last executing test programs: 4.247423615s ago: executing program 2 (id=999): socket$nl_route(0x10, 0x3, 0x0) socket(0x2, 0x80805, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) unshare(0x28040680) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)) select(0x40, &(0x7f0000000000)={0x0, 0x5, 0x2, 0x81, 0x80, 0xd0f3, 0xe5d5, 0x9}, 0x0, &(0x7f0000000140)={0x69f, 0xfffffffffffffffc, 0x3ff, 0x2, 0x7ff, 0xc1, 0x101, 0x8001}, 0x0) 3.392453013s ago: executing program 0 (id=1013): socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x2, 0x300) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe3}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000004a80)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000007c0)="16ecaaaeb69ec105e9dd534f1bd77f8051db33a07055391264d230088248daa370b0bc75883a507be52e9744ca1479096e0a1d347324d779b5fe3167e722437570ee9c472c6399c49d1473a32016f512dee12a2f9dc3bd6060001c8139ae43a3cbf08d05c66712c9a0b2994264c8614da6c0251fdeb06bcb94139d6b3df7bd60ac9d53ac834c97388aa638bb50457e57f90b3e8e11975ebd2c81a2a13cb5dc9b7fae4411137ad278cf52dd8d32de5b07a396cd19a242b247d2ca16ce1a663064abfc1ba416f7b1fc251409afd53815f775ab04810637bd8c9b2606a8512ee5622829a369d77900cfc7987f950003fb657f4c17131695efdcead8816ddae634049c3dab49a0ca36b1d5d93c8dac8fa0ba2a74f55d159667e3b52ec903f439a21a023b4bc7bf4463d73f5ae46a680f138c34f0ab2e8503ce342bfb26e481f087a08d410a8886335ac1fda0df344dfbb68b6bb8fcc2bf9a85fe835f350fb281e1159b093d52c519a3d61cd4979941c87ebf52404bdb04ebce4e1980314c1b03a674a86d6cf027b9076559eecadd6cbc5daab4002468d3653a11bbcb9cf625b1e4fe49a398e63200944d4ecee2741a09daf3650edb6a8dca6dc705873b78767c0e942a766c8be2bf425eeba3c277f09332f84fe9f24272059625703661763ed5efd08af27a1b6ccc3a7ae63ff339676e5caa6447e4a0575131495bc643681ca8e18b95bc7db66366c50cd89c9a59746da83dcced2526003b48e250bb7a20eabaf34e950fd1eeb6cce37de630e51a067e786dc3ecde5d2218962d33adde6734636adcf597b93be0cc3f307127d2b0df08a75d14f41ed41237db5e7b10fdacd56231cd781566b26080a06edbd7af51e6310233f0cea9aea8fe2c08a94cdc1ae11c6bef6f0fb5d4155567b47db0c4fc61940d157fc5a1df14ff33bd638b56b200b032cd99504751cb6c29d8252e6ebd0c1ac4c3df73d335aaf060f54d6a4f1c225eaca5e3f313a1d29f940d7a9fcaa040d7cab55550954a3c4d8bd772890fff6eadf3de96a396758e0a3d21cba8f2b1bbbc2ce9dbc8818bb3ca8967fc89e130ef4409db59a858f81b29c9019c3954754777af852162d61ff916ad98d6ee6ab4c0a5d25339e7923c1db2386df6596a5059ffb169fa9991d82573587fa4edd83649ece1a1976755b6d622e75ec6b342df6b30c8ea280daacfd1cfa82909f295ad96130d439abf3ebf9f48e8b138b89ea93c751c5c416e727c49c764559ca5dba38a894b056e3c9569f20bd56c638eb74429f5a89fdf1b3d3bd7e38993b0a39446ece8359a57894e28136fc0305e43bfa4adb63c9d85951207eb506bac375a3e203eed305fcd1cc6984f4dc67dc9e50391e4a01effe62fce188da0eead8dabebe5a3e74c7223c240bc0443b3e4c53d677bbccc58a7dfbb0b69dac81cf9ec689f1762a0ba768d73aeb38b4718d735defdfc3ac9376eea3412e5c388f1cf89d7b1caf2550cdafb8deeb8df3b75993b98665b47f29e213c2b2a0541b4d7a8a458cfa92548d03c5b74b5fda560ee3fbf972640a5a59645e87b08ad07086c4324091b5e874cbb5ea7a5c30e3596db80c6a44c091a3e51d931bfe63efae82a396cb2d8886430c4b26b135c29492d454b8582bfe12203f70ff24d9ab7818939091941f5eca793d19e3799571e071614fabb8254744f94454a8f755e605feece3c415bef9506de83b4b3ec4873888bbf4784e6ac25524120212d77ca6f977b5670caa6ffe5ad508f8e0f9c03e36df4556b5e52a74c7ab0fdcb38c4a154bb370117701cef672bee99f1f8270cd7d604a141275a25ab3226639aea60a958a3ec3c664285fb205be76f1b61fdd6e58557966b6e5377f2a2bc0a622a90d82a066a12e7224a98d5093bd134c5d3a1b8107fd6a35196098a655231ab04dcff68c82fc7eac9a0c81584ae81f0ee407423d6d10a087c787f63d536d1ddc07dc5bd24e32eb26f31580cafec928ac1c3fb03f032562192d70331881599be4bfcec829da2ace9385db908cd03a48e76470471da69e700bc5b20601c707df9abe26828edb0401eed502feb885cd7df09cd34fda8489f06f4df052c0b233bc5232668913aede05bec5f8a36ae9e478f5dc3e0bd7a6de8b9fe81eb29da56f06fa94cd7dbc7f787050ff3989435af4b545587edb4c47c68605a30c09d1e678c1f870a2ef82841b1d89c667b6499638630b6b0f9f8a66a69064b4616dfc079e6564b301663857305231759391bd9ee2f2d246a4ddd6eb94fd8258ac655a161e2b0f0d13c7c812c78c20bf0ae6c2a20c9be1fb2908bb0e107fdc9c79d02dfbc1d6b24002637acc8a093e02d4372b8e211cc6baf36a5f8997c694bd68ca0fe4d0eceb6ebc93db8c8dbfa796280287a5851f53201fa91e38be16c815f9d5ead64488c0a7ef40c7946ac0c0ad8baa8add8ce249f6ff09ebfc93106c239594a2ad935099fef0c2fe5d3820cb9cc676a", 0x6dc}], 0x1}}], 0x1, 0x400c0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000480)=0x1df9, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0) 3.368814562s ago: executing program 1 (id=1014): sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, 0x0, 0x800) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310300000000000000000900000008000300", @ANYRES32=r2, @ANYBLOB='\b\x00'], 0x24}}, 0x4000) 3.256327753s ago: executing program 2 (id=1015): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x30a) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090000000000000000000000850000002a000000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) socket$unix(0x1, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) syz_init_net_socket$rose(0xb, 0x5, 0x0) socket$netlink(0x10, 0x3, 0xb) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="540000001000010400000000002000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000062102000100000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00]'], 0x54}, 0x1, 0x0, 0x0, 0x280608c0}, 0x0) 3.182342726s ago: executing program 1 (id=1018): bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xb, 0x4, &(0x7f00000005c0)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xb, 0x4, &(0x7f00000005c0)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='ip6gre0\x00', 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000001c0)={0x28, r3, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x16}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8854}, 0x0) sendmsg$MPTCP_PM_CMD_ANNOUNCE(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r3, 0x2, 0x70bd2c, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x44000) setsockopt$inet_int(r1, 0x0, 0x32, &(0x7f0000000f00)=0x1000000, 0x4) (async) setsockopt$inet_int(r1, 0x0, 0x32, &(0x7f0000000f00)=0x1000000, 0x4) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff) r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, r5, 0x0, 0x4, 0x5}, 0x50) (async) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, r5, 0x0, 0x4, 0x5}, 0x50) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x34, r4, 0x100, 0xffffffff, 0x0, {0x2f}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000041}, 0x0) 3.012375903s ago: executing program 3 (id=1019): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000001840), r0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r2, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9c2c89b6f5bec", 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg$unix(r3, 0x0, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002000)={0x18, 0x6, &(0x7f0000000640)=ANY=[@ANYBLOB="180000ddff0000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r4, 0x0, 0xd}, 0x18) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r6, &(0x7f0000000040)="07000000010003", 0x7) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r5}, 0x4) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xa, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='br_fdb_add\x00', r7}, 0x10) socket$netlink(0x10, 0x3, 0x1) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'ip_vti0\x00', 0x0}) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x32, 0x0, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x2, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x1400}}, 0x1c}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2900}}, 0x1c}}, 0x8c0) 3.012104728s ago: executing program 1 (id=1020): sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0xd8, 0x9, 0x6, 0x101, 0x0, 0x0, {0x5}, [@IPSET_ATTR_ADT={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0xa9a5}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @local}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_PACKETS={0xc, 0x19, 0x1, 0x0, 0x7}, @IPSET_ATTR_IP2_TO={0xc, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010100}}, @IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0x4}, @IPSET_ATTR_PACKETS={0xc, 0x19, 0x1, 0x0, 0x6}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x1}, @IPSET_ATTR_ADT={0x20, 0x8, 0x0, 0x1, [{0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @dev={0xfe, 0x80, '\x00', 0x12}}}}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40}, 0x8000) socket$netlink(0x10, 0x3, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f00000000c0)=0x100000, 0x4) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x8, &(0x7f0000000040), &(0x7f0000000000)=0x30) sendmmsg$inet(r0, &(0x7f0000000140), 0x0, 0x810) 2.870448007s ago: executing program 2 (id=1022): ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000000380)={0x0, 0x0, "3b05829cb4f83234965bf0e7670faaeffce54967a307ce873d4e80b5e0799060c7383e6114ef31d1ac55ce4a65927d4023ff5b1ee624e189dcba631c71d81280e60c05131a163a8daea6ad8524a0b18ac5603081ccc8dba31fd18ce5488e1d1150af79440e1dd80410949612746cf56a7dbc8152b34a070de02ed2911d29f69143bcc2aa14b8bf53fc78a07b4f286606e956c0a6646dd44faa6ba91f520c45f649447f00ec6fc14b9f203be7caea3db5fc51ed3d2912d9bfa3a499c13ee16550a7de7ef3b57bb6e412b59607d6ef6bea1a837a0eb06603dadc75617c965d177a51ce67e6ff16bec2da30507131118acac772f4a34dd69207b48e76d184f24624", "3692c060b69848833718a2c5f1719c940907f788ca829c30d25c80b18575afa8b1b0d9ea23777ad7cb8316498e6b431c44c86f97f8b699cdc2f24e84cab30fa88cc16761dc7a64bb6fdfae161d99393fe631770adf7c0e3cbe8d4677b6bc737df343a0a1480745d40a9c98d32c9d71a325050297214180acc049e7a087c91ef109697ef2389dd24c3b8ced68c239efce89392910b5381e65ef689caef9c81c860b2aded57c45d4634a11accdc66e6afb0b23dfebfac9ebb7a2a36ccb64b8c11e0a2e60e428334b59f9109b3990d4391040080b6e02a14e37d2034b74fc6ce514ea640dbcc1bd705cb65fe9ac3652ea8d588380da31fea9776002ae687b0d2fc2c178cdce3c5dcd05f38b514016c06d5ad9c7c1615c73836787ee6bc1264a4c16794fde33b7cf77cf295a6eeb015d5ffeb4975b2782429be145e2a5c30e9b9c1341db467d273e72dae678a68d6dd6342e9ed485e0bd429d4ec5cf64f952231bd6f4df64aca13b6cf6a3cd3836749c06da20fb1227de9687fbb5842cf99a64dbd3b81437d344770fca1252c728c386253dd72d4b08cef200eebe149e6e4fcf3e03e89f74b6bf5ce5a48a901926745af89d53d40581f54dd1baacd92fbd1d76e8af0928fce3fb8f60fe2b0f98d648213914d255366dc45706dc7722062d7d4d96e424f9c75f6b7a42ca86fb6a525e522c8c7857385c672d678faec2a4dff67ad2ea7ac845cc79513a91424a406365ccfb6debd3518c71e1f78f44d4f1a1e8f53e600f547da67311098a3d775a55dbaac45ac7df53b80f2c31f4658671e83ccfc445fdca561e01b2920c13576d6f8b808f4060186e4d31b6b4445fd9bfcaaf71326ac15e343b7906c5d5676894566befb725ddeb672e2e3e6c3f52247fbdab2344b88bfae6369f596d537fcbcdba64de80209b28ab2f8add45d2bc60d691dbd22fb2fe3f8f288232ad6fce6d2abc07880e253460aa5433cd98a331d007d0e3e7d7ece1f3764d883b21dc5644ad5b5b8f190db50cbf1e247c3c204813af1fa06713427d50476e0a96a44168658bc9666c1b1f1e4d097c9789e0313223a9641a7ad938b6562cb4a13b90b1a15b8f6b4e6075dd0e59b33f966509dc34ae16a51b27eb069b4bb77ac0bd3af1a0df0d817622057f681bc38047c249db8e89ec57c1c0beaebed49b15767f89e7534f33a73b265d1dc97ea4871dab2af20fc1bfe87dba4351b82ee7aaabffbca7d0b01ad68b1ccb0b3182c090aefc6e4dc3d229bba0b7063075bb1f1ffea60d9599c00f801b0a21f850e72168783a3ab336248fdc5601f2c2fce1a5d36efcb72c4a63ed43681000cd86831f4d6b1f81733e32667ddf235f0204990c4c8fa0c33c7169067c6ce9c1f8e7f31b55e31036d661833d47bf3762d222eddf049634464e720f3c73a6c5a4ea70c95916610a85625507d3db98a57003bf9204c8d87c2d6ac14b491ebe13182c0cbbd7220273f53c8bd019ade137107f060b3daecff66335eccd855fc6553bbd5bd2b87cd2c799b214a60c8ace0c072a782f7a2efa8a8cd0d6f8dc4aaaee4c3606f7300242dd0f37a9f82e29220e11d7e50e4a1ed9573c6c3d4f2525b579282e240aba598ca28f007cc15203cbca7ddb60af2933a2b887acc51e2805656411cd0fc8742e4b2f9a731c0aa94c50e0501fc3a605231b0b464d0aa3941a5de64153db6a2fd78a23411605092e9db59a7ac22cbbbf985330f4e8dcd388d16d96493cee6cc83a8afce01560f127b29fb0a24df2cd29baae5164b6a22f3ea2264057fdfbce1d69e1db0603ae48a01846d577a32afff1db490e7953cf80c3db63a7cba4636ae6389671205f3bc91c2c0595fffa208309605d23504b81382b743dfb45c68bc629622a0b16ab499bed25c6d998b90ea340c31376080217a07073f7ea2c257882ac11b8dbbbbef3805df7c58326038d33acd23dd38fb09339647d8a97eb2031984ee183e334711b53f4404ca07fc47adc847b16c6932fe08943c825d049e6f6233071f6eb931636b175eac62313d0a1abddebaed417eec250b2e573aefd1a9d682d22ce45fe560fca8b12d5a037fa81c215dad646cb11c720dfb9b980a6ac44ec4b6e95c27eb8bb058e298873c7bef80d8bc6e097927ad6707242bdc1a9f2341436a2f4e8059adb310b94a3190353dfa1a28c66990851669c8c082847a3fe27494c5dfbca82b88636fea3fec2a9d03e70b676d959ad92c842458916c78de7ee3bd8ed7193fab1cfbf80ebaba0ce67b36bcabf96715989ba850f93eb6bc4088267b9a1cd99d95e0aea7b091967edecb87d4b848ee5457d0a3d9e1b0bdeb033bf6455ae45320f1b80ace746b49b17f22b6e471ed7e618203ea0b3ba96875edb9632585742af79a7d6ec1412d52cfac21671522bfb82bc690f12fb1fd8125a19c7d2ad1fc8be0cc1e6f079d4f38586e329e886077a0bb23ba534ef418bfdce5c043c1ba17d664647d31a23aa83375c075c6e20ee261d6e43d6e30af38d9a40d7866c3cd7f67b0aae8580bdc2220de06c98393751ad3b360f3e704c687be46cdebe0e782cafa7b00e5b943941a3a309cfb9e6e2a08df0b35e8b0f086b3a47ff983c06aa4073b96f0e83eff4e539b81480b418f5873fd5499de10d61a72b039ec936d1d5ac9b9d7408d25a9e5569620eee08744302b047eca9decec6dfb0e40c51569eb5e1f5af448146276aa4b10bd8d1b6c8c5b2d2957e9153ac212541fa61a2b855d07229ee9162bc2cc679942e416c7ed6f56ccd4bb2904746600cfc01527345c2820a06b741afea6c0ac0a3fe16e74d73a4ebf2586e9ffa4b6e046cdfa5b77c78c909eaae7cce8f99743ce10bc1483889b73168109526d016e2497bcd1e522b8cdf16d9b933a4f44cced017a06ae1826458ebab0d69cdfe3766307120287ed4c65c0697ab9145daca822109b3dfeea0d3e84f727ab9782e3b4ef3c24a504ebc045578620ba86e641a3890de0106f7a5c8cc8bd80533467ff532b1a7e3ab4895ebbaea70447025cfeda104c02e567d6ad85d3b46a3efdba55e63c69c0c60353855d13ecd32ff73e0dd71c4a15ab44ac20d158e3ba3410dc38cb0806b3ef2c60c8fb53646cd474d50d397cdc51062150d831567e483784ce8cbbfb1e55836c4d43878c305a7a9bc7bc34f7a73eaed0af0904711f04b344cec8987169e5332d54ca222ea1e0273ef4ce291239f83d1d126c396a1f003cebb6f42540ac43fe6587b91e0fae1e1b86b13e528b875769034c47db7db99962342b7f06ba6e372ba32b42f8420a9b8cf50bd780b5ab5f80351665bced6114ae73779ca0b0e1fd70fe32abc7465b5b8c18c9251e6d22b1e51acbcddf37b95d14f7f526f0dc62b1fd88d64e19fc307e3b4b8c73cb855bf88504482cd3d6726a654ae951b551de92d0d148be3040ce3f7b14a6fdea0076aa5dc1a1c1bf55f2f80918b83e848ab0ca1f2f1506c4e8848abb2c5fdb772ea3980bfa7df0217f50c8f6a285bb17bc3d063d998e6e22fb105588b4aa786202914f3473f38183b290bf251888a41a2005e803c44a9a6723dc035cc7b73562d38217724e89d1154f4809d94c69b6d07d31d01258a26f736bf8f82658be735bce93905ac652f71feae45937100b274f125b9c8e9d5f74688be92db450eaec2b00ea5fa5907a6581b77791758ca9b2c7c77395bb07fc93064b8848d1876d1ee07ed19e120486de2eedd764bdf92a2759a619f49717c399cf3cc35c97543cb2040256796015af1bccc4ad170b0b3f02e6c2975e706250aded3d513b8eb2f79173d5ed0c81baee8743276879c6fe085bed26351baf3991f7193586bd7eff5a5bb7927ad139997b91df8268d7cf231ba30691acde5c8549299ec87397db53a16fdb63bf227e14470431e7654f43430a90a4dbc3575297f940a56085b0a663165fb05445a13cafe51bf35ade00243900823d79977133e317853489ac1c8ebe49a323acde37f16330d3b5f1a4208ce4e56a6e7a1426fca819ea7350356ef50ecc302ee650fa7d3da663e587809c627329736d84f62d7cfa6aac843397aec06a4ac2d4f1cfb0b2cd64360d155bc534887b926f9cb2c00399cda4eddcfbe2fb7f378cb2d10d8307e35faf1778d63590b2c3337c7249721c9b58a76dd7503a0c16e2bfb88222279396d80d8b4e41ffaef65f984265c36dfac466a5ddae82f492902326b90fd82a267af7612ed2929ba574164b382a44785a0fe7958e1ff0a4134b96d728528a21e294b21cf01132d8e2b4a556b1aa068ff3c6d277450016d063ea40f4a11b862128f459a896a8589ec96e919aea712e54c051b6b9f487d5892c740477a0e111937ba1d338f48552a2cf1469615f60b31bd17fc163dec6473ce5275d477d0fb9589ae0299d9d040f6a777da2d66024de54beb7c80d87b18aed6419b89c46ff9c787c06db7febcc3d60eb3a211b4006c1d209653ce791f61d722de2fbd760f32d1d966690ed8fc226330306a6769f0e7d9c205757c82af0a68a867baefe4456d1ef1296f0ea6ed568d5b6a5d9ba873c17dd2f8039de59138723871c0530071403e57281929593a51330fdccb77cdcd3047f31fa14c69df22f29efe2362a4d9e93b48e091ba45a3b270bbf524e7da9cfb10a9433329f5a414cb19bda46193caea6984ad24e25aebd89edce7c362e1ad637255abaeb72ee2d55d78e23ca592d654257ee4be3963c6d5f94ac48270b094dbf6e28c4cb6201682d2df6607434d51e8321301874034b34159a7fefb8022340570bf09430df0e12c4b5cd9ddd633aa5c60b0493c3cb5855c1bf16649bf615de60c05b839c000997d8bc1f34ed54c82e4eb3354a38e2e946269a57035d6a41851a29b5b041043dc5311b31df46c55cfff8eac9c6bb4d4fbb9d08fdbfef0c734a745ed97d33751df674394ff178aeac56ecdaaa93c636f3a4d8cbbc02be64ccc9e4078f302680628f980eb025497a5dea560c5291993c3f6427cfdcb315a2ac8700a04fd6b0898bba653312a20206ffdbe744917c30cdddac40fba7eb72988f001ca16ca1882bc431a21c7de192ef2df2f06da0421c0a4570b90b5ba46f027371ddac67c5d171a63d0172e0432f4f6d937fa1f2dae1cb8334410fe2abc735deebae86e8029fc91362048974b0d4692da96180004a4cc77756a19e145f38c7d4690a966ccb4dc8432deefe232aec4cd72761ec722ecc80956c4aa7c088a64cb57b3a103306ae17b920831bc1b44aca6a0aedb509ef4dde183d2fb898d4b5a6fa3b44b79291c4330edaa90122a65c360c0fc2f055a4fd2f315b676f63610cc8b56e28f63fd77b683d0116f6beb7da2f67e9e77a7e101db64288c2ab05569be888cb767653ba69b43cd5febe3b8ba16a097e66134730c11f5ef4801bd8ec5c993317a906d4db5"}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000400003802c00038004000100766c616e31000000000000000000000014000100776c616e3100000000000000000000000800014000000000080002"], 0xfc}}, 0x0) write$tun(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="034886dd010000001200140000006000000000042f"], 0xfdef) 2.317496862s ago: executing program 3 (id=1023): syz_emit_ethernet(0x46, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, '\x00', 0x10, 0x3a, 0xff, @local, @loopback, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x2d, 0x6, 0x999, 0x5932}}}}}}, 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0x50, 0x0, &(0x7f0000000000)="ff", 0x0, 0x36, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000440)={@val={0x70}, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x452c, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x6558, 0x18, 0x0, @wg=@data={0x4, 0x0, 0xffffa888}}}}}}}, 0xfdef) 2.168147145s ago: executing program 0 (id=1024): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000000)={@remote, @multicast1, 0x4, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x0, 0x4000000, 0x8}, 0x3c) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000280)={@broadcast, @multicast1, 0x0, "7ea97ddb2ac127ffa5b7216fe75ebaa2855a422a8bf8ec7caf003751804500", 0x0, 0x0, 0x4, 0xfffffffe}, 0x3c) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), 0xffffffffffffffff) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r2, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x2, 0x10, 0x4, 0x64, 0x2, 0x5, 0x4b, 0xa7, @loopback, @dev={0xac, 0x14, 0x14, 0x35}}}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe000031f, 0x0, "ff00000058b274e6d845167fefe428970548fc3c7b00000000000000fcff00", 0xb2, 0xb, 0x6, 0x6}, 0x3c) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f00000003c0)=0xa, 0x4) socket$inet(0x2, 0x1, 0x0) r3 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000480)={0x88, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bridge0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'macvlan1\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_team\x00'}}]}, 0x88}}, 0x20000000) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2033}, [@IFLA_XDP={0x4}, @IFLA_GROUP={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20048054}, 0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_CONNINFO(r5, 0x11, 0x2, 0x0, &(0x7f0000000040)) bind$llc(0xffffffffffffffff, 0x0, 0x0) socket$inet6(0xa, 0x803, 0x6) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 2.167886925s ago: executing program 1 (id=1025): socket$nl_route(0x10, 0x3, 0x0) socket(0x2, 0x80805, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) unshare(0x28040680) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)) select(0x40, &(0x7f0000000000)={0x0, 0x5, 0x2, 0x81, 0x80, 0xd0f3, 0xe5d5, 0x9}, 0x0, &(0x7f0000000140)={0x69f, 0xfffffffffffffffc, 0x3ff, 0x2, 0x7ff, 0xc1, 0x101, 0x8001}, 0x0) 1.923025317s ago: executing program 0 (id=1028): sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, 0x0, 0x800) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310300000000000000000900000008000300", @ANYRES32=r2, @ANYBLOB='\b\x00'], 0x24}}, 0x4000) 1.850666416s ago: executing program 0 (id=1029): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) recvfrom$inet6(r0, &(0x7f00000001c0)=""/96, 0x60, 0x40000000, &(0x7f00000000c0)={0xa, 0x0, 0xde75, @private1, 0x8}, 0x1c) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_icmp(0x2, 0x2, 0x1) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) socket(0x10, 0x803, 0x0) socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x54}}, 0x0) 1.768498081s ago: executing program 4 (id=1030): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) socket$kcm(0x10, 0x3, 0x10) sendmsg$TIPC_NL_MON_PEER_GET(r0, 0x0, 0x40880) socket$packet(0x11, 0x2, 0x300) socket(0x1a, 0x5, 0x9) socket$packet(0x11, 0x3, 0x300) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe3}]}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000004a80)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000007c0)="16ecaaaeb69ec105e9dd534f1bd77f8051db33a07055391264d230088248daa370b0bc75883a507be52e9744ca1479096e0a1d347324d779b5fe3167e722437570ee9c472c6399c49d1473a32016f512dee12a2f9dc3bd6060001c8139ae43a3cbf08d05c66712c9a0b2994264c8614da6c0251fdeb06bcb94139d6b3df7bd60ac9d53ac834c97388aa638bb50457e57f90b3e8e11975ebd2c81a2a13cb5dc9b7fae4411137ad278cf52dd8d32de5b07a396cd19a242b247d2ca16ce1a663064abfc1ba416f7b1fc251409afd53815f775ab04810637bd8c9b2606a8512ee5622829a369d77900cfc7987f950003fb657f4c17131695efdcead8816ddae634049c3dab49a0ca36b1d5d93c8dac8fa0ba2a74f55d159667e3b52ec903f439a21a023b4bc7bf4463d73f5ae46a680f138c34f0ab2e8503ce342bfb26e481f087a08d410a8886335ac1fda0df344dfbb68b6bb8fcc2bf9a85fe835f350fb281e1159b093d52c519a3d61cd4979941c87ebf52404bdb04ebce4e1980314c1b03a674a86d6cf027b9076559eecadd6cbc5daab4002468d3653a11bbcb9cf625b1e4fe49a398e63200944d4ecee2741a09daf3650edb6a8dca6dc705873b78767c0e942a766c8be2bf425eeba3c277f09332f84fe9f24272059625703661763ed5efd08af27a1b6ccc3a7ae63ff339676e5caa6447e4a0575131495bc643681ca8e18b95bc7db66366c50cd89c9a59746da83dcced2526003b48e250bb7a20eabaf34e950fd1eeb6cce37de630e51a067e786dc3ecde5d2218962d33adde6734636adcf597b93be0cc3f307127d2b0df08a75d14f41ed41237db5e7b10fdacd56231cd781566b26080a06edbd7af51e6310233f0cea9aea8fe2c08a94cdc1ae11c6bef6f0fb5d4155567b47db0c4fc61940d157fc5a1df14ff33bd638b56b200b032cd99504751cb6c29d8252e6ebd0c1ac4c3df73d335aaf060f54d6a4f1c225eaca5e3f313a1d29f940d7a9fcaa040d7cab55550954a3c4d8bd772890fff6eadf3de96a396758e0a3d21cba8f2b1bbbc2ce9dbc8818bb3ca8967fc89e130ef4409db59a858f81b29c9019c3954754777af852162d61ff916ad98d6ee6ab4c0a5d25339e7923c1db2386df6596a5059ffb169fa9991d82573587fa4edd83649ece1a1976755b6d622e75ec6b342df6b30c8ea280daacfd1cfa82909f295ad96130d439abf3ebf9f48e8b138b89ea93c751c5c416e727c49c764559ca5dba38a894b056e3c9569f20bd56c638eb74429f5a89fdf1b3d3bd7e38993b0a39446ece8359a57894e28136fc0305e43bfa4adb63c9d85951207eb506bac375a3e203eed305fcd1cc6984f4dc67dc9e50391e4a01effe62fce188da0eead8dabebe5a3e74c7223c240bc0443b3e4c53d677bbccc58a7dfbb0b69dac81cf9ec689f1762a0ba768d73aeb38b4718d735defdfc3ac9376eea3412e5c388f1cf89d7b1caf2550cdafb8deeb8df3b75993b98665b47f29e213c2b2a0541b4d7a8a458cfa92548d03c5b74b5fda560ee3fbf972640a5a59645e87b08ad07086c4324091b5e874cbb5ea7a5c30e3596db80c6a44c091a3e51d931bfe63efae82a396cb2d8886430c4b26b135c29492d454b8582bfe12203f70ff24d9ab7818939091941f5eca793d19e3799571e071614fabb8254744f94454a8f755e605feece3c415bef9506de83b4b3ec4873888bbf4784e6ac25524120212d77ca6f977b5670caa6ffe5ad508f8e0f9c03e36df4556b5e52a74c7ab0fdcb38c4a154bb370117701cef672bee99f1f8270cd7d604a141275a25ab3226639aea60a958a3ec3c664285fb205be76f1b61fdd6e58557966b6e5377f2a2bc0a622a90d82a066a12e7224a98d5093bd134c5d3a1b8107fd6a35196098a655231ab04dcff68c82fc7eac9a0c81584ae81f0ee407423d6d10a087c787f63d536d1ddc07dc5bd24e32eb26f31580cafec928ac1c3fb03f032562192d70331881599be4bfcec829da2ace9385db908cd03a48e76470471da69e700bc5b20601c707df9abe26828edb0401eed502feb885cd7df09cd34fda8489f06f4df052c0b233bc5232668913aede05bec5f8a36ae9e478f5dc3e0bd7a6de8b9fe81eb29da56f06fa94cd7dbc7f787050ff3989435af4b545587edb4c47c68605a30c09d1e678c1f870a2ef82841b1d89c667b6499638630b6b0f9f8a66a69064b4616dfc079e6564b301663857305231759391bd9ee2f2d246a4ddd6eb94fd8258ac655a161e2b0f0d13c7c812c78c20bf0ae6c2a20c9be1fb2908bb0e107fdc9c79d02dfbc1d6b24002637acc8a093e02d4372b8e211cc6baf36a5f8997c694bd68ca0fe4d0eceb6ebc93db8c8dbfa796280287a5851f53201fa91e38be16c815f9d5ead64488c0a7ef40c7946ac0c0ad8baa8add8ce249f6ff09ebfc93106c239594a2ad935099fef0c2fe5d3820cb9cc676a", 0x6dc}], 0x1}}], 0x1, 0x400c0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000480)=0x1df9, 0x4) sendto$inet(0xffffffffffffffff, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0) 1.767933033s ago: executing program 3 (id=1031): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xb, &(0x7f00000009c0)=ANY=[@ANYRESHEX], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) r3 = gettid() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000ffdbdf2514000000080001000100000008001c00", @ANYRES32=r3, @ANYBLOB="897a01d8d35c0f76f0790756e1e6b047164f181d1b2986e78ea64b9e89577a83458bdc99b03532a5ef5c292ad02a9979f61f4cf2ff530800f40a6743d33ef2d8caa7c1ee589b184841ec47efad35edca8fb7945754cfc130d5c53896e4bec38052348bf969b906b64286fde7855bb0b2153f96343c33d4fa"], 0x24}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000000) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/uts\x00') r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_FIOSETOWN(r4, 0x8901, &(0x7f00000023c0)=r3) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x18, 0x40, 0x701, 0x0, 0x800004, {0xa}, [@nested={0x4, 0xc0}]}, 0x18}, 0x1, 0x0, 0x0, 0x24008084}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r7, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000004060100010500010007000000050001000700"/36], 0x24}, 0x1, 0x0, 0x0, 0x20000020}, 0x800) r8 = accept$unix(0xffffffffffffffff, &(0x7f0000000180), &(0x7f0000000200)=0x6e) recvmmsg$unix(r8, &(0x7f0000002240)=[{{&(0x7f0000000380)=@abs, 0x6e, &(0x7f0000001680)=[{&(0x7f0000000400)=""/89, 0x59}, {&(0x7f0000000480)=""/36, 0x24}, {&(0x7f00000004c0)=""/180, 0xb4}, {&(0x7f0000000580)=""/194, 0xc2}, {&(0x7f0000000680)=""/4096, 0x1000}], 0x5, &(0x7f0000001700)=[@cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0}}}], 0xc8}}, {{&(0x7f0000001800)=@abs, 0x6e, &(0x7f0000001c40)=[{&(0x7f0000001880)=""/188, 0xbc}, {&(0x7f0000001940)=""/167, 0xa7}, {&(0x7f0000001a00)=""/9, 0x9}, {&(0x7f0000001a40)=""/135, 0x87}, {&(0x7f0000001b00)=""/205, 0xcd}, {&(0x7f0000001c00)=""/26, 0x1a}], 0x6, &(0x7f0000001cc0)=[@rights={{0x10}}, @cred={{0x1c}}], 0x30}}, {{&(0x7f0000001d00)=@abs, 0x6e, &(0x7f0000001e00)=[{&(0x7f0000001d80)=""/70, 0x46}], 0x1}}, {{&(0x7f0000001e40), 0x6e, &(0x7f0000002000)=[{&(0x7f0000001ec0)=""/61, 0x3d}, {&(0x7f0000001f00)=""/224, 0xe0}], 0x2}}, {{&(0x7f0000002040), 0x6e, &(0x7f0000002200)=[{&(0x7f00000021c0)=""/29, 0x1d}], 0x1}}], 0x5, 0x10002, &(0x7f0000002380)={0x77359400}) r11 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r4) r12 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_procfs$namespace(r10, &(0x7f00000020c0)='ns/ipc\x00') r13 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000002100)={0x0, @in={{0x2, 0x4e22, @loopback}}, 0x40, 0x5, 0x6, 0x9, 0x80, 0x6, 0x6}, 0x9c) bind$llc(r13, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x10) r14 = openat$cgroup_ro(r9, &(0x7f00000024c0)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$cgroup_int(r14, &(0x7f0000000000), 0xffffff6a) sendmsg$BATADV_CMD_GET_HARDIF(r14, 0x0, 0x8800) sendfile(r13, r14, 0x0, 0xffffffff000) listen(r13, 0x4) sendmsg$IPSET_CMD_LIST(r12, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x30, 0x7, 0x6, 0x5, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x8800}, 0x20040000) sendmsg$BATADV_CMD_GET_DAT_CACHE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r11, @ANYBLOB="05a300000000000000000d00000008000300", @ANYRES32=r6, @ANYBLOB="c46141a0c845c9a72f7680de078c359d26396001c6d7c4b4d80f82dfd579929490065b0673d5f6eab50456ad56aa44e8c6006d6ee93ff7cc3ce0435cb1c42fae019fd1d4ba02d04e5c33fb298166e20df03f38653ef3672c47024a9b3a39b04b040ce905377de40590d5d211646dd4201e793f6d39801f2a33f3a2fde03a942a0b34646d4fcb7891d7074cc8981f32c2a6d262"], 0x1c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x28, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@TCA_STAB={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000400}, 0x0) 1.690101479s ago: executing program 2 (id=1032): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4008040) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPCTNL_MSG_CT_GET_DYING(0xffffffffffffffff, 0x0, 0x4090) connect$netrom(0xffffffffffffffff, &(0x7f0000000140)={{0x6, @rose}, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @bcast, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000100)={'nr0\x00', 0x2}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x1, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2180}, [@IFLA_IFNAME={0x14, 0x3, 'wlan0\x00'}, @IFLA_MTU={0x8, 0x4, 0x40e}]}, 0x3c}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) syz_80211_join_ibss(&(0x7f0000000000)='wlan0\x00', 0x0, 0x0, 0x100000) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) socket(0x8, 0x3, 0x0) 1.62490207s ago: executing program 4 (id=1033): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000001840), r0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r2, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9c2c89b6f5bec", 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg$unix(r3, 0x0, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002000)={0x18, 0x6, &(0x7f0000000640)=ANY=[@ANYBLOB="180000ddff0000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r4, 0x0, 0xd}, 0x18) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r6, &(0x7f0000000040)="07000000010003", 0x7) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r5}, 0x4) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xa, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='br_fdb_add\x00', r7}, 0x10) socket$netlink(0x10, 0x3, 0x1) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'ip_vti0\x00', 0x0}) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x32, 0x0, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x2, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x1400}}, 0x1c}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2900}}, 0x1c}}, 0x8c0) 1.563876125s ago: executing program 0 (id=1034): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x2, 0x300) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe3}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000004a80)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000007c0)="16ecaaaeb69ec105e9dd534f1bd77f8051db33a07055391264d230088248daa370b0bc75883a507be52e9744ca1479096e0a1d347324d779b5fe3167e722437570ee9c472c6399c49d1473a32016f512dee12a2f9dc3bd6060001c8139ae43a3cbf08d05c66712c9a0b2994264c8614da6c0251fdeb06bcb94139d6b3df7bd60ac9d53ac834c97388aa638bb50457e57f90b3e8e11975ebd2c81a2a13cb5dc9b7fae4411137ad278cf52dd8d32de5b07a396cd19a242b247d2ca16ce1a663064abfc1ba416f7b1fc251409afd53815f775ab04810637bd8c9b2606a8512ee5622829a369d77900cfc7987f950003fb657f4c17131695efdcead8816ddae634049c3dab49a0ca36b1d5d93c8dac8fa0ba2a74f55d159667e3b52ec903f439a21a023b4bc7bf4463d73f5ae46a680f138c34f0ab2e8503ce342bfb26e481f087a08d410a8886335ac1fda0df344dfbb68b6bb8fcc2bf9a85fe835f350fb281e1159b093d52c519a3d61cd4979941c87ebf52404bdb04ebce4e1980314c1b03a674a86d6cf027b9076559eecadd6cbc5daab4002468d3653a11bbcb9cf625b1e4fe49a398e63200944d4ecee2741a09daf3650edb6a8dca6dc705873b78767c0e942a766c8be2bf425eeba3c277f09332f84fe9f24272059625703661763ed5efd08af27a1b6ccc3a7ae63ff339676e5caa6447e4a0575131495bc643681ca8e18b95bc7db66366c50cd89c9a59746da83dcced2526003b48e250bb7a20eabaf34e950fd1eeb6cce37de630e51a067e786dc3ecde5d2218962d33adde6734636adcf597b93be0cc3f307127d2b0df08a75d14f41ed41237db5e7b10fdacd56231cd781566b26080a06edbd7af51e6310233f0cea9aea8fe2c08a94cdc1ae11c6bef6f0fb5d4155567b47db0c4fc61940d157fc5a1df14ff33bd638b56b200b032cd99504751cb6c29d8252e6ebd0c1ac4c3df73d335aaf060f54d6a4f1c225eaca5e3f313a1d29f940d7a9fcaa040d7cab55550954a3c4d8bd772890fff6eadf3de96a396758e0a3d21cba8f2b1bbbc2ce9dbc8818bb3ca8967fc89e130ef4409db59a858f81b29c9019c3954754777af852162d61ff916ad98d6ee6ab4c0a5d25339e7923c1db2386df6596a5059ffb169fa9991d82573587fa4edd83649ece1a1976755b6d622e75ec6b342df6b30c8ea280daacfd1cfa82909f295ad96130d439abf3ebf9f48e8b138b89ea93c751c5c416e727c49c764559ca5dba38a894b056e3c9569f20bd56c638eb74429f5a89fdf1b3d3bd7e38993b0a39446ece8359a57894e28136fc0305e43bfa4adb63c9d85951207eb506bac375a3e203eed305fcd1cc6984f4dc67dc9e50391e4a01effe62fce188da0eead8dabebe5a3e74c7223c240bc0443b3e4c53d677bbccc58a7dfbb0b69dac81cf9ec689f1762a0ba768d73aeb38b4718d735defdfc3ac9376eea3412e5c388f1cf89d7b1caf2550cdafb8deeb8df3b75993b98665b47f29e213c2b2a0541b4d7a8a458cfa92548d03c5b74b5fda560ee3fbf972640a5a59645e87b08ad07086c4324091b5e874cbb5ea7a5c30e3596db80c6a44c091a3e51d931bfe63efae82a396cb2d8886430c4b26b135c29492d454b8582bfe12203f70ff24d9ab7818939091941f5eca793d19e3799571e071614fabb8254744f94454a8f755e605feece3c415bef9506de83b4b3ec4873888bbf4784e6ac25524120212d77ca6f977b5670caa6ffe5ad508f8e0f9c03e36df4556b5e52a74c7ab0fdcb38c4a154bb370117701cef672bee99f1f8270cd7d604a141275a25ab3226639aea60a958a3ec3c664285fb205be76f1b61fdd6e58557966b6e5377f2a2bc0a622a90d82a066a12e7224a98d5093bd134c5d3a1b8107fd6a35196098a655231ab04dcff68c82fc7eac9a0c81584ae81f0ee407423d6d10a087c787f63d536d1ddc07dc5bd24e32eb26f31580cafec928ac1c3fb03f032562192d70331881599be4bfcec829da2ace9385db908cd03a48e76470471da69e700bc5b20601c707df9abe26828edb0401eed502feb885cd7df09cd34fda8489f06f4df052c0b233bc5232668913aede05bec5f8a36ae9e478f5dc3e0bd7a6de8b9fe81eb29da56f06fa94cd7dbc7f787050ff3989435af4b545587edb4c47c68605a30c09d1e678c1f870a2ef82841b1d89c667b6499638630b6b0f9f8a66a69064b4616dfc079e6564b301663857305231759391bd9ee2f2d246a4ddd6eb94fd8258ac655a161e2b0f0d13c7c812c78c20bf0ae6c2a20c9be1fb2908bb0e107fdc9c79d02dfbc1d6b24002637acc8a093e02d4372b8e211cc6baf36a5f8997c694bd68ca0fe4d0eceb6ebc93db8c8dbfa796280287a5851f53201fa91e38be16c815f9d5ead64488c0a7ef40c7946ac0c0ad8baa8add8ce249f6ff09ebfc93106c239594a2ad935099fef0c2fe5d3820cb9cc676a", 0x6dc}], 0x1}}], 0x1, 0x400c0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000480)=0x1df9, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0) 1.281598236s ago: executing program 4 (id=1035): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000000)={@remote, @multicast1, 0x4, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x0, 0x4000000, 0x8}, 0x3c) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000280)={@broadcast, @multicast1, 0x0, "7ea97ddb2ac127ffa5b7216fe75ebaa2855a422a8bf8ec7caf003751804500", 0x0, 0x0, 0x4, 0xfffffffe}, 0x3c) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), 0xffffffffffffffff) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r2, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x2, 0x10, 0x4, 0x64, 0x2, 0x5, 0x4b, 0xa7, @loopback, @dev={0xac, 0x14, 0x14, 0x35}}}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe000031f, 0x0, "ff00000058b274e6d845167fefe428970548fc3c7b00000000000000fcff00", 0xb2, 0xb, 0x6, 0x6}, 0x3c) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f00000003c0)=0xa, 0x4) socket$inet(0x2, 0x1, 0x0) r3 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000480)={0x88, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bridge0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'macvlan1\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_team\x00'}}]}, 0x88}}, 0x20000000) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2033}, [@IFLA_XDP={0x4}, @IFLA_GROUP={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20048054}, 0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_CONNINFO(r5, 0x11, 0x2, 0x0, &(0x7f0000000040)) bind$llc(0xffffffffffffffff, 0x0, 0x0) socket$inet6(0xa, 0x803, 0x6) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 1.228370738s ago: executing program 3 (id=1036): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r0) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000037400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a7330000800020000000000080007002609090914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000240)="aefc00001a0025f01d85bc04fef7681d020b49ff708800008003280008021000ac0a1410bc71176a36ede498534108e58342fa94a235a2a441f9", 0xfcae) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001ec0), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000980)={0x38, r7, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0xc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}, @ETHTOOL_A_BITSET_VALUE={0x4}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x24044815}, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(r4, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000001f00)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000fddbdf250c00000008000600faffffff"], 0x1c}, 0x1, 0x0, 0x0, 0x8840}, 0x0) 1.227970575s ago: executing program 1 (id=1037): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x41, &(0x7f0000000200)={0xa, 0x4e23, 0x10001, @loopback, 0xe}, 0x1c) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001900)='P+', 0x2}], 0x1) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x1, 0x20}, 0xc) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000340)=',', 0x34000}], 0x1) 1.075606261s ago: executing program 1 (id=1038): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) socket(0xb, 0x800, 0x0) listen(r0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6(0x10, 0x2, 0x6) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c) connect$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000600)="ba", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="16", 0x1}, {&(0x7f00000000c0)="e1a460c44ad04faa14f6cce5175d990da9a83c2b3926565a1a87706e299fef49a133caca99f953c2ef2d18966ecd63e439d4797c1c90a994d7f0cb9eb15f0324d85b0dff0c9b057b09f203a99eab10adf15e24", 0x53}], 0x2}}], 0x2, 0xc8040) sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0x0) splice(r4, 0x0, r3, 0x0, 0x7ffff000, 0x6) connect$netrom(r3, &(0x7f0000000100)={{0x3, @default, 0x8}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast]}, 0x48) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x30, 0x0, 0x0, 0xffeffffc}, {0x16}]}, 0x10) sendto$inet6(r2, &(0x7f00000002c0)="100000001200050f0c1000000049b23e", 0x10, 0x0, 0x0, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) r5 = socket(0xa, 0x5, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r6, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x40, 0x0, 0x0, 0x100}, {0x6}]}, 0x10) listen(r5, 0xfffffffe) sendto$inet6(r5, &(0x7f0000000040)='\x00', 0x1, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c) sendmsg$nl_route(r1, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001900)=@bridge_delneigh={0x24, 0x1e, 0x1, 0x0, 0x0, {0x7}, [@NDA_VLAN={0x6, 0x5, 0x2}]}, 0x24}}, 0x0) r7 = socket$inet6(0xa, 0x800000000000002, 0x0) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) setsockopt$sock_linger(r7, 0x1, 0x3c, &(0x7f0000000180)={0x1}, 0x8) sendto$inet6(r7, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c) accept4(r0, 0x0, 0x0, 0x0) connect$netrom(r0, &(0x7f0000000080)={{0x6, @bcast}, [@null, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast]}, 0x48) 1.041291925s ago: executing program 2 (id=1039): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000000)={@remote, @multicast1, 0x4, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x0, 0x4000000, 0x8}, 0x3c) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000280)={@broadcast, @multicast1, 0x0, "7ea97ddb2ac127ffa5b7216fe75ebaa2855a422a8bf8ec7caf003751804500", 0x0, 0x0, 0x4, 0xfffffffe}, 0x3c) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), 0xffffffffffffffff) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r2, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x2, 0x10, 0x4, 0x64, 0x2, 0x5, 0x4b, 0xa7, @loopback, @dev={0xac, 0x14, 0x14, 0x35}}}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe000031f, 0x0, "ff00000058b274e6d845167fefe428970548fc3c7b00000000000000fcff00", 0xb2, 0xb, 0x6, 0x6}, 0x3c) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f00000003c0)=0xa, 0x4) socket$inet(0x2, 0x1, 0x0) r3 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000480)={0x88, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bridge0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'macvlan1\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_team\x00'}}]}, 0x88}}, 0x20000000) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2033}, [@IFLA_XDP={0x4}, @IFLA_GROUP={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20048054}, 0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_CONNINFO(r5, 0x11, 0x2, 0x0, &(0x7f0000000040)) bind$llc(0xffffffffffffffff, 0x0, 0x0) socket$inet6(0xa, 0x803, 0x6) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 747.146842ms ago: executing program 4 (id=1040): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = socket$netlink(0x10, 0x3, 0x10) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f0000000500)={0x7f, {{0xa, 0x4e21, 0x42e9, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xc047}}, {{0xa, 0x4e22, 0x9, @local, 0xfffffff5}}}, 0x108) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r2) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000000)=ANY=[@ANYBLOB='8\x00\x00\b', @ANYRES16=0x0, @ANYBLOB="010000000000000000000700000008000300", @ANYRES32=0x0, @ANYBLOB="140004006e696376663000000000000000000000080005000a000000"], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x240048d0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000370400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000181002001c0012800b00010067656e65766500000c00028008000b40000000011400030067656e65766530000000000000000000"], 0x50}}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xb, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write(r5, &(0x7f0000000100)="520003000100b8", 0x7) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r6, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x1ff) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, 0x4000000) r8 = socket$nl_audit(0x10, 0x3, 0x9) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) sendmsg$AUDIT_SET_FEATURE(r8, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x80) r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$cgroup_devices(r9, &(0x7f0000000240)='devices.allow\x00', 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r10, &(0x7f0000005ac0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000) setsockopt$sock_int(r11, 0x1, 0x2a, &(0x7f0000000000), 0x4) openat$cgroup_freezer_state(r9, &(0x7f0000000080), 0x2, 0x0) 698.257916ms ago: executing program 3 (id=1041): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0xa, 0x42, 0x40, 0xc0, 0x1, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000080), 0x1003, r0}, 0x38) (fail_nth: 32) 348.956665ms ago: executing program 0 (id=1042): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r0) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x30, r1, 0x0, 0x70bd2c, 0x25dfdbfd, {{}, {}, {0x14, 0x19, {0x10001, 0x1, 0x4b, 0x2}}}, ["", "", "", ""]}, 0x30}}, 0x40) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000500), r0) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r0, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x54, r3, 0x800, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_DEBUG={0x8, 0x11, 0x1}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x2}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x1}, @L2TP_ATTR_MTU={0x6, 0x1c, 0xd}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x8}, @L2TP_ATTR_DEBUG={0x8, 0x11, 0x1}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='rxrpc_recvmsg\x00'}, 0x10) r4 = socket(0x21, 0x2, 0x10000000000002) connect$rxrpc(r4, &(0x7f0000000140)=@in4={0x21, 0x100, 0x2, 0x10, {0x2, 0x4000, @empty}}, 0x24) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r6) sendmsg$NL80211_CMD_SET_REG(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000004001b0000000c00228059fe00800400008006002100", @ANYRESDEC=r5], 0x28}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000000) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x44, r7, 0x800, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x8000, 0x5a}}}}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x49}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x5}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000d5}, 0x1) sendmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r4, &(0x7f0000002d40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000640)={'wlan1\x00'}) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000692000/0x1000)=nil, 0x1000, 0x0, 0x12, r10, 0x0) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r11, 0x400c6615, &(0x7f00000006c0)={0x0, @adiantum, 0x0, @desc2}) ioctl$FS_IOC_RESVSP(r11, 0x40305829, &(0x7f0000000540)={0x1100, 0x0, 0x52, 0x10000}) r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000840)={0x2c, r12, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0xc, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x9}]}, @NL80211_ATTR_SCAN_SSIDS={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24004084}, 0x40000) 277.991945ms ago: executing program 2 (id=1043): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) socket$kcm(0x10, 0x3, 0x10) sendmsg$TIPC_NL_MON_PEER_GET(r0, 0x0, 0x40880) socket$packet(0x11, 0x2, 0x300) socket(0x1a, 0x5, 0x9) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe3}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r1, &(0x7f0000004a80)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000007c0)="16ecaaaeb69ec105e9dd534f1bd77f8051db33a07055391264d230088248daa370b0bc75883a507be52e9744ca1479096e0a1d347324d779b5fe3167e722437570ee9c472c6399c49d1473a32016f512dee12a2f9dc3bd6060001c8139ae43a3cbf08d05c66712c9a0b2994264c8614da6c0251fdeb06bcb94139d6b3df7bd60ac9d53ac834c97388aa638bb50457e57f90b3e8e11975ebd2c81a2a13cb5dc9b7fae4411137ad278cf52dd8d32de5b07a396cd19a242b247d2ca16ce1a663064abfc1ba416f7b1fc251409afd53815f775ab04810637bd8c9b2606a8512ee5622829a369d77900cfc7987f950003fb657f4c17131695efdcead8816ddae634049c3dab49a0ca36b1d5d93c8dac8fa0ba2a74f55d159667e3b52ec903f439a21a023b4bc7bf4463d73f5ae46a680f138c34f0ab2e8503ce342bfb26e481f087a08d410a8886335ac1fda0df344dfbb68b6bb8fcc2bf9a85fe835f350fb281e1159b093d52c519a3d61cd4979941c87ebf52404bdb04ebce4e1980314c1b03a674a86d6cf027b9076559eecadd6cbc5daab4002468d3653a11bbcb9cf625b1e4fe49a398e63200944d4ecee2741a09daf3650edb6a8dca6dc705873b78767c0e942a766c8be2bf425eeba3c277f09332f84fe9f24272059625703661763ed5efd08af27a1b6ccc3a7ae63ff339676e5caa6447e4a0575131495bc643681ca8e18b95bc7db66366c50cd89c9a59746da83dcced2526003b48e250bb7a20eabaf34e950fd1eeb6cce37de630e51a067e786dc3ecde5d2218962d33adde6734636adcf597b93be0cc3f307127d2b0df08a75d14f41ed41237db5e7b10fdacd56231cd781566b26080a06edbd7af51e6310233f0cea9aea8fe2c08a94cdc1ae11c6bef6f0fb5d4155567b47db0c4fc61940d157fc5a1df14ff33bd638b56b200b032cd99504751cb6c29d8252e6ebd0c1ac4c3df73d335aaf060f54d6a4f1c225eaca5e3f313a1d29f940d7a9fcaa040d7cab55550954a3c4d8bd772890fff6eadf3de96a396758e0a3d21cba8f2b1bbbc2ce9dbc8818bb3ca8967fc89e130ef4409db59a858f81b29c9019c3954754777af852162d61ff916ad98d6ee6ab4c0a5d25339e7923c1db2386df6596a5059ffb169fa9991d82573587fa4edd83649ece1a1976755b6d622e75ec6b342df6b30c8ea280daacfd1cfa82909f295ad96130d439abf3ebf9f48e8b138b89ea93c751c5c416e727c49c764559ca5dba38a894b056e3c9569f20bd56c638eb74429f5a89fdf1b3d3bd7e38993b0a39446ece8359a57894e28136fc0305e43bfa4adb63c9d85951207eb506bac375a3e203eed305fcd1cc6984f4dc67dc9e50391e4a01effe62fce188da0eead8dabebe5a3e74c7223c240bc0443b3e4c53d677bbccc58a7dfbb0b69dac81cf9ec689f1762a0ba768d73aeb38b4718d735defdfc3ac9376eea3412e5c388f1cf89d7b1caf2550cdafb8deeb8df3b75993b98665b47f29e213c2b2a0541b4d7a8a458cfa92548d03c5b74b5fda560ee3fbf972640a5a59645e87b08ad07086c4324091b5e874cbb5ea7a5c30e3596db80c6a44c091a3e51d931bfe63efae82a396cb2d8886430c4b26b135c29492d454b8582bfe12203f70ff24d9ab7818939091941f5eca793d19e3799571e071614fabb8254744f94454a8f755e605feece3c415bef9506de83b4b3ec4873888bbf4784e6ac25524120212d77ca6f977b5670caa6ffe5ad508f8e0f9c03e36df4556b5e52a74c7ab0fdcb38c4a154bb370117701cef672bee99f1f8270cd7d604a141275a25ab3226639aea60a958a3ec3c664285fb205be76f1b61fdd6e58557966b6e5377f2a2bc0a622a90d82a066a12e7224a98d5093bd134c5d3a1b8107fd6a35196098a655231ab04dcff68c82fc7eac9a0c81584ae81f0ee407423d6d10a087c787f63d536d1ddc07dc5bd24e32eb26f31580cafec928ac1c3fb03f032562192d70331881599be4bfcec829da2ace9385db908cd03a48e76470471da69e700bc5b20601c707df9abe26828edb0401eed502feb885cd7df09cd34fda8489f06f4df052c0b233bc5232668913aede05bec5f8a36ae9e478f5dc3e0bd7a6de8b9fe81eb29da56f06fa94cd7dbc7f787050ff3989435af4b545587edb4c47c68605a30c09d1e678c1f870a2ef82841b1d89c667b6499638630b6b0f9f8a66a69064b4616dfc079e6564b301663857305231759391bd9ee2f2d246a4ddd6eb94fd8258ac655a161e2b0f0d13c7c812c78c20bf0ae6c2a20c9be1fb2908bb0e107fdc9c79d02dfbc1d6b24002637acc8a093e02d4372b8e211cc6baf36a5f8997c694bd68ca0fe4d0eceb6ebc93db8c8dbfa796280287a5851f53201fa91e38be16c815f9d5ead64488c0a7ef40c7946ac0c0ad8baa8add8ce249f6ff09ebfc93106c239594a2ad935099fef0c2fe5d3820cb9cc676a", 0x6dc}], 0x1}}], 0x1, 0x400c0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000480)=0x1df9, 0x4) sendto$inet(r1, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0) 158.140422ms ago: executing program 3 (id=1044): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x14b441, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0}, 0x90) socket$kcm(0x2, 0x200000000000001, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x2, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r5, 0x107, 0x5, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x40480d5) socket$kcm(0x2, 0xa, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000300)='sys_enter\x00', r3}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f0000000000)={0x400, 0xff, 0x630, 0x243, 0x2, 0x2, 0x9, 0xfb33}, 0x0, 0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={[0x5]}, 0x8}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000005c0)={@val={0x0, 0x8884}, @void, @mpls={[{0x80, 0x0, 0x1}, {0xc, 0x0, 0x1}, {0xb}, {0xffff, 0x0, 0x1}], @llc={@llc={0xfe, 0xf0, "94"}}}}, 0x17) 104.913072ms ago: executing program 4 (id=1045): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x2c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x2c}}, 0x0) 0s ago: executing program 4 (id=1046): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000001840), r0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r2, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9c2c89b6f5bec", 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg$unix(r3, 0x0, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002000)={0x18, 0x6, &(0x7f0000000640)=ANY=[@ANYBLOB="180000ddff0000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r4, 0x0, 0xd}, 0x18) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r6, &(0x7f0000000040)="07000000010003", 0x7) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r5}, 0x4) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xa, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='br_fdb_add\x00', r7}, 0x10) socket$netlink(0x10, 0x3, 0x1) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'ip_vti0\x00', 0x0}) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x32, 0x0, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x2, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x1400}}, 0x1c}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2900}}, 0x1c}}, 0x8c0) kernel console output (not intermixed with test programs): ictable:1536kB writepending:6260kB present:3129332kB managed:2557520kB mlocked:0kB bounce:0kB free_pcp:78804kB local_pcp:39420kB free_cma:0kB [ 107.206599][ T6072] lowmem_reserve[]: 0 0 1 1 1 [ 107.211574][ T6072] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1588kB unevictable:0kB writepending:4kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 107.256500][ T6072] lowmem_reserve[]: 0 0 0 0 0 [ 107.261312][ T6072] Node 1 Normal free:3884408kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:20kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:20804kB local_pcp:8484kB free_cma:0kB [ 107.334847][ T6072] lowmem_reserve[]: 0 0 0 0 0 [ 107.339656][ T6072] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 107.353098][ T6072] Node 0 DMA32: 587*4kB (UM) 125*8kB (UM) 14*16kB (UME) 20*32kB (UME) 10*64kB (UME) 4*128kB (UM) 2*256kB (ME) 2*512kB (M) 3*1024kB (UM) 1*2048kB (E) 337*4096kB (M) = 1392372kB [ 107.393731][ T6072] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 107.416534][ T6072] Node 1 Normal: 186*4kB (UE) 42*8kB (UME) 30*16kB (UME) 63*32kB (UME) 26*64kB (UME) 6*128kB (UME) 2*256kB (M) 2*512kB (M) 2*1024kB (ME) 2*2048kB (UE) 945*4096kB (M) = 3884408kB [ 107.459222][ T6072] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 107.485101][ T6072] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 107.506327][ T6072] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 107.516458][ T6072] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 107.557620][ T6072] 42224 total pagecache pages [ 107.563249][ T6072] 0 pages in swap cache [ 107.568007][ T6072] Free swap = 124996kB [ 107.572220][ T6072] Total swap = 124996kB [ 107.579919][ T6072] 2097051 pages RAM [ 107.584174][ T6072] 0 pages HighMem/MovableOnly [ 107.589057][ T6072] 425645 pages reserved [ 107.593307][ T6072] 0 pages cma reserved [ 107.893170][ T6132] netlink: 'syz.4.33': attribute type 3 has an invalid length. [ 107.929771][ T6132] syz_tun: entered allmulticast mode [ 107.960651][ T6132] siw: device registration error -23 [ 108.025063][ T6138] Zero length message leads to an empty skb [ 108.242224][ T6132] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 108.771183][ T6130] syz_tun: left allmulticast mode [ 110.124399][ T6178] tipc: Enabling of bearer rejected, failed to enable media [ 110.269358][ T6185] netlink: 8 bytes leftover after parsing attributes in process `syz.3.42'. [ 110.875349][ T6185] syz.3.42 (6185) used greatest stack depth: 17896 bytes left [ 111.209342][ T6202] netlink: 'syz.1.46': attribute type 3 has an invalid length. [ 111.282085][ T6202] syz_tun: entered allmulticast mode [ 111.323025][ T6202] siw: device registration error -23 [ 111.499650][ T6202] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 111.660561][ T6200] syz_tun: left allmulticast mode [ 111.667701][ T6211] netlink: 'syz.4.44': attribute type 1 has an invalid length. [ 111.777958][ T6211] netlink: 'syz.4.44': attribute type 1 has an invalid length. [ 111.816873][ T6211] netlink: 224 bytes leftover after parsing attributes in process `syz.4.44'. [ 112.875408][ T6232] netlink: 'syz.1.51': attribute type 1 has an invalid length. [ 112.883021][ T6232] netlink: 'syz.1.51': attribute type 1 has an invalid length. [ 112.942657][ T6232] netlink: 224 bytes leftover after parsing attributes in process `syz.1.51'. [ 113.357299][ T6238] netlink: 'syz.0.55': attribute type 1 has an invalid length. [ 113.385398][ T6239] netlink: 8 bytes leftover after parsing attributes in process `syz.2.54'. [ 113.471876][ T6241] netlink: 'syz.1.56': attribute type 1 has an invalid length. [ 113.482276][ T6241] netlink: 228 bytes leftover after parsing attributes in process `syz.1.56'. [ 113.565263][ T6244] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 113.915679][ T6238] veth3: entered promiscuous mode [ 114.686945][ T6269] netlink: 8 bytes leftover after parsing attributes in process `syz.3.64'. [ 114.905251][ T6272] netlink: 12 bytes leftover after parsing attributes in process `syz.1.65'. [ 114.960548][ T6272] netlink: 'syz.1.65': attribute type 2 has an invalid length. [ 115.246101][ T6277] netlink: 'syz.0.66': attribute type 13 has an invalid length. [ 115.309014][ T6277] netlink: 'syz.0.66': attribute type 17 has an invalid length. [ 115.650919][ T6277] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 115.716182][ T6280] netlink: 40 bytes leftover after parsing attributes in process `syz.1.67'. [ 115.758303][ T6280] netlink: 40 bytes leftover after parsing attributes in process `syz.1.67'. [ 116.335735][ T6293] netlink: 8 bytes leftover after parsing attributes in process `syz.2.71'. [ 116.353238][ T6289] netlink: 92 bytes leftover after parsing attributes in process `syz.1.70'. [ 116.669461][ T6298] sctp: Trying to GSO but underlying device doesn't support it. [ 116.790458][ T6305] netlink: 'syz.0.75': attribute type 3 has an invalid length. [ 116.849324][ T6305] syz_tun: entered allmulticast mode [ 116.876513][ T6305] siw: device registration error -23 [ 117.060619][ T6305] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 117.110860][ T6304] syz_tun: left allmulticast mode [ 117.814581][ T6328] tipc: Enabling of bearer rejected, failed to enable media [ 117.872259][ T6332] netlink: 'syz.4.79': attribute type 1 has an invalid length. [ 117.905213][ T6332] netlink: 228 bytes leftover after parsing attributes in process `syz.4.79'. [ 118.730306][ T6345] netlink: 8 bytes leftover after parsing attributes in process `syz.3.80'. [ 118.825642][ T6348] netlink: 12 bytes leftover after parsing attributes in process `syz.0.81'. [ 118.863126][ T6348] netlink: 'syz.0.81': attribute type 2 has an invalid length. [ 119.443495][ T6369] netlink: 8 bytes leftover after parsing attributes in process `syz.1.84'. [ 119.654628][ T6373] netlink: 40 bytes leftover after parsing attributes in process `syz.0.95'. [ 120.458420][ T6392] tipc: Enabling of bearer rejected, failed to enable media [ 121.433243][ T6411] netlink: 8 bytes leftover after parsing attributes in process `syz.0.98'. [ 121.484376][ T6411] netlink: 312 bytes leftover after parsing attributes in process `syz.0.98'. [ 121.514285][ T6411] netlink: 8 bytes leftover after parsing attributes in process `syz.0.98'. [ 122.088516][ T6421] netlink: 'syz.3.102': attribute type 3 has an invalid length. [ 122.174017][ T6421] syz_tun: entered allmulticast mode [ 122.299588][ T6419] syz_tun: left allmulticast mode [ 122.819780][ T5949] IPVS: starting estimator thread 0... [ 122.889596][ T6440] netlink: 'syz.3.107': attribute type 1 has an invalid length. [ 122.928193][ T6440] netlink: 224 bytes leftover after parsing attributes in process `syz.3.107'. [ 122.939645][ T6439] IPVS: using max 27 ests per chain, 64800 per kthread [ 122.954945][ T6441] netlink: 48 bytes leftover after parsing attributes in process `syz.3.107'. [ 123.020609][ T6445] vlan2: entered promiscuous mode [ 123.069961][ T6445] bond0: entered promiscuous mode [ 123.095227][ T6445] bond_slave_0: entered promiscuous mode [ 123.101380][ T6445] bond_slave_1: entered promiscuous mode [ 123.110866][ T6445] vlan2: entered allmulticast mode [ 123.116819][ T6445] bond0: entered allmulticast mode [ 123.122106][ T6445] bond_slave_0: entered allmulticast mode [ 123.130015][ T6445] bond_slave_1: entered allmulticast mode [ 123.150867][ T6453] netlink: 'syz.2.112': attribute type 10 has an invalid length. [ 123.168504][ T6453] syz_tun: entered promiscuous mode [ 123.204566][ T6453] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 123.416418][ T6458] netlink: 'syz.0.114': attribute type 3 has an invalid length. [ 123.438591][ T6460] FAULT_INJECTION: forcing a failure. [ 123.438591][ T6460] name failslab, interval 1, probability 0, space 0, times 1 [ 123.468684][ T6458] syz_tun: entered allmulticast mode [ 123.496666][ T6458] siw: device registration error -23 [ 123.502331][ T6460] CPU: 1 UID: 0 PID: 6460 Comm: syz.2.113 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 123.502360][ T6460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 123.502371][ T6460] Call Trace: [ 123.502380][ T6460] [ 123.502388][ T6460] dump_stack_lvl+0x189/0x250 [ 123.502419][ T6460] ? __pfx____ratelimit+0x10/0x10 [ 123.502443][ T6460] ? __pfx_dump_stack_lvl+0x10/0x10 [ 123.502465][ T6460] ? __pfx__printk+0x10/0x10 [ 123.502499][ T6460] ? __pfx___might_resched+0x10/0x10 [ 123.502518][ T6460] ? fs_reclaim_acquire+0x7d/0x100 [ 123.502552][ T6460] should_fail_ex+0x414/0x560 [ 123.502592][ T6460] should_failslab+0xa8/0x100 [ 123.502622][ T6460] kmem_cache_alloc_noprof+0x73/0x3c0 [ 123.502646][ T6460] ? skb_clone+0x212/0x3a0 [ 123.502670][ T6460] skb_clone+0x212/0x3a0 [ 123.502686][ T6460] ? nfnetlink_rcv+0x486/0x2520 [ 123.502711][ T6460] nfnetlink_rcv+0x4b4/0x2520 [ 123.502737][ T6460] ? __dev_queue_xmit+0x1d79/0x3b50 [ 123.502769][ T6460] ? __dev_queue_xmit+0x27b/0x3b50 [ 123.502802][ T6460] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 123.502841][ T6460] ? ref_tracker_free+0x63a/0x7d0 [ 123.502866][ T6460] ? __asan_memcpy+0x40/0x70 [ 123.502888][ T6460] ? __pfx_ref_tracker_free+0x10/0x10 [ 123.502908][ T6460] ? __skb_clone+0x63/0x7a0 [ 123.502942][ T6460] ? __skb_clone+0x483/0x7a0 [ 123.502978][ T6460] ? skb_clone+0x246/0x3a0 [ 123.503001][ T6460] ? __netlink_deliver_tap+0x807/0x850 [ 123.503026][ T6460] ? netlink_deliver_tap+0x2e/0x1b0 [ 123.503071][ T6460] netlink_unicast+0x82f/0x9e0 [ 123.503104][ T6460] ? __pfx_netlink_unicast+0x10/0x10 [ 123.503128][ T6460] ? netlink_sendmsg+0x642/0xb30 [ 123.503151][ T6460] ? skb_put+0x11b/0x210 [ 123.503182][ T6460] netlink_sendmsg+0x805/0xb30 [ 123.503218][ T6460] ? __pfx_netlink_sendmsg+0x10/0x10 [ 123.503253][ T6460] ? aa_sock_msg_perm+0xf1/0x1d0 [ 123.503282][ T6460] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 123.503302][ T6460] ? __pfx_netlink_sendmsg+0x10/0x10 [ 123.503328][ T6460] __sock_sendmsg+0x219/0x270 [ 123.503354][ T6460] ____sys_sendmsg+0x505/0x830 [ 123.503390][ T6460] ? __pfx_____sys_sendmsg+0x10/0x10 [ 123.503429][ T6460] ? import_iovec+0x74/0xa0 [ 123.503453][ T6460] ___sys_sendmsg+0x21f/0x2a0 [ 123.503484][ T6460] ? __pfx____sys_sendmsg+0x10/0x10 [ 123.503554][ T6460] ? __fget_files+0x2a/0x420 [ 123.503592][ T6460] ? __fget_files+0x3a0/0x420 [ 123.503629][ T6460] __x64_sys_sendmsg+0x19b/0x260 [ 123.503661][ T6460] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 123.503700][ T6460] ? __pfx_ksys_write+0x10/0x10 [ 123.503723][ T6460] ? rcu_is_watching+0x15/0xb0 [ 123.503748][ T6460] ? do_syscall_64+0xbe/0x3b0 [ 123.503778][ T6460] do_syscall_64+0xfa/0x3b0 [ 123.503800][ T6460] ? lockdep_hardirqs_on+0x9c/0x150 [ 123.503822][ T6460] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.503841][ T6460] ? clear_bhb_loop+0x60/0xb0 [ 123.503866][ T6460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.503884][ T6460] RIP: 0033:0x7ffbc1d8ebe9 [ 123.503903][ T6460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.503919][ T6460] RSP: 002b:00007ffbbfff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 123.503943][ T6460] RAX: ffffffffffffffda RBX: 00007ffbc1fb5fa0 RCX: 00007ffbc1d8ebe9 [ 123.503957][ T6460] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003 [ 123.503969][ T6460] RBP: 00007ffbbfff6090 R08: 0000000000000000 R09: 0000000000000000 [ 123.503981][ T6460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 123.503992][ T6460] R13: 00007ffbc1fb6038 R14: 00007ffbc1fb5fa0 R15: 00007ffec087af68 [ 123.504034][ T6460] [ 123.664792][ T6457] syz_tun: left allmulticast mode [ 123.933905][ T6469] netlink: 68 bytes leftover after parsing attributes in process `syz.2.116'. [ 124.080211][ T6469] netlink: 8 bytes leftover after parsing attributes in process `syz.2.116'. [ 124.167158][ T6471] netlink: 14 bytes leftover after parsing attributes in process `syz.2.116'. [ 124.528495][ T6471] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 124.544177][ T6471] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 124.557661][ T6471] bond0 (unregistering): (slave syz_tun): Releasing backup interface [ 124.568305][ T6471] bond0 (unregistering): Released all slaves [ 124.598898][ T6487] tipc: Enabling of bearer rejected, failed to enable media [ 124.814542][ T6496] netlink: 27 bytes leftover after parsing attributes in process `syz.3.124'. [ 125.315981][ T6511] netlink: 'syz.3.127': attribute type 13 has an invalid length. [ 125.333084][ T6509] netlink: 4 bytes leftover after parsing attributes in process `syz.1.128'. [ 125.344819][ T6510] netlink: 12 bytes leftover after parsing attributes in process `syz.2.129'. [ 125.718168][ T6519] netlink: 'syz.1.130': attribute type 3 has an invalid length. [ 125.800497][ T6519] syz_tun: entered allmulticast mode [ 125.861175][ T6519] siw: device registration error -23 [ 125.873003][ T6516] syz_tun: left allmulticast mode [ 126.044840][ T6533] FAULT_INJECTION: forcing a failure. [ 126.044840][ T6533] name failslab, interval 1, probability 0, space 0, times 0 [ 126.143111][ T6533] CPU: 1 UID: 0 PID: 6533 Comm: syz.0.134 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 126.143142][ T6533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 126.143153][ T6533] Call Trace: [ 126.143161][ T6533] [ 126.143170][ T6533] dump_stack_lvl+0x189/0x250 [ 126.143199][ T6533] ? __pfx____ratelimit+0x10/0x10 [ 126.143224][ T6533] ? __pfx_dump_stack_lvl+0x10/0x10 [ 126.143247][ T6533] ? __pfx__printk+0x10/0x10 [ 126.143292][ T6533] should_fail_ex+0x414/0x560 [ 126.143321][ T6533] should_failslab+0xa8/0x100 [ 126.143352][ T6533] __kmalloc_cache_noprof+0x70/0x3d0 [ 126.143377][ T6533] ? sctp_add_bind_addr+0x8c/0x370 [ 126.143407][ T6533] sctp_add_bind_addr+0x8c/0x370 [ 126.143435][ T6533] sctp_copy_local_addr_list+0x30b/0x4e0 [ 126.143462][ T6533] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 126.143485][ T6533] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 126.143513][ T6533] ? sctp_v4_is_any+0x35/0x60 [ 126.143535][ T6533] ? sctp_copy_one_addr+0x93/0x360 [ 126.143560][ T6533] sctp_bind_addr_copy+0xb3/0x3c0 [ 126.143584][ T6533] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 126.143669][ T6533] sctp_connect_new_asoc+0x2e0/0x690 [ 126.143701][ T6533] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 126.143726][ T6533] ? __local_bh_enable_ip+0x12d/0x1c0 [ 126.143755][ T6533] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 126.143778][ T6533] ? security_sctp_bind_connect+0x7e/0x2e0 [ 126.143804][ T6533] sctp_sendmsg+0x155c/0x2810 [ 126.143845][ T6533] ? __pfx_sctp_sendmsg+0x10/0x10 [ 126.143876][ T6533] ? aa_sk_perm+0x81e/0x950 [ 126.143909][ T6533] ? __pfx_aa_sk_perm+0x10/0x10 [ 126.143938][ T6533] ? sock_rps_record_flow+0x19/0x410 [ 126.143963][ T6533] ? inet_sendmsg+0x2f4/0x370 [ 126.143989][ T6533] __sock_sendmsg+0x19c/0x270 [ 126.144016][ T6533] ____sys_sendmsg+0x505/0x830 [ 126.144051][ T6533] ? __pfx_____sys_sendmsg+0x10/0x10 [ 126.144092][ T6533] ? import_iovec+0x74/0xa0 [ 126.144115][ T6533] ___sys_sendmsg+0x21f/0x2a0 [ 126.144146][ T6533] ? __pfx____sys_sendmsg+0x10/0x10 [ 126.144220][ T6533] ? __fget_files+0x2a/0x420 [ 126.144247][ T6533] ? __fget_files+0x3a0/0x420 [ 126.144289][ T6533] __x64_sys_sendmsg+0x19b/0x260 [ 126.144321][ T6533] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 126.144362][ T6533] ? __pfx_ksys_write+0x10/0x10 [ 126.144386][ T6533] ? rcu_is_watching+0x15/0xb0 [ 126.144411][ T6533] ? do_syscall_64+0xbe/0x3b0 [ 126.144442][ T6533] do_syscall_64+0xfa/0x3b0 [ 126.144465][ T6533] ? lockdep_hardirqs_on+0x9c/0x150 [ 126.144488][ T6533] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.144507][ T6533] ? clear_bhb_loop+0x60/0xb0 [ 126.144532][ T6533] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.144550][ T6533] RIP: 0033:0x7ff52db8ebe9 [ 126.144569][ T6533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.144594][ T6533] RSP: 002b:00007ff52e9a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 126.144617][ T6533] RAX: ffffffffffffffda RBX: 00007ff52ddb5fa0 RCX: 00007ff52db8ebe9 [ 126.144631][ T6533] RDX: 00000000000003e8 RSI: 00002000000004c0 RDI: 0000000000000005 [ 126.144644][ T6533] RBP: 00007ff52e9a7090 R08: 0000000000000000 R09: 0000000000000000 [ 126.144655][ T6533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 126.144667][ T6533] R13: 00007ff52ddb6038 R14: 00007ff52ddb5fa0 R15: 00007ffc6ce62618 [ 126.144701][ T6533] [ 126.482592][ T6537] netlink: 44 bytes leftover after parsing attributes in process `syz.1.136'. [ 126.672341][ T6541] netlink: 12 bytes leftover after parsing attributes in process `syz.2.138'. [ 126.730193][ T6547] sctp: [Deprecated]: syz.4.137 (pid 6547) Use of struct sctp_assoc_value in delayed_ack socket option. [ 126.730193][ T6547] Use struct sctp_sack_info instead [ 126.845624][ T6547] sctp: [Deprecated]: syz.4.137 (pid 6547) Use of struct sctp_assoc_value in delayed_ack socket option. [ 126.845624][ T6547] Use struct sctp_sack_info instead [ 126.954975][ T6556] tipc: Enabling of bearer rejected, failed to enable media [ 127.510602][ T6565] netlink: 'syz.2.143': attribute type 9 has an invalid length. [ 127.935935][ T6575] netlink: 'syz.0.146': attribute type 3 has an invalid length. [ 128.014194][ T6575] syz_tun: entered allmulticast mode [ 128.062940][ T6575] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 128.117938][ T6579] warning: `syz.3.147' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 128.211988][ T6574] syz_tun: left allmulticast mode [ 128.447847][ T6593] netlink: 'syz.0.148': attribute type 1 has an invalid length. [ 128.533226][ T6601] netlink: 'syz.2.151': attribute type 1 has an invalid length. [ 128.813234][ T6609] bond0: (slave geneve2): making interface the new active one [ 128.842179][ T6609] bond0: (slave geneve2): Enslaving as an active interface with an up link [ 128.857892][ T78] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 128.880300][ T78] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 128.911503][ T78] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 128.938622][ T78] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 129.114627][ T6624] tipc: Enabling of bearer rejected, failed to enable media [ 129.467969][ T6631] netlink: 20 bytes leftover after parsing attributes in process `syz.3.158'. [ 129.631043][ T6633] Driver unsupported XDP return value 0 on prog (id 100) dev N/A, expect packet loss! [ 129.724720][ T6635] netlink: 'syz.1.159': attribute type 3 has an invalid length. [ 129.828917][ T6635] syz_tun: entered allmulticast mode [ 129.943910][ T6635] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 130.015569][ T6634] syz_tun: left allmulticast mode [ 130.227708][ T6642] IPv6: NLM_F_CREATE should be specified when creating new route [ 130.323504][ T6645] netlink: 8 bytes leftover after parsing attributes in process `syz.0.164'. [ 130.376923][ T6650] FAULT_INJECTION: forcing a failure. [ 130.376923][ T6650] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 130.407741][ T6645] dummy0: entered promiscuous mode [ 130.439302][ T6645] dummy0: left promiscuous mode [ 130.448852][ T6650] CPU: 1 UID: 0 PID: 6650 Comm: syz.3.165 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 130.448881][ T6650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 130.448892][ T6650] Call Trace: [ 130.448900][ T6650] [ 130.448908][ T6650] dump_stack_lvl+0x189/0x250 [ 130.448937][ T6650] ? __pfx____ratelimit+0x10/0x10 [ 130.448962][ T6650] ? __pfx_dump_stack_lvl+0x10/0x10 [ 130.448984][ T6650] ? __pfx__printk+0x10/0x10 [ 130.449013][ T6650] ? __might_fault+0xb0/0x130 [ 130.449052][ T6650] should_fail_ex+0x414/0x560 [ 130.449082][ T6650] _copy_from_user+0x2d/0xb0 [ 130.449103][ T6650] generic_map_update_batch+0x51b/0x7f0 [ 130.449141][ T6650] ? __pfx_generic_map_update_batch+0x10/0x10 [ 130.449162][ T6650] ? __fget_files+0x2a/0x420 [ 130.449199][ T6650] ? __pfx_generic_map_update_batch+0x10/0x10 [ 130.449220][ T6650] bpf_map_do_batch+0x369/0x5f0 [ 130.449254][ T6650] __sys_bpf+0x6af/0x870 [ 130.449281][ T6650] ? __pfx___sys_bpf+0x10/0x10 [ 130.449338][ T6650] ? rcu_is_watching+0x15/0xb0 [ 130.449364][ T6650] __x64_sys_bpf+0x7c/0x90 [ 130.449388][ T6650] do_syscall_64+0xfa/0x3b0 [ 130.449411][ T6650] ? lockdep_hardirqs_on+0x9c/0x150 [ 130.449434][ T6650] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.449453][ T6650] ? clear_bhb_loop+0x60/0xb0 [ 130.449477][ T6650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.449509][ T6650] RIP: 0033:0x7f6a08d8ebe9 [ 130.449527][ T6650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.449544][ T6650] RSP: 002b:00007f6a09b2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 130.449565][ T6650] RAX: ffffffffffffffda RBX: 00007f6a08fb5fa0 RCX: 00007f6a08d8ebe9 [ 130.449579][ T6650] RDX: 0000000000000038 RSI: 0000200000000200 RDI: 000000000000001a [ 130.449591][ T6650] RBP: 00007f6a09b2f090 R08: 0000000000000000 R09: 0000000000000000 [ 130.449603][ T6650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 130.449615][ T6650] R13: 00007f6a08fb6038 R14: 00007f6a08fb5fa0 R15: 00007ffef62c2ec8 [ 130.449647][ T6650] [ 130.759437][ T6657] netlink: 32 bytes leftover after parsing attributes in process `syz.2.168'. [ 131.193989][ T6670] tipc: Enabling of bearer rejected, failed to enable media [ 131.644985][ T6681] netlink: 'syz.1.174': attribute type 3 has an invalid length. [ 131.712115][ T6681] syz_tun: entered allmulticast mode [ 131.748736][ T6681] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 131.878092][ T6680] syz_tun: left allmulticast mode [ 132.719737][ T6711] netlink: 'syz.3.181': attribute type 13 has an invalid length. [ 133.051512][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.069096][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.287927][ T6719] netlink: 12 bytes leftover after parsing attributes in process `syz.4.183'. [ 133.298782][ T6719] netlink: 12 bytes leftover after parsing attributes in process `syz.4.183'. [ 133.317243][ T6719] tipc: Started in network mode [ 133.322175][ T6719] tipc: Node identity 9ae9c51f52a2, cluster identity 4711 [ 133.340903][ T6719] tipc: Enabled bearer , priority 0 [ 133.439980][ T6720] netlink: 72 bytes leftover after parsing attributes in process `syz.4.183'. [ 133.506136][ T6723] netlink: 'syz.4.183': attribute type 11 has an invalid length. [ 133.517967][ T6723] netlink: 48 bytes leftover after parsing attributes in process `syz.4.183'. [ 133.622848][ T6719] syzkaller0: entered promiscuous mode [ 133.630525][ T6719] syzkaller0: entered allmulticast mode [ 133.637330][ T6719] tipc: Resetting bearer [ 133.682680][ T6716] tipc: Resetting bearer [ 133.723086][ T6722] netlink: 40 bytes leftover after parsing attributes in process `syz.0.185'. [ 133.781585][ T6726] netlink: 76 bytes leftover after parsing attributes in process `syz.0.185'. [ 133.810476][ T6733] netlink: 12 bytes leftover after parsing attributes in process `syz.2.188'. [ 133.824802][ T6733] netlink: 'syz.2.188': attribute type 2 has an invalid length. [ 134.414744][ T5962] tipc: Node number set to 3360408863 [ 134.691474][ T6741] netlink: 'syz.1.191': attribute type 6 has an invalid length. [ 134.760271][ T6747] netlink: 'syz.1.191': attribute type 6 has an invalid length. [ 135.046858][ T6753] netlink: 176956 bytes leftover after parsing attributes in process `syz.2.192'. [ 135.588666][ T6716] tipc: Disabling bearer [ 136.071488][ T6771] netlink: 'syz.1.198': attribute type 3 has an invalid length. [ 136.084490][ T6771] syz_tun: entered allmulticast mode [ 136.179113][ T6771] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 136.277219][ T6770] syz_tun: left allmulticast mode [ 136.305292][ T6774] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.199'. [ 136.355100][ T6769] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.199'. [ 136.643032][ T6790] netlink: 72 bytes leftover after parsing attributes in process `syz.2.204'. [ 136.781822][ T6792] netlink: 'syz.1.205': attribute type 1 has an invalid length. [ 136.974412][ T6792] 8021q: adding VLAN 0 to HW filter on device bond1 [ 137.031942][ T6794] vlan2: entered promiscuous mode [ 137.065941][ T6794] bridge0: entered promiscuous mode [ 137.100233][ T6794] vlan2: entered allmulticast mode [ 137.128170][ T6806] openvswitch: netlink: Message has 16 unknown bytes. [ 137.137808][ T6794] bridge0: entered allmulticast mode [ 137.360197][ T6812] netlink: 8 bytes leftover after parsing attributes in process `syz.4.209'. [ 137.612533][ T6811] tipc: Enabling of bearer rejected, failed to enable media [ 137.655954][ T6812] dummy0: entered promiscuous mode [ 137.664667][ T6812] dummy0: left promiscuous mode [ 139.234287][ T6846] netlink: 'syz.0.221': attribute type 1 has an invalid length. [ 139.265697][ T6846] netlink: 17 bytes leftover after parsing attributes in process `syz.0.221'. [ 139.547723][ T6855] netlink: 'syz.1.224': attribute type 3 has an invalid length. [ 139.561863][ T6855] syz_tun: entered allmulticast mode [ 139.572030][ T6855] siw: device registration error -23 [ 139.628790][ T6855] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 139.678058][ T6858] netlink: 'syz.0.225': attribute type 3 has an invalid length. [ 139.708109][ T6854] syz_tun: left allmulticast mode [ 139.738755][ T6858] syz_tun: entered allmulticast mode [ 139.849161][ T6858] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 139.895717][ T6868] tipc: Enabling of bearer rejected, failed to enable media [ 139.928711][ T6857] syz_tun: left allmulticast mode [ 140.338571][ T6877] Bluetooth: MGMT ver 1.23 [ 140.436510][ T6880] netlink: 'syz.1.233': attribute type 13 has an invalid length. [ 140.474002][ T6880] netlink: 'syz.1.233': attribute type 17 has an invalid length. [ 140.891813][ T6880] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 141.369793][ T6909] netlink: 12 bytes leftover after parsing attributes in process `syz.2.238'. [ 141.379253][ T6909] netlink: 'syz.2.238': attribute type 2 has an invalid length. [ 141.709543][ T6912] netlink: 'syz.1.240': attribute type 3 has an invalid length. [ 141.792904][ T5183] Bluetooth: hci4: link tx timeout [ 141.801140][ T5183] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 141.811258][ T6912] syz_tun: entered allmulticast mode [ 141.816826][ T5883] Bluetooth: hci4: link tx timeout [ 141.822068][ T5883] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 141.830932][ T5883] Bluetooth: hci4: link tx timeout [ 141.836533][ T5883] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 141.846126][ T6912] siw: device registration error -23 [ 141.849509][ T5883] Bluetooth: hci4: link tx timeout [ 141.858062][ T5883] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 141.868077][ T5883] Bluetooth: hci4: link tx timeout [ 141.873349][ T5883] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 141.887666][ T5883] Bluetooth: hci4: link tx timeout [ 141.892844][ T5883] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 141.900656][ T5883] Bluetooth: hci4: link tx timeout [ 141.905856][ T5883] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 141.916217][ T5883] Bluetooth: hci4: link tx timeout [ 141.921374][ T5883] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 142.014075][ T6912] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 142.036381][ T6928] tipc: Enabling of bearer rejected, failed to enable media [ 142.062646][ T6911] syz_tun: left allmulticast mode [ 142.668079][ T6942] netlink: 'syz.1.247': attribute type 1 has an invalid length. [ 142.743577][ T6938] can: request_module (can-proto-0) failed. [ 143.274602][ T6959] FAULT_INJECTION: forcing a failure. [ 143.274602][ T6959] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 143.295331][ T6957] syz.0.253 uses obsolete (PF_INET,SOCK_PACKET) [ 143.315819][ T6959] CPU: 0 UID: 0 PID: 6959 Comm: syz.3.254 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 143.315851][ T6959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 143.315862][ T6959] Call Trace: [ 143.315870][ T6959] [ 143.315879][ T6959] dump_stack_lvl+0x189/0x250 [ 143.315908][ T6959] ? __pfx____ratelimit+0x10/0x10 [ 143.315933][ T6959] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.315957][ T6959] ? __pfx__printk+0x10/0x10 [ 143.315984][ T6959] ? __might_fault+0xb0/0x130 [ 143.316025][ T6959] should_fail_ex+0x414/0x560 [ 143.316054][ T6959] _copy_from_user+0x2d/0xb0 [ 143.316075][ T6959] ____sys_sendmsg+0x2fe/0x830 [ 143.316112][ T6959] ? __pfx_____sys_sendmsg+0x10/0x10 [ 143.316152][ T6959] ? import_iovec+0x74/0xa0 [ 143.316176][ T6959] ___sys_sendmsg+0x21f/0x2a0 [ 143.316207][ T6959] ? __pfx____sys_sendmsg+0x10/0x10 [ 143.316279][ T6959] ? __fget_files+0x2a/0x420 [ 143.316307][ T6959] ? __fget_files+0x3a0/0x420 [ 143.316358][ T6959] __x64_sys_sendmsg+0x19b/0x260 [ 143.316398][ T6959] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 143.316441][ T6959] ? rcu_is_watching+0x15/0xb0 [ 143.316462][ T6959] ? trace_sys_enter+0x25/0x100 [ 143.316498][ T6959] do_syscall_64+0xfa/0x3b0 [ 143.316521][ T6959] ? lockdep_hardirqs_on+0x9c/0x150 [ 143.316544][ T6959] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.316564][ T6959] ? clear_bhb_loop+0x60/0xb0 [ 143.316588][ T6959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.316606][ T6959] RIP: 0033:0x7f6a08d8ebe9 [ 143.316624][ T6959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.316641][ T6959] RSP: 002b:00007f6a09b2f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 143.316664][ T6959] RAX: ffffffffffffffda RBX: 00007f6a08fb5fa0 RCX: 00007f6a08d8ebe9 [ 143.316678][ T6959] RDX: 00000000000000c4 RSI: 00002000000000c0 RDI: 0000000000000003 [ 143.316690][ T6959] RBP: 00007f6a09b2f090 R08: 0000000000000000 R09: 0000000000000000 [ 143.316703][ T6959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.316714][ T6959] R13: 00007f6a08fb6038 R14: 00007f6a08fb5fa0 R15: 00007ffef62c2ec8 [ 143.316748][ T6959] [ 143.840760][ T6973] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 143.854570][ T5883] Bluetooth: hci4: command 0x0406 tx timeout [ 144.415086][ T6985] netlink: 8 bytes leftover after parsing attributes in process `syz.0.261'. [ 144.619110][ T6988] tipc: Enabling of bearer rejected, failed to enable media [ 145.058733][ T6997] netlink: 'syz.1.265': attribute type 1 has an invalid length. [ 145.646093][ T7006] 8021q: adding VLAN 0 to HW filter on device bond3 [ 145.656747][ T7006] bond2: (slave bond3): making interface the new active one [ 145.666224][ T7006] bond2: (slave bond3): Enslaving as an active interface with an up link [ 146.578237][ T7044] netlink: 32 bytes leftover after parsing attributes in process `syz.3.274'. [ 146.689750][ T7036] 8021q: adding VLAN 0 to HW filter on device bond1 [ 146.706121][ T7036] team0: Port device bond1 added [ 147.168057][ T7068] netlink: 4 bytes leftover after parsing attributes in process `syz.2.281'. [ 147.181674][ T7068] bridge_slave_1: left allmulticast mode [ 147.212253][ T7068] bridge_slave_1: left promiscuous mode [ 147.242037][ T7068] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.352747][ T7068] bridge_slave_0: left allmulticast mode [ 147.385759][ T7068] bridge_slave_0: left promiscuous mode [ 147.406623][ T7078] netlink: 16 bytes leftover after parsing attributes in process `syz.4.282'. [ 147.426532][ T7068] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.568332][ T7085] netlink: 32 bytes leftover after parsing attributes in process `syz.1.284'. [ 147.677043][ T7078] veth0: entered promiscuous mode [ 147.841387][ T7078] veth0: left promiscuous mode [ 148.255139][ T7102] netlink: 292 bytes leftover after parsing attributes in process `syz.0.288'. [ 149.777045][ T7134] netlink: 16 bytes leftover after parsing attributes in process `syz.1.297'. [ 149.803465][ T7135] netlink: 40 bytes leftover after parsing attributes in process `syz.2.296'. [ 149.829184][ T7135] netlink: 40 bytes leftover after parsing attributes in process `syz.2.296'. [ 150.093547][ T7152] trusted_key: syz.3.300 sent an empty control message without MSG_MORE. [ 151.022815][ T7179] netlink: 8 bytes leftover after parsing attributes in process `syz.0.303'. [ 151.032806][ T7179] netlink: 12 bytes leftover after parsing attributes in process `syz.0.303'. [ 151.053757][ T7179] netlink: 'syz.0.303': attribute type 19 has an invalid length. [ 151.329993][ T7178] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 152.016901][ T7216] netlink: 'syz.0.312': attribute type 3 has an invalid length. [ 152.094075][ T7216] syz_tun: entered allmulticast mode [ 152.106589][ T7216] siw: device registration error -23 [ 152.139576][ T7216] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 152.293191][ T7215] syz_tun: left allmulticast mode [ 152.485438][ T7226] FAULT_INJECTION: forcing a failure. [ 152.485438][ T7226] name failslab, interval 1, probability 0, space 0, times 0 [ 152.519706][ T7226] CPU: 0 UID: 0 PID: 7226 Comm: syz.4.315 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 152.519735][ T7226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 152.519746][ T7226] Call Trace: [ 152.519754][ T7226] [ 152.519762][ T7226] dump_stack_lvl+0x189/0x250 [ 152.519790][ T7226] ? __pfx____ratelimit+0x10/0x10 [ 152.519816][ T7226] ? __pfx_dump_stack_lvl+0x10/0x10 [ 152.519838][ T7226] ? __pfx__printk+0x10/0x10 [ 152.519866][ T7226] ? __lock_acquire+0xab9/0xd20 [ 152.519905][ T7226] should_fail_ex+0x414/0x560 [ 152.519933][ T7226] should_failslab+0xa8/0x100 [ 152.519962][ T7226] kmem_cache_alloc_noprof+0x73/0x3c0 [ 152.519986][ T7226] ? skb_clone+0x212/0x3a0 [ 152.520016][ T7226] skb_clone+0x212/0x3a0 [ 152.520039][ T7226] __netlink_deliver_tap+0x404/0x850 [ 152.520078][ T7226] ? netlink_deliver_tap+0x2e/0x1b0 [ 152.520104][ T7226] netlink_deliver_tap+0x19c/0x1b0 [ 152.520129][ T7226] netlink_unicast+0x7fa/0x9e0 [ 152.520160][ T7226] ? __pfx_netlink_unicast+0x10/0x10 [ 152.520183][ T7226] ? netlink_sendmsg+0x642/0xb30 [ 152.520206][ T7226] ? skb_put+0x11b/0x210 [ 152.520236][ T7226] netlink_sendmsg+0x805/0xb30 [ 152.520272][ T7226] ? __pfx_netlink_sendmsg+0x10/0x10 [ 152.520309][ T7226] ? aa_sock_msg_perm+0xf1/0x1d0 [ 152.520338][ T7226] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 152.520358][ T7226] ? __pfx_netlink_sendmsg+0x10/0x10 [ 152.520384][ T7226] __sock_sendmsg+0x219/0x270 [ 152.520409][ T7226] ____sys_sendmsg+0x505/0x830 [ 152.520443][ T7226] ? __pfx_____sys_sendmsg+0x10/0x10 [ 152.520482][ T7226] ? import_iovec+0x74/0xa0 [ 152.520505][ T7226] ___sys_sendmsg+0x21f/0x2a0 [ 152.520535][ T7226] ? __pfx____sys_sendmsg+0x10/0x10 [ 152.520605][ T7226] ? __fget_files+0x2a/0x420 [ 152.520632][ T7226] ? __fget_files+0x3a0/0x420 [ 152.520672][ T7226] __x64_sys_sendmsg+0x19b/0x260 [ 152.520704][ T7226] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 152.520742][ T7226] ? __pfx_ksys_write+0x10/0x10 [ 152.520765][ T7226] ? rcu_is_watching+0x15/0xb0 [ 152.520791][ T7226] ? do_syscall_64+0xbe/0x3b0 [ 152.520819][ T7226] do_syscall_64+0xfa/0x3b0 [ 152.520840][ T7226] ? lockdep_hardirqs_on+0x9c/0x150 [ 152.520862][ T7226] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.520880][ T7226] ? clear_bhb_loop+0x60/0xb0 [ 152.520904][ T7226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.520922][ T7226] RIP: 0033:0x7ff86cf8ebe9 [ 152.520939][ T7226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.520955][ T7226] RSP: 002b:00007ff86de0e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 152.520976][ T7226] RAX: ffffffffffffffda RBX: 00007ff86d1b5fa0 RCX: 00007ff86cf8ebe9 [ 152.520990][ T7226] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 152.521002][ T7226] RBP: 00007ff86de0e090 R08: 0000000000000000 R09: 0000000000000000 [ 152.521013][ T7226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 152.521025][ T7226] R13: 00007ff86d1b6038 R14: 00007ff86d1b5fa0 R15: 00007ffdb7d37568 [ 152.521058][ T7226] [ 153.051578][ T7236] FAULT_INJECTION: forcing a failure. [ 153.051578][ T7236] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 153.070142][ T7236] CPU: 0 UID: 0 PID: 7236 Comm: syz.4.320 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 153.070170][ T7236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 153.070182][ T7236] Call Trace: [ 153.070190][ T7236] [ 153.070199][ T7236] dump_stack_lvl+0x189/0x250 [ 153.070227][ T7236] ? __pfx____ratelimit+0x10/0x10 [ 153.070251][ T7236] ? __pfx_dump_stack_lvl+0x10/0x10 [ 153.070273][ T7236] ? __pfx__printk+0x10/0x10 [ 153.070298][ T7236] ? __might_fault+0xb0/0x130 [ 153.070336][ T7236] should_fail_ex+0x414/0x560 [ 153.070364][ T7236] _copy_from_iter+0x1db/0x16f0 [ 153.070396][ T7236] ? rcu_is_watching+0x15/0xb0 [ 153.070417][ T7236] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 153.070446][ T7236] ? __pfx__copy_from_iter+0x10/0x10 [ 153.070475][ T7236] ? __build_skb_around+0x257/0x3e0 [ 153.070505][ T7236] ? netlink_sendmsg+0x642/0xb30 [ 153.070528][ T7236] ? skb_put+0x11b/0x210 [ 153.070558][ T7236] netlink_sendmsg+0x6b2/0xb30 [ 153.070603][ T7236] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.070632][ T7236] ? aa_sock_msg_perm+0xf1/0x1d0 [ 153.070661][ T7236] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 153.070682][ T7236] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.070708][ T7236] __sock_sendmsg+0x219/0x270 [ 153.070733][ T7236] ____sys_sendmsg+0x505/0x830 [ 153.070768][ T7236] ? __pfx_____sys_sendmsg+0x10/0x10 [ 153.070807][ T7236] ? import_iovec+0x74/0xa0 [ 153.070831][ T7236] ___sys_sendmsg+0x21f/0x2a0 [ 153.070861][ T7236] ? __pfx____sys_sendmsg+0x10/0x10 [ 153.070931][ T7236] ? __fget_files+0x2a/0x420 [ 153.070958][ T7236] ? __fget_files+0x3a0/0x420 [ 153.070998][ T7236] __x64_sys_sendmsg+0x19b/0x260 [ 153.071030][ T7236] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 153.071069][ T7236] ? __pfx_ksys_write+0x10/0x10 [ 153.071092][ T7236] ? rcu_is_watching+0x15/0xb0 [ 153.071117][ T7236] ? do_syscall_64+0xbe/0x3b0 [ 153.071146][ T7236] do_syscall_64+0xfa/0x3b0 [ 153.071168][ T7236] ? lockdep_hardirqs_on+0x9c/0x150 [ 153.071190][ T7236] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.071209][ T7236] ? clear_bhb_loop+0x60/0xb0 [ 153.071233][ T7236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.071251][ T7236] RIP: 0033:0x7ff86cf8ebe9 [ 153.071271][ T7236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 153.071287][ T7236] RSP: 002b:00007ff86de0e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 153.071308][ T7236] RAX: ffffffffffffffda RBX: 00007ff86d1b5fa0 RCX: 00007ff86cf8ebe9 [ 153.071322][ T7236] RDX: 0000000004000050 RSI: 0000200000000000 RDI: 0000000000000003 [ 153.071334][ T7236] RBP: 00007ff86de0e090 R08: 0000000000000000 R09: 0000000000000000 [ 153.071346][ T7236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 153.071358][ T7236] R13: 00007ff86d1b6038 R14: 00007ff86d1b5fa0 R15: 00007ffdb7d37568 [ 153.071391][ T7236] [ 153.519774][ T7238] batadv_slave_1: entered promiscuous mode [ 153.562922][ T7237] batadv_slave_1: left promiscuous mode [ 154.352799][ T7272] netlink: 'syz.4.328': attribute type 3 has an invalid length. [ 154.362288][ T7274] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.327'. [ 155.572082][ T7301] netlink: 'syz.4.336': attribute type 1 has an invalid length. [ 155.603839][ T7301] netlink: 224 bytes leftover after parsing attributes in process `syz.4.336'. [ 155.617608][ T7299] netlink: 44 bytes leftover after parsing attributes in process `syz.1.334'. [ 156.981083][ T7329] netlink: 'syz.1.340': attribute type 13 has an invalid length. [ 156.995043][ T7329] netlink: 'syz.1.340': attribute type 17 has an invalid length. [ 157.138969][ T7329] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 157.322272][ T7339] netlink: 12 bytes leftover after parsing attributes in process `syz.4.344'. [ 157.332324][ T7339] netlink: 8 bytes leftover after parsing attributes in process `syz.4.344'. [ 157.503130][ T7343] netlink: 4768 bytes leftover after parsing attributes in process `syz.4.344'. [ 157.862370][ T7353] netlink: 4 bytes leftover after parsing attributes in process `syz.0.345'. [ 158.102717][ C0] vxcan0: j1939_tp_rxtimer: 0xffff888030230c00: rx timeout, send abort [ 158.534403][ T7365] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 158.584923][ T7364] netlink: 8 bytes leftover after parsing attributes in process `syz.4.348'. [ 158.595795][ T7367] netlink: 12 bytes leftover after parsing attributes in process `syz.3.349'. [ 158.623733][ T7367] netlink: 'syz.3.349': attribute type 2 has an invalid length. [ 159.195305][ T7389] netlink: 27 bytes leftover after parsing attributes in process `syz.3.355'. [ 159.618238][ T7400] tipc: Started in network mode [ 159.633362][ T7400] tipc: Node identity 56d7bff067da, cluster identity 4711 [ 159.663570][ T7400] tipc: Enabled bearer , priority 0 [ 159.688555][ T7403] syzkaller0: entered promiscuous mode [ 159.697705][ T7403] syzkaller0: entered allmulticast mode [ 159.727520][ T7404] netlink: 4 bytes leftover after parsing attributes in process `syz.4.356'. [ 159.799155][ T7400] tipc: Resetting bearer [ 159.944475][ T7399] tipc: Resetting bearer [ 159.981773][ T7399] tipc: Disabling bearer [ 160.129956][ T7413] syz_tun: left promiscuous mode [ 160.214405][ T7415] netlink: 12 bytes leftover after parsing attributes in process `syz.1.362'. [ 160.229365][ T7415] netlink: 'syz.1.362': attribute type 2 has an invalid length. [ 160.238998][ T7413] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 160.255756][ T7413] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 160.600371][ T7417] netlink: 'syz.0.363': attribute type 3 has an invalid length. [ 160.681330][ T7417] siw: device registration error -23 [ 160.693844][ T3029] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.705846][ T3029] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 20004 - 0 [ 160.716756][ T7426] syz_tun: entered allmulticast mode [ 160.724462][ T3029] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.736306][ T3029] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 20004 - 0 [ 160.763919][ T7417] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 160.787545][ T3029] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.806882][ T3029] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 20004 - 0 [ 160.829380][ T7416] syz_tun: left allmulticast mode [ 160.874114][ T12] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.888429][ T12] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 20004 - 0 [ 162.028317][ T7463] netlink: 8 bytes leftover after parsing attributes in process `syz.4.375'. [ 162.176804][ T7472] tipc: Enabling of bearer rejected, failed to enable media [ 162.380798][ T7479] netlink: 464 bytes leftover after parsing attributes in process `syz.4.380'. [ 162.524332][ T7479] vxcan0: entered promiscuous mode [ 163.971959][ T7510] netlink: 72 bytes leftover after parsing attributes in process `syz.2.392'. [ 163.985547][ T7514] netlink: 'syz.3.394': attribute type 3 has an invalid length. [ 164.026519][ T7514] syz_tun: entered allmulticast mode [ 164.118457][ T7514] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 164.744653][ T7521] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 164.797832][ T7518] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.949574][ T7511] syz_tun: left allmulticast mode [ 165.015245][ T7538] netlink: 72 bytes leftover after parsing attributes in process `syz.0.406'. [ 165.059590][ T7518] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.222030][ T7543] netlink: 12 bytes leftover after parsing attributes in process `syz.3.397'. [ 165.502285][ T7550] netlink: 12 bytes leftover after parsing attributes in process `syz.4.398'. [ 165.524494][ T7550] netlink: 'syz.4.398': attribute type 2 has an invalid length. [ 166.118155][ T7518] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.206777][ T7543] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 166.358865][ T7518] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.767654][ T7570] netlink: 168 bytes leftover after parsing attributes in process `syz.3.403'. [ 167.603507][ T7603] netlink: 12 bytes leftover after parsing attributes in process `syz.3.411'. [ 167.634547][ T7604] netlink: 72 bytes leftover after parsing attributes in process `syz.4.410'. [ 167.653821][ T49] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.675247][ T7603] netlink: 'syz.3.411': attribute type 2 has an invalid length. [ 167.704017][ T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.759768][ T7606] FAULT_INJECTION: forcing a failure. [ 167.759768][ T7606] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 167.773547][ T12] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.803206][ T12] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.820227][ T7606] CPU: 0 UID: 0 PID: 7606 Comm: syz.0.412 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 167.820254][ T7606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 167.820265][ T7606] Call Trace: [ 167.820273][ T7606] [ 167.820281][ T7606] dump_stack_lvl+0x189/0x250 [ 167.820317][ T7606] ? __pfx____ratelimit+0x10/0x10 [ 167.820340][ T7606] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.820362][ T7606] ? __pfx__printk+0x10/0x10 [ 167.820411][ T7606] should_fail_ex+0x414/0x560 [ 167.820438][ T7606] _copy_to_user+0x31/0xb0 [ 167.820459][ T7606] simple_read_from_buffer+0xe1/0x170 [ 167.820491][ T7606] proc_fail_nth_read+0x1b3/0x220 [ 167.820516][ T7606] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 167.820540][ T7606] ? rw_verify_area+0x2a6/0x4d0 [ 167.820561][ T7606] ? __lock_acquire+0xab9/0xd20 [ 167.820586][ T7606] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 167.820609][ T7606] vfs_read+0x200/0x980 [ 167.820631][ T7606] ? fdget_pos+0x247/0x320 [ 167.820652][ T7606] ? __pfx___mutex_lock+0x10/0x10 [ 167.820676][ T7606] ? __pfx_vfs_read+0x10/0x10 [ 167.820702][ T7606] ? __fget_files+0x2a/0x420 [ 167.820734][ T7606] ? __fget_files+0x3a0/0x420 [ 167.820759][ T7606] ? __fget_files+0x2a/0x420 [ 167.820797][ T7606] ksys_read+0x145/0x250 [ 167.820824][ T7606] ? __pfx_ksys_read+0x10/0x10 [ 167.820845][ T7606] ? rcu_is_watching+0x15/0xb0 [ 167.820869][ T7606] ? do_syscall_64+0xbe/0x3b0 [ 167.820897][ T7606] do_syscall_64+0xfa/0x3b0 [ 167.820919][ T7606] ? lockdep_hardirqs_on+0x9c/0x150 [ 167.820940][ T7606] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.820958][ T7606] ? clear_bhb_loop+0x60/0xb0 [ 167.820981][ T7606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.820998][ T7606] RIP: 0033:0x7ff52db8d5fc [ 167.821014][ T7606] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 167.821030][ T7606] RSP: 002b:00007ff52e9a7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 167.821050][ T7606] RAX: ffffffffffffffda RBX: 00007ff52ddb5fa0 RCX: 00007ff52db8d5fc [ 167.821063][ T7606] RDX: 000000000000000f RSI: 00007ff52e9a70a0 RDI: 0000000000000004 [ 167.821074][ T7606] RBP: 00007ff52e9a7090 R08: 0000000000000000 R09: 0000000000000000 [ 167.821085][ T7606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 167.821096][ T7606] R13: 00007ff52ddb6038 R14: 00007ff52ddb5fa0 R15: 00007ffc6ce62618 [ 167.821128][ T7606] [ 168.495045][ T7620] netlink: 140 bytes leftover after parsing attributes in process `syz.3.414'. [ 168.803196][ T7618] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 168.816062][ T7618] batadv_slave_0: entered promiscuous mode [ 168.967940][ T7626] tipc: Enabling of bearer rejected, failed to enable media [ 169.483179][ T7648] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 169.491334][ T7648] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 169.499462][ T7648] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 169.507629][ T7648] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 169.515795][ T7648] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 169.523778][ T7648] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 169.531696][ T7648] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 169.539681][ T7648] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 169.547648][ T7648] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 169.555609][ T7648] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 169.620934][ T7655] netlink: 12 bytes leftover after parsing attributes in process `syz.1.424'. [ 169.660150][ T7655] netlink: 'syz.1.424': attribute type 2 has an invalid length. [ 169.996380][ T7668] netlink: 'syz.2.427': attribute type 13 has an invalid length. [ 170.073979][ T7668] netlink: 'syz.2.427': attribute type 17 has an invalid length. [ 170.436604][ T7668] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.738877][ T3005] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x7 [ 170.771940][ T7700] netlink: 'syz.1.436': attribute type 3 has an invalid length. [ 170.875219][ T7700] siw: device registration error -23 [ 171.479511][ T7714] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.440'. [ 172.314477][ T7744] netlink: 'syz.2.450': attribute type 3 has an invalid length. [ 172.381404][ T7744] siw: device registration error -23 [ 172.582990][ T7752] netlink: 'syz.3.452': attribute type 3 has an invalid length. [ 172.610882][ T7752] syz_tun: entered allmulticast mode [ 172.811427][ T7751] syz_tun: left allmulticast mode [ 173.120547][ T7767] sctp: [Deprecated]: syz.1.456 (pid 7767) Use of struct sctp_assoc_value in delayed_ack socket option. [ 173.120547][ T7767] Use struct sctp_sack_info instead [ 173.212346][ T7772] sctp: [Deprecated]: syz.1.456 (pid 7772) Use of struct sctp_assoc_value in delayed_ack socket option. [ 173.212346][ T7772] Use struct sctp_sack_info instead [ 173.329430][ T7775] netlink: 48 bytes leftover after parsing attributes in process `syz.2.461'. [ 173.675142][ T7781] tipc: Enabling of bearer rejected, failed to enable media [ 173.702286][ T7784] netlink: 72 bytes leftover after parsing attributes in process `syz.4.465'. [ 175.243007][ T7812] netlink: 280 bytes leftover after parsing attributes in process `syz.3.474'. [ 175.252192][ T7812] nbd: must specify at least one socket [ 175.345407][ T7818] netlink: 12 bytes leftover after parsing attributes in process `syz.4.473'. [ 175.568450][ T7834] tipc: Started in network mode [ 175.576370][ T7834] tipc: Node identity aea24846558a, cluster identity 4711 [ 175.583830][ T7834] tipc: Enabled bearer , priority 0 [ 175.647584][ T7837] netlink: 12 bytes leftover after parsing attributes in process `syz.3.479'. [ 175.727270][ T7837] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 175.838750][ T7846] netlink: 'syz.4.482': attribute type 9 has an invalid length. [ 175.870494][ T7846] netlink: 8 bytes leftover after parsing attributes in process `syz.4.482'. [ 175.919840][ T7846] hsr0: entered promiscuous mode [ 175.926572][ T7846] macvlan2: entered promiscuous mode [ 175.932269][ T7846] macvlan2: entered allmulticast mode [ 175.939721][ T7846] hsr0: entered allmulticast mode [ 175.947610][ T7846] hsr_slave_0: entered allmulticast mode [ 175.954225][ T7846] hsr_slave_1: entered allmulticast mode [ 176.039254][ T7852] sctp: [Deprecated]: syz.3.483 (pid 7852) Use of struct sctp_assoc_value in delayed_ack socket option. [ 176.039254][ T7852] Use struct sctp_sack_info instead [ 176.061218][ T7852] sctp: [Deprecated]: syz.3.483 (pid 7852) Use of struct sctp_assoc_value in delayed_ack socket option. [ 176.061218][ T7852] Use struct sctp_sack_info instead [ 176.172939][ T7856] netlink: 12 bytes leftover after parsing attributes in process `syz.1.486'. [ 176.203086][ T7856] netlink: 'syz.1.486': attribute type 2 has an invalid length. [ 176.483053][ T7864] netlink: 12 bytes leftover after parsing attributes in process `syz.4.490'. [ 176.494423][ T7864] netlink: 'syz.4.490': attribute type 3 has an invalid length. [ 176.519119][ T7864] Bluetooth: MGMT ver 1.23 [ 176.528732][ T7864] netlink: 68 bytes leftover after parsing attributes in process `syz.4.490'. [ 176.535537][ T7867] tipc: Enabling of bearer rejected, already enabled [ 176.537959][ T7864] netlink: 12 bytes leftover after parsing attributes in process `syz.4.490'. [ 176.556087][ T7864] netlink: 8 bytes leftover after parsing attributes in process `syz.4.490'. [ 176.585172][ T6015] tipc: Node number set to 4213721158 [ 177.536504][ T7888] netlink: 12 bytes leftover after parsing attributes in process `syz.2.499'. [ 177.566291][ T7888] netlink: 'syz.2.499': attribute type 2 has an invalid length. [ 177.740800][ T7895] netlink: 'syz.4.501': attribute type 3 has an invalid length. [ 177.847613][ T7895] siw: device registration error -23 [ 177.899420][ T7895] net_ratelimit: 29 callbacks suppressed [ 177.899432][ T7895] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 178.094202][ T7903] sctp: [Deprecated]: syz.2.502 (pid 7903) Use of struct sctp_assoc_value in delayed_ack socket option. [ 178.094202][ T7903] Use struct sctp_sack_info instead [ 178.188204][ T7903] sctp: [Deprecated]: syz.2.502 (pid 7903) Use of struct sctp_assoc_value in delayed_ack socket option. [ 178.188204][ T7903] Use struct sctp_sack_info instead [ 178.740751][ T7920] tipc: Enabling of bearer rejected, failed to enable media [ 179.037579][ T7931] tipc: Enabling of bearer rejected, failed to enable media [ 179.048581][ T7930] netlink: 12 bytes leftover after parsing attributes in process `syz.4.512'. [ 179.089979][ T7930] netlink: 'syz.4.512': attribute type 2 has an invalid length. [ 179.334913][ T7943] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.511'. [ 179.460139][ T7945] netlink: 8 bytes leftover after parsing attributes in process `syz.1.515'. [ 180.220517][ T7965] netlink: 'syz.1.521': attribute type 3 has an invalid length. [ 180.294744][ T7965] siw: device registration error -23 [ 180.377641][ T7965] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 180.547641][ T7979] netlink: 'syz.4.522': attribute type 1 has an invalid length. [ 180.588840][ T7980] netlink: 35288 bytes leftover after parsing attributes in process `syz.2.523'. [ 180.728435][ T7979] 8021q: adding VLAN 0 to HW filter on device bond1 [ 180.981996][ T7987] netlink: 12 bytes leftover after parsing attributes in process `syz.3.526'. [ 181.024245][ T7987] netlink: 'syz.3.526': attribute type 2 has an invalid length. [ 181.057458][ T7993] tipc: Enabling of bearer rejected, failed to enable media [ 181.481493][ T8010] netlink: 'syz.2.533': attribute type 3 has an invalid length. [ 181.544734][ T8010] siw: device registration error -23 [ 181.707603][ T8010] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 181.995963][ T8020] netlink: 8 bytes leftover after parsing attributes in process `syz.2.536'. [ 182.417647][ T8032] netlink: 35288 bytes leftover after parsing attributes in process `syz.0.538'. [ 183.562856][ T8047] netlink: 12 bytes leftover after parsing attributes in process `syz.1.540'. [ 183.730067][ T8054] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 183.745320][ T8058] netlink: 36 bytes leftover after parsing attributes in process `syz.4.546'. [ 183.755616][ T8054] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 184.239295][ T8082] netlink: 35288 bytes leftover after parsing attributes in process `syz.4.552'. [ 185.079796][ T8103] netlink: 12 bytes leftover after parsing attributes in process `syz.2.559'. [ 185.105034][ T8104] sctp: [Deprecated]: syz.3.557 (pid 8104) Use of struct sctp_assoc_value in delayed_ack socket option. [ 185.105034][ T8104] Use struct sctp_sack_info instead [ 185.110796][ T8103] netlink: 'syz.2.559': attribute type 2 has an invalid length. [ 185.173709][ T8104] sctp: [Deprecated]: syz.3.557 (pid 8104) Use of struct sctp_assoc_value in delayed_ack socket option. [ 185.173709][ T8104] Use struct sctp_sack_info instead [ 185.554024][ T8118] netlink: 'syz.1.562': attribute type 3 has an invalid length. [ 185.591691][ T8118] netlink: 'syz.1.562': attribute type 1 has an invalid length. [ 186.203119][ T8131] netlink: 72 bytes leftover after parsing attributes in process `syz.0.567'. [ 186.288682][ T8133] IPv6: NLM_F_CREATE should be specified when creating new route [ 186.643931][ T8143] netlink: 12 bytes leftover after parsing attributes in process `syz.1.571'. [ 187.191586][ T8161] tipc: Enabling of bearer rejected, failed to enable media [ 187.378916][ T8171] netlink: 'syz.3.578': attribute type 3 has an invalid length. [ 187.390988][ T8171] syz_tun: entered allmulticast mode [ 187.487354][ T8171] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 187.599886][ T8167] syz_tun: left allmulticast mode [ 187.927322][ T8192] netlink: 156 bytes leftover after parsing attributes in process `syz.3.581'. [ 188.176066][ T8195] netlink: 'syz.3.582': attribute type 3 has an invalid length. [ 188.208918][ T8195] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 188.474722][ T8199] netlink: 464 bytes leftover after parsing attributes in process `syz.0.584'. [ 188.483071][ T8202] FAULT_INJECTION: forcing a failure. [ 188.483071][ T8202] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 188.502366][ T8202] CPU: 0 UID: 0 PID: 8202 Comm: syz.1.587 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 188.502395][ T8202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 188.502406][ T8202] Call Trace: [ 188.502413][ T8202] [ 188.502422][ T8202] dump_stack_lvl+0x189/0x250 [ 188.502453][ T8202] ? __pfx____ratelimit+0x10/0x10 [ 188.502477][ T8202] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.502501][ T8202] ? __pfx__printk+0x10/0x10 [ 188.502527][ T8202] ? __might_fault+0xb0/0x130 [ 188.502565][ T8202] should_fail_ex+0x414/0x560 [ 188.502593][ T8202] _copy_from_user+0x2d/0xb0 [ 188.502613][ T8202] ___sys_recvmsg+0x12e/0x510 [ 188.502649][ T8202] ? __pfx____sys_recvmsg+0x10/0x10 [ 188.502712][ T8202] ? __might_fault+0xb0/0x130 [ 188.502741][ T8202] do_recvmmsg+0x307/0x770 [ 188.502781][ T8202] ? __pfx_do_recvmmsg+0x10/0x10 [ 188.502824][ T8202] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 188.502870][ T8202] __x64_sys_recvmmsg+0x190/0x240 [ 188.502903][ T8202] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 188.502930][ T8202] ? rcu_is_watching+0x15/0xb0 [ 188.502954][ T8202] ? do_syscall_64+0xbe/0x3b0 [ 188.502983][ T8202] do_syscall_64+0xfa/0x3b0 [ 188.503014][ T8202] ? lockdep_hardirqs_on+0x9c/0x150 [ 188.503036][ T8202] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.503055][ T8202] ? clear_bhb_loop+0x60/0xb0 [ 188.503079][ T8202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.503096][ T8202] RIP: 0033:0x7f91fdf8ebe9 [ 188.503115][ T8202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.503131][ T8202] RSP: 002b:00007f91fee57038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 188.503154][ T8202] RAX: ffffffffffffffda RBX: 00007f91fe1b5fa0 RCX: 00007f91fdf8ebe9 [ 188.503168][ T8202] RDX: 03ffffffffffff2e RSI: 0000200000000c00 RDI: 0000000000000003 [ 188.503181][ T8202] RBP: 00007f91fee57090 R08: 0000000000000000 R09: 0000000000000000 [ 188.503193][ T8202] R10: 00001000400000de R11: 0000000000000246 R12: 0000000000000002 [ 188.503204][ T8202] R13: 00007f91fe1b6038 R14: 00007f91fe1b5fa0 R15: 00007ffe3b730308 [ 188.503234][ T8202] [ 188.847684][ T8214] netlink: 35288 bytes leftover after parsing attributes in process `syz.4.588'. [ 189.525031][ T8242] netlink: 40 bytes leftover after parsing attributes in process `syz.4.597'. [ 189.617580][ T8242] netlink: 4 bytes leftover after parsing attributes in process `syz.4.597'. [ 189.673858][ T8242] bridge_slave_1: left allmulticast mode [ 189.679834][ T8242] bridge_slave_1: left promiscuous mode [ 189.707889][ T8242] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.936200][ T8255] netlink: 72 bytes leftover after parsing attributes in process `syz.3.600'. [ 191.089720][ T8285] FAULT_INJECTION: forcing a failure. [ 191.089720][ T8285] name failslab, interval 1, probability 0, space 0, times 0 [ 191.108529][ T8285] CPU: 1 UID: 0 PID: 8285 Comm: syz.2.608 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 191.108557][ T8285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 191.108569][ T8285] Call Trace: [ 191.108576][ T8285] [ 191.108586][ T8285] dump_stack_lvl+0x189/0x250 [ 191.108616][ T8285] ? __pfx____ratelimit+0x10/0x10 [ 191.108640][ T8285] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.108664][ T8285] ? __pfx__printk+0x10/0x10 [ 191.108698][ T8285] ? __pfx___might_resched+0x10/0x10 [ 191.108724][ T8285] should_fail_ex+0x414/0x560 [ 191.108752][ T8285] should_failslab+0xa8/0x100 [ 191.108783][ T8285] __kmalloc_node_noprof+0xd1/0x4e0 [ 191.108809][ T8285] ? alloc_slab_obj_exts+0x39/0xa0 [ 191.108840][ T8285] alloc_slab_obj_exts+0x39/0xa0 [ 191.108864][ T8285] __memcg_slab_post_alloc_hook+0x31e/0x7f0 [ 191.108909][ T8285] kmem_cache_alloc_node_noprof+0x2bd/0x3c0 [ 191.108935][ T8285] ? __alloc_skb+0x112/0x2d0 [ 191.108965][ T8285] __alloc_skb+0x112/0x2d0 [ 191.108995][ T8285] alloc_skb_with_frags+0xca/0x890 [ 191.109026][ T8285] ? __lock_acquire+0xab9/0xd20 [ 191.109065][ T8285] sock_alloc_send_pskb+0x857/0x990 [ 191.109107][ T8285] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 191.109131][ T8285] ? sock_def_readable+0xbe/0x550 [ 191.109159][ T8285] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 191.109187][ T8285] unix_dgram_sendmsg+0x461/0x1850 [ 191.109249][ T8285] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 191.109270][ T8285] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 191.109312][ T8285] ? unix_seqpacket_sendmsg+0x111/0x1e0 [ 191.109334][ T8285] ? __pfx_unix_seqpacket_sendmsg+0x10/0x10 [ 191.109359][ T8285] __sock_sendmsg+0x219/0x270 [ 191.109386][ T8285] ____sys_sendmsg+0x52d/0x830 [ 191.109421][ T8285] ? __pfx_____sys_sendmsg+0x10/0x10 [ 191.109461][ T8285] ? import_iovec+0x74/0xa0 [ 191.109485][ T8285] ___sys_sendmsg+0x21f/0x2a0 [ 191.109522][ T8285] ? __pfx____sys_sendmsg+0x10/0x10 [ 191.109604][ T8285] ? __might_fault+0xb0/0x130 [ 191.109636][ T8285] __sys_sendmmsg+0x227/0x430 [ 191.109671][ T8285] ? __pfx___sys_sendmmsg+0x10/0x10 [ 191.109697][ T8285] ? __mutex_unlock_slowpath+0x1a1/0x760 [ 191.109754][ T8285] ? ksys_write+0x22a/0x250 [ 191.109783][ T8285] ? __pfx_ksys_write+0x10/0x10 [ 191.109805][ T8285] ? rcu_is_watching+0x15/0xb0 [ 191.109833][ T8285] __x64_sys_sendmmsg+0xa0/0xc0 [ 191.109864][ T8285] do_syscall_64+0xfa/0x3b0 [ 191.109888][ T8285] ? lockdep_hardirqs_on+0x9c/0x150 [ 191.109911][ T8285] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.109930][ T8285] ? clear_bhb_loop+0x60/0xb0 [ 191.109955][ T8285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.109973][ T8285] RIP: 0033:0x7ffbc1d8ebe9 [ 191.109991][ T8285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.110007][ T8285] RSP: 002b:00007ffbbfff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 191.110029][ T8285] RAX: ffffffffffffffda RBX: 00007ffbc1fb5fa0 RCX: 00007ffbc1d8ebe9 [ 191.110043][ T8285] RDX: 0400000000000159 RSI: 0000200000001c00 RDI: 0000000000000003 [ 191.110057][ T8285] RBP: 00007ffbbfff6090 R08: 0000000000000000 R09: 0000000000000000 [ 191.110069][ T8285] R10: 0000000000040840 R11: 0000000000000246 R12: 0000000000000002 [ 191.110081][ T8285] R13: 00007ffbc1fb6038 R14: 00007ffbc1fb5fa0 R15: 00007ffec087af68 [ 191.110114][ T8285] [ 191.289357][ T8242] bridge_slave_0: left allmulticast mode [ 191.467828][ T8283] netlink: 'syz.1.607': attribute type 1 has an invalid length. [ 191.481983][ T8283] netlink: 17 bytes leftover after parsing attributes in process `syz.1.607'. [ 191.540804][ T8242] bridge_slave_0: left promiscuous mode [ 191.624665][ T8242] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.818281][ T8294] netlink: 'syz.2.611': attribute type 3 has an invalid length. [ 191.873736][ T8294] syz_tun: entered allmulticast mode [ 191.914101][ T8294] siw: device registration error -23 [ 192.004249][ T8294] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 192.058709][ T8297] netlink: 'syz.3.613': attribute type 12 has an invalid length. [ 192.069095][ T8297] netlink: 'syz.3.613': attribute type 29 has an invalid length. [ 192.101860][ T8309] openvswitch: netlink: IP tunnel dst address not specified [ 192.127976][ T8297] netlink: 148 bytes leftover after parsing attributes in process `syz.3.613'. [ 192.158473][ T8297] netlink: 43 bytes leftover after parsing attributes in process `syz.3.613'. [ 192.209590][ T8293] syz_tun: left allmulticast mode [ 192.258355][ T43] hid-generic 0005:0C45:5505.0001: item fetching failed at offset 0/1 [ 192.316021][ T43] hid-generic 0005:0C45:5505.0001: probe with driver hid-generic failed with error -22 [ 192.841422][ T8335] netlink: 72 bytes leftover after parsing attributes in process `syz.3.623'. [ 193.136490][ T8346] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 194.043519][ T8359] FAULT_INJECTION: forcing a failure. [ 194.043519][ T8359] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 194.075044][ T8359] CPU: 1 UID: 0 PID: 8359 Comm: syz.0.629 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 194.075073][ T8359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 194.075084][ T8359] Call Trace: [ 194.075092][ T8359] [ 194.075101][ T8359] dump_stack_lvl+0x189/0x250 [ 194.075130][ T8359] ? __pfx____ratelimit+0x10/0x10 [ 194.075155][ T8359] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.075177][ T8359] ? __pfx__printk+0x10/0x10 [ 194.075204][ T8359] ? __might_fault+0xb0/0x130 [ 194.075244][ T8359] should_fail_ex+0x414/0x560 [ 194.075273][ T8359] _copy_from_user+0x2d/0xb0 [ 194.075293][ T8359] kstrtouint_from_user+0xc4/0x170 [ 194.075322][ T8359] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 194.075367][ T8359] proc_fail_nth_write+0x88/0x200 [ 194.075390][ T8359] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 194.075418][ T8359] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 194.075441][ T8359] vfs_write+0x27e/0xa90 [ 194.075478][ T8359] ? __pfx_vfs_write+0x10/0x10 [ 194.075506][ T8359] ? __fget_files+0x2a/0x420 [ 194.075539][ T8359] ? __fget_files+0x3a0/0x420 [ 194.075565][ T8359] ? __fget_files+0x2a/0x420 [ 194.075605][ T8359] ksys_write+0x145/0x250 [ 194.075634][ T8359] ? __pfx_ksys_write+0x10/0x10 [ 194.075656][ T8359] ? rcu_is_watching+0x15/0xb0 [ 194.075683][ T8359] ? do_syscall_64+0xbe/0x3b0 [ 194.075713][ T8359] do_syscall_64+0xfa/0x3b0 [ 194.075736][ T8359] ? lockdep_hardirqs_on+0x9c/0x150 [ 194.075759][ T8359] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.075778][ T8359] ? clear_bhb_loop+0x60/0xb0 [ 194.075801][ T8359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.075819][ T8359] RIP: 0033:0x7ff52db8d69f [ 194.075837][ T8359] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 194.075853][ T8359] RSP: 002b:00007ff52e9a7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 194.075876][ T8359] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff52db8d69f [ 194.075889][ T8359] RDX: 0000000000000001 RSI: 00007ff52e9a70a0 RDI: 0000000000000010 [ 194.075901][ T8359] RBP: 00007ff52e9a7090 R08: 0000000000000000 R09: 0000000000000000 [ 194.075912][ T8359] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 194.075933][ T8359] R13: 00007ff52ddb6038 R14: 00007ff52ddb5fa0 R15: 00007ffc6ce62618 [ 194.075968][ T8359] [ 194.497052][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.508587][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.105798][ T8393] vxcan0: entered promiscuous mode [ 195.249098][ T8401] netlink: 'syz.0.638': attribute type 3 has an invalid length. [ 195.257982][ T8405] netlink: 'syz.1.639': attribute type 3 has an invalid length. [ 195.287045][ T8405] syz_tun: entered allmulticast mode [ 195.298566][ T8401] syz_tun: entered allmulticast mode [ 195.307940][ T8405] siw: device registration error -23 [ 195.333357][ T8401] siw: device registration error -23 [ 195.357520][ T8405] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 195.398271][ T8401] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 195.452663][ T8398] syz_tun: left allmulticast mode [ 195.485194][ T8404] syz_tun: left allmulticast mode [ 196.156479][ T8436] netlink: 16 bytes leftover after parsing attributes in process `syz.0.649'. [ 196.190089][ T8434] sctp: [Deprecated]: syz.2.646 (pid 8434) Use of struct sctp_assoc_value in delayed_ack socket option. [ 196.190089][ T8434] Use struct sctp_sack_info instead [ 196.303786][ T8437] sctp: [Deprecated]: syz.2.646 (pid 8437) Use of struct sctp_assoc_value in delayed_ack socket option. [ 196.303786][ T8437] Use struct sctp_sack_info instead [ 196.359158][ T8446] netlink: 'syz.0.653': attribute type 3 has an invalid length. [ 196.399739][ T8446] syz_tun: entered allmulticast mode [ 196.475928][ T8446] siw: device registration error -23 [ 196.550089][ T8446] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 196.615293][ T8445] syz_tun: left allmulticast mode [ 197.839758][ T8478] FAULT_INJECTION: forcing a failure. [ 197.839758][ T8478] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 197.873878][ T8478] CPU: 1 UID: 0 PID: 8478 Comm: syz.3.663 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 197.873908][ T8478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 197.873919][ T8478] Call Trace: [ 197.873927][ T8478] [ 197.873936][ T8478] dump_stack_lvl+0x189/0x250 [ 197.873965][ T8478] ? __pfx____ratelimit+0x10/0x10 [ 197.873989][ T8478] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.874012][ T8478] ? __pfx__printk+0x10/0x10 [ 197.874040][ T8478] ? __might_fault+0xb0/0x130 [ 197.874080][ T8478] should_fail_ex+0x414/0x560 [ 197.874108][ T8478] _copy_from_iter+0x1db/0x16f0 [ 197.874140][ T8478] ? rcu_is_watching+0x15/0xb0 [ 197.874160][ T8478] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 197.874189][ T8478] ? __pfx__copy_from_iter+0x10/0x10 [ 197.874217][ T8478] ? __build_skb_around+0x257/0x3e0 [ 197.874246][ T8478] ? netlink_sendmsg+0x642/0xb30 [ 197.874269][ T8478] ? skb_put+0x11b/0x210 [ 197.874299][ T8478] netlink_sendmsg+0x6b2/0xb30 [ 197.874334][ T8478] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.874363][ T8478] ? aa_sock_msg_perm+0xf1/0x1d0 [ 197.874393][ T8478] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 197.874412][ T8478] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.874438][ T8478] __sock_sendmsg+0x219/0x270 [ 197.874465][ T8478] ____sys_sendmsg+0x52d/0x830 [ 197.874500][ T8478] ? __pfx_____sys_sendmsg+0x10/0x10 [ 197.874540][ T8478] ? import_iovec+0x74/0xa0 [ 197.874564][ T8478] ___sys_sendmsg+0x21f/0x2a0 [ 197.874596][ T8478] ? __pfx____sys_sendmsg+0x10/0x10 [ 197.874668][ T8478] ? __fget_files+0x2a/0x420 [ 197.874695][ T8478] ? __fget_files+0x3a0/0x420 [ 197.874734][ T8478] __sys_sendmmsg+0x227/0x430 [ 197.874769][ T8478] ? __pfx___sys_sendmmsg+0x10/0x10 [ 197.874794][ T8478] ? __mutex_unlock_slowpath+0x1a1/0x760 [ 197.874943][ T8478] ? ksys_write+0x22a/0x250 [ 197.874973][ T8478] ? __pfx_ksys_write+0x10/0x10 [ 197.874995][ T8478] ? rcu_is_watching+0x15/0xb0 [ 197.875024][ T8478] __x64_sys_sendmmsg+0xa0/0xc0 [ 197.875055][ T8478] do_syscall_64+0xfa/0x3b0 [ 197.875078][ T8478] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.875101][ T8478] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.875119][ T8478] ? clear_bhb_loop+0x60/0xb0 [ 197.875144][ T8478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.875163][ T8478] RIP: 0033:0x7f6a08d8ebe9 [ 197.875181][ T8478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.875197][ T8478] RSP: 002b:00007f6a09b2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 197.875219][ T8478] RAX: ffffffffffffffda RBX: 00007f6a08fb5fa0 RCX: 00007f6a08d8ebe9 [ 197.875234][ T8478] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000005 [ 197.875247][ T8478] RBP: 00007f6a09b2f090 R08: 0000000000000000 R09: 0000000000000000 [ 197.875259][ T8478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 197.875270][ T8478] R13: 00007f6a08fb6038 R14: 00007f6a08fb5fa0 R15: 00007ffef62c2ec8 [ 197.875304][ T8478] [ 198.332915][ T8491] tipc: Started in network mode [ 198.346435][ T8491] tipc: Node identity , cluster identity 4711 [ 198.362762][ T8491] tipc: Failed to set node id, please configure manually [ 198.379852][ T8491] tipc: Enabling of bearer rejected, failed to enable media [ 198.447202][ T8496] netlink: 'syz.0.671': attribute type 1 has an invalid length. [ 198.529926][ T8496] netlink: 256 bytes leftover after parsing attributes in process `syz.0.671'. [ 198.770077][ T8512] IPVS: set_ctl: invalid protocol: 12 172.20.20.187:20004 [ 198.936897][ T8517] FAULT_INJECTION: forcing a failure. [ 198.936897][ T8517] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 198.962978][ T8517] CPU: 1 UID: 0 PID: 8517 Comm: syz.2.679 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 198.963007][ T8517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 198.963018][ T8517] Call Trace: [ 198.963025][ T8517] [ 198.963033][ T8517] dump_stack_lvl+0x189/0x250 [ 198.963063][ T8517] ? __pfx____ratelimit+0x10/0x10 [ 198.963088][ T8517] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.963112][ T8517] ? __pfx__printk+0x10/0x10 [ 198.963151][ T8517] ? fs_reclaim_acquire+0x7d/0x100 [ 198.963192][ T8517] should_fail_ex+0x414/0x560 [ 198.963227][ T8517] prepare_alloc_pages+0x213/0x610 [ 198.963257][ T8517] __alloc_frozen_pages_noprof+0x123/0x370 [ 198.963283][ T8517] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 198.963315][ T8517] ? policy_nodemask+0x27c/0x720 [ 198.963349][ T8517] alloc_pages_mpol+0x232/0x4a0 [ 198.963383][ T8517] vma_alloc_folio_noprof+0xe4/0x200 [ 198.963410][ T8517] ? ima_match_policy+0x10b/0x2150 [ 198.963433][ T8517] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 198.963477][ T8517] folio_prealloc+0x30/0x180 [ 198.963507][ T8517] do_wp_page+0x1231/0x5800 [ 198.963558][ T8517] ? __pfx_do_wp_page+0x10/0x10 [ 198.963578][ T8517] ? do_raw_spin_lock+0x121/0x290 [ 198.963605][ T8517] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 198.963641][ T8517] __handle_mm_fault+0x1033/0x5440 [ 198.963686][ T8517] ? __pfx___handle_mm_fault+0x10/0x10 [ 198.963732][ T8517] ? find_vma+0xe7/0x160 [ 198.963756][ T8517] ? __pfx_find_vma+0x10/0x10 [ 198.963786][ T8517] handle_mm_fault+0x40a/0x8e0 [ 198.963824][ T8517] do_user_addr_fault+0x764/0x1390 [ 198.963875][ T8517] exc_page_fault+0x76/0xf0 [ 198.963901][ T8517] asm_exc_page_fault+0x26/0x30 [ 198.963920][ T8517] RIP: 0010:rep_movs_alternative+0x33/0x90 [ 198.963940][ T8517] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 4d 0a 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb [ 198.963955][ T8517] RSP: 0018:ffffc900040bf9e8 EFLAGS: 00050216 [ 198.963974][ T8517] RAX: 0000000000000000 RBX: 0000000000000030 RCX: 0000000000000030 [ 198.963986][ T8517] RDX: 0000000000000000 RSI: ffffc900040bfaf0 RDI: 0000200000002100 [ 198.964000][ T8517] RBP: ffffc900040bfc58 R08: ffffc900040bfb1f R09: 1ffff92000817f63 [ 198.964013][ T8517] R10: dffffc0000000000 R11: fffff52000817f64 R12: 0000200000002130 [ 198.964026][ T8517] R13: 00007ffffffff000 R14: ffffc900040bfaf0 R15: 0000200000002100 [ 198.964061][ T8517] _copy_to_user+0x8a/0xb0 [ 198.964085][ T8517] do_ip_vs_get_ctl+0x64f/0xd10 [ 198.964128][ T8517] ? __pfx_do_ip_vs_get_ctl+0x10/0x10 [ 198.964155][ T8517] ? rcu_is_watching+0x15/0xb0 [ 198.964200][ T8517] ? __mutex_unlock_slowpath+0x1a1/0x760 [ 198.964233][ T8517] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 198.964263][ T8517] ? __might_fault+0xb0/0x130 [ 198.964303][ T8517] nf_getsockopt+0x26b/0x290 [ 198.964341][ T8517] ip_getsockopt+0x1c4/0x220 [ 198.964373][ T8517] ? __pfx_ip_getsockopt+0x10/0x10 [ 198.964401][ T8517] ? sock_common_getsockopt+0x2d/0xb0 [ 198.964423][ T8517] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 198.964448][ T8517] do_sock_getsockopt+0x372/0x450 [ 198.964480][ T8517] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 198.964507][ T8517] ? write_ibpb+0x30/0x40 [ 198.964530][ T8517] ? __fget_files+0x3a0/0x420 [ 198.964557][ T8517] ? __fget_files+0x2a/0x420 [ 198.964594][ T8517] __x64_sys_getsockopt+0x1a5/0x250 [ 198.964620][ T8517] ? write_ibpb+0x30/0x40 [ 198.964646][ T8517] ? write_ibpb+0x30/0x40 [ 198.964675][ T8517] do_syscall_64+0xfa/0x3b0 [ 198.964697][ T8517] ? lockdep_hardirqs_on+0x9c/0x150 [ 198.964720][ T8517] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.964739][ T8517] ? clear_bhb_loop+0x60/0xb0 [ 198.964765][ T8517] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.964783][ T8517] RIP: 0033:0x7ffbc1d8ebe9 [ 198.964801][ T8517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.964815][ T8517] RSP: 002b:00007ffbbfff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 198.964834][ T8517] RAX: ffffffffffffffda RBX: 00007ffbc1fb5fa0 RCX: 00007ffbc1d8ebe9 [ 198.964848][ T8517] RDX: 0000000000000487 RSI: 0000000000000000 RDI: 0000000000000003 [ 198.964861][ T8517] RBP: 00007ffbbfff6090 R08: 0000200000000000 R09: 0000000000000000 [ 198.964873][ T8517] R10: 0000200000002100 R11: 0000000000000246 R12: 0000000000000001 [ 198.964884][ T8517] R13: 00007ffbc1fb6038 R14: 00007ffbc1fb5fa0 R15: 00007ffec087af68 [ 198.964921][ T8517] [ 199.678991][ T8527] syzkaller0: entered promiscuous mode [ 199.685364][ T8527] syzkaller0: entered allmulticast mode [ 199.727282][ T8529] tipc: Enabling of bearer rejected, already enabled [ 200.696659][ T8563] netlink: 32 bytes leftover after parsing attributes in process `syz.1.694'. [ 200.990307][ T8578] netlink: 72 bytes leftover after parsing attributes in process `syz.0.699'. [ 200.990322][ T8563] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.007298][ T8563] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.134635][ T8563] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 201.156020][ T8563] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 201.296232][ T1035] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.317999][ T1035] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.375115][ T1035] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.403455][ T1035] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.552549][ T8590] tipc: Enabling of bearer rejected, failed to enable media [ 201.583475][ T8592] netlink: 312 bytes leftover after parsing attributes in process `syz.3.702'. [ 201.676120][ T8600] FAULT_INJECTION: forcing a failure. [ 201.676120][ T8600] name failslab, interval 1, probability 0, space 0, times 0 [ 201.689886][ T8600] CPU: 1 UID: 0 PID: 8600 Comm: syz.4.705 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 201.689917][ T8600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 201.689929][ T8600] Call Trace: [ 201.689937][ T8600] [ 201.689946][ T8600] dump_stack_lvl+0x189/0x250 [ 201.689975][ T8600] ? __pfx____ratelimit+0x10/0x10 [ 201.689999][ T8600] ? __pfx_dump_stack_lvl+0x10/0x10 [ 201.690030][ T8600] ? __pfx__printk+0x10/0x10 [ 201.690059][ T8600] ? __lock_acquire+0xab9/0xd20 [ 201.690097][ T8600] should_fail_ex+0x414/0x560 [ 201.690124][ T8600] should_failslab+0xa8/0x100 [ 201.690162][ T8600] kmem_cache_alloc_noprof+0x73/0x3c0 [ 201.690187][ T8600] ? skb_clone+0x212/0x3a0 [ 201.690210][ T8600] skb_clone+0x212/0x3a0 [ 201.690233][ T8600] __netlink_deliver_tap+0x404/0x850 [ 201.690273][ T8600] ? netlink_deliver_tap+0x2e/0x1b0 [ 201.690299][ T8600] netlink_deliver_tap+0x19c/0x1b0 [ 201.690325][ T8600] netlink_unicast+0x7fa/0x9e0 [ 201.690359][ T8600] ? __pfx_netlink_unicast+0x10/0x10 [ 201.690383][ T8600] ? netlink_sendmsg+0x642/0xb30 [ 201.690404][ T8600] ? skb_put+0x11b/0x210 [ 201.690435][ T8600] netlink_sendmsg+0x805/0xb30 [ 201.690472][ T8600] ? __pfx_netlink_sendmsg+0x10/0x10 [ 201.690501][ T8600] ? aa_sock_msg_perm+0xf1/0x1d0 [ 201.690530][ T8600] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 201.690551][ T8600] ? __pfx_netlink_sendmsg+0x10/0x10 [ 201.690578][ T8600] __sock_sendmsg+0x219/0x270 [ 201.690604][ T8600] ____sys_sendmsg+0x505/0x830 [ 201.690641][ T8600] ? __pfx_____sys_sendmsg+0x10/0x10 [ 201.690682][ T8600] ? import_iovec+0x74/0xa0 [ 201.690712][ T8600] ___sys_sendmsg+0x21f/0x2a0 [ 201.690744][ T8600] ? __pfx____sys_sendmsg+0x10/0x10 [ 201.690819][ T8600] ? __fget_files+0x2a/0x420 [ 201.690846][ T8600] ? __fget_files+0x3a0/0x420 [ 201.690887][ T8600] __x64_sys_sendmsg+0x19b/0x260 [ 201.690920][ T8600] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 201.690961][ T8600] ? __pfx_ksys_write+0x10/0x10 [ 201.690984][ T8600] ? rcu_is_watching+0x15/0xb0 [ 201.691011][ T8600] ? do_syscall_64+0xbe/0x3b0 [ 201.691040][ T8600] do_syscall_64+0xfa/0x3b0 [ 201.691064][ T8600] ? lockdep_hardirqs_on+0x9c/0x150 [ 201.691087][ T8600] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.691107][ T8600] ? clear_bhb_loop+0x60/0xb0 [ 201.691132][ T8600] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.691160][ T8600] RIP: 0033:0x7ff86cf8ebe9 [ 201.691179][ T8600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.691196][ T8600] RSP: 002b:00007ff86de0e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 201.691218][ T8600] RAX: ffffffffffffffda RBX: 00007ff86d1b5fa0 RCX: 00007ff86cf8ebe9 [ 201.691232][ T8600] RDX: 0000000004000050 RSI: 0000200000000000 RDI: 0000000000000003 [ 201.691244][ T8600] RBP: 00007ff86de0e090 R08: 0000000000000000 R09: 0000000000000000 [ 201.691256][ T8600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 201.691268][ T8600] R13: 00007ff86d1b6038 R14: 00007ff86d1b5fa0 R15: 00007ffdb7d37568 [ 201.691302][ T8600] [ 202.227175][ T8603] netlink: 72 bytes leftover after parsing attributes in process `syz.3.707'. [ 202.443925][ T8606] netlink: 72 bytes leftover after parsing attributes in process `syz.2.710'. [ 203.032363][ T8626] netlink: 8 bytes leftover after parsing attributes in process `syz.4.713'. [ 203.041490][ T8626] netlink: 8 bytes leftover after parsing attributes in process `syz.4.713'. [ 203.672298][ T8651] netlink: 80 bytes leftover after parsing attributes in process `syz.3.719'. [ 203.750257][ T8651] netlink: 80 bytes leftover after parsing attributes in process `syz.3.719'. [ 203.789927][ T8655] netlink: 'syz.4.721': attribute type 10 has an invalid length. [ 204.327169][ T8666] syzkaller1: entered promiscuous mode [ 204.332892][ T8666] syzkaller1: entered allmulticast mode [ 204.375838][ T8670] (unnamed net_device) (uninitialized): (slave veth1_to_bridge): Device is not bonding slave [ 204.386963][ T8666] netlink: 4 bytes leftover after parsing attributes in process `syz.4.725'. [ 204.403733][ T8670] (unnamed net_device) (uninitialized): option active_slave: invalid value (veth1_to_bridge) [ 204.678788][ T8683] netlink: 'syz.0.729': attribute type 3 has an invalid length. [ 204.716992][ T8683] syz_tun: entered allmulticast mode [ 204.747721][ T8683] siw: device registration error -23 [ 204.770669][ T8683] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 204.857312][ T8682] syz_tun: left allmulticast mode [ 205.369676][ T8709] FAULT_INJECTION: forcing a failure. [ 205.369676][ T8709] name failslab, interval 1, probability 0, space 0, times 0 [ 205.448827][ T8709] CPU: 1 UID: 0 PID: 8709 Comm: syz.3.737 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 205.448858][ T8709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 205.448870][ T8709] Call Trace: [ 205.448879][ T8709] [ 205.448887][ T8709] dump_stack_lvl+0x189/0x250 [ 205.448917][ T8709] ? __pfx____ratelimit+0x10/0x10 [ 205.448943][ T8709] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.448967][ T8709] ? __pfx__printk+0x10/0x10 [ 205.449002][ T8709] ? __pfx___might_resched+0x10/0x10 [ 205.449039][ T8709] should_fail_ex+0x414/0x560 [ 205.449069][ T8709] should_failslab+0xa8/0x100 [ 205.449100][ T8709] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 205.449127][ T8709] ? __alloc_skb+0x112/0x2d0 [ 205.449159][ T8709] __alloc_skb+0x112/0x2d0 [ 205.449190][ T8709] tcp_stream_alloc_skb+0x3d/0x340 [ 205.449217][ T8709] tcp_connect+0x146f/0x4ef0 [ 205.449260][ T8709] ? ktime_get_with_offset+0x8c/0x2a0 [ 205.449294][ T8709] ? seqcount_lockdep_reader_access+0x123/0x1c0 [ 205.449322][ T8709] ? ktime_get_with_offset+0x8c/0x2a0 [ 205.449344][ T8709] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 205.449372][ T8709] ? __pfx_tcp_connect+0x10/0x10 [ 205.449401][ T8709] ? get_random_u32+0x48e/0x940 [ 205.449430][ T8709] ? lockdep_hardirqs_on+0x9c/0x150 [ 205.449469][ T8709] ? __asan_memset+0x22/0x50 [ 205.449498][ T8709] ? __pfx_tcp_fastopen_defer_connect+0x10/0x10 [ 205.449535][ T8709] ? inet6_hash_connect+0xd8/0x170 [ 205.449567][ T8709] tcp_v6_connect+0x11f7/0x1870 [ 205.449612][ T8709] ? __pfx_tcp_v6_connect+0x10/0x10 [ 205.449637][ T8709] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 205.449659][ T8709] ? __sock_sendmsg+0xe5/0x270 [ 205.449677][ T8709] ? __sys_sendto+0x3bd/0x520 [ 205.449733][ T8709] __inet_stream_connect+0x2ae/0xe80 [ 205.449770][ T8709] ? __pfx___inet_stream_connect+0x10/0x10 [ 205.449796][ T8709] ? __kasan_kmalloc+0x93/0xb0 [ 205.449825][ T8709] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 205.449859][ T8709] tcp_sendmsg_fastopen+0x3a7/0x5e0 [ 205.449890][ T8709] tcp_sendmsg_locked+0x4d9b/0x5620 [ 205.449917][ T8709] ? tcp_sendmsg_locked+0x501/0x5620 [ 205.449942][ T8709] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 205.450001][ T8709] ? __lock_acquire+0xab9/0xd20 [ 205.450053][ T8709] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 205.450071][ T8709] ? __local_bh_enable_ip+0x12d/0x1c0 [ 205.450095][ T8709] ? __local_bh_enable_ip+0x12d/0x1c0 [ 205.450127][ T8709] tcp_sendmsg+0x2f/0x50 [ 205.450149][ T8709] __sock_sendmsg+0xe5/0x270 [ 205.450173][ T8709] __sys_sendto+0x3bd/0x520 [ 205.450201][ T8709] ? __pfx___sys_sendto+0x10/0x10 [ 205.450224][ T8709] ? __mutex_unlock_slowpath+0x1a1/0x760 [ 205.450263][ T8709] ? __fget_files+0x3a0/0x420 [ 205.450305][ T8709] ? ksys_write+0x22a/0x250 [ 205.450333][ T8709] ? __pfx_ksys_write+0x10/0x10 [ 205.450355][ T8709] ? rcu_is_watching+0x15/0xb0 [ 205.450381][ T8709] __x64_sys_sendto+0xde/0x100 [ 205.450411][ T8709] do_syscall_64+0xfa/0x3b0 [ 205.450435][ T8709] ? lockdep_hardirqs_on+0x9c/0x150 [ 205.450458][ T8709] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.450478][ T8709] ? clear_bhb_loop+0x60/0xb0 [ 205.450502][ T8709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.450521][ T8709] RIP: 0033:0x7f6a08d8ebe9 [ 205.450540][ T8709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.450558][ T8709] RSP: 002b:00007f6a09b2f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 205.450581][ T8709] RAX: ffffffffffffffda RBX: 00007f6a08fb5fa0 RCX: 00007f6a08d8ebe9 [ 205.450596][ T8709] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000004 [ 205.450608][ T8709] RBP: 00007f6a09b2f090 R08: 0000200000b63fe4 R09: 000000000000001c [ 205.450621][ T8709] R10: 0000000020000845 R11: 0000000000000246 R12: 0000000000000001 [ 205.450634][ T8709] R13: 00007f6a08fb6038 R14: 00007f6a08fb5fa0 R15: 00007ffef62c2ec8 [ 205.450668][ T8709] [ 206.080835][ T8718] mac80211_hwsim hwsim12 wlan1: entered allmulticast mode [ 206.105980][ T8718] netlink: 'syz.1.741': attribute type 10 has an invalid length. [ 206.124803][ T8718] mac80211_hwsim hwsim12 wlan1: left allmulticast mode [ 206.136403][ T8718] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 206.243686][ T5883] Bluetooth: hci4: command 0x0406 tx timeout [ 206.880171][ T8748] netlink: 4 bytes leftover after parsing attributes in process `syz.0.744'. [ 208.116292][ T8767] netlink: 8 bytes leftover after parsing attributes in process `syz.1.753'. [ 208.221165][ T8771] team0: Port device team_slave_0 removed [ 208.251557][ T8771] team0: Port device team_slave_1 removed [ 208.268907][ T8771] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 208.309589][ T8771] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 208.360228][ T8771] bond0: (slave geneve2): Releasing active interface [ 208.375100][ T8773] vlan0: entered promiscuous mode [ 208.382617][ T8776] tipc: Started in network mode [ 208.388047][ T8776] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 208.395957][ T8776] tipc: Enabled bearer , priority 0 [ 208.433050][ T8780] tipc: Enabling of bearer rejected, failed to enable media [ 208.568703][ T8786] netlink: 72 bytes leftover after parsing attributes in process `syz.1.760'. [ 208.879737][ T8793] macvtap0: refused to change device tx_queue_len [ 208.994820][ T8793] A link change request failed with some changes committed already. Interface macvtap0 may have been left with an inconsistent configuration, please check. [ 209.393934][ T43] tipc: Node number set to 11578026 [ 210.243893][ T8834] tipc: Enabling of bearer rejected, already enabled [ 210.504630][ T8839] netlink: 20 bytes leftover after parsing attributes in process `syz.4.772'. [ 210.893832][ T8842] netlink: 20 bytes leftover after parsing attributes in process `syz.0.774'. [ 211.053944][ T8844] lo speed is unknown, defaulting to 1000 [ 211.087081][ T8844] lo speed is unknown, defaulting to 1000 [ 211.095462][ T8850] netlink: 12 bytes leftover after parsing attributes in process `syz.2.775'. [ 211.105509][ T8855] tipc: Enabling of bearer rejected, already enabled [ 211.127149][ T8844] lo speed is unknown, defaulting to 1000 [ 211.132044][ T8850] netlink: 12 bytes leftover after parsing attributes in process `syz.2.775'. [ 211.247916][ T8844] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 211.365058][ T8844] lo speed is unknown, defaulting to 1000 [ 211.391868][ T8844] lo speed is unknown, defaulting to 1000 [ 211.544266][ T8864] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.552188][ T8864] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.682683][ T8864] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 211.706807][ T8864] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 211.855428][ T8864] mac80211_hwsim hwsim2 wlan0: left promiscuous mode [ 211.874476][ T8864] veth3: left promiscuous mode [ 211.879703][ T8864] vlan2: left promiscuous mode [ 211.885959][ T8864] bond0: left promiscuous mode [ 211.890871][ T8864] bond_slave_0: left promiscuous mode [ 211.898272][ T8864] bond_slave_1: left promiscuous mode [ 211.904204][ T8864] vlan2: left allmulticast mode [ 211.909194][ T8864] bond0: left allmulticast mode [ 211.914519][ T8864] bond_slave_0: left allmulticast mode [ 211.920198][ T8864] bond_slave_1: left allmulticast mode [ 211.927621][ T8844] lo speed is unknown, defaulting to 1000 [ 212.008710][ T8881] netlink: 'syz.1.787': attribute type 8 has an invalid length. [ 212.150363][ T13] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.164901][ T3029] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.182937][ T8844] lo speed is unknown, defaulting to 1000 [ 212.228118][ T3029] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.272292][ T3029] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.315597][ T8844] lo speed is unknown, defaulting to 1000 [ 212.502592][ T8895] netlink: 248 bytes leftover after parsing attributes in process `syz.1.791'. [ 213.071233][ T8913] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 213.116489][ T8918] netlink: 'syz.2.801': attribute type 3 has an invalid length. [ 213.233124][ T8918] syz_tun: entered allmulticast mode [ 213.243456][ T8918] siw: device registration error -23 [ 213.254613][ T8918] tipc: Resetting bearer [ 213.269634][ T8918] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 213.322499][ T43] lo speed is unknown, defaulting to 1000 [ 213.332841][ T8915] syz_tun: left allmulticast mode [ 214.201694][ T8962] netlink: 'syz.3.815': attribute type 3 has an invalid length. [ 214.233029][ T8962] syz_tun: entered allmulticast mode [ 214.288028][ T8962] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 214.354194][ T8960] syz_tun: left allmulticast mode [ 214.376555][ T8966] tipc: Enabled bearer , priority 0 [ 214.385100][ T8966] syzkaller0: entered promiscuous mode [ 214.390610][ T8966] syzkaller0: entered allmulticast mode [ 214.425720][ T8966] tipc: Resetting bearer [ 214.491109][ T8963] tipc: Resetting bearer [ 214.570386][ T8963] tipc: Disabling bearer [ 214.714585][ T8983] netlink: 'syz.0.821': attribute type 3 has an invalid length. [ 214.753215][ T8983] syz_tun: entered allmulticast mode [ 214.789169][ T8983] siw: device registration error -23 [ 214.936456][ T8983] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.950539][ T8983] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.985034][ T8983] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 215.070169][ T8982] syz_tun: left allmulticast mode [ 216.165045][ T9021] netlink: 4 bytes leftover after parsing attributes in process `syz.2.836'. [ 216.166875][ T9020] netlink: 4 bytes leftover after parsing attributes in process `syz.2.836'. [ 216.251637][ T9024] ip6gre1: entered allmulticast mode [ 216.276544][ T9024] netlink: 20 bytes leftover after parsing attributes in process `syz.4.837'. [ 216.383525][ T9026] tipc: Enabled bearer , priority 0 [ 216.401941][ T9026] syzkaller0: entered promiscuous mode [ 216.419636][ T9026] syzkaller0: entered allmulticast mode [ 216.479598][ T9025] tipc: Resetting bearer [ 216.501505][ T9025] tipc: Disabling bearer [ 216.511162][ T9033] syz_tun: entered allmulticast mode [ 216.709788][ T9041] syz_tun: entered allmulticast mode [ 216.722987][ T9041] siw: device registration error -23 [ 216.743176][ T9041] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 216.779450][ T9040] syz_tun: left allmulticast mode [ 216.939369][ T9051] sit0: entered promiscuous mode [ 216.967048][ T9051] netlink: 'syz.0.849': attribute type 1 has an invalid length. [ 216.985779][ T9051] netlink: 1 bytes leftover after parsing attributes in process `syz.0.849'. [ 217.046436][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 217.046455][ T5874] Bluetooth: hci1: command 0x0406 tx timeout [ 217.046501][ T5874] Bluetooth: hci3: command 0x0406 tx timeout [ 217.312473][ T9031] syz_tun: left allmulticast mode [ 217.606178][ T9072] netlink: 4 bytes leftover after parsing attributes in process `syz.2.857'. [ 217.959659][ T9088] netlink: 'syz.2.859': attribute type 1 has an invalid length. [ 217.987951][ T9088] netlink: 228 bytes leftover after parsing attributes in process `syz.2.859'. [ 218.474001][ T9100] netlink: 72 bytes leftover after parsing attributes in process `syz.0.862'. [ 220.236454][ T9136] netlink: 'syz.1.873': attribute type 29 has an invalid length. [ 220.298458][ T9137] netlink: 'syz.1.873': attribute type 29 has an invalid length. [ 220.329351][ T9135] netlink: 'syz.1.873': attribute type 29 has an invalid length. [ 220.501975][ T9142] netlink: 4 bytes leftover after parsing attributes in process `syz.3.876'. [ 221.248062][ T9175] syz_tun: entered allmulticast mode [ 221.265975][ T9175] siw: device registration error -23 [ 221.423247][ T9175] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.442367][ T9175] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.467531][ T9175] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 221.477082][ T9188] netlink: 12 bytes leftover after parsing attributes in process `syz.0.890'. [ 221.493242][ T9188] netlink: 'syz.0.890': attribute type 2 has an invalid length. [ 221.497957][ T9186] syzkaller1: entered allmulticast mode [ 221.509709][ T9186] netlink: 'syz.4.891': attribute type 21 has an invalid length. [ 221.510046][ T9174] syz_tun: left allmulticast mode [ 221.521179][ T9186] netlink: 36 bytes leftover after parsing attributes in process `syz.4.891'. [ 221.543311][ T9186] lo speed is unknown, defaulting to 1000 [ 221.549538][ T9186] lo speed is unknown, defaulting to 1000 [ 221.557380][ T9186] lo speed is unknown, defaulting to 1000 [ 221.613373][ T9186] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 221.644319][ T9192] tipc: Enabling of bearer rejected, failed to enable media [ 221.697257][ T9186] lo speed is unknown, defaulting to 1000 [ 221.709776][ T9186] lo speed is unknown, defaulting to 1000 [ 221.727675][ T9186] lo speed is unknown, defaulting to 1000 [ 221.741083][ T9186] lo speed is unknown, defaulting to 1000 [ 221.753423][ T9186] lo speed is unknown, defaulting to 1000 [ 221.979761][ T9203] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 221.997058][ T5962] IPVS: starting estimator thread 0... [ 222.007503][ T9203] tipc: Failed to remove unknown binding: 66,1,1/4213721158:2747940895/2747940897 [ 222.027292][ T9203] tipc: Failed to remove unknown binding: 66,1,1/4213721158:2747940895/2747940897 [ 222.042129][ T9203] tipc: Failed to remove unknown binding: 66,1,1/4213721158:2747940895/2747940897 [ 222.059822][ T9203] netlink: 788 bytes leftover after parsing attributes in process `syz.1.897'. [ 222.103741][ T9207] IPVS: using max 30 ests per chain, 72000 per kthread [ 222.465920][ T9222] netlink: 12 bytes leftover after parsing attributes in process `syz.3.902'. [ 222.535143][ T9222] netlink: 'syz.3.902': attribute type 2 has an invalid length. [ 223.862857][ T9246] netlink: 'syz.2.910': attribute type 4 has an invalid length. [ 223.912808][ T9246] netlink: 14345 bytes leftover after parsing attributes in process `syz.2.910'. [ 224.237840][ T9260] FAULT_INJECTION: forcing a failure. [ 224.237840][ T9260] name failslab, interval 1, probability 0, space 0, times 0 [ 224.271564][ T9263] netlink: 12 bytes leftover after parsing attributes in process `syz.2.916'. [ 224.273390][ T9260] CPU: 1 UID: 0 PID: 9260 Comm: syz.0.915 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 224.273416][ T9260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 224.273427][ T9260] Call Trace: [ 224.273434][ T9260] [ 224.273443][ T9260] dump_stack_lvl+0x189/0x250 [ 224.273469][ T9260] ? __pfx____ratelimit+0x10/0x10 [ 224.273492][ T9260] ? __pfx_dump_stack_lvl+0x10/0x10 [ 224.273514][ T9260] ? __pfx__printk+0x10/0x10 [ 224.273546][ T9260] ? __pfx___might_resched+0x10/0x10 [ 224.273567][ T9260] ? fs_reclaim_acquire+0x7d/0x100 [ 224.273599][ T9260] should_fail_ex+0x414/0x560 [ 224.273625][ T9260] ? rhashtable_init_noprof+0x4ee/0xbb0 [ 224.273649][ T9260] should_failslab+0xa8/0x100 [ 224.273676][ T9260] __kvmalloc_node_noprof+0x161/0x5f0 [ 224.273701][ T9260] ? rhashtable_init_noprof+0x4ee/0xbb0 [ 224.273731][ T9260] rhashtable_init_noprof+0x4ee/0xbb0 [ 224.273764][ T9260] rhltable_init_noprof+0x1e/0x60 [ 224.273789][ T9260] nf_tables_newtable+0x68f/0x1890 [ 224.273838][ T9260] nfnetlink_rcv+0x112f/0x2520 [ 224.273900][ T9260] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 224.273937][ T9260] ? ref_tracker_free+0x63a/0x7d0 [ 224.273990][ T9260] ? __netlink_deliver_tap+0x807/0x850 [ 224.274013][ T9260] ? netlink_deliver_tap+0x2e/0x1b0 [ 224.274054][ T9260] netlink_unicast+0x82f/0x9e0 [ 224.274084][ T9260] ? __pfx_netlink_unicast+0x10/0x10 [ 224.274106][ T9260] ? netlink_sendmsg+0x642/0xb30 [ 224.274127][ T9260] ? skb_put+0x11b/0x210 [ 224.274155][ T9260] netlink_sendmsg+0x805/0xb30 [ 224.274188][ T9260] ? __pfx_netlink_sendmsg+0x10/0x10 [ 224.274214][ T9260] ? aa_sock_msg_perm+0xf1/0x1d0 [ 224.274242][ T9260] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 224.274261][ T9260] ? __pfx_netlink_sendmsg+0x10/0x10 [ 224.274285][ T9260] __sock_sendmsg+0x219/0x270 [ 224.274310][ T9260] ____sys_sendmsg+0x505/0x830 [ 224.274342][ T9260] ? __pfx_____sys_sendmsg+0x10/0x10 [ 224.274378][ T9260] ? import_iovec+0x74/0xa0 [ 224.274400][ T9260] ___sys_sendmsg+0x21f/0x2a0 [ 224.274429][ T9260] ? __pfx____sys_sendmsg+0x10/0x10 [ 224.274494][ T9260] ? __fget_files+0x2a/0x420 [ 224.274518][ T9260] ? __fget_files+0x3a0/0x420 [ 224.274556][ T9260] __x64_sys_sendmsg+0x19b/0x260 [ 224.274584][ T9260] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 224.274639][ T9260] ? __pfx_ksys_write+0x10/0x10 [ 224.274660][ T9260] ? rcu_is_watching+0x15/0xb0 [ 224.274685][ T9260] ? do_syscall_64+0xbe/0x3b0 [ 224.274712][ T9260] do_syscall_64+0xfa/0x3b0 [ 224.274733][ T9260] ? lockdep_hardirqs_on+0x9c/0x150 [ 224.274754][ T9260] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.274771][ T9260] ? clear_bhb_loop+0x60/0xb0 [ 224.274794][ T9260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.274811][ T9260] RIP: 0033:0x7ff52db8ebe9 [ 224.274829][ T9260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.274844][ T9260] RSP: 002b:00007ff52e9a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 224.274873][ T9260] RAX: ffffffffffffffda RBX: 00007ff52ddb5fa0 RCX: 00007ff52db8ebe9 [ 224.274887][ T9260] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003 [ 224.274899][ T9260] RBP: 00007ff52e9a7090 R08: 0000000000000000 R09: 0000000000000000 [ 224.274910][ T9260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 224.274921][ T9260] R13: 00007ff52ddb6038 R14: 00007ff52ddb5fa0 R15: 00007ffc6ce62618 [ 224.274952][ T9260] [ 224.649424][ T9263] netlink: 'syz.2.916': attribute type 2 has an invalid length. [ 224.698731][ T5950] IPVS: starting estimator thread 0... [ 224.730739][ T9276] syz_tun: entered allmulticast mode [ 224.732114][ T9272] workqueue: name exceeds WQ_NAME_LEN. Truncating to: žÀ^–>º>ùMv^µâ侦¸ÑKc'A¥»– [ 224.760931][ T9277] netlink: 48 bytes leftover after parsing attributes in process `syz.0.920'. [ 224.804064][ T9275] IPVS: using max 22 ests per chain, 52800 per kthread [ 224.910664][ T9274] netlink: 'syz.0.920': attribute type 1 has an invalid length. [ 224.937200][ T9274] netlink: 224 bytes leftover after parsing attributes in process `syz.0.920'. [ 225.141785][ T9290] netlink: 'syz.2.924': attribute type 1 has an invalid length. [ 225.242579][ T9290] bond1: entered promiscuous mode [ 225.250439][ T9290] 8021q: adding VLAN 0 to HW filter on device bond1 [ 225.318206][ T9296] bond1: (slave bridge3): making interface the new active one [ 225.349461][ T9296] bridge3: entered promiscuous mode [ 225.356589][ T9296] bond1: (slave bridge3): Enslaving as an active interface with an up link [ 225.484241][ T9268] syz_tun: left allmulticast mode [ 225.752705][ T9316] netlink: 12 bytes leftover after parsing attributes in process `syz.4.931'. [ 225.799610][ T9316] netlink: 'syz.4.931': attribute type 2 has an invalid length. [ 226.230771][ T9339] netlink: 4 bytes leftover after parsing attributes in process `syz.4.935'. [ 226.409629][ T9339] pim6reg: entered allmulticast mode [ 226.439101][ T9339] pim6reg: left allmulticast mode [ 227.406116][ T9363] tipc: Enabling of bearer rejected, already enabled [ 227.717328][ T9385] netlink: 12 bytes leftover after parsing attributes in process `syz.3.946'. [ 227.759732][ T9385] netlink: 'syz.3.946': attribute type 2 has an invalid length. [ 227.917670][ T9394] netlink: 'syz.1.950': attribute type 1 has an invalid length. [ 228.237687][ T9397] bond4: (slave geneve2): making interface the new active one [ 228.292983][ T9397] bond4: (slave geneve2): Enslaving as an active interface with an up link [ 228.330519][ T9414] IPv6: NLM_F_CREATE should be specified when creating new route [ 228.349507][ T9401] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 228.391235][ T1035] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20004 - 0 [ 228.422161][ T6015] lo speed is unknown, defaulting to 1000 [ 228.532813][ T1035] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20004 - 0 [ 228.560070][ T1035] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20004 - 0 [ 228.589427][ T1035] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20004 - 0 [ 228.859364][ T9429] FAULT_INJECTION: forcing a failure. [ 228.859364][ T9429] name failslab, interval 1, probability 0, space 0, times 0 [ 228.914526][ T9429] CPU: 0 UID: 0 PID: 9429 Comm: syz.4.958 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 228.914577][ T9429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 228.914589][ T9429] Call Trace: [ 228.914597][ T9429] [ 228.914606][ T9429] dump_stack_lvl+0x189/0x250 [ 228.914637][ T9429] ? __pfx____ratelimit+0x10/0x10 [ 228.914662][ T9429] ? __pfx_dump_stack_lvl+0x10/0x10 [ 228.914687][ T9429] ? __pfx__printk+0x10/0x10 [ 228.914718][ T9429] ? __pfx___might_resched+0x10/0x10 [ 228.914738][ T9429] ? fs_reclaim_acquire+0x7d/0x100 [ 228.914773][ T9429] should_fail_ex+0x414/0x560 [ 228.914803][ T9429] should_failslab+0xa8/0x100 [ 228.914834][ T9429] __kmalloc_noprof+0xcb/0x4f0 [ 228.914873][ T9429] ? tomoyo_encode+0x28b/0x550 [ 228.914908][ T9429] tomoyo_encode+0x28b/0x550 [ 228.914942][ T9429] tomoyo_realpath_from_path+0x58d/0x5d0 [ 228.914973][ T9429] ? tomoyo_domain+0xd9/0x130 [ 228.915008][ T9429] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 228.915032][ T9429] tomoyo_path_number_perm+0x1e8/0x5a0 [ 228.915059][ T9429] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 228.915087][ T9429] ? sb_end_write+0xe9/0x1c0 [ 228.915109][ T9429] ? vfs_write+0x8d8/0xa90 [ 228.915176][ T9429] ? ksys_write+0x1e1/0x250 [ 228.915209][ T9429] security_file_ioctl+0xcb/0x2d0 [ 228.915235][ T9429] __se_sys_ioctl+0x47/0x170 [ 228.915263][ T9429] do_syscall_64+0xfa/0x3b0 [ 228.915287][ T9429] ? lockdep_hardirqs_on+0x9c/0x150 [ 228.915310][ T9429] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.915330][ T9429] ? clear_bhb_loop+0x60/0xb0 [ 228.915354][ T9429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.915373][ T9429] RIP: 0033:0x7ff86cf8ebe9 [ 228.915391][ T9429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.915409][ T9429] RSP: 002b:00007ff86de0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 228.915432][ T9429] RAX: ffffffffffffffda RBX: 00007ff86d1b5fa0 RCX: 00007ff86cf8ebe9 [ 228.915446][ T9429] RDX: 0000000000000000 RSI: 0000000000008982 RDI: 0000000000000003 [ 228.915458][ T9429] RBP: 00007ff86de0e090 R08: 0000000000000000 R09: 0000000000000000 [ 228.915471][ T9429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.915483][ T9429] R13: 00007ff86d1b6038 R14: 00007ff86d1b5fa0 R15: 00007ffdb7d37568 [ 228.915517][ T9429] [ 228.915614][ T9429] ERROR: Out of memory at tomoyo_realpath_from_path. [ 228.994755][ T9434] tipc: Enabling of bearer rejected, failed to enable media [ 229.489610][ T9444] netlink: 12 bytes leftover after parsing attributes in process `syz.4.962'. [ 229.559650][ T9444] netlink: 'syz.4.962': attribute type 2 has an invalid length. [ 229.780526][ T9450] IPVS: sh: FWM 3 0x00000003 - no destination available [ 229.787843][ C1] IPVS: sh: FWM 3 0x00000003 - no destination available [ 229.832895][ T9450] lo speed is unknown, defaulting to 1000 [ 229.857145][ T9450] lo speed is unknown, defaulting to 1000 [ 230.210561][ T9461] netlink: 72 bytes leftover after parsing attributes in process `syz.0.969'. [ 230.423075][ T9447] netlink: 24 bytes leftover after parsing attributes in process `syz.3.963'. [ 231.000476][ T9472] siw: device registration error -23 [ 231.211682][ T9476] syz_tun: entered allmulticast mode [ 231.235362][ T9476] siw: device registration error -23 [ 231.296459][ T9476] sit0: left promiscuous mode [ 231.425363][ T9476] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 231.505736][ T9487] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 231.627726][ T9473] syz_tun: left allmulticast mode [ 232.041681][ T9508] syz_tun: entered allmulticast mode [ 232.077395][ T9510] netlink: 72 bytes leftover after parsing attributes in process `syz.2.984'. [ 232.089866][ T9508] siw: device registration error -23 [ 232.131590][ T9508] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 232.160225][ T9512] syz_tun: entered allmulticast mode [ 232.188665][ T9502] syz_tun: left allmulticast mode [ 232.194534][ T9512] siw: device registration error -23 [ 232.752326][ T9512] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 232.776318][ T9527] siw: device registration error -23 [ 232.805996][ T9525] syz_tun: entered allmulticast mode [ 232.915470][ T9521] syz_tun: left allmulticast mode [ 232.946768][ T9511] syz_tun: left allmulticast mode [ 233.114062][ T30] audit: type=1800 audit(1755156463.804:2): pid=9533 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.992" name=CB dev="tmpfs" ino=990 res=0 errno=0 [ 233.172861][ T9536] IPVS: sh: FWM 3 0x00000003 - no destination available [ 233.291055][ T9540] sctp: [Deprecated]: syz.2.995 (pid 9540) Use of struct sctp_assoc_value in delayed_ack socket option. [ 233.291055][ T9540] Use struct sctp_sack_info instead [ 233.412854][ T9544] sctp: [Deprecated]: syz.2.995 (pid 9544) Use of struct sctp_assoc_value in delayed_ack socket option. [ 233.412854][ T9544] Use struct sctp_sack_info instead [ 233.427647][ T9553] netlink: 12 bytes leftover after parsing attributes in process `syz.0.998'. [ 233.477408][ T9553] netlink: 'syz.0.998': attribute type 2 has an invalid length. [ 234.197847][ T9579] syz_tun: entered allmulticast mode [ 234.208357][ T9579] siw: device registration error -23 [ 234.239337][ T9579] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 234.312289][ T9581] sctp: [Deprecated]: syz.1.1010 (pid 9581) Use of struct sctp_assoc_value in delayed_ack socket option. [ 234.312289][ T9581] Use struct sctp_sack_info instead [ 234.342934][ T9581] sctp: [Deprecated]: syz.1.1010 (pid 9581) Use of struct sctp_assoc_value in delayed_ack socket option. [ 234.342934][ T9581] Use struct sctp_sack_info instead [ 234.366564][ T9577] syz_tun: left allmulticast mode [ 234.399488][ T9586] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1012'. [ 234.637165][ T9593] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1015'. [ 234.700024][ T9593] dummy0: entered promiscuous mode [ 234.769557][ T9593] bridge3: port 1(macvlan2) entered blocking state [ 234.795212][ T9593] bridge3: port 1(macvlan2) entered disabled state [ 234.811757][ T9593] macvlan2: entered allmulticast mode [ 234.818140][ T9593] dummy0: entered allmulticast mode [ 234.827786][ T9593] macvlan2: entered promiscuous mode [ 234.840463][ T9593] bridge3: port 1(macvlan2) entered blocking state [ 234.847608][ T9593] bridge3: port 1(macvlan2) entered forwarding state [ 234.990591][ T9611] FAULT_INJECTION: forcing a failure. [ 234.990591][ T9611] name failslab, interval 1, probability 0, space 0, times 0 [ 235.031719][ T9611] CPU: 0 UID: 0 PID: 9611 Comm: syz.4.1021 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 235.031751][ T9611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 235.031762][ T9611] Call Trace: [ 235.031771][ T9611] [ 235.031780][ T9611] dump_stack_lvl+0x189/0x250 [ 235.031811][ T9611] ? __pfx____ratelimit+0x10/0x10 [ 235.031837][ T9611] ? __pfx_dump_stack_lvl+0x10/0x10 [ 235.031859][ T9611] ? __pfx__printk+0x10/0x10 [ 235.031882][ T9611] ? nfnetlink_rcv+0x26a/0x2520 [ 235.031909][ T9611] ? ____sys_sendmsg+0x505/0x830 [ 235.031935][ T9611] ? __x64_sys_sendmsg+0x19b/0x260 [ 235.031974][ T9611] should_fail_ex+0x414/0x560 [ 235.032001][ T9611] should_failslab+0xa8/0x100 [ 235.032031][ T9611] kmem_cache_alloc_noprof+0x73/0x3c0 [ 235.032055][ T9611] ? skb_clone+0x212/0x3a0 [ 235.032077][ T9611] skb_clone+0x212/0x3a0 [ 235.032099][ T9611] __netlink_deliver_tap+0x404/0x850 [ 235.032139][ T9611] ? netlink_deliver_tap+0x2e/0x1b0 [ 235.032164][ T9611] netlink_deliver_tap+0x19c/0x1b0 [ 235.032190][ T9611] netlink_sendskb+0x68/0x140 [ 235.032214][ T9611] netlink_unicast+0x397/0x9e0 [ 235.032232][ T9611] ? __asan_memcpy+0x40/0x70 [ 235.032263][ T9611] ? __pfx_netlink_unicast+0x10/0x10 [ 235.032296][ T9611] netlink_rcv_skb+0x28c/0x470 [ 235.032321][ T9611] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 235.032345][ T9611] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 235.032382][ T9611] ? bpf_lsm_capable+0x9/0x20 [ 235.032406][ T9611] ? security_capable+0x7e/0x2e0 [ 235.032439][ T9611] nfnetlink_rcv+0x26a/0x2520 [ 235.032464][ T9611] ? __dev_queue_xmit+0x1d79/0x3b50 [ 235.032494][ T9611] ? __dev_queue_xmit+0x27b/0x3b50 [ 235.032536][ T9611] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 235.032558][ T9611] ? __pfx___dev_queue_xmit+0x10/0x10 [ 235.032596][ T9611] ? ref_tracker_free+0x63a/0x7d0 [ 235.032621][ T9611] ? __asan_memcpy+0x40/0x70 [ 235.032642][ T9611] ? __pfx_ref_tracker_free+0x10/0x10 [ 235.032687][ T9611] ? skb_clone+0x246/0x3a0 [ 235.032710][ T9611] ? __netlink_deliver_tap+0x807/0x850 [ 235.032735][ T9611] ? netlink_deliver_tap+0x2e/0x1b0 [ 235.032767][ T9611] ? netlink_deliver_tap+0x2e/0x1b0 [ 235.032802][ T9611] netlink_unicast+0x82f/0x9e0 [ 235.032836][ T9611] ? __pfx_netlink_unicast+0x10/0x10 [ 235.032862][ T9611] ? netlink_sendmsg+0x642/0xb30 [ 235.032885][ T9611] ? skb_put+0x11b/0x210 [ 235.032917][ T9611] netlink_sendmsg+0x805/0xb30 [ 235.032955][ T9611] ? __pfx_netlink_sendmsg+0x10/0x10 [ 235.032985][ T9611] ? aa_sock_msg_perm+0xf1/0x1d0 [ 235.033015][ T9611] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 235.033036][ T9611] ? __pfx_netlink_sendmsg+0x10/0x10 [ 235.033064][ T9611] __sock_sendmsg+0x219/0x270 [ 235.033091][ T9611] ____sys_sendmsg+0x505/0x830 [ 235.033127][ T9611] ? __pfx_____sys_sendmsg+0x10/0x10 [ 235.033169][ T9611] ? import_iovec+0x74/0xa0 [ 235.033193][ T9611] ___sys_sendmsg+0x21f/0x2a0 [ 235.033225][ T9611] ? __pfx____sys_sendmsg+0x10/0x10 [ 235.033301][ T9611] ? __fget_files+0x2a/0x420 [ 235.033329][ T9611] ? __fget_files+0x3a0/0x420 [ 235.033371][ T9611] __x64_sys_sendmsg+0x19b/0x260 [ 235.033404][ T9611] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 235.033446][ T9611] ? __pfx_ksys_write+0x10/0x10 [ 235.033468][ T9611] ? rcu_is_watching+0x15/0xb0 [ 235.033496][ T9611] ? do_syscall_64+0xbe/0x3b0 [ 235.033535][ T9611] do_syscall_64+0xfa/0x3b0 [ 235.033556][ T9611] ? lockdep_hardirqs_on+0x9c/0x150 [ 235.033579][ T9611] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.033598][ T9611] ? clear_bhb_loop+0x60/0xb0 [ 235.033624][ T9611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.033643][ T9611] RIP: 0033:0x7ff86cf8ebe9 [ 235.033663][ T9611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.033681][ T9611] RSP: 002b:00007ff86de0e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 235.033704][ T9611] RAX: ffffffffffffffda RBX: 00007ff86d1b5fa0 RCX: 00007ff86cf8ebe9 [ 235.033719][ T9611] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 235.033732][ T9611] RBP: 00007ff86de0e090 R08: 0000000000000000 R09: 0000000000000000 [ 235.033745][ T9611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 235.033757][ T9611] R13: 00007ff86d1b6038 R14: 00007ff86d1b5fa0 R15: 00007ffdb7d37568 [ 235.033792][ T9611] [ 235.620419][ T9616] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 235.628434][ T9616] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 235.636398][ T9616] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 235.644322][ T9616] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 235.652320][ T9616] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 235.660296][ T9616] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 235.668367][ T9616] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 235.676316][ T9616] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 235.684249][ T9616] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 235.741856][ T9621] syz_tun: entered allmulticast mode [ 235.750796][ T9621] siw: device registration error -23 [ 235.784910][ T9619] syz_tun: left allmulticast mode [ 236.089635][ T9631] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 236.211110][ T9638] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1031'. [ 236.658651][ T9657] syz_tun: entered allmulticast mode [ 236.691155][ T9657] siw: device registration error -23 [ 236.709871][ T9660] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1036'. [ 236.800172][ T9662] netlink: 'syz.3.1036': attribute type 16 has an invalid length. [ 236.801856][ T9660] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.838996][ T9662] netlink: 64138 bytes leftover after parsing attributes in process `syz.3.1036'. [ 236.891522][ T9660] bond0: (slave rose0): Enslaving as an active interface with an up link [ 236.907289][ T9654] syz_tun: left allmulticast mode [ 237.015327][ T9666] syz_tun: entered allmulticast mode [ 237.066798][ T9666] siw: device registration error -23 [ 237.098388][ T9666] tipc: Resetting bearer [ 237.168096][ T9665] syz_tun: left allmulticast mode [ 237.188214][ T9676] FAULT_INJECTION: forcing a failure. [ 237.188214][ T9676] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 237.226741][ T9676] CPU: 0 UID: 0 PID: 9676 Comm: syz.3.1041 Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 237.226772][ T9676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 237.226784][ T9676] Call Trace: [ 237.226801][ T9676] [ 237.226810][ T9676] dump_stack_lvl+0x189/0x250 [ 237.226839][ T9676] ? __pfx____ratelimit+0x10/0x10 [ 237.226862][ T9676] ? __pfx_dump_stack_lvl+0x10/0x10 [ 237.226884][ T9676] ? __pfx__printk+0x10/0x10 [ 237.226912][ T9676] ? __might_fault+0xb0/0x130 [ 237.226951][ T9676] should_fail_ex+0x414/0x560 [ 237.226980][ T9676] _copy_from_user+0x2d/0xb0 [ 237.226999][ T9676] generic_map_update_batch+0x51b/0x7f0 [ 237.227036][ T9676] ? __pfx_generic_map_update_batch+0x10/0x10 [ 237.227056][ T9676] ? __fget_files+0x2a/0x420 [ 237.227093][ T9676] ? __pfx_generic_map_update_batch+0x10/0x10 [ 237.227113][ T9676] bpf_map_do_batch+0x369/0x5f0 [ 237.227147][ T9676] __sys_bpf+0x6af/0x870 [ 237.227175][ T9676] ? __pfx___sys_bpf+0x10/0x10 [ 237.227213][ T9676] ? ksys_write+0x22a/0x250 [ 237.227242][ T9676] ? __pfx_ksys_write+0x10/0x10 [ 237.227264][ T9676] ? rcu_is_watching+0x15/0xb0 [ 237.227292][ T9676] __x64_sys_bpf+0x7c/0x90 [ 237.227317][ T9676] do_syscall_64+0xfa/0x3b0 [ 237.227340][ T9676] ? lockdep_hardirqs_on+0x9c/0x150 [ 237.227363][ T9676] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.227382][ T9676] ? clear_bhb_loop+0x60/0xb0 [ 237.227405][ T9676] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.227424][ T9676] RIP: 0033:0x7f6a08d8ebe9 [ 237.227443][ T9676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.227461][ T9676] RSP: 002b:00007f6a09b2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 237.227483][ T9676] RAX: ffffffffffffffda RBX: 00007f6a08fb5fa0 RCX: 00007f6a08d8ebe9 [ 237.227497][ T9676] RDX: 0000000000000038 RSI: 0000200000000200 RDI: 000000000000001a [ 237.227510][ T9676] RBP: 00007f6a09b2f090 R08: 0000000000000000 R09: 0000000000000000 [ 237.227523][ T9676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 237.227534][ T9676] R13: 00007f6a08fb6038 R14: 00007f6a08fb5fa0 R15: 00007ffef62c2ec8 [ 237.227566][ T9676] [ 237.529047][ T9682] tipc: Enabling of bearer rejected, failed to enable media [ 255.939031][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.379174][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.814942][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 392.884226][ T31] INFO: task syz.1.1038:9663 blocked for more than 143 seconds. [ 392.891982][ T31] Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 [ 393.023791][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 393.032520][ T31] task:syz.1.1038 state:D stack:25096 pid:9663 tgid:9663 ppid:5870 task_flags:0x400040 flags:0x00004002 [ 393.234271][ T31] Call Trace: [ 393.237619][ T31] [ 393.240586][ T31] __schedule+0x1798/0x4cc0 [ 393.354323][ T31] ? stack_trace_save+0x9c/0xe0 [ 393.359269][ T31] ? __lock_acquire+0xab9/0xd20 [ 393.434088][ T31] ? __lock_acquire+0xab9/0xd20 [ 393.439012][ T31] ? __pfx___schedule+0x10/0x10 [ 393.543973][ T31] ? schedule+0x91/0x360 [ 393.548343][ T31] schedule+0x165/0x360 [ 393.552532][ T31] schedule_preempt_disabled+0x13/0x30 [ 393.691136][ T31] __mutex_lock+0x7e6/0x1360 [ 393.744258][ T31] ? __mutex_lock+0x5b6/0x1360 [ 393.749126][ T31] ? pipe_release+0x48/0x330 [ 393.844000][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 393.849216][ T31] pipe_release+0x48/0x330 [ 393.943973][ T31] ? __pfx_pipe_release+0x10/0x10 [ 393.949098][ T31] __fput+0x44c/0xa70 [ 393.953126][ T31] task_work_run+0x1d4/0x260 [ 394.084250][ T31] ? __pfx_task_work_run+0x10/0x10 [ 394.089452][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 394.203941][ T31] exit_to_user_mode_loop+0xec/0x110 [ 394.209326][ T31] do_syscall_64+0x2bd/0x3b0 [ 394.314325][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 394.319608][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.414270][ T31] ? clear_bhb_loop+0x60/0xb0 [ 394.419039][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.514029][ T31] RIP: 0033:0x7f91fdf8ebe9 [ 394.518604][ T31] RSP: 002b:00007ffe3b730468 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 394.654058][ T31] RAX: 0000000000000000 RBX: 00007f91fe1b7da0 RCX: 00007f91fdf8ebe9 [ 394.662199][ T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 394.834026][ T31] RBP: 00007f91fe1b7da0 R08: 0000000000018fcc R09: 0000001d3b73075f [ 394.842155][ T31] R10: 00007f91fe1b7cb0 R11: 0000000000000246 R12: 000000000003a04c [ 395.004320][ T31] R13: 00007f91fe1b5fa0 R14: ffffffffffffffff R15: 00007ffe3b730580 [ 395.012385][ T31] [ 395.114252][ T31] [ 395.114252][ T31] Showing all locks held in the system: [ 395.122030][ T31] 1 lock held by khungtaskd/31: [ 395.254001][ T31] #0: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 395.353623][ T31] 2 locks held by kworker/1:2/121: [ 395.358884][ T31] 1 lock held by udevd/5233: [ 395.454238][ T31] 2 locks held by getty/5622: [ 395.458978][ T31] #0: ffff88803420a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 395.604592][ T31] #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 395.704012][ T31] 1 lock held by sshd-session/5849: [ 395.709365][ T31] 1 lock held by syz-executor/5850: [ 395.824164][ T31] 1 lock held by syz-executor/5875: [ 395.829521][ T31] 1 lock held by syz.1.1038/9663: [ 395.944009][ T31] #0: ffff888030860c68 (&pipe->mutex){+.+.}-{4:4}, at: pipe_release+0x48/0x330 [ 395.953165][ T31] 1 lock held by syz.1.1038/9668: [ 396.084427][ T31] #0: ffff888030860c68 (&pipe->mutex){+.+.}-{4:4}, at: splice_file_to_pipe+0x2e/0x440 [ 396.184026][ T31] 1 lock held by syz.3.1044/9688: [ 396.189106][ T31] 1 lock held by syz.3.1044/9691: [ 396.294322][ T31] 1 lock held by syz.3.1044/9697: [ 396.299424][ T31] 2 locks held by dhcpcd-run-hook/9695: [ 396.404000][ T31] 1 lock held by syz-executor/9696: [ 396.484092][ T31] [ 396.486463][ T31] ============================================= [ 396.486463][ T31] [ 396.603972][ T31] NMI backtrace for cpu 0 [ 396.603996][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 396.604030][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 396.604042][ T31] Call Trace: [ 396.604049][ T31] [ 396.604058][ T31] dump_stack_lvl+0x189/0x250 [ 396.604091][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 396.604115][ T31] ? __pfx__printk+0x10/0x10 [ 396.604156][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 396.604180][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 396.604203][ T31] ? __pfx__printk+0x10/0x10 [ 396.604236][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 396.604267][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 396.604291][ T31] watchdog+0xf93/0xfe0 [ 396.604325][ T31] ? watchdog+0x1de/0xfe0 [ 396.604358][ T31] kthread+0x70e/0x8a0 [ 396.604387][ T31] ? __pfx_watchdog+0x10/0x10 [ 396.604412][ T31] ? __pfx_kthread+0x10/0x10 [ 396.604439][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 396.604460][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 396.604482][ T31] ? __pfx_kthread+0x10/0x10 [ 396.604508][ T31] ret_from_fork+0x3fc/0x770 [ 396.604531][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 396.604558][ T31] ? __switch_to_asm+0x39/0x70 [ 396.604582][ T31] ? __switch_to_asm+0x33/0x70 [ 396.604605][ T31] ? __pfx_kthread+0x10/0x10 [ 396.604630][ T31] ret_from_fork_asm+0x1a/0x30 [ 396.604673][ T31] [ 396.604681][ T31] Sending NMI from CPU 0 to CPUs 1: [ 396.762315][ C1] NMI backtrace for cpu 1 [ 396.762335][ C1] CPU: 1 UID: 0 PID: 9661 Comm: dhcpcd-run-hook Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 396.762362][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 396.762371][ C1] RIP: 0010:should_fail_usercopy+0x9/0x20 [ 396.762395][ C1] Code: fd eb a9 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa e8 97 0a c3 fc 01 00 00 00 48 c7 c7 60 89 8d 8e e9 f6 ed ff ff cc cc cc cc cc [ 396.762409][ C1] RSP: 0018:ffffc9000400fc98 EFLAGS: 00000293 [ 396.762425][ C1] RAX: ffffffff84fca119 RBX: 00000000000000c0 RCX: ffff8880644e8000 [ 396.762437][ C1] RDX: 0000000000000000 RSI: ffffffff8dba39e3 RDI: ffffffff8be32680 [ 396.762448][ C1] RBP: ffffc9000400fee0 R08: 0000000000000000 R09: ffffffff820b7950 [ 396.762459][ C1] R10: ffffc9000400fd20 R11: fffff52000801fc4 R12: ffffc9000400fd20 [ 396.762470][ C1] R13: 1ffff92000801ffe R14: ffffc9000400fd20 R15: 00007ffe9dc22768 [ 396.762482][ C1] FS: 00007fe8a1790c80(0000) GS:ffff888125d21000(0000) knlGS:0000000000000000 [ 396.762496][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 396.762507][ C1] CR2: 00007f6a08fb6098 CR3: 0000000056796000 CR4: 00000000003526f0 [ 396.762522][ C1] Call Trace: [ 396.762528][ C1] [ 396.762534][ C1] _copy_from_user+0x2d/0xb0 [ 396.762551][ C1] __ia32_sys_rt_sigreturn+0x228/0x7b0 [ 396.762578][ C1] ? __pfx___ia32_sys_rt_sigreturn+0x10/0x10 [ 396.762616][ C1] ? rcu_is_watching+0x15/0xb0 [ 396.762631][ C1] ? trace_sys_enter+0x25/0x100 [ 396.762655][ C1] do_syscall_64+0xfa/0x3b0 [ 396.762675][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 396.762691][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 396.762706][ C1] ? clear_bhb_loop+0x60/0xb0 [ 396.762722][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 396.762737][ C1] RIP: 0033:0x7fe8a1898189 [ 396.762750][ C1] Code: 16 00 00 00 eb de 66 2e 0f 1f 84 00 00 00 00 00 90 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec d0 00 00 00 49 89 d0 48 85 f6 0f 84 [ 396.762762][ C1] RSP: 002b:00007ffe9dc22740 EFLAGS: 00000246 ORIG_RAX: 000000000000000f [ 396.762778][ C1] RAX: ffffffffffffffda RBX: 00007ffe9dc22d08 RCX: 00007fe8a1898189 [ 396.762789][ C1] RDX: 00007ffe9dc22740 RSI: 00007ffe9dc22870 RDI: 0000000000000011 [ 396.762799][ C1] RBP: 00000000000025df R08: 00007fe8a1a2bb60 R09: 0000000000000000 [ 396.762809][ C1] R10: 0000000000000008 R11: 0000000000000246 R12: 000055a4c5c90290 [ 396.762819][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 396.762836][ C1] [ 397.303624][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 397.310556][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller-12122-g3b5ca25ecfa8 #0 PREEMPT(full) [ 397.322210][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 397.332289][ T31] Call Trace: [ 397.335581][ T31] [ 397.338536][ T31] dump_stack_lvl+0x99/0x250 [ 397.343253][ T31] ? __asan_memcpy+0x40/0x70 [ 397.347854][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 397.353155][ T31] ? __pfx__printk+0x10/0x10 [ 397.357766][ T31] vpanic+0x281/0x750 [ 397.361758][ T31] ? __pfx_vpanic+0x10/0x10 [ 397.366329][ T31] ? preempt_schedule+0xae/0xc0 [ 397.371208][ T31] ? preempt_schedule_common+0x83/0xd0 [ 397.376700][ T31] panic+0xb9/0xc0 [ 397.380438][ T31] ? __pfx_panic+0x10/0x10 [ 397.384948][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 397.390426][ T31] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 397.396584][ T31] watchdog+0xfd2/0xfe0 [ 397.400849][ T31] ? watchdog+0x1de/0xfe0 [ 397.405198][ T31] kthread+0x70e/0x8a0 [ 397.409280][ T31] ? __pfx_watchdog+0x10/0x10 [ 397.413968][ T31] ? __pfx_kthread+0x10/0x10 [ 397.418588][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 397.423880][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 397.429171][ T31] ? __pfx_kthread+0x10/0x10 [ 397.433771][ T31] ret_from_fork+0x3fc/0x770 [ 397.438387][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 397.443604][ T31] ? __switch_to_asm+0x39/0x70 [ 397.448468][ T31] ? __switch_to_asm+0x33/0x70 [ 397.453259][ T31] ? __pfx_kthread+0x10/0x10 [ 397.457854][ T31] ret_from_fork_asm+0x1a/0x30 [ 397.462638][ T31] [ 397.465908][ T31] Kernel Offset: disabled [ 397.470251][ T31] Rebooting in 86400 seconds..