RSP: 002b:00007f503bc85028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 717.081390][T30131] RAX: ffffffffffffffda RBX: 00007f503b015fa0 RCX: 00007f503ad9ce59 [ 717.081402][T30131] RDX: 0000000000008090 RSI: 00002000000012c0 RDI: 0000000000000006 [ 717.081412][T30131] RBP: 00007f503bc85090 R08: 0000000000000000 R09: 0000000000000000 [ 717.081423][T30131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 717.081433][T30131] R13: 00007f503b016038 R14: 00007f503b015fa0 R15: 00007fffb46caa88 [ 717.081452][T30131] [ 717.576599][T30146] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7929'. [ 717.604418][T30146] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7929'. [ 717.668758][T30158] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7934'. [ 717.715144][T30158] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7934'. [ 717.766013][T30158] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7934'. [ 718.005075][T30156] syzkaller1: entered promiscuous mode [ 718.010836][T30156] syzkaller1: entered allmulticast mode [ 718.035342][T19721] block nbd75: Wrong magic (0x103ae828) [ 718.054828][T30178] nbd75: detected capacity change from 0 to 127 [ 718.061915][T23822] block nbd75: Dead connection, failed to find a fallback [ 718.078102][T23822] block nbd75: shutting down sockets [ 718.089392][T23822] blk_print_req_error: 138 callbacks suppressed [ 718.089407][T23822] I/O error, dev nbd75, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 718.139926][T23822] buffer_io_error: 138 callbacks suppressed [ 718.139942][T23822] Buffer I/O error on dev nbd75, logical block 0, async page read [ 718.147980][T30181] netlink: 'syz.4.7936': attribute type 61 has an invalid length. [ 718.166647][T30181] netlink: 'syz.4.7936': attribute type 105 has an invalid length. [ 718.181339][T23822] I/O error, dev nbd75, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 718.193689][T23822] Buffer I/O error on dev nbd75, logical block 1, async page read [ 718.205788][T23822] I/O error, dev nbd75, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 718.216355][T23822] Buffer I/O error on dev nbd75, logical block 2, async page read [ 718.239565][T23822] I/O error, dev nbd75, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 718.252342][T23822] Buffer I/O error on dev nbd75, logical block 3, async page read [ 718.262210][T23822] I/O error, dev nbd75, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 718.275607][T23822] Buffer I/O error on dev nbd75, logical block 0, async page read [ 718.286330][T23822] I/O error, dev nbd75, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 718.307753][T23822] Buffer I/O error on dev nbd75, logical block 1, async page read [ 718.330296][T23822] I/O error, dev nbd75, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 718.342408][T23822] Buffer I/O error on dev nbd75, logical block 2, async page read [ 718.374501][T30192] macvlan7: entered allmulticast mode [ 718.395879][T23822] I/O error, dev nbd75, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 718.410297][T23822] Buffer I/O error on dev nbd75, logical block 3, async page read [ 718.426075][T23822] I/O error, dev nbd75, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 718.449480][T23822] Buffer I/O error on dev nbd75, logical block 0, async page read [ 718.482012][T23822] I/O error, dev nbd75, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 718.505785][T23822] Buffer I/O error on dev nbd75, logical block 1, async page read [ 718.515771][T23822] ldm_validate_partition_table(): Disk read failed. [ 718.529948][T23822] Dev nbd75: unable to read RDB block 0 [ 718.535730][T30200] tipc: Enabling of bearer rejected, failed to enable media [ 718.545723][T23822] nbd75: unable to read partition table [ 718.564100][T23822] ldm_validate_partition_table(): Disk read failed. [ 718.583687][T23822] Dev nbd75: unable to read RDB block 0 [ 718.603713][T23822] nbd75: unable to read partition table [ 718.609581][T19721] Bluetooth: hci3: command 0x0406 tx timeout [ 718.694064][T30208] net_ratelimit: 25 callbacks suppressed [ 718.694103][T30208] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 718.875943][T30208] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 719.084327][ C1] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 719.204137][T30222] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 719.249252][T30222] syzkaller1: linktype set to 1 [ 719.600986][T30257] netlink: 'syz.0.7961': attribute type 3 has an invalid length. [ 719.851110][T30272] netlink: 'syz.2.7963': attribute type 61 has an invalid length. [ 719.870049][T30272] netlink: 'syz.2.7963': attribute type 105 has an invalid length. [ 719.885179][T30269] netlink: 'syz.0.7965': attribute type 24 has an invalid length. [ 720.063047][T30281] __nla_validate_parse: 2 callbacks suppressed [ 720.063066][T30281] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7966'. [ 720.118574][T30281] 8021q: VLANs not supported on vcan0 [ 720.259483][T30291] netlink: 56 bytes leftover after parsing attributes in process `syz.0.7969'. [ 720.396103][T30300] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7972'. [ 720.651713][ T5621] Bluetooth: hci2: link tx timeout [ 720.658780][ T5621] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 720.671793][T19721] Bluetooth: hci2: link tx timeout [ 720.677231][T19721] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 720.736391][T19721] Bluetooth: hci2: link tx timeout [ 720.741574][T19721] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 720.774450][T19721] Bluetooth: hci2: link tx timeout [ 720.779620][T19721] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 720.832110][T30330] netlink: 44 bytes leftover after parsing attributes in process `syz.2.7979'. [ 721.420391][T30366] netlink: 84 bytes leftover after parsing attributes in process `syz.1.7989'. [ 721.566239][T19721] Bluetooth: hci2: link tx timeout [ 721.571488][T19721] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 721.573361][T30374] netlink: 44 bytes leftover after parsing attributes in process `syz.0.7992'. [ 721.637227][T19721] Bluetooth: hci2: link tx timeout [ 721.642501][T19721] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 721.644616][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 721.668232][T19721] Bluetooth: hci2: link tx timeout [ 721.673426][T19721] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 721.677697][T30379] xt_hashlimit: size too large, truncated to 1048576 [ 721.818046][T30385] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7995'. [ 721.882851][T30388] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7996'. [ 721.892350][T30388] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7996'. [ 722.001505][T30396] FAULT_INJECTION: forcing a failure. [ 722.001505][T30396] name failslab, interval 1, probability 0, space 0, times 0 [ 722.014529][T30396] CPU: 1 UID: 0 PID: 30396 Comm: syz.4.7998 Not tainted syzkaller #0 PREEMPT(full) [ 722.014552][T30396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 722.014561][T30396] Call Trace: [ 722.014568][T30396] [ 722.014576][T30396] dump_stack_lvl+0xe8/0x150 [ 722.014618][T30396] should_fail_ex+0x40c/0x560 [ 722.014639][T30396] should_failslab+0xa8/0x100 [ 722.014662][T30396] __kmalloc_noprof+0xe8/0x750 [ 722.014681][T30396] ? rcu_is_watching+0x15/0xb0 [ 722.014698][T30396] ? sock_kmalloc+0xd6/0x160 [ 722.014713][T30396] ? hash_recvmsg+0x134/0x860 [ 722.014733][T30396] sock_kmalloc+0xd6/0x160 [ 722.014749][T30396] hash_recvmsg+0x1d0/0x860 [ 722.014765][T30396] ? __pfx_hash_recvmsg_nokey+0x10/0x10 [ 722.014784][T30396] ? __pfx_hash_recvmsg_nokey+0x10/0x10 [ 722.014801][T30396] sock_recvmsg_nosec+0x10c/0x140 [ 722.014820][T30396] ____sys_recvmsg+0x3e3/0x4a0 [ 722.014845][T30396] ? __pfx_____sys_recvmsg+0x10/0x10 [ 722.014871][T30396] ? import_iovec+0x73/0xa0 [ 722.014891][T30396] ___sys_recvmsg+0x213/0x5a0 [ 722.014915][T30396] ? __pfx____sys_recvmsg+0x10/0x10 [ 722.014938][T30396] ? __fget_files+0x2a/0x420 [ 722.014955][T30396] ? rcu_is_watching+0x15/0xb0 [ 722.014977][T30396] ? rcu_is_watching+0x15/0xb0 [ 722.014993][T30396] ? lock_release+0x4b/0x3c0 [ 722.015014][T30396] ? __might_fault+0xcb/0x130 [ 722.015034][T30396] do_recvmmsg+0x31a/0x7f0 [ 722.015057][T30396] ? __pfx_do_recvmmsg+0x10/0x10 [ 722.015083][T30396] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 722.015106][T30396] ? __fget_files+0x3a2/0x420 [ 722.015127][T30396] __x64_sys_recvmmsg+0x198/0x250 [ 722.015150][T30396] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 722.015173][T30396] ? rcu_is_watching+0x15/0xb0 [ 722.015190][T30396] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 722.015207][T30396] do_syscall_64+0x174/0x580 [ 722.015227][T30396] ? trace_irq_disable+0x3b/0x140 [ 722.015248][T30396] ? clear_bhb_loop+0x40/0x90 [ 722.015265][T30396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 722.015281][T30396] RIP: 0033:0x7fade039ce59 [ 722.015295][T30396] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 722.015309][T30396] RSP: 002b:00007fade12a7028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 722.015327][T30396] RAX: ffffffffffffffda RBX: 00007fade0615fa0 RCX: 00007fade039ce59 [ 722.015339][T30396] RDX: 000000000000049f RSI: 0000200000006100 RDI: 0000000000000006 [ 722.015350][T30396] RBP: 00007fade12a7090 R08: 0000000000000000 R09: 0000000000000000 [ 722.015360][T30396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 722.015370][T30396] R13: 00007fade0616038 R14: 00007fade0615fa0 R15: 00007ffcc2cc5968 [ 722.015389][T30396] [ 722.382754][T30402] sctp: [Deprecated]: syz.2.7999 (pid 30402) Use of struct sctp_assoc_value in delayed_ack socket option. [ 722.382754][T30402] Use struct sctp_sack_info instead [ 722.400056][T30405] netlink: 'syz.3.8000': attribute type 19 has an invalid length. [ 722.400077][T30405] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8000'. [ 722.405274][T30405] netlink: 'syz.3.8000': attribute type 19 has an invalid length. [ 722.428257][T24935] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 722.450104][T24935] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 722.464289][T24935] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 722.473000][T24935] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 722.512705][T30407] syzkaller1: entered promiscuous mode [ 722.520678][T30407] syzkaller1: entered allmulticast mode [ 722.662788][T30416] syzkaller0: entered promiscuous mode [ 722.670067][T30416] syzkaller0: entered allmulticast mode [ 722.687164][T19721] Bluetooth: hci2: command 0x0406 tx timeout [ 722.693920][T19721] Bluetooth: hci2: link tx timeout [ 722.778362][T30390] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 722.849021][T30424] tipc: MTU too low for tipc bearer [ 723.035732][T30432] sit0: entered promiscuous mode [ 723.060351][T30432] netlink: 'syz.3.8011': attribute type 1 has an invalid length. [ 723.615861][T30466] gretap0: left allmulticast mode [ 723.689347][T30471] syzkaller1: entered promiscuous mode [ 723.695434][T30471] syzkaller1: entered allmulticast mode [ 724.142610][ T5621] block nbd76: Wrong magic (0x103ae828) [ 724.164429][T30494] nbd76: detected capacity change from 0 to 127 [ 724.181328][T23822] block nbd76: Dead connection, failed to find a fallback [ 724.198451][T23822] block nbd76: shutting down sockets [ 724.204576][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 724.227426][T23822] blk_print_req_error: 138 callbacks suppressed [ 724.227442][T23822] I/O error, dev nbd76, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 724.245850][T23822] buffer_io_error: 138 callbacks suppressed [ 724.245866][T23822] Buffer I/O error on dev nbd76, logical block 0, async page read [ 724.275344][T23822] I/O error, dev nbd76, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 724.285403][T23822] Buffer I/O error on dev nbd76, logical block 1, async page read [ 724.293866][T23822] I/O error, dev nbd76, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 724.308116][T23822] Buffer I/O error on dev nbd76, logical block 2, async page read [ 724.316664][T23822] I/O error, dev nbd76, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 724.353476][T23822] Buffer I/O error on dev nbd76, logical block 3, async page read [ 724.369861][T23822] I/O error, dev nbd76, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 724.398067][T23822] Buffer I/O error on dev nbd76, logical block 0, async page read [ 724.418930][T23822] I/O error, dev nbd76, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 724.442513][T23822] Buffer I/O error on dev nbd76, logical block 1, async page read [ 724.470492][T23822] I/O error, dev nbd76, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 724.479035][T30508] syzkaller1: entered promiscuous mode [ 724.485262][T23822] Buffer I/O error on dev nbd76, logical block 2, async page read [ 724.486981][T30508] syzkaller1: entered allmulticast mode [ 724.493752][T23822] I/O error, dev nbd76, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 724.510073][T23822] Buffer I/O error on dev nbd76, logical block 3, async page read [ 724.518985][T23822] I/O error, dev nbd76, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 724.529346][T23822] Buffer I/O error on dev nbd76, logical block 0, async page read [ 724.540190][T23822] I/O error, dev nbd76, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 724.550178][T23822] Buffer I/O error on dev nbd76, logical block 1, async page read [ 724.562341][T23822] ldm_validate_partition_table(): Disk read failed. [ 724.571886][T23822] Dev nbd76: unable to read RDB block 0 [ 724.580589][T23822] nbd76: unable to read partition table [ 724.595737][T23822] ldm_validate_partition_table(): Disk read failed. [ 724.605800][T23822] Dev nbd76: unable to read RDB block 0 [ 724.613780][T23822] nbd76: unable to read partition table [ 724.881967][T30530] netlink: 'syz.0.8044': attribute type 61 has an invalid length. [ 724.900740][T30530] netlink: 'syz.0.8044': attribute type 105 has an invalid length. [ 725.086670][T30527] __nla_validate_parse: 13 callbacks suppressed [ 725.086688][T30527] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8043'. [ 725.181735][T30546] netlink: 'syz.0.8050': attribute type 3 has an invalid length. [ 725.318348][T30558] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8055'. [ 725.375447][T30561] hmó3)ó: entered promiscuous mode [ 725.390027][T30563] netlink: 'syz.2.8056': attribute type 61 has an invalid length. [ 725.408533][T30563] netlink: 'syz.2.8056': attribute type 105 has an invalid length. [ 725.566721][T30578] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 725.641289][T30580] tipc: Enabled bearer , priority 0 [ 725.659873][T30585] xt_hashlimit: size too large, truncated to 1048576 [ 725.662290][T30580] syzkaller0: entered promiscuous mode [ 725.689729][T30580] syzkaller0: entered allmulticast mode [ 725.735433][T30580] tipc: Resetting bearer [ 725.750545][T30587] @0Ù: renamed from bond_slave_1 [ 725.776634][T30579] tipc: Resetting bearer [ 725.808667][T30579] tipc: Disabling bearer [ 725.852767][T30595] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8065'. [ 725.862498][T30595] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8065'. [ 726.055863][T30601] netlink: 'syz.3.8069': attribute type 61 has an invalid length. [ 726.063854][T30601] netlink: 'syz.3.8069': attribute type 105 has an invalid length. [ 726.440693][T30632] syzkaller1: entered promiscuous mode [ 726.456961][T30632] syzkaller1: entered allmulticast mode [ 726.488642][T30632] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8077'. [ 726.536455][T30638] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8078'. [ 726.547017][T30632] xt_CONNSECMARK: invalid mode: 254 [ 726.594747][T30638] x_tables: ip_tables: string.1 match: invalid size 160 (kernel) != (user) 200 [ 726.794882][T30645] syzkaller0: entered promiscuous mode [ 726.805236][T30645] syzkaller0: entered allmulticast mode [ 727.037980][T30664] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8084'. [ 727.048876][T30664] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8084'. [ 727.095268][T30668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8085'. [ 727.099746][T30657] netlink: 'syz.3.8081': attribute type 61 has an invalid length. [ 727.107060][T30670] netlink: 'syz.1.8083': attribute type 1 has an invalid length. [ 727.121475][T30668] x_tables: arp_tables: NFQUEUE target: not valid for this family [ 727.126122][T30657] netlink: 'syz.3.8081': attribute type 105 has an invalid length. [ 727.154173][T30670] netlink: 224 bytes leftover after parsing attributes in process `syz.1.8083'. [ 727.475411][T30689] ip6gre4: entered promiscuous mode [ 727.492049][T30689] ip6gre4: entered allmulticast mode [ 727.772888][T30707] xt_hashlimit: size too large, truncated to 1048576 [ 728.012464][T30705] syzkaller1: entered promiscuous mode [ 728.020346][T30705] syzkaller1: entered allmulticast mode [ 728.044347][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 728.052015][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 728.113198][T30716] FAULT_INJECTION: forcing a failure. [ 728.113198][T30716] name failslab, interval 1, probability 0, space 0, times 0 [ 728.126597][T30716] CPU: 0 UID: 0 PID: 30716 Comm: syz.3.8100 Not tainted syzkaller #0 PREEMPT(full) [ 728.126622][T30716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 728.126632][T30716] Call Trace: [ 728.126639][T30716] [ 728.126646][T30716] dump_stack_lvl+0xe8/0x150 [ 728.126668][T30716] should_fail_ex+0x40c/0x560 [ 728.126688][T30716] should_failslab+0xa8/0x100 [ 728.126710][T30716] ? skb_clone+0x212/0x3a0 [ 728.126726][T30716] kmem_cache_alloc_noprof+0x87/0x650 [ 728.126749][T30716] skb_clone+0x212/0x3a0 [ 728.126765][T30716] bpf_clone_redirect+0x170/0x4b0 [ 728.126787][T30716] ? bpf_test_run+0x1d1/0x830 [ 728.126809][T30716] bpf_prog_4653d16e8163849f+0x22/0x2a [ 728.126825][T30716] bpf_test_run+0x354/0x830 [ 728.126847][T30716] ? trace_irq_enable+0x3b/0x140 [ 728.126873][T30716] ? __pfx_bpf_test_run+0x10/0x10 [ 728.126898][T30716] ? trace_kmem_cache_alloc+0x29/0xe0 [ 728.126914][T30716] ? csum_partial+0x239/0x2c0 [ 728.126938][T30716] ? skb_dst_set+0x72/0x140 [ 728.126959][T30716] bpf_prog_test_run_skb+0xe35/0x2230 [ 728.126980][T30716] ? get_pid_task+0x20/0x1f0 [ 728.126999][T30716] ? lock_acquire+0x5f/0x350 [ 728.127021][T30716] ? rcu_is_watching+0x15/0xb0 [ 728.127039][T30716] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 728.127060][T30716] bpf_prog_test_run+0x2c5/0x340 [ 728.127083][T30716] __sys_bpf+0x643/0x950 [ 728.127103][T30716] ? __pfx___sys_bpf+0x10/0x10 [ 728.127128][T30716] ? ksys_write+0x1fc/0x270 [ 728.127150][T30716] ? __pfx_ksys_write+0x10/0x10 [ 728.127171][T30716] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 728.127188][T30716] __x64_sys_bpf+0x7c/0x90 [ 728.127206][T30716] do_syscall_64+0x174/0x580 [ 728.127228][T30716] ? clear_bhb_loop+0x40/0x90 [ 728.127246][T30716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 728.127262][T30716] RIP: 0033:0x7f503ad9ce59 [ 728.127276][T30716] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 728.127290][T30716] RSP: 002b:00007f503bc85028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 728.127308][T30716] RAX: ffffffffffffffda RBX: 00007f503b015fa0 RCX: 00007f503ad9ce59 [ 728.127320][T30716] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a [ 728.127331][T30716] RBP: 00007f503bc85090 R08: 0000000000000000 R09: 0000000000000000 [ 728.127342][T30716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 728.127352][T30716] R13: 00007f503b016038 R14: 00007f503b015fa0 R15: 00007fffb46caa88 [ 728.127371][T30716] [ 728.475258][T30722] tipc: Enabled bearer , priority 0 [ 728.483006][T30722] syzkaller0: entered promiscuous mode [ 728.497998][T30722] syzkaller0: entered allmulticast mode [ 728.972172][T30722] tipc: Resetting bearer [ 728.999680][T30722] tipc: Disabling bearer [ 730.135367][T30791] __nla_validate_parse: 3 callbacks suppressed [ 730.135384][T30791] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8122'. [ 730.332634][T30791] macvlan3: entered allmulticast mode [ 730.339215][T30791] gretap0: entered allmulticast mode [ 730.348284][T30801] A link change request failed with some changes committed already. Interface ipvlan0 may have been left with an inconsistent configuration, please check. [ 730.399148][T30803] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8125'. [ 730.483360][T30807] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8126'. [ 730.507575][T30807] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8126'. [ 730.518938][T30809] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8127'. [ 730.740335][T30818] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8130'. [ 730.995835][T30821] IPVS: set_ctl: invalid protocol: 58 100.1.1.0:20002 [ 731.017006][T30824] xt_hashlimit: size too large, truncated to 1048576 [ 731.021102][T30823] nbd: must specify a size in bytes for the device [ 731.034319][T30824] xt_hashlimit: max too large, truncated to 1048576 [ 731.248684][ T1778] block nbd65: Possible stuck request ffff88809ff85080: control (read@0,1024B). Runtime 120 seconds [ 731.248988][T30830] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8135'. [ 731.259702][ T1778] block nbd65: Possible stuck request ffff88809ff85240: control (read@1024,1024B). Runtime 120 seconds [ 731.259731][ T1778] block nbd65: Possible stuck request ffff88809ff85400: control (read@2048,1024B). Runtime 120 seconds [ 731.259753][ T1778] block nbd65: Possible stuck request ffff88809ff855c0: control (read@3072,1024B). Runtime 120 seconds [ 731.499986][T30841] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8140'. [ 731.598653][T30850] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 731.669134][T30853] openvswitch: netlink: IPv4 tunnel dst address is zero [ 731.793530][T30861] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8145'. [ 731.886779][ C1] ip6_tunnel: ip6gre6 xmit: Local address not yet configured! [ 732.141036][T30882] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 732.357468][T30898] FAULT_INJECTION: forcing a failure. [ 732.357468][T30898] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 732.387945][T30898] CPU: 1 UID: 0 PID: 30898 Comm: syz.0.8154 Not tainted syzkaller #0 PREEMPT(full) [ 732.387972][T30898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 732.387982][T30898] Call Trace: [ 732.387989][T30898] [ 732.387995][T30898] dump_stack_lvl+0xe8/0x150 [ 732.388017][T30898] should_fail_ex+0x40c/0x560 [ 732.388038][T30898] _copy_from_user+0x2d/0xb0 [ 732.388058][T30898] ___sys_recvmsg+0x173/0x5a0 [ 732.388084][T30898] ? __pfx____sys_recvmsg+0x10/0x10 [ 732.388108][T30898] ? __fget_files+0x2a/0x420 [ 732.388127][T30898] ? rcu_is_watching+0x15/0xb0 [ 732.388150][T30898] ? rcu_is_watching+0x15/0xb0 [ 732.388167][T30898] ? lock_release+0x4b/0x3c0 [ 732.388189][T30898] ? __might_fault+0xcb/0x130 [ 732.388208][T30898] do_recvmmsg+0x31a/0x7f0 [ 732.388233][T30898] ? __pfx_do_recvmmsg+0x10/0x10 [ 732.388259][T30898] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 732.388280][T30898] ? __fget_files+0x3a2/0x420 [ 732.388300][T30898] __x64_sys_recvmmsg+0x198/0x250 [ 732.388324][T30898] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 732.388347][T30898] ? rcu_is_watching+0x15/0xb0 [ 732.388364][T30898] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 732.388381][T30898] do_syscall_64+0x174/0x580 [ 732.388402][T30898] ? clear_bhb_loop+0x40/0x90 [ 732.388420][T30898] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 732.388436][T30898] RIP: 0033:0x7fc6b719ce59 [ 732.388452][T30898] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 732.388467][T30898] RSP: 002b:00007fc6b80b2028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 732.388486][T30898] RAX: ffffffffffffffda RBX: 00007fc6b7415fa0 RCX: 00007fc6b719ce59 [ 732.388498][T30898] RDX: 000000000000049f RSI: 0000200000006100 RDI: 0000000000000006 [ 732.388510][T30898] RBP: 00007fc6b80b2090 R08: 0000000000000000 R09: 0000000000000000 [ 732.388521][T30898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 732.388531][T30898] R13: 00007fc6b7416038 R14: 00007fc6b7415fa0 R15: 00007fff09711138 [ 732.388559][T30898] [ 732.388740][ T5621] block nbd77: Wrong magic (0x103ae828) [ 732.646473][T30894] nbd77: detected capacity change from 0 to 127 [ 732.656361][T23822] block nbd77: Dead connection, failed to find a fallback [ 732.663852][T23822] block nbd77: shutting down sockets [ 732.674075][T23822] blk_print_req_error: 138 callbacks suppressed [ 732.674101][T23822] I/O error, dev nbd77, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 732.693372][T23822] buffer_io_error: 138 callbacks suppressed [ 732.693385][T23822] Buffer I/O error on dev nbd77, logical block 0, async page read [ 732.708280][T23822] I/O error, dev nbd77, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 732.718868][T23822] Buffer I/O error on dev nbd77, logical block 1, async page read [ 732.728153][T23822] I/O error, dev nbd77, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 732.764802][T23822] Buffer I/O error on dev nbd77, logical block 2, async page read [ 732.803113][T23822] I/O error, dev nbd77, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 732.816844][T23822] Buffer I/O error on dev nbd77, logical block 3, async page read [ 732.850305][T23822] I/O error, dev nbd77, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 732.861687][T23822] Buffer I/O error on dev nbd77, logical block 0, async page read [ 732.881073][T30923] validate_nla: 3 callbacks suppressed [ 732.881118][T30923] netlink: 'syz.0.8157': attribute type 1 has an invalid length. [ 732.888085][T23822] I/O error, dev nbd77, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 732.934383][T23822] Buffer I/O error on dev nbd77, logical block 1, async page read [ 732.948215][T23822] I/O error, dev nbd77, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 732.960801][T23822] Buffer I/O error on dev nbd77, logical block 2, async page read [ 732.971554][T23822] I/O error, dev nbd77, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 732.981454][T23822] Buffer I/O error on dev nbd77, logical block 3, async page read [ 732.989934][T23822] I/O error, dev nbd77, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 733.000000][T23822] Buffer I/O error on dev nbd77, logical block 0, async page read [ 733.019923][T23822] I/O error, dev nbd77, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 733.025607][T30923] bond17: entered promiscuous mode [ 733.030202][T23822] Buffer I/O error on dev nbd77, logical block 1, async page read [ 733.046271][T23822] ldm_validate_partition_table(): Disk read failed. [ 733.055906][T23822] Dev nbd77: unable to read RDB block 0 [ 733.062248][T30923] 8021q: adding VLAN 0 to HW filter on device bond17 [ 733.068836][T23822] nbd77: unable to read partition table [ 733.088301][T23822] ldm_validate_partition_table(): Disk read failed. [ 733.097940][T23822] Dev nbd77: unable to read RDB block 0 [ 733.108657][T23822] nbd77: unable to read partition table [ 733.123379][T30934] bond17: (slave bridge0): making interface the new active one [ 733.162879][T30934] bridge0: entered promiscuous mode [ 733.180758][T30934] bond17: (slave bridge0): Enslaving as an active interface with an up link [ 733.209349][T30942] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8164'. [ 733.219858][T30942] 8021q: VLANs not supported on vcan0 [ 733.340957][T30949] netlink: 'syz.2.8167': attribute type 1 has an invalid length. [ 733.650084][T30968] tap0: tun_chr_ioctl cmd 2148553947 [ 733.707532][T30969] netlink: 'syz.1.8172': attribute type 61 has an invalid length. [ 733.734979][T30969] netlink: 'syz.1.8172': attribute type 105 has an invalid length. [ 733.772724][T30980] block nbd0: Unsupported socket: should be TCP or UNIX. [ 733.804409][ C1] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 733.908607][T30990] netlink: 'syz.0.8183': attribute type 1 has an invalid length. [ 733.973006][T30995] netlink: 'syz.3.8181': attribute type 1 has an invalid length. [ 734.077671][T30997] tipc: Enabled bearer , priority 0 [ 734.101680][T30997] syzkaller0: entered promiscuous mode [ 734.118990][T30997] syzkaller0: entered allmulticast mode [ 734.132564][T30997] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 734.178359][T30997] tipc: Resetting bearer [ 734.237425][T30996] tipc: Resetting bearer [ 734.281121][T30996] tipc: Disabling bearer [ 734.330383][T31019] syzkaller1: entered promiscuous mode [ 734.337824][T31019] syzkaller1: entered allmulticast mode [ 734.347314][T31018] tipc: Enabled bearer , priority 0 [ 734.355666][T31018] syzkaller0: entered promiscuous mode [ 734.361424][T31018] syzkaller0: entered allmulticast mode [ 734.372549][T31018] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 734.472998][T31022] sch_tbf: burst 88 is lower than device veth9 mtu (1514) ! [ 734.501110][T31018] tipc: Resetting bearer [ 734.529719][T31014] tipc: Resetting bearer [ 734.557124][T31014] tipc: Disabling bearer [ 734.565002][T31021] netlink: 'syz.4.8190': attribute type 61 has an invalid length. [ 734.573725][T31021] netlink: 'syz.4.8190': attribute type 105 has an invalid length. [ 734.720704][T31044] netlink: 'syz.2.8202': attribute type 1 has an invalid length. [ 734.786372][T31047] syzkaller1: entered promiscuous mode [ 734.799371][T31047] syzkaller1: entered allmulticast mode [ 735.040249][T31056] IPVS: persistence engine module ip_vs_pe_À not found [ 735.125780][T31067] ip6gre3: entered promiscuous mode [ 735.131191][T31067] ip6gre3: entered allmulticast mode [ 735.138487][T10628] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 735.163011][T10628] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 735.178347][T25629] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 735.231864][T31069] tipc: Enabled bearer , priority 0 [ 735.250933][T31069] syzkaller0: entered promiscuous mode [ 735.256863][T31069] syzkaller0: entered allmulticast mode [ 735.266845][T31069] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 735.290450][T31075] __nla_validate_parse: 12 callbacks suppressed [ 735.290464][T31075] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8214'. [ 735.292406][T31069] tipc: Resetting bearer [ 735.350493][T31075] ip6tnl3: entered allmulticast mode [ 735.365646][T31068] tipc: Resetting bearer [ 735.386883][T31068] tipc: Disabling bearer [ 735.704702][T25629] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 735.779831][T31099] veth0_macvtap: entered allmulticast mode [ 735.793261][T31099] A link change request failed with some changes committed already. Interface veth0_macvtap may have been left with an inconsistent configuration, please check. [ 735.965560][T25629] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 736.071820][T31110] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8225'. [ 736.094544][T31110] 8021q: VLANs not supported on vcan0 [ 736.117339][T31112] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8226'. [ 736.177765][T31116] netlink: 84 bytes leftover after parsing attributes in process `syz.0.8228'. [ 736.276386][T31123] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8230'. [ 736.328786][T31123] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 736.408857][T31132] SET target dimension over the limit! [ 736.476258][T31125] syzkaller1: entered promiscuous mode [ 736.481847][T31125] syzkaller1: entered allmulticast mode [ 736.690298][T31149] FAULT_INJECTION: forcing a failure. [ 736.690298][T31149] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 736.709651][T31149] CPU: 1 UID: 0 PID: 31149 Comm: syz.4.8237 Not tainted syzkaller #0 PREEMPT(full) [ 736.709676][T31149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 736.709685][T31149] Call Trace: [ 736.709692][T31149] [ 736.709699][T31149] dump_stack_lvl+0xe8/0x150 [ 736.709721][T31149] should_fail_ex+0x40c/0x560 [ 736.709741][T31149] _copy_from_user+0x2d/0xb0 [ 736.709762][T31149] ___sys_sendmsg+0x1c6/0x360 [ 736.709782][T31149] ? _parse_integer_limit+0x1ae/0x1f0 [ 736.709800][T31149] ? __pfx____sys_sendmsg+0x10/0x10 [ 736.709824][T31149] ? kstrtouint+0x6e/0xe0 [ 736.709849][T31149] ? __fget_files+0x2a/0x420 [ 736.709867][T31149] ? __fget_files+0x3a2/0x420 [ 736.709888][T31149] __sys_sendmmsg+0x273/0x4d0 [ 736.709911][T31149] ? __pfx___sys_sendmmsg+0x10/0x10 [ 736.709935][T31149] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 736.709963][T31149] ? ksys_write+0x242/0x270 [ 736.709983][T31149] ? __pfx_ksys_write+0x10/0x10 [ 736.710005][T31149] __x64_sys_sendmmsg+0xa0/0xc0 [ 736.710026][T31149] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.710041][T31149] do_syscall_64+0x174/0x580 [ 736.710061][T31149] ? trace_irq_disable+0x3b/0x140 [ 736.710080][T31149] ? clear_bhb_loop+0x40/0x90 [ 736.710097][T31149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.710112][T31149] RIP: 0033:0x7fade039ce59 [ 736.710152][T31149] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 736.710164][T31149] RSP: 002b:00007fade12a7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 736.710187][T31149] RAX: ffffffffffffffda RBX: 00007fade0615fa0 RCX: 00007fade039ce59 [ 736.710196][T31149] RDX: 0000000000000001 RSI: 0000200000003cc0 RDI: 0000000000000004 [ 736.710205][T31149] RBP: 00007fade12a7090 R08: 0000000000000000 R09: 0000000000000000 [ 736.710215][T31149] R10: 0000000004001c00 R11: 0000000000000246 R12: 0000000000000001 [ 736.710224][T31149] R13: 00007fade0616038 R14: 00007fade0615fa0 R15: 00007ffcc2cc5968 [ 736.710244][T31149] [ 737.006123][ C0] ip6_tunnel: ip6gre7 xmit: Local address not yet configured! [ 737.103521][T31163] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8243'. [ 737.134104][T31166] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8244'. [ 737.308157][T31163] macvlan8: entered allmulticast mode [ 737.313706][T31163] gretap0: entered allmulticast mode [ 737.644401][ C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 737.669897][T31179] syzkaller1: entered promiscuous mode [ 737.677450][T31179] syzkaller1: entered allmulticast mode [ 737.687202][T31189] syzkaller1: entered promiscuous mode [ 737.693112][T31189] syzkaller1: entered allmulticast mode [ 737.721684][T31199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8252'. [ 737.763186][T31201] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8253'. [ 737.842958][T31207] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8256'. [ 737.951892][T31211] 8021q: adding VLAN 0 to HW filter on device bond18 [ 738.102554][T31217] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 739.004441][ C0] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 739.559960][T31227] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 739.732288][T31246] xt_hashlimit: size too large, truncated to 1048576 [ 739.989188][T31248] syzkaller1: entered promiscuous mode [ 740.004340][T31248] syzkaller1: entered allmulticast mode [ 740.151504][T31268] netlink: 'syz.4.8274': attribute type 1 has an invalid length. [ 740.162020][T31270] 8021q: adding VLAN 0 to HW filter on device bond12 [ 740.311515][T31283] __nla_validate_parse: 5 callbacks suppressed [ 740.311545][T31283] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8280'. [ 740.344423][T31276] macvlan9: entered allmulticast mode [ 740.387499][T31268] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8274'. [ 740.445666][T31268] netlink: 104 bytes leftover after parsing attributes in process `syz.4.8274'. [ 740.462206][T31288] bond13: Removing last ns target with arp_interval on [ 740.571472][T31298] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8287'. [ 740.578814][T31304] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8289'. [ 740.590416][T31304] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8289'. [ 740.624062][T31297] netlink: 132 bytes leftover after parsing attributes in process `syz.4.8286'. [ 740.657517][T31307] netlink: 64 bytes leftover after parsing attributes in process `syz.1.8290'. [ 740.683925][T31307] ip6gre4: entered promiscuous mode [ 740.690379][T31307] ip6gre4: entered allmulticast mode [ 740.797707][T31319] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8294'. [ 740.879762][T31324] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8296'. [ 740.982076][T31332] syzkaller1: entered promiscuous mode [ 740.987978][T31332] syzkaller1: entered allmulticast mode [ 741.545710][T31357] netlink: 'syz.0.8312': attribute type 4 has an invalid length. [ 741.612008][T31357] netlink: 'syz.0.8312': attribute type 1 has an invalid length. [ 741.670443][T31357] bond20 (unregistering): Released all slaves [ 741.707490][T31371] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 741.730388][T31371] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 741.893307][T31379] netlink: 'syz.0.8320': attribute type 1 has an invalid length. [ 742.320340][T31408] netlink: 'syz.0.8325': attribute type 1 has an invalid length. [ 742.535177][T31414] FAULT_INJECTION: forcing a failure. [ 742.535177][T31414] name failslab, interval 1, probability 0, space 0, times 0 [ 742.551148][T31414] CPU: 1 UID: 0 PID: 31414 Comm: syz.1.8328 Not tainted syzkaller #0 PREEMPT(full) [ 742.551171][T31414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 742.551180][T31414] Call Trace: [ 742.551187][T31414] [ 742.551195][T31414] dump_stack_lvl+0xe8/0x150 [ 742.551217][T31414] should_fail_ex+0x40c/0x560 [ 742.551237][T31414] should_failslab+0xa8/0x100 [ 742.551260][T31414] __kmalloc_noprof+0xe8/0x750 [ 742.551279][T31414] ? rcu_is_watching+0x15/0xb0 [ 742.551297][T31414] ? sock_kmalloc+0xd6/0x160 [ 742.551309][T31414] ? hash_recvmsg+0x134/0x860 [ 742.551330][T31414] sock_kmalloc+0xd6/0x160 [ 742.551345][T31414] hash_recvmsg+0x1d0/0x860 [ 742.551362][T31414] ? __pfx_hash_recvmsg_nokey+0x10/0x10 [ 742.551380][T31414] ? __pfx_hash_recvmsg_nokey+0x10/0x10 [ 742.551398][T31414] sock_recvmsg_nosec+0x10c/0x140 [ 742.551417][T31414] ____sys_recvmsg+0x3e3/0x4a0 [ 742.551442][T31414] ? __pfx_____sys_recvmsg+0x10/0x10 [ 742.551469][T31414] ? import_iovec+0x73/0xa0 [ 742.551490][T31414] ___sys_recvmsg+0x213/0x5a0 [ 742.551513][T31414] ? __pfx____sys_recvmsg+0x10/0x10 [ 742.551544][T31414] ? __fget_files+0x2a/0x420 [ 742.551561][T31414] ? rcu_is_watching+0x15/0xb0 [ 742.551582][T31414] ? rcu_is_watching+0x15/0xb0 [ 742.551597][T31414] ? lock_release+0x4b/0x3c0 [ 742.551618][T31414] ? __might_fault+0xcb/0x130 [ 742.551637][T31414] do_recvmmsg+0x31a/0x7f0 [ 742.551662][T31414] ? __pfx_do_recvmmsg+0x10/0x10 [ 742.551687][T31414] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 742.551711][T31414] ? __fget_files+0x3a2/0x420 [ 742.551732][T31414] __x64_sys_recvmmsg+0x198/0x250 [ 742.551755][T31414] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 742.551778][T31414] ? rcu_is_watching+0x15/0xb0 [ 742.551794][T31414] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.551810][T31414] do_syscall_64+0x174/0x580 [ 742.551830][T31414] ? trace_irq_disable+0x3b/0x140 [ 742.551850][T31414] ? clear_bhb_loop+0x40/0x90 [ 742.551867][T31414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.551883][T31414] RIP: 0033:0x7f8f0599ce59 [ 742.551897][T31414] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 742.551911][T31414] RSP: 002b:00007f8f0676e028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 742.551928][T31414] RAX: ffffffffffffffda RBX: 00007f8f05c15fa0 RCX: 00007f8f0599ce59 [ 742.551940][T31414] RDX: 000000000000049f RSI: 0000200000006100 RDI: 0000000000000006 [ 742.551951][T31414] RBP: 00007f8f0676e090 R08: 0000000000000000 R09: 0000000000000000 [ 742.551961][T31414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 742.551971][T31414] R13: 00007f8f05c16038 R14: 00007f8f05c15fa0 R15: 00007fff4ecba5f8 [ 742.551990][T31414] [ 743.095569][T31411] syzkaller1: entered promiscuous mode [ 743.097361][T31429] netlink: 'syz.4.8333': attribute type 1 has an invalid length. [ 743.109071][T31411] syzkaller1: entered allmulticast mode [ 743.205184][ T6011] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 743.214505][ T6011] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 743.280797][ T6011] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 743.295998][T19329] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 743.334904][T31438] tipc: Enabled bearer , priority 0 [ 743.369131][T31438] syzkaller0: entered promiscuous mode [ 743.386824][T31438] syzkaller0: entered allmulticast mode [ 743.406845][T31436] syzkaller1: entered promiscuous mode [ 743.414043][T31436] syzkaller1: entered allmulticast mode [ 743.438461][T31440] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 743.469094][T31438] tipc: Resetting bearer [ 743.474526][ T6011] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 743.490488][T31437] tipc: Resetting bearer [ 743.505722][T19329] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 743.548239][T31437] tipc: Disabling bearer [ 743.554938][T31454] netlink: 'syz.0.8337': attribute type 61 has an invalid length. [ 743.562901][T31454] netlink: 'syz.0.8337': attribute type 105 has an invalid length. [ 743.902453][T31475] syzkaller1: entered promiscuous mode [ 743.915805][T31475] syzkaller1: entered allmulticast mode [ 743.985949][T31483] tipc: Enabled bearer , priority 0 [ 744.006847][T31483] syzkaller0: entered promiscuous mode [ 744.021743][T31483] syzkaller0: entered allmulticast mode [ 744.057524][T31483] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 744.069039][T31488] netlink: 'syz.2.8352': attribute type 21 has an invalid length. [ 744.102615][T31483] tipc: Resetting bearer [ 744.143452][T31481] tipc: Resetting bearer [ 744.167261][T31481] tipc: Disabling bearer [ 744.215627][T31495] netlink: 'syz.0.8355': attribute type 3 has an invalid length. [ 744.720078][T31512] team0 (unregistering): Port device team_slave_0 removed [ 744.742867][T31512] team0 (unregistering): Port device team_slave_1 removed [ 744.755117][T31515] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 744.770677][T31512] team0 (unregistering): Port device bond13 removed [ 744.901273][T31526] lo speed is unknown, defaulting to 1000 [ 745.142832][T31542] gretap0: entered promiscuous mode [ 745.170685][T31542] 0ªî{X¹¦: renamed from gretap0 [ 745.197543][T31542] 0ªî{X¹¦: left promiscuous mode [ 745.202895][T31542] 0ªî{X¹¦: entered allmulticast mode [ 745.212919][T31542] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 746.169469][T31582] __nla_validate_parse: 27 callbacks suppressed [ 746.169499][T31582] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8386'. [ 746.245439][T31584] FAULT_INJECTION: forcing a failure. [ 746.245439][T31584] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 746.259720][T31584] CPU: 0 UID: 0 PID: 31584 Comm: syz.0.8387 Not tainted syzkaller #0 PREEMPT(full) [ 746.259742][T31584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 746.259752][T31584] Call Trace: [ 746.259758][T31584] [ 746.259766][T31584] dump_stack_lvl+0xe8/0x150 [ 746.259790][T31584] should_fail_ex+0x40c/0x560 [ 746.259810][T31584] _copy_from_user+0x2d/0xb0 [ 746.259830][T31584] ___sys_recvmsg+0x173/0x5a0 [ 746.259856][T31584] ? __pfx____sys_recvmsg+0x10/0x10 [ 746.259880][T31584] ? __fget_files+0x2a/0x420 [ 746.259898][T31584] ? rcu_is_watching+0x15/0xb0 [ 746.259923][T31584] ? rcu_is_watching+0x15/0xb0 [ 746.259938][T31584] ? lock_release+0x4b/0x3c0 [ 746.259960][T31584] ? __might_fault+0xcb/0x130 [ 746.259979][T31584] do_recvmmsg+0x31a/0x7f0 [ 746.260002][T31584] ? __pfx_do_recvmmsg+0x10/0x10 [ 746.260027][T31584] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 746.260049][T31584] ? __fget_files+0x3a2/0x420 [ 746.260069][T31584] __x64_sys_recvmmsg+0x198/0x250 [ 746.260089][T31584] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 746.260111][T31584] ? rcu_is_watching+0x15/0xb0 [ 746.260126][T31584] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.260144][T31584] do_syscall_64+0x174/0x580 [ 746.260164][T31584] ? clear_bhb_loop+0x40/0x90 [ 746.260183][T31584] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.260197][T31584] RIP: 0033:0x7fc6b719ce59 [ 746.260213][T31584] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 746.260227][T31584] RSP: 002b:00007fc6b80b2028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 746.260245][T31584] RAX: ffffffffffffffda RBX: 00007fc6b7415fa0 RCX: 00007fc6b719ce59 [ 746.260257][T31584] RDX: 000000000000049f RSI: 0000200000006100 RDI: 0000000000000006 [ 746.260267][T31584] RBP: 00007fc6b80b2090 R08: 0000000000000000 R09: 0000000000000000 [ 746.260278][T31584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 746.260288][T31584] R13: 00007fc6b7416038 R14: 00007fc6b7415fa0 R15: 00007fff09711138 [ 746.260308][T31584] [ 746.604362][ C0] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 746.770895][T31602] validate_nla: 2 callbacks suppressed [ 746.770912][T31602] netlink: 'syz.2.8395': attribute type 9 has an invalid length. [ 746.803927][T31602] netlink: 'syz.2.8395': attribute type 6 has an invalid length. [ 746.911273][T31610] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8398'. [ 747.060896][T31616] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8401'. [ 747.073651][T31618] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8402'. [ 747.116536][T31618] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.8402'. [ 747.124546][T31593] syzkaller1: entered promiscuous mode [ 747.131237][T31593] syzkaller1: entered allmulticast mode [ 747.238666][T31626] FAULT_INJECTION: forcing a failure. [ 747.238666][T31626] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 747.252916][ C1] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 747.253097][ C1] ip6_tunnel: ip6gre5 xmit: Local address not yet configured! [ 747.272129][T31626] CPU: 0 UID: 0 PID: 31626 Comm: syz.1.8404 Not tainted syzkaller #0 PREEMPT(full) [ 747.272154][T31626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 747.272164][T31626] Call Trace: [ 747.272171][T31626] [ 747.272178][T31626] dump_stack_lvl+0xe8/0x150 [ 747.272201][T31626] should_fail_ex+0x40c/0x560 [ 747.272221][T31626] _copy_from_user+0x2d/0xb0 [ 747.272243][T31626] __sys_bpf+0x229/0x950 [ 747.272265][T31626] ? __pfx___sys_bpf+0x10/0x10 [ 747.272291][T31626] ? ksys_write+0x242/0x270 [ 747.272313][T31626] ? __pfx_ksys_write+0x10/0x10 [ 747.272335][T31626] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.272351][T31626] __x64_sys_bpf+0x7c/0x90 [ 747.272369][T31626] do_syscall_64+0x174/0x580 [ 747.272388][T31626] ? trace_irq_disable+0x3b/0x140 [ 747.272408][T31626] ? clear_bhb_loop+0x40/0x90 [ 747.272426][T31626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.272441][T31626] RIP: 0033:0x7f8f0599ce59 [ 747.272456][T31626] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 747.272470][T31626] RSP: 002b:00007f8f0676e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 747.272489][T31626] RAX: ffffffffffffffda RBX: 00007f8f05c15fa0 RCX: 00007f8f0599ce59 [ 747.272501][T31626] RDX: 0000000000000050 RSI: 0000200000000540 RDI: 000000000000000a [ 747.272511][T31626] RBP: 00007f8f0676e090 R08: 0000000000000000 R09: 0000000000000000 [ 747.272522][T31626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 747.272539][T31626] R13: 00007f8f05c16038 R14: 00007f8f05c15fa0 R15: 00007fff4ecba5f8 [ 747.272558][T31626] [ 747.486708][T31631] netlink: 'syz.2.8408': attribute type 3 has an invalid length. [ 747.534755][T31633] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8407'. [ 747.548648][T31633] ip6gre5: entered promiscuous mode [ 747.553929][T31633] ip6gre5: entered allmulticast mode [ 747.630839][T31647] syzkaller1: entered promiscuous mode [ 747.636389][T31647] syzkaller1: entered allmulticast mode [ 747.643638][T31647] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8406'. [ 747.688802][T31647] xt_CONNSECMARK: invalid mode: 254 [ 747.699015][T31653] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8415'. [ 747.722447][T31653] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8415'. [ 748.015866][T31693] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8422'. [ 748.060438][T31700] netlink: 'syz.1.8424': attribute type 1 has an invalid length. [ 748.112854][T31700] 8021q: adding VLAN 0 to HW filter on device bond21 [ 748.129869][T31700] vlan2: entered allmulticast mode [ 748.297276][T31711] Bluetooth: MGMT ver 1.23 [ 748.427722][T31713] lo speed is unknown, defaulting to 1000 [ 748.504756][T31718] tipc: Enabled bearer , priority 0 [ 748.531628][T31718] syzkaller0: entered promiscuous mode [ 748.553610][T31718] syzkaller0: entered allmulticast mode [ 748.573290][T31718] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 748.611931][T31718] tipc: Resetting bearer [ 748.643680][T31717] tipc: Resetting bearer [ 748.692005][T31717] tipc: Disabling bearer [ 748.865401][T31721] hsr0: entered promiscuous mode [ 749.254034][T31733] syzkaller1: entered promiscuous mode [ 749.265576][T31733] syzkaller1: entered allmulticast mode [ 750.234688][T31753] tipc: Enabled bearer , priority 0 [ 750.255729][T31754] syzkaller0: entered promiscuous mode [ 750.261512][T31754] syzkaller0: entered allmulticast mode [ 750.274510][T31764] tipc: Resetting bearer [ 750.296578][T31750] tipc: Resetting bearer [ 750.311250][T31750] tipc: Disabling bearer [ 750.364584][T19721] Bluetooth: hci2: command 0x0406 tx timeout [ 750.364639][ T5621] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 751.089008][T31807] netlink: 'syz.1.8456': attribute type 3 has an invalid length. [ 751.272005][T31817] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 751.317591][T31819] netlink: 'syz.3.8460': attribute type 1 has an invalid length. [ 751.335031][T31819] netlink: 'syz.3.8460': attribute type 3 has an invalid length. [ 751.343202][T31819] __nla_validate_parse: 7 callbacks suppressed [ 751.343216][T31819] netlink: 132 bytes leftover after parsing attributes in process `syz.3.8460'. [ 751.421143][T31827] syzkaller1: entered promiscuous mode [ 751.449722][T31827] syzkaller1: entered allmulticast mode [ 751.477124][T31827] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8465'. [ 751.509022][T31827] xt_CONNSECMARK: invalid mode: 254 [ 752.515118][T31841] netlink: 'syz.3.8468': attribute type 1 has an invalid length. [ 752.717361][T31859] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8473'. [ 752.796329][T31859] 8021q: adding VLAN 0 to HW filter on device bond8 [ 752.809161][T31866] gretap1: entered allmulticast mode [ 752.818127][T31866] bond8: (slave gretap1): Enslaving as an active interface with an up link [ 754.305756][T31829] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 754.619649][T31889] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8478'. [ 754.641314][T31889] xt_CONNSECMARK: invalid mode: 254 [ 755.564661][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 756.427819][T31859] bond8 (unregistering): (slave gretap1): Releasing backup interface [ 756.457453][T31894] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8482'. [ 756.467502][T31894] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8482'. [ 756.543556][T31859] bond8 (unregistering): Released all slaves [ 756.639241][T31886] syzkaller1: entered promiscuous mode [ 756.660308][T31886] syzkaller1: entered allmulticast mode [ 756.793588][T31905] block nbd0: Unsupported socket: should be TCP or UNIX. [ 756.814710][T31907] FAULT_INJECTION: forcing a failure. [ 756.814710][T31907] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 756.837408][T31907] CPU: 1 UID: 0 PID: 31907 Comm: syz.1.8488 Not tainted syzkaller #0 PREEMPT(full) [ 756.837431][T31907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 756.837441][T31907] Call Trace: [ 756.837449][T31907] [ 756.837456][T31907] dump_stack_lvl+0xe8/0x150 [ 756.837479][T31907] should_fail_ex+0x40c/0x560 [ 756.837499][T31907] _copy_from_user+0x2d/0xb0 [ 756.837520][T31907] __sys_sendto+0x28d/0x6c0 [ 756.837542][T31907] ? __pfx___sys_sendto+0x10/0x10 [ 756.837561][T31907] ? __mutex_unlock_slowpath+0x724/0x8e0 [ 756.837602][T31907] ? __pfx_ksys_write+0x10/0x10 [ 756.837625][T31907] __x64_sys_sendto+0xde/0x100 [ 756.837645][T31907] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.837662][T31907] do_syscall_64+0x174/0x580 [ 756.837681][T31907] ? trace_irq_disable+0x3b/0x140 [ 756.837702][T31907] ? clear_bhb_loop+0x40/0x90 [ 756.837721][T31907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.837735][T31907] RIP: 0033:0x7f8f0599ce59 [ 756.837751][T31907] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 756.837765][T31907] RSP: 002b:00007f8f0676e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 756.837784][T31907] RAX: ffffffffffffffda RBX: 00007f8f05c15fa0 RCX: 00007f8f0599ce59 [ 756.837796][T31907] RDX: 000000000000002a RSI: 0000200000000100 RDI: 0000000000000003 [ 756.837806][T31907] RBP: 00007f8f0676e090 R08: 0000200000000200 R09: 0000000000000014 [ 756.837817][T31907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 756.837827][T31907] R13: 00007f8f05c16038 R14: 00007f8f05c15fa0 R15: 00007fff4ecba5f8 [ 756.837847][T31907] [ 757.429631][T31948] tipc: Enabled bearer , priority 0 [ 757.440724][T31948] syzkaller0: entered promiscuous mode [ 757.453995][T31948] syzkaller0: entered allmulticast mode [ 757.474790][T31948] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 757.511283][T31948] tipc: Resetting bearer [ 757.526331][T31951] syzkaller1: entered promiscuous mode [ 757.535386][T31951] syzkaller1: entered allmulticast mode [ 757.545900][T31947] tipc: Resetting bearer [ 757.556317][T31951] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8503'. [ 757.577683][T31947] tipc: Disabling bearer [ 757.586129][T31951] xt_CONNSECMARK: invalid mode: 254 [ 757.689233][T31956] netlink: 72 bytes leftover after parsing attributes in process `syz.3.8505'. [ 757.838609][T31964] bond15: Unable to set peer notification delay as MII monitoring is disabled [ 757.876158][T31964] bond15 (unregistering): Released all slaves [ 757.919969][T31923] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8494'. [ 758.040446][T31980] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8513'. [ 758.051301][T31980] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8513'. [ 758.069110][T31927] syzkaller1: entered promiscuous mode [ 758.078300][T31927] syzkaller1: entered allmulticast mode [ 758.119134][T31983] Unsupported ieee802154 address type: 0 [ 758.124987][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 758.347840][T31991] ip6tnl0: entered promiscuous mode [ 758.368319][T31991] ip6tnl0: entered allmulticast mode [ 758.372853][T31995] FAULT_INJECTION: forcing a failure. [ 758.372853][T31995] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 758.389978][T31995] CPU: 0 UID: 0 PID: 31995 Comm: syz.4.8517 Not tainted syzkaller #0 PREEMPT(full) [ 758.389999][T31995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 758.390009][T31995] Call Trace: [ 758.390016][T31995] [ 758.390023][T31995] dump_stack_lvl+0xe8/0x150 [ 758.390045][T31995] should_fail_ex+0x40c/0x560 [ 758.390065][T31995] _copy_from_user+0x2d/0xb0 [ 758.390085][T31995] ___sys_recvmsg+0x173/0x5a0 [ 758.390110][T31995] ? __pfx____sys_recvmsg+0x10/0x10 [ 758.390132][T31995] ? __fget_files+0x2a/0x420 [ 758.390148][T31995] ? rcu_is_watching+0x15/0xb0 [ 758.390171][T31995] ? rcu_is_watching+0x15/0xb0 [ 758.390186][T31995] ? lock_release+0x4b/0x3c0 [ 758.390206][T31995] ? __might_fault+0xcb/0x130 [ 758.390224][T31995] do_recvmmsg+0x31a/0x7f0 [ 758.390249][T31995] ? __pfx_do_recvmmsg+0x10/0x10 [ 758.390275][T31995] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 758.390297][T31995] ? __fget_files+0x3a2/0x420 [ 758.390317][T31995] __x64_sys_recvmmsg+0x198/0x250 [ 758.390340][T31995] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 758.390364][T31995] ? rcu_is_watching+0x15/0xb0 [ 758.390381][T31995] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 758.390397][T31995] do_syscall_64+0x174/0x580 [ 758.390417][T31995] ? trace_irq_disable+0x3b/0x140 [ 758.390436][T31995] ? clear_bhb_loop+0x40/0x90 [ 758.390454][T31995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 758.390470][T31995] RIP: 0033:0x7fade039ce59 [ 758.390486][T31995] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 758.390500][T31995] RSP: 002b:00007fade12a7028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 758.390518][T31995] RAX: ffffffffffffffda RBX: 00007fade0615fa0 RCX: 00007fade039ce59 [ 758.390530][T31995] RDX: 000000000000049f RSI: 0000200000006100 RDI: 0000000000000006 [ 758.390541][T31995] RBP: 00007fade12a7090 R08: 0000000000000000 R09: 0000000000000000 [ 758.390552][T31995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 758.390561][T31995] R13: 00007fade0616038 R14: 00007fade0615fa0 R15: 00007ffcc2cc5968 [ 758.390580][T31995] [ 758.704904][T32001] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8520'. [ 758.721176][T32001] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.8520'. [ 758.818929][T32006] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8521'. [ 759.052815][T32010] netlink: 'syz.2.8523': attribute type 3 has an invalid length. [ 759.198036][T32022] netlink: 'syz.3.8528': attribute type 49 has an invalid length. [ 759.313789][T32029] tipc: Enabled bearer , priority 0 [ 759.321100][T32029] syzkaller0: entered promiscuous mode [ 759.330007][T32029] syzkaller0: entered allmulticast mode [ 759.338989][T32029] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 759.367102][T32029] tipc: Resetting bearer [ 759.378992][T32028] tipc: Resetting bearer [ 759.399024][T32028] tipc: Disabling bearer [ 760.152793][T32046] syzkaller1: entered promiscuous mode [ 760.160375][T32046] syzkaller1: entered allmulticast mode [ 760.394698][T32078] vlan3: entered promiscuous mode [ 761.324390][ C0] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 761.324395][ C1] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 761.339626][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 761.367541][ T1778] block nbd65: Possible stuck request ffff88809ff85080: control (read@0,1024B). Runtime 150 seconds [ 761.378763][ T1778] block nbd65: Possible stuck request ffff88809ff85240: control (read@1024,1024B). Runtime 150 seconds [ 761.390127][ T1778] block nbd65: Possible stuck request ffff88809ff85400: control (read@2048,1024B). Runtime 150 seconds [ 761.401892][ T1778] block nbd65: Possible stuck request ffff88809ff855c0: control (read@3072,1024B). Runtime 150 seconds [ 761.422235][T32113] netlink: 'syz.4.8562': attribute type 1 has an invalid length. [ 761.479893][T32105] __nla_validate_parse: 15 callbacks suppressed [ 761.479935][T32105] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8560'. [ 761.613340][T25012] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 761.626115][T25012] CPU: 1 UID: 0 PID: 25012 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 761.626138][T25012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 761.626149][T25012] Call Trace: [ 761.626156][T25012] [ 761.626163][T25012] dump_stack_lvl+0xe8/0x150 [ 761.626187][T25012] dump_header+0xd3/0x4b0 [ 761.626210][T25012] oom_kill_process+0x3ab/0x970 [ 761.626233][T25012] out_of_memory+0x1064/0x1480 [ 761.626251][T25012] ? try_charge_memcg+0xbca/0x1590 [ 761.626277][T25012] ? __pfx_out_of_memory+0x10/0x10 [ 761.626298][T25012] ? do_raw_spin_unlock+0xf5/0x210 [ 761.626323][T25012] try_charge_memcg+0xc74/0x1590 [ 761.626343][T25012] ? fs_reclaim_acquire+0x7c/0x100 [ 761.626367][T25012] ? __pfx_try_charge_memcg+0x10/0x10 [ 761.626390][T25012] ? lock_release+0x4b/0x3c0 [ 761.626410][T25012] ? rcu_is_watching+0x15/0xb0 [ 761.626428][T25012] ? rcu_is_watching+0x15/0xb0 [ 761.626444][T25012] ? lock_release+0x4b/0x3c0 [ 761.626461][T25012] ? percpu_ref_tryget+0xfd/0x180 [ 761.626484][T25012] charge_memcg+0x19c/0x2b0 [ 761.626503][T25012] ? mem_cgroup_swapin_charge_folio+0x33/0x390 [ 761.626523][T25012] mem_cgroup_swapin_charge_folio+0x262/0x390 [ 761.626544][T25012] __swap_cache_prepare_and_add+0xdd/0x700 [ 761.626563][T25012] ? page_rmappable_folio+0x9a/0x170 [ 761.626589][T25012] swap_cache_alloc_folio+0xf1/0x240 [ 761.626608][T25012] swap_cluster_readahead+0x523/0x670 [ 761.626628][T25012] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 761.626650][T25012] ? xas_find+0x843/0x980 [ 761.626675][T25012] ? get_vma_policy+0x27b/0x3c0 [ 761.626697][T25012] swapin_readahead+0x196/0xc50 [ 761.626716][T25012] ? swap_table_get+0x1e/0x260 [ 761.626731][T25012] ? rcu_is_watching+0x15/0xb0 [ 761.626747][T25012] ? __pfx_swapin_readahead+0x10/0x10 [ 761.626763][T25012] ? lock_release+0x4b/0x3c0 [ 761.626783][T25012] ? rcu_is_watching+0x15/0xb0 [ 761.626797][T25012] ? get_swap_device_info+0x1c/0x2b0 [ 761.626816][T25012] ? swap_table_get+0x1e/0x260 [ 761.626831][T25012] ? swap_table_get+0x1e/0x260 [ 761.626847][T25012] ? swap_table_get+0x216/0x260 [ 761.626863][T25012] ? swap_cache_get_folio+0x2ea/0x2f0 [ 761.626883][T25012] do_swap_page+0x545/0x5340 [ 761.626902][T25012] ? __pte_offset_map+0x29/0x240 [ 761.626920][T25012] ? lock_acquire+0x5f/0x350 [ 761.626940][T25012] ? count_memcg_event_mm+0x21/0x260 [ 761.626955][T25012] ? rcu_is_watching+0x15/0xb0 [ 761.626970][T25012] ? count_memcg_event_mm+0x21/0x260 [ 761.626987][T25012] ? do_swap_page+0x128/0x5340 [ 761.627002][T25012] ? __pfx_do_swap_page+0x10/0x10 [ 761.627017][T25012] ? __pte_offset_map+0x45/0x240 [ 761.627033][T25012] ? __pte_offset_map+0x1ae/0x240 [ 761.627050][T25012] ? pte_offset_map_rw_nolock+0xea/0x160 [ 761.627069][T25012] handle_mm_fault+0x124c/0x3080 [ 761.627090][T25012] ? handle_mm_fault+0xec/0x3080 [ 761.627116][T25012] ? __pfx_handle_mm_fault+0x10/0x10 [ 761.627131][T25012] ? lock_vma_under_rcu+0x45a/0x500 [ 761.627156][T25012] ? lock_release+0x4b/0x3c0 [ 761.627176][T25012] ? rcu_is_watching+0x15/0xb0 [ 761.627194][T25012] do_user_addr_fault+0xa4d/0x1340 [ 761.627214][T25012] ? trace_page_fault_user+0x84/0x1e0 [ 761.627231][T25012] exc_page_fault+0x6a/0xc0 [ 761.627251][T25012] asm_exc_page_fault+0x26/0x30 [ 761.627267][T25012] RIP: 0033:0x7f9516e6ae77 [ 761.627283][T25012] Code: 00 00 48 b8 db 34 b6 d7 82 de 1b 43 48 f7 a4 24 98 00 00 00 48 8b 05 40 a9 ed 00 48 69 8c 24 90 00 00 00 e8 03 00 00 8b 78 08 <48> 8b 44 24 18 48 c1 ea 12 4c 8b 0d 39 a8 ed 00 48 01 d1 39 7c 24 [ 761.627298][T25012] RSP: 002b:00007ffc6136ada0 EFLAGS: 00010202 [ 761.627313][T25012] RAX: 0000001b2f724000 RBX: 0000000000000556 RCX: 00000000000b9ca8 [ 761.627324][T25012] RDX: 000000000847a384 RSI: 00007ffc6136ae30 RDI: 000000000000000d [ 761.627335][T25012] RBP: 00007ffc6136addc R08: 000000001f95c7b4 R09: 3fffffffffffffff [ 761.627347][T25012] R10: 4000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 761.627357][T25012] R13: 00000000000927c0 R14: 00000000000b9ab9 R15: 00007ffc6136ae30 [ 761.627376][T25012] [ 761.627391][T25012] memory: usage 307200kB, limit 307200kB, failcnt 6315 [ 762.042282][T25012] memory+swap: usage 301004kB, limit 9007199254740988kB, failcnt 0 [ 762.051719][T25012] kmem: usage 299216kB, limit 9007199254740988kB, failcnt 0 [ 762.059289][T25012] Memory cgroup stats for /syz2: [ 762.059402][T25012] cache 524288 [ 762.068043][T25012] rss 110592 [ 762.071238][T25012] rss_huge 0 [ 762.074472][T25012] shmem 0 [ 762.077404][T25012] mapped_file 4096 [ 762.081116][T25012] dirty 4096 [ 762.087695][T25012] writeback 0 [ 762.091007][T25012] workingset_refault_anon 467 [ 762.097229][T25012] workingset_refault_file 3459 [ 762.102060][T25012] swap 57344 [ 762.105324][T25012] swapcached 2707456 [ 762.109213][T25012] pgpgin 225505 [ 762.112724][T25012] pgpgout 225346 [ 762.118695][T25012] pgfault 470273 [ 762.125899][T25012] pgmajfault 365 [ 762.130915][T25012] inactive_anon 0 [ 762.138180][T25012] active_anon 118784 [ 762.142093][T25012] inactive_file 0 [ 762.160859][T25012] active_file 495616 [ 762.167478][T25012] unevictable 0 [ 762.171742][T25012] hierarchical_memory_limit 314572800 [ 762.177626][T25012] hierarchical_memsw_limit 9223372036854771712 [ 762.183858][T25012] total_cache 524288 [ 762.194293][T25012] total_rss 110592 [ 762.204041][T25012] total_rss_huge 0 [ 762.209223][T25012] total_shmem 0 [ 762.215836][T25012] total_mapped_file 4096 [ 762.223654][T25012] total_dirty 4096 [ 762.230672][T25012] total_writeback 0 [ 762.238201][T25012] total_workingset_refault_anon 467 [ 762.249618][T25012] total_workingset_refault_file 3459 [ 762.264461][T25012] total_swap 57344 [ 762.268251][T25012] total_swapcached 2707456 [ 762.278351][T25012] total_pgpgin 225507 [ 762.285322][T19721] Bluetooth: hci2: command 0x0406 tx timeout [ 762.291396][ T5621] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 762.299237][T25012] total_pgpgout 225348 [ 762.309316][T25012] total_pgfault 470293 [ 762.318448][T25012] total_pgmajfault 365 [ 762.325773][T25012] total_inactive_anon 0 [ 762.329980][T25012] total_active_anon 118784 [ 762.334753][T25012] total_inactive_file 0 [ 762.338922][T25012] total_active_file 495616 [ 762.343330][T25012] total_unevictable 0 [ 762.348055][T25012] anon_cost 0 [ 762.351367][T25012] file_cost 0 [ 762.355251][T25012] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.8556,pid=32089,uid=0 [ 762.370512][T25012] Memory cgroup out of memory: OOM victim 32089 (syz.2.8556) is already exiting. Skip killing the task [ 762.521718][T32131] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8568'. [ 762.548475][T32131] ip6gre4: entered promiscuous mode [ 762.561018][T32131] ip6gre4: entered allmulticast mode [ 762.574724][T31689] ip6_tunnel: ip6gre4 xmit: Local address not yet configured! [ 762.584354][T31689] ip6_tunnel: ip6gre4 xmit: Local address not yet configured! [ 762.594607][ T8509] ip6_tunnel: ip6gre4 xmit: Local address not yet configured! [ 762.638409][T32135] syzkaller1: left promiscuous mode [ 762.643724][T32135] syzkaller1: left allmulticast mode [ 762.696062][T32137] Cannot find del_set index 3 as target [ 762.713949][T32139] tipc: Enabled bearer , priority 0 [ 762.722530][T32137] netlink: 'syz.2.8571': attribute type 13 has an invalid length. [ 762.733433][T32139] syzkaller0: entered promiscuous mode [ 762.739133][ T8509] ip6_tunnel: ip6gre4 xmit: Local address not yet configured! [ 762.749910][T32139] syzkaller0: entered allmulticast mode [ 762.758483][T32139] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 762.796133][T32139] tipc: Resetting bearer [ 762.813438][T32138] tipc: Resetting bearer [ 762.831732][T32138] tipc: Disabling bearer [ 762.850401][T32144] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8573'. [ 762.887189][T32113] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8562'. [ 762.926065][T32113] netlink: 104 bytes leftover after parsing attributes in process `syz.4.8562'. [ 763.074730][ T8509] ip6_tunnel: ip6gre4 xmit: Local address not yet configured! [ 763.391580][T32180] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8585'. [ 763.434286][T32180] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8585'. [ 763.462441][T32178] tipc: Enabled bearer , priority 0 [ 763.472339][T32176] syzkaller0: entered promiscuous mode [ 763.478736][T32176] syzkaller0: entered allmulticast mode [ 763.495207][T32180] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8585'. [ 763.527847][T32176] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 763.528373][T32180] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8585'. [ 763.595876][T32176] tipc: Resetting bearer [ 763.632018][T32175] tipc: Resetting bearer [ 763.698399][T32175] tipc: Disabling bearer [ 763.717507][T32190] netlink: 'syz.0.8587': attribute type 1 has an invalid length. [ 763.792148][T32199] SET target dimension over the limit! [ 763.926380][T32206] netlink: 'syz.3.8592': attribute type 1 has an invalid length. [ 763.936828][T32204] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8591'. [ 764.045168][T32204] macvlan4: entered allmulticast mode [ 764.157383][T32213] ipvlan0: entered allmulticast mode [ 764.203015][T32213] veth0_vlan: entered allmulticast mode [ 764.215569][T32213] team0: Device ipvlan0 failed to register rx_handler [ 764.467187][T32231] tipc: Enabled bearer , priority 0 [ 764.485076][T32231] syzkaller0: entered promiscuous mode [ 764.503223][T32231] syzkaller0: entered allmulticast mode [ 764.528164][T32231] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 764.561131][T32239] netlink: 'syz.2.8605': attribute type 1 has an invalid length. [ 764.604039][T32237] lo speed is unknown, defaulting to 1000 [ 764.611415][T32231] tipc: Resetting bearer [ 764.628877][T32229] tipc: Resetting bearer [ 764.653171][T32229] tipc: Disabling bearer [ 765.021784][T32256] netlink: 'syz.1.8610': attribute type 3 has an invalid length. [ 765.287463][T32275] xt_hashlimit: size too large, truncated to 1048576 [ 765.344753][T32271] ip6gre3: entered promiscuous mode [ 765.353005][T32271] ip6gre3: entered allmulticast mode [ 765.505657][T32279] syzkaller0: entered promiscuous mode [ 765.512871][T32279] syzkaller0: entered allmulticast mode [ 765.521514][T32270] tipc: Enabled bearer , priority 0 [ 765.550307][T32270] tipc: Resetting bearer [ 765.556783][T31683] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 765.566961][T31683] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 765.826393][T32293] netlink: 'syz.0.8625': attribute type 9 has an invalid length. [ 765.852708][T32269] tipc: Resetting bearer [ 765.898813][T32269] tipc: Disabling bearer [ 766.132741][T32297] bond16 (unregistering): Released all slaves [ 788.204720][ C0] ip6_tnl_xmit_ctl: 3 callbacks suppressed [ 788.204755][ C0] ip6_tunnel: ip6gre9 xmit: Local address not yet configured! [ 790.124385][ C0] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 798.444411][ C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 818.925246][ C0] ip6_tunnel: ip6gre4 xmit: Local address not yet configured! [ 829.164573][ C0] ip6_tunnel: ip6gre7 xmit: Local address not yet configured! [ 839.404383][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 849.644365][ C0] ip6_tunnel: ip6gre3 xmit: Local address not yet configured! [ 871.934135][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 871.941101][ C0] rcu: 1-...!: (1 GPs behind) idle=721c/1/0x4000000000000000 softirq=183921/183922 fqs=8 [ 871.950995][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P19329/1:b..l P32326/1:b..l [ 871.960269][ C0] rcu: (detected by 0, t=10502 jiffies, g=139501, q=518 ncpus=2) [ 871.968068][ C0] Sending NMI from CPU 0 to CPUs 1: [ 871.968099][ C1] NMI backtrace for cpu 1 [ 871.968115][ C1] CPU: 1 UID: 0 PID: 32316 Comm: syz.3.8635 Not tainted syzkaller #0 PREEMPT(full) [ 871.968133][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 871.968143][ C1] RIP: 0010:rcu_is_watching+0x70/0xb0 [ 871.968169][ C1] Code: c3 d8 78 3b 93 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 34 8b 03 65 ff 0d e9 55 8f 11 74 11 83 e0 04 c1 e8 02 5b <41> 5e 41 5f e9 47 da ff 09 cc e8 21 85 88 ff eb e8 48 c7 c7 80 ff [ 871.968184][ C1] RSP: 0018:ffffc90000a08dc0 EFLAGS: 00000002 [ 871.968197][ C1] RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000000010001 [ 871.968208][ C1] RDX: ffff88802b6b3e00 RSI: ffffffff8c291100 RDI: ffffffff8c2910c0 [ 871.968220][ C1] RBP: ffff888060921300 R08: ffffffff903116f7 R09: 1ffffffff20622de [ 871.968232][ C1] R10: dffffc0000000000 R11: fffffbfff20622df R12: 0000000000000001 [ 871.968243][ C1] R13: 0000000000000001 R14: ffffffff8e27c7d8 R15: dffffc0000000000 [ 871.968255][ C1] FS: 00007f503bc856c0(0000) GS:ffff88812537c000(0000) knlGS:0000000000000000 [ 871.968269][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 871.968285][ C1] CR2: 0000001b34a18ff8 CR3: 0000000059eac000 CR4: 00000000003526f0 [ 871.968299][ C1] Call Trace: [ 871.968307][ C1] [ 871.968317][ C1] __hrtimer_run_queues+0x440/0xa10 [ 871.968345][ C1] hrtimer_interrupt+0x448/0x910 [ 871.968374][ C1] __sysvec_apic_timer_interrupt+0x102/0x430 [ 871.968414][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 871.968437][ C1] [ 871.968442][ C1] [ 871.968449][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 871.968467][ C1] RIP: 0010:stack_trace_consume_entry+0xd/0x280 [ 871.968490][ C1] Code: bd f6 09 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 41 57 41 56 41 55 41 54 <53> 48 83 ec 18 48 ba 00 00 00 00 00 fc ff df 4c 8d 47 10 4c 89 c5 [ 871.968503][ C1] RSP: 0018:ffffc900059c70b8 EFLAGS: 00000286 [ 871.968516][ C1] RAX: ffffffff823150d7 RBX: ffffc900059c71a0 RCX: 0000000080000000 [ 871.968528][ C1] RDX: ffffc900059c7101 RSI: ffffffff823150d7 RDI: ffffc900059c71a0 [ 871.968540][ C1] RBP: ffffc900059c7170 R08: ffffc900059c7818 R09: 0000000000000000 [ 871.968551][ C1] R10: ffffc900059c7138 R11: ffffffff81b10630 R12: ffff88802b6b3e00 [ 871.968563][ C1] R13: 1ffff110056d687f R14: ffffffff81b10630 R15: ffffc900059c70e8 [ 871.968575][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 871.968598][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 871.968619][ C1] ? __kasan_populate_vmalloc+0xb7/0x1c0 [ 871.968640][ C1] ? __kasan_populate_vmalloc+0xb7/0x1c0 [ 871.968661][ C1] ? __kernel_text_address+0xd/0x30 [ 871.968677][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 871.968698][ C1] arch_stack_walk+0x10f/0x150 [ 871.968720][ C1] ? __kasan_populate_vmalloc+0xb7/0x1c0 [ 871.968741][ C1] stack_trace_save+0xa9/0x100 [ 871.968761][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 871.968781][ C1] ? stack_depot_save_flags+0x33/0x800 [ 871.968803][ C1] save_stack+0x122/0x230 [ 871.968823][ C1] ? rcu_is_watching+0x15/0xb0 [ 871.968839][ C1] ? __pfx_save_stack+0x10/0x10 [ 871.968858][ C1] ? post_alloc_hook+0x22d/0x280 [ 871.968876][ C1] ? get_page_from_freelist+0x24ae/0x2530 [ 871.968898][ C1] ? __alloc_frozen_pages_noprof+0x18d/0x380 [ 871.968920][ C1] ? __alloc_pages_noprof+0x10/0x100 [ 871.968941][ C1] ? alloc_pages_bulk_noprof+0x5ff/0x7c0 [ 871.968969][ C1] __set_page_owner+0x8d/0x4c0 [ 871.968990][ C1] ? __pfx___set_page_owner+0x10/0x10 [ 871.969009][ C1] ? bad_range+0x8e/0x2a0 [ 871.969025][ C1] ? trace_irq_enable+0x3b/0x140 [ 871.969047][ C1] ? bad_range+0x8e/0x2a0 [ 871.969065][ C1] post_alloc_hook+0x22d/0x280 [ 871.969086][ C1] get_page_from_freelist+0x24ae/0x2530 [ 871.969113][ C1] ? fs_reclaim_acquire+0x7c/0x100 [ 871.969137][ C1] ? lock_release+0x4b/0x3c0 [ 871.969167][ C1] __alloc_frozen_pages_noprof+0x18d/0x380 [ 871.969191][ C1] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 871.969221][ C1] __alloc_pages_noprof+0x10/0x100 [ 871.969243][ C1] alloc_pages_bulk_noprof+0x5ff/0x7c0 [ 871.969272][ C1] __kasan_populate_vmalloc+0xb7/0x1c0 [ 871.969299][ C1] alloc_vmap_area+0xd1a/0x1420 [ 871.969324][ C1] ? __pfx_alloc_vmap_area+0x10/0x10 [ 871.969341][ C1] ? __kasan_kmalloc+0x93/0xb0 [ 871.969364][ C1] ? __get_vm_area_node+0x136/0x300 [ 871.969381][ C1] ? __kmalloc_cache_node_noprof+0x236/0x690 [ 871.969403][ C1] __get_vm_area_node+0x1f2/0x300 [ 871.969424][ C1] __vmalloc_node_range_noprof+0x358/0x1730 [ 871.969444][ C1] ? bloom_map_alloc+0x22f/0x470 [ 871.969465][ C1] ? preempt_schedule_thunk+0x16/0x40 [ 871.969492][ C1] ? try_to_wake_up+0x8ff/0x14d0 [ 871.969510][ C1] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 871.969536][ C1] bpf_map_area_alloc+0x12d/0x170 [ 871.969560][ C1] ? bloom_map_alloc+0x22f/0x470 [ 871.969577][ C1] bloom_map_alloc+0x22f/0x470 [ 871.969596][ C1] map_create+0xaa3/0x1660 [ 871.969617][ C1] ? security_bpf+0x7e/0x2d0 [ 871.969642][ C1] __sys_bpf+0x6e1/0x950 [ 871.969663][ C1] ? __pfx___sys_bpf+0x10/0x10 [ 871.969692][ C1] ? rcu_is_watching+0x15/0xb0 [ 871.969709][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 871.969725][ C1] __x64_sys_bpf+0x7c/0x90 [ 871.969744][ C1] do_syscall_64+0x174/0x580 [ 871.969765][ C1] ? trace_irq_disable+0x3b/0x140 [ 871.969785][ C1] ? clear_bhb_loop+0x40/0x90 [ 871.969802][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 871.969818][ C1] RIP: 0033:0x7f503ad9ce59 [ 871.969834][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 871.969847][ C1] RSP: 002b:00007f503bc85028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 871.969862][ C1] RAX: ffffffffffffffda RBX: 00007f503b015fa0 RCX: 00007f503ad9ce59 [ 871.969874][ C1] RDX: 0000000000000050 RSI: 00002000000008c0 RDI: 0000000000000000 [ 871.969884][ C1] RBP: 00007f503ae32d6f R08: 0000000000000000 R09: 0000000000000000 [ 871.969894][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 871.969904][ C1] R13: 00007f503b016038 R14: 00007f503b015fa0 R15: 00007fffb46caa88 [ 871.969922][ C1] [ 871.970093][ C0] task:syz.0.8637 state:R running task stack:26808 pid:32326 tgid:32325 ppid:24267 task_flags:0x400140 flags:0x00080000 [ 872.592371][ C0] Call Trace: [ 872.595652][ C0] [ 872.598579][ C0] __schedule+0x17d9/0x56c0 [ 872.603089][ C0] ? __bpf_redirect+0xa84/0x1250 [ 872.608033][ C0] ? bpf_clone_redirect+0x319/0x4b0 [ 872.613253][ C0] ? bpf_test_run+0x1d1/0x830 [ 872.617940][ C0] ? __pfx___schedule+0x10/0x10 [ 872.622786][ C0] ? clockevents_program_event+0x491/0x630 [ 872.628592][ C0] ? __pfx_clockevents_program_event+0x10/0x10 [ 872.634743][ C0] ? rcu_is_watching+0x15/0xb0 [ 872.639506][ C0] preempt_schedule_irq+0x4d/0xa0 [ 872.644525][ C0] irqentry_exit+0x14f/0x8f0 [ 872.649112][ C0] ? trace_irq_disable+0x3b/0x140 [ 872.654141][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 872.660117][ C0] RIP: 0010:__local_bh_enable_ip+0xd8/0x130 [ 872.666030][ C0] Code: 8b e8 3c 54 20 0a 65 66 8b 05 5c b1 b2 11 66 85 c0 75 32 bf 01 00 00 00 e8 f5 ee 0b 00 e8 00 94 46 00 fb 65 8b 05 38 b1 b2 11 <85> c0 75 05 e8 3f e0 ab ff 5b 41 5e e9 97 35 23 0a cc 90 0f 0b 90 [ 872.685627][ C0] RSP: 0018:ffffc900034f78e8 EFLAGS: 00000246 [ 872.691708][ C0] RAX: 0000000000000000 RBX: 0000000000000200 RCX: 0000000000000001 [ 872.699670][ C0] RDX: 0000000000000000 RSI: ffffffff8c291100 RDI: ffffffff81878ef0 [ 872.707634][ C0] RBP: ffffc900034f7b60 R08: ffffffff903116f7 R09: 1ffffffff20622de [ 872.715599][ C0] R10: dffffc0000000000 R11: fffffbfff20622df R12: dffffc0000000000 [ 872.723564][ C0] R13: 0000000000000000 R14: ffffffff89beb391 R15: 0000000000000000 [ 872.731529][ C0] ? bpf_test_run+0x1d1/0x830 [ 872.736222][ C0] ? __local_bh_enable_ip+0xd0/0x130 [ 872.741525][ C0] ? __local_bh_enable_ip+0xd0/0x130 [ 872.746818][ C0] ? bpf_test_run+0x1d1/0x830 [ 872.751497][ C0] bpf_test_run+0x3a8/0x830 [ 872.756022][ C0] ? __pfx_bpf_test_run+0x10/0x10 [ 872.761052][ C0] ? trace_kmem_cache_alloc+0x29/0xe0 [ 872.766426][ C0] ? __kasan_krealloc+0xec/0x110 [ 872.771372][ C0] ? skb_dst_set+0x72/0x140 [ 872.775878][ C0] bpf_prog_test_run_skb+0xe35/0x2230 [ 872.781266][ C0] ? __fget_files+0x3a2/0x420 [ 872.785943][ C0] ? __fget_files+0x2a/0x420 [ 872.790530][ C0] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 872.796339][ C0] bpf_prog_test_run+0x2c5/0x340 [ 872.801283][ C0] __sys_bpf+0x643/0x950 [ 872.805526][ C0] ? __pfx___sys_bpf+0x10/0x10 [ 872.810299][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.816366][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.822428][ C0] __x64_sys_bpf+0x7c/0x90 [ 872.826844][ C0] do_syscall_64+0x174/0x580 [ 872.831433][ C0] ? clear_bhb_loop+0x40/0x90 [ 872.836108][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.841995][ C0] RIP: 0033:0x7fc6b719ce59 [ 872.846401][ C0] RSP: 002b:00007fc6b80b2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 872.854813][ C0] RAX: ffffffffffffffda RBX: 00007fc6b7415fa0 RCX: 00007fc6b719ce59 [ 872.862777][ C0] RDX: 000000000000004c RSI: 0000200000000080 RDI: 000000000000000a [ 872.870744][ C0] RBP: 00007fc6b7232d6f R08: 0000000000000000 R09: 0000000000000000 [ 872.878710][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 872.886678][ C0] R13: 00007fc6b7416038 R14: 00007fc6b7415fa0 R15: 00007fff09711138 [ 872.894681][ C0] [ 872.897693][ C0] task:kworker/1:14 state:R running task stack:25472 pid:19329 tgid:19329 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 872.911259][ C0] Workqueue: events cleanup_vm_area_work [ 872.916909][ C0] Call Trace: [ 872.920191][ C0] [ 872.923122][ C0] __schedule+0x17d9/0x56c0 [ 872.927629][ C0] ? ktime_get+0x45/0x220 [ 872.931960][ C0] ? rcu_is_watching+0x15/0xb0 [ 872.936731][ C0] ? rcu_is_watching+0x15/0xb0 [ 872.941498][ C0] ? __pfx___schedule+0x10/0x10 [ 872.946349][ C0] ? do_raw_spin_lock+0x12b/0x2f0 [ 872.951373][ C0] ? rcu_is_watching+0x15/0xb0 [ 872.956137][ C0] preempt_schedule_irq+0x4d/0xa0 [ 872.961163][ C0] irqentry_exit+0x14f/0x8f0 [ 872.965762][ C0] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 872.971225][ C0] RIP: 0010:unwind_next_frame+0xf8/0x2550 [ 872.976944][ C0] Code: 55 a4 0e 00 75 1f c6 05 ca 55 a4 0e 01 48 c7 c7 40 a3 c9 8b be 4a 03 00 00 48 c7 c2 80 a3 c9 8b e8 fd 67 2b 00 48 89 6c 24 38 <48> 89 5c 24 40 49 8d 5e 50 48 89 d8 48 c1 e8 03 48 89 44 24 28 42 [ 872.996547][ C0] RSP: 0018:ffffc900041df6c0 EFLAGS: 00000246 [ 873.002625][ C0] RAX: 0000000000000000 RBX: ffffffff821fd40d RCX: 0000000080000001 [ 873.010591][ C0] RDX: 0000000000000000 RSI: ffffffff8c291100 RDI: ffffffff8c2910c0 [ 873.018564][ C0] RBP: 1ffff9200083bef4 R08: 0000000000000000 R09: 0000000000000000 [ 873.026527][ C0] R10: ffffc900041df7b8 R11: ffffffff81b10630 R12: dffffc0000000000 [ 873.034501][ C0] R13: ffffffff8176a21f R14: ffffc900041df768 R15: 1ffff9200083beed [ 873.042471][ C0] ? unwind_next_frame+0x8f/0x2550 [ 873.047583][ C0] ? vfree+0x1fd/0x330 [ 873.051666][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 873.057829][ C0] ? __free_frozen_pages+0xc0d/0xd20 [ 873.063114][ C0] ? unwind_next_frame+0x8f/0x2550 [ 873.068223][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 873.074381][ C0] arch_stack_walk+0x11b/0x150 [ 873.079166][ C0] ? vfree+0x1fd/0x330 [ 873.083254][ C0] stack_trace_save+0xa9/0x100 [ 873.088016][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 873.093391][ C0] save_stack+0x122/0x230 [ 873.097722][ C0] ? __pfx_save_stack+0x10/0x10 [ 873.102570][ C0] ? rcu_is_watching+0x15/0xb0 [ 873.107328][ C0] ? __free_frozen_pages+0xc0d/0xd20 [ 873.112642][ C0] ? vfree+0x1fd/0x330 [ 873.116721][ C0] ? page_ext_get+0x22/0x2e0 [ 873.121312][ C0] __reset_page_owner+0x71/0x1f0 [ 873.126249][ C0] __free_frozen_pages+0xc0d/0xd20 [ 873.131360][ C0] ? ___free_pages+0x9a/0x1b0 [ 873.136040][ C0] vfree+0x1fd/0x330 [ 873.139932][ C0] cleanup_vm_area_work+0xa2/0x100 [ 873.145046][ C0] ? process_scheduled_works+0xa20/0x14e0 [ 873.150782][ C0] process_scheduled_works+0xa8e/0x14e0 [ 873.156323][ C0] ? rcu_is_watching+0x15/0xb0 [ 873.161101][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 873.167090][ C0] ? do_raw_spin_lock+0x12b/0x2f0 [ 873.172135][ C0] ? assign_work+0x3cf/0x5d0 [ 873.176738][ C0] worker_thread+0xa47/0xfb0 [ 873.181348][ C0] kthread+0x388/0x470 [ 873.185413][ C0] ? __pfx_worker_thread+0x10/0x10 [ 873.190528][ C0] ? __pfx_kthread+0x10/0x10 [ 873.195124][ C0] ret_from_fork+0x514/0xb70 [ 873.199715][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 873.204819][ C0] ? __switch_to+0xc89/0x1420 [ 873.209510][ C0] ? __pfx_kthread+0x10/0x10 [ 873.214092][ C0] ret_from_fork_asm+0x1a/0x30 [ 873.218860][ C0] [ 873.221871][ C0] rcu: rcu_preempt kthread starved for 10486 jiffies! g139501 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 873.233141][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 873.243097][ C0] rcu: RCU grace-period kthread stack dump: [ 873.248976][ C0] task:rcu_preempt state:R running task stack:28040 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 873.262456][ C0] Call Trace: [ 873.265728][ C0] [ 873.268662][ C0] __schedule+0x17d9/0x56c0 [ 873.273195][ C0] ? __pfx___schedule+0x10/0x10 [ 873.278039][ C0] ? schedule+0x90/0x360 [ 873.282280][ C0] ? rcu_is_watching+0x15/0xb0 [ 873.287039][ C0] ? lock_release+0x4b/0x3c0 [ 873.291637][ C0] schedule+0x164/0x360 [ 873.295795][ C0] schedule_timeout+0x152/0x2c0 [ 873.300642][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 873.306013][ C0] ? __pfx_process_timeout+0x10/0x10 [ 873.311311][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 873.317112][ C0] ? prepare_to_swait_event+0x322/0x350 [ 873.322657][ C0] rcu_gp_fqs_loop+0x30c/0x11f0 [ 873.327522][ C0] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 873.333673][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 873.338965][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 873.344164][ C0] ? trace_irq_enable+0x3b/0x140 [ 873.349105][ C0] rcu_gp_kthread+0x9e/0x2b0 [ 873.353698][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 873.358909][ C0] ? __kthread_parkme+0x71/0x1f0 [ 873.363851][ C0] ? __kthread_parkme+0x196/0x1f0 [ 873.368880][ C0] kthread+0x388/0x470 [ 873.372964][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 873.378170][ C0] ? __pfx_kthread+0x10/0x10 [ 873.382764][ C0] ret_from_fork+0x514/0xb70 [ 873.387349][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 873.392455][ C0] ? __switch_to+0xc89/0x1420 [ 873.397135][ C0] ? __pfx_kthread+0x10/0x10 [ 873.401718][ C0] ret_from_fork_asm+0x1a/0x30 [ 873.406486][ C0] [ 873.409495][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 873.415810][ C0] CPU: 0 UID: 0 PID: 31689 Comm: kworker/u8:23 Not tainted syzkaller #0 PREEMPT(full) [ 873.425453][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 873.435504][ C0] Workqueue: events_unbound toggle_allocation_gate [ 873.442024][ C0] RIP: 0010:smp_call_function_many_cond+0x10b0/0x14b0 [ 873.448794][ C0] Code: c0 75 73 41 8b 1e 89 de 83 e6 01 31 ff e8 98 02 0c 00 83 e3 01 48 bb 00 00 00 00 00 fc ff df 75 07 e8 44 fe 0b 00 eb 37 f3 90 <41> 0f b6 04 1c 84 c0 75 10 41 f7 06 01 00 00 00 74 1e e8 29 fe 0b [ 873.468393][ C0] RSP: 0018:ffffc90004f3f720 EFLAGS: 00000293 [ 873.474457][ C0] RAX: ffffffff81b9f7f7 RBX: dffffc0000000000 RCX: ffff888061e6be00 [ 873.482424][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 873.490383][ C0] RBP: ffffc90004f3f860 R08: ffffffff903116f7 R09: 1ffffffff20622de [ 873.498345][ C0] R10: dffffc0000000000 R11: fffffbfff20622df R12: 1ffff110170e8199 [ 873.506311][ C0] R13: ffff8880b863c2c8 R14: ffff8880b8740cc8 R15: 0000000000000001 [ 873.514285][ C0] FS: 0000000000000000(0000) GS:ffff88812527c000(0000) knlGS:0000000000000000 [ 873.523214][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 873.529788][ C0] CR2: 00007fc6b8090ff8 CR3: 000000000e746000 CR4: 00000000003526f0 [ 873.537768][ C0] Call Trace: [ 873.541049][ C0] [ 873.543973][ C0] ? smp_call_function_many_cond+0x8d1/0x14b0 [ 873.550058][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 873.555086][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 873.561425][ C0] ? kmem_cache_alloc_bulk_noprof+0xab/0x7c0 [ 873.567408][ C0] ? __pfx___text_poke+0x10/0x10 [ 873.572346][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 873.577367][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 873.582489][ C0] smp_text_poke_batch_finish+0x5fd/0x1110 [ 873.588299][ C0] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 873.594290][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 873.599316][ C0] ? __pfx_smp_text_poke_batch_finish+0x10/0x10 [ 873.605558][ C0] ? arch_jump_label_transform_queue+0x97/0x110 [ 873.611798][ C0] ? __jump_label_update+0x347/0x370 [ 873.617082][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 873.623063][ C0] static_key_enable_cpuslocked+0x128/0x240 [ 873.628950][ C0] ? process_scheduled_works+0xa20/0x14e0 [ 873.634665][ C0] static_key_enable+0x1a/0x20 [ 873.639424][ C0] toggle_allocation_gate+0xab/0x290 [ 873.644746][ C0] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 873.650636][ C0] ? rcu_is_watching+0x15/0xb0 [ 873.655411][ C0] ? lock_acquire+0x5f/0x350 [ 873.660007][ C0] ? trace_workqueue_execute_start+0x7c/0x1d0 [ 873.666075][ C0] ? process_scheduled_works+0xa20/0x14e0 [ 873.671789][ C0] process_scheduled_works+0xa8e/0x14e0 [ 873.677343][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 873.683320][ C0] ? do_raw_spin_lock+0x12b/0x2f0 [ 873.688348][ C0] ? assign_work+0x3cf/0x5d0 [ 873.692954][ C0] worker_thread+0xa47/0xfb0 [ 873.697567][ C0] kthread+0x388/0x470 [ 873.701626][ C0] ? __pfx_worker_thread+0x10/0x10 [ 873.706748][ C0] ? __pfx_kthread+0x10/0x10 [ 873.711334][ C0] ret_from_fork+0x514/0xb70 [ 873.715918][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 873.721021][ C0] ? __switch_to+0xc89/0x1420 [ 873.725708][ C0] ? __pfx_kthread+0x10/0x10 [ 873.730288][ C0] ret_from_fork_asm+0x1a/0x30 [ 873.735073][ C0]