last executing test programs: 6.821404823s ago: executing program 4 (id=6165): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="12000000010000000400000008"], 0x48) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0xa00, &(0x7f00000001c0)=[{&(0x7f0000000300)="d8000000190081054e81f782db4cb904021d0800fe007c05e8fe55a1040012000a0014260c600e12100005007f370401a8001000200002400400027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 6.391523928s ago: executing program 4 (id=6168): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/cgroup\x00') unshare(0x6a040000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20}, 0x94) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$sock_int(r3, 0x1, 0x9, 0x0, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x20) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SAVE(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008004}, 0x20044000) r7 = socket$inet6_udp(0xa, 0x2, 0x0) r8 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r8, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r7, {0x2, 0x0, @multicast2}, 0x8000004}}, 0x2e) socketpair(0x1e, 0x1, 0x0, 0x0) getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x1c, 0xffffffffffffffff, &(0x7f0000000000)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r9, 0x0, r0, 0x0, 0xffffffffffff8000, 0xc) close(r10) r11 = socket(0x14, 0x2, 0x4) getsockopt$WPAN_WANTLQI(r11, 0x0, 0x3, &(0x7f0000000000), &(0x7f0000000040)=0x4) 5.876534635s ago: executing program 4 (id=6172): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newtaction={0x48, 0x1e, 0x109, 0x100, 0x40000, {}, [{0x34, 0x1, [@m_mirred={0x30, 0x8, 0x0, 0x0, {{0xb, 0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x48}, 0x1, 0x2b1e, 0x100000000000000}, 0x0) 5.77545098s ago: executing program 4 (id=6173): openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) (async) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640), 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r2, 0xffffffffffffffff}, &(0x7f0000000800), &(0x7f0000000840)}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x19, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b705000008000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x70000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) close(r1) socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r6) sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) (async) sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@private2={0xfc, 0x2, '\x00', 0x4}, 0x2003}) r8 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_buf(r8, 0x6, 0xd, 0x0, 0x0) (async) getsockopt$inet6_tcp_buf(r8, 0x6, 0xd, 0x0, 0x0) getsockopt$inet6_mptcp_buf(r8, 0x11c, 0x2, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x80fe) (async) getsockopt$inet6_mptcp_buf(r8, 0x11c, 0x2, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x80fe) pipe(&(0x7f00000001c0)) (async) pipe(&(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r9) socket$unix(0x1, 0x1, 0x0) (async) r10 = socket$unix(0x1, 0x1, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) r12 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r12, 0x6, 0x6, &(0x7f0000003d80)=0x6, 0x4) getsockopt$inet_tcp_int(r12, 0x6, 0x6, 0x0, &(0x7f00000044c0)) (async) getsockopt$inet_tcp_int(r12, 0x6, 0x6, 0x0, &(0x7f00000044c0)) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r13, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x30, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x9}, [@TCA_NETEM_RATE={0x14, 0x6, {0x101, 0xe, 0x3, 0xffff0001}}]}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x80000, {0x0, 0x0, 0x0, r13, {0x0, 0x11}, {0xffe6, 0xb}, {0xb, 0xc}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 5.470093582s ago: executing program 4 (id=6175): socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000001000010700020100000000000a000000060001003c"], 0x1c}}, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000b40), r2) sendmsg$NFC_CMD_DEP_LINK_DOWN(r2, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x1c, r3, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x40) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7) sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) sendmsg$NFC_CMD_DEP_LINK_DOWN(r1, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x11020100}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x44, r3, 0x10, 0x70bd2a, 0x25dfdbfe, {}, [@NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0xffffffffffffffff}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x1}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x1}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0xffffffffffffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x8014}, 0x40044094) r8 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x0, 0xe, 0x0, &(0x7f00000003c0)="131c8701feaa16bca4ac74ab821d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}, 0x94) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) r10 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r10, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) pwritev(r9, &(0x7f0000000240)=[{&(0x7f0000000000)="cd77996baaf73b97e83538e6205893e21a0b352a2be58f320fa8aa950e9b3350b3c4d484a86bccacc58b26e211224f8067d04dd2d92820681de979da1a0ac53ed9f1d4c46d919b48ffac8763c7b3bcf5cecacc0a4f1e00ac2a44a56fac4276eb9860c9076b6020d5bb60d0c5e5c80835435380292ec4", 0x76}], 0x1, 0x6, 0x80) sendmmsg$inet(r10, &(0x7f0000005240), 0x4000095, 0x0) unshare(0x6a040000) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r11 = socket$inet(0x2, 0x1, 0x0) connect$inet(r11, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) 3.812635882s ago: executing program 4 (id=6189): socket$nl_netfilter(0x10, 0x3, 0xc) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = socket$kcm(0x2, 0xa, 0x2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000a00)=ANY=[@ANYRES32=r0], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000300), 0x4) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r4, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x3f000000, 0x0, 0x41}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) 2.93141644s ago: executing program 1 (id=6194): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_int(r0, 0x0, 0xf, 0x0, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xd, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6, 0x9, 0x0, 0x1, 0xe7030000}, {0x16, 0x0, 0x0, 0x6}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}, {0x56}}], {{0x4, 0x1, 0x3, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2.831929924s ago: executing program 0 (id=6196): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/cgroup\x00') unshare(0x6a040000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20}, 0x94) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$sock_int(r3, 0x1, 0x9, 0x0, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x20) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SAVE(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008004}, 0x20044000) r7 = socket$inet6_udp(0xa, 0x2, 0x0) r8 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r8, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r7, {0x2, 0x0, @multicast2}, 0x8000004}}, 0x2e) socketpair(0x1e, 0x1, 0x0, 0x0) getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x1c, 0xffffffffffffffff, &(0x7f0000000000)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r9, 0x0, r0, 0x0, 0xffffffffffff8000, 0xc) close(r10) r11 = socket(0x14, 0x2, 0x4) getsockopt$WPAN_WANTLQI(r11, 0x0, 0x3, &(0x7f0000000000), &(0x7f0000000040)=0x4) 2.766842213s ago: executing program 1 (id=6197): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0xa2d, @empty, 0x4}, 0x1c) listen(r2, 0xfffffffc) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x30, r5, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x20, r7, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}]}, 0x20}}, 0x0) sendmsg$inet6(r0, &(0x7f0000000200)={&(0x7f0000000040)={0xa, 0x4e00, 0x7, @dev={0xfe, 0x80, '\x00', 0xd}, 0x2699}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=[@hopopts_2292={{0x18, 0x29, 0x36, {0x8}}}, @flowinfo={{0x14, 0x29, 0xb, 0x8}}], 0x30}, 0x4c040) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$fou(&(0x7f00000001c0), r8) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a88000000060a0b040000000000000000020000005c000480580001800a000100696e6e6572000000480002800800024000000084080003400000000a080004400000000f080001400000000024000580090001006d6574610000000014000000000001400000000e08000240000000190900010073797a30000000000900020073797a32"], 0xb0}}, 0x0) sendmsg$FOU_CMD_DEL(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000002000000050002000a00000000000000000000000001"], 0x34}}, 0x0) 2.651185917s ago: executing program 3 (id=6199): socket$packet(0x11, 0xa, 0x300) r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={r3, 0x86}, &(0x7f0000000180)=0x8) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r4, &(0x7f00000006c0)=ANY=[@ANYBLOB="000086dd000411001400000000006eec00be00442f0100000000000000000000ffff7f000001ff020000000000000000000000000001"], 0x7a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$RDMA_NLDEV_CMD_RES_GET(r6, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x1409, 0x100, 0x70bd28, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x48}}, 0x4000004) r7 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r7, &(0x7f0000000140), 0x10) sendmsg$can_bcm(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[@ANYBLOB="050000001a0c00"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000004001000000000000ff00000000645b6048a2e4931133f6d9919fd48557d76811cd874f3c107bbfc1cc831026d414e02216198977dc3d41ed0880c64c39e5f4059bae641ed15112000000000000"], 0x80}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005c80)=[{{&(0x7f0000000580)=@pptp={0x18, 0x2, {0x0, @remote}}, 0x80, 0x0}, 0xa}, {{&(0x7f0000000d80)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast2}}, 0x80, 0x0}, 0x100}], 0x2, 0x2, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r8, 0x0) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r10, @ANYRES32=r9, @ANYBLOB='\a'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r10, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r8}, 0x20) sendmmsg$inet6(r8, &(0x7f0000002440)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000600)="e2", 0x1}], 0x1}}, {{0x0, 0x1, &(0x7f0000000480)}}], 0x400, 0x10) 2.589770944s ago: executing program 1 (id=6200): syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @link_local={0x17, 0x80, 0xc2, 0x6, 0x5}, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "182325", 0x8, 0x2c, 0x1, @remote, @local, {[@routing={0x2c, 0x0, 0x0, 0x1}]}}}}}, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={@map, 0x9, 0x0, 0xf51, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6(0xa, 0x2, 0x0) (async) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x100, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000440)={'vlan0\x00', @broadcast}) (async) ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000440)={'vlan0\x00', @broadcast}) bind$inet6(r2, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r4 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r4, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) sendmsg$NFT_BATCH(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f28000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0) syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) (async) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r6, &(0x7f0000000100)=ANY=[], 0x32600) (async) write$cgroup_subtree(r6, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x5}, {0x0, [0x30, 0x2e, 0x61]}}, &(0x7f0000000280)=""/202, 0x1d, 0xca, 0x1, 0x80000000, 0x10000, @value=r6}, 0x28) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00'}) (async) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32=r7, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c000180050002000000000008000400050000000800010002000000240003"], 0x7c}}, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000200)={@link_local={0x3}, @random="ff1e9af46090", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x45, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) 2.303343271s ago: executing program 1 (id=6202): ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'syztnl2\x00', &(0x7f00000003c0)={'syztnl2\x00', 0x0, 0x4, 0x85, 0x3e, 0x643, 0x42, @rand_addr=' \x01\x00', @mcast1, 0x700, 0x40, 0x1, 0x1}}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000f00)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d00000007"], &(0x7f0000000180)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x26, '\x00', r0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0xfffffd7b, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='rpc_call_rpcerror\x00', r1, 0x0, 0xf69}, 0x18) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r3, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000000), 0xffffff6a) sendfile(r3, r4, 0x0, 0xffffffff000) shutdown(r3, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000b40)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r6, @ANYBLOB="c39203100400000000008900000008000300", @ANYRES32=r8, @ANYBLOB="b4021d8004000080a00200809c020d807c0001800500070001000000050004000000000014000300000c05000700060008000500080002001400050013dd07000400010000000f005cae01002c00020042463f22485109384900293b2225380b4b1f11361a0a2e570145022c2c001e451e01392b554d0a0114000300010008074900050001000a970800070018000080140003000002090000000e00000101000500ffffc000028005000600000000001400030000047f000100050008008d000600010414000500010006003201030008000500ff071100140003000104829008008e4f08009d0e0400fdff0500060002000000140005005fff0800070003008000000007000400140003000c00ffff255aff0f000006000c035b6326000200163f251f040b314412284009444a4c51004b002c0e242809293c4f422d3e4c3a000a00001e0001001812300c01360b486c120b2416120c360902166c2405040b030600001400038005000600020000000500070002000000d80000801500020024400a0d08084f312e013e0c140618331a000000500002003f1149493d082e505114472e36235148570d1709173f04380a23392d151820484328350d2b1820362d2e1e1b4e0c2525081835430957370d3f454a440f2b412428313457292a522115463e1d05000400000000002200020042430a182d156e2e3d124f4a300633542a320f353c2d37634f371438091e00000d00010030060360366c180c1b0000001400050001000900ff030104ff07a8000600000014000300060002000c0000000f000700ed650000050004000000000058000080140005000200ff07090006000e00940b4000ffff14000300070000040400060009000900c3de018005000400020000000500040002000000140005007f007700100054000100020008000b0005000100010000000c00008005000a0000000000"], 0x2d0}, 0x1, 0x0, 0x0, 0x28000800}, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r5, 0x29, 0x37, &(0x7f0000000080)=ANY=[], 0x10) getsockopt$inet6_opts(r5, 0x29, 0x3b, 0x0, &(0x7f00000010c0)) unshare(0x22020600) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700) r10 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r10, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x1f, 0x6, 0x428, 0x230, 0x230, 0x198, 0x2f8, 0xf8, 0x390, 0x390, 0x390, 0x390, 0x390, 0x6, &(0x7f0000000340), {[{{@uncond, 0x0, 0x98, 0xf8, 0x0, {}, [@common=@ttl={{0x28}, {0x0, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x4, [0x4, 0x0, 0x4, 0x3, 0x1, 0x2], 0x6, 0x2}, {0x4, [0x1, 0x4, 0x1, 0x2, 0x3, 0x4], 0x6, 0x4}}}}, {{@ip={@multicast2, @empty, 0xff0000ff, 0xff000000, 'vlan0\x00', 'nicvf0\x00', {0xff}, {}, 0x21, 0x2, 0x8}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x3, 0x3, @broadcast, 0x4e23}}}, {{@ip={@private=0xa010101, @loopback, 0xffffff00, 0xff, 'hsr0\x00', 'macvlan0\x00', {0xff}, {0xff}, 0x33, 0x3}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@empty, @dev={0xac, 0x14, 0x14, 0x42}, 0x0, 0xff, 'batadv_slave_0\x00', 'pimreg1\x00', {}, {}, 0x88, 0x1}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30}, {[0x4e21, 0x4e21], [0x4e22, 0x4e23], 0xc, 0x8, 0xff01, 0x1}}]}, @TTL={0x28, 'TTL\x00', 0x0, {0x0, 0x4}}}, {{@ip={@remote, @private=0xa010100, 0x0, 0x0, 'team_slave_0\x00', 'veth0_to_batadv\x00', {}, {0xff}, 0x4, 0x2, 0x8}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x488) unshare(0x20000400) r11 = socket$kcm(0x2d, 0x6, 0x0) connect$qrtr(r11, &(0x7f0000000040)={0x2d, 0x3, 0xfffffffe}, 0xc) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$tun(0xffffffffffffffff, &(0x7f0000000e40)=ANY=[@ANYBLOB="e9876ee9bbe1238d97c42cffd41c0c8b2775de2d1fc06f8cb103ec19999d63fc8dba3e9077e596f49ac3de57c14088cd3a093875024f1ceddd52ca1504904a043d46ad12fa72962991bf8e7c9bc1dc3d15e246f16b025c58", @ANYRESOCT, @ANYRESHEX=r2, @ANYRESHEX=r9, @ANYRES32=r5, @ANYRESOCT=r1, @ANYRES64], 0x33) sendfile(r12, r9, 0x0, 0x10000) socket$netlink(0x10, 0x3, 0x1) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080), 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000fc0)={0x18, 0x5, &(0x7f0000000600)=ANY=[@ANYRES8=0x0], &(0x7f0000000300)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x50, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) 2.263969669s ago: executing program 3 (id=6203): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000004080)=ANY=[@ANYBLOB="02000000040000000400000022"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001440)={0x1f, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b70800000c000000638af8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018240000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mmap(&(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0xa, 0x110, r0, 0x10728000) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x80040, 0x0) ioctl$TUNSETVNETHDRSZ(r2, 0x400454d8, &(0x7f0000000080)=0x7) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000000)='vegas\x00', 0x6) 2.020395477s ago: executing program 0 (id=6204): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f00000001c0)=ANY=[@ANYBLOB="09000000001100000200fffee00000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000002"], 0x190) 1.970662719s ago: executing program 3 (id=6205): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f0b2ad1eb9769d74e4f1feff374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724190000006f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0ed9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab778c50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b28448692686ac80d81a89f9c29e276800"/2574], &(0x7f0000000140)='GPL\x00'}, 0x48) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff000800034000000038540000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000280003802400008004000180040002800c00044000000000000000090c0005"], 0xe8}}, 0x0) r2 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) r3 = socket$kcm(0x29, 0x2, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001dc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad0e0e2b45d14ee446b840edaa1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c50ce6a8e9f65de13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87915ed063f608dddb03a95b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000c3d51d9a161446b4373e06a9e07f8a000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b2844869"], &(0x7f0000000140)='GPL\x00'}, 0x48) r5 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r5, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000040)={r5, r4}) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000040)={r2, r0}) close(r3) sendmsg$IPSET_CMD_DEL(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b00000000a06030000000000000000000a0000031c0007800c00028008000140000000000900130073797a320000000034000780050003006500000005000300810000000900130073797a32000000000c001480080001400000000008000640ffffffff08000940000000000500010007000000b4000780080008400000009805000300ff00000008000a40800000001800148014000240fe8000000000000000000000000000360500010007000000"], 0xb0}, 0x1, 0x0, 0x0, 0x4000000}, 0x40) 1.772908245s ago: executing program 0 (id=6207): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000013b80)=ANY=[@ANYBLOB="280000001b14010000000000000000000800030001fc0000080007"], 0x28}, 0x1, 0x0, 0x0, 0xc0}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) syz_emit_ethernet(0x5e, &(0x7f0000001340)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @mcast1, @dev={0xfe, 0x80, '\x00', 0x13}}}}}}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, 0x0, &(0x7f00000005c0)='syzkaller\x00', 0x2}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0600000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000001b00"/28], 0x48) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r1, 0x58, &(0x7f00000002c0)}, 0x10) recvmmsg(0xffffffffffffffff, &(0x7f0000005c80)=[{{&(0x7f0000000580)=@pptp={0x18, 0x2, {0x0, @remote}}, 0x80, 0x0}, 0xa}, {{&(0x7f0000000d80)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast2}}, 0x80, 0x0}, 0x100}], 0x2, 0x2, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="38000000000000000100000006"], 0x48) bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000040)={r3, 0x0, 0x20000000}, 0x20) listen(r2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='\a'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r5, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r2}, 0x20) sendmmsg$inet6(r2, &(0x7f0000002440)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000600)="e2", 0x1}], 0x1}}, {{0x0, 0x1, &(0x7f0000000480)}}], 0x400, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$unix(0x1, 0x1, 0x0) r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_netrom_SIOCADDRT(r6, 0x890b, &(0x7f0000000000)={0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0x1, 'syz1\x00', @bcast, 0xff, 0x8, [@bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}) sendmsg(r6, &(0x7f00000003c0)={&(0x7f0000000200)=@phonet={0x23, 0x1, 0x81, 0x40}, 0x80, 0x0}, 0x40041) ioctl$SIOCNRDECOBS(r6, 0x89e2) socket$unix(0x1, 0x2, 0x0) 1.719441021s ago: executing program 3 (id=6208): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @log={{0x8}, @void}}, {0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x15}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000003c000b0000000000fcffffff04000000040000800c000100091c", @ANYRES16], 0x24}}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r3, &(0x7f0000000900)={0xa, 0x4e21, 0x6, @mcast1, 0x1}, 0x1c) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000180)=0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = socket$inet_tcp(0x2, 0x1, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r7, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)={0x1c, 0x5e, 0x101, 0x0, 0xffffffff, "", [@typed={0xc, 0x10, 0x0, 0x0, @u64}]}, 0x1c}], 0x1}, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000200)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x22, 0x0, "43cad7b04bde5bbd8035d89034a56bad61a87c614899a37c5d0d7da4d7fc948375f3593dbd21eb7618ffb4ff4984e01eedc37998dd16526edb40eaadabe6cd2bd9f9dfeade7787ea64309c01ae05fb70"}, 0xd8) setsockopt$inet_tcp_int(r6, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6) syz_open_procfs$namespace(r5, &(0x7f0000000240)='ns/cgroup\x00') bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r4, r4}, &(0x7f0000000600), &(0x7f0000000640)=r2}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) 1.420884216s ago: executing program 3 (id=6210): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r1, 0x8931, &(0x7f0000000040)={'bridge_slave_0\x00', 0x2}) sendmsg$nl_route_sched(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000005b80)=@delchain={0x24, 0x26, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {0x9}}}, 0x24}}, 0x0) recvmmsg(r0, &(0x7f0000004f00)=[{{0x0, 0x0, 0x0}, 0xfffffffa}, {{0x0, 0x0, 0x0}, 0x8}], 0x2, 0x20, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x20, &(0x7f0000000280)={&(0x7f0000000a40)=""/4096, 0x1000, 0x0, 0x0}}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700) r3 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r7, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r8, &(0x7f00000000c0), 0x9) bpf$MAP_CREATE(0x0, 0x0, 0x48) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r9}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r9, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="02000000040000000100000022bf000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32=r0], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r10, 0xffffffffffffffff}, 0x0, &(0x7f0000000400)}, 0x20) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0), &(0x7f00000000c0), 0xffffd6c0, r11}, 0x38) sendfile(r8, r2, 0x0, 0x10000) 1.394181317s ago: executing program 0 (id=6211): setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x84, @local, 0x4e23, 0x3, 'dh\x00', 0x1, 0x7, 0x49}, 0x2c) r0 = socket(0x400000000010, 0x3, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)={0x1b, 0x0, 0x0, 0x3, 0x0, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x4}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{0x1}, &(0x7f0000000000), &(0x7f0000000100)}, 0x20) getsockname$packet(r0, &(0x7f00000002c0), &(0x7f0000000300)=0x14) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000400)=@generic={&(0x7f00000003c0)='./file0\x00', 0x0, 0x8}, 0x18) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r4}, &(0x7f00000006c0), &(0x7f0000000700)=r3}, 0x20) write(r0, &(0x7f0000000040)="3a03000019002551075c0165ff0ffc02802000030004000500e1000c0400070080000300", 0x33a) 1.224894808s ago: executing program 1 (id=6212): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000580)=0x4) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10) setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ppoll(&(0x7f0000000500)=[{r5}], 0x1, 0x0, 0x0, 0x0) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r7, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0xc}, 0x8) ppoll(&(0x7f0000000100)=[{r5}], 0x1, &(0x7f0000000180)={0x77359400}, 0x0, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r8}, 0x10) connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r4, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000040)='xfrm0\x00', 0x10) r9 = socket(0x840000000002, 0x3, 0x100) sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001200)=ANY=[@ANYRES64=r9, @ANYRES16, @ANYRES64=r6], 0x240}, 0x1, 0x0, 0x0, 0x8008840}, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000100)="7d1068a4", 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0a0000001300000020000000bc"], 0x48) r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x1, &(0x7f00000003c0)=@raw=[@alu={0x7, 0x1, 0x6, 0x0, 0x4, 0x8, 0x10}], &(0x7f0000000480)='syzkaller\x00', 0x1, 0xe0, &(0x7f00000004c0)=""/224}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r10, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000040)={r1}, &(0x7f0000000080)=0x8) r11 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMP(r11, 0x1, 0x3f, &(0x7f0000000040)=0x1, 0x4) bind$inet6(r11, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) 1.224495752s ago: executing program 2 (id=6213): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f00000001c0)=0xffff5416, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xc, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="61124c00000000006113720000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000570600000fff07006706000002000000070600000ee60000bf150000000000003d650000000000006507000002000000070700004c0000001f750000000000006154000000000000070400000400f9ffad43010000000000950000000000000005000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x9}, 0x94) 1.083537442s ago: executing program 2 (id=6214): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}}, 0x4044004) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x10003}, {{0x0, 0x0, 0x0, 0x40000}, 0x1}, {{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)=""/180, 0xb4}, {&(0x7f0000000080)=""/32, 0x20}, {&(0x7f0000002900)=""/4114, 0x1012}, {&(0x7f00000017c0)=""/220, 0xdc}, {&(0x7f0000000f40)=""/218, 0xda}, {&(0x7f0000000380)=""/158, 0x9e}, {&(0x7f00000008c0)=""/234, 0xea}], 0x7}, 0x80000002}], 0x4, 0x0, 0x0) 808.172983ms ago: executing program 2 (id=6215): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000b80)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000200010000000500040002000000050002000a0000001400070000000000000000000000000000000001"], 0x38}}, 0x0) 553.704889ms ago: executing program 2 (id=6216): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0xffff, r1, 0x121}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0xa1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 390.281424ms ago: executing program 0 (id=6217): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003340)={0x11, 0x0, 0x0, 0x1, 0x4}, 0x14) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), 0xffffffffffffffff) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x80ffffff}, {0x0, 0x5}}}, 0xb8}}, 0x4000) 264.81639ms ago: executing program 2 (id=6218): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x70200, 0x440}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PROTO={0x5, 0x9, 0x89}]}}}]}, 0x3c}}, 0x0) 105.118291ms ago: executing program 0 (id=6219): recvmmsg(0xffffffffffffffff, &(0x7f0000005c80)=[{{&(0x7f0000000580)=@pptp={0x18, 0x2, {0x0, @remote}}, 0x80, 0x0}, 0xa}, {{&(0x7f0000000d80)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast2}}, 0x80, 0x0}, 0x100}], 0x2, 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20) sendmmsg$inet6(r0, &(0x7f0000002440)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000600)="e2", 0x1}], 0x1}}, {{0x0, 0x1, &(0x7f0000000480)}}], 0x400, 0x10) (fail_nth: 4) 96.619124ms ago: executing program 2 (id=6220): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000006000000000a6c000000060a0b04000000000000000002000008400004803c0001800a0001006d617463680000002c0002800d000100636f6e6e6d61726b0000000010000300a62a1a4094b2c56d78942e9708000240000000010900020073797a32000000000900010073797a30"], 0x94}}, 0x0) 91.138342ms ago: executing program 3 (id=6221): socket$nl_netfilter(0x10, 0x3, 0xc) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = socket$kcm(0x2, 0xa, 0x2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000a00)=ANY=[@ANYRES32=r0], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000300), 0x4) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r4, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x40000000, 0x0, 0x41}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) 0s ago: executing program 1 (id=6222): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNDETACHFILTER(r1, 0x401054d6, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000180)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94) r4 = socket$inet6_udp(0xa, 0x2, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a54000000060a09040000000000000000020000000900020073797a32000000000900010073797a3000000000200004801c0001800a000100717565756500000015000280080004400000000c05000740d1000070de6a9d001100010000000000000000000000000a"], 0x7c}}, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r4, 0x29, 0x22, &(0x7f0000000140)={{{@in=@empty, @in6=@initdev}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f0000000280)=0xe8) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x81, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0xf, &(0x7f00000015c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x2, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0xc2}}}, &(0x7f0000000080)='GPL\x00'}, 0x90) r7 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x54bc420f36548ee7, 0x800, 0x0, 0x2}, 0x20) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r4, 0x80089419, &(0x7f00000000c0)) r8 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001d00070f000000000000000007000000", @ANYRES32=r9, @ANYBLOB="40002700060010"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000980)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="f5af24bd7000000000000e00000008000320", @ANYRES32=r2, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) kernel console output (not intermixed with test programs): z.3.5044'. [ 590.545130][T22014] bridge0: port 1(vlan3) entered blocking state [ 590.576099][T22019] netlink: 'syz.1.5046': attribute type 5 has an invalid length. [ 590.602711][T22014] bridge0: port 1(vlan3) entered disabled state [ 590.609687][T22014] vlan3: entered allmulticast mode [ 590.615117][T22014] bridge0: entered allmulticast mode [ 590.663607][T22014] vlan3: left allmulticast mode [ 590.668516][T22014] bridge0: left allmulticast mode [ 590.708506][T22024] sctp: [Deprecated]: syz.4.5048 (pid 22024) Use of int in max_burst socket option. [ 590.708506][T22024] Use struct sctp_assoc_value instead [ 590.732980][T22025] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5047'. [ 590.745163][T22025] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5047'. [ 591.025642][T22039] netlink: 'syz.0.5051': attribute type 2 has an invalid length. [ 591.040312][T22039] netlink: 64 bytes leftover after parsing attributes in process `syz.0.5051'. [ 591.098583][T22037] tipc: Enabled bearer , priority 0 [ 591.232556][T22037] syzkaller0: entered promiscuous mode [ 591.239089][T22037] syzkaller0: entered allmulticast mode [ 591.254168][T22037] tipc: Resetting bearer [ 591.407912][T22036] tipc: Resetting bearer [ 592.135602][T15551] tipc: Node number set to 1753220871 [ 593.847093][T22036] tipc: Disabling bearer [ 593.894592][T22049] lo speed is unknown, defaulting to 1000 [ 594.038785][T22068] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5060'. [ 594.232910][T22077] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 594.252986][T22077] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 594.333513][T22080] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 594.417887][T22087] netlink: 'syz.0.5067': attribute type 7 has an invalid length. [ 594.492222][T22090] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5069'. [ 594.592325][T22090] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.5069'. [ 594.656173][T22101] netlink: 'syz.2.5071': attribute type 10 has an invalid length. [ 594.668851][T22101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 594.752953][T22101] team0: Port device bond0 added [ 594.865056][T22091] lo speed is unknown, defaulting to 1000 [ 594.881382][T22111] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5073'. [ 595.047928][T22111] veth1_vlan (unregistering): left allmulticast mode [ 595.146371][T22118] team0: Port device bond0 removed [ 595.152890][T22118] bridge_slave_0: left allmulticast mode [ 595.169948][T22118] bridge_slave_0: left promiscuous mode [ 595.175789][T22118] bridge0: port 1(bridge_slave_0) entered disabled state [ 595.209265][T22118] bridge_slave_1: left allmulticast mode [ 595.222142][T22118] bridge_slave_1: left promiscuous mode [ 595.222380][T22126] netlink: 'syz.2.5074': attribute type 10 has an invalid length. [ 595.228163][T22118] bridge0: port 2(bridge_slave_1) entered disabled state [ 595.296504][T22118] bond0: (slave bond_slave_0): Releasing backup interface [ 595.338821][T22130] netlink: 'syz.3.5080': attribute type 7 has an invalid length. [ 595.365836][T22118] bond0: (slave bond_slave_1): Releasing backup interface [ 595.395031][T22118] team0: Port device team_slave_0 removed [ 595.417445][T22118] team0: Port device team_slave_1 removed [ 595.455202][T22118] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 595.472809][T22118] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 595.503245][T22126] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 595.598424][T22134] lo speed is unknown, defaulting to 1000 [ 596.402177][T22152] lo speed is unknown, defaulting to 1000 [ 596.668082][T22166] netlink: 'syz.4.5092': attribute type 7 has an invalid length. [ 596.800517][T22170] bridge_slave_1: entered promiscuous mode [ 596.872045][T22174] netlink: 'syz.1.5096': attribute type 2 has an invalid length. [ 596.896255][T22176] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5097'. [ 596.958762][T22170] bridge_slave_1: left promiscuous mode [ 597.003316][T22180] rdma_op ffff88804dba99f0 conn xmit_rdma 0000000000000000 [ 597.036043][T22177] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 597.246795][T22187] netlink: 'syz.4.5102': attribute type 10 has an invalid length. [ 597.300445][T22192] netlink: 'syz.4.5102': attribute type 10 has an invalid length. [ 597.682626][T22212] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5112'. [ 598.112023][T22234] FAULT_INJECTION: forcing a failure. [ 598.112023][T22234] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 598.131916][T22228] veth15: entered promiscuous mode [ 598.141050][T22234] CPU: 1 UID: 0 PID: 22234 Comm: syz.0.5122 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 598.141079][T22234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 598.141090][T22234] Call Trace: [ 598.141098][T22234] [ 598.141107][T22234] dump_stack_lvl+0x189/0x250 [ 598.141132][T22234] ? __pfx____ratelimit+0x10/0x10 [ 598.141158][T22234] ? __pfx_dump_stack_lvl+0x10/0x10 [ 598.141177][T22234] ? __pfx__printk+0x10/0x10 [ 598.141212][T22234] should_fail_ex+0x414/0x560 [ 598.141245][T22234] _copy_to_user+0x31/0xb0 [ 598.141272][T22234] simple_read_from_buffer+0xe1/0x170 [ 598.141303][T22234] proc_fail_nth_read+0x1b3/0x220 [ 598.141328][T22234] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 598.141352][T22234] ? rw_verify_area+0x258/0x650 [ 598.141374][T22234] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 598.141397][T22234] vfs_read+0x1fd/0x980 [ 598.141420][T22234] ? fdget_pos+0x247/0x320 [ 598.141443][T22234] ? __pfx___mutex_lock+0x10/0x10 [ 598.141469][T22234] ? __pfx_vfs_read+0x10/0x10 [ 598.141494][T22234] ? __fget_files+0x2a/0x420 [ 598.141517][T22234] ? __fget_files+0x3a0/0x420 [ 598.141533][T22234] ? __fget_files+0x2a/0x420 [ 598.141560][T22234] ksys_read+0x145/0x250 [ 598.141587][T22234] ? __pfx_ksys_read+0x10/0x10 [ 598.141607][T22234] ? rcu_is_watching+0x15/0xb0 [ 598.141638][T22234] ? do_syscall_64+0xbe/0x3b0 [ 598.141667][T22234] do_syscall_64+0xfa/0x3b0 [ 598.141689][T22234] ? lockdep_hardirqs_on+0x9c/0x150 [ 598.141713][T22234] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 598.141731][T22234] ? clear_bhb_loop+0x60/0xb0 [ 598.141753][T22234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 598.141770][T22234] RIP: 0033:0x7f457398d5fc [ 598.141787][T22234] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 598.141803][T22234] RSP: 002b:00007f4574764030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 598.141825][T22234] RAX: ffffffffffffffda RBX: 00007f4573bb5fa0 RCX: 00007f457398d5fc [ 598.141839][T22234] RDX: 000000000000000f RSI: 00007f45747640a0 RDI: 0000000000000004 [ 598.141851][T22234] RBP: 00007f4574764090 R08: 0000000000000000 R09: 0000000000000000 [ 598.141863][T22234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 598.141874][T22234] R13: 00007f4573bb6038 R14: 00007f4573bb5fa0 R15: 00007ffea8e64b28 [ 598.141906][T22234] [ 598.377156][T22238] netlink: 'syz.4.5121': attribute type 10 has an invalid length. [ 598.407820][T22230] ip6erspan0: entered promiscuous mode [ 598.503489][T22235] bond0: (slave wlan1): Releasing backup interface [ 598.520640][T22240] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5123'. [ 599.243996][T22278] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5135'. [ 599.470618][T22287] netlink: 19 bytes leftover after parsing attributes in process `syz.2.5138'. [ 599.658334][T22292] netlink: 'syz.0.5139': attribute type 7 has an invalid length. [ 599.818722][T22298] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5144'. [ 600.138504][T22315] netlink: 108 bytes leftover after parsing attributes in process `syz.0.5147'. [ 600.158043][T22315] netlink: 108 bytes leftover after parsing attributes in process `syz.0.5147'. [ 600.175065][T22315] netlink: 84 bytes leftover after parsing attributes in process `syz.0.5147'. [ 600.217499][T22317] netlink: 'syz.2.5150': attribute type 1 has an invalid length. [ 600.244954][T22317] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5150'. [ 600.310900][T22312] 8021q: VLANs not supported on ip6tnl0 [ 600.453094][T22323] vlan2: entered promiscuous mode [ 600.536384][T22327] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5154'. [ 600.598340][T22327] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input12 [ 600.801555][T22336] netlink: 'syz.3.5158': attribute type 10 has an invalid length. [ 600.939414][T22339] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5159'. [ 600.959114][T22339] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5159'. [ 601.024449][T22339] bridge0: port 1(vlan3) entered blocking state [ 601.039167][T22339] bridge0: port 1(vlan3) entered disabled state [ 601.047229][T22339] vlan3: entered allmulticast mode [ 601.062394][T22339] bridge0: entered allmulticast mode [ 601.087593][T22339] vlan3: left allmulticast mode [ 601.096334][T22339] bridge0: left allmulticast mode [ 601.169065][T22346] tipc: Enabled bearer , priority 0 [ 601.192193][T22351] syzkaller0: entered promiscuous mode [ 601.203383][T22351] syzkaller0: entered allmulticast mode [ 601.257826][T22341] tipc: Resetting bearer [ 601.453213][T22357] netlink: 'syz.2.5163': attribute type 1 has an invalid length. [ 601.563745][T22355] 8021q: adding VLAN 0 to HW filter on device bond1 [ 601.604202][T22358] bond0: (slave wlan1): Releasing backup interface [ 601.799767][T22340] tipc: Resetting bearer [ 601.849305][T22360] netlink: 'syz.1.5164': attribute type 13 has an invalid length. [ 601.868649][T22360] netlink: 'syz.1.5164': attribute type 17 has an invalid length. [ 601.974683][T22340] tipc: Disabling bearer [ 602.046669][T22360] 8021q: adding VLAN 0 to HW filter on device bond0 [ 602.100302][T22360] A link change request failed with some changes committed already. Interface teql0 may have been left with an inconsistent configuration, please check. [ 602.139720][T22370] netlink: 'syz.2.5167': attribute type 4 has an invalid length. [ 602.191800][T22373] netlink: 'syz.2.5167': attribute type 4 has an invalid length. [ 602.205323][T22364] lo speed is unknown, defaulting to 1000 [ 602.983088][T22396] lo speed is unknown, defaulting to 1000 [ 603.136696][T22409] tipc: Started in network mode [ 603.148229][T22409] tipc: Node identity fa68a2298c55, cluster identity 4711 [ 603.159454][T22409] tipc: Enabled bearer , priority 0 [ 603.206014][T22412] syzkaller0: entered promiscuous mode [ 603.211862][T22412] syzkaller0: entered allmulticast mode [ 603.261187][T22413] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 603.283751][T22409] tipc: Resetting bearer [ 603.308505][T22407] tipc: Resetting bearer [ 603.433494][T22407] tipc: Disabling bearer [ 604.094166][T22438] netlink: 'syz.3.5190': attribute type 5 has an invalid length. [ 604.134033][T22444] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 604.141333][T22444] IPv6: NLM_F_CREATE should be set when creating new route [ 604.148717][T22444] IPv6: NLM_F_CREATE should be set when creating new route [ 604.309712][T22453] __nla_validate_parse: 10 callbacks suppressed [ 604.309731][T22453] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5192'. [ 604.335719][T15551] IPVS: starting estimator thread 0... [ 604.341607][T22452] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5194'. [ 604.369754][T22453] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input13 [ 604.374347][T22455] netlink: 'syz.2.5195': attribute type 1 has an invalid length. [ 604.440291][T22456] IPVS: using max 28 ests per chain, 67200 per kthread [ 604.519195][T22459] bond2: (slave bridge1): making interface the new active one [ 604.544290][T22459] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 604.796369][T22479] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5203'. [ 604.797757][T22478] veth15: entered promiscuous mode [ 604.823553][T22481] IPVS: set_ctl: invalid protocol: 8 172.20.20.15:20003 [ 604.898524][T22484] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5206'. [ 604.908288][T22484] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5206'. [ 604.928103][T22484] bridge0: port 1(vlan3) entered blocking state [ 604.937641][T22484] bridge0: port 1(vlan3) entered disabled state [ 604.951239][T22484] vlan3: entered allmulticast mode [ 604.957347][T22484] bridge0: entered allmulticast mode [ 604.975811][T22484] vlan3: left allmulticast mode [ 604.985058][T22484] bridge0: left allmulticast mode [ 605.037263][T22488] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5208'. [ 605.113004][T22490] netlink: 'syz.1.5209': attribute type 2 has an invalid length. [ 605.130410][T22490] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 605.210799][T13373] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 605.318443][T22502] netlink: 'syz.3.5213': attribute type 2 has an invalid length. [ 605.331075][T22502] netlink: 64 bytes leftover after parsing attributes in process `syz.3.5213'. [ 605.456013][T22503] lo speed is unknown, defaulting to 1000 [ 605.718916][T22520] netlink: 'syz.3.5217': attribute type 1 has an invalid length. [ 605.739125][T22520] netlink: 76 bytes leftover after parsing attributes in process `syz.3.5217'. [ 605.751364][T22518] lo speed is unknown, defaulting to 1000 [ 605.988689][T22527] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5219'. [ 606.136147][T22531] bond0: (slave wlan1): Releasing backup interface [ 606.271953][T22531] netlink: 'syz.3.5221': attribute type 10 has an invalid length. [ 606.307817][T22531] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 606.399250][T22553] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5226'. [ 606.580324][T22558] syz_tun: entered allmulticast mode [ 606.665876][T22558] dvmrp1: entered allmulticast mode [ 606.741622][T22557] syz_tun: left allmulticast mode [ 606.794325][T22563] lo speed is unknown, defaulting to 1000 [ 606.868759][T22575] netlink: 'syz.2.5233': attribute type 2 has an invalid length. [ 606.971048][ T36] wlan0: Trigger new scan to find an IBSS to join [ 606.982275][T22575] k›*·]‘: entered promiscuous mode [ 607.014768][T22575] rdma_op ffff888028a1f1f0 conn xmit_rdma 0000000000000000 [ 607.092844][T22577] 8021q: adding VLAN 0 to HW filter on device bond0 [ 607.101621][T22577] 8021q: adding VLAN 0 to HW filter on device team0 [ 607.120903][T22577] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 607.397930][T22603] netlink: 'syz.0.5238': attribute type 4 has an invalid length. [ 607.464378][T22606] netlink: 'syz.0.5238': attribute type 4 has an invalid length. [ 607.482720][T22590] tipc: Enabled bearer , priority 0 [ 607.519383][T22587] syzkaller1: entered promiscuous mode [ 607.540653][T22587] syzkaller1: entered allmulticast mode [ 607.572643][T22600] syzkaller0: entered promiscuous mode [ 607.584025][T22610] netlink: 'syz.2.5241': attribute type 11 has an invalid length. [ 607.592391][T22600] syzkaller0: entered allmulticast mode [ 607.619761][T22593] 8021q: VLANs not supported on nlmon0 [ 607.658228][T22590] tipc: Resetting bearer [ 607.718627][T22583] tipc: Resetting bearer [ 607.748718][T22583] tipc: Disabling bearer [ 607.785626][T22602] lo speed is unknown, defaulting to 1000 [ 608.149350][T22624] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input14 [ 608.389413][T22635] netlink: 'syz.1.5248': attribute type 7 has an invalid length. [ 608.644380][T22644] netlink: 'syz.1.5250': attribute type 7 has an invalid length. [ 608.671163][T22640] can: request_module (can-proto-0) failed. [ 608.846735][T22648] lo speed is unknown, defaulting to 1000 [ 609.616377][T22675] __nla_validate_parse: 18 callbacks suppressed [ 609.616396][T22675] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5262'. [ 609.639402][T22675] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5262'. [ 609.649359][T22675] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5262'. [ 609.661928][T22675] netlink: 60 bytes leftover after parsing attributes in process `syz.4.5262'. [ 609.687413][T22681] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5264'. [ 609.697125][T19741] Bluetooth: hci4: command tx timeout [ 609.904714][T22691] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5267'. [ 609.930859][T13377] wlan0: Trigger new scan to find an IBSS to join [ 609.936024][T22695] mac80211_hwsim hwsim40 wlan1: entered allmulticast mode [ 610.003409][T22695] bond2: (slave bridge1): Releasing active interface [ 610.051051][T22700] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5271'. [ 610.061028][T22700] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5271'. [ 610.090802][T22701] mac80211_hwsim hwsim40 wlan1: left allmulticast mode [ 610.101539][T22701] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 610.539315][T22712] validate_nla: 6 callbacks suppressed [ 610.539333][T22712] netlink: 'syz.0.5275': attribute type 2 has an invalid length. [ 610.595847][T22712] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5275'. [ 610.793057][T22722] netlink: 'syz.4.5278': attribute type 5 has an invalid length. [ 610.938765][T22726] syzkaller1: entered promiscuous mode [ 610.947433][T22726] syzkaller1: entered allmulticast mode [ 610.981304][T22728] netlink: 'syz.4.5282': attribute type 10 has an invalid length. [ 611.063634][T22734] netlink: 'syz.4.5282': attribute type 10 has an invalid length. [ 611.086229][T22736] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5284'. [ 611.116266][T22734] bond0: (slave 0!): Enslaving as an active interface with an up link [ 611.256128][T22742] netlink: 'syz.1.5287': attribute type 7 has an invalid length. [ 611.407262][T22748] FAULT_INJECTION: forcing a failure. [ 611.407262][T22748] name failslab, interval 1, probability 0, space 0, times 0 [ 611.628231][T22752] lo speed is unknown, defaulting to 1000 [ 611.672158][T22748] CPU: 1 UID: 0 PID: 22748 Comm: syz.3.5289 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 611.672187][T22748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 611.672200][T22748] Call Trace: [ 611.672207][T22748] [ 611.672217][T22748] dump_stack_lvl+0x189/0x250 [ 611.672241][T22748] ? __pfx____ratelimit+0x10/0x10 [ 611.672266][T22748] ? __pfx_dump_stack_lvl+0x10/0x10 [ 611.672285][T22748] ? __pfx__printk+0x10/0x10 [ 611.672309][T22748] ? __pfx___might_resched+0x10/0x10 [ 611.672334][T22748] ? fs_reclaim_acquire+0x7d/0x100 [ 611.672358][T22748] should_fail_ex+0x414/0x560 [ 611.672395][T22748] should_failslab+0xa8/0x100 [ 611.672415][T22748] __kmalloc_noprof+0xcb/0x4f0 [ 611.672438][T22748] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 611.672465][T22748] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 611.672495][T22748] genl_family_rcv_msg_doit+0xb8/0x300 [ 611.672523][T22748] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 611.672547][T22748] ? rcu_is_watching+0x15/0xb0 [ 611.672577][T22748] ? apparmor_capable+0x137/0x1b0 [ 611.672598][T22748] ? bpf_lsm_capable+0x9/0x20 [ 611.672620][T22748] ? security_capable+0x7e/0x2e0 [ 611.672650][T22748] genl_rcv_msg+0x60e/0x790 [ 611.672678][T22748] ? __pfx_genl_rcv_msg+0x10/0x10 [ 611.672697][T22748] ? __pfx_nl802154_pre_doit+0x10/0x10 [ 611.672717][T22748] ? __pfx_nl802154_wpan_phy_netns+0x10/0x10 [ 611.672750][T22748] ? __pfx_nl802154_post_doit+0x10/0x10 [ 611.672789][T22748] netlink_rcv_skb+0x205/0x470 [ 611.672812][T22748] ? __lock_acquire+0xab9/0xd20 [ 611.672836][T22748] ? __pfx_genl_rcv_msg+0x10/0x10 [ 611.672858][T22748] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 611.672904][T22748] ? down_read+0x1ad/0x2e0 [ 611.672925][T22748] genl_rcv+0x28/0x40 [ 611.672944][T22748] netlink_unicast+0x82c/0x9e0 [ 611.672975][T22748] ? __pfx_netlink_unicast+0x10/0x10 [ 611.673000][T22748] ? netlink_sendmsg+0x642/0xb30 [ 611.673022][T22748] ? skb_put+0x11b/0x210 [ 611.673044][T22748] netlink_sendmsg+0x805/0xb30 [ 611.673079][T22748] ? __pfx_netlink_sendmsg+0x10/0x10 [ 611.673108][T22748] ? aa_sock_msg_perm+0x94/0x160 [ 611.673132][T22748] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 611.673152][T22748] ? __pfx_netlink_sendmsg+0x10/0x10 [ 611.673178][T22748] __sock_sendmsg+0x219/0x270 [ 611.673205][T22748] ____sys_sendmsg+0x505/0x830 [ 611.673231][T22748] ? __pfx_____sys_sendmsg+0x10/0x10 [ 611.673261][T22748] ? import_iovec+0x74/0xa0 [ 611.673290][T22748] ___sys_sendmsg+0x21f/0x2a0 [ 611.673312][T22748] ? __pfx____sys_sendmsg+0x10/0x10 [ 611.673372][T22748] ? __fget_files+0x2a/0x420 [ 611.673390][T22748] ? __fget_files+0x3a0/0x420 [ 611.673420][T22748] __x64_sys_sendmsg+0x19b/0x260 [ 611.673442][T22748] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 611.673473][T22748] ? __pfx_ksys_write+0x10/0x10 [ 611.673495][T22748] ? rcu_is_watching+0x15/0xb0 [ 611.673525][T22748] ? do_syscall_64+0xbe/0x3b0 [ 611.673555][T22748] do_syscall_64+0xfa/0x3b0 [ 611.673577][T22748] ? lockdep_hardirqs_on+0x9c/0x150 [ 611.673600][T22748] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.673617][T22748] ? clear_bhb_loop+0x60/0xb0 [ 611.673639][T22748] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.673656][T22748] RIP: 0033:0x7fc5eed8ebe9 [ 611.673673][T22748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 611.673688][T22748] RSP: 002b:00007fc5efc96038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 611.673708][T22748] RAX: ffffffffffffffda RBX: 00007fc5eefb5fa0 RCX: 00007fc5eed8ebe9 [ 611.673722][T22748] RDX: 0000000000040040 RSI: 0000200000000400 RDI: 0000000000000004 [ 611.673741][T22748] RBP: 00007fc5efc96090 R08: 0000000000000000 R09: 0000000000000000 [ 611.673752][T22748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 611.673762][T22748] R13: 00007fc5eefb6038 R14: 00007fc5eefb5fa0 R15: 00007fff27988b88 [ 611.673795][T22748] [ 612.085841][T22756] netlink: 'syz.0.5292': attribute type 2 has an invalid length. [ 612.263284][T13373] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 612.400714][T22762] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input15 [ 612.530778][T22770] netlink: 'syz.2.5297': attribute type 2 has an invalid length. [ 612.544330][T22757] 8021q: adding VLAN 0 to HW filter on device bond0 [ 612.554393][T22757] 8021q: adding VLAN 0 to HW filter on device team0 [ 612.578974][T22757] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 612.662858][T22774] gretap0: entered promiscuous mode [ 612.673347][T22774] batadv_slave_1: entered promiscuous mode [ 612.681855][T22774] debugfs: 'hsr1' already exists in 'hsr' [ 612.705228][T22774] Cannot create hsr debugfs directory [ 612.715587][T22774] hsr1: Slave B (batadv_slave_1) is not up; please bring it up to get a fully working HSR network [ 612.818099][T22778] vlan3: entered promiscuous mode [ 612.824129][T22778] batadv0: entered promiscuous mode [ 612.890930][ T36] wlan0: Trigger new scan to find an IBSS to join [ 613.014555][T22788] netlink: 'syz.1.5301': attribute type 10 has an invalid length. [ 613.119019][T13377] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20001 - 0 [ 613.138090][ T36] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20001 - 0 [ 613.152172][ T36] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20001 - 0 [ 613.161450][ T36] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20001 - 0 [ 613.801855][T13377] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 615.061149][T22848] __nla_validate_parse: 10 callbacks suppressed [ 615.061169][T22848] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5322'. [ 615.066721][T22844] bridge_slave_1: entered promiscuous mode [ 615.067776][T22848] openvswitch: netlink: nsh attr 0 has unexpected len 7 expected 0 [ 615.093268][T22848] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 615.118315][T22844] bridge_slave_1: left promiscuous mode [ 615.254537][T22852] netlink: 'syz.4.5324': attribute type 7 has an invalid length. [ 615.323839][T22858] bridge2: entered promiscuous mode [ 615.451747][T22866] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5330'. [ 615.495312][T22869] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5331'. [ 615.517630][T22866] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input16 [ 615.573924][T22876] netlink: 'syz.0.5334': attribute type 7 has an invalid length. [ 615.675582][T22880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5333'. [ 615.794454][T22885] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5337'. [ 615.809672][T22887] netlink: 'syz.3.5338': attribute type 21 has an invalid length. [ 615.811803][T22885] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5337'. [ 615.818281][T22887] netlink: 128 bytes leftover after parsing attributes in process `syz.3.5338'. [ 615.844128][T22887] netlink: 3 bytes leftover after parsing attributes in process `syz.3.5338'. [ 616.032777][T22895] tipc: Enabled bearer , priority 0 [ 616.041733][T22895] syzkaller0: entered promiscuous mode [ 616.047356][T22895] syzkaller0: entered allmulticast mode [ 616.068114][T22895] tipc: Resetting bearer [ 616.615933][T22907] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5346'. [ 616.782688][T22913] netlink: 'syz.4.5349': attribute type 7 has an invalid length. [ 616.787966][T22912] netlink: 'syz.0.5348': attribute type 2 has an invalid length. [ 616.812598][T22892] tipc: Resetting bearer [ 616.862635][T22892] tipc: Disabling bearer [ 616.911025][T22917] FAULT_INJECTION: forcing a failure. [ 616.911025][T22917] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 616.925442][T22917] CPU: 1 UID: 0 PID: 22917 Comm: syz.0.5351 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 616.925472][T22917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 616.925483][T22917] Call Trace: [ 616.925492][T22917] [ 616.925500][T22917] dump_stack_lvl+0x189/0x250 [ 616.925526][T22917] ? __pfx____ratelimit+0x10/0x10 [ 616.925551][T22917] ? __pfx_dump_stack_lvl+0x10/0x10 [ 616.925571][T22917] ? __pfx__printk+0x10/0x10 [ 616.925607][T22917] should_fail_ex+0x414/0x560 [ 616.925640][T22917] _copy_to_user+0x31/0xb0 [ 616.925676][T22917] hidp_get_connlist+0x11e/0x2b0 [ 616.925702][T22917] ? __pfx_hidp_get_connlist+0x10/0x10 [ 616.925757][T22917] hidp_sock_ioctl+0x2e6/0x560 [ 616.925783][T22917] ? __pfx_hidp_sock_ioctl+0x10/0x10 [ 616.925856][T22917] ? do_vfs_ioctl+0xbe8/0x1430 [ 616.925894][T22917] sock_do_ioctl+0xd9/0x300 [ 616.925919][T22917] ? __pfx_sock_do_ioctl+0x10/0x10 [ 616.925938][T22917] ? __lock_acquire+0xab9/0xd20 [ 616.925981][T22917] sock_ioctl+0x576/0x790 [ 616.926005][T22917] ? __pfx_sock_ioctl+0x10/0x10 [ 616.926027][T22917] ? __fget_files+0x2a/0x420 [ 616.926044][T22917] ? __fget_files+0x3a0/0x420 [ 616.926060][T22917] ? __fget_files+0x2a/0x420 [ 616.926082][T22917] ? bpf_lsm_file_ioctl+0x9/0x20 [ 616.926104][T22917] ? __pfx_sock_ioctl+0x10/0x10 [ 616.926125][T22917] __se_sys_ioctl+0xf9/0x170 [ 616.926151][T22917] do_syscall_64+0xfa/0x3b0 [ 616.926178][T22917] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.926194][T22917] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 616.926212][T22917] ? clear_bhb_loop+0x60/0xb0 [ 616.926235][T22917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.926252][T22917] RIP: 0033:0x7f457398ebe9 [ 616.926269][T22917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 616.926284][T22917] RSP: 002b:00007f4574764038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 616.926307][T22917] RAX: ffffffffffffffda RBX: 00007f4573bb5fa0 RCX: 00007f457398ebe9 [ 616.926321][T22917] RDX: 0000200000000c80 RSI: 00000000800448d2 RDI: 0000000000000004 [ 616.926333][T22917] RBP: 00007f4574764090 R08: 0000000000000000 R09: 0000000000000000 [ 616.926345][T22917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 616.926356][T22917] R13: 00007f4573bb6038 R14: 00007f4573bb5fa0 R15: 00007ffea8e64b28 [ 616.926390][T22917] [ 617.407646][T22933] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5357'. [ 617.713827][T22945] lo speed is unknown, defaulting to 1000 [ 618.196211][T22958] netlink: 'syz.0.5365': attribute type 1 has an invalid length. [ 618.284984][T22958] 8021q: adding VLAN 0 to HW filter on device bond1 [ 618.474019][T22969] sctp: [Deprecated]: syz.0.5368 (pid 22969) Use of int in max_burst socket option. [ 618.474019][T22969] Use struct sctp_assoc_value instead [ 618.625332][T22980] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input17 [ 618.672527][T22971] lo speed is unknown, defaulting to 1000 [ 618.968121][T22992] lo speed is unknown, defaulting to 1000 [ 619.371895][T23008] lo speed is unknown, defaulting to 1000 [ 620.454289][T23046] sctp: [Deprecated]: syz.4.5390 (pid 23046) Use of int in max_burst socket option. [ 620.454289][T23046] Use struct sctp_assoc_value instead [ 620.850267][T23050] __nla_validate_parse: 10 callbacks suppressed [ 620.850288][T23050] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5389'. [ 621.445327][T23061] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5395'. [ 621.560777][T23065] netlink: 'syz.3.5397': attribute type 2 has an invalid length. [ 621.571567][T23067] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5398'. [ 621.591129][T23069] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5399'. [ 621.592399][T23067] netlink: 'syz.4.5398': attribute type 1 has an invalid length. [ 621.618628][T23069] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5399'. [ 621.637699][T23065] sit0: left promiscuous mode [ 621.663006][T23071] rdma_op ffff88804d2851f0 conn xmit_rdma 0000000000000000 [ 621.688526][T23065] 8021q: adding VLAN 0 to HW filter on device bond0 [ 621.708455][T23065] 8021q: adding VLAN 0 to HW filter on device team0 [ 621.740105][T23065] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 621.918832][T23079] netlink: 'syz.0.5401': attribute type 2 has an invalid length. [ 621.964865][T23079] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 622.081448][T23082] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5403'. [ 622.092524][T23082] openvswitch: netlink: Key type 16368 is out of range max 32 [ 622.171709][T23084] syzkaller1: entered promiscuous mode [ 622.177339][T23084] syzkaller1: entered allmulticast mode [ 622.541138][T23091] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5407'. [ 622.553470][T23091] openvswitch: netlink: Key type 16368 is out of range max 32 [ 622.758962][T23093] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5408'. [ 622.821091][T23093] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input18 [ 622.978182][T23100] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5411'. [ 623.004045][T23100] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5411'. [ 623.065905][T23100] bridge0: port 1(vlan3) entered blocking state [ 623.072637][T23100] bridge0: port 1(vlan3) entered disabled state [ 623.079483][T23100] vlan3: entered allmulticast mode [ 623.086737][T23100] bridge0: entered allmulticast mode [ 623.089559][T23102] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 623.111242][T23100] vlan3: left allmulticast mode [ 623.119202][T23100] bridge0: left allmulticast mode [ 623.154926][T23105] FAULT_INJECTION: forcing a failure. [ 623.154926][T23105] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 623.177359][T23105] CPU: 1 UID: 0 PID: 23105 Comm: syz.3.5413 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 623.177388][T23105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 623.177400][T23105] Call Trace: [ 623.177410][T23105] [ 623.177419][T23105] dump_stack_lvl+0x189/0x250 [ 623.177445][T23105] ? __pfx____ratelimit+0x10/0x10 [ 623.177470][T23105] ? __pfx_dump_stack_lvl+0x10/0x10 [ 623.177489][T23105] ? __pfx__printk+0x10/0x10 [ 623.177525][T23105] should_fail_ex+0x414/0x560 [ 623.177557][T23105] _copy_from_user+0x2d/0xb0 [ 623.177582][T23105] memdup_sockptr_noprof+0x95/0x100 [ 623.177607][T23105] ip_set_mcast_msfilter+0xcc/0x320 [ 623.177637][T23105] do_ip_setsockopt+0x19e7/0x2d00 [ 623.177666][T23105] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 623.177693][T23105] ? aa_sk_perm+0x81e/0x950 [ 623.177720][T23105] ? __pfx_aa_sk_perm+0x10/0x10 [ 623.177744][T23105] ? __fget_files+0x2a/0x420 [ 623.177768][T23105] ip_setsockopt+0x66/0x110 [ 623.177788][T23105] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 623.177815][T23105] do_sock_setsockopt+0x17c/0x1b0 [ 623.177839][T23105] __x64_sys_setsockopt+0x13f/0x1b0 [ 623.177864][T23105] do_syscall_64+0xfa/0x3b0 [ 623.177888][T23105] ? lockdep_hardirqs_on+0x9c/0x150 [ 623.177916][T23105] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.177934][T23105] ? clear_bhb_loop+0x60/0xb0 [ 623.177957][T23105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.177974][T23105] RIP: 0033:0x7fc5eed8ebe9 [ 623.177992][T23105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 623.178007][T23105] RSP: 002b:00007fc5efc96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 623.178028][T23105] RAX: ffffffffffffffda RBX: 00007fc5eefb5fa0 RCX: 00007fc5eed8ebe9 [ 623.178043][T23105] RDX: 0000000000000030 RSI: 0000000000000000 RDI: 0000000000000003 [ 623.178055][T23105] RBP: 00007fc5efc96090 R08: 0000000000000190 R09: 0000000000000000 [ 623.178067][T23105] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001 [ 623.178079][T23105] R13: 00007fc5eefb6038 R14: 00007fc5eefb5fa0 R15: 00007fff27988b88 [ 623.178112][T23105] [ 623.549258][T23116] vlan3: entered promiscuous mode [ 623.575085][T23117] openvswitch: netlink: nsh attr 0 has unexpected len 7 expected 0 [ 623.592563][T23117] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 623.729390][T23124] netlink: 'syz.2.5422': attribute type 2 has an invalid length. [ 623.773250][T23121] smc: net device bond0 erased user defined pnetid SYZ2 [ 623.898621][T23133] IPv6: Can't replace route, no match found [ 624.037868][T23140] syz_tun: entered allmulticast mode [ 624.039196][T23141] netlink: 'syz.3.5427': attribute type 2 has an invalid length. [ 624.058116][T23137] syz_tun: left allmulticast mode [ 624.083920][T23141] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 624.164902][T23143] bridge0: port 1(erspan0) entered blocking state [ 624.189786][T23143] bridge0: port 1(erspan0) entered disabled state [ 624.196703][T23143] erspan0: entered allmulticast mode [ 624.208372][T23143] erspan0: entered promiscuous mode [ 624.217921][T23143] bridge0: port 1(erspan0) entered blocking state [ 624.224538][T23143] bridge0: port 1(erspan0) entered forwarding state [ 624.239068][T23146] erspan0: left allmulticast mode [ 624.259275][T23146] erspan0: left promiscuous mode [ 624.287373][T23146] bridge0: port 1(erspan0) entered disabled state [ 624.359816][T23153] lo speed is unknown, defaulting to 1000 [ 624.750418][T23173] syz_tun: entered allmulticast mode [ 624.784223][T23172] syz_tun: left allmulticast mode [ 624.842195][T23178] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 624.888305][T23177] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 625.069104][T23190] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 625.322226][T23190] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 625.338667][T23205] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 625.503289][T23190] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 625.583485][T23201] syzkaller1: entered allmulticast mode [ 625.638391][T23190] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 625.815866][T23216] bond0: (slave wlan1): Releasing backup interface [ 625.896251][T13373] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20001 - 0 [ 625.907058][T23217] netlink: 'syz.2.5451': attribute type 10 has an invalid length. [ 625.954083][T23217] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 625.973816][ T36] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20001 - 0 [ 626.026798][ T36] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20001 - 0 [ 626.269344][T23237] __nla_validate_parse: 15 callbacks suppressed [ 626.269364][T23237] netlink: 52 bytes leftover after parsing attributes in process `syz.1.5455'. [ 626.396200][T23225] lo: entered allmulticast mode [ 626.417682][T13385] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20001 - 0 [ 626.454199][T23223] lo: left allmulticast mode [ 626.634125][T23246] netlink: 'syz.3.5459': attribute type 10 has an invalid length. [ 626.853232][T23250] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5461'. [ 626.865793][T23259] netlink: 128 bytes leftover after parsing attributes in process `syz.1.5462'. [ 626.903185][T23262] netlink: 48 bytes leftover after parsing attributes in process `syz.0.5465'. [ 626.913966][T23256] netlink: 4660 bytes leftover after parsing attributes in process `syz.2.5461'. [ 627.326771][T23274] syz_tun: entered allmulticast mode [ 627.333701][T23277] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5468'. [ 627.353546][T23273] syz_tun: left allmulticast mode [ 627.363581][T23277] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5468'. [ 627.378197][T23279] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5469'. [ 627.524167][T23282] sch_tbf: burst 88 is lower than device veth5 mtu (1514) ! [ 627.812113][T23307] syzkaller1: entered promiscuous mode [ 627.817645][T23307] syzkaller1: entered allmulticast mode [ 627.880125][T23301] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5476'. [ 627.902804][T23301] openvswitch: netlink: Key type 16368 is out of range max 32 [ 628.143986][T23296] lo speed is unknown, defaulting to 1000 [ 628.214962][T23316] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5481'. [ 628.439759][T23320] lo: entered allmulticast mode [ 628.492129][T23319] lo: left allmulticast mode [ 630.609427][T23365] netlink: 'syz.4.5494': attribute type 5 has an invalid length. [ 630.650389][T23344] lo speed is unknown, defaulting to 1000 [ 630.721609][T23369] syz_tun: entered allmulticast mode [ 630.794625][T23366] syz_tun: left allmulticast mode [ 630.808900][T23371] team0: Mode changed to "activebackup" [ 631.055404][T23386] netlink: 'syz.2.5502': attribute type 2 has an invalid length. [ 631.104610][T23386] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 631.358349][T23392] lo speed is unknown, defaulting to 1000 [ 631.691218][T23409] lo speed is unknown, defaulting to 1000 [ 631.812753][T23408] __nla_validate_parse: 5 callbacks suppressed [ 631.812772][T23408] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5503'. [ 631.887833][T23415] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5508'. [ 631.896950][T23415] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5508'. [ 631.950246][T23415] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5508'. [ 632.004966][T23421] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5509'. [ 632.483919][T23416] lo speed is unknown, defaulting to 1000 [ 632.699532][T23441] lo speed is unknown, defaulting to 1000 [ 633.114940][T23463] sctp: [Deprecated]: syz.2.5521 (pid 23463) Use of int in max_burst socket option. [ 633.114940][T23463] Use struct sctp_assoc_value instead [ 633.148041][T23460] bridge_slave_1: entered promiscuous mode [ 633.194566][T23460] bridge_slave_1: left promiscuous mode [ 633.296373][T23451] lo speed is unknown, defaulting to 1000 [ 633.475894][T23471] bond0: (slave 0!): Releasing backup interface [ 633.484702][T23473] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5524'. [ 633.495540][T23473] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5524'. [ 633.659072][T23484] netlink: 'syz.4.5523': attribute type 10 has an invalid length. [ 633.662083][T23483] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5526'. [ 633.776000][T23484] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 634.157289][T23492] bond0: (slave wlan1): Releasing backup interface [ 634.228479][T23501] bridge3: entered promiscuous mode [ 634.342536][T23499] netlink: 'syz.0.5528': attribute type 10 has an invalid length. [ 634.410529][T23499] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 634.421617][T23503] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input19 [ 634.666490][T23520] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0 [ 634.686597][T23519] IPVS: stopping backup sync thread 23520 ... [ 634.717596][T23522] netlink: 96 bytes leftover after parsing attributes in process `syz.3.5540'. [ 634.936414][T23530] FAULT_INJECTION: forcing a failure. [ 634.936414][T23530] name failslab, interval 1, probability 0, space 0, times 0 [ 634.949753][T23530] CPU: 1 UID: 0 PID: 23530 Comm: syz.1.5544 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 634.949781][T23530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 634.949793][T23530] Call Trace: [ 634.949801][T23530] [ 634.949810][T23530] dump_stack_lvl+0x189/0x250 [ 634.949837][T23530] ? __pfx____ratelimit+0x10/0x10 [ 634.949860][T23530] ? __pfx_dump_stack_lvl+0x10/0x10 [ 634.949879][T23530] ? __pfx__printk+0x10/0x10 [ 634.949906][T23530] ? __pfx___might_resched+0x10/0x10 [ 634.949929][T23530] ? fs_reclaim_acquire+0x7d/0x100 [ 634.949952][T23530] should_fail_ex+0x414/0x560 [ 634.949983][T23530] should_failslab+0xa8/0x100 [ 634.950002][T23530] kmem_cache_alloc_noprof+0x73/0x3c0 [ 634.950024][T23530] ? __kernfs_new_node+0xd7/0x7e0 [ 634.950054][T23530] __kernfs_new_node+0xd7/0x7e0 [ 634.950072][T23530] ? __lock_acquire+0xab9/0xd20 [ 634.950103][T23530] ? __pfx___kernfs_new_node+0x10/0x10 [ 634.950125][T23530] ? kernfs_root+0x1c/0x230 [ 634.950150][T23530] ? kernfs_root+0x1c/0x230 [ 634.950168][T23530] ? kernfs_root+0x1c/0x230 [ 634.950183][T23530] ? kernfs_root+0x1c/0x230 [ 634.950208][T23530] kernfs_new_node+0x102/0x210 [ 634.950235][T23530] __kernfs_create_file+0x4b/0x2e0 [ 634.950262][T23530] sysfs_add_file_mode_ns+0x238/0x300 [ 634.950308][T23530] sysfs_merge_group+0x177/0x310 [ 634.950332][T23530] ? __pfx_sysfs_merge_group+0x10/0x10 [ 634.950354][T23530] ? kobject_put+0x43f/0x480 [ 634.950386][T23530] dpm_sysfs_add+0xd2/0x270 [ 634.950412][T23530] device_add+0x4d8/0xb50 [ 634.950437][T23530] tty_register_device_attr+0x3fe/0x8f0 [ 634.950468][T23530] ? __pfx_tty_register_device_attr+0x10/0x10 [ 634.950503][T23530] ? tty_port_register_device+0x5a/0x100 [ 634.950528][T23530] rfcomm_dev_ioctl+0x176d/0x1d20 [ 634.950558][T23530] ? __pfx_rfcomm_dev_ioctl+0x10/0x10 [ 634.950588][T23530] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 634.950611][T23530] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 634.950643][T23530] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 634.950674][T23530] sock_do_ioctl+0xd9/0x300 [ 634.950700][T23530] ? __pfx_sock_do_ioctl+0x10/0x10 [ 634.950719][T23530] ? __lock_acquire+0xab9/0xd20 [ 634.950760][T23530] sock_ioctl+0x576/0x790 [ 634.950784][T23530] ? __pfx_sock_ioctl+0x10/0x10 [ 634.950805][T23530] ? __fget_files+0x2a/0x420 [ 634.950822][T23530] ? __fget_files+0x3a0/0x420 [ 634.950838][T23530] ? __fget_files+0x2a/0x420 [ 634.950859][T23530] ? bpf_lsm_file_ioctl+0x9/0x20 [ 634.950881][T23530] ? __pfx_sock_ioctl+0x10/0x10 [ 634.950902][T23530] __se_sys_ioctl+0xf9/0x170 [ 634.950928][T23530] do_syscall_64+0xfa/0x3b0 [ 634.950951][T23530] ? lockdep_hardirqs_on+0x9c/0x150 [ 634.950974][T23530] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 634.950991][T23530] ? clear_bhb_loop+0x60/0xb0 [ 634.951014][T23530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 634.951031][T23530] RIP: 0033:0x7f134f38ebe9 [ 634.951049][T23530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 634.951065][T23530] RSP: 002b:00007f1350280038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 634.951087][T23530] RAX: ffffffffffffffda RBX: 00007f134f5b5fa0 RCX: 00007f134f38ebe9 [ 634.951101][T23530] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004 [ 634.951114][T23530] RBP: 00007f1350280090 R08: 0000000000000000 R09: 0000000000000000 [ 634.951126][T23530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 634.951137][T23530] R13: 00007f134f5b6038 R14: 00007f134f5b5fa0 R15: 00007ffe134a2778 [ 634.951169][T23530] [ 635.373302][T23532] netlink: 332 bytes leftover after parsing attributes in process `syz.4.5546'. [ 635.573460][T23534] tipc: Enabled bearer , priority 0 [ 635.692009][T23544] syzkaller0: entered promiscuous mode [ 635.697991][T23544] syzkaller0: entered allmulticast mode [ 635.705230][T23544] tipc: Resetting bearer [ 635.754581][T23533] tipc: Resetting bearer [ 635.804094][T23553] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 635.999580][T23561] netlink: 'syz.3.5553': attribute type 10 has an invalid length. [ 636.017083][T23562] netlink: 'syz.4.5552': attribute type 10 has an invalid length. [ 636.600376][ T8863] tipc: Node number set to 1365037595 [ 637.213189][ T971] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 638.193101][T23533] tipc: Disabling bearer [ 638.212070][T23554] bond0: (slave wlan1): Releasing backup interface [ 638.222320][T23555] bond0: (slave wlan1): Releasing backup interface [ 638.236665][T23561] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 638.253229][T23562] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 638.355667][T23576] netlink: 'syz.4.5558': attribute type 5 has an invalid length. [ 638.363918][T13385] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 638.393708][T13385] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 638.418036][T13375] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 638.454760][ T971] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 638.611063][T23586] __nla_validate_parse: 4 callbacks suppressed [ 638.611090][T23586] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5564'. [ 638.728719][T23598] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5567'. [ 638.924891][T23610] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 639.033122][T23615] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5575'. [ 639.122535][T23618] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5576'. [ 639.125052][T23623] IPv6: NLM_F_REPLACE set, but no existing node found! [ 639.146261][T23621] lo: entered allmulticast mode [ 639.153575][T23623] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5575'. [ 639.328367][T23629] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5579'. [ 639.746123][T23655] syzkaller1: entered allmulticast mode [ 639.802058][T23658] syz_tun: entered allmulticast mode [ 640.613252][T23687] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5598'. [ 640.666868][T23689] bridge0: entered promiscuous mode [ 641.117705][T23706] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5607'. [ 641.134698][T23706] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5607'. [ 641.178307][T23706] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5607'. [ 641.695047][T23746] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 641.778207][T23746] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 641.862569][T23746] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 641.955906][T23758] netlink: 'syz.3.5629': attribute type 2 has an invalid length. [ 642.003305][T23746] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 642.260036][T23763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 642.285153][T23763] 8021q: adding VLAN 0 to HW filter on device team0 [ 642.310536][T23763] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 642.450650][T13375] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20001 - 0 [ 642.532984][T13377] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20001 - 0 [ 642.555377][T13377] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20001 - 0 [ 642.574230][T13377] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20001 - 0 [ 642.844047][T23796] smc: net device bond0 applied user defined pnetid SYZ2 [ 642.928129][T23796] vlan0: entered promiscuous mode [ 642.950134][T23796] dummy0: entered promiscuous mode [ 643.264389][T23823] netlink: 'syz.1.5644': attribute type 10 has an invalid length. [ 643.292027][T23826] netlink: 'syz.2.5643': attribute type 10 has an invalid length. [ 643.483618][T23811] bond0: (slave wlan1): Releasing backup interface [ 643.543860][T23826] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 643.944939][T23845] syzkaller0: create flow: hash 2130138285 index 1 [ 643.954625][T23846] __nla_validate_parse: 7 callbacks suppressed [ 643.954644][T23846] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5651'. [ 644.009395][T23846] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5651'. [ 644.044369][T23846] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5651'. [ 644.165696][T23852] tipc: Cannot configure node identity twice [ 644.186432][T23854] geneve2: entered promiscuous mode [ 644.229759][T23837] syzkaller0: delete flow: hash 2130138285 index 1 [ 644.250291][ T971] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 644.916907][T23881] sctp: [Deprecated]: syz.4.5659 (pid 23881) Use of int in max_burst socket option. [ 644.916907][T23881] Use struct sctp_assoc_value instead [ 646.184105][T13385] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 646.742792][T13375] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 646.751848][T13375] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 646.800387][T13375] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 646.818025][T13375] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 646.850060][T23860] lo speed is unknown, defaulting to 1000 [ 646.865837][T23876] lo speed is unknown, defaulting to 1000 [ 646.996189][T23895] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5664'. [ 647.006304][T23895] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5664'. [ 647.159495][T23902] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5666'. [ 647.190520][T23902] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5666'. [ 647.340300][T23902] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5666'. [ 647.398060][T23902] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5666'. [ 647.839243][T23902] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5666'. [ 647.918558][T23926] syzkaller1: entered allmulticast mode [ 648.039749][T23929] netlink: 'syz.0.5672': attribute type 6 has an invalid length. [ 648.141048][T23932] syz_tun: entered allmulticast mode [ 648.178657][T23928] syz_tun: left allmulticast mode [ 648.685768][T23956] lo speed is unknown, defaulting to 1000 [ 649.160257][T23978] syz_tun: entered allmulticast mode [ 649.175943][T23980] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input20 [ 649.221426][T23972] syz_tun: left allmulticast mode [ 649.906467][T24013] __nla_validate_parse: 6 callbacks suppressed [ 649.906486][T24013] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5701'. [ 650.241268][T24015] netlink: 'syz.4.5702': attribute type 10 has an invalid length. [ 651.463583][T24021] netlink: 52 bytes leftover after parsing attributes in process `syz.1.5705'. [ 652.358358][T24032] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 652.605444][T24052] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5717'. [ 652.641777][ T36] wlan0: failed to finalize CSA on link 0, disconnecting [ 652.702231][T24055] bridge0: entered promiscuous mode [ 652.744985][T24056] netlink: 'syz.3.5717': attribute type 2 has an invalid length. [ 652.807747][T24059] netlink: 'syz.2.5718': attribute type 2 has an invalid length. [ 652.871430][T24059] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 652.900017][T24047] lo speed is unknown, defaulting to 1000 [ 652.911615][T24062] netlink: 'syz.3.5720': attribute type 2 has an invalid length. [ 652.928297][T24059] rdma_op ffff888034b461f0 conn xmit_rdma 0000000000000000 [ 653.235695][T24078] tipc: Enabled bearer , priority 0 [ 653.288960][T24072] lo speed is unknown, defaulting to 1000 [ 653.296032][T24078] syzkaller0: entered promiscuous mode [ 653.311084][T24078] syzkaller0: entered allmulticast mode [ 653.430362][T24078] syzkaller0: mtu greater than device maximum [ 653.438382][T24082] tipc: Enabling of bearer rejected, failed to enable media [ 653.477382][T24077] tipc: Resetting bearer [ 653.526095][T24077] tipc: Disabling bearer [ 653.803083][T24095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5727'. [ 653.828201][T24097] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5726'. [ 653.850411][T24095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5727'. [ 653.877581][T24097] tc_dump_action: action bad kind [ 653.900982][T24101] netlink: 'syz.4.5726': attribute type 42 has an invalid length. [ 654.138018][T24103] netlink: 'syz.1.5729': attribute type 1 has an invalid length. [ 654.162071][T24103] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5729'. [ 654.706697][T24118] netlink: 'syz.4.5734': attribute type 5 has an invalid length. [ 654.872522][T24122] lo speed is unknown, defaulting to 1000 [ 654.894430][T24128] netlink: 'syz.3.5737': attribute type 4 has an invalid length. [ 654.933629][T24127] syzkaller1: entered promiscuous mode [ 654.948833][T24127] syzkaller1: entered allmulticast mode [ 654.956965][T24129] netlink: 'syz.1.5736': attribute type 10 has an invalid length. [ 655.629214][T24159] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5748'. [ 655.790606][T24167] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5753'. [ 655.867836][T24177] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 656.023399][T24180] FAULT_INJECTION: forcing a failure. [ 656.023399][T24180] name failslab, interval 1, probability 0, space 0, times 0 [ 656.036124][T24180] CPU: 0 UID: 0 PID: 24180 Comm: syz.3.5754 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 656.036152][T24180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 656.036163][T24180] Call Trace: [ 656.036171][T24180] [ 656.036180][T24180] dump_stack_lvl+0x189/0x250 [ 656.036204][T24180] ? __pfx____ratelimit+0x10/0x10 [ 656.036228][T24180] ? __pfx_dump_stack_lvl+0x10/0x10 [ 656.036246][T24180] ? __pfx__printk+0x10/0x10 [ 656.036273][T24180] ? __lock_acquire+0xab9/0xd20 [ 656.036301][T24180] should_fail_ex+0x414/0x560 [ 656.036332][T24180] should_failslab+0xa8/0x100 [ 656.036351][T24180] kmem_cache_alloc_bulk_noprof+0x77/0x790 [ 656.036380][T24180] ? pfn_valid+0x125/0x4d0 [ 656.036404][T24180] ? pfn_valid+0x125/0x4d0 [ 656.036428][T24180] ? pfn_valid+0x125/0x4d0 [ 656.036454][T24180] bpf_test_run_xdp_live+0x15f1/0x1b10 [ 656.036497][T24180] ? bpf_test_run_xdp_live+0x38e/0x1b10 [ 656.036533][T24180] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 656.036557][T24180] ? 0xffffffffa0205540 [ 656.036576][T24180] ? 0xffffffffa0205540 [ 656.036642][T24180] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 656.036676][T24180] ? _copy_from_user+0x94/0xb0 [ 656.036700][T24180] ? bpf_test_init+0x133/0x170 [ 656.036721][T24180] ? xdp_convert_md_to_buff+0x5b/0x330 [ 656.036748][T24180] bpf_prog_test_run_xdp+0x713/0x1000 [ 656.036788][T24180] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 656.036817][T24180] ? __fget_files+0x2a/0x420 [ 656.036841][T24180] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 656.036866][T24180] bpf_prog_test_run+0x2c4/0x340 [ 656.036894][T24180] __sys_bpf+0x581/0x870 [ 656.036921][T24180] ? __pfx___sys_bpf+0x10/0x10 [ 656.036957][T24180] ? ksys_write+0x22a/0x250 [ 656.036984][T24180] ? __pfx_ksys_write+0x10/0x10 [ 656.037004][T24180] ? rcu_is_watching+0x15/0xb0 [ 656.037037][T24180] __x64_sys_bpf+0x7c/0x90 [ 656.037059][T24180] do_syscall_64+0xfa/0x3b0 [ 656.037083][T24180] ? lockdep_hardirqs_on+0x9c/0x150 [ 656.037104][T24180] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.037120][T24180] ? clear_bhb_loop+0x60/0xb0 [ 656.037138][T24180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.037154][T24180] RIP: 0033:0x7fc5eed8ebe9 [ 656.037170][T24180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 656.037184][T24180] RSP: 002b:00007fc5efc96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 656.037205][T24180] RAX: ffffffffffffffda RBX: 00007fc5eefb5fa0 RCX: 00007fc5eed8ebe9 [ 656.037219][T24180] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 656.037231][T24180] RBP: 00007fc5efc96090 R08: 0000000000000000 R09: 0000000000000000 [ 656.037243][T24180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 656.037254][T24180] R13: 00007fc5eefb6038 R14: 00007fc5eefb5fa0 R15: 00007fff27988b88 [ 656.037285][T24180] [ 656.450240][T24177] syzkaller1: entered allmulticast mode [ 656.619375][T24191] netlink: 'syz.0.5759': attribute type 7 has an invalid length. [ 656.637497][T24193] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5758'. [ 656.970259][ C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 657.159591][T24205] bridge_slave_1: entered promiscuous mode [ 657.217907][T24205] bridge_slave_1: left promiscuous mode [ 657.412618][ T5855] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 657.423242][ T5855] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 657.443127][ T5855] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 657.451890][ T5855] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 657.464900][ T5855] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 657.590366][T15532] syz_tun (unregistering): left allmulticast mode [ 657.619734][T24215] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5766'. [ 657.632682][T24215] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5766'. [ 657.653628][T24215] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5766'. [ 657.747408][T24210] lo speed is unknown, defaulting to 1000 [ 658.191824][T24210] chnl_net:caif_netlink_parms(): no params data found [ 658.438596][T24210] bridge0: port 1(bridge_slave_0) entered blocking state [ 658.456267][T24210] bridge0: port 1(bridge_slave_0) entered disabled state [ 658.464595][T24210] bridge_slave_0: entered allmulticast mode [ 658.479692][T24210] bridge_slave_0: entered promiscuous mode [ 658.494628][T24210] bridge0: port 2(bridge_slave_1) entered blocking state [ 658.514357][T24210] bridge0: port 2(bridge_slave_1) entered disabled state [ 658.528381][T24210] bridge_slave_1: entered allmulticast mode [ 658.541920][T24210] bridge_slave_1: entered promiscuous mode [ 658.702792][T24210] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 658.741265][T24210] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 658.751571][T24241] lo speed is unknown, defaulting to 1000 [ 658.918171][T24210] team0: Port device team_slave_0 added [ 658.951968][T24249] lo speed is unknown, defaulting to 1000 [ 658.960827][T24210] team0: Port device team_slave_1 added [ 659.351247][T24210] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 659.371021][T24210] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 659.399313][T24210] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 659.517466][T24210] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 659.530857][T19741] Bluetooth: hci5: command tx timeout [ 659.547389][T24210] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 659.580073][T24210] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 659.643717][T24260] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5779'. [ 659.661531][T24260] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5779'. [ 659.682917][T24260] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5779'. [ 659.783629][T24210] hsr_slave_0: entered promiscuous mode [ 659.802806][T24210] hsr_slave_1: entered promiscuous mode [ 659.815793][T24210] debugfs: 'hsr0' already exists in 'hsr' [ 659.828111][T24210] Cannot create hsr debugfs directory [ 660.117937][T24267] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5781'. [ 660.190652][T24210] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 660.279659][T24210] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 660.345391][T24210] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 660.450461][T24210] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 660.652016][T24210] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 660.664153][T24210] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 660.684470][T24210] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 660.708021][T24210] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 660.961450][T24210] 8021q: adding VLAN 0 to HW filter on device bond0 [ 661.012804][T24210] 8021q: adding VLAN 0 to HW filter on device team0 [ 661.036148][T13375] bridge0: port 1(bridge_slave_0) entered blocking state [ 661.043381][T13375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 661.072306][T13375] bridge0: port 2(bridge_slave_1) entered blocking state [ 661.079498][T13375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 661.216353][T24288] __nla_validate_parse: 4 callbacks suppressed [ 661.216372][T24288] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5787'. [ 661.260764][T24288] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5787'. [ 661.290712][T24288] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5787'. [ 661.615296][T24300] tipc: Enabled bearer , priority 0 [ 661.621955][T19741] Bluetooth: hci5: command tx timeout [ 661.673093][T24304] syzkaller0: entered promiscuous mode [ 661.690558][T24304] syzkaller0: entered allmulticast mode [ 661.785509][T24300] syzkaller0: mtu greater than device maximum [ 661.825048][T24210] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 661.845897][T24299] tipc: Resetting bearer [ 661.896478][T24299] tipc: Disabling bearer [ 661.930944][T13373] wlan0: Trigger new scan to find an IBSS to join [ 662.028556][T24310] netlink: 'syz.3.5795': attribute type 5 has an invalid length. [ 662.084223][T24210] veth0_vlan: entered promiscuous mode [ 662.123236][T24210] veth1_vlan: entered promiscuous mode [ 662.196371][T24312] lo speed is unknown, defaulting to 1000 [ 662.221547][T24315] bond0: (slave wlan1): Releasing backup interface [ 662.356336][T24210] veth0_macvtap: entered promiscuous mode [ 662.409153][T24318] netlink: 'syz.2.5797': attribute type 10 has an invalid length. [ 662.419897][T24210] veth1_macvtap: entered promiscuous mode [ 662.521322][T24318] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 662.607979][T24210] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 662.641565][T24210] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 662.681841][T24322] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5799'. [ 662.691779][T24322] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5799'. [ 662.703609][T24324] netlink: 60 bytes leftover after parsing attributes in process `syz.4.5799'. [ 662.713027][T24322] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5799'. [ 662.723176][ T971] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 662.739276][ T971] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 662.752364][ T971] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 662.782442][ T971] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 662.876184][T24312] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5796'. [ 662.896691][T13375] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 662.904795][T13375] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 662.937991][ T971] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 662.947939][ T971] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 663.255166][T24329] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5800'. [ 663.438612][T24340] netlink: 'syz.0.5803': attribute type 1 has an invalid length. [ 663.457997][T24340] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5803'. [ 663.690175][T19741] Bluetooth: hci5: command tx timeout [ 663.786403][T24358] openvswitch: netlink: Key type 16368 is out of range max 32 [ 664.792791][T24413] FAULT_INJECTION: forcing a failure. [ 664.792791][T24413] name failslab, interval 1, probability 0, space 0, times 0 [ 664.829260][T24413] CPU: 0 UID: 0 PID: 24413 Comm: syz.4.5828 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 664.829291][T24413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 664.829303][T24413] Call Trace: [ 664.829313][T24413] [ 664.829321][T24413] dump_stack_lvl+0x189/0x250 [ 664.829346][T24413] ? __pfx____ratelimit+0x10/0x10 [ 664.829372][T24413] ? __pfx_dump_stack_lvl+0x10/0x10 [ 664.829390][T24413] ? __pfx__printk+0x10/0x10 [ 664.829417][T24413] ? __pfx___might_resched+0x10/0x10 [ 664.829442][T24413] ? fs_reclaim_acquire+0x7d/0x100 [ 664.829467][T24413] should_fail_ex+0x414/0x560 [ 664.829500][T24413] should_failslab+0xa8/0x100 [ 664.829520][T24413] __kmalloc_noprof+0xcb/0x4f0 [ 664.829551][T24413] ? kfree+0x4d/0x440 [ 664.829570][T24413] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 664.829602][T24413] tomoyo_realpath_from_path+0xe3/0x5d0 [ 664.829628][T24413] ? tomoyo_domain+0xd9/0x130 [ 664.829660][T24413] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 664.829682][T24413] tomoyo_path_number_perm+0x1e8/0x5a0 [ 664.829708][T24413] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 664.829749][T24413] ? __lock_acquire+0xab9/0xd20 [ 664.829797][T24413] ? __fget_files+0x2a/0x420 [ 664.829818][T24413] ? __fget_files+0x2a/0x420 [ 664.829844][T24413] ? __fget_files+0x3a0/0x420 [ 664.829859][T24413] ? __fget_files+0x2a/0x420 [ 664.829878][T24413] security_file_ioctl+0xcb/0x2d0 [ 664.829899][T24413] __se_sys_ioctl+0x47/0x170 [ 664.829924][T24413] do_syscall_64+0xfa/0x3b0 [ 664.829946][T24413] ? lockdep_hardirqs_on+0x9c/0x150 [ 664.829968][T24413] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.829985][T24413] ? clear_bhb_loop+0x60/0xb0 [ 664.830006][T24413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.830022][T24413] RIP: 0033:0x7fa2eb38ebe9 [ 664.830038][T24413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 664.830058][T24413] RSP: 002b:00007fa2e95ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 664.830078][T24413] RAX: ffffffffffffffda RBX: 00007fa2eb5b5fa0 RCX: 00007fa2eb38ebe9 [ 664.830090][T24413] RDX: 0000200000000040 RSI: 0000000000008b04 RDI: 0000000000000004 [ 664.830102][T24413] RBP: 00007fa2e95ee090 R08: 0000000000000000 R09: 0000000000000000 [ 664.830113][T24413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 664.830123][T24413] R13: 00007fa2eb5b6038 R14: 00007fa2eb5b5fa0 R15: 00007fff159e1778 [ 664.830152][T24413] [ 664.891072][T13375] wlan0: Trigger new scan to find an IBSS to join [ 665.099539][T24417] sctp: [Deprecated]: syz.3.5830 (pid 24417) Use of struct sctp_assoc_value in delayed_ack socket option. [ 665.099539][T24417] Use struct sctp_sack_info instead [ 665.149340][T24413] ERROR: Out of memory at tomoyo_realpath_from_path. [ 665.573783][T24437] tipc: Enabled bearer , priority 0 [ 665.612733][T24437] syzkaller0: entered promiscuous mode [ 665.618328][T24437] syzkaller0: entered allmulticast mode [ 665.752791][T24437] tipc: Resetting bearer [ 665.761797][T24436] tipc: Resetting bearer [ 665.770016][T19741] Bluetooth: hci5: command tx timeout [ 665.802103][T24449] netlink: 'syz.0.5839': attribute type 2 has an invalid length. [ 665.841639][T24436] tipc: Disabling bearer [ 665.897922][T24449] k›*·]‘: entered promiscuous mode [ 665.916029][T24457] rdma_op ffff88806750e1f0 conn xmit_rdma 0000000000000000 [ 665.967124][T24460] FAULT_INJECTION: forcing a failure. [ 665.967124][T24460] name failslab, interval 1, probability 0, space 0, times 0 [ 665.999047][T24455] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 666.013593][T24460] CPU: 0 UID: 0 PID: 24460 Comm: syz.3.5842 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 666.013623][T24460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 666.013635][T24460] Call Trace: [ 666.013644][T24460] [ 666.013652][T24460] dump_stack_lvl+0x189/0x250 [ 666.013677][T24460] ? __pfx____ratelimit+0x10/0x10 [ 666.013702][T24460] ? __pfx_dump_stack_lvl+0x10/0x10 [ 666.013720][T24460] ? __pfx__printk+0x10/0x10 [ 666.013748][T24460] ? __pfx___might_resched+0x10/0x10 [ 666.013771][T24460] ? fs_reclaim_acquire+0x7d/0x100 [ 666.013796][T24460] should_fail_ex+0x414/0x560 [ 666.013828][T24460] should_failslab+0xa8/0x100 [ 666.013847][T24460] __kmalloc_cache_noprof+0x70/0x3d0 [ 666.013871][T24460] ? nf_tables_newtable+0x435/0x1890 [ 666.013896][T24460] nf_tables_newtable+0x435/0x1890 [ 666.013913][T24460] ? __pfx_nfnetlink_has_listeners+0x2/0x10 [ 666.013955][T24460] nfnetlink_rcv+0x112f/0x2520 [ 666.014018][T24460] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 666.014057][T24460] ? ref_tracker_free+0x63a/0x7d0 [ 666.014107][T24460] ? __netlink_deliver_tap+0x807/0x850 [ 666.014131][T24460] ? netlink_deliver_tap+0x2e/0x1b0 [ 666.014173][T24460] netlink_unicast+0x82c/0x9e0 [ 666.014205][T24460] ? __pfx_netlink_unicast+0x10/0x10 [ 666.014230][T24460] ? netlink_sendmsg+0x642/0xb30 [ 666.014251][T24460] ? skb_put+0x11b/0x210 [ 666.014274][T24460] netlink_sendmsg+0x805/0xb30 [ 666.014308][T24460] ? __pfx_netlink_sendmsg+0x10/0x10 [ 666.014336][T24460] ? aa_sock_msg_perm+0x94/0x160 [ 666.014360][T24460] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 666.014379][T24460] ? __pfx_netlink_sendmsg+0x10/0x10 [ 666.014405][T24460] __sock_sendmsg+0x219/0x270 [ 666.014431][T24460] ____sys_sendmsg+0x505/0x830 [ 666.014456][T24460] ? __pfx_____sys_sendmsg+0x10/0x10 [ 666.014485][T24460] ? import_iovec+0x74/0xa0 [ 666.014513][T24460] ___sys_sendmsg+0x21f/0x2a0 [ 666.014534][T24460] ? __pfx____sys_sendmsg+0x10/0x10 [ 666.014592][T24460] ? __fget_files+0x2a/0x420 [ 666.014606][T24460] ? __fget_files+0x3a0/0x420 [ 666.014631][T24460] __x64_sys_sendmsg+0x19b/0x260 [ 666.014651][T24460] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 666.014679][T24460] ? __pfx_ksys_write+0x10/0x10 [ 666.014707][T24460] ? do_syscall_64+0xbe/0x3b0 [ 666.014734][T24460] do_syscall_64+0xfa/0x3b0 [ 666.014756][T24460] ? lockdep_hardirqs_on+0x9c/0x150 [ 666.014779][T24460] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.014796][T24460] ? clear_bhb_loop+0x60/0xb0 [ 666.014818][T24460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.014834][T24460] RIP: 0033:0x7fc5eed8ebe9 [ 666.014850][T24460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 666.014865][T24460] RSP: 002b:00007fc5efc96038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 666.014885][T24460] RAX: ffffffffffffffda RBX: 00007fc5eefb5fa0 RCX: 00007fc5eed8ebe9 [ 666.014899][T24460] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 666.014910][T24460] RBP: 00007fc5efc96090 R08: 0000000000000000 R09: 0000000000000000 [ 666.014921][T24460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 666.014932][T24460] R13: 00007fc5eefb6038 R14: 00007fc5eefb5fa0 R15: 00007fff27988b88 [ 666.014964][T24460] [ 666.392076][T24462] bridge5: entered promiscuous mode [ 666.447098][T24471] netlink: 'syz.3.5845': attribute type 7 has an invalid length. [ 667.346111][T24512] __nla_validate_parse: 13 callbacks suppressed [ 667.346130][T24512] netlink: 248 bytes leftover after parsing attributes in process `syz.1.5860'. [ 667.438910][T24522] syz_tun: left allmulticast mode [ 667.483174][T24522] dvmrp1: left allmulticast mode [ 667.499014][T24527] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5860'. [ 667.728263][T24531] FAULT_INJECTION: forcing a failure. [ 667.728263][T24531] name failslab, interval 1, probability 0, space 0, times 0 [ 667.776548][T24531] CPU: 1 UID: 0 PID: 24531 Comm: syz.2.5864 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 667.776576][T24531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 667.776587][T24531] Call Trace: [ 667.776595][T24531] [ 667.776603][T24531] dump_stack_lvl+0x189/0x250 [ 667.776637][T24531] ? __pfx____ratelimit+0x10/0x10 [ 667.776660][T24531] ? __pfx_dump_stack_lvl+0x10/0x10 [ 667.776679][T24531] ? __pfx__printk+0x10/0x10 [ 667.776704][T24531] ? __pfx___might_resched+0x10/0x10 [ 667.776728][T24531] ? fs_reclaim_acquire+0x7d/0x100 [ 667.776752][T24531] should_fail_ex+0x414/0x560 [ 667.776784][T24531] should_failslab+0xa8/0x100 [ 667.776804][T24531] __kmalloc_cache_noprof+0x70/0x3d0 [ 667.776828][T24531] ? cdev_alloc+0x4c/0xc0 [ 667.776849][T24531] cdev_alloc+0x4c/0xc0 [ 667.776868][T24531] tty_register_device_attr+0x5dc/0x8f0 [ 667.776897][T24531] ? __pfx_tty_register_device_attr+0x10/0x10 [ 667.776931][T24531] ? tty_port_register_device+0x5a/0x100 [ 667.776957][T24531] rfcomm_dev_ioctl+0x176d/0x1d20 [ 667.776987][T24531] ? __pfx_rfcomm_dev_ioctl+0x10/0x10 [ 667.777016][T24531] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 667.777040][T24531] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 667.777071][T24531] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 667.777101][T24531] sock_do_ioctl+0xd9/0x300 [ 667.777127][T24531] ? __pfx_sock_do_ioctl+0x10/0x10 [ 667.777145][T24531] ? __lock_acquire+0xab9/0xd20 [ 667.777187][T24531] sock_ioctl+0x576/0x790 [ 667.777211][T24531] ? __pfx_sock_ioctl+0x10/0x10 [ 667.777232][T24531] ? __fget_files+0x2a/0x420 [ 667.777249][T24531] ? __fget_files+0x3a0/0x420 [ 667.777265][T24531] ? __fget_files+0x2a/0x420 [ 667.777286][T24531] ? bpf_lsm_file_ioctl+0x9/0x20 [ 667.777309][T24531] ? __pfx_sock_ioctl+0x10/0x10 [ 667.777330][T24531] __se_sys_ioctl+0xf9/0x170 [ 667.777355][T24531] do_syscall_64+0xfa/0x3b0 [ 667.777377][T24531] ? lockdep_hardirqs_on+0x9c/0x150 [ 667.777399][T24531] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.777416][T24531] ? clear_bhb_loop+0x60/0xb0 [ 667.777438][T24531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.777455][T24531] RIP: 0033:0x7fcb4678ebe9 [ 667.777472][T24531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 667.777488][T24531] RSP: 002b:00007fcb4754f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 667.777509][T24531] RAX: ffffffffffffffda RBX: 00007fcb469b5fa0 RCX: 00007fcb4678ebe9 [ 667.777523][T24531] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004 [ 667.777536][T24531] RBP: 00007fcb4754f090 R08: 0000000000000000 R09: 0000000000000000 [ 667.777547][T24531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 667.777558][T24531] R13: 00007fcb469b6038 R14: 00007fcb469b5fa0 R15: 00007ffe28b86838 [ 667.777591][T24531] [ 668.632854][T24553] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5870'. [ 668.642577][T24553] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5870'. [ 668.651983][T24553] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5870'. [ 668.663279][T24553] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5870'. [ 668.866688][T24562] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 668.970506][ T36] wlan0: Trigger new scan to find an IBSS to join [ 668.976073][T24563] netlink: 68 bytes leftover after parsing attributes in process `syz.1.5872'. [ 669.029496][T24563] netlink: 'syz.1.5872': attribute type 16 has an invalid length. [ 669.052377][T24563] netlink: 'syz.1.5872': attribute type 17 has an invalid length. [ 669.220428][ T66] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 669.255211][T24567] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5874'. [ 669.264789][T24567] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5874'. [ 669.357760][T13377] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 256 - 0 [ 669.366321][T13377] netdevsim netdevsim1 eth0: unset [1, 1] type 2 family 0 port 6081 - 0 [ 669.402730][T13377] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 256 - 0 [ 669.423960][T13377] netdevsim netdevsim1 eth1: unset [1, 1] type 2 family 0 port 6081 - 0 [ 669.452514][T24567] bridge0: port 1(vlan3) entered blocking state [ 669.460264][T24567] bridge0: port 1(vlan3) entered disabled state [ 669.467032][T24567] vlan3: entered allmulticast mode [ 669.474443][T24567] bridge0: entered allmulticast mode [ 669.494180][T24567] vlan3: left allmulticast mode [ 669.506020][T24567] bridge0: left allmulticast mode [ 669.547980][T13377] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 256 - 0 [ 669.567503][T13377] netdevsim netdevsim1 eth2: unset [1, 1] type 2 family 0 port 6081 - 0 [ 669.579675][T13377] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 256 - 0 [ 669.602958][T13377] netdevsim netdevsim1 eth3: unset [1, 1] type 2 family 0 port 6081 - 0 [ 669.695691][T24585] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5882'. [ 669.716809][T24585] bridge4: entered allmulticast mode [ 669.890347][T13373] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 669.898600][T24591] openvswitch: netlink: Key type 16368 is out of range max 32 [ 670.037193][T24589] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 670.209457][T24598] tipc: Enabled bearer , priority 10 [ 670.314364][T24598] tipc: Resetting bearer [ 670.536821][T13377] tipc: Resetting bearer [ 670.551156][T24597] tipc: Resetting bearer [ 671.260373][ T8863] tipc: Node number set to 1983750697 [ 672.434415][T24597] tipc: Disabling bearer [ 672.497077][T24613] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.553122][T24616] __nla_validate_parse: 3 callbacks suppressed [ 672.553145][T24616] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5894'. [ 672.664972][T24613] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.936010][T24613] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 673.027818][T24640] veth9: entered promiscuous mode [ 673.033723][T24640] bridge5: port 1(veth9) entered blocking state [ 673.041190][T24640] bridge5: port 1(veth9) entered disabled state [ 673.048005][T24640] veth9: entered allmulticast mode [ 673.142310][T24613] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 673.193170][T24652] netlink: 'syz.1.5905': attribute type 10 has an invalid length. [ 673.214717][T24659] netlink: 'syz.2.5909': attribute type 2 has an invalid length. [ 673.275691][T24659] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 673.303258][T24662] rdma_op ffff8880535961f0 conn xmit_rdma 0000000000000000 [ 673.332010][T13377] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 673.359571][T13377] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 673.388263][T13377] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 673.435440][T13377] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 673.534617][T24667] syzkaller0: entered promiscuous mode [ 673.549765][T24667] syzkaller0: entered allmulticast mode [ 673.621950][T24667] sch_tbf: burst 12 is lower than device syzkaller0 mtu (1514) ! [ 673.658353][T24670] netlink: 68 bytes leftover after parsing attributes in process `syz.2.5913'. [ 673.936824][T24676] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5915'. [ 674.227187][T24683] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5918'. [ 674.242072][T24683] openvswitch: netlink: nsh attr 0 has unexpected len 7 expected 0 [ 674.251405][T24683] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 674.426051][T24691] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5921'. [ 674.477621][T24691] openvswitch: netlink: Key type 16368 is out of range max 32 [ 674.489749][T24696] netlink: 'syz.4.5923': attribute type 7 has an invalid length. [ 674.549325][T24698] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5924'. [ 674.636607][T24702] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5924'. [ 674.654349][T24702] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5924'. [ 674.865872][T24711] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5928'. [ 675.239708][T24730] netlink: 56 bytes leftover after parsing attributes in process `syz.3.5934'. [ 675.251089][T24732] netlink: 'syz.2.5935': attribute type 7 has an invalid length. [ 675.258634][T24730] netlink: 'syz.3.5934': attribute type 10 has an invalid length. [ 675.431298][T24736] syz_tun: entered allmulticast mode [ 675.451600][T24735] syz_tun: left allmulticast mode [ 675.604597][T24743] tipc: Enabled bearer , priority 0 [ 675.624650][T24743] syzkaller0: entered promiscuous mode [ 675.633483][T24743] syzkaller0: entered allmulticast mode [ 675.900070][T24750] sch_tbf: burst 12 is lower than device syzkaller0 mtu (1514) ! [ 675.917712][T24752] tipc: Resetting bearer [ 675.960239][T24740] tipc: Resetting bearer [ 676.033617][T24740] tipc: Disabling bearer [ 676.257626][ T12] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 676.384150][T24773] netlink: 'syz.3.5948': attribute type 7 has an invalid length. [ 676.528277][T24776] syz_tun: entered allmulticast mode [ 676.555890][T24777] bond0: (slave wlan1): Releasing backup interface [ 676.639784][T24775] syz_tun: left allmulticast mode [ 676.658090][T24777] netlink: 'syz.4.5950': attribute type 10 has an invalid length. [ 676.685680][T24777] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 676.718830][T24789] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 677.304373][T24809] FAULT_INJECTION: forcing a failure. [ 677.304373][T24809] name failslab, interval 1, probability 0, space 0, times 0 [ 677.327757][T24809] CPU: 0 UID: 0 PID: 24809 Comm: syz.1.5961 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 677.327788][T24809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 677.327799][T24809] Call Trace: [ 677.327812][T24809] [ 677.327822][T24809] dump_stack_lvl+0x189/0x250 [ 677.327853][T24809] ? __pfx____ratelimit+0x10/0x10 [ 677.327878][T24809] ? __pfx_dump_stack_lvl+0x10/0x10 [ 677.327898][T24809] ? __pfx__printk+0x10/0x10 [ 677.327927][T24809] ? __pfx___might_resched+0x10/0x10 [ 677.327951][T24809] ? fs_reclaim_acquire+0x7d/0x100 [ 677.327975][T24809] should_fail_ex+0x414/0x560 [ 677.328007][T24809] should_failslab+0xa8/0x100 [ 677.328026][T24809] __kmalloc_cache_noprof+0x70/0x3d0 [ 677.328051][T24809] ? kobject_uevent_env+0x27c/0x8c0 [ 677.328072][T24809] ? __pfx_dev_uevent_name+0x10/0x10 [ 677.328089][T24809] kobject_uevent_env+0x27c/0x8c0 [ 677.328110][T24809] ? kobject_get+0x88/0x120 [ 677.328142][T24809] tty_register_device_attr+0x541/0x8f0 [ 677.328172][T24809] ? __pfx_tty_register_device_attr+0x10/0x10 [ 677.328207][T24809] ? tty_port_register_device+0x5a/0x100 [ 677.328233][T24809] rfcomm_dev_ioctl+0x176d/0x1d20 [ 677.328272][T24809] ? __pfx_rfcomm_dev_ioctl+0x10/0x10 [ 677.328302][T24809] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 677.328326][T24809] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 677.328358][T24809] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 677.328388][T24809] sock_do_ioctl+0xd9/0x300 [ 677.328412][T24809] ? __pfx_sock_do_ioctl+0x10/0x10 [ 677.328431][T24809] ? __lock_acquire+0xab9/0xd20 [ 677.328473][T24809] sock_ioctl+0x576/0x790 [ 677.328498][T24809] ? __pfx_sock_ioctl+0x10/0x10 [ 677.328521][T24809] ? __fget_files+0x2a/0x420 [ 677.328537][T24809] ? __fget_files+0x3a0/0x420 [ 677.328553][T24809] ? __fget_files+0x2a/0x420 [ 677.328575][T24809] ? bpf_lsm_file_ioctl+0x9/0x20 [ 677.328597][T24809] ? __pfx_sock_ioctl+0x10/0x10 [ 677.328618][T24809] __se_sys_ioctl+0xf9/0x170 [ 677.328644][T24809] do_syscall_64+0xfa/0x3b0 [ 677.328669][T24809] ? lockdep_hardirqs_on+0x9c/0x150 [ 677.328691][T24809] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 677.328709][T24809] ? clear_bhb_loop+0x60/0xb0 [ 677.328732][T24809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 677.328749][T24809] RIP: 0033:0x7f134f38ebe9 [ 677.328767][T24809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 677.328783][T24809] RSP: 002b:00007f1350280038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 677.328805][T24809] RAX: ffffffffffffffda RBX: 00007f134f5b5fa0 RCX: 00007f134f38ebe9 [ 677.328819][T24809] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004 [ 677.328832][T24809] RBP: 00007f1350280090 R08: 0000000000000000 R09: 0000000000000000 [ 677.328844][T24809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 677.328856][T24809] R13: 00007f134f5b6038 R14: 00007f134f5b5fa0 R15: 00007ffe134a2778 [ 677.328889][T24809] [ 677.659021][T24811] netlink: 'syz.4.5962': attribute type 7 has an invalid length. [ 677.799551][T24813] __nla_validate_parse: 12 callbacks suppressed [ 677.799570][T24813] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5963'. [ 677.823287][T24813] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5963'. [ 677.838809][T24813] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5963'. [ 677.951941][T24822] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5964'. [ 678.118546][T24834] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5969'. [ 678.198802][T24840] netlink: 'syz.3.5968': attribute type 10 has an invalid length. [ 678.498279][T24829] bond0: (slave wlan1): Releasing backup interface [ 678.633433][T24840] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 678.725872][T24848] netlink: 48 bytes leftover after parsing attributes in process `syz.4.5971'. [ 678.920794][T24857] netlink: 'syz.4.5974': attribute type 7 has an invalid length. [ 679.112339][T24865] netlink: 164 bytes leftover after parsing attributes in process `syz.1.5978'. [ 679.145457][T24865] netlink: 164 bytes leftover after parsing attributes in process `syz.1.5978'. [ 679.155079][T24867] netlink: 52 bytes leftover after parsing attributes in process `syz.4.5977'. [ 679.185887][T24865] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5978'. [ 679.629697][T24884] bridge0: entered promiscuous mode [ 679.796946][T24887] netlink: 'syz.0.5985': attribute type 2 has an invalid length. [ 679.832773][T24887] bridge0: left promiscuous mode [ 679.877204][T24888] rdma_op ffff88802fece9f0 conn xmit_rdma 0000000000000000 [ 679.975199][ T5855] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 679.986123][ T5855] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 679.995725][ T5855] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 680.005515][ T5855] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 680.013594][ T5855] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 680.052391][T24887] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 680.183622][T24889] lo speed is unknown, defaulting to 1000 [ 680.375266][T24898] netlink: 'syz.0.5987': attribute type 7 has an invalid length. [ 680.862257][T24914] lo speed is unknown, defaulting to 1000 [ 680.983574][T24889] chnl_net:caif_netlink_parms(): no params data found [ 682.104411][ T5855] Bluetooth: hci2: command tx timeout [ 683.919757][T24889] bridge0: port 1(bridge_slave_0) entered blocking state [ 683.929468][T24889] bridge0: port 1(bridge_slave_0) entered disabled state [ 683.946655][T24889] bridge_slave_0: entered allmulticast mode [ 683.955965][T24889] bridge_slave_0: entered promiscuous mode [ 684.016395][T24889] bridge0: port 2(bridge_slave_1) entered blocking state [ 684.036651][T24889] bridge0: port 2(bridge_slave_1) entered disabled state [ 684.070391][T24889] bridge_slave_1: entered allmulticast mode [ 684.109629][T24889] bridge_slave_1: entered promiscuous mode [ 684.177222][ T5855] Bluetooth: hci2: command tx timeout [ 684.255594][T24889] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 684.272672][T24889] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 684.386641][T24889] team0: Port device team_slave_0 added [ 684.407037][T24889] team0: Port device team_slave_1 added [ 684.573725][T24889] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 684.599557][T24889] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 684.631225][T24889] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 684.681276][T24889] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 684.697634][T24889] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 684.724270][T24889] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 686.260089][ T5855] Bluetooth: hci2: command tx timeout [ 687.538757][T24889] hsr_slave_0: entered promiscuous mode [ 687.546668][T24889] hsr_slave_1: entered promiscuous mode [ 687.555003][T24889] debugfs: 'hsr0' already exists in 'hsr' [ 687.561402][T24889] Cannot create hsr debugfs directory [ 688.340701][ T5855] Bluetooth: hci2: command tx timeout [ 689.019071][T24889] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 689.064452][T24889] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 689.114210][T25071] syz_tun: entered allmulticast mode [ 689.119751][T24889] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 689.151810][T24889] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 689.182754][T25071] dvmrp1: entered allmulticast mode [ 689.226675][T25070] syz_tun: left allmulticast mode [ 689.333380][T25088] __nla_validate_parse: 4 callbacks suppressed [ 689.333398][T25088] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6055'. [ 689.369220][T25088] netlink: 36 bytes leftover after parsing attributes in process `syz.1.6055'. [ 689.428850][T25088] bridge0: port 1(vlan1) entered blocking state [ 689.446710][T25088] bridge0: port 1(vlan1) entered disabled state [ 689.460467][T25088] vlan1: entered allmulticast mode [ 689.465732][T25088] bridge0: entered allmulticast mode [ 689.526440][T25088] vlan1: left allmulticast mode [ 689.533087][T25088] bridge0: left allmulticast mode [ 689.581030][T25099] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6058'. [ 689.607670][T25093] bridge0: port 2(bridge_slave_1) entered disabled state [ 689.746226][T25099] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.6058'. [ 689.773249][T24889] 8021q: adding VLAN 0 to HW filter on device bond0 [ 689.929260][T24889] 8021q: adding VLAN 0 to HW filter on device team0 [ 689.980897][T25113] bridge1: entered promiscuous mode [ 689.995787][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 690.003120][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 690.071479][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 690.078698][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 690.171940][T25121] syz_tun: entered allmulticast mode [ 690.196217][T25116] dvmrp1: entered allmulticast mode [ 690.224303][T25114] syz_tun: left allmulticast mode [ 690.273546][T25123] bridge_slave_1: entered promiscuous mode [ 690.296888][T25123] bridge_slave_1: left promiscuous mode [ 690.307004][T25125] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6070'. [ 690.352730][T25129] netlink: 'syz.1.6072': attribute type 10 has an invalid length. [ 690.362569][T25129] netlink: 'syz.1.6072': attribute type 10 has an invalid length. [ 690.560698][T25137] FAULT_INJECTION: forcing a failure. [ 690.560698][T25137] name failslab, interval 1, probability 0, space 0, times 0 [ 690.595048][T25138] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 690.597657][T25137] CPU: 0 UID: 0 PID: 25137 Comm: syz.2.6075 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 690.597686][T25137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 690.597697][T25137] Call Trace: [ 690.597705][T25137] [ 690.597714][T25137] dump_stack_lvl+0x189/0x250 [ 690.597739][T25137] ? __pfx____ratelimit+0x10/0x10 [ 690.597764][T25137] ? __pfx_dump_stack_lvl+0x10/0x10 [ 690.597782][T25137] ? __pfx__printk+0x10/0x10 [ 690.597809][T25137] ? __pfx___might_resched+0x10/0x10 [ 690.597832][T25137] ? fs_reclaim_acquire+0x7d/0x100 [ 690.597856][T25137] should_fail_ex+0x414/0x560 [ 690.597888][T25137] should_failslab+0xa8/0x100 [ 690.597907][T25137] kmem_cache_alloc_noprof+0x73/0x3c0 [ 690.597931][T25137] ? alloc_empty_file+0x55/0x1d0 [ 690.597963][T25137] alloc_empty_file+0x55/0x1d0 [ 690.597984][T25137] alloc_file_pseudo+0x13d/0x210 [ 690.598006][T25137] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 690.598041][T25137] anon_inode_getfd+0xca/0x1b0 [ 690.598064][T25137] map_create+0xf5d/0x1310 [ 690.598093][T25137] ? security_bpf+0x7e/0x300 [ 690.598117][T25137] __sys_bpf+0x60f/0x870 [ 690.598142][T25137] ? __pfx___sys_bpf+0x10/0x10 [ 690.598178][T25137] ? ksys_write+0x22a/0x250 [ 690.598203][T25137] ? __pfx_ksys_write+0x10/0x10 [ 690.598234][T25137] __x64_sys_bpf+0x7c/0x90 [ 690.598256][T25137] do_syscall_64+0xfa/0x3b0 [ 690.598279][T25137] ? lockdep_hardirqs_on+0x9c/0x150 [ 690.598302][T25137] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 690.598319][T25137] ? clear_bhb_loop+0x60/0xb0 [ 690.598340][T25137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 690.598356][T25137] RIP: 0033:0x7fcb4678ebe9 [ 690.598373][T25137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 690.598388][T25137] RSP: 002b:00007fcb4754f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 690.598410][T25137] RAX: ffffffffffffffda RBX: 00007fcb469b5fa0 RCX: 00007fcb4678ebe9 [ 690.598424][T25137] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 0000000000000000 [ 690.598436][T25137] RBP: 00007fcb4754f090 R08: 0000000000000000 R09: 0000000000000000 [ 690.598447][T25137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 690.598458][T25137] R13: 00007fcb469b6038 R14: 00007fcb469b5fa0 R15: 00007ffe28b86838 [ 690.598489][T25137] [ 690.986940][T25138] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.103996][T25138] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.152550][T25146] lo speed is unknown, defaulting to 1000 [ 691.174829][T24889] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 691.235513][T25138] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.366429][T25161] netlink: 'syz.4.6082': attribute type 13 has an invalid length. [ 691.375682][T25161] netlink: 'syz.4.6082': attribute type 17 has an invalid length. [ 691.530893][T25161] 0ªî{X¹¦: left allmulticast mode [ 691.668657][T25161] 8021q: adding VLAN 0 to HW filter on device bond0 [ 691.678908][T25161] 8021q: adding VLAN 0 to HW filter on device team0 [ 691.692421][T25161] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 691.797656][T13377] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 691.837335][T13377] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 691.869641][T25163] lo speed is unknown, defaulting to 1000 [ 691.870458][T13377] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 691.937888][ T66] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.012487][T24889] veth0_vlan: entered promiscuous mode [ 692.109779][T24889] veth1_vlan: entered promiscuous mode [ 692.244087][T25180] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 692.455815][T24889] veth0_macvtap: entered promiscuous mode [ 692.501172][T25189] netlink: 'syz.1.6089': attribute type 3 has an invalid length. [ 692.509031][T25189] netlink: 666 bytes leftover after parsing attributes in process `syz.1.6089'. [ 692.544556][T24889] veth1_macvtap: entered promiscuous mode [ 692.612109][T25197] sctp: [Deprecated]: syz.4.6094 (pid 25197) Use of int in max_burst socket option. [ 692.612109][T25197] Use struct sctp_assoc_value instead [ 692.653903][T24889] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 692.687254][T24889] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 692.716393][ T36] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.745296][ T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.745955][T25201] netlink: 48 bytes leftover after parsing attributes in process `syz.0.6097'. [ 692.781960][ T36] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.806455][ T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 693.060389][T13385] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 693.068463][T13385] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 693.175771][T13373] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 693.196818][T13373] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 693.236223][T25214] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.268431][T25216] sctp: [Deprecated]: syz.1.6102 (pid 25216) Use of int in max_burst socket option. [ 693.268431][T25216] Use struct sctp_assoc_value instead [ 693.651870][T25214] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.827358][T25232] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6104'. [ 693.860020][T25232] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6104'. [ 693.887590][T25232] bridge0: port 1(vlan3) entered blocking state [ 693.895390][T25232] bridge0: port 1(vlan3) entered disabled state [ 693.904049][T25232] vlan3: entered allmulticast mode [ 693.927867][T25232] bridge0: entered allmulticast mode [ 693.966340][T25232] vlan3: left allmulticast mode [ 693.977451][T25232] bridge0: left allmulticast mode [ 693.992426][T25235] IPv6: Can't replace route, no match found [ 694.006769][T25214] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.117044][T25240] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6108'. [ 694.117069][T25214] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.137103][T25240] openvswitch: netlink: nsh attr 0 has unexpected len 7 expected 0 [ 694.137145][T25240] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 694.247066][T25243] netlink: 'syz.3.6109': attribute type 6 has an invalid length. [ 694.784754][T25264] lo speed is unknown, defaulting to 1000 [ 694.835771][T25268] netlink: 'syz.4.6117': attribute type 2 has an invalid length. [ 694.922116][T25268] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 694.992996][T25270] rdma_op ffff88803047e9f0 conn xmit_rdma 0000000000000000 [ 695.280582][T19741] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 695.305899][T19741] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 695.318175][T19741] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 695.328491][T19741] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 695.337056][T19741] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 695.509236][T25284] FAULT_INJECTION: forcing a failure. [ 695.509236][T25284] name failslab, interval 1, probability 0, space 0, times 0 [ 695.526288][T25284] CPU: 1 UID: 0 PID: 25284 Comm: syz.3.6121 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 695.526312][T25284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 695.526320][T25284] Call Trace: [ 695.526326][T25284] [ 695.526334][T25284] dump_stack_lvl+0x189/0x250 [ 695.526357][T25284] ? __pfx____ratelimit+0x10/0x10 [ 695.526378][T25284] ? __pfx_dump_stack_lvl+0x10/0x10 [ 695.526392][T25284] ? __pfx__printk+0x10/0x10 [ 695.526413][T25284] ? __pfx___might_resched+0x10/0x10 [ 695.526433][T25284] ? fs_reclaim_acquire+0x7d/0x100 [ 695.526451][T25284] should_fail_ex+0x414/0x560 [ 695.526478][T25284] should_failslab+0xa8/0x100 [ 695.526493][T25284] kmem_cache_alloc_noprof+0x73/0x3c0 [ 695.526512][T25284] ? __kernfs_new_node+0xd7/0x7e0 [ 695.526532][T25284] __kernfs_new_node+0xd7/0x7e0 [ 695.526548][T25284] ? __lock_acquire+0xab9/0xd20 [ 695.526573][T25284] ? __pfx___kernfs_new_node+0x10/0x10 [ 695.526589][T25284] ? kernfs_root+0x1c/0x230 [ 695.526610][T25284] ? kernfs_root+0x1c/0x230 [ 695.526633][T25284] ? kernfs_root+0x1c/0x230 [ 695.526646][T25284] ? kernfs_root+0x1c/0x230 [ 695.526666][T25284] kernfs_new_node+0x102/0x210 [ 695.526688][T25284] __kernfs_create_file+0x4b/0x2e0 [ 695.526712][T25284] sysfs_add_file_mode_ns+0x238/0x300 [ 695.526735][T25284] sysfs_create_file_ns+0x128/0x1a0 [ 695.526753][T25284] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 695.526771][T25284] ? rfcomm_reparent_device+0x385/0x450 [ 695.526787][T25284] ? rfcomm_reparent_device+0x5d/0x450 [ 695.526799][T25284] ? device_create_file+0xf4/0x1c0 [ 695.526819][T25284] rfcomm_dev_ioctl+0x1825/0x1d20 [ 695.526843][T25284] ? __pfx_rfcomm_dev_ioctl+0x10/0x10 [ 695.526867][T25284] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 695.526888][T25284] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 695.526915][T25284] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 695.526940][T25284] sock_do_ioctl+0xd9/0x300 [ 695.526961][T25284] ? __pfx_sock_do_ioctl+0x10/0x10 [ 695.526976][T25284] ? __lock_acquire+0xab9/0xd20 [ 695.527008][T25284] sock_ioctl+0x576/0x790 [ 695.527026][T25284] ? __pfx_sock_ioctl+0x10/0x10 [ 695.527044][T25284] ? __fget_files+0x2a/0x420 [ 695.527060][T25284] ? __fget_files+0x3a0/0x420 [ 695.527075][T25284] ? __fget_files+0x2a/0x420 [ 695.527095][T25284] ? bpf_lsm_file_ioctl+0x9/0x20 [ 695.527116][T25284] ? __pfx_sock_ioctl+0x10/0x10 [ 695.527137][T25284] __se_sys_ioctl+0xf9/0x170 [ 695.527161][T25284] do_syscall_64+0xfa/0x3b0 [ 695.527184][T25284] ? lockdep_hardirqs_on+0x9c/0x150 [ 695.527204][T25284] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.527220][T25284] ? clear_bhb_loop+0x60/0xb0 [ 695.527238][T25284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.527251][T25284] RIP: 0033:0x7f525d98ebe9 [ 695.527266][T25284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 695.527278][T25284] RSP: 002b:00007f525bbee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 695.527297][T25284] RAX: ffffffffffffffda RBX: 00007f525dbb5fa0 RCX: 00007f525d98ebe9 [ 695.527309][T25284] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004 [ 695.527320][T25284] RBP: 00007f525bbee090 R08: 0000000000000000 R09: 0000000000000000 [ 695.527331][T25284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 695.527342][T25284] R13: 00007f525dbb6038 R14: 00007f525dbb5fa0 R15: 00007ffc48b92248 [ 695.527372][T25284] [ 695.527466][T25284] Bluetooth: Failed to create address attribute [ 695.582706][T25275] lo speed is unknown, defaulting to 1000 [ 695.589338][T13385] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.770529][T25286] __nla_validate_parse: 5 callbacks suppressed [ 695.770550][T25286] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6123'. [ 695.897546][T13373] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.030221][T13373] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.053388][T13373] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.160418][T25296] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6127'. [ 696.166074][T25294] syzkaller1: entered promiscuous mode [ 696.189387][T25294] syzkaller1: entered allmulticast mode [ 696.406609][T25307] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6129'. [ 696.420231][T25302] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6128'. [ 696.574002][T25307] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.6129'. [ 696.727429][T25313] ip6gre1: entered promiscuous mode [ 696.789718][T25275] chnl_net:caif_netlink_parms(): no params data found [ 697.014936][T25321] lo speed is unknown, defaulting to 1000 [ 697.023269][T25325] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6135'. [ 697.043233][T25325] openvswitch: netlink: Key type 16368 is out of range max 32 [ 697.094761][T25330] veth3: entered promiscuous mode [ 697.197846][T25275] bridge0: port 1(bridge_slave_0) entered blocking state [ 697.205357][T25275] bridge0: port 1(bridge_slave_0) entered disabled state [ 697.216078][T25275] bridge_slave_0: entered allmulticast mode [ 697.237679][T25275] bridge_slave_0: entered promiscuous mode [ 697.253229][T25275] bridge0: port 2(bridge_slave_1) entered blocking state [ 697.270257][T25275] bridge0: port 2(bridge_slave_1) entered disabled state [ 697.284085][T25275] bridge_slave_1: entered allmulticast mode [ 697.293043][T25275] bridge_slave_1: entered promiscuous mode [ 697.298560][T25332] IPv6: Can't replace route, no match found [ 697.373558][T19741] Bluetooth: hci1: command tx timeout [ 697.414625][T25275] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 697.440700][T25275] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 697.612268][T25275] team0: Port device team_slave_0 added [ 697.635137][T25275] team0: Port device team_slave_1 added [ 697.723696][T25344] netlink: 'syz.2.6140': attribute type 10 has an invalid length. [ 697.774986][T25345] netlink: 'syz.2.6140': attribute type 10 has an invalid length. [ 697.862946][T25346] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6138'. [ 697.892697][T25275] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 697.900234][T25275] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 697.933267][T25275] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 698.089065][T25350] netlink: 'syz.2.6141': attribute type 41 has an invalid length. [ 698.114072][T25275] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 698.126242][T25275] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 698.190412][T25275] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 698.342227][T25356] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.6143'. [ 698.347436][T25275] hsr_slave_0: entered promiscuous mode [ 698.379493][T25275] hsr_slave_1: entered promiscuous mode [ 698.398743][T25275] debugfs: 'hsr0' already exists in 'hsr' [ 698.408597][T25275] Cannot create hsr debugfs directory [ 698.421935][T25359] netlink: 724 bytes leftover after parsing attributes in process `syz.2.6143'. [ 698.534117][T25358] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 698.636398][T25358] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 698.711484][T25358] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 698.892910][T25358] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 699.176048][T13373] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 699.270417][T13373] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 699.344407][ T12] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 699.400823][ T12] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 699.450449][T19741] Bluetooth: hci1: command tx timeout [ 699.784900][T25275] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 699.846066][T25275] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 699.898135][T25275] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 699.930872][T25275] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 700.120067][T25387] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6153'. [ 700.275384][T25275] 8021q: adding VLAN 0 to HW filter on device bond0 [ 700.352674][T25275] 8021q: adding VLAN 0 to HW filter on device team0 [ 700.377086][ T971] bridge0: port 1(bridge_slave_0) entered blocking state [ 700.384332][ T971] bridge0: port 1(bridge_slave_0) entered forwarding state [ 700.439398][T13373] bridge0: port 2(bridge_slave_1) entered blocking state [ 700.446710][T13373] bridge0: port 2(bridge_slave_1) entered forwarding state [ 700.946867][T25406] veth13: entered promiscuous mode [ 700.960825][T25406] bridge5: port 2(veth13) entered blocking state [ 700.980902][T25406] bridge5: port 2(veth13) entered disabled state [ 700.987588][T25406] veth13: entered allmulticast mode [ 701.015283][T25412] FAULT_INJECTION: forcing a failure. [ 701.015283][T25412] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 701.065304][T25412] CPU: 0 UID: 0 PID: 25412 Comm: syz.0.6164 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 701.065332][T25412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 701.065344][T25412] Call Trace: [ 701.065352][T25412] [ 701.065361][T25412] dump_stack_lvl+0x189/0x250 [ 701.065386][T25412] ? __pfx____ratelimit+0x10/0x10 [ 701.065412][T25412] ? __pfx_dump_stack_lvl+0x10/0x10 [ 701.065430][T25412] ? __pfx__printk+0x10/0x10 [ 701.065465][T25412] should_fail_ex+0x414/0x560 [ 701.065496][T25412] _copy_to_user+0x31/0xb0 [ 701.065523][T25412] simple_read_from_buffer+0xe1/0x170 [ 701.065555][T25412] proc_fail_nth_read+0x1b3/0x220 [ 701.065580][T25412] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 701.065604][T25412] ? rw_verify_area+0x258/0x650 [ 701.065628][T25412] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 701.065651][T25412] vfs_read+0x1fd/0x980 [ 701.065673][T25412] ? fdget_pos+0x247/0x320 [ 701.065695][T25412] ? __pfx___mutex_lock+0x10/0x10 [ 701.065720][T25412] ? __pfx_vfs_read+0x10/0x10 [ 701.065746][T25412] ? __fget_files+0x2a/0x420 [ 701.065769][T25412] ? __fget_files+0x3a0/0x420 [ 701.065785][T25412] ? __fget_files+0x2a/0x420 [ 701.065813][T25412] ksys_read+0x145/0x250 [ 701.065840][T25412] ? __pfx_ksys_read+0x10/0x10 [ 701.065869][T25412] ? do_syscall_64+0xbe/0x3b0 [ 701.065898][T25412] do_syscall_64+0xfa/0x3b0 [ 701.065921][T25412] ? lockdep_hardirqs_on+0x9c/0x150 [ 701.065944][T25412] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.065962][T25412] ? clear_bhb_loop+0x60/0xb0 [ 701.065984][T25412] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.066001][T25412] RIP: 0033:0x7f151db8d5fc [ 701.066019][T25412] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 701.066034][T25412] RSP: 002b:00007f151ea6a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 701.066055][T25412] RAX: ffffffffffffffda RBX: 00007f151ddb5fa0 RCX: 00007f151db8d5fc [ 701.066069][T25412] RDX: 000000000000000f RSI: 00007f151ea6a0a0 RDI: 0000000000000004 [ 701.066081][T25412] RBP: 00007f151ea6a090 R08: 0000000000000000 R09: 0000000000000000 [ 701.066093][T25412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 701.066104][T25412] R13: 00007f151ddb6038 R14: 00007f151ddb5fa0 R15: 00007ffebab9a968 [ 701.066136][T25412] [ 701.115701][T25417] __nla_validate_parse: 2 callbacks suppressed [ 701.115721][T25417] netlink: 172 bytes leftover after parsing attributes in process `syz.4.6165'. [ 701.531629][T19741] Bluetooth: hci1: command tx timeout [ 701.586503][T25275] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 701.622461][T25427] lo speed is unknown, defaulting to 1000 [ 701.704636][T25436] lo speed is unknown, defaulting to 1000 [ 701.923544][T25275] veth0_vlan: entered promiscuous mode [ 702.078434][T25450] netlink: 'syz.0.6171': attribute type 10 has an invalid length. [ 702.273051][T25275] veth1_vlan: entered promiscuous mode [ 702.313775][T25455] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6174'. [ 702.474739][T25275] veth0_macvtap: entered promiscuous mode [ 702.491116][T13385] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 702.541671][T25275] veth1_macvtap: entered promiscuous mode [ 702.582744][T25275] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 702.595354][T25275] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 702.612232][ T66] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 702.795733][T25471] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6178'. [ 702.853090][ T66] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 702.907661][ T66] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 702.993649][ T66] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 703.079929][T25457] lo speed is unknown, defaulting to 1000 [ 703.092752][T25474] bridge_slave_0: left allmulticast mode [ 703.102774][T25474] bridge_slave_0: left promiscuous mode [ 703.108738][T25474] bridge0: port 1(bridge_slave_0) entered disabled state [ 703.109483][T25476] netlink: 'syz.2.6181': attribute type 6 has an invalid length. [ 703.132915][T25474] bridge_slave_1: left allmulticast mode [ 703.138895][T25474] bridge_slave_1: left promiscuous mode [ 703.145535][T25474] bridge0: port 2(bridge_slave_1) entered disabled state [ 703.158372][T25474] bond0: (slave bond_slave_0): Releasing backup interface [ 703.171651][T25474] bond0: (slave bond_slave_1): Releasing backup interface [ 703.192901][T25478] netlink: 'syz.2.6181': attribute type 6 has an invalid length. [ 703.203128][T25474] team0: Port device team_slave_0 removed [ 703.244742][T25474] team0: Port device team_slave_1 removed [ 703.280928][T25474] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 703.288368][T25474] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 703.322202][T25474] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 703.329875][T25474] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 703.610298][T19741] Bluetooth: hci1: command tx timeout [ 703.752897][T13373] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 703.771710][T13373] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 703.816388][T25491] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6186'. [ 703.856616][T25491] bridge2: entered allmulticast mode [ 703.882857][T13377] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 703.897644][T13377] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 703.962217][T25495] syzkaller1: entered allmulticast mode [ 704.003155][T25497] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6187'. [ 704.147922][T25497] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6187'. [ 704.356742][T25512] FAULT_INJECTION: forcing a failure. [ 704.356742][T25512] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 704.377624][T25512] CPU: 1 UID: 0 PID: 25512 Comm: syz.0.6191 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 704.377650][T25512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 704.377661][T25512] Call Trace: [ 704.377668][T25512] [ 704.377676][T25512] dump_stack_lvl+0x189/0x250 [ 704.377697][T25512] ? __pfx____ratelimit+0x10/0x10 [ 704.377718][T25512] ? __pfx_dump_stack_lvl+0x10/0x10 [ 704.377733][T25512] ? __pfx__printk+0x10/0x10 [ 704.377751][T25512] ? __might_fault+0xb0/0x130 [ 704.377783][T25512] should_fail_ex+0x414/0x560 [ 704.377810][T25512] _copy_from_user+0x2d/0xb0 [ 704.377830][T25512] ___sys_sendmsg+0x158/0x2a0 [ 704.377850][T25512] ? __pfx____sys_sendmsg+0x10/0x10 [ 704.377898][T25512] ? __fget_files+0x2a/0x420 [ 704.377912][T25512] ? __fget_files+0x3a0/0x420 [ 704.377935][T25512] __x64_sys_sendmsg+0x19b/0x260 [ 704.377953][T25512] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 704.377978][T25512] ? __pfx_ksys_write+0x10/0x10 [ 704.377996][T25512] ? rcu_is_watching+0x15/0xb0 [ 704.378023][T25512] ? do_syscall_64+0xbe/0x3b0 [ 704.378057][T25512] do_syscall_64+0xfa/0x3b0 [ 704.378077][T25512] ? lockdep_hardirqs_on+0x9c/0x150 [ 704.378096][T25512] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 704.378111][T25512] ? clear_bhb_loop+0x60/0xb0 [ 704.378129][T25512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 704.378143][T25512] RIP: 0033:0x7f151db8ebe9 [ 704.378158][T25512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 704.378171][T25512] RSP: 002b:00007f151ea6a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 704.378189][T25512] RAX: ffffffffffffffda RBX: 00007f151ddb5fa0 RCX: 00007f151db8ebe9 [ 704.378201][T25512] RDX: 000000000000c0b0 RSI: 0000200000000280 RDI: 0000000000000003 [ 704.378210][T25512] RBP: 00007f151ea6a090 R08: 0000000000000000 R09: 0000000000000000 [ 704.378219][T25512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 704.378229][T25512] R13: 00007f151ddb6038 R14: 00007f151ddb5fa0 R15: 00007ffebab9a968 [ 704.378255][T25512] [ 705.158281][T25526] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6197'. [ 705.205981][T25527] lo speed is unknown, defaulting to 1000 [ 705.343875][T25536] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6200'. [ 705.475472][T25534] lo speed is unknown, defaulting to 1000 [ 705.964210][T25552] netlink: 60 bytes leftover after parsing attributes in process `syz.3.6205'. [ 705.983281][T25549] netlink: 180 bytes leftover after parsing attributes in process `syz.1.6202'. [ 706.126246][T25556] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6206'. [ 706.135609][T25556] openvswitch: netlink: nsh attr 0 has unexpected len 7 expected 0 [ 706.171235][T25556] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 706.206233][T25561] netlink: 'syz.0.6207': attribute type 7 has an invalid length. [ 706.397415][ T5855] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 706.414326][ T5855] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 706.430464][ T5855] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 706.450216][ T5855] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 706.467757][ T5855] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 706.739154][T25575] sctp: [Deprecated]: syz.1.6212 (pid 25575) Use of int in max_burst socket option. [ 706.739154][T25575] Use struct sctp_assoc_value instead [ 706.796769][T25572] netlink: 'syz.0.6211': attribute type 3 has an invalid length. [ 706.806873][T25572] netlink: 666 bytes leftover after parsing attributes in process `syz.0.6211'. [ 706.852603][T25563] lo speed is unknown, defaulting to 1000 [ 707.718775][T25563] chnl_net:caif_netlink_parms(): no params data found [ 707.891648][ C1] ------------[ cut here ]------------ [ 707.897643][ C1] WARNING: CPU: 1 PID: 23 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x623/0x730 [ 707.907048][ C1] Modules linked in: [ 707.911274][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 707.922873][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 707.932983][ C1] RIP: 0010:inet_sock_destruct+0x623/0x730 [ 707.938830][ C1] Code: 0f 0b 90 e9 62 fe ff ff e8 fa 08 c6 f7 90 0f 0b 90 e9 95 fe ff ff e8 ec 08 c6 f7 90 0f 0b 90 e9 bb fe ff ff e8 de 08 c6 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc [ 707.958677][ C1] RSP: 0018:ffffc900001d7868 EFLAGS: 00010246 [ 707.964802][ C1] RAX: ffffffff89f9a7d2 RBX: dffffc0000000000 RCX: ffff88801d2fda00 [ 707.972841][ C1] RDX: 0000000000000100 RSI: 0000000000000fff RDI: 0000000000000000 [ 707.980861][ C1] RBP: 0000000000000fff R08: ffff88807b58829f R09: 1ffff1100f6b1053 [ 707.984349][T25599] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 707.988853][ C1] R10: dffffc0000000000 R11: ffffed100f6b1054 R12: ffff88807b588000 [ 707.988879][ C1] R13: dffffc0000000000 R14: ffff88807b588284 R15: 1ffff1100f6b1002 [ 707.988895][ C1] FS: 0000000000000000(0000) GS:ffff888125d80000(0000) knlGS:0000000000000000 [ 707.988913][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 708.030301][ C1] CR2: 00007f151e8e56c0 CR3: 000000000df38000 CR4: 00000000003526f0 [ 708.038300][ C1] Call Trace: [ 708.041686][ C1] [ 708.044658][ C1] ? inet6_cleanup_sock+0x197/0x230 [ 708.049916][ C1] ? __pfx_inet6_sock_destruct+0x10/0x10 [ 708.055585][ C1] __sk_destruct+0x86/0x660 [ 708.060178][ C1] ? __pfx___sk_destruct+0x10/0x10 [ 708.065324][ C1] ? rcu_core+0xc34/0x1710 [ 708.069775][ C1] rcu_core+0xca8/0x1710 [ 708.074216][ C1] ? __pfx_rcu_core+0x10/0x10 [ 708.078962][ C1] ? rcu_qs+0xc4/0x170 [ 708.083095][ C1] ? __pfx_rcu_qs+0x10/0x10 [ 708.087756][ C1] ? sched_clock_cpu+0x74/0x430 [ 708.092770][ C1] ? rcu_softirq_qs+0xf2/0x350 [ 708.097652][ C1] ? __pfx_rcu_softirq_qs+0x10/0x10 [ 708.103031][ C1] handle_softirqs+0x283/0x870 [ 708.107839][ C1] ? run_ksoftirqd+0x9b/0x100 [ 708.112577][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 708.117985][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 708.123094][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 708.128167][ C1] run_ksoftirqd+0x9b/0x100 [ 708.132726][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 708.137876][ C1] smpboot_thread_fn+0x53f/0xa60 [ 708.142878][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 708.148236][ C1] kthread+0x70e/0x8a0 [ 708.152365][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 708.157951][ C1] ? __pfx_kthread+0x10/0x10 [ 708.162673][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 708.167998][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 708.173274][ C1] ? __pfx_kthread+0x10/0x10 [ 708.174707][T25608] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6222'. [ 708.177978][ C1] ret_from_fork+0x3fc/0x770 [ 708.178026][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 708.196767][ C1] ? __switch_to_asm+0x39/0x70 [ 708.199449][T25608] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6222'. [ 708.201712][ C1] ? __switch_to_asm+0x33/0x70 [ 708.201748][ C1] ? __pfx_kthread+0x10/0x10 [ 708.201772][ C1] ret_from_fork_asm+0x1a/0x30 [ 708.201812][ C1] [ 708.201843][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 708.201859][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 708.201885][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 708.201899][ C1] Call Trace: [ 708.201909][ C1] [ 708.201918][ C1] dump_stack_lvl+0x99/0x250 [ 708.201938][ C1] ? __asan_memcpy+0x40/0x70 [ 708.201963][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 708.201985][ C1] ? __pfx__printk+0x10/0x10 [ 708.202019][ C1] panic+0x2db/0x790 [ 708.202047][ C1] ? __pfx_panic+0x10/0x10 [ 708.202066][ C1] ? show_trace_log_lvl+0x4fb/0x550 [ 708.202110][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 708.202139][ C1] __warn+0x31b/0x4b0 [ 708.202158][ C1] ? inet_sock_destruct+0x623/0x730 [ 708.202186][ C1] ? inet_sock_destruct+0x623/0x730 [ 708.202209][ C1] report_bug+0x2be/0x4f0 [ 708.202235][ C1] ? inet_sock_destruct+0x623/0x730 [ 708.202260][ C1] ? inet_sock_destruct+0x623/0x730 [ 708.202283][ C1] ? inet_sock_destruct+0x625/0x730 [ 708.202306][ C1] handle_bug+0x84/0x160 [ 708.202327][ C1] exc_invalid_op+0x1a/0x50 [ 708.202348][ C1] asm_exc_invalid_op+0x1a/0x20 [ 708.202368][ C1] RIP: 0010:inet_sock_destruct+0x623/0x730 [ 708.202392][ C1] Code: 0f 0b 90 e9 62 fe ff ff e8 fa 08 c6 f7 90 0f 0b 90 e9 95 fe ff ff e8 ec 08 c6 f7 90 0f 0b 90 e9 bb fe ff ff e8 de 08 c6 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc [ 708.202411][ C1] RSP: 0018:ffffc900001d7868 EFLAGS: 00010246 [ 708.202430][ C1] RAX: ffffffff89f9a7d2 RBX: dffffc0000000000 RCX: ffff88801d2fda00 [ 708.202447][ C1] RDX: 0000000000000100 RSI: 0000000000000fff RDI: 0000000000000000 [ 708.202460][ C1] RBP: 0000000000000fff R08: ffff88807b58829f R09: 1ffff1100f6b1053 [ 708.202476][ C1] R10: dffffc0000000000 R11: ffffed100f6b1054 R12: ffff88807b588000 [ 708.202491][ C1] R13: dffffc0000000000 R14: ffff88807b588284 R15: 1ffff1100f6b1002 [ 708.202516][ C1] ? inet_sock_destruct+0x622/0x730 [ 708.202547][ C1] ? inet_sock_destruct+0x622/0x730 [ 708.202571][ C1] ? inet6_cleanup_sock+0x197/0x230 [ 708.202591][ C1] ? __pfx_inet6_sock_destruct+0x10/0x10 [ 708.202612][ C1] __sk_destruct+0x86/0x660 [ 708.202634][ C1] ? __pfx___sk_destruct+0x10/0x10 [ 708.202653][ C1] ? rcu_core+0xc34/0x1710 [ 708.202682][ C1] rcu_core+0xca8/0x1710 [ 708.202739][ C1] ? __pfx_rcu_core+0x10/0x10 [ 708.202771][ C1] ? rcu_qs+0xc4/0x170 [ 708.202798][ C1] ? __pfx_rcu_qs+0x10/0x10 [ 708.202824][ C1] ? sched_clock_cpu+0x74/0x430 [ 708.202864][ C1] ? rcu_softirq_qs+0xf2/0x350 [ 708.202891][ C1] ? __pfx_rcu_softirq_qs+0x10/0x10 [ 708.202931][ C1] handle_softirqs+0x283/0x870 [ 708.202965][ C1] ? run_ksoftirqd+0x9b/0x100 [ 708.202992][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 708.203024][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 708.203057][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 708.203085][ C1] run_ksoftirqd+0x9b/0x100 [ 708.203106][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 708.203134][ C1] smpboot_thread_fn+0x53f/0xa60 [ 708.203166][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 708.203204][ C1] kthread+0x70e/0x8a0 [ 708.203230][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 708.203259][ C1] ? __pfx_kthread+0x10/0x10 [ 708.203284][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 708.203310][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 708.203335][ C1] ? __pfx_kthread+0x10/0x10 [ 708.203359][ C1] ret_from_fork+0x3fc/0x770 [ 708.203392][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 708.203427][ C1] ? __switch_to_asm+0x39/0x70 [ 708.203449][ C1] ? __switch_to_asm+0x33/0x70 [ 708.203470][ C1] ? __pfx_kthread+0x10/0x10 [ 708.203494][ C1] ret_from_fork_asm+0x1a/0x30 [ 708.203534][ C1] [ 708.211332][ C1] Kernel Offset: disabled