last executing test programs: 2.662691798s ago: executing program 0 (id=1332): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001080), 0x4) sendmsg$kcm(r1, &(0x7f00000001c0)={&(0x7f0000000100)=@caif=@dgm={0x25, 0x4, 0x9}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000240)="cb4e88a8af3288", 0x7}, {&(0x7f0000000280)="1906eb", 0x3}], 0x2}, 0x4011) sendmsg$nl_generic(r0, &(0x7f0000000200)={&(0x7f0000000000), 0xc, &(0x7f00000001c0)={&(0x7f0000000040)={0x12c, 0x3b, 0x400, 0x70bd28, 0x25dfdbfb, {0x1b}, [@generic="60bd6d19ee268f691e5b8eb1c27e7d08ee9194f3dc631966308c557bb5c8a99e65ea109bb6f6", @typed={0xc, 0x18, 0x0, 0x0, @u64=0x3}, @generic="d4328d86dd1eef20e0167b436da967c548d00a01aa8e5e95e804ee7aca1b1703cb581ed63fed8228f8958f4254d0faef9cbc8513b5be3ba0b9c1ab3ba47ce2f84d1611bedcdcbbbaff9325c4857ed620ddc535310012a7c57d7158e48850c5bd3262bce1a7f537eb4bc57d33adf59f0f748cce4b3f1b411c1abf54e2f449677a416b4acf2fe882427cd59e710dafa95d979599fbc9cec83789884cb43923c7c1b20acdab350e6fa9d352bb5f366467a0a449a30ce04be02f94a1c734de769a23a78a33031900989e0410fcb252c7492421af479cbb9aa9e7a86dfdc9fd335bbaae27fbac9a46"]}, 0x12c}, 0x1, 0x0, 0x0, 0x4000}, 0x40804) unshare(0x20000400) mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FD_FRAMES(r2, 0x65, 0x5, &(0x7f0000000180)=0x1, 0x4) 2.534783168s ago: executing program 1 (id=1335): socket$inet6(0xa, 0x3, 0x8000000003c) r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r1, 0x11, 0x64, 0x0, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@link_local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0x8, 0x11, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, {[], {0xffff, 0xe22, 0x8}}}}}}, 0x0) 2.529670022s ago: executing program 0 (id=1336): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000f00)=@filter={'filter\x00', 0x42, 0x4, 0x350, 0xffffffff, 0x98, 0x98, 0x98, 0xffffffff, 0xffffffff, 0x2b8, 0x2b8, 0x2b8, 0xffffffff, 0x4, 0x0, {[{{@ip={@private=0x4, @remote, 0x0, 0x0, 'ip6gretap0\x00', 'wg2\x00'}, 0xa00, 0x70, 0x98, 0x0, {0x100000000000000}}, @REJECT={0x28}}, {{@uncond, 0x0, 0xd8, 0x138, 0x0, {0x0, 0x400000000000000}, [@common=@set={{0x40}, {{0x0, [0x1, 0x5, 0xe7a786dd83d11f72, 0x6, 0x700], 0x4}}}, @common=@ttl={{0x28}, {0x0, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 0x8, 0x3, [0x2c, 0x6, 0x9, 0x25, 0xc, 0xe, 0x0, 0x25, 0x3f, 0x0, 0x2e, 0x34, 0x32, 0xffff, 0x35, 0x1f], 0x0, 0x7, 0x7}}}, {{@ip={@broadcast, @remote, 0xff000000, 0xff, 'veth1\x00', 'bond_slave_0\x00', {0xff}, {}, 0x5e, 0x1, 0x25}, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x40000000, 0x0, 0x0, 0x1, 0x14}}, @common=@socket0={{0x20}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0xe}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b0) 2.328100822s ago: executing program 1 (id=1339): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x4044040) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0) socket$inet6(0xa, 0x1, 0x8010000000000084) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0xac, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r4, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_TXTIME_DELAY={0x8, 0xb, 0xe}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0xf1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x2]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x7}]}}]}, 0xac}}, 0x0) 2.316618695s ago: executing program 0 (id=1340): r0 = socket$inet_tcp(0x2, 0x1, 0x0) (async) unshare(0x6a040000) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 64) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) (rerun: 64) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32) r3 = socket(0x10, 0x803, 0x0) (rerun: 32) sendmsg$SMC_PNETID_GET(r3, 0x0, 0x0) getsockname$packet(r3, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="340000001000370410000000ffdbdf2500000000dda1809a47a99b415b0cd8e0acaf2baa04ade2272ab59b041ddb64873d08b39acce524298dd5e43318d66206ad85d6e3b128a2c3254a81bcd0e5c5ef37cab5c1cdb868e8201730", @ANYRES32=r4, @ANYBLOB="8345050001000000140012800b00010067656e657665000004000280"], 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x0) (async) socket$inet_tcp(0x2, 0x1, 0x0) r5 = socket$inet6_icmp(0xa, 0x2, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x3c1, 0x3, 0x2e0, 0x0, 0x168, 0x9, 0xd0, 0xb, 0x210, 0x250, 0x250, 0x210, 0x250, 0x3, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00', [], [], 'veth0_to_bridge\x00', 'sit0\x00', {}, {0xff}, 0x6c}, 0x6000000, 0xa8, 0xd0, 0x0, {0x0, 0x28e}}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0xc7, 0x3}, {0xffffffffffffffff, 0x4, 0x1}}}}, {{@uncond, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@inet=@set3={{0x50}, {{0x4, 0x1}, {0x7, 0xe}, {0x7, 0x8}, 0xfff}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@local, 'batadv0\x00', {0x4}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x340) (async) r6 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000940)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x30, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x2000}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x4}]}], {0x14}}, 0xb8}}, 0x200000d4) (async) sendmmsg$inet(r1, &(0x7f0000000640)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @empty}}}], 0x20}}], 0x1, 0x80) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) r8 = socket$inet(0x2, 0xa, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, &(0x7f0000000f40)=""/4084, 0x0, 0xff4, 0xa, 0x7ff, 0x0, @void, @value}, 0x28) (async) setsockopt$sock_int(r8, 0x1, 0x2c, &(0x7f0000000040)=0x3, 0x4) (async) setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x2c, &(0x7f0000000140)={0x0, 0x0}, 0x10) (async) r9 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="9feb01001800000000000000400000004000000002000000000000000000000904000000000000000000000105000000080000000000000000000003000000000200000002000000000000000000000000000003"], 0x0, 0x5a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) (async, rerun: 64) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c000000100003042abd7000fddbdf3a15ff7d33", @ANYRES32=0x0, @ANYBLOB="b4a5af8840000000140012800b00010062617461647600000400028008001f0003000000"], 0x3c}}, 0x0) (async, rerun: 64) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) (async, rerun: 32) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4) (async, rerun: 32) sendmmsg$inet(r0, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000300)="db", 0x1}], 0x1}}], 0x1, 0x4000000) 1.93800232s ago: executing program 4 (id=1345): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c0000006800010000000000fbdbdf25020000000000000006000700040000000c000880050004000100000008000600f200000008000500", @ANYRES32=r2], 0x3c}, 0x1, 0x0, 0x0, 0x4402}, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000003880)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-ssse3\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000000340)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000004c00)="35b78a259c3d306dedbc8d57d8c01078a4dd14fd58c260c512c386d87551f18513e8b66626c8ad409a8ab83313b561a46f857ff0f17f6e18f5f37fdc57fe91ae9be5e427bde7e705a5998fe6c7e81613c7750078aa39ca3950011baca521f3d9c9acf8e3bfbb0e5485f1bc4934f5ffd9ceef098f7ab6adae48f5a275c3d4c09f1ec3fddde01d2257b8e71ef4250198cf630763f021c0a9345d25adaead684f2b59664bad71b8d5ae00a0e83e9734ba65390dfadea91820fa32163f4e0aa80949755f0b337c6bfe47a71e0f7a8492f675381ab13b161f2169ea2cdceed60177b5", 0xe0}, {&(0x7f0000004d00)="2e8f01702f94fde65d9d351be63d69be781cfe819b9603e82489b6d996aef081a6bebc529e724ea6ab554b7e18cb1ba69474b3961c30efbeb8a09ee4f18d5d617507a03077e3f0121e347f63fa409968c94a5ae6d261fe17a4c123d2a5cbbf", 0x5f}, {&(0x7f00000002c0)="d4", 0x1}, {&(0x7f0000000380)="80", 0xf4240}], 0x4}}], 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x2, 0x6, 0x0, 0x3, 0x2, 0x0, 0x0, 0x25dfdbfc}, 0x10}}, 0x20000804) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000006a00831300000000000000000000000100000000080041ea00000000080005"], 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x40040c0) socket$nl_route(0x10, 0x3, 0x0) r6 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r6, 0x119, 0x1, &(0x7f0000000040)=0x8, 0x4) setsockopt$kcm_KCM_RECV_DISABLE(r6, 0x119, 0x1, &(0x7f0000000000), 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x4e20, @local}, 0x10) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r7, 0x27, 0xe, 0x0, &(0x7f0000000440)="f8ad48cc02cb29dcc8007f5b0800", 0x0, 0x1, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000740)='veth0_virt_wifi\x00', 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e22, @broadcast}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x80) recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0xfffffffd}, {{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000c80)=""/178, 0xb2}, {&(0x7f0000000b40)=""/261, 0x105}, {&(0x7f0000001b40)=""/4094, 0xffe}, {&(0x7f0000000a40)=""/229, 0xe5}], 0x4}}, {{0x0, 0x0, 0x0}, 0x7243}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000940)=""/238, 0xee}, {&(0x7f0000002e00)=""/4105, 0x1009}, {&(0x7f0000003e40)=""/4111, 0x100f}, {&(0x7f00000006c0)=""/103, 0x67}], 0x4}, 0x1452}, {{0x0, 0x0, 0x0}}], 0x8, 0x22, 0x0) 1.924640019s ago: executing program 1 (id=1346): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = gettid() sendmsg$unix(r0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r1, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES8], 0xa0}, 0x4004881) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_subtree(r4, &(0x7f0000000200), 0x2, 0x0) openat$cgroup_ro(r4, &(0x7f0000000040)='memory.swap.events\x00', 0x0, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c1) r5 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r5, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) syz_emit_ethernet(0x74, &(0x7f0000000000)=ANY=[@ANYBLOB="01ec00000000000000000000080045000024000000000073908e090000000000000100000000000000"], 0x0) 1.858864828s ago: executing program 2 (id=1347): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000940)=@delchain={0x2c, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r4}, [@TCA_CHAIN={0x8, 0xb, 0x688}]}, 0x2c}}, 0x0) 1.610677203s ago: executing program 4 (id=1348): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x1a3, 0x655c, 0x4, 0x40, 0x7fffffff, 0x7fffffff, 0x80, 0xffffffff, 0x1}}}}]}, 0x58}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0x8, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x4080}, 0x4000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.435564361s ago: executing program 1 (id=1351): r0 = socket$inet6(0xa, 0x3, 0x1) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x560, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x490, 0xffffffff, 0xffffffff, 0x490, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'vxcan1\x00', {0x8}}}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xfd}}, [], [0x0, 0xffffffff], 'pim6reg\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x3a0, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_virt_wifi\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x5}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'bridge_slave_0\x00', {0x53}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x5c0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x38, 0x10, 0x503, 0x0, 0xfffffffc, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD0={0x8}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x4000) 1.362812388s ago: executing program 2 (id=1352): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='nv\x00', 0x42) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x3, 0x1}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) listen(0xffffffffffffffff, 0x0) shutdown(r0, 0x2) 1.35373789s ago: executing program 4 (id=1354): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=0x0, @ANYRES32=r4], 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x164, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_EXPR={0x40, 0x11, 0x0, 0x1, @objref={{0xb}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_OBJREF_SET_ID={0x8}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x12}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0xd0, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x58, 0x2, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffff7f}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFTA_SET_DESC_CONCAT={0x74, 0x2, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80000000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8c}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x40}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffefc5}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8}]}]}]}, @NFTA_SET_EXPR={0xc, 0x11, 0x0, 0x1, @cmp={{0x8}, @void}}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x1a8}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000500)=""/64}, 0x20) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.267480747s ago: executing program 3 (id=1355): r0 = socket(0x10, 0x80002, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0xfffffffffffffe47, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x40d, 0x70bd25, 0x25ffdbfc, {0x0, 0x0, 0x0, 0x0, 0x10}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_HELLO_TIME={0x8, 0x2, 0x6}, @IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x84}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0) 1.166732704s ago: executing program 4 (id=1356): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, 0x0, 0x0) close(r0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) ioctl$IMGETCOUNT(0xffffffffffffffff, 0x80044944, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000180)={'vxcan1\x00', 0x0}) bind$can_raw(r2, &(0x7f0000000200)={0x1d, r4}, 0x10) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r4, {0x1, 0x6}, {0xffff}, {0x1}}}, 0x24}}, 0x0) 1.077996759s ago: executing program 0 (id=1357): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000"], 0x48) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x3, 0x0, @remote, 0x5}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x952b, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) 1.072047382s ago: executing program 2 (id=1358): r0 = socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0xc4, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xe, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0x98, 0x2, [@TCA_U32_SEL={0x94, 0x5, {0x7, 0xef, 0x8, 0x8, 0x5, 0x9, 0x7, 0x0, [{0x1000, 0x4, 0x401, 0x6}, {0x8, 0x7, 0x1009, 0x5}, {0xfffffff9, 0x43, 0x7ffd, 0x5}, {0x7fde, 0x40, 0x51, 0x3ff}, {0x5, 0xb, 0x1, 0x42}, {0x6, 0x4, 0x8, 0x8}, {0x8001, 0x0, 0x0, 0x8001}, {0x1, 0x1800000, 0xa525}]}}]}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x80}, 0x40) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0xffff, 0xffff}}}, 0x24}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) 954.754925ms ago: executing program 4 (id=1359): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r0, &(0x7f0000001140)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001c40)="0349", 0x2}], 0x1}}], 0x1, 0xc010) recvmmsg(r0, &(0x7f00000061c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/139, 0x8b}], 0x1}, 0xfe}], 0x1, 0x141, 0x0) 933.230047ms ago: executing program 3 (id=1360): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) shutdown(r0, 0x0) 924.839794ms ago: executing program 0 (id=1361): sendmsg(0xffffffffffffffff, 0x0, 0x0) unshare(0x6a040000) mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x2, 0x8031, 0xffffffffffffffff, 0xcb2e7000) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000140)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @remote}, {0x2, 0x0, @private}, 0xd0}) 818.682062ms ago: executing program 3 (id=1362): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000002fc0)=[{{&(0x7f0000000340)={0xa, 0x4e23, 0xfffffff9, @private2={0xfc, 0x2, '\x00', 0x1}, 0x9}, 0x1c, &(0x7f00000004c0)=[{&(0x7f00000005c0)="05", 0x1}], 0x1}}], 0x1, 0x24000045) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e21, 0xfffffff9, @empty, 0x40}}, 0x9, 0x4000}, 0x90) 818.341615ms ago: executing program 1 (id=1363): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r6], 0x54}}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000001000250800170000000000000a000000", @ANYRES32=r9, @ANYBLOB="0174dfdb0ddad4"], 0x20}}, 0x0) r10 = socket(0x1, 0x803, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=@newlink={0x50, 0x10, 0xf11, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x104, 0x780}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x20, 0xa0}}}}}}, @IFLA_MASTER={0x8, 0xa, r11}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 818.108159ms ago: executing program 2 (id=1364): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'hsr0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="680000001000030500000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000000008000004800128008000100687372003c000280060005000180000008000100", @ANYRES32=r1], 0x68}}, 0x0) 759.366895ms ago: executing program 3 (id=1365): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x8) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r3, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r4, @ANYBLOB="00001000252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001cc0)=ANY=[@ANYBLOB="3c0000001000030500000000fcffffff00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001400128009000100626f6e64000000000400028008000a00", @ANYRES32=r4], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x60, &(0x7f0000000300)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES32=r5], 0x5c}}, 0x40) 663.352805ms ago: executing program 2 (id=1366): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x8c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xfff8, 0xf}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x12, [0xc, 0x6, 0xd, 0x2, 0x4, 0xf, 0xe, 0x7, 0x4, 0xc, 0xf, 0x2, 0x6, 0x1d, 0x7, 0x10], 0x1, [0x1, 0x9, 0x7, 0x7fff, 0xc2, 0x4, 0x3, 0x7, 0xf, 0x7, 0x7ff, 0x40, 0xfff, 0x8, 0x7, 0x10], [0x101, 0x7, 0x2, 0x5, 0x0, 0xc, 0x3e2d, 0x5, 0x2, 0xb, 0x32, 0x4, 0x7, 0xfffc, 0xc, 0x38]}}]}}]}, 0x8c}}, 0x4000000) 310.665433ms ago: executing program 3 (id=1367): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x2a, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0xf0b, 0x70bd25, 0x100000, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0x1}]}}]}, 0x38}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) 302.358004ms ago: executing program 1 (id=1368): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x3, 0xc06a2f6, 0x1, 0x7}, 0x6, 0x0, 0xa, 0x4, 0x6, 0x8, 0x18, 0x9, 0x3, 0x4, {0x0, 0x2, 0x9, 0x800, 0x8704, 0x27000000}}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001340)=@newtfilter={0x34, 0x2c, 0xd2b, 0x800, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x9}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}}, 0x24044094) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) 220.010955ms ago: executing program 3 (id=1369): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, 0x0) socket(0xb, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r4, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$NL80211_CMD_GET_WIPHY(r1, 0x0, 0x4080885) openat$ppp(0xffffffffffffff9c, 0x0, 0x101042, 0x0) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) 201.326428ms ago: executing program 2 (id=1370): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x4}, @IFLA_BOND_USE_CARRIER={0x5}]}}}]}, 0x44}}, 0x0) 242.593µs ago: executing program 0 (id=1371): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000000000", @ANYRES32=r3, @ANYBLOB="01180200031100002c0012800e00010069703665727370616e0000001800028008001500a8bc0d00040012"], 0x4c}}, 0x0) sendto$packet(r0, &(0x7f0000000480)="7eeb99b6f78ca44054798fa8d0e976dfd68e031dff61cd6165767af43f76c7cf0c2d662375a228d0a1c3960340ab33ed785d3deb2bada606e91576", 0x3b, 0x85, &(0x7f0000000140)={0x11, 0x86dd, r3, 0x1, 0x6, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}}, 0x14) 0s ago: executing program 4 (id=1372): close(0xffffffffffffffff) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0xfffffffc) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x20, r3, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}]}, 0x20}}, 0x0) kernel console output (not intermixed with test programs): ate_parse: 1 callbacks suppressed [ 89.986278][ T6354] netlink: 40 bytes leftover after parsing attributes in process `syz.1.133'. [ 90.009525][ T6342] CPU: 0 UID: 0 PID: 6342 Comm: syz.4.129 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 90.009548][ T6342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 90.009557][ T6342] Call Trace: [ 90.009564][ T6342] [ 90.009571][ T6342] dump_stack_lvl+0x189/0x250 [ 90.009602][ T6342] ? __pfx____ratelimit+0x10/0x10 [ 90.009627][ T6342] ? __pfx_dump_stack_lvl+0x10/0x10 [ 90.009651][ T6342] ? __pfx__printk+0x10/0x10 [ 90.009686][ T6342] ? __pfx___might_resched+0x10/0x10 [ 90.009709][ T6342] ? fs_reclaim_acquire+0x7d/0x100 [ 90.009733][ T6342] should_fail_ex+0x414/0x560 [ 90.009756][ T6342] should_failslab+0xa8/0x100 [ 90.009773][ T6342] __kmalloc_cache_noprof+0x70/0x3d0 [ 90.009787][ T6342] ? mall_change+0x312/0x8f0 [ 90.009806][ T6342] mall_change+0x312/0x8f0 [ 90.009827][ T6342] ? __pfx_mall_change+0x10/0x10 [ 90.009855][ T6342] tc_new_tfilter+0xdc7/0x15b0 [ 90.009895][ T6342] ? __pfx_tc_new_tfilter+0x10/0x10 [ 90.009940][ T6342] ? __pfx_tc_new_tfilter+0x10/0x10 [ 90.009957][ T6342] rtnetlink_rcv_msg+0x7cf/0xb70 [ 90.009977][ T6342] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 90.009992][ T6342] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 90.010007][ T6342] ? ref_tracker_free+0x63a/0x7d0 [ 90.010027][ T6342] ? __copy_skb_header+0xa7/0x550 [ 90.010051][ T6342] ? __pfx_ref_tracker_free+0x10/0x10 [ 90.010071][ T6342] ? __skb_clone+0x63/0x7a0 [ 90.010096][ T6342] netlink_rcv_skb+0x205/0x470 [ 90.010115][ T6342] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 90.010133][ T6342] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 90.010160][ T6342] ? netlink_deliver_tap+0x2e/0x1b0 [ 90.010177][ T6342] ? netlink_deliver_tap+0x2e/0x1b0 [ 90.010198][ T6342] netlink_unicast+0x758/0x8d0 [ 90.010223][ T6342] netlink_sendmsg+0x805/0xb30 [ 90.010248][ T6342] ? __pfx_netlink_sendmsg+0x10/0x10 [ 90.010268][ T6342] ? aa_sock_msg_perm+0x94/0x160 [ 90.010289][ T6342] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 90.010310][ T6342] ? __pfx_netlink_sendmsg+0x10/0x10 [ 90.010328][ T6342] __sock_sendmsg+0x219/0x270 [ 90.010346][ T6342] ____sys_sendmsg+0x505/0x830 [ 90.010374][ T6342] ? __pfx_____sys_sendmsg+0x10/0x10 [ 90.010402][ T6342] ? import_iovec+0x74/0xa0 [ 90.010420][ T6342] ___sys_sendmsg+0x21f/0x2a0 [ 90.010444][ T6342] ? __pfx____sys_sendmsg+0x10/0x10 [ 90.010490][ T6342] ? __fget_files+0x2a/0x420 [ 90.010507][ T6342] ? __fget_files+0x3a0/0x420 [ 90.010531][ T6342] __x64_sys_sendmsg+0x19b/0x260 [ 90.010556][ T6342] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 90.010588][ T6342] ? __pfx_ksys_write+0x10/0x10 [ 90.010602][ T6342] ? rcu_is_watching+0x15/0xb0 [ 90.010632][ T6342] ? do_syscall_64+0xbe/0x3b0 [ 90.010653][ T6342] do_syscall_64+0xfa/0x3b0 [ 90.010679][ T6342] ? lockdep_hardirqs_on+0x9c/0x150 [ 90.010700][ T6342] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.010715][ T6342] ? clear_bhb_loop+0x60/0xb0 [ 90.010732][ T6342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.010745][ T6342] RIP: 0033:0x7fc63fd8e929 [ 90.010760][ T6342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.010771][ T6342] RSP: 002b:00007fc640b21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 90.010786][ T6342] RAX: ffffffffffffffda RBX: 00007fc63ffb5fa0 RCX: 00007fc63fd8e929 [ 90.010796][ T6342] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000008 [ 90.010804][ T6342] RBP: 00007fc640b21090 R08: 0000000000000000 R09: 0000000000000000 [ 90.010812][ T6342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 90.010820][ T6342] R13: 0000000000000000 R14: 00007fc63ffb5fa0 R15: 00007ffdd0aa8668 [ 90.010842][ T6342] [ 90.011519][ T6355] netlink: 'syz.3.132': attribute type 12 has an invalid length. [ 90.394283][ T6364] Bluetooth: MGMT ver 1.23 [ 90.596635][ T6368] netlink: 8 bytes leftover after parsing attributes in process `syz.1.133'. [ 90.654433][ T6354] team0: entered promiscuous mode [ 90.730372][ T6354] team_slave_0: entered promiscuous mode [ 90.842156][ T6354] team_slave_1: entered promiscuous mode [ 90.860811][ T6354] team0: entered allmulticast mode [ 90.899542][ T6354] team_slave_0: entered allmulticast mode [ 90.959965][ T6354] team_slave_1: entered allmulticast mode [ 91.057214][ T6354] bridge0: port 3(team0) entered blocking state [ 91.067229][ T6354] bridge0: port 3(team0) entered disabled state [ 91.107119][ T6354] bridge0: port 3(team0) entered blocking state [ 91.113758][ T6354] bridge0: port 3(team0) entered forwarding state [ 91.156724][ T6378] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 91.198791][ T6375] gre1: entered promiscuous mode [ 91.214766][ T6378] netlink: 12 bytes leftover after parsing attributes in process `syz.2.139'. [ 91.470003][ T6386] netlink: 'syz.2.142': attribute type 10 has an invalid length. [ 91.546497][ T6380] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 91.590348][ T6380] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.645049][ T6386] team0: Port device geneve1 added [ 91.694343][ T6380] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 91.735858][ T6380] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.951257][ T6380] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 91.967445][ T6380] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.005911][ T5844] Bluetooth: hci4: command 0x0405 tx timeout [ 92.162818][ T6380] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 92.196908][ T6380] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.367370][ T3493] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.388500][ T3493] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.427846][ T6323] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.459407][ T6323] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.501831][ T6423] netlink: 16 bytes leftover after parsing attributes in process `syz.2.155'. [ 92.538959][ T6323] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.550849][ T6323] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.608413][ T3493] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.628170][ T3493] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.958619][ T6432] netlink: 'syz.1.160': attribute type 4 has an invalid length. [ 92.972952][ T6444] netlink: 'syz.0.163': attribute type 2 has an invalid length. [ 92.984624][ T6432] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.160'. [ 93.073263][ T6448] netlink: 'syz.0.165': attribute type 29 has an invalid length. [ 93.097312][ T6448] netlink: 'syz.0.165': attribute type 29 has an invalid length. [ 93.112439][ T6448] netlink: 500 bytes leftover after parsing attributes in process `syz.0.165'. [ 93.343146][ T6457] team_slave_0: entered promiscuous mode [ 93.349258][ T6457] team_slave_1: entered promiscuous mode [ 93.361915][ T6457] vlan2: entered promiscuous mode [ 93.367832][ T6457] team0: entered promiscuous mode [ 93.766139][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 94.082552][ T6487] vlan2: entered promiscuous mode [ 94.090511][ T6487] bridge0: entered promiscuous mode [ 94.114140][ T6491] netlink: 8 bytes leftover after parsing attributes in process `syz.3.183'. [ 94.634924][ T6498] tipc: Started in network mode [ 94.640538][ T6498] tipc: Node identity 9a7bffb7a9e5, cluster identity 4711 [ 94.658680][ T6498] tipc: Enabled bearer , priority 0 [ 94.736118][ T6498] FAULT_INJECTION: forcing a failure. [ 94.736118][ T6498] name failslab, interval 1, probability 0, space 0, times 0 [ 94.738341][ T6502] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 94.782100][ T6498] CPU: 1 UID: 0 PID: 6498 Comm: syz.4.186 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 94.782124][ T6498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 94.782146][ T6498] Call Trace: [ 94.782153][ T6498] [ 94.782161][ T6498] dump_stack_lvl+0x189/0x250 [ 94.782192][ T6498] ? __pfx____ratelimit+0x10/0x10 [ 94.782218][ T6498] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.782242][ T6498] ? __pfx__printk+0x10/0x10 [ 94.782263][ T6498] ? __pfx___might_resched+0x10/0x10 [ 94.782287][ T6498] ? fs_reclaim_acquire+0x7d/0x100 [ 94.782311][ T6498] should_fail_ex+0x414/0x560 [ 94.782337][ T6498] should_failslab+0xa8/0x100 [ 94.782355][ T6498] __kmalloc_cache_noprof+0x70/0x3d0 [ 94.782371][ T6498] ? tcf_exts_init_ex+0x110/0x750 [ 94.782394][ T6498] tcf_exts_init_ex+0x110/0x750 [ 94.782420][ T6498] mall_change+0x338/0x8f0 [ 94.782447][ T6498] ? __pfx_mall_change+0x10/0x10 [ 94.782479][ T6498] tc_new_tfilter+0xdc7/0x15b0 [ 94.782526][ T6498] ? __pfx_tc_new_tfilter+0x10/0x10 [ 94.782582][ T6498] ? __pfx_tc_new_tfilter+0x10/0x10 [ 94.782603][ T6498] rtnetlink_rcv_msg+0x7cf/0xb70 [ 94.782626][ T6498] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 94.782645][ T6498] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 94.782661][ T6498] ? ref_tracker_free+0x63a/0x7d0 [ 94.782681][ T6498] ? __copy_skb_header+0xa7/0x550 [ 94.782706][ T6498] ? __pfx_ref_tracker_free+0x10/0x10 [ 94.782727][ T6498] ? __skb_clone+0x63/0x7a0 [ 94.782755][ T6498] netlink_rcv_skb+0x205/0x470 [ 94.782776][ T6498] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 94.782796][ T6498] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 94.782827][ T6498] ? netlink_deliver_tap+0x2e/0x1b0 [ 94.782845][ T6498] ? netlink_deliver_tap+0x2e/0x1b0 [ 94.782869][ T6498] netlink_unicast+0x758/0x8d0 [ 94.782904][ T6498] netlink_sendmsg+0x805/0xb30 [ 94.782932][ T6498] ? __pfx_netlink_sendmsg+0x10/0x10 [ 94.782954][ T6498] ? aa_sock_msg_perm+0x94/0x160 [ 94.782978][ T6498] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 94.782996][ T6498] ? __pfx_netlink_sendmsg+0x10/0x10 [ 94.783015][ T6498] __sock_sendmsg+0x219/0x270 [ 94.783035][ T6498] ____sys_sendmsg+0x505/0x830 [ 94.783062][ T6498] ? __pfx_____sys_sendmsg+0x10/0x10 [ 94.783093][ T6498] ? import_iovec+0x74/0xa0 [ 94.783112][ T6498] ___sys_sendmsg+0x21f/0x2a0 [ 94.783142][ T6498] ? __pfx____sys_sendmsg+0x10/0x10 [ 94.783195][ T6498] ? __fget_files+0x2a/0x420 [ 94.783211][ T6498] ? __fget_files+0x3a0/0x420 [ 94.783239][ T6498] __x64_sys_sendmsg+0x19b/0x260 [ 94.783262][ T6498] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 94.783294][ T6498] ? __pfx_ksys_write+0x10/0x10 [ 94.783308][ T6498] ? rcu_is_watching+0x15/0xb0 [ 94.783337][ T6498] ? do_syscall_64+0xbe/0x3b0 [ 94.783358][ T6498] do_syscall_64+0xfa/0x3b0 [ 94.783372][ T6498] ? lockdep_hardirqs_on+0x9c/0x150 [ 94.783395][ T6498] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.783410][ T6498] ? clear_bhb_loop+0x60/0xb0 [ 94.783431][ T6498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.783447][ T6498] RIP: 0033:0x7fc63fd8e929 [ 94.783463][ T6498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.783475][ T6498] RSP: 002b:00007fc640b21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 94.783491][ T6498] RAX: ffffffffffffffda RBX: 00007fc63ffb5fa0 RCX: 00007fc63fd8e929 [ 94.783503][ T6498] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000008 [ 94.783513][ T6498] RBP: 00007fc640b21090 R08: 0000000000000000 R09: 0000000000000000 [ 94.783522][ T6498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 94.783532][ T6498] R13: 0000000000000000 R14: 00007fc63ffb5fa0 R15: 00007ffdd0aa8668 [ 94.783559][ T6498] [ 94.792106][ T6502] x_tables: duplicate underflow at hook 3 [ 95.177478][ T6497] tipc: Disabling bearer [ 95.196840][ T6504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.188'. [ 95.342783][ T6517] netlink: 4 bytes leftover after parsing attributes in process `syz.4.191'. [ 95.363888][ T6517] batadv0: entered promiscuous mode [ 95.370238][ T6517] macsec1: entered allmulticast mode [ 95.379255][ T6517] batadv0: entered allmulticast mode [ 95.389880][ T6517] batadv0: left allmulticast mode [ 95.395965][ T6517] batadv0: left promiscuous mode [ 95.401724][ T6522] netlink: 32 bytes leftover after parsing attributes in process `syz.4.191'. [ 95.583644][ T6528] netlink: 36 bytes leftover after parsing attributes in process `syz.0.196'. [ 96.899779][ T6558] netlink: 'syz.2.207': attribute type 2 has an invalid length. [ 96.909480][ T6558] netlink: 224 bytes leftover after parsing attributes in process `syz.2.207'. [ 96.909705][ T6561] netlink: 'syz.0.208': attribute type 1 has an invalid length. [ 97.007248][ T6563] FAULT_INJECTION: forcing a failure. [ 97.007248][ T6563] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 97.027129][ T6563] CPU: 0 UID: 0 PID: 6563 Comm: syz.1.210 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 97.027166][ T6563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 97.027176][ T6563] Call Trace: [ 97.027183][ T6563] [ 97.027191][ T6563] dump_stack_lvl+0x189/0x250 [ 97.027222][ T6563] ? __pfx____ratelimit+0x10/0x10 [ 97.027247][ T6563] ? __pfx_dump_stack_lvl+0x10/0x10 [ 97.027272][ T6563] ? __pfx__printk+0x10/0x10 [ 97.027292][ T6563] ? fs_reclaim_acquire+0x7d/0x100 [ 97.027321][ T6563] should_fail_ex+0x414/0x560 [ 97.027347][ T6563] prepare_alloc_pages+0x213/0x610 [ 97.027375][ T6563] __alloc_frozen_pages_noprof+0x123/0x370 [ 97.027400][ T6563] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 97.027440][ T6563] alloc_pages_bulk_noprof+0x560/0x710 [ 97.027467][ T6563] ? alloc_pages_noprof+0xbe/0x190 [ 97.027490][ T6563] kasan_populate_vmalloc+0xba/0x1a0 [ 97.027519][ T6563] alloc_vmap_area+0xd51/0x1490 [ 97.027564][ T6563] ? __pfx_alloc_vmap_area+0x10/0x10 [ 97.027581][ T6563] ? __kasan_kmalloc+0x93/0xb0 [ 97.027598][ T6563] ? __kmalloc_cache_node_noprof+0x234/0x3d0 [ 97.027616][ T6563] ? __get_vm_area_node+0x13f/0x300 [ 97.027637][ T6563] ? xdp_umem_create+0x708/0x8e0 [ 97.027662][ T6563] __get_vm_area_node+0x1f8/0x300 [ 97.027682][ T6563] ? xdp_umem_create+0x708/0x8e0 [ 97.027706][ T6563] vmap+0x162/0x310 [ 97.027722][ T6563] ? xdp_umem_create+0x708/0x8e0 [ 97.027751][ T6563] xdp_umem_create+0x708/0x8e0 [ 97.027786][ T6563] xsk_setsockopt+0x62a/0x710 [ 97.027812][ T6563] ? __pfx_xsk_setsockopt+0x10/0x10 [ 97.027837][ T6563] ? __lock_acquire+0xab9/0xd20 [ 97.027864][ T6563] ? aa_sock_opt_perm+0x74/0x110 [ 97.027887][ T6563] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 97.027906][ T6563] ? __pfx_xsk_setsockopt+0x10/0x10 [ 97.027924][ T6563] do_sock_setsockopt+0x257/0x3e0 [ 97.027946][ T6563] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 97.027973][ T6563] ? __fget_files+0x2a/0x420 [ 97.028000][ T6563] __x64_sys_setsockopt+0x18b/0x220 [ 97.028028][ T6563] do_syscall_64+0xfa/0x3b0 [ 97.028044][ T6563] ? lockdep_hardirqs_on+0x9c/0x150 [ 97.028068][ T6563] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.028085][ T6563] ? clear_bhb_loop+0x60/0xb0 [ 97.028105][ T6563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.028122][ T6563] RIP: 0033:0x7fb5d6f8e929 [ 97.028138][ T6563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.028158][ T6563] RSP: 002b:00007fb5d7e5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 97.028176][ T6563] RAX: ffffffffffffffda RBX: 00007fb5d71b5fa0 RCX: 00007fb5d6f8e929 [ 97.028189][ T6563] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000003 [ 97.028199][ T6563] RBP: 00007fb5d7e5c090 R08: 0000000000000020 R09: 0000000000000000 [ 97.028210][ T6563] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000002 [ 97.028220][ T6563] R13: 0000000000000000 R14: 00007fb5d71b5fa0 R15: 00007fff6db8d6c8 [ 97.028248][ T6563] [ 97.848622][ T6573] netlink: 68 bytes leftover after parsing attributes in process `syz.3.212'. [ 97.986245][ T6578] netlink: 'syz.2.215': attribute type 2 has an invalid length. [ 98.743670][ T6604] batadv1: entered allmulticast mode [ 98.767257][ T6604] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 98.804811][ T6607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.225'. [ 98.865389][ T6611] netlink: 8 bytes leftover after parsing attributes in process `syz.1.227'. [ 98.985951][ T6614] netlink: 'syz.0.226': attribute type 1 has an invalid length. [ 99.077984][ T6619] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 99.093103][ T6619] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 99.117309][ T6619] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 99.619315][ T6640] FAULT_INJECTION: forcing a failure. [ 99.619315][ T6640] name failslab, interval 1, probability 0, space 0, times 0 [ 99.637662][ T6640] CPU: 1 UID: 0 PID: 6640 Comm: syz.1.236 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 99.637688][ T6640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 99.637697][ T6640] Call Trace: [ 99.637705][ T6640] [ 99.637713][ T6640] dump_stack_lvl+0x189/0x250 [ 99.637741][ T6640] ? __pfx____ratelimit+0x10/0x10 [ 99.637764][ T6640] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.637787][ T6640] ? __pfx__printk+0x10/0x10 [ 99.637809][ T6640] ? __pfx___might_resched+0x10/0x10 [ 99.637830][ T6640] ? fs_reclaim_acquire+0x7d/0x100 [ 99.637853][ T6640] should_fail_ex+0x414/0x560 [ 99.637877][ T6640] should_failslab+0xa8/0x100 [ 99.637895][ T6640] __kmalloc_cache_noprof+0x70/0x3d0 [ 99.637911][ T6640] ? tcf_ife_init+0x206/0xd60 [ 99.637935][ T6640] tcf_ife_init+0x206/0xd60 [ 99.637963][ T6640] ? __pfx_tcf_ife_init+0x10/0x10 [ 99.637998][ T6640] ? nla_memcpy+0x5b/0xc0 [ 99.638028][ T6640] tcf_action_init_1+0x463/0x6d0 [ 99.638050][ T6640] ? __pfx_tcf_action_init_1+0x10/0x10 [ 99.638065][ T6640] ? _raw_read_unlock+0x28/0x50 [ 99.638084][ T6640] ? tc_action_load_ops+0x214/0x4e0 [ 99.638114][ T6640] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 99.638135][ T6640] ? __nla_parse+0x40/0x60 [ 99.638159][ T6640] tcf_action_init+0x2cf/0xab0 [ 99.638185][ T6640] ? __pfx_tcf_action_init+0x10/0x10 [ 99.638229][ T6640] ? __pfx___nla_validate_parse+0x10/0x10 [ 99.638286][ T6640] tc_ctl_action+0x430/0xbd0 [ 99.638312][ T6640] ? __pfx_tc_ctl_action+0x10/0x10 [ 99.638335][ T6640] ? rcu_is_watching+0x15/0xb0 [ 99.638399][ T6640] ? __pfx_tc_ctl_action+0x10/0x10 [ 99.638414][ T6640] rtnetlink_rcv_msg+0x779/0xb70 [ 99.638436][ T6640] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 99.638452][ T6640] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 99.638468][ T6640] ? ref_tracker_free+0x63a/0x7d0 [ 99.638486][ T6640] ? __copy_skb_header+0xa7/0x550 [ 99.638510][ T6640] ? __pfx_ref_tracker_free+0x10/0x10 [ 99.638529][ T6640] ? __skb_clone+0x63/0x7a0 [ 99.638561][ T6640] netlink_rcv_skb+0x205/0x470 [ 99.638582][ T6640] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 99.638601][ T6640] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 99.638639][ T6640] ? netlink_deliver_tap+0x2e/0x1b0 [ 99.638656][ T6640] ? netlink_deliver_tap+0x2e/0x1b0 [ 99.638679][ T6640] netlink_unicast+0x758/0x8d0 [ 99.638706][ T6640] netlink_sendmsg+0x805/0xb30 [ 99.638733][ T6640] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.638754][ T6640] ? aa_sock_msg_perm+0x94/0x160 [ 99.638775][ T6640] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 99.638792][ T6640] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.638809][ T6640] __sock_sendmsg+0x219/0x270 [ 99.638829][ T6640] ____sys_sendmsg+0x505/0x830 [ 99.638856][ T6640] ? __pfx_____sys_sendmsg+0x10/0x10 [ 99.638886][ T6640] ? import_iovec+0x74/0xa0 [ 99.638906][ T6640] ___sys_sendmsg+0x21f/0x2a0 [ 99.638929][ T6640] ? __pfx____sys_sendmsg+0x10/0x10 [ 99.638983][ T6640] ? __fget_files+0x2a/0x420 [ 99.638997][ T6640] ? __fget_files+0x3a0/0x420 [ 99.639023][ T6640] __x64_sys_sendmsg+0x19b/0x260 [ 99.639045][ T6640] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 99.639076][ T6640] ? __pfx_ksys_write+0x10/0x10 [ 99.639088][ T6640] ? rcu_is_watching+0x15/0xb0 [ 99.639115][ T6640] ? do_syscall_64+0xbe/0x3b0 [ 99.639134][ T6640] do_syscall_64+0xfa/0x3b0 [ 99.639148][ T6640] ? lockdep_hardirqs_on+0x9c/0x150 [ 99.639169][ T6640] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.639185][ T6640] ? clear_bhb_loop+0x60/0xb0 [ 99.639204][ T6640] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.639219][ T6640] RIP: 0033:0x7fb5d6f8e929 [ 99.639234][ T6640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.639246][ T6640] RSP: 002b:00007fb5d7e5c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 99.639263][ T6640] RAX: ffffffffffffffda RBX: 00007fb5d71b5fa0 RCX: 00007fb5d6f8e929 [ 99.639274][ T6640] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 99.639283][ T6640] RBP: 00007fb5d7e5c090 R08: 0000000000000000 R09: 0000000000000000 [ 99.639291][ T6640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 99.639299][ T6640] R13: 0000000000000000 R14: 00007fb5d71b5fa0 R15: 00007fff6db8d6c8 [ 99.639324][ T6640] [ 100.282480][ T6645] netlink: 'syz.0.238': attribute type 1 has an invalid length. [ 100.290299][ T6645] netlink: 'syz.0.238': attribute type 2 has an invalid length. [ 100.377893][ T6648] team0: Port device vxlan0 added [ 100.752128][ T6667] vlan3: entered promiscuous mode [ 100.792277][ T6667] vlan2: entered promiscuous mode [ 100.801910][ T6667] gretap0: entered promiscuous mode [ 100.951626][ T6677] netlink: 100 bytes leftover after parsing attributes in process `syz.0.248'. [ 101.249885][ T6685] netlink: 44 bytes leftover after parsing attributes in process `syz.2.253'. [ 101.323353][ T6694] xt_hashlimit: size too large, truncated to 1048576 [ 101.501708][ T6700] FAULT_INJECTION: forcing a failure. [ 101.501708][ T6700] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 101.544831][ T6700] CPU: 0 UID: 0 PID: 6700 Comm: syz.1.257 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 101.544858][ T6700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 101.544868][ T6700] Call Trace: [ 101.544876][ T6700] [ 101.544885][ T6700] dump_stack_lvl+0x189/0x250 [ 101.544915][ T6700] ? __pfx____ratelimit+0x10/0x10 [ 101.544940][ T6700] ? __pfx_dump_stack_lvl+0x10/0x10 [ 101.544965][ T6700] ? __pfx__printk+0x10/0x10 [ 101.544986][ T6700] ? fs_reclaim_acquire+0x7d/0x100 [ 101.545016][ T6700] should_fail_ex+0x414/0x560 [ 101.545043][ T6700] prepare_alloc_pages+0x213/0x610 [ 101.545071][ T6700] __alloc_frozen_pages_noprof+0x123/0x370 [ 101.545097][ T6700] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 101.545133][ T6700] alloc_pages_bulk_noprof+0x560/0x710 [ 101.545162][ T6700] ? alloc_pages_noprof+0xbe/0x190 [ 101.545185][ T6700] kasan_populate_vmalloc+0xba/0x1a0 [ 101.545215][ T6700] alloc_vmap_area+0xd51/0x1490 [ 101.545249][ T6700] ? __pfx_alloc_vmap_area+0x10/0x10 [ 101.545267][ T6700] ? __kasan_kmalloc+0x93/0xb0 [ 101.545284][ T6700] ? __kmalloc_cache_node_noprof+0x234/0x3d0 [ 101.545302][ T6700] ? __get_vm_area_node+0x13f/0x300 [ 101.545319][ T6700] ? xdp_umem_create+0x708/0x8e0 [ 101.545344][ T6700] __get_vm_area_node+0x1f8/0x300 [ 101.545364][ T6700] ? xdp_umem_create+0x708/0x8e0 [ 101.545389][ T6700] vmap+0x162/0x310 [ 101.545480][ T6700] ? xdp_umem_create+0x708/0x8e0 [ 101.545509][ T6700] xdp_umem_create+0x708/0x8e0 [ 101.545545][ T6700] xsk_setsockopt+0x62a/0x710 [ 101.545571][ T6700] ? __pfx_xsk_setsockopt+0x10/0x10 [ 101.545592][ T6700] ? __lock_acquire+0xab9/0xd20 [ 101.545620][ T6700] ? aa_sock_opt_perm+0x74/0x110 [ 101.545644][ T6700] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 101.545715][ T6700] ? __pfx_xsk_setsockopt+0x10/0x10 [ 101.545750][ T6700] do_sock_setsockopt+0x257/0x3e0 [ 101.545775][ T6700] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 101.545798][ T6700] ? __fget_files+0x2a/0x420 [ 101.545823][ T6700] __x64_sys_setsockopt+0x18b/0x220 [ 101.545848][ T6700] do_syscall_64+0xfa/0x3b0 [ 101.545863][ T6700] ? lockdep_hardirqs_on+0x9c/0x150 [ 101.545885][ T6700] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.545903][ T6700] ? clear_bhb_loop+0x60/0xb0 [ 101.545924][ T6700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.545941][ T6700] RIP: 0033:0x7fb5d6f8e929 [ 101.545958][ T6700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.545972][ T6700] RSP: 002b:00007fb5d7e5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 101.545992][ T6700] RAX: ffffffffffffffda RBX: 00007fb5d71b5fa0 RCX: 00007fb5d6f8e929 [ 101.546005][ T6700] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000003 [ 101.546016][ T6700] RBP: 00007fb5d7e5c090 R08: 0000000000000020 R09: 0000000000000000 [ 101.546027][ T6700] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000002 [ 101.546038][ T6700] R13: 0000000000000000 R14: 00007fb5d71b5fa0 R15: 00007fff6db8d6c8 [ 101.546068][ T6700] [ 102.272192][ T6711] Bluetooth: MGMT ver 1.23 [ 102.341340][ T6713] netlink: 'syz.2.263': attribute type 30 has an invalid length. [ 102.809589][ T6733] netlink: 12 bytes leftover after parsing attributes in process `syz.3.270'. [ 102.897820][ T6738] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 102.934558][ T6738] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.069338][ T6738] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 103.113217][ T6738] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.323254][ T6738] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 103.341781][ T6738] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.489213][ T6738] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 103.544578][ T6738] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.843065][ T3493] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 103.879006][ T3493] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.911481][ T5206] udevd[5206]: worker [5885] terminated by signal 33 (Unknown signal 33) [ 103.939228][ T5206] udevd[5206]: worker [5885] failed while handling '/devices/virtual/block/loop3' [ 104.082810][ T6767] syzkaller0: entered promiscuous mode [ 104.093507][ T6767] syzkaller0: entered allmulticast mode [ 104.102324][ T3493] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 104.116342][ T3493] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.200264][ T6323] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 104.209497][ T6323] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.219004][ T70] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 104.228099][ T70] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.315290][ T6784] FAULT_INJECTION: forcing a failure. [ 104.315290][ T6784] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 104.344511][ T6784] CPU: 0 UID: 0 PID: 6784 Comm: syz.3.290 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 104.344541][ T6784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 104.344551][ T6784] Call Trace: [ 104.344559][ T6784] [ 104.344567][ T6784] dump_stack_lvl+0x189/0x250 [ 104.344597][ T6784] ? __pfx____ratelimit+0x10/0x10 [ 104.344622][ T6784] ? __pfx_dump_stack_lvl+0x10/0x10 [ 104.344645][ T6784] ? __pfx__printk+0x10/0x10 [ 104.344664][ T6784] ? __might_fault+0xb0/0x130 [ 104.344691][ T6784] should_fail_ex+0x414/0x560 [ 104.344717][ T6784] _copy_from_iter+0x1db/0x16f0 [ 104.344750][ T6784] ? policy_nodemask+0x27c/0x720 [ 104.344766][ T6784] ? __pfx__copy_from_iter+0x10/0x10 [ 104.344795][ T6784] ? set_page_refcounted+0xa0/0x1e0 [ 104.344812][ T6784] ? page_copy_sane+0x4e/0x280 [ 104.344836][ T6784] copy_page_from_iter+0xdd/0x170 [ 104.344863][ T6784] tun_get_user+0x1c4d/0x3ce0 [ 104.344882][ T6784] ? tun_get_user+0x693/0x3ce0 [ 104.344911][ T6784] ? aa_file_perm+0x11f/0xed0 [ 104.344933][ T6784] ? __pfx_tun_get_user+0x10/0x10 [ 104.344946][ T6784] ? aa_file_perm+0x11f/0xed0 [ 104.344965][ T6784] ? aa_file_perm+0x3e7/0xed0 [ 104.344997][ T6784] ? ref_tracker_alloc+0x318/0x460 [ 104.345018][ T6784] ? __lock_acquire+0xab9/0xd20 [ 104.345040][ T6784] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 104.345065][ T6784] ? tun_get+0x1c/0x2f0 [ 104.345084][ T6784] ? tun_get+0x1c/0x2f0 [ 104.345097][ T6784] ? tun_get+0x1c/0x2f0 [ 104.345115][ T6784] tun_chr_write_iter+0x113/0x200 [ 104.345150][ T6784] vfs_write+0x548/0xa90 [ 104.345178][ T6784] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 104.345201][ T6784] ? __pfx_vfs_write+0x10/0x10 [ 104.345233][ T6784] ? __fget_files+0x2a/0x420 [ 104.345258][ T6784] ksys_write+0x145/0x250 [ 104.345275][ T6784] ? __pfx_ksys_write+0x10/0x10 [ 104.345294][ T6784] ? do_syscall_64+0xbe/0x3b0 [ 104.345314][ T6784] do_syscall_64+0xfa/0x3b0 [ 104.345328][ T6784] ? lockdep_hardirqs_on+0x9c/0x150 [ 104.345351][ T6784] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.345367][ T6784] ? clear_bhb_loop+0x60/0xb0 [ 104.345385][ T6784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.345401][ T6784] RIP: 0033:0x7f54ecb8d3df [ 104.345416][ T6784] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 104.345429][ T6784] RSP: 002b:00007f54ed96a000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 104.345447][ T6784] RAX: ffffffffffffffda RBX: 00007f54ecdb6080 RCX: 00007f54ecb8d3df [ 104.345458][ T6784] RDX: 0000000000000074 RSI: 0000200000000000 RDI: 00000000000000c8 [ 104.345468][ T6784] RBP: 00007f54ed96a090 R08: 0000000000000000 R09: 0000000000000000 [ 104.345477][ T6784] R10: 0000000000000074 R11: 0000000000000293 R12: 0000000000000001 [ 104.345487][ T6784] R13: 0000000000000000 R14: 00007f54ecdb6080 R15: 00007ffc407b4fa8 [ 104.345512][ T6784] [ 105.861030][ T6780] tipc: Started in network mode [ 105.866530][ T6780] tipc: Node identity 9ea099a65b17, cluster identity 4711 [ 105.874072][ T6780] tipc: Enabled bearer , priority 0 [ 105.916301][ T6779] tipc: Disabling bearer [ 106.132250][ T6810] FAULT_INJECTION: forcing a failure. [ 106.132250][ T6810] name failslab, interval 1, probability 0, space 0, times 0 [ 106.164037][ T6810] CPU: 0 UID: 0 PID: 6810 Comm: syz.4.300 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 106.164062][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 106.164072][ T6810] Call Trace: [ 106.164079][ T6810] [ 106.164087][ T6810] dump_stack_lvl+0x189/0x250 [ 106.164117][ T6810] ? __pfx____ratelimit+0x10/0x10 [ 106.164142][ T6810] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.164165][ T6810] ? __pfx__printk+0x10/0x10 [ 106.164190][ T6810] ? __pfx___might_resched+0x10/0x10 [ 106.164213][ T6810] ? fs_reclaim_acquire+0x7d/0x100 [ 106.164238][ T6810] should_fail_ex+0x414/0x560 [ 106.164263][ T6810] should_failslab+0xa8/0x100 [ 106.164284][ T6810] __kmalloc_cache_noprof+0x70/0x3d0 [ 106.164301][ T6810] ? nf_tables_newtable+0x435/0x1890 [ 106.164328][ T6810] nf_tables_newtable+0x435/0x1890 [ 106.164348][ T6810] ? __pfx_nfnl_pernet+0x2/0x10 [ 106.164391][ T6810] nfnetlink_rcv+0x1132/0x2520 [ 106.164447][ T6810] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 106.164489][ T6810] ? ref_tracker_free+0x63a/0x7d0 [ 106.164541][ T6810] ? __netlink_deliver_tap+0x807/0x850 [ 106.164571][ T6810] ? netlink_deliver_tap+0x2e/0x1b0 [ 106.164590][ T6810] ? netlink_deliver_tap+0x2e/0x1b0 [ 106.164614][ T6810] netlink_unicast+0x758/0x8d0 [ 106.164644][ T6810] netlink_sendmsg+0x805/0xb30 [ 106.164675][ T6810] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.164698][ T6810] ? aa_sock_msg_perm+0x94/0x160 [ 106.164721][ T6810] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 106.164742][ T6810] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.164763][ T6810] __sock_sendmsg+0x219/0x270 [ 106.164785][ T6810] ____sys_sendmsg+0x505/0x830 [ 106.164813][ T6810] ? __pfx_____sys_sendmsg+0x10/0x10 [ 106.164846][ T6810] ? import_iovec+0x74/0xa0 [ 106.164866][ T6810] ___sys_sendmsg+0x21f/0x2a0 [ 106.164892][ T6810] ? __pfx____sys_sendmsg+0x10/0x10 [ 106.164957][ T6810] ? __fget_files+0x2a/0x420 [ 106.164974][ T6810] ? __fget_files+0x3a0/0x420 [ 106.165003][ T6810] __x64_sys_sendmsg+0x19b/0x260 [ 106.165029][ T6810] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 106.165062][ T6810] ? __pfx_ksys_write+0x10/0x10 [ 106.165076][ T6810] ? rcu_is_watching+0x15/0xb0 [ 106.165106][ T6810] ? do_syscall_64+0xbe/0x3b0 [ 106.165128][ T6810] do_syscall_64+0xfa/0x3b0 [ 106.165143][ T6810] ? lockdep_hardirqs_on+0x9c/0x150 [ 106.165165][ T6810] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.165182][ T6810] ? clear_bhb_loop+0x60/0xb0 [ 106.165203][ T6810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.165219][ T6810] RIP: 0033:0x7fc63fd8e929 [ 106.165235][ T6810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.165249][ T6810] RSP: 002b:00007fc640b21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 106.165268][ T6810] RAX: ffffffffffffffda RBX: 00007fc63ffb5fa0 RCX: 00007fc63fd8e929 [ 106.165280][ T6810] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 106.165291][ T6810] RBP: 00007fc640b21090 R08: 0000000000000000 R09: 0000000000000000 [ 106.165301][ T6810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.165311][ T6810] R13: 0000000000000000 R14: 00007fc63ffb5fa0 R15: 00007ffdd0aa8668 [ 106.165339][ T6810] [ 106.559462][ T6808] xt_CT: No such helper "syz1" [ 106.625277][ T6824] netlink: 'syz.4.304': attribute type 23 has an invalid length. [ 106.768581][ T6828] FAULT_INJECTION: forcing a failure. [ 106.768581][ T6828] name failslab, interval 1, probability 0, space 0, times 0 [ 106.783236][ T6828] CPU: 0 UID: 0 PID: 6828 Comm: syz.4.310 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 106.783261][ T6828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 106.783272][ T6828] Call Trace: [ 106.783279][ T6828] [ 106.783286][ T6828] dump_stack_lvl+0x189/0x250 [ 106.783317][ T6828] ? __pfx____ratelimit+0x10/0x10 [ 106.783343][ T6828] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.783367][ T6828] ? __pfx__printk+0x10/0x10 [ 106.783389][ T6828] ? __pfx___might_resched+0x10/0x10 [ 106.783413][ T6828] ? fs_reclaim_acquire+0x7d/0x100 [ 106.783436][ T6828] should_fail_ex+0x414/0x560 [ 106.783461][ T6828] should_failslab+0xa8/0x100 [ 106.783481][ T6828] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 106.783499][ T6828] ? ife_alloc_meta_u16+0x24/0x70 [ 106.783525][ T6828] kmemdup_noprof+0x2b/0x70 [ 106.783547][ T6828] ife_alloc_meta_u16+0x24/0x70 [ 106.783568][ T6828] __add_metainfo+0xf8/0x330 [ 106.783594][ T6828] populate_metalist+0x15f/0x220 [ 106.783622][ T6828] tcf_ife_init+0x8eb/0xd60 [ 106.783650][ T6828] ? __pfx_tcf_ife_init+0x10/0x10 [ 106.783681][ T6828] ? nla_memcpy+0x5b/0xc0 [ 106.783706][ T6828] tcf_action_init_1+0x463/0x6d0 [ 106.783725][ T6828] ? __pfx_tcf_action_init_1+0x10/0x10 [ 106.783738][ T6828] ? _raw_read_unlock+0x28/0x50 [ 106.783757][ T6828] ? tc_action_load_ops+0x214/0x4e0 [ 106.783782][ T6828] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 106.783801][ T6828] ? __nla_parse+0x40/0x60 [ 106.783822][ T6828] tcf_action_init+0x2cf/0xab0 [ 106.783844][ T6828] ? __pfx_tcf_action_init+0x10/0x10 [ 106.783887][ T6828] ? __pfx___nla_validate_parse+0x10/0x10 [ 106.783937][ T6828] tc_ctl_action+0x430/0xbd0 [ 106.783958][ T6828] ? __pfx_tc_ctl_action+0x10/0x10 [ 106.783978][ T6828] ? rcu_is_watching+0x15/0xb0 [ 106.784033][ T6828] ? __pfx_tc_ctl_action+0x10/0x10 [ 106.784046][ T6828] rtnetlink_rcv_msg+0x779/0xb70 [ 106.784065][ T6828] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 106.784080][ T6828] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 106.784094][ T6828] ? ref_tracker_free+0x63a/0x7d0 [ 106.784110][ T6828] ? __copy_skb_header+0xa7/0x550 [ 106.784132][ T6828] ? __pfx_ref_tracker_free+0x10/0x10 [ 106.784149][ T6828] ? __skb_clone+0x63/0x7a0 [ 106.784174][ T6828] netlink_rcv_skb+0x205/0x470 [ 106.784192][ T6828] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 106.784209][ T6828] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 106.784235][ T6828] ? netlink_deliver_tap+0x2e/0x1b0 [ 106.784250][ T6828] ? netlink_deliver_tap+0x2e/0x1b0 [ 106.784270][ T6828] netlink_unicast+0x758/0x8d0 [ 106.784294][ T6828] netlink_sendmsg+0x805/0xb30 [ 106.784318][ T6828] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.784337][ T6828] ? aa_sock_msg_perm+0x94/0x160 [ 106.784356][ T6828] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 106.784372][ T6828] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.784389][ T6828] __sock_sendmsg+0x219/0x270 [ 106.784406][ T6828] ____sys_sendmsg+0x505/0x830 [ 106.784429][ T6828] ? __pfx_____sys_sendmsg+0x10/0x10 [ 106.784455][ T6828] ? import_iovec+0x74/0xa0 [ 106.784471][ T6828] ___sys_sendmsg+0x21f/0x2a0 [ 106.784491][ T6828] ? __pfx____sys_sendmsg+0x10/0x10 [ 106.784543][ T6828] ? __fget_files+0x2a/0x420 [ 106.784558][ T6828] ? __fget_files+0x3a0/0x420 [ 106.784581][ T6828] __x64_sys_sendmsg+0x19b/0x260 [ 106.784602][ T6828] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 106.784629][ T6828] ? __pfx_ksys_write+0x10/0x10 [ 106.784640][ T6828] ? rcu_is_watching+0x15/0xb0 [ 106.784663][ T6828] ? do_syscall_64+0xbe/0x3b0 [ 106.784680][ T6828] do_syscall_64+0xfa/0x3b0 [ 106.784691][ T6828] ? lockdep_hardirqs_on+0x9c/0x150 [ 106.784710][ T6828] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.784724][ T6828] ? clear_bhb_loop+0x60/0xb0 [ 106.784741][ T6828] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.784753][ T6828] RIP: 0033:0x7fc63fd8e929 [ 106.784767][ T6828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.784778][ T6828] RSP: 002b:00007fc640b21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 106.784793][ T6828] RAX: ffffffffffffffda RBX: 00007fc63ffb5fa0 RCX: 00007fc63fd8e929 [ 106.784803][ T6828] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 106.784812][ T6828] RBP: 00007fc640b21090 R08: 0000000000000000 R09: 0000000000000000 [ 106.784820][ T6828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.784828][ T6828] R13: 0000000000000000 R14: 00007fc63ffb5fa0 R15: 00007ffdd0aa8668 [ 106.784850][ T6828] [ 107.567304][ T6852] netlink: 'syz.1.313': attribute type 10 has an invalid length. [ 107.614128][ T6856] netlink: 216 bytes leftover after parsing attributes in process `syz.3.317'. [ 107.630610][ T6852] team0: Device dummy0 is up. Set it down before adding it as a team port [ 107.689325][ T6862] vxlan0: entered promiscuous mode [ 107.699544][ T6862] vxlan0: entered allmulticast mode [ 107.725113][ T3460] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 107.754389][ T3460] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 107.779102][ T3460] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 107.807362][ T3460] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 107.852224][ T6866] netlink: 'syz.4.321': attribute type 16 has an invalid length. [ 107.860253][ T6866] netlink: 'syz.4.321': attribute type 17 has an invalid length. [ 107.886703][ T6871] netlink: 20 bytes leftover after parsing attributes in process `syz.1.322'. [ 107.905491][ T6872] IPv6: NLM_F_REPLACE set, but no existing node found! [ 107.926064][ T6871] netlink: 8 bytes leftover after parsing attributes in process `syz.1.322'. [ 108.179430][ T6866] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.187681][ T6866] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.367126][ T6866] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 108.382182][ T6866] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 108.536207][ T6879] netlink: 'syz.2.324': attribute type 1 has an invalid length. [ 108.566233][ T6879] netlink: 'syz.2.324': attribute type 2 has an invalid length. [ 108.619599][ T1001] netdevsim netdevsim4 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 108.656015][ T1001] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.692835][ T1001] netdevsim netdevsim4 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 108.722648][ T1001] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.751831][ T1001] netdevsim netdevsim4 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 108.760628][ T1001] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.782951][ T1001] netdevsim netdevsim4 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 108.828392][ T1001] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.878465][ T6905] team_slave_0: entered promiscuous mode [ 108.884905][ T6905] geneve1: entered promiscuous mode [ 108.890385][ T6905] vxlan0: entered promiscuous mode [ 108.926300][ T6905] vlan2: entered promiscuous mode [ 108.941171][ T6905] team0: entered promiscuous mode [ 108.961090][ T6905] team_slave_1: entered promiscuous mode [ 109.045448][ T6913] netlink: 'syz.1.332': attribute type 2 has an invalid length. [ 109.087546][ T6916] bridge1: left allmulticast mode [ 109.092996][ T6916] gre1: left promiscuous mode [ 109.526168][ T10] IPVS: starting estimator thread 0... [ 109.628687][ T6942] IPVS: using max 33 ests per chain, 79200 per kthread [ 110.316509][ T6989] netlink: 4 bytes leftover after parsing attributes in process `syz.2.360'. [ 110.362176][ T6991] vxlan0: entered promiscuous mode [ 110.370690][ T6991] team0: Port device vxlan0 added [ 110.388661][ T6989] batadv0: entered promiscuous mode [ 110.394049][ T6989] macsec1: entered allmulticast mode [ 110.404465][ T6989] batadv0: entered allmulticast mode [ 110.419601][ T6989] batadv0: left allmulticast mode [ 110.426793][ T6989] batadv0: left promiscuous mode [ 110.455105][ T6323] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.468242][ T6323] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.481297][ T6993] netlink: 44 bytes leftover after parsing attributes in process `syz.3.362'. [ 110.508628][ T6323] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.522025][ T6323] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.806178][ T7010] netlink: 16 bytes leftover after parsing attributes in process `syz.2.368'. [ 110.900964][ T7007] xt_CT: No such helper "snmp" [ 111.022336][ T7022] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.046250][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 111.152003][ T7022] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.246314][ T7022] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.294206][ T7032] netlink: 20 bytes leftover after parsing attributes in process `syz.0.374'. [ 111.338363][ T7022] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.357726][ T7035] No such timeout policy "syz1" [ 111.531009][ T3460] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.546501][ T3460] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.575946][ T6330] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.591525][ T7040] FAULT_INJECTION: forcing a failure. [ 111.591525][ T7040] name failslab, interval 1, probability 0, space 0, times 0 [ 111.608715][ T3460] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.621368][ T7040] CPU: 0 UID: 0 PID: 7040 Comm: syz.4.377 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 111.621395][ T7040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.621405][ T7040] Call Trace: [ 111.621412][ T7040] [ 111.621419][ T7040] dump_stack_lvl+0x189/0x250 [ 111.621447][ T7040] ? __pfx____ratelimit+0x10/0x10 [ 111.621470][ T7040] ? __pfx_dump_stack_lvl+0x10/0x10 [ 111.621493][ T7040] ? __pfx__printk+0x10/0x10 [ 111.621515][ T7040] ? __pfx___might_resched+0x10/0x10 [ 111.621537][ T7040] ? fs_reclaim_acquire+0x7d/0x100 [ 111.621560][ T7040] should_fail_ex+0x414/0x560 [ 111.621585][ T7040] ? nf_hook_entries_grow+0x27c/0x710 [ 111.621603][ T7040] should_failslab+0xa8/0x100 [ 111.621621][ T7040] __kvmalloc_node_noprof+0x161/0x5f0 [ 111.621639][ T7040] ? nf_hook_entries_grow+0x27c/0x710 [ 111.621672][ T7040] nf_hook_entries_grow+0x27c/0x710 [ 111.621707][ T7040] __nf_register_net_hook+0x2c9/0x930 [ 111.621734][ T7040] nf_register_net_hook+0xf9/0x190 [ 111.621756][ T7040] nf_tables_newchain+0x2469/0x2900 [ 111.621792][ T7040] ? __pfx_nf_tables_newchain+0x10/0x10 [ 111.621847][ T7040] ? nfnl_pernet+0x23/0x240 [ 111.621882][ T7040] ? __nla_parse+0x40/0x60 [ 111.621910][ T7040] nfnetlink_rcv+0x1132/0x2520 [ 111.621965][ T7040] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 111.622002][ T7040] ? __lock_acquire+0xab9/0xd20 [ 111.622069][ T7040] ? netlink_deliver_tap+0x2e/0x1b0 [ 111.622090][ T7040] ? netlink_deliver_tap+0x2e/0x1b0 [ 111.622115][ T7040] netlink_unicast+0x758/0x8d0 [ 111.622144][ T7040] netlink_sendmsg+0x805/0xb30 [ 111.622180][ T7040] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.622202][ T7040] ? aa_sock_msg_perm+0x94/0x160 [ 111.622226][ T7040] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 111.622247][ T7040] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.622267][ T7040] __sock_sendmsg+0x219/0x270 [ 111.622289][ T7040] ____sys_sendmsg+0x505/0x830 [ 111.622319][ T7040] ? __pfx_____sys_sendmsg+0x10/0x10 [ 111.622352][ T7040] ? import_iovec+0x74/0xa0 [ 111.622373][ T7040] ___sys_sendmsg+0x21f/0x2a0 [ 111.622398][ T7040] ? __pfx____sys_sendmsg+0x10/0x10 [ 111.622457][ T7040] ? __fget_files+0x2a/0x420 [ 111.622475][ T7040] ? __fget_files+0x3a0/0x420 [ 111.622504][ T7040] __x64_sys_sendmsg+0x19b/0x260 [ 111.622530][ T7040] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 111.622563][ T7040] ? __pfx_ksys_write+0x10/0x10 [ 111.622576][ T7040] ? rcu_is_watching+0x15/0xb0 [ 111.622604][ T7040] ? do_syscall_64+0xbe/0x3b0 [ 111.622625][ T7040] do_syscall_64+0xfa/0x3b0 [ 111.622639][ T7040] ? lockdep_hardirqs_on+0x9c/0x150 [ 111.622669][ T7040] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.622685][ T7040] ? clear_bhb_loop+0x60/0xb0 [ 111.622705][ T7040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.622721][ T7040] RIP: 0033:0x7fc63fd8e929 [ 111.622736][ T7040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.622749][ T7040] RSP: 002b:00007fc640b21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 111.622767][ T7040] RAX: ffffffffffffffda RBX: 00007fc63ffb5fa0 RCX: 00007fc63fd8e929 [ 111.622779][ T7040] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 111.622789][ T7040] RBP: 00007fc640b21090 R08: 0000000000000000 R09: 0000000000000000 [ 111.622799][ T7040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 111.622809][ T7040] R13: 0000000000000000 R14: 00007fc63ffb5fa0 R15: 00007ffdd0aa8668 [ 111.622835][ T7040] [ 112.231238][ T7053] xt_CT: No such helper "syz1" [ 112.240590][ T7051] netlink: 8 bytes leftover after parsing attributes in process `syz.0.381'. [ 112.729446][ T7084] netlink: 8 bytes leftover after parsing attributes in process `syz.1.389'. [ 112.771686][ T7088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.390'. [ 112.832303][ T7088] batadv0: entered promiscuous mode [ 112.851911][ T7088] macsec1: entered allmulticast mode [ 112.858232][ T7088] batadv0: entered allmulticast mode [ 112.881016][ T7088] batadv0: left allmulticast mode [ 112.893691][ T7088] batadv0: left promiscuous mode [ 112.940416][ T7094] FAULT_INJECTION: forcing a failure. [ 112.940416][ T7094] name failslab, interval 1, probability 0, space 0, times 0 [ 112.969600][ T7094] CPU: 0 UID: 0 PID: 7094 Comm: syz.0.392 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 112.969626][ T7094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.969636][ T7094] Call Trace: [ 112.969643][ T7094] [ 112.969651][ T7094] dump_stack_lvl+0x189/0x250 [ 112.969679][ T7094] ? __pfx____ratelimit+0x10/0x10 [ 112.969705][ T7094] ? __pfx_dump_stack_lvl+0x10/0x10 [ 112.969729][ T7094] ? __pfx__printk+0x10/0x10 [ 112.969754][ T7094] ? __pfx___might_resched+0x10/0x10 [ 112.969783][ T7094] should_fail_ex+0x414/0x560 [ 112.969809][ T7094] should_failslab+0xa8/0x100 [ 112.969829][ T7094] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 112.969846][ T7094] ? __alloc_skb+0x112/0x2d0 [ 112.969870][ T7094] __alloc_skb+0x112/0x2d0 [ 112.969893][ T7094] tc_ctl_action+0x809/0xbd0 [ 112.969916][ T7094] ? __pfx_tc_ctl_action+0x10/0x10 [ 112.969929][ T7094] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 112.969955][ T7094] ? rcu_is_watching+0x15/0xb0 [ 112.970020][ T7094] ? __pfx_tc_ctl_action+0x10/0x10 [ 112.970036][ T7094] rtnetlink_rcv_msg+0x779/0xb70 [ 112.970059][ T7094] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 112.970077][ T7094] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 112.970093][ T7094] ? ref_tracker_free+0x63a/0x7d0 [ 112.970110][ T7094] ? __copy_skb_header+0xa7/0x550 [ 112.970133][ T7094] ? __pfx_ref_tracker_free+0x10/0x10 [ 112.970152][ T7094] ? __skb_clone+0x63/0x7a0 [ 112.970183][ T7094] netlink_rcv_skb+0x205/0x470 [ 112.970204][ T7094] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 112.970224][ T7094] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 112.970255][ T7094] ? netlink_deliver_tap+0x2e/0x1b0 [ 112.970274][ T7094] ? netlink_deliver_tap+0x2e/0x1b0 [ 112.970300][ T7094] netlink_unicast+0x758/0x8d0 [ 112.970330][ T7094] netlink_sendmsg+0x805/0xb30 [ 112.970356][ T7094] ? __pfx_netlink_sendmsg+0x10/0x10 [ 112.970379][ T7094] ? aa_sock_msg_perm+0x94/0x160 [ 112.970403][ T7094] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 112.970424][ T7094] ? __pfx_netlink_sendmsg+0x10/0x10 [ 112.970445][ T7094] __sock_sendmsg+0x219/0x270 [ 112.970475][ T7094] ____sys_sendmsg+0x505/0x830 [ 112.970505][ T7094] ? __pfx_____sys_sendmsg+0x10/0x10 [ 112.970537][ T7094] ? import_iovec+0x74/0xa0 [ 112.970557][ T7094] ___sys_sendmsg+0x21f/0x2a0 [ 112.970582][ T7094] ? __pfx____sys_sendmsg+0x10/0x10 [ 112.970647][ T7094] ? __fget_files+0x2a/0x420 [ 112.970664][ T7094] ? __fget_files+0x3a0/0x420 [ 112.970694][ T7094] __x64_sys_sendmsg+0x19b/0x260 [ 112.970720][ T7094] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 112.970753][ T7094] ? __pfx_ksys_write+0x10/0x10 [ 112.970767][ T7094] ? rcu_is_watching+0x15/0xb0 [ 112.970796][ T7094] ? do_syscall_64+0xbe/0x3b0 [ 112.970818][ T7094] do_syscall_64+0xfa/0x3b0 [ 112.970833][ T7094] ? lockdep_hardirqs_on+0x9c/0x150 [ 112.970855][ T7094] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.970871][ T7094] ? clear_bhb_loop+0x60/0xb0 [ 112.970891][ T7094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.970907][ T7094] RIP: 0033:0x7f3f53d8e929 [ 112.970922][ T7094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.970935][ T7094] RSP: 002b:00007f3f51bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 112.970954][ T7094] RAX: ffffffffffffffda RBX: 00007f3f53fb5fa0 RCX: 00007f3f53d8e929 [ 112.970966][ T7094] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 112.970976][ T7094] RBP: 00007f3f51bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 112.970987][ T7094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 112.970996][ T7094] R13: 0000000000000000 R14: 00007f3f53fb5fa0 R15: 00007fff78a0d3f8 [ 112.971024][ T7094] [ 113.478409][ T7097] netlink: 100 bytes leftover after parsing attributes in process `syz.3.393'. [ 113.516386][ T7106] bond0: entered promiscuous mode [ 113.615956][ T7106] bond_slave_0: entered promiscuous mode [ 113.676162][ T7106] bond_slave_1: entered promiscuous mode [ 113.736901][ T7106] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 113.821898][ T7106] bond0: left promiscuous mode [ 113.829477][ T7106] bond_slave_0: left promiscuous mode [ 113.860196][ T7106] bond_slave_1: left promiscuous mode [ 113.947888][ T7125] macvlan1: entered promiscuous mode [ 113.954471][ T7125] macvlan1: entered allmulticast mode [ 113.971025][ T7125] veth1_vlan: entered allmulticast mode [ 114.110040][ T7139] netlink: 8 bytes leftover after parsing attributes in process `syz.0.402'. [ 114.279876][ T7155] netlink: 20 bytes leftover after parsing attributes in process `syz.3.409'. [ 114.384773][ T7161] netlink: 'syz.1.410': attribute type 1 has an invalid length. [ 114.423295][ T7161] netlink: 204 bytes leftover after parsing attributes in process `syz.1.410'. [ 114.981032][ T7183] tipc: Enabled bearer , priority 0 [ 115.047251][ T7182] tipc: Disabling bearer [ 115.193839][ T7197] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 115.247147][ T7202] netlink: 'syz.1.427': attribute type 6 has an invalid length. [ 115.260545][ T7202] netlink: 'syz.1.427': attribute type 6 has an invalid length. [ 115.382131][ T7211] netlink: 48 bytes leftover after parsing attributes in process `syz.2.430'. [ 115.392656][ T7211] netlink: 245 bytes leftover after parsing attributes in process `syz.2.430'. [ 115.983048][ T7240] netlink: 'syz.0.441': attribute type 23 has an invalid length. [ 116.067173][ T7228] lo speed is unknown, defaulting to 1000 [ 116.127430][ T7228] lo speed is unknown, defaulting to 1000 [ 116.150818][ T7228] lo speed is unknown, defaulting to 1000 [ 116.202774][ T7228] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 116.241118][ T7246] netlink: 'syz.4.443': attribute type 178 has an invalid length. [ 116.255018][ T7228] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 116.317742][ T7248] netlink: 4 bytes leftover after parsing attributes in process `syz.1.445'. [ 116.365130][ T7248] batadv0: entered promiscuous mode [ 116.376220][ T7248] macsec2: entered allmulticast mode [ 116.386644][ T7248] batadv0: entered allmulticast mode [ 116.408262][ T7248] batadv0: left allmulticast mode [ 116.425083][ T7248] batadv0: left promiscuous mode [ 116.482013][ T7228] lo speed is unknown, defaulting to 1000 [ 116.630943][ T7228] lo speed is unknown, defaulting to 1000 [ 116.641592][ T7228] lo speed is unknown, defaulting to 1000 [ 116.668461][ T7228] lo speed is unknown, defaulting to 1000 [ 116.693913][ T7228] lo speed is unknown, defaulting to 1000 [ 116.706323][ T7228] lo speed is unknown, defaulting to 1000 [ 117.063687][ T7276] netlink: 'syz.1.452': attribute type 23 has an invalid length. [ 117.093365][ T7266] syzkaller0: entered promiscuous mode [ 117.102523][ T7266] syzkaller0: entered allmulticast mode [ 117.175941][ T7275] lo speed is unknown, defaulting to 1000 [ 117.433317][ T7288] bond0: entered promiscuous mode [ 117.455940][ T7288] bond_slave_0: entered promiscuous mode [ 117.472780][ T7288] bond_slave_1: entered promiscuous mode [ 117.558736][ T7288] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 117.580867][ T7288] bond0: left promiscuous mode [ 117.585901][ T7288] bond_slave_0: left promiscuous mode [ 117.596521][ T7288] bond_slave_1: left promiscuous mode [ 117.900110][ T7302] netlink: 'syz.3.458': attribute type 1 has an invalid length. [ 117.941642][ T7302] netlink: 'syz.3.458': attribute type 1 has an invalid length. [ 118.122757][ T7311] FAULT_INJECTION: forcing a failure. [ 118.122757][ T7311] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 118.137209][ T7311] CPU: 1 UID: 0 PID: 7311 Comm: syz.3.460 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 118.137234][ T7311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.137245][ T7311] Call Trace: [ 118.137252][ T7311] [ 118.137259][ T7311] dump_stack_lvl+0x189/0x250 [ 118.137288][ T7311] ? __pfx____ratelimit+0x10/0x10 [ 118.137312][ T7311] ? __pfx_dump_stack_lvl+0x10/0x10 [ 118.137336][ T7311] ? __pfx__printk+0x10/0x10 [ 118.137354][ T7311] ? __might_fault+0xb0/0x130 [ 118.137380][ T7311] should_fail_ex+0x414/0x560 [ 118.137405][ T7311] _copy_from_user+0x2d/0xb0 [ 118.137422][ T7311] ___sys_recvmsg+0x12e/0x510 [ 118.137451][ T7311] ? __pfx____sys_recvmsg+0x10/0x10 [ 118.137499][ T7311] ? __fget_files+0x3a0/0x420 [ 118.137528][ T7311] do_recvmmsg+0x307/0x770 [ 118.137560][ T7311] ? __pfx_do_recvmmsg+0x10/0x10 [ 118.137596][ T7311] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 118.137630][ T7311] __x64_sys_recvmmsg+0x190/0x240 [ 118.137657][ T7311] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 118.137678][ T7311] ? rcu_is_watching+0x15/0xb0 [ 118.137707][ T7311] ? do_syscall_64+0xbe/0x3b0 [ 118.137727][ T7311] do_syscall_64+0xfa/0x3b0 [ 118.137742][ T7311] ? lockdep_hardirqs_on+0x9c/0x150 [ 118.137774][ T7311] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.137791][ T7311] ? clear_bhb_loop+0x60/0xb0 [ 118.137812][ T7311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.137828][ T7311] RIP: 0033:0x7f54ecb8e929 [ 118.137843][ T7311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.137857][ T7311] RSP: 002b:00007f54ed98b038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 118.137875][ T7311] RAX: ffffffffffffffda RBX: 00007f54ecdb5fa0 RCX: 00007f54ecb8e929 [ 118.137888][ T7311] RDX: 0000000000000002 RSI: 0000200000006cc0 RDI: 0000000000000004 [ 118.137898][ T7311] RBP: 00007f54ed98b090 R08: 0000000000000000 R09: 0000000000000000 [ 118.137909][ T7311] R10: 00000000400122a0 R11: 0000000000000246 R12: 0000000000000001 [ 118.137919][ T7311] R13: 0000000000000000 R14: 00007f54ecdb5fa0 R15: 00007ffc407b4fa8 [ 118.137946][ T7311] [ 119.607075][ T7321] netlink: 'syz.1.463': attribute type 29 has an invalid length. [ 119.718386][ T7321] netlink: 'syz.1.463': attribute type 29 has an invalid length. [ 119.727764][ T7321] netlink: 500 bytes leftover after parsing attributes in process `syz.1.463'. [ 119.843112][ T7336] netlink: 'syz.4.467': attribute type 2 has an invalid length. [ 119.861683][ T7335] syzkaller1: entered promiscuous mode [ 119.871283][ T7335] syzkaller1: entered allmulticast mode [ 119.898999][ T7335] netlink: 8 bytes leftover after parsing attributes in process `syz.1.468'. [ 120.347697][ T7367] netlink: 'syz.4.481': attribute type 2 has an invalid length. [ 120.395378][ T7370] netlink: 260 bytes leftover after parsing attributes in process `syz.1.482'. [ 120.407038][ T7370] netlink: 260 bytes leftover after parsing attributes in process `syz.1.482'. [ 120.450204][ T7372] bond0: entered promiscuous mode [ 120.455585][ T7372] bond_slave_0: entered promiscuous mode [ 120.463047][ T7372] bond_slave_1: entered promiscuous mode [ 120.473026][ T7372] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 120.483028][ T7372] bond0: left promiscuous mode [ 120.488650][ T7372] bond_slave_0: left promiscuous mode [ 120.499698][ T7372] bond_slave_1: left promiscuous mode [ 120.645508][ T7382] netlink: 12 bytes leftover after parsing attributes in process `syz.0.487'. [ 120.649716][ T7378] lo speed is unknown, defaulting to 1000 [ 120.965280][ T7395] netlink: 'syz.0.493': attribute type 2 has an invalid length. [ 121.076929][ T7397] bridge: RTM_NEWNEIGH with invalid ether address [ 121.155057][ T7404] bridge0: entered allmulticast mode [ 121.189103][ T7406] netlink: 'syz.0.495': attribute type 2 has an invalid length. [ 121.200977][ T7406] netlink: 8 bytes leftover after parsing attributes in process `syz.0.495'. [ 121.212630][ T7403] lo speed is unknown, defaulting to 1000 [ 121.410371][ T7415] netlink: 'syz.3.496': attribute type 1 has an invalid length. [ 121.505149][ T7420] trusted_key: syz.0.498 sent an empty control message without MSG_MORE. [ 121.754846][ T7424] tipc: Enabled bearer , priority 0 [ 121.796802][ T7423] tipc: Disabling bearer [ 122.000897][ T7429] vxlan0: entered promiscuous mode [ 122.006900][ T7435] netlink: 'syz.2.505': attribute type 2 has an invalid length. [ 122.010959][ T7429] vxlan0: entered allmulticast mode [ 122.015411][ T7430] netlink: 'syz.0.504': attribute type 5 has an invalid length. [ 122.022570][ T7429] team0: Port device vxlan0 added [ 122.039134][ T49] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 122.051585][ T7430] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.504'. [ 122.061971][ T49] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 122.094225][ T49] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 122.120996][ T3460] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 122.131880][ T7437] netlink: 20 bytes leftover after parsing attributes in process `syz.4.506'. [ 122.141268][ T7437] netlink: 'syz.4.506': attribute type 6 has an invalid length. [ 122.152218][ T7437] netlink: 16 bytes leftover after parsing attributes in process `syz.4.506'. [ 122.183745][ T7437] netlink: 16 bytes leftover after parsing attributes in process `syz.4.506'. [ 122.328778][ T7448] FAULT_INJECTION: forcing a failure. [ 122.328778][ T7448] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 122.374518][ T7448] CPU: 1 UID: 0 PID: 7448 Comm: syz.0.510 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 122.374543][ T7448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.374553][ T7448] Call Trace: [ 122.374560][ T7448] [ 122.374567][ T7448] dump_stack_lvl+0x189/0x250 [ 122.374596][ T7448] ? __pfx____ratelimit+0x10/0x10 [ 122.374621][ T7448] ? __pfx_dump_stack_lvl+0x10/0x10 [ 122.374646][ T7448] ? __pfx__printk+0x10/0x10 [ 122.374665][ T7448] ? __might_fault+0xb0/0x130 [ 122.374694][ T7448] should_fail_ex+0x414/0x560 [ 122.374720][ T7448] _copy_to_iter+0x1db/0x16f0 [ 122.374746][ T7448] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 122.374776][ T7448] ? __pfx__copy_to_iter+0x10/0x10 [ 122.374799][ T7448] ? remove_wait_queue+0x33/0x120 [ 122.374822][ T7448] ? tipc_wait_for_rcvmsg+0x4ef/0x630 [ 122.374856][ T7448] __skb_datagram_iter+0xf8/0x990 [ 122.374883][ T7448] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 122.374909][ T7448] ? __pfx_tipc_sk_anc_data_recv+0x10/0x10 [ 122.374938][ T7448] skb_copy_datagram_iter+0xc5/0x230 [ 122.374967][ T7448] tipc_recvmsg+0x7a1/0x13c0 [ 122.375008][ T7448] ? __pfx_tipc_recvmsg+0x10/0x10 [ 122.375039][ T7448] ? __lock_acquire+0xab9/0xd20 [ 122.375057][ T7448] ? aa_sock_msg_perm+0x94/0x160 [ 122.375096][ T7448] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 122.375116][ T7448] ? security_socket_recvmsg+0x7e/0x2e0 [ 122.375140][ T7448] ? __pfx_tipc_recvmsg+0x10/0x10 [ 122.375164][ T7448] sock_recvmsg+0x229/0x270 [ 122.375187][ T7448] ____sys_recvmsg+0x1c9/0x460 [ 122.375219][ T7448] ? __pfx_____sys_recvmsg+0x10/0x10 [ 122.375258][ T7448] ? import_iovec+0x74/0xa0 [ 122.375279][ T7448] ___sys_recvmsg+0x1b5/0x510 [ 122.375308][ T7448] ? __pfx____sys_recvmsg+0x10/0x10 [ 122.375375][ T7448] ? __fget_files+0x3a0/0x420 [ 122.375406][ T7448] do_recvmmsg+0x307/0x770 [ 122.375439][ T7448] ? __pfx_do_recvmmsg+0x10/0x10 [ 122.375475][ T7448] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 122.375510][ T7448] __x64_sys_recvmmsg+0x190/0x240 [ 122.375536][ T7448] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 122.375557][ T7448] ? rcu_is_watching+0x15/0xb0 [ 122.375587][ T7448] ? do_syscall_64+0xbe/0x3b0 [ 122.375608][ T7448] do_syscall_64+0xfa/0x3b0 [ 122.375623][ T7448] ? lockdep_hardirqs_on+0x9c/0x150 [ 122.375646][ T7448] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.375664][ T7448] ? clear_bhb_loop+0x60/0xb0 [ 122.375690][ T7448] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.375705][ T7448] RIP: 0033:0x7f3f53d8e929 [ 122.375722][ T7448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.375742][ T7448] RSP: 002b:00007f3f51bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 122.375758][ T7448] RAX: ffffffffffffffda RBX: 00007f3f53fb5fa0 RCX: 00007f3f53d8e929 [ 122.375768][ T7448] RDX: 0000000000000002 RSI: 0000200000006cc0 RDI: 0000000000000004 [ 122.375777][ T7448] RBP: 00007f3f51bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 122.375786][ T7448] R10: 00000000400122a0 R11: 0000000000000246 R12: 0000000000000001 [ 122.375796][ T7448] R13: 0000000000000000 R14: 00007f3f53fb5fa0 R15: 00007fff78a0d3f8 [ 122.375820][ T7448] [ 123.435299][ T7492] vlan2: entered promiscuous mode [ 123.723306][ T7510] (unnamed net_device) (uninitialized): option coupled_control: invalid value (115) [ 124.540462][ T7554] tipc: Started in network mode [ 124.545371][ T7554] tipc: Node identity 9e3a3e160009, cluster identity 4711 [ 124.553625][ T7554] tipc: Enabled bearer , priority 0 [ 124.679073][ T7553] tipc: Disabling bearer [ 124.889303][ T7575] __nla_validate_parse: 8 callbacks suppressed [ 124.889320][ T7575] netlink: 24 bytes leftover after parsing attributes in process `syz.2.561'. [ 124.964251][ T7579] validate_nla: 41 callbacks suppressed [ 124.964270][ T7579] netlink: 'syz.1.562': attribute type 9 has an invalid length. [ 124.971484][ T7575] lo speed is unknown, defaulting to 1000 [ 124.993901][ T7579] netlink: 'syz.1.562': attribute type 7 has an invalid length. [ 125.012090][ T7579] netlink: 'syz.1.562': attribute type 8 has an invalid length. [ 125.348140][ T7583] lo speed is unknown, defaulting to 1000 [ 125.618312][ T7598] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 125.833935][ T7611] netlink: 'syz.1.573': attribute type 29 has an invalid length. [ 125.855044][ T7611] netlink: 'syz.1.573': attribute type 29 has an invalid length. [ 125.870353][ T7611] netlink: 500 bytes leftover after parsing attributes in process `syz.1.573'. [ 126.037179][ T7614] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 126.244677][ T7622] netlink: 8 bytes leftover after parsing attributes in process `syz.4.575'. [ 126.495032][ T7629] netlink: 260 bytes leftover after parsing attributes in process `syz.0.578'. [ 126.546694][ T7629] netlink: 260 bytes leftover after parsing attributes in process `syz.0.578'. [ 126.634855][ T7635] vlan2: entered promiscuous mode [ 126.723681][ T7639] netlink: 'syz.0.583': attribute type 83 has an invalid length. [ 126.744636][ T7639] netlink: 28 bytes leftover after parsing attributes in process `syz.0.583'. [ 126.756204][ T7639] netlink: 28 bytes leftover after parsing attributes in process `syz.0.583'. [ 126.774387][ T7639] bridge0: entered promiscuous mode [ 126.781685][ T7639] ip6gretap0: entered promiscuous mode [ 126.954431][ T7654] netlink: 'syz.0.587': attribute type 58 has an invalid length. [ 126.990336][ T7654] netlink: 20 bytes leftover after parsing attributes in process `syz.0.587'. [ 127.634193][ T7681] netlink: 36 bytes leftover after parsing attributes in process `syz.4.595'. [ 127.924490][ T7691] netlink: 8 bytes leftover after parsing attributes in process `syz.3.599'. [ 129.064373][ T7725] IPVS: Scheduler module ip_vs_sip not found [ 129.150512][ T7730] bond0: entered promiscuous mode [ 129.175180][ T7730] bond_slave_0: entered promiscuous mode [ 129.191571][ T7730] bond_slave_1: entered promiscuous mode [ 129.211600][ T7730] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 129.256446][ T7730] bond0: left promiscuous mode [ 129.261381][ T7730] bond_slave_0: left promiscuous mode [ 129.283457][ T7730] bond_slave_1: left promiscuous mode [ 129.462886][ T7738] veth0: entered promiscuous mode [ 129.485057][ T7740] netlink: 'syz.4.618': attribute type 1 has an invalid length. [ 129.504811][ T7736] veth0: left promiscuous mode [ 130.025733][ T7757] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 130.032983][ T6894] IPVS: starting estimator thread 0... [ 130.041507][ T7761] batadv_slave_0: entered promiscuous mode [ 130.136304][ T7763] IPVS: using max 27 ests per chain, 64800 per kthread [ 130.349797][ T7775] __nla_validate_parse: 1 callbacks suppressed [ 130.349815][ T7775] netlink: 356 bytes leftover after parsing attributes in process `syz.4.633'. [ 130.353621][ T7777] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 130.378820][ T7775] netlink: 32 bytes leftover after parsing attributes in process `syz.4.633'. [ 130.420435][ T7781] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 130.531738][ T7783] netlink: 8 bytes leftover after parsing attributes in process `syz.2.630'. [ 130.678248][ T7792] netlink: 8 bytes leftover after parsing attributes in process `syz.4.638'. [ 130.876352][ T7798] netlink: 'syz.3.640': attribute type 1 has an invalid length. [ 130.884068][ T7798] netlink: 16166 bytes leftover after parsing attributes in process `syz.3.640'. [ 131.167839][ T7817] netlink: 'syz.0.648': attribute type 4 has an invalid length. [ 131.188444][ T7817] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.648'. [ 131.288986][ T7783] syz.2.630 (7783) used greatest stack depth: 17992 bytes left [ 131.323282][ T7826] xt_hashlimit: size too large, truncated to 1048576 [ 131.517966][ T7835] netlink: 4 bytes leftover after parsing attributes in process `syz.2.654'. [ 131.573236][ T7835] batadv0: entered promiscuous mode [ 131.581908][ T7835] macsec1: entered allmulticast mode [ 131.589817][ T7835] batadv0: entered allmulticast mode [ 131.608768][ T7835] batadv0: left allmulticast mode [ 131.614308][ T7835] batadv0: left promiscuous mode [ 131.741353][ T7842] FAULT_INJECTION: forcing a failure. [ 131.741353][ T7842] name failslab, interval 1, probability 0, space 0, times 0 [ 131.754530][ T7842] CPU: 1 UID: 0 PID: 7842 Comm: syz.0.656 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 131.754555][ T7842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.754565][ T7842] Call Trace: [ 131.754572][ T7842] [ 131.754579][ T7842] dump_stack_lvl+0x189/0x250 [ 131.754610][ T7842] ? __pfx____ratelimit+0x10/0x10 [ 131.754636][ T7842] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.754660][ T7842] ? __pfx__printk+0x10/0x10 [ 131.754682][ T7842] ? __pfx___might_resched+0x10/0x10 [ 131.754706][ T7842] ? fs_reclaim_acquire+0x7d/0x100 [ 131.754731][ T7842] should_fail_ex+0x414/0x560 [ 131.754758][ T7842] should_failslab+0xa8/0x100 [ 131.754778][ T7842] __kmalloc_cache_noprof+0x70/0x3d0 [ 131.754794][ T7842] ? alloc_netdev_mqs+0xc36/0x11e0 [ 131.754817][ T7842] alloc_netdev_mqs+0xc36/0x11e0 [ 131.754839][ T7842] rtnl_create_link+0x31f/0xd10 [ 131.754862][ T7842] rtnl_newlink_create+0x25c/0xb00 [ 131.754890][ T7842] ? __pfx_aa_get_newest_label+0x10/0x10 [ 131.754915][ T7842] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 131.754934][ T7842] ? rtnl_newlink+0x8db/0x1c70 [ 131.754956][ T7842] ? __pfx___mutex_lock+0x10/0x10 [ 131.754984][ T7842] ? ns_capable+0x8a/0xf0 [ 131.755010][ T7842] rtnl_newlink+0x16d6/0x1c70 [ 131.755031][ T7842] ? netlink_sendmsg+0x805/0xb30 [ 131.755061][ T7842] ? __pfx_rtnl_newlink+0x10/0x10 [ 131.755104][ T7842] ? kasan_quarantine_put+0xdd/0x220 [ 131.755127][ T7842] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.755158][ T7842] ? nlmon_xmit+0xb0/0x100 [ 131.755172][ T7842] ? kmem_cache_free+0x18f/0x400 [ 131.755196][ T7842] ? __local_bh_enable_ip+0x12d/0x1c0 [ 131.755223][ T7842] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.755247][ T7842] ? __local_bh_enable_ip+0x12d/0x1c0 [ 131.755270][ T7842] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 131.755295][ T7842] ? __dev_queue_xmit+0x27e/0x3a70 [ 131.755341][ T7842] ? __lock_acquire+0xab9/0xd20 [ 131.755388][ T7842] ? __pfx_rtnl_newlink+0x10/0x10 [ 131.755406][ T7842] rtnetlink_rcv_msg+0x7cf/0xb70 [ 131.755429][ T7842] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 131.755447][ T7842] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 131.755464][ T7842] ? ref_tracker_free+0x63a/0x7d0 [ 131.755484][ T7842] ? __copy_skb_header+0xa7/0x550 [ 131.755509][ T7842] ? __pfx_ref_tracker_free+0x10/0x10 [ 131.755529][ T7842] ? __skb_clone+0x63/0x7a0 [ 131.755559][ T7842] netlink_rcv_skb+0x205/0x470 [ 131.755580][ T7842] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 131.755601][ T7842] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 131.755635][ T7842] ? netlink_deliver_tap+0x2e/0x1b0 [ 131.755654][ T7842] ? netlink_deliver_tap+0x2e/0x1b0 [ 131.755679][ T7842] netlink_unicast+0x758/0x8d0 [ 131.755709][ T7842] netlink_sendmsg+0x805/0xb30 [ 131.755739][ T7842] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.755759][ T7842] ? aa_sock_msg_perm+0x94/0x160 [ 131.755780][ T7842] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 131.755800][ T7842] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.755821][ T7842] __sock_sendmsg+0x219/0x270 [ 131.755843][ T7842] ____sys_sendmsg+0x505/0x830 [ 131.755872][ T7842] ? __pfx_____sys_sendmsg+0x10/0x10 [ 131.755905][ T7842] ? import_iovec+0x74/0xa0 [ 131.755927][ T7842] ___sys_sendmsg+0x21f/0x2a0 [ 131.755952][ T7842] ? __pfx____sys_sendmsg+0x10/0x10 [ 131.756007][ T7842] ? __fget_files+0x2a/0x420 [ 131.756024][ T7842] ? __fget_files+0x3a0/0x420 [ 131.756050][ T7842] __x64_sys_sendmsg+0x19b/0x260 [ 131.756076][ T7842] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 131.756104][ T7842] ? __pfx_ksys_write+0x10/0x10 [ 131.756118][ T7842] ? rcu_is_watching+0x15/0xb0 [ 131.756147][ T7842] ? do_syscall_64+0xbe/0x3b0 [ 131.756167][ T7842] do_syscall_64+0xfa/0x3b0 [ 131.756182][ T7842] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.756203][ T7842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.756220][ T7842] ? clear_bhb_loop+0x60/0xb0 [ 131.756238][ T7842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.756252][ T7842] RIP: 0033:0x7f3f53d8e929 [ 131.756267][ T7842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.756281][ T7842] RSP: 002b:00007f3f51bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 131.756299][ T7842] RAX: ffffffffffffffda RBX: 00007f3f53fb5fa0 RCX: 00007f3f53d8e929 [ 131.756318][ T7842] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000010 [ 131.756329][ T7842] RBP: 00007f3f51bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 131.756339][ T7842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 131.756348][ T7842] R13: 0000000000000000 R14: 00007f3f53fb5fa0 R15: 00007fff78a0d3f8 [ 131.756376][ T7842] [ 132.250107][ T7844] netlink: 71 bytes leftover after parsing attributes in process `syz.2.657'. [ 132.341703][ T7846] FAULT_INJECTION: forcing a failure. [ 132.341703][ T7846] name failslab, interval 1, probability 0, space 0, times 0 [ 132.373952][ T7846] CPU: 1 UID: 0 PID: 7846 Comm: syz.1.658 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 132.373979][ T7846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 132.373989][ T7846] Call Trace: [ 132.373996][ T7846] [ 132.374004][ T7846] dump_stack_lvl+0x189/0x250 [ 132.374055][ T7846] ? __pfx____ratelimit+0x10/0x10 [ 132.374081][ T7846] ? __pfx_dump_stack_lvl+0x10/0x10 [ 132.374106][ T7846] ? __pfx__printk+0x10/0x10 [ 132.374130][ T7846] ? __pfx___might_resched+0x10/0x10 [ 132.374160][ T7846] should_fail_ex+0x414/0x560 [ 132.374184][ T7846] ? nf_tables_commit+0xaa9/0x8700 [ 132.374203][ T7846] should_failslab+0xa8/0x100 [ 132.374223][ T7846] __kvmalloc_node_noprof+0x161/0x5f0 [ 132.374242][ T7846] ? nf_tables_commit+0xaa9/0x8700 [ 132.374260][ T7846] ? nf_tables_commit+0x79d/0x8700 [ 132.374285][ T7846] nf_tables_commit+0xaa9/0x8700 [ 132.374305][ T7846] ? do_raw_spin_unlock+0x122/0x240 [ 132.374347][ T7846] ? __pfx___folio_put+0x10/0x10 [ 132.374368][ T7846] ? __pfx_nf_tables_commit+0x10/0x10 [ 132.374391][ T7846] ? free_large_kmalloc+0xeb/0x200 [ 132.374412][ T7846] ? free_large_kmalloc+0x145/0x200 [ 132.374431][ T7846] ? nf_tables_newrule+0x23bc/0x2890 [ 132.374470][ T7846] ? __pfx_nf_tables_newrule+0x10/0x10 [ 132.374524][ T7846] nfnetlink_rcv+0x1a4b/0x2520 [ 132.374583][ T7846] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 132.374626][ T7846] ? ref_tracker_free+0x63a/0x7d0 [ 132.374680][ T7846] ? __netlink_deliver_tap+0x807/0x850 [ 132.374710][ T7846] ? netlink_deliver_tap+0x2e/0x1b0 [ 132.374729][ T7846] ? netlink_deliver_tap+0x2e/0x1b0 [ 132.374753][ T7846] netlink_unicast+0x758/0x8d0 [ 132.374784][ T7846] netlink_sendmsg+0x805/0xb30 [ 132.374813][ T7846] ? __pfx_netlink_sendmsg+0x10/0x10 [ 132.374841][ T7846] ? aa_sock_msg_perm+0x94/0x160 [ 132.374864][ T7846] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 132.374885][ T7846] ? __pfx_netlink_sendmsg+0x10/0x10 [ 132.374907][ T7846] __sock_sendmsg+0x219/0x270 [ 132.374929][ T7846] ____sys_sendmsg+0x505/0x830 [ 132.374958][ T7846] ? __pfx_____sys_sendmsg+0x10/0x10 [ 132.374991][ T7846] ? import_iovec+0x74/0xa0 [ 132.375012][ T7846] ___sys_sendmsg+0x21f/0x2a0 [ 132.375038][ T7846] ? __pfx____sys_sendmsg+0x10/0x10 [ 132.375098][ T7846] ? __fget_files+0x2a/0x420 [ 132.375116][ T7846] ? __fget_files+0x3a0/0x420 [ 132.375146][ T7846] __x64_sys_sendmsg+0x19b/0x260 [ 132.375173][ T7846] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 132.375206][ T7846] ? __pfx_ksys_write+0x10/0x10 [ 132.375219][ T7846] ? rcu_is_watching+0x15/0xb0 [ 132.375249][ T7846] ? do_syscall_64+0xbe/0x3b0 [ 132.375270][ T7846] do_syscall_64+0xfa/0x3b0 [ 132.375285][ T7846] ? lockdep_hardirqs_on+0x9c/0x150 [ 132.375308][ T7846] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.375325][ T7846] ? clear_bhb_loop+0x60/0xb0 [ 132.375346][ T7846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.375362][ T7846] RIP: 0033:0x7fb5d6f8e929 [ 132.375378][ T7846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.375392][ T7846] RSP: 002b:00007fb5d7e5c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 132.375411][ T7846] RAX: ffffffffffffffda RBX: 00007fb5d71b5fa0 RCX: 00007fb5d6f8e929 [ 132.375423][ T7846] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 132.375434][ T7846] RBP: 00007fb5d7e5c090 R08: 0000000000000000 R09: 0000000000000000 [ 132.375444][ T7846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 132.375454][ T7846] R13: 0000000000000000 R14: 00007fb5d71b5fa0 R15: 00007fff6db8d6c8 [ 132.375483][ T7846] [ 132.846375][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.852708][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.930057][ T7860] netlink: 'syz.1.664': attribute type 2 has an invalid length. [ 132.975488][ T7866] team_slave_0: entered promiscuous mode [ 132.981310][ T7866] team_slave_1: entered promiscuous mode [ 132.990798][ T7866] vlan2: entered promiscuous mode [ 132.995939][ T7866] team0: entered promiscuous mode [ 133.462443][ T7896] netlink: 4 bytes leftover after parsing attributes in process `syz.3.677'. [ 133.536262][ T7896] batadv0: entered promiscuous mode [ 133.554898][ T7896] macsec1: entered allmulticast mode [ 133.561126][ T7896] batadv0: entered allmulticast mode [ 133.570774][ T7896] batadv0: left allmulticast mode [ 133.578577][ T7896] batadv0: left promiscuous mode [ 133.603833][ T7903] netlink: 'syz.2.680': attribute type 2 has an invalid length. [ 133.637282][ T7901] tipc: Enabled bearer , priority 0 [ 133.781679][ T7900] tipc: Disabling bearer [ 133.832476][ T7916] netlink: 'syz.2.683': attribute type 2 has an invalid length. [ 134.069407][ T7926] ip6tnl1: entered promiscuous mode [ 134.074915][ T7926] ip6tnl1: entered allmulticast mode [ 134.108036][ T7928] vlan2: entered promiscuous mode [ 134.189242][ T3460] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 134.249965][ T7934] netlink: 'syz.3.691': attribute type 2 has an invalid length. [ 134.368429][ T7943] netlink: 12 bytes leftover after parsing attributes in process `syz.4.696'. [ 134.662058][ T7965] netlink: 'syz.2.705': attribute type 29 has an invalid length. [ 134.674793][ T7965] netlink: 'syz.2.705': attribute type 29 has an invalid length. [ 134.755188][ T7969] netlink: 'syz.2.707': attribute type 2 has an invalid length. [ 134.995429][ T7983] vlan3: entered promiscuous mode [ 135.506922][ T8007] __nla_validate_parse: 5 callbacks suppressed [ 135.506940][ T8007] netlink: 32 bytes leftover after parsing attributes in process `syz.4.721'. [ 135.520505][ T8008] netlink: 4 bytes leftover after parsing attributes in process `syz.2.722'. [ 135.561299][ T8008] batadv0: entered promiscuous mode [ 135.583713][ T8008] macsec1: entered allmulticast mode [ 135.595050][ T8009] tipc: Can't bind to reserved service type 0 [ 135.603606][ T8008] batadv0: entered allmulticast mode [ 135.640997][ T8008] batadv0: left allmulticast mode [ 135.652672][ T8008] batadv0: left promiscuous mode [ 135.718377][ T8017] netlink: 28 bytes leftover after parsing attributes in process `syz.3.725'. [ 135.840169][ T8021] FAULT_INJECTION: forcing a failure. [ 135.840169][ T8021] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 135.885453][ T8021] CPU: 0 UID: 0 PID: 8021 Comm: syz.4.727 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 135.885478][ T8021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 135.885489][ T8021] Call Trace: [ 135.885497][ T8021] [ 135.885505][ T8021] dump_stack_lvl+0x189/0x250 [ 135.885532][ T8021] ? __pfx____ratelimit+0x10/0x10 [ 135.885558][ T8021] ? __pfx_dump_stack_lvl+0x10/0x10 [ 135.885582][ T8021] ? __pfx__printk+0x10/0x10 [ 135.885601][ T8021] ? __might_fault+0xb0/0x130 [ 135.885629][ T8021] should_fail_ex+0x414/0x560 [ 135.885655][ T8021] _copy_from_iter+0x1db/0x16f0 [ 135.885682][ T8021] ? rcu_is_watching+0x15/0xb0 [ 135.885709][ T8021] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 135.885728][ T8021] ? __pfx__copy_from_iter+0x10/0x10 [ 135.885756][ T8021] ? __build_skb_around+0x257/0x3e0 [ 135.885780][ T8021] ? netlink_sendmsg+0x642/0xb30 [ 135.885799][ T8021] ? skb_put+0x11b/0x210 [ 135.885824][ T8021] netlink_sendmsg+0x6b2/0xb30 [ 135.885854][ T8021] ? __pfx_netlink_sendmsg+0x10/0x10 [ 135.885875][ T8021] ? aa_sock_msg_perm+0x94/0x160 [ 135.885897][ T8021] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 135.885917][ T8021] ? __pfx_netlink_sendmsg+0x10/0x10 [ 135.885936][ T8021] __sock_sendmsg+0x219/0x270 [ 135.885957][ T8021] ____sys_sendmsg+0x505/0x830 [ 135.885985][ T8021] ? __pfx_____sys_sendmsg+0x10/0x10 [ 135.886015][ T8021] ? import_iovec+0x74/0xa0 [ 135.886033][ T8021] ___sys_sendmsg+0x21f/0x2a0 [ 135.886056][ T8021] ? __pfx____sys_sendmsg+0x10/0x10 [ 135.886119][ T8021] ? __fget_files+0x2a/0x420 [ 135.886136][ T8021] ? __fget_files+0x3a0/0x420 [ 135.886164][ T8021] __x64_sys_sendmsg+0x19b/0x260 [ 135.886189][ T8021] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 135.886221][ T8021] ? __pfx_ksys_write+0x10/0x10 [ 135.886235][ T8021] ? rcu_is_watching+0x15/0xb0 [ 135.886263][ T8021] ? do_syscall_64+0xbe/0x3b0 [ 135.886283][ T8021] do_syscall_64+0xfa/0x3b0 [ 135.886297][ T8021] ? lockdep_hardirqs_on+0x9c/0x150 [ 135.886319][ T8021] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.886335][ T8021] ? clear_bhb_loop+0x60/0xb0 [ 135.886356][ T8021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.886373][ T8021] RIP: 0033:0x7fc63fd8e929 [ 135.886390][ T8021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.886405][ T8021] RSP: 002b:00007fc640b21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 135.886424][ T8021] RAX: ffffffffffffffda RBX: 00007fc63ffb5fa0 RCX: 00007fc63fd8e929 [ 135.886436][ T8021] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 135.886446][ T8021] RBP: 00007fc640b21090 R08: 0000000000000000 R09: 0000000000000000 [ 135.886456][ T8021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 135.886466][ T8021] R13: 0000000000000000 R14: 00007fc63ffb5fa0 R15: 00007ffdd0aa8668 [ 135.886493][ T8021] [ 136.234425][ T8034] netlink: 24 bytes leftover after parsing attributes in process `syz.4.733'. [ 136.385740][ T8040] netlink: 36 bytes leftover after parsing attributes in process `syz.0.734'. [ 136.402172][ T8040] netlink: 24 bytes leftover after parsing attributes in process `syz.0.734'. [ 136.942677][ T8062] lo speed is unknown, defaulting to 1000 [ 137.020016][ T8069] netlink: 'syz.2.747': attribute type 1 has an invalid length. [ 137.030194][ T8069] netlink: 'syz.2.747': attribute type 2 has an invalid length. [ 137.053053][ T8070] vlan3: entered promiscuous mode [ 137.066216][ T8070] team0: entered promiscuous mode [ 137.091699][ T8070] team_slave_0: entered promiscuous mode [ 137.104727][ T8070] team_slave_1: entered promiscuous mode [ 137.112515][ T8070] vxlan0: entered promiscuous mode [ 138.037097][ T8086] netlink: 256 bytes leftover after parsing attributes in process `syz.4.750'. [ 138.085934][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 138.501033][ T8110] xfrm1: entered promiscuous mode [ 138.508638][ T8110] xfrm1: entered allmulticast mode [ 138.741269][ T8120] netlink: 8 bytes leftover after parsing attributes in process `syz.4.764'. [ 138.751882][ T8120] openvswitch: netlink: nsh attribute has 13 unknown bytes. [ 138.761117][ T8120] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 138.976053][ T8131] tipc: Enabled bearer , priority 0 [ 139.044368][ T8130] tipc: Disabling bearer [ 139.239840][ T8143] netlink: 4 bytes leftover after parsing attributes in process `syz.2.774'. [ 139.248990][ T8143] bridge_slave_1: left allmulticast mode [ 139.254639][ T8143] bridge_slave_1: left promiscuous mode [ 139.262033][ T8143] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.281782][ T8143] bridge_slave_0: left allmulticast mode [ 139.298003][ T8143] bridge_slave_0: left promiscuous mode [ 139.324380][ T8143] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.380465][ T8155] netlink: 36 bytes leftover after parsing attributes in process `syz.4.777'. [ 139.454427][ T8152] netlink: 'syz.3.778': attribute type 1 has an invalid length. [ 139.468186][ T8152] netlink: 'syz.3.778': attribute type 2 has an invalid length. [ 139.639646][ T8168] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 140.389558][ T8182] lo speed is unknown, defaulting to 1000 [ 140.417916][ T8186] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 140.455468][ T8186] netlink: 'syz.4.788': attribute type 13 has an invalid length. [ 140.475036][ T8186] netlink: 'syz.4.788': attribute type 17 has an invalid length. [ 140.541400][ T8189] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 140.724128][ T8186] bridge0: left allmulticast mode [ 140.739337][ T8186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 140.756481][ T8186] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.785219][ T8186] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 141.051188][ T8219] FAULT_INJECTION: forcing a failure. [ 141.051188][ T8219] name failslab, interval 1, probability 0, space 0, times 0 [ 141.069359][ T8219] CPU: 1 UID: 0 PID: 8219 Comm: syz.1.798 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 141.069386][ T8219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 141.069396][ T8219] Call Trace: [ 141.069403][ T8219] [ 141.069410][ T8219] dump_stack_lvl+0x189/0x250 [ 141.069440][ T8219] ? __pfx____ratelimit+0x10/0x10 [ 141.069464][ T8219] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.069487][ T8219] ? __pfx__printk+0x10/0x10 [ 141.069508][ T8219] ? __pfx___might_resched+0x10/0x10 [ 141.069530][ T8219] ? fs_reclaim_acquire+0x7d/0x100 [ 141.069553][ T8219] should_fail_ex+0x414/0x560 [ 141.069587][ T8219] should_failslab+0xa8/0x100 [ 141.069608][ T8219] __kmalloc_cache_noprof+0x70/0x3d0 [ 141.069623][ T8219] ? rtnl_newlink+0xed/0x1c70 [ 141.069641][ T8219] ? kasan_save_free_info+0x46/0x50 [ 141.069665][ T8219] rtnl_newlink+0xed/0x1c70 [ 141.069682][ T8219] ? netlink_sendmsg+0x805/0xb30 [ 141.069699][ T8219] ? __sock_sendmsg+0x219/0x270 [ 141.069713][ T8219] ? ____sys_sendmsg+0x505/0x830 [ 141.069730][ T8219] ? ___sys_sendmsg+0x21f/0x2a0 [ 141.069749][ T8219] ? __x64_sys_sendmsg+0x19b/0x260 [ 141.069767][ T8219] ? do_syscall_64+0xfa/0x3b0 [ 141.069782][ T8219] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.069805][ T8219] ? __pfx_rtnl_newlink+0x10/0x10 [ 141.069843][ T8219] ? kasan_quarantine_put+0xdd/0x220 [ 141.069866][ T8219] ? lockdep_hardirqs_on+0x9c/0x150 [ 141.069896][ T8219] ? nlmon_xmit+0xb0/0x100 [ 141.069911][ T8219] ? kmem_cache_free+0x18f/0x400 [ 141.069934][ T8219] ? __local_bh_enable_ip+0x12d/0x1c0 [ 141.069957][ T8219] ? lockdep_hardirqs_on+0x9c/0x150 [ 141.069981][ T8219] ? __local_bh_enable_ip+0x12d/0x1c0 [ 141.070003][ T8219] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 141.070028][ T8219] ? __dev_queue_xmit+0x27e/0x3a70 [ 141.070064][ T8219] ? __lock_acquire+0xab9/0xd20 [ 141.070108][ T8219] ? __pfx_rtnl_newlink+0x10/0x10 [ 141.070127][ T8219] rtnetlink_rcv_msg+0x7cf/0xb70 [ 141.070149][ T8219] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 141.070167][ T8219] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 141.070183][ T8219] ? ref_tracker_free+0x63a/0x7d0 [ 141.070204][ T8219] ? __copy_skb_header+0xa7/0x550 [ 141.070230][ T8219] ? __pfx_ref_tracker_free+0x10/0x10 [ 141.070251][ T8219] ? __skb_clone+0x63/0x7a0 [ 141.070282][ T8219] netlink_rcv_skb+0x205/0x470 [ 141.070303][ T8219] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 141.070323][ T8219] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 141.070356][ T8219] ? netlink_deliver_tap+0x2e/0x1b0 [ 141.070375][ T8219] ? netlink_deliver_tap+0x2e/0x1b0 [ 141.070401][ T8219] netlink_unicast+0x758/0x8d0 [ 141.070430][ T8219] netlink_sendmsg+0x805/0xb30 [ 141.070460][ T8219] ? __pfx_netlink_sendmsg+0x10/0x10 [ 141.070483][ T8219] ? aa_sock_msg_perm+0x94/0x160 [ 141.070506][ T8219] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 141.070527][ T8219] ? __pfx_netlink_sendmsg+0x10/0x10 [ 141.070549][ T8219] __sock_sendmsg+0x219/0x270 [ 141.070570][ T8219] ____sys_sendmsg+0x505/0x830 [ 141.070605][ T8219] ? __pfx_____sys_sendmsg+0x10/0x10 [ 141.070637][ T8219] ? import_iovec+0x74/0xa0 [ 141.070658][ T8219] ___sys_sendmsg+0x21f/0x2a0 [ 141.070683][ T8219] ? __pfx____sys_sendmsg+0x10/0x10 [ 141.070739][ T8219] ? __fget_files+0x2a/0x420 [ 141.070756][ T8219] ? __fget_files+0x3a0/0x420 [ 141.070785][ T8219] __x64_sys_sendmsg+0x19b/0x260 [ 141.070810][ T8219] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 141.070843][ T8219] ? __pfx_ksys_write+0x10/0x10 [ 141.070856][ T8219] ? rcu_is_watching+0x15/0xb0 [ 141.070886][ T8219] ? do_syscall_64+0xbe/0x3b0 [ 141.070907][ T8219] do_syscall_64+0xfa/0x3b0 [ 141.070922][ T8219] ? lockdep_hardirqs_on+0x9c/0x150 [ 141.070946][ T8219] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.070963][ T8219] ? clear_bhb_loop+0x60/0xb0 [ 141.070984][ T8219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.071002][ T8219] RIP: 0033:0x7fb5d6f8e929 [ 141.071018][ T8219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.071033][ T8219] RSP: 002b:00007fb5d7e5c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 141.071053][ T8219] RAX: ffffffffffffffda RBX: 00007fb5d71b5fa0 RCX: 00007fb5d6f8e929 [ 141.071066][ T8219] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 141.071077][ T8219] RBP: 00007fb5d7e5c090 R08: 0000000000000000 R09: 0000000000000000 [ 141.071088][ T8219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 141.071099][ T8219] R13: 0000000000000000 R14: 00007fb5d71b5fa0 R15: 00007fff6db8d6c8 [ 141.071127][ T8219] [ 141.072614][ T8216] FAULT_INJECTION: forcing a failure. [ 141.072614][ T8216] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 141.107207][ T8221] __nla_validate_parse: 5 callbacks suppressed [ 141.107224][ T8221] netlink: 216 bytes leftover after parsing attributes in process `syz.0.800'. [ 141.134279][ T8216] CPU: 1 UID: 0 PID: 8216 Comm: syz.3.799 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 141.134306][ T8216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 141.134317][ T8216] Call Trace: [ 141.134324][ T8216] [ 141.134331][ T8216] dump_stack_lvl+0x189/0x250 [ 141.134361][ T8216] ? __pfx____ratelimit+0x10/0x10 [ 141.134387][ T8216] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.134411][ T8216] ? __pfx__printk+0x10/0x10 [ 141.134442][ T8216] should_fail_ex+0x414/0x560 [ 141.134469][ T8216] _copy_to_user+0x31/0xb0 [ 141.134488][ T8216] simple_read_from_buffer+0xe1/0x170 [ 141.134512][ T8216] proc_fail_nth_read+0x1df/0x250 [ 141.134536][ T8216] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 141.134558][ T8216] ? rw_verify_area+0x258/0x650 [ 141.134589][ T8216] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 141.134610][ T8216] vfs_read+0x200/0x980 [ 141.134639][ T8216] ? __pfx___mutex_lock+0x10/0x10 [ 141.134657][ T8216] ? __pfx_vfs_read+0x10/0x10 [ 141.134682][ T8216] ? __fget_files+0x2a/0x420 [ 141.134705][ T8216] ? __fget_files+0x3a0/0x420 [ 141.134722][ T8216] ? __fget_files+0x2a/0x420 [ 141.134750][ T8216] ksys_read+0x145/0x250 [ 141.134775][ T8216] ? __pfx_ksys_read+0x10/0x10 [ 141.134797][ T8216] ? rcu_is_watching+0x15/0xb0 [ 141.134827][ T8216] ? do_syscall_64+0xbe/0x3b0 [ 141.134848][ T8216] do_syscall_64+0xfa/0x3b0 [ 141.134862][ T8216] ? lockdep_hardirqs_on+0x9c/0x150 [ 141.134885][ T8216] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.134902][ T8216] ? clear_bhb_loop+0x60/0xb0 [ 141.134923][ T8216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.134939][ T8216] RIP: 0033:0x7f54ecb8d33c [ 141.134955][ T8216] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 141.134970][ T8216] RSP: 002b:00007f54ed98b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 141.134988][ T8216] RAX: ffffffffffffffda RBX: 00007f54ecdb5fa0 RCX: 00007f54ecb8d33c [ 141.135001][ T8216] RDX: 000000000000000f RSI: 00007f54ed98b0a0 RDI: 0000000000000005 [ 141.135012][ T8216] RBP: 00007f54ed98b090 R08: 0000000000000000 R09: 0000000000000000 [ 141.135023][ T8216] R10: 00000000400122a0 R11: 0000000000000246 R12: 0000000000000001 [ 141.135033][ T8216] R13: 0000000000000000 R14: 00007f54ecdb5fa0 R15: 00007ffc407b4fa8 [ 141.135060][ T8216] [ 141.285479][ T8225] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 141.801026][ T8244] netlink: 16 bytes leftover after parsing attributes in process `syz.0.805'. [ 142.118013][ T8248] netlink: 'syz.0.807': attribute type 1 has an invalid length. [ 142.129106][ T8248] netlink: 'syz.0.807': attribute type 2 has an invalid length. [ 142.359802][ T8259] x_tables: ip_tables: TCPMSS target: only valid for protocol 6 [ 142.703485][ T8276] netlink: 4 bytes leftover after parsing attributes in process `syz.0.813'. [ 142.837269][ T8280] netlink: 4 bytes leftover after parsing attributes in process `syz.1.820'. [ 142.915124][ T8282] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only [ 142.942975][ T8274] lo speed is unknown, defaulting to 1000 [ 142.956094][ T8276] bridge_slave_1: left allmulticast mode [ 142.961779][ T8276] bridge_slave_1: left promiscuous mode [ 142.988411][ T8276] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.085705][ T8276] bridge_slave_0: left allmulticast mode [ 143.138301][ T8276] bridge_slave_0: left promiscuous mode [ 143.144896][ T8276] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.315424][ T8290] netlink: 4 bytes leftover after parsing attributes in process `syz.4.822'. [ 143.439999][ T8276] bridge0 (unregistering): left promiscuous mode [ 143.486986][ T8295] netlink: 4 bytes leftover after parsing attributes in process `syz.4.822'. [ 143.567778][ T8280] ipvlan2: entered promiscuous mode [ 143.628508][ T8294] netlink: 'syz.2.824': attribute type 12 has an invalid length. [ 143.801073][ T8297] syzkaller1: entered promiscuous mode [ 143.816346][ T8297] syzkaller1: entered allmulticast mode [ 143.898203][ T8301] FAULT_INJECTION: forcing a failure. [ 143.898203][ T8301] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 143.911593][ T8301] CPU: 1 UID: 0 PID: 8301 Comm: syz.1.826 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 143.911619][ T8301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 143.911628][ T8301] Call Trace: [ 143.911635][ T8301] [ 143.911642][ T8301] dump_stack_lvl+0x189/0x250 [ 143.911670][ T8301] ? __pfx____ratelimit+0x10/0x10 [ 143.911696][ T8301] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.911720][ T8301] ? __pfx__printk+0x10/0x10 [ 143.911740][ T8301] ? __might_fault+0xb0/0x130 [ 143.911767][ T8301] should_fail_ex+0x414/0x560 [ 143.911793][ T8301] _copy_from_user+0x2d/0xb0 [ 143.911812][ T8301] ___sys_sendmsg+0x158/0x2a0 [ 143.911839][ T8301] ? __pfx____sys_sendmsg+0x10/0x10 [ 143.911899][ T8301] ? __fget_files+0x2a/0x420 [ 143.911916][ T8301] ? __fget_files+0x3a0/0x420 [ 143.911945][ T8301] __x64_sys_sendmsg+0x19b/0x260 [ 143.911971][ T8301] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 143.912004][ T8301] ? __pfx_ksys_write+0x10/0x10 [ 143.912018][ T8301] ? rcu_is_watching+0x15/0xb0 [ 143.912047][ T8301] ? do_syscall_64+0xbe/0x3b0 [ 143.912069][ T8301] do_syscall_64+0xfa/0x3b0 [ 143.912084][ T8301] ? lockdep_hardirqs_on+0x9c/0x150 [ 143.912107][ T8301] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.912122][ T8301] ? clear_bhb_loop+0x60/0xb0 [ 143.912141][ T8301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.912156][ T8301] RIP: 0033:0x7fb5d6f8e929 [ 143.912179][ T8301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.912192][ T8301] RSP: 002b:00007fb5d7e5c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 143.912210][ T8301] RAX: ffffffffffffffda RBX: 00007fb5d71b5fa0 RCX: 00007fb5d6f8e929 [ 143.912223][ T8301] RDX: 0000000000000000 RSI: 0000200000004340 RDI: 0000000000000003 [ 143.912234][ T8301] RBP: 00007fb5d7e5c090 R08: 0000000000000000 R09: 0000000000000000 [ 143.912245][ T8301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.912256][ T8301] R13: 0000000000000000 R14: 00007fb5d71b5fa0 R15: 00007fff6db8d6c8 [ 143.912283][ T8301] [ 144.213285][ T8307] ip6gretap1: entered promiscuous mode [ 144.592536][ T8329] syz_tun: entered promiscuous mode [ 144.612773][ T8329] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 144.632233][ T8329] Cannot create hsr debugfs directory [ 144.650332][ T8329] hsr1: entered allmulticast mode [ 144.660936][ T8329] syz_tun: entered allmulticast mode [ 144.667858][ T8329] batadv_slave_0: entered allmulticast mode [ 144.732573][ T49] syzkaller0: tun_net_xmit 76 [ 144.737810][ T8330] syzkaller0: create flow: hash 3067828358 index 1 [ 144.758058][ T49] syzkaller0: tun_net_xmit 48 [ 144.765989][ T6892] syzkaller0: tun_net_xmit 76 [ 144.910514][ T8327] syzkaller0: delete flow: hash 3067828358 index 1 [ 145.046718][ T8347] netlink: 12 bytes leftover after parsing attributes in process `syz.4.841'. [ 145.465265][ T8370] netlink: 'syz.0.846': attribute type 23 has an invalid length. [ 145.555054][ T8374] netlink: 8 bytes leftover after parsing attributes in process `syz.4.844'. [ 145.606120][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 145.607906][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 146.801573][ T8371] netlink: 'syz.4.844': attribute type 1 has an invalid length. [ 146.816103][ T8371] netlink: 5624 bytes leftover after parsing attributes in process `syz.4.844'. [ 146.852771][ T8360] lo speed is unknown, defaulting to 1000 [ 147.079530][ T8389] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 147.097691][ T8389] netlink: 8 bytes leftover after parsing attributes in process `syz.4.851'. [ 147.870308][ T8434] lo speed is unknown, defaulting to 1000 [ 148.202740][ T8452] netlink: 24 bytes leftover after parsing attributes in process `syz.2.872'. [ 148.275598][ T8445] lo speed is unknown, defaulting to 1000 [ 148.286266][ T8458] netlink: 8 bytes leftover after parsing attributes in process `syz.0.875'. [ 148.539003][ T8468] lo speed is unknown, defaulting to 1000 [ 148.541831][ T8431] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 148.561211][ T8431] syzkaller0: linktype set to 774 [ 148.585669][ T8431] netlink: 'syz.3.865': attribute type 6 has an invalid length. [ 148.918905][ T8445] xt_CT: No such helper "snmp" [ 149.385333][ T8494] netlink: 52 bytes leftover after parsing attributes in process `syz.0.884'. [ 149.800238][ T8504] lo speed is unknown, defaulting to 1000 [ 150.381065][ T8528] netlink: 8 bytes leftover after parsing attributes in process `syz.0.893'. [ 150.469908][ T8530] lo speed is unknown, defaulting to 1000 [ 151.671994][ T8571] netlink: 8 bytes leftover after parsing attributes in process `syz.4.902'. [ 151.939792][ T8585] netlink: 40 bytes leftover after parsing attributes in process `syz.1.906'. [ 151.964786][ T8585] netlink: 4 bytes leftover after parsing attributes in process `syz.1.906'. [ 152.390380][ T8603] lo speed is unknown, defaulting to 1000 [ 152.549648][ T8610] netlink: 8 bytes leftover after parsing attributes in process `syz.1.917'. [ 152.720441][ T8626] netlink: 'syz.1.923': attribute type 2 has an invalid length. [ 152.731839][ T8627] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 152.833871][ T8634] netlink: 4 bytes leftover after parsing attributes in process `syz.0.925'. [ 152.907998][ T8634] netlink: 108 bytes leftover after parsing attributes in process `syz.0.925'. [ 152.925683][ T8634] netlink: 108 bytes leftover after parsing attributes in process `syz.0.925'. [ 152.935054][ T8634] netlink: 84 bytes leftover after parsing attributes in process `syz.0.925'. [ 153.076636][ T8645] netlink: 8 bytes leftover after parsing attributes in process `syz.3.929'. [ 153.386126][ T8662] openvswitch: netlink: Actions may not be safe on all matching packets [ 153.395134][ T8662] openvswitch: netlink: Actions may not be safe on all matching packets [ 153.479514][ T8662] openvswitch: netlink: Actions may not be safe on all matching packets [ 153.526716][ T8662] openvswitch: netlink: Actions may not be safe on all matching packets [ 153.557362][ T8662] openvswitch: netlink: Actions may not be safe on all matching packets [ 153.572112][ T8662] openvswitch: netlink: Actions may not be safe on all matching packets [ 153.583781][ T8662] openvswitch: netlink: Actions may not be safe on all matching packets [ 153.600901][ T8662] openvswitch: netlink: Actions may not be safe on all matching packets [ 153.605139][ T8672] netlink: 1284 bytes leftover after parsing attributes in process `syz.0.942'. [ 153.642489][ T8662] openvswitch: netlink: Actions may not be safe on all matching packets [ 153.794470][ T8673] netlink: 'syz.0.942': attribute type 1 has an invalid length. [ 153.894650][ T8679] netlink: 8 bytes leftover after parsing attributes in process `syz.3.945'. [ 154.187781][ T8697] FAULT_INJECTION: forcing a failure. [ 154.187781][ T8697] name failslab, interval 1, probability 0, space 0, times 0 [ 154.233021][ T8697] CPU: 0 UID: 0 PID: 8697 Comm: syz.2.952 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 154.233049][ T8697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 154.233060][ T8697] Call Trace: [ 154.233068][ T8697] [ 154.233076][ T8697] dump_stack_lvl+0x189/0x250 [ 154.233105][ T8697] ? __pfx____ratelimit+0x10/0x10 [ 154.233131][ T8697] ? __pfx_dump_stack_lvl+0x10/0x10 [ 154.233156][ T8697] ? __pfx__printk+0x10/0x10 [ 154.233190][ T8697] ? ref_tracker_alloc+0x318/0x460 [ 154.233215][ T8697] should_fail_ex+0x414/0x560 [ 154.233240][ T8697] should_failslab+0xa8/0x100 [ 154.233260][ T8697] kmem_cache_alloc_noprof+0x73/0x3c0 [ 154.233286][ T8697] ? skb_clone+0x212/0x3a0 [ 154.233314][ T8697] skb_clone+0x212/0x3a0 [ 154.233341][ T8697] __netlink_deliver_tap+0x404/0x850 [ 154.233376][ T8697] ? netlink_deliver_tap+0x2e/0x1b0 [ 154.233397][ T8697] netlink_deliver_tap+0x19c/0x1b0 [ 154.233419][ T8697] netlink_unicast+0x72f/0x8d0 [ 154.233450][ T8697] netlink_sendmsg+0x805/0xb30 [ 154.233480][ T8697] ? __pfx_netlink_sendmsg+0x10/0x10 [ 154.233505][ T8697] ? aa_sock_msg_perm+0x94/0x160 [ 154.233528][ T8697] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 154.233549][ T8697] ? __pfx_netlink_sendmsg+0x10/0x10 [ 154.233570][ T8697] __sock_sendmsg+0x219/0x270 [ 154.233593][ T8697] ____sys_sendmsg+0x505/0x830 [ 154.233623][ T8697] ? __pfx_____sys_sendmsg+0x10/0x10 [ 154.233655][ T8697] ? import_iovec+0x74/0xa0 [ 154.233678][ T8697] ___sys_sendmsg+0x21f/0x2a0 [ 154.233704][ T8697] ? __pfx____sys_sendmsg+0x10/0x10 [ 154.233766][ T8697] ? __fget_files+0x2a/0x420 [ 154.233784][ T8697] ? __fget_files+0x3a0/0x420 [ 154.233815][ T8697] __x64_sys_sendmsg+0x19b/0x260 [ 154.233840][ T8697] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 154.233874][ T8697] ? __pfx_ksys_write+0x10/0x10 [ 154.233889][ T8697] ? rcu_is_watching+0x15/0xb0 [ 154.233919][ T8697] ? do_syscall_64+0xbe/0x3b0 [ 154.233937][ T8697] do_syscall_64+0xfa/0x3b0 [ 154.233952][ T8697] ? lockdep_hardirqs_on+0x9c/0x150 [ 154.233976][ T8697] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.233993][ T8697] ? clear_bhb_loop+0x60/0xb0 [ 154.234014][ T8697] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.234031][ T8697] RIP: 0033:0x7f7d57b8e929 [ 154.234047][ T8697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.234061][ T8697] RSP: 002b:00007f7d58a2a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 154.234080][ T8697] RAX: ffffffffffffffda RBX: 00007f7d57db5fa0 RCX: 00007f7d57b8e929 [ 154.234093][ T8697] RDX: 0000000000000000 RSI: 0000200000004340 RDI: 0000000000000003 [ 154.234104][ T8697] RBP: 00007f7d58a2a090 R08: 0000000000000000 R09: 0000000000000000 [ 154.234114][ T8697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 154.234125][ T8697] R13: 0000000000000000 R14: 00007f7d57db5fa0 R15: 00007ffc19857898 [ 154.234154][ T8697] [ 154.684472][ T8706] bridge_slave_1: left allmulticast mode [ 154.710637][ T8706] bridge_slave_1: left promiscuous mode [ 154.745232][ T8706] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.850120][ T8706] bridge_slave_0: left allmulticast mode [ 154.876416][ T8706] bridge_slave_0: left promiscuous mode [ 154.883111][ T8706] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.043258][ T8704] lo speed is unknown, defaulting to 1000 [ 155.653751][ T8756] Bluetooth: MGMT ver 1.23 [ 155.935616][ T8771] vlan2: entered promiscuous mode [ 155.941569][ T8771] bond0: entered promiscuous mode [ 155.947055][ T8771] bond_slave_0: entered promiscuous mode [ 155.957717][ T8771] bond_slave_1: entered promiscuous mode [ 157.133642][ T8791] delete_channel: no stack [ 157.303226][ T8843] __nla_validate_parse: 13 callbacks suppressed [ 157.303247][ T8843] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1003'. [ 157.477479][ T8848] syzkaller1: entered promiscuous mode [ 157.489165][ T8848] syzkaller1: entered allmulticast mode [ 157.575722][ T8848] lo speed is unknown, defaulting to 1000 [ 157.649808][ T8853] lo speed is unknown, defaulting to 1000 [ 157.796145][ T8860] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1008'. [ 158.122830][ T8873] netlink: 'syz.2.1011': attribute type 3 has an invalid length. [ 158.575417][ T8890] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1017'. [ 158.639306][ T8893] xt_CT: You must specify a L4 protocol and not use inversions on it [ 158.808818][ T8893] ip6gretap1: left promiscuous mode [ 158.852838][ T8900] netlink: 'syz.3.1021': attribute type 1 has an invalid length. [ 158.861649][ T8900] netlink: 184 bytes leftover after parsing attributes in process `syz.3.1021'. [ 158.895214][ T8896] lo speed is unknown, defaulting to 1000 [ 159.214531][ T8912] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1022'. [ 159.294820][ T8915] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1024'. [ 159.590043][ T8928] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1029'. [ 159.614954][ T8928] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1029'. [ 159.675184][ T8935] netlink: 'syz.0.1033': attribute type 29 has an invalid length. [ 159.689296][ T8935] netlink: 'syz.0.1033': attribute type 29 has an invalid length. [ 159.701925][ T8935] netlink: 500 bytes leftover after parsing attributes in process `syz.0.1033'. [ 159.871329][ T8944] lo speed is unknown, defaulting to 1000 [ 159.891876][ T8947] netlink: 'syz.3.1037': attribute type 1 has an invalid length. [ 160.084103][ T8954] net_ratelimit: 27 callbacks suppressed [ 160.084123][ T8954] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 160.203006][ T8957] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1040'. [ 160.219139][ T8957] batadv0: entered promiscuous mode [ 160.225915][ T8957] macsec1: entered allmulticast mode [ 160.231229][ T8957] batadv0: entered allmulticast mode [ 160.239249][ T8957] batadv0: left allmulticast mode [ 160.244336][ T8957] batadv0: left promiscuous mode [ 160.966003][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 161.037813][ T8986] netlink: 'syz.2.1048': attribute type 1 has an invalid length. [ 161.104125][ T8986] 8021q: adding VLAN 0 to HW filter on device bond1 [ 161.154919][ T8990] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 161.522795][ T9011] lo speed is unknown, defaulting to 1000 [ 162.387323][ T9053] netlink: 'syz.3.1073': attribute type 1 has an invalid length. [ 162.420716][ T9053] netlink: 'syz.3.1073': attribute type 2 has an invalid length. [ 162.977902][ T9091] __nla_validate_parse: 6 callbacks suppressed [ 162.977920][ T9091] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1085'. [ 163.351317][ T9113] netlink: 'syz.1.1094': attribute type 23 has an invalid length. [ 163.447097][ T5844] Bluetooth: hci4: command 0x0405 tx timeout [ 163.573625][ T9123] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1097'. [ 163.755433][ T9140] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1103'. [ 163.796818][ T9144] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1104'. [ 164.080179][ T9162] Cannot find set identified by id 0 to match [ 164.187733][ T9166] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1114'. [ 164.265116][ T9169] lo speed is unknown, defaulting to 1000 [ 164.490328][ T9184] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1120'. [ 164.533640][ T9186] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1121'. [ 164.600041][ T9189] netlink: 'syz.3.1122': attribute type 1 has an invalid length. [ 164.732731][ T9197] mac80211_hwsim hwsim4 »»»»»»: renamed from wlan0 (while UP) [ 164.794010][ T9198] lo speed is unknown, defaulting to 1000 [ 164.833468][ T9169] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1113'. [ 165.093990][ T9210] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1129'. [ 165.127663][ T9210] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1129'. [ 165.340557][ T9219] netlink: 'syz.4.1132': attribute type 11 has an invalid length. [ 166.178982][ T9260] macsec1: entered allmulticast mode [ 166.191456][ T9260] batadv0: entered allmulticast mode [ 166.210775][ T9260] batadv0: left allmulticast mode [ 166.888547][ T9291] bridge0: port 3(team0) entered disabled state [ 166.895057][ T9291] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.903863][ T9291] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.230747][ T9291] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 167.322998][ T9291] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 167.541267][ T1322] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 167.565186][ T1322] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.599721][ T1322] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 167.628827][ T1322] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.701448][ T1322] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 167.720578][ T1322] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.751146][ T1322] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 167.769613][ T1322] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.050425][ T9339] FAULT_INJECTION: forcing a failure. [ 168.050425][ T9339] name failslab, interval 1, probability 0, space 0, times 0 [ 168.085446][ T9339] CPU: 0 UID: 0 PID: 9339 Comm: syz.3.1172 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 168.085475][ T9339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 168.085487][ T9339] Call Trace: [ 168.085494][ T9339] [ 168.085503][ T9339] dump_stack_lvl+0x189/0x250 [ 168.085534][ T9339] ? __pfx____ratelimit+0x10/0x10 [ 168.085560][ T9339] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.085584][ T9339] ? __pfx__printk+0x10/0x10 [ 168.085608][ T9339] ? __pfx___might_resched+0x10/0x10 [ 168.085632][ T9339] ? fs_reclaim_acquire+0x7d/0x100 [ 168.085667][ T9339] should_fail_ex+0x414/0x560 [ 168.085694][ T9339] should_failslab+0xa8/0x100 [ 168.085715][ T9339] __kmalloc_noprof+0xcb/0x4f0 [ 168.085730][ T9339] ? kfree+0x4d/0x440 [ 168.085754][ T9339] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 168.085779][ T9339] tomoyo_realpath_from_path+0xe3/0x5d0 [ 168.085802][ T9339] ? tomoyo_domain+0xd9/0x130 [ 168.085829][ T9339] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 168.085848][ T9339] tomoyo_path_number_perm+0x1e8/0x5a0 [ 168.085868][ T9339] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 168.085904][ T9339] ? __lock_acquire+0xab9/0xd20 [ 168.085946][ T9339] ? __fget_files+0x2a/0x420 [ 168.085967][ T9339] ? __fget_files+0x2a/0x420 [ 168.085983][ T9339] ? __fget_files+0x3a0/0x420 [ 168.086000][ T9339] ? __fget_files+0x2a/0x420 [ 168.086022][ T9339] security_file_ioctl+0xcb/0x2d0 [ 168.086044][ T9339] __se_sys_ioctl+0x47/0x170 [ 168.086071][ T9339] do_syscall_64+0xfa/0x3b0 [ 168.086086][ T9339] ? lockdep_hardirqs_on+0x9c/0x150 [ 168.086110][ T9339] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.086125][ T9339] ? clear_bhb_loop+0x60/0xb0 [ 168.086146][ T9339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.086162][ T9339] RIP: 0033:0x7f54ecb8e929 [ 168.086178][ T9339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.086192][ T9339] RSP: 002b:00007f54ed98b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 168.086211][ T9339] RAX: ffffffffffffffda RBX: 00007f54ecdb5fa0 RCX: 00007f54ecb8e929 [ 168.086223][ T9339] RDX: 0000200000000180 RSI: 00000000000089e3 RDI: 000000000000000c [ 168.086232][ T9339] RBP: 00007f54ed98b090 R08: 0000000000000000 R09: 0000000000000000 [ 168.086241][ T9339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 168.086250][ T9339] R13: 0000000000000000 R14: 00007f54ecdb5fa0 R15: 00007ffc407b4fa8 [ 168.086275][ T9339] [ 168.355963][ T9339] ERROR: Out of memory at tomoyo_realpath_from_path. [ 168.814422][ T9370] lo speed is unknown, defaulting to 1000 [ 168.831886][ T9382] __nla_validate_parse: 6 callbacks suppressed [ 168.831904][ T9382] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1190'. [ 168.921148][ T9387] netlink: 'syz.2.1189': attribute type 4 has an invalid length. [ 168.971923][ T9383] netlink: 'syz.2.1189': attribute type 4 has an invalid length. [ 169.042977][ T9395] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1193'. [ 169.060240][ T9395] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1193'. [ 169.075740][ T9299] lo speed is unknown, defaulting to 1000 [ 169.084717][ T9299] syz1: Port: 1 Link DOWN [ 169.101232][ T6885] lo speed is unknown, defaulting to 1000 [ 169.108183][ T6885] syz1: Port: 1 Link ACTIVE [ 169.261590][ T9403] x_tables: duplicate underflow at hook 1 [ 170.055000][ T9425] pimreg: entered allmulticast mode [ 170.105403][ T9425] pimreg: left allmulticast mode [ 170.119773][ T9431] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1207'. [ 170.234484][ T9437] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1211'. [ 170.456817][ T9455] netlink: 'syz.3.1213': attribute type 5 has an invalid length. [ 170.465955][ T9455] netlink: 'syz.3.1213': attribute type 7 has an invalid length. [ 170.500571][ T9455] : entered promiscuous mode [ 170.679336][ T9463] vlan3: entered promiscuous mode [ 171.200557][ T9479] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 171.289616][ T9481] netlink: 'syz.0.1226': attribute type 23 has an invalid length. [ 171.555449][ T9494] netlink: 'syz.0.1231': attribute type 11 has an invalid length. [ 171.807011][ T9512] lo speed is unknown, defaulting to 1000 [ 172.416138][ T5840] Bluetooth: hci4: command 0x0405 tx timeout [ 178.802323][ T9560] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1253'. [ 178.829362][ T9567] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1254'. [ 179.155464][ T9589] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1265'. [ 179.157296][ T9583] vlan3: entered promiscuous mode [ 179.194844][ T9589] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1265'. [ 179.209556][ T9589] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1265'. [ 179.219124][ T9589] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1265'. [ 179.235326][ T9589] netlink: 'syz.2.1265': attribute type 10 has an invalid length. [ 179.443071][ T9599] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1271'. [ 179.477182][ T9599] batadv0: entered promiscuous mode [ 179.482586][ T9599] macsec1: entered allmulticast mode [ 179.488814][ T9599] batadv0: entered allmulticast mode [ 179.507894][ T9599] batadv0: left allmulticast mode [ 179.514054][ T9599] batadv0: left promiscuous mode [ 179.578994][ T9606] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1272'. [ 179.798156][ T9608] lo speed is unknown, defaulting to 1000 [ 180.011603][ T9627] netlink: 'syz.0.1282': attribute type 1 has an invalid length. [ 180.025981][ T9627] netlink: 'syz.0.1282': attribute type 2 has an invalid length. [ 180.117911][ T9631] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1281'. [ 180.183684][ T9635] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1281'. [ 182.837706][ T9633] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 182.848875][ T9633] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.046986][ T9633] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 183.057411][ T9633] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.116980][ T9652] netlink: 'syz.2.1287': attribute type 1 has an invalid length. [ 183.268934][ T9652] bond2: entered promiscuous mode [ 183.274546][ T9652] 8021q: adding VLAN 0 to HW filter on device bond2 [ 183.333261][ T9633] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 183.346168][ T9633] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.445069][ T9657] bond2: (slave bridge1): making interface the new active one [ 183.462490][ T9657] bridge1: entered promiscuous mode [ 183.485194][ T9657] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 183.534155][ T9633] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 183.551939][ T9633] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.762985][ T70] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 183.772322][ T70] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.783831][ T70] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 183.792492][ T70] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.836881][ T70] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 183.865840][ T70] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.900669][ T70] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 183.909158][ T70] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.919339][ T9676] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 183.924555][ T9682] netlink: 'syz.0.1299': attribute type 11 has an invalid length. [ 183.938512][ T9676] syzkaller1: linktype set to 804 [ 184.261383][ T9701] __nla_validate_parse: 1 callbacks suppressed [ 184.261400][ T9701] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1307'. [ 184.410467][ T9712] netlink: 'syz.2.1312': attribute type 1 has an invalid length. [ 184.450430][ T9712] 8021q: adding VLAN 0 to HW filter on device bond3 [ 184.473722][ T9712] bond3: (slave geneve2): making interface the new active one [ 184.487579][ T9712] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 184.517212][ T9712] bond3: entered promiscuous mode [ 184.522262][ T9712] geneve2: entered promiscuous mode [ 184.609874][ T9719] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1315'. [ 184.705078][ T9725] netlink: 'syz.1.1317': attribute type 1 has an invalid length. [ 184.735483][ T9725] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1317'. [ 184.745271][ T9725] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1317'. [ 184.810517][ T9729] lo speed is unknown, defaulting to 1000 [ 185.025062][ T9738] vlan3: entered promiscuous mode [ 185.291944][ T9751] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1328'. [ 185.505046][ T9761] netlink: 'syz.4.1333': attribute type 29 has an invalid length. [ 185.536130][ T9761] netlink: 'syz.4.1333': attribute type 29 has an invalid length. [ 185.564512][ T9761] netlink: 500 bytes leftover after parsing attributes in process `syz.4.1333'. [ 186.146751][ T9782] lo speed is unknown, defaulting to 1000 [ 186.235723][ T9798] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1347'. [ 186.245407][ T9794] vlan2: entered promiscuous mode [ 186.435263][ T9798] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1347'. [ 186.707539][ T9814] xt_hashlimit: size too large, truncated to 1048576 [ 186.873794][ T9826] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1355'. [ 186.904698][ T9826] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1355'. [ 187.262337][ T9838] lo speed is unknown, defaulting to 1000 [ 187.303123][ T9843] netlink: 'syz.1.1363': attribute type 1 has an invalid length. [ 187.328831][ T9849] netlink: 'syz.3.1365': attribute type 1 has an invalid length. [ 187.503519][ T9851] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 187.557535][ T9852] 8021q: adding VLAN 0 to HW filter on device bond2 [ 187.569919][ T9852] bond1: (slave bond2): making interface the new active one [ 187.578220][ T9852] bond1: (slave bond2): Enslaving as an active interface with an up link [ 187.588351][ T70] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 187.608095][ T9853] 8021q: adding VLAN 0 to HW filter on device bond1 [ 187.639497][ T9856] bond1: (slave gretap1): Enslaving as a backup interface with an up link [ 187.681834][ T9843] veth3: entered promiscuous mode [ 187.692682][ T9843] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 187.747157][ T3460] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 187.771612][ T9865] sch_fq: defrate 1 ignored. [ 187.965318][ T3460] ------------[ cut here ]------------ [ 187.971570][ T3460] RTNL: assertion failed at ./include/net/netdev_lock.h (72) [ 188.006627][ T3460] WARNING: CPU: 1 PID: 3460 at ./include/net/netdev_lock.h:72 __linkwatch_sync_dev+0x303/0x350 [ 188.017339][ T3460] Modules linked in: [ 188.021437][ T3460] CPU: 1 UID: 0 PID: 3460 Comm: kworker/u8:7 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 188.033776][ T3460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 188.044366][ T3460] Workqueue: bond0 bond_mii_monitor [ 188.049709][ T3460] RIP: 0010:__linkwatch_sync_dev+0x303/0x350 [ 188.055709][ T3460] Code: 7c fe ff ff e8 ce d5 69 f8 c6 05 75 8a 34 06 01 90 48 c7 c7 a0 c9 92 8c 48 c7 c6 43 a5 9c 8d ba 48 00 00 00 e8 be 80 2d f8 90 <0f> 0b 90 90 e9 4d fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 22 fd ff [ 188.077806][ T3460] RSP: 0018:ffffc9000c9e7670 EFLAGS: 00010246 [ 188.083902][ T3460] RAX: 1f681f257ec18900 RBX: ffff888078624000 RCX: ffff8880310b1e00 [ 188.092658][ T3460] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 188.100718][ T3460] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004 [ 188.108739][ T3460] R10: dffffc0000000000 R11: fffffbfff1bfa9ec R12: 1ffff1100f0c485d [ 188.116813][ T3460] R13: dffffc0000000000 R14: ffffffff8c1c4548 R15: 0000000000000000 [ 188.124802][ T3460] FS: 0000000000000000(0000) GS:ffff888125d52000(0000) knlGS:0000000000000000 [ 188.133808][ T3460] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 188.140478][ T3460] CR2: 0000000000000000 CR3: 0000000068b54000 CR4: 00000000003526f0 [ 188.148523][ T3460] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 188.156560][ T3460] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 188.164546][ T3460] Call Trace: [ 188.168033][ T3460] [ 188.170988][ T3460] ? ethtool_op_get_link+0xd/0x70 [ 188.176078][ T3460] ethtool_op_get_link+0x15/0x70 [ 188.181427][ T3460] bond_check_dev_link+0x447/0x6c0 [ 188.187308][ T3460] ? __pfx_bond_check_dev_link+0x10/0x10 [ 188.193071][ T3460] ? netdev_lower_get_next_private_rcu+0x9f/0x100 [ 188.199528][ T3460] bond_mii_monitor+0x428/0x2e00 [ 188.204464][ T3460] ? bond_mii_monitor+0x153/0x2e00 [ 188.209688][ T3460] ? __pfx_bond_mii_monitor+0x10/0x10 [ 188.215166][ T3460] ? __lock_acquire+0xab9/0xd20 [ 188.220055][ T3460] ? process_scheduled_works+0x9ef/0x17b0 [ 188.225857][ T3460] ? _raw_spin_unlock_irq+0x23/0x50 [ 188.231066][ T3460] ? process_scheduled_works+0x9ef/0x17b0 [ 188.236798][ T3460] ? process_scheduled_works+0x9ef/0x17b0 [ 188.242511][ T3460] process_scheduled_works+0xae1/0x17b0 [ 188.248246][ T3460] ? __pfx_process_scheduled_works+0x10/0x10 [ 188.254346][ T3460] worker_thread+0x8a0/0xda0 [ 188.258987][ T3460] kthread+0x70e/0x8a0 [ 188.263051][ T3460] ? __pfx_worker_thread+0x10/0x10 [ 188.268231][ T3460] ? __pfx_kthread+0x10/0x10 [ 188.272837][ T3460] ? _raw_spin_unlock_irq+0x23/0x50 [ 188.278050][ T3460] ? lockdep_hardirqs_on+0x9c/0x150 [ 188.284349][ T3460] ? __pfx_kthread+0x10/0x10 [ 188.289746][ T3460] ret_from_fork+0x3fc/0x770 [ 188.294370][ T3460] ? __pfx_ret_from_fork+0x10/0x10 [ 188.299501][ T3460] ? __switch_to_asm+0x39/0x70 [ 188.304269][ T3460] ? __switch_to_asm+0x33/0x70 [ 188.309074][ T3460] ? __pfx_kthread+0x10/0x10 [ 188.313668][ T3460] ret_from_fork_asm+0x1a/0x30 [ 188.318447][ T3460] [ 188.321452][ T3460] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 188.328733][ T3460] CPU: 1 UID: 0 PID: 3460 Comm: kworker/u8:7 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) [ 188.341022][ T3460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 188.351068][ T3460] Workqueue: bond0 bond_mii_monitor [ 188.356295][ T3460] Call Trace: [ 188.359563][ T3460] [ 188.362496][ T3460] dump_stack_lvl+0x99/0x250 [ 188.367090][ T3460] ? __asan_memcpy+0x40/0x70 [ 188.371702][ T3460] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.376914][ T3460] ? __pfx__printk+0x10/0x10 [ 188.381495][ T3460] panic+0x2db/0x790 [ 188.385384][ T3460] ? __pfx_panic+0x10/0x10 [ 188.389804][ T3460] ? ret_from_fork_asm+0x1a/0x30 [ 188.394742][ T3460] __warn+0x31b/0x4b0 [ 188.398719][ T3460] ? __linkwatch_sync_dev+0x303/0x350 [ 188.404095][ T3460] ? __linkwatch_sync_dev+0x303/0x350 [ 188.409468][ T3460] report_bug+0x2be/0x4f0 [ 188.413807][ T3460] ? __linkwatch_sync_dev+0x303/0x350 [ 188.419170][ T3460] ? __linkwatch_sync_dev+0x303/0x350 [ 188.424540][ T3460] ? __linkwatch_sync_dev+0x305/0x350 [ 188.429909][ T3460] handle_bug+0x84/0x160 [ 188.434229][ T3460] exc_invalid_op+0x1a/0x50 [ 188.438730][ T3460] asm_exc_invalid_op+0x1a/0x20 [ 188.443574][ T3460] RIP: 0010:__linkwatch_sync_dev+0x303/0x350 [ 188.449545][ T3460] Code: 7c fe ff ff e8 ce d5 69 f8 c6 05 75 8a 34 06 01 90 48 c7 c7 a0 c9 92 8c 48 c7 c6 43 a5 9c 8d ba 48 00 00 00 e8 be 80 2d f8 90 <0f> 0b 90 90 e9 4d fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 22 fd ff [ 188.469135][ T3460] RSP: 0018:ffffc9000c9e7670 EFLAGS: 00010246 [ 188.475189][ T3460] RAX: 1f681f257ec18900 RBX: ffff888078624000 RCX: ffff8880310b1e00 [ 188.483148][ T3460] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 188.491108][ T3460] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004 [ 188.499067][ T3460] R10: dffffc0000000000 R11: fffffbfff1bfa9ec R12: 1ffff1100f0c485d [ 188.507027][ T3460] R13: dffffc0000000000 R14: ffffffff8c1c4548 R15: 0000000000000000 [ 188.515095][ T3460] ? ethtool_op_get_link+0xd/0x70 [ 188.520117][ T3460] ethtool_op_get_link+0x15/0x70 [ 188.525129][ T3460] bond_check_dev_link+0x447/0x6c0 [ 188.530233][ T3460] ? __pfx_bond_check_dev_link+0x10/0x10 [ 188.535864][ T3460] ? netdev_lower_get_next_private_rcu+0x9f/0x100 [ 188.542370][ T3460] bond_mii_monitor+0x428/0x2e00 [ 188.547311][ T3460] ? bond_mii_monitor+0x153/0x2e00 [ 188.552421][ T3460] ? __pfx_bond_mii_monitor+0x10/0x10 [ 188.557790][ T3460] ? __lock_acquire+0xab9/0xd20 [ 188.562673][ T3460] ? process_scheduled_works+0x9ef/0x17b0 [ 188.568390][ T3460] ? _raw_spin_unlock_irq+0x23/0x50 [ 188.573575][ T3460] ? process_scheduled_works+0x9ef/0x17b0 [ 188.579281][ T3460] ? process_scheduled_works+0x9ef/0x17b0 [ 188.585353][ T3460] process_scheduled_works+0xae1/0x17b0 [ 188.590913][ T3460] ? __pfx_process_scheduled_works+0x10/0x10 [ 188.596902][ T3460] worker_thread+0x8a0/0xda0 [ 188.601506][ T3460] kthread+0x70e/0x8a0 [ 188.605575][ T3460] ? __pfx_worker_thread+0x10/0x10 [ 188.610675][ T3460] ? __pfx_kthread+0x10/0x10 [ 188.615253][ T3460] ? _raw_spin_unlock_irq+0x23/0x50 [ 188.620440][ T3460] ? lockdep_hardirqs_on+0x9c/0x150 [ 188.625629][ T3460] ? __pfx_kthread+0x10/0x10 [ 188.630204][ T3460] ret_from_fork+0x3fc/0x770 [ 188.634788][ T3460] ? __pfx_ret_from_fork+0x10/0x10 [ 188.639905][ T3460] ? __switch_to_asm+0x39/0x70 [ 188.644738][ T3460] ? __switch_to_asm+0x33/0x70 [ 188.649486][ T3460] ? __pfx_kthread+0x10/0x10 [ 188.654152][ T3460] ret_from_fork_asm+0x1a/0x30 [ 188.658916][ T3460] [ 188.662184][ T3460] Kernel Offset: disabled [ 188.666494][ T3460] Rebooting in 86400 seconds..