last executing test programs: 11m4.838840101s ago: executing program 2 (id=1225): socket$key(0xf, 0x3, 0x2) r0 = socket$inet(0x2, 0x3, 0x30) getsockopt$inet_mreqsrc(r0, 0x0, 0x53, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0xfffffeffffff7f7e, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x1, 0x0, 0x0, 0x3}, {0xfffffffffffffffc}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0xfffffff5) 11m3.203743225s ago: executing program 2 (id=1246): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000080000000000000064ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) (async) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) (async) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000040)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f00000000c0)=0x1c) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x10, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="7910480000000000790048000000000095"], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) getsockopt$rose(r0, 0x104, 0x7, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x21000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r3) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_KEY(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x34, r4, 0x1, 0x3, 0x0, {{0xa}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_DEFAULT_TYPES={0x8, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_KEY_IDX={0x5}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x48881}, 0x40) mmap(&(0x7f0000496000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0) (async) mmap(&(0x7f00004f1000/0x3000)=nil, 0x3000, 0x2000006, 0x12, r1, 0x913e0000) (async) sendmsg$key(0xffffffffffffffff, 0x0, 0x10) (async) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f0000000100)) (async) ioctl$PPPIOCSACTIVE(r6, 0x40107446, &(0x7f0000000080)={0x1ffffffffffffdfc, &(0x7f00000000c0)=[{0x58, 0x8, 0xfe, 0x9}, {0x6, 0x0, 0xfc, 0xab}]}) (async) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x13, r7, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f00005d5000/0x2000)=nil, 0x2000, 0x3, 0x28011, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r8, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) (async) mmap(&(0x7f00005d6000/0x1000)=nil, 0x1000, 0x2000002, 0x13, 0xffffffffffffffff, 0x12e9d000) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000aac020000060a0b040000000000000000020000003c020480380201800a0001006d6174636800000028020280080002400000000114020300d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d532452032d5f166334739d1719a5778bd4f724ee4ca57f2527aeeb0c75755d68fc6fa55f4825682ee95e581039823e5963beedcf65b8b005623d90772b8b6ebd2498b0aff725a3eabb6c99cb2edfe10b9c33be8a971e08401bc0807e75a2ff376b7934473bc1f02bb512b77414daf260c9c7d4e1f0758b56ec5823892af310e6252fcfb1d9dbad362baa26f43f12f831fd221926d6536eeff641db46920ae0e48f3ff5de599714ba6510ce479d4116a519792281736f39c9fc0e10ef557392c43389271cebcf36543fcf6f83bf74b93ee4eb5e8c82e35bb4784cc1ed0ad291b16e8368487589f7590bf5896f340a36555a1cf69736da230a809176dbdfba3d47efb9a6932e5503d277532b7d4e6f7c7373a298e5843a9f74d5fd07fbc6ad22bc644ba9b3c94ec3c8f0b9321b16e5826b1f058f781760a5d4b6a8880202b41689139c37cd51f65a92d883f8901add03b650c9ec182fb565a4d657ebba9d6a5eb426b22d5933b72362e6ec327fb679aa8034b8b3b6680ad138be47652a3e77981187d2921cebfc1639aa280e3d38dba9b1af49ceded79c78a2d656b3a3e946e17e6257def6679f70f11aa01a2d906aecf4dbc7d1a332a8932ed719ce7eecb5450f494f944b3f6b637502ddba609c6e45dcfad1db7c7dda3e2c8d5ddcf27132985442e9b8df16f96c82e72e3e2491856d07756b9f08000100627066000900010073797a30000000000900020073797a3200000000440005800800024000000002080001"], 0x2d4}}, 0x4048010) 11m2.954000881s ago: executing program 2 (id=1249): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384-generic\x00'}, 0x58) socket(0x10, 0x803, 0x0) (async) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) syz_init_net_socket$ax25(0x3, 0x3, 0x8) (async) r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x8) ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={'rose', 0x0}, 0x7fffffff, 'syz1\x00', @null, 0x9, 0x3, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default]}) recvmmsg(r1, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f00000000c0)=""/91, 0x5b}, {&(0x7f0000000380)=""/149, 0x95}, {&(0x7f0000003800)=""/4111, 0x100f}, {&(0x7f0000000600)=""/212, 0xd4}, {&(0x7f0000000540)=""/96, 0x60}, {&(0x7f0000002440)=""/84, 0x54}, {&(0x7f0000000980)=""/63, 0x49}, {&(0x7f0000000440)=""/10, 0xa}, {&(0x7f0000000300)=""/102, 0x66}, {&(0x7f0000000880)=""/198, 0xc6}, {&(0x7f0000000780)=""/203, 0xcb}, {&(0x7f0000001000)=""/130, 0x82}], 0xc, 0x0, 0x0, 0xb00}, 0x40d40b70}], 0x40000000000026d, 0x0, 0x0) r3 = accept4(r0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000711210000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) read$alg(r3, &(0x7f0000000000)=""/35, 0x23) (async) read$alg(r3, &(0x7f0000000000)=""/35, 0x23) 11m2.712583336s ago: executing program 2 (id=1252): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$sock(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000100)=@l2tp={0x2, 0x0, @broadcast, 0x3}, 0x80, 0x0}}], 0x1, 0x48094) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) setsockopt$IP_VS_SO_SET_DEL(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000040)={0x2b, @rand_addr=0x64010100, 0x4e24, 0x3, 'lblc\x00', 0x22, 0x9, 0x48}, 0x2c) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r1, 0x0, 0xffffffff000) listen(r0, 0x200) 11m2.586505797s ago: executing program 3 (id=1254): r0 = socket(0x2, 0x5, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f0000002e40)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000200)="f9", 0x1}], 0x1, 0x0, 0x0, 0x80020}], 0x1, 0x40c0) sendmmsg$inet_sctp(r0, &(0x7f0000000bc0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000001c0)=[{0x0, 0x2}], 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c0000000000000000002b0388edb6556900000000000000000000000060ff", @ANYRES32=0x0], 0x30}], 0x1, 0x0) 11m2.481985975s ago: executing program 3 (id=1256): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x13c, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0xffffffffffffffff}}, [@tmpl={0x84, 0x5, [{{@in=@remote, 0x0, 0x6c}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000}, {{@in6=@loopback, 0x0, 0x3c}, 0x2, @in=@remote, 0x0, 0x1}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x5593ee2f0bddd481}, 0x0) 11m2.254073807s ago: executing program 3 (id=1257): syz_init_net_socket$rose(0xb, 0x5, 0x0) r0 = socket(0x10, 0x3, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vxcan0\x00', 0x0}) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={@map, 0xffffffffffffffff, 0x22, 0x2000}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0xa, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x31}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0xb}, 0x94) sendmsg$nl_route(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@can_newroute={0x24, 0x18, 0x1, 0x0, 0x200, {0x1d, 0x1, 0x8}, [@CGW_DST_IF={0x8, 0xa, r2}, @CGW_SRC_IF={0x8, 0x9, r3}]}, 0x24}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x40020) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x839, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r3, {0x1, 0x18}, {0xffff}, {0x1, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x8084}, 0x0) 11m1.519931884s ago: executing program 2 (id=1260): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f00000004c0)=[{0x28, 0x0, 0x5, 0xfffff034}, {0x80000006, 0x0, 0x12, 0xf9}]}, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r1 = socket(0x10, 0x2, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0x0, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='wg2\x00', 0x10) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5}, 0x0) syz_emit_ethernet(0xbe, &(0x7f0000000440)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa000800450000b00000000000019078ac1e0001ac1414aa0304907800000000450000000000000000010000ac141400ac1414aa07130000000000000000000000000000000000440c00037f00000100000000890f0000000000ffffffffffffffff444c0001ac1e00010000010000000000000000000000000000000000ac1414aa000000007f000001000000000000000000000000e000000200000000ffffffff00000000ffffffff00000000440400000000"], 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETOFFLOAD(r4, 0x400454c9, 0x13) ioctl$TUNSETGROUP(r4, 0x400454ce, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000181100007d9fd9d0c809bd2f272272f0042ab12f417313d7e7892102e6184266132b0690bf4625ad91b612f3856058dfed2444d950c1084a878991ede896b0cfa6163abd66d826f286ef1ed6ee2c97c8a60a26f56682b9ba2e30b80fd7dee88db00ceea4847046ad646e823c18f08fdaf78f1f", @ANYRES32=r5, @ANYRESDEC, @ANYRES16=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) unshare(0x72060500) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r7 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a320000000008004100", @ANYRES8=r1], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x400c844) sendmsg$RDMA_NLDEV_CMD_DELLINK(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf25080001000f000000"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000580)='kfree\x00', r6}, 0x18) unshare(0x64000600) r8 = socket$inet6(0x10, 0x2, 0x0) write(r8, &(0x7f0000000000)="fc0000001c000705ab092509b86813000aab080102000000b85b0e93210001c0f0060848050000010000000000039815fa2c53c28648000000b937799f377a00bc000c00f0036cdf0db400600033d44000040060b16a482c0a3c313012dafd5a32e273fc83ab82d710f74cec18444ef90d475ef8b2863ef3d92c94170e5bba2e177312e081f691bc5110556888100000463ae4f5df1b394cfd6239ec2a0f0d1bcae5f5502943283f4b9e611183b102b2b8f5566791cb19020191bd0733802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4794eedfca92c09d776e7a90ab79a6f00a1960548deac279c00"/252, 0xfc) 11m1.339396602s ago: executing program 3 (id=1262): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x30, 0x0, 0x800, 0x70bd2a, 0x25dfdbfc, {}, [@NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x9e}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0xd}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000480}, 0x4) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r2, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$l2tp6(0xa, 0x2, 0x73) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x0, 0x1, 0x0, 0x0, {0x6}}, 0x14}}, 0x0) bind$l2tp6(r3, &(0x7f0000000000)={0xa, 0x0, 0x3, @empty, 0x0, 0x3}, 0x20) connect$l2tp6(r3, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20) sendmmsg$inet6(r3, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff00) setsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000280)={0x0, @loopback, @rand_addr=0x64010101}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40500000000000061107e0000000000dd710000000000009500090000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0xd, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0x4}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}}], {0x95, 0x0, 0xff85}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xbb2}, 0x94) 11m1.066885064s ago: executing program 3 (id=1264): ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec9700019888fffc000018c6ba35000000000000000700ff020000000000fffffffffffffff50100000000000000cc"], 0xfdef) 11m0.923306147s ago: executing program 2 (id=1265): r0 = socket$inet(0x2, 0x2, 0x1) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x402, 0x0, 0x1}, 0x50) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, 0x0, &(0x7f00000001c0)) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000280)=@sack_info={0x0, 0x0, 0x3ff}, 0xc) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000080)={r5}, &(0x7f00000000c0)=0x8) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x2d) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="dc00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c000280050001000000200008000480040003800800084000000000080008400000000734000f80"], 0xdc}}, 0x0) 11m0.317817222s ago: executing program 32 (id=1265): r0 = socket$inet(0x2, 0x2, 0x1) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x402, 0x0, 0x1}, 0x50) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, 0x0, &(0x7f00000001c0)) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000280)=@sack_info={0x0, 0x0, 0x3ff}, 0xc) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000080)={r5}, &(0x7f00000000c0)=0x8) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x2d) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="dc00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c000280050001000000200008000480040003800800084000000000080008400000000734000f80"], 0xdc}}, 0x0) 11m0.31122377s ago: executing program 3 (id=1268): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x28) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r2 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x20040000}, 0x44000) write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd0900300003003000000060ce902d9f0c3a0081e949b93897bc3b00000000a0007d01ff020000000000000000000000000001"], 0xfdef) 10m59.921750669s ago: executing program 33 (id=1268): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x28) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r2 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x20040000}, 0x44000) write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd0900300003003000000060ce902d9f0c3a0081e949b93897bc3b00000000a0007d01ff020000000000000000000000000001"], 0xfdef) 4.131167248s ago: executing program 5 (id=6497): ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000080)={'sit0\x00', &(0x7f00000001c0)={'ip_vti0\x00', 0x0, 0x7800, 0x40, 0x223, 0x0, {{0x3b, 0x4, 0x3, 0x3b, 0xec, 0x68, 0x0, 0x8, 0x2b, 0x0, @remote, @broadcast, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x54, 0xc9, 0x1, 0x8, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x71c}, {@multicast2, 0xffffffff}, {@multicast2, 0xfff}, {@multicast1, 0x7}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x2}, {@broadcast, 0xffff}, {@remote, 0x5}, {@loopback, 0xb1}, {@remote, 0x2}, {@local, 0xfffffff7}]}, @timestamp_addr={0x44, 0x44, 0x27, 0x1, 0x7, [{@multicast1, 0x9}, {@rand_addr=0x64010100, 0x4f19}, {@dev={0xac, 0x14, 0x14, 0x30}, 0xb9}, {@remote, 0x1}, {@rand_addr=0x64010100, 0x3}, {@loopback, 0x3cf}, {@private=0xa010102}, {@remote, 0x1}]}, @ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x34, 0x3, [{0x0, 0x8, "2a2a27e2984d"}, {0x7, 0x2}, {0x0, 0x5, "f064cf"}, {0x4, 0xe, "a255498f9cc737cde2dcce0e"}, {0x2, 0x11, "19be1339b7cf74f9046707e3acafcf"}]}, @rr={0x7, 0x3, 0xf0}]}}}}}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff02000000000000000000000000000100000000000002cc00000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e64021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef) 3.686814766s ago: executing program 5 (id=6503): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000d0ff00000000000000000004851000000600000018000000", @ANYRES32=0x0, @ANYBLOB="00000001070020006608000000000001180000000000001000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x8}, 0x94) 3.378794131s ago: executing program 5 (id=6508): socketpair$nbd(0x1, 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0xffffffc1) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000003ef0001800e000100636f6e6e6c696d6974000000"], 0xd0}, 0x1, 0x0, 0x0, 0x60000800}, 0x4000024) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0xfffffffffffffefb, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22052, r1, 0x0) (fail_nth: 47) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_DISABLE(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x4) shutdown(0xffffffffffffffff, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xbc}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0) socket$netlink(0x10, 0x3, 0xb) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), 0xffffffffffffffff) 2.609770767s ago: executing program 4 (id=6511): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fbdbdf250100000008000100030000002c00048005000300010000000500030001000000050003000100faff040003000200000005000300070000000800020002000000"], 0x50}}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), r2) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000840)={0x5c, r3, 0x5eae78d9c54e9d3f, 0x0, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SEC_KEY={0x40, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xe}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "d45cc7242de81ae9b87d0c18640bb308"}, @NL802154_KEY_ATTR_ID={0x20, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x9}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}]}]}]}, 0x5c}}, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000600), r5) sendmsg$IEEE802154_ASSOCIATE_RESP(r5, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)={0x14, r6, 0x401, 0x70bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x20008004) sendmsg$IEEE802154_LLSEC_ADD_KEY(r2, &(0x7f00000001c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x60, r6, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_USAGE_COMMANDS={0x24, 0x32, "8703853a33759a84a93129d8e7dafc9bd2bb43056f2428c5765a42e1fb1de437"}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0xdf14}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}]}, 0x60}, 0x1, 0x0, 0x0, 0x4}, 0x404c005) 2.502165864s ago: executing program 5 (id=6513): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x4, 0x5, 0x2, 0x4038a09, 0x4, @empty, @mcast2={0xff, 0x5}, 0x0, 0x0, 0x0, 0x5}}) unshare(0x6a040000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) unshare(0x600) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={&(0x7f00000002c0)="a7e3c11073f57f9e4978aafe780ae4f8ae7620312693639f91d0bf5de4a04117e44a1050cc03b8dc9ec3898f6fe8be971a235e2c5b4bed729efd79b53422cad3555a3fea472ba77dcfc36fafb53597b4c1507f9190a4477cc57c169ef4b1e3953659192a1315d362b9697185601352", &(0x7f0000000340)=""/75, &(0x7f00000003c0)="6adcd3da9edb59240e8971b926407c19a8db884ccf7520c146ca6edb19f42d4968f43cd7a91f6ba3cfc2d4a4928cbf8fa0c9f5f856fa20b0f68eb27fdd7c1987a97ad1f49baa2def4f0c06178e846da8145f985c8c28e09877a6f224ff9052f2fd6ba0391e6ae51fe41d0fc111df8c4333c19c132d90d1610bb045ea7c38a353c2d06655128be785752e4518a82b52f9f2bc5bd8db70f3b80ca78f5b990c8db9117657cf0cb591f952cee90776c191451b9187caf0f1a600e4b401fad569ae25d4", &(0x7f0000000600)="d8b8554e0d1c686676f67bbefb4ee16c42942a8c43e0c658346dc9986923ceb17a2ef6127fde361aa8d16af81ded9ed06086bd48a6943f0e3993ab3e441b2b866b307d0d4e5acabed95342d9ce0f56481d96384ac6a0bd6dcbc7b3ceec14fa41bf168985127e0ec1bd704712757912095afc44cdde636606f69f55e83e43e019fa60dd8e6b9aa3087857dd2d1ed56f2e868a7c0b5bba892bf7fe2f37468c7fa01b9a318d20b26c3d407a933023079b751749ed22cf7fe6f6f5aa6d6b81504eae68dbfa27615014224736b18f102f2f060c1ca564f4c9beab26e0ec299942490f66bbe76d2c9c276c4e", 0x4, r2, 0x4}, 0x38) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000540)={0x0, 0x1, 0x0, 0x2, 0x9, 0x200, 0x0, 0xa77a, {0x0, @in6={{0xa, 0x4e22, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0xfffffff7}}, 0x74, 0x4, 0xe60e, 0x8, 0x7}}, &(0x7f0000000280)=0xb0) 2.294941695s ago: executing program 0 (id=6516): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0xf}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x201, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) 2.276153283s ago: executing program 4 (id=6518): ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000080)={'sit0\x00', &(0x7f00000001c0)={'ip_vti0\x00', 0x0, 0x7800, 0x40, 0x223, 0x0, {{0x3b, 0x4, 0x3, 0x3b, 0xec, 0x68, 0x0, 0x8, 0x2b, 0x0, @remote, @broadcast, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x54, 0xc9, 0x1, 0x8, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x71c}, {@multicast2, 0xffffffff}, {@multicast2, 0xfff}, {@multicast1, 0x7}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x2}, {@broadcast, 0xffff}, {@remote, 0x5}, {@loopback, 0xb1}, {@remote, 0x2}, {@local, 0xfffffff7}]}, @timestamp_addr={0x44, 0x44, 0x27, 0x1, 0x7, [{@multicast1, 0x9}, {@rand_addr=0x64010100, 0x4f19}, {@dev={0xac, 0x14, 0x14, 0x30}, 0xb9}, {@remote, 0x1}, {@rand_addr=0x64010100, 0x3}, {@loopback, 0x3cf}, {@private=0xa010102}, {@remote, 0x1}]}, @ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x34, 0x3, [{0x0, 0x8, "2a2a27e2984d"}, {0x7, 0x2}, {0x0, 0x5, "f064cf"}, {0x4, 0xe, "a255498f9cc737cde2dcce0e"}, {0x2, 0x11, "19be1339b7cf74f9046707e3acafcf"}]}, @rr={0x7, 0x3, 0xf0}]}}}}}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff02000000000000000000000000000100000000000003cc00000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e64021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef) 2.222425507s ago: executing program 6 (id=6519): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000018c0)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000022780)=@newlink={0x40, 0x10, 0x49920d862a92143b, 0x100000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x40}, 0x1, 0x0, 0x0, 0x8004}, 0x24000800) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0x1, 0x58, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001480)={{0x14}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0xb}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x89}]}}}, {0x18, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0xc}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELCHAIN={0x14, 0x5, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x6}}], {0x14}}, 0xb0}}, 0x0) r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x6) r5 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$nl_route_sched_retired(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=@newtclass={0x558, 0x28, 0x800, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x10, 0xfff3}, {0x0, 0xe}, {0x0, 0xfff3}}, [@c_atm={{0x8}, {0x30, 0x2, [@TCA_ATM_HDR={0x21, 0x3, "1c742798c43e12c1d98dce9702a45b4a9a1cfde3df8678eec00517aecf"}, @TCA_ATM_FD={0x8, 0x1, r3}]}}, @c_atm={{0x8}, {0x58, 0x2, [@TCA_ATM_EXCESS={0x8, 0x4, {0xfff1, 0xe}}, @TCA_ATM_FD={0x8, 0x1, r4}, @TCA_ATM_FD={0x8, 0x1, r5}, @TCA_ATM_HDR={0x3b, 0x3, "7e05f315b227f1318c23238a8a21f97cd48c7e048a38932eb5052f4956464ab73fdec39e309b2c848a0de5945a26e499931a125d18df0c"}]}}, @c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_VALUE={0x5, 0x5, 0x9}}}, @c_cbq={{0x8}, {0x1c, 0x2, [@TCA_CBQ_LSSOPT={0x18, 0x1, {0x3b, 0x0, 0x9, 0x81, 0xd, 0xa, 0x8000, 0x3}}]}}, @c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_VALUE={0x5, 0x5, 0x9}}}, @c_cbq={{0x8}, {0x428, 0x2, [@TCA_CBQ_WRROPT={0x10, 0x2, {0xba, 0x2, 0x2, 0x6, 0x80000000, 0xfffffffc}}, @TCA_CBQ_RTAB={0x404, 0x6, [0x8, 0x398, 0x3, 0x9, 0xe, 0x5, 0x5, 0x5, 0x1ff, 0x4, 0xb, 0xe, 0x4, 0x8, 0x3, 0x0, 0xfff, 0x3, 0x5, 0x2, 0x9, 0x9, 0x70e86d70, 0x7fff, 0x200, 0x6, 0x1, 0x8001, 0x3, 0x3, 0xd6547a59, 0xd, 0x0, 0x8, 0x0, 0x2, 0x401, 0xf, 0x1, 0x7, 0x5, 0xf118, 0x1, 0x7f, 0x3, 0xfffffffa, 0xffff8f7d, 0xa50, 0x5, 0x8, 0x7, 0x4, 0x11, 0x100, 0x0, 0x1c30, 0x3, 0x7, 0xc3, 0xdaf, 0x5, 0x6, 0x3, 0x4, 0x2c7, 0x4, 0x80000000, 0x2, 0x400, 0xc9, 0x8000, 0x7, 0x0, 0x4, 0x7, 0x8, 0x27, 0x4, 0x0, 0x5, 0x38800000, 0xfff, 0xfff, 0x9, 0x4, 0xda, 0x1, 0x5, 0x2, 0x3, 0xd54, 0x100, 0x7ff, 0xd, 0x10001, 0x0, 0xb, 0x81, 0x2, 0xf3, 0xfe5e, 0x0, 0xffff, 0x93eb, 0xd, 0xfff, 0x3, 0x4, 0x5, 0x93, 0x0, 0x5, 0x6, 0xffffffff, 0x1, 0x6, 0x5, 0xfffffffe, 0x10001, 0x81, 0x1, 0x9, 0x7fff, 0x5, 0x6, 0x1, 0x7fff, 0xfffffffe, 0x3d, 0xd, 0x4, 0x9, 0x7, 0xae0b, 0x40, 0x8, 0x93b2, 0x9, 0x1000, 0xe, 0x400009, 0x80000001, 0x2, 0x9, 0x2, 0xfffffff9, 0x800, 0xfffffffd, 0x9, 0xffff, 0xbb, 0x5, 0x4, 0x750c, 0x101, 0xb, 0x101, 0xf, 0x3, 0x5, 0x3, 0x2, 0x101, 0x1fd, 0x6000, 0x2, 0x0, 0x9, 0x4, 0xfffffff7, 0x2, 0xf, 0x3, 0x8, 0x87db, 0x7, 0x9, 0x4f, 0xfff, 0x4, 0x4, 0x0, 0xc, 0xc, 0xd, 0x1, 0x6, 0x9, 0x1, 0x7af, 0xc623, 0x3, 0x3, 0x4, 0x4, 0x3, 0xfff, 0xfffffe79, 0x8, 0x2, 0xcd8, 0x2, 0x32, 0x1, 0x5d, 0x3ff, 0x4, 0x4, 0x1, 0x1, 0x7fffffff, 0x6, 0x800, 0xf0000000, 0x2, 0x5, 0x200, 0x9, 0x7fffffff, 0xf, 0x3, 0x9, 0x3, 0x783, 0x9, 0x4, 0x4, 0x200, 0x8, 0x873, 0x4, 0x5, 0xe52, 0x8000, 0x24, 0x1, 0x4, 0x6, 0x2, 0x4, 0x2, 0x3, 0x1, 0xfff, 0x4, 0x200, 0x4000000, 0x5, 0x7, 0x8ace, 0x10, 0x7, 0x5, 0x80000001, 0x3, 0xbb]}, @TCA_CBQ_RATE={0x10, 0x5, {0x3, 0x0, 0x1000, 0x6, 0x6c, 0x5}}]}}, @c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_VALUE={0x5, 0x5, 0x7}}}]}, 0x558}}, 0x1) socket$inet6_udplite(0xa, 0x2, 0x88) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r8 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r7, @ANYBLOB="00000000100000001c001a80", @ANYRES16=r6], 0x44}}, 0x0) 2.167411781s ago: executing program 0 (id=6520): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWSETELEM={0x2c, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x54}}, 0x0) 1.968915503s ago: executing program 0 (id=6522): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="120000000d0000000400000002"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r3, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r2}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r3}, &(0x7f0000000100), &(0x7f00000001c0)=r1}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r4}, &(0x7f0000000240), &(0x7f0000000280)=r2}, 0x20) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x405, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_FWMARK={0x8}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r5, 0x800448f0, &(0x7f0000000200)={0x4, 0x3ff, "738bb7", 0xd5, 0x5}) 1.874728533s ago: executing program 6 (id=6523): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) socket(0x10, 0x803, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x72}, 0x2c) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e1f, 0x3, 'lc\x00', 0x4, 0x81, 0x5}, {@rand_addr=0x64010102, 0x4e26, 0x0, 0xcb, 0x12d5c, 0x12d5c}}, 0x44) setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x489, &(0x7f0000000380)={{0x84, @multicast1, 0x4e20, 0x3, 'sh\x00', 0x0, 0x60000000, 0xc}, {@rand_addr=0x64010102, 0x4e26, 0x12002, 0x3, 0x8001, 0x1}}, 0x44) socket(0x400000000010, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r4, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f110000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff00) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000006000000080000000500000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00:\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) close(0x3) unshare(0x6a040000) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00'}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001080)={{r5}, 0x0, &(0x7f0000001040)}, 0x20) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_CONNECT(r7, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x5bc}, 0x8) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) 1.874482466s ago: executing program 1 (id=6524): r0 = socket$inet(0x2, 0x2, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @dev={0xac, 0x14, 0x14, 0x1f}, r1}, 0xc) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720ac4ff000000007110b4000000000095"], &(0x7f0000000480)='GPL\x00'}, 0x94) 1.741195455s ago: executing program 0 (id=6525): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000540)=ANY=[@ANYBLOB="4800000010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="03013000000000002000128008000100677265001400028008000600ac14142e08000700e000030a08000a00", @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x24040000}, 0x2000800) syz_init_net_socket$x25(0x9, 0x5, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) bind$xdp(r3, &(0x7f0000000180)={0x2c, 0x2, r5}, 0x10) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000740)={0x0, 0x206000, 0x0, 0x3}, 0x20) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014) 1.736408695s ago: executing program 1 (id=6526): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="640000000206010100000000000000000000000005000400000000000900020073797a30000000000500010007000000050005000a000000140007800800114000000000080012400000ffff16000300686173683a6e6574"], 0x64}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f00000006c0)={0x1c, r2, 0x221, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0x4}, @ETHTOOL_A_FEATURES_WANTED={0x4}]}, 0x1c}}, 0x40040) r3 = socket(0x10, 0x803, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r1, &(0x7f0000000700)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000005c0)={&(0x7f00000004c0)={0x68, r5, 0x100, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x256, 0x1c}}}}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x69}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_IE={0x8, 0x2a, [@ibss={0x6, 0x2, 0x8}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x68}, 0x1, 0x0, 0x0, 0x20008000}, 0xc090) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x401, 0x2000000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x13901}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0xff}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xa21d294a74a2b459}, 0x80) sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) getsockopt$netrom_NETROM_T1(r3, 0x103, 0x1, &(0x7f0000000140), &(0x7f0000000180)=0x4) recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f00000000c0)=""/91, 0x5b}, {&(0x7f0000000380)=""/149, 0x95}, {&(0x7f0000003800)=""/4096, 0x1000}, {&(0x7f0000000600)=""/212, 0xd4}, {&(0x7f0000000540)=""/96, 0x60}, {&(0x7f0000002440)=""/84, 0x54}, {&(0x7f0000000980)=""/63, 0x3f}, {&(0x7f0000000440)=""/10, 0xa}, {&(0x7f0000000300)=""/102, 0x66}, {&(0x7f0000000880)=""/198, 0xc6}, {&(0x7f0000000780)=""/203, 0xcb}, {&(0x7f0000001000)=""/130, 0x82}], 0xc, 0x0, 0x0, 0xb00}, 0x40d40b70}], 0x1, 0x0, 0x0) 1.606703116s ago: executing program 4 (id=6527): socketpair$nbd(0x1, 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0xffffffc1) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000003ef0001800e000100636f6e6e6c696d6974000000"], 0xd0}, 0x1, 0x0, 0x0, 0x60000800}, 0x4000024) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0xfffffffffffffefb, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22052, r1, 0x0) (fail_nth: 48) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_DISABLE(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x4) shutdown(0xffffffffffffffff, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xbc}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0) socket$netlink(0x10, 0x3, 0xb) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), 0xffffffffffffffff) 1.008011299s ago: executing program 5 (id=6528): r0 = socket$inet_tcp(0x2, 0x1, 0x0) syz_emit_ethernet(0x52, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd604fd318001c0600fc010000000000000000000000000002fe8000000000000000000000000000aa00004001efc1f26849aed9696e0a1b8d3550437eb84501a141654374591036bffcc44d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="7002000090780000fe06f989fc2e0802"], 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@remote, 0x8, 0x1, 0x1, 0x2, 0xc}, 0x20) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl(r2, 0x8b32, &(0x7f0000000040)) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1c}}, 0x8080) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x6, 0x1, 0xff, 0x2}, 0x20) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) socket$inet_mptcp(0x2, 0x1, 0x106) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl(r3, 0x8b32, &(0x7f0000000040)) ioctl$BTRFS_IOC_DEV_REPLACE(r0, 0xca289435, &(0x7f0000001b80)={0x2, 0x0, @start={0x0, 0x1, "3b1cde1cb1c9af7217fffb15ea6349d3c73e2ed47c5d0fefda2f39d3c59baac3a859f6359c2c8f15fd2b4fec5789c80a1c2cc3cb195a06e3ad9f044514d2954dbc53d78d2d2e85ae8f350bfab5d5df1e30b10a5784700e408fc11b2b0fac53b6900b2b6f082e838379cf02c025df980ebd89a9d85abae4bd147d6212b7061187e055839df8b599677de388880263c003518f4543f104fe8a9338199859ed2369d2d4b8c0a822c912b7503d8cb2d8160cab61e9f9095bd9542d6a1469bba2ae8b9abdebf5f7298b9512fc8db0de658a8f009942dbbd740f079ef20402107a337f0d89558a398c8774ca5de0bcb7f97fb9ee0b917c7d78813ef9c3fb9cdb9c7f336ccfa574ca2c4b89f0327a7458c80950c716446941218160dad5d5d6044627ecd1cc1a0b19db5c31db633a7a9f23810e303175be5ae45a26964fdb9288fc040dad9a5e5e50166bc652add5c038605296f506b8694ea0a6da541efdd557d670ab01eada6272cabfc7d2a8d1e9430fcbda1056e43b912d7bb426e84b373f0fec6524649c62022d71fe4f5cc4e2b15502bf7a58bfdef5a84f5bfa1acdd689ef780a523d603c88066cba8db3f3e812265bb3167dd42ade063ec6c1e4877203a829378594f5849944ddd43da86c0ff0532654ff57474e4d03a9dd85376d05b11574b119296866b8178810be78dfab67f8708575cdcd2106d71ccfc573caf059d4fbe7e622e86cbeca55852f01786c80142751bb27bea476cbd4a81220615c5e1ba6dc803a8ce2189b22684c43183c309197dbb21b881032ef71390aa95d200654572c822052d44e9cae6c7e8a996361e972ed937244f08c4f29fc5faea0c33581678eb3d4226932fe12beda5033e839a0a937e930bf57c082b99af70c7b9784eed27333068c8168214379df76d4a2c107190892e730b5bd09101f9e53a2d8b446a2be1351e5ec0c7a57df90061483ac680da8bc5d94e5ac9647fb7ba9df039466ddebbe42eddc586289b895c4a5ac2a9cb7e7c12e6d503f7d01f2519fba231501da06aa83f53febe76a27c00dc070e97118c5415f6d466ab7a11c49d81139988b6243592e8e7643d0ea010f02007cc870e1a648d01bf1c8971e83f0446b340f2f9fc10fa61cb5ce0260e6a4a0d03fc2e8aaa676c216495627a2c15b514528b76411a46507a5c29dba643c96ea664cd0daa72f7a267500e01ddfbd38e60f1dd8d81a2fda2ff98c3ed22ea4f83d648bb45eed94af26382f608c7b04043bd8321db394fe31871bba05fc03a5a9c4e665c247dac8bb085c9fc615c6a3f04580cc29cf63cc7413db3806dd98c4cbbb348cb355abfd8ddc6b591c140f9296c007af6b5e1aa44d9222135f40ed42a37e7f0ad416b0a0e1fbe4bc1601db4b5d91707db07c504e16816c7917c1555e6961eae83b4265418de4495f617b6b0200", "4dd7712fcf3dc02360f33f78c12e596c7c8196abb8974e0325f2a7663b3d54b536a56c5b2b5c535b8735849f1856dc6ab878dfe61e11a68255369ac4d0de29cf61df38613a3afcac2128e987723228ac99b98a29b060dbc0ea156cf4671f805b99a2550aa9a8e6a7892732d8077bdd5cdaf180eb3a90368114321a536931da55ffad1cab30acec57cac63c3f968c156ec8a456be3e5b518d6f11327e23f77d1382142fc664611f694611b4a838e7e1d2d0f6262e116d38495da094906ce735ee329f712ffb3176150c0253fe3f51ee808a6905552620e41710e5d374f4ce24e6a14e4df6267484bdecd51f93c37c134e798ed01ba4f1ee36b31bd6d4a744566d65401bd26c561090b26d0937c99787478c95d2edd8af41558a3ddffebbaf0bb1cf06392c705d44799fdcd96895a98d94323897befbe680685d623b2e220d96c751239f9ff4df828ff36efbdb243d25938602fb82394b749538836b43b500a96c7c838d9a2cb0dda330cbbcb5c4831149f2b825454e15dcf5d629e8417f2331ac5e3bd8248c0bd0f86abfd89015807b317ca26e77fc75d5a3bbdb6aa1463b4eb2292ce1eca9a4716b137d576992bfc6cae35dbc5e418bd71f4964f172e11ff6feaaa81055093566c4872fcf3889aa4cc0a2918c05df216aa576987d57027b2a219d3dfe0386ae3b9f1d0ce8781eb8b48aa8e82816b22ed12384019cc28309fce07848f29c8fb8cc273c90b49b9f6278e320baeb186048c169acc77c9cce899e37b3eaaf763a6bd154b5ca2b21a1392e1586e6b6da0d6c42008fa0b825c5261a0b45af88e6d47c53fa801fb7999884f87f039389e12dd828e1f06fdafd7dbf33736af831cbbffa6ed48977fc2d710e6d26ed122f45317bb30296d731f8f2193847ef5f1451a2a170642a5bc900985b8eea253e21f736328d252f0583a96f3e4fdc11b504a8b2f822f6cba562ddd46fe7e86cb356914d85655b808071bf89131a606c38676606273260467b3df8eebf7bd1f02a944ae63fb67bf6a282396a64ff4b6ebf3cbcb2cb79346bb2d713e417e9f3c6f3fc3c5fd83cabb04f8b0b6f9bcc369ed8af8d78d298183538aad5aa65dbcdd69e77030ac80129c7d1212182d450aa8292eae64ad65ece6bffc6bceebd0928a0b83fd6961f82e239893e1ff0c51fcf63d4dcdc4e91292ed6af337ba1d975939a15ca2dd8c2b2061657f35eddeef15dbf1e66f5373d68db4ffaa6a3940507bf083de60a7b0150f9116876b7dc7dc03c2c273e9fa376f453df6f40c6a180ad6b7f871d0f38230acec66689ec0e2e23df0dc4dd15d6b8c180932ae1a7e695d2d6df0d373df4268d5a7a37e818dd7ddb636bf94d83422a2995273d3535429a5d0d19927eb67be31d098a2fbdbc1c1f6cda0cc84f2056b638203acf3398b9e5967ceedd363831876f340fd6541e4e32ca1220"}, [0x2000000004, 0x9, 0x40000007, 0xfffffffffffffffd, 0x3, 0x0, 0x2, 0x7, 0x5, 0x200, 0x9, 0x2a5a, 0x1, 0x2, 0x0, 0x9, 0x9, 0x9, 0x7, 0x100000000, 0x10001, 0x1, 0x0, 0x7, 0x10000, 0x2, 0x20a, 0x9, 0x4, 0x8, 0xf5, 0x9, 0x8, 0xfffffffffffffff8, 0x5, 0xb, 0xc, 0x2, 0x0, 0x25, 0x80000001, 0xf, 0x81, 0xca, 0x8258, 0x9, 0x1, 0x51, 0x4, 0x1, 0x70d2, 0x2, 0x1, 0x4b7, 0x6, 0x2, 0x8, 0x8, 0x2, 0x7, 0x9, 0x5, 0x0, 0xffff]}) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[], 0x20}}, 0x0) r7 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000800)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_FWMARK={0x8, 0x12, 0x4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x15181b09c6bdc4c6}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000480)={'syztnl0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x8000, 0x7800, 0x6, 0xd, {{0x9, 0x4, 0x0, 0x8, 0x24, 0x68, 0x0, 0x8, 0x4, 0x0, @empty, @remote, {[@ssrr={0x89, 0xb, 0xbf, [@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback]}, @generic={0x86, 0x2}]}}}}}) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800040}, 0xc, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="e8010000", @ANYRES16=0x0, @ANYBLOB="00032bbd7000fcdbdf2506000000580001800800030000000000140002006d616373656330000000000000000000140002006272696467655f736c6176655f310000080003000100000014000200776c616e30000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="300001801400020076657468315f766c616e000000000000080003000300000008000300010000000800030003000000480001801400020076657468305f766c616e000000000000140002006e657470636930000000000000000000140002006e657464657673696d3000000000000008000100", @ANYRES32=0x0, @ANYBLOB="3400018008000100", @ANYRES32=r6, @ANYBLOB="140002006e696376663000000000000000000000140002006970766c616e30000000000000000000580001800800030002000000080003000100000014000200776c616e3000000000000000000000000800030003000000080003000200000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r8, @ANYBLOB="0800000800030001000000340001801400020076657468305f746f5f6873720000000008000300010000131400020070696d367265670000000000fcff000044000180080001000000000000", @ANYRES32=r9, @ANYBLOB="080003000100000014000200766c616e3000000000000000000000001400020073797a6b616c6c65723100000000000008000100", @ANYRES32=0x0, @ANYBLOB], 0x1e8}, 0x1, 0x0, 0x0, 0x4000}, 0xc800) sendmsg$inet(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000680)=[{0x0}, {&(0x7f0000000340)="ea0b35c07baded54bbc90abb9a053db7d05cbf88bd17f62add28cc7bf6ec661f1acd", 0x22}, {&(0x7f00000025c0)="ea34c4c460820b484790f5c55f77f7158c377a3181d77788b391c8154efb494b858ba99e93864c04353173c8f5c7d9e71acae4c4217068846eb69f6f48e67f3fb6a37236c2ad8666c82804deba8f3b231d70c33e8ac3d01c6c150a98fedfc68de73f33fe5451d1d022faebcf82dae6bd28a3f2ed9ef742a2419782573a4bfe08bc2cfe7c96ea6498ce5336daa857af9c48f3d0f921bfcb1cbb98d000e2d0d8375cacc8981d8fc28aaab134056736b67acbb42e9ca68b8543fd7443b4566d0eefe91418171c728e6fa0c52ac7af2595e5aafab553511d59a7899e1f7b18336aeec1858d79b57c9c68aa9591866b1192f28019c0276a89012422df11034bbd731080af9d72a68889d175b3c153ae85d697aeafd72de23090dba136a8cd2bf5dd05296d58ed88c7bc9ecb9d40da69b23b66fc5d20de8a2a20aaa4cc727c0385ee247c54206f8410315bedb76579d9b7f09bccecf4b5b47bf288080a8e4852139f72e21a3511b94cb6bb5061d3f162f059e5a8ad691e24f1b878a1340bf649f65fb6e534f9eb4fd174ea4cf9bcb5d0753ee0af84cfd45751f39ab4dd1e1f7ede6d335e84772388a258d9de6b4a00d98b04e4e3dc29ac6463ca83531c0260d168681ef7c35e4ca89f3dafced390a31526751a658c1f5f57d81277586a1b7d1a9a4568edbaee503a1f79da78a15e1c6246530f8e0c9532144b21d374985dca6e55fd2ff1958abd59d416067f6713fce60e8550156360c2c17a14e54ae3b68be0a77302750287afe4c7cfc2b6acd38e5ec703714eb75e72627d0ad3d5ee884b10292ee8535019e9e845c526e85b9ccf3b8b43051ba731493cff061dc10dd2334ea385dbd091b05538c0c33918fdd0edbf4a292caa5d4bb6e931d56a4c197621edac3bde70524cfda571f5eda915fc01be22dd7a80c9f91b5cb756e2a1ec69049c50b5f58421ba9281deb7bcc3b9bbd8afba018ba422c302e658bfc5efe90449dfa019eb2417db7dfe3634ec7e3eeb853ab82690c2e9b1fc44ea427e47512acaef142f32476308b54abc71e0ca8e44c3d5c9378e5cbeb4100f053c347249a140ec3b7eb0bc57a5b2c1d6d6cb85a99dc50124d0c9e320313148de18137bc21b6a6af5fd6f642d7a7d3450eab4aa74ab66b1768c1efc2b55d8cd3e6f5861d528ebc2c8b6c4f6dc3114eefee6b4686674f45da21cae0213788372ea6ae706f95fe78cae9cc3b5b91ad8d1c6d07cd1836081b8243b348ba7be9386c89b6570c1cbfce29d4f529a024ad37ea5d0a0078cf4e0d32812373c9130d627c61c9ab91c910086ad465acea1397d2b8d12439a076542bb8deb82e179d76f0d7367bfc651010eec4f2ce4a5d9347d4e9d131027c2db673a3885c2998e35006fb6afd5218935347b9a6e0bc5bcd501ceb8d48f780307fb402ef5deb6163760063d5726bee9aec3a143fd9612d4e23cb368df1ba0bd4a7bccf120628ce6040a158c5929e888096f2e6942c78d426cd9d0858ee6e70b663190e01062fb848dd25646c8421fc5f2c501f6de7ad8ea7b90f84618e8fac0f18a3215d845d18c0f45600fd25a4cc631e2495ad10e448dd0d15889f0ea4f19f646f612ffb226157bdc53e6ab1a5f870e41282c26b1361257a35a558b5111434f29c3e50e9e0af975ad508879a68f90d8040a02116588557b181cecec04f655ebcd8cc9b2620100ea767c32aad4506c3ab4e64168bb1392ce0f2fd0ad7fbc963ec158157bd641f18f1dae240860299de3c8137617f614e58bda7165a459eb1d8af4565914efd5bed731b9249a767be107a34bf62379ff70a8b83fbef91adf79c25e7da3cfa1b8d6d6c994722dce04a407291be6dc4479686402414a79d767d30d442755fa04b13f3eb1c41304d63812d65545bf1257c6043ad78fc72793d16488c78f38843b398cfb8b95357a8b319b00dec6b0c5959c773ed11c36db5803e98b32061a23b52e75be18b0709d6cac6a83613cf38164dfa193b02c3d9b558f0beebfb8b54a23dd8ceb24e1caadec27392e12f179aa057a3b0d63ac373ce20d038435a626b1147900d9ee0287d4f3fe553d777c288d671b1bd9bc3c4dae7b57b1eef2d92275f362d22555d7cb351d418792215ea86816d98cc40ec37fc510ed1d7eb7f125ad538845bcb3a08eff5d757d1e10a19db3e3910f3c03bfcc67347de124c331367804f3d7dfb52ca67dbf6ce188aeada987747aed532566a8825490df0b4162a1a976d3ae68d3b9f0209a619d0889df9661c0c187400c6998a27cd93f0d16843a9ec86efd644014e6eee57c80272a0b8cce970f1cc9aef374501a487c17cdcfe612527ba182545d765fc4e00d59ba9c49e2b1f79b4f8f9e3f578477129c14414c557de86d73e9f7f580ba1b81d0efb59730230d581ce36afab2a7ac19c46128cabe7c918a816d737e9289a93ee5ce907835f5a249d23177f371230cf49c338a7bdab37d97f82da2e8670e0366f3161effd3ac05b97580aa621c476091b156076d46720f4e3915963d2554a0c52188ba038b35a9035dd8a08d92f6b3614aaada5300b5e37b85b93569a0b8a1b7960a0499f28c97c1e60f86d9263a56aba2e0c32980c9650a0b014a6e08acf274a81fb77997bd5c5f89da395d4a0bb8eb915ee2f486367f98b9f930040f1e5ee1e3580ca8b49e3917b6a3ff0d00ce5f3edea4cdda2e866de6e55e21214355bf4fa632b4ac2a8cbbe0a3c39ed64dc797ee52810f974e94f0364c13a2a2158f964e68e1d453a41c82224402b11f88521ea34960273ad26ab009e4b219e585e443adf78a11ee5f5bf4cf5b9da44fd696723570ece8b42e636a606282a2145f1d8e9056d8270cdfba541047246b3e3df719f125abcc6923b038f0de564a584f44818fa3a3d0b272c1ae1db2e54cd21f325724fbc8ae6b18043582f160607480914cf1d8c7d367bb1bd1bc38c206e4e5f8698faa6f2c798d555ebc16bedabcf667c2e9cc01882b3f5a552a18ce800f7ef5ca702c994565cd1f0218122a6938bac089d6fc33fc96d71746bb9b78c598398c0082a5158f85ada77519cde24a7dcd6dafe7ed8c4e554fa974c00c4b06a476d435cb9108d35d22fe3b23b35cb4bf71af64a078311770570f1b3042b6ac451fefcfa364ec1b721c1219e66359e99f0405d245ce55edf5d2e28679b7d7276a00ce605a7bc7702440dbfc7623b8130313b7a3ccef0c36cb6525ffbaf001c2f998d72f2aa597247d89c827c8fa3f1aebf85878eae0db42fd8c310955d44851fc00fc5d46f1cb6d8f2e044b2f8b2564de5bc8713df38b41e360ba4e07b46953d1988d86e8256242ae1b38b2c9eadbaa6ef2e95e5ca6c96f0026930fd33cc121f70357f8733fd36ecf9e4fa88f3faf0ba6631fbbecf8e69dd09b772360f1b2b7fb2f6e21d380d787fc4bbb93cb74d0e26650da44968da9af821244695b2853bc70b8241852c8b1b6cf1eb5b37fc256ba0f506948ddea49826b1b7e5dc4feecbafeca299af6ff5a269ea7d6a7d42973babb647dd0b3fc7194cf11562ad08a6267e96e6444b1ea9c2f1b7c3fc86bd8d9f86abfbf1e068d2f749bb1fcbba03ac28f61cbaba6f64dfea3845f555b4cce92a3d7892f25980c7aebc9990beb6ccbab5ea23e17fcc24a071514673d3aed08ed2dd7e143a955d002b9cdea23d4a6cd2f753b74cefde12adc3f6f47cb1ab18a567db3ef271edcc14c6f22687049faee5519e8650cda8407733292b15e84ed2a8619703b84e79b160f85e1914c6c5a758c812bd9bb43b6b4a751b5d5d1fa14c05127388d7b60fa9a543e42181c78cb8e7bb4c75fb96aef05ba233cd77000801a030fb3d77a0de55451ddf62974e0cc4e436539051bd975772fae508b1e976fef672574bf5300962afbf1fdb5ed91434cef0bf348640075c88cf64176866ff7b2d5e034571e4b313e38f17fc4f0ffd5b7df7d6f3ef48ab00f618d9799ec1f6ffdee810110304b1e28656ffb947a859e027bd8c2c659d28a8527ec08dbb3f24ec5b44b63a7105ccb1737fde7f6eeb7f2c52f582da6419e251c4127faa8e799f85fe03288f3189bedee60a7a49547850ab24d50168b1f52c374e5c9f8eb9039433908411141ddf6bb5f4970bfc3bab459357c83196d99cad867849fb4e5dc7cf77fd96bddf44af83741f68bb26f24d8ae7e1422bfc51363855ddd025a7bcae562a739e9a7b1be1610b874bb49d0e6443c413bfb130ad0ee4db9c2207b45d1041f7b59e9c958c007d25c140049c7ae7e8822a76354e3e027816eb1f83cb849b906142f565cce8dfb8e1f780e0985dfe2984b6e459859707114e3f4071035786fc22b72eeced887d275f991cda816f7b11e5cb7ed4c2bab274a794e0316d13c4faf11bc373d40970dcffc1af7fe5e06837db12c9ebac7ecc2476747537927bf5a8fcbbe9917edc4482c5490ddd8f66387d4baef42fe34990fe8ec92e506faf093549d5624d945b1b75e3d5faf6304d6fc04ef98ab7f283ea041c3755ed7fcfda8bc466353655d16ee9bdb205189d7b9834926f514e0acf22c23138165d37d8ad56305fbc811e7e3ef24d1cc006bcac4c4d3b7c0224eb38b421d83ea076ca854d36fc35bac3798f26b055d3fa3b2c8b22b79acfd85c2849c77bc7aadc9d51ac1c33fd949dff0d043dac2d5acf3105930154781c8f6b615387c004842b4e679865ffc9c5b221c136655c565c0eb30851544bd0591acf4e9b2fc49a4a7e258c6ad66a085812cada02b4251466a4cb903637f9c9f1db07fa1400dd65cf35b6e84cefd35529261f6d8131d007f58c617692794126e492dd80c7874578de22777c516d384c33cf0532e80b7384e5b8e7a81808f95cf7619eb33183c3c862a688b16f725c2b93bfb53908509b779c05d55c6b3ef6eeb9f91f9a6fc3b0add031afa7171b1e32a597d08f847df1a83ba26fa1a039488b05512543039a6630a9bc5ebfb0308fedcf8d2632caa47a267f3aaca275cad09eb477419d062cbd28afcf4898e44a9ab5217db790c7dd3b8b2056038f9f3704154fc09a40333c837a0d7066edb3e92bc816b70a8742b483575048b85ccbec2a138976e2cec01b40f87863c31028934c017ee5b04b5f184585da5f0a90745358847e9d60f8dc7adb0023ea60402bc6a93cbf6797e0d9dcf2d4e6afce14d666749a4972aba66492700f58769fb90d9e9c0845d17055fdeed6ee85a8a3e6e76342f3bb1881bfe55ca308651725fb6d12fa15206b3598340e838567d28c7919974d7ee58f5c33f52cd70fecc3985152042ba2c85b67ebeee28909bbadc105ef8466cd26c57b2a10830cbad69c120ebad5832ded52f5806e898e4c3b9fec9c1f808f8968777fba1cdeb0a18c6cba6c7cf19f46c3facd230befea6f3db86cb42128dd0a167f7886c38a0e73917d9dec2cf57753d1d0ef088f3589a03a043d1339f12497ca3ba2333b749cc207c7034daa02d86fce4cf061f5807114e2b3804e32e02e1be9db1dfa12cadff06267a0b6bcb850fd127d9a653678a825cf54fff341704ec5cc2ac8fb68a9e176f03507668ad6304a4c6b43d21bc0e8cc1e1b8ee10d597ee52305101b75c279215cbb351ebd417bab0675e284740a6109ad20b75c3366dcfbf0286559a9116442cb2ebac968ecec769504ecdd65d534dc9c4e4a3aca932b1045a5ec3f73345b672c331a126317d09a8c3c0853258407e273be342a07a4327a8f8c1627142241e0e2b4414c1e7bac23392da0781ab8465cb761c925ab73e0593fd3853cf6cc9dba90dd5f73df4f5b8291f6ff0cf4b5324a16011f3e157", 0x1000}, {&(0x7f0000000380)="50713e2a2f576236c88c3ed43c9eef424e07e7ce7b5ab1c0ca46979187a919ce71fe9f69ea2b910d42b4c7498dda54f89a17bd5c75e55f04675f74fedc0cd90bdbccddda1c9f2a5a63642a3ec7d48657cc6a20bbffbf131bfb881d342b4e9b9c12f3a13fd5cb9613fd12bb774595afddad3507f23cb584370675bb96215d5fa38777ebf0f4f0a84f41d70e322ec939c5388193f269be64af28943913fdd7735f930ab517fd5d48d432c0747d966ab70e1b5fbda1e4a12e11fd019f185b60b9ba30dfbedbfd89c7d0999b9a", 0xcb}, {&(0x7f0000000480)="952e5c5244a25a7b7a9c37f3d5ae36bea91a29551a5a4e1b823105fb", 0x1c}, {0x0}, {&(0x7f00000004c0)="302f867d2eca537b774d9e9f400c25371a26fb71c8381e90", 0x18}], 0x7, &(0x7f0000001740)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @multicast1, @private=0xa010102}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x2}}, @ip_ttl={{0x14, 0x0, 0x2, 0x8}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xc4}}], 0x68}, 0x4004050) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1, 0x0, 0x2000000000000}, 0x700) 951.45606ms ago: executing program 1 (id=6529): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="6c010000170001000000000000000000000000000000000000000000000000000000000000000000e0000002000000000000000000000000fc020000000000000000000000000000fe8000000000000000000000000000aa00000000000000000000a00000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="ffffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000b86b6e00"], 0x16c}}, 0x4000000) 855.402615ms ago: executing program 0 (id=6530): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000001c80)=[{{&(0x7f0000000240)={0xa, 0x4e21, 0x8000001, @private0, 0x3}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000440)="14", 0x1}], 0x1}}, {{&(0x7f0000000300)={0xa, 0x4e24, 0x1, @dev={0xfe, 0x80, '\x00', 0x28}, 0x8}, 0x1c, &(0x7f0000000780)=[{&(0x7f0000000800)='M', 0x1}], 0x1}}], 0x2, 0x931766f6319eed40) (async) shutdown(r0, 0x1) (async) r1 = socket$inet6_sctp(0xa, 0x4, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280)={0x0, 0x9}, &(0x7f0000000340)=0x8) 853.56529ms ago: executing program 6 (id=6531): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000800000000000000000000008500000019000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000010000000850000007100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) 828.256427ms ago: executing program 1 (id=6532): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000040)={0x1c, 0x5e, 0xe25, 0x0, 0x3, "", [@typed={0x8, 0x77, 0x0, 0x0, @uid}, @nested={0xc, 0xea, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @u32=0x3}]}]}, 0x24}], 0x1}, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r1) sendmsg$NL80211_CMD_SET_CQM(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f00000002c0)={0x120, r2, 0x4, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0xd}}}}, [@NL80211_ATTR_CQM={0x24, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0xbe}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x93}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x1}]}, @NL80211_ATTR_CQM={0x44, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x200}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x29}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x39}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x3}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x257b}, @NL80211_ATTR_CQM_RSSI_THOLD={0x10, 0x1, [0xdb, 0xb, 0x1]}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0xfffffeda, 0x3, 0x7}]}, @NL80211_ATTR_CQM={0x30, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x6a2}, @NL80211_ATTR_CQM_RSSI_THOLD={0xc, 0x1, [0x404, 0x4]}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x27}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x34c}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x2b9}]}, @NL80211_ATTR_CQM={0x60, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x5}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x3df}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0xfffffffe}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x5}, @NL80211_ATTR_CQM_RSSI_THOLD={0x14, 0x1, [0x7, 0x0, 0x4, 0x1]}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x50}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x296}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x3}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0xb}, @NL80211_ATTR_CQM_RSSI_HYST={0x8}]}]}, 0x120}, 0x1, 0x0, 0x0, 0x14000}, 0x4011) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = socket$inet(0x2, 0x2, 0x1) r5 = socket$unix(0x1, 0x1, 0x0) accept(r5, 0x0, 0x0) sendmsg$inet(r4, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, &(0x7f00000000c0)=[{&(0x7f00000001c0)="08007ac587344af2", 0x8}], 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000830b040a0101027f00000100000000001c000000000000000000000008000000", @ANYRES64], 0x40}, 0x34040084) ioctl$HCIINQUIRY(r3, 0x400448e1, &(0x7f0000000240)={0x1, 0xfffe, "be4108"}) 745.676101ms ago: executing program 1 (id=6533): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWSETELEM={0x2c, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x54}}, 0x0) 638.372289ms ago: executing program 6 (id=6534): r0 = socket$key(0xf, 0x3, 0x2) socket(0x2b, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000180)={@private0, 0x8000000, 0x0, 0xff, 0x1}, 0x20) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYRES8=r0], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x719f, 0x0, 0x0, 0xfffffffffffffc92, 0x0, 0x0}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) writev(r6, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r5}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r4}, 0x10) socket$packet(0x11, 0x2, 0x300) r7 = socket$inet6(0xa, 0x1, 0xfffffffd) setsockopt$inet6_int(r6, 0x29, 0x34, &(0x7f0000000000)=0x3, 0x4) sendto$inet6(r7, 0x0, 0xffffffffffffff20, 0x200c0045, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) setsockopt$inet6_int(r7, 0x29, 0x19, &(0x7f00000000c0), 0x4) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r9, &(0x7f0000000280), &(0x7f0000000100)=@tcp6, 0x2}, 0x20) socket$alg(0x26, 0x5, 0x0) sendmsg$netlink(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000cc0)=ANY=[@ANYBLOB="2400000076001f0300000000000000000800a100", @ANYRES32=0x0, @ANYBLOB="0c000d8008000300b1"], 0x24}], 0x1}, 0x24040080) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a48000000090a010400000000000000000000000008000a40000000000900020073797a31000080000900010073797a3000000000080005400000000d0c000b4000008c5e00000000140000001000010000000000000000000084000a"], 0x70}}, 0x0) 571.020742ms ago: executing program 4 (id=6535): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x48, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0xff80, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x24, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x7}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x48}}, 0x0) 570.39731ms ago: executing program 1 (id=6536): r0 = socket$pppoe(0x18, 0x1, 0x0) unshare(0x26020480) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x4, @random="bb7fb37b9489", 'bond0\x00'}}, 0x1e) sendmmsg(r0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0xf6c52000) r1 = socket$inet6(0xa, 0x2, 0x3a) bind$inet6(r1, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0xa, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x31}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0xb}, 0x94) socket$pppoe(0x18, 0x1, 0x0) (async) unshare(0x26020480) (async) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x4, @random="bb7fb37b9489", 'bond0\x00'}}, 0x1e) (async) sendmmsg(r0, 0x0, 0x0, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0xf6c52000) (async) socket$inet6(0xa, 0x2, 0x3a) (async) bind$inet6(r1, 0x0, 0x0) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0xa, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x31}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0xb}, 0x94) (async) 451.796325ms ago: executing program 6 (id=6537): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="020f0000100000000000000000000000030005000000000002000000ffffffff000000000000000008001200000001000000000000000000060000000000000000000000000000000a000000000000000000000000000000fc02000000000000000000000000080002000600"], 0x80}}, 0x0) 354.721654ms ago: executing program 0 (id=6538): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x4, 0x5, 0x2, 0x4038a09, 0x4, @empty, @mcast2={0xff, 0x5}, 0x0, 0x0, 0x0, 0x5}}) unshare(0x6a040000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) unshare(0x600) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={&(0x7f00000002c0)="a7e3c11073f57f9e4978aafe780ae4f8ae7620312693639f91d0bf5de4a04117e44a1050cc03b8dc9ec3898f6fe8be971a235e2c5b4bed729efd79b53422cad3555a3fea472ba77dcfc36fafb53597b4c1507f9190a4477cc57c169ef4b1e3953659192a1315d362b9697185601352", &(0x7f0000000340)=""/75, &(0x7f00000003c0)="6adcd3da9edb59240e8971b926407c19a8db884ccf7520c146ca6edb19f42d4968f43cd7a91f6ba3cfc2d4a4928cbf8fa0c9f5f856fa20b0f68eb27fdd7c1987a97ad1f49baa2def4f0c06178e846da8145f985c8c28e09877a6f224ff9052f2fd6ba0391e6ae51fe41d0fc111df8c4333c19c132d90d1610bb045ea7c38a353c2d06655128be785752e4518a82b52f9f2bc5bd8db70f3b80ca78f5b990c8db9117657cf0cb591f952cee90776c191451b9187caf0f1a600e4b401fad569ae25d4", &(0x7f0000000600)="d8b8554e0d1c686676f67bbefb4ee16c42942a8c43e0c658346dc9986923ceb17a2ef6127fde361aa8d16af81ded9ed06086bd48a6943f0e3993ab3e441b2b866b307d0d4e5acabed95342d9ce0f56481d96384ac6a0bd6dcbc7b3ceec14fa41bf168985127e0ec1bd704712757912095afc44cdde636606f69f55e83e43e019fa60dd8e6b9aa3087857dd2d1ed56f2e868a7c0b5bba892bf7fe2f37468c7fa01b9a318d20b26c3d407a933023079b751749ed22cf7fe6f6f5aa6d6b81504eae68dbfa27615014224736b18f102f2f060c1ca564f4c9beab26e0ec299942490f66bbe76d2c9c276c4e", 0x4, r2, 0x4}, 0x38) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000540)={0x0, 0x1, 0x0, 0x2, 0x9, 0x200, 0x0, 0xa77a, {0x0, @in6={{0xa, 0x4e22, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0xfffffff7}}, 0x74, 0x4, 0xe60e, 0x8, 0x7}}, &(0x7f0000000280)=0xb0) 316.88764ms ago: executing program 4 (id=6539): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000821000010000000000000000000000000a2c000000060a0b04352600000000000000000200000018000480140001800b000100736f636b6574000004000280140000001100010000000000000000000a00000a"], 0x54}}, 0x40880) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000821000010000000000000000000000000a2c000000060a0b04352600000000000000000200000018000480140001800b000100736f636b6574000004000280140000001100010000000000000000000a00000a"], 0x54}}, 0x40880) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="28ffff00"/20, @ANYRES32=0x0, @ANYBLOB="070d000041c0000008000a"], 0x28}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x20, 0x0, 0x0, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}]}, 0x20}}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="140100001e000504000000000000000004"], 0x114}], 0x1}, 0x10) 211.702564ms ago: executing program 6 (id=6540): r0 = socket(0x10, 0x3, 0x0) recvfrom$rxrpc(r0, &(0x7f00000005c0)=""/221, 0xdd, 0x10020, &(0x7f00000006c0)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e23, @local}}, 0x24) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8b20, &(0x7f0000000040)={'wlan1\x00', @multicast}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f0000000100)=@req3={0x20000000}, 0x1c) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_blackhole={0xe}]}, 0x34}}, 0x44080) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x30, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x1}, {0x9, 0xa}, {0x9, 0x10}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x55}, 0x4000) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) clock_gettime(0x0, &(0x7f0000000740)={0x0, 0x0}) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="2c0000000a0605000000000000000000000000000900020073797a30000000000500010007000000040007"], 0x2c}}, 0x0) ppoll(&(0x7f0000000840)=[{r4, 0x60}], 0x1, &(0x7f00000007c0)={r6, r7+60000000}, &(0x7f0000000800)={[0xe9]}, 0x8) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x550, 0x0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x480, 0xffffffff, 0xffffffff, 0x480, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x3ffff, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x298, 0x2c0, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x2, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x300, 0x4, 0x0, 'syz0\x00'}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0xfd}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5b0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000010fe000000000000000000000000000a20000000000a05000000000000000000070000000900010073797a300000000058000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000041c000980100002800c0001800800011f00000002080001400000ffff1400000010000100d5000000000000000084000a"], 0xa0}, 0x1, 0x0, 0x0, 0x20000080}, 0x0) 2.693842ms ago: executing program 5 (id=6541): r0 = socket(0x10, 0x803, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000080)=0x1, 0x69) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000000)={0x0, 0x40000, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000002010101000000000000000002000000040001801800028014000180080001007f00000108000200ac1414aa140019800800010004000000080002"], 0x44}}, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r2, &(0x7f00000000c0), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000080)={'vxcan1\x00', 0x0}) sendmsg$can_bcm(r2, &(0x7f0000000000)={&(0x7f0000000040)={0x1d, r3}, 0x10, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="0400"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=r3, @ANYBLOB="00000000010000000000000084"], 0x48}}, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) r4 = epoll_create1(0x80000) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) ioctl$FIBMAP(r5, 0x1, &(0x7f0000000040)=0xdc2658be) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@restrict]}}, 0x0, 0x26}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r6, 0x58, &(0x7f0000000180)}, 0x10) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x30246, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0, @void, @value, @value=r0}, 0x50) ppoll(&(0x7f0000000000)=[{r4, 0x2003}, {r4, 0xf401}], 0x2, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r7, &(0x7f0000000480)={0x68000005}) recvmmsg(r0, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f00000000c0)=""/91, 0x5b}, {&(0x7f0000000380)=""/149, 0x95}, {&(0x7f0000003800)=""/4096, 0x1000}, {&(0x7f0000000600)=""/212, 0xd4}, {&(0x7f0000000540)=""/96, 0x60}, {&(0x7f0000002440)=""/84, 0x54}, {&(0x7f0000000980)=""/63, 0x3f}, {&(0x7f0000000440)=""/10, 0xa}, {&(0x7f0000000300)=""/102, 0x66}, {&(0x7f0000000880)=""/198, 0xc6}, {&(0x7f0000000780)=""/203, 0xcb}, {&(0x7f0000001000)=""/130, 0x82}], 0xc, 0x0, 0x0, 0xb00}, 0x40d40b70}], 0x1, 0x0, 0x0) 0s ago: executing program 4 (id=6542): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4800000010001fff00000000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00003f0000260000280012800b00010062726964676500001800028005002a00030000000c00230003000000000027"], 0x48}}, 0x48004) kernel console output (not intermixed with test programs): syzkaller0: entered promiscuous mode [ 810.893083][T24712] syzkaller0: entered allmulticast mode [ 811.129146][T24527] veth0_macvtap: entered promiscuous mode [ 811.163019][T24716] batadv_slave_1: entered promiscuous mode [ 811.238853][T24721] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5862'. [ 811.252634][T24527] veth1_macvtap: entered promiscuous mode [ 811.268740][T24721] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5862'. [ 811.327730][T24527] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 811.363158][T24527] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 811.409022][T24728] batadv2: entered promiscuous mode [ 811.414277][T24728] batadv2: entered allmulticast mode [ 811.483125][ T1155] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.641214][ T1155] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.664542][ T1155] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.712768][ T6332] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.957484][T24716] batadv_slave_1: left promiscuous mode [ 812.301502][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 812.346143][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 812.404628][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 812.472433][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 812.990175][T24756] FAULT_INJECTION: forcing a failure. [ 812.990175][T24756] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 813.037511][T24756] CPU: 0 UID: 0 PID: 24756 Comm: syz.0.5874 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 813.037546][T24756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 813.037559][T24756] Call Trace: [ 813.037568][T24756] [ 813.037578][T24756] dump_stack_lvl+0x189/0x250 [ 813.037610][T24756] ? __pfx____ratelimit+0x10/0x10 [ 813.037637][T24756] ? __pfx_dump_stack_lvl+0x10/0x10 [ 813.037663][T24756] ? __pfx__printk+0x10/0x10 [ 813.037694][T24756] ? fs_reclaim_acquire+0x7d/0x100 [ 813.037736][T24756] should_fail_ex+0x414/0x560 [ 813.037772][T24756] prepare_alloc_pages+0x213/0x610 [ 813.037822][T24756] __alloc_frozen_pages_noprof+0x123/0x370 [ 813.037859][T24756] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 813.037903][T24756] ? policy_nodemask+0x27c/0x720 [ 813.037937][T24756] alloc_pages_mpol+0x232/0x4a0 [ 813.037971][T24756] vma_alloc_folio_noprof+0xe4/0x200 [ 813.038002][T24756] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 813.038044][T24756] folio_prealloc+0x30/0x180 [ 813.038073][T24756] do_wp_page+0x1231/0x5800 [ 813.038124][T24756] ? __pfx_do_wp_page+0x10/0x10 [ 813.038144][T24756] ? do_raw_spin_lock+0x121/0x290 [ 813.038176][T24756] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 813.038216][T24756] __handle_mm_fault+0x1144/0x5620 [ 813.038267][T24756] ? __pfx___handle_mm_fault+0x10/0x10 [ 813.038317][T24756] ? find_vma+0xe7/0x160 [ 813.038341][T24756] ? __pfx_find_vma+0x10/0x10 [ 813.038369][T24756] handle_mm_fault+0x40a/0x8e0 [ 813.038408][T24756] do_user_addr_fault+0x764/0x1390 [ 813.038449][T24756] exc_page_fault+0x76/0xf0 [ 813.038481][T24756] asm_exc_page_fault+0x26/0x30 [ 813.038500][T24756] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 813.038524][T24756] Code: 00 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 4f 00 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 813.038549][T24756] RSP: 0018:ffffc9000b9b7578 EFLAGS: 00050206 [ 813.038567][T24756] RAX: ffffffff84bf6001 RBX: ffff8880508e1000 RCX: 00000000000006c0 [ 813.038582][T24756] RDX: 0000000000000000 RSI: ffff8880508e1940 RDI: 0000200000022000 [ 813.038597][T24756] RBP: ffffc9000b9b76e0 R08: ffff8880508e1fff R09: 1ffff1100a11c3ff [ 813.038612][T24756] R10: dffffc0000000000 R11: ffffed100a11c400 R12: 1ffff92001736fbf [ 813.038627][T24756] R13: 00002000000216c0 R14: ffffc9000b9b7e08 R15: 0000000000001000 [ 813.038653][T24756] ? _copy_to_iter+0x131/0x16f0 [ 813.038685][T24756] _copy_to_iter+0x24c/0x16f0 [ 813.038718][T24756] ? __lock_acquire+0xab9/0xd20 [ 813.038742][T24756] ? __pfx__copy_to_iter+0x10/0x10 [ 813.038770][T24756] ? __local_bh_enable_ip+0x12d/0x1c0 [ 813.038804][T24756] ? lockdep_hardirqs_on+0x9c/0x150 [ 813.038835][T24756] ? page_copy_sane+0x16a/0x280 [ 813.038860][T24756] copy_page_to_iter+0x10c/0x1c0 [ 813.038889][T24756] sk_msg_recvmsg+0x28e/0xc20 [ 813.038949][T24756] unix_bpf_recvmsg+0x5a4/0xda0 [ 813.038999][T24756] ? __pfx_unix_bpf_recvmsg+0x10/0x10 [ 813.039024][T24756] ? __pfx_woken_wake_function+0x10/0x10 [ 813.039046][T24756] ? aa_sock_msg_perm+0x94/0x160 [ 813.039077][T24756] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 813.039095][T24756] ? unix_dgram_recvmsg+0x71/0xd0 [ 813.039115][T24756] ? __pfx_unix_dgram_recvmsg+0x10/0x10 [ 813.039135][T24756] sock_recvmsg+0x229/0x270 [ 813.039166][T24756] ____sys_recvmsg+0x1c9/0x460 [ 813.039199][T24756] ? __pfx_____sys_recvmsg+0x10/0x10 [ 813.039239][T24756] ? import_iovec+0x74/0xa0 [ 813.039270][T24756] ___sys_recvmsg+0x1b5/0x510 [ 813.039298][T24756] ? __pfx____sys_recvmsg+0x10/0x10 [ 813.039351][T24756] ? __fget_files+0x3a0/0x420 [ 813.039393][T24756] __x64_sys_recvmsg+0x198/0x260 [ 813.039419][T24756] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 813.039453][T24756] ? __pfx_ksys_write+0x10/0x10 [ 813.039475][T24756] ? rcu_is_watching+0x15/0xb0 [ 813.039507][T24756] ? do_syscall_64+0xbe/0x3b0 [ 813.039540][T24756] do_syscall_64+0xfa/0x3b0 [ 813.039566][T24756] ? lockdep_hardirqs_on+0x9c/0x150 [ 813.039592][T24756] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 813.039612][T24756] ? clear_bhb_loop+0x60/0xb0 [ 813.039639][T24756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 813.039660][T24756] RIP: 0033:0x7f587f58e929 [ 813.039679][T24756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 813.039697][T24756] RSP: 002b:00007f58803dd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 813.039718][T24756] RAX: ffffffffffffffda RBX: 00007f587f7b5fa0 RCX: 00007f587f58e929 [ 813.039733][T24756] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003 [ 813.039746][T24756] RBP: 00007f58803dd090 R08: 0000000000000000 R09: 0000000000000000 [ 813.039759][T24756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 813.039772][T24756] R13: 0000000000000000 R14: 00007f587f7b5fa0 R15: 00007ffe0ace2218 [ 813.039816][T24756] [ 813.664225][T24767] __nla_validate_parse: 3 callbacks suppressed [ 813.664248][T24767] netlink: 88 bytes leftover after parsing attributes in process `syz.5.5877'. [ 813.720703][T24765] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 813.736439][T24767] netlink: 48 bytes leftover after parsing attributes in process `syz.5.5877'. [ 813.763467][T24773] FAULT_INJECTION: forcing a failure. [ 813.763467][T24773] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 813.808064][T24773] CPU: 1 UID: 0 PID: 24773 Comm: syz.4.5879 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 813.808097][T24773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 813.808111][T24773] Call Trace: [ 813.808120][T24773] [ 813.808129][T24773] dump_stack_lvl+0x189/0x250 [ 813.808159][T24773] ? __pfx____ratelimit+0x10/0x10 [ 813.808184][T24773] ? __pfx_dump_stack_lvl+0x10/0x10 [ 813.808207][T24773] ? __pfx__printk+0x10/0x10 [ 813.808248][T24773] should_fail_ex+0x414/0x560 [ 813.808285][T24773] _copy_to_user+0x31/0xb0 [ 813.808311][T24773] simple_read_from_buffer+0xe1/0x170 [ 813.808344][T24773] proc_fail_nth_read+0x1df/0x250 [ 813.808375][T24773] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 813.808407][T24773] ? rw_verify_area+0x258/0x650 [ 813.808428][T24773] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 813.808458][T24773] vfs_read+0x200/0x980 [ 813.808488][T24773] ? __pfx___mutex_lock+0x10/0x10 [ 813.808517][T24773] ? __pfx_vfs_read+0x10/0x10 [ 813.808543][T24773] ? __fget_files+0x2a/0x420 [ 813.808598][T24773] ? __fget_files+0x3a0/0x420 [ 813.808624][T24773] ? __fget_files+0x2a/0x420 [ 813.808661][T24773] ksys_read+0x145/0x250 [ 813.808688][T24773] ? __pfx_ksys_read+0x10/0x10 [ 813.808709][T24773] ? rcu_is_watching+0x15/0xb0 [ 813.808746][T24773] ? do_syscall_64+0xbe/0x3b0 [ 813.808777][T24773] do_syscall_64+0xfa/0x3b0 [ 813.808803][T24773] ? lockdep_hardirqs_on+0x9c/0x150 [ 813.808828][T24773] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 813.808849][T24773] ? clear_bhb_loop+0x60/0xb0 [ 813.808875][T24773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 813.808893][T24773] RIP: 0033:0x7f797258d33c [ 813.808914][T24773] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 813.808931][T24773] RSP: 002b:00007f79733c7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 813.808954][T24773] RAX: ffffffffffffffda RBX: 00007f79727b5fa0 RCX: 00007f797258d33c [ 813.808969][T24773] RDX: 000000000000000f RSI: 00007f79733c70a0 RDI: 0000000000000007 [ 813.808982][T24773] RBP: 00007f79733c7090 R08: 0000000000000000 R09: 0000000000000000 [ 813.808994][T24773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 813.809007][T24773] R13: 0000000000000000 R14: 00007f79727b5fa0 R15: 00007ffeebbdbfb8 [ 813.809048][T24773] [ 814.386938][T24765] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 814.504573][T24782] netlink: 'syz.6.5883': attribute type 4 has an invalid length. [ 814.572729][T24765] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 814.638786][T17323] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 814.653260][T17323] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 814.680255][T17323] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 814.688906][T17323] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 814.699072][T17323] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 814.764058][T24765] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 814.832505][ T6332] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 815.005815][ T6332] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 815.115408][T24803] lo speed is unknown, defaulting to 1000 [ 815.192387][ T6332] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 815.314801][T24805] netlink: 56 bytes leftover after parsing attributes in process `syz.5.5886'. [ 815.373499][ T6332] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 815.393248][ T12] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 815.432332][T24788] lo speed is unknown, defaulting to 1000 [ 815.527831][ T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 815.546352][ T12] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 815.656783][ T1155] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 815.688305][T24815] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5889'. [ 815.869085][T24819] netlink: 'syz.6.5890': attribute type 303 has an invalid length. [ 815.901793][T24819] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5890'. [ 816.393212][T24834] netlink: 'syz.6.5896': attribute type 10 has an invalid length. [ 816.406500][T24834] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5896'. [ 816.448258][ T6332] dummy0: left allmulticast mode [ 816.462492][ T6332] dummy0: left promiscuous mode [ 816.473377][ T6332] bridge0: port 3(dummy0) entered disabled state [ 816.516950][ T6332] bridge_slave_1: left allmulticast mode [ 816.526817][ T6332] bridge_slave_1: left promiscuous mode [ 816.549747][ T6332] bridge0: port 2(bridge_slave_1) entered disabled state [ 816.584475][ T6332] bridge_slave_0: left allmulticast mode [ 816.600599][ T6332] bridge_slave_0: left promiscuous mode [ 816.618393][ T6332] bridge0: port 1(bridge_slave_0) entered disabled state [ 816.682908][T24841] FAULT_INJECTION: forcing a failure. [ 816.682908][T24841] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 816.696992][T24841] CPU: 0 UID: 0 PID: 24841 Comm: syz.5.5897 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 816.697025][T24841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 816.697039][T24841] Call Trace: [ 816.697047][T24841] [ 816.697057][T24841] dump_stack_lvl+0x189/0x250 [ 816.697088][T24841] ? __pfx____ratelimit+0x10/0x10 [ 816.697117][T24841] ? __pfx_dump_stack_lvl+0x10/0x10 [ 816.697147][T24841] ? __pfx__printk+0x10/0x10 [ 816.697179][T24841] ? fs_reclaim_acquire+0x7d/0x100 [ 816.697219][T24841] should_fail_ex+0x414/0x560 [ 816.697254][T24841] prepare_alloc_pages+0x213/0x610 [ 816.697295][T24841] __alloc_frozen_pages_noprof+0x123/0x370 [ 816.697331][T24841] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 816.697375][T24841] ? policy_nodemask+0x27c/0x720 [ 816.697398][T24841] ? __lock_acquire+0xab9/0xd20 [ 816.697426][T24841] alloc_pages_mpol+0x232/0x4a0 [ 816.697461][T24841] vma_alloc_folio_noprof+0xe4/0x200 [ 816.697492][T24841] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 816.697535][T24841] folio_prealloc+0x30/0x180 [ 816.697565][T24841] __handle_mm_fault+0x183f/0x5620 [ 816.697614][T24841] ? __pfx___handle_mm_fault+0x10/0x10 [ 816.697657][T24841] ? follow_page_pte+0x8d6/0x14b0 [ 816.697692][T24841] handle_mm_fault+0x40a/0x8e0 [ 816.697729][T24841] __get_user_pages+0x1af4/0x30b0 [ 816.697766][T24841] ? mt_find+0x15c/0x5f0 [ 816.697819][T24841] ? __pfx___get_user_pages+0x10/0x10 [ 816.697854][T24841] populate_vma_page_range+0x26b/0x340 [ 816.697880][T24841] ? __pfx_populate_vma_page_range+0x10/0x10 [ 816.697899][T24841] ? userfaultfd_unmap_complete+0x278/0x2d0 [ 816.697930][T24841] ? down_read+0x1ad/0x2e0 [ 816.697975][T24841] __mm_populate+0x24c/0x380 [ 816.698001][T24841] ? __pfx___mm_populate+0x10/0x10 [ 816.698026][T24841] ? up_write+0x1c4/0x420 [ 816.698060][T24841] vm_mmap_pgoff+0x3f0/0x4c0 [ 816.698089][T24841] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 816.698113][T24841] ? __fget_files+0x2a/0x420 [ 816.698148][T24841] ? __fget_files+0x3a0/0x420 [ 816.698175][T24841] ? __fget_files+0x2a/0x420 [ 816.698208][T24841] ksys_mmap_pgoff+0x51f/0x760 [ 816.698241][T24841] do_syscall_64+0xfa/0x3b0 [ 816.698266][T24841] ? lockdep_hardirqs_on+0x9c/0x150 [ 816.698293][T24841] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 816.698314][T24841] ? clear_bhb_loop+0x60/0xb0 [ 816.698339][T24841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 816.698360][T24841] RIP: 0033:0x7fc9fc38e929 [ 816.698380][T24841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 816.698399][T24841] RSP: 002b:00007fc9fa1d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 816.698423][T24841] RAX: ffffffffffffffda RBX: 00007fc9fc5b6080 RCX: 00007fc9fc38e929 [ 816.698440][T24841] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000 [ 816.698454][T24841] RBP: 00007fc9fa1d5090 R08: 0000000000000005 R09: 0000000000000000 [ 816.698467][T24841] R10: 0000000000022052 R11: 0000000000000246 R12: 0000000000000002 [ 816.698480][T24841] R13: 0000000000000000 R14: 00007fc9fc5b6080 R15: 00007ffd29cda728 [ 816.698516][T24841] [ 817.058295][T17323] Bluetooth: hci0: command tx timeout [ 817.113975][T24843] netlink: 'syz.1.5898': attribute type 1 has an invalid length. [ 817.137718][T24843] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.5898'. [ 817.225010][T24846] netlink: 'syz.5.5899': attribute type 1 has an invalid length. [ 817.233059][T24846] netlink: 36 bytes leftover after parsing attributes in process `syz.5.5899'. [ 817.390202][ T6332] dvmrp8 (unregistering): left allmulticast mode [ 817.446103][ T6332] team0: Port device geneve0 removed [ 817.896870][ T6332] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 817.908519][ T6332] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 817.921519][ T6332] bond0 (unregistering): Released all slaves [ 818.109355][T24849] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 818.146424][T24851] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5901'. [ 818.157651][T24851] netlink: 144 bytes leftover after parsing attributes in process `syz.5.5901'. [ 818.179922][T24852] batadv_slave_1: entered promiscuous mode [ 818.247697][T24849] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 818.381438][T24849] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 818.543192][T24855] bridge0: port 3(dummy0) entered disabled state [ 818.606097][T24855] batadv0: left allmulticast mode [ 818.678967][T24849] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 818.738388][T24788] chnl_net:caif_netlink_parms(): no params data found [ 818.866048][T24865] bridge3: left allmulticast mode [ 818.884338][T24865] macsec2: left promiscuous mode [ 818.891561][T24865] macsec2: left allmulticast mode [ 818.955764][T24852] batadv_slave_1: left promiscuous mode [ 819.029040][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'. [ 819.048703][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'. [ 819.085374][T24880] netlink: 'syz.6.5911': attribute type 2 has an invalid length. [ 819.096167][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'. [ 819.137509][T17323] Bluetooth: hci0: command tx timeout [ 819.155544][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'. [ 819.171030][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'. [ 819.180624][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'. [ 819.189688][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'. [ 819.198994][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'. [ 819.208387][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'. [ 819.221609][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'. [ 819.371953][T24788] bridge0: port 1(bridge_slave_0) entered blocking state [ 819.397946][T24788] bridge0: port 1(bridge_slave_0) entered disabled state [ 819.405282][T24788] bridge_slave_0: entered allmulticast mode [ 819.412896][T24788] bridge_slave_0: entered promiscuous mode [ 819.430253][T24788] bridge0: port 2(bridge_slave_1) entered blocking state [ 819.437979][T24788] bridge0: port 2(bridge_slave_1) entered disabled state [ 819.445274][T24788] bridge_slave_1: entered allmulticast mode [ 819.453600][T24788] bridge_slave_1: entered promiscuous mode [ 819.561666][T24788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 819.604871][T24788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 819.638354][ T59] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 819.653802][ T6332] : left promiscuous mode [ 819.810800][ T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 819.872104][ T6332] tipc: Left network mode [ 819.874119][T24788] team0: Port device team_slave_0 added [ 819.883674][ T59] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 819.916357][T24788] team0: Port device team_slave_1 added [ 819.954073][ T1155] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 820.042862][T24788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 820.067738][T24788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 820.128509][T24788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 820.145573][T24900] Cannot find add_set index 0 as target [ 820.188940][T24788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 820.206138][T24788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 820.252896][T24788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 820.370961][T24911] geneve2: entered promiscuous mode [ 820.376341][T24911] geneve2: entered allmulticast mode [ 820.466511][ T59] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 43046 - 0 [ 820.485448][ T59] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 43046 - 0 [ 820.505162][ T59] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 43046 - 0 [ 820.516695][ T59] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 43046 - 0 [ 820.659800][T24926] netlink: 'syz.4.5925': attribute type 9 has an invalid length. [ 820.706134][T24788] hsr_slave_0: entered promiscuous mode [ 820.716537][T24788] hsr_slave_1: entered promiscuous mode [ 820.723698][T24927] netlink: 'syz.1.5923': attribute type 303 has an invalid length. [ 820.724465][T24788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 820.750569][T24788] Cannot create hsr debugfs directory [ 820.835430][T24931] veth0: entered promiscuous mode [ 821.171085][T24938] batadv_slave_1: entered promiscuous mode [ 821.217708][T17323] Bluetooth: hci0: command tx timeout [ 821.874407][T24938] batadv_slave_1: left promiscuous mode [ 821.930776][T24967] batadv_slave_1: entered promiscuous mode [ 822.224431][T24973] lo speed is unknown, defaulting to 1000 [ 822.574544][ C1] vcan0: j1939_tp_rxtimer: 0xffff888034652800: rx timeout, send abort [ 822.583330][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888034652800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 822.728292][T24980] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 822.740376][T24967] batadv_slave_1: left promiscuous mode [ 822.806294][T24788] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 822.976379][T24788] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 823.066775][T24788] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 823.108637][T24788] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 823.167468][ T6332] hsr_slave_0: left promiscuous mode [ 823.186783][ T6332] hsr_slave_1: left promiscuous mode [ 823.204180][ T6332] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 823.228212][ T6332] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 823.297711][T17323] Bluetooth: hci0: command tx timeout [ 823.541811][ T6332] team0 (unregistering): Port device batadv1 removed [ 823.573099][ T6332] pim6reg9 (unregistering): left allmulticast mode [ 824.115029][ T6332] team0 (unregistering): Port device team_slave_1 removed [ 824.156294][ T6332] team0 (unregistering): Port device team_slave_0 removed [ 824.813629][ T1155] smc: removing ib device syz0 [ 824.842622][ T983] lo speed is unknown, defaulting to 1000 [ 824.848487][ T983] syz0: Port: 1 Link DOWN [ 824.883824][T24992] geneve3: entered allmulticast mode [ 824.929359][ T59] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 824.946321][ T59] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 824.998358][ T59] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.006630][ T59] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.167526][T25003] bridge1: entered allmulticast mode [ 825.625605][T25022] __nla_validate_parse: 73 callbacks suppressed [ 825.625628][T25022] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5951'. [ 826.030967][T24788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 826.060518][T25029] netlink: 'syz.6.5953': attribute type 1 has an invalid length. [ 826.086834][T25029] netlink: 244 bytes leftover after parsing attributes in process `syz.6.5953'. [ 826.116692][T24788] 8021q: adding VLAN 0 to HW filter on device team0 [ 826.134316][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 826.141613][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 826.172784][T25031] netlink: 'syz.5.5954': attribute type 10 has an invalid length. [ 826.202962][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 826.210329][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 826.227393][T25031] netlink: 40 bytes leftover after parsing attributes in process `syz.5.5954'. [ 826.621520][T25035] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5955'. [ 826.900488][T24788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 826.970971][T24788] veth0_vlan: entered promiscuous mode [ 827.002391][T24788] veth1_vlan: entered promiscuous mode [ 827.134715][T24788] veth0_macvtap: entered promiscuous mode [ 827.155950][T24788] veth1_macvtap: entered promiscuous mode [ 827.240400][T24788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 827.255737][T25050] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5957'. [ 827.295058][T24788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 827.343544][T25050] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5957'. [ 827.691445][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.721952][T25057] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5960'. [ 827.721977][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.745227][T25057] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5960'. [ 827.794532][T25055] veth0: left promiscuous mode [ 827.860758][T25058] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5960'. [ 828.014388][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 828.034400][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 828.827797][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 828.841987][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 828.906511][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 828.934599][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 828.938816][ T6332] IPVS: stop unused estimator thread 0... [ 829.277463][T25084] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5967'. [ 829.545505][T25093] netlink: 'syz.6.5972': attribute type 10 has an invalid length. [ 830.949660][T25130] __nla_validate_parse: 4 callbacks suppressed [ 830.949683][T25130] netlink: 36 bytes leftover after parsing attributes in process `syz.6.5983'. [ 831.034089][ T5862] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 831.057534][ T5862] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 831.080079][ T5862] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 831.114973][ T5862] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 831.123946][ T5862] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 831.310365][T25134] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.367287][T25134] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 43046 - 0 [ 831.404768][T25137] batadv_slave_1: entered promiscuous mode [ 831.475014][T25134] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.517843][T25134] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 43046 - 0 [ 831.591579][T25145] batadv_slave_1: entered promiscuous mode [ 831.623763][T25134] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.656380][T25134] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 43046 - 0 [ 831.790368][T25134] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.819649][T25134] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 43046 - 0 [ 831.836537][T25148] netlink: 'syz.6.5989': attribute type 303 has an invalid length. [ 831.884181][T25148] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5989'. [ 832.230496][T25133] batadv_slave_1: left promiscuous mode [ 832.285007][ T1155] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 43046 - 0 [ 832.305959][ T1155] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 832.430237][ T1108] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 43046 - 0 [ 832.438973][ T1108] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 832.447480][T25145] batadv_slave_1: left promiscuous mode [ 832.505911][ T1108] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 43046 - 0 [ 832.515637][ T1108] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 832.529505][ T1108] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 43046 - 0 [ 832.541108][ T1108] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 832.601561][T25161] netlink: 'syz.6.5993': attribute type 2 has an invalid length. [ 832.675954][T25161] þ`Ì: entered promiscuous mode [ 832.743225][T25170] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5996'. [ 832.757576][T25168] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5995'. [ 832.782892][T25131] chnl_net:caif_netlink_parms(): no params data found [ 833.126252][T25131] bridge0: port 1(bridge_slave_0) entered blocking state [ 833.138231][T25131] bridge0: port 1(bridge_slave_0) entered disabled state [ 833.145563][T25131] bridge_slave_0: entered allmulticast mode [ 833.154050][T25131] bridge_slave_0: entered promiscuous mode [ 833.163347][T25131] bridge0: port 2(bridge_slave_1) entered blocking state [ 833.171460][T25131] bridge0: port 2(bridge_slave_1) entered disabled state [ 833.178992][T25131] bridge_slave_1: entered allmulticast mode [ 833.188888][T25131] bridge_slave_1: entered promiscuous mode [ 833.206531][T25189] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6003'. [ 833.217591][ T5862] Bluetooth: hci2: command tx timeout [ 833.293839][T25189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6003'. [ 833.308375][T25193] batadv_slave_1: entered promiscuous mode [ 833.320409][T25131] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 833.388876][T25131] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 833.602103][T25131] team0: Port device team_slave_0 added [ 833.637909][T25131] team0: Port device team_slave_1 added [ 833.693529][T25202] bridge_slave_1: left allmulticast mode [ 833.701697][T25202] bridge_slave_1: left promiscuous mode [ 833.709949][T25202] bridge0: port 2(bridge_slave_1) entered disabled state [ 833.723528][T25202] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 833.801913][T25131] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 833.809409][T25131] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 833.836464][T25131] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 833.891261][T25131] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 833.903316][T25131] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 833.931026][T25131] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 834.051076][T25210] netlink: 36 bytes leftover after parsing attributes in process `syz.1.6009'. [ 834.083279][T25191] batadv_slave_1: left promiscuous mode [ 834.352440][T25131] hsr_slave_0: entered promiscuous mode [ 834.359586][T25215] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6011'. [ 834.363041][T25131] hsr_slave_1: entered promiscuous mode [ 834.381664][T25131] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 834.392582][T25131] Cannot create hsr debugfs directory [ 834.583071][T25224] FAULT_INJECTION: forcing a failure. [ 834.583071][T25224] name failslab, interval 1, probability 0, space 0, times 0 [ 834.604278][T25224] CPU: 0 UID: 0 PID: 25224 Comm: syz.6.6014 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 834.604310][T25224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 834.604323][T25224] Call Trace: [ 834.604332][T25224] [ 834.604342][T25224] dump_stack_lvl+0x189/0x250 [ 834.604372][T25224] ? __pfx____ratelimit+0x10/0x10 [ 834.604401][T25224] ? __pfx_dump_stack_lvl+0x10/0x10 [ 834.604427][T25224] ? __pfx__printk+0x10/0x10 [ 834.604459][T25224] ? trace_fib_table_lookup+0x85/0x200 [ 834.604501][T25224] should_fail_ex+0x414/0x560 [ 834.604538][T25224] should_failslab+0xa8/0x100 [ 834.604566][T25224] kmem_cache_alloc_noprof+0x73/0x3c0 [ 834.604590][T25224] ? dst_alloc+0x105/0x170 [ 834.604608][T25224] ? fib_lookup+0x76/0x440 [ 834.604631][T25224] dst_alloc+0x105/0x170 [ 834.604670][T25224] ip_route_output_key_hash_rcu+0x1482/0x23a0 [ 834.604706][T25224] ? ip_route_output_key_hash+0xde/0x2e0 [ 834.604731][T25224] ip_route_output_key_hash+0x1b9/0x2e0 [ 834.604753][T25224] ? __lock_acquire+0xab9/0xd20 [ 834.604777][T25224] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 834.604822][T25224] ip_route_output_flow+0x2a/0x150 [ 834.604852][T25224] ? security_sk_classify_flow+0x70/0x180 [ 834.604882][T25224] udp_sendmsg+0x140c/0x2300 [ 834.604910][T25224] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 834.604952][T25224] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 834.604975][T25224] ? __pfx_udp_sendmsg+0x10/0x10 [ 834.605006][T25224] ? __lock_acquire+0xab9/0xd20 [ 834.605055][T25224] ? __lock_acquire+0xab9/0xd20 [ 834.605076][T25224] ? __pfx_aa_sk_perm+0x10/0x10 [ 834.605100][T25224] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 834.605128][T25224] ? sock_rps_record_flow+0x19/0x410 [ 834.605156][T25224] ? inet_sendmsg+0x29c/0x370 [ 834.605178][T25224] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 834.605202][T25224] __sock_sendmsg+0x19c/0x270 [ 834.605232][T25224] ____sys_sendmsg+0x52d/0x830 [ 834.605271][T25224] ? __pfx_____sys_sendmsg+0x10/0x10 [ 834.605316][T25224] ? import_iovec+0x74/0xa0 [ 834.605346][T25224] ___sys_sendmsg+0x21f/0x2a0 [ 834.605370][T25224] ? __pfx____sys_sendmsg+0x10/0x10 [ 834.605436][T25224] ? __fget_files+0x2a/0x420 [ 834.605464][T25224] ? __fget_files+0x3a0/0x420 [ 834.605505][T25224] __sys_sendmmsg+0x227/0x430 [ 834.605533][T25224] ? __pfx___sys_sendmmsg+0x10/0x10 [ 834.605550][T25224] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 834.605613][T25224] ? ksys_write+0x22a/0x250 [ 834.605649][T25224] ? __pfx_ksys_write+0x10/0x10 [ 834.605669][T25224] ? rcu_is_watching+0x15/0xb0 [ 834.605701][T25224] __x64_sys_sendmmsg+0xa0/0xc0 [ 834.605722][T25224] do_syscall_64+0xfa/0x3b0 [ 834.605745][T25224] ? lockdep_hardirqs_on+0x9c/0x150 [ 834.605769][T25224] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 834.605789][T25224] ? clear_bhb_loop+0x60/0xb0 [ 834.605815][T25224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 834.605833][T25224] RIP: 0033:0x7f09dcb8e929 [ 834.605852][T25224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 834.605870][T25224] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 834.605893][T25224] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929 [ 834.605909][T25224] RDX: 0000000000000300 RSI: 0000200000004d00 RDI: 0000000000000003 [ 834.605923][T25224] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000 [ 834.605935][T25224] R10: 0000000000000f1c R11: 0000000000000246 R12: 0000000000000001 [ 834.605948][T25224] R13: 0000000000000000 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58 [ 834.605985][T25224] [ 835.132330][T25228] netlink: 40 bytes leftover after parsing attributes in process `syz.6.6015'. [ 835.146809][T25228] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6015'. [ 835.211713][T25230] FAULT_INJECTION: forcing a failure. [ 835.211713][T25230] name failslab, interval 1, probability 0, space 0, times 0 [ 835.224587][T25230] CPU: 0 UID: 0 PID: 25230 Comm: syz.6.6017 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 835.224618][T25230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 835.224631][T25230] Call Trace: [ 835.224640][T25230] [ 835.224648][T25230] dump_stack_lvl+0x189/0x250 [ 835.224679][T25230] ? __pfx____ratelimit+0x10/0x10 [ 835.224708][T25230] ? __pfx_dump_stack_lvl+0x10/0x10 [ 835.224733][T25230] ? __pfx__printk+0x10/0x10 [ 835.224764][T25230] ? __pfx___might_resched+0x10/0x10 [ 835.224789][T25230] ? fs_reclaim_acquire+0x7d/0x100 [ 835.224821][T25230] should_fail_ex+0x414/0x560 [ 835.224853][T25230] should_failslab+0xa8/0x100 [ 835.224883][T25230] __kmalloc_noprof+0xcb/0x4f0 [ 835.224917][T25230] ? iovec_from_user+0x87/0x250 [ 835.224946][T25230] iovec_from_user+0x87/0x250 [ 835.224975][T25230] __import_iovec+0x163/0x7f0 [ 835.225012][T25230] import_iovec+0x74/0xa0 [ 835.225041][T25230] ___sys_recvmsg+0x43a/0x510 [ 835.225070][T25230] ? __pfx____sys_recvmsg+0x10/0x10 [ 835.225120][T25230] ? __fget_files+0x3a0/0x420 [ 835.225160][T25230] do_recvmmsg+0x307/0x770 [ 835.225193][T25230] ? __pfx_do_recvmmsg+0x10/0x10 [ 835.225229][T25230] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 835.225279][T25230] __x64_sys_recvmmsg+0x190/0x240 [ 835.225304][T25230] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 835.225322][T25230] ? rcu_is_watching+0x15/0xb0 [ 835.225352][T25230] ? do_syscall_64+0xbe/0x3b0 [ 835.225382][T25230] do_syscall_64+0xfa/0x3b0 [ 835.225408][T25230] ? lockdep_hardirqs_on+0x9c/0x150 [ 835.225434][T25230] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 835.225454][T25230] ? clear_bhb_loop+0x60/0xb0 [ 835.225481][T25230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 835.225500][T25230] RIP: 0033:0x7f09dcb8e929 [ 835.225520][T25230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 835.225538][T25230] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 835.225562][T25230] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929 [ 835.225577][T25230] RDX: 0000000000000001 RSI: 0000200000000480 RDI: 0000000000000003 [ 835.225590][T25230] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000 [ 835.225603][T25230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 835.225616][T25230] R13: 0000000000000000 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58 [ 835.225649][T25230] [ 835.478731][ T5862] Bluetooth: hci2: command tx timeout [ 835.880196][T25131] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 836.048060][T25131] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 836.178930][T25131] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 836.281459][T25248] netlink: 'syz.6.6024': attribute type 15 has an invalid length. [ 836.346201][T25131] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 836.455401][T25245] __nla_validate_parse: 1 callbacks suppressed [ 836.455425][T25245] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6023'. [ 836.522852][T25255] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6026'. [ 836.597756][T25255] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6026'. [ 836.639098][T25259] netlink: 96 bytes leftover after parsing attributes in process `syz.1.6029'. [ 836.710682][T25131] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 836.751919][T25131] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 836.786695][T25131] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 836.810136][T25131] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 836.982562][T25272] netlink: 'syz.0.6033': attribute type 29 has an invalid length. [ 837.003357][T25272] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6033'. [ 837.287585][T25131] 8021q: adding VLAN 0 to HW filter on device bond0 [ 837.327083][T25131] 8021q: adding VLAN 0 to HW filter on device team0 [ 837.361170][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 837.368402][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 837.432010][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 837.439353][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 837.537476][ T5862] Bluetooth: hci2: command tx timeout [ 838.746274][T25314] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6039'. [ 838.761846][T25131] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 838.811150][T25314] geneve2: entered promiscuous mode [ 838.820126][T25314] geneve2: entered allmulticast mode [ 838.847746][ T13] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 57686 - 0 [ 838.893576][ T1108] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 57686 - 0 [ 838.937087][ T1108] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 57686 - 0 [ 838.960982][ T1108] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 57686 - 0 [ 839.042758][T25323] netlink: 68 bytes leftover after parsing attributes in process `syz.5.6042'. [ 839.355285][T25333] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 839.481284][T25333] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 839.566648][T25332] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 839.617994][ T5862] Bluetooth: hci2: command tx timeout [ 839.843193][T25348] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 839.866900][T25131] veth0_vlan: entered promiscuous mode [ 839.924931][T25131] veth1_vlan: entered promiscuous mode [ 840.222641][ T6332] bridge_slave_1: left allmulticast mode [ 840.260912][ T6332] bridge_slave_1: left promiscuous mode [ 840.273656][ T6332] bridge0: port 2(bridge_slave_1) entered disabled state [ 840.298492][ T6332] bridge_slave_0: left allmulticast mode [ 840.304224][ T6332] bridge_slave_0: left promiscuous mode [ 840.321168][ T6332] bridge0: port 1(bridge_slave_0) entered disabled state [ 840.925937][ T6332] bond1 (unregistering): (slave gretap1): Releasing active interface [ 841.018269][ T6332] dvmrp0 (unregistering): left allmulticast mode [ 841.838981][ T6332] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 841.861661][ T6332] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 841.878359][ T6332] bond0 (unregistering): Released all slaves [ 841.900555][ T6332] bond1 (unregistering): Released all slaves [ 841.921116][ T6332] bond2 (unregistering): Released all slaves [ 841.963057][T25375] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6060'. [ 841.993337][T25131] veth0_macvtap: entered promiscuous mode [ 842.050759][T25131] veth1_macvtap: entered promiscuous mode [ 842.111756][T25375] veth0: entered promiscuous mode [ 842.143086][ T6332] tipc: Disabling bearer [ 842.164213][ T6332] tipc: Left network mode [ 842.221682][T25131] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 842.399254][T25389] FAULT_INJECTION: forcing a failure. [ 842.399254][T25389] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 842.434107][T25389] CPU: 1 UID: 0 PID: 25389 Comm: syz.0.6064 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 842.434141][T25389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 842.434155][T25389] Call Trace: [ 842.434164][T25389] [ 842.434174][T25389] dump_stack_lvl+0x189/0x250 [ 842.434207][T25389] ? __pfx____ratelimit+0x10/0x10 [ 842.434239][T25389] ? __pfx_dump_stack_lvl+0x10/0x10 [ 842.434266][T25389] ? __pfx__printk+0x10/0x10 [ 842.434296][T25389] ? __might_fault+0xb0/0x130 [ 842.434336][T25389] should_fail_ex+0x414/0x560 [ 842.434374][T25389] _copy_from_user+0x2d/0xb0 [ 842.434401][T25389] kstrtouint_from_user+0xc4/0x170 [ 842.434428][T25389] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 842.434472][T25389] proc_fail_nth_write+0x88/0x240 [ 842.434502][T25389] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 842.434540][T25389] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 842.434572][T25389] vfs_write+0x27e/0xa90 [ 842.434610][T25389] ? __pfx_vfs_write+0x10/0x10 [ 842.434637][T25389] ? __fget_files+0x2a/0x420 [ 842.434670][T25389] ? __fget_files+0x3a0/0x420 [ 842.434705][T25389] ? __fget_files+0x2a/0x420 [ 842.434734][T25389] ksys_write+0x145/0x250 [ 842.434751][T25389] ? __pfx_ksys_write+0x10/0x10 [ 842.434770][T25389] ? do_syscall_64+0xbe/0x3b0 [ 842.434789][T25389] do_syscall_64+0xfa/0x3b0 [ 842.434804][T25389] ? lockdep_hardirqs_on+0x9c/0x150 [ 842.434820][T25389] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 842.434832][T25389] ? clear_bhb_loop+0x60/0xb0 [ 842.434848][T25389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 842.434859][T25389] RIP: 0033:0x7f93e5d8d3df [ 842.434872][T25389] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 842.434883][T25389] RSP: 002b:00007f93e3bd5030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 842.434899][T25389] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f93e5d8d3df [ 842.434908][T25389] RDX: 0000000000000001 RSI: 00007f93e3bd50a0 RDI: 0000000000000004 [ 842.434915][T25389] RBP: 00007f93e3bd5090 R08: 0000000000000000 R09: 0000000000000000 [ 842.434923][T25389] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 842.434930][T25389] R13: 0000000000000001 R14: 00007f93e5fb6080 R15: 00007ffde91f66a8 [ 842.434961][T25389] [ 842.822858][T25131] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 842.854040][ T1108] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 842.923615][T18559] IPVS: starting estimator thread 0... [ 842.945913][ T1108] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.002921][ T1108] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.029490][T25395] IPVS: using max 24 ests per chain, 57600 per kthread [ 843.075081][ T1108] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.252150][T25403] batadv_slave_1: entered promiscuous mode [ 843.265875][T25401] batadv_slave_1: left promiscuous mode [ 843.571121][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 843.581010][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 843.902380][T25414] netlink: 'syz.1.6072': attribute type 303 has an invalid length. [ 844.036330][T25411] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6072'. [ 844.149191][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 844.218817][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 844.707442][T25435] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6078'. [ 844.832717][T25439] bridge1: entered allmulticast mode [ 845.200086][T25453] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6083'. [ 845.252557][T25455] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6083'. [ 845.332716][T25455] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6083'. [ 846.651804][T25454] A link change request failed with some changes committed already. Interface veth0_macvtap may have been left with an inconsistent configuration, please check. [ 846.846651][T25468] syzkaller1: tun_chr_ioctl cmd 35111 [ 847.183656][ T6332] IPVS: stop unused estimator thread 0... [ 847.491062][T25495] FAULT_INJECTION: forcing a failure. [ 847.491062][T25495] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 847.521751][T25495] CPU: 1 UID: 0 PID: 25495 Comm: syz.6.6095 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 847.521782][T25495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 847.521795][T25495] Call Trace: [ 847.521804][T25495] [ 847.521813][T25495] dump_stack_lvl+0x189/0x250 [ 847.521844][T25495] ? __pfx____ratelimit+0x10/0x10 [ 847.521872][T25495] ? __pfx_dump_stack_lvl+0x10/0x10 [ 847.521896][T25495] ? __pfx__printk+0x10/0x10 [ 847.521923][T25495] ? __might_fault+0xb0/0x130 [ 847.521963][T25495] should_fail_ex+0x414/0x560 [ 847.521998][T25495] _copy_to_iter+0x1db/0x16f0 [ 847.522022][T25495] ? __bpf_trace_contention_begin+0xdc/0x130 [ 847.522057][T25495] ? __lock_acquire+0xab9/0xd20 [ 847.522079][T25495] ? __pfx__copy_to_iter+0x10/0x10 [ 847.522105][T25495] ? __local_bh_enable_ip+0x12d/0x1c0 [ 847.522129][T25495] ? lockdep_hardirqs_on+0x9c/0x150 [ 847.522160][T25495] ? page_copy_sane+0x16a/0x280 [ 847.522184][T25495] copy_page_to_iter+0x10c/0x1c0 [ 847.522212][T25495] sk_msg_recvmsg+0x28e/0xc20 [ 847.522270][T25495] unix_bpf_recvmsg+0x5a4/0xda0 [ 847.522318][T25495] ? __pfx_unix_bpf_recvmsg+0x10/0x10 [ 847.522342][T25495] ? __pfx_woken_wake_function+0x10/0x10 [ 847.522365][T25495] ? aa_sock_msg_perm+0x94/0x160 [ 847.522399][T25495] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 847.522417][T25495] ? unix_dgram_recvmsg+0x71/0xd0 [ 847.522436][T25495] ? __pfx_unix_dgram_recvmsg+0x10/0x10 [ 847.522456][T25495] sock_recvmsg+0x229/0x270 [ 847.522487][T25495] ____sys_recvmsg+0x1c9/0x460 [ 847.522519][T25495] ? __pfx_____sys_recvmsg+0x10/0x10 [ 847.522559][T25495] ? import_iovec+0x74/0xa0 [ 847.522585][T25495] ___sys_recvmsg+0x1b5/0x510 [ 847.522609][T25495] ? __pfx____sys_recvmsg+0x10/0x10 [ 847.522669][T25495] ? __fget_files+0x3a0/0x420 [ 847.522711][T25495] __x64_sys_recvmsg+0x198/0x260 [ 847.522736][T25495] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 847.522774][T25495] ? __pfx_ksys_write+0x10/0x10 [ 847.522796][T25495] ? rcu_is_watching+0x15/0xb0 [ 847.522826][T25495] ? do_syscall_64+0xbe/0x3b0 [ 847.522859][T25495] do_syscall_64+0xfa/0x3b0 [ 847.522883][T25495] ? lockdep_hardirqs_on+0x9c/0x150 [ 847.522906][T25495] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.522926][T25495] ? clear_bhb_loop+0x60/0xb0 [ 847.522950][T25495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.522966][T25495] RIP: 0033:0x7f09dcb8e929 [ 847.522984][T25495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 847.523002][T25495] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 847.523025][T25495] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929 [ 847.523039][T25495] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003 [ 847.523052][T25495] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000 [ 847.523065][T25495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 847.523077][T25495] R13: 0000000000000000 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58 [ 847.523113][T25495] [ 848.918741][T25516] tipc: Started in network mode [ 848.931683][T25516] tipc: Node identity 1e1784b153ca, cluster identity 4711 [ 848.938141][T21248] IPVS: starting estimator thread 0... [ 848.945115][T25519] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 848.950676][T25516] tipc: Enabled bearer , priority 0 [ 849.023447][T25516] tipc: Disabling bearer [ 849.029866][T25523] IPVS: using max 23 ests per chain, 55200 per kthread [ 849.310270][T25533] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6104'. [ 849.626485][T25543] netlink: 'syz.1.6103': attribute type 21 has an invalid length. [ 849.977369][T25536] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 850.031275][T25543] netlink: 156 bytes leftover after parsing attributes in process `syz.1.6103'. [ 850.236616][T25545] bridge0: port 2(bridge_slave_1) entered disabled state [ 850.244493][T25545] bridge0: port 1(bridge_slave_0) entered disabled state [ 850.565622][T25545] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 850.669640][T25545] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 850.892653][T25545] veth0: left promiscuous mode [ 851.000269][ T801] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 851.024473][ T801] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 57686 - 0 [ 851.052025][ T801] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 851.075947][ T801] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 57686 - 0 [ 851.089178][ T801] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 851.107409][ T801] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 57686 - 0 [ 851.271912][ T801] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 851.292680][ T801] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 57686 - 0 [ 851.531173][T25574] FAULT_INJECTION: forcing a failure. [ 851.531173][T25574] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 851.577975][T25574] CPU: 0 UID: 0 PID: 25574 Comm: syz.6.6116 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 851.578010][T25574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 851.578023][T25574] Call Trace: [ 851.578031][T25574] [ 851.578040][T25574] dump_stack_lvl+0x189/0x250 [ 851.578071][T25574] ? __pfx____ratelimit+0x10/0x10 [ 851.578097][T25574] ? __pfx_dump_stack_lvl+0x10/0x10 [ 851.578121][T25574] ? __pfx__printk+0x10/0x10 [ 851.578150][T25574] ? __might_fault+0xb0/0x130 [ 851.578200][T25574] should_fail_ex+0x414/0x560 [ 851.578236][T25574] _copy_from_user+0x2d/0xb0 [ 851.578261][T25574] ___sys_sendmsg+0x158/0x2a0 [ 851.578286][T25574] ? __pfx____sys_sendmsg+0x10/0x10 [ 851.578368][T25574] ? __might_fault+0xb0/0x130 [ 851.578405][T25574] __sys_sendmmsg+0x227/0x430 [ 851.578431][T25574] ? __pfx___sys_sendmmsg+0x10/0x10 [ 851.578447][T25574] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 851.578503][T25574] ? ksys_write+0x22a/0x250 [ 851.578529][T25574] ? __pfx_ksys_write+0x10/0x10 [ 851.578551][T25574] ? rcu_is_watching+0x15/0xb0 [ 851.578585][T25574] __x64_sys_sendmmsg+0xa0/0xc0 [ 851.578606][T25574] do_syscall_64+0xfa/0x3b0 [ 851.578628][T25574] ? lockdep_hardirqs_on+0x9c/0x150 [ 851.578655][T25574] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 851.578676][T25574] ? clear_bhb_loop+0x60/0xb0 [ 851.578703][T25574] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 851.578722][T25574] RIP: 0033:0x7f09dcb8e929 [ 851.578743][T25574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 851.578762][T25574] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 851.578785][T25574] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929 [ 851.578800][T25574] RDX: 0000000000000300 RSI: 0000200000004d00 RDI: 0000000000000003 [ 851.578814][T25574] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000 [ 851.578827][T25574] R10: 0000000000000f1c R11: 0000000000000246 R12: 0000000000000001 [ 851.578840][T25574] R13: 0000000000000000 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58 [ 851.578885][T25574] [ 851.975348][T25581] netlink: 'syz.5.6119': attribute type 1 has an invalid length. [ 852.060507][T25581] 8021q: adding VLAN 0 to HW filter on device bond2 [ 852.071311][T25588] netlink: 'syz.4.6121': attribute type 1 has an invalid length. [ 852.168403][T25584] 8021q: adding VLAN 0 to HW filter on device bond2 [ 852.175984][T25584] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 852.189942][T25584] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 852.256036][T25590] gretap2: entered promiscuous mode [ 852.276749][T25590] bond2: (slave gretap2): making interface the new active one [ 852.305866][T25590] bond2: (slave gretap2): Enslaving as an active interface with an up link [ 852.430609][T25594] vlan2: entered allmulticast mode [ 852.456097][T25594] veth0_to_bond: entered allmulticast mode [ 852.457158][T25598] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6124'. [ 852.560083][T25581] bond2: (slave vlan3): the slave hw address is in use by the bond; giving it the hw address of gretap2 [ 852.706579][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807a0ef400: rx timeout, send abort [ 852.738707][T25593] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6120'. [ 852.808640][T25607] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6126'. [ 852.853697][T25593] gre0: entered promiscuous mode [ 852.862515][T25593] gre0: entered allmulticast mode [ 852.903950][T25607] geneve2: entered promiscuous mode [ 852.917356][T25607] geneve2: entered allmulticast mode [ 852.956779][ T6332] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 37331 - 0 [ 853.011882][ T6332] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 37331 - 0 [ 853.022012][ T6332] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 37331 - 0 [ 853.116193][ T6332] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 37331 - 0 [ 853.652340][T25633] FAULT_INJECTION: forcing a failure. [ 853.652340][T25633] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 853.680934][T25633] CPU: 0 UID: 0 PID: 25633 Comm: syz.5.6134 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 853.680968][T25633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 853.680981][T25633] Call Trace: [ 853.680990][T25633] [ 853.681000][T25633] dump_stack_lvl+0x189/0x250 [ 853.681030][T25633] ? __pfx____ratelimit+0x10/0x10 [ 853.681057][T25633] ? __pfx_dump_stack_lvl+0x10/0x10 [ 853.681082][T25633] ? __pfx__printk+0x10/0x10 [ 853.681110][T25633] ? __might_fault+0xb0/0x130 [ 853.681150][T25633] should_fail_ex+0x414/0x560 [ 853.681189][T25633] _copy_to_iter+0x1db/0x16f0 [ 853.681223][T25633] ? __lock_acquire+0xab9/0xd20 [ 853.681247][T25633] ? __pfx__copy_to_iter+0x10/0x10 [ 853.681274][T25633] ? __local_bh_enable_ip+0x12d/0x1c0 [ 853.681297][T25633] ? lockdep_hardirqs_on+0x9c/0x150 [ 853.681329][T25633] ? page_copy_sane+0x16a/0x280 [ 853.681355][T25633] copy_page_to_iter+0x10c/0x1c0 [ 853.681382][T25633] sk_msg_recvmsg+0x28e/0xc20 [ 853.681440][T25633] unix_bpf_recvmsg+0x5a4/0xda0 [ 853.681487][T25633] ? __pfx_unix_bpf_recvmsg+0x10/0x10 [ 853.681512][T25633] ? __pfx_woken_wake_function+0x10/0x10 [ 853.681536][T25633] ? aa_sock_msg_perm+0x94/0x160 [ 853.681568][T25633] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 853.681586][T25633] ? unix_dgram_recvmsg+0x71/0xd0 [ 853.681605][T25633] ? __pfx_unix_dgram_recvmsg+0x10/0x10 [ 853.681625][T25633] sock_recvmsg+0x229/0x270 [ 853.681657][T25633] ____sys_recvmsg+0x1c9/0x460 [ 853.681691][T25633] ? __pfx_____sys_recvmsg+0x10/0x10 [ 853.681732][T25633] ? import_iovec+0x74/0xa0 [ 853.681761][T25633] ___sys_recvmsg+0x1b5/0x510 [ 853.681789][T25633] ? __pfx____sys_recvmsg+0x10/0x10 [ 853.681851][T25633] ? __fget_files+0x3a0/0x420 [ 853.681893][T25633] __x64_sys_recvmsg+0x198/0x260 [ 853.681918][T25633] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 853.681952][T25633] ? __pfx_ksys_write+0x10/0x10 [ 853.681974][T25633] ? rcu_is_watching+0x15/0xb0 [ 853.682006][T25633] ? do_syscall_64+0xbe/0x3b0 [ 853.682039][T25633] do_syscall_64+0xfa/0x3b0 [ 853.682066][T25633] ? lockdep_hardirqs_on+0x9c/0x150 [ 853.682092][T25633] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 853.682113][T25633] ? clear_bhb_loop+0x60/0xb0 [ 853.682139][T25633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 853.682160][T25633] RIP: 0033:0x7fc9fc38e929 [ 853.682180][T25633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 853.682200][T25633] RSP: 002b:00007fc9fa1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 853.682222][T25633] RAX: ffffffffffffffda RBX: 00007fc9fc5b5fa0 RCX: 00007fc9fc38e929 [ 853.682238][T25633] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003 [ 853.682251][T25633] RBP: 00007fc9fa1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 853.682264][T25633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 853.682276][T25633] R13: 0000000000000000 R14: 00007fc9fc5b5fa0 R15: 00007ffd29cda728 [ 853.682311][T25633] [ 854.027582][T25638] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 43046 - 0 [ 854.127900][T25638] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 854.247926][T25639] batadv_slave_1: entered promiscuous mode [ 854.255708][T25644] FAULT_INJECTION: forcing a failure. [ 854.255708][T25644] name failslab, interval 1, probability 0, space 0, times 0 [ 854.255973][T25643] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6137'. [ 854.269816][T25644] CPU: 0 UID: 0 PID: 25644 Comm: syz.6.6138 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 854.269845][T25644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 854.269856][T25644] Call Trace: [ 854.269864][T25644] [ 854.269882][T25644] dump_stack_lvl+0x189/0x250 [ 854.269911][T25644] ? __pfx____ratelimit+0x10/0x10 [ 854.269936][T25644] ? __pfx_dump_stack_lvl+0x10/0x10 [ 854.269958][T25644] ? __pfx__printk+0x10/0x10 [ 854.269985][T25644] ? trace_fib_table_lookup+0x85/0x200 [ 854.270022][T25644] should_fail_ex+0x414/0x560 [ 854.270054][T25644] should_failslab+0xa8/0x100 [ 854.270080][T25644] kmem_cache_alloc_noprof+0x73/0x3c0 [ 854.270102][T25644] ? dst_alloc+0x105/0x170 [ 854.270117][T25644] ? fib_lookup+0x76/0x440 [ 854.270139][T25644] dst_alloc+0x105/0x170 [ 854.270163][T25644] ip_route_output_key_hash_rcu+0x1482/0x23a0 [ 854.270194][T25644] ? ip_route_output_key_hash+0xde/0x2e0 [ 854.270216][T25644] ip_route_output_key_hash+0x1b9/0x2e0 [ 854.270235][T25644] ? __lock_acquire+0xab9/0xd20 [ 854.270257][T25644] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 854.270297][T25644] ip_route_output_flow+0x2a/0x150 [ 854.270322][T25644] ? security_sk_classify_flow+0x70/0x180 [ 854.270349][T25644] udp_sendmsg+0x140c/0x2300 [ 854.270374][T25644] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 854.270411][T25644] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 854.270431][T25644] ? __pfx_udp_sendmsg+0x10/0x10 [ 854.270459][T25644] ? __lock_acquire+0xab9/0xd20 [ 854.270501][T25644] ? __lock_acquire+0xab9/0xd20 [ 854.270520][T25644] ? __pfx_aa_sk_perm+0x10/0x10 [ 854.270550][T25644] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 854.270574][T25644] ? sock_rps_record_flow+0x19/0x410 [ 854.270599][T25644] ? inet_sendmsg+0x29c/0x370 [ 854.270618][T25644] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 854.270640][T25644] __sock_sendmsg+0x19c/0x270 [ 854.270666][T25644] ____sys_sendmsg+0x52d/0x830 [ 854.270701][T25644] ? __pfx_____sys_sendmsg+0x10/0x10 [ 854.270739][T25644] ? import_iovec+0x74/0xa0 [ 854.270766][T25644] ___sys_sendmsg+0x21f/0x2a0 [ 854.270787][T25644] ? __pfx____sys_sendmsg+0x10/0x10 [ 854.270856][T25644] ? __might_fault+0xb0/0x130 [ 854.270890][T25644] __sys_sendmmsg+0x227/0x430 [ 854.270915][T25644] ? __pfx___sys_sendmmsg+0x10/0x10 [ 854.270931][T25644] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 854.270987][T25644] ? ksys_write+0x22a/0x250 [ 854.271011][T25644] ? __pfx_ksys_write+0x10/0x10 [ 854.271030][T25644] ? rcu_is_watching+0x15/0xb0 [ 854.271060][T25644] __x64_sys_sendmmsg+0xa0/0xc0 [ 854.271080][T25644] do_syscall_64+0xfa/0x3b0 [ 854.271103][T25644] ? lockdep_hardirqs_on+0x9c/0x150 [ 854.271126][T25644] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 854.271144][T25644] ? clear_bhb_loop+0x60/0xb0 [ 854.271167][T25644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 854.271185][T25644] RIP: 0033:0x7f09dcb8e929 [ 854.271203][T25644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 854.271218][T25644] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 854.271239][T25644] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929 [ 854.271252][T25644] RDX: 0000000000000300 RSI: 0000200000004d00 RDI: 0000000000000003 [ 854.271264][T25644] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000 [ 854.271276][T25644] R10: 0000000000000f1c R11: 0000000000000246 R12: 0000000000000001 [ 854.271287][T25644] R13: 0000000000000000 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58 [ 854.271319][T25644] [ 854.460238][T25652] netlink: 'syz.6.6141': attribute type 13 has an invalid length. [ 854.987605][T25634] batadv_slave_1: left promiscuous mode [ 855.038800][T25652] vlan0: refused to change device tx_queue_len [ 855.053230][T25652] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 855.227818][T25638] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 43046 - 0 [ 855.265808][T25638] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 855.342871][T25657] netlink: 68 bytes leftover after parsing attributes in process `syz.5.6142'. [ 855.393510][T25659] netlink: 'syz.6.6143': attribute type 7 has an invalid length. [ 855.411333][T25659] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 855.536596][T25638] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 43046 - 0 [ 855.557365][T25638] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 855.627938][T25665] netlink: 676 bytes leftover after parsing attributes in process `syz.5.6146'. [ 855.641819][T25665] netlink: 676 bytes leftover after parsing attributes in process `syz.5.6146'. [ 855.676001][T25638] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 43046 - 0 [ 855.717375][T25638] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 855.929411][ T36] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 43046 - 0 [ 855.941996][ T36] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 856.078491][ T1155] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 43046 - 0 [ 856.086986][ T1155] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 856.193750][ T1155] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 43046 - 0 [ 856.230713][ T1155] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 856.289474][ T36] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 43046 - 0 [ 856.319277][ T36] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 856.389716][T25679] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6150'. [ 856.401287][T25679] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6150'. [ 856.490601][T25682] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6150'. [ 856.635419][T25688] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6155'. [ 856.942241][T25697] netlink: 16386 bytes leftover after parsing attributes in process `syz.4.6158'. [ 856.996401][T25702] netlink: 'syz.4.6158': attribute type 3 has an invalid length. [ 857.061112][T25700] macsec1: entered promiscuous mode [ 857.066478][T25700] ip6gretap0: entered promiscuous mode [ 857.081912][T25700] macsec1: entered allmulticast mode [ 857.090272][T25700] ip6gretap0: entered allmulticast mode [ 857.106739][T25700] ip6gretap0: left allmulticast mode [ 857.116199][T25700] ip6gretap0: left promiscuous mode [ 857.256928][T25707] netlink: 88 bytes leftover after parsing attributes in process `syz.6.6160'. [ 857.277529][T25707] netlink: 48 bytes leftover after parsing attributes in process `syz.6.6160'. [ 857.349193][T25709] netlink: 'syz.0.6163': attribute type 10 has an invalid length. [ 857.373883][T25709] bridge0: port 3(dummy0) entered blocking state [ 857.388610][T25709] bridge0: port 3(dummy0) entered disabled state [ 857.405390][T25709] dummy0: entered allmulticast mode [ 857.444809][T25709] dummy0: entered promiscuous mode [ 858.725443][T25751] netlink: 'syz.6.6174': attribute type 8 has an invalid length. [ 858.823232][T25756] bridge0: port 1(bridge_slave_0) entered disabled state [ 858.833713][T25756] bridge0: port 2(bridge_slave_1) entered disabled state [ 858.897743][ T1155] netdevsim netdevsim6 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 858.918820][ T1155] netdevsim netdevsim6 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 859.134143][T25754] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 859.149704][T25754] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 859.307891][ T12] netdevsim netdevsim6 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 859.323320][ T12] netdevsim netdevsim6 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 859.411726][ T12] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 859.421161][ T12] netdevsim netdevsim4 netdevsim0: unset [1, 1] type 2 family 0 port 37331 - 0 [ 859.430494][ T12] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 859.447772][ T12] netdevsim netdevsim4 netdevsim1: unset [1, 1] type 2 family 0 port 37331 - 0 [ 859.492727][ T12] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 859.509354][ T12] netdevsim netdevsim4 netdevsim2: unset [1, 1] type 2 family 0 port 37331 - 0 [ 859.522533][ T12] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 859.532895][ T12] netdevsim netdevsim4 netdevsim3: unset [1, 1] type 2 family 0 port 37331 - 0 [ 860.342370][T25789] 8021q: VLANs not supported on ip_vti0 [ 860.364238][T25791] __nla_validate_parse: 5 callbacks suppressed [ 860.364259][T25791] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6187'. [ 860.414798][T25789] 8021q: VLANs not supported on ip_vti0 [ 860.416071][T25795] IPVS: set_ctl: invalid protocol: 8 224.0.0.2:20004 [ 860.499162][T25792] netlink: 'syz.0.6187': attribute type 2 has an invalid length. [ 860.531096][T25800] netlink: 'syz.1.6190': attribute type 10 has an invalid length. [ 860.537397][T25792] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 860.547254][T25800] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6190'. [ 860.602704][T25800] bridge0: port 2(dummy0) entered blocking state [ 860.619591][T25800] bridge0: port 2(dummy0) entered disabled state [ 860.636628][T25800] dummy0: entered allmulticast mode [ 860.669241][T25800] dummy0: entered promiscuous mode [ 860.704010][T25800] bridge0: port 2(dummy0) entered blocking state [ 860.710600][T25800] bridge0: port 2(dummy0) entered forwarding state [ 860.758389][T25791] netlink: 16386 bytes leftover after parsing attributes in process `syz.0.6187'. [ 860.795531][T25792] vlan2: entered allmulticast mode [ 861.706089][T25836] netlink: 'syz.6.6200': attribute type 27 has an invalid length. [ 861.914404][T25845] syzkaller0: entered promiscuous mode [ 861.924586][T25845] syzkaller0: entered allmulticast mode [ 862.122130][T25848] bridge0: port 2(dummy0) entered disabled state [ 862.128904][T25848] bridge0: port 1(bridge_slave_0) entered disabled state [ 862.242264][ T5951] IPVS: starting estimator thread 0... [ 862.338336][T25853] IPVS: using max 23 ests per chain, 55200 per kthread [ 862.495252][T25848] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 862.549481][T25848] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 862.917264][T25849] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 863.063937][T25859] gre1: entered allmulticast mode [ 863.071242][T25865] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6210'. [ 863.130044][ T6332] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 43046 - 0 [ 863.159261][ T6332] netdevsim netdevsim1 eth0: unset [1, 1] type 2 family 0 port 6081 - 0 [ 863.173590][ T6332] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 43046 - 0 [ 863.197343][ T6332] netdevsim netdevsim1 eth1: unset [1, 1] type 2 family 0 port 6081 - 0 [ 863.260241][T25864] netlink: 546 bytes leftover after parsing attributes in process `syz.6.6211'. [ 863.276015][T25865] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 43046 - 0 [ 863.290534][T25865] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 863.307490][ T6332] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 43046 - 0 [ 863.315972][ T6332] netdevsim netdevsim1 eth2: unset [1, 1] type 2 family 0 port 6081 - 0 [ 863.788801][T25888] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6218'. [ 863.822906][T25889] netlink: 'syz.5.6216': attribute type 303 has an invalid length. [ 863.844851][T25887] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6216'. [ 864.190997][T25893] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6220'. [ 864.201261][T25893] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6220'. [ 864.265990][T25896] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6220'. [ 864.327880][T25901] netlink: 'syz.5.6222': attribute type 1 has an invalid length. [ 864.335710][T25901] netlink: 'syz.5.6222': attribute type 2 has an invalid length. [ 864.418747][T25899] netlink: 'syz.0.6221': attribute type 6 has an invalid length. [ 865.006850][T25915] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 865.421219][T25925] netlink: 'syz.5.6232': attribute type 10 has an invalid length. [ 865.447434][T25925] __nla_validate_parse: 4 callbacks suppressed [ 865.447457][T25925] netlink: 40 bytes leftover after parsing attributes in process `syz.5.6232'. [ 865.484636][T25927] gre1: entered promiscuous mode [ 865.654931][T25935] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6234'. [ 865.670733][T25935] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6234'. [ 866.292187][T25959] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6242'. [ 866.527046][T25964] batadv_slave_1: entered promiscuous mode [ 866.554014][T25961] batadv_slave_1: left promiscuous mode [ 866.732398][T25971] netlink: 'syz.1.6247': attribute type 21 has an invalid length. [ 866.752430][T25970] netlink: 'syz.0.6246': attribute type 4 has an invalid length. [ 866.767399][T25971] IPv6: NLM_F_CREATE should be specified when creating new route [ 866.816952][T25970] netlink: 'syz.0.6246': attribute type 4 has an invalid length. [ 866.848413][T25971] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6247'. [ 866.879788][T25971] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6247'. [ 866.909395][T25974] FAULT_INJECTION: forcing a failure. [ 866.909395][T25974] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 866.953713][T25971] netlink: 'syz.1.6247': attribute type 12 has an invalid length. [ 866.975160][T25974] CPU: 1 UID: 0 PID: 25974 Comm: syz.6.6248 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 866.975194][T25974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 866.975206][T25974] Call Trace: [ 866.975215][T25974] [ 866.975224][T25974] dump_stack_lvl+0x189/0x250 [ 866.975260][T25974] ? __pfx____ratelimit+0x10/0x10 [ 866.975291][T25974] ? __pfx_dump_stack_lvl+0x10/0x10 [ 866.975317][T25974] ? __pfx__printk+0x10/0x10 [ 866.975348][T25974] ? fs_reclaim_acquire+0x7d/0x100 [ 866.975389][T25974] should_fail_ex+0x414/0x560 [ 866.975427][T25974] prepare_alloc_pages+0x213/0x610 [ 866.975468][T25974] __alloc_frozen_pages_noprof+0x123/0x370 [ 866.975505][T25974] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 866.975549][T25974] ? policy_nodemask+0x27c/0x720 [ 866.975573][T25974] ? __lock_acquire+0xab9/0xd20 [ 866.975602][T25974] alloc_pages_mpol+0x232/0x4a0 [ 866.975636][T25974] vma_alloc_folio_noprof+0xe4/0x200 [ 866.975668][T25974] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 866.975711][T25974] folio_prealloc+0x30/0x180 [ 866.975740][T25974] __handle_mm_fault+0x183f/0x5620 [ 866.975790][T25974] ? __pfx___handle_mm_fault+0x10/0x10 [ 866.975842][T25974] ? follow_page_pte+0x8d6/0x14b0 [ 866.975879][T25974] handle_mm_fault+0x40a/0x8e0 [ 866.975917][T25974] __get_user_pages+0x1af4/0x30b0 [ 866.975956][T25974] ? mt_find+0x15c/0x5f0 [ 866.976010][T25974] ? __pfx___get_user_pages+0x10/0x10 [ 866.976046][T25974] populate_vma_page_range+0x26b/0x340 [ 866.976073][T25974] ? __pfx_populate_vma_page_range+0x10/0x10 [ 866.976093][T25974] ? userfaultfd_unmap_complete+0x278/0x2d0 [ 866.976124][T25974] ? down_read+0x1ad/0x2e0 [ 866.976158][T25974] __mm_populate+0x24c/0x380 [ 866.976184][T25974] ? __pfx___mm_populate+0x10/0x10 [ 866.976210][T25974] ? up_write+0x1c4/0x420 [ 866.976244][T25974] vm_mmap_pgoff+0x3f0/0x4c0 [ 866.976274][T25974] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 866.976298][T25974] ? __fget_files+0x2a/0x420 [ 866.976333][T25974] ? __fget_files+0x3a0/0x420 [ 866.976360][T25974] ? __fget_files+0x2a/0x420 [ 866.976394][T25974] ksys_mmap_pgoff+0x51f/0x760 [ 866.976429][T25974] do_syscall_64+0xfa/0x3b0 [ 866.976455][T25974] ? lockdep_hardirqs_on+0x9c/0x150 [ 866.976482][T25974] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 866.976503][T25974] ? clear_bhb_loop+0x60/0xb0 [ 866.976530][T25974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 866.976551][T25974] RIP: 0033:0x7f09dcb8e929 [ 866.976570][T25974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 866.976587][T25974] RSP: 002b:00007f09dda73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 866.976610][T25974] RAX: ffffffffffffffda RBX: 00007f09dcdb6080 RCX: 00007f09dcb8e929 [ 866.976626][T25974] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000 [ 866.976640][T25974] RBP: 00007f09dda73090 R08: 0000000000000005 R09: 0000000000000000 [ 866.976653][T25974] R10: 0000000000022052 R11: 0000000000000246 R12: 0000000000000002 [ 866.976666][T25974] R13: 0000000000000000 R14: 00007f09dcdb6080 R15: 00007ffd18a1be58 [ 866.976702][T25974] [ 867.300329][T25971] netlink: 'syz.1.6247': attribute type 14 has an invalid length. [ 867.796483][T26000] syzkaller0: entered promiscuous mode [ 867.805165][T26000] syzkaller0: entered allmulticast mode [ 867.819096][T26002] batadv_slave_1: entered promiscuous mode [ 867.840477][T26001] batadv_slave_1: left promiscuous mode [ 867.924023][T26006] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6260'. [ 868.146235][T26004] netlink: 'syz.5.6259': attribute type 303 has an invalid length. [ 868.253753][T26004] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6259'. [ 868.484588][T26030] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6268'. [ 868.625613][T26040] batadv_slave_1: entered promiscuous mode [ 868.647902][T26039] batadv_slave_1: left promiscuous mode [ 868.913538][T26054] FAULT_INJECTION: forcing a failure. [ 868.913538][T26054] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 868.927385][T26054] CPU: 0 UID: 0 PID: 26054 Comm: syz.6.6274 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 868.927416][T26054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 868.927429][T26054] Call Trace: [ 868.927438][T26054] [ 868.927447][T26054] dump_stack_lvl+0x189/0x250 [ 868.927478][T26054] ? __pfx____ratelimit+0x10/0x10 [ 868.927506][T26054] ? __pfx_dump_stack_lvl+0x10/0x10 [ 868.927529][T26054] ? __pfx__printk+0x10/0x10 [ 868.927557][T26054] ? fs_reclaim_acquire+0x7d/0x100 [ 868.927595][T26054] should_fail_ex+0x414/0x560 [ 868.927629][T26054] prepare_alloc_pages+0x213/0x610 [ 868.927669][T26054] __alloc_frozen_pages_noprof+0x123/0x370 [ 868.927706][T26054] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 868.927749][T26054] ? policy_nodemask+0x27c/0x720 [ 868.927773][T26054] ? __lock_acquire+0xab9/0xd20 [ 868.927801][T26054] alloc_pages_mpol+0x232/0x4a0 [ 868.927843][T26054] vma_alloc_folio_noprof+0xe4/0x200 [ 868.927874][T26054] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 868.927916][T26054] folio_prealloc+0x30/0x180 [ 868.927946][T26054] __handle_mm_fault+0x183f/0x5620 [ 868.927995][T26054] ? __pfx___handle_mm_fault+0x10/0x10 [ 868.928037][T26054] ? follow_page_pte+0x8d6/0x14b0 [ 868.928073][T26054] handle_mm_fault+0x40a/0x8e0 [ 868.928110][T26054] __get_user_pages+0x1af4/0x30b0 [ 868.928149][T26054] ? mt_find+0x15c/0x5f0 [ 868.928202][T26054] ? __pfx___get_user_pages+0x10/0x10 [ 868.928237][T26054] populate_vma_page_range+0x26b/0x340 [ 868.928264][T26054] ? __pfx_populate_vma_page_range+0x10/0x10 [ 868.928283][T26054] ? userfaultfd_unmap_complete+0x278/0x2d0 [ 868.928314][T26054] ? down_read+0x1ad/0x2e0 [ 868.928348][T26054] __mm_populate+0x24c/0x380 [ 868.928373][T26054] ? __pfx___mm_populate+0x10/0x10 [ 868.928398][T26054] ? up_write+0x1c4/0x420 [ 868.928451][T26054] vm_mmap_pgoff+0x3f0/0x4c0 [ 868.928480][T26054] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 868.928503][T26054] ? __fget_files+0x2a/0x420 [ 868.928538][T26054] ? __fget_files+0x3a0/0x420 [ 868.928563][T26054] ? __fget_files+0x2a/0x420 [ 868.928595][T26054] ksys_mmap_pgoff+0x51f/0x760 [ 868.928629][T26054] do_syscall_64+0xfa/0x3b0 [ 868.928655][T26054] ? lockdep_hardirqs_on+0x9c/0x150 [ 868.928681][T26054] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 868.928703][T26054] ? clear_bhb_loop+0x60/0xb0 [ 868.928728][T26054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 868.928749][T26054] RIP: 0033:0x7f09dcb8e929 [ 868.928768][T26054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 868.928786][T26054] RSP: 002b:00007f09dda73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 868.928817][T26054] RAX: ffffffffffffffda RBX: 00007f09dcdb6080 RCX: 00007f09dcb8e929 [ 868.928833][T26054] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000 [ 868.928847][T26054] RBP: 00007f09dda73090 R08: 0000000000000005 R09: 0000000000000000 [ 868.928861][T26054] R10: 0000000000022052 R11: 0000000000000246 R12: 0000000000000002 [ 868.928873][T26054] R13: 0000000000000000 R14: 00007f09dcdb6080 R15: 00007ffd18a1be58 [ 868.928909][T26054] [ 869.645170][T26071] batadv_slave_1: entered promiscuous mode [ 869.651851][T26070] batadv_slave_1: left promiscuous mode [ 869.916181][T26079] netlink: 88 bytes leftover after parsing attributes in process `syz.0.6288'. [ 870.957610][T26105] __nla_validate_parse: 2 callbacks suppressed [ 870.957633][T26105] netlink: 112 bytes leftover after parsing attributes in process `syz.5.6297'. [ 871.047739][T26105] netlink: 1 bytes leftover after parsing attributes in process `syz.5.6297'. [ 871.173933][T26108] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 871.231575][T26108] siw: device registration error -23 [ 871.570134][T26125] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6300'. [ 871.617431][T26125] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6300'. [ 871.925388][T26134] netlink: 88 bytes leftover after parsing attributes in process `syz.5.6306'. [ 871.953467][T26134] netlink: 48 bytes leftover after parsing attributes in process `syz.5.6306'. [ 872.012353][T26140] netlink: 48 bytes leftover after parsing attributes in process `syz.1.6308'. [ 872.230514][T26147] syzkaller0: entered promiscuous mode [ 872.261364][T26147] syzkaller0: entered allmulticast mode [ 872.641098][T26163] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 872.665798][T26165] IPv6: NLM_F_REPLACE set, but no existing node found! [ 873.174902][T26186] netlink: 88 bytes leftover after parsing attributes in process `syz.6.6324'. [ 873.216025][T26186] netlink: 48 bytes leftover after parsing attributes in process `syz.6.6324'. [ 873.327801][T26191] nbd0: detected capacity change from 0 to 63 [ 873.633705][T26201] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6325'. [ 873.699161][T26213] syzkaller0: entered promiscuous mode [ 873.710070][T17323] block nbd0: Receive control failed (result -32) [ 873.711794][T26213] syzkaller0: entered allmulticast mode [ 874.295811][T26246] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on [ 874.552309][T26254] FAULT_INJECTION: forcing a failure. [ 874.552309][T26254] name failslab, interval 1, probability 0, space 0, times 0 [ 874.567693][T26254] CPU: 0 UID: 0 PID: 26254 Comm: syz.6.6346 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 874.567726][T26254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 874.567740][T26254] Call Trace: [ 874.567749][T26254] [ 874.567758][T26254] dump_stack_lvl+0x189/0x250 [ 874.567796][T26254] ? __pfx____ratelimit+0x10/0x10 [ 874.567823][T26254] ? __pfx_dump_stack_lvl+0x10/0x10 [ 874.567864][T26254] ? __pfx__printk+0x10/0x10 [ 874.567900][T26254] ? __pfx___might_resched+0x10/0x10 [ 874.567930][T26254] should_fail_ex+0x414/0x560 [ 874.567965][T26254] should_failslab+0xa8/0x100 [ 874.567994][T26254] __kmalloc_cache_node_noprof+0x73/0x3d0 [ 874.568021][T26254] ? __get_vm_area_node+0x13f/0x300 [ 874.568050][T26254] __get_vm_area_node+0x13f/0x300 [ 874.568082][T26254] __vmalloc_node_range_noprof+0x301/0x12f0 [ 874.568109][T26254] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 874.568132][T26254] ? is_bpf_text_address+0x26/0x2b0 [ 874.568177][T26254] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 874.568202][T26254] ? __might_fault+0xb0/0x130 [ 874.568224][T26254] ? __pfx_aa_get_newest_label+0x10/0x10 [ 874.568251][T26254] ? _parse_integer_limit+0x1ae/0x1f0 [ 874.568287][T26254] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 874.568305][T26254] __vmalloc_noprof+0xb1/0xf0 [ 874.568329][T26254] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 874.568354][T26254] bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 874.568382][T26254] bpf_prog_alloc+0x3c/0x1a0 [ 874.568426][T26254] bpf_prog_load+0x735/0x1930 [ 874.568460][T26254] ? __pfx_bpf_prog_load+0x10/0x10 [ 874.568508][T26254] ? bpf_lsm_bpf+0x9/0x20 [ 874.568530][T26254] ? security_bpf+0x7e/0x300 [ 874.568557][T26254] __sys_bpf+0x5f1/0x860 [ 874.568580][T26254] ? __pfx___sys_bpf+0x10/0x10 [ 874.568615][T26254] ? ksys_write+0x22a/0x250 [ 874.568643][T26254] ? __pfx_ksys_write+0x10/0x10 [ 874.568673][T26254] __x64_sys_bpf+0x7c/0x90 [ 874.568698][T26254] do_syscall_64+0xfa/0x3b0 [ 874.568719][T26254] ? lockdep_hardirqs_on+0x9c/0x150 [ 874.568739][T26254] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 874.568755][T26254] ? clear_bhb_loop+0x60/0xb0 [ 874.568774][T26254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 874.568800][T26254] RIP: 0033:0x7f09dcb8e929 [ 874.568816][T26254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 874.568830][T26254] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 874.568848][T26254] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929 [ 874.568860][T26254] RDX: 0000000000000094 RSI: 0000200000000180 RDI: 0000000000000005 [ 874.568871][T26254] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000 [ 874.568880][T26254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 874.568890][T26254] R13: 0000000000000001 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58 [ 874.568916][T26254] [ 874.568930][T26254] syz.6.6346: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 875.015688][T26254] CPU: 0 UID: 0 PID: 26254 Comm: syz.6.6346 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 875.015722][T26254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 875.015734][T26254] Call Trace: [ 875.015743][T26254] [ 875.015753][T26254] dump_stack_lvl+0x189/0x250 [ 875.015795][T26254] ? __pfx_dump_stack_lvl+0x10/0x10 [ 875.015820][T26254] ? __pfx__printk+0x10/0x10 [ 875.015849][T26254] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 875.015878][T26254] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 875.015908][T26254] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 875.015940][T26254] warn_alloc+0x214/0x310 [ 875.015977][T26254] ? __pfx_warn_alloc+0x10/0x10 [ 875.016008][T26254] ? __get_vm_area_node+0x13f/0x300 [ 875.016040][T26254] ? __get_vm_area_node+0x2b5/0x300 [ 875.016075][T26254] __vmalloc_node_range_noprof+0x326/0x12f0 [ 875.016106][T26254] ? is_bpf_text_address+0x26/0x2b0 [ 875.016160][T26254] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 875.016187][T26254] ? __might_fault+0xb0/0x130 [ 875.016211][T26254] ? __pfx_aa_get_newest_label+0x10/0x10 [ 875.016241][T26254] ? _parse_integer_limit+0x1ae/0x1f0 [ 875.016283][T26254] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 875.016302][T26254] __vmalloc_noprof+0xb1/0xf0 [ 875.016326][T26254] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 875.016351][T26254] bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 875.016380][T26254] bpf_prog_alloc+0x3c/0x1a0 [ 875.016404][T26254] bpf_prog_load+0x735/0x1930 [ 875.016441][T26254] ? __pfx_bpf_prog_load+0x10/0x10 [ 875.016490][T26254] ? bpf_lsm_bpf+0x9/0x20 [ 875.016510][T26254] ? security_bpf+0x7e/0x300 [ 875.016540][T26254] __sys_bpf+0x5f1/0x860 [ 875.016563][T26254] ? __pfx___sys_bpf+0x10/0x10 [ 875.016597][T26254] ? ksys_write+0x22a/0x250 [ 875.016624][T26254] ? __pfx_ksys_write+0x10/0x10 [ 875.016658][T26254] __x64_sys_bpf+0x7c/0x90 [ 875.016688][T26254] do_syscall_64+0xfa/0x3b0 [ 875.016716][T26254] ? lockdep_hardirqs_on+0x9c/0x150 [ 875.016742][T26254] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 875.016763][T26254] ? clear_bhb_loop+0x60/0xb0 [ 875.016796][T26254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 875.016816][T26254] RIP: 0033:0x7f09dcb8e929 [ 875.016837][T26254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 875.016853][T26254] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 875.016876][T26254] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929 [ 875.016891][T26254] RDX: 0000000000000094 RSI: 0000200000000180 RDI: 0000000000000005 [ 875.016903][T26254] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000 [ 875.016915][T26254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 875.016927][T26254] R13: 0000000000000001 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58 [ 875.016961][T26254] [ 875.016995][T26254] Mem-Info: [ 875.356615][T26254] active_anon:3597 inactive_anon:0 isolated_anon:0 [ 875.356615][T26254] active_file:2225 inactive_file:40160 isolated_file:0 [ 875.356615][T26254] unevictable:768 dirty:188 writeback:0 [ 875.356615][T26254] slab_reclaimable:13797 slab_unreclaimable:173320 [ 875.356615][T26254] mapped:29699 shmem:1361 pagetables:995 [ 875.356615][T26254] sec_pagetables:0 bounce:0 [ 875.356615][T26254] kernel_misc_reclaimable:0 [ 875.356615][T26254] free:1243620 free_pcp:20015 free_cma:0 [ 875.406951][T26254] Node 0 active_anon:14388kB inactive_anon:0kB active_file:8900kB inactive_file:160440kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:118796kB dirty:748kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12952kB pagetables:3848kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 875.447819][T26254] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 875.480453][T26254] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 875.516254][T26254] lowmem_reserve[]: 0 2498 2499 2499 2499 [ 875.524294][T26254] Node 0 DMA32 free:1052536kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14440kB inactive_anon:0kB active_file:8900kB inactive_file:158864kB unevictable:1536kB writepending:748kB present:3129332kB managed:2558304kB mlocked:0kB bounce:0kB free_pcp:69588kB local_pcp:21812kB free_cma:0kB [ 875.612128][T26254] lowmem_reserve[]: 0 0 1 1 1 [ 875.617008][T26254] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 875.701075][T26254] lowmem_reserve[]: 0 0 0 0 0 [ 875.713304][T26254] Node 1 Normal free:3906104kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:10464kB local_pcp:10464kB free_cma:0kB [ 875.809555][T26254] lowmem_reserve[]: 0 0 0 0 0 [ 875.824829][T26254] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 875.859828][T26254] Node 0 DMA32: 1553*4kB (UME) 690*8kB (UME) 933*16kB (UME) 522*32kB (UME) 160*64kB (UME) 74*128kB (UME) 56*256kB (UME) 57*512kB (UM) 2*1024kB (ME) 5*2048kB (ME) 227*4096kB (UM) = 1048676kB [ 875.873474][T26283] netlink: 'syz.5.6358': attribute type 303 has an invalid length. [ 875.907165][T26254] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 875.957659][T26254] Node 1 Normal: 212*4kB (UME) 55*8kB (UME) 43*16kB (UME) 222*32kB (UME) 77*64kB (UME) 25*128kB (UME) 5*256kB (UME) 3*512kB (ME) 1*1024kB (M) 3*2048kB (UE) 947*4096kB (M) = 3906104kB [ 876.024226][T26254] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 876.049817][T26254] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 876.069476][T26254] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 876.109821][T26254] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 876.171396][T26254] 43743 total pagecache pages [ 876.185130][T26254] 0 pages in swap cache [ 876.205219][T26254] Free swap = 124996kB [ 876.227232][T26254] Total swap = 124996kB [ 876.236864][T26254] 2097051 pages RAM [ 876.267202][T26254] 0 pages HighMem/MovableOnly [ 876.271933][T26254] 425433 pages reserved [ 876.276101][T26254] 0 pages cma reserved [ 876.629474][T26308] FAULT_INJECTION: forcing a failure. [ 876.629474][T26308] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 876.669575][T26313] sch_fq: defrate 0 ignored. [ 876.688315][T26308] CPU: 1 UID: 0 PID: 26308 Comm: syz.6.6367 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 876.688349][T26308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 876.688362][T26308] Call Trace: [ 876.688371][T26308] [ 876.688381][T26308] dump_stack_lvl+0x189/0x250 [ 876.688431][T26308] ? __pfx____ratelimit+0x10/0x10 [ 876.688460][T26308] ? __pfx_dump_stack_lvl+0x10/0x10 [ 876.688485][T26308] ? __pfx__printk+0x10/0x10 [ 876.688513][T26308] ? __might_fault+0xb0/0x130 [ 876.688562][T26308] should_fail_ex+0x414/0x560 [ 876.688600][T26308] _copy_to_iter+0x1db/0x16f0 [ 876.688633][T26308] ? __lock_acquire+0xab9/0xd20 [ 876.688658][T26308] ? __pfx__copy_to_iter+0x10/0x10 [ 876.688685][T26308] ? __local_bh_enable_ip+0x12d/0x1c0 [ 876.688709][T26308] ? lockdep_hardirqs_on+0x9c/0x150 [ 876.688741][T26308] ? page_copy_sane+0x16a/0x280 [ 876.688766][T26308] copy_page_to_iter+0x10c/0x1c0 [ 876.688792][T26308] sk_msg_recvmsg+0x28e/0xc20 [ 876.688852][T26308] unix_bpf_recvmsg+0x5a4/0xda0 [ 876.688902][T26308] ? __pfx_unix_bpf_recvmsg+0x10/0x10 [ 876.688926][T26308] ? __pfx_woken_wake_function+0x10/0x10 [ 876.688951][T26308] ? aa_sock_msg_perm+0x94/0x160 [ 876.688984][T26308] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 876.689002][T26308] ? unix_dgram_recvmsg+0x71/0xd0 [ 876.689021][T26308] ? __pfx_unix_dgram_recvmsg+0x10/0x10 [ 876.689042][T26308] sock_recvmsg+0x229/0x270 [ 876.689073][T26308] ____sys_recvmsg+0x1c9/0x460 [ 876.689106][T26308] ? __pfx_____sys_recvmsg+0x10/0x10 [ 876.689148][T26308] ? import_iovec+0x74/0xa0 [ 876.689177][T26308] ___sys_recvmsg+0x1b5/0x510 [ 876.689206][T26308] ? __pfx____sys_recvmsg+0x10/0x10 [ 876.689260][T26308] ? __fget_files+0x3a0/0x420 [ 876.689308][T26308] __x64_sys_recvmsg+0x198/0x260 [ 876.689334][T26308] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 876.689369][T26308] ? __pfx_ksys_write+0x10/0x10 [ 876.689391][T26308] ? rcu_is_watching+0x15/0xb0 [ 876.689422][T26308] ? do_syscall_64+0xbe/0x3b0 [ 876.689455][T26308] do_syscall_64+0xfa/0x3b0 [ 876.689481][T26308] ? lockdep_hardirqs_on+0x9c/0x150 [ 876.689506][T26308] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 876.689528][T26308] ? clear_bhb_loop+0x60/0xb0 [ 876.689562][T26308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 876.689582][T26308] RIP: 0033:0x7f09dcb8e929 [ 876.689601][T26308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 876.689619][T26308] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 876.689642][T26308] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929 [ 876.689658][T26308] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003 [ 876.689671][T26308] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000 [ 876.689685][T26308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 876.689698][T26308] R13: 0000000000000000 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58 [ 876.689733][T26308] [ 877.344118][T26321] __nla_validate_parse: 7 callbacks suppressed [ 877.344138][T26321] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6373'. [ 877.366125][T26321] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6373'. [ 877.462385][T26324] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6373'. [ 877.512876][T26333] FAULT_INJECTION: forcing a failure. [ 877.512876][T26333] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 877.555335][T26333] CPU: 1 UID: 0 PID: 26333 Comm: syz.1.6378 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 877.555370][T26333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 877.555384][T26333] Call Trace: [ 877.555393][T26333] [ 877.555402][T26333] dump_stack_lvl+0x189/0x250 [ 877.555435][T26333] ? __pfx____ratelimit+0x10/0x10 [ 877.555464][T26333] ? __pfx_dump_stack_lvl+0x10/0x10 [ 877.555489][T26333] ? __pfx__printk+0x10/0x10 [ 877.555520][T26333] ? fs_reclaim_acquire+0x7d/0x100 [ 877.555561][T26333] should_fail_ex+0x414/0x560 [ 877.555607][T26333] prepare_alloc_pages+0x213/0x610 [ 877.555648][T26333] __alloc_frozen_pages_noprof+0x123/0x370 [ 877.555684][T26333] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 877.555727][T26333] ? policy_nodemask+0x27c/0x720 [ 877.555752][T26333] ? __lock_acquire+0xab9/0xd20 [ 877.555781][T26333] alloc_pages_mpol+0x232/0x4a0 [ 877.555814][T26333] vma_alloc_folio_noprof+0xe4/0x200 [ 877.555843][T26333] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 877.555885][T26333] folio_prealloc+0x30/0x180 [ 877.555914][T26333] __handle_mm_fault+0x183f/0x5620 [ 877.555962][T26333] ? __pfx___handle_mm_fault+0x10/0x10 [ 877.556005][T26333] ? follow_page_pte+0x8d6/0x14b0 [ 877.556041][T26333] handle_mm_fault+0x40a/0x8e0 [ 877.556080][T26333] __get_user_pages+0x1af4/0x30b0 [ 877.556118][T26333] ? mt_find+0x15c/0x5f0 [ 877.556171][T26333] ? __pfx___get_user_pages+0x10/0x10 [ 877.556208][T26333] populate_vma_page_range+0x26b/0x340 [ 877.556233][T26333] ? __pfx_populate_vma_page_range+0x10/0x10 [ 877.556254][T26333] ? userfaultfd_unmap_complete+0x278/0x2d0 [ 877.556284][T26333] ? down_read+0x1ad/0x2e0 [ 877.556317][T26333] __mm_populate+0x24c/0x380 [ 877.556343][T26333] ? __pfx___mm_populate+0x10/0x10 [ 877.556367][T26333] ? up_write+0x1c4/0x420 [ 877.556401][T26333] vm_mmap_pgoff+0x3f0/0x4c0 [ 877.556429][T26333] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 877.556455][T26333] ? __fget_files+0x2a/0x420 [ 877.556488][T26333] ? __fget_files+0x3a0/0x420 [ 877.556514][T26333] ? __fget_files+0x2a/0x420 [ 877.556547][T26333] ksys_mmap_pgoff+0x51f/0x760 [ 877.556592][T26333] do_syscall_64+0xfa/0x3b0 [ 877.556618][T26333] ? lockdep_hardirqs_on+0x9c/0x150 [ 877.556644][T26333] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 877.556666][T26333] ? clear_bhb_loop+0x60/0xb0 [ 877.556691][T26333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 877.556712][T26333] RIP: 0033:0x7fb60718e929 [ 877.556732][T26333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 877.556751][T26333] RSP: 002b:00007fb607f31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 877.556775][T26333] RAX: ffffffffffffffda RBX: 00007fb6073b6080 RCX: 00007fb60718e929 [ 877.556791][T26333] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000 [ 877.556814][T26333] RBP: 00007fb607f31090 R08: 0000000000000005 R09: 0000000000000000 [ 877.556827][T26333] R10: 0000000000022052 R11: 0000000000000246 R12: 0000000000000002 [ 877.556840][T26333] R13: 0000000000000000 R14: 00007fb6073b6080 R15: 00007ffe10dc2318 [ 877.556876][T26333] [ 877.866838][T26336] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6379'. [ 878.119879][T26336] bridge_slave_1: left allmulticast mode [ 878.125632][T26336] bridge_slave_1: left promiscuous mode [ 878.134152][T26336] bridge0: port 2(bridge_slave_1) entered disabled state [ 878.150403][T26336] bridge_slave_0: left allmulticast mode [ 878.156124][T26336] bridge_slave_0: left promiscuous mode [ 878.162450][T26336] bridge0: port 1(bridge_slave_0) entered disabled state [ 878.551688][T26355] netlink: 52 bytes leftover after parsing attributes in process `syz.5.6385'. [ 879.221938][T26374] netlink: 68 bytes leftover after parsing attributes in process `syz.6.6392'. [ 879.245545][T26373] netlink: 'syz.5.6393': attribute type 10 has an invalid length. [ 879.274106][T26373] netlink: 40 bytes leftover after parsing attributes in process `syz.5.6393'. [ 879.286366][T26369] netlink: 88 bytes leftover after parsing attributes in process `syz.4.6391'. [ 879.347282][T26369] netlink: 48 bytes leftover after parsing attributes in process `syz.4.6391'. [ 880.179270][T26408] netlink: 'syz.6.6400': attribute type 1 has an invalid length. [ 881.057967][T26428] netlink: 'syz.4.6404': attribute type 303 has an invalid length. [ 881.191593][T26428] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6404'. [ 881.282717][T26440] netlink: 'syz.0.6409': attribute type 1 has an invalid length. [ 881.339524][T26445] netlink: 'syz.1.6406': attribute type 303 has an invalid length. [ 881.576086][T26452] netlink: 'syz.0.6412': attribute type 10 has an invalid length. [ 883.309307][T26493] FAULT_INJECTION: forcing a failure. [ 883.309307][T26493] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 883.342816][T26493] CPU: 1 UID: 0 PID: 26493 Comm: syz.4.6425 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 883.342849][T26493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 883.342862][T26493] Call Trace: [ 883.342871][T26493] [ 883.342882][T26493] dump_stack_lvl+0x189/0x250 [ 883.342912][T26493] ? __pfx____ratelimit+0x10/0x10 [ 883.342940][T26493] ? __pfx_dump_stack_lvl+0x10/0x10 [ 883.342964][T26493] ? __pfx__printk+0x10/0x10 [ 883.342995][T26493] ? fs_reclaim_acquire+0x7d/0x100 [ 883.343035][T26493] should_fail_ex+0x414/0x560 [ 883.343073][T26493] prepare_alloc_pages+0x213/0x610 [ 883.343113][T26493] __alloc_frozen_pages_noprof+0x123/0x370 [ 883.343149][T26493] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 883.343192][T26493] ? policy_nodemask+0x27c/0x720 [ 883.343216][T26493] ? __lock_acquire+0xab9/0xd20 [ 883.343245][T26493] alloc_pages_mpol+0x232/0x4a0 [ 883.343278][T26493] vma_alloc_folio_noprof+0xe4/0x200 [ 883.343309][T26493] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 883.343352][T26493] folio_prealloc+0x30/0x180 [ 883.343381][T26493] __handle_mm_fault+0x183f/0x5620 [ 883.343430][T26493] ? __pfx___handle_mm_fault+0x10/0x10 [ 883.343472][T26493] ? follow_page_pte+0x8d6/0x14b0 [ 883.343513][T26493] handle_mm_fault+0x40a/0x8e0 [ 883.343559][T26493] __get_user_pages+0x1af4/0x30b0 [ 883.343598][T26493] ? mt_find+0x15c/0x5f0 [ 883.343649][T26493] ? __pfx___get_user_pages+0x10/0x10 [ 883.343685][T26493] populate_vma_page_range+0x26b/0x340 [ 883.343712][T26493] ? __pfx_populate_vma_page_range+0x10/0x10 [ 883.343731][T26493] ? userfaultfd_unmap_complete+0x278/0x2d0 [ 883.343761][T26493] ? down_read+0x1ad/0x2e0 [ 883.343794][T26493] __mm_populate+0x24c/0x380 [ 883.343819][T26493] ? __pfx___mm_populate+0x10/0x10 [ 883.343844][T26493] ? up_write+0x1f2/0x420 [ 883.343877][T26493] vm_mmap_pgoff+0x3f0/0x4c0 [ 883.343906][T26493] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 883.343930][T26493] ? __fget_files+0x2a/0x420 [ 883.343963][T26493] ? __fget_files+0x3a0/0x420 [ 883.343988][T26493] ? __fget_files+0x2a/0x420 [ 883.344020][T26493] ksys_mmap_pgoff+0x51f/0x760 [ 883.344054][T26493] do_syscall_64+0xfa/0x3b0 [ 883.344080][T26493] ? lockdep_hardirqs_on+0x9c/0x150 [ 883.344106][T26493] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 883.344126][T26493] ? clear_bhb_loop+0x60/0xb0 [ 883.344153][T26493] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 883.344172][T26493] RIP: 0033:0x7f83c858e929 [ 883.344191][T26493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 883.344208][T26493] RSP: 002b:00007f83c9367038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 883.344230][T26493] RAX: ffffffffffffffda RBX: 00007f83c87b6080 RCX: 00007f83c858e929 [ 883.344245][T26493] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000 [ 883.344258][T26493] RBP: 00007f83c9367090 R08: 0000000000000005 R09: 0000000000000000 [ 883.344271][T26493] R10: 0000000000022052 R11: 0000000000000246 R12: 0000000000000002 [ 883.344284][T26493] R13: 0000000000000000 R14: 00007f83c87b6080 R15: 00007ffea5dcd3e8 [ 883.344319][T26493] [ 883.533993][T26501] syzkaller0: entered promiscuous mode [ 883.677005][T26501] syzkaller0: entered allmulticast mode [ 884.058749][T26520] __nla_validate_parse: 4 callbacks suppressed [ 884.058783][T26520] netlink: 68 bytes leftover after parsing attributes in process `syz.6.6435'. [ 884.218586][T26525] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6437'. [ 884.275073][T26525] bridge1: port 1(veth9) entered blocking state [ 884.284636][T26525] bridge1: port 1(veth9) entered disabled state [ 884.292853][T26525] veth9: entered allmulticast mode [ 884.301038][T26525] veth9: entered promiscuous mode [ 884.313777][T26528] bridge1: port 2(veth0_to_bond) entered blocking state [ 884.326984][T26528] bridge1: port 2(veth0_to_bond) entered disabled state [ 884.334667][T26528] veth0_to_bond: entered allmulticast mode [ 884.346877][T26528] veth0_to_bond: entered promiscuous mode [ 884.392733][T26525] vlan1: entered allmulticast mode [ 884.398301][T26525] veth1: entered allmulticast mode [ 885.309531][T26556] tipc: Enabled bearer , priority 0 [ 885.334325][T26557] syzkaller0: entered promiscuous mode [ 885.366899][T26557] syzkaller0: entered allmulticast mode [ 885.698538][T26559] syzkaller0: entered promiscuous mode [ 885.724369][T26559] syzkaller0: entered allmulticast mode [ 885.751559][T26557] tipc: Resetting bearer [ 885.793308][T26551] tipc: Resetting bearer [ 885.838951][T26551] tipc: Disabling bearer [ 885.864605][T26572] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6448'. [ 885.883928][T26572] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6448'. [ 886.130419][T26575] FAULT_INJECTION: forcing a failure. [ 886.130419][T26575] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 886.193187][T26575] CPU: 1 UID: 0 PID: 26575 Comm: syz.6.6449 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 886.193220][T26575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 886.193233][T26575] Call Trace: [ 886.193242][T26575] [ 886.193252][T26575] dump_stack_lvl+0x189/0x250 [ 886.193290][T26575] ? __pfx____ratelimit+0x10/0x10 [ 886.193318][T26575] ? __pfx_dump_stack_lvl+0x10/0x10 [ 886.193344][T26575] ? __pfx__printk+0x10/0x10 [ 886.193381][T26575] ? fs_reclaim_acquire+0x7d/0x100 [ 886.193423][T26575] should_fail_ex+0x414/0x560 [ 886.193458][T26575] prepare_alloc_pages+0x213/0x610 [ 886.193497][T26575] __alloc_frozen_pages_noprof+0x123/0x370 [ 886.193533][T26575] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 886.193561][T26575] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 886.193598][T26575] ? policy_nodemask+0x27c/0x720 [ 886.193622][T26575] ? __lock_acquire+0xab9/0xd20 [ 886.193651][T26575] alloc_pages_mpol+0x232/0x4a0 [ 886.193685][T26575] vma_alloc_folio_noprof+0xe4/0x200 [ 886.193715][T26575] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 886.193758][T26575] folio_prealloc+0x30/0x180 [ 886.193798][T26575] __handle_mm_fault+0x183f/0x5620 [ 886.193854][T26575] ? __pfx___handle_mm_fault+0x10/0x10 [ 886.193896][T26575] ? follow_page_pte+0x8d6/0x14b0 [ 886.193938][T26575] handle_mm_fault+0x40a/0x8e0 [ 886.193976][T26575] __get_user_pages+0x1af4/0x30b0 [ 886.194045][T26575] ? mt_find+0x15c/0x5f0 [ 886.194104][T26575] ? __pfx___get_user_pages+0x10/0x10 [ 886.194140][T26575] populate_vma_page_range+0x26b/0x340 [ 886.194167][T26575] ? __pfx_populate_vma_page_range+0x10/0x10 [ 886.194185][T26575] ? userfaultfd_unmap_complete+0x278/0x2d0 [ 886.194216][T26575] ? down_read+0x1ad/0x2e0 [ 886.194248][T26575] __mm_populate+0x24c/0x380 [ 886.194279][T26575] ? __pfx___mm_populate+0x10/0x10 [ 886.194304][T26575] ? up_write+0x1f2/0x420 [ 886.194338][T26575] vm_mmap_pgoff+0x3f0/0x4c0 [ 886.194367][T26575] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 886.194389][T26575] ? __fget_files+0x2a/0x420 [ 886.194423][T26575] ? __fget_files+0x3a0/0x420 [ 886.194449][T26575] ? __fget_files+0x2a/0x420 [ 886.194482][T26575] ksys_mmap_pgoff+0x51f/0x760 [ 886.194515][T26575] do_syscall_64+0xfa/0x3b0 [ 886.194541][T26575] ? lockdep_hardirqs_on+0x9c/0x150 [ 886.194567][T26575] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.194588][T26575] ? clear_bhb_loop+0x60/0xb0 [ 886.194613][T26575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.194632][T26575] RIP: 0033:0x7f09dcb8e929 [ 886.194652][T26575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 886.194669][T26575] RSP: 002b:00007f09dda73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 886.194692][T26575] RAX: ffffffffffffffda RBX: 00007f09dcdb6080 RCX: 00007f09dcb8e929 [ 886.194707][T26575] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000 [ 886.194720][T26575] RBP: 00007f09dda73090 R08: 0000000000000005 R09: 0000000000000000 [ 886.194732][T26575] R10: 0000000000022052 R11: 0000000000000246 R12: 0000000000000002 [ 886.194745][T26575] R13: 0000000000000000 R14: 00007f09dcdb6080 R15: 00007ffd18a1be58 [ 886.194788][T26575] [ 887.766071][T26614] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6462'. [ 888.062452][T26622] netlink: 'syz.5.6466': attribute type 1 has an invalid length. [ 888.098400][T26624] netlink: 'syz.6.6463': attribute type 303 has an invalid length. [ 888.111975][T26622] netlink: 36 bytes leftover after parsing attributes in process `syz.5.6466'. [ 888.408327][T26618] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6463'. [ 888.891420][T26653] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 889.096483][T26667] Unsupported ieee802154 address type: 0 [ 889.426976][T26680] tipc: Started in network mode [ 889.541644][T26685] FAULT_INJECTION: forcing a failure. [ 889.541644][T26685] name failslab, interval 1, probability 0, space 0, times 0 [ 889.572949][T26680] tipc: Node identity ac14140f, cluster identity 4711 [ 889.582263][T26685] CPU: 1 UID: 0 PID: 26685 Comm: syz.6.6486 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 889.582297][T26685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 889.582310][T26685] Call Trace: [ 889.582320][T26685] [ 889.582330][T26685] dump_stack_lvl+0x189/0x250 [ 889.582363][T26685] ? __pfx____ratelimit+0x10/0x10 [ 889.582392][T26685] ? __pfx_dump_stack_lvl+0x10/0x10 [ 889.582416][T26685] ? __pfx__printk+0x10/0x10 [ 889.582449][T26685] ? __pfx___might_resched+0x10/0x10 [ 889.582481][T26685] should_fail_ex+0x414/0x560 [ 889.582528][T26685] should_failslab+0xa8/0x100 [ 889.582560][T26685] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 889.582587][T26685] ? __alloc_skb+0x112/0x2d0 [ 889.582614][T26685] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 889.582648][T26685] __alloc_skb+0x112/0x2d0 [ 889.582681][T26685] pfkey_sendmsg+0x1dd/0x1090 [ 889.582718][T26685] ? __pfx___might_resched+0x10/0x10 [ 889.582740][T26685] ? __lock_acquire+0xab9/0xd20 [ 889.582768][T26685] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 889.582806][T26685] ? aa_sk_perm+0x81e/0x950 [ 889.582835][T26685] ? is_bpf_text_address+0x26/0x2b0 [ 889.582870][T26685] ? __pfx_aa_sk_perm+0x10/0x10 [ 889.582897][T26685] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 889.582928][T26685] ? aa_sock_msg_perm+0x94/0x160 [ 889.582961][T26685] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 889.582982][T26685] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 889.583011][T26685] __sock_sendmsg+0x219/0x270 [ 889.583042][T26685] ____sys_sendmsg+0x505/0x830 [ 889.583082][T26685] ? __pfx_____sys_sendmsg+0x10/0x10 [ 889.583125][T26685] ? import_iovec+0x74/0xa0 [ 889.583157][T26685] ___sys_sendmsg+0x21f/0x2a0 [ 889.583182][T26685] ? __pfx____sys_sendmsg+0x10/0x10 [ 889.583247][T26685] ? __fget_files+0x2a/0x420 [ 889.583275][T26685] ? __fget_files+0x3a0/0x420 [ 889.583316][T26685] __x64_sys_sendmsg+0x19b/0x260 [ 889.583341][T26685] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 889.583375][T26685] ? __pfx_ksys_write+0x10/0x10 [ 889.583398][T26685] ? rcu_is_watching+0x15/0xb0 [ 889.583430][T26685] ? do_syscall_64+0xbe/0x3b0 [ 889.583464][T26685] do_syscall_64+0xfa/0x3b0 [ 889.583490][T26685] ? lockdep_hardirqs_on+0x9c/0x150 [ 889.583525][T26685] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 889.583546][T26685] ? clear_bhb_loop+0x60/0xb0 [ 889.583573][T26685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 889.583593][T26685] RIP: 0033:0x7f09dcb8e929 [ 889.583614][T26685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 889.583631][T26685] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 889.583655][T26685] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929 [ 889.583671][T26685] RDX: 0000000020000014 RSI: 0000200000000500 RDI: 0000000000000003 [ 889.583685][T26685] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000 [ 889.583699][T26685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 889.583712][T26685] R13: 0000000000000000 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58 [ 889.583746][T26685] [ 889.897859][T26680] tipc: New replicast peer: 255.255.255.255 [ 889.921361][T26680] tipc: Enabled bearer , priority 10 [ 889.951704][T26682] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6485'. [ 890.414261][T26703] netlink: 120 bytes leftover after parsing attributes in process `syz.5.6490'. [ 890.436582][T26704] netlink: 'syz.6.6493': attribute type 1 has an invalid length. [ 890.459765][T26704] netlink: 36 bytes leftover after parsing attributes in process `syz.6.6493'. [ 890.464545][T26700] syzkaller0: entered promiscuous mode [ 890.495113][T26700] syzkaller0: entered allmulticast mode [ 891.017440][T18560] tipc: Node number set to 2886997007 [ 891.728862][T26754] FAULT_INJECTION: forcing a failure. [ 891.728862][T26754] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 891.778896][T26754] CPU: 1 UID: 0 PID: 26754 Comm: syz.5.6508 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 891.778931][T26754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 891.778945][T26754] Call Trace: [ 891.778954][T26754] [ 891.778964][T26754] dump_stack_lvl+0x189/0x250 [ 891.778995][T26754] ? __pfx____ratelimit+0x10/0x10 [ 891.779025][T26754] ? __pfx_dump_stack_lvl+0x10/0x10 [ 891.779051][T26754] ? __pfx__printk+0x10/0x10 [ 891.779082][T26754] ? fs_reclaim_acquire+0x7d/0x100 [ 891.779123][T26754] should_fail_ex+0x414/0x560 [ 891.779161][T26754] prepare_alloc_pages+0x213/0x610 [ 891.779201][T26754] __alloc_frozen_pages_noprof+0x123/0x370 [ 891.779244][T26754] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 891.779287][T26754] ? policy_nodemask+0x27c/0x720 [ 891.779310][T26754] ? __lock_acquire+0xab9/0xd20 [ 891.779340][T26754] alloc_pages_mpol+0x232/0x4a0 [ 891.779374][T26754] vma_alloc_folio_noprof+0xe4/0x200 [ 891.779405][T26754] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 891.779448][T26754] folio_prealloc+0x30/0x180 [ 891.779478][T26754] __handle_mm_fault+0x183f/0x5620 [ 891.779534][T26754] ? __pfx___handle_mm_fault+0x10/0x10 [ 891.779576][T26754] ? follow_page_pte+0x8d6/0x14b0 [ 891.779613][T26754] handle_mm_fault+0x40a/0x8e0 [ 891.779651][T26754] __get_user_pages+0x1af4/0x30b0 [ 891.779691][T26754] ? mt_find+0x15c/0x5f0 [ 891.779743][T26754] ? __pfx___get_user_pages+0x10/0x10 [ 891.779778][T26754] populate_vma_page_range+0x26b/0x340 [ 891.779805][T26754] ? __pfx_populate_vma_page_range+0x10/0x10 [ 891.779825][T26754] ? userfaultfd_unmap_complete+0x278/0x2d0 [ 891.779856][T26754] ? down_read+0x1ad/0x2e0 [ 891.779891][T26754] __mm_populate+0x24c/0x380 [ 891.779917][T26754] ? __pfx___mm_populate+0x10/0x10 [ 891.779943][T26754] ? up_write+0x1f2/0x420 [ 891.779976][T26754] vm_mmap_pgoff+0x3f0/0x4c0 [ 891.780005][T26754] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 891.780030][T26754] ? __fget_files+0x2a/0x420 [ 891.780063][T26754] ? __fget_files+0x3a0/0x420 [ 891.780089][T26754] ? __fget_files+0x2a/0x420 [ 891.780123][T26754] ksys_mmap_pgoff+0x51f/0x760 [ 891.780157][T26754] do_syscall_64+0xfa/0x3b0 [ 891.780184][T26754] ? lockdep_hardirqs_on+0x9c/0x150 [ 891.780211][T26754] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 891.780232][T26754] ? clear_bhb_loop+0x60/0xb0 [ 891.780258][T26754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 891.780279][T26754] RIP: 0033:0x7fc9fc38e929 [ 891.780299][T26754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 891.780318][T26754] RSP: 002b:00007fc9fa1b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 891.780341][T26754] RAX: ffffffffffffffda RBX: 00007fc9fc5b6160 RCX: 00007fc9fc38e929 [ 891.780357][T26754] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000 [ 891.780371][T26754] RBP: 00007fc9fa1b4090 R08: 0000000000000005 R09: 0000000000000000 [ 891.780384][T26754] R10: 0000000000022052 R11: 0000000000000246 R12: 0000000000000002 [ 891.780398][T26754] R13: 0000000000000000 R14: 00007fc9fc5b6160 R15: 00007ffd29cda728 [ 891.780435][T26754] [ 892.119341][T26757] netlink: 'syz.4.6510': attribute type 1 has an invalid length. [ 892.127275][T26757] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6510'. [ 892.212336][T26759] netlink: 'syz.4.6511': attribute type 3 has an invalid length. [ 892.720700][T26778] team0: Port device gtp0 added [ 893.304401][T26802] gre1: entered promiscuous mode [ 893.350841][T26809] FAULT_INJECTION: forcing a failure. [ 893.350841][T26809] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 893.398372][T26809] CPU: 1 UID: 0 PID: 26809 Comm: syz.4.6527 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 893.398405][T26809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 893.398418][T26809] Call Trace: [ 893.398428][T26809] [ 893.398438][T26809] dump_stack_lvl+0x189/0x250 [ 893.398470][T26809] ? __pfx____ratelimit+0x10/0x10 [ 893.398507][T26809] ? __pfx_dump_stack_lvl+0x10/0x10 [ 893.398532][T26809] ? __pfx__printk+0x10/0x10 [ 893.398563][T26809] ? fs_reclaim_acquire+0x7d/0x100 [ 893.398604][T26809] should_fail_ex+0x414/0x560 [ 893.398641][T26809] prepare_alloc_pages+0x213/0x610 [ 893.398681][T26809] __alloc_frozen_pages_noprof+0x123/0x370 [ 893.398717][T26809] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 893.398758][T26809] ? policy_nodemask+0x27c/0x720 [ 893.398783][T26809] ? __lock_acquire+0xab9/0xd20 [ 893.398812][T26809] alloc_pages_mpol+0x232/0x4a0 [ 893.398846][T26809] vma_alloc_folio_noprof+0xe4/0x200 [ 893.398877][T26809] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 893.398919][T26809] folio_prealloc+0x30/0x180 [ 893.398948][T26809] __handle_mm_fault+0x183f/0x5620 [ 893.398997][T26809] ? __pfx___handle_mm_fault+0x10/0x10 [ 893.399038][T26809] ? follow_page_pte+0x8d6/0x14b0 [ 893.399074][T26809] handle_mm_fault+0x40a/0x8e0 [ 893.399111][T26809] __get_user_pages+0x1af4/0x30b0 [ 893.399150][T26809] ? mt_find+0x15c/0x5f0 [ 893.399202][T26809] ? __pfx___get_user_pages+0x10/0x10 [ 893.399237][T26809] populate_vma_page_range+0x26b/0x340 [ 893.399263][T26809] ? __pfx_populate_vma_page_range+0x10/0x10 [ 893.399283][T26809] ? userfaultfd_unmap_complete+0x278/0x2d0 [ 893.399313][T26809] ? down_read+0x1ad/0x2e0 [ 893.399347][T26809] __mm_populate+0x24c/0x380 [ 893.399373][T26809] ? __pfx___mm_populate+0x10/0x10 [ 893.399398][T26809] ? up_write+0x1c4/0x420 [ 893.399431][T26809] vm_mmap_pgoff+0x3f0/0x4c0 [ 893.399460][T26809] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 893.399484][T26809] ? __fget_files+0x2a/0x420 [ 893.399527][T26809] ? __fget_files+0x3a0/0x420 [ 893.399552][T26809] ? __fget_files+0x2a/0x420 [ 893.399585][T26809] ksys_mmap_pgoff+0x51f/0x760 [ 893.399618][T26809] do_syscall_64+0xfa/0x3b0 [ 893.399645][T26809] ? lockdep_hardirqs_on+0x9c/0x150 [ 893.399671][T26809] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 893.399691][T26809] ? clear_bhb_loop+0x60/0xb0 [ 893.399717][T26809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 893.399736][T26809] RIP: 0033:0x7f83c858e929 [ 893.399755][T26809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 893.399773][T26809] RSP: 002b:00007f83c9367038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 893.399796][T26809] RAX: ffffffffffffffda RBX: 00007f83c87b6080 RCX: 00007f83c858e929 [ 893.399812][T26809] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000 [ 893.399825][T26809] RBP: 00007f83c9367090 R08: 0000000000000005 R09: 0000000000000000 [ 893.399837][T26809] R10: 0000000000022052 R11: 0000000000000246 R12: 0000000000000002 [ 893.399850][T26809] R13: 0000000000000000 R14: 00007f83c87b6080 R15: 00007ffea5dcd3e8 [ 893.399886][T26809] [ 893.916943][T26815] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6529'. [ 894.014665][T26821] Bluetooth: hci1: Opcode 0x080f failed: -4 [ 894.565013][T26842] netlink: 'syz.4.6539': attribute type 1 has an invalid length. [ 894.604189][T26842] netlink: 'syz.4.6539': attribute type 10 has an invalid length. [ 894.627348][T26842] netlink: 236 bytes leftover after parsing attributes in process `syz.4.6539'. [ 894.896964][T26847] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] SMP KASAN PTI [ 894.909076][T26847] KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] [ 894.917597][T26847] CPU: 0 UID: 0 PID: 26847 Comm: syz.6.6540 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) [ 894.929782][T26847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 894.939879][T26847] RIP: 0010:qdisc_tree_reduce_backlog+0x223/0x480 [ 894.946438][T26847] Code: 89 ef e8 60 04 ab f8 4d 89 ef 85 db 74 0d e8 e4 83 47 f8 4c 89 f5 e9 88 00 00 00 48 8b 6d 00 48 8d 45 20 48 89 c3 48 c1 eb 03 <42> 80 3c 33 00 48 89 04 24 74 0d 48 8b 3c 24 e8 29 04 ab f8 48 8b [ 894.966081][T26847] RSP: 0018:ffffc90002e67128 EFLAGS: 00010202 [ 894.972190][T26847] RAX: 0000000000000020 RBX: 0000000000000004 RCX: 0000000000000002 [ 894.980193][T26847] RDX: ffff88802e06bc00 RSI: 0000000000000000 RDI: 0000000000000000 [ 894.988199][T26847] RBP: 0000000000000000 R08: ffff88802e06bc00 R09: 0000000000000002 [ 894.996383][T26847] R10: 00000000ffffffff R11: 0000000000000002 R12: 00000000000a0009 [ 895.004388][T26847] R13: ffff8880305f5000 R14: dffffc0000000000 R15: ffff8880305f5000 [ 895.012465][T26847] FS: 00007f09dda946c0(0000) GS:ffff888125c13000(0000) knlGS:0000000000000000 [ 895.021524][T26847] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 895.028145][T26847] CR2: 0000000000000024 CR3: 0000000054bfa000 CR4: 00000000003526f0 [ 895.036510][T26847] Call Trace: [ 895.039823][T26847] [ 895.042779][T26847] ? qdisc_tree_reduce_backlog+0x3c/0x480 [ 895.048543][T26847] hhf_change+0x764/0xad0 [ 895.052910][T26847] ? __pfx_hhf_change+0x10/0x10 [ 895.057799][T26847] ? __raw_spin_lock_init+0x45/0x100 [ 895.063217][T26847] ? qdisc_alloc+0x7a1/0xaa0 [ 895.067838][T26847] ? __pfx_hhf_init+0x10/0x10 [ 895.072542][T26847] hhf_init+0x213/0x950 [ 895.076725][T26847] ? __pfx_hhf_init+0x10/0x10 [ 895.081418][T26847] qdisc_create+0x7a9/0xea0 [ 895.085938][T26847] tc_modify_qdisc+0x1426/0x2010 [ 895.090910][T26847] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 895.096207][T26847] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 895.101576][T26847] rtnetlink_rcv_msg+0x77c/0xb70 [ 895.106514][T26847] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 895.111624][T26847] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 895.117112][T26847] netlink_rcv_skb+0x205/0x470 [ 895.121901][T26847] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 895.127883][T26847] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 895.133171][T26847] ? netlink_deliver_tap+0x2e/0x1b0 [ 895.138376][T26847] ? netlink_deliver_tap+0x2e/0x1b0 [ 895.143669][T26847] netlink_unicast+0x758/0x8d0 [ 895.148529][T26847] netlink_sendmsg+0x805/0xb30 [ 895.153294][T26847] ? __pfx_netlink_sendmsg+0x10/0x10 [ 895.158592][T26847] ? aa_sock_msg_perm+0x94/0x160 [ 895.163528][T26847] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 895.168810][T26847] ? __pfx_netlink_sendmsg+0x10/0x10 [ 895.174371][T26847] __sock_sendmsg+0x219/0x270 [ 895.179050][T26847] ____sys_sendmsg+0x505/0x830 [ 895.183921][T26847] ? __pfx_____sys_sendmsg+0x10/0x10 [ 895.189338][T26847] ? import_iovec+0x74/0xa0 [ 895.193891][T26847] ___sys_sendmsg+0x21f/0x2a0 [ 895.198585][T26847] ? __pfx____sys_sendmsg+0x10/0x10 [ 895.204145][T26847] ? __fget_files+0x2a/0x420 [ 895.208779][T26847] ? __fget_files+0x3a0/0x420 [ 895.213465][T26847] __x64_sys_sendmsg+0x19b/0x260 [ 895.218421][T26847] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 895.223886][T26847] ? rcu_is_watching+0x15/0xb0 [ 895.228653][T26847] ? do_syscall_64+0xbe/0x3b0 [ 895.233358][T26847] do_syscall_64+0xfa/0x3b0 [ 895.237971][T26847] ? lockdep_hardirqs_on+0x9c/0x150 [ 895.243175][T26847] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 895.249244][T26847] ? clear_bhb_loop+0x60/0xb0 [ 895.253928][T26847] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 895.259909][T26847] RIP: 0033:0x7f09dcb8e929 [ 895.264344][T26847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 895.283948][T26847] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 895.292371][T26847] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929 [ 895.300349][T26847] RDX: 0000000000004000 RSI: 0000200000000280 RDI: 0000000000000003 [ 895.308332][T26847] RBP: 00007f09dcc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 895.316489][T26847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 895.324474][T26847] R13: 0000000000000000 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58 [ 895.332789][T26847] [ 895.335810][T26847] Modules linked in: [ 895.339896][T26847] ---[ end trace 0000000000000000 ]--- [ 895.345350][T26847] RIP: 0010:qdisc_tree_reduce_backlog+0x223/0x480 [ 895.351796][T26847] Code: 89 ef e8 60 04 ab f8 4d 89 ef 85 db 74 0d e8 e4 83 47 f8 4c 89 f5 e9 88 00 00 00 48 8b 6d 00 48 8d 45 20 48 89 c3 48 c1 eb 03 <42> 80 3c 33 00 48 89 04 24 74 0d 48 8b 3c 24 e8 29 04 ab f8 48 8b [ 895.371471][T26847] RSP: 0018:ffffc90002e67128 EFLAGS: 00010202 [ 895.377717][T26847] RAX: 0000000000000020 RBX: 0000000000000004 RCX: 0000000000000002 [ 895.386053][T26847] RDX: ffff88802e06bc00 RSI: 0000000000000000 RDI: 0000000000000000 [ 895.394098][T26847] RBP: 0000000000000000 R08: ffff88802e06bc00 R09: 0000000000000002 [ 895.402106][T26847] R10: 00000000ffffffff R11: 0000000000000002 R12: 00000000000a0009 [ 895.410115][T26847] R13: ffff8880305f5000 R14: dffffc0000000000 R15: ffff8880305f5000 [ 895.412040][T26861] xt_recent: hitcount (262143) is larger than allowed maximum (65535) [ 895.418137][T26847] FS: 00007f09dda946c0(0000) GS:ffff888125c13000(0000) knlGS:0000000000000000 [ 895.418162][T26847] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 895.418180][T26847] CR2: 0000000000000024 CR3: 0000000054bfa000 CR4: 00000000003526f0 [ 895.418204][T26847] Kernel panic - not syncing: Fatal exception in interrupt [ 895.418543][T26847] Kernel Offset: disabled