last executing test programs: 2.493467856s ago: executing program 3 (id=14526): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x33fe0}], 0x1}, 0x0) sendmsg$inet(r1, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) 2.48301177s ago: executing program 1 (id=14528): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2.467060353s ago: executing program 0 (id=14529): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000000000000000000185000000750000009500"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 2.364510517s ago: executing program 0 (id=14530): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x1}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @link_local}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r3}, 0x10) close(r0) 2.363680273s ago: executing program 4 (id=14531): r0 = socket$kcm(0x2, 0x3, 0x84) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x80}}, 0x0) sendmsg$inet(r0, &(0x7f0000001000)={&(0x7f0000000080)={0x2, 0x29, @multicast2}, 0x10, &(0x7f0000000940)=[{&(0x7f0000001040)="5346f7f875528ef24043c68e0418", 0xe}], 0x1, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x14}, @loopback}}}], 0x20}, 0x4) 2.309796495s ago: executing program 3 (id=14532): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x18) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) sendmsg$sock(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@timestamping={{0x14, 0x1, 0x25, 0x2}}], 0x18}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x6, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x80, 0x0, 0x0, 0x41000, 0x30, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={r2}) 2.308711007s ago: executing program 1 (id=14534): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000028c0), 0x20a40, 0x0) close(r4) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f00000006c0)) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 2.243648492s ago: executing program 4 (id=14535): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001004900000001"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r4, &(0x7f0000002700)={0x0, 0x0, 0x0}, 0x0) recvmsg(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0) 2.197159888s ago: executing program 2 (id=14536): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2, 0x3000000}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x78) 2.196864514s ago: executing program 3 (id=14537): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xd, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x89f0, 0x0) 2.079012334s ago: executing program 0 (id=14538): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000001007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x28000, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff4) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$TUNSETOFFLOAD(r3, 0x4004743d, 0x110e22fff6) write$cgroup_type(r3, &(0x7f0000000280), 0xfffffeed) 2.078625174s ago: executing program 2 (id=14539): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200001400ffd9b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in=@rand_addr=0x64010102, 0x0, 0x2, 0x0, 0x0, 0xa}, 0x4}, [@migrate={0x50, 0x11, [{@in=@local, @in=@broadcast, @in=@multicast2, @in6=@local, 0x3c, 0x4, 0x0, 0x2, 0xa, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 2.063120963s ago: executing program 3 (id=14540): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='dctcp\x00', 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, 0x0, 0x0, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 1.998872548s ago: executing program 2 (id=14541): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000002c0)={'rose0\x00', 0x112}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400}) 1.246588672s ago: executing program 4 (id=14542): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x14000004) 1.223972207s ago: executing program 4 (id=14543): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b706000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'pim6reg1\x00', 0x2}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r3}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @broadcast}) 1.156839998s ago: executing program 3 (id=14544): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000004b80)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000400)="3bcbdb0fcfa026557d2ea2b0fa34b7b3ddf4e60fe678186210e935989ea66d3c5479ca82428e90b96b3635a98e39939ef5109511d949224164c044f18fb4d64db5c0404f01b99fba50263ee03e82a28fcd751660b0cab68a62a8b6eac29946c988fc747092d35e9352d8442feece96b4ee481cf95a8feb6ec3d6e5cff03f59eb97136d7cb400c1d0ed4ed9b83090abb113aa4e9260695700"/166, 0xa6}, {&(0x7f0000000980)="742f311a83a225186454bcfd09e48b60d703de616d0e6f11523b39000158bc", 0x1f}, {&(0x7f0000000740)="9030d4958e56e924c194dcc40c17c8be76408b1f8d00818355a400b1025876b70f7cea389d895a81f4f217a265d32410a0ce7339f005ec3cfabf3dc682ccc242b8c74ca222fbb248cc4bcb7818dfdcecf71a9923b0c20ab63efd6c12346d4b178dae4cd036ffff6542f27a89d2f3a166fa4abf2665bb135d474aed250ce1cfcbc2b776e5c88501dfc3014f363b2bfe57bf1120dfe198815a0e37372b7f6149fb66a7ea2dff1d9d4d85b5dc9a8c23b7b10c9b048683e9550b214263ef6142a960c0e52a5e03f360cf93c8cfea19ff56d9194b906300", 0xd5}, {&(0x7f0000000840)="b442cf36dd4bfd4f879e4769a8b3c1724652b1c2ed412e9481f6200321884c17f0a4c6b0f51fad1797741762a6c6422534e716e47dc9ae3eaadd3dd229927202b1c0573450c70729d305133d1776eeb23a87acca3932ad500dec91a43c8a7df2945ca608ec0c263558eef1442ca9dc3d787c4eed766f4255d86429ac", 0x7c}, {&(0x7f0000000a40)="0898a9ff58569147df85d037ebab693ae4534e345819a36057f93dca8f4545225f63b7c9373108b956f22be214ba0691013c17a166345e5a3cf5ec0bf7d6a407d9d73923a5f79b19e03eb13201333cc831da86bcab2d095b5c9d9d7d80a147186a4610b98845b9694ca62db2a12c63fd6785c8737037109ba5b3d5d766b15ddba4fdeaa223b2a6d46c2f950e78f214b7dbe9c9aafe7176fb56c9ba66d51294cdc1113a7f850f339b87396a0a8ec8c61e4b4876d2ccf1c41942a85784cc00fd97ac617aaa53b955417db1fbe337ae45d2", 0xd0}], 0x5}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000300)="1c2789bd018bf77308ae7ed990e4b63b8cf1cf4ae822f1f84abd5420339c722aa7f6d87f5926c484455c67b7a9259ac3f36154b6526320d83fe72e5f5370550de0307d8ad13d192e7d5c14f8b2367b1db7dbe02629646be253b07a1245dce1a721576750f3f592ce4ac96010bf3ce1d9ee389c83a39827b4d9f231ad23f382e2f3d86880015b84a6d3740029d6ffbbf61ae415dc51a6ebd3010000000000008067a9e4abdbbe90455d28993254ab9fa2c5d561ee000000000000000000", 0xbd}, {&(0x7f0000000640)="52f8380baae8e668551434e8e52993134696bf3c1070a44f8ceb3f19887414681b93293f0d2708000000a3d8cd2f44c13665c2b7b19ccc306f2564a04b723aca127f75146ebd099961bb5e6fbbd1b0565354e7a8f71134ab7e87ffe3ff2bc0eaed9485be7a3a004cc22c2d22c782bba426367b93ee2c699f89f97a186b3150c8e2584abae470fbda592a19cdb1712dcf558ff0b2bf908973c3ff49bf0effe80a596908e38ab9193c20b606c490819889722944eed829c7c2da45d09c470dcdb93356afd2be7ad8", 0xc7}], 0x2}}], 0x2, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 319.178284ms ago: executing program 1 (id=14545): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610414000000000095"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) 318.852008ms ago: executing program 0 (id=14546): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000061000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0x44, 0x0, &(0x7f0000002100)="b9ff03076003008cb89e08f086ddd599887f97855c74cb51504184c6ce4d4f4389ed0d32fe1dc0ee47f2ee84c01e1b6effbf3ab77d9ecba89a76b0d9844eeb8eeb4f6d91", 0x0, 0xfe7, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x34) 318.333466ms ago: executing program 2 (id=14547): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x1, 0x28}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x18) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x19, 0x4, 0x4, 0x1ffff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) 291.729804ms ago: executing program 1 (id=14548): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}, [@call={0x85, 0x0, 0x0, 0x7}]}, 0x0, 0x2}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x88d}}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xb, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 254.504168ms ago: executing program 3 (id=14549): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001500)=ANY=[@ANYBLOB="b702000010000000bfa300000000000007030000f0ffffff7a0af0ff0000000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b2314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8dd63d4b77b206000000000000e254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f3813e2c25a61ec45c3af9948f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469600241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c12e28ef97d9ebd9c77f1774cf4683c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f011000000f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497a6103876843ee04ed9ff002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd1304202274f20675eb781925440578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b96508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e25c89b552d7fcd116bce9c764c714c9402c21d1aac59efb28d4f91652f6000000000000000320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a575939206d0c0f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000ff0ffd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8000000edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db76cf059f40fa2640b6bfb74dd35391b8fa18479da9f4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847db97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ccfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000000000000000000003ba34b611569a451564d3a5400f9097ffe7a37e765be352be71ee24250d6828562c7e24cb763062d6000c409de6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d148a846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89a0000bde05c114e7a020fc1a5fd3eeeb822008b2d7d1cc062b51b0aca4956b557e51a1385cc572b0074b0950fb1437de2590bf99ec7ceb69e1fe2465fce099c992d57b804a22e148ae3411523814aee03ee2df877edfabf4aa94f07c6fdd127e57a8bf7975f2e606c25a299980a6e52fcf7849d45bb38573fbba8afef1aa7a24c805f7aee3e39a3000000000000000000000000000000000000878f88c4742ac490951c36c610a0d266588ec6a0bd300cf160b5a5d9e9fafa49ecc8430832d795e727b7fc2b76e7fc4141fdbb82f45d3cdd3fb8d4b443ab4954fdf5c1b9a6ab3e457f098329307ccb0a1989b6c37509692e952e7244f48bc12569ff8eb30d0f887b85b5ef44fb9a7571319190be0c226ed72f346cc4aa071ae0c72fa8bd00d5590c4f4ba65d0c8e1f4870fe3c414681e41b40163eb1aa2a7429a2208cd6e69c7d959e87da3fd0101159a03ab7fe78881ee7a1ee7a2edff75fb18a181e0c54352be2b7a5b5273198291c28d9141deeb3cdba5d414ae4b0000000000000000000000000009eacd83458d8a606be71970497a4fd4ca3b48ca482ab3804e2fac216b3ba613608b1a465456a33fd08491d337d7344c01cfc9e73"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r0, 0xc0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe3b, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)={r2}, 0x4) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x2f00020b, 0x822, 0x2f000000, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 199.155173ms ago: executing program 4 (id=14550): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x74, 0x74, 0x2, [@var, @func_proto={0x0, 0x5, 0x0, 0xd, 0x0, [{}, {0x2}, {}, {}, {}]}, @fwd, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x6}]}}, 0x0, 0x8e}, 0x28) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x7, &(0x7f00000006c0)=@framed={{}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @exit, @exit, @jmp={0x5, 0x0, 0x9, 0x7, 0x9, 0x100, 0x1}]}, &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0xffffffff}, 0x10}, 0x94) 198.741681ms ago: executing program 0 (id=14551): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) r3 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000400)="89000000120081ae08060cdc03a6000000000004000000006ee2ffca1b1f0000000004c00e72f750375ed08a563319bf9ed720000000d6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100002400d0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x8000) 174.485107ms ago: executing program 1 (id=14552): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) 147.105707ms ago: executing program 2 (id=14553): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x14000004) 59.076414ms ago: executing program 4 (id=14554): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='dctcp\x00', 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, 0x0, 0x0, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 43.138917ms ago: executing program 1 (id=14555): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) 988.914µs ago: executing program 2 (id=14556): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x2, 0xc}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r2}, 0x4) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xf, &(0x7f0000000540)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 0s ago: executing program 0 (id=14557): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) kernel console output (not intermixed with test programs): ed is unknown, defaulting to 1000 [ 2889.777791][T24451] netlink: 104 bytes leftover after parsing attributes in process `syz.2.12232'. [ 2889.791714][T24451] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2889.807621][T24453] FAULT_INJECTION: forcing a failure. [ 2889.807621][T24453] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2889.822240][T24453] CPU: 1 UID: 0 PID: 24453 Comm: syz.4.12233 Not tainted 6.16.0-rc6-syzkaller-01646-g56613001dfc9 #0 PREEMPT(full) [ 2889.822265][T24453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2889.822276][T24453] Call Trace: [ 2889.822284][T24453] [ 2889.822292][T24453] dump_stack_lvl+0x189/0x250 [ 2889.822319][T24453] ? __pfx____ratelimit+0x10/0x10 [ 2889.822339][T24453] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2889.822361][T24453] ? __pfx__printk+0x10/0x10 [ 2889.822386][T24453] ? __might_fault+0xb0/0x130 [ 2889.822422][T24453] should_fail_ex+0x414/0x560 [ 2889.822447][T24453] _copy_from_iter+0x1db/0x16f0 [ 2889.822473][T24453] ? rcu_is_watching+0x15/0xb0 [ 2889.822497][T24453] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 2889.822524][T24453] ? __pfx__copy_from_iter+0x10/0x10 [ 2889.822548][T24453] ? __build_skb_around+0x257/0x3e0 [ 2889.822571][T24453] ? netlink_sendmsg+0x642/0xb30 [ 2889.822588][T24453] ? skb_put+0x11b/0x210 [ 2889.822618][T24453] netlink_sendmsg+0x6b2/0xb30 [ 2889.822647][T24453] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2889.822670][T24453] ? aa_sock_msg_perm+0x94/0x160 [ 2889.822691][T24453] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2889.822710][T24453] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2889.822730][T24453] __sock_sendmsg+0x21c/0x270 [ 2889.822759][T24453] ____sys_sendmsg+0x505/0x830 [ 2889.822787][T24453] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2889.822819][T24453] ? import_iovec+0x74/0xa0 [ 2889.822847][T24453] ___sys_sendmsg+0x21f/0x2a0 [ 2889.822872][T24453] ? __pfx____sys_sendmsg+0x10/0x10 [ 2889.822937][T24453] ? __fget_files+0x2a/0x420 [ 2889.822954][T24453] ? __fget_files+0x3a0/0x420 [ 2889.822980][T24453] __x64_sys_sendmsg+0x19b/0x260 [ 2889.823006][T24453] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2889.823037][T24453] ? __pfx_ksys_write+0x10/0x10 [ 2889.823058][T24453] ? rcu_is_watching+0x15/0xb0 [ 2889.823084][T24453] ? do_syscall_64+0xbe/0x3b0 [ 2889.823105][T24453] do_syscall_64+0xfa/0x3b0 [ 2889.823123][T24453] ? lockdep_hardirqs_on+0x9c/0x150 [ 2889.823140][T24453] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2889.823158][T24453] ? clear_bhb_loop+0x60/0xb0 [ 2889.823179][T24453] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2889.823196][T24453] RIP: 0033:0x7f64cd58e9a9 [ 2889.823211][T24453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2889.823226][T24453] RSP: 002b:00007f64ce356038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2889.823243][T24453] RAX: ffffffffffffffda RBX: 00007f64cd7b5fa0 RCX: 00007f64cd58e9a9 [ 2889.823256][T24453] RDX: 0000000000008000 RSI: 0000200000000100 RDI: 0000000000000003 [ 2889.823267][T24453] RBP: 00007f64ce356090 R08: 0000000000000000 R09: 0000000000000000 [ 2889.823278][T24453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2889.823288][T24453] R13: 0000000000000000 R14: 00007f64cd7b5fa0 R15: 00007fffba753648 [ 2889.823316][T24453] [ 2889.827298][T24447] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12230'. [ 2890.060433][T24456] FAULT_INJECTION: forcing a failure. [ 2890.060433][T24456] name failslab, interval 1, probability 0, space 0, times 0 [ 2890.140678][T24456] CPU: 1 UID: 0 PID: 24456 Comm: syz.4.12234 Not tainted 6.16.0-rc6-syzkaller-01646-g56613001dfc9 #0 PREEMPT(full) [ 2890.140705][T24456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2890.140716][T24456] Call Trace: [ 2890.140724][T24456] [ 2890.140732][T24456] dump_stack_lvl+0x189/0x250 [ 2890.140759][T24456] ? __pfx____ratelimit+0x10/0x10 [ 2890.140778][T24456] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2890.140799][T24456] ? __pfx__printk+0x10/0x10 [ 2890.140830][T24456] ? __pfx___might_resched+0x10/0x10 [ 2890.140856][T24456] should_fail_ex+0x414/0x560 [ 2890.140880][T24456] should_failslab+0xa8/0x100 [ 2890.140907][T24456] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 2890.140933][T24456] ? __alloc_skb+0x112/0x2d0 [ 2890.140957][T24456] __alloc_skb+0x112/0x2d0 [ 2890.140979][T24456] netlink_sendmsg+0x5c6/0xb30 [ 2890.141008][T24456] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2890.141030][T24456] ? aa_sock_msg_perm+0x94/0x160 [ 2890.141051][T24456] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2890.141069][T24456] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2890.141089][T24456] __sock_sendmsg+0x21c/0x270 [ 2890.141118][T24456] ____sys_sendmsg+0x505/0x830 [ 2890.141146][T24456] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2890.141177][T24456] ? import_iovec+0x74/0xa0 [ 2890.141205][T24456] ___sys_sendmsg+0x21f/0x2a0 [ 2890.141229][T24456] ? __pfx____sys_sendmsg+0x10/0x10 [ 2890.141289][T24456] ? __fget_files+0x2a/0x420 [ 2890.141303][T24456] ? __fget_files+0x3a0/0x420 [ 2890.141330][T24456] __x64_sys_sendmsg+0x19b/0x260 [ 2890.141355][T24456] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2890.141387][T24456] ? __pfx_ksys_write+0x10/0x10 [ 2890.141409][T24456] ? rcu_is_watching+0x15/0xb0 [ 2890.141436][T24456] ? do_syscall_64+0xbe/0x3b0 [ 2890.141476][T24456] do_syscall_64+0xfa/0x3b0 [ 2890.141495][T24456] ? lockdep_hardirqs_on+0x9c/0x150 [ 2890.141515][T24456] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2890.141534][T24456] ? clear_bhb_loop+0x60/0xb0 [ 2890.141559][T24456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2890.141577][T24456] RIP: 0033:0x7f64cd58e9a9 [ 2890.141601][T24456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2890.141618][T24456] RSP: 002b:00007f64ce356038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2890.141638][T24456] RAX: ffffffffffffffda RBX: 00007f64cd7b5fa0 RCX: 00007f64cd58e9a9 [ 2890.141652][T24456] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 2890.141664][T24456] RBP: 00007f64ce356090 R08: 0000000000000000 R09: 0000000000000000 [ 2890.141676][T24456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2890.141688][T24456] R13: 0000000000000000 R14: 00007f64cd7b5fa0 R15: 00007fffba753648 [ 2890.141739][T24456] [ 2890.244544][T24444] lo speed is unknown, defaulting to 1000 [ 2890.516839][T24462] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12237'. [ 2890.934292][T24476] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12240'. [ 2890.966113][T24474] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2891.676472][T24505] lo speed is unknown, defaulting to 1000 [ 2892.322540][T24531] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2892.393859][T24531] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2892.649256][T24505] lo speed is unknown, defaulting to 1000 [ 2892.659507][T24534] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2892.712369][T24536] lo speed is unknown, defaulting to 1000 [ 2893.089040][T24546] lo speed is unknown, defaulting to 1000 [ 2893.115858][T24536] lo speed is unknown, defaulting to 1000 [ 2893.343278][T24547] netlink: 'syz.4.12257': attribute type 6 has an invalid length. [ 2893.631239][T24551] netlink: 'syz.2.12262': attribute type 10 has an invalid length. [ 2893.663376][T24551] team0: left promiscuous mode [ 2893.749512][T24546] lo speed is unknown, defaulting to 1000 [ 2893.906320][T24558] __nla_validate_parse: 4 callbacks suppressed [ 2893.906337][T24558] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12265'. [ 2894.152646][T24563] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12267'. [ 2894.290432][T24562] lo speed is unknown, defaulting to 1000 [ 2895.008710][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2895.158105][T24562] lo speed is unknown, defaulting to 1000 [ 2895.713691][T24593] netlink: 4 bytes leftover after parsing attributes in process `syz.4.12278'. [ 2896.053315][T24600] pimreg: entered allmulticast mode [ 2896.062963][T24602] netlink: 'syz.2.12281': attribute type 4 has an invalid length. [ 2896.085762][ T4243] lo speed is unknown, defaulting to 1000 [ 2896.095237][T24602] netlink: 'syz.2.12281': attribute type 4 has an invalid length. [ 2896.110024][ T4243] syz2: Port: 1 Link DOWN [ 2896.122496][ T4243] lo speed is unknown, defaulting to 1000 [ 2896.157356][ T4243] syz2: Port: 1 Link ACTIVE [ 2896.164131][T24600] pimreg: left allmulticast mode [ 2896.432790][T24610] netlink: 'syz.3.12284': attribute type 4 has an invalid length. [ 2896.484605][T22624] lo speed is unknown, defaulting to 1000 [ 2896.503136][T24610] netlink: 'syz.3.12284': attribute type 4 has an invalid length. [ 2896.505373][T22624] syz0: Port: 1 Link DOWN [ 2896.534819][ T4243] lo speed is unknown, defaulting to 1000 [ 2896.550962][T23826] lo speed is unknown, defaulting to 1000 [ 2896.567901][T23826] syz0: Port: 1 Link ACTIVE [ 2896.738293][T24621] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12289'. [ 2896.865281][T24626] lo speed is unknown, defaulting to 1000 [ 2896.880009][T24629] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12290'. [ 2897.077864][T24636] netlink: 88 bytes leftover after parsing attributes in process `syz.3.12291'. [ 2897.103408][T24638] netlink: 'syz.1.12292': attribute type 4 has an invalid length. [ 2897.117371][T24638] netlink: 'syz.1.12292': attribute type 4 has an invalid length. [ 2897.325189][T24634] lo speed is unknown, defaulting to 1000 [ 2897.325254][T24626] lo speed is unknown, defaulting to 1000 [ 2897.676761][T24649] netlink: 248 bytes leftover after parsing attributes in process `syz.0.12296'. [ 2897.806127][T24634] lo speed is unknown, defaulting to 1000 [ 2897.806143][T24644] lo speed is unknown, defaulting to 1000 [ 2897.922295][T24650] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12296'. [ 2898.396489][T24644] lo speed is unknown, defaulting to 1000 [ 2898.635341][T24662] netlink: 28 bytes leftover after parsing attributes in process `syz.0.12300'. [ 2898.669229][T24662] netlink: 28 bytes leftover after parsing attributes in process `syz.0.12300'. [ 2898.948714][T24671] netlink: 'syz.1.12304': attribute type 4 has an invalid length. [ 2898.995085][T24671] netlink: 'syz.1.12304': attribute type 4 has an invalid length. [ 2899.533359][T24687] __nla_validate_parse: 1 callbacks suppressed [ 2899.533378][T24687] netlink: 248 bytes leftover after parsing attributes in process `syz.0.12309'. [ 2899.917583][T24693] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12309'. [ 2900.188590][T24701] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12312'. [ 2900.448359][T24705] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12314'. [ 2901.108224][T24731] netlink: 16 bytes leftover after parsing attributes in process `syz.3.12321'. [ 2901.123823][T24731] netlink: 48 bytes leftover after parsing attributes in process `syz.3.12321'. [ 2901.229655][T24741] netlink: 248 bytes leftover after parsing attributes in process `syz.1.12326'. [ 2901.285469][T24747] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12325'. [ 2901.356718][T24751] netlink: 'syz.2.12327': attribute type 1 has an invalid length. [ 2901.392441][T24740] lo speed is unknown, defaulting to 1000 [ 2901.524052][T24749] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12326'. [ 2901.845514][T24740] lo speed is unknown, defaulting to 1000 [ 2901.877881][T24767] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12332'. [ 2902.252868][T24781] netlink: 'syz.4.12337': attribute type 4 has an invalid length. [ 2902.281364][T24781] netlink: 'syz.4.12337': attribute type 4 has an invalid length. [ 2902.444462][T24786] team0: left promiscuous mode [ 2902.494208][T24786] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2902.958916][T23365] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2903.449104][T23365] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2903.665344][T24819] FAULT_INJECTION: forcing a failure. [ 2903.665344][T24819] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2903.706874][T24819] CPU: 1 UID: 0 PID: 24819 Comm: syz.3.12348 Not tainted 6.16.0-rc6-syzkaller-01646-g56613001dfc9 #0 PREEMPT(full) [ 2903.706907][T24819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2903.706921][T24819] Call Trace: [ 2903.706930][T24819] [ 2903.706940][T24819] dump_stack_lvl+0x189/0x250 [ 2903.706971][T24819] ? __pfx____ratelimit+0x10/0x10 [ 2903.706993][T24819] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2903.707019][T24819] ? __pfx__printk+0x10/0x10 [ 2903.707064][T24819] should_fail_ex+0x414/0x560 [ 2903.707093][T24819] _copy_to_user+0x31/0xb0 [ 2903.707125][T24819] simple_read_from_buffer+0xe1/0x170 [ 2903.707162][T24819] proc_fail_nth_read+0x1df/0x250 [ 2903.707187][T24819] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2903.707212][T24819] ? rw_verify_area+0x258/0x650 [ 2903.707238][T24819] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2903.707261][T24819] vfs_read+0x200/0x980 [ 2903.707295][T24819] ? __pfx___mutex_lock+0x10/0x10 [ 2903.707319][T24819] ? __pfx_vfs_read+0x10/0x10 [ 2903.707348][T24819] ? __fget_files+0x2a/0x420 [ 2903.707372][T24819] ? __fget_files+0x3a0/0x420 [ 2903.707401][T24819] ? __fget_files+0x2a/0x420 [ 2903.707431][T24819] ksys_read+0x145/0x250 [ 2903.707461][T24819] ? __pfx_ksys_read+0x10/0x10 [ 2903.707486][T24819] ? rcu_is_watching+0x15/0xb0 [ 2903.707517][T24819] ? do_syscall_64+0xbe/0x3b0 [ 2903.707545][T24819] do_syscall_64+0xfa/0x3b0 [ 2903.707565][T24819] ? lockdep_hardirqs_on+0x9c/0x150 [ 2903.707585][T24819] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2903.707606][T24819] ? clear_bhb_loop+0x60/0xb0 [ 2903.707633][T24819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2903.707666][T24819] RIP: 0033:0x7f522d38d3bc [ 2903.707684][T24819] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 2903.707702][T24819] RSP: 002b:00007f522e1e8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2903.707724][T24819] RAX: ffffffffffffffda RBX: 00007f522d5b5fa0 RCX: 00007f522d38d3bc [ 2903.707738][T24819] RDX: 000000000000000f RSI: 00007f522e1e80a0 RDI: 0000000000000004 [ 2903.707751][T24819] RBP: 00007f522e1e8090 R08: 0000000000000000 R09: 0000000000000000 [ 2903.707763][T24819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2903.707775][T24819] R13: 0000000000000000 R14: 00007f522d5b5fa0 R15: 00007ffcdac4bf58 [ 2903.707811][T24819] [ 2903.983197][ T2990] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2904.089839][T24833] netlink: 'syz.2.12352': attribute type 4 has an invalid length. [ 2904.142924][ T4243] lo speed is unknown, defaulting to 1000 [ 2904.149483][ T4243] syz2: Port: 1 Link DOWN [ 2904.180584][T24834] netlink: 'syz.2.12352': attribute type 4 has an invalid length. [ 2904.255196][ T4243] lo speed is unknown, defaulting to 1000 [ 2904.266906][ T4243] syz2: Port: 1 Link ACTIVE [ 2904.699147][T24857] __nla_validate_parse: 11 callbacks suppressed [ 2904.699168][T24857] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12362'. [ 2904.951724][T24867] FAULT_INJECTION: forcing a failure. [ 2904.951724][T24867] name failslab, interval 1, probability 0, space 0, times 0 [ 2904.967165][T24867] CPU: 1 UID: 0 PID: 24867 Comm: syz.0.12366 Not tainted 6.16.0-rc6-syzkaller-01646-g56613001dfc9 #0 PREEMPT(full) [ 2904.967192][T24867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2904.967204][T24867] Call Trace: [ 2904.967212][T24867] [ 2904.967220][T24867] dump_stack_lvl+0x189/0x250 [ 2904.967246][T24867] ? __pfx____ratelimit+0x10/0x10 [ 2904.967265][T24867] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2904.967287][T24867] ? __pfx__printk+0x10/0x10 [ 2904.967316][T24867] ? __nla_validate_parse+0x2400/0x2d40 [ 2904.967347][T24867] should_fail_ex+0x414/0x560 [ 2904.967370][T24867] should_failslab+0xa8/0x100 [ 2904.967399][T24867] kmem_cache_alloc_noprof+0x73/0x3c0 [ 2904.967422][T24867] ? xfrm_state_alloc+0x24/0x2f0 [ 2904.967458][T24867] xfrm_state_alloc+0x24/0x2f0 [ 2904.967483][T24867] xfrm_add_sa+0x17d1/0x4050 [ 2904.967512][T24867] ? __pfx_xfrm_add_sa+0x10/0x10 [ 2904.967529][T24867] ? apparmor_capable+0x137/0x1b0 [ 2904.967559][T24867] ? __nla_parse+0x40/0x60 [ 2904.967584][T24867] xfrm_user_rcv_msg+0x7a3/0xab0 [ 2904.967610][T24867] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 2904.967665][T24867] ? __mutex_trylock_common+0x153/0x260 [ 2904.967693][T24867] ? __pfx___mutex_trylock_common+0x10/0x10 [ 2904.967721][T24867] ? rcu_is_watching+0x15/0xb0 [ 2904.967744][T24867] ? trace_contention_end+0x39/0x120 [ 2904.967774][T24867] netlink_rcv_skb+0x208/0x470 [ 2904.967794][T24867] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 2904.967815][T24867] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2904.967850][T24867] ? netlink_deliver_tap+0x2e/0x1b0 [ 2904.967886][T24867] ? netlink_deliver_tap+0x2e/0x1b0 [ 2904.967910][T24867] xfrm_netlink_rcv+0x79/0x90 [ 2904.967933][T24867] netlink_unicast+0x82c/0x9e0 [ 2904.967975][T24867] ? __pfx_netlink_unicast+0x10/0x10 [ 2904.968009][T24867] ? netlink_sendmsg+0x642/0xb30 [ 2904.968028][T24867] ? skb_put+0x11b/0x210 [ 2904.968056][T24867] netlink_sendmsg+0x805/0xb30 [ 2904.968090][T24867] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2904.968116][T24867] ? aa_sock_msg_perm+0x94/0x160 [ 2904.968145][T24867] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2904.968167][T24867] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2904.968191][T24867] __sock_sendmsg+0x21c/0x270 [ 2904.968226][T24867] ____sys_sendmsg+0x505/0x830 [ 2904.968260][T24867] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2904.968298][T24867] ? import_iovec+0x74/0xa0 [ 2904.968333][T24867] ___sys_sendmsg+0x21f/0x2a0 [ 2904.968361][T24867] ? __pfx____sys_sendmsg+0x10/0x10 [ 2904.968434][T24867] ? __fget_files+0x2a/0x420 [ 2904.968460][T24867] ? __fget_files+0x3a0/0x420 [ 2904.968492][T24867] __x64_sys_sendmsg+0x19b/0x260 [ 2904.968521][T24867] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2904.968559][T24867] ? __pfx_ksys_write+0x10/0x10 [ 2904.968585][T24867] ? rcu_is_watching+0x15/0xb0 [ 2904.968616][T24867] ? do_syscall_64+0xbe/0x3b0 [ 2904.968644][T24867] do_syscall_64+0xfa/0x3b0 [ 2904.968665][T24867] ? lockdep_hardirqs_on+0x9c/0x150 [ 2904.968686][T24867] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2904.968708][T24867] ? clear_bhb_loop+0x60/0xb0 [ 2904.968735][T24867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2904.968756][T24867] RIP: 0033:0x7f8d2978e9a9 [ 2904.968775][T24867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2904.968795][T24867] RSP: 002b:00007f8d2a67f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2904.968817][T24867] RAX: ffffffffffffffda RBX: 00007f8d299b5fa0 RCX: 00007f8d2978e9a9 [ 2904.968832][T24867] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003 [ 2904.968846][T24867] RBP: 00007f8d2a67f090 R08: 0000000000000000 R09: 0000000000000000 [ 2904.968858][T24867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2904.968870][T24867] R13: 0000000000000000 R14: 00007f8d299b5fa0 R15: 00007ffd0511eb58 [ 2904.968907][T24867] [ 2905.338918][ T6174] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2905.346972][ T6174] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2905.438743][T23365] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2905.529383][T24876] netlink: 'syz.1.12370': attribute type 4 has an invalid length. [ 2905.581005][T24881] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12367'. [ 2905.597718][T24882] netlink: 'syz.1.12370': attribute type 4 has an invalid length. [ 2905.652101][T24869] lo speed is unknown, defaulting to 1000 [ 2905.680729][T24889] netlink: 48 bytes leftover after parsing attributes in process `syz.3.12369'. [ 2905.929473][T24894] netlink: 104 bytes leftover after parsing attributes in process `syz.1.12374'. [ 2905.992625][T24897] tipc: Bearer : already 2 bearers with priority 10 [ 2906.003395][T24899] netlink: 28 bytes leftover after parsing attributes in process `syz.4.12375'. [ 2906.014070][T24897] tipc: Bearer : trying with adjusted priority [ 2906.028972][T24897] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 2906.111140][T24869] lo speed is unknown, defaulting to 1000 [ 2906.502406][T24915] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12382'. [ 2906.906449][T24925] netlink: 104 bytes leftover after parsing attributes in process `syz.2.12386'. [ 2907.180361][T24928] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 2907.199598][T22624] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2907.209952][T24930] tipc: Enabling of bearer rejected, already enabled [ 2907.226924][T24928] netlink: 28 bytes leftover after parsing attributes in process `syz.4.12389'. [ 2907.470589][T23365] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2907.682881][T24950] lo speed is unknown, defaulting to 1000 [ 2907.708932][T23365] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2907.719017][T24952] netlink: 104 bytes leftover after parsing attributes in process `syz.3.12394'. [ 2907.864486][T24956] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12395'. [ 2908.314281][T24950] lo speed is unknown, defaulting to 1000 [ 2908.653548][T24957] netlink: 'syz.2.12393': attribute type 6 has an invalid length. [ 2908.980424][T24983] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 2909.437798][T25000] netlink: 'syz.0.12410': attribute type 4 has an invalid length. [ 2909.491881][T25003] netlink: 'syz.0.12410': attribute type 4 has an invalid length. [ 2909.735980][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2909.873946][T25012] netlink: 'syz.4.12415': attribute type 2 has an invalid length. [ 2910.109696][T25022] FAULT_INJECTION: forcing a failure. [ 2910.109696][T25022] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2910.133557][T25022] CPU: 1 UID: 0 PID: 25022 Comm: syz.3.12419 Not tainted 6.16.0-rc6-syzkaller-01646-g56613001dfc9 #0 PREEMPT(full) [ 2910.133588][T25022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2910.133601][T25022] Call Trace: [ 2910.133610][T25022] [ 2910.133619][T25022] dump_stack_lvl+0x189/0x250 [ 2910.133649][T25022] ? __pfx____ratelimit+0x10/0x10 [ 2910.133671][T25022] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2910.133696][T25022] ? __pfx__printk+0x10/0x10 [ 2910.133733][T25022] ? __might_fault+0xb0/0x130 [ 2910.133775][T25022] should_fail_ex+0x414/0x560 [ 2910.133802][T25022] _copy_from_iter+0x3f5/0x16f0 [ 2910.133842][T25022] ? __pfx__copy_from_iter+0x10/0x10 [ 2910.133872][T25022] ? dev_get_by_index+0x22/0x2e0 [ 2910.133900][T25022] ? dev_get_by_index+0x22/0x2e0 [ 2910.133927][T25022] ? skb_put+0x11b/0x210 [ 2910.133953][T25022] raw_sendmsg+0x399/0x1180 [ 2910.133990][T25022] ? __pfx_raw_sendmsg+0x10/0x10 [ 2910.134023][T25022] ? aa_sock_msg_perm+0x94/0x160 [ 2910.134047][T25022] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2910.134068][T25022] ? __pfx_raw_sendmsg+0x10/0x10 [ 2910.134095][T25022] __sock_sendmsg+0x21c/0x270 [ 2910.134127][T25022] ____sys_sendmsg+0x505/0x830 [ 2910.134159][T25022] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2910.134195][T25022] ? import_iovec+0x74/0xa0 [ 2910.134226][T25022] ___sys_sendmsg+0x21f/0x2a0 [ 2910.134254][T25022] ? __pfx____sys_sendmsg+0x10/0x10 [ 2910.134322][T25022] ? __fget_files+0x2a/0x420 [ 2910.134344][T25022] ? __fget_files+0x3a0/0x420 [ 2910.134375][T25022] __x64_sys_sendmsg+0x19b/0x260 [ 2910.134403][T25022] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2910.134440][T25022] ? __pfx_ksys_write+0x10/0x10 [ 2910.134486][T25022] ? do_syscall_64+0xbe/0x3b0 [ 2910.134510][T25022] do_syscall_64+0xfa/0x3b0 [ 2910.134528][T25022] ? lockdep_hardirqs_on+0x9c/0x150 [ 2910.134547][T25022] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2910.134566][T25022] ? clear_bhb_loop+0x60/0xb0 [ 2910.134590][T25022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2910.134608][T25022] RIP: 0033:0x7f522d38e9a9 [ 2910.134625][T25022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2910.134641][T25022] RSP: 002b:00007f522e1e8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2910.134661][T25022] RAX: ffffffffffffffda RBX: 00007f522d5b5fa0 RCX: 00007f522d38e9a9 [ 2910.134675][T25022] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 2910.134688][T25022] RBP: 00007f522e1e8090 R08: 0000000000000000 R09: 0000000000000000 [ 2910.134700][T25022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2910.134711][T25022] R13: 0000000000000000 R14: 00007f522d5b5fa0 R15: 00007ffcdac4bf58 [ 2910.134750][T25022] [ 2910.398772][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2910.423413][T25024] FAULT_INJECTION: forcing a failure. [ 2910.423413][T25024] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2910.436758][T25024] CPU: 1 UID: 0 PID: 25024 Comm: syz.1.12420 Not tainted 6.16.0-rc6-syzkaller-01646-g56613001dfc9 #0 PREEMPT(full) [ 2910.436785][T25024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2910.436797][T25024] Call Trace: [ 2910.436805][T25024] [ 2910.436813][T25024] dump_stack_lvl+0x189/0x250 [ 2910.436842][T25024] ? __pfx____ratelimit+0x10/0x10 [ 2910.436863][T25024] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2910.436886][T25024] ? __pfx__printk+0x10/0x10 [ 2910.436916][T25024] ? __might_fault+0xb0/0x130 [ 2910.436959][T25024] should_fail_ex+0x414/0x560 [ 2910.436985][T25024] _copy_from_user+0x2d/0xb0 [ 2910.437011][T25024] copy_from_sockptr+0x5e/0xa0 [ 2910.437034][T25024] do_tcp_getsockopt+0x1a9f/0x2660 [ 2910.437066][T25024] ? __pfx_do_tcp_getsockopt+0x10/0x10 [ 2910.437086][T25024] ? sock_recv_errqueue+0x4d0/0x510 [ 2910.437113][T25024] ? __might_fault+0xb0/0x130 [ 2910.437140][T25024] ? _parse_integer_limit+0x1ae/0x1f0 [ 2910.437166][T25024] ? aa_label_sk_perm+0x413/0x560 [ 2910.437203][T25024] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 2910.437264][T25024] ? __lock_acquire+0xab9/0xd20 [ 2910.437322][T25024] tcp_getsockopt+0x83/0x130 [ 2910.437341][T25024] ? sock_recv_errqueue+0x4d0/0x510 [ 2910.437367][T25024] ? sock_recv_errqueue+0x4d0/0x510 [ 2910.437393][T25024] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 2910.437422][T25024] do_sock_getsockopt+0x36f/0x450 [ 2910.437447][T25024] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 2910.437466][T25024] ? do_syscall_64+0x20/0x3b0 [ 2910.437485][T25024] ? __fget_files+0x3a0/0x420 [ 2910.437500][T25024] ? __fget_files+0x2a/0x420 [ 2910.437524][T25024] __x64_sys_getsockopt+0x1a5/0x250 [ 2910.437544][T25024] ? do_syscall_64+0x20/0x3b0 [ 2910.437565][T25024] ? do_syscall_64+0x20/0x3b0 [ 2910.437587][T25024] do_syscall_64+0xfa/0x3b0 [ 2910.437605][T25024] ? lockdep_hardirqs_on+0x9c/0x150 [ 2910.437622][T25024] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2910.437639][T25024] ? clear_bhb_loop+0x60/0xb0 [ 2910.437661][T25024] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2910.437679][T25024] RIP: 0033:0x7fe60cd8e9a9 [ 2910.437695][T25024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2910.437711][T25024] RSP: 002b:00007fe60dbf1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 2910.437729][T25024] RAX: ffffffffffffffda RBX: 00007fe60cfb5fa0 RCX: 00007fe60cd8e9a9 [ 2910.437742][T25024] RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000003 [ 2910.437753][T25024] RBP: 00007fe60dbf1090 R08: 00002000000000c0 R09: 0000000000000000 [ 2910.437765][T25024] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 2910.437776][T25024] R13: 0000000000000000 R14: 00007fe60cfb5fa0 R15: 00007ffea3175908 [ 2910.437806][T25024] [ 2910.726726][T25026] lo speed is unknown, defaulting to 1000 [ 2910.800871][T25027] __nla_validate_parse: 7 callbacks suppressed [ 2910.800887][T25027] netlink: 88 bytes leftover after parsing attributes in process `syz.2.12421'. [ 2910.921943][T25029] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12423'. [ 2910.932088][T25029] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12423'. [ 2910.985564][T25033] netlink: 'syz.1.12424': attribute type 4 has an invalid length. [ 2911.034725][T25033] netlink: 'syz.1.12424': attribute type 4 has an invalid length. [ 2911.041096][T25038] net veth1_virt_wifi ÿÿÿÿÿÿ: renamed from virt_wifi0 [ 2911.102387][T25026] lo speed is unknown, defaulting to 1000 [ 2911.616986][T25062] FAULT_INJECTION: forcing a failure. [ 2911.616986][T25062] name failslab, interval 1, probability 0, space 0, times 0 [ 2911.649685][T25062] CPU: 1 UID: 0 PID: 25062 Comm: syz.1.12434 Not tainted 6.16.0-rc6-syzkaller-01646-g56613001dfc9 #0 PREEMPT(full) [ 2911.649712][T25062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2911.649724][T25062] Call Trace: [ 2911.649732][T25062] [ 2911.649740][T25062] dump_stack_lvl+0x189/0x250 [ 2911.649763][T25062] ? __pfx____ratelimit+0x10/0x10 [ 2911.649779][T25062] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2911.649797][T25062] ? __pfx__printk+0x10/0x10 [ 2911.649818][T25062] ? __lock_acquire+0xab9/0xd20 [ 2911.649847][T25062] should_fail_ex+0x414/0x560 [ 2911.649867][T25062] should_failslab+0xa8/0x100 [ 2911.649890][T25062] kmem_cache_alloc_noprof+0x73/0x3c0 [ 2911.649910][T25062] ? skb_clone+0x212/0x3a0 [ 2911.649933][T25062] skb_clone+0x212/0x3a0 [ 2911.649954][T25062] __netlink_deliver_tap+0x404/0x850 [ 2911.649979][T25062] ? netlink_deliver_tap+0x2e/0x1b0 [ 2911.649995][T25062] netlink_deliver_tap+0x19c/0x1b0 [ 2911.650010][T25062] netlink_unicast+0x7fa/0x9e0 [ 2911.650039][T25062] ? __pfx_netlink_unicast+0x10/0x10 [ 2911.650062][T25062] ? netlink_sendmsg+0x642/0xb30 [ 2911.650075][T25062] ? skb_put+0x11b/0x210 [ 2911.650094][T25062] netlink_sendmsg+0x805/0xb30 [ 2911.650116][T25062] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2911.650133][T25062] ? aa_sock_msg_perm+0x94/0x160 [ 2911.650150][T25062] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2911.650165][T25062] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2911.650181][T25062] __sock_sendmsg+0x21c/0x270 [ 2911.650205][T25062] ____sys_sendmsg+0x505/0x830 [ 2911.650231][T25062] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2911.650256][T25062] ? import_iovec+0x74/0xa0 [ 2911.650280][T25062] ___sys_sendmsg+0x21f/0x2a0 [ 2911.650299][T25062] ? __pfx____sys_sendmsg+0x10/0x10 [ 2911.650346][T25062] ? __fget_files+0x2a/0x420 [ 2911.650358][T25062] ? __fget_files+0x3a0/0x420 [ 2911.650379][T25062] __x64_sys_sendmsg+0x19b/0x260 [ 2911.650399][T25062] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2911.650425][T25062] ? rcu_is_watching+0x15/0xb0 [ 2911.650447][T25062] ? do_syscall_64+0xbe/0x3b0 [ 2911.650466][T25062] do_syscall_64+0xfa/0x3b0 [ 2911.650480][T25062] ? lockdep_hardirqs_on+0x9c/0x150 [ 2911.650494][T25062] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2911.650508][T25062] ? clear_bhb_loop+0x60/0xb0 [ 2911.650526][T25062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2911.650540][T25062] RIP: 0033:0x7fe60cd8e9a9 [ 2911.650553][T25062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2911.650566][T25062] RSP: 002b:00007fe60dbf1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2911.650581][T25062] RAX: ffffffffffffffda RBX: 00007fe60cfb5fa0 RCX: 00007fe60cd8e9a9 [ 2911.650593][T25062] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000006 [ 2911.650602][T25062] RBP: 00007fe60dbf1090 R08: 0000000000000000 R09: 0000000000000000 [ 2911.650612][T25062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2911.650620][T25062] R13: 0000000000000000 R14: 00007fe60cfb5fa0 R15: 00007ffea3175908 [ 2911.650644][T25062] [ 2913.389232][T25096] pimreg: entered allmulticast mode [ 2913.476477][T25117] FAULT_INJECTION: forcing a failure. [ 2913.476477][T25117] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2913.500955][T25117] CPU: 1 UID: 0 PID: 25117 Comm: syz.0.12447 Not tainted 6.16.0-rc6-syzkaller-01646-g56613001dfc9 #0 PREEMPT(full) [ 2913.500978][T25117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2913.500988][T25117] Call Trace: [ 2913.500994][T25117] [ 2913.501000][T25117] dump_stack_lvl+0x189/0x250 [ 2913.501021][T25117] ? lockdep_hardirqs_on+0x9c/0x150 [ 2913.501039][T25117] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2913.501061][T25117] ? dump_stack+0x9/0x20 [ 2913.501079][T25117] ? __sanitizer_cov_trace_pc+0x8/0x70 [ 2913.501104][T25117] should_fail_ex+0x414/0x560 [ 2913.501123][T25117] _copy_to_user+0x31/0xb0 [ 2913.501145][T25117] simple_read_from_buffer+0xe1/0x170 [ 2913.501171][T25117] proc_fail_nth_read+0x1df/0x250 [ 2913.501188][T25117] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2913.501204][T25117] ? rw_verify_area+0x258/0x650 [ 2913.501223][T25117] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2913.501238][T25117] vfs_read+0x200/0x980 [ 2913.501261][T25117] ? __pfx___mutex_lock+0x10/0x10 [ 2913.501278][T25117] ? __pfx_vfs_read+0x10/0x10 [ 2913.501298][T25117] ? __fget_files+0x2a/0x420 [ 2913.501314][T25117] ? __fget_files+0x3a0/0x420 [ 2913.501326][T25117] ? __fget_files+0x2a/0x420 [ 2913.501345][T25117] ksys_read+0x145/0x250 [ 2913.501366][T25117] ? __pfx_ksys_read+0x10/0x10 [ 2913.501390][T25117] ? do_syscall_64+0xbe/0x3b0 [ 2913.501408][T25117] do_syscall_64+0xfa/0x3b0 [ 2913.501432][T25117] ? lockdep_hardirqs_on+0x9c/0x150 [ 2913.501445][T25117] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2913.501460][T25117] ? clear_bhb_loop+0x60/0xb0 [ 2913.501478][T25117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2913.501491][T25117] RIP: 0033:0x7f8d2978d3bc [ 2913.501505][T25117] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 2913.501517][T25117] RSP: 002b:00007f8d2a67f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2913.501533][T25117] RAX: ffffffffffffffda RBX: 00007f8d299b5fa0 RCX: 00007f8d2978d3bc [ 2913.501543][T25117] RDX: 000000000000000f RSI: 00007f8d2a67f0a0 RDI: 0000000000000008 [ 2913.501552][T25117] RBP: 00007f8d2a67f090 R08: 0000000000000000 R09: 0000000000000000 [ 2913.501561][T25117] R10: 0000000000010012 R11: 0000000000000246 R12: 0000000000000001 [ 2913.501570][T25117] R13: 0000000000000000 R14: 00007f8d299b5fa0 R15: 00007ffd0511eb58 [ 2913.501594][T25117] [ 2913.862853][T25123] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12448'. [ 2913.927332][T25127] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12448'. [ 2914.092533][T25133] netlink: 248 bytes leftover after parsing attributes in process `syz.3.12451'. [ 2915.653427][T25139] x_tables: duplicate underflow at hook 2 [ 2915.686299][T25137] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12451'. [ 2915.802431][T25141] dvmrp0: entered allmulticast mode [ 2916.046926][T25155] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12460'. [ 2916.257515][T25167] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12463'. [ 2916.303636][T25167] netlink: 24 bytes leftover after parsing attributes in process `syz.3.12463'. [ 2916.580045][T25184] lo speed is unknown, defaulting to 1000 [ 2916.582626][T25186] netlink: 88 bytes leftover after parsing attributes in process `syz.2.12467'. [ 2916.605263][T25189] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12469'. [ 2916.821780][T25195] netlink: 28 bytes leftover after parsing attributes in process `syz.1.12472'. [ 2916.848564][T25195] netlink: 28 bytes leftover after parsing attributes in process `syz.1.12472'. [ 2916.899438][T25200] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12475'. [ 2916.917698][T25184] lo speed is unknown, defaulting to 1000 [ 2917.236438][T25212] netlink: 104 bytes leftover after parsing attributes in process `syz.3.12478'. [ 2917.630114][T25229] netlink: 28 bytes leftover after parsing attributes in process `syz.4.12484'. [ 2917.639439][T25231] netlink: 'syz.0.12485': attribute type 4 has an invalid length. [ 2917.767081][T25238] FAULT_INJECTION: forcing a failure. [ 2917.767081][T25238] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2917.787093][T25238] CPU: 1 UID: 0 PID: 25238 Comm: syz.0.12489 Not tainted 6.16.0-rc6-syzkaller-01646-g56613001dfc9 #0 PREEMPT(full) [ 2917.787119][T25238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2917.787130][T25238] Call Trace: [ 2917.787138][T25238] [ 2917.787146][T25238] dump_stack_lvl+0x189/0x250 [ 2917.787172][T25238] ? __pfx____ratelimit+0x10/0x10 [ 2917.787192][T25238] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2917.787214][T25238] ? __pfx__printk+0x10/0x10 [ 2917.787239][T25238] ? __might_fault+0xb0/0x130 [ 2917.787281][T25238] should_fail_ex+0x414/0x560 [ 2917.787305][T25238] _copy_from_user+0x2d/0xb0 [ 2917.787330][T25238] ___sys_sendmsg+0x158/0x2a0 [ 2917.787356][T25238] ? __pfx____sys_sendmsg+0x10/0x10 [ 2917.787416][T25238] ? __fget_files+0x2a/0x420 [ 2917.787432][T25238] ? __fget_files+0x3a0/0x420 [ 2917.787459][T25238] __x64_sys_sendmsg+0x19b/0x260 [ 2917.787484][T25238] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2917.787516][T25238] ? __pfx_ksys_write+0x10/0x10 [ 2917.787537][T25238] ? rcu_is_watching+0x15/0xb0 [ 2917.787564][T25238] ? do_syscall_64+0xbe/0x3b0 [ 2917.787588][T25238] do_syscall_64+0xfa/0x3b0 [ 2917.787606][T25238] ? lockdep_hardirqs_on+0x9c/0x150 [ 2917.787624][T25238] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2917.787641][T25238] ? clear_bhb_loop+0x60/0xb0 [ 2917.787664][T25238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2917.787681][T25238] RIP: 0033:0x7f8d2978e9a9 [ 2917.787697][T25238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2917.787713][T25238] RSP: 002b:00007f8d2a67f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2917.787732][T25238] RAX: ffffffffffffffda RBX: 00007f8d299b5fa0 RCX: 00007f8d2978e9a9 [ 2917.787746][T25238] RDX: 0000000000000000 RSI: 00002000000010c0 RDI: 0000000000000004 [ 2917.787757][T25238] RBP: 00007f8d2a67f090 R08: 0000000000000000 R09: 0000000000000000 [ 2917.787769][T25238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2917.787779][T25238] R13: 0000000000000000 R14: 00007f8d299b5fa0 R15: 00007ffd0511eb58 [ 2917.787809][T25238] [ 2918.211583][T25249] FAULT_INJECTION: forcing a failure. [ 2918.211583][T25249] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2918.258673][T25249] CPU: 1 UID: 0 PID: 25249 Comm: syz.4.12492 Not tainted 6.16.0-rc6-syzkaller-01646-g56613001dfc9 #0 PREEMPT(full) [ 2918.258705][T25249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2918.258719][T25249] Call Trace: [ 2918.258728][T25249] [ 2918.258738][T25249] dump_stack_lvl+0x189/0x250 [ 2918.258771][T25249] ? __pfx____ratelimit+0x10/0x10 [ 2918.258794][T25249] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2918.258820][T25249] ? __pfx__printk+0x10/0x10 [ 2918.258850][T25249] ? __might_fault+0xb0/0x130 [ 2918.258899][T25249] should_fail_ex+0x414/0x560 [ 2918.258928][T25249] _copy_from_user+0x2d/0xb0 [ 2918.258958][T25249] kstrtouint_from_user+0xc4/0x170 [ 2918.258994][T25249] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 2918.259041][T25249] proc_fail_nth_write+0x88/0x240 [ 2918.259075][T25249] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 2918.259114][T25249] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 2918.259135][T25249] vfs_write+0x27e/0xa90 [ 2918.259172][T25249] ? __pfx_vfs_write+0x10/0x10 [ 2918.259211][T25249] ? __fget_files+0x2a/0x420 [ 2918.259232][T25249] ? __fget_files+0x3a0/0x420 [ 2918.259247][T25249] ? __fget_files+0x2a/0x420 [ 2918.259273][T25249] ksys_write+0x145/0x250 [ 2918.259319][T25249] ? __pfx_ksys_write+0x10/0x10 [ 2918.259342][T25249] ? rcu_is_watching+0x15/0xb0 [ 2918.259371][T25249] ? do_syscall_64+0xbe/0x3b0 [ 2918.259397][T25249] do_syscall_64+0xfa/0x3b0 [ 2918.259426][T25249] ? lockdep_hardirqs_on+0x9c/0x150 [ 2918.259444][T25249] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2918.259462][T25249] ? clear_bhb_loop+0x60/0xb0 [ 2918.259485][T25249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2918.259502][T25249] RIP: 0033:0x7f64cd58d45f [ 2918.259518][T25249] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 2918.259534][T25249] RSP: 002b:00007f64ce356030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 2918.259553][T25249] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f64cd58d45f [ 2918.259566][T25249] RDX: 0000000000000001 RSI: 00007f64ce3560a0 RDI: 0000000000000003 [ 2918.259577][T25249] RBP: 00007f64ce356090 R08: 0000000000000000 R09: 0000000000000000 [ 2918.259588][T25249] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 2918.259599][T25249] R13: 0000000000000000 R14: 00007f64cd7b5fa0 R15: 00007fffba753648 [ 2918.259630][T25249] [ 2918.698677][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2919.080739][T25273] lo speed is unknown, defaulting to 1000 [ 2919.344778][T25292] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2919.603894][T25273] lo speed is unknown, defaulting to 1000 [ 2919.697122][T25307] lo speed is unknown, defaulting to 1000 [ 2920.034503][T25315] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma? [ 2920.297186][T25307] lo speed is unknown, defaulting to 1000 [ 2921.554357][T25348] lo speed is unknown, defaulting to 1000 [ 2921.711741][T25354] __nla_validate_parse: 15 callbacks suppressed [ 2921.711759][T25354] netlink: 92 bytes leftover after parsing attributes in process `syz.0.12528'. [ 2921.727392][T25354] netlink: 24 bytes leftover after parsing attributes in process `syz.0.12528'. [ 2921.864818][T25354] netlink: 24 bytes leftover after parsing attributes in process `syz.0.12528'. [ 2921.989535][T25358] pimreg: left allmulticast mode [ 2922.206034][T25344] netlink: 'syz.3.12526': attribute type 6 has an invalid length. [ 2922.245876][T25348] lo speed is unknown, defaulting to 1000 [ 2922.883424][T25397] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12540'. [ 2922.936183][T25397] netlink: 24 bytes leftover after parsing attributes in process `syz.0.12540'. [ 2923.042181][T25404] netlink: 'syz.4.12543': attribute type 3 has an invalid length. [ 2923.085741][T25404] netlink: 'syz.4.12543': attribute type 3 has an invalid length. [ 2923.149426][T25403] netlink: 28 bytes leftover after parsing attributes in process `syz.4.12543'. [ 2923.261354][T25418] pimreg: entered allmulticast mode [ 2923.343952][T25418] pimreg: left allmulticast mode [ 2923.658058][T25437] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12552'. [ 2923.673169][T25433] pimreg: entered allmulticast mode [ 2923.743052][T25433] dvmrp0: left allmulticast mode [ 2923.751017][T25433] pimreg: left allmulticast mode [ 2923.756063][T25433] dvmrp8: left allmulticast mode [ 2923.879237][T25444] netlink: 104 bytes leftover after parsing attributes in process `syz.4.12554'. [ 2924.123742][T25450] netlink: 248 bytes leftover after parsing attributes in process `syz.0.12557'. [ 2924.643405][T25460] lo speed is unknown, defaulting to 1000 [ 2924.685006][T25467] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12557'. [ 2925.103323][T25452] netlink: 'syz.2.12559': attribute type 6 has an invalid length. [ 2925.343044][T25460] lo speed is unknown, defaulting to 1000 [ 2926.848937][T25550] xt_socket: unknown flags 0x8 [ 2927.087804][T25556] lo speed is unknown, defaulting to 1000 [ 2927.557621][T25564] netlink: 'syz.0.12586': attribute type 6 has an invalid length. [ 2927.678389][T25575] __nla_validate_parse: 6 callbacks suppressed [ 2927.678409][T25575] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12594'. [ 2927.700128][T25571] netlink: 404 bytes leftover after parsing attributes in process `syz.3.12592'. [ 2927.709580][T25571] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12592'. [ 2927.737811][T25571] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12592'. [ 2927.811217][T25571] netlink: 20 bytes leftover after parsing attributes in process `syz.3.12592'. [ 2927.853815][T25556] lo speed is unknown, defaulting to 1000 [ 2928.041498][T25582] netlink: 104 bytes leftover after parsing attributes in process `syz.4.12596'. [ 2928.217206][T25588] netlink: 16 bytes leftover after parsing attributes in process `syz.3.12598'. [ 2928.373198][T25593] netlink: 28 bytes leftover after parsing attributes in process `syz.2.12601'. [ 2928.394331][T25593] netlink: 28 bytes leftover after parsing attributes in process `syz.2.12601'. [ 2928.405650][T25596] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2928.426142][T25596] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2928.439912][T25596] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2928.454874][T25596] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2928.464882][T25596] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2928.503298][T25594] lo speed is unknown, defaulting to 1000 [ 2928.795658][T25594] lo speed is unknown, defaulting to 1000 [ 2929.512856][T25604] SET target dimension over the limit! [ 2929.752925][T18703] dvmrp0 (unregistering): left allmulticast mode [ 2930.528706][T18341] Bluetooth: hci0: command tx timeout [ 2931.275882][T18703] bond1 (unregistering): Released all slaves [ 2931.297101][T18703] bond0 (unregistering): Released all slaves [ 2931.411011][T18703] bond2 (unregistering): Released all slaves [ 2931.523562][T18703] bond3 (unregistering): Released all slaves [ 2931.640569][T18703] bond4 (unregistering): Released all slaves [ 2931.752545][T18703] bond5 (unregistering): Released all slaves [ 2931.766792][T18703] bond6 (unregistering): Released all slaves [ 2931.795545][T25608] netlink: 96 bytes leftover after parsing attributes in process `syz.4.12605'. [ 2932.258631][T18703] : left promiscuous mode [ 2932.336400][T25594] chnl_net:caif_netlink_parms(): no params data found [ 2932.453004][T18703] tipc: Disabling bearer [ 2932.466185][T18703] tipc: Disabling bearer [ 2932.498955][T18703] tipc: Disabling bearer [ 2932.517341][T18703] tipc: Left network mode [ 2932.611086][T18341] Bluetooth: hci0: command tx timeout [ 2932.718870][T25654] netlink: 'syz.3.12618': attribute type 1 has an invalid length. [ 2932.815801][T25594] bridge0: port 1(bridge_slave_0) entered blocking state [ 2932.830673][T25594] bridge0: port 1(bridge_slave_0) entered disabled state [ 2932.838019][T25594] bridge_slave_0: entered allmulticast mode [ 2932.846422][T25594] bridge_slave_0: entered promiscuous mode [ 2932.888709][T25594] bridge0: port 2(bridge_slave_1) entered blocking state [ 2932.909359][T25594] bridge0: port 2(bridge_slave_1) entered disabled state [ 2932.916573][T25594] bridge_slave_1: entered allmulticast mode [ 2932.941553][T25594] bridge_slave_1: entered promiscuous mode [ 2933.167469][T25594] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2933.206433][T25594] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2933.291049][T25674] FAULT_INJECTION: forcing a failure. [ 2933.291049][T25674] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2933.324707][T25674] CPU: 0 UID: 0 PID: 25674 Comm: syz.0.12625 Not tainted 6.16.0-rc6-syzkaller-01646-g56613001dfc9 #0 PREEMPT(full) [ 2933.324733][T25674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2933.324745][T25674] Call Trace: [ 2933.324754][T25674] [ 2933.324762][T25674] dump_stack_lvl+0x189/0x250 [ 2933.324788][T25674] ? __pfx____ratelimit+0x10/0x10 [ 2933.324808][T25674] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2933.324836][T25674] ? __pfx__printk+0x10/0x10 [ 2933.324861][T25674] ? __might_fault+0xb0/0x130 [ 2933.324898][T25674] should_fail_ex+0x414/0x560 [ 2933.324923][T25674] _copy_from_user+0x2d/0xb0 [ 2933.324949][T25674] ___sys_sendmsg+0x158/0x2a0 [ 2933.324975][T25674] ? __pfx____sys_sendmsg+0x10/0x10 [ 2933.325035][T25674] ? __fget_files+0x2a/0x420 [ 2933.325051][T25674] ? __fget_files+0x3a0/0x420 [ 2933.325079][T25674] __x64_sys_sendmsg+0x19b/0x260 [ 2933.325104][T25674] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2933.325136][T25674] ? __pfx_ksys_write+0x10/0x10 [ 2933.325158][T25674] ? rcu_is_watching+0x15/0xb0 [ 2933.325185][T25674] ? do_syscall_64+0xbe/0x3b0 [ 2933.325209][T25674] do_syscall_64+0xfa/0x3b0 [ 2933.325226][T25674] ? lockdep_hardirqs_on+0x9c/0x150 [ 2933.325244][T25674] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2933.325262][T25674] ? clear_bhb_loop+0x60/0xb0 [ 2933.325285][T25674] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2933.325302][T25674] RIP: 0033:0x7f8d2978e9a9 [ 2933.325318][T25674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2933.325333][T25674] RSP: 002b:00007f8d2a67f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2933.325352][T25674] RAX: ffffffffffffffda RBX: 00007f8d299b5fa0 RCX: 00007f8d2978e9a9 [ 2933.325365][T25674] RDX: 0000000004000010 RSI: 0000200000000000 RDI: 0000000000000003 [ 2933.325377][T25674] RBP: 00007f8d2a67f090 R08: 0000000000000000 R09: 0000000000000000 [ 2933.325388][T25674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2933.325398][T25674] R13: 0000000000000000 R14: 00007f8d299b5fa0 R15: 00007ffd0511eb58 [ 2933.325428][T25674] [ 2933.407108][T25677] __nla_validate_parse: 3 callbacks suppressed [ 2933.407126][T25677] netlink: 16 bytes leftover after parsing attributes in process `syz.3.12626'. [ 2933.667020][T25662] netlink: 'syz.4.12621': attribute type 6 has an invalid length. [ 2933.869155][T25594] team0: Port device team_slave_0 added [ 2933.900349][T25594] team0: Port device team_slave_1 added [ 2934.093760][T25594] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2934.105624][T25594] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2934.145882][T25594] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2934.166914][T25594] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2934.174264][T25594] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2934.200638][T25594] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2934.254215][T25594] hsr_slave_0: entered promiscuous mode [ 2934.261105][T25594] hsr_slave_1: entered promiscuous mode [ 2934.267486][T25594] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2934.275195][T25594] Cannot create hsr debugfs directory [ 2934.688620][T18341] Bluetooth: hci0: command tx timeout [ 2934.816436][T25594] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 2934.852567][T18703] hsr_slave_0: left promiscuous mode [ 2935.536229][T25594] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 2935.552349][T25594] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 2935.563100][T25594] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 2935.652728][T25594] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2935.675305][T25594] 8021q: adding VLAN 0 to HW filter on device team0 [ 2935.687703][ T1336] bridge0: port 1(bridge_slave_0) entered blocking state [ 2935.694856][ T1336] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2935.745289][T32499] bridge0: port 2(bridge_slave_1) entered blocking state [ 2935.752440][T32499] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2935.915853][T18703] IPVS: stop unused estimator thread 0... [ 2936.057298][T25594] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2936.117096][T25594] veth0_vlan: entered promiscuous mode [ 2936.138019][T25594] veth1_vlan: entered promiscuous mode [ 2936.185704][T25594] veth0_macvtap: entered promiscuous mode [ 2936.196409][T25594] veth1_macvtap: entered promiscuous mode [ 2936.227730][T25594] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2936.242169][T25594] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2936.254972][T18703] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2936.265523][T18703] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2936.283073][T18703] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2936.294424][T18703] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2936.406527][T32499] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2936.419849][T32499] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2936.482881][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2936.490864][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2941.739195][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2944.046358][T25724] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12638'. [ 2944.114764][T25724] geneve4: entered promiscuous mode [ 2944.140458][T25724] geneve4: entered allmulticast mode [ 2944.181875][T32499] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 35716 - 0 [ 2944.218797][T32499] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 35716 - 0 [ 2944.227108][T32499] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 35716 - 0 [ 2944.273140][T32499] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 35716 - 0 [ 2944.394674][T25596] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 2944.406430][T25596] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 2944.426519][T25596] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 2944.467240][T25596] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 2944.479228][T25596] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 2944.591037][T25737] netlink: 248 bytes leftover after parsing attributes in process `syz.4.12642'. [ 2944.803723][T25732] lo speed is unknown, defaulting to 1000 [ 2945.376260][T32499] tipc: Resetting bearer [ 2945.387288][T25761] openvswitch: netlink: ERSPAN option length err (len 256, max 255). [ 2945.443164][T32499] tipc: Disabling bearer [ 2945.816688][T32499] erspan0 (unregistering): left promiscuous mode [ 2945.847389][T32499] gretap0 (unregistering): left promiscuous mode [ 2946.407727][T32499] bridge6 (unregistering): left promiscuous mode [ 2946.433418][T32499] hsr0 (unregistering): left allmulticast mode [ 2946.442777][T32499] hsr0 (unregistering): left promiscuous mode [ 2946.528578][T18341] Bluetooth: hci5: command tx timeout [ 2947.264275][T32499] bond1 (unregistering): Released all slaves [ 2947.373158][T32499] bond2 (unregistering): Released all slaves [ 2947.478426][T32499] bond3 (unregistering): Released all slaves [ 2947.585406][T32499] bond4 (unregistering): Released all slaves [ 2947.686364][T32499] bond5 (unregistering): Released all slaves [ 2947.788361][T32499] bond6 (unregistering): Released all slaves [ 2947.803824][T32499] bond7 (unregistering): Released all slaves [ 2947.816976][T32499] bond8 (unregistering): Released all slaves [ 2947.831151][T32499] bond9 (unregistering): Released all slaves [ 2947.847167][T32499] bond0 (unregistering): Released all slaves [ 2947.864358][T32499] bond10 (unregistering): Released all slaves [ 2947.908866][T25732] lo speed is unknown, defaulting to 1000 [ 2948.208838][T32499] k›*·]‘: left promiscuous mode [ 2948.379514][T25788] netlink: 16 bytes leftover after parsing attributes in process `syz.4.12657'. [ 2948.393331][T25788] netlink: 16 bytes leftover after parsing attributes in process `syz.4.12657'. [ 2948.417007][T32499] tipc: Disabling bearer [ 2948.429033][T32499] tipc: Disabling bearer [ 2948.434767][T32499] tipc: Left network mode [ 2948.572994][T32499] IPVS: stopping backup sync thread 9074 ... [ 2948.608615][T18341] Bluetooth: hci5: command tx timeout [ 2948.724532][T25797] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12661'. [ 2948.882526][T25732] chnl_net:caif_netlink_parms(): no params data found [ 2949.020422][T25805] FAULT_INJECTION: forcing a failure. [ 2949.020422][T25805] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2949.034445][T25805] CPU: 0 UID: 0 PID: 25805 Comm: syz.1.12664 Not tainted 6.16.0-rc6-syzkaller-01646-g56613001dfc9 #0 PREEMPT(full) [ 2949.034472][T25805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2949.034484][T25805] Call Trace: [ 2949.034492][T25805] [ 2949.034502][T25805] dump_stack_lvl+0x189/0x250 [ 2949.034530][T25805] ? __pfx____ratelimit+0x10/0x10 [ 2949.034551][T25805] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2949.034574][T25805] ? __pfx__printk+0x10/0x10 [ 2949.034600][T25805] ? __might_fault+0xb0/0x130 [ 2949.034648][T25805] should_fail_ex+0x414/0x560 [ 2949.034671][T25805] _copy_from_user+0x2d/0xb0 [ 2949.034695][T25805] ___sys_recvmsg+0x12e/0x510 [ 2949.034738][T25805] ? __pfx____sys_recvmsg+0x10/0x10 [ 2949.034794][T25805] ? __might_fault+0xb0/0x130 [ 2949.034825][T25805] do_recvmmsg+0x307/0x770 [ 2949.034858][T25805] ? __pfx_do_recvmmsg+0x10/0x10 [ 2949.034896][T25805] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 2949.034938][T25805] __x64_sys_recvmmsg+0x190/0x240 [ 2949.034966][T25805] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 2949.034988][T25805] ? rcu_is_watching+0x15/0xb0 [ 2949.035017][T25805] ? do_syscall_64+0xbe/0x3b0 [ 2949.035042][T25805] do_syscall_64+0xfa/0x3b0 [ 2949.035060][T25805] ? lockdep_hardirqs_on+0x9c/0x150 [ 2949.035079][T25805] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2949.035099][T25805] ? clear_bhb_loop+0x60/0xb0 [ 2949.035132][T25805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2949.035152][T25805] RIP: 0033:0x7f6aadf8e9a9 [ 2949.035170][T25805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2949.035186][T25805] RSP: 002b:00007f6aaed12038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 2949.035207][T25805] RAX: ffffffffffffffda RBX: 00007f6aae1b5fa0 RCX: 00007f6aadf8e9a9 [ 2949.035221][T25805] RDX: 0000000000000003 RSI: 0000200000000f80 RDI: 0000000000000003 [ 2949.035233][T25805] RBP: 00007f6aaed12090 R08: 0000000000000000 R09: 0000000000000000 [ 2949.035245][T25805] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 2949.035256][T25805] R13: 0000000000000000 R14: 00007f6aae1b5fa0 R15: 00007ffd12a96178 [ 2949.035310][T25805] [ 2949.462414][T25732] bridge0: port 1(bridge_slave_0) entered blocking state [ 2949.471350][T25732] bridge0: port 1(bridge_slave_0) entered disabled state [ 2949.478980][T25732] bridge_slave_0: entered allmulticast mode [ 2949.491041][T25732] bridge_slave_0: entered promiscuous mode [ 2949.511657][T25732] bridge0: port 2(bridge_slave_1) entered blocking state [ 2949.528590][T25732] bridge0: port 2(bridge_slave_1) entered disabled state [ 2949.535807][T25732] bridge_slave_1: entered allmulticast mode [ 2949.601698][T25732] bridge_slave_1: entered promiscuous mode [ 2949.664921][T25830] netlink: 88 bytes leftover after parsing attributes in process `syz.3.12669'. [ 2950.081656][T25732] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2950.126002][T25827] lo speed is unknown, defaulting to 1000 [ 2950.145950][T32499] hsr_slave_0: left promiscuous mode [ 2950.158210][T32499] hsr_slave_1: left promiscuous mode [ 2950.691004][T18341] Bluetooth: hci5: command tx timeout [ 2951.195525][T25732] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2951.221957][T25840] netlink: 248 bytes leftover after parsing attributes in process `syz.1.12671'. [ 2951.265352][T25827] lo speed is unknown, defaulting to 1000 [ 2951.451368][T25732] team0: Port device team_slave_0 added [ 2951.493610][T25732] team0: Port device team_slave_1 added [ 2951.507513][T25844] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12671'. [ 2951.679750][T25732] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2951.686728][T25732] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2951.728750][T25732] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2951.759523][T25732] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2951.766580][T25732] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2951.838901][T25732] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2951.906785][T32499] IPVS: stop unused estimator thread 0... [ 2952.089977][T25732] hsr_slave_0: entered promiscuous mode [ 2952.096591][T25732] hsr_slave_1: entered promiscuous mode [ 2952.215697][T25866] ipt_REJECT: ECHOREPLY no longer supported. [ 2952.257022][T25866] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12676'. [ 2952.768863][T18341] Bluetooth: hci5: command tx timeout [ 2953.219675][T25732] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 2953.231219][T25732] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 2953.243834][T25732] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 2953.255134][T25732] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 2953.313666][T25893] netlink: 104 bytes leftover after parsing attributes in process `syz.2.12684'. [ 2953.326363][T25893] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2953.377242][T25732] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2953.392130][T25893] FAULT_INJECTION: forcing a failure. [ 2953.392130][T25893] name failslab, interval 1, probability 0, space 0, times 0 [ 2953.405614][T25893] CPU: 1 UID: 0 PID: 25893 Comm: syz.2.12684 Not tainted 6.16.0-rc6-syzkaller-01646-g56613001dfc9 #0 PREEMPT(full) [ 2953.405640][T25893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2953.405652][T25893] Call Trace: [ 2953.405660][T25893] [ 2953.405668][T25893] dump_stack_lvl+0x189/0x250 [ 2953.405696][T25893] ? __pfx____ratelimit+0x10/0x10 [ 2953.405724][T25893] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2953.405746][T25893] ? __pfx__printk+0x10/0x10 [ 2953.405774][T25893] ? __pfx___might_resched+0x10/0x10 [ 2953.405796][T25893] ? fs_reclaim_acquire+0x7d/0x100 [ 2953.405819][T25893] should_fail_ex+0x414/0x560 [ 2953.405844][T25893] should_failslab+0xa8/0x100 [ 2953.405873][T25893] __kmalloc_noprof+0xcb/0x4f0 [ 2953.405890][T25732] 8021q: adding VLAN 0 to HW filter on device team0 [ 2953.405896][T25893] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 2953.405926][T25893] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 2953.405960][T25893] genl_start+0x180/0x6c0 [ 2953.405984][T25893] ? netlink_lookup+0x30/0x200 [ 2953.406012][T25893] __netlink_dump_start+0x466/0x7e0 [ 2953.406057][T25893] genl_family_rcv_msg_dumpit+0x1e7/0x2c0 [ 2953.406089][T25893] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 2953.406114][T25893] ? genl_get_cmd+0x67f/0x910 [ 2953.406146][T25893] ? __pfx_genl_start+0x10/0x10 [ 2953.406168][T25893] ? __pfx_genl_dumpit+0x10/0x10 [ 2953.406190][T25893] ? __pfx_genl_done+0x10/0x10 [ 2953.406234][T25893] genl_rcv_msg+0x5da/0x790 [ 2953.406268][T25893] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2953.406293][T25893] ? __pfx_ethnl_rss_dump_start+0x10/0x10 [ 2953.406317][T25893] ? __pfx_ethnl_rss_dumpit+0x10/0x10 [ 2953.406344][T25893] ? __asan_memcpy+0x40/0x70 [ 2953.406367][T25893] ? __pfx_ref_tracker_free+0x10/0x10 [ 2953.406400][T25893] netlink_rcv_skb+0x208/0x470 [ 2953.406417][T25893] ? __lock_acquire+0xab9/0xd20 [ 2953.406438][T25893] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2953.406466][T25893] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2953.406509][T25893] ? down_read+0x1ad/0x2e0 [ 2953.406541][T25893] genl_rcv+0x28/0x40 [ 2953.406564][T25893] netlink_unicast+0x82c/0x9e0 [ 2953.406604][T25893] ? __pfx_netlink_unicast+0x10/0x10 [ 2953.406636][T25893] ? netlink_sendmsg+0x642/0xb30 [ 2953.406654][T25893] ? skb_put+0x11b/0x210 [ 2953.406682][T25893] netlink_sendmsg+0x805/0xb30 [ 2953.406720][T25893] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2953.406746][T25893] ? aa_sock_msg_perm+0x94/0x160 [ 2953.406770][T25893] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2953.406792][T25893] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2953.406814][T25893] __sock_sendmsg+0x21c/0x270 [ 2953.406849][T25893] ____sys_sendmsg+0x505/0x830 [ 2953.406881][T25893] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2953.406916][T25893] ? import_iovec+0x74/0xa0 [ 2953.406948][T25893] ___sys_sendmsg+0x21f/0x2a0 [ 2953.406976][T25893] ? __pfx____sys_sendmsg+0x10/0x10 [ 2953.407045][T25893] ? __fget_files+0x2a/0x420 [ 2953.407062][T25893] ? __fget_files+0x3a0/0x420 [ 2953.407094][T25893] __x64_sys_sendmsg+0x19b/0x260 [ 2953.407122][T25893] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2953.407159][T25893] ? __pfx_ksys_write+0x10/0x10 [ 2953.407184][T25893] ? rcu_is_watching+0x15/0xb0 [ 2953.407214][T25893] ? do_syscall_64+0xbe/0x3b0 [ 2953.407241][T25893] do_syscall_64+0xfa/0x3b0 [ 2953.407261][T25893] ? lockdep_hardirqs_on+0x9c/0x150 [ 2953.407280][T25893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2953.407301][T25893] ? clear_bhb_loop+0x60/0xb0 [ 2953.407325][T25893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2953.407345][T25893] RIP: 0033:0x7fccbcb8e9a9 [ 2953.407364][T25893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2953.407380][T25893] RSP: 002b:00007fccbd99c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2953.407403][T25893] RAX: ffffffffffffffda RBX: 00007fccbcdb5fa0 RCX: 00007fccbcb8e9a9 [ 2953.407418][T25893] RDX: 0000000000008840 RSI: 0000200000000240 RDI: 0000000000000006 [ 2953.407432][T25893] RBP: 00007fccbd99c090 R08: 0000000000000000 R09: 0000000000000000 [ 2953.407446][T25893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2953.407458][T25893] R13: 0000000000000000 R14: 00007fccbcdb5fa0 R15: 00007ffd10028228 [ 2953.407494][T25893] [ 2953.833263][T18703] bridge0: port 1(bridge_slave_0) entered blocking state [ 2953.840463][T18703] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2953.896520][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 2953.903731][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2954.401059][T25912] netlink: 104 bytes leftover after parsing attributes in process `syz.2.12691'. [ 2954.562156][T25924] netlink: 'syz.3.12696': attribute type 10 has an invalid length. [ 2955.001005][T25926] -1: renamed from syzkaller0 [ 2955.156626][T25732] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2955.307469][T25732] veth0_vlan: entered promiscuous mode [ 2955.331873][T25732] veth1_vlan: entered promiscuous mode [ 2955.399171][T25732] veth0_macvtap: entered promiscuous mode [ 2955.440887][T25732] veth1_macvtap: entered promiscuous mode [ 2955.499256][T25732] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2955.547253][T25732] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2955.610329][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2955.671398][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2955.698555][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2955.707310][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2956.158818][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2956.178749][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2958.326067][T25992] pim6reg1: entered promiscuous mode [ 2958.337126][T25992] pim6reg1: entered allmulticast mode [ 2958.427496][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2958.443853][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2959.560549][T25596] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 2959.578397][T25596] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 2959.588025][T25596] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 2959.599995][T25596] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 2959.607775][T25596] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 2959.765123][ T13] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2959.817571][T26059] sit0: entered promiscuous mode [ 2959.823987][T26059] sit0: entered allmulticast mode [ 2959.905133][ T13] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2959.966904][T26060] pim6reg1: entered promiscuous mode [ 2959.986760][T26060] pim6reg1: entered allmulticast mode [ 2959.996848][T26050] lo speed is unknown, defaulting to 1000 [ 2960.087433][ T13] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2960.300466][ T13] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2960.545996][T26050] lo speed is unknown, defaulting to 1000 [ 2960.714632][T26086] pim6reg1: entered promiscuous mode [ 2960.732787][T26086] pim6reg1: entered allmulticast mode [ 2961.248913][ T13] ip6gretap0 (unregistering): left promiscuous mode [ 2961.654674][T18341] Bluetooth: hci1: command tx timeout [ 2963.450034][ T13] bond1 (unregistering): Released all slaves [ 2963.561292][ T13] bond2 (unregistering): Released all slaves [ 2963.677550][ T13] bond3 (unregistering): Released all slaves [ 2963.731896][T18341] Bluetooth: hci1: command tx timeout [ 2963.791079][ T13] bond4 (unregistering): Released all slaves [ 2963.898054][ T13] bond5 (unregistering): Released all slaves [ 2963.913308][ T13] bond6 (unregistering): Released all slaves [ 2963.927690][ T13] bond7 (unregistering): Released all slaves [ 2963.959750][ T13] bond0 (unregistering): Released all slaves [ 2963.975135][ T13] bond8 (unregistering): Released all slaves [ 2963.990913][ T13] bond9 (unregistering): Released all slaves [ 2964.044000][T26118] wg2: entered promiscuous mode [ 2964.049698][T26118] wg2: entered allmulticast mode [ 2964.227034][ T13] : left promiscuous mode [ 2964.303260][ T13] tipc: Disabling bearer [ 2964.327786][ T13] tipc: Disabling bearer [ 2964.355565][ T13] tipc: Left network mode [ 2964.587385][T26138] syzkaller0: entered promiscuous mode [ 2964.603816][T26138] syzkaller0: entered allmulticast mode [ 2965.818724][T18341] Bluetooth: hci1: command tx timeout [ 2966.485137][T26151] veth0_vlan: entered allmulticast mode [ 2966.500596][T26153] ªªªªªª: renamed from vlan0 [ 2967.162847][T26180] syzkaller0: entered promiscuous mode [ 2967.195539][T26180] syzkaller0: entered allmulticast mode [ 2967.888750][T18341] Bluetooth: hci1: command tx timeout [ 2969.389250][T26214] xt_hashlimit: size too large, truncated to 1048576 [ 2970.926854][T26050] chnl_net:caif_netlink_parms(): no params data found [ 2971.113229][T26232] xt_bpf: check failed: parse error [ 2971.312964][T26240] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12821'. [ 2971.324391][T26240] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12821'. [ 2971.571025][T26243] bridge24: entered allmulticast mode [ 2971.683719][ T13] hsr_slave_0: left promiscuous mode [ 2972.317366][T32499] smc: removing ib device syz0 [ 2972.357897][T26255] netlink: 28 bytes leftover after parsing attributes in process `syz.4.12827'. [ 2972.371837][T26255] netlink: 28 bytes leftover after parsing attributes in process `syz.4.12827'. [ 2972.404766][T15157] lo speed is unknown, defaulting to 1000 [ 2972.414388][T15157] syz0: Port: 1 Link DOWN [ 2972.423556][T26050] bridge0: port 1(bridge_slave_0) entered blocking state [ 2972.461401][T26050] bridge0: port 1(bridge_slave_0) entered disabled state [ 2972.478598][T26050] bridge_slave_0: entered allmulticast mode [ 2972.487539][T26050] bridge_slave_0: entered promiscuous mode [ 2972.588108][T26050] bridge0: port 2(bridge_slave_1) entered blocking state [ 2972.613980][T26050] bridge0: port 2(bridge_slave_1) entered disabled state [ 2972.640154][T26050] bridge_slave_1: entered allmulticast mode [ 2972.749963][T26050] bridge_slave_1: entered promiscuous mode [ 2972.829793][T26272] netem: change failed [ 2974.100567][T26285] vlan2: entered allmulticast mode [ 2974.105754][T26285] bridge_slave_0: entered allmulticast mode [ 2974.196132][T26050] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2974.233450][T26050] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2974.356654][T26311] netlink: 'syz.0.12852': attribute type 6 has an invalid length. [ 2974.440235][T26050] team0: Port device team_slave_0 added [ 2974.483541][T26050] team0: Port device team_slave_1 added [ 2974.624487][T26313] syzkaller0: entered promiscuous mode [ 2974.631091][T26313] syzkaller0: entered allmulticast mode [ 2974.901237][T26050] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2974.911451][T26050] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2974.998544][T26050] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2975.041096][T26327] netlink: 'syz.0.12860': attribute type 27 has an invalid length. [ 2975.044359][ T13] IPVS: stop unused estimator thread 0... [ 2975.095921][T26330] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12860'. [ 2977.324121][T26327] bridge0: port 2(bridge_slave_1) entered disabled state [ 2977.331682][T26327] bridge0: port 1(bridge_slave_0) entered disabled state [ 2977.465261][T26327] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2977.485801][T26327] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2977.633960][T26050] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2977.658855][T26050] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2977.689880][T26050] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2977.978495][ T1336] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2979.751298][ T1336] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2979.760618][ T1336] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2979.806112][ T1336] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2979.893547][T26382] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 2979.991233][T26050] hsr_slave_0: entered promiscuous mode [ 2979.997677][T26050] hsr_slave_1: entered promiscuous mode [ 2980.025799][T26050] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2980.040258][T26050] Cannot create hsr debugfs directory [ 2981.051822][T26050] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2981.076237][T26050] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2981.105003][T26050] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2981.151916][T26050] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 2981.415534][T26050] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2981.461674][T26050] 8021q: adding VLAN 0 to HW filter on device team0 [ 2981.481375][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 2981.488651][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2981.525487][ T2990] bridge0: port 2(bridge_slave_1) entered blocking state [ 2981.532727][ T2990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2982.409351][T26050] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2982.532615][T26050] veth0_vlan: entered promiscuous mode [ 2982.560546][T26050] veth1_vlan: entered promiscuous mode [ 2982.636931][T26050] veth0_macvtap: entered promiscuous mode [ 2982.656847][T26050] veth1_macvtap: entered promiscuous mode [ 2982.698766][T26504] netlink: 2 bytes leftover after parsing attributes in process `syz.2.12931'. [ 2982.699889][T26050] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2982.746652][T26504] sit0: left promiscuous mode [ 2982.759838][T26504] sit0: left allmulticast mode [ 2982.782251][T26504] 8021q: adding VLAN 0 to HW filter on device team0 [ 2982.798067][T26504] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2982.844909][T26050] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2982.876647][T26512] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12935'. [ 2982.955900][ T2990] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2983.002748][ T2990] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2983.023574][ T2990] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2983.044043][ T2990] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2983.085611][T26516] lo speed is unknown, defaulting to 1000 [ 2983.203926][T26523] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2983.351452][T26523] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2983.417733][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2983.442984][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2983.535292][T26523] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2983.618690][ T2990] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2983.636290][ T2990] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2983.666203][T26523] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2984.085327][ T37] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2984.160747][ T37] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2984.238871][ T37] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2984.247879][T26546] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 2984.298096][ T37] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2984.659339][T26555] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12953'. [ 2984.917132][T25596] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 2984.930202][T25596] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 2984.940484][T25596] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 2984.971903][T25596] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 2984.979721][T25596] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 2985.012242][T26570] netlink: 3 bytes leftover after parsing attributes in process `syz.0.12958'. [ 2985.021938][T26570] 0ªX¹¦À: renamed from caif0 [ 2985.058659][T26570] 0ªX¹¦À: entered allmulticast mode [ 2985.063895][T26570] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 2985.234312][T26564] lo speed is unknown, defaulting to 1000 [ 2985.342712][T26587] tipc: Started in network mode [ 2985.347663][T26587] tipc: Node identity f2fb074117f, cluster identity 4711 [ 2985.369364][T26587] tipc: Enabled bearer , priority 0 [ 2985.431191][T26585] syzkaller0: entered promiscuous mode [ 2985.447380][T26585] syzkaller0: entered allmulticast mode [ 2985.455828][T26589] netlink: 32 bytes leftover after parsing attributes in process `syz.2.12966'. [ 2985.495468][T26585] tipc: Resetting bearer [ 2985.562070][T26582] tipc: Resetting bearer [ 2985.626475][T26582] tipc: Disabling bearer [ 2986.455212][T26613] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12974'. [ 2987.008628][T25596] Bluetooth: hci4: command tx timeout [ 2988.147319][ T13] bond1 (unregistering): Released all slaves [ 2988.256444][ T13] bond2 (unregistering): Released all slaves [ 2988.362424][ T13] bond3 (unregistering): Released all slaves [ 2988.465915][ T13] smc: removing net device bond0 with user defined pnetid SYZ2 [ 2988.474215][ T13] bond0 (unregistering): Released all slaves [ 2988.592743][ T13] bond4 (unregistering): Released all slaves [ 2988.606642][ T13] bond5 (unregistering): Released all slaves [ 2988.853571][ T13] tipc: Disabling bearer [ 2988.862326][ T13] tipc: Left network mode [ 2988.975184][T26643] netlink: 256 bytes leftover after parsing attributes in process `syz.3.12979'. [ 2989.033041][T26643] ksmbd: Unknown IPC event: 3, ignore. [ 2989.058950][ T13] IPVS: stopping backup sync thread 9830 ... [ 2989.082656][T26564] chnl_net:caif_netlink_parms(): no params data found [ 2989.100705][T25596] Bluetooth: hci4: command tx timeout [ 2989.952037][T26673] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 2989.962592][ T4244] IPVS: starting estimator thread 0... [ 2990.088718][T26680] IPVS: using max 29 ests per chain, 69600 per kthread [ 2990.287044][T26693] Unsupported ieee802154 address type: 0 [ 2990.293859][T26692] openvswitch: netlink: Message has 8 unknown bytes. [ 2990.411191][T26564] bridge0: port 1(bridge_slave_0) entered blocking state [ 2990.423555][T26564] bridge0: port 1(bridge_slave_0) entered disabled state [ 2990.431312][T26564] bridge_slave_0: entered allmulticast mode [ 2990.439202][T26564] bridge_slave_0: entered promiscuous mode [ 2990.489522][T26564] bridge0: port 2(bridge_slave_1) entered blocking state [ 2990.496701][T26564] bridge0: port 2(bridge_slave_1) entered disabled state [ 2990.512515][T26699] syz.1.13002: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 2990.548746][T26564] bridge_slave_1: entered allmulticast mode [ 2990.579018][T26699] CPU: 1 UID: 0 PID: 26699 Comm: syz.1.13002 Not tainted 6.16.0-rc6-syzkaller-01646-g56613001dfc9 #0 PREEMPT(full) [ 2990.579048][T26699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2990.579063][T26699] Call Trace: [ 2990.579084][T26699] [ 2990.579093][T26699] dump_stack_lvl+0x189/0x250 [ 2990.579140][T26699] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2990.579163][T26699] ? __pfx__printk+0x10/0x10 [ 2990.579188][T26699] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 2990.579214][T26699] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 2990.579240][T26699] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 2990.579268][T26699] warn_alloc+0x214/0x310 [ 2990.579285][T26699] ? stack_depot_save_flags+0x40/0x900 [ 2990.579309][T26699] ? __pfx_warn_alloc+0x10/0x10 [ 2990.579330][T26699] ? kasan_save_track+0x4f/0x80 [ 2990.579355][T26699] ? xskq_create+0x56/0x170 [ 2990.579371][T26699] ? xsk_init_queue+0xb0/0x110 [ 2990.579396][T26699] ? xsk_setsockopt+0x4dc/0x8d0 [ 2990.579421][T26699] ? do_sock_setsockopt+0x179/0x1b0 [ 2990.579439][T26699] ? __x64_sys_setsockopt+0x13f/0x1b0 [ 2990.579458][T26699] ? do_syscall_64+0xfa/0x3b0 [ 2990.579476][T26699] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2990.579503][T26699] __vmalloc_node_range_noprof+0x125/0x12f0 [ 2990.579565][T26699] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 2990.579608][T26699] ? __kasan_kmalloc+0x93/0xb0 [ 2990.579638][T26699] vmalloc_user_noprof+0xad/0xf0 [ 2990.579666][T26699] ? xskq_create+0xbf/0x170 [ 2990.579685][T26699] xskq_create+0xbf/0x170 [ 2990.579705][T26699] xsk_init_queue+0xb0/0x110 [ 2990.579736][T26699] xsk_setsockopt+0x4dc/0x8d0 [ 2990.579768][T26699] ? __pfx_xsk_setsockopt+0x10/0x10 [ 2990.579795][T26699] ? __pfx_aa_sk_perm+0x10/0x10 [ 2990.579830][T26699] ? aa_sock_opt_perm+0x74/0x110 [ 2990.579852][T26699] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 2990.579871][T26699] ? __pfx_xsk_setsockopt+0x10/0x10 [ 2990.579900][T26699] do_sock_setsockopt+0x179/0x1b0 [ 2990.579925][T26699] __x64_sys_setsockopt+0x13f/0x1b0 [ 2990.579953][T26699] do_syscall_64+0xfa/0x3b0 [ 2990.579971][T26699] ? lockdep_hardirqs_on+0x9c/0x150 [ 2990.579989][T26699] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2990.580007][T26699] ? clear_bhb_loop+0x60/0xb0 [ 2990.580030][T26699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2990.580048][T26699] RIP: 0033:0x7f6aadf8e9a9 [ 2990.580065][T26699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2990.580080][T26699] RSP: 002b:00007f6aaed12038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2990.580100][T26699] RAX: ffffffffffffffda RBX: 00007f6aae1b5fa0 RCX: 00007f6aadf8e9a9 [ 2990.580114][T26699] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006 [ 2990.580124][T26699] RBP: 00007f6aae010d69 R08: 0000000000000004 R09: 0000000000000000 [ 2990.580136][T26699] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2990.580147][T26699] R13: 0000000000000000 R14: 00007f6aae1b5fa0 R15: 00007ffd12a96178 [ 2990.580178][T26699] [ 2990.580186][T26699] Mem-Info: [ 2990.592691][T26564] bridge_slave_1: entered promiscuous mode [ 2990.927486][T26699] active_anon:11463 inactive_anon:0 isolated_anon:0 [ 2990.927486][T26699] active_file:2113 inactive_file:40939 isolated_file:0 [ 2990.927486][T26699] unevictable:768 dirty:195 writeback:0 [ 2990.927486][T26699] slab_reclaimable:21958 slab_unreclaimable:169814 [ 2990.927486][T26699] mapped:29572 shmem:1611 pagetables:1028 [ 2990.927486][T26699] sec_pagetables:0 bounce:0 [ 2990.927486][T26699] kernel_misc_reclaimable:0 [ 2990.927486][T26699] free:1228470 free_pcp:23210 free_cma:0 [ 2991.009271][T26699] Node 0 active_anon:45752kB inactive_anon:0kB active_file:8452kB inactive_file:163552kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:118288kB dirty:780kB writeback:0kB shmem:4908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11888kB pagetables:3964kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 2991.092167][T26564] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2991.104584][T26699] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 2991.160916][T26564] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2991.172995][T25596] Bluetooth: hci4: command tx timeout [ 2991.189251][T26699] Node 0 DMA free:14336kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:152kB local_pcp:84kB free_cma:0kB [ 2991.243608][T26699] lowmem_reserve[]: 0 2498 2499 2499 2499 [ 2991.254868][ T13] hsr_slave_1: left promiscuous mode [ 2991.271592][T26699] Node 0 DMA32 free:1028472kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:46008kB inactive_anon:0kB active_file:8452kB inactive_file:161984kB unevictable:1536kB writepending:776kB present:3129332kB managed:2558316kB mlocked:0kB bounce:0kB free_pcp:44832kB local_pcp:25048kB free_cma:0kB [ 2991.310456][T26699] lowmem_reserve[]: 0 0 1 1 1 [ 2991.315286][T26699] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:4kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 2991.345312][ T13] pimreg (unregistering): left allmulticast mode [ 2991.360914][T26699] lowmem_reserve[]: 0 0 0 0 0 [ 2991.365771][T26699] Node 1 Normal free:3871220kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:47376kB local_pcp:25392kB free_cma:0kB [ 2991.405949][T26699] lowmem_reserve[]: 0 0 0 0 0 [ 2991.414101][T26699] Node 0 DMA: 2*4kB (UM) 21*8kB (UE) 1*16kB (U) 4*32kB (UE) 5*64kB (UME) 3*128kB (UM) 4*256kB (UME) 4*512kB (UME) 4*1024kB (UM) 3*2048kB (UE) 0*4096kB = 14336kB [ 2991.439365][T26699] Node 0 DMA32: 2975*4kB (UME) 1313*8kB (UME) 992*16kB (UME) 740*32kB (UME) 1621*64kB (UME) 894*128kB (UME) 607*256kB (UME) 280*512kB (UME) 225*1024kB (UME) 11*2048kB (UME) 48*4096kB (U) = 1028420kB [ 2991.463290][T26699] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB [ 2991.475733][T26699] Node 1 Normal: 209*4kB (UE) 70*8kB (UME) 52*16kB (UME) 266*32kB (UME) 118*64kB (UME) 49*128kB (UME) 26*256kB (UME) 20*512kB (UM) 22*1024kB (UME) 15*2048kB (UME) 922*4096kB (UM) = 3871220kB [ 2991.500967][T26699] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2991.513379][T26699] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 2991.526166][T26699] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2991.541790][T26699] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 2991.552318][T26699] 44660 total pagecache pages [ 2991.557214][T26699] 0 pages in swap cache [ 2991.564614][T26699] Free swap = 124996kB [ 2991.569117][T26699] Total swap = 124996kB [ 2991.573292][T26699] 2097051 pages RAM [ 2991.577110][T26699] 0 pages HighMem/MovableOnly [ 2991.586566][T26699] 425430 pages reserved [ 2991.591038][T26699] 0 pages cma reserved [ 2992.203084][T26715] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 2992.214253][T26715] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 35716 - 0 [ 2992.246813][T26709] syzkaller1: entered promiscuous mode [ 2992.252566][T26709] syzkaller1: entered allmulticast mode [ 2992.262477][T26719] netlink: 28 bytes leftover after parsing attributes in process `syz.0.13009'. [ 2992.271780][T26719] netlink: 28 bytes leftover after parsing attributes in process `syz.0.13009'. [ 2992.425024][T26564] team0: Port device team_slave_0 added [ 2992.451325][T26715] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 2992.472761][T26715] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 35716 - 0 [ 2992.514919][T26564] team0: Port device team_slave_1 added [ 2992.613476][T26715] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 2992.628074][T26715] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 35716 - 0 [ 2992.787710][T26715] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 2992.814900][T26715] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 35716 - 0 [ 2992.854397][T26564] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2992.887629][T26564] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2992.933570][T26564] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2992.979489][T26564] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2992.991321][T26564] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2993.022357][T26564] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2993.059478][ T13] IPVS: stop unused estimator thread 0... [ 2993.249318][T25596] Bluetooth: hci4: command tx timeout [ 2993.399306][T26757] netlink: 'syz.1.13026': attribute type 10 has an invalid length. [ 2993.482551][T26762] netlink: 'syz.1.13026': attribute type 10 has an invalid length. [ 2993.724926][T26757] team0: Failed to send options change via netlink (err -105) [ 2993.732570][T26757] team0: Port device dummy0 added [ 2993.743208][T26762] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 2993.754546][T26762] team0: Failed to send options change via netlink (err -105) [ 2993.763655][T26762] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 2993.772733][T26762] team0: Port device dummy0 removed [ 2993.783045][T26762] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 2993.798624][T26766] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 2993.936554][T26564] hsr_slave_0: entered promiscuous mode [ 2993.946290][T26564] hsr_slave_1: entered promiscuous mode [ 2993.956617][T26564] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2993.971100][T26564] Cannot create hsr debugfs directory [ 2993.976847][ T6174] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 35716 - 0 [ 2993.987356][ T6174] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 256 - 0 [ 2994.008773][T26764] lo speed is unknown, defaulting to 1000 [ 2994.069870][T18703] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 35716 - 0 [ 2994.134189][T18703] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 256 - 0 [ 2994.201306][ T6174] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 35716 - 0 [ 2994.212758][ T6174] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 256 - 0 [ 2994.257473][ T6174] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 35716 - 0 [ 2994.280877][ T6174] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 256 - 0 [ 2994.675955][T26790] pim6reg1: entered promiscuous mode [ 2994.693188][T26790] pim6reg1: entered allmulticast mode [ 2995.822541][T26564] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2995.836474][T26812] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13050'. [ 2995.856510][T26564] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2995.868186][T26564] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2995.893943][T26564] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2995.950611][T26822] unsupported nla_type 52263 [ 2996.124324][T26564] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2996.184267][T26564] 8021q: adding VLAN 0 to HW filter on device team0 [ 2996.209615][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 2996.217671][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2996.236942][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 2996.244127][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2996.315612][T26837] netlink: 256 bytes leftover after parsing attributes in process `syz.3.13059'. [ 2996.349085][T26837] ksmbd: Unknown IPC event: 3, ignore. [ 2996.384388][T26840] pimreg: entered allmulticast mode [ 2996.412472][T26840] pimreg: left allmulticast mode [ 2996.717248][T26858] syzkaller1: entered promiscuous mode [ 2996.742410][T26858] syzkaller1: entered allmulticast mode [ 2996.995163][T26564] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2997.147004][T26878] netlink: 68 bytes leftover after parsing attributes in process `syz.0.13076'. [ 2997.227932][T26882] netlink: 24 bytes leftover after parsing attributes in process `syz.3.13078'. [ 2997.403473][T26893] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13082'. [ 2997.449415][T26893] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13082'. [ 2997.652208][T26564] veth0_vlan: entered promiscuous mode [ 2997.700044][T26564] veth1_vlan: entered promiscuous mode [ 2997.781927][T26564] veth0_macvtap: entered promiscuous mode [ 2997.792490][T26564] veth1_macvtap: entered promiscuous mode [ 2997.857748][T26564] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2997.897827][T26564] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2997.956998][ T1336] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2997.994944][ T1336] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2998.050020][ T1336] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2998.083303][ T1336] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2998.418108][T26931] tipc: Started in network mode [ 2998.426662][T26931] tipc: Node identity 5a0a22e24ae, cluster identity 4711 [ 2998.434140][T26931] tipc: Enabled bearer , priority 0 [ 2998.444714][T32499] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2998.465289][T32499] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2998.495440][T26927] tipc: Resetting bearer [ 2999.514596][T23826] tipc: Node number set to 283779810 [ 3000.223899][T26927] tipc: Disabling bearer [ 3000.380757][T18703] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3000.410855][T18703] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3000.674888][T26969] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3000.676024][T26972] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13114'. [ 3000.908109][T26969] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3001.006904][T26969] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3001.092768][T26969] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3001.295524][ T1336] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3001.321354][ T1336] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3001.377448][T32499] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3001.449743][ T37] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3001.586766][T26989] infiniband syz!: set active [ 3001.596400][T26998] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13127'. [ 3001.630331][T26989] infiniband syz!: added team_slave_0 [ 3001.690268][T26989] RDS/IB: syz!: added [ 3001.694366][T26989] smc: adding ib device syz! with port count 1 [ 3001.700716][T26989] smc: ib device syz! port 1 has pnetid [ 3002.087828][T27011] netlink: 'syz.1.13133': attribute type 13 has an invalid length. [ 3002.148195][T27011] gretap0: refused to change device tx_queue_len [ 3002.155240][T27011] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 3002.247755][ T13] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 35716 - 0 [ 3002.263475][T18341] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 3002.272701][T18341] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 3002.281086][T18341] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 3002.290842][T18341] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 3002.298966][T18341] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 3002.328070][ T13] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 3002.426241][ T13] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 35716 - 0 [ 3002.514904][ T13] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 3002.603937][T27016] lo speed is unknown, defaulting to 1000 [ 3002.650940][ T13] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 35716 - 0 [ 3002.688500][ T13] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 3002.831924][ T13] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 35716 - 0 [ 3002.842439][ T13] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 3004.221040][T27061] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 3004.321330][T27065] netlink: 'syz.0.13154': attribute type 1 has an invalid length. [ 3004.372653][T25596] Bluetooth: hci2: command tx timeout [ 3004.498207][T27073] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13158'. [ 3005.106660][ T13] bond1 (unregistering): Released all slaves [ 3005.123096][ T13] bond2 (unregistering): Released all slaves [ 3005.238942][ T13] bond3 (unregistering): Released all slaves [ 3005.256370][ T13] bond4 (unregistering): Released all slaves [ 3005.378145][ T13] bond5 (unregistering): Released all slaves [ 3005.478280][ T13] bond6 (unregistering): Released all slaves [ 3005.593861][ T13] bond7 (unregistering): Released all slaves [ 3005.699429][ T13] bond8 (unregistering): Released all slaves [ 3005.809164][ T13] bond9 (unregistering): Released all slaves [ 3005.911879][ T13] bond10 (unregistering): Released all slaves [ 3005.927213][ T13] bond11 (unregistering): Released all slaves [ 3006.044544][ T13] smc: removing net device bond0 with user defined pnetid SYZ2 [ 3006.053578][ T13] bond0 (unregistering): Released all slaves [ 3006.069968][ T13] bond12 (unregistering): Released all slaves [ 3006.111303][T27074] sch_tbf: burst 2 is lower than device bridge1 mtu (1514) ! [ 3006.346932][ T13] tipc: Disabling bearer [ 3006.356858][ T13] tipc: Disabling bearer [ 3006.382319][ T13] tipc: Disabling bearer [ 3006.394364][ T13] tipc: Left network mode [ 3006.416825][T27079] pim6reg1: entered promiscuous mode [ 3006.426515][T27079] pim6reg1: entered allmulticast mode [ 3006.448852][T25596] Bluetooth: hci2: command tx timeout [ 3008.540596][T25596] Bluetooth: hci2: command tx timeout [ 3009.661405][T27116] bridge0: port 2(bridge_slave_1) entered disabled state [ 3009.669245][T27116] bridge0: port 1(bridge_slave_0) entered disabled state [ 3009.869629][T27116] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3009.891843][T27116] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3010.099057][ T13] batadv_slave_0: left promiscuous mode [ 3010.121239][ T13] veth1_vlan: left allmulticast mode [ 3010.599845][ T6174] smc: removing ib device syz1 [ 3010.619422][T25596] Bluetooth: hci2: command tx timeout [ 3011.038999][T27137] netlink: 642 bytes leftover after parsing attributes in process `syz.0.13185'. [ 3011.072095][ T37] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3011.084259][ T37] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3011.115308][ T4243] lo speed is unknown, defaulting to 1000 [ 3011.140726][ T4243] infiniband syz2: ib_query_port failed (-19) [ 3011.158824][T27016] chnl_net:caif_netlink_parms(): no params data found [ 3011.216724][ T37] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3011.254859][T18703] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3013.345037][T27198] netlink: 204 bytes leftover after parsing attributes in process `syz.4.13204'. [ 3014.523564][T27016] bridge0: port 1(bridge_slave_0) entered blocking state [ 3014.539175][T27016] bridge0: port 1(bridge_slave_0) entered disabled state [ 3014.548152][T27016] bridge_slave_0: entered allmulticast mode [ 3014.557490][T27016] bridge_slave_0: entered promiscuous mode [ 3014.602191][T27016] bridge0: port 2(bridge_slave_1) entered blocking state [ 3014.620290][T27016] bridge0: port 2(bridge_slave_1) entered disabled state [ 3014.631454][T27016] bridge_slave_1: entered allmulticast mode [ 3014.650302][T27016] bridge_slave_1: entered promiscuous mode [ 3014.870147][T27016] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3014.882457][ T13] IPVS: stop unused estimator thread 0... [ 3014.917581][T27016] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3014.997880][T27237] netlink: 48 bytes leftover after parsing attributes in process `syz.4.13222'. [ 3015.359996][T27016] team0: Port device team_slave_0 added [ 3015.401466][T27016] team0: Port device team_slave_1 added [ 3017.158789][T27016] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3017.165778][T27016] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3017.191754][T27016] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3017.204249][T27016] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3017.211293][T27016] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3017.239607][T27016] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3017.396045][T27016] hsr_slave_0: entered promiscuous mode [ 3017.429677][T27016] hsr_slave_1: entered promiscuous mode [ 3017.435952][T27016] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3017.465933][T27016] Cannot create hsr debugfs directory [ 3017.765943][T27297] netlink: 256 bytes leftover after parsing attributes in process `syz.1.13246'. [ 3017.808687][T27297] ksmbd: Unknown IPC event: 3, ignore. [ 3018.147521][T27308] netlink: 44 bytes leftover after parsing attributes in process `syz.1.13251'. [ 3018.332499][T27016] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 3018.361718][T27016] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 3018.382433][T27016] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 3018.405900][T27016] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 3018.731412][T27339] netlink: 44 bytes leftover after parsing attributes in process `syz.0.13262'. [ 3018.956829][T27016] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3019.063697][T27016] 8021q: adding VLAN 0 to HW filter on device team0 [ 3019.083554][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 3019.090723][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3019.131810][T25996] bridge0: port 2(bridge_slave_1) entered blocking state [ 3019.138994][T25996] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3019.288239][T27365] netlink: 44 bytes leftover after parsing attributes in process `syz.4.13274'. [ 3019.306244][T27016] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3019.684417][T27380] netlink: 36 bytes leftover after parsing attributes in process `syz.3.13280'. [ 3019.985301][T27016] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3020.135571][T27016] veth0_vlan: entered promiscuous mode [ 3020.201016][T27016] veth1_vlan: entered promiscuous mode [ 3020.352998][T27016] veth0_macvtap: entered promiscuous mode [ 3020.400587][T27016] veth1_macvtap: entered promiscuous mode [ 3020.400985][T27411] netlink: 204 bytes leftover after parsing attributes in process `syz.4.13293'. [ 3020.503129][T27016] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 3020.544585][T27016] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 3020.563780][ T1336] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3020.582747][ T1336] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3020.617879][ T1336] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3020.639020][ T1336] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3020.983452][T27430] netlink: 'syz.0.13301': attribute type 4 has an invalid length. [ 3020.987826][T25996] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3021.030641][T25996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3021.035258][T27434] netlink: 'syz.0.13301': attribute type 4 has an invalid length. [ 3021.146993][ T1336] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3021.162917][ T1336] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3021.312541][T27445] netlink: 'syz.3.13307': attribute type 12 has an invalid length. [ 3021.619466][T27463] netlink: 132 bytes leftover after parsing attributes in process `syz.1.13316'. [ 3022.820908][T27540] netlink: 'syz.3.13352': attribute type 10 has an invalid length. [ 3022.844651][T27540] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 3024.304654][T27608] netlink: 16 bytes leftover after parsing attributes in process `syz.0.13382'. [ 3024.811503][T27636] netlink: 16 bytes leftover after parsing attributes in process `syz.1.13396'. [ 3024.968091][T27643] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13397'. [ 3025.170457][T27652] netlink: 12 bytes leftover after parsing attributes in process `syz.4.13400'. [ 3025.547883][T27668] netlink: 16 bytes leftover after parsing attributes in process `syz.1.13409'. [ 3026.043323][T27691] netlink: 'syz.3.13418': attribute type 10 has an invalid length. [ 3026.091398][T27691] bond0: (slave dummy0): Releasing backup interface [ 3026.109236][T27691] team0: Port device dummy0 added [ 3026.299441][T27698] pim6reg1: entered promiscuous mode [ 3026.304871][T27698] pim6reg1: entered allmulticast mode [ 3027.843049][T27777] netlink: 12 bytes leftover after parsing attributes in process `syz.4.13452'. [ 3028.049533][T27789] netlink: 28 bytes leftover after parsing attributes in process `syz.4.13458'. [ 3028.134244][T27792] netlink: 204 bytes leftover after parsing attributes in process `syz.2.13460'. [ 3031.624171][T27833] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 3035.450321][T27891] pim6reg1: entered promiscuous mode [ 3035.456376][T27891] pim6reg1: entered allmulticast mode [ 3035.486731][T27910] netlink: 132 bytes leftover after parsing attributes in process `syz.2.13509'. [ 3035.651713][T27920] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13514'. [ 3035.751225][T27925] netlink: 4 bytes leftover after parsing attributes in process `syz.2.13514'. [ 3036.370077][T27948] netlink: 132 bytes leftover after parsing attributes in process `syz.1.13524'. [ 3036.554754][T27953] netlink: 12 bytes leftover after parsing attributes in process `syz.4.13527'. [ 3038.537600][T27960] pim6reg1: entered promiscuous mode [ 3038.552206][T27960] pim6reg1: entered allmulticast mode [ 3038.709749][T27978] netlink: 132 bytes leftover after parsing attributes in process `syz.2.13536'. [ 3038.761688][T27981] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13538'. [ 3038.913396][T27990] syzkaller1: entered promiscuous mode [ 3038.977231][T27990] syzkaller1: entered allmulticast mode [ 3038.989393][T27996] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13543'. [ 3039.056042][T27996] sch_tbf: burst 2 is lower than device bridge1 mtu (1514) ! [ 3039.153056][T28006] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13548'. [ 3039.196117][T28006] netlink: 24 bytes leftover after parsing attributes in process `syz.1.13548'. [ 3040.568775][T28026] __nla_validate_parse: 2 callbacks suppressed [ 3040.568797][T28026] netlink: 4 bytes leftover after parsing attributes in process `syz.4.13556'. [ 3040.916766][T28006] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13548'. [ 3040.930830][T28006] netlink: 24 bytes leftover after parsing attributes in process `syz.1.13548'. [ 3041.313586][T28044] pim6reg1: entered promiscuous mode [ 3041.323523][T28044] pim6reg1: entered allmulticast mode [ 3043.974135][T28104] tipc: Enabled bearer , priority 0 [ 3044.039806][T28103] tipc: Disabling bearer [ 3044.303633][T28112] pim6reg1: entered promiscuous mode [ 3044.311502][T28112] pim6reg1: entered allmulticast mode [ 3044.647150][T28143] tipc: Started in network mode [ 3044.675731][T28143] tipc: Node identity 5235b484a7bf, cluster identity 4711 [ 3044.689701][T28143] tipc: Enabled bearer , priority 0 [ 3044.743785][T28142] tipc: Disabling bearer [ 3044.848391][T28158] netlink: 4 bytes leftover after parsing attributes in process `syz.2.13614'. [ 3044.870883][T28158] veth1_macvtap: left promiscuous mode [ 3044.976213][T28164] netlink: 44 bytes leftover after parsing attributes in process `syz.4.13616'. [ 3044.983287][T28166] netlink: 132 bytes leftover after parsing attributes in process `syz.0.13618'. [ 3045.256837][T28174] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13623'. [ 3045.567624][T28187] netlink: 132 bytes leftover after parsing attributes in process `syz.4.13630'. [ 3045.582791][T28194] netlink: 44 bytes leftover after parsing attributes in process `syz.2.13631'. [ 3047.293627][T28201] batadv_slave_0: entered promiscuous mode [ 3047.452019][T28224] netlink: 132 bytes leftover after parsing attributes in process `syz.0.13644'. [ 3047.632320][T28238] Cannot find del_set index 0 as target [ 3047.781683][T28246] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 3047.877524][T28254] netlink: 132 bytes leftover after parsing attributes in process `syz.0.13660'. [ 3048.248761][T28273] netlink: 44 bytes leftover after parsing attributes in process `syz.1.13668'. [ 3048.438383][T28280] netlink: 132 bytes leftover after parsing attributes in process `syz.1.13672'. [ 3048.816076][T28301] netlink: 44 bytes leftover after parsing attributes in process `syz.1.13682'. [ 3048.966673][T28309] netlink: 132 bytes leftover after parsing attributes in process `syz.2.13689'. [ 3049.355642][T28331] netlink: 44 bytes leftover after parsing attributes in process `syz.3.13695'. [ 3049.406097][T28328] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3049.430339][T28328] 8021q: adding VLAN 0 to HW filter on device team0 [ 3049.477058][T28328] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 3049.830674][T28350] netlink: 132 bytes leftover after parsing attributes in process `syz.4.13702'. [ 3050.427419][T28380] netlink: 132 bytes leftover after parsing attributes in process `syz.2.13718'. [ 3050.909597][T28414] netlink: 132 bytes leftover after parsing attributes in process `syz.0.13734'. [ 3051.133665][T28429] xt_bpf: check failed: parse error [ 3051.359461][T28441] netlink: 132 bytes leftover after parsing attributes in process `syz.2.13747'. [ 3051.625733][ T30] audit: type=1107 audit(1753257429.685:16): pid=28454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 3051.921485][T28461] bridge0: port 2(bridge_slave_1) entered disabled state [ 3051.923503][T28471] netlink: 204 bytes leftover after parsing attributes in process `syz.0.13761'. [ 3051.929342][T28461] bridge0: port 1(bridge_slave_0) entered disabled state [ 3052.064843][T28461] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3052.087229][T28461] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3052.183651][T28468] netlink: 132 bytes leftover after parsing attributes in process `syz.4.13760'. [ 3052.204335][T28475] pim6reg1: entered promiscuous mode [ 3052.225099][T28475] pim6reg1: entered allmulticast mode [ 3052.250301][T25996] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3052.277604][T25996] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3052.304898][T25996] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3052.400596][T25996] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3052.841493][T28509] netlink: 132 bytes leftover after parsing attributes in process `syz.2.13775'. [ 3053.545596][T28545] netlink: 60 bytes leftover after parsing attributes in process `syz.0.13796'. [ 3053.595767][T28545] netlink: 60 bytes leftover after parsing attributes in process `syz.0.13796'. [ 3053.618109][T28545] netlink: 60 bytes leftover after parsing attributes in process `syz.0.13796'. [ 3053.679019][T28553] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.13797'. [ 3056.287863][T28592] netlink: 55631 bytes leftover after parsing attributes in process `syz.4.13812'. [ 3056.441552][T28621] netlink: 60 bytes leftover after parsing attributes in process `syz.3.13827'. [ 3056.482515][T28621] netlink: 60 bytes leftover after parsing attributes in process `syz.3.13827'. [ 3056.506376][T28623] netlink: 60 bytes leftover after parsing attributes in process `syz.2.13828'. [ 3056.530392][T28623] netlink: 60 bytes leftover after parsing attributes in process `syz.2.13828'. [ 3056.556293][T28623] netlink: 60 bytes leftover after parsing attributes in process `syz.2.13828'. [ 3057.822247][T28696] netlink: 60 bytes leftover after parsing attributes in process `syz.1.13860'. [ 3057.833620][T28691] netlink: 60 bytes leftover after parsing attributes in process `syz.1.13860'. [ 3057.869510][T28691] netlink: 60 bytes leftover after parsing attributes in process `syz.1.13860'. [ 3058.170557][T28712] netlink: 44 bytes leftover after parsing attributes in process `syz.1.13869'. [ 3058.956065][T28757] netlink: 'syz.3.13887': attribute type 29 has an invalid length. [ 3058.975279][T28757] netlink: 'syz.3.13887': attribute type 29 has an invalid length. [ 3059.070249][T28762] netlink: 'syz.0.13892': attribute type 7 has an invalid length. [ 3059.814780][T28794] netlink: 'syz.4.13907': attribute type 29 has an invalid length. [ 3059.823632][T28794] netlink: 'syz.4.13907': attribute type 29 has an invalid length. [ 3059.834403][T28794] netlink: 'syz.4.13907': attribute type 29 has an invalid length. [ 3060.600193][T28828] netlink: 'syz.0.13922': attribute type 29 has an invalid length. [ 3060.624637][T28828] netlink: 'syz.0.13922': attribute type 29 has an invalid length. [ 3060.648887][T28828] netlink: 'syz.0.13922': attribute type 29 has an invalid length. [ 3060.688134][T28828] netlink: 'syz.0.13922': attribute type 29 has an invalid length. [ 3061.664636][T28904] __nla_validate_parse: 5 callbacks suppressed [ 3061.664656][T28904] netlink: 44 bytes leftover after parsing attributes in process `syz.2.13956'. [ 3061.681471][T28899] netlink: 44 bytes leftover after parsing attributes in process `syz.2.13956'. [ 3061.691615][T28904] netlink: 44 bytes leftover after parsing attributes in process `syz.2.13956'. [ 3061.981291][T28918] netlink: 164 bytes leftover after parsing attributes in process `syz.3.13965'. [ 3062.239190][T28934] tipc: Enabling of bearer rejected, failed to enable media [ 3062.702033][T28964] netlink: 4 bytes leftover after parsing attributes in process `syz.2.13985'. [ 3064.052009][T29061] validate_nla: 2 callbacks suppressed [ 3064.052030][T29061] netlink: 'syz.4.14031': attribute type 4 has an invalid length. [ 3064.099167][T29062] tipc: Enabling of bearer rejected, failed to enable media [ 3064.784901][T29104] netlink: 24 bytes leftover after parsing attributes in process `syz.0.14050'. [ 3066.968464][T29162] netlink: 60 bytes leftover after parsing attributes in process `syz.4.14078'. [ 3066.979498][T29164] netlink: 132 bytes leftover after parsing attributes in process `syz.0.14079'. [ 3067.015360][T29161] netlink: 60 bytes leftover after parsing attributes in process `syz.4.14078'. [ 3067.794832][T29219] netlink: 28 bytes leftover after parsing attributes in process `syz.2.14103'. [ 3068.050789][T29231] pim6reg0: tun_chr_ioctl cmd 62735 [ 3068.260756][T29248] netlink: 204 bytes leftover after parsing attributes in process `syz.0.14120'. [ 3068.614514][T18341] Bluetooth: hci5: command 0x0406 tx timeout [ 3069.101901][T29300] netlink: 132 bytes leftover after parsing attributes in process `syz.4.14143'. [ 3069.546785][T29319] netlink: 204 bytes leftover after parsing attributes in process `syz.1.14152'. [ 3070.165611][T29347] netlink: 48 bytes leftover after parsing attributes in process `syz.3.14166'. [ 3070.469937][T29359] pim6reg1: entered promiscuous mode [ 3070.492278][T29359] pim6reg1: entered allmulticast mode [ 3071.040891][T29394] netlink: 8 bytes leftover after parsing attributes in process `syz.3.14188'. [ 3071.097771][T29400] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14188'. [ 3072.262043][T27154] IPVS: starting estimator thread 0... [ 3072.302114][T29463] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 3072.358982][T29471] __nla_validate_parse: 3 callbacks suppressed [ 3072.359002][T29471] netlink: 12 bytes leftover after parsing attributes in process `syz.4.14226'. [ 3072.386589][T29466] IPVS: using max 29 ests per chain, 69600 per kthread [ 3072.466587][T29475] netlink: 204 bytes leftover after parsing attributes in process `syz.0.14228'. [ 3072.717959][T27154] IPVS: starting estimator thread 0... [ 3072.725513][T29487] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 3072.819228][T29494] IPVS: using max 27 ests per chain, 64800 per kthread [ 3073.063218][T29509] netlink: 204 bytes leftover after parsing attributes in process `syz.3.14242'. [ 3073.766262][T29550] netlink: 'syz.1.14261': attribute type 27 has an invalid length. [ 3074.094692][T29564] bridge0: port 2(bridge_slave_1) entered disabled state [ 3074.102175][T29564] bridge0: port 1(bridge_slave_0) entered disabled state [ 3074.218873][T29564] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3074.235515][T29564] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3074.362429][T27164] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3074.395983][T27164] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3074.430103][T27164] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3074.460020][T27164] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3074.533058][T29585] netlink: 144 bytes leftover after parsing attributes in process `syz.3.14277'. [ 3074.909728][T29610] netlink: 24 bytes leftover after parsing attributes in process `syz.1.14288'. [ 3075.087436][T29620] netlink: 8 bytes leftover after parsing attributes in process `syz.4.14294'. [ 3076.122340][T29687] netlink: 'syz.0.14327': attribute type 3 has an invalid length. [ 3076.296357][T29701] pim6reg1: entered promiscuous mode [ 3076.312225][T29701] pim6reg1: entered allmulticast mode [ 3076.442464][T29712] macsec0: entered allmulticast mode [ 3076.952326][T29742] pim6reg1: entered promiscuous mode [ 3076.982169][T29742] pim6reg1: entered allmulticast mode [ 3077.982833][T29801] pim6reg1: entered promiscuous mode [ 3077.988217][T29801] pim6reg1: entered allmulticast mode [ 3078.618117][T29839] bridge_slave_1: left allmulticast mode [ 3078.658679][T29839] bridge_slave_1: left promiscuous mode [ 3078.664465][T29839] bridge0: port 2(bridge_slave_1) entered disabled state [ 3078.716029][T29839] bridge_slave_0: left allmulticast mode [ 3078.738656][T29839] bridge_slave_0: left promiscuous mode [ 3078.750619][T29839] bridge0: port 1(bridge_slave_0) entered disabled state [ 3079.391605][T29861] pim6reg1: entered promiscuous mode [ 3079.408346][T29861] pim6reg1: entered allmulticast mode [ 3079.670378][T29879] netlink: 204 bytes leftover after parsing attributes in process `syz.0.14421'. [ 3079.930176][T29894] xt_bpf: check failed: parse error [ 3080.148625][T29907] tipc: Enabled bearer , priority 0 [ 3080.174002][T29907] tipc: Resetting bearer [ 3080.197618][T29908] tipc: Enabled bearer , priority 0 [ 3080.214367][T29904] tipc: Disabling bearer [ 3080.228093][T29908] syzkaller0: entered promiscuous mode [ 3080.234009][T29908] syzkaller0: entered allmulticast mode [ 3080.282681][T29908] tipc: Resetting bearer [ 3080.306282][T29905] tipc: Resetting bearer [ 3080.356786][T29905] tipc: Disabling bearer [ 3080.535613][T29928] wg2: entered promiscuous mode [ 3080.540676][T29928] wg2: entered allmulticast mode [ 3081.218042][T29962] netlink: 76 bytes leftover after parsing attributes in process `syz.4.14458'. [ 3083.013312][T29996] netlink: 'syz.3.14472': attribute type 10 has an invalid length. [ 3083.061312][T29996] team0: Device ipvlan1 failed to register rx_handler [ 3083.690155][T30042] netlink: 60 bytes leftover after parsing attributes in process `syz.1.14493'. [ 3083.733440][T30039] netlink: 60 bytes leftover after parsing attributes in process `syz.1.14493'. [ 3083.769108][T30042] netlink: 60 bytes leftover after parsing attributes in process `syz.1.14493'. [ 3083.968679][T18341] Bluetooth: hci1: command 0x0406 tx timeout [ 3084.606445][T30050] netlink: 'syz.2.14497': attribute type 10 has an invalid length. [ 3084.780370][T30061] netlink: 'syz.1.14504': attribute type 29 has an invalid length. [ 3084.814327][T30061] netlink: 'syz.1.14504': attribute type 29 has an invalid length. [ 3084.906621][T30071] netlink: 8 bytes leftover after parsing attributes in process `syz.3.14508'. [ 3084.932604][T30071] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14508'. [ 3085.454070][T30104] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14522'. [ 3085.504954][T30104] netlink: 4 bytes leftover after parsing attributes in process `syz.0.14522'. [ 3087.622735][T30152] pim6reg1: entered promiscuous mode [ 3087.628175][T30152] pim6reg1: entered allmulticast mode [ 3088.092729][T30179] pim6reg1: entered promiscuous mode [ 3088.102177][T30183] [ 3088.104829][T30183] ============================= [ 3088.106523][T30179] pim6reg1: entered allmulticast mode [ 3088.109717][T30183] WARNING: suspicious RCU usage [ 3088.109746][T30183] 6.16.0-rc6-syzkaller-01646-g56613001dfc9 #0 Not tainted [ 3088.109765][T30183] ----------------------------- [ 3088.109775][T30183] kernel/events/callchain.c:163 suspicious rcu_dereference_check() usage! [ 3088.109791][T30183] [ 3088.109791][T30183] other info that might help us debug this: [ 3088.109791][T30183] [ 3088.109801][T30183] [ 3088.109801][T30183] rcu_scheduler_active = 2, debug_locks = 1 [ 3088.109820][T30183] 1 lock held by syz.0.14557/30183: [ 3088.109834][T30183] #0: ffffffff8e13f2c0 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x38/0x80 [ 3088.109910][T30183] [ 3088.109910][T30183] stack backtrace: [ 3088.109923][T30183] CPU: 0 UID: 0 PID: 30183 Comm: syz.0.14557 Not tainted 6.16.0-rc6-syzkaller-01646-g56613001dfc9 #0 PREEMPT(full) [ 3088.109949][T30183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3088.109962][T30183] Call Trace: [ 3088.109971][T30183] [ 3088.109981][T30183] dump_stack_lvl+0x189/0x250 [ 3088.110017][T30183] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3088.110049][T30183] ? __pfx__printk+0x10/0x10 [ 3088.110103][T30183] lockdep_rcu_suspicious+0x140/0x1d0 [ 3088.110141][T30183] get_callchain_entry+0x2b6/0x3c0 [ 3088.110183][T30183] get_perf_callchain+0xa1/0x6b0 [ 3088.110253][T30183] ? __pfx_get_perf_callchain+0x10/0x10 [ 3088.110292][T30183] ? preempt_schedule+0xae/0xc0 [ 3088.110317][T30183] __bpf_get_stack+0x3fc/0xa60 [ 3088.110363][T30183] ? __pfx___bpf_get_stack+0x10/0x10 [ 3088.110396][T30183] ? __lock_acquire+0xab9/0xd20 [ 3088.110434][T30183] bpf_get_stack+0x33/0x50 [ 3088.110464][T30183] ? bpf_prog_b8a90dd1efcc4ad9+0x46/0x4e [ 3088.110487][T30183] bpf_get_stack_raw_tp+0x1a9/0x220 [ 3088.110524][T30183] bpf_prog_b8a90dd1efcc4ad9+0x46/0x4e [ 3088.110546][T30183] bpf_prog_run_pin_on_cpu+0xbc/0x150 [ 3088.110573][T30183] bpf_prog_test_run_syscall+0x312/0x4b0 [ 3088.110601][T30183] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 3088.110623][T30183] ? __fget_files+0x2a/0x420 [ 3088.110648][T30183] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 3088.110672][T30183] bpf_prog_test_run+0x2c4/0x340 [ 3088.110697][T30183] __sys_bpf+0x4a4/0x860 [ 3088.110732][T30183] ? __pfx___sys_bpf+0x10/0x10 [ 3088.110787][T30183] ? rcu_is_watching+0x15/0xb0 [ 3088.110820][T30183] __x64_sys_bpf+0x7c/0x90 [ 3088.110850][T30183] do_syscall_64+0xfa/0x3b0 [ 3088.110870][T30183] ? lockdep_hardirqs_on+0x9c/0x150 [ 3088.110890][T30183] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3088.110910][T30183] ? clear_bhb_loop+0x60/0xb0 [ 3088.110937][T30183] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3088.110956][T30183] RIP: 0033:0x7fa33798e9a9 [ 3088.110976][T30183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3088.110993][T30183] RSP: 002b:00007fa3387fb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 3088.111013][T30183] RAX: ffffffffffffffda RBX: 00007fa337bb5fa0 RCX: 00007fa33798e9a9 [ 3088.111028][T30183] RDX: 000000000000000c RSI: 00002000000004c0 RDI: 000000000000000a [ 3088.111042][T30183] RBP: 00007fa337a10d69 R08: 0000000000000000 R09: 0000000000000000 [ 3088.111055][T30183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3088.111067][T30183] R13: 0000000000000000 R14: 00007fa337bb5fa0 R15: 00007fff3f05d678 [ 3088.111120][T30183]