last executing test programs: 13.948111792s ago: executing program 2 (id=21243): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r1, &(0x7f0000000180)={0x11, 0x17, r2, 0x1, 0x40, 0x6, @broadcast}, 0x14) getsockname$packet(r1, &(0x7f00000018c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000000100)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRES32=r3, @ANYBLOB="20000100", @ANYBLOB="00000001e000030000000000000000000000000008"], 0x38}, 0x1, 0x0, 0x0, 0x881}, 0x0) 13.776848657s ago: executing program 2 (id=21245): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) bind$netlink(r4, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r4, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r3, &(0x7f0000024c80)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000024d40)=ANY=[@ANYBLOB="4400000010000d042abd7000077bf70000000000", @ANYRES32=r5, @ANYBLOB="01000000000000002400128009000100626f6e6400000000140002800500010006"], 0x44}, 0x1, 0x0, 0x0, 0x40040}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000e00)=ANY=[@ANYBLOB="44000000100001042abd70000000000000000000", @ANYBLOB="0028000000000000140012800c0001006d6163766c616e00", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r8], 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="d8000000100081044e81f782db44b904021d006a0f000000e8fe55a1290015000600142603600e120900040044000000a80016000a0003402e60000000000000b94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a985162f7ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d3220a7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x60044084) 13.507563792s ago: executing program 2 (id=21248): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f00000000c0)=@framed={{}, [@ldst={0x1, 0x2, 0x4, 0x2, 0x1, 0x16}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r3, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0x8, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x5, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x1, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000340)={'gre0\x00', r3, 0x80, 0x80, 0x28, 0x3, {{0x19, 0x4, 0x1, 0x2, 0x64, 0x68, 0x0, 0x0, 0x2f, 0x0, @private=0xa010101, @dev={0xac, 0x14, 0x14, 0x42}, {[@rr={0x7, 0x7, 0x75, [@rand_addr=0x64010102]}, @timestamp={0x44, 0x4, 0x4d, 0x0, 0xe}, @timestamp_addr={0x44, 0x44, 0x9c, 0x1, 0x3, [{@private=0xa010101, 0x7fc0}, {@multicast1, 0x8444}, {@private=0xa010102, 0x10001}, {@empty, 0x9}, {@multicast1, 0x8bbf}, {@empty, 0x2}, {@empty, 0xffff0001}, {@rand_addr=0x64010101, 0x7}]}]}}}}}) r4 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c00014002080c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x4040) 13.12536492s ago: executing program 2 (id=21251): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) close(0x3) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) close(0x3) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r2, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt(r1, 0x84, 0x80, &(0x7f0000000000)="1400000009000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x3fe, @ipv4={'\x00', '\xff\xff', @empty}}], 0x1c) sendto$inet6(r2, &(0x7f0000000080)="b0", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x7, @loopback, 0x4}, 0x1c) (fail_nth: 7) 12.567625648s ago: executing program 2 (id=21256): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91f8a9849519def28691bbc4173c3d6f357d0272b7319130feaab952ac4703cad04be68907e50e997fc26e4c91ea4feb931647fc5393de25000000000000000000", 0x41}, {&(0x7f0000000e80)="44900000000056ee66c372f3105eb186dd8062fad2d5b5bfb0ba06f274a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9aff7f1e7db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61d442035db81e18c2d2462d0bb25fff9d3b1ce90b597992b2a4d541611ce77f58dce7c9500118229e7cdf4ca7f6adca92c73d97ce54164c1942b2568635bec8e020b41fb2f8000000000000000000000000000000001c8a9f7956583e26f6f0edc415851d0b8305fe66c2b7c114e3712d87744938848f24a13cb604000000000000000000000000000000c7aa5035897b20a6c23f1fc4af2990c07f784b985a3de7740bd338487029", 0x121}, {&(0x7f00000003c0)="641a6a2b863c0dd898013a3f97a834ebb75a925ab48c844221841a232932fc2e37e327de", 0x24}, {&(0x7f00000001c0)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c48b3072092c483271361816bf21afb8473a064f1988536d", 0x89}], 0x4}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641e50fe595e1e0dbe84ed0f70abb4ed2dfb6648df7dbbd18fa5533a6b0acc138c81a8acbcb2fb79a7d7857d41bca238e0548c5e955d74bbb106fe965274cbb3a29b895df0b4e02", 0xf6}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000640)="42e01391", 0x4}], 0x1}}], 0x3, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 3.575629435s ago: executing program 3 (id=21315): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91f8a9849519def28691bbc4173c3d6f357d0272b7319130feaab952ac4703cad04be68907e50e997fc26e4c91ea4feb931647fc5393de25000000000000000000", 0x41}, {&(0x7f0000000e80)="44900000000056ee66c372f3105eb186dd8062fad2d5b5bfb0ba06f274a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9aff7f1e7db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61d442035db81e18c2d2462d", 0x84}], 0x2}}], 0x1, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000540), 0x0, 0x10008095, 0x0, 0x0) 3.211225382s ago: executing program 1 (id=21319): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91f8a9849519def28691bbc4173c3d6f357d0272b7319130feaab952ac4703cad04be68907e50e997fc26e4c91ea4feb931647fc5393de25000000000000000000", 0x41}, {&(0x7f0000000e80)="44900000000056ee66c372f3105eb186dd8062fad2d5b5bfb0ba06f274a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9aff7f1e7db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61d442035db81e18c2d2462d0bb25fff9d3b1ce90b597992b2a4d541611ce77f58dce7c9500118229e7cdf4ca7f6adca92c73d97ce54164c1942b2568635bec8e020b41fb2f8000000000000000000000000000000001c8a9f7956583e26f6f0edc415851d0b8305fe66c2b7c114e3712d87744938848f24a13cb604000000000000000000000000000000c7aa5035897b20a6c23f1fc4af2990c07f784b985a3de7740bd338487029", 0x121}, {&(0x7f00000003c0)="641a6a2b863c0dd898013a3f97a834ebb75a925ab48c844221841a232932fc2e37e327de", 0x24}, {&(0x7f00000001c0)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c48b3072092c483271361816bf21afb8473a064f1988536d", 0x89}], 0x4}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641e50fe595e1e0dbe84ed0f70abb4ed2dfb6648df7dbbd18fa5533a6b0acc138c81a8acbcb2fb79a7d7857d41bca238e0548c5e955d74bbb106fe965274cbb3a29b895df0b4e028b6d65c115b81328e0b660253f1c9a359dde67917fa232e2f566483ddbb93ff9b103c1cac356c9f0f6ab5fe77ea4610f71ec6dc988fddf29b8d0b6aaa827", 0x134}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000640)="42e01391", 0x4}], 0x1}}], 0x3, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 2.651100082s ago: executing program 3 (id=21325): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91f8a9849519def28691bbc4173c3d6f357d0272b7319130feaab952ac4703cad04be68907e50e997fc26e4c91ea4feb931647fc5393de25000000000000000000", 0x41}, {&(0x7f0000000e80)="44900000000056ee66c372f3105eb186dd8062fad2d5b5bfb0ba06f274a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9aff7f1e7db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61d442035db81e18c2d2462d0bb25fff9d3b1ce90b597992b2a4d541611ce77f58dce7c9500118229e7cdf4ca7f6adca92c73d97ce54164c1942b2568635bec8e020b41fb2f8000000000000000000000000000000001c8a9f7956583e26f6f0edc415851d0b8305fe66c2b7c114e3712d87744938848f24a13cb604000000000000000000000000000000c7aa5035897b20a6c23f1fc4af2990c07f784b985a3de7740bd338487029", 0x121}, {&(0x7f00000003c0)="641a6a2b863c0dd898013a3f97a834ebb75a925ab48c844221841a232932fc2e37e327", 0x23}, {&(0x7f00000001c0)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c48b3072092c483271361816bf21afb8473a", 0x83}], 0x4}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641e50fe595e1e0dbe84ed0f70abb4ed2dfb6648df7dbbd18fa5533a6b0acc138c81a8acbcb2fb79a7d7857d41bca238e0548c5e955d74bbb106fe965274cbb3a29b895df0b4e028b6d65c115b81328e0b660253f1c9a359dde67917fa232e2f566483ddbb93ff9b103c1cac356c9f0f6ab5fe77ea4610f71ec6dc988fddf29b8d0b6aaa82752580b62b5f51800d10077f07319b6ffeff06e4d", 0x148}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000640)="42e013913edbeb683c44e18a52b5a2462064ddd92caaba941de80d06047dedb7eeeff3a27eacf4c416b6979d6c918608807c44d01535dbaab3b390086e4fd43c6b5931187023646d6beac2340fdc7a0d81214ac76a818f64d287311e8828dfd3e3dd67efdb129a6e52745d1540e570891f6bf411cc16a18c4d34e522a1f003498f1a03ea1f8828b6c902286c71a9bc21923972dacfa74fef6a0fd3267e599c1dd33dff5d7b28f134bda4a29962fd5daa4fc9", 0xb2}], 0x1}}], 0x3, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 2.300364423s ago: executing program 1 (id=21326): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_int(r0, 0x11, 0xb, &(0x7f0000000200)=0x6, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e24, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000300)={@local, @broadcast, @void, {@ipv4={0x841, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x68, 0x0, 0x0, 0x88, 0x0, @remote, @local}, {0xfffe, 0x4e24, 0x4d, 0x0, @wg=@initiation={0x1, 0x4, "497a1d08fd3d0ee007022798bb6374ed840b4f36f41fc4d035e9ebe414aa958d", "4bbef5e4007898221aa606d083cd59745493938f1e2de8fdadd3823fedd2c01b2aff03050a4ca5d10fd1b6b06f47ea42", "ef7c9d6a98e3943f6892078bb952854743fe4dddd2e7c0ce70a4ac7d", {"a851525b16af17fe87acbae2ab0b233d", "01422d01cd53c3abe94331d0b7918724"}}}}}}}, 0x0) 2.133377831s ago: executing program 1 (id=21328): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x2000077d, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000001340)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000002c0)="6321a178", 0x4}], 0x1}}], 0x1, 0x20000001) recvmmsg(r0, &(0x7f0000003ac0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000004c0)=""/248, 0xf8}], 0x1}, 0x8}, {{0x0, 0x0, &(0x7f00000022c0)=[{&(0x7f0000002200)=""/35, 0x23}], 0x1}, 0x700000}], 0x2, 0x100, 0x0) 1.703570791s ago: executing program 3 (id=21336): r0 = socket$tipc(0x1e, 0x5, 0x0) listen(r0, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f0000000000)={0x1, @default, @bpq0, 0x9, 'syz0\x00', @default, 0x4, 0x4, [@null, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @bcast]}) close(r0) 1.517395114s ago: executing program 3 (id=21339): r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xffff, 0xb}, {0x4, 0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x240040a1}, 0x4890) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x8, r6, 0x3e}, 0x80, &(0x7f0000000080)}, 0x4) 1.285642582s ago: executing program 4 (id=21342): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) sendmsg$sock(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {&(0x7f0000001400)="12b5ca8883a72c61be64d1809e4e551c8fcc795bacbc79d1a786c09a1861dfb427e430bee5b00ac73434620f11a914ef7cf7658efc365a26b43990993f60d4ffeb9cc31d7d5fc06ba7c3a4d828f40fca355cff79686f12971618904dc7d09e85e7a5f9194c4cae7983ee20f6c522b89ecc73c43438aad7dd15ff4738f5e4e1b7713142e7ff6cfc1b6cf7baba9ebf3b471cd0a72011fef02b46e280ad7a8c42d24bfb2ffe1518bc0fea207ec37a9e388c9dea8124df3f50a75f03df8d30d7b3b73e274042a52c058e1d85ef3b420b4dfce815cff6265e625a61b6fca9699edaadd192a3ae60c765260d1cbfb21f0cc30d8128b3783867b85873de07b02635d5573f9e578094a3ce6efbf44818daef38e14005a360909d226d7e13a86f6c83b6aaf615b6a2642d17bc2c56b8b0f8209e20ec1e0f58b0486493e511ab0a45b44a87340a9052ef5fba93c83753f1b101a744407f54d052188087c1cf43de80fd7bd5f3ce8585b5499959e6c3f5e17ae837d7c5627abb604947ad9906d641658f01464f48244182de8d5a8d037403ad4a964e2124177771a84806cda0682d58743928d2d16d83fd8b706a9669ac7605e8d857ac586dc2eda90715951c21bd116ade52f03cd61f3874aaefa77da678450228eb476d84bf175564a215e1683ced4bb9adba5daed835c6b38b61b213834aca56b86259784addb8601d26a42ad637ee296cd4382aaa7c1eaa5cbfa3a7177390bc646916aeb885d2dd43fc5b2dbbd2d184ba6cc6a439b95b5d814a8582405635b5c6bdb41c24af7a10bbd264eb2308a800a09705ac7856a7ac993cb4d88fea4cd1d5cf9e82e10c4badb996f4c0d5fd5866baf90a07d8777f793feb9250e22dd5190aa26c2a31412f1b41e0a65d0e435a9c5ebbf5205f6c6a117ce1fb16e8eb797e7d3eb5d62178dc0441941e9cb464814982ebe54195d73113efc971799121683f6e85d24ad6f21023868327b67446a36ebffda572b90f9b228a03b612e7e0ca09aac6b5710fc90f51c0efefb69b5d26ba9a1d8954832b1370d099d09c07fb2893d57d617ec0d626f1f96ee1608e0f8d9ca1b491578d639ac74b3ea568a474707ac756555d0ae9cdc609609e30d7ef2648fb8baa5854e58b60fac9ec9670c620ce6dcf3bbcca971cb5bf37462feb", 0x33c}, {&(0x7f0000000680)}, {0x0}], 0x4}, 0x800) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 1.242887004s ago: executing program 1 (id=21343): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r1, &(0x7f0000000180)={0x11, 0x17, r2, 0x1, 0x40, 0x6, @broadcast}, 0x14) getsockname$packet(r1, &(0x7f00000018c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000000100)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRES32=r3, @ANYBLOB=' \x00', @ANYRES32=r2, @ANYBLOB="00000001e000030000000000000000000000000008"], 0x38}, 0x1, 0x0, 0x0, 0x881}, 0x0) 1.036491229s ago: executing program 0 (id=21344): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c000000020603000000000000000000000000001400078008001240000000000500150002000000050001000600000005000500020000000500040000000000090002"], 0x4c}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000000)={0x0, 0x5}, 0x8) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a03000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(0xffffffffffffffff, &(0x7f00000002c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0xfffa}, 0xe) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000002700), r3) sendmsg$GTP_CMD_GETPDP(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x14, r4, 0x301, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x2400c840) sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, r4, 0x4, 0x70bd2d, 0x25dfdbfd, {}, [@GTPA_FLOW={0x6, 0x6, 0x1}, @GTPA_FLOW={0x6, 0x6, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4085}, 0x4000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001980), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r5, &(0x7f0000001a80)={0x0, 0x0, &(0x7f0000001a40)={&(0x7f0000000100)={0x18, r6, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x2a0, 0x15, 0x1, 0xfffffffc, 0x0, {0xd}, [@typed={0xc, 0x125, 0x0, 0x0, @u64=0x5}, @generic="b456dd150a8cae37249699c19584b5fd0585af185ce2e7eff97062d22bd56225c4ab55ac40d966d340d8c62c58fe47f6241b2a239bda77c6003326d5468d0c7a47e5118bcf97dbb220f05a18d6f979fe6d0a4092", @typed={0x8, 0xec, 0x0, 0x0, @u32=0x4}, @generic="61ffd28424940ddb2196b1ebe85aee635832fac8ab5588298c6b3de5d31741e22d1af7e7496b1d7309084d7fe847fdec64060b478be381d3b7bfbaa48167587722b49cf24c0234e9", @typed={0x8, 0x6b, 0x0, 0x0, @ipv4=@multicast1}, @generic="58a29f33a55b130a9f86833dc07abfd658931b6743cfaff8b351b63b4ee071e78376b6aaac6d2f61cec801cb37b5debd4532a300597a67c051eae224d113bdc0adef825cbd14782d154fe56e7651e8dd86f36e0e6f446140de584e4b84e2fd25d1a21eda880d2c36a54bd5915c4e5106e3c9045083", @generic="7f11be14aef28265b19fbce69104e366ce01a0fb363ad78dc4a82f4b1f457475f83f78d2d93c5c40f5b00b2c793d42e33f258108ce72e3c93e4d55cf4189229b31535b68bb9b901c7494fae7fb129c62a713c2e69422a3cefc92e0c4f91d5e26d483f035c9cb04f8dfe17dd8dc0d954ba06c7eaef708423342a4d83225de7fd17bb16629096207badceb2e861f7c0b058c5a43e44a3be7f0aefe2f060a8fab7ecfbc0535b8944ae8569e40245987a81dc8eb93198cf301a2dad7fcd9258f5010c52bcd1d9c985fa6414d", @generic="b745496767bd30780a139e2fd9cf98d074a0d72b1883023dfb0f6ec6f4eb5706fa5ba3aa12f77c8e6ad4baf55e695218907f16eaf29f3eb87ea4c300164b057cdd659e7f6aa267f1070e04295574479518d34986bb89f4af8d17ed985057666fb5de350b7df475d75eeb759dd797fb26e9a0140f1487a6cd7ac7900917b3291019504ef3309a528dd7c5b4b84f0bc1e82f38"]}, 0x2a0}, 0x1, 0x0, 0x0, 0x4800}, 0x40) shutdown(r2, 0x1) 1.017920676s ago: executing program 1 (id=21345): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91f8a9849519def28691bbc4173c3d6f357d0272b7319130feaab952ac4703cad04be68907e50e997fc26e4c91ea4feb931647fc5393de25000000000000000000", 0x41}, {&(0x7f00000003c0)="641a6a2b863c0dd898013a3f97a834ebb75a925ab48c844221841a232932fc2e37e327de", 0x24}, {&(0x7f00000001c0)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c48b3072092c483271361816bf21afb8473a", 0x83}], 0x3}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641e50fe595e1e0dbe84ed0f70abb4ed2dfb6648df7dbbd18fa5533a6b0acc138c81a8acbcb2fb79a7d7857d41bca238e0548c5e955d74bbb106fe965274cbb3a29b895df0b4e028b6d65c115b81328e0b660253f1c9a359dde67917fa232e2f566483ddbb93ff9b103c1cac356c9f0f6ab5fe77ea4610f71ec6dc988fddf29b8d0b6aaa82752580b62b5f51800d10077f07319b6ffeff06e4d", 0x148}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000640)="42e013913edbeb683c44e18a52b5a2462064ddd92caaba941de80d06047dedb7eeeff3a27eacf4c416b6979d6c918608807c44d01535dbaab3b390086e4fd43c6b5931187023646d6beac2340fdc7a0d81214ac76a818f64d287311e8828dfd3e3dd67efdb129a6e52745d1540e570891f6bf411cc16a18c4d34e522a1f003498f1a03ea1f8828b6c902286c71a9bc21923972dacfa74fef6a0fd3267e599c1dd33dff5d7b28f134bda4a29962fd5daa4fc9", 0xb2}], 0x1}}], 0x3, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 1.017686078s ago: executing program 3 (id=21346): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91f8a9849519def28691bbc4173c3d6f357d0272b7319130feaab952ac4703cad04be68907e50e997fc26e4c91ea4feb931647fc5393de25000000000000000000", 0x41}, {&(0x7f0000000e80)="44900000000056ee66c372f3105eb186dd8062fad2d5b5bfb0ba06f274a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9aff7f1e7db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61d442035db81e18c2d2462d", 0x84}], 0x2}}], 0x1, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000540), 0x0, 0x10008095, 0x0, 0x0) 1.016162354s ago: executing program 4 (id=21347): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x770, 0x0, 0xbabd}, 0x1c) syz_emit_ethernet(0x7c, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd6aabd95500462ffffc000000000000000000000000000001ff020000"], 0x0) 845.335635ms ago: executing program 0 (id=21348): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000040)={0x200000000000001}, 0xffffffffffffff3d) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[@ANYRESOCT=r0], 0xc0) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f00000000c0)=ANY=[], 0x8) 843.764659ms ago: executing program 4 (id=21349): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xc}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000007c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016002000014004000000035c1f61c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cee0090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc5", 0xb2}], 0x1}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000001"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000700)="ef16", 0x0}, 0x50) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x20, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x4, 0x1}, @nested={0x4, 0x2}]}, 0x20}}, 0xc000) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16], 0x20}, 0x1, 0x0, 0x0, 0x10805}, 0x44049) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 705.747608ms ago: executing program 0 (id=21350): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000ac0)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641e50fe595e1e0dbe84ed0f70abb4ed2dfb6648df7dbbd18fa5533a6b0acc138c81a8acbcb2fb79a7d7857d41bca238e0548c5e955d74bbb106fe965274cbb3a29b895df0b4e028b6d65c115b81328e0b660253f1c9a359dde67917fa232e2f566483ddbb93ff9b103c1cac356c9f0f6ab5fe77ea4610f71ec6dc988fddf29b8d0b6aaa82752580b62b5f51800d10077f07319b6ffeff06e", 0x147}, {&(0x7f0000000e80)="31cef842d9c50636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea3822948825e11e7557f9c9c810bd8a1420e33eb1be6f10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba9547e1e343b451d9025c4e153612d4674b9411fb4de295599abbcb388d291aa839ab0954e6a8dfc19c3c1533a11d81e03a4879bd736f1caacc2bbf1194598a652677efb930a5b6ee292c57402e0cc07a9a26ee794e46e604a9aec550d12af09f782e1f6a996f0756604847689d37ee3047e61531a8672447cb501b2560bc0e0c5fb2c9f341ed3972b30190e930af94642ab1557e286442cfa6a84ad931e99549640705cd6261ca7094910df055747e2e2ae170e7850093bf0aa3370e03222b5de4597ca76f3193d4a45e424b540f2928741", 0x148}], 0x2}}], 0x1, 0x50) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='westwood', 0x64) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000001380)="bc263d7f455169251dc0ac2707d978a06fffc49727783f1a8f7bc38262c61dd060fbfb2a86865578be93be281bb71fd035896c85e9179a87deaced2a55ecb9217cfa7c3b41b7f7b2c726933e601290c97b9984fb7d6ef6ff2bdfc1ad457199e99d7170b5322bd085aeaa786e365ed06082e58ccda390fd046d907dc982517001636335d7dfa35262cde7f2b76e48c0b2b4411235b8b8ec9a566d2f75a4611a2244460b7ca85a3cefe43ba6ef2a60ddb86917fe6a60d3008e226ccaba38a6aa23d2b3631a7a9180f5ba459bcb5169f71888ea04eb18448e91057e7f81ea37dd6ce155b2bf1fc8e3404fcf22d89367d7cef2c25e862fa8f4728a7114d5a40cfee57991a0947001d0da71e9655db1902543dc809b17ec87e64b64903dcf7cc4ae863804f717ab9503ddb1e5e02afb25e394dbac3cef0a4f115bd179b06493c44c16d957cf1c34eccfbfc8c6227c89e8b93ffdca5f8c1ed36d6a4963ed8d8dbbb1a72e8ebd9a6901022940c3370b3a7d553e888be3a4c657af30669c389040afac5000b9af28581ac89538c04a925a3caf66962a74d4100a6f6f7d97b21044ae2676b1188934b080269df35b83e1bbe1aa4ea6246332d3bc9f1550fd9d373ec196a5309f91990f201ba8e1afd05c52eb8d7f8ad2fac0a60df98563fbcecf8f4af32392df213fe9956fe7950a629c15c20a579198eea5dcdfa415309107ad8ee9819981e655a7fca8be1e7b83c51255b1cb83e10a2ae9c0ddb9d970429681e85da618aeb7b0860f84fb7782e8c28c44e87b99062186750731cd1810d306723b7c1106550246474a767aaa69c88c4c65dc842dd6cd6031ca62a4817ceae30f752dd876653a49a4dd88f88a2bf68bf466065b21a6f226e413a91b92a4044699d1574db63a83b66a2b1cd06dc425c45348607fe1da6c3e983ff2a2a74225eb9f7e145d2b601265b58c08bd369511d61322d478a210361306a3a67f517cb409c95255cb47bf16d9965da3414dbfc86bd3950f22188bbc6c352a0c2489385e7953aec2edf0e3c0a9da64f870c76c55b23c174ffca865a415d9f7d62fc555c57f07fd30e54f9e9c1496ff19ce8950d781310d6ca2ebb17f51b57afc37e18a453efeb8ffd59e374425a47b40d3741e0b0de8eadf752e02b3a3c9cb9d1501f6026aacc422555defb9e1a63eeb721ce833ab9ad9134b03c9b38875ef3ee8051c7e9e305964c2fdbf7661d0329a3d166ae148949f9b70b4f70052352bc4d45d1b69c508b9148c94269e0ad17a1686cd77852e41bfb5ec29627673c0ba3c78a1e77489571894765939a98972850eb26b6d64a1758838535af6c09e8489fa73069a839e63ced47ba730cdd17d08a5cfc015b4c04347a89453d3a3bb9fee0dd4a8eaf859ac83425f22d13ae4c550f3a25c4a82f0d4905d29831b5794bae5d367ee5e1f65f6eb3ec6aec1eed9c6591d742321d9a73be8a87e8b7302cee7529f2f1f86ed0ebff3a411d28a431961d696a418905ba290ea457f60713205cbb275c6366feddb9d33de03080e23f28d5e3a85ab0c589e7f6fcf7ae6f5dd5ebd85e200a2aeefe039", 0x45c}], 0x1) 645.809628ms ago: executing program 4 (id=21351): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r1, 0x84, 0x80, &(0x7f00000002c0)="1a00000002000100", 0x8) setsockopt(r1, 0x84, 0x81, &(0x7f00000003c0)="1a00000002000100", 0x8) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64) socket$xdp(0x2c, 0x3, 0x0) (async, rerun: 64) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYRES32=r2, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\b\x00', @ANYRES32=r3], 0x24}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000200)={'gre0\x00', 0x0}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r4, &(0x7f0000000080)=ANY=[], 0x10448) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) (async) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x1b, &(0x7f0000000380)={0x0, 0x5}, &(0x7f0000000180)=0x8) (async) bind$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e23, 0xfffffffc, @loopback, 0x4cd7}, 0x1c) (async) listen(r0, 0x4) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8) (async) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) (async) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8) sendmmsg$inet6(r5, &(0x7f00000003c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000540)='\x00', 0x1}], 0x1}}], 0x1, 0x20008050) (async) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r5, 0x84, 0x79, &(0x7f0000000300)={0x0, 0x7da, 0xf2}, 0x8) (async) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r5, 0x84, 0x79, &(0x7f0000000100)={0x0, 0xfff, 0xc6b8}, 0x8) (async) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000005, 0x42073, 0xffffffffffffffff, 0x400000) (async) socket$vsock_stream(0x28, 0x1, 0x0) (async, rerun: 64) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)) (async, rerun: 64) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xa, 0x4, &(0x7f0000000140)=ANY=[@ANYRESOCT=r0], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffedf) 622.917526ms ago: executing program 0 (id=21352): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) (fail_nth: 8) 285.248342ms ago: executing program 4 (id=21353): r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) bind$packet(r0, &(0x7f0000001100)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x14) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, 0x0, 0x0) 226.311276ms ago: executing program 0 (id=21354): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000001840)={0x1, &(0x7f0000001880)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x2000077d, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000001340)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000002c0)="6321a1780e3fe8d9098f1f28f3c1f1895857b6b4afebba414b5998fa7c73702eb715d85b6a7709a53bf91325a9fbf7387371592c3533a8a34a28e9364405bb05cdeedb9ddfbe45a6933c33e5019991d691e8e8817a584f5392630d34c12a00aac5c546266df9fbb755447a0ff32acb32fc4b9c54b7fa15f82a9848478df5354f7158ece711c634aead9f427b8a3e580b3bd0920814473069f285753c945e0baa9072f76c542acf2986649075a243126f6d736b8bfa9a88672388eaa7902fc6c9a3c1b2781d", 0xc5}], 0x1}}], 0x1, 0x20000001) sendmmsg$sock(r0, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="d1a797c2b46d80cf49939ed1045d08831ff06923aa18e224bc2495b7a16420c4f26822450433e28bac7b637b4d98caf80241000000000005fdb70026a294e93cc7f969744233e182ba903f098a5438d39c94538ce416e7f18bfd3d2efcc0a3481b2f2c0bea3ea74892e82a51a61b9fc3a4d19fb1ca21ce58f1c9eb8409df21d5ee8c4f375ac21a8fe256855e1f7d0d6cc909ad77d65fbf0697c4934076dd787ede1390e656caade994e51ed6712df617b9638426b4aa4c00d7b1f1255faa53c43ca9115ccf", 0xc5}], 0x1}}, {{0x0, 0x0, &(0x7f0000000f80)=[{&(0x7f0000000000)='x', 0x1}], 0x1}}], 0x2, 0x4c000) 102.528992ms ago: executing program 1 (id=21355): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r1, &(0x7f0000000180)={0x11, 0x17, r2, 0x1, 0x40, 0x6, @broadcast}, 0x14) getsockname$packet(r1, &(0x7f00000018c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000000100)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRES32=r3, @ANYBLOB="200001", @ANYRES32=r2, @ANYBLOB="00000001e000030000000000000000000000000008"], 0x38}, 0x1, 0x0, 0x0, 0x881}, 0x0) 21.757376ms ago: executing program 3 (id=21356): r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xffff, 0xb}, {0x4, 0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x240040a1}, 0x4890) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x8, r6, 0x3e}, 0x80, &(0x7f0000000080)}, 0x4) 21.337314ms ago: executing program 0 (id=21357): r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$can_raw(0x1d, 0x3, 0x1) sendmsg$can_raw(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@canfd={{0x3, 0x1, 0x1, 0x1}, 0x17, 0x1, 0x0, 0x0, "778a7222e37c8318e26de8c945ffa11aa12ed2a7a84488a8adf225286e7cf660ab11fc762f86c9151cab8f54909bc9c820e0e97cb48ee69fe15dab4a8a379ec6"}, 0x48}}, 0x240248c0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x50, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x50}}, 0x20040000) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vxcan1\x00', 0x0}) bind$can_raw(r0, &(0x7f00000001c0)={0x1d, r3}, 0x10) recvmmsg(r0, &(0x7f0000000c40), 0x3, 0x1, 0x0) setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f00000003c0)=0x1, 0x4) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) ioctl$AUTOFS_IOC_PROTOVER(r1, 0x80049363, &(0x7f0000000140)) sendmsg$can_raw(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=@can={{}, 0x6, 0x0, 0x0, 0x0, "0000000000000003"}, 0x10}}, 0xd209f6d814827b17) 21.184759ms ago: executing program 2 (id=21259): r0 = socket$inet6(0xa, 0x3, 0xff) sendto(r0, 0x0, 0x30, 0x4000800, &(0x7f00000008c0)=@nl=@unspec={0x0, 0x700, 0x0, 0xfdff}, 0x80) mmap$xdp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0x30, r0, 0x6d8fa8b340cee951) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_T1(r1, 0x103, 0x1, &(0x7f0000000080)=0x6, 0x4) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r2, 0x8982, &(0x7f0000000280)={0x1, 'pimreg0\x00', {}, 0x8000}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r6, &(0x7f0000000980), 0xe) listen(r6, 0x0) setsockopt$bt_BT_DEFER_SETUP(r6, 0x112, 0x7, &(0x7f0000000280), 0x4) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)={0x20, r5, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x19}]}, 0x20}}, 0x0) sendmsg$MPTCP_PM_CMD_SET_LIMITS(r2, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x38, r5, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x14, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x200008d1}, 0x80) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="280000001d000100000000000000000007000000", @ANYRES32=r3, @ANYBLOB="000096d7803fd1040a000200aaaaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x4040000}, 0x8000) ioctl$sock_netrom_SIOCDELRT(r1, 0x890c, &(0x7f0000000000)={0x1, @default, @bpq0, 0x5453, 'syz1\x00', @default, 0x5, 0x6, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) 0s ago: executing program 4 (id=21358): r0 = socket$inet_udplite(0x2, 0x2, 0x88) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e24, @empty}, 0x10) socket$inet6_udplite(0xa, 0x2, 0x88) r1 = socket$xdp(0x2c, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f00000004c0)={r3, 0x3, 0x6}, 0x10) sendmsg$xdp(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x2c, 0x8, r3, 0x2f}, 0x10, &(0x7f0000001580)=[{&(0x7f0000000500)="0934f2505685a5f7f75313c1d72f8ec07edb34a4380cb62063b45ffa917555dadce2ea4bf85da4d340277de0a8da554a528ad58a15158c5f7dad4c8fed0826a2d5542609c3ff55b12dbcb452bbac69b1381371e207f86f4d8f07360e590a7f505c3fadb213464afa0375239ba73fe1ab9a12b6fe14c0481c6a96879940ab79a07e09cd7154783db1be48b2a21878ae5e3419b35aa2ca3a1993b785a2831c2b4266e67e34176a100a94696609daf6f0dfc35dde7f32252231c85c5401aec1dfb7719d32fa269d1fed057d5ffc52e2ae6b793f90bcdd2fd0cad59452f59ad7839006466eea69bea82c7268608348b5b007b31b1708cfd6fa50759c0125c848738df04994703bcfab61450ac46d81f3bde9398583cc5a5efde1978e9b824d13381cd21163d51303021e07ed64b94686ac1a48c6a863689681f7daa17d312ede109b9daeba8b93faf7de1c61439532b9ca7dbc10ee3e3a748037cab9f72954b4a6dedda768d1bc6ad279642d83d74052bb2ddba9bf0c6aa32093f8ec6deae587f331468353c8c1ef46763b2b969a8a5fee15a9ff01cdc8f1ecd85b1f2ddfd100d943ea3d0b638952e3d9d9e3577ba89fb1151d24a834b05dc5804dd4247cf9e5f2db0fb9f6fc0f787a542adaf7ab888fbbbf8b92a635e3c216e77372ea23d34a9f95d46c36369531aab7886a2aa39da29530dece76ceea585da27dcf890a80c3eb87f1c9bb1efb7a004d4937ac4ce47a56be9f765a0a54a88fbbc5a32869f335883abd6425d8cf320b370e404df25b0953d9556f52b313d49366208e897f26c626761e34fdb5cd80a5ce157237cdb250882fe834275047c07757d1657c93f6d7c6d4b1af6045c4e06b788add7ace58e37425ba124ba0dd738b352ec427144d962c9710c6f4b76a0e7661ba75cc16c53bd245bc1c0e68de4d4fc32487ba84a2b101c36acf08c4cc1ea31a950f72e88c3ab111575b1f135bf89f72e00ff1b08628ef0e55cbd6bb7afa58c8f5706fcbbcdb908cedc6b80bbd5895e5ebb2733757012f3ac95803faad2173d5302615029b81a8d3af87c7d900cf4b3d6e0d0daebfc9e5fb175c038e38fa63f20be4d8630071a3aee4cf49ed431dabc9a99e385b0dc432c85bd17181a774959539259f7a4ca1a002794e200207a0fde1cc6135e8cade9a5a1fc35abb72bb0005cf8111d135d6cdda92363dcc8cc7d11b6a1797ff1526dd79797da4621ff322bc6195d2fd86b3c1ff5a357cbaa3c1c102062660c8e191ff47371ee75ea3e0919223927d6d9bf9b0755eb82a5d4deb06500238a6fbf5d6d66ff477a7a163d62c6b25681ded3d6d2ebed4590e43384d556ed48c39c69d33198fb9bf2cdc7d2e72049f63e732024155cbb714d7415e9b8e50b4635b5453af0dd710408e79fa03ced010824cfd974517d839ca26cbec9af9cff55e06e60275c59211bbea502be4a82520c688b64d71de0220bf91b3ebfe7bb0c63061d249f24cb268dbcb5966be72d5a3a14ac1eac884bd5b01065443be5b0907234872c5ec37746eb084b534b158854cf704d38a5f0f782896924513cf5d7ed4588b9195205ebfa44d5438478d151b5216637c7a6ce47df0d487f80baeaee85f89ffc5330eee7f637f0d4bedaff8cf435418bbd2356b55b789d1fb323747b221ac12a433c270cfa95b6ef7def2b91cc23a05594b7d05bea31cc7ef62da2dfdd0a1fb13c40441e06d359ed223a4c5e04c4f5a92a91258d3a105600a4f0963a0c8c77735c82fd96691accc4150d4fc48c58079208f25f5caf31fa96dc749c7f258cb06eeaf990981a7418ff3e98fb48edf67469221b4871dee30ce4649cb56893412760ede3d8033cef77a0bae43c6712136fc1daeda7f397820e689b1fba35d8717d9a1c219034d165efbb475b7948c301c25e4f46ec0e7fc368985857fefc7925aa5c49d6f5b26d52c24cb3f77c26962adbb8b0238cf428eee3a9855f256bfb98b717040ac353f4e61562f6ca044e70dff044c67d31067cd848215ecea91c531793ce29a6d8f8b19114543b6333c1633327e477b019c0206e628fabeaf0d2433593a1a8028f77f3b487fe7e285978e92a29f82c786039b15e9f04294e5a7cc06ac173c23a95990f1896304eae19c87334634132f79a4371fbb0a1a2d5725ff816c7b6ef66594ea419bc00c43f3b4ed5a76b8445cdd57dedab685c8403ffe881a182ee4c53a4440dc1a0d4c74bbcff6ec1c45794f34083748a539d9a73c937bd47c8b4fcdbbb1907a0799e08c7fccb4dfd41570e7daf23c173c29e84f6f8789ea36032859b900d1a2e786b4692da40f8d1b10f3367b727ce566df0fc9bb278999c480057e4eeb371d5947a056c7c8fa60034c5c39c469904155b699eec8aa4b0a5671ca389e487f185139b6c7456fddbc354dc742a9e6b821ab56591314b1116ebec41468d9c0404f5a1f6f87d3ca603a97d6b48764a5e753c3418a96916df7189167d291b505671b2335ddf28db5ea211e68ea718ffe101ac285963b3193bd3345ea68d59f484e928db2e80ce773e73986c6c7ecfc243806088b23e670f1848e56897d489dbec5137989a86c061f4ad775aad8f61e0ee6453d255c55d75c97be64520da8289a9ae414e789aea48559fc4d9d1a74c385a5af2374612954722580e6c3c40af15c997ea62f137803fd66f131c924dde0d7ef02712dcf7fc0b7d9220329ee31b6af407460728e52902c48bf96e12edffe88645804e2f89cfa25501139a50f753c1280ee3d0a2c518255db68303a6538f98644b5a1d7be36b60c023862faea369ed0bbe4467796d0d57e14bf2a49c64d371c4f2f8af37562de9284ebac081660bca4f449aaf2ae2bda797af61dddcea6a21dd2ec9d3822c88352e6645e010257001b17225f063bca7747c6f0b18d666a72a14f35ba8871981a0ba74173a146efe37b608085ef6ea87dff83262ed850044c39d3af03bc1d8d13d325f6efb1ce814fafff6fa941103df15f8fddf37781864d60b955ee2e14e1d3a306c678bc938009adc641702fb754dd41cc9b382a1fa262cf3750036e7052768c187e1f158f5f2120b30910bda18b4fb7a3f6677d792239eef8e5ad3a1acae60c00c54ae5afe9908e026bf1e46f7868ae052427aa8ce967782abd1825599bd80b3f116b59941f39cb282b3c5640ecdbc6991d48553165a81ab621c4554052f75f18d83f2fc815386e3aa9762b4a3d2bd8f387370841dbca4de64a0044e076d52684d067e7166dee2235242654006738610e1cb12543ac3db83dc379b919507b89b684b4c5f53f2bb3f1a9542a1045637b463e172729ab95cbcf23c2108600157417158e016a0609b454f7e5e1aeaa42fef4445ed9225d8060c9c2f5407c41d0ae92d5c85b4d20cf9bf24608d63bfb54bbdd8c8c3fa990a542b4cfcc9316284662cf2325b672bc6027e3b0d9acdb7672c0648d28f80bad6d0766f12f6c1379e7e67508487525a2bcd4d20ccd37e8be4f3f084e626559726f363d26e0530ec3ea8d2eebe7ebb47e4601f7d0ec2c9d5d993ffc70db903675f628ce99590bd600a4b5e89d473686e715e98f179452a8d17e401eaeba6d0ec69e9cc63e8c6ec744627bea2d2d467e7ded4b3b23542d9562ccb08eb40bcd1f0ff332d7d7fbe58ab6733a9971169b5ce27df89c833a1089efcf9048e0ce7b122d5c7ae27b9dc98ceed8e766f2462e88e6508a157916703b6079906b34f35da70c23dca0f12f08a931fc2962524561302379978329c8300af489979e44632ec6bfc21ed1adcf796f5607fbfd512ed32f8d0b06c23abf3b3b9427c989fefb75bbbff534d7e76cf63aef4997b7543ef7795b5d6d770f333faa04d877c36880cafc73027629c03be218bc625505810bf6e662203677ad5598a7eb05b7296716078e174e7d52fb3f5d7f14eab1bd1c856aef5795aa32de57fa9625b847ac501ac059c0d50dce3c51ae1c8edd7f06699369579f55a108b822fbe62ff267a011d7ba30e6f617085449aec96e6e0bc2fa0da0ed59db1c5e132d3cd2667c0d58e2c7470105fc331a61d87a62814ee769871096904b9c962458a6e706b8c7cb6f9efb880a533336d415bdf7e61186fd61d21b0acb962e5801c6452f6fe2930b451478890e6edbb65afce2e281857d401b5309586ef272b3c825d7dfbfd2d24d391479577ec558db2a844a453b51083edf17ff657cc473492bbcc81ba17ded3edc152d6155fabc26306c4fb0817bb36b4c8cc4cdeacc0ff4bd329777dd6c7840e292c1b4868ba4d40544416cc0ee4ed4da4e1e89c3ee3e312e2ba71bd4f1d44e3ee61591185d5efc9c614a6a747e0c2d50f5c540621694a81a9c743a6d6bcee6ce69cfeddcc7d693c7e90b31bfd1bd205388fd8c3876e7eee8f580e70c62ae6b7c9d8b4315e481a9b6b71f043d761c65aa9f184e2f17ee8c4bafb3814be0c26d9624f51f5d2fe862d4b0c76e2b6933b2f89ce47905f79e6f5929425359b3c215b26da03b1abfc8062ffcabd0e6e31c2c7c5bb0d46b8b677839940d6cd15016c620e9ce1c86ca6d542f66ef64cd97b938408043013dce4f6e5440f586a6b4e17473d375a7729fa1133b5ac4724c9da6509121775e84ce913f50f99d59a40a1252afafba8a8cacebe0a28cac06cee56875911166f0429292670ec57f7d00e7b7d7d3d5c4d948b92216189b21e20a1d898ba37ddd8eed75cad50bcfa0f56e4df5d095d0bfc2b3648cbe69567e8cf7cfc1d467d95fb550fcfd4e401d81b31dc488e688698f8ba486f339e92852fffbf6136b8801087b9bab8fb3870db2b62af5bdc8b5c55f720e0524bdc89c5dcf102960c8d62a8d4dbfb3d0f11bf7acad9d1dd0d4c4d0561460fc0fa7c3a3d80bc2c8be8410c00d8e94f5db271a5d397d3762f1740e43a3b1d968be82da120f6fee1f387f4e31805f68226091acd64df61c956229d63b084d55710424831237db972db243478edd403da0f7a2d9818a3454dfa9eb6509aa85cc6084ec3c33db1edf224a2da5b908297dfe60b4067a6b6bd8a032a18a0a68e4b59b6ebcec590abbce092697eed33b409dbb034dd3e1b6c25ff85c65a1d0de3288a99cfa415b7f217022b8425c599da98ec35949f100cd5cf96f10a366288ee641f5d00292818941a16b996234a6f2537ae3b72265914326f1d04552529d9320d8f9a72b15d278263536220ebe7b05c288a3ad3f593cd7ca3bde0f2e31a5176a14954697da27286c7f5b3e245dc15d8f8b48ebf89c448ae46e70333a229b042273169e92de396276f353c79b132791d2c8c8f409318d935b50b08ccfa34350de8e508535417344785f50475bc5bbb50e45f4e05e4dc665918f594264b0e7caf7ff06a7279f85517018710c264715de161034d9bd80499fac6ff6e86b1773d68ef4ea528f1af5de390292d87222cd0ca6b30509c2fce1dfb06fb07d996a637aaddf3ece3ea8975403600548ed86192f63001ae9ecf3dfb5242c837468f217e4295679a3fcd69d079b4161e4a1b4cc18d079d35ddfc712fe892959426d38f87f3a0d9cf9d0bd87734d447a5ce8d02f2c8096a2cfb3fbb6c7e7742b07b8de7d3db92715621795d7c9ce9afdb37607915b686611e386b55cdb45300741c78ded4d01157f82d421ef4486da82dbbb3c2b169fcd02ca269f90f08d6cb11c7d617399a0d7ed85bca68f5da484b07963f931910f915e42a02cee21e29630250b2c1cd0150b559ba30226d228594dde5324bd765eecda2dc185d80389d309e51a6aeac6b87ecfb6b3cf90b98dcca875379d98d33eb1547cff66", 0x1000}, {&(0x7f00000002c0)="ce65bbafae2a1b6118b8298dd534bd77de21f3c42748a3b84ed7e1a8bf33cca9e30af1aef7319efcc38506261fcefe954677b11921fb406128b72da9764109e03b74036eac1db1ce6ce78f4a39d2cdcd934ff1314074381df610eaccb1744ad245a1dffeb9af62b529329d110e7bd838092d6d63127b27cc7c815f53176334c23daaa01a9f96789c5d371476083f9e7db0ca69766d8041c7e4cda1e766641635561fd52e58cf4cef99742edff818b725c38ec0daf867352244852ddef97d5a998394deaa08109ca5a4d8f61cc8555aa03dd55482cd8aab5b5df64d38e88c0a40988d8801ef28dfe9748b6d0cfbe74ff6dc9ba5f942fcbc8f8072d9", 0xfb}, {&(0x7f0000000080)="eb093e5877197aed77618f368abd73abe04a4c15c0816b64396056f81777533bc54cd12186a4acf23fa3bef5fe802d11a4e41aef3138c3d547af309c42876fbf7b6e8b2fe3c98df88a344c7b47489e557b0b7214e7253cb8c465d375aa8c2c18833d7e", 0x63}, {&(0x7f00000003c0)="94bb21185cc44f92640677abd88e8e6617e81263cf121f91f0c49f04bb7d955f7af6a57e46207d35f11fff7523224c55e7b766f270ba17dc8807c9c7d6f337a26eedbb4e64de9d5f6ed9b25bafb308a55e854fe29168282a95c0ff2c", 0x5c}, {&(0x7f0000000440)="9e5836205c37a69cc3b6c24cf596360ae63c647902b7885eac78a39b8aa87f9ce1701a8bc1dadfcb6f272c13e4c27448c42c06c8adeb3eb10c9deb74bba8f918066cdc9d947d05", 0x47}, {&(0x7f0000001500)="9e0770b9b7bc714b0bfd08c0d1d6b7ab958d777a7121ec9e3b7944b6f19c199d25631f9aaf74ab6122502c7eecb68458309a77ee000a9b228a8dc67ee7501218294c47160066806160363b89c87badaf8a504a702ec49550571adc1efd027fc0e990615f71d410a4387370ef3d6d0ec630af5ab5ca3c85", 0x77}], 0x6, 0x0, 0x0, 0x400}, 0x8000) recvmmsg(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000200)=""/185, 0xb9}], 0x1}, 0x1ff}], 0x1, 0x10100, 0x0) kernel console output (not intermixed with test programs): 43][T28494] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1458.822184][T28494] proc_fail_nth_write+0x8e/0x210 [ 1458.822214][T28494] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1458.822254][T28494] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1458.822286][T28494] vfs_write+0x29a/0xb90 [ 1458.822317][T28494] ? __pfx_vfs_write+0x10/0x10 [ 1458.822340][T28494] ? __fget_files+0x2a/0x420 [ 1458.822375][T28494] ? __fget_files+0x3a0/0x420 [ 1458.822404][T28494] ? __fget_files+0x2a/0x420 [ 1458.822443][T28494] ksys_write+0x150/0x270 [ 1458.822468][T28494] ? __pfx_ksys_write+0x10/0x10 [ 1458.822504][T28494] do_syscall_64+0x14d/0xf80 [ 1458.822536][T28494] ? trace_irq_disable+0x3b/0x150 [ 1458.822567][T28494] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1458.822591][T28494] ? clear_bhb_loop+0x40/0x90 [ 1458.822617][T28494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1458.822639][T28494] RIP: 0033:0x7fd2c475cfce [ 1458.822659][T28494] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1458.822678][T28494] RSP: 002b:00007fd2c55e5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1458.822701][T28494] RAX: ffffffffffffffda RBX: 00007fd2c55e66c0 RCX: 00007fd2c475cfce [ 1458.822717][T28494] RDX: 0000000000000001 RSI: 00007fd2c55e60a0 RDI: 0000000000000004 [ 1458.822731][T28494] RBP: 00007fd2c55e6090 R08: 0000000000000000 R09: 0000000000000000 [ 1458.822745][T28494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1458.822758][T28494] R13: 00007fd2c4a16038 R14: 00007fd2c4a15fa0 R15: 00007ffff1966258 [ 1458.822792][T28494] [ 1459.302173][T28512] netlink: 36 bytes leftover after parsing attributes in process `syz.2.20948'. [ 1459.323664][T28512] bridge0: port 2(bridge_slave_1) entered disabled state [ 1459.332713][T28512] bridge0: port 1(bridge_slave_0) entered disabled state [ 1459.640215][T28533] syzkaller1: entered promiscuous mode [ 1459.645997][T28533] syzkaller1: entered allmulticast mode [ 1459.808343][T28537] tipc: Enabled bearer , priority 0 [ 1459.952152][T28537] syzkaller0: entered promiscuous mode [ 1459.962983][T28537] syzkaller0: entered allmulticast mode [ 1459.969378][T28537] tipc: Resetting bearer [ 1460.161254][ T1037] tipc: Resetting bearer [ 1460.179494][T28555] syzkaller0: entered promiscuous mode [ 1460.185283][T28555] syzkaller0: entered allmulticast mode [ 1460.195075][T28555] FAULT_INJECTION: forcing a failure. [ 1460.195075][T28555] name failslab, interval 1, probability 0, space 0, times 0 [ 1460.207822][T28555] CPU: 0 UID: 0 PID: 28555 Comm: syz.4.20965 Not tainted syzkaller #0 PREEMPT(full) [ 1460.207852][T28555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1460.207866][T28555] Call Trace: [ 1460.207876][T28555] [ 1460.207886][T28555] dump_stack_lvl+0xe8/0x150 [ 1460.207922][T28555] should_fail_ex+0x412/0x560 [ 1460.207953][T28555] should_failslab+0xa8/0x100 [ 1460.207979][T28555] ? dst_alloc+0x105/0x170 [ 1460.208007][T28555] kmem_cache_alloc_noprof+0x87/0x650 [ 1460.208052][T28555] dst_alloc+0x105/0x170 [ 1460.208078][T28555] ip_route_input_rcu+0x23e5/0x3130 [ 1460.208124][T28555] ? __pfx_ip_route_input_rcu+0x10/0x10 [ 1460.208166][T28555] ? ipt_do_table+0x2b2/0x1630 [ 1460.208197][T28555] ? lock_acquire+0xf0/0x2e0 [ 1460.208233][T28555] ? ip_route_input_noref+0xad/0x270 [ 1460.208265][T28555] ip_route_input_noref+0x17c/0x270 [ 1460.208298][T28555] ? __pfx_ip_route_input_noref+0x10/0x10 [ 1460.208334][T28555] ? ipt_do_table+0x2b2/0x1630 [ 1460.208358][T28555] ? __pfx_ipt_do_table+0x10/0x10 [ 1460.208384][T28555] ip_rcv_finish_core+0x5af/0x1c00 [ 1460.208421][T28555] ip_rcv_finish+0x14c/0x2f0 [ 1460.208448][T28555] NF_HOOK+0x336/0x3c0 [ 1460.208473][T28555] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1460.208494][T28555] ? NF_HOOK+0x9e/0x3c0 [ 1460.208515][T28555] ? __pfx_NF_HOOK+0x10/0x10 [ 1460.208541][T28555] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1460.208573][T28555] ? netif_receive_skb+0x102/0xc50 [ 1460.208597][T28555] ? __pfx_ip_rcv+0x10/0x10 [ 1460.208620][T28555] netif_receive_skb+0x45b/0xc50 [ 1460.208652][T28555] ? __pfx_netif_receive_skb+0x10/0x10 [ 1460.208674][T28555] ? __lock_acquire+0x6b5/0x2cf0 [ 1460.208708][T28555] ? tun_rx_batched+0x185/0x790 [ 1460.208740][T28555] tun_rx_batched+0x1de/0x790 [ 1460.208768][T28555] ? __build_skb+0x62/0x440 [ 1460.208810][T28555] ? __pfx_tun_rx_batched+0x10/0x10 [ 1460.208851][T28555] ? tun_get_user+0x2354/0x3dd0 [ 1460.208880][T28555] ? __local_bh_enable_ip+0xd0/0x130 [ 1460.208912][T28555] ? tun_get_user+0x2669/0x3dd0 [ 1460.208944][T28555] tun_get_user+0x2a78/0x3dd0 [ 1460.209008][T28555] ? aa_file_perm+0x50e/0x15e0 [ 1460.209036][T28555] ? __pfx_tun_get_user+0x10/0x10 [ 1460.209061][T28555] ? aa_file_perm+0x192/0x15e0 [ 1460.209115][T28555] ? ref_tracker_alloc+0x35c/0x4c0 [ 1460.209146][T28555] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1460.209181][T28555] ? tun_get+0x1c/0x2f0 [ 1460.209215][T28555] ? tun_get+0x1c/0x2f0 [ 1460.209243][T28555] ? tun_get+0x1c/0x2f0 [ 1460.209276][T28555] tun_chr_write_iter+0x113/0x200 [ 1460.209308][T28555] vfs_write+0x61d/0xb90 [ 1460.209341][T28555] ? __pfx_vfs_write+0x10/0x10 [ 1460.209375][T28555] ? __fget_files+0x2a/0x420 [ 1460.209417][T28555] ksys_write+0x150/0x270 [ 1460.209443][T28555] ? __pfx_ksys_write+0x10/0x10 [ 1460.209479][T28555] do_syscall_64+0x14d/0xf80 [ 1460.209512][T28555] ? trace_irq_disable+0x3b/0x150 [ 1460.209544][T28555] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1460.209568][T28555] ? clear_bhb_loop+0x40/0x90 [ 1460.209596][T28555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1460.209619][T28555] RIP: 0033:0x7f4cd735cfce [ 1460.209641][T28555] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1460.209660][T28555] RSP: 002b:00007f4cd82dafb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1460.209684][T28555] RAX: ffffffffffffffda RBX: 00007f4cd82db6c0 RCX: 00007f4cd735cfce [ 1460.209701][T28555] RDX: 0000000000000046 RSI: 0000200000000000 RDI: 00000000000000c8 [ 1460.209715][T28555] RBP: 00007f4cd82db090 R08: 0000000000000000 R09: 0000000000000000 [ 1460.209729][T28555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1460.209743][T28555] R13: 00007f4cd7616038 R14: 00007f4cd7615fa0 R15: 00007ffc78e257c8 [ 1460.209779][T28555] [ 1460.715206][T28568] FAULT_INJECTION: forcing a failure. [ 1460.715206][T28568] name failslab, interval 1, probability 0, space 0, times 0 [ 1460.748737][T28568] CPU: 1 UID: 0 PID: 28568 Comm: syz.2.20970 Not tainted syzkaller #0 PREEMPT(full) [ 1460.748772][T28568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1460.748787][T28568] Call Trace: [ 1460.748797][T28568] [ 1460.748807][T28568] dump_stack_lvl+0xe8/0x150 [ 1460.748844][T28568] should_fail_ex+0x412/0x560 [ 1460.748876][T28568] should_failslab+0xa8/0x100 [ 1460.748904][T28568] __kmalloc_noprof+0xe8/0x760 [ 1460.748928][T28568] ? tomoyo_encode+0x28b/0x550 [ 1460.748962][T28568] tomoyo_encode+0x28b/0x550 [ 1460.748997][T28568] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1460.749038][T28568] ? tomoyo_path_number_perm+0x219/0x630 [ 1460.749062][T28568] tomoyo_path_number_perm+0x246/0x630 [ 1460.749088][T28568] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1460.749116][T28568] ? __lock_acquire+0x6b5/0x2cf0 [ 1460.749158][T28568] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1460.749202][T28568] ? __fget_files+0x2a/0x420 [ 1460.749237][T28568] ? __fget_files+0x2a/0x420 [ 1460.749265][T28568] ? __fget_files+0x3a0/0x420 [ 1460.749295][T28568] ? __fget_files+0x2a/0x420 [ 1460.749329][T28568] security_file_ioctl+0xc3/0x2a0 [ 1460.749366][T28568] __se_sys_ioctl+0x47/0x170 [ 1460.749394][T28568] do_syscall_64+0x14d/0xf80 [ 1460.749427][T28568] ? trace_irq_disable+0x3b/0x150 [ 1460.749458][T28568] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1460.749481][T28568] ? clear_bhb_loop+0x40/0x90 [ 1460.749508][T28568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1460.749531][T28568] RIP: 0033:0x7f81bc59c799 [ 1460.749552][T28568] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1460.749572][T28568] RSP: 002b:00007f81bd51d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1460.749597][T28568] RAX: ffffffffffffffda RBX: 00007f81bc815fa0 RCX: 00007f81bc59c799 [ 1460.749614][T28568] RDX: 0000200000000000 RSI: 0000000000008b34 RDI: 0000000000000003 [ 1460.749628][T28568] RBP: 00007f81bd51d090 R08: 0000000000000000 R09: 0000000000000000 [ 1460.749643][T28568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1460.749657][T28568] R13: 00007f81bc816038 R14: 00007f81bc815fa0 R15: 00007ffe8c508668 [ 1460.749693][T28568] [ 1460.749749][T28568] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1460.998468][T28534] tipc: Resetting bearer [ 1461.078551][T28574] FAULT_INJECTION: forcing a failure. [ 1461.078551][T28574] name failslab, interval 1, probability 0, space 0, times 0 [ 1461.105082][T28574] CPU: 0 UID: 0 PID: 28574 Comm: syz.1.20972 Not tainted syzkaller #0 PREEMPT(full) [ 1461.105112][T28574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1461.105127][T28574] Call Trace: [ 1461.105137][T28574] [ 1461.105146][T28574] dump_stack_lvl+0xe8/0x150 [ 1461.105182][T28574] should_fail_ex+0x412/0x560 [ 1461.105213][T28574] should_failslab+0xa8/0x100 [ 1461.105242][T28574] __kmalloc_cache_node_noprof+0x8a/0x6b0 [ 1461.105268][T28574] ? init_rescuer+0x167/0x530 [ 1461.105301][T28574] init_rescuer+0x167/0x530 [ 1461.105326][T28574] ? __pfx___mutex_lock+0x10/0x10 [ 1461.105349][T28574] ? __pfx_init_rescuer+0x10/0x10 [ 1461.105389][T28574] ? wq_adjust_max_active+0x195/0x4b0 [ 1461.105411][T28574] ? apply_wqattrs_commit+0x3a7/0x4e0 [ 1461.105445][T28574] __alloc_workqueue+0x1a84/0x1e90 [ 1461.105486][T28574] alloc_workqueue_noprof+0xe3/0x210 [ 1461.105516][T28574] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1461.105546][T28574] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1461.105583][T28574] nci_register_device+0x3ff/0xa00 [ 1461.105615][T28574] ? __pfx_nci_register_device+0x10/0x10 [ 1461.105641][T28574] ? __raw_spin_lock_init+0x45/0x100 [ 1461.105666][T28574] ? __init_waitqueue_head+0xa9/0x150 [ 1461.105695][T28574] virtual_ncidev_open+0x129/0x1a0 [ 1461.105721][T28574] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1461.105744][T28574] misc_open+0x2d5/0x350 [ 1461.105771][T28574] chrdev_open+0x4cd/0x5e0 [ 1461.105800][T28574] ? __pfx_chrdev_open+0x10/0x10 [ 1461.105824][T28574] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0 [ 1461.105865][T28574] ? __pfx_chrdev_open+0x10/0x10 [ 1461.105890][T28574] do_dentry_open+0x785/0x14e0 [ 1461.105935][T28574] vfs_open+0x3b/0x340 [ 1461.105968][T28574] ? path_openat+0x2df0/0x3860 [ 1461.105994][T28574] path_openat+0x2e08/0x3860 [ 1461.106035][T28574] ? __pfx_stack_trace_save+0x10/0x10 [ 1461.106063][T28574] ? stack_depot_save_flags+0x33/0x810 [ 1461.106101][T28574] ? __pfx_path_openat+0x10/0x10 [ 1461.106121][T28574] ? __x64_sys_openat+0x138/0x170 [ 1461.106149][T28574] ? do_syscall_64+0x14d/0xf80 [ 1461.106181][T28574] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1461.106214][T28574] ? __lock_acquire+0x6b5/0x2cf0 [ 1461.106251][T28574] do_file_open+0x23e/0x4a0 [ 1461.106281][T28574] ? __pfx_do_file_open+0x10/0x10 [ 1461.106329][T28574] ? _raw_spin_unlock+0x28/0x50 [ 1461.106358][T28574] ? alloc_fd+0x64b/0x6c0 [ 1461.106401][T28574] do_sys_openat2+0x113/0x200 [ 1461.106433][T28574] ? __pfx_do_sys_openat2+0x10/0x10 [ 1461.106463][T28574] ? ksys_write+0x242/0x270 [ 1461.106488][T28574] ? __pfx_ksys_write+0x10/0x10 [ 1461.106537][T28574] __x64_sys_openat+0x138/0x170 [ 1461.106573][T28574] do_syscall_64+0x14d/0xf80 [ 1461.106604][T28574] ? trace_irq_disable+0x3b/0x150 [ 1461.106635][T28574] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1461.106657][T28574] ? clear_bhb_loop+0x40/0x90 [ 1461.106684][T28574] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1461.106706][T28574] RIP: 0033:0x7f3e0cd9c799 [ 1461.106727][T28574] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1461.106747][T28574] RSP: 002b:00007f3e0db6f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1461.106770][T28574] RAX: ffffffffffffffda RBX: 00007f3e0d016090 RCX: 00007f3e0cd9c799 [ 1461.106787][T28574] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1461.106801][T28574] RBP: 00007f3e0db6f090 R08: 0000000000000000 R09: 0000000000000000 [ 1461.106815][T28574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1461.106827][T28574] R13: 00007f3e0d016128 R14: 00007f3e0d016090 R15: 00007fffbb21eea8 [ 1461.106863][T28574] [ 1461.152196][T28577] FAULT_INJECTION: forcing a failure. [ 1461.152196][T28577] name failslab, interval 1, probability 0, space 0, times 0 [ 1461.166669][T28574] workqueue: Failed to allocate a rescuer for wq "nfc2_nci_rx_wq" [ 1461.186564][T28577] CPU: 1 UID: 0 PID: 28577 Comm: syz.4.20973 Not tainted syzkaller #0 PREEMPT(full) [ 1461.186648][T28577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1461.186682][T28577] Call Trace: [ 1461.186721][T28577] [ 1461.186743][T28577] dump_stack_lvl+0xe8/0x150 [ 1461.186839][T28577] should_fail_ex+0x412/0x560 [ 1461.186922][T28577] should_failslab+0xa8/0x100 [ 1461.187000][T28577] ? skb_clone+0x212/0x3a0 [ 1461.187118][T28577] kmem_cache_alloc_noprof+0x87/0x650 [ 1461.187212][T28577] ? __netlink_lookup+0xc6/0x8b0 [ 1461.187308][T28577] skb_clone+0x212/0x3a0 [ 1461.187411][T28577] __netlink_deliver_tap+0x404/0x850 [ 1461.187516][T28577] ? netlink_deliver_tap+0x2e/0x1b0 [ 1461.187584][T28577] netlink_deliver_tap+0x19c/0x1b0 [ 1461.187658][T28577] netlink_unicast+0x7e3/0x9b0 [ 1461.187751][T28577] ? __pfx_netlink_unicast+0x10/0x10 [ 1461.187821][T28577] ? netlink_sendmsg+0x650/0xb40 [ 1461.187884][T28577] ? skb_put+0x11b/0x210 [ 1461.187971][T28577] netlink_sendmsg+0x813/0xb40 [ 1461.188065][T28577] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1461.188147][T28577] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1461.188221][T28577] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1461.188285][T28577] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1461.188355][T28577] ____sys_sendmsg+0xa68/0xad0 [ 1461.188487][T28577] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1461.188593][T28577] ? import_iovec+0x73/0xa0 [ 1461.188686][T28577] ___sys_sendmsg+0x2a5/0x360 [ 1461.188790][T28577] ? __pfx____sys_sendmsg+0x10/0x10 [ 1461.188969][T28577] ? __fget_files+0x2a/0x420 [ 1461.189045][T28577] ? __fget_files+0x3a0/0x420 [ 1461.189159][T28577] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1461.189258][T28577] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1461.189371][T28577] ? __pfx_ksys_write+0x10/0x10 [ 1461.189464][T28577] do_syscall_64+0x14d/0xf80 [ 1461.189511][T28577] ? trace_irq_disable+0x3b/0x150 [ 1461.189542][T28577] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1461.189563][T28577] ? clear_bhb_loop+0x40/0x90 [ 1461.189589][T28577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1461.189609][T28577] RIP: 0033:0x7f4cd739c799 [ 1461.189629][T28577] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1461.189647][T28577] RSP: 002b:00007f4cd82db028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1461.189670][T28577] RAX: ffffffffffffffda RBX: 00007f4cd7615fa0 RCX: 00007f4cd739c799 [ 1461.189686][T28577] RDX: 0000000000000000 RSI: 0000200000000f00 RDI: 0000000000000003 [ 1461.189708][T28577] RBP: 00007f4cd82db090 R08: 0000000000000000 R09: 0000000000000000 [ 1461.189721][T28577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1461.189734][T28577] R13: 00007f4cd7616038 R14: 00007f4cd7615fa0 R15: 00007ffc78e257c8 [ 1461.189767][T28577] [ 1463.604895][T28534] tipc: Disabling bearer [ 1463.848775][T28590] FAULT_INJECTION: forcing a failure. [ 1463.848775][T28590] name failslab, interval 1, probability 0, space 0, times 0 [ 1463.862478][T28590] CPU: 1 UID: 0 PID: 28590 Comm: syz.4.20979 Not tainted syzkaller #0 PREEMPT(full) [ 1463.862518][T28590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1463.862532][T28590] Call Trace: [ 1463.862542][T28590] [ 1463.862559][T28590] dump_stack_lvl+0xe8/0x150 [ 1463.862597][T28590] should_fail_ex+0x412/0x560 [ 1463.862628][T28590] should_failslab+0xa8/0x100 [ 1463.862656][T28590] __kmalloc_cache_noprof+0x88/0x660 [ 1463.862683][T28590] ? sctp_v6_to_sk_saddr+0x100/0x1c0 [ 1463.862712][T28590] ? sctp_association_new+0x89/0x25e0 [ 1463.862744][T28590] ? __asan_memcpy+0x40/0x70 [ 1463.862780][T28590] sctp_association_new+0x89/0x25e0 [ 1463.862812][T28590] ? sctp_do_bind+0x661/0x9d0 [ 1463.862855][T28590] ? __ipv6_addr_type+0x247/0x2f0 [ 1463.862899][T28590] sctp_connect_new_asoc+0x2e4/0x6b0 [ 1463.862935][T28590] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 1463.862974][T28590] ? __local_bh_enable_ip+0xd0/0x130 [ 1463.863000][T28590] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 1463.863025][T28590] ? security_sctp_bind_connect+0x7e/0x2c0 [ 1463.863064][T28590] sctp_sendmsg+0x1528/0x2c10 [ 1463.863109][T28590] ? __pfx_sctp_sendmsg+0x10/0x10 [ 1463.863144][T28590] ? aa_sk_perm+0x6d5/0x900 [ 1463.863177][T28590] ? __pfx_aa_sk_perm+0x10/0x10 [ 1463.863205][T28590] ? sock_rps_record_flow+0x19/0x400 [ 1463.863243][T28590] ? inet_sendmsg+0x2f4/0x370 [ 1463.863280][T28590] ____sys_sendmsg+0x894/0xad0 [ 1463.863329][T28590] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1463.863372][T28590] ? import_iovec+0x73/0xa0 [ 1463.863408][T28590] ___sys_sendmsg+0x2a5/0x360 [ 1463.863447][T28590] ? __pfx____sys_sendmsg+0x10/0x10 [ 1463.863485][T28590] ? kstrtouint+0x6e/0xe0 [ 1463.863547][T28590] ? __fget_files+0x2a/0x420 [ 1463.863577][T28590] ? __fget_files+0x3a0/0x420 [ 1463.863620][T28590] __sys_sendmmsg+0x27c/0x4e0 [ 1463.863660][T28590] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1463.863690][T28590] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1463.863742][T28590] ? ksys_write+0x242/0x270 [ 1463.863768][T28590] ? __pfx_ksys_write+0x10/0x10 [ 1463.863800][T28590] __x64_sys_sendmmsg+0xa0/0xc0 [ 1463.863835][T28590] do_syscall_64+0x14d/0xf80 [ 1463.863868][T28590] ? trace_irq_disable+0x3b/0x150 [ 1463.863899][T28590] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1463.863922][T28590] ? clear_bhb_loop+0x40/0x90 [ 1463.863950][T28590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1463.863972][T28590] RIP: 0033:0x7f4cd739c799 [ 1463.863994][T28590] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1463.864015][T28590] RSP: 002b:00007f4cd82db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1463.864040][T28590] RAX: ffffffffffffffda RBX: 00007f4cd7615fa0 RCX: 00007f4cd739c799 [ 1463.864057][T28590] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000003 [ 1463.864071][T28590] RBP: 00007f4cd82db090 R08: 0000000000000000 R09: 0000000000000000 [ 1463.864086][T28590] R10: 0000000020008050 R11: 0000000000000246 R12: 0000000000000001 [ 1463.864099][T28590] R13: 00007f4cd7616038 R14: 00007f4cd7615fa0 R15: 00007ffc78e257c8 [ 1463.864135][T28590] [ 1464.289628][T28601] IPv6: sit1: Disabled Multicast RS [ 1464.346378][T28605] validate_nla: 36 callbacks suppressed [ 1464.346401][T28605] netlink: 'syz.1.20982': attribute type 9 has an invalid length. [ 1464.360590][T28605] netlink: 'syz.1.20982': attribute type 11 has an invalid length. [ 1464.418677][T28605] netlink: 'syz.1.20982': attribute type 12 has an invalid length. [ 1464.427319][T28605] netlink: 210020 bytes leftover after parsing attributes in process `syz.1.20982'. [ 1464.441412][T28605] netlink: 4 bytes leftover after parsing attributes in process `syz.1.20982'. [ 1464.458563][T28609] FAULT_INJECTION: forcing a failure. [ 1464.458563][T28609] name failslab, interval 1, probability 0, space 0, times 0 [ 1464.471412][T28609] CPU: 1 UID: 0 PID: 28609 Comm: syz.0.20985 Not tainted syzkaller #0 PREEMPT(full) [ 1464.471442][T28609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1464.471456][T28609] Call Trace: [ 1464.471465][T28609] [ 1464.471475][T28609] dump_stack_lvl+0xe8/0x150 [ 1464.471510][T28609] should_fail_ex+0x412/0x560 [ 1464.471541][T28609] should_failslab+0xa8/0x100 [ 1464.471567][T28609] ? skb_clone+0x212/0x3a0 [ 1464.471598][T28609] kmem_cache_alloc_noprof+0x87/0x650 [ 1464.471647][T28609] ? __netlink_lookup+0xc6/0x8b0 [ 1464.471683][T28609] skb_clone+0x212/0x3a0 [ 1464.471729][T28609] __netlink_deliver_tap+0x404/0x850 [ 1464.471770][T28609] ? netlink_deliver_tap+0x2e/0x1b0 [ 1464.471799][T28609] netlink_deliver_tap+0x19c/0x1b0 [ 1464.471828][T28609] netlink_unicast+0x7e3/0x9b0 [ 1464.471859][T28609] ? __pfx_netlink_unicast+0x10/0x10 [ 1464.471886][T28609] ? netlink_sendmsg+0x650/0xb40 [ 1464.471912][T28609] ? skb_put+0x11b/0x210 [ 1464.471954][T28609] netlink_sendmsg+0x813/0xb40 [ 1464.471990][T28609] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1464.472021][T28609] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1464.472048][T28609] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1464.472073][T28609] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1464.472098][T28609] ____sys_sendmsg+0xa68/0xad0 [ 1464.472140][T28609] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1464.472180][T28609] ? import_iovec+0x73/0xa0 [ 1464.472214][T28609] ___sys_sendmsg+0x2a5/0x360 [ 1464.472258][T28609] ? __pfx____sys_sendmsg+0x10/0x10 [ 1464.472326][T28609] ? __fget_files+0x2a/0x420 [ 1464.472357][T28609] ? __fget_files+0x3a0/0x420 [ 1464.472398][T28609] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1464.472434][T28609] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1464.472478][T28609] ? __pfx_ksys_write+0x10/0x10 [ 1464.472514][T28609] do_syscall_64+0x14d/0xf80 [ 1464.472547][T28609] ? trace_irq_disable+0x3b/0x150 [ 1464.472578][T28609] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1464.472601][T28609] ? clear_bhb_loop+0x40/0x90 [ 1464.472629][T28609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1464.472652][T28609] RIP: 0033:0x7f323e39c799 [ 1464.472674][T28609] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1464.472694][T28609] RSP: 002b:00007f323f298028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1464.472725][T28609] RAX: ffffffffffffffda RBX: 00007f323e615fa0 RCX: 00007f323e39c799 [ 1464.472742][T28609] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000003 [ 1464.472757][T28609] RBP: 00007f323f298090 R08: 0000000000000000 R09: 0000000000000000 [ 1464.472771][T28609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1464.472784][T28609] R13: 00007f323e616038 R14: 00007f323e615fa0 R15: 00007ffc6cd7c288 [ 1464.472819][T28609] [ 1465.061721][T28627] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1465.100699][T28627] xt_hashlimit: size too large, truncated to 1048576 [ 1465.226946][T28636] netlink: 24 bytes leftover after parsing attributes in process `syz.3.20993'. [ 1465.248437][T28639] FAULT_INJECTION: forcing a failure. [ 1465.248437][T28639] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1465.265688][T28639] CPU: 0 UID: 0 PID: 28639 Comm: syz.1.20998 Not tainted syzkaller #0 PREEMPT(full) [ 1465.265719][T28639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1465.265735][T28639] Call Trace: [ 1465.265744][T28639] [ 1465.265753][T28639] dump_stack_lvl+0xe8/0x150 [ 1465.265790][T28639] should_fail_ex+0x412/0x560 [ 1465.265821][T28639] _copy_from_user+0x2d/0xb0 [ 1465.265854][T28639] ___sys_sendmsg+0x1c6/0x360 [ 1465.265892][T28639] ? __pfx____sys_sendmsg+0x10/0x10 [ 1465.265963][T28639] ? __fget_files+0x2a/0x420 [ 1465.265993][T28639] ? __fget_files+0x3a0/0x420 [ 1465.266034][T28639] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1465.266071][T28639] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1465.266101][T28639] ? kvm_sched_clock_read+0x11/0x20 [ 1465.266159][T28639] do_syscall_64+0x14d/0xf80 [ 1465.266192][T28639] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1465.266237][T28639] ? clear_bhb_loop+0x40/0x90 [ 1465.266266][T28639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1465.266288][T28639] RIP: 0033:0x7f3e0cd9c799 [ 1465.266309][T28639] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1465.266329][T28639] RSP: 002b:00007f3e0db90028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1465.266353][T28639] RAX: ffffffffffffffda RBX: 00007f3e0d015fa0 RCX: 00007f3e0cd9c799 [ 1465.266369][T28639] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000004 [ 1465.266384][T28639] RBP: 00007f3e0db90090 R08: 0000000000000000 R09: 0000000000000000 [ 1465.266398][T28639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1465.266411][T28639] R13: 00007f3e0d016038 R14: 00007f3e0d015fa0 R15: 00007fffbb21eea8 [ 1465.266445][T28639] [ 1465.544251][T28651] FAULT_INJECTION: forcing a failure. [ 1465.544251][T28651] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1465.560302][T28651] CPU: 0 UID: 0 PID: 28651 Comm: syz.2.21002 Not tainted syzkaller #0 PREEMPT(full) [ 1465.560333][T28651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1465.560347][T28651] Call Trace: [ 1465.560356][T28651] [ 1465.560365][T28651] dump_stack_lvl+0xe8/0x150 [ 1465.560401][T28651] should_fail_ex+0x412/0x560 [ 1465.560442][T28651] _copy_from_user+0x2d/0xb0 [ 1465.560475][T28651] kstrtouint_from_user+0xd6/0x180 [ 1465.560504][T28651] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1465.560550][T28651] proc_fail_nth_write+0x8e/0x210 [ 1465.560581][T28651] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1465.560618][T28651] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1465.560650][T28651] vfs_write+0x29a/0xb90 [ 1465.560684][T28651] ? __pfx_vfs_write+0x10/0x10 [ 1465.560708][T28651] ? __fget_files+0x2a/0x420 [ 1465.560744][T28651] ? __fget_files+0x3a0/0x420 [ 1465.560774][T28651] ? __fget_files+0x2a/0x420 [ 1465.560814][T28651] ksys_write+0x150/0x270 [ 1465.560840][T28651] ? __pfx_ksys_write+0x10/0x10 [ 1465.560875][T28651] do_syscall_64+0x14d/0xf80 [ 1465.560909][T28651] ? trace_irq_disable+0x3b/0x150 [ 1465.560940][T28651] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1465.560963][T28651] ? clear_bhb_loop+0x40/0x90 [ 1465.560990][T28651] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1465.561012][T28651] RIP: 0033:0x7f81bc55cfce [ 1465.561033][T28651] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1465.561052][T28651] RSP: 002b:00007f81bd51cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1465.561076][T28651] RAX: ffffffffffffffda RBX: 00007f81bd51d6c0 RCX: 00007f81bc55cfce [ 1465.561093][T28651] RDX: 0000000000000001 RSI: 00007f81bd51d0a0 RDI: 0000000000000004 [ 1465.561107][T28651] RBP: 00007f81bd51d090 R08: 0000000000000000 R09: 0000000000000000 [ 1465.561121][T28651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1465.561134][T28651] R13: 00007f81bc816038 R14: 00007f81bc815fa0 R15: 00007ffe8c508668 [ 1465.561175][T28651] [ 1466.056101][T28660] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.21004'. [ 1466.357883][T28671] FAULT_INJECTION: forcing a failure. [ 1466.357883][T28671] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1466.393729][T28671] CPU: 0 UID: 0 PID: 28671 Comm: syz.2.21010 Not tainted syzkaller #0 PREEMPT(full) [ 1466.393760][T28671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1466.393773][T28671] Call Trace: [ 1466.393782][T28671] [ 1466.393792][T28671] dump_stack_lvl+0xe8/0x150 [ 1466.393828][T28671] should_fail_ex+0x412/0x560 [ 1466.393860][T28671] _copy_from_user+0x2d/0xb0 [ 1466.393893][T28671] sctp_setsockopt+0x1c4/0x12c0 [ 1466.393926][T28671] ? sock_common_setsockopt+0x36/0xc0 [ 1466.393953][T28671] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1466.393981][T28671] do_sock_setsockopt+0x17c/0x1b0 [ 1466.394017][T28671] __x64_sys_setsockopt+0x13d/0x1b0 [ 1466.394054][T28671] do_syscall_64+0x14d/0xf80 [ 1466.394086][T28671] ? trace_irq_disable+0x3b/0x150 [ 1466.394118][T28671] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1466.394140][T28671] ? clear_bhb_loop+0x40/0x90 [ 1466.394168][T28671] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1466.394190][T28671] RIP: 0033:0x7f81bc59c799 [ 1466.394211][T28671] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1466.394231][T28671] RSP: 002b:00007f81bd51d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1466.394255][T28671] RAX: ffffffffffffffda RBX: 00007f81bc815fa0 RCX: 00007f81bc59c799 [ 1466.394271][T28671] RDX: 0000000000000077 RSI: 0000000000000084 RDI: 0000000000000003 [ 1466.394285][T28671] RBP: 00007f81bd51d090 R08: 000000000001000f R09: 0000000000000000 [ 1466.394299][T28671] R10: 0000200000000640 R11: 0000000000000246 R12: 0000000000000001 [ 1466.394313][T28671] R13: 00007f81bc816038 R14: 00007f81bc815fa0 R15: 00007ffe8c508668 [ 1466.394349][T28671] [ 1466.580732][T28673] FAULT_INJECTION: forcing a failure. [ 1466.580732][T28673] name failslab, interval 1, probability 0, space 0, times 0 [ 1466.594841][T28673] CPU: 0 UID: 0 PID: 28673 Comm: syz.3.21011 Not tainted syzkaller #0 PREEMPT(full) [ 1466.594872][T28673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1466.594888][T28673] Call Trace: [ 1466.594897][T28673] [ 1466.594906][T28673] dump_stack_lvl+0xe8/0x150 [ 1466.594943][T28673] should_fail_ex+0x412/0x560 [ 1466.594975][T28673] should_failslab+0xa8/0x100 [ 1466.595005][T28673] __kmalloc_cache_noprof+0x88/0x660 [ 1466.595030][T28673] ? xfrm_policy_alloc+0x78/0x2b0 [ 1466.595071][T28673] xfrm_policy_alloc+0x78/0x2b0 [ 1466.595106][T28673] xfrm_policy_construct+0x39/0x6b0 [ 1466.595145][T28673] xfrm_add_policy+0x286/0x820 [ 1466.595176][T28673] ? __pfx_xfrm_add_policy+0x10/0x10 [ 1466.595199][T28673] ? apparmor_capable+0x126/0x170 [ 1466.595236][T28673] ? __nla_parse+0x40/0x60 [ 1466.595271][T28673] xfrm_user_rcv_msg+0x746/0xb20 [ 1466.595310][T28673] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 1466.595373][T28673] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1466.595411][T28673] ? rcu_is_watching+0x15/0xb0 [ 1466.595442][T28673] ? trace_contention_end+0x3d/0x150 [ 1466.595484][T28673] ? __mutex_lock+0x319/0x1300 [ 1466.595514][T28673] netlink_rcv_skb+0x232/0x4b0 [ 1466.595542][T28673] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 1466.595782][T28673] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1466.595832][T28673] ? netlink_deliver_tap+0x2e/0x1b0 [ 1466.595859][T28673] ? netlink_deliver_tap+0x2e/0x1b0 [ 1466.595890][T28673] xfrm_netlink_rcv+0x79/0x90 [ 1466.595916][T28673] netlink_unicast+0x80f/0x9b0 [ 1466.595951][T28673] ? __pfx_netlink_unicast+0x10/0x10 [ 1466.595978][T28673] ? netlink_sendmsg+0x650/0xb40 [ 1466.596004][T28673] ? skb_put+0x11b/0x210 [ 1466.596039][T28673] netlink_sendmsg+0x813/0xb40 [ 1466.596077][T28673] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1466.596109][T28673] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1466.596139][T28673] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1466.596165][T28673] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1466.596192][T28673] ____sys_sendmsg+0xa68/0xad0 [ 1466.596235][T28673] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1466.596280][T28673] ? import_iovec+0x73/0xa0 [ 1466.596315][T28673] ___sys_sendmsg+0x2a5/0x360 [ 1466.596356][T28673] ? __pfx____sys_sendmsg+0x10/0x10 [ 1466.596431][T28673] ? __fget_files+0x2a/0x420 [ 1466.596463][T28673] ? __fget_files+0x3a0/0x420 [ 1466.596507][T28673] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1466.596546][T28673] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1466.596617][T28673] ? __pfx_ksys_write+0x10/0x10 [ 1466.596655][T28673] do_syscall_64+0x14d/0xf80 [ 1466.596690][T28673] ? trace_irq_disable+0x3b/0x150 [ 1466.596722][T28673] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1466.596749][T28673] ? clear_bhb_loop+0x40/0x90 [ 1466.596778][T28673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1466.596803][T28673] RIP: 0033:0x7fd2c479c799 [ 1466.596826][T28673] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1466.596846][T28673] RSP: 002b:00007fd2c55e6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1466.596870][T28673] RAX: ffffffffffffffda RBX: 00007fd2c4a15fa0 RCX: 00007fd2c479c799 [ 1466.596888][T28673] RDX: 0000000020040014 RSI: 0000200000000100 RDI: 0000000000000005 [ 1466.596903][T28673] RBP: 00007fd2c55e6090 R08: 0000000000000000 R09: 0000000000000000 [ 1466.596918][T28673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1466.596932][T28673] R13: 00007fd2c4a16038 R14: 00007fd2c4a15fa0 R15: 00007ffff1966258 [ 1466.596970][T28673] [ 1467.204882][T28684] netdevsim netdevsim2: Direct firmware load for . failed with error -2 [ 1467.227229][T28684] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 1467.419999][T28691] 8021q: VLANs not supported on ip6gre0 [ 1467.521260][T28691] netlink: 12 bytes leftover after parsing attributes in process `syz.1.21019'. [ 1467.776412][T28703] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.21026'. [ 1467.976475][T28713] netlink: 8 bytes leftover after parsing attributes in process `syz.4.21027'. [ 1468.016653][T28715] netlink: 4 bytes leftover after parsing attributes in process `syz.0.21024'. [ 1468.430006][T28729] syzkaller1: entered promiscuous mode [ 1468.462534][T28729] syzkaller1: entered allmulticast mode [ 1468.487436][T28729] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.21031'. [ 1468.505418][T28729] netem: incorrect gi model size [ 1468.511008][T28729] netem: change failed [ 1468.653298][ T1749] block nbd6: Possible stuck request ffff888026968000: control (read@0,4096B). Runtime 180 seconds [ 1468.927628][T28753] netlink: 16 bytes leftover after parsing attributes in process `syz.3.21038'. [ 1469.156945][T28761] FAULT_INJECTION: forcing a failure. [ 1469.156945][T28761] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1469.171253][T28761] CPU: 0 UID: 0 PID: 28761 Comm: syz.0.21042 Not tainted syzkaller #0 PREEMPT(full) [ 1469.171284][T28761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1469.171299][T28761] Call Trace: [ 1469.171308][T28761] [ 1469.171318][T28761] dump_stack_lvl+0xe8/0x150 [ 1469.171355][T28761] should_fail_ex+0x412/0x560 [ 1469.171416][T28761] _copy_to_user+0x31/0xb0 [ 1469.171451][T28761] bpf_test_finish+0x1db/0x6b0 [ 1469.171484][T28761] ? __pfx____migrate_enable+0x10/0x10 [ 1469.171519][T28761] ? __pfx_bpf_test_finish+0x10/0x10 [ 1469.171561][T28761] bpf_prog_test_run_flow_dissector+0x478/0x610 [ 1469.171605][T28761] ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10 [ 1469.171636][T28761] ? __fget_files+0x2a/0x420 [ 1469.171673][T28761] ? __fget_files+0x2a/0x420 [ 1469.171709][T28761] ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10 [ 1469.171739][T28761] bpf_prog_test_run+0x2c7/0x340 [ 1469.171765][T28761] __sys_bpf+0x643/0x950 [ 1469.171800][T28761] ? __pfx___sys_bpf+0x10/0x10 [ 1469.171850][T28761] ? ksys_write+0x242/0x270 [ 1469.171875][T28761] ? __pfx_ksys_write+0x10/0x10 [ 1469.171905][T28761] __x64_sys_bpf+0x7c/0x90 [ 1469.171935][T28761] do_syscall_64+0x14d/0xf80 [ 1469.171970][T28761] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1469.171992][T28761] ? clear_bhb_loop+0x40/0x90 [ 1469.172020][T28761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1469.172042][T28761] RIP: 0033:0x7f323e39c799 [ 1469.172064][T28761] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1469.172085][T28761] RSP: 002b:00007f323f298028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1469.172108][T28761] RAX: ffffffffffffffda RBX: 00007f323e615fa0 RCX: 00007f323e39c799 [ 1469.172123][T28761] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 000000000000000a [ 1469.172136][T28761] RBP: 00007f323f298090 R08: 0000000000000000 R09: 0000000000000000 [ 1469.172148][T28761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1469.172159][T28761] R13: 00007f323e616038 R14: 00007f323e615fa0 R15: 00007ffc6cd7c288 [ 1469.172193][T28761] [ 1469.235508][T28766] FAULT_INJECTION: forcing a failure. [ 1469.235508][T28766] name failslab, interval 1, probability 0, space 0, times 0 [ 1469.425385][T28766] CPU: 0 UID: 0 PID: 28766 Comm: syz.4.21045 Not tainted syzkaller #0 PREEMPT(full) [ 1469.425417][T28766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1469.425431][T28766] Call Trace: [ 1469.425441][T28766] [ 1469.425451][T28766] dump_stack_lvl+0xe8/0x150 [ 1469.425487][T28766] should_fail_ex+0x412/0x560 [ 1469.425520][T28766] should_failslab+0xa8/0x100 [ 1469.425546][T28766] ? skb_clone+0x212/0x3a0 [ 1469.425580][T28766] kmem_cache_alloc_noprof+0x87/0x650 [ 1469.425614][T28766] ? __netlink_lookup+0xc6/0x8b0 [ 1469.425651][T28766] skb_clone+0x212/0x3a0 [ 1469.425688][T28766] __netlink_deliver_tap+0x404/0x850 [ 1469.425729][T28766] ? netlink_deliver_tap+0x2e/0x1b0 [ 1469.425758][T28766] netlink_deliver_tap+0x19c/0x1b0 [ 1469.425788][T28766] netlink_unicast+0x7e3/0x9b0 [ 1469.425821][T28766] ? __pfx_netlink_unicast+0x10/0x10 [ 1469.425848][T28766] ? netlink_sendmsg+0x650/0xb40 [ 1469.425874][T28766] ? skb_put+0x11b/0x210 [ 1469.425931][T28766] netlink_sendmsg+0x813/0xb40 [ 1469.425969][T28766] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1469.426002][T28766] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1469.426031][T28766] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1469.426058][T28766] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1469.426084][T28766] ____sys_sendmsg+0xa68/0xad0 [ 1469.426128][T28766] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1469.426171][T28766] ? import_iovec+0x73/0xa0 [ 1469.426207][T28766] ___sys_sendmsg+0x2a5/0x360 [ 1469.426247][T28766] ? __pfx____sys_sendmsg+0x10/0x10 [ 1469.426321][T28766] ? __fget_files+0x2a/0x420 [ 1469.426360][T28766] ? __fget_files+0x3a0/0x420 [ 1469.426406][T28766] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1469.426443][T28766] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1469.426489][T28766] ? __pfx_ksys_write+0x10/0x10 [ 1469.426526][T28766] do_syscall_64+0x14d/0xf80 [ 1469.426560][T28766] ? trace_irq_disable+0x3b/0x150 [ 1469.426591][T28766] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1469.426614][T28766] ? clear_bhb_loop+0x40/0x90 [ 1469.426642][T28766] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1469.426665][T28766] RIP: 0033:0x7f4cd739c799 [ 1469.426686][T28766] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1469.426705][T28766] RSP: 002b:00007f4cd82db028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1469.426729][T28766] RAX: ffffffffffffffda RBX: 00007f4cd7615fa0 RCX: 00007f4cd739c799 [ 1469.426747][T28766] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003 [ 1469.426761][T28766] RBP: 00007f4cd82db090 R08: 0000000000000000 R09: 0000000000000000 [ 1469.426774][T28766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1469.426787][T28766] R13: 00007f4cd7616038 R14: 00007f4cd7615fa0 R15: 00007ffc78e257c8 [ 1469.426824][T28766] [ 1469.954166][T28784] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21053'. [ 1469.991309][T28784] gtp0: entered promiscuous mode [ 1469.999550][T28784] gtp0: entered allmulticast mode [ 1470.005952][T28788] FAULT_INJECTION: forcing a failure. [ 1470.005952][T28788] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1470.045968][T28788] CPU: 1 UID: 0 PID: 28788 Comm: syz.1.21051 Not tainted syzkaller #0 PREEMPT(full) [ 1470.046000][T28788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1470.046015][T28788] Call Trace: [ 1470.046025][T28788] [ 1470.046035][T28788] dump_stack_lvl+0xe8/0x150 [ 1470.046072][T28788] should_fail_ex+0x412/0x560 [ 1470.046104][T28788] _copy_from_iter+0x1d3/0x1670 [ 1470.046147][T28788] ? __pfx__copy_from_iter+0x10/0x10 [ 1470.046177][T28788] ? alloc_pages_noprof+0xbd/0x190 [ 1470.046207][T28788] ? skb_page_frag_refill+0x199/0x310 [ 1470.046253][T28788] kcm_sendmsg+0xe0c/0x2b60 [ 1470.046330][T28788] ? __pfx_kcm_sendmsg+0x10/0x10 [ 1470.046357][T28788] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1470.046386][T28788] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1470.046412][T28788] ? __pfx_kcm_sendmsg+0x10/0x10 [ 1470.046434][T28788] ____sys_sendmsg+0xa68/0xad0 [ 1470.046477][T28788] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1470.046520][T28788] ? import_iovec+0x73/0xa0 [ 1470.046561][T28788] ___sys_sendmsg+0x2a5/0x360 [ 1470.046600][T28788] ? __pfx____sys_sendmsg+0x10/0x10 [ 1470.046673][T28788] ? __fget_files+0x2a/0x420 [ 1470.046704][T28788] ? __fget_files+0x3a0/0x420 [ 1470.046746][T28788] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1470.046783][T28788] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1470.046827][T28788] ? __pfx_ksys_write+0x10/0x10 [ 1470.046863][T28788] do_syscall_64+0x14d/0xf80 [ 1470.046895][T28788] ? trace_irq_disable+0x3b/0x150 [ 1470.046926][T28788] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1470.046949][T28788] ? clear_bhb_loop+0x40/0x90 [ 1470.046977][T28788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1470.046999][T28788] RIP: 0033:0x7f3e0cd9c799 [ 1470.047020][T28788] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1470.047040][T28788] RSP: 002b:00007f3e0db6f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1470.047064][T28788] RAX: ffffffffffffffda RBX: 00007f3e0d016090 RCX: 00007f3e0cd9c799 [ 1470.047081][T28788] RDX: 0000000000000000 RSI: 0000200000002080 RDI: 0000000000000003 [ 1470.047095][T28788] RBP: 00007f3e0db6f090 R08: 0000000000000000 R09: 0000000000000000 [ 1470.047109][T28788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1470.047122][T28788] R13: 00007f3e0d016128 R14: 00007f3e0d016090 R15: 00007fffbb21eea8 [ 1470.047158][T28788] [ 1470.291859][T28792] FAULT_INJECTION: forcing a failure. [ 1470.291859][T28792] name failslab, interval 1, probability 0, space 0, times 0 [ 1470.304933][T28792] CPU: 1 UID: 0 PID: 28792 Comm: syz.4.21056 Not tainted syzkaller #0 PREEMPT(full) [ 1470.304965][T28792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1470.304980][T28792] Call Trace: [ 1470.304990][T28792] [ 1470.305000][T28792] dump_stack_lvl+0xe8/0x150 [ 1470.305039][T28792] should_fail_ex+0x412/0x560 [ 1470.305072][T28792] should_failslab+0xa8/0x100 [ 1470.305099][T28792] ? skb_clone+0x212/0x3a0 [ 1470.305132][T28792] kmem_cache_alloc_noprof+0x87/0x650 [ 1470.305167][T28792] ? __netlink_lookup+0xc6/0x8b0 [ 1470.305204][T28792] skb_clone+0x212/0x3a0 [ 1470.305242][T28792] __netlink_deliver_tap+0x404/0x850 [ 1470.305292][T28792] ? netlink_deliver_tap+0x2e/0x1b0 [ 1470.305321][T28792] netlink_deliver_tap+0x19c/0x1b0 [ 1470.305349][T28792] netlink_unicast+0x7e3/0x9b0 [ 1470.305383][T28792] ? __pfx_netlink_unicast+0x10/0x10 [ 1470.305411][T28792] ? netlink_sendmsg+0x650/0xb40 [ 1470.305436][T28792] ? skb_put+0x11b/0x210 [ 1470.305469][T28792] netlink_sendmsg+0x813/0xb40 [ 1470.305508][T28792] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1470.305540][T28792] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1470.305569][T28792] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1470.305596][T28792] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1470.305622][T28792] ____sys_sendmsg+0xa68/0xad0 [ 1470.305665][T28792] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1470.305709][T28792] ? import_iovec+0x73/0xa0 [ 1470.305743][T28792] ___sys_sendmsg+0x2a5/0x360 [ 1470.305780][T28792] ? __pfx____sys_sendmsg+0x10/0x10 [ 1470.305872][T28792] ? __fget_files+0x2a/0x420 [ 1470.305902][T28792] ? __fget_files+0x3a0/0x420 [ 1470.305944][T28792] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1470.305980][T28792] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1470.306022][T28792] ? __pfx_ksys_write+0x10/0x10 [ 1470.306058][T28792] do_syscall_64+0x14d/0xf80 [ 1470.306091][T28792] ? trace_irq_disable+0x3b/0x150 [ 1470.306122][T28792] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1470.306145][T28792] ? clear_bhb_loop+0x40/0x90 [ 1470.306173][T28792] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1470.306195][T28792] RIP: 0033:0x7f4cd739c799 [ 1470.306216][T28792] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1470.306236][T28792] RSP: 002b:00007f4cd82db028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1470.306267][T28792] RAX: ffffffffffffffda RBX: 00007f4cd7615fa0 RCX: 00007f4cd739c799 [ 1470.306284][T28792] RDX: 0000000000000004 RSI: 0000200000000280 RDI: 0000000000000003 [ 1470.306299][T28792] RBP: 00007f4cd82db090 R08: 0000000000000000 R09: 0000000000000000 [ 1470.306313][T28792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1470.306327][T28792] R13: 00007f4cd7616038 R14: 00007f4cd7615fa0 R15: 00007ffc78e257c8 [ 1470.306363][T28792] [ 1470.755514][T28803] netlink: 120 bytes leftover after parsing attributes in process `syz.0.21061'. [ 1470.935356][T28811] bridge0: port 1(bridge_slave_0) entered disabled state [ 1471.026881][T28812] sch_fq: defrate 5 ignored. [ 1471.173435][T28824] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21068'. [ 1471.205054][T28824] netlink: 'syz.2.21068': attribute type 10 has an invalid length. [ 1471.232793][T28824] netlink: 224 bytes leftover after parsing attributes in process `syz.2.21068'. [ 1471.329993][T28830] openvswitch: netlink: Tunnel attr 207 out of range max 16 [ 1471.486815][T28836] netlink: 'syz.0.21074': attribute type 1 has an invalid length. [ 1471.614305][T28840] netlink: 12 bytes leftover after parsing attributes in process `syz.0.21074'. [ 1471.681409][T28836] bond2: entered promiscuous mode [ 1471.702543][T28840] netlink: 12 bytes leftover after parsing attributes in process `syz.0.21074'. [ 1471.733016][T28836] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1471.780346][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1471.791176][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1471.794730][T28846] bond2: (slave bridge2): making interface the new active one [ 1471.807189][T28846] bridge2: entered promiscuous mode [ 1471.807212][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1471.819902][T28846] bond2: (slave bridge2): Enslaving as an active interface with an up link [ 1471.835742][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1471.844368][T28852] netlink: 'syz.2.21078': attribute type 1 has an invalid length. [ 1471.857276][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1471.868261][T28852] netlink: 4 bytes leftover after parsing attributes in process `syz.2.21078'. [ 1471.917244][T28844] tipc: Enabled bearer , priority 0 [ 1472.048995][T28838] syzkaller0: entered promiscuous mode [ 1472.057393][T28838] syzkaller0: entered allmulticast mode [ 1472.064394][T28838] tipc: Resetting bearer [ 1472.116719][T28837] tipc: Resetting bearer [ 1472.127758][T28854] set match dimension is over the limit! [ 1473.948163][T20772] Bluetooth: hci0: command tx timeout [ 1474.107756][T28837] tipc: Disabling bearer [ 1474.576658][T22168] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1474.590707][T22168] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1474.705759][T22168] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1474.716949][T22168] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1474.798272][T28885] tipc: Enabling of bearer rejected, already enabled [ 1474.930907][T22168] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1474.962179][T22168] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1474.990833][T28890] netlink: 12 bytes leftover after parsing attributes in process `syz.0.21093'. [ 1475.130432][T22168] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1475.162185][T22168] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1475.202685][ T5192] udevd[5192]: worker [21727] /devices/virtual/block/nbd6 timeout; kill it [ 1475.228667][ T5192] udevd[5192]: seq 38917 '/devices/virtual/block/nbd6' killed [ 1475.258616][T28898] FAULT_INJECTION: forcing a failure. [ 1475.258616][T28898] name failslab, interval 1, probability 0, space 0, times 0 [ 1475.271904][T28898] CPU: 0 UID: 0 PID: 28898 Comm: syz.0.21097 Not tainted syzkaller #0 PREEMPT(full) [ 1475.271933][T28898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1475.271957][T28898] Call Trace: [ 1475.271967][T28898] [ 1475.271977][T28898] dump_stack_lvl+0xe8/0x150 [ 1475.272013][T28898] should_fail_ex+0x412/0x560 [ 1475.272045][T28898] should_failslab+0xa8/0x100 [ 1475.272075][T28898] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 1475.272113][T28898] ? __alloc_skb+0x1d0/0x7d0 [ 1475.272141][T28898] ? __local_bh_enable_ip+0xd0/0x130 [ 1475.272174][T28898] __alloc_skb+0x1d0/0x7d0 [ 1475.272203][T28898] ? netlink_ack_tlv_len+0x6c/0x210 [ 1475.272237][T28898] netlink_ack+0x146/0xa50 [ 1475.272259][T28898] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1475.272290][T28898] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1475.272312][T28898] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1475.272334][T28898] ? __lock_acquire+0x6b5/0x2cf0 [ 1475.272374][T28898] netlink_rcv_skb+0x2b6/0x4b0 [ 1475.272402][T28898] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1475.272437][T28898] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1475.272483][T28898] ? down_read+0x272/0x2e0 [ 1475.272505][T28898] ? genl_rcv+0xd/0x40 [ 1475.272548][T28898] genl_rcv+0x28/0x40 [ 1475.272578][T28898] netlink_unicast+0x80f/0x9b0 [ 1475.272612][T28898] ? __pfx_netlink_unicast+0x10/0x10 [ 1475.272639][T28898] ? netlink_sendmsg+0x650/0xb40 [ 1475.272664][T28898] ? skb_put+0x11b/0x210 [ 1475.272696][T28898] netlink_sendmsg+0x813/0xb40 [ 1475.272735][T28898] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1475.272773][T28898] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1475.272802][T28898] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1475.272828][T28898] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1475.272854][T28898] ____sys_sendmsg+0xa68/0xad0 [ 1475.272897][T28898] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1475.272940][T28898] ? import_iovec+0x73/0xa0 [ 1475.272983][T28898] ___sys_sendmsg+0x2a5/0x360 [ 1475.273021][T28898] ? __pfx____sys_sendmsg+0x10/0x10 [ 1475.273094][T28898] ? __fget_files+0x2a/0x420 [ 1475.273124][T28898] ? __fget_files+0x3a0/0x420 [ 1475.273166][T28898] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1475.273202][T28898] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1475.273246][T28898] ? __pfx_ksys_write+0x10/0x10 [ 1475.273282][T28898] do_syscall_64+0x14d/0xf80 [ 1475.273315][T28898] ? trace_irq_disable+0x3b/0x150 [ 1475.273346][T28898] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1475.273369][T28898] ? clear_bhb_loop+0x40/0x90 [ 1475.273397][T28898] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1475.273420][T28898] RIP: 0033:0x7f323e39c799 [ 1475.273441][T28898] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1475.273461][T28898] RSP: 002b:00007f323f298028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1475.273485][T28898] RAX: ffffffffffffffda RBX: 00007f323e615fa0 RCX: 00007f323e39c799 [ 1475.273502][T28898] RDX: 0000000000008804 RSI: 0000200000000240 RDI: 0000000000000003 [ 1475.273516][T28898] RBP: 00007f323f298090 R08: 0000000000000000 R09: 0000000000000000 [ 1475.273530][T28898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1475.273543][T28898] R13: 00007f323e616038 R14: 00007f323e615fa0 R15: 00007ffc6cd7c288 [ 1475.273579][T28898] [ 1476.023058][T20772] Bluetooth: hci0: command tx timeout [ 1476.045800][T28911] tipc: Enabling of bearer rejected, already enabled [ 1476.140188][T28579] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1476.183289][T28921] FAULT_INJECTION: forcing a failure. [ 1476.183289][T28921] name failslab, interval 1, probability 0, space 0, times 0 [ 1476.215710][T28921] CPU: 0 UID: 0 PID: 28921 Comm: syz.3.21105 Not tainted syzkaller #0 PREEMPT(full) [ 1476.215741][T28921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1476.215755][T28921] Call Trace: [ 1476.215765][T28921] [ 1476.215774][T28921] dump_stack_lvl+0xe8/0x150 [ 1476.215811][T28921] should_fail_ex+0x412/0x560 [ 1476.215853][T28921] should_failslab+0xa8/0x100 [ 1476.215882][T28921] __kmalloc_cache_noprof+0x88/0x660 [ 1476.215907][T28921] ? __kthread_create_on_node+0x115/0x3f0 [ 1476.215938][T28921] ? __init_swait_queue_head+0xa9/0x150 [ 1476.215973][T28921] ? __pfx_rescuer_thread+0x10/0x10 [ 1476.216008][T28921] __kthread_create_on_node+0x115/0x3f0 [ 1476.216044][T28921] ? __pfx___kthread_create_on_node+0x10/0x10 [ 1476.216075][T28921] ? string+0x279/0x2b0 [ 1476.216115][T28921] ? __pfx_rescuer_thread+0x10/0x10 [ 1476.216148][T28921] ? __pfx_rescuer_thread+0x10/0x10 [ 1476.216182][T28921] kthread_create_on_node+0xeb/0x140 [ 1476.216220][T28921] ? __pfx_kthread_create_on_node+0x10/0x10 [ 1476.216257][T28921] ? __kmalloc_cache_node_noprof+0x3ef/0x6b0 [ 1476.216291][T28921] init_rescuer+0x30c/0x530 [ 1476.216317][T28921] ? __pfx___mutex_lock+0x10/0x10 [ 1476.216339][T28921] ? __pfx_init_rescuer+0x10/0x10 [ 1476.216375][T28921] ? wq_adjust_max_active+0x195/0x4b0 [ 1476.216397][T28921] ? apply_wqattrs_commit+0x3a7/0x4e0 [ 1476.216432][T28921] __alloc_workqueue+0x1a84/0x1e90 [ 1476.216473][T28921] alloc_workqueue_noprof+0xe3/0x210 [ 1476.216503][T28921] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1476.216534][T28921] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1476.216570][T28921] nci_register_device+0x3ff/0xa00 [ 1476.216604][T28921] ? __pfx_nci_register_device+0x10/0x10 [ 1476.216632][T28921] ? __raw_spin_lock_init+0x45/0x100 [ 1476.216658][T28921] ? __init_waitqueue_head+0xa9/0x150 [ 1476.216687][T28921] virtual_ncidev_open+0x129/0x1a0 [ 1476.216716][T28921] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1476.216739][T28921] misc_open+0x2d5/0x350 [ 1476.216767][T28921] chrdev_open+0x4cd/0x5e0 [ 1476.216798][T28921] ? __pfx_chrdev_open+0x10/0x10 [ 1476.216830][T28921] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0 [ 1476.216873][T28921] ? __pfx_chrdev_open+0x10/0x10 [ 1476.216897][T28921] do_dentry_open+0x785/0x14e0 [ 1476.216943][T28921] vfs_open+0x3b/0x340 [ 1476.216969][T28921] ? path_openat+0x2df0/0x3860 [ 1476.216994][T28921] path_openat+0x2e08/0x3860 [ 1476.217034][T28921] ? __pfx_stack_trace_save+0x10/0x10 [ 1476.217062][T28921] ? stack_depot_save_flags+0x33/0x810 [ 1476.217100][T28921] ? __pfx_path_openat+0x10/0x10 [ 1476.217121][T28921] ? __x64_sys_openat+0x138/0x170 [ 1476.217149][T28921] ? do_syscall_64+0x14d/0xf80 [ 1476.217181][T28921] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1476.217214][T28921] ? __lock_acquire+0x6b5/0x2cf0 [ 1476.217249][T28921] do_file_open+0x23e/0x4a0 [ 1476.217279][T28921] ? __pfx_do_file_open+0x10/0x10 [ 1476.217327][T28921] ? _raw_spin_unlock+0x28/0x50 [ 1476.217356][T28921] ? alloc_fd+0x64b/0x6c0 [ 1476.217397][T28921] do_sys_openat2+0x113/0x200 [ 1476.217431][T28921] ? __pfx_do_sys_openat2+0x10/0x10 [ 1476.217463][T28921] ? ksys_write+0x242/0x270 [ 1476.217489][T28921] ? __pfx_ksys_write+0x10/0x10 [ 1476.217517][T28921] __x64_sys_openat+0x138/0x170 [ 1476.217553][T28921] do_syscall_64+0x14d/0xf80 [ 1476.217584][T28921] ? trace_irq_disable+0x3b/0x150 [ 1476.217614][T28921] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1476.217637][T28921] ? clear_bhb_loop+0x40/0x90 [ 1476.217664][T28921] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1476.217686][T28921] RIP: 0033:0x7fd2c479c799 [ 1476.217706][T28921] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1476.217725][T28921] RSP: 002b:00007fd2c55e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1476.217750][T28921] RAX: ffffffffffffffda RBX: 00007fd2c4a15fa0 RCX: 00007fd2c479c799 [ 1476.217766][T28921] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1476.217782][T28921] RBP: 00007fd2c55e6090 R08: 0000000000000000 R09: 0000000000000000 [ 1476.217795][T28921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1476.217808][T28921] R13: 00007fd2c4a16038 R14: 00007fd2c4a15fa0 R15: 00007ffff1966258 [ 1476.217852][T28921] [ 1476.217862][T28921] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -ENOMEM [ 1476.699770][ T211] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1476.778958][ T211] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1476.822073][ T211] netdevsim netdevsim4 eth4: set [1, 0] type 2 family 0 port 6081 - 0 [ 1476.891870][T22168] bridge_slave_1: left allmulticast mode [ 1476.902829][T22168] bridge_slave_1: left promiscuous mode [ 1476.911229][T22168] bridge0: port 2(bridge_slave_1) entered disabled state [ 1476.946588][T22168] bridge_slave_0: left allmulticast mode [ 1476.955563][T22168] bridge_slave_0: left promiscuous mode [ 1476.961359][T22168] bridge0: port 1(bridge_slave_0) entered disabled state [ 1477.111739][T28947] xt_bpf: check failed: parse error [ 1477.349029][T22168] .` (unregistering): (slave bond_slave_0): Releasing backup interface [ 1477.360842][T22168] .` (unregistering): (slave bond_slave_1): Releasing backup interface [ 1477.372149][T22168] .` (unregistering): Released all slaves [ 1477.386315][T22168] bond0 (unregistering): Released all slaves [ 1477.424644][T28948] netlink: 96 bytes leftover after parsing attributes in process `syz.3.21110'. [ 1477.443844][T28850] chnl_net:caif_netlink_parms(): no params data found [ 1477.705754][T28956] x_tables: duplicate underflow at hook 2 [ 1477.726586][T28964] FAULT_INJECTION: forcing a failure. [ 1477.726586][T28964] name failslab, interval 1, probability 0, space 0, times 0 [ 1477.780350][T28850] bridge0: port 1(bridge_slave_0) entered blocking state [ 1477.798756][T28850] bridge0: port 1(bridge_slave_0) entered disabled state [ 1477.807357][T28850] bridge_slave_0: entered allmulticast mode [ 1477.815476][T28850] bridge_slave_0: entered promiscuous mode [ 1477.829125][T28850] bridge0: port 2(bridge_slave_1) entered blocking state [ 1477.836896][T28850] bridge0: port 2(bridge_slave_1) entered disabled state [ 1477.844540][T28850] bridge_slave_1: entered allmulticast mode [ 1477.853001][T28850] bridge_slave_1: entered promiscuous mode [ 1477.881192][T28964] CPU: 0 UID: 0 PID: 28964 Comm: syz.0.21115 Not tainted syzkaller #0 PREEMPT(full) [ 1477.881220][T28964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1477.881234][T28964] Call Trace: [ 1477.881244][T28964] [ 1477.881255][T28964] dump_stack_lvl+0xe8/0x150 [ 1477.881288][T28964] should_fail_ex+0x412/0x560 [ 1477.881318][T28964] should_failslab+0xa8/0x100 [ 1477.881345][T28964] __kmalloc_noprof+0xe8/0x760 [ 1477.881367][T28964] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 1477.881406][T28964] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 1477.881445][T28964] genl_family_rcv_msg_doit+0xd9/0x330 [ 1477.881494][T28964] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1477.881533][T28964] ? apparmor_capable+0x126/0x170 [ 1477.881564][T28964] ? bpf_lsm_capable+0x9/0x20 [ 1477.881590][T28964] ? security_capable+0x7e/0x2c0 [ 1477.881619][T28964] genl_rcv_msg+0x61c/0x7a0 [ 1477.881655][T28964] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1477.881684][T28964] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1477.881704][T28964] ? __pfx_nl80211_new_key+0x10/0x10 [ 1477.881726][T28964] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1477.881746][T28964] ? __lock_acquire+0x6b5/0x2cf0 [ 1477.881783][T28964] netlink_rcv_skb+0x232/0x4b0 [ 1477.881808][T28964] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1477.881839][T28964] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1477.881881][T28964] ? down_read+0x272/0x2e0 [ 1477.881901][T28964] ? genl_rcv+0xd/0x40 [ 1477.881930][T28964] genl_rcv+0x28/0x40 [ 1477.881957][T28964] netlink_unicast+0x80f/0x9b0 [ 1477.881988][T28964] ? __pfx_netlink_unicast+0x10/0x10 [ 1477.882012][T28964] ? netlink_sendmsg+0x650/0xb40 [ 1477.882034][T28964] ? skb_put+0x11b/0x210 [ 1477.882065][T28964] netlink_sendmsg+0x813/0xb40 [ 1477.882100][T28964] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1477.882128][T28964] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1477.882154][T28964] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1477.882178][T28964] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1477.882202][T28964] ____sys_sendmsg+0xa68/0xad0 [ 1477.882247][T28964] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1477.882286][T28964] ? import_iovec+0x73/0xa0 [ 1477.882319][T28964] ___sys_sendmsg+0x2a5/0x360 [ 1477.882354][T28964] ? __pfx____sys_sendmsg+0x10/0x10 [ 1477.882419][T28964] ? __fget_files+0x2a/0x420 [ 1477.882447][T28964] ? __fget_files+0x3a0/0x420 [ 1477.882496][T28964] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1477.882528][T28964] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1477.882568][T28964] ? __pfx_ksys_write+0x10/0x10 [ 1477.882600][T28964] do_syscall_64+0x14d/0xf80 [ 1477.882632][T28964] ? trace_irq_disable+0x3b/0x150 [ 1477.882660][T28964] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1477.882681][T28964] ? clear_bhb_loop+0x40/0x90 [ 1477.882705][T28964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1477.882726][T28964] RIP: 0033:0x7f323e39c799 [ 1477.882746][T28964] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1477.882763][T28964] RSP: 002b:00007f323f298028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1477.882785][T28964] RAX: ffffffffffffffda RBX: 00007f323e615fa0 RCX: 00007f323e39c799 [ 1477.882800][T28964] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000003 [ 1477.882813][T28964] RBP: 00007f323f298090 R08: 0000000000000000 R09: 0000000000000000 [ 1477.882825][T28964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1477.882837][T28964] R13: 00007f323e616038 R14: 00007f323e615fa0 R15: 00007ffc6cd7c288 [ 1477.882869][T28964] [ 1477.906799][T28962] syzkaller0: entered promiscuous mode [ 1478.094784][T20772] Bluetooth: hci0: command tx timeout [ 1478.283570][T28962] syzkaller0: entered allmulticast mode [ 1478.455830][T28850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1478.569785][T28850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1478.870867][T28850] team0: Port device team_slave_0 added [ 1478.925797][T28850] team0: Port device team_slave_1 added [ 1479.841778][T28850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1479.859856][T28850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1479.942752][T28850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1479.969103][T28850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1480.000165][T28850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1480.049229][T29019] x_tables: duplicate underflow at hook 2 [ 1480.139606][T28850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1480.173598][T20772] Bluetooth: hci0: command tx timeout [ 1480.255102][T29015] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 1480.572931][T28850] hsr_slave_0: entered promiscuous mode [ 1480.579997][T28850] hsr_slave_1: entered promiscuous mode [ 1480.604850][T28850] debugfs: 'hsr0' already exists in 'hsr' [ 1480.632403][T28850] Cannot create hsr debugfs directory [ 1481.643322][T28850] netdevsim netdevsim4 eth4 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1481.829337][T28850] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1481.930704][T29061] FAULT_INJECTION: forcing a failure. [ 1481.930704][T29061] name failslab, interval 1, probability 0, space 0, times 0 [ 1481.956077][T29061] CPU: 0 UID: 0 PID: 29061 Comm: syz.0.21138 Not tainted syzkaller #0 PREEMPT(full) [ 1481.956109][T29061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1481.956124][T29061] Call Trace: [ 1481.956133][T29061] [ 1481.956144][T29061] dump_stack_lvl+0xe8/0x150 [ 1481.956188][T29061] should_fail_ex+0x412/0x560 [ 1481.956221][T29061] should_failslab+0xa8/0x100 [ 1481.956251][T29061] __kmalloc_noprof+0xe8/0x760 [ 1481.956275][T29061] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 1481.956318][T29061] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 1481.956361][T29061] genl_family_rcv_msg_doit+0xd9/0x330 [ 1481.956403][T29061] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1481.956447][T29061] ? apparmor_capable+0x126/0x170 [ 1481.956482][T29061] ? bpf_lsm_capable+0x9/0x20 [ 1481.956510][T29061] ? security_capable+0x7e/0x2c0 [ 1481.956543][T29061] genl_rcv_msg+0x61c/0x7a0 [ 1481.956584][T29061] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1481.956617][T29061] ? __pfx_ovs_packet_cmd_execute+0x10/0x10 [ 1481.956647][T29061] ? __lock_acquire+0x6b5/0x2cf0 [ 1481.956688][T29061] netlink_rcv_skb+0x232/0x4b0 [ 1481.956715][T29061] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1481.956750][T29061] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1481.956797][T29061] ? down_read+0x272/0x2e0 [ 1481.956819][T29061] ? genl_rcv+0xd/0x40 [ 1481.956852][T29061] genl_rcv+0x28/0x40 [ 1481.956882][T29061] netlink_unicast+0x80f/0x9b0 [ 1481.956917][T29061] ? __pfx_netlink_unicast+0x10/0x10 [ 1481.956943][T29061] ? netlink_sendmsg+0x650/0xb40 [ 1481.956968][T29061] ? skb_put+0x11b/0x210 [ 1481.957003][T29061] netlink_sendmsg+0x813/0xb40 [ 1481.957045][T29061] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1481.957078][T29061] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1481.957106][T29061] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1481.957131][T29061] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1481.957158][T29061] ____sys_sendmsg+0xa68/0xad0 [ 1481.957207][T29061] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1481.957250][T29061] ? import_iovec+0x73/0xa0 [ 1481.957292][T29061] ___sys_sendmsg+0x2a5/0x360 [ 1481.957332][T29061] ? __pfx____sys_sendmsg+0x10/0x10 [ 1481.957406][T29061] ? __fget_files+0x2a/0x420 [ 1481.957437][T29061] ? __fget_files+0x3a0/0x420 [ 1481.957480][T29061] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1481.957516][T29061] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1481.957560][T29061] ? __pfx_ksys_write+0x10/0x10 [ 1481.957597][T29061] do_syscall_64+0x14d/0xf80 [ 1481.957630][T29061] ? trace_irq_disable+0x3b/0x150 [ 1481.957661][T29061] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1481.957684][T29061] ? clear_bhb_loop+0x40/0x90 [ 1481.957712][T29061] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1481.957734][T29061] RIP: 0033:0x7f323e39c799 [ 1481.957754][T29061] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1481.957773][T29061] RSP: 002b:00007f323f298028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1481.957795][T29061] RAX: ffffffffffffffda RBX: 00007f323e615fa0 RCX: 00007f323e39c799 [ 1481.957812][T29061] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1481.957826][T29061] RBP: 00007f323f298090 R08: 0000000000000000 R09: 0000000000000000 [ 1481.957839][T29061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1481.957852][T29061] R13: 00007f323e616038 R14: 00007f323e615fa0 R15: 00007ffc6cd7c288 [ 1481.957887][T29061] [ 1482.333561][T28850] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1482.826931][T28850] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1483.360072][T22168] hsr_slave_0: left promiscuous mode [ 1483.399796][T22168] hsr_slave_1: left promiscuous mode [ 1483.410944][T22168] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1483.421706][T22168] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1483.451466][T22168] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1483.469084][T22168] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1483.525117][T22168] veth1_macvtap: left promiscuous mode [ 1483.531328][T22168] veth0_macvtap: left promiscuous mode [ 1483.538548][T22168] veth1_vlan: left promiscuous mode [ 1483.544592][T22168] veth0_vlan: left promiscuous mode [ 1484.060702][T22168] team0 (unregistering): Port device team_slave_1 removed [ 1484.091418][T22168] team0 (unregistering): Port device team_slave_0 removed [ 1484.250318][T29017] Set syz1 is full, maxelem 65536 reached [ 1484.621424][T28850] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1484.661560][ T1295] lec:lec_start_xmit: lec0:No lecd attached [ 1484.687028][T28850] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1484.756909][T28850] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1484.840320][T28850] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1484.851394][T22168] IPVS: stop unused estimator thread 0... [ 1485.014033][T29107] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21148'. [ 1485.039052][T29107] bond1: option mode: unable to set because the bond device is up [ 1485.050447][T29107] netlink: 16 bytes leftover after parsing attributes in process `syz.3.21148'. [ 1485.064978][T29107] netlink: 'syz.3.21148': attribute type 4 has an invalid length. [ 1485.082023][T29107] netlink: 152 bytes leftover after parsing attributes in process `syz.3.21148'. [ 1485.120429][T29107] wlan1: mtu less than device minimum [ 1485.201176][T28850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1485.267443][T28850] 8021q: adding VLAN 0 to HW filter on device team0 [ 1485.328728][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 1485.335994][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1485.388882][ T211] bridge0: port 2(bridge_slave_1) entered blocking state [ 1485.396146][ T211] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1485.421105][T29118] FAULT_INJECTION: forcing a failure. [ 1485.421105][T29118] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1485.461645][T29118] CPU: 0 UID: 0 PID: 29118 Comm: syz.1.21151 Not tainted syzkaller #0 PREEMPT(full) [ 1485.461675][T29118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1485.461690][T29118] Call Trace: [ 1485.461698][T29118] [ 1485.461708][T29118] dump_stack_lvl+0xe8/0x150 [ 1485.461743][T29118] should_fail_ex+0x412/0x560 [ 1485.461775][T29118] _copy_from_user+0x2d/0xb0 [ 1485.461808][T29118] wext_handle_ioctl+0xc7/0x1d0 [ 1485.461845][T29118] ? __pfx_wext_handle_ioctl+0x10/0x10 [ 1485.461875][T29118] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1485.461926][T29118] sock_ioctl+0x159/0x7f0 [ 1485.461952][T29118] ? __pfx_sock_ioctl+0x10/0x10 [ 1485.461976][T29118] ? __fget_files+0x2a/0x420 [ 1485.462007][T29118] ? __fget_files+0x3a0/0x420 [ 1485.462036][T29118] ? __fget_files+0x2a/0x420 [ 1485.462071][T29118] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1485.462099][T29118] ? __pfx_sock_ioctl+0x10/0x10 [ 1485.462121][T29118] __se_sys_ioctl+0xfc/0x170 [ 1485.462154][T29118] do_syscall_64+0x14d/0xf80 [ 1485.462193][T29118] ? trace_irq_disable+0x3b/0x150 [ 1485.462232][T29118] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1485.462253][T29118] ? clear_bhb_loop+0x40/0x90 [ 1485.462285][T29118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1485.462306][T29118] RIP: 0033:0x7f3e0cd9c799 [ 1485.462327][T29118] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1485.462346][T29118] RSP: 002b:00007f3e0db90028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1485.462368][T29118] RAX: ffffffffffffffda RBX: 00007f3e0d015fa0 RCX: 00007f3e0cd9c799 [ 1485.462384][T29118] RDX: 0000200000000000 RSI: 0000000000008b34 RDI: 0000000000000003 [ 1485.462398][T29118] RBP: 00007f3e0db90090 R08: 0000000000000000 R09: 0000000000000000 [ 1485.462413][T29118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1485.462425][T29118] R13: 00007f3e0d016038 R14: 00007f3e0d015fa0 R15: 00007fffbb21eea8 [ 1485.462461][T29118] [ 1485.693239][T28850] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1485.707761][T28850] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1486.204106][T28850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1486.331483][T29148] FAULT_INJECTION: forcing a failure. [ 1486.331483][T29148] name failslab, interval 1, probability 0, space 0, times 0 [ 1486.347755][T29148] CPU: 0 UID: 0 PID: 29148 Comm: syz.2.21160 Not tainted syzkaller #0 PREEMPT(full) [ 1486.347786][T29148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1486.347801][T29148] Call Trace: [ 1486.347810][T29148] [ 1486.347820][T29148] dump_stack_lvl+0xe8/0x150 [ 1486.347865][T29148] should_fail_ex+0x412/0x560 [ 1486.347897][T29148] should_failslab+0xa8/0x100 [ 1486.347923][T29148] ? vm_area_dup+0x2b/0x680 [ 1486.347946][T29148] kmem_cache_alloc_noprof+0x87/0x650 [ 1486.347991][T29148] vm_area_dup+0x2b/0x680 [ 1486.348018][T29148] __split_vma+0x1dc/0xa40 [ 1486.348050][T29148] ? mas_find+0xb0e/0xd30 [ 1486.348093][T29148] ? __pfx___split_vma+0x10/0x10 [ 1486.348141][T29148] ? can_vma_merge_left+0x11a/0x3e0 [ 1486.348170][T29148] vma_modify+0xa30/0x2060 [ 1486.348217][T29148] vma_modify_flags+0x24b/0x330 [ 1486.348248][T29148] ? __pfx_vma_modify_flags+0x10/0x10 [ 1486.348292][T29148] ? rcu_is_watching+0x15/0xb0 [ 1486.348321][T29148] ? percpu_counter_add_batch+0xea/0x1d0 [ 1486.348351][T29148] ? __vm_enough_memory+0x11b/0x380 [ 1486.348385][T29148] mprotect_fixup+0x47a/0xa80 [ 1486.348420][T29148] ? __pfx_mprotect_fixup+0x10/0x10 [ 1486.348448][T29148] ? apparmor_file_mprotect+0x1d0/0x400 [ 1486.348481][T29148] ? security_file_mprotect+0x1a/0x290 [ 1486.348510][T29148] do_mprotect_pkey+0x8ab/0xcd0 [ 1486.348551][T29148] ? __pfx_do_mprotect_pkey+0x10/0x10 [ 1486.348616][T29148] __x64_sys_mprotect+0x80/0x90 [ 1486.348643][T29148] do_syscall_64+0x14d/0xf80 [ 1486.348675][T29148] ? trace_irq_disable+0x3b/0x150 [ 1486.348705][T29148] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1486.348727][T29148] ? clear_bhb_loop+0x40/0x90 [ 1486.348754][T29148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1486.348776][T29148] RIP: 0033:0x7f81bc59c597 [ 1486.348797][T29148] Code: 89 38 eb 84 0f 1f 80 00 00 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff e9 7a ff ff ff b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1486.348816][T29148] RSP: 002b:00007f81bd51bd18 EFLAGS: 00000217 ORIG_RAX: 000000000000000a [ 1486.348838][T29148] RAX: ffffffffffffffda RBX: 00007f81b4000000 RCX: 00007f81bc59c597 [ 1486.348861][T29148] RDX: 0000000000000003 RSI: 0000000000021000 RDI: 00007f81b4000000 [ 1486.348876][T29148] RBP: 0000000000021000 R08: 00000000ffffffff R09: 0000000000000000 [ 1486.348890][T29148] R10: 0000000000000022 R11: 0000000000000217 R12: 0000000004000000 [ 1486.348904][T29148] R13: 0000000000001000 R14: 00007f81b8000000 R15: 0000000001a00000 [ 1486.348939][T29148] [ 1487.592823][T29199] netlink: 32 bytes leftover after parsing attributes in process `syz.2.21168'. [ 1487.818135][T28850] veth0_vlan: entered promiscuous mode [ 1487.923565][T28850] veth1_vlan: entered promiscuous mode [ 1488.058004][T28850] veth0_macvtap: entered promiscuous mode [ 1488.089554][T28850] veth1_macvtap: entered promiscuous mode [ 1488.159330][T28850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1488.197675][T28850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1488.239002][T25413] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1488.271516][T25413] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1488.308206][T25413] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1488.342797][T25413] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1488.376939][T29198] netlink: 24 bytes leftover after parsing attributes in process `syz.0.21169'. [ 1488.433048][T29198] openvswitch: netlink: Flow key attr not present in new flow. [ 1488.479570][T29198] mac80211_hwsim hwsim116 syzkaller0: left promiscuous mode [ 1488.505453][T29198] mac80211_hwsim hwsim116 syzkaller0: left allmulticast mode [ 1488.599627][T25413] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1488.621582][T25413] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1488.784802][T22168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1488.808307][T22168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1489.068997][T29230] bridge0: port 1(bridge_slave_0) entered disabled state [ 1489.378673][T29247] FAULT_INJECTION: forcing a failure. [ 1489.378673][T29247] name failslab, interval 1, probability 0, space 0, times 0 [ 1489.404028][T29246] netlink: 12 bytes leftover after parsing attributes in process `syz.2.21179'. [ 1489.419525][T29247] CPU: 1 UID: 0 PID: 29247 Comm: syz.3.21180 Not tainted syzkaller #0 PREEMPT(full) [ 1489.419555][T29247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1489.419569][T29247] Call Trace: [ 1489.419578][T29247] [ 1489.419588][T29247] dump_stack_lvl+0xe8/0x150 [ 1489.419624][T29247] should_fail_ex+0x412/0x560 [ 1489.419656][T29247] should_failslab+0xa8/0x100 [ 1489.419684][T29247] __kmalloc_noprof+0xe8/0x760 [ 1489.419707][T29247] ? tomoyo_encode+0x28b/0x550 [ 1489.419741][T29247] tomoyo_encode+0x28b/0x550 [ 1489.419776][T29247] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1489.419815][T29247] ? tomoyo_path_number_perm+0x219/0x630 [ 1489.419838][T29247] tomoyo_path_number_perm+0x246/0x630 [ 1489.419871][T29247] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1489.419898][T29247] ? __lock_acquire+0x6b5/0x2cf0 [ 1489.419938][T29247] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1489.419982][T29247] ? __fget_files+0x2a/0x420 [ 1489.420015][T29247] ? __fget_files+0x2a/0x420 [ 1489.420043][T29247] ? __fget_files+0x3a0/0x420 [ 1489.420071][T29247] ? __fget_files+0x2a/0x420 [ 1489.420106][T29247] security_file_ioctl+0xc3/0x2a0 [ 1489.420143][T29247] __se_sys_ioctl+0x47/0x170 [ 1489.420171][T29247] do_syscall_64+0x14d/0xf80 [ 1489.420203][T29247] ? trace_irq_disable+0x3b/0x150 [ 1489.420233][T29247] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1489.420255][T29247] ? clear_bhb_loop+0x40/0x90 [ 1489.420282][T29247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1489.420305][T29247] RIP: 0033:0x7fd2c479c799 [ 1489.420325][T29247] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1489.420345][T29247] RSP: 002b:00007fd2c55e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1489.420369][T29247] RAX: ffffffffffffffda RBX: 00007fd2c4a15fa0 RCX: 00007fd2c479c799 [ 1489.420386][T29247] RDX: 0000200000000000 RSI: 0000000000008b14 RDI: 0000000000000004 [ 1489.420401][T29247] RBP: 00007fd2c55e6090 R08: 0000000000000000 R09: 0000000000000000 [ 1489.420415][T29247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1489.420427][T29247] R13: 00007fd2c4a16038 R14: 00007fd2c4a15fa0 R15: 00007ffff1966258 [ 1489.420463][T29247] [ 1489.420486][T29247] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1489.717270][T29246] netlink: 16 bytes leftover after parsing attributes in process `syz.2.21179'. [ 1489.952196][ T5832] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1489.966722][ T5832] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1489.975349][ T5832] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1489.984188][ T5832] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1489.996231][ T5832] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1490.012455][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5350 ms [ 1490.020554][ C0] lec:lec_tx_timeout: lec0 [ 1491.276337][T29295] FAULT_INJECTION: forcing a failure. [ 1491.276337][T29295] name failslab, interval 1, probability 0, space 0, times 0 [ 1491.290667][T29295] CPU: 0 UID: 0 PID: 29295 Comm: syz.4.21193 Not tainted syzkaller #0 PREEMPT(full) [ 1491.290697][T29295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1491.290712][T29295] Call Trace: [ 1491.290721][T29295] [ 1491.290731][T29295] dump_stack_lvl+0xe8/0x150 [ 1491.290775][T29295] should_fail_ex+0x412/0x560 [ 1491.290808][T29295] should_failslab+0xa8/0x100 [ 1491.290837][T29295] __kmalloc_node_track_caller_noprof+0xeb/0x7b0 [ 1491.290864][T29295] ? __kthread_create_on_node+0x1cf/0x3f0 [ 1491.290904][T29295] kvasprintf+0xeb/0x1a0 [ 1491.290939][T29295] ? __pfx_kvasprintf+0x10/0x10 [ 1491.290975][T29295] ? __kmalloc_cache_noprof+0x31c/0x660 [ 1491.290999][T29295] ? __kthread_create_on_node+0x115/0x3f0 [ 1491.291030][T29295] ? __kmalloc_cache_noprof+0x15b/0x660 [ 1491.291059][T29295] __kthread_create_on_node+0x1cf/0x3f0 [ 1491.291095][T29295] ? __pfx___kthread_create_on_node+0x10/0x10 [ 1491.291125][T29295] ? string+0x279/0x2b0 [ 1491.291166][T29295] ? __pfx_rescuer_thread+0x10/0x10 [ 1491.291199][T29295] ? __pfx_rescuer_thread+0x10/0x10 [ 1491.291232][T29295] kthread_create_on_node+0xeb/0x140 [ 1491.291271][T29295] ? __pfx_kthread_create_on_node+0x10/0x10 [ 1491.291306][T29295] ? __kmalloc_cache_node_noprof+0x3ef/0x6b0 [ 1491.291341][T29295] init_rescuer+0x30c/0x530 [ 1491.291366][T29295] ? __pfx___mutex_lock+0x10/0x10 [ 1491.291389][T29295] ? __pfx_init_rescuer+0x10/0x10 [ 1491.291427][T29295] ? wq_adjust_max_active+0x195/0x4b0 [ 1491.291448][T29295] ? apply_wqattrs_commit+0x3a7/0x4e0 [ 1491.291482][T29295] __alloc_workqueue+0x1a84/0x1e90 [ 1491.291523][T29295] alloc_workqueue_noprof+0xe3/0x210 [ 1491.291554][T29295] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1491.291589][T29295] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1491.291626][T29295] nci_register_device+0x3ff/0xa00 [ 1491.291659][T29295] ? __pfx_nci_register_device+0x10/0x10 [ 1491.291687][T29295] ? __raw_spin_lock_init+0x45/0x100 [ 1491.291713][T29295] ? __init_waitqueue_head+0xa9/0x150 [ 1491.291742][T29295] virtual_ncidev_open+0x129/0x1a0 [ 1491.291776][T29295] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1491.291800][T29295] misc_open+0x2d5/0x350 [ 1491.291828][T29295] chrdev_open+0x4cd/0x5e0 [ 1491.291858][T29295] ? __pfx_chrdev_open+0x10/0x10 [ 1491.291882][T29295] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0 [ 1491.291924][T29295] ? __pfx_chrdev_open+0x10/0x10 [ 1491.291948][T29295] do_dentry_open+0x785/0x14e0 [ 1491.291994][T29295] vfs_open+0x3b/0x340 [ 1491.292019][T29295] ? path_openat+0x2df0/0x3860 [ 1491.292045][T29295] path_openat+0x2e08/0x3860 [ 1491.292085][T29295] ? __pfx_stack_trace_save+0x10/0x10 [ 1491.292110][T29295] ? stack_depot_save_flags+0x33/0x810 [ 1491.292145][T29295] ? __pfx_path_openat+0x10/0x10 [ 1491.292164][T29295] ? __x64_sys_openat+0x138/0x170 [ 1491.292192][T29295] ? do_syscall_64+0x14d/0xf80 [ 1491.292222][T29295] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1491.292255][T29295] ? __lock_acquire+0x6b5/0x2cf0 [ 1491.292292][T29295] do_file_open+0x23e/0x4a0 [ 1491.292320][T29295] ? __pfx_do_file_open+0x10/0x10 [ 1491.292369][T29295] ? _raw_spin_unlock+0x28/0x50 [ 1491.292397][T29295] ? alloc_fd+0x64b/0x6c0 [ 1491.292440][T29295] do_sys_openat2+0x113/0x200 [ 1491.292472][T29295] ? __pfx_do_sys_openat2+0x10/0x10 [ 1491.292508][T29295] ? rcu_is_watching+0x15/0xb0 [ 1491.292544][T29295] __x64_sys_openat+0x138/0x170 [ 1491.292581][T29295] do_syscall_64+0x14d/0xf80 [ 1491.292612][T29295] ? trace_irq_disable+0x3b/0x150 [ 1491.292642][T29295] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1491.292663][T29295] ? clear_bhb_loop+0x40/0x90 [ 1491.292692][T29295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1491.292713][T29295] RIP: 0033:0x7fa5b619c799 [ 1491.292735][T29295] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1491.292763][T29295] RSP: 002b:00007fa5b7057028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1491.292787][T29295] RAX: ffffffffffffffda RBX: 00007fa5b6416090 RCX: 00007fa5b619c799 [ 1491.292803][T29295] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1491.292819][T29295] RBP: 00007fa5b7057090 R08: 0000000000000000 R09: 0000000000000000 [ 1491.292833][T29295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1491.292846][T29295] R13: 00007fa5b6416128 R14: 00007fa5b6416090 R15: 00007ffc431eda98 [ 1491.292883][T29295] [ 1491.729026][T29295] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -ENOMEM [ 1492.046612][T29304] syzkaller0: entered promiscuous mode [ 1492.067357][T29304] syzkaller0: entered allmulticast mode [ 1492.094190][T20772] Bluetooth: hci5: command tx timeout [ 1492.686739][T29259] chnl_net:caif_netlink_parms(): no params data found [ 1492.874454][T29335] netlink: 'syz.1.21205': attribute type 1 has an invalid length. [ 1492.900034][T29259] bridge0: port 1(bridge_slave_0) entered blocking state [ 1492.908061][T29259] bridge0: port 1(bridge_slave_0) entered disabled state [ 1492.915757][T29259] bridge_slave_0: entered allmulticast mode [ 1492.924958][T29259] bridge_slave_0: entered promiscuous mode [ 1492.935074][T29259] bridge0: port 2(bridge_slave_1) entered blocking state [ 1492.942577][T29259] bridge0: port 2(bridge_slave_1) entered disabled state [ 1492.950239][T29259] bridge_slave_1: entered allmulticast mode [ 1492.958774][T29259] bridge_slave_1: entered promiscuous mode [ 1493.050416][T29259] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1493.067261][T29259] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1493.121921][T29259] team0: Port device team_slave_0 added [ 1493.132935][T29259] team0: Port device team_slave_1 added [ 1493.175936][T29259] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1493.189323][T29259] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1493.232487][T29259] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1493.248047][T29259] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1493.255867][T29259] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1493.285142][T29259] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1493.385510][T29259] hsr_slave_0: entered promiscuous mode [ 1493.397236][T29259] hsr_slave_1: entered promiscuous mode [ 1493.404400][T29259] debugfs: 'hsr0' already exists in 'hsr' [ 1493.414059][T29259] Cannot create hsr debugfs directory [ 1493.857688][T29259] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1493.869284][T29259] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1494.037812][T29259] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1494.103447][T29259] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1494.172684][T20772] Bluetooth: hci5: command tx timeout [ 1494.226213][T29385] openvswitch: netlink: IPv4 tun info is not correct [ 1494.256073][T29259] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1494.287554][T29259] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1494.330137][T29386] netlink: 28 bytes leftover after parsing attributes in process `syz.1.21222'. [ 1494.368223][T29388] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21226'. [ 1494.430038][T29388] netlink: 4 bytes leftover after parsing attributes in process `syz.2.21226'. [ 1494.457359][T29259] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1494.478872][T29259] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1494.711922][T29397] netlink: 12 bytes leftover after parsing attributes in process `syz.3.21229'. [ 1494.836642][T29259] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1494.858936][T29259] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1494.880548][T29259] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1494.906964][T29259] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1495.188532][T29416] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21235'. [ 1495.205092][T29416] bond1: option mode: unable to set because the bond device is up [ 1495.233830][T29416] netlink: 16 bytes leftover after parsing attributes in process `syz.3.21235'. [ 1495.246634][T29259] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1495.265384][T29416] netlink: 4 bytes leftover after parsing attributes in process `syz.3.21235'. [ 1495.284929][T29259] 8021q: adding VLAN 0 to HW filter on device team0 [ 1495.286432][T29418] netlink: 'syz.3.21235': attribute type 4 has an invalid length. [ 1495.307562][T22168] bridge0: port 1(bridge_slave_0) entered blocking state [ 1495.314792][T22168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1495.332152][T29418] netlink: 152 bytes leftover after parsing attributes in process `syz.3.21235'. [ 1495.376089][T22168] bridge0: port 2(bridge_slave_1) entered blocking state [ 1495.383333][T22168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1495.399359][T29418] wlan1: mtu less than device minimum [ 1495.487121][T29259] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1495.530754][T29422] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21236'. [ 1495.972582][T29434] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21240'. [ 1496.127366][T29259] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1496.240001][T29259] veth0_vlan: entered promiscuous mode [ 1496.254040][T20772] Bluetooth: hci5: command tx timeout [ 1496.279704][T29259] veth1_vlan: entered promiscuous mode [ 1496.294676][T29449] bond0: option mode: unable to set because the bond device is up [ 1496.329677][T29449] netlink: 'syz.2.21245': attribute type 4 has an invalid length. [ 1496.361058][T29259] veth0_macvtap: entered promiscuous mode [ 1496.376666][T29259] veth1_macvtap: entered promiscuous mode [ 1496.420934][T29259] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1496.450232][T29259] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1496.474501][ T61] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1496.498373][ T61] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1496.532688][ T61] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1496.541474][ T61] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1496.779290][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1496.798624][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1496.876699][T29468] FAULT_INJECTION: forcing a failure. [ 1496.876699][T29468] name failslab, interval 1, probability 0, space 0, times 0 [ 1496.911015][T29468] CPU: 0 UID: 0 PID: 29468 Comm: syz.2.21251 Not tainted syzkaller #0 PREEMPT(full) [ 1496.911047][T29468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1496.911061][T29468] Call Trace: [ 1496.911071][T29468] [ 1496.911081][T29468] dump_stack_lvl+0xe8/0x150 [ 1496.911117][T29468] should_fail_ex+0x412/0x560 [ 1496.911150][T29468] should_failslab+0xa8/0x100 [ 1496.911178][T29468] __kmalloc_cache_noprof+0x88/0x660 [ 1496.911199][T29468] ? __sctp_v6_cmp_addr+0x1e6/0x510 [ 1496.911268][T29468] ? sctp_add_bind_addr+0x8c/0x370 [ 1496.911301][T29468] sctp_add_bind_addr+0x8c/0x370 [ 1496.911333][T29468] sctp_copy_local_addr_list+0x314/0x4f0 [ 1496.911366][T29468] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 1496.911401][T29468] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 1496.911426][T29468] ? sctp_association_new+0x1894/0x25e0 [ 1496.911463][T29468] ? sctp_v4_is_any+0x35/0x60 [ 1496.911492][T29468] ? sctp_copy_one_addr+0x93/0x360 [ 1496.911523][T29468] sctp_bind_addr_copy+0xb3/0x3c0 [ 1496.911553][T29468] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 1496.911581][T29468] sctp_connect_new_asoc+0x2ff/0x6b0 [ 1496.911619][T29468] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 1496.911654][T29468] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 1496.911694][T29468] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 1496.911725][T29468] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 1496.911758][T29468] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 1496.911784][T29468] ? security_sctp_bind_connect+0x7e/0x2c0 [ 1496.911822][T29468] sctp_sendmsg+0x1528/0x2c10 [ 1496.911871][T29468] ? __pfx_sctp_sendmsg+0x10/0x10 [ 1496.911915][T29468] ? aa_sk_perm+0x6d5/0x900 [ 1496.911949][T29468] ? __pfx_aa_sk_perm+0x10/0x10 [ 1496.911977][T29468] ? sock_rps_record_flow+0x19/0x400 [ 1496.912015][T29468] ? inet_sendmsg+0x2f4/0x370 [ 1496.912045][T29468] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1496.912072][T29468] __sys_sendto+0x627/0x7a0 [ 1496.912106][T29468] ? __pfx___sys_sendto+0x10/0x10 [ 1496.912130][T29468] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1496.912161][T29468] ? __fget_files+0x3a0/0x420 [ 1496.912211][T29468] ? ksys_write+0x242/0x270 [ 1496.912234][T29468] ? __pfx_ksys_write+0x10/0x10 [ 1496.912263][T29468] __x64_sys_sendto+0xde/0x100 [ 1496.912295][T29468] do_syscall_64+0x14d/0xf80 [ 1496.912327][T29468] ? trace_irq_disable+0x3b/0x150 [ 1496.912358][T29468] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1496.912389][T29468] ? clear_bhb_loop+0x40/0x90 [ 1496.912417][T29468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1496.912439][T29468] RIP: 0033:0x7f81bc59c799 [ 1496.912459][T29468] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1496.912478][T29468] RSP: 002b:00007f81bd51d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1496.912502][T29468] RAX: ffffffffffffffda RBX: 00007f81bc815fa0 RCX: 00007f81bc59c799 [ 1496.912519][T29468] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000003 [ 1496.912533][T29468] RBP: 00007f81bd51d090 R08: 0000200000000240 R09: 000000000000001c [ 1496.912547][T29468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1496.912560][T29468] R13: 00007f81bc816038 R14: 00007f81bc815fa0 R15: 00007ffe8c508668 [ 1496.912596][T29468] [ 1497.143617][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1497.334097][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1498.205478][T29507] FAULT_INJECTION: forcing a failure. [ 1498.205478][T29507] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1498.218884][T29507] CPU: 1 UID: 0 PID: 29507 Comm: syz.0.21263 Not tainted syzkaller #0 PREEMPT(full) [ 1498.218914][T29507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1498.218928][T29507] Call Trace: [ 1498.218938][T29507] [ 1498.218948][T29507] dump_stack_lvl+0xe8/0x150 [ 1498.218984][T29507] should_fail_ex+0x412/0x560 [ 1498.219016][T29507] _copy_from_user+0x2d/0xb0 [ 1498.219049][T29507] ___sys_sendmsg+0x1c6/0x360 [ 1498.219097][T29507] ? __pfx____sys_sendmsg+0x10/0x10 [ 1498.219168][T29507] ? __fget_files+0x2a/0x420 [ 1498.219198][T29507] ? __fget_files+0x3a0/0x420 [ 1498.219240][T29507] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1498.219276][T29507] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1498.219323][T29507] ? __pfx_ksys_write+0x10/0x10 [ 1498.219359][T29507] do_syscall_64+0x14d/0xf80 [ 1498.219392][T29507] ? trace_irq_disable+0x3b/0x150 [ 1498.219423][T29507] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1498.219446][T29507] ? clear_bhb_loop+0x40/0x90 [ 1498.219473][T29507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1498.219495][T29507] RIP: 0033:0x7ff1b179c799 [ 1498.219516][T29507] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1498.219536][T29507] RSP: 002b:00007ff1b2625028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1498.219560][T29507] RAX: ffffffffffffffda RBX: 00007ff1b1a15fa0 RCX: 00007ff1b179c799 [ 1498.219576][T29507] RDX: 00000000000000c4 RSI: 00002000000000c0 RDI: 0000000000000004 [ 1498.219590][T29507] RBP: 00007ff1b2625090 R08: 0000000000000000 R09: 0000000000000000 [ 1498.219604][T29507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1498.219618][T29507] R13: 00007ff1b1a16038 R14: 00007ff1b1a15fa0 R15: 00007ffd903b7798 [ 1498.219652][T29507] [ 1498.577600][T20772] Bluetooth: hci5: command tx timeout [ 1498.598612][ T5832] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1498.609271][ T5832] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1498.669812][ T5832] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1498.686754][T29512] FAULT_INJECTION: forcing a failure. [ 1498.686754][T29512] name failslab, interval 1, probability 0, space 0, times 0 [ 1498.709796][T29514] FAULT_INJECTION: forcing a failure. [ 1498.709796][T29514] name failslab, interval 1, probability 0, space 0, times 0 [ 1498.723393][ T5832] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1498.731329][T29514] CPU: 1 UID: 0 PID: 29514 Comm: syz.0.21267 Not tainted syzkaller #0 PREEMPT(full) [ 1498.731358][T29514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1498.731373][T29514] Call Trace: [ 1498.731382][T29514] [ 1498.731392][T29514] dump_stack_lvl+0xe8/0x150 [ 1498.731428][T29514] should_fail_ex+0x412/0x560 [ 1498.731460][T29514] should_failslab+0xa8/0x100 [ 1498.731485][T29514] ? skb_clone+0x212/0x3a0 [ 1498.731517][T29514] kmem_cache_alloc_noprof+0x87/0x650 [ 1498.731551][T29514] ? __netlink_lookup+0xc6/0x8b0 [ 1498.731587][T29514] skb_clone+0x212/0x3a0 [ 1498.731623][T29514] __netlink_deliver_tap+0x404/0x850 [ 1498.731663][T29514] ? netlink_deliver_tap+0x2e/0x1b0 [ 1498.731691][T29514] netlink_deliver_tap+0x19c/0x1b0 [ 1498.731719][T29514] netlink_unicast+0x7e3/0x9b0 [ 1498.731749][T29514] ? __pfx_netlink_unicast+0x10/0x10 [ 1498.731771][T29514] ? netlink_sendmsg+0x650/0xb40 [ 1498.731793][T29514] ? skb_put+0x11b/0x210 [ 1498.731822][T29514] netlink_sendmsg+0x813/0xb40 [ 1498.731854][T29514] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1498.731881][T29514] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1498.731906][T29514] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1498.731930][T29514] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1498.731953][T29514] ____sys_sendmsg+0xa68/0xad0 [ 1498.731990][T29514] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1498.732026][T29514] ? import_iovec+0x73/0xa0 [ 1498.732056][T29514] ___sys_sendmsg+0x2a5/0x360 [ 1498.732089][T29514] ? __pfx____sys_sendmsg+0x10/0x10 [ 1498.732151][T29514] ? __fget_files+0x2a/0x420 [ 1498.732185][T29514] ? __fget_files+0x3a0/0x420 [ 1498.732227][T29514] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1498.732258][T29514] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1498.732296][T29514] ? __pfx_ksys_write+0x10/0x10 [ 1498.732326][T29514] do_syscall_64+0x14d/0xf80 [ 1498.732355][T29514] ? trace_irq_disable+0x3b/0x150 [ 1498.732383][T29514] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1498.732402][T29514] ? clear_bhb_loop+0x40/0x90 [ 1498.732426][T29514] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1498.732445][T29514] RIP: 0033:0x7ff1b179c799 [ 1498.732465][T29514] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1498.732481][T29514] RSP: 002b:00007ff1b2625028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1498.732502][T29514] RAX: ffffffffffffffda RBX: 00007ff1b1a15fa0 RCX: 00007ff1b179c799 [ 1498.732517][T29514] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 1498.732528][T29514] RBP: 00007ff1b2625090 R08: 0000000000000000 R09: 0000000000000000 [ 1498.732540][T29514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1498.732552][T29514] R13: 00007ff1b1a16038 R14: 00007ff1b1a15fa0 R15: 00007ffd903b7798 [ 1498.732583][T29514] [ 1498.782558][ T1749] block nbd6: Possible stuck request ffff888026968000: control (read@0,4096B). Runtime 210 seconds [ 1498.798111][ T5832] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1498.837495][T29512] CPU: 0 UID: 0 PID: 29512 Comm: syz.3.21266 Not tainted syzkaller #0 PREEMPT(full) [ 1498.837579][T29512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1498.837619][T29512] Call Trace: [ 1498.837647][T29512] [ 1498.837670][T29512] dump_stack_lvl+0xe8/0x150 [ 1498.837762][T29512] should_fail_ex+0x412/0x560 [ 1498.837847][T29512] should_failslab+0xa8/0x100 [ 1498.837938][T29512] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 1498.838041][T29512] ? __alloc_skb+0x1d0/0x7d0 [ 1498.838148][T29512] ? __local_bh_enable_ip+0xd0/0x130 [ 1498.838240][T29512] __alloc_skb+0x1d0/0x7d0 [ 1498.838331][T29512] netlink_dump+0x1ef/0xe80 [ 1498.838434][T29512] ? __pfx_netlink_dump+0x10/0x10 [ 1498.838563][T29512] __netlink_dump_start+0x5cb/0x7e0 [ 1498.838650][T29512] inet_diag_handler_cmd+0x1e0/0x2c0 [ 1498.838758][T29512] ? __pfx_inet_diag_handler_cmd+0x10/0x10 [ 1498.838841][T29512] ? __pfx_inet_diag_dump_start+0x10/0x10 [ 1498.838925][T29512] ? __pfx_inet_diag_dump+0x10/0x10 [ 1498.839015][T29512] ? __pfx_inet_diag_dump_done+0x10/0x10 [ 1498.839105][T29512] ? sock_diag_lock_handler+0x19/0x290 [ 1498.839156][T29512] ? sock_diag_lock_handler+0x19/0x290 [ 1498.839259][T29512] sock_diag_rcv_msg+0x4cc/0x600 [ 1498.839337][T29512] netlink_rcv_skb+0x232/0x4b0 [ 1498.839405][T29512] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 1498.839481][T29512] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1498.839584][T29512] ? netlink_deliver_tap+0x2e/0x1b0 [ 1498.839679][T29512] netlink_unicast+0x80f/0x9b0 [ 1498.839765][T29512] ? __pfx_netlink_unicast+0x10/0x10 [ 1498.839836][T29512] ? netlink_sendmsg+0x650/0xb40 [ 1498.839908][T29512] ? skb_put+0x11b/0x210 [ 1498.840001][T29512] netlink_sendmsg+0x813/0xb40 [ 1498.840099][T29512] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1498.840171][T29512] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1498.840245][T29512] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1498.840318][T29512] sock_write_iter+0x503/0x550 [ 1498.840391][T29512] ? __pfx_sock_write_iter+0x10/0x10 [ 1498.840515][T29512] do_iter_readv_writev+0x619/0x8c0 [ 1498.840597][T29512] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1498.840707][T29512] ? bpf_lsm_file_permission+0x9/0x20 [ 1498.840776][T29512] ? security_file_permission+0x75/0x260 [ 1498.840866][T29512] ? rw_verify_area+0x255/0x4d0 [ 1498.840947][T29512] vfs_writev+0x33c/0x990 [ 1498.841050][T29512] ? __pfx_vfs_writev+0x10/0x10 [ 1498.841163][T29512] ? __fget_files+0x2a/0x420 [ 1498.841257][T29512] ? __fget_files+0x3a0/0x420 [ 1498.841338][T29512] ? __fget_files+0x2a/0x420 [ 1498.841442][T29512] do_writev+0x154/0x2e0 [ 1498.841526][T29512] ? __pfx_do_writev+0x10/0x10 [ 1498.841643][T29512] do_syscall_64+0x14d/0xf80 [ 1498.841730][T29512] ? trace_irq_disable+0x3b/0x150 [ 1498.841814][T29512] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1498.841877][T29512] ? clear_bhb_loop+0x40/0x90 [ 1498.841960][T29512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1498.842017][T29512] RIP: 0033:0x7fd2c479c799 [ 1498.842085][T29512] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1498.842151][T29512] RSP: 002b:00007fd2c55e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1498.842221][T29512] RAX: ffffffffffffffda RBX: 00007fd2c4a15fa0 RCX: 00007fd2c479c799 [ 1498.842264][T29512] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 000000000000000b [ 1498.842298][T29512] RBP: 00007fd2c55e6090 R08: 0000000000000000 R09: 0000000000000000 [ 1498.842369][T29512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1498.842403][T29512] R13: 00007fd2c4a16038 R14: 00007fd2c4a15fa0 R15: 00007ffff1966258 [ 1498.842497][T29512] [ 1500.407088][T29539] __nla_validate_parse: 6 callbacks suppressed [ 1500.407114][T29539] netlink: 16 bytes leftover after parsing attributes in process `syz.0.21276'. [ 1500.452399][T29529] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1500.471187][T29527] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1500.673410][T29548] netlink: 'syz.3.21278': attribute type 11 has an invalid length. [ 1500.681558][T29548] netlink: 'syz.3.21278': attribute type 4 has an invalid length. [ 1500.712524][T29548] netlink: 199768 bytes leftover after parsing attributes in process `syz.3.21278'. [ 1501.063192][T29555] netlink: 4 bytes leftover after parsing attributes in process `syz.1.21280'. [ 1501.187774][T29568] FAULT_INJECTION: forcing a failure. [ 1501.187774][T29568] name failslab, interval 1, probability 0, space 0, times 0 [ 1501.221258][T29568] CPU: 1 UID: 0 PID: 29568 Comm: syz.4.21284 Not tainted syzkaller #0 PREEMPT(full) [ 1501.221291][T29568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1501.221306][T29568] Call Trace: [ 1501.221316][T29568] [ 1501.221327][T29568] dump_stack_lvl+0xe8/0x150 [ 1501.221364][T29568] should_fail_ex+0x412/0x560 [ 1501.221397][T29568] should_failslab+0xa8/0x100 [ 1501.221425][T29568] ? skb_clone+0x212/0x3a0 [ 1501.221458][T29568] kmem_cache_alloc_noprof+0x87/0x650 [ 1501.221503][T29568] skb_clone+0x212/0x3a0 [ 1501.221540][T29568] __netlink_deliver_tap+0x404/0x850 [ 1501.221582][T29568] ? netlink_deliver_tap+0x2e/0x1b0 [ 1501.221611][T29568] netlink_deliver_tap+0x19c/0x1b0 [ 1501.221640][T29568] netlink_sendskb+0x68/0x140 [ 1501.221667][T29568] netlink_unicast+0x3a3/0x9b0 [ 1501.221702][T29568] ? __pfx_netlink_unicast+0x10/0x10 [ 1501.221737][T29568] netlink_rcv_skb+0x2b6/0x4b0 [ 1501.221766][T29568] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1501.221801][T29568] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1501.221848][T29568] ? down_read+0x272/0x2e0 [ 1501.221869][T29568] ? genl_rcv+0xd/0x40 [ 1501.221902][T29568] genl_rcv+0x28/0x40 [ 1501.221933][T29568] netlink_unicast+0x80f/0x9b0 [ 1501.221967][T29568] ? __pfx_netlink_unicast+0x10/0x10 [ 1501.222000][T29568] ? netlink_sendmsg+0x650/0xb40 [ 1501.222025][T29568] ? skb_put+0x11b/0x210 [ 1501.222059][T29568] netlink_sendmsg+0x813/0xb40 [ 1501.222098][T29568] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1501.222129][T29568] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1501.222158][T29568] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1501.222184][T29568] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1501.222216][T29568] ____sys_sendmsg+0xa68/0xad0 [ 1501.222257][T29568] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1501.222297][T29568] ? import_iovec+0x73/0xa0 [ 1501.222329][T29568] ___sys_sendmsg+0x2a5/0x360 [ 1501.222368][T29568] ? __pfx____sys_sendmsg+0x10/0x10 [ 1501.222442][T29568] ? __fget_files+0x2a/0x420 [ 1501.222472][T29568] ? __fget_files+0x3a0/0x420 [ 1501.222515][T29568] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1501.222551][T29568] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1501.222595][T29568] ? __pfx_ksys_write+0x10/0x10 [ 1501.222632][T29568] do_syscall_64+0x14d/0xf80 [ 1501.222665][T29568] ? trace_irq_disable+0x3b/0x150 [ 1501.222696][T29568] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1501.222719][T29568] ? clear_bhb_loop+0x40/0x90 [ 1501.222748][T29568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1501.222770][T29568] RIP: 0033:0x7fa5b619c799 [ 1501.222792][T29568] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1501.222812][T29568] RSP: 002b:00007fa5b7078028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1501.222836][T29568] RAX: ffffffffffffffda RBX: 00007fa5b6415fa0 RCX: 00007fa5b619c799 [ 1501.222853][T29568] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 1501.222867][T29568] RBP: 00007fa5b7078090 R08: 0000000000000000 R09: 0000000000000000 [ 1501.222881][T29568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1501.222894][T29568] R13: 00007fa5b6416038 R14: 00007fa5b6415fa0 R15: 00007ffc431eda98 [ 1501.222930][T29568] [ 1501.579386][ T5832] Bluetooth: hci4: command tx timeout [ 1501.629420][T29571] syzkaller0: entered promiscuous mode [ 1501.649750][T29571] syzkaller0: entered allmulticast mode [ 1501.968219][T29581] netlink: 'syz.0.21288': attribute type 4 has an invalid length. [ 1502.042933][T28109] lec:lec_start_xmit: lec0:No lecd attached [ 1502.130110][T29509] chnl_net:caif_netlink_parms(): no params data found [ 1502.171985][T29590] FAULT_INJECTION: forcing a failure. [ 1502.171985][T29590] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1502.192477][T29590] CPU: 1 UID: 0 PID: 29590 Comm: syz.3.21292 Not tainted syzkaller #0 PREEMPT(full) [ 1502.192507][T29590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1502.192522][T29590] Call Trace: [ 1502.192532][T29590] [ 1502.192541][T29590] dump_stack_lvl+0xe8/0x150 [ 1502.192579][T29590] should_fail_ex+0x412/0x560 [ 1502.192611][T29590] _copy_to_user+0x31/0xb0 [ 1502.192646][T29590] simple_read_from_buffer+0xe1/0x170 [ 1502.192682][T29590] proc_fail_nth_read+0x1bb/0x230 [ 1502.192717][T29590] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1502.192752][T29590] ? rw_verify_area+0x2a6/0x4d0 [ 1502.192773][T29590] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1502.192805][T29590] vfs_read+0x20c/0xa70 [ 1502.192825][T29590] ? fdget_pos+0x246/0x320 [ 1502.192862][T29590] ? __pfx___mutex_lock+0x10/0x10 [ 1502.192885][T29590] ? __pfx_vfs_read+0x10/0x10 [ 1502.192909][T29590] ? __fget_files+0x2a/0x420 [ 1502.192945][T29590] ? __fget_files+0x3a0/0x420 [ 1502.192974][T29590] ? __fget_files+0x2a/0x420 [ 1502.193024][T29590] ksys_read+0x150/0x270 [ 1502.193049][T29590] ? __pfx_ksys_read+0x10/0x10 [ 1502.193084][T29590] do_syscall_64+0x14d/0xf80 [ 1502.193116][T29590] ? trace_irq_disable+0x3b/0x150 [ 1502.193147][T29590] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1502.193170][T29590] ? clear_bhb_loop+0x40/0x90 [ 1502.193198][T29590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1502.193221][T29590] RIP: 0033:0x7fd2c475cfce [ 1502.193241][T29590] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1502.193260][T29590] RSP: 002b:00007fd2c55c4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1502.193284][T29590] RAX: ffffffffffffffda RBX: 00007fd2c55c56c0 RCX: 00007fd2c475cfce [ 1502.193300][T29590] RDX: 000000000000000f RSI: 00007fd2c55c50a0 RDI: 000000000000000a [ 1502.193314][T29590] RBP: 00007fd2c55c5090 R08: 0000000000000000 R09: 0000000000000000 [ 1502.193328][T29590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1502.193341][T29590] R13: 00007fd2c4a16128 R14: 00007fd2c4a16090 R15: 00007ffff1966258 [ 1502.193377][T29590] [ 1502.494730][T29509] bridge0: port 1(bridge_slave_0) entered blocking state [ 1502.504349][T29509] bridge0: port 1(bridge_slave_0) entered disabled state [ 1502.511752][T29509] bridge_slave_0: entered allmulticast mode [ 1502.560156][T29509] bridge_slave_0: entered promiscuous mode [ 1502.569170][T29509] bridge0: port 2(bridge_slave_1) entered blocking state [ 1502.577684][T29509] bridge0: port 2(bridge_slave_1) entered disabled state [ 1502.585505][T29509] bridge_slave_1: entered allmulticast mode [ 1502.593738][T29509] bridge_slave_1: entered promiscuous mode [ 1502.659410][T29509] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1502.673241][T29509] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1502.720706][T29509] team0: Port device team_slave_0 added [ 1502.730228][T29509] team0: Port device team_slave_1 added [ 1502.768980][T29509] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1502.780784][T29509] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1502.807403][T29509] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1502.820766][T29509] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1502.827968][T29509] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1502.859691][T29509] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1502.924173][T29509] hsr_slave_0: entered promiscuous mode [ 1502.931192][T29509] hsr_slave_1: entered promiscuous mode [ 1502.938197][T29509] debugfs: 'hsr0' already exists in 'hsr' [ 1502.948283][T29509] Cannot create hsr debugfs directory [ 1502.988338][T29611] netlink: 'syz.0.21299': attribute type 4 has an invalid length. [ 1503.614706][T20772] Bluetooth: hci4: command tx timeout [ 1503.742782][T29637] netlink: 8 bytes leftover after parsing attributes in process `syz.0.21304'. [ 1503.779596][T29619] veth1_vlan: left allmulticast mode [ 1503.935644][T29626] syzkaller0: entered promiscuous mode [ 1503.941187][T29626] syzkaller0: entered allmulticast mode [ 1503.975342][T29637] vlan2: entered allmulticast mode [ 1503.985048][T29637] mac80211_hwsim hwsim128 wlan0: entered allmulticast mode [ 1504.004827][T22168] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 256 - 0 [ 1504.078147][T29645] netlink: 8 bytes leftover after parsing attributes in process `syz.4.21308'. [ 1504.111695][T29645] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 1505.697453][T20772] Bluetooth: hci4: command tx timeout [ 1506.162719][T22168] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 256 - 0 [ 1506.184393][T22168] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 256 - 0 [ 1506.196329][T29645] netlink: 'syz.4.21308': attribute type 29 has an invalid length. [ 1506.272769][T22168] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 256 - 0 [ 1506.283631][T29656] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21311'. [ 1506.423110][T29663] netlink: 12 bytes leftover after parsing attributes in process `syz.1.21314'. [ 1506.492979][T29668] FAULT_INJECTION: forcing a failure. [ 1506.492979][T29668] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1506.509009][T29668] CPU: 1 UID: 0 PID: 29668 Comm: syz.4.21316 Not tainted syzkaller #0 PREEMPT(full) [ 1506.509040][T29668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1506.509055][T29668] Call Trace: [ 1506.509064][T29668] [ 1506.509074][T29668] dump_stack_lvl+0xe8/0x150 [ 1506.509111][T29668] should_fail_ex+0x412/0x560 [ 1506.509143][T29668] _copy_from_user+0x2d/0xb0 [ 1506.509176][T29668] wext_handle_ioctl+0xc7/0x1d0 [ 1506.509212][T29668] ? __pfx_wext_handle_ioctl+0x10/0x10 [ 1506.509242][T29668] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1506.509282][T29668] sock_ioctl+0x159/0x7f0 [ 1506.509308][T29668] ? __pfx_sock_ioctl+0x10/0x10 [ 1506.509332][T29668] ? __fget_files+0x2a/0x420 [ 1506.509362][T29668] ? __fget_files+0x3a0/0x420 [ 1506.509391][T29668] ? __fget_files+0x2a/0x420 [ 1506.509425][T29668] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1506.509452][T29668] ? __pfx_sock_ioctl+0x10/0x10 [ 1506.509475][T29668] __se_sys_ioctl+0xfc/0x170 [ 1506.509502][T29668] do_syscall_64+0x14d/0xf80 [ 1506.509535][T29668] ? trace_irq_disable+0x3b/0x150 [ 1506.509566][T29668] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1506.509596][T29668] ? clear_bhb_loop+0x40/0x90 [ 1506.509623][T29668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1506.509646][T29668] RIP: 0033:0x7fa5b619c799 [ 1506.509666][T29668] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1506.509686][T29668] RSP: 002b:00007fa5b7078028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1506.509710][T29668] RAX: ffffffffffffffda RBX: 00007fa5b6415fa0 RCX: 00007fa5b619c799 [ 1506.509727][T29668] RDX: 0000200000000000 RSI: 0000000000008b14 RDI: 0000000000000004 [ 1506.509742][T29668] RBP: 00007fa5b7078090 R08: 0000000000000000 R09: 0000000000000000 [ 1506.509756][T29668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1506.509769][T29668] R13: 00007fa5b6416038 R14: 00007fa5b6415fa0 R15: 00007ffc431eda98 [ 1506.509805][T29668] [ 1506.786922][T29509] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1506.897415][T29509] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1506.996141][T29681] netlink: 'syz.4.21321': attribute type 4 has an invalid length. [ 1507.036631][T29509] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1507.052729][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 1507.060833][ C0] lec:lec_tx_timeout: lec0 [ 1507.096988][T29683] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1507.112060][T29683] netlink: 'syz.4.21322': attribute type 1 has an invalid length. [ 1507.120668][T29683] netlink: 2108 bytes leftover after parsing attributes in process `syz.4.21322'. [ 1507.143683][T29509] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1507.343009][T29685] syzkaller0: entered promiscuous mode [ 1507.349920][T29685] syzkaller0: entered allmulticast mode [ 1507.376194][T29687] FAULT_INJECTION: forcing a failure. [ 1507.376194][T29687] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1507.393351][T29687] CPU: 1 UID: 0 PID: 29687 Comm: syz.4.21324 Not tainted syzkaller #0 PREEMPT(full) [ 1507.393384][T29687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1507.393399][T29687] Call Trace: [ 1507.393409][T29687] [ 1507.393419][T29687] dump_stack_lvl+0xe8/0x150 [ 1507.393453][T29687] should_fail_ex+0x412/0x560 [ 1507.393479][T29687] _copy_from_iter+0x1d3/0x1670 [ 1507.393507][T29687] ? rcu_is_watching+0x15/0xb0 [ 1507.393537][T29687] ? __pfx__copy_from_iter+0x10/0x10 [ 1507.393577][T29687] ? netlink_sendmsg+0x650/0xb40 [ 1507.393599][T29687] ? skb_put+0x11b/0x210 [ 1507.393626][T29687] netlink_sendmsg+0x6c0/0xb40 [ 1507.393657][T29687] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1507.393682][T29687] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1507.393705][T29687] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1507.393726][T29687] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1507.393747][T29687] ____sys_sendmsg+0xa68/0xad0 [ 1507.393782][T29687] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1507.393819][T29687] ? import_iovec+0x73/0xa0 [ 1507.393847][T29687] ___sys_sendmsg+0x2a5/0x360 [ 1507.393878][T29687] ? __pfx____sys_sendmsg+0x10/0x10 [ 1507.393933][T29687] ? __fget_files+0x2a/0x420 [ 1507.393958][T29687] ? __fget_files+0x3a0/0x420 [ 1507.393992][T29687] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1507.394021][T29687] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1507.394056][T29687] ? __pfx_ksys_write+0x10/0x10 [ 1507.394083][T29687] do_syscall_64+0x14d/0xf80 [ 1507.394111][T29687] ? trace_irq_disable+0x3b/0x150 [ 1507.394138][T29687] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1507.394157][T29687] ? clear_bhb_loop+0x40/0x90 [ 1507.394179][T29687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1507.394197][T29687] RIP: 0033:0x7fa5b619c799 [ 1507.394215][T29687] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1507.394231][T29687] RSP: 002b:00007fa5b7078028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1507.394250][T29687] RAX: ffffffffffffffda RBX: 00007fa5b6415fa0 RCX: 00007fa5b619c799 [ 1507.394264][T29687] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000004 [ 1507.394276][T29687] RBP: 00007fa5b7078090 R08: 0000000000000000 R09: 0000000000000000 [ 1507.394288][T29687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1507.394298][T29687] R13: 00007fa5b6416038 R14: 00007fa5b6415fa0 R15: 00007ffc431eda98 [ 1507.394328][T29687] [ 1507.775097][T20772] Bluetooth: hci4: command tx timeout [ 1507.878120][T29509] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1507.891042][T29509] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1507.908215][T29509] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1507.932096][T29509] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1508.014673][T29709] netlink: 'syz.4.21331': attribute type 4 has an invalid length. [ 1508.143407][T29509] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1508.197910][T29509] 8021q: adding VLAN 0 to HW filter on device team0 [ 1508.228346][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 1508.235686][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1508.296794][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1508.304033][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1508.546650][T29728] syzkaller0: entered promiscuous mode [ 1508.571009][T29728] syzkaller0: entered allmulticast mode [ 1508.604003][T29733] netlink: 'syz.0.21341': attribute type 4 has an invalid length. [ 1508.899439][T29509] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1509.062933][T29509] veth0_vlan: entered promiscuous mode [ 1509.086464][T29509] veth1_vlan: entered promiscuous mode [ 1509.154710][T29509] veth0_macvtap: entered promiscuous mode [ 1509.170714][T29509] veth1_macvtap: entered promiscuous mode [ 1509.199135][T29509] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1509.228767][T29509] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1509.258524][T28579] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1509.279578][T28579] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1509.300125][T28579] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1509.313149][T28579] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1509.445450][T29763] FAULT_INJECTION: forcing a failure. [ 1509.445450][T29763] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1509.473015][T29763] CPU: 0 UID: 0 PID: 29763 Comm: syz.0.21352 Not tainted syzkaller #0 PREEMPT(full) [ 1509.473046][T29763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1509.473060][T29763] Call Trace: [ 1509.473069][T29763] [ 1509.473079][T29763] dump_stack_lvl+0xe8/0x150 [ 1509.473115][T29763] should_fail_ex+0x412/0x560 [ 1509.473148][T29763] _copy_from_user+0x2d/0xb0 [ 1509.473181][T29763] kstrtouint_from_user+0xd6/0x180 [ 1509.473211][T29763] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1509.473300][T29763] proc_fail_nth_write+0x8e/0x210 [ 1509.473330][T29763] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1509.473367][T29763] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1509.473397][T29763] vfs_write+0x29a/0xb90 [ 1509.473429][T29763] ? __pfx_vfs_write+0x10/0x10 [ 1509.473454][T29763] ? __fget_files+0x2a/0x420 [ 1509.473488][T29763] ? __fget_files+0x3a0/0x420 [ 1509.473517][T29763] ? __fget_files+0x2a/0x420 [ 1509.473556][T29763] ksys_write+0x150/0x270 [ 1509.473582][T29763] ? __pfx_ksys_write+0x10/0x10 [ 1509.473617][T29763] do_syscall_64+0x14d/0xf80 [ 1509.473650][T29763] ? trace_irq_disable+0x3b/0x150 [ 1509.473686][T29763] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1509.473708][T29763] ? clear_bhb_loop+0x40/0x90 [ 1509.473734][T29763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1509.473757][T29763] RIP: 0033:0x7ff1b175cfce [ 1509.473778][T29763] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1509.473797][T29763] RSP: 002b:00007ff1b2624fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1509.473821][T29763] RAX: ffffffffffffffda RBX: 00007ff1b26256c0 RCX: 00007ff1b175cfce [ 1509.473837][T29763] RDX: 0000000000000001 RSI: 00007ff1b26250a0 RDI: 0000000000000005 [ 1509.473851][T29763] RBP: 00007ff1b2625090 R08: 0000000000000000 R09: 0000000000000000 [ 1509.473866][T29763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1509.473879][T29763] R13: 00007ff1b1a16038 R14: 00007ff1b1a15fa0 R15: 00007ffd903b7798 [ 1509.473915][T29763] [ 1509.706093][T22168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1509.727284][T22168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1509.777245][T29765] netlink: 'syz.4.21353': attribute type 4 has an invalid length. [ 1509.789729][T22168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1509.799415][T22168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1509.992080][T29771] netlink: 12 bytes leftover after parsing attributes in process `syz.2.21259'. [ 1510.035804][T29771] netlink: 12 bytes leftover after parsing attributes in process `syz.2.21259'. [ 1510.050287][T29778] veth0: entered promiscuous mode [ 1510.051149][T29771] [ 1510.057725][T29771] ====================================================== [ 1510.064762][T29771] WARNING: possible circular locking dependency detected [ 1510.071819][T29771] syzkaller #0 Not tainted [ 1510.074348][T29772] syzkaller0: entered promiscuous mode [ 1510.076236][T29771] ------------------------------------------------------ [ 1510.076249][T29771] syz.2.21259/29771 is trying to acquire lock: [ 1510.082808][T29772] syzkaller0: entered allmulticast mode [ 1510.088737][T29771] ffffffff8fd48ad8 (nr_neigh_list_lock){+...}-{3:3}, at: nr_del_node+0x57d/0xbb0 [ 1510.109666][T29771] [ 1510.109666][T29771] but task is already holding lock: [ 1510.117043][T29771] ffff8880a6d1c670 (&nr_node->node_lock){+...}-{3:3}, at: nr_del_node+0x2a9/0xbb0 [ 1510.126330][T29771] [ 1510.126330][T29771] which lock already depends on the new lock. [ 1510.126330][T29771] [ 1510.136760][T29771] [ 1510.136760][T29771] the existing dependency chain (in reverse order) is: [ 1510.145797][T29771] [ 1510.145797][T29771] -> #2 (&nr_node->node_lock){+...}-{3:3}: [ 1510.153824][T29771] _raw_spin_lock_bh+0x36/0x50 [ 1510.159145][T29771] nr_rt_device_down+0x153/0x860 [ 1510.164635][T29771] nr_device_event+0x137/0x150 [ 1510.169945][T29771] notifier_call_chain+0x1be/0x400 [ 1510.175606][T29771] __dev_notify_flags+0x16d/0x310 [ 1510.181183][T29771] netif_change_flags+0xe8/0x1a0 [ 1510.186668][T29771] dev_change_flags+0x130/0x260 [ 1510.192061][T29771] dev_ioctl+0x7b4/0x1150 [ 1510.196938][T29771] sock_do_ioctl+0x23e/0x320 [ 1510.202070][T29771] sock_ioctl+0x5c6/0x7f0 [ 1510.206938][T29771] __se_sys_ioctl+0xfc/0x170 [ 1510.212072][T29771] do_syscall_64+0x14d/0xf80 [ 1510.217209][T29771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1510.223651][T29771] [ 1510.223651][T29771] -> #1 (nr_node_list_lock){+...}-{3:3}: [ 1510.231501][T29771] _raw_spin_lock_bh+0x36/0x50 [ 1510.236829][T29771] nr_rt_device_down+0xbe/0x860 [ 1510.242270][T29771] nr_device_event+0x137/0x150 [ 1510.247589][T29771] notifier_call_chain+0x1be/0x400 [ 1510.253252][T29771] __dev_notify_flags+0x16d/0x310 [ 1510.258840][T29771] netif_change_flags+0xe8/0x1a0 [ 1510.264337][T29771] dev_change_flags+0x130/0x260 [ 1510.269746][T29771] dev_ioctl+0x7b4/0x1150 [ 1510.274614][T29771] sock_do_ioctl+0x23e/0x320 [ 1510.279780][T29771] sock_ioctl+0x5c6/0x7f0 [ 1510.284676][T29771] __se_sys_ioctl+0xfc/0x170 [ 1510.290072][T29771] do_syscall_64+0x14d/0xf80 [ 1510.295213][T29771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1510.301649][T29771] [ 1510.301649][T29771] -> #0 (nr_neigh_list_lock){+...}-{3:3}: [ 1510.309578][T29771] __lock_acquire+0x15a5/0x2cf0 [ 1510.314975][T29771] lock_acquire+0xf0/0x2e0 [ 1510.319934][T29771] _raw_spin_lock_bh+0x36/0x50 [ 1510.325243][T29771] nr_del_node+0x57d/0xbb0 [ 1510.330199][T29771] nr_rt_ioctl+0xb34/0xf90 [ 1510.335172][T29771] sock_do_ioctl+0x101/0x320 [ 1510.340307][T29771] sock_ioctl+0x5c6/0x7f0 [ 1510.345171][T29771] __se_sys_ioctl+0xfc/0x170 [ 1510.350306][T29771] do_syscall_64+0x14d/0xf80 [ 1510.355452][T29771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1510.361893][T29771] [ 1510.361893][T29771] other info that might help us debug this: [ 1510.361893][T29771] [ 1510.372249][T29771] Chain exists of: [ 1510.372249][T29771] nr_neigh_list_lock --> nr_node_list_lock --> &nr_node->node_lock [ 1510.372249][T29771] [ 1510.386112][T29771] Possible unsafe locking scenario: [ 1510.386112][T29771] [ 1510.393583][T29771] CPU0 CPU1 [ 1510.398965][T29771] ---- ---- [ 1510.404346][T29771] lock(&nr_node->node_lock); [ 1510.409139][T29771] lock(nr_node_list_lock); [ 1510.416266][T29771] lock(&nr_node->node_lock); [ 1510.423567][T29771] lock(nr_neigh_list_lock); [ 1510.428263][T29771] [ 1510.428263][T29771] *** DEADLOCK *** [ 1510.428263][T29771] [ 1510.436421][T29771] 2 locks held by syz.2.21259/29771: [ 1510.441722][T29771] #0: ffffffff8fd48b38 (nr_node_list_lock){+...}-{3:3}, at: nr_del_node+0x253/0xbb0 [ 1510.451244][T29771] #1: ffff8880a6d1c670 (&nr_node->node_lock){+...}-{3:3}, at: nr_del_node+0x2a9/0xbb0 [ 1510.460930][T29771] [ 1510.460930][T29771] stack backtrace: [ 1510.466836][T29771] CPU: 0 UID: 0 PID: 29771 Comm: syz.2.21259 Not tainted syzkaller #0 PREEMPT(full) [ 1510.466861][T29771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1510.466874][T29771] Call Trace: [ 1510.466883][T29771] [ 1510.466893][T29771] dump_stack_lvl+0xe8/0x150 [ 1510.466922][T29771] print_circular_bug+0x2e1/0x300 [ 1510.466952][T29771] check_noncircular+0x12e/0x150 [ 1510.466982][T29771] __lock_acquire+0x15a5/0x2cf0 [ 1510.467016][T29771] lock_acquire+0xf0/0x2e0 [ 1510.467038][T29771] ? nr_del_node+0x57d/0xbb0 [ 1510.467055][T29771] ? nr_del_node+0x247/0xbb0 [ 1510.467072][T29771] ? nr_del_node+0x57d/0xbb0 [ 1510.467086][T29771] _raw_spin_lock_bh+0x36/0x50 [ 1510.467111][T29771] ? nr_del_node+0x57d/0xbb0 [ 1510.467127][T29771] nr_del_node+0x57d/0xbb0 [ 1510.467147][T29771] nr_rt_ioctl+0xb34/0xf90 [ 1510.467179][T29771] ? kasan_quarantine_put+0xbb/0x1f0 [ 1510.467196][T29771] ? __pfx_nr_rt_ioctl+0x10/0x10 [ 1510.467228][T29771] ? apparmor_capable+0x126/0x170 [ 1510.467257][T29771] ? capable+0x88/0xe0 [ 1510.467280][T29771] ? nr_ioctl+0x1b1/0x3b0 [ 1510.467305][T29771] sock_do_ioctl+0x101/0x320 [ 1510.467325][T29771] ? __pfx_sock_do_ioctl+0x10/0x10 [ 1510.467343][T29771] ? do_futex+0x395/0x420 [ 1510.467372][T29771] sock_ioctl+0x5c6/0x7f0 [ 1510.467398][T29771] ? __pfx_sock_ioctl+0x10/0x10 [ 1510.467415][T29771] ? __fget_files+0x2a/0x420 [ 1510.467440][T29771] ? __fget_files+0x3a0/0x420 [ 1510.467464][T29771] ? __fget_files+0x2a/0x420 [ 1510.467491][T29771] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1510.467513][T29771] ? __pfx_sock_ioctl+0x10/0x10 [ 1510.467530][T29771] __se_sys_ioctl+0xfc/0x170 [ 1510.467551][T29771] do_syscall_64+0x14d/0xf80 [ 1510.467578][T29771] ? trace_irq_disable+0x3b/0x150 [ 1510.467604][T29771] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1510.467622][T29771] ? clear_bhb_loop+0x40/0x90 [ 1510.467642][T29771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1510.467660][T29771] RIP: 0033:0x7fe0b679c799 [ 1510.467678][T29771] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1510.467695][T29771] RSP: 002b:00007fe0b771d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1510.467715][T29771] RAX: ffffffffffffffda RBX: 00007fe0b6a15fa0 RCX: 00007fe0b679c799 [ 1510.467729][T29771] RDX: 0000200000000000 RSI: 000000000000890c RDI: 0000000000000005 [ 1510.467742][T29771] RBP: 00007fe0b6832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1510.467754][T29771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1510.467765][T29771] R13: 00007fe0b6a16038 R14: 00007fe0b6a15fa0 R15: 00007ffd37d60da8 [ 1510.467787][T29771] [ 1510.730166][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 1510.938347][T29776] veth0: left promiscuous mode