last executing test programs: 3.659745637s ago: executing program 4 (id=1215): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x3, 0xffffffff}, 0x10) r1 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x541b, &(0x7f0000000240)={'sit0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000001140)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, &(0x7f0000001200)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000011c0)={0x0}, 0x1, 0x0, 0x0, 0x4008800}, 0x20004010) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETLINK(r2, 0x400454cd, 0x10e) r3 = socket(0x1e, 0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r4, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x8000) 2.679552174s ago: executing program 4 (id=1225): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x28, r1, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0xc, 0x2c, 0x0, 0x1, [{0x20, 0x0, 0x980}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x14001}, 0x9590f6cc3ea35512) (fail_nth: 2) 2.577662139s ago: executing program 1 (id=1227): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000700)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r1, @ANYRESHEX], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x10) 2.01110024s ago: executing program 4 (id=1229): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)={0x60, r3, 0x1, 0x0, 0x10000000, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME={0x43, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, @broadcast, @device_a, @initial, {}, @value=@ver_80211n={0x0, 0x64, 0x2, 0x0, 0x0, 0x2}}, 0x0, @random, 0x0, @void, @val, @void, @void, @val={0x6, 0x2, 0x6}, @void, @void, @val={0x2a, 0x1, {0x1}}, @val={0x3c, 0x4, {0x0, 0x0, 0x2}}, @void, @val={0x72, 0x6}, @void, @void}}]}, 0x60}}, 0x20000000) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'ip6_vti0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2c00000014000100fffffffbffdbdf250a00a100", @ANYRES32=r5, @ANYRES32=r1], 0x2c}}, 0x240050c0) 2.005117062s ago: executing program 1 (id=1235): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) (async) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={0x14, 0x15, 0x301, 0x0, 0x0, {0xc}}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x4000000) 1.943000322s ago: executing program 4 (id=1237): r0 = socket$inet(0x2, 0x2, 0x0) socket$phonet(0x23, 0x2, 0x1) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @remote}, 0xc) socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x1e, 0x4, 0x0) recvmmsg(r1, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000140)=""/54, 0x36}], 0x1, &(0x7f0000000200)=""/153, 0x99}, 0xffffffff}], 0x1, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r2, &(0x7f0000000940)={@val={0x800e, 0x6002}, @void, @eth={@broadcast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @empty}, {0x4500, 0x0, 0x14, 0x0, @gue={{0x2, 0x1, 0x2, 0x10, 0x0, @val=0x80}, "8ae276e5"}}}}}}}, 0x3a) 1.801625247s ago: executing program 1 (id=1239): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, 0x43, 0x9, 0x0, 0x0, {0x3}, [@typed={0x8, 0x2, 0x0, 0x0, @pid}]}, 0x1c}}, 0x24000044) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), r3) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x8933, &(0x7f0000000340)={'wg0\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="78030000", @ANYRES16=r4, @ANYBLOB="37040000000000000000010000005c03088030000080060005000000000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39223400008004000980060005000080000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922f4020080cc02098034000080060001000200000008000200ac1414aa0500030003000000060001000200000008000200640101010500030000000000a0000080060001000a00000014000200000000000000000000000000000000000500030003000000060001000a00000014000200000000000000000000000000000000010500030001000000060001000200000008000200ac1414bb0500030002000000060001000200000008000200e00000010500030000000000060001000a00000014000200fe80000000000000000000000000003305000300020000001c000080060001000200000008000200ac1414bb050003000200000028000080060001000a00000014000200fc000000000000000000000000000001050003000000000034000080060001000200000008000200ac1414bb0500030003000000060001000200000008000204e0000002050003000000000088000080060001000a00000014000200ff0100000000000000000000000000010500030003000000060001000a00000014000200fe80000000000000000000000000002e0500030003000000060001000a00000014000200fe8000000000000000000000000000aa0500030001000000060001000200000008000200e00000020500030001000000f4000080060001000a00000014000200fe80000000000000000000000000002f0500030003000000060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200e00000010500030001000000060001000a00000014000200200100000000000000000000000000010500030001000000060001000200000008000200ac1414300500030000000000060001000200000008000200ac1e00010500030002000000060001000200000008000200000000000500030003000000060001000a00000014000200fc010000000000000000000000000000050003000200000024000100000000000000000000000000000000000000000000000000000000000000000008000100", @ANYRES32=r6], 0x378}}, 0x0) sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x38, r4, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x8}, @WGDEVICE_A_FLAGS={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x48040}, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), r1) r7 = socket$igmp6(0xa, 0x3, 0x3a) setsockopt$MRT6_TABLE(r7, 0x29, 0xcf, &(0x7f0000000000)=0xfd, 0x4) sendmsg$alg(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x840}, 0x4040880) sendmsg$nl_route_sched(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001dc0)=@newchain={0x80, 0x64, 0xf09d2fbf8b68c555, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xffff, 0x8}, {0xfff1, 0xd}, {0x9, 0xfff1}}, [@filter_kind_options=@f_flow={{0x9}, {0xc, 0x2, [@TCA_FLOW_BASECLASS={0x8, 0x3, {0x7, 0xa}}]}}, @filter_kind_options=@f_flower={{0xb}, {0x38, 0x2, [@TCA_FLOWER_KEY_IPV6_SRC={0x14, 0xe, @loopback}, @TCA_FLOWER_KEY_ETH_DST_MASK={0xa, 0x5, [0xff, 0x0, 0xff]}, @TCA_FLOWER_KEY_ENC_IPV6_DST_MASK={0x14, 0x22, [0xffffffff, 0x0, 0xffffff00, 0xffffff00]}]}}]}, 0x80}, 0x1, 0x0, 0x0, 0x80}, 0x44000) 1.461667382s ago: executing program 2 (id=1244): socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r0, &(0x7f0000004440)={&(0x7f0000000000)=@id={0x1e, 0x3, 0x0, {0x4e22, 0x3}}, 0x10, &(0x7f0000004340)=[{&(0x7f0000001d80)="34cbf9c55466da0eadc249236ab3cbf316717306be4c08c8c7da1f1ee04ab4b4eac14995ebdf620ff778a4e3452587e42a3c6aa1bd35dfd99f23b525893bc3b5f9f3bed1986bf8d0dddd7c5cdada611f9bf641e421ed71a842d84fa289a542f941d6e06b2b14e2a706ce30acf7d82f224f3e30cadd9d15f3dddbb29dbeb9f68fb68bedb91e0b1ef48832778fe36699c7ebf101659a8f476c4a065eac71d6d1e7fafc6f25ec2c9a8f431fe347a2d30e912c5b2397613ce784637ec71e37566eb0548b461f71028459c6f137c18737d58b56949d022bf1eaf486692bb76836a233c7879d740ad0beaf5159d3380442824f536a41bb22d08fe53952b9c6fed2605d53311c71b455655f96ea6a87e41e9211e90170b0a2b1a2098175ebcd33d517085d224122264cddadd82a3d11bc4a33ce66108b22b1abc6243d306d8f6b8a2ddb5373c190d8f859a3174a200936b079f85edcac7fc03fb993ec0ff8b83f1fd3f1b888d192d99c7ede5d381784d25410cccf1b0bf26a54f065e1e3ec59cc5704fb658fc980a0ac4287ef884ee82007554be3f1e163c81468d0c26c95e3e12393776e32800bb4f086f19080c4fca3d72e8569a5627ce98f2ae0bdb3ec42c23847d47e10b1c58da7e9cea990da842d96e3a51ed7d892f7b28a10486424a69a9109ebd4d7d5a3768400ac000a6d7556ca192e5cd45efb82001ac7b53e03036b6019a07ffb545cd3853e077f08a015f6232488c1139a9409c95ed005261e36b307406ba5714ef395129345866109341feb6c7c458ce08c147a983b46375ddb3621cee0312ba1a434bcd6081e1a8ae8b6d518988b9965faf9aff86df8173b93342cceaec357a100e59b4d66553633626b0b12e9622b8f8fdfe26545b87c57f8ce8609fb8e19b0f6d1cd64e8de85c7327f543b2f38cf3086b57f85e1aaa4add723e4bc4e3ea2c27acec1e545ae3fc870bd42422f6eaf17a1f82699c9cadf224ea1e5d1705b49118d91cc3731aeed60e41bf15a9613aeda8e63a29bc7a95b2d993d23269a310b91f69d16a71243c0f4080d3359f5ddd63c7032bef14ab25eb7df4b28b2132bcbf94a281c8f5de79885a6d679f145fca292b599bb09a1864726d86b65d4781408320b968e2224c23ce7a56d8892970043737ae47f071aaeb219716bc21e3304e301eb5cd32aea951a70621eb870214a72e6c474c3a20f5bd8e089ba16326cc9a80a1a4f5f0e8f58629e20b1c73eb8af330744b187a5cfdb410466378313700ca44eb6dcbc8f3d70f58e134202546f0b1a3b61a298f2a1184b1533bdad308fa2f960087e0f239d2ccbaee3889ddc1a2bea2183b98854d255a6f708909134fab83f42f13e7604f602e264f4a3b2b2a08c673c7ce2813218159b472d3b20ecbf26dd2f7b3ba5298a4ff7444ea0936e098c126f590b05e7697ed8a3d52ba1abc7285de2f160b9b081cb775a5ab77aad1bb98d47e3da53fc4c11d4db47de1e4e6f56ad671f5d8389b33260cc546e4f0bf34fec9b2abd209e6b89e6e381367774676ed6e6eaffe42b07241c276f3c84f17a0762de83eb769bdf28991ddbc23758f01c9ecfba4ab2ca2118fcedd7adde9ff47f643c13e3ad2f13b576985128f233e329fe269d5745cd2b30e5762452a4ff58fdec30623175f8d575ced1c43411e2869aadbe6f1e79a010bca334cb08d545bc2808f359b7777d1bb5675ee210574b9f72cdeb071e07eeaa0988086213a37a972647cf21d3a3bcbd7359da327bacad41b93c5e0e494669109dddcec781774f248f5663e4fac187d42ffccf68335de2adac4f8d3e1bf04b95a9464960186ed019773ffeda18f9827a61edc5fc4088eb0965cb1bd8af1185aa3972b8f73839b4611e303bcbc1f84a330f60fa0a7795ea3cffe0e338406533e12c7deef0b5906c513eab4619a8f02fdd65dcfb7297ef971c4601ad079f7ad38278ae3ff455b37d5492af546975535450693fd4593c8157b3fdb16fd3a106d2f1509d1c06dabb8933269d790a1c5e5f7bdd4a57e1e670d7043cfed88c365b5f8eefe530ef7da5322df981723332c088fce89c2ceee23b420f64332243b9c606d67d538810a94e0ffbd37a119d8fc4d6caec0def40e62613873c74feabde63e12cb2016c1d35cf1bb95bf59e01a63be8825cb3118b74b106f21eef5ee2f41e5fb39fdde058050f780d98ced247c66fc3a03ba04edaf14d698859ba303d511cf0845dc5e269aef2287770a247fd5ae1299b45819ff41725f9da3e4dab7770eb83992b53ae9a9de69e764f6e3aee3e27cfb1bacf531a91605894ae209da6d25872fb54bf36b2ed450b51aa8ee4875b9bc7e55753f61e12a323d301faceb2ecff0686b1359343a94774a6a098dc2df440725cd8331f527d4e22f8090d8879ef4765849705b99465d7ebdf661b81c303d13b87270dc1f227d5954fcbc93bbce6fde2a1f8d573d9cd8130c173a14706f1e9dabc4d16a5b003dd3239faf91769e25cf007b0623141e4e57f11746cd62f20d73956fa84c6a12e1756b6671a64bd7a474ba425907e1a61ba6d2ffa1149165a713a141bfec0f1af51afebdb84d5f14eb51acc284403627d6ce48fd028dc04e00ed963de37f85d155c33e2b4ceb09044c4f1c7791348216b674a8831a232a638f8bfb396fabbe1f880944bc5dcac55df8abc78f804306c88617acfd4adfbb5a055d3d3e91abb763ad84e701cc5679498e04600570f4b2e57c70542043dc590ab363215e6ab3f0bd89383748783d01c9227229edac723d4e2eaa061a44f2630691f25ca6093775183fdf432e01322203dd654b336670116a6a52a27ff2032b1103a4e4be0cc2fb05b24352d72e374e90cc3db2a5a691c7f6b8d1058d7730433c742d8ce52074318b1bce9bb104cf90c8b7f65293c2b74434661444f38d94d977e03433440517f6155a3cad2621c5502dd6148b867a40e6a40be4c8265ec2164b5257f06da1784e98991f42003ced4ba67c23b8c654b542d2d31168fd853cf56cc2c464d7a8a9fbcd2715968788f8527c597ab5f917753c1f1708d2c19972373c5a22af71847de22b9f1e9d38a04ea4dd291da3099cb836a696350bf1263c3c275c27b8b82f604625451a24490b0b5367c2fd05e699546ddf17709d2e2c2710f4361d9dd6e2de2b4353b7f4f8141f6f989dc1a798a974565978e4f9ec0c59a7dbc04bcab072c8513b9ca782c22cdd31fb116c10081740fd8f7d0cbd5c54f1069297f20b45d79bb9ace8e851a655fedf47b2dc76fd30b9ba9f09c9b50d6910ffcdec7078c36fe1e9b19dbb110197496349560a43c0ab42b4ce286643e73a92246ecb71e95ce0d54114772f8477c7d5604c1a52d2f680c5868cf08a2688dd9fef492a01836112cec824483e77da93d104a9e18d06bddf9a4007740a0537ac1a5e09900acc65d52680212a15b68b0ef887228e06f533c1ca95b8f9d81b9fc6608cb5bacf4b867922999c69d46048ec3f408866789f49fcb176fc99ed9d3e6c357ed2e3ce2665925773e5d86c2ceaf8f18519a00d9d2e19e9a6b16af0a53fd7df6974f5db00494460e7f3de6ff6b642859335e020513bb525adddabf0d7d6ae85e7e56e32ca8acc07fe86b7b445358966ba3914c1dfa7b814d9e846ff02a6a8c8f5713a0f727024b5d1ea7e4ce7c64f9b24dd3337a3df33714c5404403b0304b25a66fe3ac85083965877117b3d721e7922f0ac7e278feeb8dc09f58cbcfbb81b11d4699737f37ac240a24b9c4b2b587e68974f7ca5561856f32e389d32056f7d58e4de24c11bd5c5afaa441120370d0c48341e1b8146a6bbca8c15f23c155d2533e97a8e6496bc00533ec83be8488d020708d97385a03bcbf57cadc2c1e575e1ac134cdb5047f3f88eae0230751626cea1c85da9b74ddace668afebb2dc66d302ddf3c5f8f21ac0c0535d00839457e7cac9282a8e49d018b077e38ea512cf28eacff5d98e880abfb5af2e7c039d2e1f1edaad2642963ef29d715f754e2715caa6af046a298b285e3582d903be726b608619332e1a82be48b0f5adf6838f41ff776e5290de8269794bce8fb971267d036bd6bd30e42df918125d573ced78263251bcae2b7b40f1ba855b4f2472312ea8752c4a0e09468bd25615a6c00a9b44c484c5507b8400537f20890e9499ec94ed2b6aeff21e57c6e8a93d80097f85ac9316b03a5f768721bf7d041bb9a6a03eabd615e3c4d74f56c429d53b8fec4b5e86c5b311a6cd4a86f03e04dab25ad65b68a8b8d9053993fd2440ff2b81768213084c831d31a0f8c646aff9090b5463cbee452abd6318340ec41b50f1deba7ffb60b326751de3f6dbf9b17714299233d5c43071367ece2e53212e7f4e084fea60850d4d16908d9bbbb531fbf72143fdb62d1b40afde3d0b2ac2c94c32e456bbef62f8d677e332aec8ccc8eedbac61e7b89b32d57157a39ad5c456258d9c36db0edc82c2baead990ee78007ed89c8f450e92d5e209cc25f7c13f5909ca404fddbdbeff89cc42350c91e9f1fdf9753c6e95f71257f8cbb97838684461cd1244c938b9939a4e9c7727902b6f1a5434e0a06d3fc221771dd87572ae801c5ce6886122f0c91dae57440ffc7ace4e8e0041a1d245103aaadbfc2ecff622228daed2b0cd30f7f59b2617f6f0571ee4403d84e652d78b8e64d5450b6483ef70582dcda9351f2dddd3a4ac84f514f708d3af6242501bd041beae78e6b29b517b534148ea91ef85653fec824d6ddb0c0fa2555ab2564ba29227b1046b48a11ee0e6aafda9d0b80b0f05a8d057cbeb16264cb579aea3ba2b2000052d03c77844ab7c81be3110a36a27aeffe0ad5a8a7385a1913a64fb2db630e8fc8017828cea60f327c3a510b441d94d32584e55f7c2320d89b2ba3d44d832b8e7c5f45442de9ef37d057e6d0c6664e8d74e23f18336d41a3e38c2cda49050cb32ca7040a388c75741ac07d3befc714df35dc92ff70ad041cf17b70a971c142bb89ecfe25290750e989c8666560a61b62fdc4fadef7f30b6269a669ef99be7e7ba7ddddf99949fedc0c331796988c6eedb5c66cbe2870a2affce0b550c3411a2aaf302481ee93398c0fbc0c815cfe1e78bf8fed7f19f2c2dae17a4533aa85f6b787f8072adda379118d76dbba3cebfc4c8aacbb1f79a28ec3a0ec99816e3c8721ddcde1ce73b0704063474", 0xe50}, {0x0}, {0x0, 0xfffffc1d}, {0x0}, {&(0x7f00000020c0)}], 0x5, 0x0, 0x0, 0x20000010}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendto(r1, &(0x7f00000000c0)="baf2f0a86e64fe4dbef1f870662b960b3e685e8e0709f019f30e735f8fbc038d9101ab0795b0d838", 0x28, 0x40000, &(0x7f0000000100)=@llc={0x1a, 0x305, 0x5, 0x8, 0x4, 0x1, @broadcast}, 0x80) syz_emit_ethernet(0xa0, &(0x7f0000000000)={@multicast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x92, 0x0, 0x0, 0x0, 0x11, 0x0, @broadcast, @multicast1}, {0x0, 0x4e20, 0x7e, 0x0, @wg=@data={0x4, 0x0, 0x0, "cd0916a0b27bd4f8bf8e442badd4535884ee43d459576e911374dbc44e3d42a9c49dc2cb46f199e3e9e1dc6bed1dd801201575c22755e38b28309a4c597511cd3b7df56bd57c7a46ebb43a1e536f2ac26f64e8f061928f949e4e4ca741b45557df936fd715f6"}}}}}}, 0x0) 1.434504467s ago: executing program 3 (id=1245): syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="50000000020605000000000000000000000000000c00078008000640001000000500010006000000050005000200000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x50}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) 1.360622606s ago: executing program 2 (id=1246): r0 = accept$ax25(0xffffffffffffffff, &(0x7f0000000000)={{}, [@null, @bcast, @null, @netrom, @null, @remote, @rose, @default]}, &(0x7f0000000080)=0x48) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f00000001c0)) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400000010000107000000810000000003"], 0x14}}, 0x0) recvmmsg(r1, &(0x7f0000005680)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r3, &(0x7f0000000400)="c0", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0xfffffffe, @dev, 0x15}, 0x1c) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, 0x0, &(0x7f0000000100)) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000)) r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$FIGETBSZ(r3, 0x2, &(0x7f0000000340)) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000002c0)='bdi_dirty_ratelimit\x00', r6}, 0x10) r8 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={r8, r7, 0x0, 0x0, 0xfffffffffffffffe}, 0x30) ioctl$sock_rose_SIOCADDRT(r5, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bpq0, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}) r9 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r5, 0x890b, &(0x7f0000000480)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x3, @bcast, @bpq0, 0x8, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}) ioctl$sock_rose_SIOCADDRT(r9, 0x890b, &(0x7f00000000c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x3, @default, @bpq0, 0x6, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @bcast, @bcast]}) r10 = socket$kcm(0x29, 0x0, 0x0) r11 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r11, 0x0, 0x80, &(0x7f00000005c0)=@nat={'nat\x00', 0x19, 0x4, 0x90, [0x200000000100, 0x0, 0x0, 0x200000000130, 0x20000000036c], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000010000000000000000000000000000000000200"/144]}, 0x108) setsockopt$kcm_KCM_RECV_DISABLE(r10, 0x119, 0x1, &(0x7f0000000300)=0x80, 0x4) syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1) 1.30903132s ago: executing program 3 (id=1248): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='westwood\x00', 0x9) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) shutdown(r0, 0x1) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty, 0x10}, 0x1c) 1.202606788s ago: executing program 0 (id=1249): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000580)={@mcast1, @dev={0xfe, 0x80, '\x00', 0x22}, @mcast1, 0x2000000, 0x7d, 0x7d, 0x0, 0x0, 0x2930310}) socket$kcm(0x29, 0x5, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)="d8000000180081064e81f782db44b904021d005c06007c09e8fe55a10a0015400100142603600e120800060000000401a800080008000c4003001100036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4}, [@map_idx={0x18, 0x9, 0x5, 0x0, 0x3}]}, &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x40f00, 0x34, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0)={0x2, 0x6, 0x7fffffff, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000100)=[0x1, 0x1, 0x1, 0xffffffffffffffff], 0x0, 0x10, 0x6, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='fdb_delete\x00', r2, 0x0, 0x8}, 0x18) 1.201712407s ago: executing program 3 (id=1250): r0 = syz_init_net_socket$ax25(0x3, 0x5, 0xc4) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000000940)={'filter\x00', 0x104, 0x4, 0x3f0, 0x220, 0x220, 0x0, 0x308, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast2, @empty, 0x1, 0xffffffff}}}, {{@uncond, 0xc0, 0x110, 0x0, {0xb000000}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@multicast, @mac=@random="cab170e97230", @multicast1, @remote, 0x8}}}, {{@arp={@rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xffffffff, 0xff000000, 0x0, 0x0, {@mac=@remote, {[0x0, 0x0, 0xff]}}, {}, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 'xfrm0\x00', 'ipvlan1\x00', {}, {0xff}}, 0xc0, 0xe8}, @unspec=@AUDIT={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440) setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000040)=@bpq0, 0x10) close(r0) 1.086192296s ago: executing program 2 (id=1251): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = socket$unix(0x1, 0x2, 0x0) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a670f, 0x40) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb0100180000000000000030000000300000000400000002000000000000110300000000001500000000000100000d000000000f00000000000000020000000000000c02000000000061"], 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000300813ddc532119524c02b9998e9a9c5c80e73a36e9306c211e3fcd80abc2bf41e4bcceaba868f33254cf7a556e066a28e2d7160895e615d864941d093130fabec9b92a54ddc2b257a31e0a51ac4c6856809e53", @ANYRES32=r4, @ANYBLOB="0c002c802000000080090000"], 0x28}, 0x1, 0x0, 0x0, 0x14001}, 0x9590f6cc3ea35512) 1.021740625s ago: executing program 0 (id=1252): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0904000000000000000002000000540004802c0001800e000100696d6d656469617465000000180002800c00028005000100c4000000080001400000000924000180090001006d6574610000000014000280080002400000000808000140f6ffff0f0900010073797a30000000000900020073797a320000000020000000080a05000000000000000000020000000900010073797a300000"], 0xc8}}, 0x0) sendmsg$IPSET_CMD_RENAME(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x2c, 0x5, 0x6, 0x201, 0x0, 0x0, {0x3, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008090}, 0x4000000) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f00000001c0)=@ethtool_ringparam={0xa, 0x0, 0x300, 0x80, 0x0, 0x5, 0xfff}}) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x6ebdbcf684324f7}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="14020000", @ANYRES16=r2, @ANYBLOB="000228bd7000fedbdf2505000000740003800400010008000200f9ffffff64000500cae82bdd5e182c5dee288ec6a817863f3dbbd8fe9ef7cae876b8ec69125df3d7b04256aa6f9a77125bd65303928c38a58590bd60f9112530d1033bf041c147452744156ff1f43ecc7f930e5f84b479bff9770a8e7245306839bd4535d93fb43608000900080000000800090004000000050007000500000005000600080000006001038048000380440001800c0002006272696467653000040003000d0002007b5e2d2d215e5b5b00000000040003000800010001010000070002003a5e00000c00020062726964676530005000050043480835876e4d000000000000010199afd8a158fbcbd405e1febf72f36684800f6feccac5ef3de6f8fdd56a96882a70e8021f8a008b1483573e9ccda4375a01365aba25c82d4883d1cef98424000380200001800400030004000300060002005e0000000c00020062726964676530009c0004005263bee1bce96628fe8e206bcd2f2335a555e17a2c2c88bd3c7878f1d43194eb963b739be7f8035cba6e306c12d985c60a0b7b08f62d1287f90df4b7bb9f2c288945c9d290e30c9b8dbf7107be80441b04ca5b4dd54685ba86150379dedb6da612be4237ebc189f0890508b3677c09b94be1ad1489b2b99f77e490c031a9d468e74e887aecc05869c149f7e9f466638766d0801307034d7f040001000c0001800800030001000000"], 0x214}, 0x1, 0x0, 0x0, 0x40}, 0x8014) 991.464702ms ago: executing program 3 (id=1253): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x28, r1, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0xc, 0x2c, 0x0, 0x1, [{0x20, 0x0, 0x980}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x14001}, 0x9590f6cc3ea35512) (fail_nth: 4) 921.997871ms ago: executing program 0 (id=1254): r0 = socket(0x2d, 0x2, 0x0) sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x2d, 0x0, 0x1f, 0x800}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0xc0}, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000000), &(0x7f00000002c0)=0x8) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f00000002c0)={0x0, 0x9, 0x10, 0x40, 0x7}, &(0x7f0000000340)=0x18) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r3) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r3) recvmmsg(r3, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001b40)=""/153, 0x99}, {&(0x7f0000000840)=""/4097, 0x1001}, {&(0x7f0000000540)=""/202, 0xca}], 0x3}, 0x6}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/188, 0xbc}, {&(0x7f0000001880)=""/238, 0xee}, {&(0x7f0000000040)=""/48, 0x30}, {&(0x7f00000000c0)=""/60, 0x3c}, {&(0x7f0000001c00)=""/4103, 0x1007}, {&(0x7f0000000640)=""/68, 0x44}, {&(0x7f00000006c0)=""/227, 0xe3}], 0x7}, 0x7ffffffe}, {{0x0, 0x0, 0x0}, 0x27}], 0x5, 0x40000000, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMKSA(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="340000005a452cc41b1163ed509f096d133d6c4d9b23a9b3179190148c99384bdac13477b02e7cf4d16d4f982bc84000ae375f8f6adc471995e0", @ANYRES16=0x0, @ANYBLOB="000229bd7000fcdbdf253400000008000300", @ANYRES32=r4, @ANYBLOB="05002001110000000600fd006a0c000008001f0129000000"], 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x12) openat$cgroup_type(r3, &(0x7f00000001c0), 0x2, 0x0) socket(0x2d, 0x2, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x2d, 0x0, 0x1f, 0x800}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0xc0}, 0x0) (async) socket$inet_sctp(0x2, 0x5, 0x84) (async) socket$inet_sctp(0x2, 0x5, 0x84) (async) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000000), &(0x7f00000002c0)=0x8) (async) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f00000002c0)={0x0, 0x9, 0x10, 0x40, 0x7}, &(0x7f0000000340)=0x18) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) (async) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r3) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r3) (async) recvmmsg(r3, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001b40)=""/153, 0x99}, {&(0x7f0000000840)=""/4097, 0x1001}, {&(0x7f0000000540)=""/202, 0xca}], 0x3}, 0x6}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/188, 0xbc}, {&(0x7f0000001880)=""/238, 0xee}, {&(0x7f0000000040)=""/48, 0x30}, {&(0x7f00000000c0)=""/60, 0x3c}, {&(0x7f0000001c00)=""/4103, 0x1007}, {&(0x7f0000000640)=""/68, 0x44}, {&(0x7f00000006c0)=""/227, 0xe3}], 0x7}, 0x7ffffffe}, {{0x0, 0x0, 0x0}, 0x27}], 0x5, 0x40000000, 0x0) (async) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_PMKSA(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="340000005a452cc41b1163ed509f096d133d6c4d9b23a9b3179190148c99384bdac13477b02e7cf4d16d4f982bc84000ae375f8f6adc471995e0", @ANYRES16=0x0, @ANYBLOB="000229bd7000fcdbdf253400000008000300", @ANYRES32=r4, @ANYBLOB="05002001110000000600fd006a0c000008001f0129000000"], 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x12) (async) openat$cgroup_type(r3, &(0x7f00000001c0), 0x2, 0x0) (async) 813.635497ms ago: executing program 1 (id=1255): socket$nl_netfilter(0x10, 0x3, 0xc) (async) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYRESHEX=r0, @ANYRES64], 0xa8}, 0x1, 0x0, 0x0, 0x20044801}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038004000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a3000"], 0x84}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000) 813.378135ms ago: executing program 2 (id=1256): r0 = socket$inet(0x2, 0x800, 0x84) listen(r0, 0x2f) (async) r1 = socket$netlink(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000980)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWFLOWTABLE={0x14, 0x16, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x4}}, @NFT_MSG_DELSETELEM={0x18, 0xe, 0xa, 0x301, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}, @NFT_MSG_NEWTABLE={0x24, 0x0, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFTA_TABLE_USERDATA={0x4}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x30, 0x16, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xa8}, 0x1, 0x0, 0x0, 0x4000000}, 0x90) (async) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x2, 0x5, 0x500, 0x0, 0x120, 0xffffffff, 0x360, 0x120, 0x430, 0x430, 0xffffffff, 0x430, 0x430, 0x5, 0x0, {[{{@uncond, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@ah={{0x30}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv4, @ipv4, @gre_key}}}, {{@ipv6={@private2, @rand_addr=' \x01\x00', [], [], 'pim6reg1\x00', 'lo\x00'}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv4=@empty, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @icmp_id}}}, {{@uncond, 0x0, 0x108, 0x150, 0x0, {}, [@common=@icmp6={{0x28}, {0x0, "954f"}}, @common=@unspec=@devgroup={{0x38}}]}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x0, @ipv6=@local, @ipv6=@empty, @port, @icmp_id}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x560) listen(r0, 0xaca) 529.06835ms ago: executing program 4 (id=1257): setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x8, 0x3, 0x248, 0xd8, 0x43, 0xa0, 0xd8, 0x98, 0x200, 0x178, 0x178, 0x200, 0x178, 0x49, 0x0, {[{{@ip={@local, @local, 0x0, 0x0, 'veth1_macvtap\x00', 'bridge_slave_0\x00', {0xff}, {}, 0x11, 0x2, 0x65}, 0x12a, 0x70, 0xd8, 0x0, {0x0, 0x7a010000}}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x7fff, 0x0, '\x00', 'syz1\x00'}}}, {{@ip={@local, @empty, 0xff000000, 0xff, 'pim6reg0\x00', 'macsec0\x00', {0xff}, {0xff}, 0x0, 0x0, 0x68}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x18, 0x800, 0xd, 0x7, 'syz0\x00', 'syz0\x00', {0x1}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2a8) sendmsg$NL80211_CMD_GET_COALESCE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="20040000", @ANYRES16], 0x20}, 0x1, 0x0, 0x0, 0x8050}, 0x44044) sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000000506010200000000000000000a000001"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x800) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'}) write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) 499.163437ms ago: executing program 0 (id=1258): syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="50000000020605000000000000000000000000000c00078008000640001000000500010006000000050005000200000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x50}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) 389.687012ms ago: executing program 1 (id=1259): socket$netlink(0x10, 0x3, 0x0) (async) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f0000000180)=0x2, 0x4) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d04001c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a5400300001d2300000009"}}}}}}}, 0x0) (async) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d04001c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a5400300001d2300000009"}}}}}}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="8c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800b000100697036677265000030000280140007002001000000000000000000000000000014000600fc020000000000000000000000000000040012000800280070cf00000c0019800500060014000000080004"], 0x8c}}, 0x0) 389.460705ms ago: executing program 3 (id=1260): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000940)={@val={0x800e, 0x6002}, @void, @eth={@broadcast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @empty}, {0x4500, 0x0, 0x14, 0x0, @gue={{0x2, 0x1, 0x2, 0x10, 0x0, @val=0x80}, "8ae276e5"}}}}}}}, 0x3a) (fail_nth: 5) 299.246123ms ago: executing program 1 (id=1261): r0 = accept$ax25(0xffffffffffffffff, &(0x7f0000000000)={{}, [@null, @bcast, @null, @netrom, @null, @remote, @rose, @default]}, &(0x7f0000000080)=0x48) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f00000001c0)) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400000010000107000000810000000003"], 0x14}}, 0x0) recvmmsg(r1, &(0x7f0000005680)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r3, &(0x7f0000000400)="c0", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0xfffffffe, @dev, 0x15}, 0x1c) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, 0x0, &(0x7f0000000100)) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000)) r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$FIGETBSZ(r3, 0x2, &(0x7f0000000340)) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000002c0)='bdi_dirty_ratelimit\x00', r6}, 0x10) r8 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={r8, r7, 0x0, 0x0, 0xfffffffffffffffe}, 0x30) ioctl$sock_rose_SIOCADDRT(r5, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bpq0, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}) r9 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r5, 0x890b, &(0x7f0000000480)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x3, @bcast, @bpq0, 0x8, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}) ioctl$sock_rose_SIOCADDRT(r9, 0x890b, &(0x7f00000000c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x3, @default, @bpq0, 0x6, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @bcast, @bcast]}) r10 = socket$kcm(0x29, 0x0, 0x0) r11 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r11, 0x0, 0x80, &(0x7f00000005c0)=@nat={'nat\x00', 0x19, 0x4, 0x90, [0x200000000100, 0x0, 0x0, 0x200000000130, 0x20000000036c], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000010000000000000000000000000000000000200"/144]}, 0x108) setsockopt$kcm_KCM_RECV_DISABLE(r10, 0x119, 0x1, &(0x7f0000000300)=0x80, 0x4) syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1) 247.881818ms ago: executing program 0 (id=1262): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2c00000614000100fffffffbffdbdf250a00a100", @ANYRES32=r2, @ANYBLOB="1400010000000000000000000000000000000001"], 0x2c}}, 0x24005040) 145.838673ms ago: executing program 2 (id=1263): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b04009b2da79a0000000200fffe540004802800018007000100637400001c0002800800014000000002080002400000001605000300000000002800018007000100637400001c000280080002400c05000300010000000900010073797a300000000009000200737b7a3200000000f9fb10f65de09051ddabafda1ac71354140000000000000000000000000000d2fb2f1423497b8a4f92c7e30680715f3d44e5e3edc6c23f0191d5ccec8fdca4bc3d490d5cd489e5f136c5dce17da442e012a3d8dcd3852c41187ac4caeb93d94307888f85a66303ab54dc2636490c2d8726dde2db8c692dba"], 0xa8}, 0x1, 0x0, 0x0, 0x840}, 0x0) 90.860101ms ago: executing program 3 (id=1264): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DONE(r0, 0x0, 0xc9, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newlink={0x54, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}}}, @IFLA_MASTER={0x8}]}, 0x54}}, 0x0) (async) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000002c0), r3) sendmsg$IEEE802154_LLSEC_GETPARAMS(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x20, r4, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_KEY(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r4, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x80) 73.264617ms ago: executing program 0 (id=1265): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bpq0, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}) ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x400, @bcast, @rose={'rose', 0x0}, 0x1, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}) ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f0000000480)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x3, @bcast, @bpq0, 0x8, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}) connect$rose(r0, &(0x7f0000000000)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, 0x1, @null}, 0x1c) 447.635µs ago: executing program 2 (id=1266): r0 = socket(0x10, 0x3, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r2, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001300000008000300", @ANYRES32=r4, @ANYBLOB="06001200000000000600b50085010200040013000a00060008021100000000000c0043"], 0x48}, 0x1, 0x0, 0x0, 0x45}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYRES32=r1, @ANYRES8=0x0, @ANYRESHEX=r1, @ANYRES16=r0, @ANYRES8=r2, @ANYRES64, @ANYRES16=0x0], 0x40}}, 0x40) close(r1) 0s ago: executing program 4 (id=1267): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2c00000014000100fffffffbffdbdf250a00a100", @ANYRES32=r2, @ANYBLOB="1400010000000000000000000000000000000001"], 0x2c}}, 0x24005040) (fail_nth: 7) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.186' (ED25519) to the list of known hosts. [ 72.690306][ T5829] cgroup: Unknown subsys name 'net' [ 72.803542][ T5829] cgroup: Unknown subsys name 'cpuset' [ 72.812343][ T5829] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.173943][ T5829] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 77.977906][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.990344][ T5854] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.998374][ T5854] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.998856][ T5853] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.011851][ T5854] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.021344][ T5858] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 78.021889][ T5854] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.037159][ T5854] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.037444][ T5858] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 78.045223][ T5854] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.060650][ T5854] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.068427][ T5854] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.075867][ T5858] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 78.076781][ T5854] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 78.086821][ T5857] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.093312][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.104489][ T5857] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.115939][ T5857] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.116323][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 78.123696][ T5857] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.131059][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.146305][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 78.150717][ T5857] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 78.154295][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 78.162141][ T5857] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 78.815738][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 78.898867][ T5849] chnl_net:caif_netlink_parms(): no params data found [ 78.911528][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 78.953967][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 79.094461][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 79.202803][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.210070][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.219916][ T5841] bridge_slave_0: entered allmulticast mode [ 79.227446][ T5841] bridge_slave_0: entered promiscuous mode [ 79.268533][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.276161][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.285746][ T5840] bridge_slave_0: entered allmulticast mode [ 79.293130][ T5840] bridge_slave_0: entered promiscuous mode [ 79.301248][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.308372][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.316021][ T5840] bridge_slave_1: entered allmulticast mode [ 79.323823][ T5840] bridge_slave_1: entered promiscuous mode [ 79.342059][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.349218][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.356663][ T5841] bridge_slave_1: entered allmulticast mode [ 79.364306][ T5841] bridge_slave_1: entered promiscuous mode [ 79.399043][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.406367][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.413711][ T5844] bridge_slave_0: entered allmulticast mode [ 79.422729][ T5844] bridge_slave_0: entered promiscuous mode [ 79.430778][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.437913][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.445546][ T5844] bridge_slave_1: entered allmulticast mode [ 79.453056][ T5844] bridge_slave_1: entered promiscuous mode [ 79.485146][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.492508][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.499785][ T5849] bridge_slave_0: entered allmulticast mode [ 79.507153][ T5849] bridge_slave_0: entered promiscuous mode [ 79.532142][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.545374][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.556926][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.566598][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.574711][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.582172][ T5849] bridge_slave_1: entered allmulticast mode [ 79.589122][ T5849] bridge_slave_1: entered promiscuous mode [ 79.628010][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.685944][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.699842][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.739237][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.785673][ T5840] team0: Port device team_slave_0 added [ 79.794799][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.818992][ T5841] team0: Port device team_slave_0 added [ 79.825326][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.832835][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.840029][ T5839] bridge_slave_0: entered allmulticast mode [ 79.847305][ T5839] bridge_slave_0: entered promiscuous mode [ 79.855163][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.862782][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.869956][ T5839] bridge_slave_1: entered allmulticast mode [ 79.877235][ T5839] bridge_slave_1: entered promiscuous mode [ 79.886362][ T5844] team0: Port device team_slave_0 added [ 79.894294][ T5840] team0: Port device team_slave_1 added [ 79.914374][ T5841] team0: Port device team_slave_1 added [ 79.947552][ T5844] team0: Port device team_slave_1 added [ 79.969617][ T5849] team0: Port device team_slave_0 added [ 79.979483][ T5849] team0: Port device team_slave_1 added [ 80.055287][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.062965][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.089423][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.103010][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.109979][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.136557][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.155128][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.178905][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.186566][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.186673][ T51] Bluetooth: hci2: command tx timeout [ 80.212614][ T5857] Bluetooth: hci4: command tx timeout [ 80.212926][ T5857] Bluetooth: hci0: command tx timeout [ 80.221062][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.241587][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.248548][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.274959][ T5857] Bluetooth: hci3: command tx timeout [ 80.280663][ T5857] Bluetooth: hci1: command tx timeout [ 80.286290][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.299220][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.308275][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.335285][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.361546][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.386600][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.394164][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.420140][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.432786][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.439778][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.466007][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.509368][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.516410][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.543104][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.587326][ T5839] team0: Port device team_slave_0 added [ 80.601904][ T5839] team0: Port device team_slave_1 added [ 80.638453][ T5841] hsr_slave_0: entered promiscuous mode [ 80.644943][ T5841] hsr_slave_1: entered promiscuous mode [ 80.656140][ T5840] hsr_slave_0: entered promiscuous mode [ 80.662933][ T5840] hsr_slave_1: entered promiscuous mode [ 80.668944][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.677445][ T5840] Cannot create hsr debugfs directory [ 80.727112][ T5849] hsr_slave_0: entered promiscuous mode [ 80.733573][ T5849] hsr_slave_1: entered promiscuous mode [ 80.739642][ T5849] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.747907][ T5849] Cannot create hsr debugfs directory [ 80.814380][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.821644][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.848359][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.860733][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.867699][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.894467][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.963515][ T5844] hsr_slave_0: entered promiscuous mode [ 80.969833][ T5844] hsr_slave_1: entered promiscuous mode [ 80.976147][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.983974][ T5844] Cannot create hsr debugfs directory [ 81.114923][ T5839] hsr_slave_0: entered promiscuous mode [ 81.121273][ T5839] hsr_slave_1: entered promiscuous mode [ 81.127333][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.135121][ T5839] Cannot create hsr debugfs directory [ 81.593505][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 81.606961][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 81.635732][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 81.655517][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 81.699268][ T5841] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 81.763369][ T5841] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 81.802026][ T5841] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 81.813811][ T5841] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 81.886344][ T5849] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 81.913541][ T5849] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 81.925050][ T5849] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 81.964289][ T5849] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 82.083888][ T5844] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 82.113487][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.146300][ T5844] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 82.203791][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.217348][ T1110] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.224704][ T1110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.233380][ T5844] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 82.260804][ T5857] Bluetooth: hci0: command tx timeout [ 82.261302][ T5851] Bluetooth: hci2: command tx timeout [ 82.266231][ T5857] Bluetooth: hci4: command tx timeout [ 82.288678][ T5844] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 82.325752][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.332902][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.351210][ T51] Bluetooth: hci3: command tx timeout [ 82.356839][ T5857] Bluetooth: hci1: command tx timeout [ 82.395214][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.414238][ T5839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.426716][ T5839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.439815][ T5839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.456519][ T5839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.513671][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.546062][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.553298][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.595561][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.623295][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.630498][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.737812][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.796363][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.803579][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.842957][ T1110] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.850093][ T1110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.905295][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.930140][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.004605][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.034506][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.090144][ T1120] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.097373][ T1120] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.108194][ T1120] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.115445][ T1120] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.173828][ T5840] veth0_vlan: entered promiscuous mode [ 83.224287][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.237487][ T5840] veth1_vlan: entered promiscuous mode [ 83.254594][ T5844] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 83.267721][ T5844] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.291680][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.298862][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.322707][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.346826][ T1110] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.354018][ T1110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.484295][ T5840] veth0_macvtap: entered promiscuous mode [ 83.526042][ T5840] veth1_macvtap: entered promiscuous mode [ 83.579265][ T5841] veth0_vlan: entered promiscuous mode [ 83.601539][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.635657][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.647962][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.663190][ T5839] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.686014][ T5841] veth1_vlan: entered promiscuous mode [ 83.698133][ T5840] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.708119][ T5840] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.717208][ T5840] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.727002][ T5840] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.787018][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.987846][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.998648][ T5841] veth0_macvtap: entered promiscuous mode [ 84.007824][ T5849] veth0_vlan: entered promiscuous mode [ 84.032843][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.087057][ T5841] veth1_macvtap: entered promiscuous mode [ 84.111797][ T5849] veth1_vlan: entered promiscuous mode [ 84.188693][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.235573][ T1120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.246720][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.255841][ T1120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.262969][ T5841] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.275248][ T5841] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.286587][ T5841] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.295984][ T5841] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.341354][ T5857] Bluetooth: hci4: command tx timeout [ 84.341718][ T5851] Bluetooth: hci0: command tx timeout [ 84.352754][ T51] Bluetooth: hci2: command tx timeout [ 84.372855][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.419440][ T5849] veth0_macvtap: entered promiscuous mode [ 84.425361][ T5851] Bluetooth: hci1: command tx timeout [ 84.431145][ T51] Bluetooth: hci3: command tx timeout [ 84.456249][ T5849] veth1_macvtap: entered promiscuous mode [ 84.473697][ T5840] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 84.521233][ T5844] veth0_vlan: entered promiscuous mode [ 84.556672][ T3458] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.592299][ T3458] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.625817][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.643830][ T5844] veth1_vlan: entered promiscuous mode [ 84.666347][ T5839] veth0_vlan: entered promiscuous mode [ 84.684395][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.707109][ T3519] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.719110][ T3519] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.721462][ T5849] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.736610][ T5849] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.746664][ T5849] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.755677][ T5849] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.767863][ T5968] tipc: Enabling of bearer rejected, failed to enable media [ 84.780860][ T5839] veth1_vlan: entered promiscuous mode [ 84.836735][ T5844] veth0_macvtap: entered promiscuous mode [ 84.866741][ T5844] veth1_macvtap: entered promiscuous mode [ 84.939333][ T5839] veth0_macvtap: entered promiscuous mode [ 84.966253][ T5839] veth1_macvtap: entered promiscuous mode [ 84.994554][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.017362][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.019945][ T3458] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.036337][ T3458] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.056544][ T5844] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.069623][ T5844] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.079615][ T5844] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.089612][ T5844] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.108149][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.138128][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.171673][ T5839] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.180796][ T5839] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.192679][ T5839] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.201433][ T5839] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.214839][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.224348][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.232155][ T5971] netlink: 'syz.3.4': attribute type 1 has an invalid length. [ 85.246513][ T5971] netlink: 244 bytes leftover after parsing attributes in process `syz.3.4'. [ 85.480654][ T1120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.485265][ T3552] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.488500][ T1120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.553985][ T3552] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.639246][ T5978] bridge0: port 3(syz_tun) entered blocking state [ 85.647167][ T5978] bridge0: port 3(syz_tun) entered disabled state [ 85.654363][ T5978] syz_tun: entered allmulticast mode [ 85.665328][ T5978] syz_tun: entered promiscuous mode [ 85.672002][ T5978] bridge0: port 3(syz_tun) entered blocking state [ 85.678750][ T5978] bridge0: port 3(syz_tun) entered forwarding state [ 85.739060][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.781903][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.876949][ T5986] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9'. [ 85.925971][ T3552] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.943726][ T5984] sctp: [Deprecated]: syz.3.8 (pid 5984) Use of struct sctp_assoc_value in delayed_ack socket option. [ 85.943726][ T5984] Use struct sctp_sack_info instead [ 85.981195][ T3552] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.225043][ T6000] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13'. [ 86.284011][ T6003] ieee802154 phy0 wpan0: encryption failed: -22 [ 86.420789][ T5851] Bluetooth: hci4: command tx timeout [ 86.423557][ T51] Bluetooth: hci0: command tx timeout [ 86.426457][ T5851] Bluetooth: hci2: command tx timeout [ 86.506699][ T5851] Bluetooth: hci1: command tx timeout [ 86.506716][ T51] Bluetooth: hci3: command tx timeout [ 86.649870][ T6015] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 86.844556][ T1215] cfg80211: failed to load regulatory.db [ 87.091507][ T6035] trusted_key: syz.2.22 sent an empty control message without MSG_MORE. [ 87.157370][ T6035] netlink: 12 bytes leftover after parsing attributes in process `syz.2.22'. [ 87.257090][ T6039] netlink: 8 bytes leftover after parsing attributes in process `syz.1.23'. [ 87.396583][ T6049] netlink: 'syz.3.25': attribute type 6 has an invalid length. [ 87.663089][ T6054] geneve2: entered promiscuous mode [ 87.668363][ T6054] geneve2: entered allmulticast mode [ 87.747572][ T6065] syz.1.29 uses obsolete (PF_INET,SOCK_PACKET) [ 87.764755][ T6066] Zero length message leads to an empty skb [ 88.095470][ T6076] netlink: 'syz.4.36': attribute type 7 has an invalid length. [ 88.109693][ T6076] netlink: 8 bytes leftover after parsing attributes in process `syz.4.36'. [ 88.229708][ T6081] netlink: 156 bytes leftover after parsing attributes in process `syz.1.38'. [ 88.258735][ T6083] netlink: 16 bytes leftover after parsing attributes in process `syz.2.39'. [ 88.644682][ T6100] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 88.944490][ T6110] netlink: 156 bytes leftover after parsing attributes in process `syz.3.51'. [ 88.960113][ T6111] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 88.961706][ T6113] .: renamed from bond0 (while UP) [ 89.249996][ T6136] netlink: 'syz.1.54': attribute type 10 has an invalid length. [ 89.307881][ T6136] team0: Device ipvlan1 failed to register rx_handler [ 89.377136][ T6145] warning: `syz.0.59' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 89.709688][ T6164] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 90.353344][ T6187] __nla_validate_parse: 6 callbacks suppressed [ 90.353364][ T6187] netlink: 8 bytes leftover after parsing attributes in process `syz.4.74'. [ 90.899721][ T6211] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 91.848216][ T6256] openvswitch: netlink: Actions may not be safe on all matching packets [ 92.130668][ T6273] netlink: 'syz.0.99': attribute type 1 has an invalid length. [ 92.230320][ T30] audit: type=1800 audit(1750767731.269:2): pid=6278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.96" name="memory.events" dev="tmpfs" ino=135 res=0 errno=0 [ 92.311485][ T30] audit: type=1804 audit(1750767731.269:3): pid=6278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.96" name="/newroot/23/memory.events" dev="tmpfs" ino=135 res=1 errno=0 [ 92.692571][ T6303] netlink: 'syz.0.109': attribute type 9 has an invalid length. [ 92.823868][ T6311] x_tables: ip6_tables: REDIRECT target: used from hooks INPUT, but only usable from PREROUTING/OUTPUT [ 93.184282][ T6326] netlink: 4 bytes leftover after parsing attributes in process `syz.2.114'. [ 93.423039][ T6337] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.586567][ T6337] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.749967][ T6337] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.975342][ T6337] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.286491][ T6363] netlink: 'syz.3.125': attribute type 29 has an invalid length. [ 94.355861][ T6337] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.394501][ T6368] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 94.417089][ T6337] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.439193][ T6363] netlink: 'syz.3.125': attribute type 29 has an invalid length. [ 94.479640][ T6337] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.633208][ T6337] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.678916][ T6339] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.799138][ T6339] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.944303][ T6339] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.077821][ T6339] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.422737][ T6392] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 95.616973][ T6400] netlink: 16 bytes leftover after parsing attributes in process `syz.2.136'. [ 95.882523][ T6406] netlink: 'syz.0.137': attribute type 39 has an invalid length. [ 96.552561][ T6437] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check. [ 96.972945][ T6445] netlink: 4 bytes leftover after parsing attributes in process `syz.2.143'. [ 97.880968][ T6471] rdma_op ffff88807a7b89f0 conn xmit_rdma 0000000000000000 [ 98.916614][ T6339] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.045488][ T6339] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.142239][ T6339] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.159021][ T6520] netlink: 8 bytes leftover after parsing attributes in process `syz.0.163'. [ 99.177526][ T6520] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 99.201731][ T6339] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.230569][ T6520] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 99.759289][ T6520] team0 (unregistering): Port device team_slave_0 removed [ 99.817719][ T6520] team0 (unregistering): Port device team_slave_1 removed [ 100.251416][ T6543] netlink: 'syz.4.172': attribute type 1 has an invalid length. [ 100.259292][ T6543] netlink: 244 bytes leftover after parsing attributes in process `syz.4.172'. [ 100.486342][ T6551] netlink: 32 bytes leftover after parsing attributes in process `syz.3.173'. [ 100.689587][ T6564] netlink: 4 bytes leftover after parsing attributes in process `syz.4.175'. [ 100.702554][ T6561] netlink: 'syz.0.176': attribute type 1 has an invalid length. [ 100.703133][ T6566] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 100.711692][ T6561] netlink: 'syz.0.176': attribute type 2 has an invalid length. [ 100.728126][ T6561] netlink: 'syz.0.176': attribute type 2 has an invalid length. [ 100.894747][ T6577] netlink: 4 bytes leftover after parsing attributes in process `syz.4.178'. [ 101.073423][ T6581] netlink: 248 bytes leftover after parsing attributes in process `syz.2.181'. [ 101.179455][ T6586] netlink: 16 bytes leftover after parsing attributes in process `syz.4.182'. [ 101.432377][ T6593] netlink: 'syz.4.184': attribute type 29 has an invalid length. [ 101.466957][ T6593] netlink: 8 bytes leftover after parsing attributes in process `syz.4.184'. [ 101.490621][ T6595] netlink: 'syz.4.184': attribute type 29 has an invalid length. [ 101.498374][ T6595] netlink: 8 bytes leftover after parsing attributes in process `syz.4.184'. [ 101.705377][ T6365] Set syz1 is full, maxelem 65536 reached [ 102.047975][ T6615] x_tables: duplicate underflow at hook 3 [ 102.198567][ T1120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.227690][ T1120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.607762][ T6650] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 102.990641][ T6666] netlink: 'syz.0.199': attribute type 10 has an invalid length. [ 103.040366][ T6665] netlink: 'syz.0.199': attribute type 10 has an invalid length. [ 103.048153][ T6665] netlink: 40 bytes leftover after parsing attributes in process `syz.0.199'. [ 103.072380][ T6662] netlink: 14 bytes leftover after parsing attributes in process `syz.3.198'. [ 103.088497][ T6666] netlink: 40 bytes leftover after parsing attributes in process `syz.0.199'. [ 103.114525][ T6673] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 103.162095][ T6666] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 103.225476][ T6665] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 103.301918][ T6687] netlink: 68 bytes leftover after parsing attributes in process `syz.2.204'. [ 103.931620][ T6721] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 104.065940][ T6725] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.074716][ T6725] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.428358][ T6742] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on [ 104.629901][ T6746] delete_channel: no stack [ 105.205443][ T6786] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 105.560763][ T6801] netlink: 'syz.3.235': attribute type 10 has an invalid length. [ 105.827787][ T6808] __nla_validate_parse: 10 callbacks suppressed [ 105.827806][ T6808] netlink: 4 bytes leftover after parsing attributes in process `syz.1.237'. [ 106.236760][ T6820] netlink: 4 bytes leftover after parsing attributes in process `syz.3.242'. [ 106.273262][ T6825] netlink: 156 bytes leftover after parsing attributes in process `syz.0.243'. [ 106.307966][ T6828] netlink: 40 bytes leftover after parsing attributes in process `syz.2.245'. [ 106.357334][ T6828] netlink: 'syz.2.245': attribute type 2 has an invalid length. [ 106.377792][ T6828] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.245'. [ 106.395990][ T6828] nbd: must specify a device to reconfigure [ 106.479080][ T5947] IPVS: starting estimator thread 0... [ 106.620455][ T6838] IPVS: using max 30 ests per chain, 72000 per kthread [ 106.637440][ T6846] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 106.708056][ T6843] netlink: 'syz.4.249': attribute type 1 has an invalid length. [ 106.727877][ T6839] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.736265][ T6839] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.771509][ T6843] netlink: 'syz.4.249': attribute type 3 has an invalid length. [ 106.779219][ T6843] netlink: 224 bytes leftover after parsing attributes in process `syz.4.249'. [ 106.831921][ T6857] SET target dimension over the limit! [ 106.977137][ T6839] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 106.994829][ T6844] syzkaller0: entered allmulticast mode [ 107.014186][ T6849] netlink: 64 bytes leftover after parsing attributes in process `syz.2.250'. [ 107.044195][ T6849] netlink: 64 bytes leftover after parsing attributes in process `syz.2.250'. [ 107.089273][ T6831] syzkaller0: left allmulticast mode [ 107.178727][ T6868] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 107.425393][ T6879] netlink: 156 bytes leftover after parsing attributes in process `syz.1.258'. [ 107.616163][ T6890] openvswitch: netlink: Key type 173 is out of range max 32 [ 107.649588][ T6892] bridge0: port 4(gretap0) entered blocking state [ 107.680920][ T6892] bridge0: port 4(gretap0) entered disabled state [ 107.729401][ T6892] gretap0: entered allmulticast mode [ 107.795024][ T6892] gretap0: entered promiscuous mode [ 107.828377][ T6892] bridge0: port 4(gretap0) entered blocking state [ 107.835023][ T6892] bridge0: port 4(gretap0) entered forwarding state [ 107.837076][ T6906] netlink: 256 bytes leftover after parsing attributes in process `syz.4.266'. [ 108.831204][ T6955] xt_CT: You must specify a L4 protocol and not use inversions on it [ 109.992001][ T6964] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 110.319263][ T6982] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 110.707802][ T7009] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 110.746900][ T7008] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 110.866874][ T7014] __nla_validate_parse: 6 callbacks suppressed [ 110.866892][ T7014] netlink: 32 bytes leftover after parsing attributes in process `syz.4.294'. [ 110.942912][ T7016] netlink: 20 bytes leftover after parsing attributes in process `syz.1.295'. [ 111.020642][ T7016] netlink: 20 bytes leftover after parsing attributes in process `syz.1.295'. [ 111.038045][ T7022] netlink: 12 bytes leftover after parsing attributes in process `syz.3.296'. [ 111.109828][ T7025] netlink: 4 bytes leftover after parsing attributes in process `syz.4.298'. [ 111.297507][ T7039] netlink: 156 bytes leftover after parsing attributes in process `syz.3.301'. [ 111.363153][ T7036] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.685329][ T7036] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.882324][ T7036] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.077108][ T7036] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.352914][ T7036] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.435303][ T7036] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.552003][ T7036] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.671102][ T7036] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.345522][ C0] Illegal XDP return value 16128 on prog (id 49) dev ., expect packet loss! [ 114.365679][ T7047] netlink: 12 bytes leftover after parsing attributes in process `syz.0.304'. [ 114.591504][ T7064] No such timeout policy "syz0" [ 114.610529][ T7064] netlink: 8 bytes leftover after parsing attributes in process `syz.1.307'. [ 114.786609][ T7074] openvswitch: netlink: IP tunnel dst address not specified [ 114.816350][ T7075] openvswitch: netlink: IP tunnel dst address not specified [ 114.855596][ T7078] x_tables: duplicate underflow at hook 3 [ 115.021745][ T7085] netlink: 16 bytes leftover after parsing attributes in process `syz.0.313'. [ 115.059312][ T7087] netlink: 156 bytes leftover after parsing attributes in process `syz.2.314'. [ 115.883619][ T7132] __nla_validate_parse: 1 callbacks suppressed [ 115.883638][ T7132] netlink: 8 bytes leftover after parsing attributes in process `syz.2.327'. [ 115.964261][ T7134] netlink: 156 bytes leftover after parsing attributes in process `syz.4.328'. [ 116.453785][ T7149] netlink: 16 bytes leftover after parsing attributes in process `syz.1.333'. [ 116.485883][ T7152] netlink: 12 bytes leftover after parsing attributes in process `syz.4.334'. [ 116.589016][ T7156] netlink: 'syz.2.336': attribute type 12 has an invalid length. [ 116.598326][ T7156] netlink: 'syz.2.336': attribute type 29 has an invalid length. [ 116.651563][ T7156] netlink: 148 bytes leftover after parsing attributes in process `syz.2.336'. [ 116.712270][ T7156] netlink: 59 bytes leftover after parsing attributes in process `syz.2.336'. [ 116.890691][ T7171] netlink: 156 bytes leftover after parsing attributes in process `syz.4.341'. [ 117.145060][ T7184] netlink: 24 bytes leftover after parsing attributes in process `syz.2.346'. [ 117.479537][ T7202] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 117.523717][ T7200] netlink: 4 bytes leftover after parsing attributes in process `syz.3.353'. [ 117.638035][ T7215] netlink: 4 bytes leftover after parsing attributes in process `syz.2.352'. [ 119.063798][ T7289] veth1_macvtap: left promiscuous mode [ 119.069331][ T7289] macsec0: entered promiscuous mode [ 119.094306][ T7289] macsec0: entered allmulticast mode [ 119.486252][ T7309] openvswitch: netlink: Missing key (keys=40, expected=80) [ 120.127397][ T7348] ip6_vti0: Master is either lo or non-ether device [ 120.411542][ T7355] netlink: 'syz.2.398': attribute type 2 has an invalid length. [ 120.598752][ T7367] raw_sendmsg: syz.4.403 forgot to set AF_INET. Fix it! [ 120.778668][ T7375] 8021q: VLANs not supported on gre0 [ 121.114376][ T7389] veth0: entered promiscuous mode [ 121.127031][ T7393] ieee802154 phy0 wpan0: encryption failed: -22 [ 121.149274][ T7393] __nla_validate_parse: 12 callbacks suppressed [ 121.149292][ T7393] netlink: 12 bytes leftover after parsing attributes in process `syz.0.412'. [ 121.175933][ T7393] tc_dump_action: action bad kind [ 121.416525][ T7411] Bluetooth: MGMT ver 1.23 [ 121.542794][ T7416] netlink: 'syz.1.419': attribute type 10 has an invalid length. [ 121.594996][ T7416] batman_adv: batadv0: Adding interface: team0 [ 121.642611][ T7416] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1560. [ 121.699757][ T7416] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 121.714773][ T7422] netlink: 51 bytes leftover after parsing attributes in process `syz.2.422'. [ 121.744643][ T7425] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 121.876558][ T7388] veth0: left promiscuous mode [ 121.940423][ T7432] netlink: 'syz.1.426': attribute type 39 has an invalid length. [ 122.286940][ T7453] netlink: 12 bytes leftover after parsing attributes in process `syz.3.432'. [ 122.375000][ T7459] netlink: 132 bytes leftover after parsing attributes in process `syz.2.435'. [ 122.388473][ T7460] netlink: 8 bytes leftover after parsing attributes in process `syz.1.434'. [ 122.397984][ T7460] netlink: 19 bytes leftover after parsing attributes in process `syz.1.434'. [ 122.431387][ T7460] netlink: 40 bytes leftover after parsing attributes in process `syz.1.434'. [ 122.875985][ T7476] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 123.049139][ T7493] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 123.113366][ T7496] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 123.287567][ T7501] netlink: 14 bytes leftover after parsing attributes in process `syz.0.450'. [ 123.625502][ T7501] . (unregistering): (slave bond_slave_0): Releasing backup interface [ 123.639739][ T7501] . (unregistering): (slave bond_slave_1): Releasing backup interface [ 123.641296][ T7513] netlink: 8 bytes leftover after parsing attributes in process `syz.1.446'. [ 123.674722][ T7501] . (unregistering): Released all slaves [ 123.696783][ T7513] netlink: 4 bytes leftover after parsing attributes in process `syz.1.446'. [ 123.757918][ T7512] IPVS: Error connecting to the multicast addr [ 123.882352][ T7526] netlink: 'syz.3.457': attribute type 1 has an invalid length. [ 124.151077][ T7533] FAULT_INJECTION: forcing a failure. [ 124.151077][ T7533] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 124.192341][ T7533] CPU: 1 UID: 0 PID: 7533 Comm: syz.3.460 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 124.192368][ T7533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 124.192384][ T7533] Call Trace: [ 124.192395][ T7533] [ 124.192403][ T7533] dump_stack_lvl+0x189/0x250 [ 124.192445][ T7533] ? __pfx____ratelimit+0x10/0x10 [ 124.192468][ T7533] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.192490][ T7533] ? __pfx__printk+0x10/0x10 [ 124.192508][ T7533] ? __might_fault+0xb0/0x130 [ 124.192536][ T7533] should_fail_ex+0x414/0x560 [ 124.192561][ T7533] _copy_from_user+0x2d/0xb0 [ 124.192579][ T7533] ___sys_sendmsg+0x158/0x2a0 [ 124.192602][ T7533] ? __pfx____sys_sendmsg+0x10/0x10 [ 124.192657][ T7533] ? __fget_files+0x2a/0x420 [ 124.192673][ T7533] ? __fget_files+0x3a0/0x420 [ 124.192701][ T7533] __x64_sys_sendmsg+0x19b/0x260 [ 124.192724][ T7533] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 124.192751][ T7533] ? __pfx_ksys_write+0x10/0x10 [ 124.192764][ T7533] ? rcu_is_watching+0x15/0xb0 [ 124.192793][ T7533] ? do_syscall_64+0xbe/0x3b0 [ 124.192813][ T7533] do_syscall_64+0xfa/0x3b0 [ 124.192827][ T7533] ? lockdep_hardirqs_on+0x9c/0x150 [ 124.192849][ T7533] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.192865][ T7533] ? clear_bhb_loop+0x60/0xb0 [ 124.192885][ T7533] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.192902][ T7533] RIP: 0033:0x7f667e78e929 [ 124.192921][ T7533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.192938][ T7533] RSP: 002b:00007f667f617038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 124.192956][ T7533] RAX: ffffffffffffffda RBX: 00007f667e9b5fa0 RCX: 00007f667e78e929 [ 124.192968][ T7533] RDX: 9590f6cc3ea35512 RSI: 0000200000000000 RDI: 0000000000000003 [ 124.192980][ T7533] RBP: 00007f667f617090 R08: 0000000000000000 R09: 0000000000000000 [ 124.192990][ T7533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.193000][ T7533] R13: 0000000000000000 R14: 00007f667e9b5fa0 R15: 00007ffcd4129248 [ 124.193028][ T7533] [ 124.411630][ T7537] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 124.790589][ T7555] syzkaller1: entered promiscuous mode [ 124.797749][ T7555] syzkaller1: entered allmulticast mode [ 124.827719][ T7555] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 26 [ 124.862366][ T7555] 0ªX¹¦D: renamed from gretap0 (while UP) [ 124.913377][ T7555] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 125.152997][ T7581] FAULT_INJECTION: forcing a failure. [ 125.152997][ T7581] name failslab, interval 1, probability 0, space 0, times 1 [ 125.168663][ T7581] CPU: 0 UID: 0 PID: 7581 Comm: syz.4.475 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 125.168689][ T7581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 125.168699][ T7581] Call Trace: [ 125.168706][ T7581] [ 125.168713][ T7581] dump_stack_lvl+0x189/0x250 [ 125.168742][ T7581] ? __pfx____ratelimit+0x10/0x10 [ 125.168764][ T7581] ? __pfx_dump_stack_lvl+0x10/0x10 [ 125.168787][ T7581] ? __pfx__printk+0x10/0x10 [ 125.168810][ T7581] ? __pfx___might_resched+0x10/0x10 [ 125.168837][ T7581] should_fail_ex+0x414/0x560 [ 125.168864][ T7581] should_failslab+0xa8/0x100 [ 125.168883][ T7581] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 125.168900][ T7581] ? __alloc_skb+0x112/0x2d0 [ 125.168923][ T7581] __alloc_skb+0x112/0x2d0 [ 125.168944][ T7581] netlink_sendmsg+0x5c6/0xb30 [ 125.168973][ T7581] ? __pfx_netlink_sendmsg+0x10/0x10 [ 125.168995][ T7581] ? aa_sock_msg_perm+0x94/0x160 [ 125.169017][ T7581] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 125.169036][ T7581] ? __pfx_netlink_sendmsg+0x10/0x10 [ 125.169055][ T7581] __sock_sendmsg+0x219/0x270 [ 125.169080][ T7581] ____sys_sendmsg+0x505/0x830 [ 125.169106][ T7581] ? __pfx_____sys_sendmsg+0x10/0x10 [ 125.169135][ T7581] ? import_iovec+0x74/0xa0 [ 125.169155][ T7581] ___sys_sendmsg+0x21f/0x2a0 [ 125.169177][ T7581] ? __pfx____sys_sendmsg+0x10/0x10 [ 125.169232][ T7581] ? __fget_files+0x2a/0x420 [ 125.169249][ T7581] ? __fget_files+0x3a0/0x420 [ 125.169284][ T7581] __x64_sys_sendmsg+0x19b/0x260 [ 125.169306][ T7581] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 125.169342][ T7581] ? __pfx_ksys_write+0x10/0x10 [ 125.169355][ T7581] ? rcu_is_watching+0x15/0xb0 [ 125.169383][ T7581] ? do_syscall_64+0xbe/0x3b0 [ 125.169399][ T7581] do_syscall_64+0xfa/0x3b0 [ 125.169409][ T7581] ? lockdep_hardirqs_on+0x9c/0x150 [ 125.169426][ T7581] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.169439][ T7581] ? clear_bhb_loop+0x60/0xb0 [ 125.169454][ T7581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.169466][ T7581] RIP: 0033:0x7fd221b8e929 [ 125.169478][ T7581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.169488][ T7581] RSP: 002b:00007fd2229f4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 125.169502][ T7581] RAX: ffffffffffffffda RBX: 00007fd221db5fa0 RCX: 00007fd221b8e929 [ 125.169511][ T7581] RDX: 9590f6cc3ea35512 RSI: 0000200000000000 RDI: 0000000000000003 [ 125.169519][ T7581] RBP: 00007fd2229f4090 R08: 0000000000000000 R09: 0000000000000000 [ 125.169526][ T7581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 125.169533][ T7581] R13: 0000000000000000 R14: 00007fd221db5fa0 R15: 00007ffe4787e518 [ 125.169554][ T7581] [ 125.683164][ T7590] netlink: 'syz.0.479': attribute type 1 has an invalid length. [ 125.691133][ T7590] netlink: 'syz.0.479': attribute type 2 has an invalid length. [ 125.738646][ T7594] netlink: 'syz.0.479': attribute type 1 has an invalid length. [ 125.757186][ T7594] netlink: 'syz.0.479': attribute type 2 has an invalid length. [ 125.882305][ T7605] netlink: 'syz.2.484': attribute type 4 has an invalid length. [ 125.906535][ T7605] xt_CT: You must specify a L4 protocol and not use inversions on it [ 125.908362][ T7601] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 125.932475][ T7605] netlink: 'syz.2.484': attribute type 2 has an invalid length. [ 126.253857][ T5922] IPVS: starting estimator thread 0... [ 126.265731][ T7614] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 126.273621][ T7622] netlink: 'syz.4.489': attribute type 1 has an invalid length. [ 126.294641][ T7622] netlink: 'syz.4.489': attribute type 1 has an invalid length. [ 126.370408][ T7624] IPVS: using max 32 ests per chain, 76800 per kthread [ 126.439135][ T7631] __nla_validate_parse: 8 callbacks suppressed [ 126.439153][ T7631] netlink: 4 bytes leftover after parsing attributes in process `syz.2.491'. [ 126.714422][ T7637] netlink: 32 bytes leftover after parsing attributes in process `syz.0.494'. [ 127.027935][ T7660] netlink: 'syz.0.502': attribute type 4 has an invalid length. [ 127.069047][ T7660] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 127.095050][ T7660] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 127.698935][ T7689] netlink: 12 bytes leftover after parsing attributes in process `syz.1.513'. [ 127.735853][ T7689] netlink: 12 bytes leftover after parsing attributes in process `syz.1.513'. [ 127.775839][ T7689] netlink: 12 bytes leftover after parsing attributes in process `syz.1.513'. [ 127.815284][ T7689] netlink: 12 bytes leftover after parsing attributes in process `syz.1.513'. [ 127.831933][ T7689] netlink: 12 bytes leftover after parsing attributes in process `syz.1.513'. [ 127.848751][ T7689] netlink: 12 bytes leftover after parsing attributes in process `syz.1.513'. [ 127.876803][ T7689] netlink: 12 bytes leftover after parsing attributes in process `syz.1.513'. [ 127.936359][ T7689] netlink: 12 bytes leftover after parsing attributes in process `syz.1.513'. [ 128.005221][ T7689] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.013693][ T7689] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.116596][ T7689] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 128.133615][ T7689] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 128.225635][ T7689] macsec0: left promiscuous mode [ 128.251361][ T7689] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.261301][ T7689] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.277293][ T7689] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.286593][ T7689] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.326914][ T7689] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 128.732230][ T7723] gtp0: entered promiscuous mode [ 128.737244][ T7723] gtp0: entered allmulticast mode [ 128.804183][ T7723] (unnamed net_device) (uninitialized): peer notification delay (1164) is not a multiple of miimon (100), value rounded to 1100 ms [ 128.897741][ T7723] bond1: entered promiscuous mode [ 128.913432][ T7723] bond1: entered allmulticast mode [ 128.928000][ T7723] 8021q: adding VLAN 0 to HW filter on device bond1 [ 129.169671][ T5851] Bluetooth: hci4: link tx timeout [ 129.175568][ T5851] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 129.197332][ T51] Bluetooth: hci4: link tx timeout [ 129.204681][ T51] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 129.212633][ T51] Bluetooth: hci4: link tx timeout [ 129.219123][ T51] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 129.227539][ T51] Bluetooth: hci4: link tx timeout [ 129.233205][ T51] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 129.335234][ T7746] pimreg: entered allmulticast mode [ 129.407809][ T7751] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (18446744073709551613) [ 129.550792][ T7759] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (18446744073709551613) [ 129.925630][ T7777] openvswitch: netlink: IP tunnel dst address not specified [ 130.104844][ T7779] can: request_module (can-proto-4) failed. [ 130.267935][ T7791] veth0: entered promiscuous mode [ 130.345642][ T7790] veth0: left promiscuous mode [ 131.214897][ T7832] FAULT_INJECTION: forcing a failure. [ 131.214897][ T7832] name failslab, interval 1, probability 0, space 0, times 0 [ 131.220446][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 131.277499][ T7832] CPU: 1 UID: 0 PID: 7832 Comm: syz.2.562 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 131.277522][ T7832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.277531][ T7832] Call Trace: [ 131.277538][ T7832] [ 131.277545][ T7832] dump_stack_lvl+0x189/0x250 [ 131.277573][ T7832] ? __pfx____ratelimit+0x10/0x10 [ 131.277595][ T7832] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.277617][ T7832] ? __pfx__printk+0x10/0x10 [ 131.277639][ T7832] ? __pfx___might_resched+0x10/0x10 [ 131.277660][ T7832] ? fs_reclaim_acquire+0x7d/0x100 [ 131.277682][ T7832] should_fail_ex+0x414/0x560 [ 131.277714][ T7832] should_failslab+0xa8/0x100 [ 131.277731][ T7832] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 131.277747][ T7832] ? __alloc_skb+0x112/0x2d0 [ 131.277770][ T7832] __alloc_skb+0x112/0x2d0 [ 131.277793][ T7832] nl80211_send_scan_start+0x2f/0x170 [ 131.277814][ T7832] nl80211_trigger_scan+0x1cf0/0x2170 [ 131.277845][ T7832] genl_family_rcv_msg_doit+0x212/0x300 [ 131.277875][ T7832] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 131.277912][ T7832] ? bpf_lsm_capable+0x9/0x20 [ 131.277927][ T7832] ? security_capable+0x7e/0x2e0 [ 131.277952][ T7832] genl_rcv_msg+0x60e/0x790 [ 131.277982][ T7832] ? __pfx_genl_rcv_msg+0x10/0x10 [ 131.278000][ T7832] ? ref_tracker_free+0x63a/0x7d0 [ 131.278019][ T7832] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 131.278039][ T7832] ? __pfx_nl80211_trigger_scan+0x10/0x10 [ 131.278054][ T7832] ? __pfx_nl80211_post_doit+0x10/0x10 [ 131.278074][ T7832] ? __pfx_ref_tracker_free+0x10/0x10 [ 131.278107][ T7832] netlink_rcv_skb+0x205/0x470 [ 131.278127][ T7832] ? __pfx_genl_rcv_msg+0x10/0x10 [ 131.278151][ T7832] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 131.278188][ T7832] ? down_read+0x1ad/0x2e0 [ 131.278208][ T7832] genl_rcv+0x28/0x40 [ 131.278228][ T7832] netlink_unicast+0x758/0x8d0 [ 131.278258][ T7832] netlink_sendmsg+0x805/0xb30 [ 131.278287][ T7832] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.278310][ T7832] ? aa_sock_msg_perm+0x94/0x160 [ 131.278333][ T7832] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 131.278353][ T7832] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.278373][ T7832] __sock_sendmsg+0x219/0x270 [ 131.278400][ T7832] ____sys_sendmsg+0x505/0x830 [ 131.278426][ T7832] ? __pfx_____sys_sendmsg+0x10/0x10 [ 131.278456][ T7832] ? import_iovec+0x74/0xa0 [ 131.278477][ T7832] ___sys_sendmsg+0x21f/0x2a0 [ 131.278500][ T7832] ? __pfx____sys_sendmsg+0x10/0x10 [ 131.278563][ T7832] ? __fget_files+0x2a/0x420 [ 131.278580][ T7832] ? __fget_files+0x3a0/0x420 [ 131.278610][ T7832] __x64_sys_sendmsg+0x19b/0x260 [ 131.278633][ T7832] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 131.278662][ T7832] ? __pfx_ksys_write+0x10/0x10 [ 131.278674][ T7832] ? rcu_is_watching+0x15/0xb0 [ 131.278709][ T7832] ? do_syscall_64+0xbe/0x3b0 [ 131.278730][ T7832] do_syscall_64+0xfa/0x3b0 [ 131.278744][ T7832] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.278766][ T7832] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.278782][ T7832] ? clear_bhb_loop+0x60/0xb0 [ 131.278802][ T7832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.278818][ T7832] RIP: 0033:0x7f951278e929 [ 131.278833][ T7832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.278845][ T7832] RSP: 002b:00007f9513674038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 131.278863][ T7832] RAX: ffffffffffffffda RBX: 00007f95129b5fa0 RCX: 00007f951278e929 [ 131.278876][ T7832] RDX: 9590f6cc3ea35512 RSI: 0000200000000000 RDI: 0000000000000003 [ 131.278887][ T7832] RBP: 00007f9513674090 R08: 0000000000000000 R09: 0000000000000000 [ 131.278897][ T7832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.278906][ T7832] R13: 0000000000000000 R14: 00007f95129b5fa0 R15: 00007ffe9b336db8 [ 131.278936][ T7832] [ 132.339186][ T7867] FAULT_INJECTION: forcing a failure. [ 132.339186][ T7867] name failslab, interval 1, probability 0, space 0, times 0 [ 132.401975][ T7867] CPU: 0 UID: 0 PID: 7867 Comm: syz.4.575 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 132.401999][ T7867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 132.402009][ T7867] Call Trace: [ 132.402015][ T7867] [ 132.402023][ T7867] dump_stack_lvl+0x189/0x250 [ 132.402051][ T7867] ? __pfx____ratelimit+0x10/0x10 [ 132.402073][ T7867] ? __pfx_dump_stack_lvl+0x10/0x10 [ 132.402093][ T7867] ? __pfx__printk+0x10/0x10 [ 132.402116][ T7867] ? __pfx___might_resched+0x10/0x10 [ 132.402137][ T7867] ? fs_reclaim_acquire+0x7d/0x100 [ 132.402159][ T7867] should_fail_ex+0x414/0x560 [ 132.402184][ T7867] should_failslab+0xa8/0x100 [ 132.402202][ T7867] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 132.402219][ T7867] ? __alloc_skb+0x112/0x2d0 [ 132.402242][ T7867] __alloc_skb+0x112/0x2d0 [ 132.402264][ T7867] nl80211_send_scan_start+0x2f/0x170 [ 132.402283][ T7867] nl80211_trigger_scan+0x1cf0/0x2170 [ 132.402315][ T7867] genl_family_rcv_msg_doit+0x212/0x300 [ 132.402343][ T7867] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 132.402378][ T7867] ? bpf_lsm_capable+0x9/0x20 [ 132.402393][ T7867] ? security_capable+0x7e/0x2e0 [ 132.402419][ T7867] genl_rcv_msg+0x60e/0x790 [ 132.402447][ T7867] ? __pfx_genl_rcv_msg+0x10/0x10 [ 132.402464][ T7867] ? ref_tracker_free+0x63a/0x7d0 [ 132.402481][ T7867] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 132.402499][ T7867] ? __pfx_nl80211_trigger_scan+0x10/0x10 [ 132.402512][ T7867] ? __pfx_nl80211_post_doit+0x10/0x10 [ 132.402532][ T7867] ? __pfx_ref_tracker_free+0x10/0x10 [ 132.402562][ T7867] netlink_rcv_skb+0x205/0x470 [ 132.402582][ T7867] ? __pfx_genl_rcv_msg+0x10/0x10 [ 132.402606][ T7867] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 132.402644][ T7867] ? down_read+0x1ad/0x2e0 [ 132.402664][ T7867] genl_rcv+0x28/0x40 [ 132.402683][ T7867] netlink_unicast+0x758/0x8d0 [ 132.402712][ T7867] netlink_sendmsg+0x805/0xb30 [ 132.402742][ T7867] ? __pfx_netlink_sendmsg+0x10/0x10 [ 132.402765][ T7867] ? aa_sock_msg_perm+0x94/0x160 [ 132.402786][ T7867] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 132.402804][ T7867] ? __pfx_netlink_sendmsg+0x10/0x10 [ 132.402835][ T7867] __sock_sendmsg+0x219/0x270 [ 132.402861][ T7867] ____sys_sendmsg+0x505/0x830 [ 132.402885][ T7867] ? __pfx_____sys_sendmsg+0x10/0x10 [ 132.402916][ T7867] ? import_iovec+0x74/0xa0 [ 132.402937][ T7867] ___sys_sendmsg+0x21f/0x2a0 [ 132.402960][ T7867] ? __pfx____sys_sendmsg+0x10/0x10 [ 132.403024][ T7867] ? __fget_files+0x2a/0x420 [ 132.403041][ T7867] ? __fget_files+0x3a0/0x420 [ 132.403071][ T7867] __x64_sys_sendmsg+0x19b/0x260 [ 132.403094][ T7867] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 132.403125][ T7867] ? __pfx_ksys_write+0x10/0x10 [ 132.403139][ T7867] ? rcu_is_watching+0x15/0xb0 [ 132.403167][ T7867] ? do_syscall_64+0xbe/0x3b0 [ 132.403188][ T7867] do_syscall_64+0xfa/0x3b0 [ 132.403203][ T7867] ? lockdep_hardirqs_on+0x9c/0x150 [ 132.403225][ T7867] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.403241][ T7867] ? clear_bhb_loop+0x60/0xb0 [ 132.403262][ T7867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.403278][ T7867] RIP: 0033:0x7fd221b8e929 [ 132.403294][ T7867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.403307][ T7867] RSP: 002b:00007fd2229f4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 132.403326][ T7867] RAX: ffffffffffffffda RBX: 00007fd221db5fa0 RCX: 00007fd221b8e929 [ 132.403338][ T7867] RDX: 9590f6cc3ea35512 RSI: 0000200000000000 RDI: 0000000000000003 [ 132.403349][ T7867] RBP: 00007fd2229f4090 R08: 0000000000000000 R09: 0000000000000000 [ 132.403360][ T7867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 132.403370][ T7867] R13: 0000000000000000 R14: 00007fd221db5fa0 R15: 00007ffe4787e518 [ 132.403400][ T7867] [ 132.415005][ T7873] Cannot find set identified by id 752 to match [ 132.818549][ T7881] __nla_validate_parse: 143 callbacks suppressed [ 132.818567][ T7881] netlink: 576 bytes leftover after parsing attributes in process `syz.4.580'. [ 132.906011][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.912457][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.989026][ T7885] !€ÿ: renamed from bond_slave_0 (while UP) [ 133.158593][ T7898] netlink: 12 bytes leftover after parsing attributes in process `syz.1.585'. [ 133.216015][ T7902] netlink: 8 bytes leftover after parsing attributes in process `syz.2.587'. [ 133.343290][ T7910] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 133.350069][ T7909] netlink: 'syz.4.590': attribute type 10 has an invalid length. [ 133.456573][ T7909] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.492451][ T7909] team0: Port device bond0 added [ 133.638216][ T7926] netlink: 4 bytes leftover after parsing attributes in process `syz.1.595'. [ 133.784730][ T7932] netlink: 'syz.4.596': attribute type 2 has an invalid length. [ 133.800922][ T7933] netlink: 40 bytes leftover after parsing attributes in process `syz.0.594'. [ 133.809709][ T7935] netlink: 'syz.3.597': attribute type 5 has an invalid length. [ 133.840476][ T7937] netlink: 'syz.4.596': attribute type 2 has an invalid length. [ 133.968624][ T7943] tipc: Started in network mode [ 133.973677][ T7943] tipc: Node identity ac14142f, cluster identity 4711 [ 133.981347][ T7943] tipc: New replicast peer: 0.0.0.0 [ 133.987750][ T7943] tipc: Enabled bearer , priority 10 [ 134.012899][ T7943] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00aa [ 134.087424][ T7944] xt_hashlimit: invalid interval [ 134.278911][ T7958] netlink: 20 bytes leftover after parsing attributes in process `syz.4.605'. [ 134.288671][ T7958] netlink: 8 bytes leftover after parsing attributes in process `syz.4.605'. [ 134.489555][ T7968] 0ªX¹¦D: left promiscuous mode [ 134.510027][ T7968] bridge0: port 4(30ªX¹¦D) entered disabled state [ 134.556587][ T7968] syz_tun: left allmulticast mode [ 134.571591][ T7968] syz_tun: left promiscuous mode [ 134.589515][ T7968] bridge0: port 3(syz_tun) entered disabled state [ 134.637364][ T7968] bridge_slave_0: left allmulticast mode [ 134.647404][ T7968] bridge_slave_0: left promiscuous mode [ 134.657265][ T7968] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.657739][ T7979] netlink: 28 bytes leftover after parsing attributes in process `syz.2.609'. [ 134.699019][ T7968] bridge_slave_1: left allmulticast mode [ 134.705789][ T7968] bridge_slave_1: left promiscuous mode [ 134.716970][ T7968] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.739481][ T7968] bond0: (slave 1!€ÿ): Releasing backup interface [ 134.777704][ T7968] bond0: (slave bond_slave_1): Releasing backup interface [ 134.836405][ T7968] team0: Port device team_slave_0 removed [ 134.857958][ T7968] team0: Port device team_slave_1 removed [ 134.865402][ T7968] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 134.875682][ T7968] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 134.885743][ T7968] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 134.893670][ T7968] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 135.094004][ T7990] netlink: 8 bytes leftover after parsing attributes in process `syz.1.612'. [ 135.104085][ T55] tipc: Node number set to 2886997039 [ 135.465399][ T8014] sctp: [Deprecated]: syz.3.622 (pid 8014) Use of struct sctp_assoc_value in delayed_ack socket option. [ 135.465399][ T8014] Use struct sctp_sack_info instead [ 135.636970][ T8024] netlink: 'syz.0.620': attribute type 5 has an invalid length. [ 135.754092][ T8026] batadv_slave_1: entered promiscuous mode [ 135.786774][ T8031] set match dimension is over the limit! [ 135.808770][ T8026] batadv_slave_1: left promiscuous mode [ 135.822132][ T8031] netlink: 'syz.3.625': attribute type 20 has an invalid length. [ 135.982862][ T8040] openvswitch: netlink: Multiple metadata blocks provided [ 136.074900][ T8040] gretap1: entered promiscuous mode [ 136.140063][ T8045] netlink: 'syz.1.630': attribute type 4 has an invalid length. [ 136.359686][ T8056] netlink: 156 bytes leftover after parsing attributes in process `syz.4.634'. [ 136.520101][ T3519] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.530894][ T3519] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.948095][ T8081] syzkaller0: entered promiscuous mode [ 136.970111][ T8081] syzkaller0: entered allmulticast mode [ 137.069876][ T8097] netlink: 'syz.3.648': attribute type 4 has an invalid length. [ 138.029831][ T8114] __nla_validate_parse: 1 callbacks suppressed [ 138.029843][ T8114] netlink: 20 bytes leftover after parsing attributes in process `syz.2.652'. [ 138.046458][ T8114] netlink: 4 bytes leftover after parsing attributes in process `syz.2.652'. [ 138.863189][ T8119] netlink: 'syz.1.653': attribute type 7 has an invalid length. [ 138.931335][ T8119] : entered promiscuous mode [ 139.074420][ T8135] FAULT_INJECTION: forcing a failure. [ 139.074420][ T8135] name failslab, interval 1, probability 0, space 0, times 0 [ 139.133741][ T8135] CPU: 1 UID: 0 PID: 8135 Comm: syz.0.659 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 139.133766][ T8135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 139.133775][ T8135] Call Trace: [ 139.133782][ T8135] [ 139.133790][ T8135] dump_stack_lvl+0x189/0x250 [ 139.133819][ T8135] ? __pfx____ratelimit+0x10/0x10 [ 139.133842][ T8135] ? __pfx_dump_stack_lvl+0x10/0x10 [ 139.133864][ T8135] ? __pfx__printk+0x10/0x10 [ 139.133885][ T8135] ? __pfx___might_resched+0x10/0x10 [ 139.133908][ T8135] ? fs_reclaim_acquire+0x7d/0x100 [ 139.133931][ T8135] should_fail_ex+0x414/0x560 [ 139.133957][ T8135] should_failslab+0xa8/0x100 [ 139.133976][ T8135] __kmalloc_noprof+0xcb/0x4f0 [ 139.133992][ T8135] ? tomoyo_encode+0x28b/0x550 [ 139.134017][ T8135] tomoyo_encode+0x28b/0x550 [ 139.134052][ T8135] tomoyo_realpath_from_path+0x58d/0x5d0 [ 139.134076][ T8135] ? tomoyo_domain+0xd9/0x130 [ 139.134103][ T8135] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 139.134122][ T8135] tomoyo_path_number_perm+0x1e8/0x5a0 [ 139.134144][ T8135] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 139.134180][ T8135] ? __lock_acquire+0xab9/0xd20 [ 139.134222][ T8135] ? __fget_files+0x2a/0x420 [ 139.134244][ T8135] ? __fget_files+0x2a/0x420 [ 139.134260][ T8135] ? __fget_files+0x3a0/0x420 [ 139.134276][ T8135] ? __fget_files+0x2a/0x420 [ 139.134296][ T8135] security_file_ioctl+0xcb/0x2d0 [ 139.134315][ T8135] __se_sys_ioctl+0x47/0x170 [ 139.134338][ T8135] do_syscall_64+0xfa/0x3b0 [ 139.134351][ T8135] ? lockdep_hardirqs_on+0x9c/0x150 [ 139.134372][ T8135] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.134386][ T8135] ? clear_bhb_loop+0x60/0xb0 [ 139.134405][ T8135] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.134420][ T8135] RIP: 0033:0x7fdbfef8e929 [ 139.134435][ T8135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.134448][ T8135] RSP: 002b:00007fdbffd7c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 139.134466][ T8135] RAX: ffffffffffffffda RBX: 00007fdbff1b5fa0 RCX: 00007fdbfef8e929 [ 139.134478][ T8135] RDX: 0000000000000000 RSI: 00000000000089e4 RDI: 0000000000000004 [ 139.134488][ T8135] RBP: 00007fdbffd7c090 R08: 0000000000000000 R09: 0000000000000000 [ 139.134498][ T8135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 139.134508][ T8135] R13: 0000000000000000 R14: 00007fdbff1b5fa0 R15: 00007fff91d39738 [ 139.134536][ T8135] [ 139.134555][ T8135] ERROR: Out of memory at tomoyo_realpath_from_path. [ 139.577926][ T8157] netlink: 16 bytes leftover after parsing attributes in process `syz.1.665'. [ 139.819902][ T8178] netlink: 20 bytes leftover after parsing attributes in process `syz.2.673'. [ 139.851631][ T8178] netlink: 8 bytes leftover after parsing attributes in process `syz.2.673'. [ 139.953887][ T8183] netlink: 48 bytes leftover after parsing attributes in process `syz.0.675'. [ 140.041540][ T8182] netlink: 4 bytes leftover after parsing attributes in process `syz.4.674'. [ 140.208981][ T8189] FAULT_INJECTION: forcing a failure. [ 140.208981][ T8189] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 140.331023][ T8189] CPU: 0 UID: 0 PID: 8189 Comm: syz.0.678 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 140.331048][ T8189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 140.331059][ T8189] Call Trace: [ 140.331066][ T8189] [ 140.331073][ T8189] dump_stack_lvl+0x189/0x250 [ 140.331101][ T8189] ? __pfx____ratelimit+0x10/0x10 [ 140.331124][ T8189] ? __pfx_dump_stack_lvl+0x10/0x10 [ 140.331146][ T8189] ? __pfx__printk+0x10/0x10 [ 140.331176][ T8189] should_fail_ex+0x414/0x560 [ 140.331203][ T8189] _copy_to_user+0x31/0xb0 [ 140.331222][ T8189] simple_read_from_buffer+0xe1/0x170 [ 140.331245][ T8189] proc_fail_nth_read+0x1df/0x250 [ 140.331268][ T8189] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 140.331290][ T8189] ? rw_verify_area+0x258/0x650 [ 140.331312][ T8189] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 140.331333][ T8189] vfs_read+0x1fd/0x980 [ 140.331360][ T8189] ? __pfx___mutex_lock+0x10/0x10 [ 140.331377][ T8189] ? __pfx_vfs_read+0x10/0x10 [ 140.331401][ T8189] ? __fget_files+0x2a/0x420 [ 140.331423][ T8189] ? __fget_files+0x3a0/0x420 [ 140.331439][ T8189] ? __fget_files+0x2a/0x420 [ 140.331466][ T8189] ksys_read+0x145/0x250 [ 140.331479][ T8189] ? __fget_files+0x3a0/0x420 [ 140.331498][ T8189] ? __pfx_ksys_read+0x10/0x10 [ 140.331525][ T8189] ? do_syscall_64+0xbe/0x3b0 [ 140.331545][ T8189] do_syscall_64+0xfa/0x3b0 [ 140.331559][ T8189] ? lockdep_hardirqs_on+0x9c/0x150 [ 140.331580][ T8189] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.331597][ T8189] ? clear_bhb_loop+0x60/0xb0 [ 140.331617][ T8189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.331632][ T8189] RIP: 0033:0x7fdbfef8d33c [ 140.331647][ T8189] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 140.331660][ T8189] RSP: 002b:00007fdbffd7c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 140.331677][ T8189] RAX: ffffffffffffffda RBX: 00007fdbff1b5fa0 RCX: 00007fdbfef8d33c [ 140.331689][ T8189] RDX: 000000000000000f RSI: 00007fdbffd7c0a0 RDI: 0000000000000003 [ 140.331700][ T8189] RBP: 00007fdbffd7c090 R08: 0000000000000000 R09: 0000000000000000 [ 140.331710][ T8189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.331720][ T8189] R13: 0000000000000000 R14: 00007fdbff1b5fa0 R15: 00007fff91d39738 [ 140.331748][ T8189] [ 140.630312][ T8204] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 140.696886][ T8208] netlink: 'syz.2.684': attribute type 21 has an invalid length. [ 140.704917][ T8208] netlink: 'syz.2.684': attribute type 6 has an invalid length. [ 140.712808][ T8208] netlink: 132 bytes leftover after parsing attributes in process `syz.2.684'. [ 140.821263][ T8211] netlink: 16 bytes leftover after parsing attributes in process `syz.0.685'. [ 140.832815][ T8211] netlink: 28 bytes leftover after parsing attributes in process `syz.0.685'. [ 141.047577][ T8213] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 141.058919][ T8213] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 141.070051][ T8213] bond0 (unregistering): Released all slaves [ 141.399241][ T8233] xt_hashlimit: max too large, truncated to 1048576 [ 141.663980][ T8241] netlink: 'syz.2.697': attribute type 13 has an invalid length. [ 142.256945][ T8272] IPv6: sit1: Disabled Multicast RS [ 142.295427][ T8276] netlink: 'syz.1.708': attribute type 1 has an invalid length. [ 142.321628][ T8272] sit1: entered allmulticast mode [ 142.342801][ T8276] netlink: 'syz.1.708': attribute type 2 has an invalid length. [ 143.292087][ T8321] pim6reg1: entered promiscuous mode [ 143.297446][ T8321] pim6reg1: entered allmulticast mode [ 143.591176][ T8344] af_packet: tpacket_rcv: packet too big, clamped from 56412 to 4294967272. macoff=96 [ 144.138734][ T8373] __nla_validate_parse: 71 callbacks suppressed [ 144.138751][ T8373] netlink: 232 bytes leftover after parsing attributes in process `syz.1.733'. [ 144.279791][ T8375] RDS: rds_bind could not find a transport for fe80::, load rds_tcp or rds_rdma? [ 144.303165][ T8377] netlink: 252 bytes leftover after parsing attributes in process `syz.2.737'. [ 144.338349][ T5947] IPVS: starting estimator thread 0... [ 144.440453][ T8382] IPVS: using max 25 ests per chain, 60000 per kthread [ 144.667168][ T8396] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 144.691385][ T8398] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 144.873887][ T8403] netlink: 8 bytes leftover after parsing attributes in process `syz.0.747'. [ 144.886177][ T8405] netlink: 40 bytes leftover after parsing attributes in process `syz.3.746'. [ 145.297191][ T8420] netlink: 28 bytes leftover after parsing attributes in process `syz.2.753'. [ 145.519600][ T5951] IPVS: starting estimator thread 0... [ 145.621147][ T8441] IPVS: using max 38 ests per chain, 91200 per kthread [ 145.941236][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 145.989650][ T8459] xt_TPROXY: Can be used only with -p tcp or -p udp [ 146.239488][ T8474] 8021q: VLANs not supported on nr0 [ 146.298250][ T8431] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 146.776924][ T8502] netlink: 28 bytes leftover after parsing attributes in process `syz.2.773'. [ 146.781373][ T8501] netlink: 20 bytes leftover after parsing attributes in process `syz.1.775'. [ 146.795801][ T8502] netlink: 'syz.2.773': attribute type 7 has an invalid length. [ 146.804349][ T8502] netlink: 'syz.2.773': attribute type 8 has an invalid length. [ 146.851282][ T8502] netlink: 4 bytes leftover after parsing attributes in process `syz.2.773'. [ 146.964276][ T8512] FAULT_INJECTION: forcing a failure. [ 146.964276][ T8512] name failslab, interval 1, probability 0, space 0, times 0 [ 146.977255][ T8512] CPU: 1 UID: 0 PID: 8512 Comm: syz.1.778 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 146.977276][ T8512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 146.977285][ T8512] Call Trace: [ 146.977292][ T8512] [ 146.977299][ T8512] dump_stack_lvl+0x189/0x250 [ 146.977327][ T8512] ? __pfx____ratelimit+0x10/0x10 [ 146.977349][ T8512] ? __pfx_dump_stack_lvl+0x10/0x10 [ 146.977371][ T8512] ? __pfx__printk+0x10/0x10 [ 146.977394][ T8512] ? __pfx___might_resched+0x10/0x10 [ 146.977415][ T8512] ? fs_reclaim_acquire+0x7d/0x100 [ 146.977436][ T8512] should_fail_ex+0x414/0x560 [ 146.977461][ T8512] should_failslab+0xa8/0x100 [ 146.977480][ T8512] __kmalloc_noprof+0xcb/0x4f0 [ 146.977495][ T8512] ? kfree+0x4d/0x440 [ 146.977514][ T8512] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 146.977539][ T8512] tomoyo_realpath_from_path+0xe3/0x5d0 [ 146.977563][ T8512] ? tomoyo_domain+0xd9/0x130 [ 146.977591][ T8512] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 146.977608][ T8512] tomoyo_path_number_perm+0x1e8/0x5a0 [ 146.977628][ T8512] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 146.977678][ T8512] ? __lock_acquire+0xab9/0xd20 [ 146.977724][ T8512] ? __fget_files+0x2a/0x420 [ 146.977743][ T8512] ? __fget_files+0x2a/0x420 [ 146.977760][ T8512] ? __fget_files+0x3a0/0x420 [ 146.977776][ T8512] ? __fget_files+0x2a/0x420 [ 146.977798][ T8512] security_file_ioctl+0xcb/0x2d0 [ 146.977817][ T8512] __se_sys_ioctl+0x47/0x170 [ 146.977840][ T8512] do_syscall_64+0xfa/0x3b0 [ 146.977855][ T8512] ? lockdep_hardirqs_on+0x9c/0x150 [ 146.977875][ T8512] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.977890][ T8512] ? clear_bhb_loop+0x60/0xb0 [ 146.977909][ T8512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.977924][ T8512] RIP: 0033:0x7f817e18e929 [ 146.977939][ T8512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.977952][ T8512] RSP: 002b:00007f817f0d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 146.977969][ T8512] RAX: ffffffffffffffda RBX: 00007f817e3b5fa0 RCX: 00007f817e18e929 [ 146.977980][ T8512] RDX: 0000200000000480 RSI: 000000000000890b RDI: 0000000000000004 [ 146.977991][ T8512] RBP: 00007f817f0d5090 R08: 0000000000000000 R09: 0000000000000000 [ 146.978001][ T8512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 146.978011][ T8512] R13: 0000000000000000 R14: 00007f817e3b5fa0 R15: 00007ffc5b4e9658 [ 146.978039][ T8512] [ 146.978046][ T8512] ERROR: Out of memory at tomoyo_realpath_from_path. [ 147.026244][ T8504] bond0: entered promiscuous mode [ 147.265635][ T8504] bond0: entered allmulticast mode [ 147.273557][ T8504] 8021q: adding VLAN 0 to HW filter on device bond0 [ 147.376968][ T8520] netlink: 12 bytes leftover after parsing attributes in process `syz.0.781'. [ 147.642746][ T8533] netlink: 'syz.0.787': attribute type 1 has an invalid length. [ 147.656853][ T8533] netlink: 236 bytes leftover after parsing attributes in process `syz.0.787'. [ 147.842384][ T8545] FAULT_INJECTION: forcing a failure. [ 147.842384][ T8545] name failslab, interval 1, probability 0, space 0, times 0 [ 147.881000][ T8545] CPU: 1 UID: 0 PID: 8545 Comm: syz.2.792 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 147.881025][ T8545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 147.881033][ T8545] Call Trace: [ 147.881041][ T8545] [ 147.881048][ T8545] dump_stack_lvl+0x189/0x250 [ 147.881076][ T8545] ? __pfx____ratelimit+0x10/0x10 [ 147.881099][ T8545] ? __pfx_dump_stack_lvl+0x10/0x10 [ 147.881121][ T8545] ? __pfx__printk+0x10/0x10 [ 147.881140][ T8545] ? __pfx___might_resched+0x10/0x10 [ 147.881164][ T8545] ? fs_reclaim_acquire+0x7d/0x100 [ 147.881187][ T8545] should_fail_ex+0x414/0x560 [ 147.881213][ T8545] should_failslab+0xa8/0x100 [ 147.881233][ T8545] __kmalloc_noprof+0xcb/0x4f0 [ 147.881248][ T8545] ? tomoyo_encode+0x28b/0x550 [ 147.881273][ T8545] tomoyo_encode+0x28b/0x550 [ 147.881300][ T8545] tomoyo_realpath_from_path+0x58d/0x5d0 [ 147.881323][ T8545] ? tomoyo_domain+0xd9/0x130 [ 147.881350][ T8545] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 147.881368][ T8545] tomoyo_path_number_perm+0x1e8/0x5a0 [ 147.881389][ T8545] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 147.881422][ T8545] ? __lock_acquire+0xab9/0xd20 [ 147.881460][ T8545] ? __fget_files+0x2a/0x420 [ 147.881479][ T8545] ? __fget_files+0x2a/0x420 [ 147.881494][ T8545] ? __fget_files+0x3a0/0x420 [ 147.881509][ T8545] ? __fget_files+0x2a/0x420 [ 147.881531][ T8545] security_file_ioctl+0xcb/0x2d0 [ 147.881552][ T8545] __se_sys_ioctl+0x47/0x170 [ 147.881576][ T8545] do_syscall_64+0xfa/0x3b0 [ 147.881590][ T8545] ? lockdep_hardirqs_on+0x9c/0x150 [ 147.881610][ T8545] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.881626][ T8545] ? clear_bhb_loop+0x60/0xb0 [ 147.881646][ T8545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.881669][ T8545] RIP: 0033:0x7f951278e929 [ 147.881684][ T8545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.881697][ T8545] RSP: 002b:00007f9513674038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 147.881716][ T8545] RAX: ffffffffffffffda RBX: 00007f95129b5fa0 RCX: 00007f951278e929 [ 147.881726][ T8545] RDX: 0000200000000480 RSI: 000000000000890b RDI: 0000000000000004 [ 147.881737][ T8545] RBP: 00007f9513674090 R08: 0000000000000000 R09: 0000000000000000 [ 147.881747][ T8545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 147.881756][ T8545] R13: 0000000000000000 R14: 00007f95129b5fa0 R15: 00007ffe9b336db8 [ 147.881784][ T8545] [ 147.881803][ T8545] ERROR: Out of memory at tomoyo_realpath_from_path. [ 148.787678][ T8584] netlink: 'syz.1.805': attribute type 10 has an invalid length. [ 148.847021][ T8584] batman_adv: batadv0: Removing interface: team0 [ 148.868653][ T8584] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.887521][ T8584] bond0: (slave team0): Enslaving as an active interface with an up link [ 148.937007][ T8593] FAULT_INJECTION: forcing a failure. [ 148.937007][ T8593] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 148.952173][ T8593] CPU: 1 UID: 0 PID: 8593 Comm: syz.0.809 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 148.952202][ T8593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 148.952212][ T8593] Call Trace: [ 148.952219][ T8593] [ 148.952227][ T8593] dump_stack_lvl+0x189/0x250 [ 148.952255][ T8593] ? __pfx____ratelimit+0x10/0x10 [ 148.952277][ T8593] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.952300][ T8593] ? __pfx__printk+0x10/0x10 [ 148.952327][ T8593] ? __might_fault+0xb0/0x130 [ 148.952355][ T8593] should_fail_ex+0x414/0x560 [ 148.952381][ T8593] _copy_from_user+0x2d/0xb0 [ 148.952399][ T8593] rose_rt_ioctl+0x25a/0xfb0 [ 148.952425][ T8593] ? __pfx_rose_rt_ioctl+0x10/0x10 [ 148.952457][ T8593] ? bpf_lsm_capable+0x9/0x20 [ 148.952472][ T8593] ? security_capable+0x7e/0x2e0 [ 148.952499][ T8593] rose_ioctl+0x3ce/0x8b0 [ 148.952518][ T8593] ? __pfx_rose_ioctl+0x10/0x10 [ 148.952547][ T8593] sock_do_ioctl+0xd9/0x300 [ 148.952573][ T8593] ? __pfx_sock_do_ioctl+0x10/0x10 [ 148.952592][ T8593] ? __lock_acquire+0xab9/0xd20 [ 148.952630][ T8593] sock_ioctl+0x576/0x790 [ 148.952654][ T8593] ? __pfx_sock_ioctl+0x10/0x10 [ 148.952675][ T8593] ? __fget_files+0x2a/0x420 [ 148.952692][ T8593] ? __fget_files+0x3a0/0x420 [ 148.952708][ T8593] ? __fget_files+0x2a/0x420 [ 148.952729][ T8593] ? bpf_lsm_file_ioctl+0x9/0x20 [ 148.952750][ T8593] ? __pfx_sock_ioctl+0x10/0x10 [ 148.952771][ T8593] __se_sys_ioctl+0xfc/0x170 [ 148.952795][ T8593] do_syscall_64+0xfa/0x3b0 [ 148.952810][ T8593] ? lockdep_hardirqs_on+0x9c/0x150 [ 148.952829][ T8593] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.952845][ T8593] ? clear_bhb_loop+0x60/0xb0 [ 148.952865][ T8593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.952881][ T8593] RIP: 0033:0x7fdbfef8e929 [ 148.952896][ T8593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.952909][ T8593] RSP: 002b:00007fdbffd7c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 148.952928][ T8593] RAX: ffffffffffffffda RBX: 00007fdbff1b5fa0 RCX: 00007fdbfef8e929 [ 148.952940][ T8593] RDX: 0000200000000480 RSI: 000000000000890b RDI: 0000000000000004 [ 148.952950][ T8593] RBP: 00007fdbffd7c090 R08: 0000000000000000 R09: 0000000000000000 [ 148.952960][ T8593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 148.952970][ T8593] R13: 0000000000000000 R14: 00007fdbff1b5fa0 R15: 00007fff91d39738 [ 148.952999][ T8593] [ 149.216844][ T8589] xt_ecn: cannot match TCP bits for non-tcp packets [ 149.308594][ T8597] __nla_validate_parse: 3 callbacks suppressed [ 149.308614][ T8597] netlink: 16 bytes leftover after parsing attributes in process `syz.3.810'. [ 149.616104][ T8610] netlink: 8 bytes leftover after parsing attributes in process `syz.2.817'. [ 149.721235][ T8615] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 149.986873][ T8631] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 150.011774][ T8633] netlink: 4 bytes leftover after parsing attributes in process `syz.2.824'. [ 150.030938][ T8631] netlink: 32 bytes leftover after parsing attributes in process `syz.3.823'. [ 150.226926][ T8633] macvtap1: entered promiscuous mode [ 150.264071][ T8633] vlan0: entered promiscuous mode [ 150.269688][ T8633] macvtap1: entered allmulticast mode [ 150.303053][ T8633] vlan0: entered allmulticast mode [ 150.308234][ T8633] veth0_vlan: entered allmulticast mode [ 150.479148][ T8657] netlink: 9932 bytes leftover after parsing attributes in process `syz.3.832'. [ 150.480080][ T8658] netlink: 'syz.2.830': attribute type 21 has an invalid length. [ 150.512767][ T8658] netlink: 132 bytes leftover after parsing attributes in process `syz.2.830'. [ 150.669645][ T8664] tipc: MTU too low for tipc bearer [ 150.679940][ T8665] netlink: 168 bytes leftover after parsing attributes in process `syz.0.833'. [ 151.034459][ T8676] netlink: 4 bytes leftover after parsing attributes in process `syz.3.839'. [ 151.104500][ T8686] netlink: 8 bytes leftover after parsing attributes in process `syz.4.840'. [ 151.223440][ T8692] FAULT_INJECTION: forcing a failure. [ 151.223440][ T8692] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 151.247964][ T8692] CPU: 0 UID: 0 PID: 8692 Comm: syz.1.844 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 151.247985][ T8692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 151.247992][ T8692] Call Trace: [ 151.247997][ T8692] [ 151.248003][ T8692] dump_stack_lvl+0x189/0x250 [ 151.248027][ T8692] ? __pfx____ratelimit+0x10/0x10 [ 151.248046][ T8692] ? __pfx_dump_stack_lvl+0x10/0x10 [ 151.248064][ T8692] ? __pfx__printk+0x10/0x10 [ 151.248077][ T8692] ? __might_fault+0xb0/0x130 [ 151.248102][ T8692] should_fail_ex+0x414/0x560 [ 151.248122][ T8692] _copy_from_user+0x2d/0xb0 [ 151.248136][ T8692] kstrtouint_from_user+0xc4/0x170 [ 151.248156][ T8692] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 151.248186][ T8692] proc_fail_nth_write+0x88/0x240 [ 151.248202][ T8692] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 151.248221][ T8692] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 151.248236][ T8692] vfs_write+0x27b/0xa90 [ 151.248262][ T8692] ? __pfx_vfs_write+0x10/0x10 [ 151.248281][ T8692] ? __fget_files+0x2a/0x420 [ 151.248298][ T8692] ? __fget_files+0x3a0/0x420 [ 151.248311][ T8692] ? __fget_files+0x2a/0x420 [ 151.248331][ T8692] ksys_write+0x145/0x250 [ 151.248342][ T8692] ? __fget_files+0x3a0/0x420 [ 151.248356][ T8692] ? __pfx_ksys_write+0x10/0x10 [ 151.248372][ T8692] ? do_syscall_64+0xbe/0x3b0 [ 151.248397][ T8692] do_syscall_64+0xfa/0x3b0 [ 151.248408][ T8692] ? lockdep_hardirqs_on+0x9c/0x150 [ 151.248424][ T8692] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.248436][ T8692] ? clear_bhb_loop+0x60/0xb0 [ 151.248452][ T8692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.248463][ T8692] RIP: 0033:0x7f817e18d3df [ 151.248476][ T8692] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 151.248485][ T8692] RSP: 002b:00007f817f0d5030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 151.248499][ T8692] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f817e18d3df [ 151.248509][ T8692] RDX: 0000000000000001 RSI: 00007f817f0d50a0 RDI: 0000000000000003 [ 151.248517][ T8692] RBP: 00007f817f0d5090 R08: 0000000000000000 R09: 0000000000000000 [ 151.248524][ T8692] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 151.248532][ T8692] R13: 0000000000000000 R14: 00007f817e3b5fa0 R15: 00007ffc5b4e9658 [ 151.248555][ T8692] [ 151.263052][ T8682] sctp: [Deprecated]: syz.4.840 (pid 8682) Use of struct sctp_assoc_value in delayed_ack socket option. [ 151.263052][ T8682] Use struct sctp_sack_info instead [ 151.613814][ T8704] netlink: 168 bytes leftover after parsing attributes in process `syz.1.848'. [ 151.714481][ T8708] netlink: 'syz.2.849': attribute type 7 has an invalid length. [ 152.107303][ T8730] team0: Device gtp0 is of different type [ 152.652871][ T8761] netlink: 'syz.3.866': attribute type 1 has an invalid length. [ 152.691327][ T8761] netlink: 'syz.3.866': attribute type 3 has an invalid length. [ 152.699028][ T8761] netlink: 'syz.3.866': attribute type 235 has an invalid length. [ 152.700125][ T8760] netlink: 'syz.3.866': attribute type 1 has an invalid length. [ 152.766169][ T8760] netlink: 'syz.3.866': attribute type 3 has an invalid length. [ 152.843533][ T8760] netlink: 'syz.3.866': attribute type 235 has an invalid length. [ 153.324844][ T8792] x_tables: duplicate underflow at hook 1 [ 153.389473][ T8792] xt_socket: unknown flags 0x3c [ 153.705871][ T8813] tipc: Enabling of bearer rejected, media not registered [ 154.176004][ T8840] FAULT_INJECTION: forcing a failure. [ 154.176004][ T8840] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 154.300857][ T8840] CPU: 0 UID: 0 PID: 8840 Comm: syz.3.894 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 154.300888][ T8840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 154.300899][ T8840] Call Trace: [ 154.300906][ T8840] [ 154.300915][ T8840] dump_stack_lvl+0x189/0x250 [ 154.300943][ T8840] ? __pfx____ratelimit+0x10/0x10 [ 154.300968][ T8840] ? __pfx_dump_stack_lvl+0x10/0x10 [ 154.300990][ T8840] ? __pfx__printk+0x10/0x10 [ 154.301021][ T8840] should_fail_ex+0x414/0x560 [ 154.301048][ T8840] _copy_to_user+0x31/0xb0 [ 154.301068][ T8840] simple_read_from_buffer+0xe1/0x170 [ 154.301091][ T8840] proc_fail_nth_read+0x1df/0x250 [ 154.301114][ T8840] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 154.301143][ T8840] ? rw_verify_area+0x258/0x650 [ 154.301165][ T8840] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 154.301186][ T8840] vfs_read+0x1fd/0x980 [ 154.301215][ T8840] ? __pfx___mutex_lock+0x10/0x10 [ 154.301231][ T8840] ? __pfx_vfs_read+0x10/0x10 [ 154.301255][ T8840] ? __fget_files+0x2a/0x420 [ 154.301278][ T8840] ? __fget_files+0x3a0/0x420 [ 154.301294][ T8840] ? __fget_files+0x2a/0x420 [ 154.301321][ T8840] ksys_read+0x145/0x250 [ 154.301339][ T8840] ? __pfx_ksys_read+0x10/0x10 [ 154.301367][ T8840] ? do_syscall_64+0xbe/0x3b0 [ 154.301386][ T8840] do_syscall_64+0xfa/0x3b0 [ 154.301400][ T8840] ? lockdep_hardirqs_on+0x9c/0x150 [ 154.301422][ T8840] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.301438][ T8840] ? clear_bhb_loop+0x60/0xb0 [ 154.301459][ T8840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.301475][ T8840] RIP: 0033:0x7f667e78d33c [ 154.301490][ T8840] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 154.301503][ T8840] RSP: 002b:00007f667f617030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 154.301521][ T8840] RAX: ffffffffffffffda RBX: 00007f667e9b5fa0 RCX: 00007f667e78d33c [ 154.301534][ T8840] RDX: 000000000000000f RSI: 00007f667f6170a0 RDI: 0000000000000003 [ 154.301544][ T8840] RBP: 00007f667f617090 R08: 0000000000000000 R09: 0000000000000000 [ 154.301554][ T8840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 154.301564][ T8840] R13: 0000000000000000 R14: 00007f667e9b5fa0 R15: 00007ffcd4129248 [ 154.301594][ T8840] [ 154.777881][ T8860] __nla_validate_parse: 7 callbacks suppressed [ 154.777898][ T8860] netlink: 20 bytes leftover after parsing attributes in process `syz.3.900'. [ 155.069477][ T8874] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 155.156096][ T8882] netlink: 16 bytes leftover after parsing attributes in process `syz.0.909'. [ 155.459945][ T8901] netlink: 4 bytes leftover after parsing attributes in process `syz.2.915'. [ 155.535670][ T8904] netlink: 12 bytes leftover after parsing attributes in process `syz.0.916'. [ 155.613383][ T8901] veth5: entered allmulticast mode [ 155.731683][ T8909] netlink: 'syz.4.917': attribute type 11 has an invalid length. [ 155.739621][ T8909] netlink: 224 bytes leftover after parsing attributes in process `syz.4.917'. [ 155.903851][ T8920] netlink: 36 bytes leftover after parsing attributes in process `syz.2.921'. [ 156.008077][ T8928] pimreg: left allmulticast mode [ 156.066539][ T8930] netlink: 76 bytes leftover after parsing attributes in process `syz.1.925'. [ 156.213100][ T8938] netlink: 'syz.3.928': attribute type 1 has an invalid length. [ 156.255232][ T8938] netlink: 220 bytes leftover after parsing attributes in process `syz.3.928'. [ 156.309976][ T8938] netlink: 'syz.3.928': attribute type 1 has an invalid length. [ 156.567000][ T8955] netlink: 'syz.2.935': attribute type 10 has an invalid length. [ 156.668641][ T8963] netlink: 20 bytes leftover after parsing attributes in process `syz.4.938'. [ 156.690969][ T8955] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 156.696358][ T8965] netlink: 144 bytes leftover after parsing attributes in process `syz.1.939'. [ 156.722185][ T8955] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 158.426696][ T9052] netlink: 'syz.4.966': attribute type 5 has an invalid length. [ 158.991659][ T9077] netlink: 'syz.0.976': attribute type 21 has an invalid length. [ 159.444736][ T9093] ipt_REJECT: TCP_RESET invalid for non-tcp [ 159.835663][ T9114] __nla_validate_parse: 18 callbacks suppressed [ 159.835683][ T9114] netlink: 14 bytes leftover after parsing attributes in process `syz.1.990'. [ 159.915130][ T9119] netlink: 20 bytes leftover after parsing attributes in process `syz.0.992'. [ 159.975337][ T9122] x_tables: duplicate underflow at hook 2 [ 160.126666][ T9130] netlink: 8 bytes leftover after parsing attributes in process `syz.3.995'. [ 160.163439][ T9114] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 160.174044][ T9114] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 160.184531][ T9114] bond0 (unregistering): (slave team0): Releasing backup interface [ 160.197426][ T9114] bond0 (unregistering): Released all slaves [ 160.218930][ T9120] syzkaller1: entered promiscuous mode [ 160.224855][ T9120] syzkaller1: entered allmulticast mode [ 160.376035][ T9136] netlink: 'syz.3.996': attribute type 9 has an invalid length. [ 160.427295][ T9140] netlink: 'syz.3.996': attribute type 9 has an invalid length. [ 160.530743][ T9136] netlink: 'syz.3.996': attribute type 4 has an invalid length. [ 160.585882][ T9140] netlink: 'syz.3.996': attribute type 4 has an invalid length. [ 160.799496][ T9158] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1004'. [ 161.152018][ T9173] dvmrp0: entered allmulticast mode [ 161.396661][ T9183] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1013'. [ 161.452576][ T9185] ip6erspan0: entered promiscuous mode [ 161.539663][ T9195] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1017'. [ 161.560083][ T9199] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1017'. [ 161.611488][ T9198] netlink: 'syz.2.1018': attribute type 1 has an invalid length. [ 161.619399][ T9198] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 161.668680][ T9198] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 161.697792][ T9203] FAULT_INJECTION: forcing a failure. [ 161.697792][ T9203] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 161.744135][ T9203] CPU: 0 UID: 0 PID: 9203 Comm: syz.0.1020 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 161.744161][ T9203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 161.744171][ T9203] Call Trace: [ 161.744178][ T9203] [ 161.744185][ T9203] dump_stack_lvl+0x189/0x250 [ 161.744215][ T9203] ? __pfx____ratelimit+0x10/0x10 [ 161.744237][ T9203] ? __pfx_dump_stack_lvl+0x10/0x10 [ 161.744259][ T9203] ? __pfx__printk+0x10/0x10 [ 161.744277][ T9203] ? __might_fault+0xb0/0x130 [ 161.744303][ T9203] should_fail_ex+0x414/0x560 [ 161.744329][ T9203] _copy_from_user+0x2d/0xb0 [ 161.744347][ T9203] ___sys_sendmsg+0x158/0x2a0 [ 161.744370][ T9203] ? __pfx____sys_sendmsg+0x10/0x10 [ 161.744431][ T9203] ? __fget_files+0x2a/0x420 [ 161.744449][ T9203] ? __fget_files+0x3a0/0x420 [ 161.744476][ T9203] __x64_sys_sendmsg+0x19b/0x260 [ 161.744497][ T9203] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 161.744527][ T9203] ? __pfx_ksys_write+0x10/0x10 [ 161.744540][ T9203] ? rcu_is_watching+0x15/0xb0 [ 161.744568][ T9203] ? do_syscall_64+0xbe/0x3b0 [ 161.744587][ T9203] do_syscall_64+0xfa/0x3b0 [ 161.744601][ T9203] ? lockdep_hardirqs_on+0x9c/0x150 [ 161.744623][ T9203] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.744639][ T9203] ? clear_bhb_loop+0x60/0xb0 [ 161.744658][ T9203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.744673][ T9203] RIP: 0033:0x7fdbfef8e929 [ 161.744688][ T9203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.744701][ T9203] RSP: 002b:00007fdbffd7c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 161.744719][ T9203] RAX: ffffffffffffffda RBX: 00007fdbff1b5fa0 RCX: 00007fdbfef8e929 [ 161.744731][ T9203] RDX: 0000000024005040 RSI: 0000200000000040 RDI: 0000000000000003 [ 161.744741][ T9203] RBP: 00007fdbffd7c090 R08: 0000000000000000 R09: 0000000000000000 [ 161.744752][ T9203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.744762][ T9203] R13: 0000000000000000 R14: 00007fdbff1b5fa0 R15: 00007fff91d39738 [ 161.744789][ T9203] [ 162.676158][ T9242] ip6gre1: entered allmulticast mode [ 162.686663][ T9241] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1030'. [ 162.864559][ T9254] FAULT_INJECTION: forcing a failure. [ 162.864559][ T9254] name failslab, interval 1, probability 0, space 0, times 0 [ 162.892598][ T9254] CPU: 1 UID: 0 PID: 9254 Comm: syz.1.1036 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 162.892624][ T9254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 162.892633][ T9254] Call Trace: [ 162.892640][ T9254] [ 162.892647][ T9254] dump_stack_lvl+0x189/0x250 [ 162.892674][ T9254] ? __pfx____ratelimit+0x10/0x10 [ 162.892696][ T9254] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.892718][ T9254] ? __pfx__printk+0x10/0x10 [ 162.892741][ T9254] ? __pfx___might_resched+0x10/0x10 [ 162.892769][ T9254] should_fail_ex+0x414/0x560 [ 162.892793][ T9254] should_failslab+0xa8/0x100 [ 162.892812][ T9254] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 162.892830][ T9254] ? __alloc_skb+0x112/0x2d0 [ 162.892852][ T9254] __alloc_skb+0x112/0x2d0 [ 162.892874][ T9254] netlink_sendmsg+0x5c6/0xb30 [ 162.892900][ T9254] ? __pfx_netlink_sendmsg+0x10/0x10 [ 162.892922][ T9254] ? aa_sock_msg_perm+0x94/0x160 [ 162.892945][ T9254] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 162.892964][ T9254] ? __pfx_netlink_sendmsg+0x10/0x10 [ 162.892983][ T9254] __sock_sendmsg+0x219/0x270 [ 162.893010][ T9254] ____sys_sendmsg+0x505/0x830 [ 162.893036][ T9254] ? __pfx_____sys_sendmsg+0x10/0x10 [ 162.893065][ T9254] ? import_iovec+0x74/0xa0 [ 162.893085][ T9254] ___sys_sendmsg+0x21f/0x2a0 [ 162.893107][ T9254] ? __pfx____sys_sendmsg+0x10/0x10 [ 162.893163][ T9254] ? __fget_files+0x2a/0x420 [ 162.893180][ T9254] ? __fget_files+0x3a0/0x420 [ 162.893208][ T9254] __x64_sys_sendmsg+0x19b/0x260 [ 162.893231][ T9254] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 162.893272][ T9254] ? __pfx_ksys_write+0x10/0x10 [ 162.893285][ T9254] ? rcu_is_watching+0x15/0xb0 [ 162.893313][ T9254] ? do_syscall_64+0xbe/0x3b0 [ 162.893332][ T9254] do_syscall_64+0xfa/0x3b0 [ 162.893346][ T9254] ? lockdep_hardirqs_on+0x9c/0x150 [ 162.893367][ T9254] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.893383][ T9254] ? clear_bhb_loop+0x60/0xb0 [ 162.893403][ T9254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.893419][ T9254] RIP: 0033:0x7f817e18e929 [ 162.893435][ T9254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.893448][ T9254] RSP: 002b:00007f817f0d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 162.893466][ T9254] RAX: ffffffffffffffda RBX: 00007f817e3b5fa0 RCX: 00007f817e18e929 [ 162.893478][ T9254] RDX: 0000000024005040 RSI: 0000200000000040 RDI: 0000000000000003 [ 162.893489][ T9254] RBP: 00007f817f0d5090 R08: 0000000000000000 R09: 0000000000000000 [ 162.893498][ T9254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.893508][ T9254] R13: 0000000000000000 R14: 00007f817e3b5fa0 R15: 00007ffc5b4e9658 [ 162.893535][ T9254] [ 163.531823][ T9274] openvswitch: netlink: EtherType 0 is less than min 600 [ 163.649533][ T9287] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1048'. [ 163.663610][ T9285] delete_channel: no stack [ 163.992759][ T9305] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1052'. [ 164.910646][ T9355] __nla_validate_parse: 2 callbacks suppressed [ 164.910666][ T9355] netlink: 192 bytes leftover after parsing attributes in process `syz.0.1072'. [ 165.102597][ T9365] netlink: 'syz.2.1073': attribute type 4 has an invalid length. [ 165.176607][ T9365] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1073'. [ 165.207478][ T9370] netlink: 192 bytes leftover after parsing attributes in process `syz.3.1075'. [ 165.369156][ T9376] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1076'. [ 165.500783][ T9385] xt_TPROXY: Can be used only with -p tcp or -p udp [ 165.509977][ T9388] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1082'. [ 165.526718][ T9389] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1080'. [ 165.632633][ T9394] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1076'. [ 165.694623][ T9394] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1076'. [ 165.950596][ T9406] netlink: 192 bytes leftover after parsing attributes in process `syz.4.1086'. [ 165.981936][ T9410] netlink: 203516 bytes leftover after parsing attributes in process `syz.3.1085'. [ 166.010418][ T9410] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16) [ 166.045270][ T9410] openvswitch: netlink: Duplicate key (type 0). [ 167.166494][ T9465] syzkaller0: entered promiscuous mode [ 167.217589][ T9465] syzkaller0: entered allmulticast mode [ 167.233171][ T9477] netlink: 'syz.2.1107': attribute type 10 has an invalid length. [ 167.338506][ T9465] netlink: 'syz.2.1107': attribute type 21 has an invalid length. [ 169.662032][ T9537] netlink: 'syz.0.1130': attribute type 1 has an invalid length. [ 170.104932][ T9557] __nla_validate_parse: 2 callbacks suppressed [ 170.104949][ T9557] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1138'. [ 170.419727][ T9572] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1143'. [ 170.438389][ T9572] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1143'. [ 170.660923][ T9589] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 170.751157][ T9589] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 170.876522][ T9603] netlink: 152064 bytes leftover after parsing attributes in process `syz.4.1154'. [ 170.918497][ T9603] netlink: zone id is out of range [ 170.926364][ T9603] netlink: zone id is out of range [ 170.962365][ T9603] netlink: zone id is out of range [ 170.980340][ T9603] netlink: zone id is out of range [ 170.998107][ T9603] netlink: zone id is out of range [ 171.026657][ T9610] netlink: 'syz.4.1154': attribute type 10 has an invalid length. [ 171.044732][ T9603] netlink: zone id is out of range [ 171.049085][ T9615] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1155'. [ 171.049880][ T9603] netlink: zone id is out of range [ 171.077426][ T9614] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1157'. [ 171.098289][ T9617] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1158'. [ 171.141672][ T9603] netlink: zone id is out of range [ 171.157717][ T9610] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.206169][ T9626] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1155'. [ 171.446172][ T9632] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1160'. [ 171.484634][ T9633] ieee802154 phy0 wpan0: encryption failed: -22 [ 171.507841][ T9634] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1161'. [ 171.556270][ T9636] bond0: entered promiscuous mode [ 171.579166][ T9636] bond0: entered allmulticast mode [ 171.603874][ T9636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.625914][ T9637] bond0: option mode: unable to set because the bond device is up [ 171.830893][ T9655] netlink: 'syz.0.1168': attribute type 1 has an invalid length. [ 172.263098][ T9684] netlink: 'syz.3.1178': attribute type 5 has an invalid length. [ 172.963409][ T9709] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 173.391578][ T9724] ipt_ECN: cannot use operation on non-tcp rule [ 173.995533][ T9758] FAULT_INJECTION: forcing a failure. [ 173.995533][ T9758] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 174.009273][ T9758] CPU: 1 UID: 0 PID: 9758 Comm: syz.1.1210 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 174.009296][ T9758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 174.009307][ T9758] Call Trace: [ 174.009315][ T9758] [ 174.009322][ T9758] dump_stack_lvl+0x189/0x250 [ 174.009350][ T9758] ? __pfx____ratelimit+0x10/0x10 [ 174.009373][ T9758] ? __pfx_dump_stack_lvl+0x10/0x10 [ 174.009395][ T9758] ? __pfx__printk+0x10/0x10 [ 174.009413][ T9758] ? __might_fault+0xb0/0x130 [ 174.009440][ T9758] should_fail_ex+0x414/0x560 [ 174.009466][ T9758] _copy_from_user+0x2d/0xb0 [ 174.009484][ T9758] ___sys_sendmsg+0x158/0x2a0 [ 174.009507][ T9758] ? __pfx____sys_sendmsg+0x10/0x10 [ 174.009562][ T9758] ? __fget_files+0x2a/0x420 [ 174.009578][ T9758] ? __fget_files+0x3a0/0x420 [ 174.009606][ T9758] __x64_sys_sendmsg+0x19b/0x260 [ 174.009628][ T9758] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 174.009657][ T9758] ? __pfx_ksys_write+0x10/0x10 [ 174.009677][ T9758] ? rcu_is_watching+0x15/0xb0 [ 174.009705][ T9758] ? do_syscall_64+0xbe/0x3b0 [ 174.009725][ T9758] do_syscall_64+0xfa/0x3b0 [ 174.009739][ T9758] ? lockdep_hardirqs_on+0x9c/0x150 [ 174.009761][ T9758] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.009777][ T9758] ? clear_bhb_loop+0x60/0xb0 [ 174.009797][ T9758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.009813][ T9758] RIP: 0033:0x7f817e18e929 [ 174.009828][ T9758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.009842][ T9758] RSP: 002b:00007f817f0d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 174.009860][ T9758] RAX: ffffffffffffffda RBX: 00007f817e3b5fa0 RCX: 00007f817e18e929 [ 174.009872][ T9758] RDX: 9590f6cc3ea35512 RSI: 0000200000000000 RDI: 0000000000000003 [ 174.009884][ T9758] RBP: 00007f817f0d5090 R08: 0000000000000000 R09: 0000000000000000 [ 174.009894][ T9758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 174.009904][ T9758] R13: 0000000000000000 R14: 00007f817e3b5fa0 R15: 00007ffc5b4e9658 [ 174.009932][ T9758] [ 174.495132][ T9773] FAULT_INJECTION: forcing a failure. [ 174.495132][ T9773] name failslab, interval 1, probability 0, space 0, times 0 [ 174.521894][ T9773] CPU: 1 UID: 0 PID: 9773 Comm: syz.1.1217 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 174.521919][ T9773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 174.521929][ T9773] Call Trace: [ 174.521937][ T9773] [ 174.521944][ T9773] dump_stack_lvl+0x189/0x250 [ 174.521972][ T9773] ? __pfx____ratelimit+0x10/0x10 [ 174.521996][ T9773] ? __pfx_dump_stack_lvl+0x10/0x10 [ 174.522019][ T9773] ? __pfx__printk+0x10/0x10 [ 174.522043][ T9773] ? __pfx___might_resched+0x10/0x10 [ 174.522065][ T9773] ? fs_reclaim_acquire+0x7d/0x100 [ 174.522088][ T9773] should_fail_ex+0x414/0x560 [ 174.522114][ T9773] should_failslab+0xa8/0x100 [ 174.522134][ T9773] __kmalloc_cache_noprof+0x70/0x3d0 [ 174.522149][ T9773] ? ipv6_add_addr+0x530/0x1090 [ 174.522169][ T9773] ipv6_add_addr+0x530/0x1090 [ 174.522192][ T9773] ? __pfx_ipv6_add_addr+0x10/0x10 [ 174.522221][ T9773] inet6_addr_add+0x387/0xc00 [ 174.522247][ T9773] ? __pfx_inet6_addr_add+0x10/0x10 [ 174.522268][ T9773] ? ipv6_get_ifaddr+0x1ea/0x790 [ 174.522295][ T9773] ? ipv6_get_ifaddr+0x69c/0x790 [ 174.522319][ T9773] ? ipv6_get_ifaddr+0x1ea/0x790 [ 174.522342][ T9773] ? __pfx_ipv6_get_ifaddr+0x10/0x10 [ 174.522431][ T9773] ? lockdep_rtnl_is_held+0x26/0x40 [ 174.522457][ T9773] inet6_rtm_newaddr+0x93d/0xd20 [ 174.522488][ T9773] ? __pfx_inet6_rtm_newaddr+0x10/0x10 [ 174.522537][ T9773] ? __pfx_inet6_rtm_newaddr+0x10/0x10 [ 174.522558][ T9773] rtnetlink_rcv_msg+0x7cf/0xb70 [ 174.522580][ T9773] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 174.522594][ T9773] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 174.522626][ T9773] netlink_rcv_skb+0x205/0x470 [ 174.522645][ T9773] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 174.522662][ T9773] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 174.522688][ T9773] ? netlink_deliver_tap+0x2e/0x1b0 [ 174.522705][ T9773] ? netlink_deliver_tap+0x2e/0x1b0 [ 174.522726][ T9773] netlink_unicast+0x758/0x8d0 [ 174.522748][ T9773] netlink_sendmsg+0x805/0xb30 [ 174.522772][ T9773] ? __pfx_netlink_sendmsg+0x10/0x10 [ 174.522792][ T9773] ? aa_sock_msg_perm+0x94/0x160 [ 174.522812][ T9773] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 174.522831][ T9773] ? __pfx_netlink_sendmsg+0x10/0x10 [ 174.522847][ T9773] __sock_sendmsg+0x219/0x270 [ 174.522871][ T9773] ____sys_sendmsg+0x505/0x830 [ 174.522894][ T9773] ? __pfx_____sys_sendmsg+0x10/0x10 [ 174.522919][ T9773] ? import_iovec+0x74/0xa0 [ 174.522937][ T9773] ___sys_sendmsg+0x21f/0x2a0 [ 174.522958][ T9773] ? __pfx____sys_sendmsg+0x10/0x10 [ 174.523010][ T9773] ? __fget_files+0x2a/0x420 [ 174.523026][ T9773] ? __fget_files+0x3a0/0x420 [ 174.523053][ T9773] __x64_sys_sendmsg+0x19b/0x260 [ 174.523075][ T9773] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 174.523103][ T9773] ? __pfx_ksys_write+0x10/0x10 [ 174.523116][ T9773] ? rcu_is_watching+0x15/0xb0 [ 174.523143][ T9773] ? do_syscall_64+0xbe/0x3b0 [ 174.523161][ T9773] do_syscall_64+0xfa/0x3b0 [ 174.523173][ T9773] ? lockdep_hardirqs_on+0x9c/0x150 [ 174.523192][ T9773] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.523209][ T9773] ? clear_bhb_loop+0x60/0xb0 [ 174.523229][ T9773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.523245][ T9773] RIP: 0033:0x7f817e18e929 [ 174.523259][ T9773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.523270][ T9773] RSP: 002b:00007f817f0d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 174.523288][ T9773] RAX: ffffffffffffffda RBX: 00007f817e3b5fa0 RCX: 00007f817e18e929 [ 174.523300][ T9773] RDX: 0000000024005040 RSI: 0000200000000040 RDI: 0000000000000003 [ 174.523309][ T9773] RBP: 00007f817f0d5090 R08: 0000000000000000 R09: 0000000000000000 [ 174.523319][ T9773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 174.523327][ T9773] R13: 0000000000000000 R14: 00007f817e3b5fa0 R15: 00007ffc5b4e9658 [ 174.523353][ T9773] [ 175.426163][ T9808] FAULT_INJECTION: forcing a failure. [ 175.426163][ T9808] name failslab, interval 1, probability 0, space 0, times 0 [ 175.440785][ T9808] CPU: 0 UID: 0 PID: 9808 Comm: syz.4.1225 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 175.440811][ T9808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 175.440821][ T9808] Call Trace: [ 175.440829][ T9808] [ 175.440837][ T9808] dump_stack_lvl+0x189/0x250 [ 175.440865][ T9808] ? __pfx____ratelimit+0x10/0x10 [ 175.440888][ T9808] ? __pfx_dump_stack_lvl+0x10/0x10 [ 175.440910][ T9808] ? __pfx__printk+0x10/0x10 [ 175.440933][ T9808] ? __pfx___might_resched+0x10/0x10 [ 175.440961][ T9808] should_fail_ex+0x414/0x560 [ 175.440987][ T9808] should_failslab+0xa8/0x100 [ 175.441006][ T9808] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 175.441023][ T9808] ? __alloc_skb+0x112/0x2d0 [ 175.441046][ T9808] __alloc_skb+0x112/0x2d0 [ 175.441068][ T9808] netlink_sendmsg+0x5c6/0xb30 [ 175.441097][ T9808] ? __pfx_netlink_sendmsg+0x10/0x10 [ 175.441119][ T9808] ? aa_sock_msg_perm+0x94/0x160 [ 175.441141][ T9808] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 175.441160][ T9808] ? __pfx_netlink_sendmsg+0x10/0x10 [ 175.441180][ T9808] __sock_sendmsg+0x219/0x270 [ 175.441207][ T9808] ____sys_sendmsg+0x505/0x830 [ 175.441233][ T9808] ? __pfx_____sys_sendmsg+0x10/0x10 [ 175.441283][ T9808] ? import_iovec+0x74/0xa0 [ 175.441304][ T9808] ___sys_sendmsg+0x21f/0x2a0 [ 175.441326][ T9808] ? __pfx____sys_sendmsg+0x10/0x10 [ 175.441382][ T9808] ? __fget_files+0x2a/0x420 [ 175.441399][ T9808] ? __fget_files+0x3a0/0x420 [ 175.441427][ T9808] __x64_sys_sendmsg+0x19b/0x260 [ 175.441451][ T9808] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 175.441479][ T9808] ? __pfx_ksys_write+0x10/0x10 [ 175.441493][ T9808] ? rcu_is_watching+0x15/0xb0 [ 175.441521][ T9808] ? do_syscall_64+0xbe/0x3b0 [ 175.441547][ T9808] do_syscall_64+0xfa/0x3b0 [ 175.441562][ T9808] ? lockdep_hardirqs_on+0x9c/0x150 [ 175.441583][ T9808] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.441600][ T9808] ? clear_bhb_loop+0x60/0xb0 [ 175.441620][ T9808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.441635][ T9808] RIP: 0033:0x7fd221b8e929 [ 175.441651][ T9808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.441664][ T9808] RSP: 002b:00007fd2229f4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 175.441682][ T9808] RAX: ffffffffffffffda RBX: 00007fd221db5fa0 RCX: 00007fd221b8e929 [ 175.441694][ T9808] RDX: 9590f6cc3ea35512 RSI: 0000200000000000 RDI: 0000000000000003 [ 175.441705][ T9808] RBP: 00007fd2229f4090 R08: 0000000000000000 R09: 0000000000000000 [ 175.441716][ T9808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 175.441725][ T9808] R13: 0000000000000000 R14: 00007fd221db5fa0 R15: 00007ffe4787e518 [ 175.441753][ T9808] [ 175.752820][ T9812] Bluetooth: MGMT ver 1.23 [ 175.904391][ T9814] __nla_validate_parse: 14 callbacks suppressed [ 175.904408][ T9814] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1229'. [ 176.227283][ T9832] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1238'. [ 176.312541][ T9837] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1241'. [ 176.331000][ T9837] netlink: 205384 bytes leftover after parsing attributes in process `syz.3.1241'. [ 176.353095][ T9837] netlink: 7 bytes leftover after parsing attributes in process `syz.3.1241'. [ 176.363040][ T9837] netlink: 7 bytes leftover after parsing attributes in process `syz.3.1241'. [ 176.377810][ T9837] netlink: 7 bytes leftover after parsing attributes in process `syz.3.1241'. [ 176.388683][ T9837] netlink: 7 bytes leftover after parsing attributes in process `syz.3.1241'. [ 176.402699][ T9837] netlink: 7 bytes leftover after parsing attributes in process `syz.3.1241'. [ 176.413978][ T9837] netlink: 7 bytes leftover after parsing attributes in process `syz.3.1241'. [ 176.826102][ T9859] netlink: 'syz.0.1249': attribute type 21 has an invalid length. [ 177.093380][ T9868] FAULT_INJECTION: forcing a failure. [ 177.093380][ T9868] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 177.170160][ T9868] CPU: 0 UID: 0 PID: 9868 Comm: syz.3.1253 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 177.170186][ T9868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 177.170195][ T9868] Call Trace: [ 177.170201][ T9868] [ 177.170209][ T9868] dump_stack_lvl+0x189/0x250 [ 177.170236][ T9868] ? __pfx____ratelimit+0x10/0x10 [ 177.170260][ T9868] ? __pfx_dump_stack_lvl+0x10/0x10 [ 177.170282][ T9868] ? __pfx__printk+0x10/0x10 [ 177.170300][ T9868] ? __might_fault+0xb0/0x130 [ 177.170327][ T9868] should_fail_ex+0x414/0x560 [ 177.170352][ T9868] _copy_from_iter+0x1db/0x16f0 [ 177.170378][ T9868] ? rcu_is_watching+0x15/0xb0 [ 177.170402][ T9868] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 177.170420][ T9868] ? __pfx__copy_from_iter+0x10/0x10 [ 177.170442][ T9868] ? __build_skb_around+0x257/0x3e0 [ 177.170462][ T9868] ? netlink_sendmsg+0x642/0xb30 [ 177.170477][ T9868] ? skb_put+0x11b/0x210 [ 177.170497][ T9868] netlink_sendmsg+0x6b2/0xb30 [ 177.170522][ T9868] ? __pfx_netlink_sendmsg+0x10/0x10 [ 177.170541][ T9868] ? aa_sock_msg_perm+0x94/0x160 [ 177.170561][ T9868] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 177.170578][ T9868] ? __pfx_netlink_sendmsg+0x10/0x10 [ 177.170596][ T9868] __sock_sendmsg+0x219/0x270 [ 177.170619][ T9868] ____sys_sendmsg+0x505/0x830 [ 177.170642][ T9868] ? __pfx_____sys_sendmsg+0x10/0x10 [ 177.170668][ T9868] ? import_iovec+0x74/0xa0 [ 177.170686][ T9868] ___sys_sendmsg+0x21f/0x2a0 [ 177.170706][ T9868] ? __pfx____sys_sendmsg+0x10/0x10 [ 177.170759][ T9868] ? __fget_files+0x2a/0x420 [ 177.170774][ T9868] ? __fget_files+0x3a0/0x420 [ 177.170801][ T9868] __x64_sys_sendmsg+0x19b/0x260 [ 177.170822][ T9868] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 177.170849][ T9868] ? __pfx_ksys_write+0x10/0x10 [ 177.170861][ T9868] ? rcu_is_watching+0x15/0xb0 [ 177.170886][ T9868] ? do_syscall_64+0xbe/0x3b0 [ 177.170905][ T9868] do_syscall_64+0xfa/0x3b0 [ 177.170918][ T9868] ? lockdep_hardirqs_on+0x9c/0x150 [ 177.170941][ T9868] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.170957][ T9868] ? clear_bhb_loop+0x60/0xb0 [ 177.170975][ T9868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.170990][ T9868] RIP: 0033:0x7f667e78e929 [ 177.171005][ T9868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.171018][ T9868] RSP: 002b:00007f667f617038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 177.171035][ T9868] RAX: ffffffffffffffda RBX: 00007f667e9b5fa0 RCX: 00007f667e78e929 [ 177.171046][ T9868] RDX: 9590f6cc3ea35512 RSI: 0000200000000000 RDI: 0000000000000003 [ 177.171056][ T9868] RBP: 00007f667f617090 R08: 0000000000000000 R09: 0000000000000000 [ 177.171065][ T9868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 177.171072][ T9868] R13: 0000000000000000 R14: 00007f667e9b5fa0 R15: 00007ffcd4129248 [ 177.171096][ T9868] [ 177.626229][ T9884] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 178.061745][ T9908] ================================================================== [ 178.069857][ T9908] BUG: KASAN: slab-use-after-free in rose_get_neigh+0x391/0x990 [ 178.077489][ T9908] Read of size 1 at addr ffff88803377b430 by task syz.0.1265/9908 [ 178.085281][ T9908] [ 178.087599][ T9908] CPU: 1 UID: 0 PID: 9908 Comm: syz.0.1265 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 178.087617][ T9908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 178.087625][ T9908] Call Trace: [ 178.087633][ T9908] [ 178.087640][ T9908] dump_stack_lvl+0x189/0x250 [ 178.087662][ T9908] ? __virt_addr_valid+0x1c8/0x5c0 [ 178.087675][ T9908] ? rcu_is_watching+0x15/0xb0 [ 178.087693][ T9908] ? __kasan_check_byte+0x12/0x40 [ 178.087707][ T9908] ? __pfx_dump_stack_lvl+0x10/0x10 [ 178.087724][ T9908] ? rcu_is_watching+0x15/0xb0 [ 178.087741][ T9908] ? lock_release+0x4b/0x3e0 [ 178.087758][ T9908] ? __virt_addr_valid+0x1c8/0x5c0 [ 178.087770][ T9908] ? __virt_addr_valid+0x4a5/0x5c0 [ 178.087782][ T9908] print_report+0xd2/0x2b0 [ 178.087799][ T9908] ? rose_get_neigh+0x391/0x990 [ 178.087816][ T9908] kasan_report+0x118/0x150 [ 178.087829][ T9908] ? rose_get_neigh+0x391/0x990 [ 178.087848][ T9908] rose_get_neigh+0x391/0x990 [ 178.087868][ T9908] rose_connect+0x416/0x10a0 [ 178.087884][ T9908] ? __pfx_current_check_access_socket+0x10/0x10 [ 178.087902][ T9908] ? aa_sk_perm+0x81e/0x950 [ 178.087915][ T9908] ? __might_fault+0xb0/0x130 [ 178.087927][ T9908] ? __pfx_rose_connect+0x10/0x10 [ 178.087942][ T9908] ? aa_af_perm+0x1f0/0x2b0 [ 178.087955][ T9908] ? tomoyo_socket_connect_permission+0x164/0x290 [ 178.087975][ T9908] ? bpf_lsm_socket_connect+0x9/0x20 [ 178.087991][ T9908] __sys_connect+0x313/0x440 [ 178.088006][ T9908] ? __pfx___sys_connect+0x10/0x10 [ 178.088022][ T9908] ? rcu_is_watching+0x15/0xb0 [ 178.088041][ T9908] __x64_sys_connect+0x7a/0x90 [ 178.088077][ T9908] do_syscall_64+0xfa/0x3b0 [ 178.088091][ T9908] ? lockdep_hardirqs_on+0x9c/0x150 [ 178.088108][ T9908] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.088121][ T9908] ? clear_bhb_loop+0x60/0xb0 [ 178.088135][ T9908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.088149][ T9908] RIP: 0033:0x7fdbfef8e929 [ 178.088161][ T9908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.088172][ T9908] RSP: 002b:00007fdbffd7c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 178.088187][ T9908] RAX: ffffffffffffffda RBX: 00007fdbff1b5fa0 RCX: 00007fdbfef8e929 [ 178.088198][ T9908] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000004 [ 178.088206][ T9908] RBP: 00007fdbff010b39 R08: 0000000000000000 R09: 0000000000000000 [ 178.088215][ T9908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 178.088223][ T9908] R13: 0000000000000000 R14: 00007fdbff1b5fa0 R15: 00007fff91d39738 [ 178.088238][ T9908] [ 178.088243][ T9908] [ 178.347628][ T9908] Allocated by task 9391: [ 178.351940][ T9908] kasan_save_track+0x3e/0x80 [ 178.356610][ T9908] __kasan_kmalloc+0x93/0xb0 [ 178.361186][ T9908] __kmalloc_cache_noprof+0x230/0x3d0 [ 178.366541][ T9908] __genradix_ptr_alloc+0x352/0x4a0 [ 178.371728][ T9908] __genradix_prealloc+0x44/0x90 [ 178.376652][ T9908] sctp_stream_init+0x14b/0x440 [ 178.381494][ T9908] sctp_association_new+0x10dd/0x25f0 [ 178.386852][ T9908] sctp_connect_new_asoc+0x2c5/0x690 [ 178.392145][ T9908] __sctp_connect+0x5ba/0xd50 [ 178.396808][ T9908] sctp_getsockopt_connectx3+0x2c4/0x440 [ 178.402439][ T9908] sctp_getsockopt+0x98a/0xb60 [ 178.407239][ T9908] do_sock_getsockopt+0x35d/0x650 [ 178.412265][ T9908] __x64_sys_getsockopt+0x1a5/0x250 [ 178.417550][ T9908] do_syscall_64+0xfa/0x3b0 [ 178.422047][ T9908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.427931][ T9908] [ 178.430245][ T9908] Freed by task 9391: [ 178.434209][ T9908] kasan_save_track+0x3e/0x80 [ 178.438881][ T9908] kasan_save_free_info+0x46/0x50 [ 178.443898][ T9908] __kasan_slab_free+0x62/0x70 [ 178.448662][ T9908] kfree+0x18e/0x440 [ 178.452638][ T9908] genradix_free_recurse+0x5d/0xa0 [ 178.457739][ T9908] genradix_free_recurse+0x5d/0xa0 [ 178.462837][ T9908] sctp_stream_free+0xd5/0x110 [ 178.467595][ T9908] sctp_association_free+0x26d/0x7f0 [ 178.472873][ T9908] sctp_do_sm+0x3eba/0x5a20 [ 178.477370][ T9908] sctp_primitive_SHUTDOWN+0x98/0xc0 [ 178.482649][ T9908] sctp_close+0x409/0x900 [ 178.486972][ T9908] inet_release+0x184/0x210 [ 178.491466][ T9908] sock_close+0xc0/0x240 [ 178.495700][ T9908] __fput+0x44c/0xa70 [ 178.499669][ T9908] task_work_run+0x1d1/0x260 [ 178.504247][ T9908] get_signal+0x11ed/0x1340 [ 178.508741][ T9908] arch_do_signal_or_restart+0x9a/0x750 [ 178.514276][ T9908] exit_to_user_mode_loop+0x75/0x110 [ 178.519555][ T9908] do_syscall_64+0x2bd/0x3b0 [ 178.524132][ T9908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.530013][ T9908] [ 178.532360][ T9908] The buggy address belongs to the object at ffff88803377b400 [ 178.532360][ T9908] which belongs to the cache kmalloc-512 of size 512 [ 178.546403][ T9908] The buggy address is located 48 bytes inside of [ 178.546403][ T9908] freed 512-byte region [ffff88803377b400, ffff88803377b600) [ 178.560101][ T9908] [ 178.562414][ T9908] The buggy address belongs to the physical page: [ 178.568826][ T9908] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803377b400 pfn:0x33778 [ 178.578967][ T9908] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 178.587459][ T9908] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 178.595980][ T9908] page_type: f5(slab) [ 178.599955][ T9908] raw: 00fff00000000240 ffff88801a441c80 ffffea0000d04810 ffffea0001795610 [ 178.608539][ T9908] raw: ffff88803377b400 0000000000100008 00000000f5000000 0000000000000000 [ 178.617131][ T9908] head: 00fff00000000240 ffff88801a441c80 ffffea0000d04810 ffffea0001795610 [ 178.625917][ T9908] head: ffff88803377b400 0000000000100008 00000000f5000000 0000000000000000 [ 178.634608][ T9908] head: 00fff00000000002 ffffea0000cdde01 00000000ffffffff 00000000ffffffff [ 178.643265][ T9908] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 178.651918][ T9908] page dumped because: kasan: bad access detected [ 178.658332][ T9908] page_owner tracks the page as allocated [ 178.664120][ T9908] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5839, tgid 5839 (syz-executor), ts 86392771464, free_ts 86367773588 [ 178.685478][ T9908] post_alloc_hook+0x240/0x2a0 [ 178.690242][ T9908] get_page_from_freelist+0x21e4/0x22c0 [ 178.695873][ T9908] __alloc_frozen_pages_noprof+0x181/0x370 [ 178.701760][ T9908] alloc_pages_mpol+0x232/0x4a0 [ 178.706598][ T9908] allocate_slab+0x8a/0x3b0 [ 178.711117][ T9908] ___slab_alloc+0xbfc/0x1480 [ 178.715779][ T9908] __kmalloc_node_track_caller_noprof+0x2f8/0x4e0 [ 178.722224][ T9908] kmemdup_array+0x3f/0x80 [ 178.726634][ T9908] ip6t_register_table+0x286/0x7d0 [ 178.731827][ T9908] ip6table_mangle_table_init+0x41/0x70 [ 178.737362][ T9908] xt_find_table_lock+0x309/0x3e0 [ 178.742378][ T9908] xt_request_find_table_lock+0x26/0x100 [ 178.748029][ T9908] do_ip6t_get_ctl+0x730/0x1180 [ 178.753303][ T9908] nf_getsockopt+0x26b/0x290 [ 178.757887][ T9908] ipv6_getsockopt+0x1ed/0x290 [ 178.762641][ T9908] do_sock_getsockopt+0x35d/0x650 [ 178.767655][ T9908] page last free pid 5844 tgid 5844 stack trace: [ 178.774064][ T9908] __free_frozen_pages+0xc71/0xe70 [ 178.779359][ T9908] __slab_free+0x326/0x400 [ 178.783843][ T9908] qlist_free_all+0x97/0x140 [ 178.788454][ T9908] kasan_quarantine_reduce+0x148/0x160 [ 178.793911][ T9908] __kasan_slab_alloc+0x22/0x80 [ 178.798751][ T9908] __kmalloc_cache_node_noprof+0x1c0/0x3d0 [ 178.804539][ T9908] __get_vm_area_node+0x13f/0x300 [ 178.809547][ T9908] __vmalloc_node_range_noprof+0x301/0x12f0 [ 178.815426][ T9908] vzalloc_noprof+0xb2/0xf0 [ 178.819914][ T9908] alloc_counters+0xd3/0x6d0 [ 178.824492][ T9908] do_ipt_get_ctl+0xaac/0x1180 [ 178.829244][ T9908] nf_getsockopt+0x26b/0x290 [ 178.833820][ T9908] ip_getsockopt+0x1c4/0x220 [ 178.838393][ T9908] do_sock_getsockopt+0x35d/0x650 [ 178.843405][ T9908] __x64_sys_getsockopt+0x1a5/0x250 [ 178.848592][ T9908] do_syscall_64+0xfa/0x3b0 [ 178.853097][ T9908] [ 178.855403][ T9908] Memory state around the buggy address: [ 178.861022][ T9908] ffff88803377b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.869071][ T9908] ffff88803377b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.877116][ T9908] >ffff88803377b400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 178.885161][ T9908] ^ [ 178.890776][ T9908] ffff88803377b480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 178.898818][ T9908] ffff88803377b500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 178.906867][ T9908] ================================================================== [ 178.915106][ T9908] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 178.922323][ T9908] CPU: 1 UID: 0 PID: 9908 Comm: syz.0.1265 Not tainted 6.16.0-rc2-syzkaller-00167-g7544f3f5b0b5 #0 PREEMPT(full) [ 178.934306][ T9908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 178.944375][ T9908] Call Trace: [ 178.947653][ T9908] [ 178.950577][ T9908] dump_stack_lvl+0x99/0x250 [ 178.955170][ T9908] ? __asan_memcpy+0x40/0x70 [ 178.959756][ T9908] ? __pfx_dump_stack_lvl+0x10/0x10 [ 178.964963][ T9908] ? __pfx__printk+0x10/0x10 [ 178.969580][ T9908] panic+0x2db/0x790 [ 178.973484][ T9908] ? __pfx_panic+0x10/0x10 [ 178.977905][ T9908] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 178.983806][ T9908] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 178.989702][ T9908] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 178.996026][ T9908] ? print_memory_metadata+0x314/0x400 [ 179.001482][ T9908] ? rose_get_neigh+0x391/0x990 [ 179.006328][ T9908] check_panic_on_warn+0x89/0xb0 [ 179.011259][ T9908] ? rose_get_neigh+0x391/0x990 [ 179.016101][ T9908] end_report+0x78/0x160 [ 179.020335][ T9908] kasan_report+0x129/0x150 [ 179.024833][ T9908] ? rose_get_neigh+0x391/0x990 [ 179.029678][ T9908] rose_get_neigh+0x391/0x990 [ 179.034351][ T9908] rose_connect+0x416/0x10a0 [ 179.038928][ T9908] ? __pfx_current_check_access_socket+0x10/0x10 [ 179.045250][ T9908] ? aa_sk_perm+0x81e/0x950 [ 179.049829][ T9908] ? __might_fault+0xb0/0x130 [ 179.054492][ T9908] ? __pfx_rose_connect+0x10/0x10 [ 179.059507][ T9908] ? aa_af_perm+0x1f0/0x2b0 [ 179.063997][ T9908] ? tomoyo_socket_connect_permission+0x164/0x290 [ 179.070422][ T9908] ? bpf_lsm_socket_connect+0x9/0x20 [ 179.075696][ T9908] __sys_connect+0x313/0x440 [ 179.080290][ T9908] ? __pfx___sys_connect+0x10/0x10 [ 179.085425][ T9908] ? rcu_is_watching+0x15/0xb0 [ 179.090194][ T9908] __x64_sys_connect+0x7a/0x90 [ 179.094957][ T9908] do_syscall_64+0xfa/0x3b0 [ 179.099446][ T9908] ? lockdep_hardirqs_on+0x9c/0x150 [ 179.104808][ T9908] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.110865][ T9908] ? clear_bhb_loop+0x60/0xb0 [ 179.115530][ T9908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.121413][ T9908] RIP: 0033:0x7fdbfef8e929 [ 179.125834][ T9908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.145431][ T9908] RSP: 002b:00007fdbffd7c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 179.153862][ T9908] RAX: ffffffffffffffda RBX: 00007fdbff1b5fa0 RCX: 00007fdbfef8e929 [ 179.161820][ T9908] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000004 [ 179.169788][ T9908] RBP: 00007fdbff010b39 R08: 0000000000000000 R09: 0000000000000000 [ 179.177749][ T9908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 179.185709][ T9908] R13: 0000000000000000 R14: 00007fdbff1b5fa0 R15: 00007fff91d39738 [ 179.193683][ T9908] [ 179.196935][ T9908] Kernel Offset: disabled [ 179.201268][ T9908] Rebooting in 86400 seconds..