last executing test programs: 1m18.824210885s ago: executing program 3 (id=1091): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x6, 0xb, &(0x7f0000000800)=ANY=[@ANYBLOB="180000000900000000000000000000008510000003000000183700000300000000000000001f7d3a85feb00e762105aa043346cf000000852000000400000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000"], &(0x7f0000000180)='GPL\x00', 0x5, 0xbc, &(0x7f0000000240)=""/188, 0x41100, 0x56, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f00000001c0)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000340)={0x4, 0xb, 0x0, 0x7fff}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000380)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f00000003c0)=[{0x3, 0x2, 0xd, 0x4}, {0x2, 0x4, 0x8, 0x4}, {0x5, 0x1, 0xd, 0xb}], 0x10, 0x4138}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xa, 0x16, &(0x7f0000000f40)=ANY=[@ANYBLOB="611289000000000061134c0000000000bf2000000000000007000000080000002d0301"], 0x0, 0xa, 0x0, 0x0, 0xa177df1c56ff4b40, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x10, 0xd}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f90724fc60040f03", 0x17}], 0x1}, 0x0) r3 = socket$kcm(0x10, 0x400000002, 0x0) r4 = accept4$inet6(0xffffffffffffffff, &(0x7f00000004c0)={0xa, 0x0, 0x0, @private1}, &(0x7f0000000640)=0x1c, 0x800) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000780)={'syztnl0\x00', &(0x7f0000000680)={'tunl0\x00', 0x0, 0x40, 0x1, 0x1, 0x4, {{0x2e, 0x4, 0x2, 0x3b, 0xb8, 0x67, 0x0, 0x1, 0x2f, 0x0, @empty, @broadcast, {[@timestamp_addr={0x44, 0x4c, 0xb1, 0x1, 0xd, [{@rand_addr=0x64010102, 0x3bd}, {@multicast1, 0xa4}, {@empty, 0x3}, {@empty, 0x5}, {@private=0xa010102, 0x5}, {@rand_addr=0x64010102, 0x1}, {@rand_addr=0x64010100, 0x4}, {@multicast2, 0x1}, {@broadcast, 0x70}]}, @lsrr={0x83, 0x23, 0x6c, [@multicast2, @multicast1, @broadcast, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback]}, @timestamp_prespec={0x44, 0x34, 0x9f, 0x3, 0xf, [{@multicast1, 0xfffffffa}, {@multicast2, 0x577d}, {@dev={0xac, 0x14, 0x14, 0x2f}, 0x5}, {@private=0xa010100, 0x4}, {@empty, 0xc0000000}, {@empty, 0x8}]}]}}}}}) ioctl$sock_inet6_SIOCSIFDSTADDR(r4, 0x8918, &(0x7f00000007c0)={@ipv4={'\x00', '\xff\xff', @broadcast}, 0x54, r5}) write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="33fe000058"], 0xfe33) 1m18.193667664s ago: executing program 1 (id=1096): r0 = socket$kcm(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}}) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000006c0)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) socket$kcm(0x10, 0x2, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) (async) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) (async) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}}) (async) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000006c0)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) (async) 1m18.125857845s ago: executing program 4 (id=1097): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x6c, 0x30, 0x1, 0x70bd28, 0x0, {}, [{0x58, 0x1, [@m_skbmod={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0xffffffff, 0x10001, 0xffffffffffffffff, 0x3c, 0x3}, 0x400000000a}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4}, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000007e40)=[{0x0, 0x0, &(0x7f0000003740)=[{&(0x7f00000000c0)="4789d3aefc1a4d03345aed327be33c", 0xf}], 0x1, 0x0, 0x0, 0x20000000}], 0x1, 0x20040894) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_SET_LBT_MODE(r1, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x0, 0x300, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x4841}, 0x90) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="540000000002010400000000000000000200000524000280140001800800010000000000080002"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x40) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000002500090122bd7008f9ffffff0200000008003e00ffffffff0800030047"], 0x2c}, 0x1, 0x0, 0x0, 0x1000c957}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20010840) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)}, 0x8040) 1m17.978408657s ago: executing program 3 (id=1099): r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @private1, 0x2010}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000002200)=[{{0x0, 0xf5, 0x0}}], 0x40000000000027f, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000000)={'hsr0\x00', 0x2}) 1m17.860375943s ago: executing program 1 (id=1101): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) ioctl$XFS_IOC_FSGROWFSLOG(r1, 0x4008586f, &(0x7f0000000000)={0xff, 0x4}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c0001800600060065580000100002800c00068008"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) sendmmsg$alg(r1, &(0x7f0000000b80)=[{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000002c0)="d1baa48a06c51febfbbcced7babadf4af1", 0x11}, {&(0x7f0000000300)="e74c7dde2532a07642f8f03d619a5b48e4595c", 0x13}, {&(0x7f0000000340)="299ff1d6695753ef24dac2de5283e6450224284416280c49c0c8d176e2aeb61ed9d0b9d3d8a7a8974c56f9823bb37e42d64d0b5e195e9370088cb96314d295bbb29f9deecaf9b118843c311e2114bef0261b958bef07bde6f8b7bd1d3f264689e4b398a86fcfad432d80f144db554c15cdae9f14d4f83710792b270bf3fa58", 0x7f}, {&(0x7f0000000680)="326078b30e57da329659859615e899632ec08712a07a3c7c28525556a95ebc8253e3386d3f14d6e324dcd86e5d265c87a70cf5bd810954c3ec8dd5129c25b13c6bc41890ebe3f017d0bbe3da9cb78c8630df4dad2ef968c78480f6bcb79bf36966a74237e65f2cb07285232a44cc9580c53667b28450577bb2c592216e73cfdd33250ccb8c1e671491a910395fb2c325a17d1ffe057f37a8b66d555d95e6b91b9b2815a0bce613a967d89097322448ea5e38aa75564b641f2b8bcc4f7a001c936ab7b5ab8123da570e7ef2", 0xcb}], 0x4, &(0x7f0000000780)=[@iv={0x100, 0x117, 0x2, 0xe5, "32b5d8236e4cdcd3e0579b1a8499fbce2b4e9b573bc70fb3bb09278d8f6089ad65084773010bac3bc36f196fbff63b45245a020ff7e8aa77e4704595a53a9cde3d62c15b3470a8c03226f2cdf57904e9aefa6b460ac7660651611b12597d5b4fc0295b5274cec1789cd60d83b3fc7a86dde61e57a031a843ed7673239b5b0d2f9eba9f2808413aa243c044f4f3f4d918c4acf88ddedb9a0f555ab919c7b26ae7b2c2f385d77ef8cf955fa5d5f72a4f4f1bca9b09da0daff652131d138bf0692644741f11cbab375f292456ef2ba96181a354c1f4364883665a2d1fb48ca504c8eb39e65b61"}, @op={0x18, 0x117, 0x3, 0x1}, @iv={0x18}, @assoc={0x18, 0x117, 0x4, 0x10000}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18, 0x117, 0x3, 0x1}], 0x178, 0x4040004}, {0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000900)="26643de11da9c23fe4545be5170499869669c045665f1a5c850cb1dec058042f7676ee5c450d01995f82ee721883a10d8bb605014744d88ba93614dae071a2c6e146e4e3f4100e90d9b5b7523fc185844577a8a4f60c1503be90d69e7ff5c00654f1232351629b8e5ad61d2fd1cb58b437e7ce132f678e6ea752c8f7023bd79328dad52d8d57229aa0d74d73c95b04ec65ac0417d54a064d1f1f02085cbba2d4a803bdcc327ed25b45d94ca45e9dfa3dcb64b042c5c75c2e3ed55f", 0xbb}, {&(0x7f00000009c0)="7bf34303c00d7cb2d940ce5183bb5dfecd035c17e5baa7f60bab0a2320468711e39f93b00758e981c13a0cf006ed6d021010ffcad86551f7aa8498258135adf1fd68c1a41c0536e0293b904d8f8800f1ff7c1084fa249b3845ea55851041f9c16b71162e9be48e51bd5207fa63fc43e0838ffcc6f1ef78d977b94f0b03114d6f9220ff7e47eecde2290a40825a8227bd45821d7d61687cf0de3adf750cf3194e75408d6c04370580ba7a0c0603d8aa2c3084756d61e3198ca8c0e95de615177b433d247c7c744ecc45cbd168adfd67aafb0aba1aa7cba69240d0940c1d573a306155", 0xe2}, {&(0x7f0000000ac0)="5d943099c7767b7177d61e333eabb68670c8ac04af416431ecd506e1e8b43f884b9ed3f6fbe8defd68443c85bfb387f7b40156cb9dedc7df6297f70e235d1530ac6d11ddbd6efda9f8c47fe179ff3886fe8338d0dd05a7f9e0fa1df963241dde6356ba1deef9b8374ce1e550278c179347ae9761cc905241c5d083575aaa303886c99f0030243be072b21330f135a2829ce192f6fbd5a310e95b8e4c2cf9ee480b66d765d1ae6651e07d0c20fcdd52f102758b537993484aa2cb36786be6", 0xbe}], 0x3, &(0x7f00000004c0)=[@op={0x18}], 0x18, 0x800}], 0x2, 0x8000) socket$nl_audit(0x10, 0x3, 0x9) sendmsg$alg(r1, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x890}, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nbd(&(0x7f00000026c0), r3) pipe(&(0x7f0000000040)) ioctl$XFS_IOC_PATH_TO_HANDLE(r0, 0xc0385869, &(0x7f0000000240)={r1, &(0x7f0000000c00)='\aB\xd7\xd0\xfe\x99\xb9\x88\xce\xf3*}\xc4\xb8&W\xee\x02\x01\x00\x00\b\x00\x00\x00\x00\x9e\xfd\x9c\xdb\xb5\"\x19\x86K^]\x18\xbf\xb4\xa7\xcc\xf7%\xb5j\xaa4WWM\x1a\xf1l\x97$\x880\xce\xd9\xd8\xd3d;^\x86_\x93\x02\xb8.\xbb\x18\xcf\x82R\xb8\xb3-A\x9dM\xb0\xd5\x00\xa3\x1c\xcf\xae\x99\x89\xb4\x85\v#\xf0kt::\xa9\xbd\x9b\xe3s\xcfb-\x06\xf6s_\xfc\xddp\x05\x05\xb3fT\x8a|\xbc\x04\xb8|U\x94\x16\xb6QKX~\xf5Z\xc5\xc7\xd5_\xa3+\xb2\xe9\\\xc3Y\xbb9/\\\xd8\x93*M$\x10\xfa\x87\xd70\x1e\x13\r\x9e\xc4\x9d\x86\xb3q\x8f\xeb\xdf|\xd5K\vSE\x81g\x83\x96\xb3\xc4\xa2=\xfal\x1d\xa2\xcc\x02\xeb\xdc\x90~\xecl', 0x41a880, &(0x7f00000000c0)={@align=0x37d8, {0xb3, 0x0, 0x3, 0x5}}, 0x4, &(0x7f0000000100), &(0x7f00000001c0)=0xfffffff7}) sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000000000)={0x0, 0x41, &(0x7f00000027c0)={&(0x7f0000000280)={0x54, r4, 0x79964d8cba2f455d, 0xa070bd28, 0x25dfdbfe, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}, @NBD_ATTR_SOCKETS={0x28}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0xfffffffffffffff6}]}, 0x54}, 0x1, 0x0, 0x0, 0x4040005}, 0x20000000) recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000500)=""/229, 0xe5}], 0x1}}], 0x1, 0x60, 0x0) 1m17.815567109s ago: executing program 4 (id=1102): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@ipv4_getnexthop={0x28, 0x6a, 0x300, 0x70bd28, 0x25dfdbfd, {}, [@NHA_MASTER={0x8, 0xa, 0x2}, @NHA_MASTER={0x8, 0xa, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x20048840}, 0x800) ioctl$sock_bt_hci(r0, 0x400448cb, &(0x7f00000012c0)) 1m17.509571307s ago: executing program 4 (id=1105): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_timeval(r0, 0x1, 0x43, &(0x7f00000001c0)={0x0, 0x2710}, 0x10) r1 = socket$kcm(0x1e, 0x1, 0x0) sendmsg$kcm(r1, &(0x7f0000000540)={&(0x7f0000000280)=@tipc=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x80, 0x0}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r3, 0x1, 0x0, 0x0, {{}, {0x0, 0x6}, {0x14}}}, 0x30}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'erspan0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=@newlink={0x40, 0x10, 0xc3b, 0x0, 0x0, {0x0, 0x0, 0x0, r6}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_SPORT={0x6}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8054}, 0x0) sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0) 1m17.480679189s ago: executing program 3 (id=1106): r0 = socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000f80)=@broute={'broute\x00', 0x20, 0x6, 0x90, [0x2000000000, 0x0, 0x0, 0x0, 0x0, 0x2000000005c0], 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000004000000ffffffff00"/144]}, 0x108) (async) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="3000000076000d0b000000080000000003c00e0000000000080001000100000008000a0000000000080005"], 0x30}}, 0x0) (async) r2 = accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @empty}, &(0x7f00000000c0)=0x10, 0x0) (async) r3 = socket$inet(0x2, 0x2, 0x1) ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000440)={0x0, {0x2, 0x4e24, @multicast2}, {0x2, 0x4e21, @loopback}, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x43}}, 0x14, 0x0, 0x0, 0x0, 0x7, &(0x7f00000000c0)='bridge0\x00', 0x0, 0x3ff, 0x400}) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) 1m17.382057732s ago: executing program 1 (id=1108): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000500)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr=0x64010102, @local}, {{0x4001, 0x880b, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x16, 0x16, &(0x7f0000000f40)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000150400003d0301000000000095000f00000000006926000000000000bf67000000000000450700000fff070035060000f0000000170600000ee50014bf250000000000005d670000000000006507000006000000070500004c0001000f75000000000000bf54000000000000070400000400f9ff2d4401000000000095000000000000000500000000000000950007000000000001722fabb733a0e757c7c45402000000a2d23da04d1ffc187f9955911aa1a2ba7ba030c7267c2de00435fd253cc0f0d9b2c3127c46b0f4f95345de3188f0d808398d09ee4dc258d726eae098804de25df627a64ab8efde50fd7f1d58d67e684c45e506598bae66ea1a7cd29032de94983dfab0e5043daf1b46bef5135c65377bdbe65d525743d88ef4b2ee62652b07e8a4b6e6155cecc13a5ddf4157f2bfab7201112a30274101fceee66eca91bd5fecb254ab358488c400330171128be291297947d474c570a385a44dd9ff4ae730ae9d0ae42d8814a8c96f101df7da839bcdd7b7c33c8cfe74d599543ac604d8dd42fc66cdb79cd09ceeedce1e69f11967919f82b0276c90420d08897ee8514b43533f07132589a0a37110fd8571b1e69251bba35cd06c8bd430aafbecfd33757b7dc4803123e9107e5cceaec2a391f9b9b577295ac3864f6c1e30e6190a055953e18bedd1859acdd15af7209d15950f9195b401e74f8b5210e28d46dde2658b4695d9ac9ce7cbefc164a5454fc4da6104db281e18a8992b9f8c82b895da647e6ea4cb622314c5c48abfd620adf7757c23a31a619edcfb45a402c5fced05e5274e08a313d6c5fdd0a8d36b1a268056e6f7e9a6daa5632cda5ad2a9ebfac980c7db63137c226f71b7eb70c174d885232e522aad0f13b0e5b43d837d040f813d0115387e36f092d9aaafe7afc637d3d107451f4854613cfd43ac63ad6141ddb0311b8c96fef49af414e49be7c23b2e8eb686fbcdd2dab4cbdb02e30e4e1a6c25b2791facac56e4c5dc036c8d80e5c7c206d24603be75850927e02fd4eea168681498d1170478408c43bb90d9df3964b64fee41745f6785419ac8de8788398e3653f34970988866043136ada4771bf8d96eeb0f565d626a3e9089"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x253, 0x10, &(0x7f0000000000), 0x19f, 0x0, 0xffffffffffffffff, 0xffffffffffffff74}, 0x48) sendmsg$nl_route(r2, &(0x7f0000002240)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x40}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000002c0)={0x38, r3, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}]}, 0x38}}, 0x4008008) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=@mpls_delroute={0x30, 0x18, 0x9, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1}, [@RTA_VIA={0x14, 0x12, {0x0, "853c1c9341b05be66feefda4e4b7"}}]}, 0x30}}, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x1c, r3, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000011}, 0x4000810) 1m17.129219118s ago: executing program 3 (id=1111): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$OCFS2_IOC_RESVSP64(r0, 0x4030582a, &(0x7f0000000000)={0x2, 0x2, 0x10001, 0x100000001, 0xfffffff8, 0x1}) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) recvmmsg(r2, &(0x7f0000003840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=ANY=[@ANYBLOB="500000001800010000000000000000000ae0"], 0x50}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f0000000140)={0x0, 'macsec0\x00', {0x2}, 0x80}) 1m17.12885815s ago: executing program 4 (id=1112): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r2, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r2, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10) bind$tipc(r2, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x20000003}}}, 0x10) bind$tipc(r2, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001c80)=@newqdisc={0x64, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x7, 0x1, 0x1, 0x40, 0x4255, 0x4}, {0x80, 0xa382b932ee83be1b, 0x1, 0x8, 0x1ff, 0x5}, 0x1, 0x80000000, 0x1b39}}, @TCA_TBF_RATE64={0xc, 0x4, 0xe8eb9bca25e8f4c7}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4c080}, 0x0) 1m17.070277776s ago: executing program 1 (id=1113): r0 = socket$inet6(0xa, 0x2, 0x3a) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e23, @remote}]}, &(0x7f0000000180)=0x10) r5 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000001c0)={r6, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xd4}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x85, &(0x7f0000000000)={r4, @in={{0x2, 0x4e23, @remote}}, 0x0, 0x7ffe}, 0x90) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000080)={@mcast1, r2}, 0x14) sendto$inet6(r0, &(0x7f0000000000)="800037bbfa9ba1ce", 0x8, 0x48840, &(0x7f0000001100)={0xa, 0x0, 0x2000000, @local, 0x8}, 0x1c) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000140)={'ip6tnl0\x00', r2, 0x2f, 0x3, 0x4, 0x8, 0x40, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, 0x7, 0x10, 0x5, 0x9}}) 1m16.872502113s ago: executing program 4 (id=1115): r0 = socket(0x2, 0x80805, 0x0) (async, rerun: 64) r1 = socket$can_bcm(0x1d, 0x2, 0x2) (rerun: 64) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10) (async) sendmsg$can_bcm(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0) sendmsg$can_bcm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0x1, 0x0, 0xc063, {}, {}, {}, 0x1, @can={{0x2}, 0x23, 0x3, 0x0, 0x0, "ae771958a0cb06cc"}}, 0x48}}, 0x20000000) (async) sendmmsg(r0, &(0x7f0000000c80)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @remote}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000080)=']', 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="30000000000000008400009399d8eafd434533039814000100000059766fe282f0381b5cc7a195cb5ade0d64bc2d9ad3"], 0x30}}], 0x2, 0x0) 1m16.783908429s ago: executing program 3 (id=1118): socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$can_bcm(0x1d, 0x2, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000000)) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x0) socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000002640)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000340)="b2", 0x1}], 0x1, &(0x7f00000006c0)=ANY=[@ANYBLOB="14"], 0x18, 0x8800}}], 0x1, 0x40001) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket$igmp(0x2, 0x3, 0x2) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x1b, 0x0, &(0x7f0000000200)="083972bdb3a605c4c1188e9986dd02ff4284860186ddba71f16b7d", 0x0, 0x40c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30000000}, 0x50) socket$nl_generic(0x10, 0x3, 0x10) 1m16.715852053s ago: executing program 1 (id=1119): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x8000, 0x25d7dbfb, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0x6, 0xffff}, {0x10, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x2, 0x8, 0x8, 0x8, 0x81}, 0x103, 0x0, 0x7, 0x7, 0x7, 0xa, 0x12, 0x6, 0x7, 0x3, {0x3, 0x2, 0x3, 0x35db, 0x2, 0x6}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x40188c0}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newtfilter={0x14c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x9, 0xa}, {}, {0xfff1, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x118, 0x2, [@TCA_MATCHALL_ACT={0x114, 0x2, [@m_connmark={0x110, 0x1e, 0x0, 0x0, {{0xd}, {0x90, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7f, 0x4d0235f0, 0x1, 0xd, 0x8001}, 0x4}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x86, 0x5, 0xffffffffcffffff1, 0x0, 0x3}, 0x3}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x80000000, 0x6, 0x4, 0x0, 0xb62f}, 0x5}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xfffffffe, 0xc0000, 0x2, 0x800, 0xe52}, 0xfffa}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x100, 0xe, 0x1, 0xffffff5d, 0xffff0dcc}, 0xd34}}]}, {0x52, 0x6, "ba9cbad5fc8a096f5c384b72c23d6e4f3c97cfd2304dd83b1b558532419ba7e70266083e365446eaf65f9a485956472c0967ec76cf2164b278fec8b4640528e47733de27d46e4dd4f20fdf142008"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) close(0xffffffffffffffff) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r7 = socket$kcm(0x11, 0x3, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000c80)={'lo\x00'}) sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@getqdisc={0x2c, 0x26, 0x10, 0x70bd26, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x2, 0xfff1}, {0xfff2, 0xe}, {0xfff2, 0x1}}, [{0x4}, {0x4}]}, 0x2c}}, 0x0) setsockopt$sock_attach_bpf(r7, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r7, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r6, 0xc}, 0x47, &(0x7f0000000000)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf", 0x22}, {&(0x7f0000000c00)="4307ed2e", 0x4}], 0x2}, 0x4) r10 = socket$inet6_sctp(0xa, 0x1, 0x84) r11 = socket(0x2d, 0x2, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r11, 0x84, 0x70, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r10, 0x8933, 0x0) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0) getsockname$inet(r12, &(0x7f0000000040)={0x2, 0x0, @local}, &(0x7f00000000c0)=0x10) ioctl$FS_IOC_RESVSP(r12, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x10000, 0x6}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_merged\x00', 0x275a, 0x0) 1m16.552641576s ago: executing program 3 (id=1121): syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x31}}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000280)=@gcm_256={{0x303}, "1afc7c14d332bcc6", "a9ba0c85d68723369f51322151d9f41aaa2832bb07cc1e49ad714beac6f1ade8", "49960d8f", "bff2a81527ae4190"}, 0x38) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200), r1) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7000fbdbdf25010000000c00020000000000000000001c0007801800018008000100", @ANYBLOB="04"], 0x3c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r3, 0x0, 0x20000000002) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000020a010200000000000000000a0000060900010073797a310000000008000240000000018c000000020a010100000000000000000000000369000600e62807258a6d38caf4cb1d7a776a7a05e57912414e63207c5e61d47bb4016b21bd5593b033b0968722f2f0f4818a1a13fbb43e79d0ae674d071c0164df9d3701cc15211300766b6ebe326ada9e49cca5c2a07460e46e35eabfb48a4cd2cd83790d7e705b010000000900010073797a31000000001c000000090a030000000000000000000a0000e107000c"], 0xf8}, 0x1, 0x0, 0x0, 0x2000c814}, 0x4000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000004000ffff0900010073797a30000000000900020073797a3100000000140003800800014000000000"], 0x138}, 0x1, 0x0, 0x0, 0x20040855}, 0x0) r4 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd0002800800"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @random="429e82211cf8", @void, {@ipv6={0x86dd, @generic={0xa, 0x6, "7abd6a", 0x0, 0x67, 0x1, @private0, @mcast2}}}}, 0x0) 1m16.437522749s ago: executing program 1 (id=1123): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r3, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @loopback}, @in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}], 0x2c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r3, 0x84, 0x65, &(0x7f0000000580)=[@in6={0xa, 0x0, 0x0, @private0}], 0x1c) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@gettfilter={0x2c, 0x2e, 0x1, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0xc, 0xc}, {0x0, 0xfff1}, {0xfff2, 0x2}}, [{0x8, 0xb, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x4041080) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r1, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_AUTORATE={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40004}, 0x0) ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000000)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xab}]}, &(0x7f00000000c0)='GPL\x00'}, 0x90) 1m16.316321853s ago: executing program 4 (id=1126): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f00000017c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x19}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='L)\x00\x00', @ANYRES16=r3, @ANYRES64=r2], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0xe}, {&(0x7f00000006c0)="55f774cfc00468e1d538005e0cfca64dda7798d6991372b0cfe0448d9f0eda412cf37d602c4776ba2227eab5ae2aa15b13517f52386bdc18a288b95ea1", 0x3d}], 0x2) 1m1.434605161s ago: executing program 32 (id=1121): syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x31}}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000280)=@gcm_256={{0x303}, "1afc7c14d332bcc6", "a9ba0c85d68723369f51322151d9f41aaa2832bb07cc1e49ad714beac6f1ade8", "49960d8f", "bff2a81527ae4190"}, 0x38) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200), r1) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7000fbdbdf25010000000c00020000000000000000001c0007801800018008000100", @ANYBLOB="04"], 0x3c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r3, 0x0, 0x20000000002) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000020a010200000000000000000a0000060900010073797a310000000008000240000000018c000000020a010100000000000000000000000369000600e62807258a6d38caf4cb1d7a776a7a05e57912414e63207c5e61d47bb4016b21bd5593b033b0968722f2f0f4818a1a13fbb43e79d0ae674d071c0164df9d3701cc15211300766b6ebe326ada9e49cca5c2a07460e46e35eabfb48a4cd2cd83790d7e705b010000000900010073797a31000000001c000000090a030000000000000000000a0000e107000c"], 0xf8}, 0x1, 0x0, 0x0, 0x2000c814}, 0x4000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000004000ffff0900010073797a30000000000900020073797a3100000000140003800800014000000000"], 0x138}, 0x1, 0x0, 0x0, 0x20040855}, 0x0) r4 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd0002800800"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @random="429e82211cf8", @void, {@ipv6={0x86dd, @generic={0xa, 0x6, "7abd6a", 0x0, 0x67, 0x1, @private0, @mcast2}}}}, 0x0) 1m0.335923937s ago: executing program 33 (id=1123): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r3, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @loopback}, @in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}], 0x2c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r3, 0x84, 0x65, &(0x7f0000000580)=[@in6={0xa, 0x0, 0x0, @private0}], 0x1c) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@gettfilter={0x2c, 0x2e, 0x1, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0xc, 0xc}, {0x0, 0xfff1}, {0xfff2, 0x2}}, [{0x8, 0xb, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x4041080) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r1, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_AUTORATE={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40004}, 0x0) ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000000)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xab}]}, &(0x7f00000000c0)='GPL\x00'}, 0x90) 1m0.284396177s ago: executing program 34 (id=1126): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f00000017c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x19}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='L)\x00\x00', @ANYRES16=r3, @ANYRES64=r2], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0xe}, {&(0x7f00000006c0)="55f774cfc00468e1d538005e0cfca64dda7798d6991372b0cfe0448d9f0eda412cf37d602c4776ba2227eab5ae2aa15b13517f52386bdc18a288b95ea1", 0x3d}], 0x2) 15.47352182s ago: executing program 6 (id=1200): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10) 14.93804s ago: executing program 6 (id=1204): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000440)={0x3, 0xb}, 0x2) bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) 13.829300797s ago: executing program 6 (id=1211): socket$netlink(0x10, 0x3, 0x827d89cbb23b5b53) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) r1 = socket$inet6(0xa, 0x3, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, 0x0, 0x0) connect$inet6(r1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', 0x0}) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000280)={r2, 0x2, 0x6, @local}, 0x6b) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_ifreq(0xffffffffffffffff, 0x8990, 0x0) setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x28000}, 0xc, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r3, &(0x7f0000000000)="2d000000010001", 0x7) 9.548041898s ago: executing program 6 (id=1214): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x1}], 0x1) r2 = accept4$unix(r0, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f0000003380)=[{&(0x7f0000000140)=""/120, 0x78}, {&(0x7f0000000040)=""/40, 0x28}, {&(0x7f0000003300)=""/107, 0x6b}], 0x3}}], 0x3fffffffffffed8, 0x2, 0x0) 8.911829175s ago: executing program 5 (id=1219): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$kcm(0x11, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_NAT={0x8, 0xb, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) 7.484458368s ago: executing program 0 (id=1225): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b40)=@newlink={0x34, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054) 5.640144554s ago: executing program 0 (id=1229): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0xfffffffffffffe01, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a5c000000060a0b04000000000000000002000000300004802c0001800b00010074617267657400001c000280090001004d41524b000000000400030008000240000000000900010073797a30000000000900020073797a3200"], 0x84}}, 0x0) 5.09338688s ago: executing program 7 (id=1231): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4ea3, 0x10, @mcast2, 0x3}, 0x1c) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a48000000030a210200000000000000000a0000050900030073797a30000000000900010073797a3100000000080007006e6174001400048008000140000000030800024054dd5e5414000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9584, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 5.076475793s ago: executing program 2 (id=1232): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, 0x0) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000140)={0x48, r1, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x16c}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}]}, 0x48}}, 0x20000000) 4.685097676s ago: executing program 5 (id=1233): unshare(0x400) r0 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_tcp_int(r0, 0x11e, 0x3, 0x0, &(0x7f0000000000)) 4.634331109s ago: executing program 0 (id=1234): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000100)={0x18, 0x0, {0x4, @local, 'ip_vti0\x00'}}, 0x1e) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x4, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xd}, 'veth0_to_batadv\x00'}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x71228}, [@IFLA_MTU={0x8, 0x4, 0x81}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x4004090) 4.332145815s ago: executing program 5 (id=1235): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000080)="2e9b5b0007e03dd65193dfb6c575963f86dd", 0x12}], 0x1) 3.288512182s ago: executing program 0 (id=1236): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70ad2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f00000022c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000030000006a0af2fe000000008500000009000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989425f5d0b79f6584d0416d7c4bb9f547b328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f01000000010000006e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b98d2de10c21d3ea02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d000000200008000000000000001abc11c800000000000000000000000928ee53595a779d243a48cea769470424d20a04c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2c4af38ffb7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0eb3280e09758bd445ab91d20baca005472b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92fe8bad99ca332af00f191b66b6a6f732a91f0e2e9190e4b448da7de018c58e950767f9b320be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c52573d9308a13d115b43f8b1894c8fa8a14dc4810f61ae96bf704526a8919bc700002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381ccc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73cfd1e76982f3d899f71e495f0ba8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e4a48dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f00000021f8547d393dabe616fbbde21c90be00b5a22671395c7a69c6dd4d022ffc97ddb6aa025131652d409da1d8cfc3d219d4b1c1b7b8170d7c33d91db2b73f7ae02485a209a2474b5d0790d05c01bec623056e4d3f4d3149373a28b26a15a1fcce73d57e6eaf7e6f315fe275ebc9ef7aeca277dde01dde724f419803a2172a7833ceab38d21ca4f1dea5e1f4d8824167b21dd289dd4e6ecfba9e163bdbc48e1e758ecde05c10809c9edfa6d77c652fd742e6dad13d2a397bebe3ea8bc087d3720e2202f36c7719ae34f042e19dc08a3323a3d94098a7ec171469352bab1662c3e4d4803c565cfcce32dad628fade43a4844abb230ce608726fd87e93c405a96cf638c41510f26e9da5f316"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newtfilter={0x38, 0x2c, 0xd3f, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_bpf={{0x8}, {0xc, 0x2, [@TCA_BPF_FD={0x8, 0x6, r4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0) 3.288207436s ago: executing program 7 (id=1237): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000140)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$sock_buf(r1, 0x1, 0x19, 0x0, &(0x7f0000000280)) 3.168376079s ago: executing program 2 (id=1238): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd7000000000000200000008000300", @ANYRES32=r2, @ANYBLOB="0c0099004100000060000000080026009a030000080027"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0) 2.665700198s ago: executing program 2 (id=1239): r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f00000006c0)=[{{&(0x7f0000000080)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0xfffffffc}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)="24c2", 0x2}], 0x1}}], 0x2, 0x2000c8c0) syz_emit_ethernet(0x46, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000280)="93", 0x1}], 0x1}}], 0x1, 0x40) 2.593052489s ago: executing program 7 (id=1240): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='hybla', 0x5) sendmmsg$inet(r0, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91f8a9848519def38491bbc4173c3c6f357d0272b7319130feaab952ac4703ca", 0x20}, {&(0x7f0000000e80)="44900000000056ee66c372f3105eb186dd8062fad2d5b5bfb0ba06f274a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9aff7f1e7db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61d442035db81e18c2d2462d0bb25fff9d3b1ce90b597992b2a4d541611ce77f58dce7c9500118229e7cdf4ca7f6adca92c73d97ce54164c1942b2568635bec8e020b41fb2f8000000000000000000000000000000001c8a9f7956583e26f6f0edc415851d0b8305fe66c2b7c114e3712d87744938848f24a13cb604000000000000000000000000000000c7aa5035897b20a6c23f1fc4af2990c07f784b985a3de7740bd33848702930", 0x122}, {&(0x7f00000001c0)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c48b", 0x73}], 0x3}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000fc0)="31fdffffffffffffff74098b2e5e55a1828636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea382294882839a22674037b8910bd8a1420e33eb1be6d10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba999d89d0c5d7c9c8c569334e9547e1e343b451d9025c4e153612d4674b9411fb4de29559900bcb388d291aa839ab0954e6a8dfc19c3c1533a11d81e03a487b0d736f1caacc2bbf1194598a652677efb930a5b6ee292c57402e0", 0xdb}], 0x1}}], 0x2, 0x2090) 2.509353439s ago: executing program 5 (id=1241): r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0) write$tcp_congestion(r0, &(0x7f00000001c0)='lp\x00', 0x3) 2.106154379s ago: executing program 7 (id=1242): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x30, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x6}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x1}, @NFQA_CFG_PARAMS={0x9, 0x2, {0x1, 0x5}}]}, 0x30}}, 0x0) 1.960401187s ago: executing program 2 (id=1243): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4c, &(0x7f0000000000)=0x7f, 0x49) 1.9396594s ago: executing program 0 (id=1244): socket$tipc(0x1e, 0x2, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xc, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x3e8, 0xe80, 0x0, &(0x7f0000000000)="c1df07000000d30a298ee68886dd87", 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 1.825672046s ago: executing program 5 (id=1245): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000380)=@delqdisc={0x434, 0x25, 0x100, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xd, 0xf}, {0xa, 0x7}, {0x0, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x408, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x3, 0xfffffff8, 0x4, 0x40, 0x2, 0x2, 0x5, 0x7fff, 0x4, 0x1, 0x6, 0x1c8, 0x7, 0x0, 0x5, 0x1, 0x8, 0x9, 0x9, 0x9, 0xf9, 0x200, 0x1, 0x5, 0x6, 0xfff, 0x9, 0x1, 0x80, 0x10000, 0x0, 0x6, 0xff, 0x4, 0x6, 0x9, 0xe6c1, 0x2, 0x65, 0x6, 0x5, 0x71, 0x1f146d7e, 0x80000001, 0x89, 0xe9, 0x80000001, 0x2, 0xff, 0x8, 0xffff8dc2, 0x400, 0x0, 0x2, 0xffff, 0x10001, 0x3ff, 0x0, 0x8, 0xa000000, 0x0, 0x5, 0x8, 0x3, 0x4, 0x401, 0x5, 0x8, 0x4ad1, 0x1, 0x25b1, 0x5, 0xfff, 0x0, 0xe, 0xffffffff, 0x7, 0x5, 0x3ff, 0xfff, 0x8, 0xf, 0x0, 0x4, 0x626cfd3b, 0x0, 0x60df8662, 0x2, 0x5, 0x4, 0xc6, 0x8, 0x7, 0xfffffffa, 0x9, 0x4, 0xffffffff, 0xa80, 0x0, 0x7, 0x2, 0xffff8000, 0xff, 0x8, 0x7, 0xc, 0xfdc1, 0x77f, 0x4, 0xfffffff0, 0x4, 0x7fff, 0x1000, 0x1, 0x1f1f, 0x3, 0x665195e5, 0x5, 0x7, 0x5, 0x8, 0x7, 0x4, 0x800, 0x101, 0x400, 0x2, 0x6, 0xd, 0x9, 0x7, 0xc5, 0x99, 0x4, 0x2e9, 0x4, 0x3, 0x401, 0xfffffffe, 0x7, 0x80000000, 0x8, 0x0, 0x4, 0x37, 0x4, 0x31, 0x2, 0x2, 0x3, 0x6, 0x1, 0x690c, 0x368d, 0x9, 0x2, 0xe, 0x8, 0x5, 0x5597, 0x3, 0x4, 0x7fff, 0x62, 0xf6, 0x5, 0x0, 0x7fffffff, 0xd, 0x9, 0x2, 0x100, 0x6, 0x101, 0x5, 0x2, 0x3, 0x4, 0xfc8d, 0x8, 0x3ff, 0x3, 0x0, 0x3, 0x5, 0x9, 0x5, 0x8000, 0x1, 0x7, 0x20000, 0x4, 0x2, 0x9f85, 0x65, 0x4, 0x0, 0x7ff, 0x4, 0x6, 0x7, 0xd92, 0x40, 0xfff, 0xe1, 0x8, 0x426, 0x5, 0x9, 0x1, 0x1000, 0x9, 0x36ae765f, 0x401, 0x9, 0x200000, 0x3, 0x4, 0x5, 0x0, 0x89, 0x5, 0x80000000, 0x9c4, 0x1, 0x41632842, 0x6, 0x10, 0x2, 0x8001, 0x5, 0x100, 0x8, 0x9, 0xfe64, 0xd, 0x1c2, 0x2, 0x6, 0x2, 0x80000001, 0xa, 0x6, 0xfffffffc, 0x5, 0x3, 0x7f, 0x8001, 0x5, 0x3, 0x6, 0x8001, 0x10001, 0x5, 0x4, 0x7]}]}}]}, 0x434}, 0x1, 0x0, 0x0, 0x40000}, 0x8010) unshare(0x20000400) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 1.44848385s ago: executing program 7 (id=1246): sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, 0x0, 0x10, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x5, &(0x7f0000000d80)=ANY=[@ANYRESOCT], &(0x7f0000000140)='GPL\x00'}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000020000000c000000001466bfdac3c37dd5273545b9193c412d42832b1bc897a82f6f0b95c99bcf82e5ef1a49736b94ceead334e440a96111d5713c3408ca3de393208c"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10805}, 0x44049) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 1.343903996s ago: executing program 2 (id=1247): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48815}, 0xc000) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b36, &(0x7f0000000000)={'wlan0\x00'}) 1.34072526s ago: executing program 5 (id=1248): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) r0 = socket(0x8, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x61d9, 0x0) 544.218293ms ago: executing program 7 (id=1249): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b30599980bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000780)=""/174, 0xae}, {&(0x7f0000000500)=""/247, 0xf7}, {&(0x7f0000003e00)=""/4050, 0xfd2}, {&(0x7f0000002dc0)=""/4115, 0x1013}, {&(0x7f00000002c0)=""/113, 0x71}, {&(0x7f0000000000)=""/21, 0x15}, {&(0x7f0000000340)=""/51, 0x33}], 0x7}, 0x20) 543.956447ms ago: executing program 0 (id=1250): r0 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="7400000010003704030000000300000000000000", @ANYRES32=r1, @ANYBLOB="0b1b050000000000540012800b00010069703667726500004400028008000100", @ANYRES32=r1, @ANYBLOB="14000600fe8000000000000000000000000000bb14000700fe"], 0x74}, 0x1, 0x0, 0x0, 0x48800}, 0x4000010) 543.806513ms ago: executing program 2 (id=1251): syz_emit_ethernet(0x32, 0x0, 0x0) socket(0x2, 0x80805, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x3, 0xfd}, 0x8) write$rfkill(r0, &(0x7f0000000340)={0x6, 0x8, 0x3, 0x0, 0x3}, 0x8) 476.480988ms ago: executing program 6 (id=1252): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="20000000170a0103000000000000000002"], 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) 0s ago: executing program 6 (id=1253): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, 0x2, 0x3, 0x101, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x19}, @NFQA_CFG_PARAMS={0x9, 0x2, {0x3, 0x2}}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x6}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x6}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x37}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) ioctl$BTRFS_IOC_QUOTA_RESCAN(0xffffffffffffffff, 0x4040942c, &(0x7f0000000140)={0x0, 0xc21f, [0x6, 0x5, 0x8, 0x0, 0x68b5]}) ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000180)={0x0, 0x7fffffffffffffff, 0x1, [0x2, 0x7, 0x9, 0x9, 0xde], [0x9, 0xb329, 0x1000, 0x7, 0x5, 0xa, 0x4, 0xe970, 0x771, 0x9f, 0xcdc0, 0x9, 0x1, 0x10001, 0xefcf, 0xb13, 0x54, 0x3, 0xffff, 0x7fff, 0x9673, 0x6, 0xffffffffffffa59b, 0x7, 0x3, 0x8, 0x0, 0xd6f9, 0x4, 0x100000000, 0x0, 0x6, 0xbe40, 0x501, 0x7fffffffffffffff, 0x0, 0x5, 0x38, 0xe, 0xfe8, 0x101, 0x0, 0x6, 0xcbad, 0x0, 0x4, 0xe4e0, 0x2, 0x60000000, 0x2, 0x100000000, 0x98a, 0x6, 0x1, 0x7, 0x3, 0x1, 0x8001, 0x200, 0xa71, 0xe, 0x3, 0xfffffffeffffffff, 0xffff, 0x9, 0x5, 0x6, 0x8000, 0x83, 0x0, 0x9, 0x29, 0x4, 0x8000000000000001, 0x84a, 0x80000001, 0x8, 0x200, 0x8, 0x9, 0x4, 0x1ff, 0x9, 0x3, 0x8, 0x8fc0, 0x9, 0xffffffffffffffff, 0x0, 0x7f, 0x8, 0x53, 0x1, 0x8000000000000001, 0xfffffffffffffffc, 0x4, 0xfffffffffffffff9, 0x2, 0x6, 0x3, 0xfffffffffffffffb, 0x2, 0x9, 0x7ff, 0xffffffff, 0x1, 0x8000000000000001, 0xfffffffffffffffd, 0x1, 0x5, 0x1, 0xe, 0x3, 0x5, 0x2, 0x7, 0x5, 0x1, 0x6, 0x28f201bf, 0x5]}) ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f00000005c0)={r1, "b03e193f3dab751ae8f1cc1420db2291"}) r2 = accept4$inet(0xffffffffffffffff, &(0x7f00000015c0)={0x2, 0x0, @local}, &(0x7f0000001600)=0x10, 0x80000) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000001640)={'team0\x00', 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001680)={{{@in=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in=@empty}}, &(0x7f0000001780)=0xe8) setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000017c0)={{{@in=@multicast1, @in=@multicast1, 0x4e24, 0x0, 0x4e21, 0xff0, 0xa, 0x80, 0x80, 0x11, r3, r5}, {0x8001, 0x962, 0x101, 0x7, 0x9, 0x81, 0x5, 0x7}, {0x1, 0x800, 0xfffffffffffffff8, 0xfffffffffffffffd}, 0x5, 0x6e6bbd, 0x2, 0x0, 0x3, 0x2}, {{@in6=@empty, 0x4d6, 0x6c}, 0x2, @in=@rand_addr=0x64010101, 0x3505, 0x0, 0x3, 0x1, 0x76f, 0x8001}}, 0xe8) connect$netlink(r0, &(0x7f00000018c0)=@proc={0x10, 0x0, 0x25dfdbfe, 0x8000000}, 0xc) ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r2, 0x4048587b, &(0x7f0000001ac0)={{r2, &(0x7f0000001900)='team0\x00', 0x411441, &(0x7f0000001940)={@_ha_fsid={[0x1, 0x2]}, {0x1, 0x1, 0x7b, 0x2d}}, 0xc, &(0x7f0000001980), &(0x7f00000019c0)=0x8}, 0x1, &(0x7f0000001a80)=[{0x3, 0x8, 0x0, 0x0, 0x0, 0x22}]}) sendmsg$ETHTOOL_MSG_COALESCE_GET(r6, &(0x7f0000001d40)={&(0x7f0000001b40)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000001d00)={&(0x7f0000001bc0)={0xe0, 0x0, 0x0, 0x70bd26, 0x25dfdbfb, {}, [@HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x4}]}, 0xe0}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) sendmsg$DEVLINK_CMD_RATE_NEW(r6, &(0x7f0000001f80)={&(0x7f0000001d80)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0xc094}, 0x840) socket$kcm(0x29, 0x2, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000002240)={&(0x7f0000001fc0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000002200)={&(0x7f0000002000)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x3, 0x0, 0x0, {0x4, 0x0, 0x5}, @NFT_OBJECT_QUOTA=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}}, @NFT_MSG_DELFLOWTABLE={0x38, 0x18, 0xa, 0x801, 0x0, 0x0, {0x0, 0x0, 0x5}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x707, 0x0, 0x0, {0x7, 0x0, 0x9}, @NFT_OBJECT_QUOTA=@NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}}, @NFT_MSG_NEWSETELEM={0x20, 0xc, 0xa, 0x201, 0x0, 0x0, {0x4}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_CHAIN_HOOK={0xc, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x7ad02e3b}]}]}, @NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x5, 0x0, 0x0, {0xf, 0x0, 0x5}}, @NFT_MSG_NEWFLOWTABLE={0x14, 0x16, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x3}}, @NFT_MSG_NEWOBJ={0x34, 0x12, 0xa, 0x0, 0x0, 0x0, {0x2, 0x0, 0x8}, @NFT_OBJECT_TUNNEL=@NFTA_OBJ_DATA={0x20, 0x4, 0x0, 0x1, [@NFTA_TUNNEL_KEY_DPORT={0x6, 0x8, 0x1, 0x0, 0x4e23}, @NFTA_TUNNEL_KEY_DPORT={0x6, 0x8, 0x1, 0x0, 0x4e23}, @NFTA_TUNNEL_KEY_IP6={0x4}, @NFTA_TUNNEL_KEY_SPORT={0x6, 0x7, 0x1, 0x0, 0x4e22}]}}, @NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x150}, 0x1, 0x0, 0x0, 0xc011}, 0x20000000) kernel console output (not intermixed with test programs): family 0 port 8472 - 0 [ 99.561887][ T6210] netlink: 8 bytes leftover after parsing attributes in process `syz.2.84'. [ 99.573429][ T6210] netlink: 12 bytes leftover after parsing attributes in process `syz.2.84'. [ 99.587452][ T6213] netlink: 'syz.3.85': attribute type 11 has an invalid length. [ 99.596126][ T6213] netlink: 199828 bytes leftover after parsing attributes in process `syz.3.85'. [ 99.613460][ T12] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 99.631579][ T12] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 99.677333][ T12] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 100.086519][ T6234] net_ratelimit: 11 callbacks suppressed [ 100.086538][ T6234] openvswitch: netlink: Flow key attr not present in new flow. [ 100.413047][ T12] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 100.427208][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 100.466519][ T12] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 100.511999][ T12] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 100.555144][ T12] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 100.588088][ T6251] syzkaller0: entered promiscuous mode [ 100.593652][ T6251] syzkaller0: entered allmulticast mode [ 100.849654][ T6274] netlink: 'syz.4.105': attribute type 1 has an invalid length. [ 100.951840][ T6274] nftables ruleset with unbound chain [ 101.476338][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 101.484515][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 101.890701][ T6333] xt_hashlimit: max too large, truncated to 1048576 [ 102.241124][ T6351] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 102.469370][ T6374] netlink: 'syz.2.131': attribute type 5 has an invalid length. [ 102.507003][ T5971] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 102.859191][ T6393] rdma_op ffff8880330b91f0 conn xmit_rdma 0000000000000000 [ 103.028134][ T6397] bridge_slave_0: left allmulticast mode [ 103.046437][ T6397] bridge_slave_0: left promiscuous mode [ 103.066417][ T6397] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.112570][ T6397] bridge_slave_1: left allmulticast mode [ 103.118962][ T6397] bridge_slave_1: left promiscuous mode [ 103.125019][ T6397] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.142552][ T6397] bond0: (slave bond_slave_0): Releasing backup interface [ 103.166507][ T6397] bond0: (slave bond_slave_1): Releasing backup interface [ 103.201402][ T6397] team0: Port device team_slave_0 removed [ 103.229906][ T6397] team0: Port device team_slave_1 removed [ 103.247701][ T6397] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 103.262398][ T6397] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 103.273076][ T6397] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 103.283210][ T6397] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 103.293523][ T6397] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 103.561435][ T6412] bridge2: entered promiscuous mode [ 103.569206][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 103.583917][ T6412] bridge2: entered allmulticast mode [ 103.638475][ T6412] team0: Port device bridge2 added [ 103.655189][ T6416] bridge0: port 3(team0) entered blocking state [ 103.663786][ T6416] bridge0: port 3(team0) entered disabled state [ 103.687224][ T6416] team0: entered allmulticast mode [ 103.699275][ T6416] team_slave_0: entered allmulticast mode [ 103.712393][ T6416] team_slave_1: entered allmulticast mode [ 103.730478][ T6416] team0: entered promiscuous mode [ 103.735691][ T6416] team_slave_0: entered promiscuous mode [ 103.742634][ T6416] team_slave_1: entered promiscuous mode [ 103.751115][ T6416] bridge0: port 3(team0) entered blocking state [ 103.757831][ T6416] bridge0: port 3(team0) entered forwarding state [ 103.864320][ T6429] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 103.873367][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 103.905877][ T6428] __nla_validate_parse: 28 callbacks suppressed [ 103.905900][ T6428] netlink: 28 bytes leftover after parsing attributes in process `syz.0.148'. [ 103.940310][ T6428] netlink: 28 bytes leftover after parsing attributes in process `syz.0.148'. [ 103.989659][ T6435] netlink: 108 bytes leftover after parsing attributes in process `syz.1.150'. [ 104.019645][ T6437] netlink: 4 bytes leftover after parsing attributes in process `syz.4.149'. [ 104.174023][ T6442] netlink: 8 bytes leftover after parsing attributes in process `syz.2.151'. [ 104.206282][ T6442] netlink: 12 bytes leftover after parsing attributes in process `syz.2.151'. [ 104.228732][ T6447] netlink: 4 bytes leftover after parsing attributes in process `syz.3.152'. [ 104.238898][ T6446] netlink: 4 bytes leftover after parsing attributes in process `syz.1.154'. [ 104.249098][ T6442] netlink: 8 bytes leftover after parsing attributes in process `syz.2.151'. [ 104.271869][ T6442] netlink: 12 bytes leftover after parsing attributes in process `syz.2.151'. [ 104.782624][ T6467] pimreg: entered allmulticast mode [ 104.819805][ T6472] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 104.987439][ T6478] bond1: (slave vlan0): Enslaving as a backup interface with an up link [ 105.252684][ T6501] netlink: 'syz.3.170': attribute type 2 has an invalid length. [ 105.627265][ T24] net_ratelimit: 6 callbacks suppressed [ 105.627285][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 105.684253][ T6523] openvswitch: netlink: IP tunnel dst address not specified [ 105.771831][ T6525] Bluetooth: MGMT ver 1.23 [ 105.897275][ T6525] syz.2.177 (6525) used greatest stack depth: 17472 bytes left [ 106.130371][ T6543] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 106.189753][ T6543] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 106.393292][ T6557] netlink: 'syz.0.188': attribute type 16 has an invalid length. [ 106.402656][ T6557] netlink: 'syz.0.188': attribute type 17 has an invalid length. [ 106.434993][ T6557] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 106.597216][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 106.668203][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.236695][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.416627][ T6607] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.425502][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.563772][ T6609] can: request_module (can-proto-0) failed. [ 107.697137][ T5838] block nbd0: Receive control failed (result -32) [ 108.331985][ T6655] Driver unsupported XDP return value 0 on prog (id 37) dev N/A, expect packet loss! [ 108.368057][ T6657] netlink: 'syz.4.216': attribute type 17 has an invalid length. [ 108.412325][ T6657] xt_hashlimit: max too large, truncated to 1048576 [ 108.581876][ T6627] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 108.676597][ T6668] netlink: 'syz.0.219': attribute type 1 has an invalid length. [ 108.713167][ T6668] netlink: 'syz.0.219': attribute type 2 has an invalid length. [ 108.760538][ T6668] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.768704][ T6668] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.905307][ T6668] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 108.941438][ T6668] bond1: (slave lo): Enslaving as an active interface with an up link [ 109.628547][ T6717] x_tables: duplicate underflow at hook 1 [ 109.748277][ T6726] __nla_validate_parse: 23 callbacks suppressed [ 109.748299][ T6726] netlink: 244 bytes leftover after parsing attributes in process `syz.0.238'. [ 109.793472][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 109.925122][ T6733] netlink: 28 bytes leftover after parsing attributes in process `syz.2.242'. [ 109.957984][ T6736] netlink: 16 bytes leftover after parsing attributes in process `syz.1.240'. [ 109.999675][ T6738] netlink: 'syz.4.241': attribute type 1 has an invalid length. [ 110.103082][ T6738] 8021q: adding VLAN 0 to HW filter on device bond1 [ 110.160464][ T6745] netlink: 'syz.2.244': attribute type 11 has an invalid length. [ 110.549079][ T6761] netlink: 'syz.4.251': attribute type 1 has an invalid length. [ 110.616138][ T6761] 8021q: adding VLAN 0 to HW filter on device bond2 [ 110.664784][ T6771] 8021q: adding VLAN 0 to HW filter on device bond2 [ 110.673172][ T6771] bond2: (slave gre1): The slave device specified does not support setting the MAC address [ 110.687263][ T6771] bond2: (slave gre1): Error -95 calling set_mac_address [ 110.722776][ T6766] netlink: 4 bytes leftover after parsing attributes in process `syz.3.253'. [ 110.736078][ T6766] netlink: 8 bytes leftover after parsing attributes in process `syz.3.253'. [ 110.770198][ T6761] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 110.778156][ T6761] bond2: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 110.943968][ T6783] netlink: 244 bytes leftover after parsing attributes in process `syz.1.255'. [ 111.098563][ T5886] IPVS: starting estimator thread 0... [ 111.234103][ T6791] IPVS: using max 25 ests per chain, 60000 per kthread [ 111.549795][ T6811] netlink: 4 bytes leftover after parsing attributes in process `syz.2.266'. [ 111.581573][ T6815] netlink: 16166 bytes leftover after parsing attributes in process `syz.0.267'. [ 111.956650][ T6828] netlink: 4 bytes leftover after parsing attributes in process `syz.4.272'. [ 112.012757][ T6832] netlink: 4 bytes leftover after parsing attributes in process `syz.4.272'. [ 112.332271][ T6853] netlink: 'syz.3.281': attribute type 1 has an invalid length. [ 112.630271][ T6869] vcan0: entered allmulticast mode [ 112.792624][ T6881] net_ratelimit: 5 callbacks suppressed [ 112.792648][ T6881] netlink: Unknown conntrack attr (type=2304, max=9) [ 112.907312][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 112.915975][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 112.924437][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 112.932884][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 113.143056][ T6896] ieee802154 phy0 wpan0: encryption failed: -22 [ 113.303540][ T6908] netlink: 'syz.4.299': attribute type 30 has an invalid length. [ 113.387404][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 113.395867][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 113.405203][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 113.413744][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 116.027121][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 116.137655][ T6895] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 116.552030][ T6958] __nla_validate_parse: 52 callbacks suppressed [ 116.552050][ T6958] netlink: 244 bytes leftover after parsing attributes in process `syz.4.312'. [ 116.580089][ T6955] syzkaller0: entered promiscuous mode [ 116.585730][ T6955] syzkaller0: entered allmulticast mode [ 116.765357][ T6965] netlink: 'syz.2.315': attribute type 1 has an invalid length. [ 116.791126][ T6965] netlink: 4 bytes leftover after parsing attributes in process `syz.2.315'. [ 116.864248][ T6969] netlink: 40 bytes leftover after parsing attributes in process `syz.3.316'. [ 116.874798][ T6965] netlink: 4 bytes leftover after parsing attributes in process `syz.2.315'. [ 117.196492][ T6989] FAULT_INJECTION: forcing a failure. [ 117.196492][ T6989] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 117.215752][ T6989] CPU: 0 UID: 0 PID: 6989 Comm: syz.2.322 Not tainted syzkaller #0 PREEMPT(full) [ 117.215785][ T6989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 117.215809][ T6989] Call Trace: [ 117.215817][ T6989] [ 117.215826][ T6989] dump_stack_lvl+0xe8/0x150 [ 117.215868][ T6989] should_fail_ex+0x412/0x560 [ 117.215896][ T6989] _copy_from_iter+0x1d3/0x1670 [ 117.215924][ T6989] ? rcu_is_watching+0x15/0xb0 [ 117.215954][ T6989] ? __pfx__copy_from_iter+0x10/0x10 [ 117.215985][ T6989] ? netlink_sendmsg+0x650/0xb40 [ 117.216010][ T6989] ? skb_put+0x11b/0x210 [ 117.216039][ T6989] netlink_sendmsg+0x6c0/0xb40 [ 117.216071][ T6989] ? __pfx_netlink_sendmsg+0x10/0x10 [ 117.216098][ T6989] ? aa_sock_msg_perm+0xf1/0x1b0 [ 117.216122][ T6989] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 117.216145][ T6989] ____sys_sendmsg+0x972/0x9f0 [ 117.216169][ T6989] ? __pfx_____sys_sendmsg+0x10/0x10 [ 117.216194][ T6989] ? import_iovec+0x73/0xa0 [ 117.216224][ T6989] ___sys_sendmsg+0x2a5/0x360 [ 117.216246][ T6989] ? __pfx____sys_sendmsg+0x10/0x10 [ 117.216291][ T6989] ? __fget_files+0x2a/0x420 [ 117.216317][ T6989] ? __fget_files+0x3a0/0x420 [ 117.216353][ T6989] __x64_sys_sendmsg+0x1bd/0x2a0 [ 117.216374][ T6989] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 117.216399][ T6989] ? __pfx_ksys_write+0x10/0x10 [ 117.216428][ T6989] do_syscall_64+0x14d/0xf80 [ 117.216444][ T6989] ? trace_irq_disable+0x3b/0x150 [ 117.216471][ T6989] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.216489][ T6989] ? clear_bhb_loop+0x40/0x90 [ 117.216510][ T6989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.216527][ T6989] RIP: 0033:0x7f83cc39c799 [ 117.216548][ T6989] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 117.216562][ T6989] RSP: 002b:00007f83cd244028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 117.216588][ T6989] RAX: ffffffffffffffda RBX: 00007f83cc615fa0 RCX: 00007f83cc39c799 [ 117.216601][ T6989] RDX: 0000000004000090 RSI: 00002000000009c0 RDI: 0000000000000004 [ 117.216612][ T6989] RBP: 00007f83cd244090 R08: 0000000000000000 R09: 0000000000000000 [ 117.216622][ T6989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.216632][ T6989] R13: 00007f83cc616038 R14: 00007f83cc615fa0 R15: 00007fff7f422c18 [ 117.216659][ T6989] [ 117.629991][ T7003] FAULT_INJECTION: forcing a failure. [ 117.629991][ T7003] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 117.682573][ T7003] CPU: 0 UID: 0 PID: 7003 Comm: syz.2.326 Not tainted syzkaller #0 PREEMPT(full) [ 117.682603][ T7003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 117.682617][ T7003] Call Trace: [ 117.682625][ T7003] [ 117.682634][ T7003] dump_stack_lvl+0xe8/0x150 [ 117.682670][ T7003] should_fail_ex+0x412/0x560 [ 117.682713][ T7003] _copy_from_user+0x2d/0xb0 [ 117.682749][ T7003] do_sock_getsockopt+0x165/0x3f0 [ 117.682786][ T7003] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 117.682821][ T7003] ? __fget_files+0x3a0/0x420 [ 117.682852][ T7003] ? __fget_files+0x2a/0x420 [ 117.682890][ T7003] __x64_sys_getsockopt+0x1a4/0x240 [ 117.682934][ T7003] do_syscall_64+0x14d/0xf80 [ 117.682954][ T7003] ? trace_irq_disable+0x3b/0x150 [ 117.682984][ T7003] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.683006][ T7003] ? clear_bhb_loop+0x40/0x90 [ 117.683033][ T7003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.683054][ T7003] RIP: 0033:0x7f83cc39c799 [ 117.683074][ T7003] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 117.683093][ T7003] RSP: 002b:00007f83cd244028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 117.683115][ T7003] RAX: ffffffffffffffda RBX: 00007f83cc615fa0 RCX: 00007f83cc39c799 [ 117.683131][ T7003] RDX: 000000000000000e RSI: 0000000000000084 RDI: 0000000000000003 [ 117.683143][ T7003] RBP: 00007f83cd244090 R08: 0000200000000200 R09: 0000000000000000 [ 117.683156][ T7003] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001 [ 117.683169][ T7003] R13: 00007f83cc616038 R14: 00007f83cc615fa0 R15: 00007fff7f422c18 [ 117.683203][ T7003] [ 118.114483][ T7019] netlink: 4 bytes leftover after parsing attributes in process `syz.0.331'. [ 118.131373][ T7019] netlink: 4 bytes leftover after parsing attributes in process `syz.0.331'. [ 118.160103][ T29] IPVS: starting estimator thread 0... [ 118.176075][ T7021] netlink: 4 bytes leftover after parsing attributes in process `syz.1.332'. [ 118.189887][ T7019] netlink: 'syz.0.331': attribute type 3 has an invalid length. [ 118.218614][ T7027] Cannot find add_set index 2 as target [ 118.256941][ T7023] IPVS: using max 33 ests per chain, 79200 per kthread [ 118.270910][ T7021] net_ratelimit: 4 callbacks suppressed [ 118.270930][ T7021] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 118.379061][ T7030] netlink: 332 bytes leftover after parsing attributes in process `syz.0.335'. [ 118.838627][ T7051] FAULT_INJECTION: forcing a failure. [ 118.838627][ T7051] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 118.885375][ T7051] CPU: 0 UID: 0 PID: 7051 Comm: syz.1.339 Not tainted syzkaller #0 PREEMPT(full) [ 118.885403][ T7051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 118.885415][ T7051] Call Trace: [ 118.885423][ T7051] [ 118.885433][ T7051] dump_stack_lvl+0xe8/0x150 [ 118.885467][ T7051] should_fail_ex+0x412/0x560 [ 118.885499][ T7051] _copy_from_user+0x2d/0xb0 [ 118.885534][ T7051] sctp_getsockopt_sctp_status+0x10c/0xad0 [ 118.885565][ T7051] ? __pfx_sctp_getsockopt_sctp_status+0x10/0x10 [ 118.885612][ T7051] ? sctp_getsockopt+0x12f/0xb90 [ 118.885645][ T7051] ? __local_bh_enable_ip+0xd0/0x130 [ 118.885676][ T7051] sctp_getsockopt+0x65e/0xb90 [ 118.885705][ T7051] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 118.885735][ T7051] do_sock_getsockopt+0x2d3/0x3f0 [ 118.885771][ T7051] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 118.885805][ T7051] ? __fget_files+0x3a0/0x420 [ 118.885835][ T7051] ? __fget_files+0x2a/0x420 [ 118.885874][ T7051] __x64_sys_getsockopt+0x1a4/0x240 [ 118.885918][ T7051] do_syscall_64+0x14d/0xf80 [ 118.885938][ T7051] ? trace_irq_disable+0x3b/0x150 [ 118.885968][ T7051] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.885990][ T7051] ? clear_bhb_loop+0x40/0x90 [ 118.886017][ T7051] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.886038][ T7051] RIP: 0033:0x7fe87ef9c799 [ 118.886058][ T7051] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 118.886075][ T7051] RSP: 002b:00007fe87ff13028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 118.886098][ T7051] RAX: ffffffffffffffda RBX: 00007fe87f216090 RCX: 00007fe87ef9c799 [ 118.886113][ T7051] RDX: 000000000000000e RSI: 0000000000000084 RDI: 0000000000000003 [ 118.886126][ T7051] RBP: 00007fe87ff13090 R08: 0000200000000200 R09: 0000000000000000 [ 118.886140][ T7051] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001 [ 118.886152][ T7051] R13: 00007fe87f216128 R14: 00007fe87f216090 R15: 00007ffcd9dbb548 [ 118.886188][ T7051] [ 119.147070][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 119.155539][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 119.164086][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 119.172517][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 119.180965][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 119.254717][ T7057] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 119.476072][ T7069] netlink: 32 bytes leftover after parsing attributes in process `syz.3.345'. [ 119.718078][ T7079] netlink: 36 bytes leftover after parsing attributes in process `syz.3.350'. [ 120.077827][ T7093] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 120.103616][ T7072] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 120.129157][ T7072] netlink: 'syz.0.348': attribute type 4 has an invalid length. [ 120.176961][ T7096] ieee802154 phy0 wpan0: encryption failed: -22 [ 120.595175][ T7113] FAULT_INJECTION: forcing a failure. [ 120.595175][ T7113] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 120.610500][ T7113] CPU: 1 UID: 0 PID: 7113 Comm: syz.0.361 Not tainted syzkaller #0 PREEMPT(full) [ 120.610530][ T7113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 120.610543][ T7113] Call Trace: [ 120.610552][ T7113] [ 120.610561][ T7113] dump_stack_lvl+0xe8/0x150 [ 120.610597][ T7113] should_fail_ex+0x412/0x560 [ 120.610631][ T7113] _copy_to_user+0x31/0xb0 [ 120.610654][ T7113] simple_read_from_buffer+0xe1/0x170 [ 120.610689][ T7113] proc_fail_nth_read+0x1bb/0x230 [ 120.610724][ T7113] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 120.610758][ T7113] ? rw_verify_area+0x2a6/0x4d0 [ 120.610779][ T7113] ? reacquire_held_locks+0x104/0x190 [ 120.610809][ T7113] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 120.610842][ T7113] vfs_read+0x20c/0xa70 [ 120.610862][ T7113] ? fdget_pos+0x246/0x320 [ 120.610898][ T7113] ? __pfx___mutex_lock+0x10/0x10 [ 120.610921][ T7113] ? __pfx_vfs_read+0x10/0x10 [ 120.610944][ T7113] ? __fget_files+0x2a/0x420 [ 120.610980][ T7113] ? __fget_files+0x3a0/0x420 [ 120.611010][ T7113] ? __fget_files+0x2a/0x420 [ 120.611058][ T7113] ksys_read+0x150/0x270 [ 120.611083][ T7113] ? __pfx_ksys_read+0x10/0x10 [ 120.611103][ T7113] ? fput+0xa0/0xd0 [ 120.611145][ T7113] do_syscall_64+0x14d/0xf80 [ 120.611164][ T7113] ? trace_irq_disable+0x3b/0x150 [ 120.611195][ T7113] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.611231][ T7113] ? clear_bhb_loop+0x40/0x90 [ 120.611258][ T7113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.611279][ T7113] RIP: 0033:0x7fa943f5cfce [ 120.611299][ T7113] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 120.611316][ T7113] RSP: 002b:00007fa944ec1fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 120.611338][ T7113] RAX: ffffffffffffffda RBX: 00007fa944ec26c0 RCX: 00007fa943f5cfce [ 120.611354][ T7113] RDX: 000000000000000f RSI: 00007fa944ec20a0 RDI: 0000000000000004 [ 120.611367][ T7113] RBP: 00007fa944ec2090 R08: 0000000000000000 R09: 0000000000000000 [ 120.611380][ T7113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.611391][ T7113] R13: 00007fa944216128 R14: 00007fa944216090 R15: 00007ffeaf3a5798 [ 120.611426][ T7113] [ 120.871339][ T7116] netlink: 'syz.4.362': attribute type 1 has an invalid length. [ 121.069537][ T7123] bond3: (slave gretap1): making interface the new active one [ 121.128788][ T7123] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 121.186663][ T7136] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 121.446859][ T7139] bond2: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-xor(2) [ 121.528586][ T7139] bond2 (unregistering): Released all slaves [ 121.787975][ T7154] __nla_validate_parse: 3 callbacks suppressed [ 121.787996][ T7154] netlink: 8 bytes leftover after parsing attributes in process `syz.1.375'. [ 121.803430][ T7154] netlink: 4 bytes leftover after parsing attributes in process `syz.1.375'. [ 121.869934][ T7164] netlink: 244 bytes leftover after parsing attributes in process `syz.4.379'. [ 122.314613][ T7184] netlink: 152 bytes leftover after parsing attributes in process `syz.3.385'. [ 122.505536][ T7194] syzkaller0: entered promiscuous mode [ 122.536865][ T7194] syzkaller0: entered allmulticast mode [ 122.876704][ T7216] netlink: 12 bytes leftover after parsing attributes in process `syz.4.393'. [ 123.325114][ T7230] netlink: 244 bytes leftover after parsing attributes in process `syz.3.397'. [ 123.415742][ T7236] netlink: 'syz.0.398': attribute type 1 has an invalid length. [ 123.751107][ T7245] netlink: 104 bytes leftover after parsing attributes in process `syz.0.401'. [ 123.842395][ T7247] netlink: 16 bytes leftover after parsing attributes in process `syz.3.400'. [ 123.867514][ C1] net_ratelimit: 11 callbacks suppressed [ 123.867534][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 123.941390][ T7256] syz.0.403 uses old SIOCAX25GETINFO [ 124.098458][ T7260] syzkaller0: entered promiscuous mode [ 124.118431][ T7260] syzkaller0: entered allmulticast mode [ 124.223168][ T7267] netlink: 28 bytes leftover after parsing attributes in process `syz.4.406'. [ 124.242737][ T7267] netlink: 4 bytes leftover after parsing attributes in process `syz.4.406'. [ 124.380855][ T7273] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 124.623568][ T7286] FAULT_INJECTION: forcing a failure. [ 124.623568][ T7286] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 124.638025][ T7286] CPU: 0 UID: 0 PID: 7286 Comm: syz.1.409 Not tainted syzkaller #0 PREEMPT(full) [ 124.638053][ T7286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 124.638066][ T7286] Call Trace: [ 124.638074][ T7286] [ 124.638083][ T7286] dump_stack_lvl+0xe8/0x150 [ 124.638118][ T7286] should_fail_ex+0x412/0x560 [ 124.638150][ T7286] _copy_from_user+0x2d/0xb0 [ 124.638184][ T7286] ___sys_sendmsg+0x1c6/0x360 [ 124.638212][ T7286] ? __pfx____sys_sendmsg+0x10/0x10 [ 124.638271][ T7286] ? __fget_files+0x2a/0x420 [ 124.638308][ T7286] ? __fget_files+0x3a0/0x420 [ 124.638350][ T7286] __x64_sys_sendmsg+0x1bd/0x2a0 [ 124.638374][ T7286] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 124.638405][ T7286] ? __pfx_ksys_write+0x10/0x10 [ 124.638440][ T7286] do_syscall_64+0x14d/0xf80 [ 124.638460][ T7286] ? trace_irq_disable+0x3b/0x150 [ 124.638489][ T7286] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.638511][ T7286] ? clear_bhb_loop+0x40/0x90 [ 124.638537][ T7286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.638557][ T7286] RIP: 0033:0x7fe87ef9c799 [ 124.638577][ T7286] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 124.638594][ T7286] RSP: 002b:00007fe87ff34028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 124.638616][ T7286] RAX: ffffffffffffffda RBX: 00007fe87f215fa0 RCX: 00007fe87ef9c799 [ 124.638631][ T7286] RDX: 0000000000000000 RSI: 0000200000004340 RDI: 0000000000000005 [ 124.638644][ T7286] RBP: 00007fe87ff34090 R08: 0000000000000000 R09: 0000000000000000 [ 124.638656][ T7286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.638668][ T7286] R13: 00007fe87f216038 R14: 00007fe87f215fa0 R15: 00007ffcd9dbb548 [ 124.638702][ T7286] [ 125.049474][ T7307] pim6reg: entered allmulticast mode [ 125.319029][ T7322] openvswitch: netlink: IP tunnel dst address not specified [ 125.467110][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 125.475634][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 125.484096][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 125.492563][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 125.501004][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 125.509552][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 125.547596][ T7312] sctp: [Deprecated]: syz.2.420 (pid 7312) Use of struct sctp_assoc_value in delayed_ack socket option. [ 125.547596][ T7312] Use struct sctp_sack_info instead [ 125.691267][ T7332] xt_socket: unknown flags 0xe4 [ 125.836221][ T7332] dvmrp0: entered allmulticast mode [ 126.051349][ T7342] FAULT_INJECTION: forcing a failure. [ 126.051349][ T7342] name failslab, interval 1, probability 0, space 0, times 0 [ 126.098179][ T7342] CPU: 0 UID: 0 PID: 7342 Comm: syz.2.426 Not tainted syzkaller #0 PREEMPT(full) [ 126.098210][ T7342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 126.098223][ T7342] Call Trace: [ 126.098232][ T7342] [ 126.098242][ T7342] dump_stack_lvl+0xe8/0x150 [ 126.098278][ T7342] should_fail_ex+0x412/0x560 [ 126.098312][ T7342] should_failslab+0xa8/0x100 [ 126.098342][ T7342] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 126.098367][ T7342] ? __alloc_skb+0x186/0x7d0 [ 126.098396][ T7342] ? __alloc_skb+0x1d0/0x7d0 [ 126.098424][ T7342] ? __local_bh_enable_ip+0xd0/0x130 [ 126.098457][ T7342] __alloc_skb+0x1d0/0x7d0 [ 126.098487][ T7342] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 126.098517][ T7342] netlink_sendmsg+0x5d4/0xb40 [ 126.098558][ T7342] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.098590][ T7342] ? aa_sock_msg_perm+0xf1/0x1b0 [ 126.098619][ T7342] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 126.098646][ T7342] ____sys_sendmsg+0x972/0x9f0 [ 126.098678][ T7342] ? __pfx_____sys_sendmsg+0x10/0x10 [ 126.098709][ T7342] ? import_iovec+0x73/0xa0 [ 126.098746][ T7342] ___sys_sendmsg+0x2a5/0x360 [ 126.098774][ T7342] ? __pfx____sys_sendmsg+0x10/0x10 [ 126.098834][ T7342] ? __fget_files+0x2a/0x420 [ 126.098864][ T7342] ? __fget_files+0x3a0/0x420 [ 126.098906][ T7342] __x64_sys_sendmsg+0x1bd/0x2a0 [ 126.098931][ T7342] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 126.098963][ T7342] ? __pfx_ksys_write+0x10/0x10 [ 126.099000][ T7342] do_syscall_64+0x14d/0xf80 [ 126.099019][ T7342] ? trace_irq_disable+0x3b/0x150 [ 126.099050][ T7342] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.099072][ T7342] ? clear_bhb_loop+0x40/0x90 [ 126.099133][ T7342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.099154][ T7342] RIP: 0033:0x7f83cc39c799 [ 126.099175][ T7342] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 126.099192][ T7342] RSP: 002b:00007f83cd244028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 126.099215][ T7342] RAX: ffffffffffffffda RBX: 00007f83cc615fa0 RCX: 00007f83cc39c799 [ 126.099231][ T7342] RDX: 0000000000000000 RSI: 0000200000004340 RDI: 0000000000000005 [ 126.099244][ T7342] RBP: 00007f83cd244090 R08: 0000000000000000 R09: 0000000000000000 [ 126.099257][ T7342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 126.099269][ T7342] R13: 00007f83cc616038 R14: 00007f83cc615fa0 R15: 00007fff7f422c18 [ 126.099303][ T7342] [ 126.373436][ T7349] netlink: 'syz.1.431': attribute type 1 has an invalid length. [ 126.641292][ T7358] 8021q: VLANs not supported on ip6gre0 [ 126.997328][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 127.002131][ T7370] __nla_validate_parse: 9 callbacks suppressed [ 127.002192][ T7370] netlink: 8 bytes leftover after parsing attributes in process `syz.0.437'. [ 127.021370][ T7370] netlink: 12 bytes leftover after parsing attributes in process `syz.0.437'. [ 127.158892][ T7377] syzkaller1: entered promiscuous mode [ 127.164424][ T7377] syzkaller1: entered allmulticast mode [ 127.201897][ T7377] netlink: 4 bytes leftover after parsing attributes in process `syz.3.438'. [ 127.226900][ T7377] hsr_slave_0: left promiscuous mode [ 127.233448][ T7377] hsr_slave_1: left promiscuous mode [ 127.746004][ T7393] netlink: 20 bytes leftover after parsing attributes in process `syz.4.447'. [ 127.791841][ T7395] netlink: 212344 bytes leftover after parsing attributes in process `syz.3.446'. [ 127.857316][ T7394] netlink: 244 bytes leftover after parsing attributes in process `syz.0.448'. [ 127.899949][ T7397] netlink: 20 bytes leftover after parsing attributes in process `syz.4.447'. [ 127.978682][ T7393] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.447'. [ 128.261828][ T5901] udevd[5901]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 128.366065][ T7413] veth0_to_bond: entered allmulticast mode [ 128.590214][ T7427] netlink: 4 bytes leftover after parsing attributes in process `syz.0.452'. [ 128.766063][ T7432] FAULT_INJECTION: forcing a failure. [ 128.766063][ T7432] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 128.805032][ T7432] CPU: 1 UID: 0 PID: 7432 Comm: syz.2.457 Not tainted syzkaller #0 PREEMPT(full) [ 128.805062][ T7432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 128.805075][ T7432] Call Trace: [ 128.805083][ T7432] [ 128.805092][ T7432] dump_stack_lvl+0xe8/0x150 [ 128.805128][ T7432] should_fail_ex+0x412/0x560 [ 128.805162][ T7432] _copy_from_iter+0x1d3/0x1670 [ 128.805196][ T7432] ? rcu_is_watching+0x15/0xb0 [ 128.805233][ T7432] ? __pfx__copy_from_iter+0x10/0x10 [ 128.805271][ T7432] ? netlink_sendmsg+0x650/0xb40 [ 128.805299][ T7432] ? skb_put+0x11b/0x210 [ 128.805335][ T7432] netlink_sendmsg+0x6c0/0xb40 [ 128.805373][ T7432] ? __pfx_netlink_sendmsg+0x10/0x10 [ 128.805407][ T7432] ? aa_sock_msg_perm+0xf1/0x1b0 [ 128.805437][ T7432] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 128.805465][ T7432] ____sys_sendmsg+0x972/0x9f0 [ 128.805503][ T7432] ? __pfx_____sys_sendmsg+0x10/0x10 [ 128.805535][ T7432] ? import_iovec+0x73/0xa0 [ 128.805572][ T7432] ___sys_sendmsg+0x2a5/0x360 [ 128.805599][ T7432] ? __pfx____sys_sendmsg+0x10/0x10 [ 128.805659][ T7432] ? __fget_files+0x2a/0x420 [ 128.805689][ T7432] ? __fget_files+0x3a0/0x420 [ 128.805732][ T7432] __x64_sys_sendmsg+0x1bd/0x2a0 [ 128.805757][ T7432] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 128.805789][ T7432] ? __pfx_ksys_write+0x10/0x10 [ 128.805825][ T7432] do_syscall_64+0x14d/0xf80 [ 128.805845][ T7432] ? trace_irq_disable+0x3b/0x150 [ 128.805876][ T7432] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.805898][ T7432] ? clear_bhb_loop+0x40/0x90 [ 128.805924][ T7432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.805945][ T7432] RIP: 0033:0x7f83cc39c799 [ 128.805965][ T7432] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 128.805983][ T7432] RSP: 002b:00007f83cd244028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 128.806005][ T7432] RAX: ffffffffffffffda RBX: 00007f83cc615fa0 RCX: 00007f83cc39c799 [ 128.806021][ T7432] RDX: 0000000000000000 RSI: 0000200000004340 RDI: 0000000000000005 [ 128.806034][ T7432] RBP: 00007f83cd244090 R08: 0000000000000000 R09: 0000000000000000 [ 128.806047][ T7432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.806059][ T7432] R13: 00007f83cc616038 R14: 00007f83cc615fa0 R15: 00007fff7f422c18 [ 128.806093][ T7432] [ 129.071311][ T7436] net_ratelimit: 5 callbacks suppressed [ 129.071330][ T7436] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 129.217988][ T7438] netlink: 'syz.0.459': attribute type 21 has an invalid length. [ 129.276885][ T7438] netlink: 132 bytes leftover after parsing attributes in process `syz.0.459'. [ 129.417578][ T7442] netlink: 'syz.2.461': attribute type 5 has an invalid length. [ 129.514764][ T7448] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 129.523372][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 130.052942][ T7474] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 130.981336][ T7505] block nbd2: NBD_DISCONNECT [ 131.561258][ T7537] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 131.787057][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 131.795574][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 131.804054][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 131.812492][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 131.820941][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 132.140398][ T7555] __nla_validate_parse: 5 callbacks suppressed [ 132.140418][ T7555] netlink: 165 bytes leftover after parsing attributes in process `syz.2.487'. [ 132.248988][ T7565] x9: renamed from bridge_slave_0 (while UP) [ 132.658075][ T7576] netlink: 28 bytes leftover after parsing attributes in process `syz.3.492'. [ 132.834679][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.841279][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.873614][ T7592] netlink: 4 bytes leftover after parsing attributes in process `syz.4.496'. [ 132.980745][ T5825] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 133.049279][ T7601] veth1_macvtap: entered allmulticast mode [ 133.104195][ T5825] CPU: 0 UID: 0 PID: 5825 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 133.104226][ T5825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 133.104239][ T5825] Call Trace: [ 133.104247][ T5825] [ 133.104256][ T5825] dump_stack_lvl+0xe8/0x150 [ 133.104291][ T5825] dump_header+0xd3/0x4c0 [ 133.104320][ T5825] oom_kill_process+0x3ab/0x970 [ 133.104349][ T5825] out_of_memory+0x106c/0x1410 [ 133.104375][ T5825] ? __pfx___mutex_lock+0x10/0x10 [ 133.104405][ T5825] ? __pfx_out_of_memory+0x10/0x10 [ 133.104425][ T5825] ? do_raw_spin_unlock+0xf5/0x210 [ 133.104459][ T5825] try_charge_memcg+0xc53/0x1560 [ 133.104488][ T5825] ? __lock_acquire+0x6b5/0x2cf0 [ 133.104530][ T5825] ? __pfx_try_charge_memcg+0x10/0x10 [ 133.104552][ T5825] ? xa_load+0x60/0x210 [ 133.104584][ T5825] ? mem_cgroup_swapin_charge_folio+0x36/0x4d0 [ 133.104614][ T5825] ? mem_cgroup_swapin_charge_folio+0x36/0x4d0 [ 133.104644][ T5825] mem_cgroup_swapin_charge_folio+0x2e3/0x4d0 [ 133.104673][ T5825] __swap_cache_prepare_and_add+0x52a/0x700 [ 133.104734][ T5825] swap_cache_alloc_folio+0xf1/0x240 [ 133.104772][ T5825] swap_cluster_readahead+0x369/0x690 [ 133.104812][ T5825] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 133.104859][ T5825] ? get_vma_policy+0x27b/0x3c0 [ 133.104890][ T5825] swapin_readahead+0x196/0xc50 [ 133.104936][ T5825] ? __pfx_swapin_readahead+0x10/0x10 [ 133.104971][ T5825] ? swap_table_get+0x1e/0x260 [ 133.105000][ T5825] ? swap_table_get+0x1e/0x260 [ 133.105027][ T5825] ? swap_table_get+0x1e/0x260 [ 133.105058][ T5825] ? swap_table_get+0x216/0x260 [ 133.105094][ T5825] ? swap_cache_get_folio+0x513/0x520 [ 133.105132][ T5825] do_swap_page+0x56f/0x5a20 [ 133.105189][ T5825] ? do_swap_page+0x127/0x5a20 [ 133.105217][ T5825] ? __pfx_do_swap_page+0x10/0x10 [ 133.105245][ T5825] ? __pte_offset_map+0x1ae/0x240 [ 133.105282][ T5825] ? pte_offset_map_rw_nolock+0xea/0x160 [ 133.105319][ T5825] handle_mm_fault+0x12d2/0x3310 [ 133.105367][ T5825] ? handle_mm_fault+0xee/0x3310 [ 133.105408][ T5825] ? __pfx_handle_mm_fault+0x10/0x10 [ 133.105437][ T5825] ? lock_vma_under_rcu+0x45a/0x500 [ 133.105490][ T5825] do_user_addr_fault+0xa73/0x1340 [ 133.105526][ T5825] ? rcu_is_watching+0x15/0xb0 [ 133.105556][ T5825] ? trace_page_fault_user+0x84/0x210 [ 133.105587][ T5825] exc_page_fault+0x6a/0xc0 [ 133.105621][ T5825] asm_exc_page_fault+0x26/0x30 [ 133.105641][ T5825] RIP: 0033:0x7fa943f5cfce [ 133.105662][ T5825] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 133.105679][ T5825] RSP: 002b:00007ffeaf3a5a78 EFLAGS: 00010246 [ 133.105698][ T5825] RAX: 0000000000000000 RBX: 0000555587394500 RCX: 00007fa943f5cfce [ 133.105712][ T5825] RDX: 00007ffeaf3a5ad0 RSI: 0000000000000000 RDI: 0000000000000000 [ 133.105731][ T5825] RBP: 00007ffeaf3a5b3c R08: 0000000000000000 R09: 0000000000000000 [ 133.105744][ T5825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 133.105756][ T5825] R13: 00000000000927c0 R14: 000000000001ffdf R15: 00007ffeaf3a5b90 [ 133.105791][ T5825] [ 133.450936][ T5825] memory: usage 307200kB, limit 307200kB, failcnt 447 [ 133.457823][ T5825] memory+swap: usage 307400kB, limit 9007199254740988kB, failcnt 0 [ 133.465754][ T5825] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 133.473280][ T5825] Memory cgroup stats for /syz0: [ 133.473543][ T5825] cache 0 [ 133.481520][ T5825] rss 0 [ 133.484310][ T5825] rss_huge 0 [ 133.487578][ T5825] shmem 0 [ 133.491436][ T5825] mapped_file 0 [ 133.494943][ T5825] dirty 0 [ 133.498081][ T5825] writeback 0 [ 133.501413][ T5825] workingset_refault_anon 0 [ 133.505986][ T5825] workingset_refault_file 0 [ 133.510672][ T5825] swap 204800 [ 133.513987][ T5825] swapcached 204800 [ 133.517894][ T5825] pgpgin 12269 [ 133.521294][ T5825] pgpgout 12269 [ 133.524785][ T5825] pgfault 18170 [ 133.528325][ T5825] pgmajfault 3 [ 133.531730][ T5825] inactive_anon 0 [ 133.535392][ T5825] active_anon 0 [ 133.538933][ T5825] inactive_file 0 [ 133.542594][ T5825] active_file 0 [ 133.546080][ T5825] unevictable 0 [ 133.549720][ T5825] hierarchical_memory_limit 314572800 [ 133.555130][ T5825] hierarchical_memsw_limit 9223372036854771712 [ 133.561472][ T5825] total_cache 0 [ 133.564962][ T5825] total_rss 0 [ 133.568311][ T5825] total_rss_huge 0 [ 133.572058][ T5825] total_shmem 0 [ 133.575545][ T5825] total_mapped_file 0 [ 133.586099][ T5825] total_dirty 0 [ 133.596317][ T5825] total_writeback 0 [ 133.604448][ T5825] total_workingset_refault_anon 0 [ 133.609567][ T5825] total_workingset_refault_file 0 [ 133.614710][ T5825] total_swap 204800 [ 133.618605][ T5825] total_swapcached 204800 [ 133.622968][ T5825] total_pgpgin 12269 [ 133.627326][ T5825] total_pgpgout 12269 [ 133.631459][ T5825] total_pgfault 18170 [ 133.635467][ T5825] total_pgmajfault 3 [ 133.639414][ T5825] total_inactive_anon 0 [ 133.643594][ T5825] total_active_anon 0 [ 133.647645][ T5825] total_inactive_file 0 [ 133.651834][ T5825] total_active_file 0 [ 133.655836][ T5825] total_unevictable 0 [ 133.659907][ T5825] anon_cost 0 [ 133.663225][ T5825] file_cost 0 [ 133.666545][ T5825] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.471,pid=7477,uid=0 [ 133.683553][ T5825] Memory cgroup out of memory: Killed process 7477 (syz.0.471) total-vm:102420kB, anon-rss:1244kB, file-rss:23044kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 133.915027][ T7616] netlink: 4 bytes leftover after parsing attributes in process `syz.4.503'. [ 134.135001][ T7624] FAULT_INJECTION: forcing a failure. [ 134.135001][ T7624] name failslab, interval 1, probability 0, space 0, times 0 [ 134.187134][ T7624] CPU: 1 UID: 0 PID: 7624 Comm: syz.4.505 Not tainted syzkaller #0 PREEMPT(full) [ 134.187168][ T7624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 134.187181][ T7624] Call Trace: [ 134.187189][ T7624] [ 134.187198][ T7624] dump_stack_lvl+0xe8/0x150 [ 134.187234][ T7624] should_fail_ex+0x412/0x560 [ 134.187268][ T7624] should_failslab+0xa8/0x100 [ 134.187298][ T7624] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 134.187322][ T7624] ? __alloc_skb+0x186/0x7d0 [ 134.187351][ T7624] ? __alloc_skb+0x1d0/0x7d0 [ 134.187378][ T7624] ? __local_bh_enable_ip+0xd0/0x130 [ 134.187412][ T7624] __alloc_skb+0x1d0/0x7d0 [ 134.187442][ T7624] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 134.187472][ T7624] netlink_sendmsg+0x5d4/0xb40 [ 134.187513][ T7624] ? __pfx_netlink_sendmsg+0x10/0x10 [ 134.187553][ T7624] ? aa_sock_msg_perm+0xf1/0x1b0 [ 134.187583][ T7624] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 134.187611][ T7624] ____sys_sendmsg+0x972/0x9f0 [ 134.187642][ T7624] ? __pfx_____sys_sendmsg+0x10/0x10 [ 134.187674][ T7624] ? import_iovec+0x73/0xa0 [ 134.187711][ T7624] ___sys_sendmsg+0x2a5/0x360 [ 134.187739][ T7624] ? __pfx____sys_sendmsg+0x10/0x10 [ 134.187800][ T7624] ? __fget_files+0x2a/0x420 [ 134.187830][ T7624] ? __fget_files+0x3a0/0x420 [ 134.187872][ T7624] __x64_sys_sendmsg+0x1bd/0x2a0 [ 134.187897][ T7624] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 134.187930][ T7624] ? __pfx_ksys_write+0x10/0x10 [ 134.187966][ T7624] do_syscall_64+0x14d/0xf80 [ 134.187986][ T7624] ? trace_irq_disable+0x3b/0x150 [ 134.188016][ T7624] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.188038][ T7624] ? clear_bhb_loop+0x40/0x90 [ 134.188064][ T7624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.188085][ T7624] RIP: 0033:0x7f9bbab9c799 [ 134.188105][ T7624] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 134.188122][ T7624] RSP: 002b:00007f9bbb98a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 134.188145][ T7624] RAX: ffffffffffffffda RBX: 00007f9bbae15fa0 RCX: 00007f9bbab9c799 [ 134.188160][ T7624] RDX: 0000000000000000 RSI: 0000200000004340 RDI: 0000000000000003 [ 134.188173][ T7624] RBP: 00007f9bbb98a090 R08: 0000000000000000 R09: 0000000000000000 [ 134.188186][ T7624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 134.188197][ T7624] R13: 00007f9bbae16038 R14: 00007f9bbae15fa0 R15: 00007ffc04866078 [ 134.188232][ T7624] [ 134.636916][ T7630] net_ratelimit: 2 callbacks suppressed [ 134.636934][ T7630] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 134.792162][ T7636] syzkaller0: entered promiscuous mode [ 134.804075][ T7636] syzkaller0: entered allmulticast mode [ 134.987373][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 134.995937][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 135.004403][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 135.012850][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 135.021311][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 135.029770][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 135.038226][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 135.210927][ T7651] netlink: 4 bytes leftover after parsing attributes in process `syz.4.513'. [ 135.460425][ T7660] netlink: 256 bytes leftover after parsing attributes in process `syz.2.514'. [ 135.582371][ T7660] syzkaller1: entered promiscuous mode [ 135.613752][ T7660] syzkaller1: entered allmulticast mode [ 135.693767][ T7660] netlink: 8 bytes leftover after parsing attributes in process `syz.2.514'. [ 135.798318][ T7670] netlink: 40 bytes leftover after parsing attributes in process `syz.1.516'. [ 136.239597][ T7683] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 136.266857][ T7683] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.544656][ T7683] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 136.560256][ T7683] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.704137][ T7683] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 136.728912][ T7683] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.819314][ T7706] netlink: 4 bytes leftover after parsing attributes in process `syz.0.527'. [ 137.022256][ T7683] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 137.039900][ T7683] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.263009][ T7720] pim6reg: entered allmulticast mode [ 137.533497][ T36] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.564236][ T36] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.656887][ T36] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.695700][ T36] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.857009][ T80] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.872816][ T80] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.947394][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 138.053463][ T80] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 138.069803][ T80] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.116522][ T7750] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 138.187692][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 138.255425][ T7750] bond1: (slave lo): Enslaving as an active interface with an up link [ 138.309451][ T7766] netlink: 4 bytes leftover after parsing attributes in process `syz.0.544'. [ 138.594614][ T7781] netlink: 12 bytes leftover after parsing attributes in process `syz.3.548'. [ 138.825692][ T7787] netlink: 1196 bytes leftover after parsing attributes in process `syz.0.550'. [ 139.045843][ T7794] FAULT_INJECTION: forcing a failure. [ 139.045843][ T7794] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 139.111231][ T7794] CPU: 1 UID: 0 PID: 7794 Comm: syz.1.552 Not tainted syzkaller #0 PREEMPT(full) [ 139.111260][ T7794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 139.111273][ T7794] Call Trace: [ 139.111281][ T7794] [ 139.111290][ T7794] dump_stack_lvl+0xe8/0x150 [ 139.111326][ T7794] should_fail_ex+0x412/0x560 [ 139.111360][ T7794] _copy_from_user+0x2d/0xb0 [ 139.111395][ T7794] ___sys_sendmsg+0x1c6/0x360 [ 139.111432][ T7794] ? __pfx____sys_sendmsg+0x10/0x10 [ 139.111492][ T7794] ? __fget_files+0x2a/0x420 [ 139.111524][ T7794] ? __fget_files+0x3a0/0x420 [ 139.111566][ T7794] __x64_sys_sendmsg+0x1bd/0x2a0 [ 139.111591][ T7794] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 139.111623][ T7794] ? __pfx_ksys_write+0x10/0x10 [ 139.111659][ T7794] do_syscall_64+0x14d/0xf80 [ 139.111679][ T7794] ? trace_irq_disable+0x3b/0x150 [ 139.111710][ T7794] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.111731][ T7794] ? clear_bhb_loop+0x40/0x90 [ 139.111758][ T7794] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.111779][ T7794] RIP: 0033:0x7fe87ef9c799 [ 139.111798][ T7794] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 139.111816][ T7794] RSP: 002b:00007fe87ff34028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 139.111838][ T7794] RAX: ffffffffffffffda RBX: 00007fe87f215fa0 RCX: 00007fe87ef9c799 [ 139.111853][ T7794] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000004 [ 139.111866][ T7794] RBP: 00007fe87ff34090 R08: 0000000000000000 R09: 0000000000000000 [ 139.111878][ T7794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 139.111890][ T7794] R13: 00007fe87f216038 R14: 00007fe87f215fa0 R15: 00007ffcd9dbb548 [ 139.111923][ T7794] [ 139.534490][ T7803] netlink: 'syz.1.556': attribute type 64 has an invalid length. [ 139.576889][ T7803] netlink: 5 bytes leftover after parsing attributes in process `syz.1.556'. [ 139.851566][ T7826] netlink: 4 bytes leftover after parsing attributes in process `syz.1.560'. [ 140.855966][ T7852] netlink: 28 bytes leftover after parsing attributes in process `syz.0.567'. [ 140.985479][ T7848] bond1: Unable to set down delay as MII monitoring is disabled [ 141.106402][ T7859] netlink: 12 bytes leftover after parsing attributes in process `syz.4.572'. [ 141.298355][ T7848] bond1 (unregistering): Released all slaves [ 141.399357][ C1] net_ratelimit: 4 callbacks suppressed [ 141.399375][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 141.413377][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 141.421770][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 141.430710][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 141.766893][ T7879] netlink: 12 bytes leftover after parsing attributes in process `syz.0.577'. [ 141.832589][ T7881] netlink: 12 bytes leftover after parsing attributes in process `syz.0.577'. [ 142.190189][ T7890] netlink: 4 bytes leftover after parsing attributes in process `syz.0.579'. [ 142.741334][ T7902] netlink: 'syz.0.582': attribute type 24 has an invalid length. [ 142.839650][ T7903] netlink: 'syz.0.582': attribute type 4 has an invalid length. [ 143.328254][ T7917] FAULT_INJECTION: forcing a failure. [ 143.328254][ T7917] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 143.354851][ T7917] CPU: 0 UID: 0 PID: 7917 Comm: syz.0.588 Not tainted syzkaller #0 PREEMPT(full) [ 143.354879][ T7917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 143.354892][ T7917] Call Trace: [ 143.354900][ T7917] [ 143.354909][ T7917] dump_stack_lvl+0xe8/0x150 [ 143.354945][ T7917] should_fail_ex+0x412/0x560 [ 143.354988][ T7917] _copy_to_user+0x31/0xb0 [ 143.355011][ T7917] simple_read_from_buffer+0xe1/0x170 [ 143.355048][ T7917] proc_fail_nth_read+0x1bb/0x230 [ 143.355082][ T7917] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 143.355116][ T7917] ? rw_verify_area+0x2a6/0x4d0 [ 143.355139][ T7917] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 143.355171][ T7917] vfs_read+0x20c/0xa70 [ 143.355192][ T7917] ? fdget_pos+0x246/0x320 [ 143.355229][ T7917] ? __pfx___mutex_lock+0x10/0x10 [ 143.355252][ T7917] ? __pfx_vfs_read+0x10/0x10 [ 143.355276][ T7917] ? __fget_files+0x2a/0x420 [ 143.355312][ T7917] ? __fget_files+0x3a0/0x420 [ 143.355342][ T7917] ? __fget_files+0x2a/0x420 [ 143.355383][ T7917] ksys_read+0x150/0x270 [ 143.355408][ T7917] ? __pfx_ksys_read+0x10/0x10 [ 143.355444][ T7917] do_syscall_64+0x14d/0xf80 [ 143.355463][ T7917] ? trace_irq_disable+0x3b/0x150 [ 143.355494][ T7917] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.355516][ T7917] ? clear_bhb_loop+0x40/0x90 [ 143.355543][ T7917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.355564][ T7917] RIP: 0033:0x7fa943f5cfce [ 143.355584][ T7917] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 143.355602][ T7917] RSP: 002b:00007fa944ee2fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 143.355624][ T7917] RAX: ffffffffffffffda RBX: 00007fa944ee36c0 RCX: 00007fa943f5cfce [ 143.355639][ T7917] RDX: 000000000000000f RSI: 00007fa944ee30a0 RDI: 0000000000000004 [ 143.355652][ T7917] RBP: 00007fa944ee3090 R08: 0000000000000000 R09: 0000000000000000 [ 143.355665][ T7917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 143.355677][ T7917] R13: 00007fa944216038 R14: 00007fa944215fa0 R15: 00007ffeaf3a5798 [ 143.355712][ T7917] [ 143.683038][ T7922] netlink: 'syz.1.589': attribute type 4 has an invalid length. [ 143.734275][ T7924] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 143.743112][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 143.753220][ T7924] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 143.767212][ T7924] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 143.812390][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 144.087017][ T7930] FAULT_INJECTION: forcing a failure. [ 144.087017][ T7930] name failslab, interval 1, probability 0, space 0, times 0 [ 144.116915][ T7930] CPU: 0 UID: 0 PID: 7930 Comm: syz.1.593 Not tainted syzkaller #0 PREEMPT(full) [ 144.116947][ T7930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 144.116960][ T7930] Call Trace: [ 144.116968][ T7930] [ 144.116977][ T7930] dump_stack_lvl+0xe8/0x150 [ 144.117013][ T7930] should_fail_ex+0x412/0x560 [ 144.117047][ T7930] should_failslab+0xa8/0x100 [ 144.117077][ T7930] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 144.117103][ T7930] ? __alloc_skb+0x1d0/0x7d0 [ 144.117131][ T7930] ? __local_bh_enable_ip+0xd0/0x130 [ 144.117165][ T7930] __alloc_skb+0x1d0/0x7d0 [ 144.117195][ T7930] ? netlink_ack_tlv_len+0x6c/0x210 [ 144.117226][ T7930] netlink_ack+0x146/0xa50 [ 144.117251][ T7930] ? __pfx_genl_rcv_msg+0x10/0x10 [ 144.117271][ T7930] ? __pfx_nl802154_pre_doit+0x10/0x10 [ 144.117302][ T7930] ? __pfx_nl802154_post_doit+0x10/0x10 [ 144.117331][ T7930] ? __lock_acquire+0x6b5/0x2cf0 [ 144.117370][ T7930] netlink_rcv_skb+0x2b6/0x4b0 [ 144.117399][ T7930] ? __pfx_genl_rcv_msg+0x10/0x10 [ 144.117423][ T7930] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 144.117482][ T7930] ? down_read+0x272/0x2e0 [ 144.117503][ T7930] ? genl_rcv+0xd/0x40 [ 144.117525][ T7930] genl_rcv+0x28/0x40 [ 144.117545][ T7930] netlink_unicast+0x80f/0x9b0 [ 144.117580][ T7930] ? __pfx_netlink_unicast+0x10/0x10 [ 144.117608][ T7930] ? netlink_sendmsg+0x650/0xb40 [ 144.117635][ T7930] ? skb_put+0x11b/0x210 [ 144.117671][ T7930] netlink_sendmsg+0x813/0xb40 [ 144.117711][ T7930] ? __pfx_netlink_sendmsg+0x10/0x10 [ 144.117744][ T7930] ? aa_sock_msg_perm+0xf1/0x1b0 [ 144.117776][ T7930] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 144.117804][ T7930] ____sys_sendmsg+0x972/0x9f0 [ 144.117836][ T7930] ? __pfx_____sys_sendmsg+0x10/0x10 [ 144.117867][ T7930] ? import_iovec+0x73/0xa0 [ 144.117905][ T7930] ___sys_sendmsg+0x2a5/0x360 [ 144.117933][ T7930] ? __pfx____sys_sendmsg+0x10/0x10 [ 144.117994][ T7930] ? __fget_files+0x2a/0x420 [ 144.118025][ T7930] ? __fget_files+0x3a0/0x420 [ 144.118068][ T7930] __x64_sys_sendmsg+0x1bd/0x2a0 [ 144.118093][ T7930] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 144.118126][ T7930] ? __pfx_ksys_write+0x10/0x10 [ 144.118163][ T7930] do_syscall_64+0x14d/0xf80 [ 144.118189][ T7930] ? trace_irq_disable+0x3b/0x150 [ 144.118220][ T7930] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.118242][ T7930] ? clear_bhb_loop+0x40/0x90 [ 144.118268][ T7930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.118290][ T7930] RIP: 0033:0x7fe87ef9c799 [ 144.118310][ T7930] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 144.118358][ T7930] RSP: 002b:00007fe87ff34028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 144.118380][ T7930] RAX: ffffffffffffffda RBX: 00007fe87f215fa0 RCX: 00007fe87ef9c799 [ 144.118396][ T7930] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000004 [ 144.118409][ T7930] RBP: 00007fe87ff34090 R08: 0000000000000000 R09: 0000000000000000 [ 144.118422][ T7930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.118440][ T7930] R13: 00007fe87f216038 R14: 00007fe87f215fa0 R15: 00007ffcd9dbb548 [ 144.118475][ T7930] [ 144.122947][ T7931] __nla_validate_parse: 1 callbacks suppressed [ 144.122964][ T7931] netlink: 4 bytes leftover after parsing attributes in process `syz.0.592'. [ 144.588138][ T7933] x_tables: unsorted underflow at hook 2 [ 144.752015][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 145.652323][ T7958] netlink: 72 bytes leftover after parsing attributes in process `syz.1.602'. [ 146.314894][ T7975] netlink: 4 bytes leftover after parsing attributes in process `syz.1.606'. [ 146.353228][ T7979] netlink: 4 bytes leftover after parsing attributes in process `syz.2.607'. [ 146.758542][ T7988] netlink: 12 bytes leftover after parsing attributes in process `syz.2.609'. [ 147.129219][ T7996] netlink: 4 bytes leftover after parsing attributes in process `syz.3.612'. [ 147.158546][ T7998] netlink: 8 bytes leftover after parsing attributes in process `syz.2.613'. [ 147.181399][ T7996] net_ratelimit: 6 callbacks suppressed [ 147.181420][ T7996] openvswitch: netlink: Flow actions attr not present in new flow. [ 147.236306][ T7996] netlink: 12 bytes leftover after parsing attributes in process `syz.3.612'. [ 147.473999][ T8005] netlink: 8 bytes leftover after parsing attributes in process `syz.1.615'. [ 147.485881][ T8005] netlink: 4 bytes leftover after parsing attributes in process `syz.1.615'. [ 147.796157][ T8011] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 147.884096][ T8013] sctp: [Deprecated]: syz.1.619 (pid 8013) Use of struct sctp_assoc_value in delayed_ack socket option. [ 147.884096][ T8013] Use struct sctp_sack_info instead [ 148.431780][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 148.440230][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 148.448908][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 148.457318][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 149.479893][ T80] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 150.689521][ T8061] netlink: 'syz.1.634': attribute type 1 has an invalid length. [ 150.699264][ T8064] __nla_validate_parse: 3 callbacks suppressed [ 150.699320][ T8064] netlink: 4 bytes leftover after parsing attributes in process `syz.4.633'. [ 150.938940][ T8075] netlink: 28 bytes leftover after parsing attributes in process `syz.4.636'. [ 151.714065][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 151.722599][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 151.731391][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 151.749781][ T8095] bond1: entered promiscuous mode [ 151.755148][ T8095] bond1: entered allmulticast mode [ 151.761505][ T8095] 8021q: adding VLAN 0 to HW filter on device bond1 [ 151.824910][ T30] audit: type=1800 audit(1773798025.367:2): pid=8076 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.637" name="memory.events" dev="tmpfs" ino=642 res=0 errno=0 [ 151.850561][ T30] audit: type=1804 audit(1773798025.377:3): pid=8076 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.637" name="/newroot/122/memory.events" dev="tmpfs" ino=642 res=1 errno=0 [ 152.193208][ T8109] netlink: 4 bytes leftover after parsing attributes in process `syz.4.646'. [ 152.388719][ T8112] RDS: rds_bind could not find a transport for ::ffff:172.30.0.5, load rds_tcp or rds_rdma? [ 152.402401][ T8112] Cannot find set identified by id 0 to match [ 153.229651][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 153.287955][ T8130] netlink: 'syz.2.652': attribute type 1 has an invalid length. [ 153.683439][ T8142] x_tables: duplicate entry at hook 1 [ 153.700396][ T8130] 8021q: adding VLAN 0 to HW filter on device bond4 [ 153.835893][ T8137] bond4: (slave gretap1): making interface the new active one [ 153.883435][ T8137] bond4: (slave gretap1): Enslaving as an active interface with an up link [ 153.948000][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 153.991938][ T8128] macvlan2: entered promiscuous mode [ 154.010779][ T8128] macvlan2: entered allmulticast mode [ 154.023908][ T8128] bond4: entered promiscuous mode [ 154.037991][ T8128] gretap1: entered promiscuous mode [ 154.058599][ T8128] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 154.103210][ T8128] bond4: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 154.140814][ T8128] bond4: left promiscuous mode [ 154.152510][ T8128] gretap1: left promiscuous mode [ 155.212422][ T8161] netlink: 4 bytes leftover after parsing attributes in process `syz.3.657'. [ 155.240945][ T49] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 155.251741][ T5934] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 155.391148][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 155.399633][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 155.408136][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 155.416539][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 156.143193][ T8185] openvswitch: netlink: IP tunnel TTL not specified. [ 156.152333][ T8185] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 156.633169][ T9] IPVS: starting estimator thread 0... [ 156.737291][ T8199] IPVS: using max 25 ests per chain, 60000 per kthread [ 157.134373][ T8215] netlink: 4 bytes leftover after parsing attributes in process `syz.1.671'. [ 157.634253][ T8226] netlink: 'syz.4.675': attribute type 39 has an invalid length. [ 157.867110][ T12] wlan1: Trigger new scan to find an IBSS to join [ 158.854647][ T8234] bond2: entered promiscuous mode [ 158.987083][ C0] net_ratelimit: 2 callbacks suppressed [ 158.987103][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 159.001208][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 159.009618][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 159.363718][ T8239] syzkaller0: entered promiscuous mode [ 159.406901][ T8239] syzkaller0: entered allmulticast mode [ 159.526779][ C1] sched: DL replenish lagged too much [ 160.347564][ T389] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 160.908951][ T60] wlan1: Trigger new scan to find an IBSS to join [ 162.436985][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.445527][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.454041][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.462398][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.470817][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 163.868456][ T12] wlan1: Creating new IBSS network, BSSID 5a:8a:33:65:fa:61 [ 164.176435][ T8258] netlink: 4 bytes leftover after parsing attributes in process `syz.3.684'. [ 164.195889][ T8273] netlink: 256 bytes leftover after parsing attributes in process `syz.2.689'. [ 165.634063][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 165.642517][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 165.651224][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 165.939656][ T8323] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 166.108244][ T80] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 166.340949][ T8337] netlink: 4 bytes leftover after parsing attributes in process `syz.0.703'. [ 167.255942][ T8359] netlink: 'syz.0.709': attribute type 1 has an invalid length. [ 167.382035][ T8359] bond2: entered promiscuous mode [ 167.411398][ T8359] 8021q: adding VLAN 0 to HW filter on device bond2 [ 167.548142][ T8366] bond2: (slave bridge1): making interface the new active one [ 167.582336][ T8366] bridge1: entered promiscuous mode [ 167.608346][ T8366] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 167.686049][ T8373] netlink: 16 bytes leftover after parsing attributes in process `syz.1.714'. [ 167.698718][ T8374] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 168.163413][ T8386] netlink: 4 bytes leftover after parsing attributes in process `syz.1.716'. [ 168.228878][ T8390] Cannot find add_set index 0 as target [ 168.758870][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.767303][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.775746][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.784270][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.881462][ T8402] netlink: 24 bytes leftover after parsing attributes in process `syz.2.721'. [ 169.871030][ T80] wlan1: Trigger new scan to find an IBSS to join [ 170.640288][ T8433] net_ratelimit: 2 callbacks suppressed [ 170.640308][ T8433] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 171.790594][ T8413] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 171.874332][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 172.284055][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 172.292521][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 172.300963][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 172.309469][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 172.317874][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 172.328023][ T8450] netlink: 4 bytes leftover after parsing attributes in process `syz.4.729'. [ 172.917527][ T80] wlan1: Trigger new scan to find an IBSS to join [ 173.013394][ T8459] 8021q: adding VLAN 0 to HW filter on device bond5 [ 173.033722][ T8465] netlink: 28 bytes leftover after parsing attributes in process `syz.3.735'. [ 173.250809][ T8470] netlink: 24 bytes leftover after parsing attributes in process `syz.1.736'. [ 173.437998][ T8474] openvswitch: netlink: Message has 4 unknown bytes. [ 173.496524][ T8474] openvswitch: netlink: Message has 4 unknown bytes. [ 173.504679][ T8475] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 173.633953][ T8481] sctp: [Deprecated]: syz.0.741 (pid 8481) Use of int in max_burst socket option deprecated. [ 173.633953][ T8481] Use struct sctp_assoc_value instead [ 173.977301][ T8487] netlink: 4 bytes leftover after parsing attributes in process `syz.4.742'. [ 174.003710][ T8487] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 174.112524][ T8487] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 174.208822][ T8495] xt_hashlimit: size too large, truncated to 1048576 [ 174.527208][ T8499] netlink: 12 bytes leftover after parsing attributes in process `syz.0.746'. [ 174.551022][ T8499] netlink: 20 bytes leftover after parsing attributes in process `syz.0.746'. [ 174.824812][ T8505] netlink: 4 bytes leftover after parsing attributes in process `syz.0.748'. [ 174.971402][ T8508] netlink: 'syz.1.749': attribute type 8 has an invalid length. [ 174.988384][ T8508] sch_fq: defrate 0 ignored. [ 175.012219][ T8508] netlink: 24 bytes leftover after parsing attributes in process `syz.1.749'. [ 175.113879][ T8510] netlink: 40 bytes leftover after parsing attributes in process `syz.1.749'. [ 175.560565][ T8518] netlink: 'syz.1.753': attribute type 4 has an invalid length. [ 175.592731][ T8518] netlink: 'syz.1.753': attribute type 4 has an invalid length. [ 175.871166][ T13] wlan1: Creating new IBSS network, BSSID d6:32:82:5e:7d:df [ 176.095305][ T8534] syzkaller0: entered promiscuous mode [ 176.107426][ T8534] syzkaller0: entered allmulticast mode [ 176.124304][ C1] net_ratelimit: 1 callbacks suppressed [ 176.124323][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 176.138298][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 176.146557][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 176.155037][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 176.163370][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 177.168172][ T8543] Bluetooth: MGMT ver 1.23 [ 177.354375][ T8553] netlink: 'syz.4.761': attribute type 1 has an invalid length. [ 177.364538][ T8553] netlink: 'syz.4.761': attribute type 11 has an invalid length. [ 177.373135][ T8553] netlink: 224 bytes leftover after parsing attributes in process `syz.4.761'. [ 177.402766][ T8553] netlink: 160368 bytes leftover after parsing attributes in process `syz.4.761'. [ 177.414572][ T8553] netlink: 20 bytes leftover after parsing attributes in process `syz.4.761'. [ 177.635454][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 179.470872][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 179.479350][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 179.487747][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 179.496091][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 180.452155][ T8543] netlink: 92 bytes leftover after parsing attributes in process `syz.3.759'. [ 180.470295][ T8548] netlink: 4 bytes leftover after parsing attributes in process `syz.2.760'. [ 181.589852][ T8570] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 182.008038][ T8582] bridge0: port 1(1x9) entered disabled state [ 182.265398][ T8598] netlink: 12 bytes leftover after parsing attributes in process `syz.1.772'. [ 182.273857][ T8582] A link change request failed with some changes committed already. Interface 1x9 may have been left with an inconsistent configuration, please check. [ 182.396944][ T8605] netlink: 8 bytes leftover after parsing attributes in process `syz.1.772'. [ 182.518909][ T8607] netlink: 4 bytes leftover after parsing attributes in process `syz.3.773'. [ 182.827099][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.835591][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.844183][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.852621][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 183.002296][ T8629] netlink: 8 bytes leftover after parsing attributes in process `syz.0.779'. [ 183.054271][ T8632] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 183.160342][ T8639] netlink: 128 bytes leftover after parsing attributes in process `syz.2.783'. [ 183.179063][ T8639] netlink: 20 bytes leftover after parsing attributes in process `syz.2.783'. [ 183.333987][ T8647] netlink: 'syz.4.786': attribute type 58 has an invalid length. [ 183.368196][ T8646] netlink: 4 bytes leftover after parsing attributes in process `syz.1.785'. [ 183.372752][ T8647] netlink: 20 bytes leftover after parsing attributes in process `syz.4.786'. [ 183.397920][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 183.444244][ T8654] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.789'. [ 183.456624][ T8658] netlink: 4 bytes leftover after parsing attributes in process `syz.3.788'. [ 183.479433][ T8646] netlink: 8 bytes leftover after parsing attributes in process `syz.1.785'. [ 183.863150][ T8674] netlink: 'syz.1.793': attribute type 4 has an invalid length. [ 183.905547][ T8683] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 184.287946][ T8701] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 184.296897][ T8699] netlink: 'syz.4.800': attribute type 1 has an invalid length. [ 184.871574][ T8735] netlink: 'syz.2.811': attribute type 9 has an invalid length. [ 184.986646][ T5908] hid-generic 0005:07C0:0000.0001: item fetching failed at offset 0/1 [ 184.999718][ T5908] hid-generic 0005:07C0:0000.0001: probe with driver hid-generic failed with error -22 [ 185.593174][ T8772] xt_ecn: cannot match TCP bits for non-tcp packets [ 185.623177][ T8772] wlan0 speed is unknown, defaulting to 1000 [ 185.645457][ T8772] wlan0 speed is unknown, defaulting to 1000 [ 185.671100][ T8772] wlan0 speed is unknown, defaulting to 1000 [ 185.721912][ T8772] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 185.810039][ T8772] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 185.953205][ T8772] wlan0 speed is unknown, defaulting to 1000 [ 185.997816][ T8772] wlan0 speed is unknown, defaulting to 1000 [ 186.036197][ T8772] wlan0 speed is unknown, defaulting to 1000 [ 186.070514][ T8772] wlan0 speed is unknown, defaulting to 1000 [ 186.145790][ T8772] wlan0 speed is unknown, defaulting to 1000 [ 186.464715][ T8818] siw: device registration error -23 [ 186.848728][ T8837] net_ratelimit: 44 callbacks suppressed [ 186.848749][ T8837] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 187.245900][ T8860] nbd: must specify at least one socket [ 188.301125][ T8908] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 188.935260][ T8916] sit2: entered promiscuous mode [ 188.954424][ T8916] sit2: entered allmulticast mode [ 189.067063][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.075514][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.084017][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.092872][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.153953][ T8925] netlink: 'syz.2.864': attribute type 4 has an invalid length. [ 189.163610][ T389] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.198232][ T8925] __nla_validate_parse: 55 callbacks suppressed [ 189.198252][ T8925] netlink: 152 bytes leftover after parsing attributes in process `syz.2.864'. [ 189.348775][ T8941] gretap0: entered promiscuous mode [ 189.370503][ T8941] vlan2: entered promiscuous mode [ 189.490781][ T8925] .`: renamed from bond0 (while UP) [ 189.979595][ T8953] netlink: 228 bytes leftover after parsing attributes in process `syz.1.869'. [ 189.997171][ T8955] netlink: 64 bytes leftover after parsing attributes in process `syz.3.870'. [ 190.098485][ T8954] netlink: 64 bytes leftover after parsing attributes in process `syz.3.870'. [ 190.443656][ T8971] trusted_key: syz.1.873 sent an empty control message without MSG_MORE. [ 190.548786][ T8973] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 191.060225][ T8984] veth0: entered promiscuous mode [ 191.159272][ T8984] netlink: 4 bytes leftover after parsing attributes in process `syz.3.878'. [ 191.539193][ T8997] netlink: 'syz.4.882': attribute type 3 has an invalid length. [ 192.187106][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.195519][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.204085][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.212455][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.220832][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.229298][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.237757][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.246127][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.778099][ T9026] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 194.032316][ T9053] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 194.272712][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.279314][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.473091][ T9065] tc_dump_action: action bad kind [ 195.093740][ T9087] sit0: entered promiscuous mode [ 195.179393][ T9087] netlink: 'syz.0.905': attribute type 1 has an invalid length. [ 195.246115][ T9087] netlink: 1 bytes leftover after parsing attributes in process `syz.0.905'. [ 195.327311][ T9096] netlink: 8 bytes leftover after parsing attributes in process `syz.3.908'. [ 195.360275][ T9095] xt_hashlimit: size too large, truncated to 1048576 [ 196.353147][ T9122] netlink: 8 bytes leftover after parsing attributes in process `syz.0.913'. [ 196.458077][ T9124] netlink: 52 bytes leftover after parsing attributes in process `syz.4.916'. [ 197.088517][ T9144] netlink: 'syz.2.919': attribute type 3 has an invalid length. [ 197.111263][ T9145] netlink: 52 bytes leftover after parsing attributes in process `syz.4.922'. [ 197.142909][ T9138] netlink: 'syz.2.919': attribute type 3 has an invalid length. [ 197.297309][ T9147] net_ratelimit: 4 callbacks suppressed [ 197.297330][ T9147] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 197.319231][ T9150] netlink: 'syz.0.923': attribute type 2 has an invalid length. [ 197.688796][ T9169] netlink: 'syz.1.926': attribute type 39 has an invalid length. [ 198.667213][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 198.675649][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 198.684064][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 198.692478][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 199.005235][ T9196] netlink: 207952 bytes leftover after parsing attributes in process `syz.2.931'. [ 199.028078][ T9196] syzkaller1: entered promiscuous mode [ 199.033684][ T9196] syzkaller1: entered allmulticast mode [ 199.041335][ T9196] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 324 [ 200.027729][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 200.240214][ T9168] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 200.501960][ T9205] netlink: 28 bytes leftover after parsing attributes in process `syz.2.934'. [ 200.741818][ T9216] netlink: 'syz.2.937': attribute type 1 has an invalid length. [ 200.854793][ T9216] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.867733][ T9220] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 200.893865][ T9223] bond0: (slave batadv1): Opening slave failed [ 201.014806][ T9227] netlink: 24 bytes leftover after parsing attributes in process `syz.3.941'. [ 201.046060][ T9232] netlink: 16 bytes leftover after parsing attributes in process `syz.0.944'. [ 201.209536][ T29] IPVS: starting estimator thread 0... [ 201.287810][ T9236] wlan0 speed is unknown, defaulting to 1000 [ 201.296201][ T9243] netlink: 'syz.0.948': attribute type 4 has an invalid length. [ 201.327260][ T9239] IPVS: using max 35 ests per chain, 84000 per kthread [ 201.335497][ T9243] netlink: 'syz.0.948': attribute type 4 has an invalid length. [ 201.539087][ T9250] geneve2: entered promiscuous mode [ 201.544370][ T9250] geneve2: entered allmulticast mode [ 201.591242][ T389] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 19999 - 0 [ 201.613009][ T9257] Bluetooth: MGMT ver 1.23 [ 201.627163][ T389] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 19999 - 0 [ 201.685385][ T60] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 19999 - 0 [ 201.767237][ T60] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 19999 - 0 [ 201.787193][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 201.795940][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 201.804585][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 201.881314][ T9269] netlink: 104 bytes leftover after parsing attributes in process `syz.0.954'. [ 201.958667][ T9269] netlink: 8 bytes leftover after parsing attributes in process `syz.0.954'. [ 202.333795][ T9287] netlink: 'syz.2.958': attribute type 1 has an invalid length. [ 202.346137][ T9289] netlink: 4 bytes leftover after parsing attributes in process `syz.1.960'. [ 202.438475][ T9291] netlink: 28 bytes leftover after parsing attributes in process `syz.2.958'. [ 202.624857][ T9287] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR [ 202.736362][ T9290] netlink: 48 bytes leftover after parsing attributes in process `syz.4.959'. [ 202.772579][ T9296] netlink: 8 bytes leftover after parsing attributes in process `syz.3.961'. [ 203.452795][ T9319] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 203.479355][ T9322] netlink: 8 bytes leftover after parsing attributes in process `syz.2.967'. [ 203.579915][ T9324] syzkaller0: entered promiscuous mode [ 203.593923][ T9324] syzkaller0: entered allmulticast mode [ 203.888794][ T9334] netlink: 'syz.2.973': attribute type 21 has an invalid length. [ 203.941923][ T80] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 204.273926][ T9350] : entered promiscuous mode [ 204.359340][ T9360] ve: renamed from macvlan0 (while UP) [ 204.745524][ T9376] netlink: 'syz.2.986': attribute type 2 has an invalid length. [ 204.765729][ T9376] netlink: 'syz.2.986': attribute type 5 has an invalid length. [ 204.785792][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.794450][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.907023][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.915446][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.923953][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.932344][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.940746][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.949232][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 205.433391][ T9402] tipc: Started in network mode [ 205.447685][ T9402] tipc: Node identity ac14140f, cluster identity 4711 [ 205.462158][ T9402] tipc: New replicast peer: 255.255.255.255 [ 205.470187][ T9402] tipc: Enabled bearer , priority 10 [ 205.529299][ T9402] netlink: 'syz.4.995': attribute type 3 has an invalid length. [ 205.569188][ T9406] __nla_validate_parse: 3 callbacks suppressed [ 205.569209][ T9406] netlink: 24 bytes leftover after parsing attributes in process `syz.1.997'. [ 205.787414][ T389] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 205.975188][ T9420] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1000'. [ 206.053354][ T9425] netlink: 'syz.3.1001': attribute type 1 has an invalid length. [ 206.104042][ T9425] 8021q: adding VLAN 0 to HW filter on device bond2 [ 206.124307][ T9425] vlan2: entered promiscuous mode [ 206.130102][ T9425] bond2: entered promiscuous mode [ 206.135339][ T9425] vlan2: entered allmulticast mode [ 206.141639][ T9425] bond2: entered allmulticast mode [ 206.175342][ T9429] bond3: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 206.198415][ T9429] bond3 (unregistering): Released all slaves [ 206.203990][ T9431] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1002'. [ 206.229388][ T9431] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1002'. [ 206.595843][ T9438] syzkaller0: entered promiscuous mode [ 206.602701][ T9448] openvswitch: netlink: Unexpected mask (mask=4000040, allowed=10048) [ 206.630235][ T9438] syzkaller0: entered allmulticast mode [ 206.648570][ T9] tipc: Node number set to 2886997007 [ 207.102754][ T9443] netlink: 'syz.0.1006': attribute type 1 has an invalid length. [ 208.054927][ T9458] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 208.080790][ T9458] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.118353][ T9463] netlink: 240 bytes leftover after parsing attributes in process `syz.1.1013'. [ 208.314071][ T9458] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 208.367167][ T9458] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.450891][ T9483] FAULT_INJECTION: forcing a failure. [ 208.450891][ T9483] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 208.478985][ T9483] CPU: 0 UID: 0 PID: 9483 Comm: syz.2.1018 Not tainted syzkaller #0 PREEMPT(full) [ 208.479026][ T9483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 208.479039][ T9483] Call Trace: [ 208.479046][ T9483] [ 208.479055][ T9483] dump_stack_lvl+0xe8/0x150 [ 208.479090][ T9483] should_fail_ex+0x412/0x560 [ 208.479123][ T9483] _copy_from_user+0x2d/0xb0 [ 208.479156][ T9483] ___sys_sendmsg+0x1c6/0x360 [ 208.479183][ T9483] ? __pfx____sys_sendmsg+0x10/0x10 [ 208.479241][ T9483] ? __fget_files+0x2a/0x420 [ 208.479269][ T9483] ? __fget_files+0x3a0/0x420 [ 208.479310][ T9483] __x64_sys_sendmsg+0x1bd/0x2a0 [ 208.479335][ T9483] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 208.479365][ T9483] ? __pfx_ksys_write+0x10/0x10 [ 208.479401][ T9483] do_syscall_64+0x14d/0xf80 [ 208.479420][ T9483] ? trace_irq_disable+0x3b/0x150 [ 208.479450][ T9483] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.479471][ T9483] ? clear_bhb_loop+0x40/0x90 [ 208.479497][ T9483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.479517][ T9483] RIP: 0033:0x7f83cc39c799 [ 208.479537][ T9483] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 208.479555][ T9483] RSP: 002b:00007f83cd244028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 208.479584][ T9483] RAX: ffffffffffffffda RBX: 00007f83cc615fa0 RCX: 00007f83cc39c799 [ 208.479599][ T9483] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000004 [ 208.479612][ T9483] RBP: 00007f83cd244090 R08: 0000000000000000 R09: 0000000000000000 [ 208.479624][ T9483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.479636][ T9483] R13: 00007f83cc616038 R14: 00007f83cc615fa0 R15: 00007fff7f422c18 [ 208.479669][ T9483] [ 208.520517][ T9485] netlink: 'syz.1.1019': attribute type 11 has an invalid length. [ 208.712462][ T9458] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 208.727246][ T9458] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.740643][ T9485] netlink: 'syz.1.1019': attribute type 11 has an invalid length. [ 208.766820][ T9485] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1019'. [ 208.961310][ T9498] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1023'. [ 209.084280][ T9458] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 209.099103][ T9458] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.220124][ T9509] netlink: 'syz.3.1026': attribute type 1 has an invalid length. [ 209.241409][ T9509] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1026'. [ 209.391847][ T389] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 209.418671][ T389] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.446544][ T9517] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.1029'. [ 209.462946][ T9517] IPVS: length: 155 != 24 [ 209.480030][ T389] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 209.499776][ T389] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.555291][ T13] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 209.596819][ T13] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.705042][ T9493] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 209.913119][ T9518] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 209.944699][ T9534] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1032'. [ 209.992588][ T389] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 210.027494][ T389] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.140077][ T9534] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 210.315715][ T9534] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 210.527735][ T9542] netlink: 'syz.2.1034': attribute type 1 has an invalid length. [ 210.644848][ T9552] netlink: 'syz.1.1037': attribute type 21 has an invalid length. [ 210.937870][ T9566] __nla_validate_parse: 1 callbacks suppressed [ 210.937893][ T9566] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1040'. [ 210.997202][ T9566] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1040'. [ 211.095361][ T9566] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1040'. [ 211.118226][ T9566] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1040'. [ 211.204143][ T9576] FAULT_INJECTION: forcing a failure. [ 211.204143][ T9576] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 211.281919][ T9576] CPU: 1 UID: 0 PID: 9576 Comm: syz.2.1043 Not tainted syzkaller #0 PREEMPT(full) [ 211.281956][ T9576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 211.281969][ T9576] Call Trace: [ 211.281977][ T9576] [ 211.281988][ T9576] dump_stack_lvl+0xe8/0x150 [ 211.282022][ T9576] should_fail_ex+0x412/0x560 [ 211.282055][ T9576] _copy_from_iter+0x1d3/0x1670 [ 211.282088][ T9576] ? rcu_is_watching+0x15/0xb0 [ 211.282125][ T9576] ? __pfx__copy_from_iter+0x10/0x10 [ 211.282164][ T9576] ? netlink_sendmsg+0x650/0xb40 [ 211.282192][ T9576] ? skb_put+0x11b/0x210 [ 211.282227][ T9576] netlink_sendmsg+0x6c0/0xb40 [ 211.282267][ T9576] ? __pfx_netlink_sendmsg+0x10/0x10 [ 211.282300][ T9576] ? aa_sock_msg_perm+0xf1/0x1b0 [ 211.282339][ T9576] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 211.282366][ T9576] ____sys_sendmsg+0x972/0x9f0 [ 211.282398][ T9576] ? __pfx_____sys_sendmsg+0x10/0x10 [ 211.282429][ T9576] ? import_iovec+0x73/0xa0 [ 211.282466][ T9576] ___sys_sendmsg+0x2a5/0x360 [ 211.282494][ T9576] ? __pfx____sys_sendmsg+0x10/0x10 [ 211.282551][ T9576] ? __fget_files+0x2a/0x420 [ 211.282582][ T9576] ? __fget_files+0x3a0/0x420 [ 211.282617][ T9576] __x64_sys_sendmsg+0x1bd/0x2a0 [ 211.282637][ T9576] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 211.282663][ T9576] ? __pfx_ksys_write+0x10/0x10 [ 211.282692][ T9576] do_syscall_64+0x14d/0xf80 [ 211.282708][ T9576] ? trace_irq_disable+0x3b/0x150 [ 211.282735][ T9576] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.282752][ T9576] ? clear_bhb_loop+0x40/0x90 [ 211.282774][ T9576] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.282791][ T9576] RIP: 0033:0x7f83cc39c799 [ 211.282809][ T9576] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 211.282824][ T9576] RSP: 002b:00007f83cd223028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 211.282843][ T9576] RAX: ffffffffffffffda RBX: 00007f83cc616090 RCX: 00007f83cc39c799 [ 211.282856][ T9576] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000004 [ 211.282867][ T9576] RBP: 00007f83cd223090 R08: 0000000000000000 R09: 0000000000000000 [ 211.282878][ T9576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.282889][ T9576] R13: 00007f83cc616128 R14: 00007f83cc616090 R15: 00007fff7f422c18 [ 211.282916][ T9576] [ 211.649725][ T9586] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1046'. [ 211.702937][ T9586] netlink: 73 bytes leftover after parsing attributes in process `syz.0.1046'. [ 211.714853][ T5829] Bluetooth: hci1: command 0x0406 tx timeout [ 211.714874][ T5143] Bluetooth: hci3: command 0x0406 tx timeout [ 211.721312][ T5829] Bluetooth: hci2: command 0x0c1a tx timeout [ 211.811098][ T9595] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1049'. [ 212.074086][ T9607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1054'. [ 212.306645][ T9624] x_tables: duplicate underflow at hook 1 [ 212.337033][ T9622] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1056'. [ 212.464020][ T9635] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1060'. [ 212.680836][ T9645] FAULT_INJECTION: forcing a failure. [ 212.680836][ T9645] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 212.703964][ T9645] CPU: 0 UID: 0 PID: 9645 Comm: syz.3.1061 Not tainted syzkaller #0 PREEMPT(full) [ 212.703999][ T9645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 212.704013][ T9645] Call Trace: [ 212.704021][ T9645] [ 212.704030][ T9645] dump_stack_lvl+0xe8/0x150 [ 212.704066][ T9645] should_fail_ex+0x412/0x560 [ 212.704106][ T9645] _copy_from_iter+0x1d3/0x1670 [ 212.704142][ T9645] ? rcu_is_watching+0x15/0xb0 [ 212.704184][ T9645] ? __pfx__copy_from_iter+0x10/0x10 [ 212.704232][ T9645] ? netlink_sendmsg+0x650/0xb40 [ 212.704261][ T9645] ? skb_put+0x11b/0x210 [ 212.704300][ T9645] netlink_sendmsg+0x6c0/0xb40 [ 212.704341][ T9645] ? __pfx_netlink_sendmsg+0x10/0x10 [ 212.704374][ T9645] ? aa_sock_msg_perm+0xf1/0x1b0 [ 212.704405][ T9645] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 212.704433][ T9645] ____sys_sendmsg+0x972/0x9f0 [ 212.704465][ T9645] ? __pfx_____sys_sendmsg+0x10/0x10 [ 212.704497][ T9645] ? import_iovec+0x73/0xa0 [ 212.704533][ T9645] ___sys_sendmsg+0x2a5/0x360 [ 212.704561][ T9645] ? __pfx____sys_sendmsg+0x10/0x10 [ 212.704619][ T9645] ? __fget_files+0x2a/0x420 [ 212.704650][ T9645] ? __fget_files+0x3a0/0x420 [ 212.704692][ T9645] __x64_sys_sendmsg+0x1bd/0x2a0 [ 212.704716][ T9645] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 212.704746][ T9645] ? __pfx_ksys_write+0x10/0x10 [ 212.704780][ T9645] do_syscall_64+0x14d/0xf80 [ 212.704799][ T9645] ? trace_irq_disable+0x3b/0x150 [ 212.704831][ T9645] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.704853][ T9645] ? clear_bhb_loop+0x40/0x90 [ 212.704896][ T9645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.704919][ T9645] RIP: 0033:0x7fa04e39c799 [ 212.704939][ T9645] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 212.704958][ T9645] RSP: 002b:00007fa04f1c8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 212.704983][ T9645] RAX: ffffffffffffffda RBX: 00007fa04e616090 RCX: 00007fa04e39c799 [ 212.704998][ T9645] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000004 [ 212.705011][ T9645] RBP: 00007fa04f1c8090 R08: 0000000000000000 R09: 0000000000000000 [ 212.705023][ T9645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.705035][ T9645] R13: 00007fa04e616128 R14: 00007fa04e616090 R15: 00007ffee90a6ab8 [ 212.705067][ T9645] [ 213.111293][ T9655] netlink: 'syz.0.1065': attribute type 21 has an invalid length. [ 213.130694][ T9655] IPv6: NLM_F_CREATE should be specified when creating new route [ 213.995121][ T9680] erspan1: entered allmulticast mode [ 214.072317][ T9690] netlink: 'syz.2.1075': attribute type 2 has an invalid length. [ 214.175378][ T9690] 9: entered promiscuous mode [ 214.248517][ T9695] netlink: 'syz.4.1077': attribute type 13 has an invalid length. [ 214.301979][ T9695] veth0_macvtap: left promiscuous mode [ 214.351625][ T9695] macvtap0: entered allmulticast mode [ 214.380552][ T9695] macvtap0: refused to change device tx_queue_len [ 214.416133][ T9706] netlink: 'syz.2.1080': attribute type 2 has an invalid length. [ 214.487197][ T9699] syzkaller0: entered promiscuous mode [ 214.526380][ T9699] syzkaller0: entered allmulticast mode [ 215.235289][ T9752] netlink: 'syz.3.1091': attribute type 3 has an invalid length. [ 215.276411][ T9752] netlink: 'syz.3.1091': attribute type 1 has an invalid length. [ 215.311964][ T9753] dvmrp0: entered allmulticast mode [ 215.319657][ T9747] can: request_module (can-proto-4) failed. [ 215.341009][ T9749] wlan0 speed is unknown, defaulting to 1000 [ 215.684826][ T9768] netlink: 'syz.1.1096': attribute type 10 has an invalid length. [ 215.753769][ T9768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 215.785829][ T9768] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 215.804542][ T9776] netlink: 'syz.4.1097': attribute type 62 has an invalid length. [ 216.075745][ T9784] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 216.151547][ T9784] __nla_validate_parse: 12 callbacks suppressed [ 216.151568][ T9784] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1101'. [ 216.202463][ T9784] nbd: socks must be embedded in a SOCK_ITEM attr [ 216.616961][ T9807] block nbd1: NBD_DISCONNECT [ 216.763725][ T9816] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1111'. [ 216.789988][ T9818] sch_tbf: peakrate 5 is lower than or equals to rate 16783679728848008391 ! [ 217.070134][ T5838] Bluetooth: hci4: command 0x0405 tx timeout [ 217.376902][ T9845] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1121'. [ 217.496243][ T5838] block nbd2: Receive control failed (result -1) [ 217.678968][ T9865] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1124'. [ 217.730422][ T9845] netlink: 183244 bytes leftover after parsing attributes in process `syz.3.1121'. [ 218.052460][ T9864] syzkaller0: entered promiscuous mode [ 218.892755][ T9864] syzkaller0: entered allmulticast mode [ 232.581169][ T9889] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 232.815295][ T5836] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 232.828300][ T5836] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 232.836439][ T5836] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 232.845253][ T5836] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 232.854574][ T5836] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 233.775965][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 233.785842][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 233.794164][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 233.803490][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 233.816563][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 233.875518][ T5836] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 233.885313][ T5836] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 233.894425][ T5836] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 233.902676][ T5836] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 233.911464][ T5836] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 234.906971][ T5836] Bluetooth: hci5: command tx timeout [ 235.071903][ T60] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 235.867019][ T5836] Bluetooth: hci0: command tx timeout [ 235.947205][ T5836] Bluetooth: hci6: command tx timeout [ 236.997274][ T5836] Bluetooth: hci5: command tx timeout [ 237.946926][ T5836] Bluetooth: hci0: command tx timeout [ 238.030317][ T5836] Bluetooth: hci6: command tx timeout [ 239.072234][ T5836] Bluetooth: hci5: command tx timeout [ 240.034603][ T5836] Bluetooth: hci0: command tx timeout [ 240.106856][ T5836] Bluetooth: hci6: command tx timeout [ 240.834628][ T9902] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input5 [ 241.007754][ T9890] wlan0 speed is unknown, defaulting to 1000 [ 241.033618][ T9895] wlan0 speed is unknown, defaulting to 1000 [ 241.146835][ T5836] Bluetooth: hci5: command tx timeout [ 241.364162][ T9897] wlan0 speed is unknown, defaulting to 1000 [ 241.736952][ T9918] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1137'. [ 242.106854][ T5836] Bluetooth: hci0: command tx timeout [ 242.187941][ T5836] Bluetooth: hci6: command tx timeout [ 242.527944][ T13] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 242.552462][ T13] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.650207][ T9895] chnl_net:caif_netlink_parms(): no params data found [ 243.593717][ T9943] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1140'. [ 244.113701][ T9895] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.133976][ T9895] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.141935][ T9895] bridge_slave_0: entered allmulticast mode [ 244.152311][ T9895] bridge_slave_0: entered promiscuous mode [ 244.195066][ T9895] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.208024][ T9895] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.225570][ T9895] bridge_slave_1: entered allmulticast mode [ 244.259874][ T9895] bridge_slave_1: entered promiscuous mode [ 244.289867][ T9890] chnl_net:caif_netlink_parms(): no params data found [ 244.308531][ T9897] chnl_net:caif_netlink_parms(): no params data found [ 244.446500][ T9895] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 244.496348][ T9895] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 244.692987][ T9895] team0: Port device team_slave_0 added [ 244.725656][ T9897] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.734048][ T9897] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.741816][ T9897] bridge_slave_0: entered allmulticast mode [ 244.750669][ T9897] bridge_slave_0: entered promiscuous mode [ 244.762572][ T9895] team0: Port device team_slave_1 added [ 244.784712][ T9897] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.793007][ T9897] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.804993][ T9897] bridge_slave_1: entered allmulticast mode [ 244.817096][ T9897] bridge_slave_1: entered promiscuous mode [ 244.851449][ T9890] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.859399][ T9890] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.867520][ T9890] bridge_slave_0: entered allmulticast mode [ 244.875939][ T9890] bridge_slave_0: entered promiscuous mode [ 244.926512][ T9890] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.934755][ T9890] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.942859][ T9890] bridge_slave_1: entered allmulticast mode [ 244.951914][ T9890] bridge_slave_1: entered promiscuous mode [ 244.978938][ T9895] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 244.986669][ T9895] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 245.015901][ T9895] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 245.057762][ T9897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 245.069795][ T9895] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 245.077870][ T9895] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 245.104979][ T9895] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 245.173287][ T9897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 245.294740][ T9890] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 245.402491][ T13] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 245.414547][ T13] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.441139][ T9967] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 245.452310][ T9890] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 245.469483][ T9967] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1145'. [ 245.496538][ T9897] team0: Port device team_slave_0 added [ 245.609831][ T9897] team0: Port device team_slave_1 added [ 245.731079][ T9890] team0: Port device team_slave_0 added [ 245.749494][ T9895] hsr_slave_0: entered promiscuous mode [ 245.756463][ T9895] hsr_slave_1: entered promiscuous mode [ 245.764264][ T9895] debugfs: 'hsr0' already exists in 'hsr' [ 245.770806][ T9895] Cannot create hsr debugfs directory [ 245.793981][ T9890] team0: Port device team_slave_1 added [ 245.882718][ T9897] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 245.889928][ T9897] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 245.921163][ T9897] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 245.953386][ T9897] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 245.963180][ T9897] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 245.999334][ T9897] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 246.133032][ T9890] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 246.141947][ T9890] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 246.176150][ T9890] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 246.215447][ T9890] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 246.223592][ T9890] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 246.260432][ T9890] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 246.408842][ T9897] hsr_slave_0: entered promiscuous mode [ 246.416446][ T9897] hsr_slave_1: entered promiscuous mode [ 246.423635][ T9897] debugfs: 'hsr0' already exists in 'hsr' [ 246.430356][ T9897] Cannot create hsr debugfs directory [ 246.501772][ T9974] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1147'. [ 246.519219][ T9890] hsr_slave_0: entered promiscuous mode [ 246.525969][ T9890] hsr_slave_1: entered promiscuous mode [ 246.548096][ T9890] debugfs: 'hsr0' already exists in 'hsr' [ 246.564360][ T9890] Cannot create hsr debugfs directory [ 247.936303][ T9895] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 247.992325][ T9895] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 248.042132][ T9895] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 248.081794][ T9895] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 248.295133][ T9897] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 248.344225][ T9897] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 248.419259][ T9897] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 248.685941][ T13] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 248.714523][ T13] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.779409][ T9897] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 249.092878][T10029] xt_CT: You must specify a L4 protocol and not use inversions on it [ 249.161201][ T9890] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 249.372800][ T9890] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 249.411743][ T9890] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 249.442453][ T9890] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 249.593864][ T9895] 8021q: adding VLAN 0 to HW filter on device bond0 [ 249.674625][ T9895] 8021q: adding VLAN 0 to HW filter on device team0 [ 249.712769][ T9897] 8021q: adding VLAN 0 to HW filter on device bond0 [ 249.735248][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.742504][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 249.805169][ T9897] 8021q: adding VLAN 0 to HW filter on device team0 [ 249.838701][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.845937][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 249.911925][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.919178][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 249.939897][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.947486][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 250.266897][ T13] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 250.281169][ T13] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.408902][ T9890] 8021q: adding VLAN 0 to HW filter on device bond0 [ 250.484116][ T9890] 8021q: adding VLAN 0 to HW filter on device team0 [ 250.534904][ T9880] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.542304][ T9880] bridge0: port 1(bridge_slave_0) entered forwarding state [ 250.654181][ T9880] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.661446][ T9880] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.323954][ T9895] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 251.487906][ T9897] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 251.958944][ T9890] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 251.971787][T10064] vxcan1: tx drop: invalid da for name 0x0000000000000001 [ 252.077953][T10068] IPVS: set_ctl: invalid protocol: 46 224.0.0.1:20003 [ 255.715408][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.353020][ T9895] veth0_vlan: entered promiscuous mode [ 262.461367][ T9895] veth1_vlan: entered promiscuous mode [ 262.784663][ T9897] veth0_vlan: entered promiscuous mode [ 262.862197][ T9890] veth0_vlan: entered promiscuous mode [ 262.882175][ T13] bridge_slave_1: left allmulticast mode [ 262.895652][ T13] bridge_slave_1: left promiscuous mode [ 262.903676][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 262.949986][ T13] bridge_slave_0: left allmulticast mode [ 262.955895][ T13] bridge_slave_0: left promiscuous mode [ 262.965855][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.600884][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 267.628518][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 267.642079][ T49] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 267.672271][ T13] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 267.693742][ T13] bond0 (unregistering): Released all slaves [ 267.708331][ T13] bond1 (unregistering): Released all slaves [ 267.727672][ T13] bond2 (unregistering): Released all slaves [ 267.923043][ T9890] veth1_vlan: entered promiscuous mode [ 267.958074][ T9897] veth1_vlan: entered promiscuous mode [ 268.076933][ T9895] veth0_macvtap: entered promiscuous mode [ 268.161408][ T9895] veth1_macvtap: entered promiscuous mode [ 268.320314][ T9890] veth0_macvtap: entered promiscuous mode [ 268.370034][ T9895] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 268.421261][ T9895] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 268.465392][ T9897] veth0_macvtap: entered promiscuous mode [ 268.551924][ T9897] veth1_macvtap: entered promiscuous mode [ 268.568761][ T9890] veth1_macvtap: entered promiscuous mode [ 268.609718][ T80] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.723281][ T80] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.743019][ T80] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.853686][ T80] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.085667][ T9897] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 269.125555][ T9890] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 270.024322][ T9897] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 270.351696][ T9890] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 270.478551][ T12] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.516339][ T12] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.614890][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.644804][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 270.837918][ T12] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.875464][ T12] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.898087][ T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.980967][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.999449][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 271.044876][ T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.063698][ T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.502395][ T9882] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.574393][ T5893] wlan0 speed is unknown, defaulting to 1000 [ 271.619210][ T5893] syz1: Port: 1 Link DOWN [ 272.263389][ T13] hsr_slave_0: left promiscuous mode [ 272.363437][ T13] hsr_slave_1: left promiscuous mode [ 272.397859][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 272.405352][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 272.504971][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 272.539231][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 272.716653][ T13] veth1_macvtap: left promiscuous mode [ 272.722549][ T13] veth0_macvtap: left promiscuous mode [ 272.764197][ T13] veth1_vlan: left promiscuous mode [ 272.777102][ T13] veth0_vlan: left promiscuous mode [ 273.270714][ T13] pim6reg (unregistering): left allmulticast mode [ 273.342944][ T13] veth1_macvtap (unregistering): left allmulticast mode [ 273.567532][ T13] team0 (unregistering): Port device team_slave_1 removed [ 273.632059][ T13] team0 (unregistering): Port device team_slave_0 removed [ 274.146530][ T9879] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 274.228004][ T9879] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 275.215776][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 275.253950][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 275.264363][T10195] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 275.285725][T10195] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 275.403629][ T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 275.472635][ T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 275.561298][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 275.626370][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 276.211005][ T13] IPVS: stop unused estimator thread 0... [ 276.396088][T10217] xt_TPROXY: Can be used only with -p tcp or -p udp [ 277.179740][T10233] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1193'. [ 277.215447][ T9882] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 277.303170][ T9882] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 277.654685][T10247] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1197'. [ 277.904126][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804041d000: rx timeout, send abort [ 278.002263][T10233] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 278.209438][ T9882] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 278.268303][ T9882] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.358695][T10273] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1207'. [ 279.485663][ T9882] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 279.554010][ T9882] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.753042][ T9882] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 279.792364][ T9882] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.244304][T10270] syzkaller0: entered promiscuous mode [ 280.299531][T10270] syzkaller0: entered allmulticast mode [ 280.349640][T10296] Bluetooth: MGMT ver 1.23 [ 280.394470][T10295] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1212'. [ 281.067958][ T5836] Bluetooth: hci6: command tx timeout [ 285.037473][ T9882] x9: left allmulticast mode [ 285.098301][ T9882] x9: left promiscuous mode [ 285.103369][ T9882] bridge0: port 1(1x9) entered disabled state [ 286.695630][ T9882] bond3 (unregistering): (slave gretap1): Releasing active interface [ 287.672499][ T9882] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 287.726180][ T9882] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 287.775007][ T9882] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 287.799491][ T9882] bond0 (unregistering): Released all slaves [ 287.833169][ T9882] bond1 (unregistering): Released all slaves [ 287.879149][ T9882] bond2 (unregistering): Released all slaves [ 287.927586][ T9882] bond3 (unregistering): Released all slaves [ 288.461227][T10371] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input6 [ 288.616949][ T9882] : left promiscuous mode [ 288.935895][T10383] xt_hashlimit: size too large, truncated to 1048576 [ 290.207305][ T5836] block nbd3: Receive control failed (result -32) [ 290.214675][ T5836] block nbd3: Receive control failed (result -32) [ 290.271591][ T9882] tipc: Disabling bearer [ 290.312365][T10384] nbd3: detected capacity change from 0 to 63 [ 290.318982][ T9882] tipc: Left network mode [ 290.422745][T10319] block nbd3: Dead connection, failed to find a fallback [ 290.554190][T10319] block nbd3: shutting down sockets [ 290.650486][T10319] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 290.840664][T10319] Buffer I/O error on dev nbd3, logical block 0, async page read [ 290.901731][T10319] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 290.976808][T10319] Buffer I/O error on dev nbd3, logical block 1, async page read [ 291.178275][T10319] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 291.287111][T10319] Buffer I/O error on dev nbd3, logical block 2, async page read [ 291.413024][T10319] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 291.517654][T10319] Buffer I/O error on dev nbd3, logical block 3, async page read [ 291.525539][T10319] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 291.542511][T10319] Buffer I/O error on dev nbd3, logical block 0, async page read [ 291.626050][T10319] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 291.740533][T10319] Buffer I/O error on dev nbd3, logical block 1, async page read [ 291.808660][T10319] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 291.927909][T10319] Buffer I/O error on dev nbd3, logical block 2, async page read [ 291.935862][T10319] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 292.096051][T10319] Buffer I/O error on dev nbd3, logical block 3, async page read [ 292.169072][T10319] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 292.266872][T10319] Buffer I/O error on dev nbd3, logical block 0, async page read [ 292.297268][T10319] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 292.404375][T10319] Buffer I/O error on dev nbd3, logical block 1, async page read [ 292.470979][T10319] ldm_validate_partition_table(): Disk read failed. [ 292.530194][T10319] Dev nbd3: unable to read RDB block 0 [ 292.601350][T10319] nbd3: unable to read partition table [ 292.680467][T10319] ldm_validate_partition_table(): Disk read failed. [ 292.732481][T10319] Dev nbd3: unable to read RDB block 0 [ 292.772214][T10319] nbd3: unable to read partition table [ 293.448604][T10448] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1250'. [ 293.521466][T10450] netlink: 60 bytes leftover after parsing attributes in process `syz.7.1249'. [ 293.577066][T10454] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1252'. [ 293.666309][T10448] ip6gre1: entered promiscuous mode [ 293.676532][T10448] ip6gre1: entered allmulticast mode [ 293.831453][T10455] [ 293.833846][T10455] ====================================================== [ 293.840896][T10455] WARNING: possible circular locking dependency detected [ 293.847961][T10455] syzkaller #0 Not tainted [ 293.852404][T10455] ------------------------------------------------------ [ 293.859447][T10455] syz.2.1251/10455 is trying to acquire lock: [ 293.865541][T10455] ffffffff8e882e40 (fs_reclaim){+.+.}-{0:0}, at: kmem_cache_alloc_node_noprof+0x4a/0x690 [ 293.875429][T10455] [ 293.875429][T10455] but task is already holding lock: [ 293.882820][T10455] ffffffff8ff81f08 (uevent_sock_mutex){+.+.}-{4:4}, at: kobject_uevent_net_broadcast+0x27e/0x560 [ 293.893758][T10455] [ 293.893758][T10455] which lock already depends on the new lock. [ 293.893758][T10455] [ 293.904454][T10455] [ 293.904454][T10455] the existing dependency chain (in reverse order) is: [ 293.913497][T10455] [ 293.913497][T10455] -> #9 (uevent_sock_mutex){+.+.}-{4:4}: [ 293.921542][T10455] __mutex_lock+0x19f/0x1300 [ 293.926778][T10455] kobject_uevent_net_broadcast+0x27e/0x560 [ 293.933250][T10455] kobject_uevent_env+0x55c/0x9e0 [ 293.938862][T10455] device_add+0x557/0xb70 [ 293.943748][T10455] device_create+0x269/0x300 [ 293.948935][T10455] msr_device_create+0x33/0x50 [ 293.954338][T10455] cpuhp_invoke_callback+0x445/0x860 [ 293.960182][T10455] cpuhp_thread_fun+0x36b/0x780 [ 293.965592][T10455] smpboot_thread_fn+0x541/0xa50 [ 293.971173][T10455] kthread+0x388/0x470 [ 293.975835][T10455] ret_from_fork+0x51e/0xb90 [ 293.980983][T10455] ret_from_fork_asm+0x1a/0x30 [ 293.986333][T10455] [ 293.986333][T10455] -> #8 (cpuhp_state-up){+.+.}-{0:0}: [ 293.993933][T10455] cpuhp_thread_fun+0x127/0x780 [ 293.999362][T10455] smpboot_thread_fn+0x541/0xa50 [ 294.004865][T10455] kthread+0x388/0x470 [ 294.009521][T10455] ret_from_fork+0x51e/0xb90 [ 294.014672][T10455] ret_from_fork_asm+0x1a/0x30 [ 294.020178][T10455] [ 294.020178][T10455] -> #7 (cpu_hotplug_lock){++++}-{0:0}: [ 294.027956][T10455] cpus_read_lock+0x42/0x160 [ 294.033102][T10455] static_key_slow_inc+0x12/0x30 [ 294.038610][T10455] setup_udp_tunnel_sock+0x343/0x550 [ 294.044448][T10455] l2tp_tunnel_register+0xda0/0x1460 [ 294.050303][T10455] pppol2tp_connect+0x8b7/0x17c0 [ 294.055797][T10455] __sys_connect+0x312/0x450 [ 294.060965][T10455] __x64_sys_connect+0x7a/0x90 [ 294.066298][T10455] do_syscall_64+0x14d/0xf80 [ 294.071444][T10455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.077895][T10455] [ 294.077895][T10455] -> #6 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 294.085673][T10455] lock_sock_nested+0x48/0x100 [ 294.090996][T10455] inet_shutdown+0x6a/0x390 [ 294.096060][T10455] nbd_mark_nsock_dead+0x2e9/0x560 [ 294.101732][T10455] recv_work+0x1c7f/0x1d90 [ 294.106702][T10455] process_scheduled_works+0xb02/0x1830 [ 294.112805][T10455] worker_thread+0xa50/0xfc0 [ 294.117957][T10455] kthread+0x388/0x470 [ 294.122619][T10455] ret_from_fork+0x51e/0xb90 [ 294.127776][T10455] ret_from_fork_asm+0x1a/0x30 [ 294.133119][T10455] [ 294.133119][T10455] -> #5 (&nsock->tx_lock){+.+.}-{4:4}: [ 294.140823][T10455] __mutex_lock+0x19f/0x1300 [ 294.145967][T10455] nbd_queue_rq+0x37b/0x1100 [ 294.151204][T10455] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 294.157304][T10455] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 294.164190][T10455] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 294.170812][T10455] blk_mq_run_hw_queue+0x348/0x4f0 [ 294.176498][T10455] blk_mq_dispatch_list+0xd16/0xe10 [ 294.182252][T10455] blk_mq_flush_plug_list+0x48d/0x570 [ 294.188181][T10455] __blk_flush_plug+0x3ed/0x4d0 [ 294.193671][T10455] __submit_bio+0x28d/0x580 [ 294.198734][T10455] submit_bio_noacct_nocheck+0x2f4/0xa70 [ 294.205006][T10455] block_read_full_folio+0x599/0x830 [ 294.210850][T10455] filemap_read_folio+0x137/0x3b0 [ 294.216433][T10455] do_read_cache_folio+0x358/0x590 [ 294.222143][T10455] read_part_sector+0xb6/0x2b0 [ 294.227464][T10455] adfspart_check_ICS+0xa5/0xa40 [ 294.233075][T10455] bdev_disk_changed+0x7ba/0x1550 [ 294.238736][T10455] blkdev_get_whole+0x380/0x510 [ 294.244176][T10455] bdev_open+0x31e/0xd30 [ 294.248971][T10455] blkdev_open+0x470/0x610 [ 294.253946][T10455] do_dentry_open+0x785/0x14e0 [ 294.259290][T10455] vfs_open+0x3b/0x340 [ 294.264007][T10455] path_openat+0x2e08/0x3860 [ 294.269148][T10455] do_file_open+0x23e/0x4a0 [ 294.274289][T10455] do_sys_openat2+0x113/0x200 [ 294.279535][T10455] __x64_sys_openat+0x138/0x170 [ 294.284952][T10455] do_syscall_64+0x14d/0xf80 [ 294.290104][T10455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.296634][T10455] [ 294.296634][T10455] -> #4 (&cmd->lock){+.+.}-{4:4}: [ 294.303887][T10455] __mutex_lock+0x19f/0x1300 [ 294.309078][T10455] nbd_queue_rq+0xc6/0x1100 [ 294.314245][T10455] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 294.320346][T10455] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 294.327231][T10455] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 294.333778][T10455] blk_mq_run_hw_queue+0x348/0x4f0 [ 294.339459][T10455] blk_mq_dispatch_list+0xd16/0xe10 [ 294.345234][T10455] blk_mq_flush_plug_list+0x48d/0x570 [ 294.351181][T10455] __blk_flush_plug+0x3ed/0x4d0 [ 294.356612][T10455] __submit_bio+0x28d/0x580 [ 294.361699][T10455] submit_bio_noacct_nocheck+0x2f4/0xa70 [ 294.367895][T10455] block_read_full_folio+0x599/0x830 [ 294.373749][T10455] filemap_read_folio+0x137/0x3b0 [ 294.379427][T10455] do_read_cache_folio+0x358/0x590 [ 294.385187][T10455] read_part_sector+0xb6/0x2b0 [ 294.390597][T10455] adfspart_check_ICS+0xa5/0xa40 [ 294.396091][T10455] bdev_disk_changed+0x7ba/0x1550 [ 294.401693][T10455] blkdev_get_whole+0x380/0x510 [ 294.407101][T10455] bdev_open+0x31e/0xd30 [ 294.412078][T10455] blkdev_open+0x470/0x610 [ 294.417091][T10455] do_dentry_open+0x785/0x14e0 [ 294.422429][T10455] vfs_open+0x3b/0x340 [ 294.427063][T10455] path_openat+0x2e08/0x3860 [ 294.432209][T10455] do_file_open+0x23e/0x4a0 [ 294.437270][T10455] do_sys_openat2+0x113/0x200 [ 294.442610][T10455] __x64_sys_openat+0x138/0x170 [ 294.448034][T10455] do_syscall_64+0x14d/0xf80 [ 294.453356][T10455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.459808][T10455] [ 294.459808][T10455] -> #3 (set->srcu){.+.+}-{0:0}: [ 294.466978][T10455] __synchronize_srcu+0xca/0x3e0 [ 294.472476][T10455] elevator_switch+0x1e8/0x7a0 [ 294.477895][T10455] elevator_change+0x2cc/0x450 [ 294.483234][T10455] elevator_set_default+0x36c/0x430 [ 294.489216][T10455] blk_register_queue+0x366/0x430 [ 294.494936][T10455] __add_disk+0x677/0xd50 [ 294.499830][T10455] add_disk_fwnode+0xfb/0x480 [ 294.505168][T10455] nbd_dev_add+0x72c/0xb50 [ 294.510272][T10455] nbd_init+0x168/0x1f0 [ 294.515010][T10455] do_one_initcall+0x250/0x8d0 [ 294.520361][T10455] do_initcall_level+0x104/0x190 [ 294.525882][T10455] do_initcalls+0x59/0xa0 [ 294.530786][T10455] kernel_init_freeable+0x2a6/0x3e0 [ 294.536559][T10455] kernel_init+0x1d/0x1d0 [ 294.541454][T10455] ret_from_fork+0x51e/0xb90 [ 294.546611][T10455] ret_from_fork_asm+0x1a/0x30 [ 294.551981][T10455] [ 294.551981][T10455] -> #2 (&q->elevator_lock){+.+.}-{4:4}: [ 294.559859][T10455] __mutex_lock+0x19f/0x1300 [ 294.565010][T10455] elevator_change+0x1b3/0x450 [ 294.570340][T10455] elevator_set_none+0xb5/0x140 [ 294.575753][T10455] blk_mq_update_nr_hw_queues+0x5e7/0x1a60 [ 294.582121][T10455] nbd_start_device+0x17f/0xb10 [ 294.587552][T10455] nbd_genl_connect+0x165b/0x1cf0 [ 294.593185][T10455] genl_family_rcv_msg_doit+0x22a/0x330 [ 294.599440][T10455] genl_rcv_msg+0x61c/0x7a0 [ 294.604502][T10455] netlink_rcv_skb+0x232/0x4b0 [ 294.609845][T10455] genl_rcv+0x28/0x40 [ 294.614379][T10455] netlink_unicast+0x80f/0x9b0 [ 294.619705][T10455] netlink_sendmsg+0x813/0xb40 [ 294.625059][T10455] ____sys_sendmsg+0x972/0x9f0 [ 294.630411][T10455] ___sys_sendmsg+0x2a5/0x360 [ 294.635656][T10455] __x64_sys_sendmsg+0x1bd/0x2a0 [ 294.641150][T10455] do_syscall_64+0x14d/0xf80 [ 294.646387][T10455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.652846][T10455] [ 294.652846][T10455] -> #1 (&q->q_usage_counter(io)#52){++++}-{0:0}: [ 294.661522][T10455] blk_alloc_queue+0x546/0x680 [ 294.666857][T10455] __blk_mq_alloc_disk+0x197/0x390 [ 294.672617][T10455] nbd_dev_add+0x499/0xb50 [ 294.677623][T10455] nbd_init+0x168/0x1f0 [ 294.682492][T10455] do_one_initcall+0x250/0x8d0 [ 294.688058][T10455] do_initcall_level+0x104/0x190 [ 294.693574][T10455] do_initcalls+0x59/0xa0 [ 294.698470][T10455] kernel_init_freeable+0x2a6/0x3e0 [ 294.704232][T10455] kernel_init+0x1d/0x1d0 [ 294.709125][T10455] ret_from_fork+0x51e/0xb90 [ 294.714278][T10455] ret_from_fork_asm+0x1a/0x30 [ 294.719604][T10455] [ 294.719604][T10455] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 294.726861][T10455] __lock_acquire+0x15a5/0x2cf0 [ 294.732281][T10455] lock_acquire+0xf0/0x2e0 [ 294.737267][T10455] fs_reclaim_acquire+0x71/0x100 [ 294.742773][T10455] kmem_cache_alloc_node_noprof+0x4a/0x690 [ 294.749155][T10455] __alloc_skb+0x1d0/0x7d0 [ 294.754146][T10455] alloc_uevent_skb+0x7d/0x230 [ 294.759481][T10455] kobject_uevent_net_broadcast+0x2fa/0x560 [ 294.765953][T10455] kobject_uevent_env+0x55c/0x9e0 [ 294.771546][T10455] rfkill_set_block+0x3a2/0x440 [ 294.776959][T10455] rfkill_fop_write+0x461/0x5a0 [ 294.782645][T10455] vfs_write+0x29a/0xb90 [ 294.787449][T10455] ksys_write+0x150/0x270 [ 294.792336][T10455] do_syscall_64+0x14d/0xf80 [ 294.797481][T10455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.803932][T10455] [ 294.803932][T10455] other info that might help us debug this: [ 294.803932][T10455] [ 294.814187][T10455] Chain exists of: [ 294.814187][T10455] fs_reclaim --> cpuhp_state-up --> uevent_sock_mutex [ 294.814187][T10455] [ 294.827031][T10455] Possible unsafe locking scenario: [ 294.827031][T10455] [ 294.834519][T10455] CPU0 CPU1 [ 294.840006][T10455] ---- ---- [ 294.845413][T10455] lock(uevent_sock_mutex); [ 294.850043][T10455] lock(cpuhp_state-up); [ 294.856928][T10455] lock(uevent_sock_mutex); [ 294.864072][T10455] lock(fs_reclaim); [ 294.868087][T10455] [ 294.868087][T10455] *** DEADLOCK *** [ 294.868087][T10455] [ 294.876254][T10455] 2 locks held by syz.2.1251/10455: [ 294.881480][T10455] #0: ffffffff8fee6528 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x19a/0x5a0 [ 294.891735][T10455] #1: ffffffff8ff81f08 (uevent_sock_mutex){+.+.}-{4:4}, at: kobject_uevent_net_broadcast+0x27e/0x560 [ 294.902773][T10455] [ 294.902773][T10455] stack backtrace: [ 294.908695][T10455] CPU: 1 UID: 0 PID: 10455 Comm: syz.2.1251 Not tainted syzkaller #0 PREEMPT(full) [ 294.908725][T10455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 294.908752][T10455] Call Trace: [ 294.908761][T10455] [ 294.908770][T10455] dump_stack_lvl+0xe8/0x150 [ 294.908807][T10455] print_circular_bug+0x2e1/0x300 [ 294.908844][T10455] check_noncircular+0x12e/0x150 [ 294.908883][T10455] __lock_acquire+0x15a5/0x2cf0 [ 294.908914][T10455] ? lockdep_unlock+0x5d/0xd0 [ 294.908938][T10455] ? __lock_acquire+0x146e/0x2cf0 [ 294.908977][T10455] lock_acquire+0xf0/0x2e0 [ 294.909012][T10455] ? kmem_cache_alloc_node_noprof+0x4a/0x690 [ 294.909043][T10455] fs_reclaim_acquire+0x71/0x100 [ 294.909068][T10455] ? kmem_cache_alloc_node_noprof+0x4a/0x690 [ 294.909092][T10455] kmem_cache_alloc_node_noprof+0x4a/0x690 [ 294.909116][T10455] ? __alloc_skb+0x1d0/0x7d0 [ 294.909148][T10455] ? __local_bh_enable_ip+0xd0/0x130 [ 294.909180][T10455] __alloc_skb+0x1d0/0x7d0 [ 294.909215][T10455] alloc_uevent_skb+0x7d/0x230 [ 294.909246][T10455] kobject_uevent_net_broadcast+0x2fa/0x560 [ 294.909278][T10455] kobject_uevent_env+0x55c/0x9e0 [ 294.909310][T10455] rfkill_set_block+0x3a2/0x440 [ 294.909344][T10455] rfkill_fop_write+0x461/0x5a0 [ 294.909378][T10455] ? apparmor_file_permission+0x1f4/0x300 [ 294.909402][T10455] ? __pfx_rfkill_fop_write+0x10/0x10 [ 294.909437][T10455] ? security_kernfs_init_security+0x220/0x270 [ 294.909463][T10455] ? rw_verify_area+0x255/0x4d0 [ 294.909486][T10455] ? __pfx_rfkill_fop_write+0x10/0x10 [ 294.909522][T10455] vfs_write+0x29a/0xb90 [ 294.909550][T10455] ? __pfx_vfs_write+0x10/0x10 [ 294.909574][T10455] ? __fget_files+0x2a/0x420 [ 294.909608][T10455] ? __fget_files+0x2a/0x420 [ 294.909640][T10455] ? __fget_files+0x3a0/0x420 [ 294.909672][T10455] ? __fget_files+0x2a/0x420 [ 294.909709][T10455] ksys_write+0x150/0x270 [ 294.909734][T10455] ? __pfx_ksys_write+0x10/0x10 [ 294.909763][T10455] do_syscall_64+0x14d/0xf80 [ 294.909784][T10455] ? trace_irq_disable+0x3b/0x150 [ 294.909818][T10455] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.909842][T10455] ? clear_bhb_loop+0x40/0x90 [ 294.909867][T10455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.909890][T10455] RIP: 0033:0x7f83cc39c799 [ 294.909911][T10455] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 294.909932][T10455] RSP: 002b:00007f83cd223028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 294.909957][T10455] RAX: ffffffffffffffda RBX: 00007f83cc616090 RCX: 00007f83cc39c799 [ 294.909974][T10455] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000004 [ 294.909989][T10455] RBP: 00007f83cc432c99 R08: 0000000000000000 R09: 0000000000000000 [ 294.910017][T10455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 294.910030][T10455] R13: 00007f83cc616128 R14: 00007f83cc616090 R15: 00007fff7f422c18 [ 294.910058][T10455] [ 295.280272][T10456] netlink: 60 bytes leftover after parsing attributes in process `syz.7.1249'. [ 295.376488][ T49] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 295.385838][ T49] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 295.399918][ T5915] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 295.516874][ T24] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 295.766232][ T24] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 296.616186][ T9882] hsr_slave_0: left promiscuous mode [ 296.631267][ T9882] hsr_slave_1: left promiscuous mode [ 296.641416][ T9882] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 296.663735][ T9882] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 296.688103][ T9882] veth1_macvtap: left promiscuous mode [ 296.699188][ T9882] veth1_vlan: left promiscuous mode [ 296.710114][ T9882] veth0_vlan: left promiscuous mode [ 296.873129][ T9882] pim6reg (unregistering): left allmulticast mode [ 297.092679][ T9882] team0 (unregistering): Port device team_slave_1 removed [ 297.122966][ T9882] team0 (unregistering): Port device team_slave_0 removed [ 297.662214][ T9882] IPVS: stop unused estimator thread 0... [ 299.306834][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!