last executing test programs: 4.626373656s ago: executing program 0 (id=26357): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x11, &(0x7f0000000100)="e1ff46bd3bf574b7c1f6f585862b", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 4.379591388s ago: executing program 0 (id=26360): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x2, 0x3, 0x0, 0x3, 0xb, 0x0, 0x70bd2c, 0x25dfdbfb, [@sadb_key={0x2, 0x9, 0x40, 0x0, "ff02000000000000"}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast2, 0x7}}]}, 0x58}, 0x1, 0x7}, 0x4008000) 4.23782403s ago: executing program 0 (id=26364): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c00000095000000000000002b4003fe37a077ae55f52c0d80a2649baca85309be96d5a45bbbdb5ff7ffffffd075b3eee14473f51be98db7efbb059842badcfc81364470e8e04acb807fbbabc68abdcce9f672b6bb61c302dfd5c11071adac29fd64d33a3502fbeb1ed99dd0e792f24c420bfcc2635421d339ad521d6953b1137850d9e9ebf65ee988ea2dbee528678eb47efb7b3f19046c6f1bd1bf56e5853ed96137f95b3a11954ed1c8a8676468cf2405e48723d4b1ff"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x18) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x6000, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r0}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, 0x0) 3.346856749s ago: executing program 1 (id=26377): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="340000001a00100029bd7000000000000a0000000000ff0000000000080006000400000008000400", @ANYRES32=0x0, @ANYBLOB="080010000a"], 0x34}}, 0x20000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c00000400"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) 3.183451719s ago: executing program 3 (id=26381): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) recvmsg$unix(r3, 0x0, 0x2) getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000180)={@initdev}, &(0x7f00000001c0)=0x14) sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={0x28, r1, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_DEVICE={0xc, 0x2e, 0x0, 0x1, [@NL802154_DEV_ATTR_FRAME_COUNTER={0x6, 0x1, 0x3}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x40000c0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYRES32=r1, @ANYRES32, @ANYRESDEC=r1, @ANYBLOB="06c7e5d865c6f654c4a3eb729a52c604978cec35f9e12919b87d6d2a747aeae84da11b0baa3b113cc01d4f8a446553acaffe628360c452601056535a01d9f406e76bc8f4b5f4419c0c232307e11b0db9f1c0ba0586bba4b358a96bfffa46aea311c9969aafb0984cde00bd4c86334624bc5b3c8eb8985181c8cc0645f47937af8176fed29c491db510ba11e6936728c11b34bc1eccd2ddea7f884eb52a0e5531e62eb0154cb5b0ad999a21320e2db152590b567a14bfcd48c431d41b75a3", @ANYRES32=r2, @ANYRES8=r1, @ANYRESDEC=r2, @ANYRES64=r1], 0x48) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r4}, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x10, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x4, 0xffb, &(0x7f0000002500)=""/4091, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) 2.992723475s ago: executing program 1 (id=26382): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$igmp(0x2, 0x3, 0x2) getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000200)={@empty}, 0x0) socket$netlink(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xf, 0xf}}}, 0x24}}, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r5, {0xf000, 0xffff}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0x0, 0xfff1}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) 2.99160736s ago: executing program 3 (id=26383): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x10, 0x803, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) bind$nfc_llcp(r1, &(0x7f0000000100)={0x27, 0x0, 0xffffffff, 0x7, 0x0, 0x6, "750538d1ee602ec4802a04ea7cdcd151bb2cd9893bc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec275000386e7d95f0669b740a5418d69d0", 0x10000000000001}, 0x60) getsockname(r1, 0x0, &(0x7f0000000080)) socket$inet6_sctp(0xa, 0x5, 0x84) socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="1802000002000000000000000000000085000000050000001801000020646c2500000000002020207b1af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03000000000000000000020000000900020073797a3100000000080003400000000109000100"], 0x34}}, 0x0) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000002680)={0x0, 0x0, &(0x7f0000002640)={&(0x7f0000000000)=ANY=[@ANYBLOB="40000000090601020000000000000000000000010900020073797a3100000000100008800c000780080009400000a0cd080009400000000607000100070000", @ANYRESDEC, @ANYRES32=r0, @ANYRESDEC=r0], 0x40}}, 0x4400d040) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_WIPHY(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x44, r4, 0x200, 0x70bd27, 0x25dfdbff, {}, [@NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x80000000}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x4}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8, 0x6a, 0x3}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x8}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x2197d059}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x9}]}, 0x44}, 0x1, 0x0, 0x0, 0x40010}, 0x40000000) socket$nl_netfilter(0x10, 0x3, 0xc) (async) socket(0x10, 0x803, 0x0) (async) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) (async) bind$nfc_llcp(r1, &(0x7f0000000100)={0x27, 0x0, 0xffffffff, 0x7, 0x0, 0x6, "750538d1ee602ec4802a04ea7cdcd151bb2cd9893bc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec275000386e7d95f0669b740a5418d69d0", 0x10000000000001}, 0x60) (async) getsockname(r1, 0x0, &(0x7f0000000080)) (async) socket$inet6_sctp(0xa, 0x5, 0x84) (async) socket$netlink(0x10, 0x3, 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="1802000002000000000000000000000085000000050000001801000020646c2500000000002020207b1af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03000000000000000000020000000900020073797a3100000000080003400000000109000100"], 0x34}}, 0x0) (async) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000002680)={0x0, 0x0, &(0x7f0000002640)={&(0x7f0000000000)=ANY=[@ANYBLOB="40000000090601020000000000000000000000010900020073797a3100000000100008800c000780080009400000a0cd080009400000000607000100070000", @ANYRESDEC, @ANYRES32=r0, @ANYRESDEC=r0], 0x40}}, 0x4400d040) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) (async) sendmsg$NL80211_CMD_SET_WIPHY(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x44, r4, 0x200, 0x70bd27, 0x25dfdbff, {}, [@NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x80000000}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x4}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8, 0x6a, 0x3}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x8}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x2197d059}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x9}]}, 0x44}, 0x1, 0x0, 0x0, 0x40010}, 0x40000000) (async) 2.608830129s ago: executing program 3 (id=26386): r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, 0x0, &(0x7f0000000040)=0x51) ioctl$SIOCX25SENDCALLACCPT(0xffffffffffffffff, 0x89e9) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c) unshare(0x2c020400) r1 = socket(0x11, 0x3, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000080)=0x2918, 0x4) sendmmsg(r1, &(0x7f0000000000)=[{{&(0x7f0000000640)=@qipcrtr={0x2a, 0x1, 0x4001}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000040)="d479183d7d98d181a4b5f3e38100e2f288a8d2", 0x13}, {&(0x7f0000001c00)="659900c3f7c8e544e1abc41796cae4c9908368acb3abdb908ada84b1c98b91c34352f80ed64e4606a25bcbab94869ac816a7fb9c29a8c768fbffb21ad7f6013ff676da589c2e0865cfd321543070c3dd36bf94deb1d137c220d9c559", 0x5c}], 0x2}}], 0x1, 0x24044015) recvmmsg(r1, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000005c0)=""/126, 0x6e}], 0x40}, 0x2}, {{&(0x7f0000000540)=@l2tp6={0xa, 0x0, 0x0, @private1}, 0x0, &(0x7f0000000800)=[{&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/20}], 0x0, &(0x7f0000000840)=""/138}, 0x4}], 0x1, 0x2002, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a20000000002a05000000000000000000010000000900010073797a30000000002c000000030a01010000000000000000010000000900150073797a31000000000900010073797a300000000044000000060ae4e533c1000000000000010000001c0004801800018008000100647570000c000280080002400000000908000b40c19a292900010073797a3000000000140000001100010000000000000000000000000ac0e87749a49fc720a0fa3351d03897b4cf0c65e261e129a3ba305c1f0598a79076e194eb560ee1a32c9e507f67a4fea34638811408f0eaa3d80ff6e4fe411801dd309e4b32ac254bcd4852883d248ab26ea21224d3bbd2b398d52a06000008f462f2276c67c0e52eeaebedb30938c00c21498700f56d0ce18268c544091289f3b2c1ca2002e2923bd5e5d795ac"], 0xb8}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000180)=0x4000000) ioctl$PPPIOCSFLAGS1(r3, 0x40047459, &(0x7f0000000080)) pwritev(r3, &(0x7f0000000100)=[{&(0x7f0000000540)="00214797357e0e8d442441e9beae583d48ac340dc69d54af976b6a7c18c4907ed175462f18ec0e16ad9f57abed3bad46320d0d4abf7c3a617f1b2fbe8b338d1fce4490668ce9faadcf6b44b9906eeb59241caa04a1bf2399f37a7f221861e3580bdf025cb470613b79119f1c9fe8b9ee5d1f41b6af7d12a2ba71c7a74727cece06221eadc4d7137811e483a94c1164f4496f0fe1829f55cd2d91b74aeee64bc05e7014dbb599bad1be2d8ced5b1a3131", 0xb0}, {&(0x7f0000000240)}], 0x2, 0x739, 0x1) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000200)={&(0x7f0000000000)=""/5, 0x214000, 0x800}, 0x20) setsockopt$XDP_TX_RING(r4, 0x11b, 0x3, &(0x7f00000005c0)=0x200000, 0x4) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x20, 0x0, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}}, 0x4090) r5 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f00000000c0)=0x20000, 0x4) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000400)={'dummy0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r4, &(0x7f0000000100)={0x2c, 0x0, r6}, 0x10) setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000040)=0x800, 0x4) r7 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r7, &(0x7f0000000000)={0x2a, 0x0, 0x7ffe}, 0xc) 2.590361402s ago: executing program 1 (id=26387): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000002000000000000000008"], &(0x7f00000003c0)='GPL\x00'}, 0x94) r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) syz_emit_ethernet(0x4e, &(0x7f0000002e40)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x18, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x89, 0x0, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}}}}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r1) r3 = socket$tipc(0x1e, 0x2, 0x0) connect$tipc(r3, &(0x7f0000003100)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r1) sendmsg$NLBL_MGMT_C_VERSION(r1, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x58, r4, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_MGMT_A_DOMAIN={0x8, 0x1, 'GPL\x00'}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @empty}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xa}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @empty}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x11}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x58}, 0x1, 0x0, 0x0, 0x8000000}, 0x20000000) r5 = socket$kcm(0x21, 0x5, 0x2) sendmsg$kcm(r5, &(0x7f0000000280)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x8205, @multicast2}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYRESHEX=r1], 0x10b8}, 0x200008c0) close(0x3) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x800) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r6, 0x107, 0x12, 0x0, 0x0) r7 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_TIMESTAMP(r5, 0x1, 0x1d, &(0x7f0000000300)=0x8f96, 0x4) bind$packet(r7, 0x0, 0x0) setsockopt$packet_fanout(r7, 0x107, 0x12, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000007c0)={0xffffffffffffffff, &(0x7f00000004c0)="169c7f7f8f66e881576eb37ef9804d469d33b075c0fc1917d619312807ba04cfb8622473949c8f0b40b7105ec64655c1c2e4f27f25651710e9773825440f87553e54170033754fe9c9413acb13d677a97c2d90c40a748c43d26d5c7ce857836969c1adf8aa4c2fd9a7e6009b6e18f69d46296191973ba1e19731d11e8ca5381e1046267c626690b01b573e4ebf79e5c4407beae94dd5bb0f86f47a16497714651d7a0f107e0c80109325f8618a6ec080a50fe8b24fba", &(0x7f00000006c0)=@buf="3c4370e1e6fa399db697b5216a4cae34e843c4a612dce2377dc28f1bf052253cccf7976609484746e49ea15f5e7e16c5f895a2714ca7dbf8e7ad2507c3d2a0cf7903ab05ac3e7e9f8a8b084647ad623a14ec4e0bb72a385590b3dad038145e936d665b52c7b5a78dce885c70b67b9d89cadb1a00c31ee6442173851ec58baef9300e59ad808c16aa56b67148d171c270c22aa3ef9b7d15e094a9522833d6f8cc736b89c91bc6b3513739e645a178d6008367ee4b047169b5982520fdac82ea8f01e3dd00ed6b37dd3b00", 0x4}, 0x20) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00'/15, @ANYRES16=r2, @ANYBLOB="07062dbd7000fcdbdf252d0000000a0001007770616e3000000008002f0005000000"], 0x28}}, 0x40000) socket$key(0xf, 0x3, 0x2) 2.534967582s ago: executing program 2 (id=26388): syz_emit_ethernet(0x50, &(0x7f0000000000)={@broadcast, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x42, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr=0x64010101, @broadcast}, @parameter_prob={0xc, 0x0, 0x0, 0x60, 0x5, 0x0, {0x8, 0x4, 0x3, 0x7, 0xffff, 0x65, 0x3, 0xa4, 0x84, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty, {[@noop, @timestamp={0x44, 0x8, 0x90, 0x0, 0x5, [0x6]}]}}, "f6f5dd764fbf"}}}}}, 0x0) 2.411422072s ago: executing program 2 (id=26390): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x44, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) 2.395099207s ago: executing program 2 (id=26391): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003e40)=@newtaction={0x60, 0x30, 0xffff, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x1, 0x9, 0x4, 0x5, 0x1}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}}, 0x0) (fail_nth: 11) 2.37944039s ago: executing program 1 (id=26392): r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) bind$inet(r1, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa11000001"], 0x0) setsockopt$sock_timeval(r1, 0x1, 0x42, &(0x7f0000000180)={0x77359400}, 0x10) recvmmsg(r1, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0}, 0x275a}], 0x1, 0x60010000, 0x0) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(r1, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x2, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4090) writev(r2, &(0x7f0000000280)=[{&(0x7f0000001040)="3e98021422576e1f8f1d2ac6dd60fa759900", 0x12}], 0x1) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r3, &(0x7f0000000000)={0x2a, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x9}, 0xe) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x13, r2, 0x0) getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f00000000c0), &(0x7f0000000100)=0x4) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58) 1.938983957s ago: executing program 2 (id=26394): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket(0xa, 0x5, 0x0) listen(r2, 0x100) sendmmsg$inet_sctp(r2, &(0x7f0000004940)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="2000000000000000840000000200000001800801"], 0xe8, 0x4000}], 0x1, 0xc034) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) recvmmsg(r1, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, r1, 0x4000) r3 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_int(r3, 0x107, 0x11, 0x0, &(0x7f00000002c0)) 1.019392364s ago: executing program 1 (id=26397): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$igmp(0x2, 0x3, 0x2) getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000200)={@empty}, 0x0) socket$netlink(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xf, 0xf}}}, 0x24}}, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r5, {0xf000, 0xffff}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0x0, 0xfff1}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) 970.502955ms ago: executing program 4 (id=26398): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0xa, [@float={0x9, 0x0, 0x0, 0x10, 0x2}, @struct={0x0, 0x1, 0x0, 0x4, 0x1, 0xc, [{0x6, 0x1, 0x3}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x2e, 0x2e, 0x61, 0x0]}}, 0x0, 0x46, 0x0, 0x1}, 0x28) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYRES32=r0], 0x28}, 0x1, 0x0, 0x0, 0x400c081}, 0x0) 860.591156ms ago: executing program 2 (id=26399): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x20000000) r1 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r1, 0x29, 0xd4, &(0x7f0000000040), 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="00000000040000090000000000000000850000006a0000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00v\x00\t'], 0x24}, 0x1, 0x5502000000000000}, 0x20008040) 803.435693ms ago: executing program 4 (id=26400): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES64=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES16=r2, @ANYRESHEX, @ANYRES32=r2, @ANYRES32=0x0], 0x50) r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) write$nci(r3, 0x0, 0x4) mmap(&(0x7f0000007000/0x3000)=nil, 0x3000, 0x1800003, 0x1010, r3, 0x96c67000) socket$nl_netfilter(0x10, 0x3, 0xc) socket$kcm(0x21, 0x2, 0x2) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000380)={0x29e9c931, 0x3, 0x0, 0x4}, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000010c0)=ANY=[@ANYBLOB="200000001600010a00000000000000000a0000000c0000800800", @ANYRES16=r4], 0x20}, 0x1, 0x0, 0x0, 0x200c0801}, 0x0) 803.048771ms ago: executing program 0 (id=26401): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x44, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) 776.584756ms ago: executing program 3 (id=26402): r0 = socket$kcm(0x11, 0xa, 0x300) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xd, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="720ac4ff000000007110c4000000000095"], &(0x7f0000000480)='GPL\x00'}, 0x94) socket$igmp6(0xa, 0x3, 0x2) unshare(0x20000400) r1 = epoll_create1(0x0) epoll_pwait(r1, 0xfffffffffffffffc, 0x40, 0x8000005, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8b04, &(0x7f0000000040)={'wlan1\x00', @random="c3000e000300"}) 697.366734ms ago: executing program 2 (id=26403): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x50}, [@ldst={0x3, 0x2, 0x3, 0x1c10a1, 0x0, 0x9b}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha12\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000)="b7f2288d3aaea2bc0000def1260a00"/32, 0x20) r2 = accept(r1, 0x0, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f00000013c0), r2) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0x801, 0xfffffffd, 0x8000000, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20421}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040000}, 0x8024) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, 0x0, 0x0) readv(r3, &(0x7f0000000200)=[{&(0x7f0000001b80)=""/4096, 0x1000}], 0x1) sendmsg$can_bcm(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES64=0x0], 0x80}}, 0x0) r6 = socket(0xb, 0x2, 0x5) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="500000000206030000000000000000000d0000000c000300686173683a69700005000400000000000900020073797a31000000000c000780080008400000005d05000500020000000500010006"], 0x50}}, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)={0x40, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x8}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c0000000706010800000000000000000a0000040500010007000000925c9885fdb7f9fc5a2b3fd8de7cd7331a984e37747c3d3f6f086e6d0f68387d7739718ecfd79786e5fce277c58a3ff7f699de62b2a50f1a71c380ebb15f99858cc86045f5709929197c5728e865add3793ca27c70b34f1345de90a5cd34b4e7f764a010a001e69797ead703711817b0cf2fb1c6473d1cdf9ef8fc2fd8636ae63073a29c90b5f89ca0d76bc42c1573962787c5cbf3ee2ce8d48a9fe9ae8e4b7dfd7dfa696c320d85114cab1ad7689da12c9b73f28e218a7acb5d57b70af3d2b6b95f0633b269b0e6d64a4e16a6b295c96bdf493711c2d6eed50906f92504314b12b4719c24ff9c"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0xfffffffffffffdd4, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0xd, 0x7}, {0xffff, 0xffff}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x5}]}, 0x2c}}, 0x0) 683.900826ms ago: executing program 0 (id=26404): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x4, 0x1c, &(0x7f0000000380)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x18}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0xb, 0x9, 0x0, 0x1, 0x4100}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x0, 0x3, 0xa, 0x9, 0xfe04}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="400000001000390400000000fbdbdf2500000000", @ANYRES32, @ANYBLOB="01980400419a0400200012800800010073697401050005"], 0x40}}, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e24, @remote}, 0x10) 657.906866ms ago: executing program 1 (id=26405): sendmsg$key(0xffffffffffffffff, 0x0, 0x48004) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x6, 0xd, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000950000000000000018400000ffffffff000000"], &(0x7f0000000740)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x2}, 0x94) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000dc0)="ad56b6bd38e9b49dcd3ef0e1e8be9100ca1bcc242f77727e63f995e2a1055cf7b9adabe2785da999042cc1f6a0d5b7997245ff03c91fea3d4c2b4492e92f4e1192ecb25f3ff504ddc8b5efea473cddd32ee046a3e15bc59665332f1316887c00491bb3f3daa8d5859647abe78c4cc39d78f6003922ec36f19bc1070db26572508a0a12cd8cf67c654c3551f31f830d203235af285db6", 0xfffffd5d) r1 = accept4(r0, 0x0, 0x0, 0x800) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1342, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000340)="448b7c", 0x3}, {&(0x7f0000000140)="03be00fbb46ecedbe0090a43dd5802f712a325c987d70c115c6575f3433cf2c936e3de3b89d0f5e771", 0x29}], 0x2) sendmmsg$alg(r1, &(0x7f0000000c00)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380), 0x0, 0x408d5}, {0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000004c0)="543e7a9861b46ff84ad4c3669438f04feda3a77212d258a25fa7a37b66832b6d5826032f52364ef93c9544b888a93e52b5f783a1d3cdd7bd5d05c38a5e5458d5dbcd255cedfa388ce02c1f973eaf0f1dea66213d0ba46615a7dd69ac2e0eaea35f11151467977621d5", 0x69}], 0x1, 0x0, 0x0, 0x8800}, {0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000cc0)="acfef2ec4a27854d3ab6fae2236675ed9c0032aeb31c71fce6fb461e2c34846d446442b0016a7678ec55e74725493d9bca94bf4c5908a973fb2eadb8532a78a571b63a5c1a824fb01f684606394aeebc336b6bc32e3662c5be1a477e3a5fd26c9917a398dc8917a076f4dc47b4b27e3c2e761936691b56f98ab2e1c7517602c7f0e6c01399c9c581b6c6985e4d7ee052b18566562e4ff2b0b0314c16bfefcc181c0a2f85a1bd565902e57a3dc17148d7fdde5eba", 0xb4}, {&(0x7f0000000880)="f08452eb3e305b7ecc4f712ef3d86a121669f771cd1e6289b5c34e7da6d6c20adc6389d470afacb2684dae", 0x2b}, {&(0x7f00000008c0)="906d5f46b2d5393e05318a1abdbbe0f9ddd9441e9f316cccbb2aa0db3ac614555290e4ae59e79b7a022782ab3ee9faa40b965b6d013ea6cfab176eb0991f507b64b0f34c9e1a13a31e4449a5b29cecdcec889777af40acfa9e95baabb6eda57468097bd33fd25f53e6a4f4401651cd7ba1a5de852918", 0x76}, {&(0x7f0000000ac0)="91ec159b72c6b1e80165cc7561e70f03521b16a74716825382e0ad49ac36ff04172dca961f09739b66632399e75e0cb03978a5c95d3e90b26ac930cf61ea3ec4996b2fcb90c6d84243d6ddce45f0a36a82b25633ebad15bbb8aa6ded38e64ad4d3d17a69884216a522a657087e5896575eae1e85bf282f6eafcb9e1335c38316e52b8991253a04dc85943ab8e2a94b7dd10e5547e697b2a3b0049ef5c2f324a5276e95be24d087d74786722c4dd5ccded13f0872b1e8e9dcfeaf69cee58a8d6a8671541018d8a7a2fd82a695878ce085a6f991160f0ded7c975fa6680f", 0xdd}], 0x4, 0x0, 0x0, 0x10}], 0x3, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket(0x2a, 0x2, 0x0) getsockname$packet(r6, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newtfilter={0x5c, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r7, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}, @filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ENC_UDP_SRC_PORT={0x6}, @TCA_FLOWER_KEY_CT_STATE={0x6, 0x5b, 0x31}, @TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x8000}]}}]}, 0x5c}}, 0x4000) socket$netlink(0x10, 0x3, 0x0) 555.969665ms ago: executing program 4 (id=26406): r0 = socket$alg(0x26, 0x5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) writev(r1, &(0x7f0000000280)=[{&(0x7f0000001040)="3e98021422576e1f8f1d2ac6dd60fa759900", 0x12}], 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x13, r1, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x1000000, 0x0, 'sha512\x00'}, 0x58) 447.207242ms ago: executing program 0 (id=26407): bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x6, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket(0x29, 0x5, 0x0) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000080)={'dummy0\x00', 0xdc050000}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="338f556852842518c465780f3b5c00000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x1c, &(0x7f00000005c0)=ANY=[@ANYRES8=0x0, @ANYRES32=r1, @ANYBLOB="0002000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000004000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000000000208500000017000000bf91000000000000b7020000210000008500000084000000b70000000000000095"], 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r2, 0xfffffffc) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, 0x0, 0x0) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$kcm(r4, &(0x7f0000001900)={0x0, 0x0, 0x0}, 0x20040000) sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000c40)={0x14, 0x24, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'dummy0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001780)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r8, {0x3, 0xa}, {0xffe0, 0xd}, {0x2, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x4051}, 0x4000000) r9 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r9, 0x400454da, &(0x7f0000000080)={'batadv0\x00'}) r10 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$inet_sctp(r10, &(0x7f0000002440)={&(0x7f0000000000)=@in={0x2, 0x4e24, @rand_addr=0x64010101}, 0x10, &(0x7f00000023c0)=[{0x0}], 0x1, 0x0, 0x0, 0x24040000}, 0xc0) sendmsg$inet_sctp(r10, &(0x7f0000000140)={&(0x7f0000000700)=@in={0x2, 0x4e1d, @loopback}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000740)="1931ab5cab8ab678bf0d9ba57399dc0f485423d397033e074e1cffebaa38e2f9f66b654542624f60853fa2de3115ca8b4089319cc0861c0b55b8e6da745418d5355a4f6856b7e152099a32179a07a890d9dc3bcd3894addf7aa162f46f9d2b6e9ba1c58053710662ff0cf416d3152976535ce959d7907c87b6182c1ee01d7b6b4cc1807f39421ca79342432a680c1b2af2357c61d782d124665b9a2faa50e5dfb8f1987a4cda683f6b6fe77065a398eb343d8b64940ab3f8eb924609adf6b5bc7c3a78a5099df2699aed90f0abb42a93bd6b9637aa0591ba309c8c985d5e29b302715b65b2f12c0dc9a431e7d17677bcfac755cf190d4b1cb2160a6cbe2a364d8676bca552ec6855c6f27a010eb22155681b067164b39a1a9f5955980c2cc86a5e67d7093ab41ece096c705b7cb3133d892b82dbbe0fe19e7b509c2a497dd58ade63af3da7de68e6cd0aa381fb3575c73f40327fd54638a8903f35b3c25b2f57a91739356f26602994471367eeadf360ca85c97711377edc9e15af990c83f8f6d3dbbb03c52cdb0097b8a9e1ad5e85a3926cadf1b5eb1aaadae7828d800d26801feb32700f13368e75d254c50253b23df6dba1179ae2588879c2779b23fc42d955ab39377089e97d6ae83751fe96fc761a336b27f8ca50c99dae1b257261586a2ba1c1d7d19f225947a910d96b26363ff60f315de424ff99f0812fd9c162bb1bf36440782e253ef9859d5410e78b4fdd0d02df79abd28f98ca31b8c2f23aacb6f2d5886f7b8e2b41158417bfd697b006d907eed3d9b394d17fe32394e1fcb24a9abb2dfa2d0b54d23097cae2b5d1b0a186579770769b623072bdf240376d238ff8ea9dde0a8cbef8b52be4a84c9e6a77acccebd139ae2eaf459332bea0d0a6eacb30ca0cd96097031c41f4e1afd70e397f05787c89e13731b97e921d35c533bbfee2d403a8973e24440dff1c95299d005d5bb86b05bdf3b130d8c6c3632dc24edfbc5cf589a14558946ed94ab14d7295363e0411c7ec119f959707176e790249379ab3a56a1472e40be0d883318e8c4ba0a8029959a3c388b5e1d8ba295105ef308f897d384d646a08d8f2947d5a4df0587ec9d483e11d298ccca701069c47cc1785a8e9169d3b2a865b2163761ccd6922880d32740d495bdea21d741d004bb378356da1c505c05d75b0cbf50a59b9ad12f08a4607792807e93a04890dec1e371842fcea5ddef02822ecbf00f358c28baafe5b0191a5a75d510ac4f1d41508c8df83d62586577d381bb6efaf71b30e2f154d0b891bbbff1254b96b3d5f8561ed9d2f421f5bf1c7053b5dff8e53ab8c72fb3062aa49e13fce6379c0c178c48147179691289266e687f8443fb570568d8cd3a9346d2c077de46d4307e6ceaa434671f241c93da3eda8583f79b475f31d95b5e48c699084bf4ccb8e6e5990570fab36d21812ad9032395b09a7db0ddc8ffccad1a6246091d5de2d7f731690bf33a39b92b5395e6c5f8811c31da597021362ff83aca0b36666d9d8a18094c5cf87f80be35fdfd197669004ee7c899b543f41c2a99251c6c59eb0dfa48a8c58c674ac125269b86b4573ada43d4aec145dc92c39f7bba7bced76bb59dbaeb13b9f0fb461336dd790bce6bde268ca9b89841ce2d0ce57afd81a28fc1b3f4ad0ac23fea9eb43483995708e2faa1f9b200f0f26e74534a0b8bbbd213ac22d9e36fb763b855c990e6d3707d9f5fa48220d60e33c2d140268cad7c0152c1b2b02df86164059bc9eb50dcec40a9a256224b7bddce3c24ce96ecbab75d4a627eb5dae79a9af1c778ae73400cea8045acbaa04822e576c06ef3e1dd0a041621121cc0a08d02b6fb926c72fc5a5e9694c06ca246303556ae1a0a37d256f0cf42019db8b1f994b4afcb32816b5254a72bab125b222511a27a00d7db98295201c72dda9a6daa1436fd04c27cb9f2a2fa688d23908e7a6b6cd2adb26ec9a896fff7a4b3e50895c29e0b1e2e0d245f817fc177b3f25ce0809313d6f66e2e4d917c55f00dde79bd53894173d6f1db498779eade735552965d01099758a50b2bd777769afa8a80c2e463e2a411efd97ace64427812e918fbe02e683b89ba012de652b00bf3af62269ac1bb1ea28ef2254f931e20ada7493954656a7c827d0c9cdd75e53909f833d1fca81f28e09c9bd737a0f032679b05a061bab4dda3530163f9d0b7e1a8d23c804756f039817d083b7273a", 0x628}], 0x1, 0x0, 0x0, 0x24040100}, 0x4000050) setsockopt$sock_int(r10, 0x1, 0x7, &(0x7f0000004dc0)=0x2, 0x4) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r0) sendmsg$IPVS_CMD_NEW_DAEMON(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x20, r12, 0x1, 0x4, 0x1, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x48c1}, 0x44) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{}, &(0x7f0000000600), &(0x7f00000001c0)}, 0x20) 419.416614ms ago: executing program 4 (id=26408): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmmsg(r0, &(0x7f00000094c0)=[{{&(0x7f00000007c0)=@nl=@kern={0x10, 0x0, 0x0, 0x10000}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000880)="f3", 0x1}], 0x1}}, {{&(0x7f00000011c0)=@nl=@kern={0x10, 0x0, 0x0, 0x10000}, 0x80, 0x0}}], 0x2, 0x10) 353.920017ms ago: executing program 4 (id=26409): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmmsg(r0, &(0x7f00000094c0)=[{{&(0x7f00000007c0)=@nl=@kern={0x10, 0x0, 0x0, 0x10000}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000880)="f3", 0x1}], 0x1}}, {{&(0x7f00000011c0)=@nl=@kern={0x10, 0x0, 0x0, 0x10000}, 0x80, 0x0}}], 0x2, 0x10) (fail_nth: 2) 245.861506ms ago: executing program 3 (id=26410): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2={0xfc, 0x2, '\x00', 0x5}, @in=@dev={0xac, 0x14, 0x14, 0x2e}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x2e}}, [@migrate={0x9c, 0x11, [{@in=@loopback=0xa010101, @in=@loopback, @in6=@rand_addr=' \x01\x00', @in=@rand_addr=0x64010102, 0x3c, 0x4, 0x0, 0x0, 0xa, 0x2}, {@in=@private=0xa010101, @in=@loopback, @in=@dev={0xac, 0x14, 0x14, 0x38}, @in=@dev={0xac, 0x14, 0x14, 0x2c}, 0x3c, 0x4, 0x0, 0x0, 0x8, 0x2}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x6a8dd86ef567f079}, 0x4020800) syz_init_net_socket$x25(0x9, 0x5, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) unshare(0x20000400) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000140)=[@in={0x2, 0x4e23, @private=0xa010102}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={r4, 0x808006}, 0x8) getsockopt$bt_hci(r3, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) r5 = socket(0x10, 0x803, 0x8) getsockname$packet(r5, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000180)={@private2, 0x800, 0x0, 0x2, 0x1}, 0x20) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000800), 0xffffffffffffffff) socket$inet6(0xa, 0x1, 0x6) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000040)={0xfffb, 0x4205, 0x7, 0x1, r4}, 0x10) 569.501µs ago: executing program 3 (id=26411): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)={0x14, 0x25, 0x319, 0x70bd26, 0x8000, {0x5}}, 0x14}, 0x1, 0x9000000, 0x0, 0x4000000}, 0x24044004) 0s ago: executing program 4 (id=26412): r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, 0x0, &(0x7f0000000040)=0x51) ioctl$SIOCX25SENDCALLACCPT(0xffffffffffffffff, 0x89e9) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c) unshare(0x2c020400) r1 = socket(0x11, 0x3, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000080)=0x2918, 0x4) sendmmsg(r1, &(0x7f0000000000)=[{{&(0x7f0000000640)=@qipcrtr={0x2a, 0x1, 0x4001}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000040)="d479183d7d98d181a4b5f3e38100e2f288a8d2", 0x13}, {&(0x7f0000001c00)="659900c3f7c8e544e1abc41796cae4c9908368acb3abdb908ada84b1c98b91c34352f80ed64e4606a25bcbab94869ac816a7fb9c29a8c768fbffb21ad7f6013ff676da589c2e0865cfd321543070c3dd36bf94deb1d137c220d9c559", 0x5c}], 0x2}}], 0x1, 0x24044015) recvmmsg(r1, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000005c0)=""/126, 0x6e}], 0x40}, 0x2}, {{&(0x7f0000000540)=@l2tp6={0xa, 0x0, 0x0, @private1}, 0x0, &(0x7f0000000800)=[{&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/20}], 0x0, &(0x7f0000000840)=""/138}, 0x4}], 0x1, 0x2002, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a20000000002a05000000000000000000010000000900010073797a30000000002c000000030a01010000000000000000010000000900150073797a31000000000900010073797a300000000044000000060ae4e533c1000000000000010000001c0004801800018008000100647570000c000280080002400000000908000b40c19a292900010073797a3000000000140000001100010000000000000000000000000ac0e87749a49fc720a0fa3351d03897b4cf0c65e261e129a3ba305c1f0598a79076e194eb560ee1a32c9e507f67a4fea34638811408f0eaa3d80ff6e4fe411801dd309e4b32ac254bcd4852883d248ab26ea21224d3bbd2b398d52a06000008f462f2276c67c0e52eeaebedb30938c00c21498700f56d0ce18268c544091289f3b2c1ca2002e2923bd5e5d795ac"], 0xb8}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000180)=0x4000000) ioctl$PPPIOCSFLAGS1(r3, 0x40047459, &(0x7f0000000080)) pwritev(r3, &(0x7f0000000100)=[{&(0x7f0000000540)="00214797357e0e8d442441e9beae583d48ac340dc69d54af976b6a7c18c4907ed175462f18ec0e16ad9f57abed3bad46320d0d4abf7c3a617f1b2fbe8b338d1fce4490668ce9faadcf6b44b9906eeb59241caa04a1bf2399f37a7f221861e3580bdf025cb470613b79119f1c9fe8b9ee5d1f41b6af7d12a2ba71c7a74727cece06221eadc4d7137811e483a94c1164f4496f0fe1829f55cd2d91b74aeee64bc05e7014dbb599bad1be2d8ced5b1a3131", 0xb0}, {&(0x7f0000000240)}], 0x2, 0x739, 0x1) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000200)={&(0x7f0000000000)=""/5, 0x214000, 0x800}, 0x20) setsockopt$XDP_TX_RING(r4, 0x11b, 0x3, &(0x7f00000005c0)=0x200000, 0x4) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x20, 0x0, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}}, 0x4090) r5 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f00000000c0)=0x20000, 0x4) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000400)={'dummy0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r4, &(0x7f0000000100)={0x2c, 0x0, r6}, 0x10) setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000040)=0x800, 0x4) r7 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r7, &(0x7f0000000000)={0x2a, 0x0, 0x7ffe}, 0xc) kernel console output (not intermixed with test programs): 140 [ 1934.041244][ T6771] ? clear_bhb_loop+0x40/0x90 [ 1934.041268][ T6771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1934.041286][ T6771] RIP: 0033:0x7f1fb319cdd9 [ 1934.041304][ T6771] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1934.041320][ T6771] RSP: 002b:00007f1fb13f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1934.041339][ T6771] RAX: ffffffffffffffda RBX: 00007f1fb3415fa0 RCX: 00007f1fb319cdd9 [ 1934.041352][ T6771] RDX: 0000200000000100 RSI: 00000000400452c9 RDI: 0000000000000004 [ 1934.041365][ T6771] RBP: 00007f1fb13f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1934.041382][ T6771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1934.041393][ T6771] R13: 00007f1fb3416038 R14: 00007f1fb3415fa0 R15: 00007ffe5556c558 [ 1934.041426][ T6771] [ 1934.421446][ T6786] netlink: 'syz.1.25432': attribute type 6 has an invalid length. [ 1934.433432][ T6785] netlink: 'syz.1.25432': attribute type 6 has an invalid length. [ 1934.462168][ T6785] netlink: 20 bytes leftover after parsing attributes in process `syz.1.25432'. [ 1934.482069][ T6790] netlink: 'syz.0.25434': attribute type 3 has an invalid length. [ 1934.487534][ T6783] netlink: 'syz.2.25426': attribute type 2 has an invalid length. [ 1934.511185][ T6785] netlink: 8 bytes leftover after parsing attributes in process `syz.1.25432'. [ 1934.521273][ T6783] netlink: 'syz.2.25426': attribute type 1 has an invalid length. [ 1934.539710][ T3343] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1934.548700][ T3343] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1934.567717][ T6783] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1934.569892][ T3343] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1934.610969][ T3343] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1935.077332][ T6826] __nla_validate_parse: 6 callbacks suppressed [ 1935.077350][ T6826] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25443'. [ 1935.202002][ T6831] netlink: 12 bytes leftover after parsing attributes in process `syz.4.25447'. [ 1935.211074][ T6835] netlink: 28 bytes leftover after parsing attributes in process `syz.2.25448'. [ 1935.232147][ T6833] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1935.611945][ T6861] netlink: 'syz.0.25453': attribute type 3 has an invalid length. [ 1935.728365][ T6863] netlink: 16 bytes leftover after parsing attributes in process `syz.2.25454'. [ 1935.761219][ T6868] sctp: [Deprecated]: syz.0.25455 (pid 6868) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1935.761219][ T6868] Use struct sctp_sack_info instead [ 1935.817194][ T6870] syzkaller0 speed is unknown, defaulting to 1000 [ 1935.826051][ T6870] lo speed is unknown, defaulting to 1000 [ 1935.853270][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1936.130903][ T6877] netlink: 36 bytes leftover after parsing attributes in process `syz.2.25460'. [ 1936.236171][ T6880] netlink: 16 bytes leftover after parsing attributes in process `syz.4.25461'. [ 1936.517387][ T6893] netlink: 12 bytes leftover after parsing attributes in process `syz.1.25465'. [ 1936.717742][ T6899] netlink: 'syz.4.25469': attribute type 8 has an invalid length. [ 1936.815524][ T6909] netlink: 16 bytes leftover after parsing attributes in process `syz.0.25473'. [ 1936.903676][ T6913] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25472'. [ 1937.076456][ T6918] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1937.288202][ T6929] netlink: 8 bytes leftover after parsing attributes in process `syz.2.25479'. [ 1937.359138][ T6931] dummy0: mtu less than device minimum [ 1937.591788][ T6936] FAULT_INJECTION: forcing a failure. [ 1937.591788][ T6936] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1937.605568][ T6936] CPU: 0 UID: 0 PID: 6936 Comm: syz.1.25482 Not tainted syzkaller #0 PREEMPT(full) [ 1937.605593][ T6936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1937.605604][ T6936] Call Trace: [ 1937.605613][ T6936] [ 1937.605621][ T6936] dump_stack_lvl+0xe8/0x150 [ 1937.605649][ T6936] should_fail_ex+0x412/0x560 [ 1937.605677][ T6936] _copy_from_user+0x2d/0xb0 [ 1937.605704][ T6936] ___sys_sendmsg+0x1c6/0x360 [ 1937.605727][ T6936] ? __lock_acquire+0x6b5/0x2cf0 [ 1937.605752][ T6936] ? __pfx____sys_sendmsg+0x10/0x10 [ 1937.605812][ T6936] ? __fget_files+0x2a/0x420 [ 1937.605849][ T6936] ? __fget_files+0x3a0/0x420 [ 1937.605882][ T6936] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1937.605908][ T6936] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1937.605941][ T6936] ? __pfx_ksys_write+0x10/0x10 [ 1937.605975][ T6936] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1937.605995][ T6936] do_syscall_64+0x15f/0xf80 [ 1937.606017][ T6936] ? trace_irq_disable+0x3b/0x140 [ 1937.606044][ T6936] ? clear_bhb_loop+0x40/0x90 [ 1937.606067][ T6936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1937.606085][ T6936] RIP: 0033:0x7f1fb319cdd9 [ 1937.606103][ T6936] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1937.606119][ T6936] RSP: 002b:00007f1fb13f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1937.606139][ T6936] RAX: ffffffffffffffda RBX: 00007f1fb3415fa0 RCX: 00007f1fb319cdd9 [ 1937.606153][ T6936] RDX: 0000000004000080 RSI: 0000200000000500 RDI: 0000000000000004 [ 1937.606171][ T6936] RBP: 00007f1fb13f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1937.606182][ T6936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1937.606193][ T6936] R13: 00007f1fb3416038 R14: 00007f1fb3415fa0 R15: 00007ffe5556c558 [ 1937.606225][ T6936] [ 1937.996195][ T6947] netlink: 'syz.3.25487': attribute type 3 has an invalid length. [ 1938.015636][ T6947] netlink: 'syz.3.25487': attribute type 3 has an invalid length. [ 1938.142086][ T6961] xt_hashlimit: max too large, truncated to 1048576 [ 1938.167260][ T6964] openvswitch: netlink: Flow key attr not present in new flow. [ 1938.172548][ T6961] xt_bpf: check failed: parse error [ 1938.280533][ T6968] tipc: Enabling of bearer rejected, already enabled [ 1938.354604][ T6972] netlink: 'syz.3.25495': attribute type 1 has an invalid length. [ 1938.410924][ T6972] 8021q: adding VLAN 0 to HW filter on device bond26 [ 1938.460539][ T6980] vlan1: entered promiscuous mode [ 1938.467363][ T6980] bond26: entered promiscuous mode [ 1938.473796][ T6980] vlan1: entered allmulticast mode [ 1938.479029][ T6980] bond26: entered allmulticast mode [ 1938.528695][ T6972] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 1938.540565][ T6972] bond26: (slave batadv2): making interface the new active one [ 1938.550859][ T6972] batadv2: entered promiscuous mode [ 1938.556657][ T6972] batadv2: entered allmulticast mode [ 1938.566277][ T6972] bond26: (slave batadv2): Enslaving as an active interface with an up link [ 1939.770794][ T7037] syzkaller0: entered promiscuous mode [ 1939.784612][ T7037] syzkaller0: entered allmulticast mode [ 1939.833193][ T7054] smc: net device wlan0 applied user defined pnetid SYZ0 [ 1940.115694][ T7072] netlink: 'syz.0.25525': attribute type 1 has an invalid length. [ 1940.700036][ T7085] __nla_validate_parse: 10 callbacks suppressed [ 1940.700081][ T7085] netlink: 36 bytes leftover after parsing attributes in process `syz.1.25530'. [ 1940.899672][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1945.536822][T16104] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1945.621140][ T7118] netlink: 20 bytes leftover after parsing attributes in process `syz.2.25541'. [ 1945.675802][ T7121] netlink: 28 bytes leftover after parsing attributes in process `syz.2.25541'. [ 1945.932242][ T7132] xt_l2tp: invalid flags combination: 0 [ 1945.938331][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1946.129519][ T7131] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 1946.157029][ T7135] syzkaller0 speed is unknown, defaulting to 1000 [ 1946.183358][ T7135] lo speed is unknown, defaulting to 1000 [ 1946.457692][ T7151] syzkaller0 speed is unknown, defaulting to 1000 [ 1946.496026][ T7157] netlink: 24 bytes leftover after parsing attributes in process `syz.3.25551'. [ 1946.628895][ T7151] lo speed is unknown, defaulting to 1000 [ 1946.685928][ T7172] netlink: 8 bytes leftover after parsing attributes in process `syz.3.25553'. [ 1946.952557][ T7177] RDS: rds_bind could not find a transport for fe80::28, load rds_tcp or rds_rdma? [ 1946.977712][ T7179] netlink: 4 bytes leftover after parsing attributes in process `syz.3.25556'. [ 1947.087905][ T7181] netlink: 'syz.2.25557': attribute type 3 has an invalid length. [ 1947.168745][ T7185] netlink: 36 bytes leftover after parsing attributes in process `syz.3.25558'. [ 1947.244129][ T7188] veth0_to_bond: entered allmulticast mode [ 1947.277085][ T7188] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1947.309838][ T7188] netlink: 'syz.2.25559': attribute type 2 has an invalid length. [ 1947.321611][ T7188] netlink: 'syz.2.25559': attribute type 1 has an invalid length. [ 1947.330222][ T7188] netlink: 152 bytes leftover after parsing attributes in process `syz.2.25559'. [ 1947.561547][ T7197] netlink: 'syz.3.25562': attribute type 8 has an invalid length. [ 1947.966643][ T7212] netlink: 20 bytes leftover after parsing attributes in process `syz.2.25566'. [ 1948.909350][ T7217] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25568'. [ 1948.953114][ T7220] netlink: 'syz.0.25569': attribute type 3 has an invalid length. [ 1949.100403][ T7224] FAULT_INJECTION: forcing a failure. [ 1949.100403][ T7224] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1949.117186][ T7224] CPU: 1 UID: 0 PID: 7224 Comm: syz.0.25570 Not tainted syzkaller #0 PREEMPT(full) [ 1949.117222][ T7224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1949.117233][ T7224] Call Trace: [ 1949.117241][ T7224] [ 1949.117249][ T7224] dump_stack_lvl+0xe8/0x150 [ 1949.117276][ T7224] should_fail_ex+0x412/0x560 [ 1949.117303][ T7224] _copy_from_user+0x2d/0xb0 [ 1949.117329][ T7224] ___sys_sendmsg+0x1c6/0x360 [ 1949.117352][ T7224] ? __lock_acquire+0x6b5/0x2cf0 [ 1949.117377][ T7224] ? __pfx____sys_sendmsg+0x10/0x10 [ 1949.117433][ T7224] ? __fget_files+0x2a/0x420 [ 1949.117453][ T7224] ? __fget_files+0x3a0/0x420 [ 1949.117483][ T7224] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1949.117508][ T7224] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1949.117541][ T7224] ? __pfx_ksys_write+0x10/0x10 [ 1949.117575][ T7224] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1949.117595][ T7224] do_syscall_64+0x15f/0xf80 [ 1949.117617][ T7224] ? trace_irq_disable+0x3b/0x140 [ 1949.117643][ T7224] ? clear_bhb_loop+0x40/0x90 [ 1949.117666][ T7224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1949.117684][ T7224] RIP: 0033:0x7f14cbf9cdd9 [ 1949.117702][ T7224] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1949.117717][ T7224] RSP: 002b:00007f14cce3d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1949.117737][ T7224] RAX: ffffffffffffffda RBX: 00007f14cc215fa0 RCX: 00007f14cbf9cdd9 [ 1949.117751][ T7224] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 1949.117763][ T7224] RBP: 00007f14cce3d090 R08: 0000000000000000 R09: 0000000000000000 [ 1949.117774][ T7224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1949.117785][ T7224] R13: 00007f14cc216038 R14: 00007f14cc215fa0 R15: 00007ffee8e203a8 [ 1949.117817][ T7224] [ 1949.729312][ T7243] veth0_to_hsr: entered promiscuous mode [ 1949.829071][ T7247] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1949.979328][ T7253] dummy0: mtu less than device minimum [ 1950.181578][ T7261] netlink: 4 bytes leftover after parsing attributes in process `syz.3.25581'. [ 1950.300659][ T7268] netlink: 24 bytes leftover after parsing attributes in process `syz.0.25583'. [ 1950.613592][ T7280] netlink: 28 bytes leftover after parsing attributes in process `syz.1.25587'. [ 1950.659754][ T7282] netlink: 'syz.1.25588': attribute type 10 has an invalid length. [ 1950.755721][ T7286] FAULT_INJECTION: forcing a failure. [ 1950.755721][ T7286] name failslab, interval 1, probability 0, space 0, times 0 [ 1950.769687][ T7286] CPU: 0 UID: 0 PID: 7286 Comm: syz.4.25590 Not tainted syzkaller #0 PREEMPT(full) [ 1950.769711][ T7286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1950.769722][ T7286] Call Trace: [ 1950.769729][ T7286] [ 1950.769736][ T7286] dump_stack_lvl+0xe8/0x150 [ 1950.769763][ T7286] should_fail_ex+0x412/0x560 [ 1950.769788][ T7286] should_failslab+0xa8/0x100 [ 1950.769815][ T7286] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 1950.769839][ T7286] ? __alloc_skb+0x186/0x7d0 [ 1950.769857][ T7286] ? __alloc_skb+0x1d0/0x7d0 [ 1950.769874][ T7286] ? __local_bh_enable_ip+0xd0/0x130 [ 1950.769897][ T7286] __alloc_skb+0x1d0/0x7d0 [ 1950.769926][ T7286] netlink_sendmsg+0x5d4/0xb40 [ 1950.769957][ T7286] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1950.769983][ T7286] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1950.770007][ T7286] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1950.770032][ T7286] ____sys_sendmsg+0x972/0x9f0 [ 1950.770063][ T7286] ? __might_fault+0xaf/0x130 [ 1950.770089][ T7286] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1950.770121][ T7286] ? import_iovec+0x73/0xa0 [ 1950.770141][ T7286] ___sys_sendmsg+0x2a5/0x360 [ 1950.770153][ T7286] ? __lock_acquire+0x6b5/0x2cf0 [ 1950.770167][ T7286] ? __pfx____sys_sendmsg+0x10/0x10 [ 1950.770198][ T7286] ? __fget_files+0x2a/0x420 [ 1950.770210][ T7286] ? __fget_files+0x3a0/0x420 [ 1950.770227][ T7286] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1950.770241][ T7286] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1950.770259][ T7286] ? __pfx_ksys_write+0x10/0x10 [ 1950.770278][ T7286] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1950.770289][ T7286] do_syscall_64+0x15f/0xf80 [ 1950.770301][ T7286] ? trace_irq_disable+0x3b/0x140 [ 1950.770316][ T7286] ? clear_bhb_loop+0x40/0x90 [ 1950.770328][ T7286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1950.770338][ T7286] RIP: 0033:0x7fddcd59cdd9 [ 1950.770350][ T7286] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1950.770358][ T7286] RSP: 002b:00007fddce397028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1950.770370][ T7286] RAX: ffffffffffffffda RBX: 00007fddcd815fa0 RCX: 00007fddcd59cdd9 [ 1950.770378][ T7286] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003 [ 1950.770384][ T7286] RBP: 00007fddce397090 R08: 0000000000000000 R09: 0000000000000000 [ 1950.770390][ T7286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1950.770396][ T7286] R13: 00007fddcd816038 R14: 00007fddcd815fa0 R15: 00007ffc08664918 [ 1950.770412][ T7286] [ 1951.019904][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1951.233273][ T7301] netlink: 'syz.2.25595': attribute type 1 has an invalid length. [ 1951.288196][ T1126] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1951.297321][ T1126] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1951.313728][ T1126] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1951.342477][ T7306] bridge2: left promiscuous mode [ 1951.348488][ T7306] gtp1: left promiscuous mode [ 1951.354208][ T7306] ip6gre3: left promiscuous mode [ 1951.363580][ T7306] vlan0: left promiscuous mode [ 1951.371008][ T7306] geneve1: left promiscuous mode [ 1951.377229][ T7306] bond5: left promiscuous mode [ 1951.390989][ T7306] bond6: left promiscuous mode [ 1951.406062][ T7306] bond7: left promiscuous mode [ 1951.416784][ T7306] bond10: left promiscuous mode [ 1951.428248][ T7306] bond11: left promiscuous mode [ 1951.438896][ T7306] veth10: left promiscuous mode [ 1951.446750][ T7306] bond13: left promiscuous mode [ 1951.451815][ T7306] ip6gre4: left promiscuous mode [ 1951.458607][ T7306] gtp3: left promiscuous mode [ 1951.463902][ T7306] bond14: left promiscuous mode [ 1951.469229][ T7306] bond17: left promiscuous mode [ 1951.475396][ T7306] veth20: left promiscuous mode [ 1951.480694][ T7306] ipip0: left promiscuous mode [ 1951.486767][ T7306] gretap6: left promiscuous mode [ 1951.492165][ T7306] bond19: left promiscuous mode [ 1951.498450][ T7306] bridge13: left promiscuous mode [ 1951.505404][ T7306] vlan2: left promiscuous mode [ 1951.520509][ T7306] bond20: left promiscuous mode [ 1951.528937][ T7306] batadv1: left promiscuous mode [ 1951.538559][ T7306] bond21: left promiscuous mode [ 1951.547784][ T7306] bridge15: left promiscuous mode [ 1951.557783][ T7306] bond26: left promiscuous mode [ 1951.563609][ T7306] bridge20: left promiscuous mode [ 1951.570161][ T7306] bridge21: left promiscuous mode [ 1951.576446][ T7306] veth32: left promiscuous mode [ 1951.581862][ T1126] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1951.669302][ T7317] syzkaller0 speed is unknown, defaulting to 1000 [ 1951.694593][ T7317] lo speed is unknown, defaulting to 1000 [ 1951.714114][ T7315] __nla_validate_parse: 3 callbacks suppressed [ 1951.714150][ T7315] netlink: 24 bytes leftover after parsing attributes in process `syz.4.25598'. [ 1951.810592][ T7315] : (slave bond_slave_0): Error -34 calling ndo_bpf [ 1951.827980][ T7322] netlink: 'syz.0.25600': attribute type 8 has an invalid length. [ 1951.842865][ T7315] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check. [ 1952.442044][ T7330] netlink: 8 bytes leftover after parsing attributes in process `syz.1.25603'. [ 1952.574841][ T7338] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25605'. [ 1952.792487][ T7354] netlink: 6032 bytes leftover after parsing attributes in process `syz.1.25609'. [ 1952.858332][ T7354] netlink: 8 bytes leftover after parsing attributes in process `syz.1.25609'. [ 1952.908981][ T7359] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 1953.028188][ T7366] bond0: (slave –): Releasing backup interface [ 1953.049334][ T7367] netlink: 'syz.0.25611': attribute type 1 has an invalid length. [ 1953.060085][ T7366] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 1953.261876][ T7378] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1953.467225][ T7387] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25617'. [ 1953.778657][ T7403] siw: device registration error -23 [ 1953.849213][ T7408] netlink: 16 bytes leftover after parsing attributes in process `syz.2.25622'. [ 1953.921250][ T7408] bridge20: entered promiscuous mode [ 1953.952930][ T7413] netlink: 12 bytes leftover after parsing attributes in process `syz.4.25625'. [ 1954.113635][ T7423] dummy0: mtu less than device minimum [ 1954.147968][ T7418] syzkaller0 speed is unknown, defaulting to 1000 [ 1954.160890][ T7418] lo speed is unknown, defaulting to 1000 [ 1954.485579][ T7438] FAULT_INJECTION: forcing a failure. [ 1954.485579][ T7438] name failslab, interval 1, probability 0, space 0, times 0 [ 1954.514437][ T7438] CPU: 0 UID: 0 PID: 7438 Comm: syz.4.25633 Not tainted syzkaller #0 PREEMPT(full) [ 1954.514463][ T7438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1954.514475][ T7438] Call Trace: [ 1954.514483][ T7438] [ 1954.514491][ T7438] dump_stack_lvl+0xe8/0x150 [ 1954.514519][ T7438] should_fail_ex+0x412/0x560 [ 1954.514549][ T7438] should_failslab+0xa8/0x100 [ 1954.514579][ T7438] __kmalloc_cache_noprof+0x88/0x660 [ 1954.514604][ T7438] ? ipv6_flowlabel_opt+0xf1e/0x28e0 [ 1954.514632][ T7438] ipv6_flowlabel_opt+0xf1e/0x28e0 [ 1954.514664][ T7438] ? __lock_acquire+0x6b5/0x2cf0 [ 1954.514687][ T7438] ? __pfx_ipv6_flowlabel_opt+0x10/0x10 [ 1954.514717][ T7438] ? aa_file_perm+0x192/0x15e0 [ 1954.514768][ T7438] ? do_raw_spin_lock+0x12b/0x2f0 [ 1954.514792][ T7438] ? lock_sock_nested+0x6a/0x100 [ 1954.514813][ T7438] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1954.514848][ T7438] ? __local_bh_enable_ip+0xd0/0x130 [ 1954.514873][ T7438] do_ipv6_setsockopt+0xd9f/0x3150 [ 1954.514895][ T7438] ? get_pid_task+0x20/0x1f0 [ 1954.514928][ T7438] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 1954.514951][ T7438] ? get_pid_task+0x20/0x1f0 [ 1954.514973][ T7438] ? get_pid_task+0x20/0x1f0 [ 1954.514993][ T7438] ? get_pid_task+0x20/0x1f0 [ 1954.515024][ T7438] ? __lock_acquire+0x6b5/0x2cf0 [ 1954.515061][ T7438] ? aa_sk_perm+0x6d5/0x900 [ 1954.515083][ T7438] ? __fget_files+0x2a/0x420 [ 1954.515109][ T7438] ? __pfx_aa_sk_perm+0x10/0x10 [ 1954.515131][ T7438] ? __fget_files+0x2a/0x420 [ 1954.515150][ T7438] ? aa_sock_opt_perm+0xff/0x1a0 [ 1954.515175][ T7438] ipv6_setsockopt+0x59/0x170 [ 1954.515197][ T7438] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1954.515219][ T7438] do_sock_setsockopt+0x17c/0x1b0 [ 1954.515247][ T7438] __x64_sys_setsockopt+0x13d/0x1b0 [ 1954.515274][ T7438] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1954.515294][ T7438] do_syscall_64+0x15f/0xf80 [ 1954.515316][ T7438] ? trace_irq_disable+0x3b/0x140 [ 1954.515342][ T7438] ? clear_bhb_loop+0x40/0x90 [ 1954.515366][ T7438] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1954.515384][ T7438] RIP: 0033:0x7fddcd59cdd9 [ 1954.515403][ T7438] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1954.515418][ T7438] RSP: 002b:00007fddce397028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1954.515438][ T7438] RAX: ffffffffffffffda RBX: 00007fddcd815fa0 RCX: 00007fddcd59cdd9 [ 1954.515452][ T7438] RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000005 [ 1954.515464][ T7438] RBP: 00007fddce397090 R08: 0000000000000020 R09: 0000000000000000 [ 1954.515475][ T7438] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001 [ 1954.515488][ T7438] R13: 00007fddcd816038 R14: 00007fddcd815fa0 R15: 00007ffc08664918 [ 1954.515519][ T7438] [ 1954.533533][ T7440] sctp: [Deprecated]: syz.3.25634 (pid 7440) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1954.533533][ T7440] Use struct sctp_sack_info instead [ 1954.743739][ T7443] netlink: 12 bytes leftover after parsing attributes in process `syz.3.25634'. [ 1954.876740][ T7441] netlink: 4 bytes leftover after parsing attributes in process `syz.3.25634'. [ 1955.335582][ T7458] : (slave bond_slave_0): Error -34 calling ndo_bpf [ 1955.352974][ T7458] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check. [ 1955.398431][ T7455] syzkaller0 speed is unknown, defaulting to 1000 [ 1955.466151][ T7455] lo speed is unknown, defaulting to 1000 [ 1955.841549][ T7469] netlink: 'syz.3.25642': attribute type 10 has an invalid length. [ 1956.093174][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1956.375318][ T7493] FAULT_INJECTION: forcing a failure. [ 1956.375318][ T7493] name failslab, interval 1, probability 0, space 0, times 0 [ 1956.392335][ T7493] CPU: 1 UID: 0 PID: 7493 Comm: syz.1.25653 Not tainted syzkaller #0 PREEMPT(full) [ 1956.392362][ T7493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1956.392373][ T7493] Call Trace: [ 1956.392380][ T7493] [ 1956.392389][ T7493] dump_stack_lvl+0xe8/0x150 [ 1956.392417][ T7493] should_fail_ex+0x412/0x560 [ 1956.392444][ T7493] should_failslab+0xa8/0x100 [ 1956.392474][ T7493] __kmalloc_cache_noprof+0x88/0x660 [ 1956.392500][ T7493] ? device_add+0xbe/0xbb0 [ 1956.392525][ T7493] device_add+0xbe/0xbb0 [ 1956.392543][ T7493] ? device_initialize+0x26a/0x460 [ 1956.392566][ T7493] netdev_register_kobject+0x178/0x310 [ 1956.392596][ T7493] register_netdevice+0x1456/0x1ec0 [ 1956.392653][ T7493] ? __pfx_register_netdevice+0x10/0x10 [ 1956.392695][ T7493] br_dev_newlink+0x6a/0x140 [ 1956.392716][ T7493] ? rtnl_newlink_create+0x311/0xb70 [ 1956.392739][ T7493] ? __pfx_br_dev_newlink+0x10/0x10 [ 1956.392761][ T7493] rtnl_newlink_create+0x329/0xb70 [ 1956.392783][ T7493] ? __pfx___nla_validate_parse+0x10/0x10 [ 1956.392815][ T7493] ? __mutex_lock+0x608/0x1550 [ 1956.392840][ T7493] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 1956.392865][ T7493] ? __pfx___mutex_lock+0x10/0x10 [ 1956.392896][ T7493] ? ns_capable+0x89/0xe0 [ 1956.392918][ T7493] rtnl_newlink+0x166a/0x1bb0 [ 1956.392952][ T7493] ? __pfx_rtnl_newlink+0x10/0x10 [ 1956.392979][ T7493] ? __lock_acquire+0x6b5/0x2cf0 [ 1956.393001][ T7493] ? __lock_acquire+0x6b5/0x2cf0 [ 1956.393029][ T7493] ? unwind_next_frame+0xa6/0x2550 [ 1956.393057][ T7493] ? unwind_next_frame+0xa6/0x2550 [ 1956.393080][ T7493] ? is_bpf_text_address+0x26/0x2b0 [ 1956.393112][ T7493] ? is_bpf_text_address+0x26/0x2b0 [ 1956.393135][ T7493] ? __lock_acquire+0x6b5/0x2cf0 [ 1956.393157][ T7493] ? kernel_text_address+0xa5/0xe0 [ 1956.393182][ T7493] ? __kernel_text_address+0xd/0x30 [ 1956.393205][ T7493] ? unwind_get_return_address+0x4d/0x90 [ 1956.393225][ T7493] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1956.393250][ T7493] ? arch_stack_walk+0xfb/0x150 [ 1956.393284][ T7493] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1956.393322][ T7493] ? __pfx_rtnl_newlink+0x10/0x10 [ 1956.393343][ T7493] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1956.393363][ T7493] ? kmem_cache_alloc_node_noprof+0x384/0x690 [ 1956.393386][ T7493] ? netlink_sendmsg+0x5d4/0xb40 [ 1956.393410][ T7493] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1956.393431][ T7493] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1956.393452][ T7493] ? __lock_acquire+0x6b5/0x2cf0 [ 1956.393486][ T7493] netlink_rcv_skb+0x232/0x4b0 [ 1956.393510][ T7493] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1956.393534][ T7493] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1956.393571][ T7493] ? netlink_deliver_tap+0x2e/0x1b0 [ 1956.393593][ T7493] ? netlink_deliver_tap+0x2e/0x1b0 [ 1956.393622][ T7493] netlink_unicast+0x75c/0x8e0 [ 1956.393661][ T7493] netlink_sendmsg+0x813/0xb40 [ 1956.393695][ T7493] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1956.393722][ T7493] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1956.393748][ T7493] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1956.393774][ T7493] ____sys_sendmsg+0x972/0x9f0 [ 1956.393797][ T7493] ? __might_fault+0xaf/0x130 [ 1956.393825][ T7493] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1956.393856][ T7493] ? import_iovec+0x73/0xa0 [ 1956.393885][ T7493] ___sys_sendmsg+0x2a5/0x360 [ 1956.393905][ T7493] ? __lock_acquire+0x6b5/0x2cf0 [ 1956.393926][ T7493] ? __pfx____sys_sendmsg+0x10/0x10 [ 1956.393979][ T7493] ? __fget_files+0x2a/0x420 [ 1956.394000][ T7493] ? __fget_files+0x3a0/0x420 [ 1956.394031][ T7493] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1956.394056][ T7493] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1956.394085][ T7493] ? __pfx_ksys_write+0x10/0x10 [ 1956.394118][ T7493] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1956.394138][ T7493] do_syscall_64+0x15f/0xf80 [ 1956.394155][ T7493] ? trace_irq_disable+0x3b/0x140 [ 1956.394180][ T7493] ? clear_bhb_loop+0x40/0x90 [ 1956.394202][ T7493] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1956.394220][ T7493] RIP: 0033:0x7f1fb319cdd9 [ 1956.394237][ T7493] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1956.394252][ T7493] RSP: 002b:00007f1fb13f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1956.394271][ T7493] RAX: ffffffffffffffda RBX: 00007f1fb3415fa0 RCX: 00007f1fb319cdd9 [ 1956.394283][ T7493] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 1956.394294][ T7493] RBP: 00007f1fb13f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1956.394305][ T7493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1956.394316][ T7493] R13: 00007f1fb3416038 R14: 00007f1fb3415fa0 R15: 00007ffe5556c558 [ 1956.394347][ T7493] [ 1957.107958][ T7499] __nla_validate_parse: 3 callbacks suppressed [ 1957.107978][ T7499] netlink: 28 bytes leftover after parsing attributes in process `syz.1.25655'. [ 1957.560365][ T7518] netlink: 12 bytes leftover after parsing attributes in process `syz.1.25661'. [ 1957.700337][ T7524] netlink: 'syz.2.25663': attribute type 1 has an invalid length. [ 1957.800271][ T7531] nbd: socks must be embedded in a SOCK_ITEM attr [ 1957.880653][ T7524] 8021q: adding VLAN 0 to HW filter on device bond23 [ 1957.890893][ T7528] bond23: option tlb_dynamic_lb: unable to set because the bond device is up [ 1958.337654][ T7558] netlink: 'syz.3.25673': attribute type 13 has an invalid length. [ 1958.378186][ T7558] netlink: 'syz.3.25673': attribute type 17 has an invalid length. [ 1958.510459][ T7567] netlink: 4 bytes leftover after parsing attributes in process `syz.3.25673'. [ 1958.545162][ T7558] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1958.558927][ T7558] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1958.630583][ T7558] veth0_to_hsr: left promiscuous mode [ 1958.643366][ T7558] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1958.664761][ T7558] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1958.689065][ T7558] veth1_macvtap: left promiscuous mode [ 1958.697192][ T7558] veth0_macvtap: left promiscuous mode [ 1958.704681][ T7558] veth0_macvtap: entered promiscuous mode [ 1958.712309][ T7558] veth1_macvtap: entered promiscuous mode [ 1958.747860][ T7558] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 1958.763986][T20597] lo speed is unknown, defaulting to 1000 [ 1958.771143][T20597] sqz0: Port: 1 Link ACTIVE [ 1958.778030][ T7569] dummy0: mtu less than device minimum [ 1958.824664][T20593] syz0: Port: 1 Link ACTIVE [ 1958.824684][ T1126] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1958.852990][ T1126] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1958.862110][T17741] lo speed is unknown, defaulting to 1000 [ 1958.871970][ T1126] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1958.894086][ T1126] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1959.268241][ T7588] netlink: 36 bytes leftover after parsing attributes in process `syz.1.25678'. [ 1959.380449][ T7591] xt_hashlimit: size too large, truncated to 1048576 [ 1959.471385][ T7599] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1959.873584][ T7622] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1960.314156][ T7649] FAULT_INJECTION: forcing a failure. [ 1960.314156][ T7649] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1960.327454][ T7649] CPU: 0 UID: 0 PID: 7649 Comm: syz.3.25692 Not tainted syzkaller #0 PREEMPT(full) [ 1960.327479][ T7649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1960.327491][ T7649] Call Trace: [ 1960.327499][ T7649] [ 1960.327507][ T7649] dump_stack_lvl+0xe8/0x150 [ 1960.327534][ T7649] should_fail_ex+0x412/0x560 [ 1960.327564][ T7649] _copy_from_iter+0x1d3/0x1670 [ 1960.327589][ T7649] ? rcu_is_watching+0x15/0xb0 [ 1960.327619][ T7649] ? __pfx__copy_from_iter+0x10/0x10 [ 1960.327648][ T7649] ? netlink_sendmsg+0x650/0xb40 [ 1960.327669][ T7649] ? skb_put+0x11b/0x210 [ 1960.327694][ T7649] netlink_sendmsg+0x6c0/0xb40 [ 1960.327725][ T7649] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1960.327745][ T7649] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1960.327768][ T7649] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1960.327794][ T7649] ____sys_sendmsg+0x972/0x9f0 [ 1960.327818][ T7649] ? __might_fault+0xaf/0x130 [ 1960.327845][ T7649] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1960.327877][ T7649] ? import_iovec+0x73/0xa0 [ 1960.327902][ T7649] ___sys_sendmsg+0x2a5/0x360 [ 1960.327923][ T7649] ? __lock_acquire+0x6b5/0x2cf0 [ 1960.327947][ T7649] ? __pfx____sys_sendmsg+0x10/0x10 [ 1960.328005][ T7649] ? __fget_files+0x2a/0x420 [ 1960.328025][ T7649] ? __fget_files+0x3a0/0x420 [ 1960.328055][ T7649] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1960.328082][ T7649] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1960.328115][ T7649] ? __pfx_ksys_write+0x10/0x10 [ 1960.328148][ T7649] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1960.328167][ T7649] do_syscall_64+0x15f/0xf80 [ 1960.328188][ T7649] ? trace_irq_disable+0x3b/0x140 [ 1960.328214][ T7649] ? clear_bhb_loop+0x40/0x90 [ 1960.328237][ T7649] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1960.328254][ T7649] RIP: 0033:0x7f964b19cdd9 [ 1960.328280][ T7649] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1960.328297][ T7649] RSP: 002b:00007f964c09a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1960.328317][ T7649] RAX: ffffffffffffffda RBX: 00007f964b415fa0 RCX: 00007f964b19cdd9 [ 1960.328329][ T7649] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003 [ 1960.328340][ T7649] RBP: 00007f964c09a090 R08: 0000000000000000 R09: 0000000000000000 [ 1960.328351][ T7649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1960.328362][ T7649] R13: 00007f964b416038 R14: 00007f964b415fa0 R15: 00007ffedc634678 [ 1960.328391][ T7649] [ 1960.695690][ T7656] netlink: 'syz.0.25693': attribute type 2 has an invalid length. [ 1960.740514][ T7660] syzkaller1: entered promiscuous mode [ 1960.754192][ T7660] syzkaller1: entered allmulticast mode [ 1960.849528][ T7666] syzkaller0: entered promiscuous mode [ 1960.865409][ T7666] syzkaller0: entered allmulticast mode [ 1961.001627][ T7675] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1961.135543][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1961.469594][ T7703] netlink: 'syz.3.25705': attribute type 8 has an invalid length. [ 1961.616598][ T7707] netlink: 8 bytes leftover after parsing attributes in process `syz.2.25707'. [ 1961.648633][ T7707] vlan0: entered allmulticast mode [ 1961.654767][ T7707] macvtap0: entered allmulticast mode [ 1961.739258][ T7712] netlink: 24 bytes leftover after parsing attributes in process `syz.2.25709'. [ 1961.869740][ T7720] netlink: 68 bytes leftover after parsing attributes in process `syz.2.25712'. [ 1961.898685][ T7716] syzkaller0 speed is unknown, defaulting to 1000 [ 1961.908650][ T7716] lo speed is unknown, defaulting to 1000 [ 1961.921520][ T7722] : (slave bond_slave_0): Error -34 calling ndo_bpf [ 1961.956956][ T7722] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check. [ 1962.511016][ T7745] netlink: 'syz.3.25720': attribute type 1 has an invalid length. [ 1962.719554][ T7754] netlink: 156 bytes leftover after parsing attributes in process `syz.3.25724'. [ 1963.061771][ T7769] netlink: 'syz.3.25728': attribute type 1 has an invalid length. [ 1963.101061][ T7771] nbd: must specify a device to reconfigure [ 1963.147727][ T7769] bond27: (slave geneve8): making interface the new active one [ 1963.156687][ T7769] bond27: (slave geneve8): Enslaving as an active interface with an up link [ 1963.212507][ T2712] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 20004 - 0 [ 1963.231932][ T2712] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 20004 - 0 [ 1963.349067][ T2712] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 20004 - 0 [ 1963.380597][ T2712] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 20004 - 0 [ 1963.491659][ T7790] netlink: 'syz.3.25732': attribute type 1 has an invalid length. [ 1963.553937][ T7790] bond28: entered promiscuous mode [ 1963.561744][ T7790] 8021q: adding VLAN 0 to HW filter on device bond28 [ 1963.637236][ T7797] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate. [ 1963.679668][ T7789] 8021q: adding VLAN 0 to HW filter on device bond28 [ 1963.704032][ T7789] bond28: (slave ip6gre5): The slave device specified does not support setting the MAC address [ 1963.728797][ T7801] netlink: 'syz.0.25734': attribute type 1 has an invalid length. [ 1963.730503][ T7789] bond28: (slave ip6gre5): Setting fail_over_mac to active for active-backup mode [ 1963.802826][ T7789] bond28: (slave ip6gre5): making interface the new active one [ 1963.820727][ T7789] ip6gre5: entered promiscuous mode [ 1963.848208][ T7789] bond28: (slave ip6gre5): Enslaving as an active interface with an up link [ 1963.948632][ T7803] ipip2: entered promiscuous mode [ 1964.051264][ T7805] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap3 [ 1964.092486][ T7805] gretap3: entered promiscuous mode [ 1964.098745][ T7805] gretap3: entered allmulticast mode [ 1964.237163][ T7813] FAULT_INJECTION: forcing a failure. [ 1964.237163][ T7813] name failslab, interval 1, probability 0, space 0, times 0 [ 1964.258611][ T7813] CPU: 1 UID: 0 PID: 7813 Comm: syz.3.25739 Not tainted syzkaller #0 PREEMPT(full) [ 1964.258636][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1964.258647][ T7813] Call Trace: [ 1964.258653][ T7813] [ 1964.258661][ T7813] dump_stack_lvl+0xe8/0x150 [ 1964.258687][ T7813] should_fail_ex+0x412/0x560 [ 1964.258714][ T7813] should_failslab+0xa8/0x100 [ 1964.258741][ T7813] __kmalloc_noprof+0xe8/0x760 [ 1964.258766][ T7813] ? netlbl_mgmt_add_common+0x156/0x13b0 [ 1964.258790][ T7813] ? __kmalloc_cache_noprof+0x15b/0x660 [ 1964.258818][ T7813] netlbl_mgmt_add_common+0x156/0x13b0 [ 1964.258852][ T7813] ? apparmor_current_getlsmprop_subj+0xce/0x150 [ 1964.258877][ T7813] netlbl_mgmt_add+0x2bf/0x360 [ 1964.258903][ T7813] ? __pfx_netlbl_mgmt_add+0x10/0x10 [ 1964.258928][ T7813] ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0 [ 1964.258945][ T7813] ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0 [ 1964.258971][ T7813] genl_family_rcv_msg_doit+0x22a/0x330 [ 1964.259013][ T7813] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1964.259053][ T7813] ? bpf_lsm_capable+0x9/0x20 [ 1964.259070][ T7813] ? security_capable+0x7e/0x2c0 [ 1964.259096][ T7813] genl_rcv_msg+0x61c/0x7a0 [ 1964.259127][ T7813] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1964.259150][ T7813] ? __pfx_netlbl_mgmt_add+0x10/0x10 [ 1964.259182][ T7813] netlink_rcv_skb+0x232/0x4b0 [ 1964.259205][ T7813] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1964.259229][ T7813] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1964.259262][ T7813] ? down_read+0x270/0x2e0 [ 1964.259282][ T7813] ? genl_rcv+0xd/0x40 [ 1964.259306][ T7813] genl_rcv+0x28/0x40 [ 1964.259329][ T7813] netlink_unicast+0x75c/0x8e0 [ 1964.259358][ T7813] netlink_sendmsg+0x813/0xb40 [ 1964.259387][ T7813] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1964.259410][ T7813] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1964.259435][ T7813] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1964.259460][ T7813] ____sys_sendmsg+0x972/0x9f0 [ 1964.259483][ T7813] ? __might_fault+0xaf/0x130 [ 1964.259511][ T7813] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1964.259543][ T7813] ? import_iovec+0x73/0xa0 [ 1964.259571][ T7813] ___sys_sendmsg+0x2a5/0x360 [ 1964.259591][ T7813] ? __lock_acquire+0x6b5/0x2cf0 [ 1964.259615][ T7813] ? __pfx____sys_sendmsg+0x10/0x10 [ 1964.259671][ T7813] ? __fget_files+0x2a/0x420 [ 1964.259690][ T7813] ? __fget_files+0x3a0/0x420 [ 1964.259720][ T7813] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1964.259744][ T7813] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1964.259777][ T7813] ? __pfx_ksys_write+0x10/0x10 [ 1964.259810][ T7813] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1964.259830][ T7813] do_syscall_64+0x15f/0xf80 [ 1964.259850][ T7813] ? trace_irq_disable+0x3b/0x140 [ 1964.259876][ T7813] ? clear_bhb_loop+0x40/0x90 [ 1964.259899][ T7813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1964.259915][ T7813] RIP: 0033:0x7f964b19cdd9 [ 1964.259933][ T7813] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1964.259949][ T7813] RSP: 002b:00007f964c09a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1964.259969][ T7813] RAX: ffffffffffffffda RBX: 00007f964b415fa0 RCX: 00007f964b19cdd9 [ 1964.259989][ T7813] RDX: 0000000004000080 RSI: 0000200000000500 RDI: 0000000000000004 [ 1964.260001][ T7813] RBP: 00007f964c09a090 R08: 0000000000000000 R09: 0000000000000000 [ 1964.260012][ T7813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1964.260022][ T7813] R13: 00007f964b416038 R14: 00007f964b415fa0 R15: 00007ffedc634678 [ 1964.260054][ T7813] [ 1964.826953][ T7830] dummy0: mtu less than device minimum [ 1965.045410][ T7849] netlink: 4 bytes leftover after parsing attributes in process `syz.3.25752'. [ 1965.273744][ T7866] netlink: 'syz.4.25755': attribute type 1 has an invalid length. [ 1965.285958][ T7859] syzkaller0 speed is unknown, defaulting to 1000 [ 1965.295163][ T7859] lo speed is unknown, defaulting to 1000 [ 1965.329839][ T7865] A link change request failed with some changes committed already. Interface bond_slave_1 may have been left with an inconsistent configuration, please check. [ 1966.183300][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1967.253105][ T7932] netlink: 'syz.2.25774': attribute type 1 has an invalid length. [ 1967.399231][ T7934] bond23: option lacp_active: invalid value (8) [ 1967.619561][ T7934] bond23 (unregistering): Released all slaves [ 1969.858846][ T7947] 5nè‹Ò: entered promiscuous mode [ 1969.972512][ T7953] netlink: 12 bytes leftover after parsing attributes in process `syz.0.25780'. [ 1969.975576][ T7954] FAULT_INJECTION: forcing a failure. [ 1969.975576][ T7954] name failslab, interval 1, probability 0, space 0, times 0 [ 1970.022860][ T7954] CPU: 0 UID: 0 PID: 7954 Comm: syz.4.25779 Not tainted syzkaller #0 PREEMPT(full) [ 1970.022887][ T7954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1970.022899][ T7954] Call Trace: [ 1970.022908][ T7954] [ 1970.022916][ T7954] dump_stack_lvl+0xe8/0x150 [ 1970.022944][ T7954] should_fail_ex+0x412/0x560 [ 1970.022973][ T7954] should_failslab+0xa8/0x100 [ 1970.023001][ T7954] ? __kernfs_new_node+0xea/0x970 [ 1970.023026][ T7954] kmem_cache_alloc_noprof+0x87/0x650 [ 1970.023052][ T7954] ? kernfs_add_one+0x477/0x5c0 [ 1970.023081][ T7954] __kernfs_new_node+0xea/0x970 [ 1970.023112][ T7954] ? __pfx___kernfs_new_node+0x10/0x10 [ 1970.023136][ T7954] ? kernfs_root+0x1c/0x230 [ 1970.023165][ T7954] ? kernfs_root+0x1c/0x230 [ 1970.023187][ T7954] ? kernfs_root+0x1c/0x230 [ 1970.023207][ T7954] ? kernfs_root+0x1c/0x230 [ 1970.023252][ T7954] kernfs_new_node+0x102/0x210 [ 1970.023282][ T7954] __kernfs_create_file+0x4b/0x2e0 [ 1970.023334][ T7954] sysfs_add_file_mode_ns+0x238/0x300 [ 1970.023361][ T7954] sysfs_create_file_ns+0x12b/0x1b0 [ 1970.023382][ T7954] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 1970.023399][ T7954] ? acpi_device_notify+0x171/0x3f0 [ 1970.023420][ T7954] ? __dev_fwnode+0x50/0x80 [ 1970.023439][ T7954] ? device_create_file+0xf4/0x1b0 [ 1970.023459][ T7954] device_add+0x440/0xbb0 [ 1970.023476][ T7954] ? device_initialize+0x26a/0x460 [ 1970.023496][ T7954] netdev_register_kobject+0x178/0x310 [ 1970.023528][ T7954] register_netdevice+0x1456/0x1ec0 [ 1970.023569][ T7954] ? __pfx_register_netdevice+0x10/0x10 [ 1970.023609][ T7954] br_dev_newlink+0x6a/0x140 [ 1970.023629][ T7954] ? rtnl_newlink_create+0x311/0xb70 [ 1970.023650][ T7954] ? __pfx_br_dev_newlink+0x10/0x10 [ 1970.023671][ T7954] rtnl_newlink_create+0x329/0xb70 [ 1970.023692][ T7954] ? __pfx___nla_validate_parse+0x10/0x10 [ 1970.023726][ T7954] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 1970.023752][ T7954] ? __pfx___mutex_lock+0x10/0x10 [ 1970.023785][ T7954] ? ns_capable+0x89/0xe0 [ 1970.023806][ T7954] rtnl_newlink+0x166a/0x1bb0 [ 1970.023843][ T7954] ? __pfx_rtnl_newlink+0x10/0x10 [ 1970.023866][ T7954] ? update_se+0x91/0x610 [ 1970.023890][ T7954] ? update_curr+0x75/0x4e0 [ 1970.023920][ T7954] ? pick_task_fair+0xcb/0x2a0 [ 1970.023946][ T7954] ? pick_next_task_fair+0x173/0x1ab0 [ 1970.023972][ T7954] ? do_raw_spin_lock+0x12b/0x2f0 [ 1970.024012][ T7954] ? __lock_acquire+0x6b5/0x2cf0 [ 1970.024058][ T7954] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1970.024097][ T7954] ? __pfx_rtnl_newlink+0x10/0x10 [ 1970.024117][ T7954] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1970.024140][ T7954] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1970.024159][ T7954] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1970.024181][ T7954] ? __lock_acquire+0x6b5/0x2cf0 [ 1970.024214][ T7954] netlink_rcv_skb+0x232/0x4b0 [ 1970.024238][ T7954] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1970.024261][ T7954] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1970.024281][ T7954] ? lockdep_hardirqs_on+0x7a/0x110 [ 1970.024336][ T7954] netlink_unicast+0x75c/0x8e0 [ 1970.024370][ T7954] netlink_sendmsg+0x813/0xb40 [ 1970.024404][ T7954] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1970.024428][ T7954] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1970.024452][ T7954] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1970.024480][ T7954] ____sys_sendmsg+0x972/0x9f0 [ 1970.024502][ T7954] ? __might_fault+0xaf/0x130 [ 1970.024530][ T7954] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1970.024562][ T7954] ? import_iovec+0x73/0xa0 [ 1970.024591][ T7954] ___sys_sendmsg+0x2a5/0x360 [ 1970.024612][ T7954] ? __lock_acquire+0x6b5/0x2cf0 [ 1970.024635][ T7954] ? __pfx____sys_sendmsg+0x10/0x10 [ 1970.024697][ T7954] ? __fget_files+0x2a/0x420 [ 1970.024717][ T7954] ? __fget_files+0x3a0/0x420 [ 1970.024750][ T7954] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1970.024777][ T7954] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1970.024811][ T7954] ? __pfx_ksys_write+0x10/0x10 [ 1970.024845][ T7954] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1970.024865][ T7954] do_syscall_64+0x15f/0xf80 [ 1970.024886][ T7954] ? trace_irq_disable+0x3b/0x140 [ 1970.024911][ T7954] ? clear_bhb_loop+0x40/0x90 [ 1970.024936][ T7954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1970.024954][ T7954] RIP: 0033:0x7fddcd59cdd9 [ 1970.024973][ T7954] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1970.024988][ T7954] RSP: 002b:00007fddce397028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1970.025007][ T7954] RAX: ffffffffffffffda RBX: 00007fddcd815fa0 RCX: 00007fddcd59cdd9 [ 1970.025020][ T7954] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 1970.025032][ T7954] RBP: 00007fddce397090 R08: 0000000000000000 R09: 0000000000000000 [ 1970.025043][ T7954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1970.025054][ T7954] R13: 00007fddcd816038 R14: 00007fddcd815fa0 R15: 00007ffc08664918 [ 1970.025087][ T7954] [ 1970.721323][ T7967] FAULT_INJECTION: forcing a failure. [ 1970.721323][ T7967] name failslab, interval 1, probability 0, space 0, times 0 [ 1970.734459][ T7967] CPU: 0 UID: 0 PID: 7967 Comm: syz.2.25784 Not tainted syzkaller #0 PREEMPT(full) [ 1970.734484][ T7967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1970.734495][ T7967] Call Trace: [ 1970.734502][ T7967] [ 1970.734511][ T7967] dump_stack_lvl+0xe8/0x150 [ 1970.734541][ T7967] should_fail_ex+0x412/0x560 [ 1970.734570][ T7967] should_failslab+0xa8/0x100 [ 1970.734597][ T7967] __kmalloc_cache_noprof+0x88/0x660 [ 1970.734619][ T7967] ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0 [ 1970.734637][ T7967] ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0 [ 1970.734654][ T7967] ? genl_start+0x1c9/0x6c0 [ 1970.734683][ T7967] genl_start+0x1c9/0x6c0 [ 1970.734704][ T7967] ? netlink_lookup+0x30/0x200 [ 1970.734727][ T7967] __netlink_dump_start+0x469/0x7e0 [ 1970.734756][ T7967] genl_family_rcv_msg_dumpit+0x213/0x310 [ 1970.734785][ T7967] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 1970.734810][ T7967] ? genl_get_cmd+0x6cb/0x960 [ 1970.734842][ T7967] ? __pfx_genl_start+0x10/0x10 [ 1970.734863][ T7967] ? __pfx_genl_dumpit+0x10/0x10 [ 1970.734885][ T7967] ? __pfx_genl_done+0x10/0x10 [ 1970.734903][ T7967] ? __lock_acquire+0x6b5/0x2cf0 [ 1970.734931][ T7967] genl_rcv_msg+0x5e8/0x7a0 [ 1970.734965][ T7967] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1970.734990][ T7967] ? __pfx_ethnl_default_start+0x10/0x10 [ 1970.735013][ T7967] ? __pfx_ethnl_default_dumpit+0x10/0x10 [ 1970.735036][ T7967] ? __pfx_ethnl_default_done+0x10/0x10 [ 1970.735076][ T7967] netlink_rcv_skb+0x232/0x4b0 [ 1970.735098][ T7967] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1970.735126][ T7967] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1970.735166][ T7967] ? down_read+0x270/0x2e0 [ 1970.735197][ T7967] ? genl_rcv+0xd/0x40 [ 1970.735225][ T7967] genl_rcv+0x28/0x40 [ 1970.735249][ T7967] netlink_unicast+0x75c/0x8e0 [ 1970.735282][ T7967] netlink_sendmsg+0x813/0xb40 [ 1970.735316][ T7967] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1970.735342][ T7967] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1970.735368][ T7967] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1970.735395][ T7967] ____sys_sendmsg+0x972/0x9f0 [ 1970.735420][ T7967] ? __might_fault+0xaf/0x130 [ 1970.735450][ T7967] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1970.735483][ T7967] ? import_iovec+0x73/0xa0 [ 1970.735514][ T7967] ___sys_sendmsg+0x2a5/0x360 [ 1970.735536][ T7967] ? __lock_acquire+0x6b5/0x2cf0 [ 1970.735561][ T7967] ? __pfx____sys_sendmsg+0x10/0x10 [ 1970.735623][ T7967] ? __fget_files+0x2a/0x420 [ 1970.735643][ T7967] ? __fget_files+0x3a0/0x420 [ 1970.735676][ T7967] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1970.735703][ T7967] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1970.735737][ T7967] ? __pfx_ksys_write+0x10/0x10 [ 1970.735773][ T7967] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1970.735793][ T7967] do_syscall_64+0x15f/0xf80 [ 1970.735813][ T7967] ? trace_irq_disable+0x3b/0x140 [ 1970.735839][ T7967] ? clear_bhb_loop+0x40/0x90 [ 1970.735862][ T7967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1970.735880][ T7967] RIP: 0033:0x7fa18e19cdd9 [ 1970.735899][ T7967] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1970.735915][ T7967] RSP: 002b:00007fa18f133028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1970.735934][ T7967] RAX: ffffffffffffffda RBX: 00007fa18e415fa0 RCX: 00007fa18e19cdd9 [ 1970.735947][ T7967] RDX: 000000000404c010 RSI: 00002000000001c0 RDI: 0000000000000003 [ 1970.735959][ T7967] RBP: 00007fa18f133090 R08: 0000000000000000 R09: 0000000000000000 [ 1970.735971][ T7967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1970.735981][ T7967] R13: 00007fa18e416038 R14: 00007fa18e415fa0 R15: 00007ffcb53b6048 [ 1970.736014][ T7967] [ 1970.741132][ T7968] netlink: 'syz.1.25786': attribute type 1 has an invalid length. [ 1971.138218][ T7973] hsr_slave_0: left promiscuous mode [ 1971.171654][ T7982] netlink: 'syz.3.25785': attribute type 30 has an invalid length. [ 1971.190290][ T7973] hsr_slave_1: left promiscuous mode [ 1971.223395][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1971.318747][ T7972] syzkaller0 speed is unknown, defaulting to 1000 [ 1971.338155][ T7972] lo speed is unknown, defaulting to 1000 [ 1971.455146][ T7995] tipc: Enabled bearer , priority 0 [ 1971.581469][ T7995] syzkaller0: entered promiscuous mode [ 1971.595948][ T7995] syzkaller0: entered allmulticast mode [ 1971.612066][ T7995] tipc: Resetting bearer [ 1971.650525][ T7993] tipc: Resetting bearer [ 1972.227816][ T8015] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.25797'. [ 1972.380220][ T8019] netlink: 12 bytes leftover after parsing attributes in process `syz.2.25799'. [ 1975.415868][ T7993] tipc: Disabling bearer [ 1975.677386][ T8037] netlink: 'syz.0.25800': attribute type 1 has an invalid length. [ 1975.839512][T17741] lo speed is unknown, defaulting to 1000 [ 1975.845512][ T8031] syz0: Port: 1 Link DOWN [ 1975.849919][T17741] sqz0: Port: 1 Link DOWN [ 1975.855051][ T1126] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1975.879251][ T1126] netdevsim netdevsim3 eth0: unset [1, 1] type 2 family 0 port 20004 - 0 [ 1975.912574][ T8032] lo speed is unknown, defaulting to 1000 [ 1975.926035][ T1126] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1975.947802][ T1126] netdevsim netdevsim3 eth1: unset [1, 1] type 2 family 0 port 20004 - 0 [ 1975.974969][ T1126] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1976.004617][ T1126] netdevsim netdevsim3 eth2: unset [1, 1] type 2 family 0 port 20004 - 0 [ 1976.016784][ T1315] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1976.029322][ T1315] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1976.054838][ T1126] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1976.063991][ T1126] netdevsim netdevsim3 eth3: unset [1, 1] type 2 family 0 port 20004 - 0 [ 1976.140541][ T8047] syzkaller1: entered promiscuous mode [ 1976.163428][ T8047] syzkaller1: entered allmulticast mode [ 1976.193708][ T8047] netlink: 8 bytes leftover after parsing attributes in process `syz.1.25803'. [ 1976.253261][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1976.275335][ T8047] 8021q: adding VLAN 0 to HW filter on device bond23 [ 1976.500472][ T8066] FAULT_INJECTION: forcing a failure. [ 1976.500472][ T8066] name failslab, interval 1, probability 0, space 0, times 0 [ 1976.515066][ T8066] CPU: 1 UID: 0 PID: 8066 Comm: syz.1.25809 Not tainted syzkaller #0 PREEMPT(full) [ 1976.515090][ T8066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1976.515101][ T8066] Call Trace: [ 1976.515109][ T8066] [ 1976.515117][ T8066] dump_stack_lvl+0xe8/0x150 [ 1976.515144][ T8066] should_fail_ex+0x412/0x560 [ 1976.515174][ T8066] should_failslab+0xa8/0x100 [ 1976.515204][ T8066] __kmalloc_cache_noprof+0x88/0x660 [ 1976.515228][ T8066] ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0 [ 1976.515246][ T8066] ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0 [ 1976.515264][ T8066] ? genl_start+0x1c9/0x6c0 [ 1976.515294][ T8066] genl_start+0x1c9/0x6c0 [ 1976.515315][ T8066] ? netlink_lookup+0x30/0x200 [ 1976.515343][ T8066] __netlink_dump_start+0x469/0x7e0 [ 1976.515376][ T8066] genl_family_rcv_msg_dumpit+0x213/0x310 [ 1976.515407][ T8066] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 1976.515433][ T8066] ? genl_get_cmd+0x6cb/0x960 [ 1976.515466][ T8066] ? __pfx_genl_start+0x10/0x10 [ 1976.515490][ T8066] ? __pfx_genl_dumpit+0x10/0x10 [ 1976.515513][ T8066] ? __pfx_genl_done+0x10/0x10 [ 1976.515533][ T8066] ? __lock_acquire+0x6b5/0x2cf0 [ 1976.515562][ T8066] genl_rcv_msg+0x5e8/0x7a0 [ 1976.515594][ T8066] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1976.515617][ T8066] ? __pfx_ethnl_default_start+0x10/0x10 [ 1976.515640][ T8066] ? __pfx_ethnl_default_dumpit+0x10/0x10 [ 1976.515662][ T8066] ? __pfx_ethnl_default_done+0x10/0x10 [ 1976.515702][ T8066] netlink_rcv_skb+0x232/0x4b0 [ 1976.515726][ T8066] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1976.515753][ T8066] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1976.515790][ T8066] ? down_read+0x270/0x2e0 [ 1976.515812][ T8066] ? genl_rcv+0xd/0x40 [ 1976.515840][ T8066] genl_rcv+0x28/0x40 [ 1976.515863][ T8066] netlink_unicast+0x75c/0x8e0 [ 1976.515896][ T8066] netlink_sendmsg+0x813/0xb40 [ 1976.515933][ T8066] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1976.515961][ T8066] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1976.515987][ T8066] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1976.516021][ T8066] ____sys_sendmsg+0x972/0x9f0 [ 1976.516046][ T8066] ? __might_fault+0xaf/0x130 [ 1976.516076][ T8066] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1976.516111][ T8066] ? import_iovec+0x73/0xa0 [ 1976.516139][ T8066] ___sys_sendmsg+0x2a5/0x360 [ 1976.516162][ T8066] ? __lock_acquire+0x6b5/0x2cf0 [ 1976.516185][ T8066] ? __pfx____sys_sendmsg+0x10/0x10 [ 1976.516243][ T8066] ? __fget_files+0x2a/0x420 [ 1976.516262][ T8066] ? __fget_files+0x3a0/0x420 [ 1976.516293][ T8066] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1976.516320][ T8066] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1976.516355][ T8066] ? __pfx_ksys_write+0x10/0x10 [ 1976.516391][ T8066] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1976.516412][ T8066] do_syscall_64+0x15f/0xf80 [ 1976.516431][ T8066] ? trace_irq_disable+0x3b/0x140 [ 1976.516455][ T8066] ? clear_bhb_loop+0x40/0x90 [ 1976.516479][ T8066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1976.516497][ T8066] RIP: 0033:0x7f1fb319cdd9 [ 1976.516515][ T8066] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1976.516531][ T8066] RSP: 002b:00007f1fb13f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1976.516551][ T8066] RAX: ffffffffffffffda RBX: 00007f1fb3415fa0 RCX: 00007f1fb319cdd9 [ 1976.516565][ T8066] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 1976.516577][ T8066] RBP: 00007f1fb13f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1976.516588][ T8066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1976.516598][ T8066] R13: 00007f1fb3416038 R14: 00007f1fb3415fa0 R15: 00007ffe5556c558 [ 1976.516630][ T8066] [ 1976.928088][ T8067] tipc: Enabled bearer , priority 0 [ 1977.009153][ T8067] syzkaller0: entered promiscuous mode [ 1977.014758][ T8067] syzkaller0: entered allmulticast mode [ 1977.021005][ T8067] tipc: Resetting bearer [ 1977.050476][ T8071] netlink: 28 bytes leftover after parsing attributes in process `syz.1.25811'. [ 1977.063765][ T8065] tipc: Resetting bearer [ 1977.100907][ T8074] netlink: 12 bytes leftover after parsing attributes in process `syz.3.25812'. [ 1980.947282][ T8065] tipc: Disabling bearer [ 1980.969153][ T8077] dummy0: mtu less than device minimum [ 1981.150774][ T8087] netlink: 12 bytes leftover after parsing attributes in process `syz.1.25814'. [ 1981.168260][ T8088] netlink: 1484 bytes leftover after parsing attributes in process `syz.1.25814'. [ 1981.295474][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1981.451864][ T8106] netlink: 2120 bytes leftover after parsing attributes in process `syz.2.25820'. [ 1981.551792][ T8106] netlink: 8 bytes leftover after parsing attributes in process `syz.2.25820'. [ 1981.619104][ T8109] syzkaller0 speed is unknown, defaulting to 1000 [ 1981.648801][ T8109] lo speed is unknown, defaulting to 1000 [ 1981.745174][ T8121] netlink: 12 bytes leftover after parsing attributes in process `syz.1.25826'. [ 1982.330028][ T8150] netlink: 20 bytes leftover after parsing attributes in process `syz.0.25835'. [ 1982.512037][ T8160] netlink: 12 bytes leftover after parsing attributes in process `syz.1.25839'. [ 1983.379059][ T8185] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.25847'. [ 1983.496432][ T8191] syzkaller0: entered promiscuous mode [ 1983.501923][ T8191] syzkaller0: entered allmulticast mode [ 1983.565262][ T8169] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1983.605073][ T8196] netlink: 12 bytes leftover after parsing attributes in process `syz.4.25850'. [ 1985.071398][ T5634] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1986.353128][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1987.658894][ T8223] netlink: 56 bytes leftover after parsing attributes in process `syz.3.25862'. [ 1987.819046][ T134] tipc: Subscription rejected, illegal request [ 1987.833794][ T8233] netlink: 'syz.4.25866': attribute type 1 has an invalid length. [ 1987.974791][ T8245] netlink: 'syz.2.25869': attribute type 1 has an invalid length. [ 1987.974800][ T8243] tipc: Enabled bearer , priority 0 [ 1987.991303][ T8241] tipc: Disabling bearer [ 1988.068049][ T8245] bond24: entered promiscuous mode [ 1988.074983][ T8245] bond24: entered allmulticast mode [ 1988.081682][ T8245] 8021q: adding VLAN 0 to HW filter on device bond24 [ 1988.245261][ T8266] netlink: 36 bytes leftover after parsing attributes in process `syz.1.25875'. [ 1988.277108][ T8266] netlink: 'syz.1.25875': attribute type 83 has an invalid length. [ 1988.374896][ T8272] netlink: 56 bytes leftover after parsing attributes in process `syz.1.25877'. [ 1988.768366][ T8295] tipc: Enabled bearer , priority 0 [ 1988.776603][ T8298] netlink: 4 bytes leftover after parsing attributes in process `syz.1.25886'. [ 1988.798175][ T8294] tipc: Disabling bearer [ 1988.818233][ T8302] netlink: 'syz.4.25884': attribute type 1 has an invalid length. [ 1989.317595][ T8327] syzkaller0 speed is unknown, defaulting to 1000 [ 1989.330410][ T8327] lo speed is unknown, defaulting to 1000 [ 1989.385122][ T8337] netlink: 28 bytes leftover after parsing attributes in process `syz.0.25899'. [ 1989.436796][ T8339] netlink: 80 bytes leftover after parsing attributes in process `syz.3.25900'. [ 1989.669919][ T8349] tipc: Enabling of bearer rejected, already enabled [ 1989.781097][ T8353] netlink: 8 bytes leftover after parsing attributes in process `syz.0.25905'. [ 1989.826915][ T8353] netlink: 7 bytes leftover after parsing attributes in process `syz.0.25905'. [ 1989.845230][ T8356] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1990.684539][ T8376] netlink: 28 bytes leftover after parsing attributes in process `syz.4.25911'. [ 1991.316442][ T8390] FAULT_INJECTION: forcing a failure. [ 1991.316442][ T8390] name failslab, interval 1, probability 0, space 0, times 0 [ 1991.367313][ T8390] CPU: 0 UID: 0 PID: 8390 Comm: syz.0.25915 Not tainted syzkaller #0 PREEMPT(full) [ 1991.367338][ T8390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1991.367349][ T8390] Call Trace: [ 1991.367357][ T8390] [ 1991.367366][ T8390] dump_stack_lvl+0xe8/0x150 [ 1991.367390][ T8390] should_fail_ex+0x412/0x560 [ 1991.367418][ T8390] should_failslab+0xa8/0x100 [ 1991.367447][ T8390] __kmalloc_noprof+0xe8/0x760 [ 1991.367472][ T8390] ? tomoyo_encode+0x28b/0x550 [ 1991.367501][ T8390] tomoyo_encode+0x28b/0x550 [ 1991.367528][ T8390] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1991.367562][ T8390] ? tomoyo_domain+0xd7/0x130 [ 1991.367589][ T8390] ? tomoyo_path_number_perm+0x219/0x630 [ 1991.367609][ T8390] tomoyo_path_number_perm+0x246/0x630 [ 1991.367631][ T8390] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1991.367650][ T8390] ? __lock_acquire+0x6b5/0x2cf0 [ 1991.367683][ T8390] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 1991.367726][ T8390] ? __fget_files+0x2a/0x420 [ 1991.367749][ T8390] ? __fget_files+0x2a/0x420 [ 1991.367768][ T8390] ? __fget_files+0x3a0/0x420 [ 1991.367786][ T8390] ? __fget_files+0x2a/0x420 [ 1991.367809][ T8390] security_file_ioctl+0xc3/0x2a0 [ 1991.367831][ T8390] __se_sys_ioctl+0x47/0x170 [ 1991.367857][ T8390] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1991.367876][ T8390] do_syscall_64+0x15f/0xf80 [ 1991.367896][ T8390] ? trace_irq_disable+0x3b/0x140 [ 1991.367922][ T8390] ? clear_bhb_loop+0x40/0x90 [ 1991.367945][ T8390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1991.367963][ T8390] RIP: 0033:0x7f14cbf9cdd9 [ 1991.367980][ T8390] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1991.367996][ T8390] RSP: 002b:00007f14cce3d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1991.368016][ T8390] RAX: ffffffffffffffda RBX: 00007f14cc215fa0 RCX: 00007f14cbf9cdd9 [ 1991.368029][ T8390] RDX: 0000200000000440 RSI: 00000000000089f1 RDI: 0000000000000003 [ 1991.368041][ T8390] RBP: 00007f14cce3d090 R08: 0000000000000000 R09: 0000000000000000 [ 1991.368053][ T8390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1991.368064][ T8390] R13: 00007f14cc216038 R14: 00007f14cc215fa0 R15: 00007ffee8e203a8 [ 1991.368097][ T8390] [ 1991.369924][ T8390] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1991.380027][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1991.522458][ T8392] tipc: Enabled bearer , priority 0 [ 1991.705594][ T8391] tipc: Disabling bearer [ 1991.825397][ T8395] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1992.018585][ T8398] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1992.084840][ T8402] FAULT_INJECTION: forcing a failure. [ 1992.084840][ T8402] name failslab, interval 1, probability 0, space 0, times 0 [ 1992.132353][ T8402] CPU: 1 UID: 0 PID: 8402 Comm: syz.1.25921 Not tainted syzkaller #0 PREEMPT(full) [ 1992.132379][ T8402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1992.132390][ T8402] Call Trace: [ 1992.132399][ T8402] [ 1992.132406][ T8402] dump_stack_lvl+0xe8/0x150 [ 1992.132432][ T8402] should_fail_ex+0x412/0x560 [ 1992.132461][ T8402] should_failslab+0xa8/0x100 [ 1992.132489][ T8402] __kmalloc_cache_noprof+0x88/0x660 [ 1992.132512][ T8402] ? netlink_lookup+0x30/0x200 [ 1992.132531][ T8402] ? genl_family_rcv_msg_attrs_parse+0xe9/0x2f0 [ 1992.132548][ T8402] ? genl_start+0x1c9/0x6c0 [ 1992.132579][ T8402] genl_start+0x1c9/0x6c0 [ 1992.132607][ T8402] ? netlink_lookup+0x30/0x200 [ 1992.132631][ T8402] __netlink_dump_start+0x469/0x7e0 [ 1992.132659][ T8402] genl_family_rcv_msg_dumpit+0x213/0x310 [ 1992.132687][ T8402] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 1992.132712][ T8402] ? genl_get_cmd+0x82e/0x960 [ 1992.132741][ T8402] ? __pfx_genl_start+0x10/0x10 [ 1992.132761][ T8402] ? __pfx_genl_dumpit+0x10/0x10 [ 1992.132784][ T8402] ? __pfx_genl_done+0x10/0x10 [ 1992.132824][ T8402] ? __lock_acquire+0x6b5/0x2cf0 [ 1992.132855][ T8402] genl_rcv_msg+0x5e8/0x7a0 [ 1992.132888][ T8402] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1992.132914][ T8402] ? __pfx_batadv_netlink_dump_hardif+0x10/0x10 [ 1992.132960][ T8402] netlink_rcv_skb+0x232/0x4b0 [ 1992.132984][ T8402] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1992.133012][ T8402] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1992.133052][ T8402] ? down_read+0x270/0x2e0 [ 1992.133073][ T8402] ? genl_rcv+0xd/0x40 [ 1992.133101][ T8402] genl_rcv+0x28/0x40 [ 1992.133124][ T8402] netlink_unicast+0x75c/0x8e0 [ 1992.133157][ T8402] netlink_sendmsg+0x813/0xb40 [ 1992.133191][ T8402] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1992.133217][ T8402] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1992.133242][ T8402] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1992.133271][ T8402] ____sys_sendmsg+0x972/0x9f0 [ 1992.133295][ T8402] ? __might_fault+0xaf/0x130 [ 1992.133324][ T8402] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1992.133354][ T8402] ? import_iovec+0x73/0xa0 [ 1992.133383][ T8402] ___sys_sendmsg+0x2a5/0x360 [ 1992.133406][ T8402] ? __lock_acquire+0x6b5/0x2cf0 [ 1992.133431][ T8402] ? __pfx____sys_sendmsg+0x10/0x10 [ 1992.133494][ T8402] ? __fget_files+0x2a/0x420 [ 1992.133515][ T8402] ? __fget_files+0x3a0/0x420 [ 1992.133546][ T8402] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1992.133572][ T8402] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1992.133607][ T8402] ? __pfx_ksys_write+0x10/0x10 [ 1992.133642][ T8402] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1992.133663][ T8402] do_syscall_64+0x15f/0xf80 [ 1992.133683][ T8402] ? trace_irq_disable+0x3b/0x140 [ 1992.133709][ T8402] ? clear_bhb_loop+0x40/0x90 [ 1992.133733][ T8402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1992.133751][ T8402] RIP: 0033:0x7f1fb319cdd9 [ 1992.133769][ T8402] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1992.133784][ T8402] RSP: 002b:00007f1fb13f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1992.133816][ T8402] RAX: ffffffffffffffda RBX: 00007f1fb3415fa0 RCX: 00007f1fb319cdd9 [ 1992.133830][ T8402] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003 [ 1992.133842][ T8402] RBP: 00007f1fb13f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1992.133853][ T8402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1992.133864][ T8402] R13: 00007f1fb3416038 R14: 00007f1fb3415fa0 R15: 00007ffe5556c558 [ 1992.133897][ T8402] [ 1992.505763][ T8409] netlink: 'syz.3.25919': attribute type 6 has an invalid length. [ 1992.555488][ T5634] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1992.598706][ T8418] netlink: 12 bytes leftover after parsing attributes in process `syz.3.25924'. [ 1993.014181][ T8445] tipc: Enabling of bearer rejected, already enabled [ 1993.231181][ T8460] bond24: option ad_user_port_key: invalid value (65535) [ 1993.266676][ T8460] bond24: option ad_user_port_key: allowed values 0 - 1023 [ 1993.307017][ T8460] bond24 (unregistering): Released all slaves [ 1993.398636][ T8466] __nla_validate_parse: 1 callbacks suppressed [ 1993.398657][ T8466] netlink: 28 bytes leftover after parsing attributes in process `syz.2.25936'. [ 1993.549916][ T8468] netlink: 40 bytes leftover after parsing attributes in process `syz.1.25937'. [ 1993.614389][ T8472] netlink: 12 bytes leftover after parsing attributes in process `syz.2.25939'. [ 1993.760997][ T8480] netlink: 'syz.1.25940': attribute type 1 has an invalid length. [ 1994.010761][ T8489] tipc: Enabling of bearer rejected, failed to enable media [ 1994.057379][ T8491] netlink: 'syz.3.25945': attribute type 1 has an invalid length. [ 1994.099687][ T8491] netlink: 96 bytes leftover after parsing attributes in process `syz.3.25945'. [ 1994.119935][ T8491] netlink: 'syz.3.25945': attribute type 1 has an invalid length. [ 1994.139571][ T8491] netlink: 634 bytes leftover after parsing attributes in process `syz.3.25945'. [ 1994.160923][ T8491] netlink: 1 bytes leftover after parsing attributes in process `syz.3.25945'. [ 1994.390705][ T8507] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1994.415277][ T8440] Set syz1 is full, maxelem 65536 reached [ 1994.958914][ T8545] netlink: 80 bytes leftover after parsing attributes in process `syz.2.25961'. [ 1994.986472][ T8545] netlink: 8 bytes leftover after parsing attributes in process `syz.2.25961'. [ 1995.029067][ T8541] syzkaller0 speed is unknown, defaulting to 1000 [ 1995.038758][ T8542] syzkaller0 speed is unknown, defaulting to 1000 [ 1995.046673][ T8541] lo speed is unknown, defaulting to 1000 [ 1995.122156][ T8553] netlink: 'syz.0.25962': attribute type 1 has an invalid length. [ 1995.187374][ T8551] syzkaller0 speed is unknown, defaulting to 1000 [ 1995.300605][ T8542] lo speed is unknown, defaulting to 1000 [ 1995.358430][ T8560] netlink: 12 bytes leftover after parsing attributes in process `syz.2.25966'. [ 1995.977893][ T8581] netlink: 28 bytes leftover after parsing attributes in process `syz.2.25972'. [ 1996.017791][ T8551] lo speed is unknown, defaulting to 1000 [ 1996.417163][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1996.721170][ T8611] dummy0: mtu less than device minimum [ 1996.726407][ T8613] netlink: 'syz.1.25983': attribute type 1 has an invalid length. [ 1998.091427][ T8661] netlink: 'syz.2.25994': attribute type 1 has an invalid length. [ 1998.251892][ T8665] netlink: 'syz.1.25996': attribute type 12 has an invalid length. [ 1998.265574][ T8664] netlink: 'syz.1.25996': attribute type 12 has an invalid length. [ 1998.273748][ T8665] netlink: 'syz.1.25996': attribute type 13 has an invalid length. [ 1998.281752][ T8664] netlink: 'syz.1.25996': attribute type 13 has an invalid length. [ 1998.878270][ T8691] __nla_validate_parse: 5 callbacks suppressed [ 1998.878290][ T8691] netlink: 16 bytes leftover after parsing attributes in process `syz.2.26005'. [ 1999.020253][ T8705] netlink: 'syz.1.26007': attribute type 1 has an invalid length. [ 1999.268708][ T8720] netlink: 'syz.1.26012': attribute type 1 has an invalid length. [ 1999.333773][ T8723] netlink: 20 bytes leftover after parsing attributes in process `syz.1.26013'. [ 1999.343541][ T8723] netlink: 48 bytes leftover after parsing attributes in process `syz.1.26013'. [ 1999.354688][ T8724] netlink: 20 bytes leftover after parsing attributes in process `syz.1.26013'. [ 1999.364579][ T8724] netlink: 48 bytes leftover after parsing attributes in process `syz.1.26013'. [ 2001.453655][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2001.874867][ T8691] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 2002.083012][ T8741] netlink: 'syz.2.26019': attribute type 1 has an invalid length. [ 2002.096299][ T8743] netlink: 8 bytes leftover after parsing attributes in process `syz.0.26018'. [ 2002.210845][ T8750] netlink: 'syz.0.26018': attribute type 21 has an invalid length. [ 2002.246669][ T8750] netlink: 128 bytes leftover after parsing attributes in process `syz.0.26018'. [ 2002.272939][ T8750] netlink: 3 bytes leftover after parsing attributes in process `syz.0.26018'. [ 2002.285293][ T8751] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 2002.540916][ T8774] netlink: 16 bytes leftover after parsing attributes in process `syz.4.26032'. [ 2002.541825][ T8767] syzkaller0 speed is unknown, defaulting to 1000 [ 2002.600171][ T8767] lo speed is unknown, defaulting to 1000 [ 2002.771910][ T8781] netlink: 12 bytes leftover after parsing attributes in process `syz.1.26034'. [ 2002.864484][ T8783] netlink: 'syz.4.26035': attribute type 1 has an invalid length. [ 2003.175216][ T8799] geneve5: entered promiscuous mode [ 2003.183688][T17323] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 57871 - 0 [ 2003.195583][T17323] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 57871 - 0 [ 2003.207906][T17323] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 57871 - 0 [ 2003.312548][T17323] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 57871 - 0 [ 2003.768454][ T8826] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 2004.301222][ T8855] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 2004.671920][ T8861] __nla_validate_parse: 1 callbacks suppressed [ 2004.671939][ T8861] netlink: 32 bytes leftover after parsing attributes in process `syz.4.26058'. [ 2004.691758][ T8861] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 8 [ 2004.799624][ T8863] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 2005.029734][ T8867] syzkaller0 speed is unknown, defaulting to 1000 [ 2005.039815][ T8867] lo speed is unknown, defaulting to 1000 [ 2005.062444][ T8877] netlink: 8 bytes leftover after parsing attributes in process `syz.1.26061'. [ 2005.098170][ T8876] syzkaller0 speed is unknown, defaulting to 1000 [ 2005.107389][ T8882] netlink: 20 bytes leftover after parsing attributes in process `syz.4.26067'. [ 2005.117298][ T8877] netlink: 12 bytes leftover after parsing attributes in process `syz.1.26061'. [ 2005.149524][ T13] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 57871 - 0 [ 2005.174088][ T8884] netlink: 'syz.1.26061': attribute type 13 has an invalid length. [ 2005.182476][ T13] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 57871 - 0 [ 2005.199372][ T8884] netlink: 'syz.1.26061': attribute type 17 has an invalid length. [ 2005.230534][ T8884] netlink: 'syz.1.26061': attribute type 27 has an invalid length. [ 2005.257656][ T8890] netlink: 20 bytes leftover after parsing attributes in process `syz.4.26068'. [ 2005.262184][ T8883] erspan0: entered promiscuous mode [ 2005.283725][ T8883] hsr0: Slave A (dummy0) is not up; please bring it up to get a fully working HSR network [ 2005.304127][ T8883] hsr0: Slave B (erspan0) is not up; please bring it up to get a fully working HSR network [ 2005.333119][ T8883] hsr0: entered allmulticast mode [ 2005.342860][ T8883] erspan0: entered allmulticast mode [ 2005.354476][ T13] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 57871 - 0 [ 2005.378502][ T13] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 57871 - 0 [ 2005.546813][ T8895] syzkaller0 speed is unknown, defaulting to 1000 [ 2005.650194][ T8876] lo speed is unknown, defaulting to 1000 [ 2006.036755][ T8908] syzkaller0 speed is unknown, defaulting to 1000 [ 2006.167997][ T8910] A link change request failed with some changes committed already. Interface eth0 may have been left with an inconsistent configuration, please check. [ 2006.185655][ T8895] lo speed is unknown, defaulting to 1000 [ 2006.191468][ T8913] syzkaller0 speed is unknown, defaulting to 1000 [ 2006.500775][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2006.598746][ T8908] lo speed is unknown, defaulting to 1000 [ 2006.804923][ T8913] lo speed is unknown, defaulting to 1000 [ 2008.047681][ T8921] A link change request failed with some changes committed already. Interface bond1 may have been left with an inconsistent configuration, please check. [ 2009.209856][T16104] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2009.515417][ T8941] netlink: 20 bytes leftover after parsing attributes in process `syz.3.26081'. [ 2009.688705][ T8947] FAULT_INJECTION: forcing a failure. [ 2009.688705][ T8947] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2009.713489][ T8947] CPU: 0 UID: 0 PID: 8947 Comm: syz.2.26083 Not tainted syzkaller #0 PREEMPT(full) [ 2009.713515][ T8947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 2009.713527][ T8947] Call Trace: [ 2009.713534][ T8947] [ 2009.713543][ T8947] dump_stack_lvl+0xe8/0x150 [ 2009.713570][ T8947] should_fail_ex+0x412/0x560 [ 2009.713599][ T8947] _copy_from_user+0x2d/0xb0 [ 2009.713625][ T8947] do_sock_getsockopt+0x200/0x7e0 [ 2009.713655][ T8947] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 2009.713694][ T8947] ? __fget_files+0x3a0/0x420 [ 2009.713715][ T8947] ? __fget_files+0x2a/0x420 [ 2009.713744][ T8947] __x64_sys_getsockopt+0x1a4/0x240 [ 2009.713773][ T8947] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2009.713794][ T8947] do_syscall_64+0x15f/0xf80 [ 2009.713815][ T8947] ? trace_irq_disable+0x3b/0x140 [ 2009.713841][ T8947] ? clear_bhb_loop+0x40/0x90 [ 2009.713864][ T8947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2009.713883][ T8947] RIP: 0033:0x7fa18e19cdd9 [ 2009.713900][ T8947] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2009.713916][ T8947] RSP: 002b:00007fa18f112028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 2009.713935][ T8947] RAX: ffffffffffffffda RBX: 00007fa18e416090 RCX: 00007fa18e19cdd9 [ 2009.713949][ T8947] RDX: 000000000000001a RSI: 0000000000000084 RDI: 0000000000000003 [ 2009.713960][ T8947] RBP: 00007fa18f112090 R08: 00002000000000c0 R09: 0000000000000000 [ 2009.713972][ T8947] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2009.713984][ T8947] R13: 00007fa18e416128 R14: 00007fa18e416090 R15: 00007ffcb53b6048 [ 2009.714015][ T8947] [ 2010.155820][ T8957] FAULT_INJECTION: forcing a failure. [ 2010.155820][ T8957] name failslab, interval 1, probability 0, space 0, times 0 [ 2010.169324][ T8957] CPU: 1 UID: 0 PID: 8957 Comm: syz.4.26086 Not tainted syzkaller #0 PREEMPT(full) [ 2010.169348][ T8957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 2010.169359][ T8957] Call Trace: [ 2010.169367][ T8957] [ 2010.169376][ T8957] dump_stack_lvl+0xe8/0x150 [ 2010.169397][ T8957] should_fail_ex+0x412/0x560 [ 2010.169414][ T8957] should_failslab+0xa8/0x100 [ 2010.169431][ T8957] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 2010.169445][ T8957] ? __alloc_skb+0x186/0x7d0 [ 2010.169457][ T8957] ? __alloc_skb+0x1d0/0x7d0 [ 2010.169466][ T8957] ? __local_bh_enable_ip+0xd0/0x130 [ 2010.169480][ T8957] __alloc_skb+0x1d0/0x7d0 [ 2010.169495][ T8957] netlink_sendmsg+0x5d4/0xb40 [ 2010.169514][ T8957] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2010.169528][ T8957] ? aa_sock_msg_perm+0xf1/0x1b0 [ 2010.169551][ T8957] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2010.169577][ T8957] ____sys_sendmsg+0x972/0x9f0 [ 2010.169610][ T8957] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2010.169628][ T8957] ? import_iovec+0x73/0xa0 [ 2010.169644][ T8957] ___sys_sendmsg+0x2a5/0x360 [ 2010.169657][ T8957] ? __lock_acquire+0x6b5/0x2cf0 [ 2010.169670][ T8957] ? __pfx____sys_sendmsg+0x10/0x10 [ 2010.169702][ T8957] ? __fget_files+0x2a/0x420 [ 2010.169713][ T8957] ? __fget_files+0x3a0/0x420 [ 2010.169730][ T8957] __x64_sys_sendmsg+0x1bd/0x2a0 [ 2010.169744][ T8957] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2010.169762][ T8957] ? __pfx_ksys_write+0x10/0x10 [ 2010.169780][ T8957] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2010.169792][ T8957] do_syscall_64+0x15f/0xf80 [ 2010.169804][ T8957] ? trace_irq_disable+0x3b/0x140 [ 2010.169819][ T8957] ? clear_bhb_loop+0x40/0x90 [ 2010.169833][ T8957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2010.169843][ T8957] RIP: 0033:0x7fddcd59cdd9 [ 2010.169854][ T8957] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2010.169863][ T8957] RSP: 002b:00007fddce397028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2010.169875][ T8957] RAX: ffffffffffffffda RBX: 00007fddcd815fa0 RCX: 00007fddcd59cdd9 [ 2010.169882][ T8957] RDX: 0000000024000050 RSI: 00002000000007c0 RDI: 0000000000000003 [ 2010.169889][ T8957] RBP: 00007fddce397090 R08: 0000000000000000 R09: 0000000000000000 [ 2010.169895][ T8957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2010.169901][ T8957] R13: 00007fddcd816038 R14: 00007fddcd815fa0 R15: 00007ffc08664918 [ 2010.169917][ T8957] [ 2010.455468][ T8959] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 2010.809940][ T8984] netlink: 8 bytes leftover after parsing attributes in process `syz.2.26093'. [ 2010.825212][ T8984] netlink: 84 bytes leftover after parsing attributes in process `syz.2.26093'. [ 2011.008283][ T8990] syzkaller0 speed is unknown, defaulting to 1000 [ 2011.018130][ T8990] lo speed is unknown, defaulting to 1000 [ 2011.093951][ T8994] netlink: 'syz.3.26097': attribute type 16 has an invalid length. [ 2011.102440][ T8994] netlink: 'syz.3.26097': attribute type 17 has an invalid length. [ 2011.125077][ T8995] netlink: 'syz.0.26096': attribute type 7 has an invalid length. [ 2011.142678][ T8995] netlink: 'syz.0.26096': attribute type 8 has an invalid length. [ 2011.196054][ T8994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2011.207831][ T8994] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2011.271062][ T8994] veth1_macvtap: left promiscuous mode [ 2011.279058][ T8994] veth0_macvtap: left promiscuous mode [ 2011.287310][ T8994] veth0_macvtap: entered promiscuous mode [ 2011.296473][ T8994] veth1_macvtap: entered promiscuous mode [ 2011.311387][ T8994] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 2011.328593][T17739] lo speed is unknown, defaulting to 1000 [ 2011.359173][T17739] sqz0: Port: 1 Link ACTIVE [ 2011.386285][ T8026] syz0: Port: 1 Link ACTIVE [ 2011.390922][T17323] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2011.405083][T17323] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2011.416820][T17738] lo speed is unknown, defaulting to 1000 [ 2011.430488][T17323] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2011.451738][T17323] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2011.509305][ T9007] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 2011.533572][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2011.748892][ T9019] netlink: 12 bytes leftover after parsing attributes in process `syz.3.26105'. [ 2011.769229][ T9019] nbd: socks must be embedded in a SOCK_ITEM attr [ 2012.089415][ T9040] netlink: 12 bytes leftover after parsing attributes in process `syz.4.26112'. [ 2012.476694][T20593] lo speed is unknown, defaulting to 1000 [ 2012.482585][T20593] sqz0: Port: 1 Link DOWN [ 2012.503908][T20597] syz0: Port: 1 Link DOWN [ 2012.504201][T17323] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2012.517961][T17323] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2012.527934][T17323] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2012.527940][ T8038] lo speed is unknown, defaulting to 1000 [ 2012.528041][T17323] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2012.965560][ T9051] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 2013.191117][ T9063] tipc: Enabling of bearer rejected, already enabled [ 2013.307089][ T9070] bond28: Unable to set up delay as MII monitoring is disabled [ 2013.318357][ T9070] bond28 (unregistering): Released all slaves [ 2013.699644][ T9094] netlink: 12 bytes leftover after parsing attributes in process `syz.0.26127'. [ 2013.742244][ T9098] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 2013.837382][ T9102] netlink: 'syz.0.26129': attribute type 4 has an invalid length. [ 2013.861089][ T9102] netlink: 'syz.0.26129': attribute type 1 has an invalid length. [ 2014.386327][ T9136] nbd: socks must be embedded in a SOCK_ITEM attr [ 2014.539515][ T9146] netlink: 12 bytes leftover after parsing attributes in process `syz.0.26141'. [ 2014.641707][ T9155] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 2014.764913][ T9162] netlink: 16 bytes leftover after parsing attributes in process `syz.1.26146'. [ 2014.818833][ T9164] netlink: 24 bytes leftover after parsing attributes in process `syz.3.26147'. [ 2014.878781][ T9166] netlink: 'syz.4.26145': attribute type 1 has an invalid length. [ 2014.916647][ T9171] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 2014.950453][ T9173] netlink: 112 bytes leftover after parsing attributes in process `syz.3.26150'. [ 2015.398539][ T9197] netlink: 144 bytes leftover after parsing attributes in process `syz.3.26156'. [ 2015.457975][ T9197] netlink: 'syz.3.26156': attribute type 3 has an invalid length. [ 2016.133523][ T9227] netlink: 12 bytes leftover after parsing attributes in process `syz.1.26166'. [ 2016.217117][ T9233] netlink: 84 bytes leftover after parsing attributes in process `syz.4.26168'. [ 2016.226678][ T9232] netlink: 'syz.1.26169': attribute type 1 has an invalid length. [ 2016.388011][ T9242] ip6t_srh: unknown srh invflags BA61 [ 2016.400876][ T9246] ip6t_srh: unknown srh invflags BA61 [ 2016.500914][ T9251] netlink: 4 bytes leftover after parsing attributes in process `syz.3.26178'. [ 2016.583196][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2016.615416][ T9258] bond24: option coupled_control: mode dependency failed, not supported in mode balance-rr(0) [ 2016.631696][ T9258] bond24 (unregistering): Released all slaves [ 2016.670955][ T9259] netlink: 12 bytes leftover after parsing attributes in process `syz.4.26179'. [ 2016.969470][ T9286] netlink: 'syz.0.26183': attribute type 1 has an invalid length. [ 2016.998829][ T9275] netlink: 'syz.3.26185': attribute type 8 has an invalid length. [ 2017.119124][ T9292] x_tables: duplicate underflow at hook 3 [ 2017.583601][ T9280] A link change request failed with some changes committed already. Interface eth0 may have been left with an inconsistent configuration, please check. [ 2017.652410][ T9287] syzkaller0 speed is unknown, defaulting to 1000 [ 2017.670988][ T9287] lo speed is unknown, defaulting to 1000 [ 2018.033646][ T9307] netlink: 'syz.4.26193': attribute type 1 has an invalid length. [ 2018.129876][ T9310] netlink: 'syz.3.26195': attribute type 1 has an invalid length. [ 2018.192369][ T9315] netlink: 4 bytes leftover after parsing attributes in process `syz.0.26196'. [ 2018.355793][ T9322] FAULT_INJECTION: forcing a failure. [ 2018.355793][ T9322] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2018.403533][ T9322] CPU: 1 UID: 0 PID: 9322 Comm: syz.3.26199 Not tainted syzkaller #0 PREEMPT(full) [ 2018.403559][ T9322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 2018.403569][ T9322] Call Trace: [ 2018.403577][ T9322] [ 2018.403585][ T9322] dump_stack_lvl+0xe8/0x150 [ 2018.403611][ T9322] should_fail_ex+0x412/0x560 [ 2018.403638][ T9322] _copy_from_user+0x2d/0xb0 [ 2018.403663][ T9322] xsk_setsockopt+0x33e/0x990 [ 2018.403686][ T9322] ? __pfx_xsk_setsockopt+0x10/0x10 [ 2018.403707][ T9322] ? __pfx_aa_sk_perm+0x10/0x10 [ 2018.403734][ T9322] ? aa_sock_opt_perm+0xff/0x1a0 [ 2018.403761][ T9322] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 2018.403785][ T9322] ? __pfx_xsk_setsockopt+0x10/0x10 [ 2018.403805][ T9322] do_sock_setsockopt+0x17c/0x1b0 [ 2018.403834][ T9322] __x64_sys_setsockopt+0x13d/0x1b0 [ 2018.403859][ T9322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2018.403880][ T9322] do_syscall_64+0x15f/0xf80 [ 2018.403901][ T9322] ? trace_irq_disable+0x3b/0x140 [ 2018.403927][ T9322] ? clear_bhb_loop+0x40/0x90 [ 2018.403950][ T9322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2018.403968][ T9322] RIP: 0033:0x7f964b19cdd9 [ 2018.403986][ T9322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2018.404001][ T9322] RSP: 002b:00007f964c09a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2018.404022][ T9322] RAX: ffffffffffffffda RBX: 00007f964b415fa0 RCX: 00007f964b19cdd9 [ 2018.404036][ T9322] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 2018.404047][ T9322] RBP: 00007f964c09a090 R08: 0000000000000004 R09: 0000000000000000 [ 2018.404058][ T9322] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 2018.404070][ T9322] R13: 00007f964b416038 R14: 00007f964b415fa0 R15: 00007ffedc634678 [ 2018.404103][ T9322] [ 2018.642135][ T9328] netlink: 'syz.4.26200': attribute type 1 has an invalid length. [ 2018.822368][ T9337] netlink: 12 bytes leftover after parsing attributes in process `syz.0.26205'. [ 2018.845241][ T9343] netlink: 12 bytes leftover after parsing attributes in process `syz.3.26208'. [ 2019.191070][ T9357] netlink: 'syz.2.26211': attribute type 10 has an invalid length. [ 2019.218713][ T9357] netlink: 156 bytes leftover after parsing attributes in process `syz.2.26211'. [ 2019.560523][ T9378] netlink: 'syz.4.26217': attribute type 4 has an invalid length. [ 2019.580266][ T9378] netlink: 'syz.4.26217': attribute type 4 has an invalid length. [ 2019.782888][ T9388] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 2019.795079][ T9389] netlink: 12 bytes leftover after parsing attributes in process `syz.4.26220'. [ 2019.816891][ T9388] netlink: 44 bytes leftover after parsing attributes in process `syz.3.26221'. [ 2020.073244][ T9403] FAULT_INJECTION: forcing a failure. [ 2020.073244][ T9403] name failslab, interval 1, probability 0, space 0, times 0 [ 2020.094104][ T9403] CPU: 1 UID: 0 PID: 9403 Comm: syz.1.26226 Not tainted syzkaller #0 PREEMPT(full) [ 2020.094128][ T9403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 2020.094140][ T9403] Call Trace: [ 2020.094148][ T9403] [ 2020.094156][ T9403] dump_stack_lvl+0xe8/0x150 [ 2020.094183][ T9403] should_fail_ex+0x412/0x560 [ 2020.094212][ T9403] should_failslab+0xa8/0x100 [ 2020.094241][ T9403] __kmalloc_noprof+0xe8/0x760 [ 2020.094267][ T9403] ? bpf_test_init+0x9f/0x150 [ 2020.094294][ T9403] bpf_test_init+0x9f/0x150 [ 2020.094329][ T9403] bpf_prog_test_run_xdp+0x529/0x1160 [ 2020.094369][ T9403] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 2020.094398][ T9403] ? __fget_files+0x2a/0x420 [ 2020.094429][ T9403] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 2020.094453][ T9403] bpf_prog_test_run+0x2c7/0x340 [ 2020.094477][ T9403] __sys_bpf+0x643/0x950 [ 2020.094507][ T9403] ? __pfx___sys_bpf+0x10/0x10 [ 2020.094549][ T9403] ? ksys_write+0x242/0x270 [ 2020.094576][ T9403] ? __pfx_ksys_write+0x10/0x10 [ 2020.094606][ T9403] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2020.094627][ T9403] __x64_sys_bpf+0x7c/0x90 [ 2020.094652][ T9403] do_syscall_64+0x15f/0xf80 [ 2020.094673][ T9403] ? trace_irq_disable+0x3b/0x140 [ 2020.094697][ T9403] ? clear_bhb_loop+0x40/0x90 [ 2020.094719][ T9403] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2020.094737][ T9403] RIP: 0033:0x7f1fb319cdd9 [ 2020.094755][ T9403] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2020.094770][ T9403] RSP: 002b:00007f1fb13f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 2020.094789][ T9403] RAX: ffffffffffffffda RBX: 00007f1fb3415fa0 RCX: 00007f1fb319cdd9 [ 2020.094803][ T9403] RDX: 0000000000000050 RSI: 0000200000000200 RDI: 000000000000000a [ 2020.094815][ T9403] RBP: 00007f1fb13f6090 R08: 0000000000000000 R09: 0000000000000000 [ 2020.094827][ T9403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2020.094838][ T9403] R13: 00007f1fb3416038 R14: 00007f1fb3415fa0 R15: 00007ffe5556c558 [ 2020.094869][ T9403] [ 2020.375783][ T9413] netlink: 'syz.4.26229': attribute type 4 has an invalid length. [ 2020.418129][ T9416] vlan4: entered promiscuous mode [ 2020.450034][ T9416] bridge0: entered promiscuous mode [ 2020.474060][ T9416] vlan3: entered promiscuous mode [ 2020.498335][ T9416] geneve0: entered promiscuous mode [ 2020.795658][ T9436] bridge23: entered promiscuous mode [ 2021.012528][ T9444] syzkaller0: entered promiscuous mode [ 2021.024667][ T9444] syzkaller0: entered allmulticast mode [ 2021.053645][ T9444] tc action pedit offset must be on 32 bit boundaries [ 2021.115416][ T9449] syzkaller0 speed is unknown, defaulting to 1000 [ 2021.155555][ T9449] lo speed is unknown, defaulting to 1000 [ 2021.177261][ T9445] A link change request failed with some changes committed already. Interface eth0 may have been left with an inconsistent configuration, please check. [ 2021.613722][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2021.669811][ T9466] netlink: 'syz.1.26244': attribute type 1 has an invalid length. [ 2021.689719][ T9466] __nla_validate_parse: 3 callbacks suppressed [ 2021.689737][ T9466] netlink: 224 bytes leftover after parsing attributes in process `syz.1.26244'. [ 2021.724663][ T9466] NCSI netlink: No device for ifindex 0 [ 2021.746154][ T9467] netlink: 16 bytes leftover after parsing attributes in process `syz.0.26245'. [ 2021.894958][ T9473] netlink: 24 bytes leftover after parsing attributes in process `syz.3.26247'. [ 2022.078293][ T9481] netlink: 12 bytes leftover after parsing attributes in process `syz.2.26249'. [ 2022.260481][ T9493] nbd: socks must be embedded in a SOCK_ITEM attr [ 2022.468938][ T9503] netlink: 4 bytes leftover after parsing attributes in process `syz.1.26255'. [ 2023.107165][ T9537] netlink: 12 bytes leftover after parsing attributes in process `syz.4.26264'. [ 2023.420702][ T9554] netlink: 'syz.1.26270': attribute type 7 has an invalid length. [ 2023.458235][ T9554] netlink: 'syz.1.26270': attribute type 8 has an invalid length. [ 2023.468835][ T9554] netlink: 'syz.1.26270': attribute type 8 has an invalid length. [ 2023.477437][ T9554] netlink: 'syz.1.26270': attribute type 4 has an invalid length. [ 2023.486515][ T9554] netlink: 'syz.1.26270': attribute type 7 has an invalid length. [ 2023.515379][ T9554] netlink: 207236 bytes leftover after parsing attributes in process `syz.1.26270'. [ 2023.599507][ T9564] netlink: 12 bytes leftover after parsing attributes in process `syz.4.26275'. [ 2023.726024][ T9569] netlink: 'syz.2.26277': attribute type 4 has an invalid length. [ 2023.873233][ T9583] tipc: Enabling of bearer rejected, already enabled [ 2023.882634][ T9581] netlink: 28 bytes leftover after parsing attributes in process `syz.3.26281'. [ 2023.975517][ T9591] FAULT_INJECTION: forcing a failure. [ 2023.975517][ T9591] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2023.994498][ T9591] CPU: 0 UID: 0 PID: 9591 Comm: syz.3.26284 Not tainted syzkaller #0 PREEMPT(full) [ 2023.994523][ T9591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 2023.994534][ T9591] Call Trace: [ 2023.994541][ T9591] [ 2023.994549][ T9591] dump_stack_lvl+0xe8/0x150 [ 2023.994576][ T9591] should_fail_ex+0x412/0x560 [ 2023.994606][ T9591] _copy_from_user+0x2d/0xb0 [ 2023.994631][ T9591] ___sys_sendmsg+0x1c6/0x360 [ 2023.994654][ T9591] ? __lock_acquire+0x6b5/0x2cf0 [ 2023.994679][ T9591] ? __pfx____sys_sendmsg+0x10/0x10 [ 2023.994737][ T9591] ? __fget_files+0x2a/0x420 [ 2023.994758][ T9591] ? __fget_files+0x3a0/0x420 [ 2023.994790][ T9591] __x64_sys_sendmsg+0x1bd/0x2a0 [ 2023.994816][ T9591] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2023.994850][ T9591] ? __pfx_ksys_write+0x10/0x10 [ 2023.994883][ T9591] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2023.994903][ T9591] do_syscall_64+0x15f/0xf80 [ 2023.994934][ T9591] ? trace_irq_disable+0x3b/0x140 [ 2023.994960][ T9591] ? clear_bhb_loop+0x40/0x90 [ 2023.994983][ T9591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2023.995001][ T9591] RIP: 0033:0x7f964b19cdd9 [ 2023.995019][ T9591] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2023.995034][ T9591] RSP: 002b:00007f964c09a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2023.995054][ T9591] RAX: ffffffffffffffda RBX: 00007f964b415fa0 RCX: 00007f964b19cdd9 [ 2023.995067][ T9591] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 2023.995079][ T9591] RBP: 00007f964c09a090 R08: 0000000000000000 R09: 0000000000000000 [ 2023.995090][ T9591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2023.995100][ T9591] R13: 00007f964b416038 R14: 00007f964b415fa0 R15: 00007ffedc634678 [ 2023.995133][ T9591] [ 2024.292194][ T9602] netlink: 8 bytes leftover after parsing attributes in process `syz.2.26287'. [ 2024.309777][ T9604] netlink: 'syz.3.26288': attribute type 6 has an invalid length. [ 2024.486327][ T9612] FAULT_INJECTION: forcing a failure. [ 2024.486327][ T9612] name failslab, interval 1, probability 0, space 0, times 0 [ 2024.502959][ T9612] CPU: 0 UID: 0 PID: 9612 Comm: syz.2.26292 Not tainted syzkaller #0 PREEMPT(full) [ 2024.502985][ T9612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 2024.502997][ T9612] Call Trace: [ 2024.503006][ T9612] [ 2024.503014][ T9612] dump_stack_lvl+0xe8/0x150 [ 2024.503041][ T9612] should_fail_ex+0x412/0x560 [ 2024.503072][ T9612] should_failslab+0xa8/0x100 [ 2024.503101][ T9612] __kmalloc_cache_noprof+0x88/0x660 [ 2024.503125][ T9612] ? __kasan_kmalloc+0x93/0xb0 [ 2024.503151][ T9612] ? ovs_nla_get_identifier+0x72/0xd0 [ 2024.503179][ T9612] ovs_nla_get_identifier+0x72/0xd0 [ 2024.503204][ T9612] ovs_flow_cmd_new+0x505/0xe80 [ 2024.503231][ T9612] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 2024.503304][ T9612] ? __nla_parse+0x40/0x60 [ 2024.503331][ T9612] ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0 [ 2024.503349][ T9612] ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0 [ 2024.503374][ T9612] genl_family_rcv_msg_doit+0x22a/0x330 [ 2024.503406][ T9612] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 2024.503444][ T9612] ? bpf_lsm_capable+0x9/0x20 [ 2024.503461][ T9612] ? security_capable+0x7e/0x2c0 [ 2024.503489][ T9612] genl_rcv_msg+0x61c/0x7a0 [ 2024.503520][ T9612] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2024.503542][ T9612] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 2024.503571][ T9612] netlink_rcv_skb+0x232/0x4b0 [ 2024.503592][ T9612] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2024.503621][ T9612] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2024.503658][ T9612] ? down_read+0x270/0x2e0 [ 2024.503678][ T9612] ? genl_rcv+0xd/0x40 [ 2024.503702][ T9612] genl_rcv+0x28/0x40 [ 2024.503725][ T9612] netlink_unicast+0x75c/0x8e0 [ 2024.503759][ T9612] netlink_sendmsg+0x813/0xb40 [ 2024.503793][ T9612] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2024.503820][ T9612] ? aa_sock_msg_perm+0xf1/0x1b0 [ 2024.503846][ T9612] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2024.503874][ T9612] ____sys_sendmsg+0x972/0x9f0 [ 2024.503894][ T9612] ? __might_fault+0xaf/0x130 [ 2024.503931][ T9612] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2024.503961][ T9612] ? import_iovec+0x73/0xa0 [ 2024.503990][ T9612] ___sys_sendmsg+0x2a5/0x360 [ 2024.504011][ T9612] ? __lock_acquire+0x6b5/0x2cf0 [ 2024.504036][ T9612] ? __pfx____sys_sendmsg+0x10/0x10 [ 2024.504093][ T9612] ? __fget_files+0x2a/0x420 [ 2024.504110][ T9612] ? __fget_files+0x3a0/0x420 [ 2024.504138][ T9612] __x64_sys_sendmsg+0x1bd/0x2a0 [ 2024.504162][ T9612] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2024.504193][ T9612] ? __pfx_ksys_write+0x10/0x10 [ 2024.504227][ T9612] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2024.504248][ T9612] do_syscall_64+0x15f/0xf80 [ 2024.504268][ T9612] ? trace_irq_disable+0x3b/0x140 [ 2024.504294][ T9612] ? clear_bhb_loop+0x40/0x90 [ 2024.504318][ T9612] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2024.504336][ T9612] RIP: 0033:0x7fa18e19cdd9 [ 2024.504354][ T9612] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2024.504370][ T9612] RSP: 002b:00007fa18f133028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2024.504389][ T9612] RAX: ffffffffffffffda RBX: 00007fa18e415fa0 RCX: 00007fa18e19cdd9 [ 2024.504403][ T9612] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003 [ 2024.504415][ T9612] RBP: 00007fa18f133090 R08: 0000000000000000 R09: 0000000000000000 [ 2024.504427][ T9612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2024.504438][ T9612] R13: 00007fa18e416038 R14: 00007fa18e415fa0 R15: 00007ffcb53b6048 [ 2024.504471][ T9612] [ 2024.921308][ T9616] dummy0: mtu less than device minimum [ 2025.217834][ T9642] netlink: 'syz.0.26298': attribute type 4 has an invalid length. [ 2025.253981][ T9642] netlink: 'syz.0.26298': attribute type 4 has an invalid length. [ 2025.662113][ T9670] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2025.966342][ T9687] FAULT_INJECTION: forcing a failure. [ 2025.966342][ T9687] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2026.021567][ T9687] CPU: 0 UID: 0 PID: 9687 Comm: syz.0.26313 Not tainted syzkaller #0 PREEMPT(full) [ 2026.021593][ T9687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 2026.021604][ T9687] Call Trace: [ 2026.021612][ T9687] [ 2026.021621][ T9687] dump_stack_lvl+0xe8/0x150 [ 2026.021649][ T9687] should_fail_ex+0x412/0x560 [ 2026.021680][ T9687] _copy_from_user+0x2d/0xb0 [ 2026.021706][ T9687] kstrtouint_from_user+0xd6/0x180 [ 2026.021732][ T9687] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 2026.021773][ T9687] proc_fail_nth_write+0x8e/0x210 [ 2026.021796][ T9687] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 2026.021824][ T9687] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 2026.021847][ T9687] vfs_write+0x29a/0xb90 [ 2026.021879][ T9687] ? __pfx_vfs_write+0x10/0x10 [ 2026.021905][ T9687] ? __fget_files+0x2a/0x420 [ 2026.021930][ T9687] ? __fget_files+0x3a0/0x420 [ 2026.021950][ T9687] ? __fget_files+0x2a/0x420 [ 2026.021981][ T9687] ksys_write+0x150/0x270 [ 2026.022009][ T9687] ? __pfx_ksys_write+0x10/0x10 [ 2026.022050][ T9687] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2026.022070][ T9687] do_syscall_64+0x15f/0xf80 [ 2026.022092][ T9687] ? trace_irq_disable+0x3b/0x140 [ 2026.022118][ T9687] ? clear_bhb_loop+0x40/0x90 [ 2026.022141][ T9687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2026.022160][ T9687] RIP: 0033:0x7f14cbf5d60e [ 2026.022177][ T9687] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 2026.022193][ T9687] RSP: 002b:00007f14cce3cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2026.022213][ T9687] RAX: ffffffffffffffda RBX: 00007f14cce3d6c0 RCX: 00007f14cbf5d60e [ 2026.022225][ T9687] RDX: 0000000000000001 RSI: 00007f14cce3d0a0 RDI: 0000000000000004 [ 2026.022237][ T9687] RBP: 00007f14cce3d090 R08: 0000000000000000 R09: 0000000000000000 [ 2026.022249][ T9687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2026.022260][ T9687] R13: 00007f14cc216038 R14: 00007f14cc215fa0 R15: 00007ffee8e203a8 [ 2026.022293][ T9687] [ 2026.545949][ T9709] sctp: [Deprecated]: syz.2.26317 (pid 9709) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2026.545949][ T9709] Use struct sctp_sack_info instead [ 2026.765303][ T9724] validate_nla: 2 callbacks suppressed [ 2026.765315][ T9724] netlink: 'syz.3.26324': attribute type 9 has an invalid length. [ 2026.780271][ T9724] __nla_validate_parse: 10 callbacks suppressed [ 2026.780287][ T9724] netlink: 8 bytes leftover after parsing attributes in process `syz.3.26324'. [ 2026.800324][ T9724] macvlan1: entered promiscuous mode [ 2026.805979][ T9724] macvlan1: entered allmulticast mode [ 2026.811370][ T9724] batadv0: entered allmulticast mode [ 2026.817227][ T9724] 8021q: adding VLAN 0 to HW filter on device macvlan1 [ 2026.937321][ T9731] netlink: 12 bytes leftover after parsing attributes in process `syz.3.26326'. [ 2029.261699][ T9693] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 2029.483148][ T9751] netlink: 29264 bytes leftover after parsing attributes in process `syz.3.26333'. [ 2029.524151][ T9751] netlink: 'syz.3.26333': attribute type 1 has an invalid length. [ 2029.529445][ T9754] tipc: Enabled bearer , priority 0 [ 2029.539561][ T9751] netlink: 276 bytes leftover after parsing attributes in process `syz.3.26333'. [ 2029.654610][ T9754] syzkaller0: entered promiscuous mode [ 2029.660194][ T9754] syzkaller0: entered allmulticast mode [ 2029.662145][ T9758] netlink: 20 bytes leftover after parsing attributes in process `syz.4.26336'. [ 2029.667000][ T9754] tipc: Resetting bearer [ 2029.701937][ T9749] tipc: Resetting bearer [ 2032.412027][ T9749] tipc: Disabling bearer [ 2032.431077][ T9768] netlink: 12 bytes leftover after parsing attributes in process `syz.3.26338'. [ 2032.444362][ T9773] tipc: Enabling of bearer rejected, failed to enable media [ 2032.465972][ T9758] syzkaller0 speed is unknown, defaulting to 1000 [ 2032.498526][ T9758] lo speed is unknown, defaulting to 1000 [ 2032.588178][ T9782] netlink: 'syz.2.26341': attribute type 1 has an invalid length. [ 2032.598301][ T9781] netlink: 12 bytes leftover after parsing attributes in process `syz.1.26342'. [ 2032.704636][ T9790] netlink: 28 bytes leftover after parsing attributes in process `syz.2.26341'. [ 2032.711239][ T9792] FAULT_INJECTION: forcing a failure. [ 2032.711239][ T9792] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2032.729937][ T9792] CPU: 0 UID: 0 PID: 9792 Comm: syz.1.26344 Not tainted syzkaller #0 PREEMPT(full) [ 2032.729960][ T9792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 2032.729971][ T9792] Call Trace: [ 2032.729979][ T9792] [ 2032.729987][ T9792] dump_stack_lvl+0xe8/0x150 [ 2032.730013][ T9792] should_fail_ex+0x412/0x560 [ 2032.730040][ T9792] _copy_to_user+0x31/0xb0 [ 2032.730067][ T9792] simple_read_from_buffer+0xe1/0x170 [ 2032.730095][ T9792] proc_fail_nth_read+0x1bb/0x230 [ 2032.730121][ T9792] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2032.730144][ T9792] ? rw_verify_area+0x2a6/0x4d0 [ 2032.730166][ T9792] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2032.730188][ T9792] vfs_read+0x20c/0xa70 [ 2032.730217][ T9792] ? __pfx___mutex_lock+0x10/0x10 [ 2032.730239][ T9792] ? __pfx_vfs_read+0x10/0x10 [ 2032.730271][ T9792] ? __fget_files+0x2a/0x420 [ 2032.730295][ T9792] ? __fget_files+0x3a0/0x420 [ 2032.730313][ T9792] ? __fget_files+0x2a/0x420 [ 2032.730345][ T9792] ksys_read+0x150/0x270 [ 2032.730369][ T9792] ? __pfx_ksys_read+0x10/0x10 [ 2032.730401][ T9792] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2032.730422][ T9792] do_syscall_64+0x15f/0xf80 [ 2032.730442][ T9792] ? trace_irq_disable+0x3b/0x140 [ 2032.730469][ T9792] ? clear_bhb_loop+0x40/0x90 [ 2032.730490][ T9792] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2032.730508][ T9792] RIP: 0033:0x7f1fb315d60e [ 2032.730524][ T9792] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 2032.730539][ T9792] RSP: 002b:00007f1fb13f5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2032.730558][ T9792] RAX: ffffffffffffffda RBX: 00007f1fb13f66c0 RCX: 00007f1fb315d60e [ 2032.730570][ T9792] RDX: 000000000000000f RSI: 00007f1fb13f60a0 RDI: 0000000000000004 [ 2032.730580][ T9792] RBP: 00007f1fb13f6090 R08: 0000000000000000 R09: 0000000000000000 [ 2032.730591][ T9792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2032.730602][ T9792] R13: 00007f1fb3416038 R14: 00007f1fb3415fa0 R15: 00007ffe5556c558 [ 2032.730633][ T9792] [ 2032.764746][ T9782] bond25: entered promiscuous mode [ 2032.976308][ T9782] 8021q: adding VLAN 0 to HW filter on device bond25 [ 2032.991787][ T9790] bond25: entered allmulticast mode [ 2033.144232][ T9798] bond25: (slave bridge27): making interface the new active one [ 2033.162199][ T9798] bridge27: entered promiscuous mode [ 2033.180672][ T9798] bridge27: entered allmulticast mode [ 2033.207874][ T9798] bond25: (slave bridge27): Enslaving as an active interface with an up link [ 2033.482660][ T9818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2033.730289][ T9826] netlink: 12 bytes leftover after parsing attributes in process `syz.2.26355'. [ 2033.928684][ T9835] netlink: 12 bytes leftover after parsing attributes in process `syz.1.26359'. [ 2034.456131][ T9845] A link change request failed with some changes committed already. Interface eth0 may have been left with an inconsistent configuration, please check. [ 2034.494248][ T9849] syzkaller0 speed is unknown, defaulting to 1000 [ 2034.515907][ T9849] lo speed is unknown, defaulting to 1000 [ 2034.517379][ T9858] xt_hashlimit: size too large, truncated to 1048576 [ 2034.545286][ T9825] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 2034.775615][ T9866] netlink: 'syz.3.26371': attribute type 11 has an invalid length. [ 2034.836803][ T9872] netlink: 12 bytes leftover after parsing attributes in process `syz.4.26372'. [ 2035.134222][ T9885] netlink: 28 bytes leftover after parsing attributes in process `syz.1.26377'. [ 2035.180549][ T9885] openvswitch: netlink: Flow key attr not present in new flow. [ 2035.216474][ T9889] FAULT_INJECTION: forcing a failure. [ 2035.216474][ T9889] name failslab, interval 1, probability 0, space 0, times 0 [ 2035.243911][ T9889] CPU: 1 UID: 0 PID: 9889 Comm: syz.2.26380 Not tainted syzkaller #0 PREEMPT(full) [ 2035.243941][ T9889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 2035.243952][ T9889] Call Trace: [ 2035.243959][ T9889] [ 2035.243968][ T9889] dump_stack_lvl+0xe8/0x150 [ 2035.243995][ T9889] should_fail_ex+0x412/0x560 [ 2035.244023][ T9889] should_failslab+0xa8/0x100 [ 2035.244052][ T9889] __kmalloc_noprof+0xe8/0x760 [ 2035.244074][ T9889] ? __kasan_kmalloc+0x93/0xb0 [ 2035.244097][ T9889] ? ovs_nla_copy_actions+0x68/0x3d0 [ 2035.244120][ T9889] ? __kmalloc_cache_noprof+0x31c/0x660 [ 2035.244148][ T9889] ovs_nla_copy_actions+0x68/0x3d0 [ 2035.244170][ T9889] ? __asan_memcpy+0x40/0x70 [ 2035.244197][ T9889] ovs_flow_cmd_new+0x615/0xe80 [ 2035.244227][ T9889] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 2035.244314][ T9889] ? __nla_parse+0x40/0x60 [ 2035.244343][ T9889] ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0 [ 2035.244360][ T9889] ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0 [ 2035.244385][ T9889] genl_family_rcv_msg_doit+0x22a/0x330 [ 2035.244419][ T9889] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 2035.244458][ T9889] ? bpf_lsm_capable+0x9/0x20 [ 2035.244476][ T9889] ? security_capable+0x7e/0x2c0 [ 2035.244503][ T9889] genl_rcv_msg+0x61c/0x7a0 [ 2035.244537][ T9889] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2035.244562][ T9889] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 2035.244596][ T9889] netlink_rcv_skb+0x232/0x4b0 [ 2035.244618][ T9889] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2035.244646][ T9889] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2035.244691][ T9889] ? down_read+0x270/0x2e0 [ 2035.244715][ T9889] ? genl_rcv+0xd/0x40 [ 2035.244742][ T9889] genl_rcv+0x28/0x40 [ 2035.244764][ T9889] netlink_unicast+0x75c/0x8e0 [ 2035.244796][ T9889] netlink_sendmsg+0x813/0xb40 [ 2035.244829][ T9889] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2035.244856][ T9889] ? aa_sock_msg_perm+0xf1/0x1b0 [ 2035.244881][ T9889] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2035.244908][ T9889] ____sys_sendmsg+0x972/0x9f0 [ 2035.244933][ T9889] ? __might_fault+0xaf/0x130 [ 2035.244962][ T9889] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2035.244995][ T9889] ? import_iovec+0x73/0xa0 [ 2035.245023][ T9889] ___sys_sendmsg+0x2a5/0x360 [ 2035.245046][ T9889] ? __lock_acquire+0x6b5/0x2cf0 [ 2035.245071][ T9889] ? __pfx____sys_sendmsg+0x10/0x10 [ 2035.245130][ T9889] ? __fget_files+0x2a/0x420 [ 2035.245150][ T9889] ? __fget_files+0x3a0/0x420 [ 2035.245179][ T9889] __x64_sys_sendmsg+0x1bd/0x2a0 [ 2035.245203][ T9889] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2035.245235][ T9889] ? __pfx_ksys_write+0x10/0x10 [ 2035.245277][ T9889] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2035.245296][ T9889] do_syscall_64+0x15f/0xf80 [ 2035.245316][ T9889] ? trace_irq_disable+0x3b/0x140 [ 2035.245341][ T9889] ? clear_bhb_loop+0x40/0x90 [ 2035.245364][ T9889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2035.245383][ T9889] RIP: 0033:0x7fa18e19cdd9 [ 2035.245400][ T9889] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2035.245416][ T9889] RSP: 002b:00007fa18f133028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2035.245435][ T9889] RAX: ffffffffffffffda RBX: 00007fa18e415fa0 RCX: 00007fa18e19cdd9 [ 2035.245448][ T9889] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003 [ 2035.245459][ T9889] RBP: 00007fa18f133090 R08: 0000000000000000 R09: 0000000000000000 [ 2035.245470][ T9889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2035.245481][ T9889] R13: 00007fa18e416038 R14: 00007fa18e415fa0 R15: 00007ffcb53b6048 [ 2035.245513][ T9889] [ 2035.246923][ T9889] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 2035.256755][ T9893] netlink: 'syz.3.26381': attribute type 1 has an invalid length. [ 2035.543160][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2035.564120][ T9899] netlink: 'syz.3.26383': attribute type 1 has an invalid length. [ 2035.716901][ T9899] netlink: 'syz.3.26383': attribute type 1 has an invalid length. [ 2035.796348][ T9905] netlink: 'syz.4.26384': attribute type 11 has an invalid length. [ 2035.826733][ T9911] netlink: 12 bytes leftover after parsing attributes in process `syz.2.26385'. [ 2036.116529][ T9926] FAULT_INJECTION: forcing a failure. [ 2036.116529][ T9926] name failslab, interval 1, probability 0, space 0, times 0 [ 2036.134396][ T9926] CPU: 0 UID: 0 PID: 9926 Comm: syz.2.26391 Not tainted syzkaller #0 PREEMPT(full) [ 2036.134423][ T9926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 2036.134434][ T9926] Call Trace: [ 2036.134442][ T9926] [ 2036.134451][ T9926] dump_stack_lvl+0xe8/0x150 [ 2036.134481][ T9926] should_fail_ex+0x412/0x560 [ 2036.134510][ T9926] should_failslab+0xa8/0x100 [ 2036.134540][ T9926] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 2036.134567][ T9926] ? __alloc_skb+0x1d0/0x7d0 [ 2036.134587][ T9926] ? __local_bh_enable_ip+0xd0/0x130 [ 2036.134612][ T9926] __alloc_skb+0x1d0/0x7d0 [ 2036.134638][ T9926] tc_ctl_action+0x823/0xc70 [ 2036.134669][ T9926] ? __pfx_tc_ctl_action+0x10/0x10 [ 2036.134695][ T9926] ? trace_contention_end+0x3d/0x140 [ 2036.134767][ T9926] ? __pfx_tc_ctl_action+0x10/0x10 [ 2036.134787][ T9926] rtnetlink_rcv_msg+0x77e/0xbe0 [ 2036.134807][ T9926] ? kmem_cache_alloc_node_noprof+0x384/0x690 [ 2036.134831][ T9926] ? netlink_sendmsg+0x5d4/0xb40 [ 2036.134855][ T9926] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 2036.134876][ T9926] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2036.134900][ T9926] ? __lock_acquire+0x6b5/0x2cf0 [ 2036.134934][ T9926] netlink_rcv_skb+0x232/0x4b0 [ 2036.134958][ T9926] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2036.134982][ T9926] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2036.135026][ T9926] ? netlink_deliver_tap+0x2e/0x1b0 [ 2036.135049][ T9926] ? netlink_deliver_tap+0x2e/0x1b0 [ 2036.135077][ T9926] netlink_unicast+0x75c/0x8e0 [ 2036.135111][ T9926] netlink_sendmsg+0x813/0xb40 [ 2036.135143][ T9926] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2036.135169][ T9926] ? aa_sock_msg_perm+0xf1/0x1b0 [ 2036.135193][ T9926] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2036.135222][ T9926] ____sys_sendmsg+0x972/0x9f0 [ 2036.135245][ T9926] ? __might_fault+0xaf/0x130 [ 2036.135275][ T9926] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2036.135309][ T9926] ? import_iovec+0x73/0xa0 [ 2036.135339][ T9926] ___sys_sendmsg+0x2a5/0x360 [ 2036.135361][ T9926] ? __lock_acquire+0x6b5/0x2cf0 [ 2036.135385][ T9926] ? __pfx____sys_sendmsg+0x10/0x10 [ 2036.135448][ T9926] ? __fget_files+0x2a/0x420 [ 2036.135468][ T9926] ? __fget_files+0x3a0/0x420 [ 2036.135502][ T9926] __x64_sys_sendmsg+0x1bd/0x2a0 [ 2036.135528][ T9926] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2036.135562][ T9926] ? __pfx_ksys_write+0x10/0x10 [ 2036.135596][ T9926] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2036.135616][ T9926] do_syscall_64+0x15f/0xf80 [ 2036.135637][ T9926] ? trace_irq_disable+0x3b/0x140 [ 2036.135663][ T9926] ? clear_bhb_loop+0x40/0x90 [ 2036.135687][ T9926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2036.135705][ T9926] RIP: 0033:0x7fa18e19cdd9 [ 2036.135723][ T9926] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2036.135739][ T9926] RSP: 002b:00007fa18f133028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2036.135759][ T9926] RAX: ffffffffffffffda RBX: 00007fa18e415fa0 RCX: 00007fa18e19cdd9 [ 2036.135772][ T9926] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 2036.135784][ T9926] RBP: 00007fa18f133090 R08: 0000000000000000 R09: 0000000000000000 [ 2036.135796][ T9926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2036.135807][ T9926] R13: 00007fa18e416038 R14: 00007fa18e415fa0 R15: 00007ffcb53b6048 [ 2036.135840][ T9926] [ 2036.206856][ T9931] openvswitch: netlink: Flow actions attr not present in new flow. [ 2036.701341][ T9941] FAULT_INJECTION: forcing a failure. [ 2036.701341][ T9941] name failslab, interval 1, probability 0, space 0, times 0 [ 2036.747881][ T9941] CPU: 0 UID: 0 PID: 9941 Comm: syz.4.26395 Not tainted syzkaller #0 PREEMPT(full) [ 2036.747915][ T9941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 2036.747927][ T9941] Call Trace: [ 2036.747935][ T9941] [ 2036.747944][ T9941] dump_stack_lvl+0xe8/0x150 [ 2036.747971][ T9941] should_fail_ex+0x412/0x560 [ 2036.748001][ T9941] should_failslab+0xa8/0x100 [ 2036.748031][ T9941] __kmalloc_cache_noprof+0x88/0x660 [ 2036.748055][ T9941] ? __netlink_lookup+0xc6/0x8b0 [ 2036.748080][ T9941] ? ctnetlink_alloc_filter+0xb2/0xae0 [ 2036.748107][ T9941] ctnetlink_alloc_filter+0xb2/0xae0 [ 2036.748127][ T9941] ? __pfx___mutex_lock+0x10/0x10 [ 2036.748151][ T9941] ? __pfx_ctnetlink_alloc_filter+0x10/0x10 [ 2036.748178][ T9941] ? netlink_lookup+0x30/0x200 [ 2036.748204][ T9941] ctnetlink_start+0x13b/0x1b0 [ 2036.748227][ T9941] __netlink_dump_start+0x469/0x7e0 [ 2036.748259][ T9941] ctnetlink_get_conntrack+0x212/0x7b0 [ 2036.748281][ T9941] ? __lock_acquire+0x6b5/0x2cf0 [ 2036.748303][ T9941] ? __pfx_ctnetlink_get_conntrack+0x10/0x10 [ 2036.748326][ T9941] ? __pfx___mutex_lock+0x10/0x10 [ 2036.748351][ T9941] ? __pfx_ctnetlink_start+0x10/0x10 [ 2036.748368][ T9941] ? __pfx_ctnetlink_dump_table+0x10/0x10 [ 2036.748384][ T9941] ? __pfx_ctnetlink_done+0x10/0x10 [ 2036.748416][ T9941] nfnetlink_rcv_msg+0xc03/0x12c0 [ 2036.748438][ T9941] ? __lock_acquire+0x6b5/0x2cf0 [ 2036.748456][ T9941] ? nfnetlink_rcv_msg+0x22a/0x12c0 [ 2036.748498][ T9941] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 2036.748553][ T9941] ? __lock_acquire+0x6b5/0x2cf0 [ 2036.748594][ T9941] netlink_rcv_skb+0x232/0x4b0 [ 2036.748619][ T9941] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 2036.748643][ T9941] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2036.748679][ T9941] ? bpf_lsm_capable+0x9/0x20 [ 2036.748696][ T9941] ? security_capable+0x7e/0x2c0 [ 2036.748727][ T9941] nfnetlink_rcv+0x2c0/0x27b0 [ 2036.748752][ T9941] ? kernel_text_address+0xa5/0xe0 [ 2036.748778][ T9941] ? __kernel_text_address+0xd/0x30 [ 2036.748802][ T9941] ? unwind_get_return_address+0x4d/0x90 [ 2036.748825][ T9941] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 2036.748852][ T9941] ? arch_stack_walk+0xfb/0x150 [ 2036.748888][ T9941] ? stack_trace_save+0xa9/0x100 [ 2036.748924][ T9941] ? __lock_acquire+0x6b5/0x2cf0 [ 2036.748945][ T9941] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 2036.748972][ T9941] ? kasan_save_track+0x4f/0x80 [ 2036.748994][ T9941] ? kasan_save_track+0x3e/0x80 [ 2036.749016][ T9941] ? __kasan_slab_alloc+0x6c/0x80 [ 2036.749039][ T9941] ? kmem_cache_alloc_node_noprof+0x384/0x690 [ 2036.749061][ T9941] ? __alloc_skb+0x27d/0x7d0 [ 2036.749081][ T9941] ? netlink_sendmsg+0x5d4/0xb40 [ 2036.749112][ T9941] ? __lock_acquire+0x6b5/0x2cf0 [ 2036.749146][ T9941] ? __netlink_lookup+0xc6/0x8b0 [ 2036.749180][ T9941] ? netlink_deliver_tap+0x2e/0x1b0 [ 2036.749205][ T9941] ? netlink_deliver_tap+0x2e/0x1b0 [ 2036.749235][ T9941] ? netlink_deliver_tap+0x2e/0x1b0 [ 2036.749257][ T9941] ? netlink_deliver_tap+0x2e/0x1b0 [ 2036.749286][ T9941] netlink_unicast+0x75c/0x8e0 [ 2036.749320][ T9941] netlink_sendmsg+0x813/0xb40 [ 2036.749353][ T9941] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2036.749380][ T9941] ? aa_sock_msg_perm+0xf1/0x1b0 [ 2036.749405][ T9941] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2036.749433][ T9941] ____sys_sendmsg+0x972/0x9f0 [ 2036.749457][ T9941] ? __might_fault+0xaf/0x130 [ 2036.749487][ T9941] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2036.749520][ T9941] ? import_iovec+0x73/0xa0 [ 2036.749548][ T9941] ___sys_sendmsg+0x2a5/0x360 [ 2036.749571][ T9941] ? __lock_acquire+0x6b5/0x2cf0 [ 2036.749595][ T9941] ? __pfx____sys_sendmsg+0x10/0x10 [ 2036.749659][ T9941] ? __fget_files+0x2a/0x420 [ 2036.749680][ T9941] ? __fget_files+0x3a0/0x420 [ 2036.749713][ T9941] __x64_sys_sendmsg+0x1bd/0x2a0 [ 2036.749740][ T9941] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2036.749775][ T9941] ? __pfx_ksys_write+0x10/0x10 [ 2036.749811][ T9941] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2036.749831][ T9941] do_syscall_64+0x15f/0xf80 [ 2036.749853][ T9941] ? trace_irq_disable+0x3b/0x140 [ 2036.749879][ T9941] ? clear_bhb_loop+0x40/0x90 [ 2036.749908][ T9941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2036.749927][ T9941] RIP: 0033:0x7fddcd59cdd9 [ 2036.749945][ T9941] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2036.749960][ T9941] RSP: 002b:00007fddce397028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2036.749981][ T9941] RAX: ffffffffffffffda RBX: 00007fddcd815fa0 RCX: 00007fddcd59cdd9 [ 2036.749994][ T9941] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 2036.750007][ T9941] RBP: 00007fddce397090 R08: 0000000000000000 R09: 0000000000000000 [ 2036.750018][ T9941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2036.750029][ T9941] R13: 00007fddcd816038 R14: 00007fddcd815fa0 R15: 00007ffc08664918 [ 2036.750062][ T9941] [ 2037.454969][ T1315] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2037.472885][ T1315] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2037.632087][ T9951] netlink: 12 bytes leftover after parsing attributes in process `syz.2.26399'. [ 2037.713043][ T9952] netlink: 'syz.4.26400': attribute type 11 has an invalid length. [ 2037.874628][ T9970] tipc: Enabled bearer , priority 0 [ 2037.943596][ T9970] syzkaller0: entered promiscuous mode [ 2037.949238][ T9970] syzkaller0: entered allmulticast mode [ 2037.956300][ T9970] tipc: Resetting bearer [ 2038.020923][ T9981] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2038.077882][ T9968] tipc: Resetting bearer [ 2038.122017][ T9988] FAULT_INJECTION: forcing a failure. [ 2038.122017][ T9988] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2038.157508][ T9988] CPU: 1 UID: 0 PID: 9988 Comm: syz.4.26409 Not tainted syzkaller #0 PREEMPT(full) [ 2038.157534][ T9988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 2038.157546][ T9988] Call Trace: [ 2038.157554][ T9988] [ 2038.157562][ T9988] dump_stack_lvl+0xe8/0x150 [ 2038.157589][ T9988] should_fail_ex+0x412/0x560 [ 2038.157618][ T9988] _copy_from_user+0x2d/0xb0 [ 2038.157644][ T9988] __copy_msghdr+0x3c5/0x5b0 [ 2038.157673][ T9988] ___sys_sendmsg+0x213/0x360 [ 2038.157695][ T9988] ? __lock_acquire+0x6b5/0x2cf0 [ 2038.157719][ T9988] ? __pfx____sys_sendmsg+0x10/0x10 [ 2038.157743][ T9988] ? kstrtouint+0x6e/0xe0 [ 2038.157800][ T9988] ? __fget_files+0x2a/0x420 [ 2038.157817][ T9988] ? __fget_files+0x3a0/0x420 [ 2038.157842][ T9988] __sys_sendmmsg+0x27c/0x4e0 [ 2038.157866][ T9988] ? __pfx___sys_sendmmsg+0x10/0x10 [ 2038.157883][ T9988] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 2038.157923][ T9988] ? ksys_write+0x242/0x270 [ 2038.157945][ T9988] ? __pfx_ksys_write+0x10/0x10 [ 2038.157971][ T9988] __x64_sys_sendmmsg+0xa0/0xc0 [ 2038.157989][ T9988] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2038.158004][ T9988] do_syscall_64+0x15f/0xf80 [ 2038.158021][ T9988] ? trace_irq_disable+0x3b/0x140 [ 2038.158042][ T9988] ? clear_bhb_loop+0x40/0x90 [ 2038.158060][ T9988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2038.158075][ T9988] RIP: 0033:0x7fddcd59cdd9 [ 2038.158089][ T9988] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2038.158102][ T9988] RSP: 002b:00007fddce397028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2038.158117][ T9988] RAX: ffffffffffffffda RBX: 00007fddcd815fa0 RCX: 00007fddcd59cdd9 [ 2038.158129][ T9988] RDX: 0000000000000002 RSI: 00002000000094c0 RDI: 0000000000000003 [ 2038.158138][ T9988] RBP: 00007fddce397090 R08: 0000000000000000 R09: 0000000000000000 [ 2038.158147][ T9988] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000001 [ 2038.158156][ T9988] R13: 00007fddcd816038 R14: 00007fddcd815fa0 R15: 00007ffc08664918 [ 2038.158180][ T9988] [ 2038.223162][ T13] ------------[ cut here ]------------ [ 2038.230461][ T9992] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2038.235240][ T13] UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13 [ 2038.419046][ T13] shift exponent 64 is too large for 64-bit type 'unsigned long' [ 2038.427538][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) [ 2038.427560][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 2038.427570][ T13] Workqueue: events_unbound conn_resize_work_handler [ 2038.427602][ T13] Call Trace: [ 2038.427608][ T13] [ 2038.427616][ T13] dump_stack_lvl+0xe8/0x150 [ 2038.427638][ T13] ubsan_epilogue+0xa/0x30 [ 2038.427659][ T13] __ubsan_handle_shift_out_of_bounds+0x385/0x410 [ 2038.427705][ T13] ip_vs_rht_desired_size+0x2cf/0x410 [ 2038.427726][ T13] conn_resize_work_handler+0x1b6/0x14c0 [ 2038.427750][ T13] ? __lock_acquire+0x6b5/0x2cf0 [ 2038.427773][ T13] ? trace_hrtimer_start+0x82/0x200 [ 2038.427802][ T13] ? do_raw_spin_lock+0x12b/0x2f0 [ 2038.427821][ T13] ? lock_acquire+0x106/0x350 [ 2038.427846][ T13] ? __pfx_conn_resize_work_handler+0x10/0x10 [ 2038.427870][ T13] ? process_scheduled_works+0xa70/0x1860 [ 2038.427895][ T13] ? process_scheduled_works+0xa70/0x1860 [ 2038.427910][ T13] ? process_scheduled_works+0xa70/0x1860 [ 2038.427929][ T13] process_scheduled_works+0xb5d/0x1860 [ 2038.427978][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 2038.428001][ T13] ? assign_work+0x3d5/0x5e0 [ 2038.428032][ T13] worker_thread+0xa53/0xfc0 [ 2038.428078][ T13] kthread+0x388/0x470 [ 2038.428099][ T13] ? __pfx_worker_thread+0x10/0x10 [ 2038.428114][ T13] ? __pfx_kthread+0x10/0x10 [ 2038.428135][ T13] ret_from_fork+0x514/0xb70 [ 2038.428156][ T13] ? __pfx_ret_from_fork+0x10/0x10 [ 2038.428173][ T13] ? __switch_to+0xc79/0x1410 [ 2038.428199][ T13] ? __pfx_kthread+0x10/0x10 [ 2038.428220][ T13] ret_from_fork_asm+0x1a/0x30 [ 2038.428256][ T13] [ 2038.428264][ T13] ---[ end trace ]--- [ 2038.598033][ T13] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 2038.605239][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) [ 2038.614506][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 2038.624553][ T13] Workqueue: events_unbound conn_resize_work_handler [ 2038.631275][ T13] Call Trace: [ 2038.634564][ T13] [ 2038.637588][ T13] vpanic+0x56c/0xa60 [ 2038.641588][ T13] ? __pfx_vpanic+0x10/0x10 [ 2038.646117][ T13] panic+0xc5/0xd0 [ 2038.649860][ T13] ? __pfx_panic+0x10/0x10 [ 2038.654295][ T13] ? __pfx__printk+0x10/0x10 [ 2038.658913][ T13] ? dump_stack_lvl+0x103/0x150 [ 2038.663787][ T13] check_panic_on_warn+0x89/0xb0 [ 2038.668754][ T13] __ubsan_handle_shift_out_of_bounds+0x385/0x410 [ 2038.675209][ T13] ip_vs_rht_desired_size+0x2cf/0x410 [ 2038.680585][ T13] conn_resize_work_handler+0x1b6/0x14c0 [ 2038.686220][ T13] ? __lock_acquire+0x6b5/0x2cf0 [ 2038.691154][ T13] ? trace_hrtimer_start+0x82/0x200 [ 2038.696359][ T13] ? do_raw_spin_lock+0x12b/0x2f0 [ 2038.701392][ T13] ? lock_acquire+0x106/0x350 [ 2038.706074][ T13] ? __pfx_conn_resize_work_handler+0x10/0x10 [ 2038.712148][ T13] ? process_scheduled_works+0xa70/0x1860 [ 2038.717871][ T13] ? process_scheduled_works+0xa70/0x1860 [ 2038.723582][ T13] ? process_scheduled_works+0xa70/0x1860 [ 2038.729297][ T13] process_scheduled_works+0xb5d/0x1860 [ 2038.734864][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 2038.740850][ T13] ? assign_work+0x3d5/0x5e0 [ 2038.745436][ T13] worker_thread+0xa53/0xfc0 [ 2038.750042][ T13] kthread+0x388/0x470 [ 2038.754105][ T13] ? __pfx_worker_thread+0x10/0x10 [ 2038.759220][ T13] ? __pfx_kthread+0x10/0x10 [ 2038.763808][ T13] ret_from_fork+0x514/0xb70 [ 2038.768409][ T13] ? __pfx_ret_from_fork+0x10/0x10 [ 2038.773510][ T13] ? __switch_to+0xc79/0x1410 [ 2038.778197][ T13] ? __pfx_kthread+0x10/0x10 [ 2038.782800][ T13] ret_from_fork_asm+0x1a/0x30 [ 2038.787584][ T13] [ 2038.791216][ T13] Kernel Offset: disabled [ 2038.795578][ T13] Rebooting in 86400 seconds..