last executing test programs: 5.446797503s ago: executing program 0 (id=658): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x8, 0x2, 0x4, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r3, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r5}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r2, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0) 5.387704641s ago: executing program 2 (id=660): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="09000000810000000300000000ff000052"], 0x50) 5.135668337s ago: executing program 0 (id=662): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000200), 0x3, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000080)='task_rename\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r2}, &(0x7f00000004c0), &(0x7f0000000540)=r1}, 0x20) 4.924693904s ago: executing program 0 (id=664): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015000000d9fece23b82000000000", @ANYRES32=r2, @ANYBLOB="000080000000000018003480050035"], 0x38}, 0x1, 0x300}, 0x0) 4.848029117s ago: executing program 1 (id=665): r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x1, 0x6, @multicast}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000002900)={0x300, 0x27, 0x3e3ef502011b72f7, 0x70bd2c, 0x25dfdbfe, "", [@typed={0x14, 0xa, 0x0, 0x0, @ipv6=@remote}, @typed={0xc, 0x48, 0x0, 0x0, @u64=0x3}, @generic="db2cf03c3477fc360adda65851661c6c6179d7d80e5b2111f00383297fbd207644c879fe6d6fa146945e313affab474d387609da1b2fe8e9a9578e08329a19bc84d2ec1dcb73aa9b8913c2301c95b2f20342c7602fbb8321dcef25434e48926cec0823162a50286432c4c95e25706b60ab2f2a5cace38ba8f64efcd48966df2c501729617d058bfba4f7e02f818554f11a2879f68d128b13b0ec49f956abc9d6", @generic="e066b4efd76552b667d524d09a827b9508dba1838ccdc2e8d1d3a44d70b87fe8f391ed273df8b500876e873cbeeffe0f7b07df05b4795eca0a0701616122bee9dce28ba1a2bff2a1bdf221deae4cede939d09631ef74f551e3e4a1654ed40091c1d1378fe8bd54a61dd4590be2ff5be2a7775b20939a816a23f455", @typed={0x8, 0xbd, 0x0, 0x0, @fd}, @generic="55fb07b598de38975a7dd60b95db5a56267d3c7646ef225f1d77a6d00b79766f3b138ca964d5945f0ef0f1506755a3372e578b2b9db8ba1d68cbfae945ec9e87756ec4de492a0cc66e92e563fbd031fe500949f14ffbb47e2a8e83e10f07c990368f08232185e8c033961dd6945028b3a31f7916ac645ea909facf4eb098285ba809e1ced96acbff5c96f39db3afc64132f31fd3f68f431165d389b45f49", @nested={0x10c, 0xc6, 0x0, 0x1, [@nested={0xc, 0x75, 0x0, 0x1, [@nested={0x4, 0x63}, @nested={0x4, 0xe3}]}, @nested={0xf9, 0x19, 0x0, 0x1, [@nested={0x89, 0x44, 0x0, 0x1, [@generic="27048b195c99a2b2e1fa83f43e743b98c1a396613271421184930184514b7fe265ff3a7fa1030c90762305f001c216845b23f4216b3037546d773458457a8a95df6507565f7908ce29889c600cf3e9e5dd", @typed={0x8, 0xc2, 0x0, 0x0, @uid}, @nested={0x2c, 0x10, 0x0, 0x1, [@typed={0x25, 0x13d, 0x0, 0x0, @binary="101e9849c24e79be6595691d41e2375c16ad24f1e59e3cbc7b9beeed8426b5d1ba"}]}]}, @typed={0x14, 0xb2, 0x0, 0x0, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}, @typed={0x14, 0x106, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @nested={0x4, 0xe7}, @generic="a77a6f55a9a413e38cb0922b4ab7e618164b6704c9dddcd1ca69ec9749a2ce720f99a72e643af8dacc0d6b4f2369020d14cc3de0c34bb8cb525accc41f"]}]}]}, 0x300}], 0x1, 0x0, 0x0, 0x20000001}, 0x20040051) 4.676966557s ago: executing program 1 (id=666): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) bpf$ENABLE_STATS(0x20, 0x0, 0x0) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x48, 0x40, 0x42, 0x12}, {0x6, 0x4, 0x4, 0x1000004}]}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x8, 0x60000000}, 0x1e) 4.607495725s ago: executing program 4 (id=667): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0) close(r1) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) recvmmsg(r4, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000640)=""/216, 0xd8}, {&(0x7f0000003080)=""/4096, 0x1000}], 0x2}, 0x3}], 0x1, 0x0, 0x0) 4.408152534s ago: executing program 2 (id=668): r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}], 0x1, 0x4004804) 4.385489212s ago: executing program 2 (id=669): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r1}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x1d, &(0x7f00000001c0), 0x4) 4.250891856s ago: executing program 2 (id=670): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400}) 4.048056238s ago: executing program 1 (id=671): r0 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=""/174, 0xae}, 0x40000100) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000180)=0x80000001, 0x4) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000140)=0x6, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x32, &(0x7f0000000600)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@rr={0x7, 0x3, 0xe5}]}}, {0x1, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) 3.920288932s ago: executing program 1 (id=672): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000600)=0xdfc, 0x10) sendmmsg$inet(r0, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000380)="cebdd21fe03e57c125bd9c3965b579407c9962373117b122c45bf84c98a973ecb6b9ad663b6a07bdfb5c17a5a2cd48dc09da2f20c69872e6399874332704872ec2a432d22928522671038af0783ef06a2f8ef5bf4c1852cc25f1ab39b7c146d2cb25084504d5606202f98d0b03dc", 0x6e}, {&(0x7f0000000040)="dcf6c7a8594cbefed4f7b6af317a47ee47be6e2d4a61e5cc0a2a79081670698a39", 0x21}, {&(0x7f0000000580)="43b6624bcf70a4c826371a24e33c4d2bae5d7babbfb1ba2c6ecf970f9def87320ccb4fbbb31e12d8fd21d656ef864f17c24210eac6248dd40efb9b0ac8da179915840a5c9d2f213d47a7367669a3870626413286b92bd7b51f2b4f99eec1b6ff81751fb805f86ea434a7531f3c9878bdc2cadebaba4621", 0x77}, {&(0x7f00000002c0)="518d090c62a0a9a11ff26593bd52165b011c0e9f6c2c05550d880894aea3fd3718de3675e1f30ffff0ff511d8b6a90c94d442c509c6a01f65cad16374ea2e62749579d", 0x43}, {&(0x7f00000001c0)="9f189b8d5e6ee068cce816de05698d4fe01cdb8e875eefe3db5e153722b1745423f726b35f80b980f8a7e6cab9983bc947924f6d30813d0899d80c2cb6a3cb80a16f14c194157b98c823780ea180f5f304f5694e0b90569c14c118c5896396f9c79d867b5026d66ae9eda462f1233702f941cf239ec1bfe8c9ca3c5faa4c0efa368def9717a2da7e0cde5146db635972858964020d656353a476e01071bc9367c8ab8ee6b5ff6cd25be88a2326b81df502c8b117250afb4a1b9f205eac48359e3c4323ff3e32f2be7c235dfb3613995f704263f6085512d9e267d49f43cb", 0xde}, {&(0x7f00000008c0)="aa27de4a8cfe6fc7fd36ac634de0b7dce04f6ce3e3d452f1c75502b2cbb29fa999d2a372e83819556e792a18e17c128a1ee3a593fbac892cbb42575f483fe523c9abe644830816977ccba1f493bdfa33d63b1dbfd5dde8b03dfa6162f0849ad9823f4e302f12d77cefff93dae1d25662ce8cfe9cdf57a066565ea4a78f8b0e0379110f8d424740bb27839ccc87e687adf0d23ac64ce9c971e0d3eec711e7d49d051cb97526f79fe31b00421399b4101c763b33224a71d2e0b64c02374fc4f0ebc5fdb156e3b8716cba396ad951a983a24404dddcc37b8b5d32e138185df4c6326f8e9c5e4e5c2088c513b2", 0xeb}, {&(0x7f00000009c0)="d650774632b71a34a88292fcf26ad63f611e11baa9b64a99773dd6fbfe12178987d7b005129705e9d23da9376d714ea8cadc0d1b4f2d7fc2e73242b432015e5e298fd6e2161beacaa75ecb41f6aa8cca9a50239a518873cc1eef5ffcc67226fd8e2386d070a8fadf0e4573f3141917bf0fed3e6d0ba5e600840121a0df8deb37ca310ee1d23869f142d3ac1eda8027bd68f94969e492b24718ba715958516ef3b07f7d52465d66f705e80f816ac9a0a3ab08e8a6f1fa6fae5c12fe1526de3f51f545d49892b6fa2042a163e76a", 0xcd}], 0x7}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000f00)='2', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000400)="1a51", 0x2}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x4, 0x40) 3.77366069s ago: executing program 1 (id=673): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffbfff, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0) close(r3) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) recvmmsg(r6, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000640)=""/216, 0xd8}, {&(0x7f0000003080)=""/4096, 0x1000}], 0x2}, 0x3}], 0x1, 0x0, 0x0) 1.891657165s ago: executing program 0 (id=674): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0x2, 0xb}, {0xd, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0xda5afc934797b5dd}, @TCA_TBF_PARMS={0x28, 0x1, {{0x6, 0x0, 0x3, 0x3, 0x2c13, 0xffffffff}, {0x3, 0x1, 0x2bfe, 0x1, 0x4, 0xf62}, 0xaa, 0x9, 0x893}}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.839321415s ago: executing program 3 (id=675): r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) sendmsg$sock(r0, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x400c8c1) 1.78421404s ago: executing program 3 (id=676): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x5, 0x5, 0x9fd, 0x85, 0x41}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f00000002c0)="cc8eb82131da217a4361ebb4d54d27f26f7e57aca1ae4f1da2eb218fbd6f7318285392324732d6fc3d150b2ac806b72c447a", 0x800, r0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r0}, 0x38) 1.551975486s ago: executing program 3 (id=677): write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x280) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000003c0)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 1.405323477s ago: executing program 3 (id=678): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x87}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}]}]}, 0x5c}}, 0x0) 1.241023588s ago: executing program 4 (id=679): r0 = socket$vsock_stream(0x28, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) connect$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r2}, 0x18) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112) 1.191934122s ago: executing program 2 (id=680): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r1, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) r3 = accept(r1, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="120000000400000004000000a4"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r4, &(0x7f0000000300)="0535ac0ca4c2231bb8a33ebe99341470a7ad06", 0x0}, 0x20) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$unix(0x1, 0x5, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) pselect6(0x40, &(0x7f00000001c0)={0x4, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) shutdown(r3, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a10010000000a010100000000000000000a0000020c00044000000000000000025a000600d047635d8fb64a0a08048a9b9bf59a4628e6346cea44f671714d5c6d2db0d1c2595cbc3ef78bb17d2cb3d608311f1677e197e76919f140e0e167e8c172e8afd61652b338c0cc0de6c78c13ba3bb9ad94fd4145421b1a00001b00060085bf76678f42520b65fe37185ac3890e6b3de745d7512b0055000600d3aed79ae2fb63f71156e65d923cb2f154b205c40e32bbc88abfe3d12f53d982b64618cfa304cae52536a4bdd80cca41389e3eb5f94e5a3f11991d3d69b33a4c4f038d7b48965ce8fe070b29a9207412e200000008000240000000010c00044000000000000000030900010073797a3000000000140000001100010000000000000000000100000a"], 0x138}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000a40), 0xffffffffffffffff) sendmsg$IEEE802154_DISASSOCIATE_REQ(r5, &(0x7f0000000b00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x24, r6, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@IEEE802154_ATTR_REASON={0x5, 0x12, 0x7f}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0xc}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x804) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008810) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f0000000440)={&(0x7f0000000100)=@l2tp6={0xa, 0x0, 0x2, @remote, 0x0, 0xfffffffd}, 0x80, &(0x7f0000000680)=[{0x0}, {&(0x7f0000000900)="000000006149d561e3501a8cc7faaccf80cd499dcf0ea5d9bc6d44bdf4e7566dba7a4e2e67198bba3affff49e1c64ead0b09502fe11ceb1de84fa581a32a205c568e3b22292e13c4dd1fb8dfc589babdd3f1c4687033de0590c589d136115f36e21520e0f50b944930a8f984fd2cb4c46ad6c0e694c49e596c34736ee32c7a9e0ab7a98522a7021e7b4ee5ab9daf1eb12840cda2b92d4331ec35458b62bca2520646086df900c60d0e06a92d92219927993ba8bb59b4a0295d000000000000000000", 0xc2}], 0x2, 0x0, 0x0, 0x900}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r10 = syz_init_net_socket$llc(0x1a, 0x802, 0x0) bind$llc(r10, &(0x7f0000000000)={0x1a, 0x0, 0x1, 0x0, 0x3, 0x4a}, 0x10) close(r10) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="7812fe042d91e235dad25713d8365780d81971c2802a8775a6f66562df37d8ccfc95560ac9e0bf9ad44afcf3d61520ac05a6c412cfece5ce491fb8156e", @ANYRES32=r7], 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000c40)=ANY=[@ANYBLOB="9feb0100180000000000000030000000300000000400000002000000000000110300000001000000000000000100000d000000000000000000000000020000000000000c02000000000061"], 0x0, 0x4c, 0x0, 0x1}, 0x28) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r11}, &(0x7f00000000c0), &(0x7f0000000200)=r9}, 0x20) 1.127012422s ago: executing program 3 (id=681): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x2a, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r0, 0x40047451, &(0x7f0000000180)) 1.034615204s ago: executing program 1 (id=682): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'wg1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r2, {0x0, 0x9}, {0xfff3}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x88d0}, 0x0) 903.75643ms ago: executing program 4 (id=683): bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x10, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0x4000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @generic={0x66, 0x8, 0x0, 0x0, 0xff000000}, @initr0={0x18, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x200}, @exit, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}, {0x85, 0x0, 0x0, 0xb4}}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r1 = socket$alg(0x26, 0x5, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x24}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xcc}}, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 608.255512ms ago: executing program 4 (id=684): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, 0x0, 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg=0x7}, 0x94) close(r0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x50, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11, 0x1, 0x0, 0x1}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x100}, 0x0) 590.989628ms ago: executing program 3 (id=685): socket(0x10, 0x3, 0x0) socket$igmp(0x2, 0x3, 0x2) r0 = socket(0x2, 0x2, 0x0) syz_emit_ethernet(0x66, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x10, &(0x7f0000000a00)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@call={0x85, 0x0, 0x0, 0xd0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) socket(0xb, 0xa, 0x100) sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@ipv6_newrule={0x38, 0x20, 0x1, 0x0, 0xc, {0xa, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x10017}, [@FIB_RULE_POLICY=@FRA_SUPPRESS_IFGROUP={0x8, 0xd, 0x3}, @FRA_DST={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x38}}, 0x4040020) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x5c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2}]}}}]}, 0x5c}}, 0x0) accept$netrom(0xffffffffffffffff, &(0x7f0000000140)={{0x3, @null}, [@remote, @rose, @netrom, @bcast, @bcast, @netrom, @default, @bcast]}, &(0x7f0000000040)=0x48) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r4, &(0x7f00000000c0)={0x1d, r5}, 0x18) connect$can_j1939(r4, &(0x7f0000000140)={0x1d, r5, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) sendmmsg(r4, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0xc, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@timestamp_prespec={0x44, 0x1c, 0xe, 0x3, 0x6, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x800}, {@dev={0xac, 0x14, 0x14, 0x24}, 0x7}, {@multicast2, 0x2}]}]}}, {{0x4e22, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}, 0x0) readv(0xffffffffffffffff, &(0x7f0000000040), 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r8) 439.431667ms ago: executing program 0 (id=686): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x2f21, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @multicast1}}}}) 368.456348ms ago: executing program 4 (id=687): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x4000004}, [@call={0x85, 0x0, 0x0, 0xae}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='veno\x00', 0x5) sendto$inet(r0, &(0x7f0000000800)="0181", 0x2, 0x4004014, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000005400e501000000000000000007000000", @ANYRES32, @ANYBLOB="20000100", @ANYRES32, @ANYBLOB="00ff33ab6475227b000000fe8000000209000003a7710000"], 0x38}, 0x1, 0x0, 0x0, 0x1080}, 0x0) 95.139877ms ago: executing program 4 (id=688): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 66.482423ms ago: executing program 2 (id=689): socket$inet6(0xa, 0x1, 0x8010000000000084) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b70300000000002085"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000), 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000040)={0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x1, 0x6a, &(0x7f0000000340)=ANY=[@ANYRESOCT=r0], 0x0, 0xf7fffffe, 0x0, 0x0, 0x0, 0xe}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r4 = socket$alg(0x26, 0x5, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x24}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xcc}}, 0x0) bind$alg(r4, 0x0, 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r5 = accept4(r4, 0x0, 0x0, 0x800) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 0s ago: executing program 0 (id=690): socket$alg(0x26, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x2, 0x84) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2, 0x3032, 0xffffffffffffffff, 0xc51e000) socket$inet_sctp(0x2, 0x5, 0x84) connect$unix(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r2 = socket$kcm(0xf, 0x3, 0x2) sendmsg$inet(r2, 0x0, 0x400c010) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x28, r4, 0x1, 0x70bd2c, 0x900, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}]}]}, 0x28}, 0x1, 0xff07}, 0x2000000) (fail_nth: 7) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.189' (ED25519) to the list of known hosts. [ 81.553529][ T5826] cgroup: Unknown subsys name 'net' [ 81.726770][ T5826] cgroup: Unknown subsys name 'cpuset' [ 81.736326][ T5826] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.236914][ T5826] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.762985][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.772701][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.781213][ T5846] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.787379][ T5853] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.788990][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.802494][ T5853] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.803824][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.818432][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.822105][ T5853] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.827731][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.842271][ T5853] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.843178][ T5846] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.858689][ T5853] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.860338][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.874163][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.878296][ T5855] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.881830][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.892897][ T5855] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.900353][ T5159] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.913500][ T5159] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.925017][ T5159] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.932708][ T5855] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.962414][ T5159] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.972028][ T5159] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.987010][ T5159] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.577880][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 86.759844][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 86.824131][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 86.899988][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 86.915475][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.924009][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.932934][ T5845] bridge_slave_0: entered allmulticast mode [ 86.940946][ T5845] bridge_slave_0: entered promiscuous mode [ 87.004916][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.012351][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.019768][ T5845] bridge_slave_1: entered allmulticast mode [ 87.031952][ T5845] bridge_slave_1: entered promiscuous mode [ 87.182387][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.211036][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 87.262835][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.336476][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.344348][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.352746][ T5836] bridge_slave_0: entered allmulticast mode [ 87.360109][ T5836] bridge_slave_0: entered promiscuous mode [ 87.368935][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.376702][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.385548][ T5836] bridge_slave_1: entered allmulticast mode [ 87.393600][ T5836] bridge_slave_1: entered promiscuous mode [ 87.415082][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.423248][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.431422][ T5838] bridge_slave_0: entered allmulticast mode [ 87.439708][ T5838] bridge_slave_0: entered promiscuous mode [ 87.519130][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.526942][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.534734][ T5838] bridge_slave_1: entered allmulticast mode [ 87.542834][ T5838] bridge_slave_1: entered promiscuous mode [ 87.553037][ T5845] team0: Port device team_slave_0 added [ 87.580537][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.588857][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.597094][ T5848] bridge_slave_0: entered allmulticast mode [ 87.605699][ T5848] bridge_slave_0: entered promiscuous mode [ 87.629318][ T5845] team0: Port device team_slave_1 added [ 87.656915][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.674383][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.682192][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.689898][ T5848] bridge_slave_1: entered allmulticast mode [ 87.697616][ T5848] bridge_slave_1: entered promiscuous mode [ 87.730476][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.738127][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.766516][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.785065][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.824145][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.836012][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.843115][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.872764][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.911064][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.924792][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.936736][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.992376][ T5849] Bluetooth: hci3: command tx timeout [ 87.992591][ T5159] Bluetooth: hci1: command tx timeout [ 88.006050][ T5842] Bluetooth: hci0: command tx timeout [ 88.072482][ T5159] Bluetooth: hci4: command tx timeout [ 88.075294][ T5842] Bluetooth: hci2: command tx timeout [ 88.102875][ T5838] team0: Port device team_slave_0 added [ 88.116202][ T5845] hsr_slave_0: entered promiscuous mode [ 88.123045][ T5845] hsr_slave_1: entered promiscuous mode [ 88.132538][ T5836] team0: Port device team_slave_0 added [ 88.138815][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.146447][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.154876][ T5840] bridge_slave_0: entered allmulticast mode [ 88.163439][ T5840] bridge_slave_0: entered promiscuous mode [ 88.173851][ T5848] team0: Port device team_slave_0 added [ 88.182756][ T5838] team0: Port device team_slave_1 added [ 88.205914][ T5836] team0: Port device team_slave_1 added [ 88.212569][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.219748][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.228713][ T5840] bridge_slave_1: entered allmulticast mode [ 88.236680][ T5840] bridge_slave_1: entered promiscuous mode [ 88.258236][ T5848] team0: Port device team_slave_1 added [ 88.353798][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.361208][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.390069][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.403429][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.412649][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.442275][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.456604][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.493197][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.500433][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.528062][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.540316][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.549650][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.577888][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.597417][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.608655][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.616357][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.645305][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.709857][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.717185][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.745611][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.815780][ T5840] team0: Port device team_slave_0 added [ 88.868519][ T5836] hsr_slave_0: entered promiscuous mode [ 88.875291][ T5836] hsr_slave_1: entered promiscuous mode [ 88.883202][ T5836] debugfs: 'hsr0' already exists in 'hsr' [ 88.889391][ T5836] Cannot create hsr debugfs directory [ 88.909712][ T5840] team0: Port device team_slave_1 added [ 88.947920][ T5848] hsr_slave_0: entered promiscuous mode [ 88.956001][ T5848] hsr_slave_1: entered promiscuous mode [ 88.962670][ T5848] debugfs: 'hsr0' already exists in 'hsr' [ 88.969397][ T5848] Cannot create hsr debugfs directory [ 89.042599][ T5838] hsr_slave_0: entered promiscuous mode [ 89.049608][ T5838] hsr_slave_1: entered promiscuous mode [ 89.056292][ T5838] debugfs: 'hsr0' already exists in 'hsr' [ 89.062724][ T5838] Cannot create hsr debugfs directory [ 89.069320][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.076633][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.127097][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.196014][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.203839][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.231628][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.488207][ T5840] hsr_slave_0: entered promiscuous mode [ 89.495411][ T5840] hsr_slave_1: entered promiscuous mode [ 89.502824][ T5840] debugfs: 'hsr0' already exists in 'hsr' [ 89.508952][ T5840] Cannot create hsr debugfs directory [ 89.646670][ T5845] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.690974][ T5845] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.743779][ T5845] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.759774][ T5845] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.883915][ T5836] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.920579][ T5836] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.948884][ T5836] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.984178][ T5836] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 90.072289][ T5842] Bluetooth: hci1: command tx timeout [ 90.072965][ T5849] Bluetooth: hci3: command tx timeout [ 90.095291][ T5159] Bluetooth: hci0: command tx timeout [ 90.109527][ T5848] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 90.152408][ T5159] Bluetooth: hci4: command tx timeout [ 90.155113][ T5848] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 90.158212][ T5159] Bluetooth: hci2: command tx timeout [ 90.175192][ T5848] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 90.203615][ T5848] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 90.269705][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.281142][ T5838] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 90.304270][ T5838] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 90.346434][ T5838] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 90.356959][ T5838] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 90.385985][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.428570][ T3487] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.436030][ T3487] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.485360][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.492753][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.505608][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 90.528826][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 90.539703][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 90.553004][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 90.613322][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.710117][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.765993][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.773407][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.784683][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.792243][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.839309][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.896632][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.938661][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.979406][ T5836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 91.007617][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.020963][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.028361][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.038383][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.046333][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.096244][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.104583][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.119945][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.127554][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.188417][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.210724][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.279335][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.328497][ T3487] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.336067][ T3487] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.347333][ T3487] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.354909][ T3487] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.461709][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.567158][ T5845] veth0_vlan: entered promiscuous mode [ 91.618061][ T5845] veth1_vlan: entered promiscuous mode [ 91.739113][ T5836] veth0_vlan: entered promiscuous mode [ 91.783339][ T5845] veth0_macvtap: entered promiscuous mode [ 91.818237][ T5836] veth1_vlan: entered promiscuous mode [ 91.865616][ T5845] veth1_macvtap: entered promiscuous mode [ 91.935991][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.958624][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.995008][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.011198][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.053719][ T1031] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.068385][ T1031] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.089461][ T9] cfg80211: failed to load regulatory.db [ 92.120264][ T1031] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.142840][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.151959][ T5159] Bluetooth: hci0: command tx timeout [ 92.152179][ T5849] Bluetooth: hci3: command tx timeout [ 92.163084][ T5159] Bluetooth: hci1: command tx timeout [ 92.172086][ T3487] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.197679][ T5836] veth0_macvtap: entered promiscuous mode [ 92.233236][ T5849] Bluetooth: hci2: command tx timeout [ 92.233247][ T5159] Bluetooth: hci4: command tx timeout [ 92.263327][ T5836] veth1_macvtap: entered promiscuous mode [ 92.336027][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.349367][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.394091][ T3453] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.408176][ T3453] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.424818][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.456281][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.498598][ T3487] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.525723][ T5845] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 92.543605][ T3487] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.588761][ T5848] veth0_vlan: entered promiscuous mode [ 92.608847][ T3487] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.625137][ T3487] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.636485][ T5840] veth0_vlan: entered promiscuous mode [ 92.670354][ T5848] veth1_vlan: entered promiscuous mode [ 92.707657][ T5840] veth1_vlan: entered promiscuous mode [ 92.874467][ T5848] veth0_macvtap: entered promiscuous mode [ 92.897696][ T5840] veth0_macvtap: entered promiscuous mode [ 92.910675][ T5838] veth0_vlan: entered promiscuous mode [ 92.934666][ T5848] veth1_macvtap: entered promiscuous mode [ 92.944180][ T3453] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.956266][ T5840] veth1_macvtap: entered promiscuous mode [ 92.973434][ T3453] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.026743][ T5838] veth1_vlan: entered promiscuous mode [ 93.070869][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.095518][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.106398][ T3453] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.118401][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.128268][ T3453] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.150015][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.179527][ T3487] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.249697][ T3487] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.281094][ T3487] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.305866][ T3487] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.334441][ T5838] veth0_macvtap: entered promiscuous mode [ 93.358954][ T3487] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.374610][ T3487] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.400056][ T49] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.413414][ T49] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.475732][ T5966] netlink: 'syz.0.6': attribute type 10 has an invalid length. [ 93.508068][ T5838] veth1_macvtap: entered promiscuous mode [ 93.628501][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.701314][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.770089][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.787616][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.807652][ T49] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.835531][ T49] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.890281][ T49] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.902861][ T49] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.950135][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.967095][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.075969][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.093339][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.160627][ T3487] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.190608][ T3487] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.233528][ T5849] Bluetooth: hci3: command tx timeout [ 94.233553][ T5159] Bluetooth: hci1: command tx timeout [ 94.233588][ T5159] Bluetooth: hci0: command tx timeout [ 94.278858][ T5979] nbd0: detected capacity change from 0 to 127 [ 94.313284][ T5842] Bluetooth: hci4: command tx timeout [ 94.319097][ T5842] Bluetooth: hci2: command tx timeout [ 94.325792][ T1031] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.346277][ T5159] block nbd0: Receive control failed (result -32) [ 94.360440][ T5893] block nbd0: Dead connection, failed to find a fallback [ 94.373498][ T5985] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 94.388708][ T5893] block nbd0: shutting down sockets [ 94.393710][ T1031] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.417194][ T5893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.469313][ T5893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 94.492636][ T5893] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.532326][ T5985] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 94.535003][ T5893] Buffer I/O error on dev nbd0, logical block 1, async page read [ 94.577056][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.613449][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.628392][ T5893] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.653703][ T5985] warning: `syz.2.3' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 94.674387][ T5893] Buffer I/O error on dev nbd0, logical block 2, async page read [ 94.700205][ T5893] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.729680][ T5998] netlink: 8 bytes leftover after parsing attributes in process `syz.3.14'. [ 94.730553][ T5893] Buffer I/O error on dev nbd0, logical block 3, async page read [ 94.757092][ T5893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.769903][ T5994] vxcan1: entered allmulticast mode [ 94.781263][ T5893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 94.802592][ T5893] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.812523][ T5893] Buffer I/O error on dev nbd0, logical block 1, async page read [ 94.837172][ T5997] netlink: 'syz.0.15': attribute type 1 has an invalid length. [ 94.870780][ T5893] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.913391][ T5988] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 94.925231][ T5893] Buffer I/O error on dev nbd0, logical block 2, async page read [ 94.958548][ T5893] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.997083][ T5988] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 95.011778][ T5893] Buffer I/O error on dev nbd0, logical block 3, async page read [ 95.029603][ T5893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 95.061839][ T5893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 95.081346][ T5893] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 95.102298][ T5893] Buffer I/O error on dev nbd0, logical block 1, async page read [ 95.116202][ T5893] ldm_validate_partition_table(): Disk read failed. [ 95.147999][ T5893] Dev nbd0: unable to read RDB block 0 [ 95.177057][ T5893] nbd0: unable to read partition table [ 95.250264][ T6005] gretap1: entered promiscuous mode [ 95.260435][ T5893] ldm_validate_partition_table(): Disk read failed. [ 95.279794][ T5893] Dev nbd0: unable to read RDB block 0 [ 95.314519][ T5893] nbd0: unable to read partition table [ 95.543648][ T6018] netlink: 20 bytes leftover after parsing attributes in process `syz.0.18'. [ 95.573697][ T6022] netlink: 44 bytes leftover after parsing attributes in process `syz.4.19'. [ 95.583871][ T6022] netlink: 43 bytes leftover after parsing attributes in process `syz.4.19'. [ 95.601820][ T6022] netlink: 'syz.4.19': attribute type 5 has an invalid length. [ 95.648522][ T6022] netlink: 43 bytes leftover after parsing attributes in process `syz.4.19'. [ 95.677533][ T6029] syz.0.18 uses obsolete (PF_INET,SOCK_PACKET) [ 95.727132][ T6029] FAULT_INJECTION: forcing a failure. [ 95.727132][ T6029] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 95.838340][ T6032] netlink: 192 bytes leftover after parsing attributes in process `syz.4.19'. [ 95.841641][ T6029] CPU: 0 UID: 0 PID: 6029 Comm: syz.0.18 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 95.841667][ T6029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 95.841683][ T6029] Call Trace: [ 95.841691][ T6029] [ 95.841703][ T6029] dump_stack_lvl+0x189/0x250 [ 95.841733][ T6029] ? __pfx____ratelimit+0x10/0x10 [ 95.841756][ T6029] ? __pfx_dump_stack_lvl+0x10/0x10 [ 95.841773][ T6029] ? __pfx__printk+0x10/0x10 [ 95.841794][ T6029] ? __might_fault+0xb0/0x130 [ 95.841834][ T6029] should_fail_ex+0x414/0x560 [ 95.841864][ T6029] _copy_from_iter+0x1db/0x16f0 [ 95.841896][ T6029] ? __pfx__copy_from_iter+0x10/0x10 [ 95.841913][ T6029] ? sock_alloc_send_pskb+0x875/0x990 [ 95.841939][ T6029] ? __pfx__copy_from_iter+0x10/0x10 [ 95.841961][ T6029] ? page_copy_sane+0x4e/0x280 [ 95.841982][ T6029] copy_page_from_iter+0xdd/0x170 [ 95.842007][ T6029] skb_copy_datagram_from_iter+0x306/0x720 [ 95.842038][ T6029] tun_get_user+0x1691/0x3e20 [ 95.842078][ T6029] ? __pfx_tun_get_user+0x10/0x10 [ 95.842099][ T6029] ? aa_file_perm+0x40c/0xe70 [ 95.842124][ T6029] ? aa_file_perm+0x122/0xe70 [ 95.842153][ T6029] ? ref_tracker_alloc+0x318/0x460 [ 95.842168][ T6029] ? __lock_acquire+0xab9/0xd20 [ 95.842192][ T6029] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 95.842215][ T6029] ? tun_get+0x1c/0x2f0 [ 95.842237][ T6029] ? tun_get+0x1c/0x2f0 [ 95.842253][ T6029] ? tun_get+0x1c/0x2f0 [ 95.842275][ T6029] tun_chr_write_iter+0x113/0x200 [ 95.842296][ T6029] vfs_write+0x54b/0xa90 [ 95.842324][ T6029] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 95.842342][ T6029] ? __pfx_vfs_write+0x10/0x10 [ 95.842374][ T6029] ? __fget_files+0x2a/0x420 [ 95.842399][ T6029] ksys_write+0x145/0x250 [ 95.842424][ T6029] ? __pfx_ksys_write+0x10/0x10 [ 95.842447][ T6029] ? rcu_is_watching+0x15/0xb0 [ 95.842475][ T6029] ? do_syscall_64+0xbe/0x3b0 [ 95.842502][ T6029] do_syscall_64+0xfa/0x3b0 [ 95.842523][ T6029] ? lockdep_hardirqs_on+0x9c/0x150 [ 95.842545][ T6029] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.842561][ T6029] ? clear_bhb_loop+0x60/0xb0 [ 95.842581][ T6029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.842597][ T6029] RIP: 0033:0x7f83d558eb69 [ 95.842617][ T6029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.842630][ T6029] RSP: 002b:00007f83d63b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 95.842651][ T6029] RAX: ffffffffffffffda RBX: 00007f83d57b6160 RCX: 00007f83d558eb69 [ 95.842664][ T6029] RDX: 0000000000000ffe RSI: 0000200000000400 RDI: 0000000000000003 [ 95.842674][ T6029] RBP: 00007f83d63b6090 R08: 0000000000000000 R09: 0000000000000000 [ 95.842684][ T6029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 95.842694][ T6029] R13: 0000000000000000 R14: 00007f83d57b6160 R15: 00007fff4b06cc18 [ 95.842721][ T6029] [ 96.412452][ T6041] nbd1: detected capacity change from 0 to 127 [ 96.435334][ T5159] block nbd1: Receive control failed (result -32) [ 96.452757][ T5893] block nbd1: Dead connection, failed to find a fallback [ 96.483266][ T5893] block nbd1: shutting down sockets [ 96.520273][ T5893] ldm_validate_partition_table(): Disk read failed. [ 96.573681][ T5893] Dev nbd1: unable to read RDB block 0 [ 96.582406][ T5893] nbd1: unable to read partition table [ 96.597042][ T5893] ldm_validate_partition_table(): Disk read failed. [ 96.629681][ T5893] Dev nbd1: unable to read RDB block 0 [ 96.664373][ T5893] nbd1: unable to read partition table [ 96.761004][ T6052] Zero length message leads to an empty skb [ 97.177853][ T6062] erspan0: entered promiscuous mode [ 97.227283][ T6062] batman_adv: batadv0: Adding interface: macvlan2 [ 97.245547][ T6068] netlink: 8 bytes leftover after parsing attributes in process `syz.2.30'. [ 97.264796][ T6062] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1450) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.337100][ T6062] batman_adv: batadv0: Interface activated: macvlan2 [ 97.408307][ T6062] netlink: 12 bytes leftover after parsing attributes in process `syz.2.30'. [ 97.843356][ T6086] nbd2: detected capacity change from 0 to 127 [ 97.866075][ T6091] netlink: 20 bytes leftover after parsing attributes in process `syz.2.39'. [ 98.007545][ T6089] bridge1: entered allmulticast mode [ 98.038490][ T5159] block nbd2: Receive control failed (result -104) [ 98.304181][ T6102] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 98.323148][ T6102] bond0: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 98.334822][ T6102] bond0: (slave ipvlan2): Error -95 calling set_mac_address [ 98.403615][ T6108] netlink: 'syz.0.42': attribute type 4 has an invalid length. [ 98.439097][ T6106] netlink: 'syz.0.42': attribute type 4 has an invalid length. [ 98.754933][ T6110] netlink: 20 bytes leftover after parsing attributes in process `syz.3.43'. [ 98.769214][ T6109] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 99.377869][ T6120] netlink: 'syz.3.45': attribute type 5 has an invalid length. [ 100.395857][ T6127] IPv6: Can't replace route, no match found [ 100.523935][ T6147] __nla_validate_parse: 4 callbacks suppressed [ 100.523952][ T6147] netlink: 68 bytes leftover after parsing attributes in process `syz.2.51'. [ 100.559137][ T6149] trusted_key: syz.3.53 sent an empty control message without MSG_MORE. [ 100.852897][ T6161] netlink: 4 bytes leftover after parsing attributes in process `syz.4.54'. [ 100.949435][ T6125] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 101.109277][ T6166] netlink: 4 bytes leftover after parsing attributes in process `syz.3.57'. [ 101.203414][ T124] block nbd2: Connection timed out, retrying (0/1 alive) [ 101.212287][ T124] block nbd2: Connection timed out, retrying (0/1 alive) [ 101.219513][ T124] block nbd2: Connection timed out, retrying (0/1 alive) [ 101.228104][ T124] block nbd2: Connection timed out, retrying (0/1 alive) [ 101.236816][ T124] block nbd2: Dead connection, failed to find a fallback [ 101.246908][ T124] block nbd2: shutting down sockets [ 101.252960][ T124] blk_print_req_error: 286 callbacks suppressed [ 101.252978][ T124] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.270513][ T124] buffer_io_error: 286 callbacks suppressed [ 101.270528][ T124] Buffer I/O error on dev nbd2, logical block 3, async page read [ 101.288230][ T124] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.297973][ T124] Buffer I/O error on dev nbd2, logical block 2, async page read [ 101.306171][ T124] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.315803][ T124] Buffer I/O error on dev nbd2, logical block 1, async page read [ 101.329930][ T124] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.339944][ T124] Buffer I/O error on dev nbd2, logical block 0, async page read [ 101.348781][ T5893] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.360745][ T5893] Buffer I/O error on dev nbd2, logical block 0, async page read [ 101.370765][ T5893] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.380743][ T5893] Buffer I/O error on dev nbd2, logical block 1, async page read [ 101.389526][ T5893] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.399008][ T5893] Buffer I/O error on dev nbd2, logical block 2, async page read [ 101.407455][ T5893] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.417313][ T5893] Buffer I/O error on dev nbd2, logical block 3, async page read [ 101.425826][ T5893] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.439360][ T5893] Buffer I/O error on dev nbd2, logical block 0, async page read [ 101.448046][ T5893] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.457629][ T5893] Buffer I/O error on dev nbd2, logical block 1, async page read [ 101.494760][ T5893] ldm_validate_partition_table(): Disk read failed. [ 101.524666][ T5893] Dev nbd2: unable to read RDB block 0 [ 101.531351][ T6163] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 101.545957][ T5893] nbd2: unable to read partition table [ 101.650371][ T5893] ldm_validate_partition_table(): Disk read failed. [ 101.686155][ T5893] Dev nbd2: unable to read RDB block 0 [ 101.699278][ T5893] nbd2: unable to read partition table [ 101.774640][ T6185] netlink: 'syz.0.61': attribute type 1 has an invalid length. [ 101.789550][ T6186] netlink: 44 bytes leftover after parsing attributes in process `syz.1.58'. [ 101.801834][ T6186] netlink: 43 bytes leftover after parsing attributes in process `syz.1.58'. [ 101.811110][ T6186] netlink: 'syz.1.58': attribute type 5 has an invalid length. [ 101.819231][ T6186] netlink: 43 bytes leftover after parsing attributes in process `syz.1.58'. [ 101.977341][ T6185] 8021q: adding VLAN 0 to HW filter on device bond1 [ 101.982428][ T6183] netlink: 192 bytes leftover after parsing attributes in process `syz.1.58'. [ 102.110079][ T6193] vlan2: entered allmulticast mode [ 102.116024][ T6193] veth1: entered allmulticast mode [ 102.144211][ T6184] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.342152][ T6207] netlink: 16 bytes leftover after parsing attributes in process `syz.3.64'. [ 102.431802][ T6209] nbd3: detected capacity change from 0 to 127 [ 102.474382][ T6209] bridge1: entered allmulticast mode [ 102.494002][ T5159] block nbd3: Receive control failed (result -104) [ 102.675474][ T6220] netlink: 'syz.3.68': attribute type 1 has an invalid length. [ 102.762767][ T6229] netlink: 'syz.2.69': attribute type 4 has an invalid length. [ 102.849172][ T6221] netlink: 'syz.2.69': attribute type 4 has an invalid length. [ 102.958269][ T6237] netlink: 4 bytes leftover after parsing attributes in process `syz.0.72'. [ 103.361219][ T6252] netlink: 44 bytes leftover after parsing attributes in process `syz.4.76'. [ 103.371725][ T6252] netlink: 'syz.4.76': attribute type 5 has an invalid length. [ 103.723322][ T6269] netlink: 'syz.2.78': attribute type 10 has an invalid length. [ 103.900746][ T6269] macvlan0: entered promiscuous mode [ 103.944342][ T6269] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 104.730070][ T6300] netlink: 'syz.0.84': attribute type 1 has an invalid length. [ 105.569779][ T6327] netlink: 'syz.4.92': attribute type 1 has an invalid length. [ 105.587527][ T6320] netlink: 'syz.3.87': attribute type 13 has an invalid length. [ 105.652074][ T6320] netlink: 'syz.3.87': attribute type 17 has an invalid length. [ 105.752906][ T124] block nbd3: Connection timed out, retrying (0/1 alive) [ 105.760641][ T124] block nbd3: Connection timed out, retrying (0/1 alive) [ 105.768309][ T6174] block nbd3: Dead connection, failed to find a fallback [ 105.779047][ T124] block nbd3: Connection timed out, retrying (0/1 alive) [ 105.786712][ T6174] block nbd3: shutting down sockets [ 105.792997][ T124] block nbd3: Connection timed out, retrying (0/1 alive) [ 105.806226][ T5893] ldm_validate_partition_table(): Disk read failed. [ 105.840663][ T5893] Dev nbd3: unable to read RDB block 0 [ 105.860519][ T5893] nbd3: unable to read partition table [ 105.881986][ T6337] __nla_validate_parse: 5 callbacks suppressed [ 105.882003][ T6337] netlink: 24 bytes leftover after parsing attributes in process `syz.1.93'. [ 105.924479][ T5893] ldm_validate_partition_table(): Disk read failed. [ 105.953240][ T5893] Dev nbd3: unable to read RDB block 0 [ 105.961279][ T5893] nbd3: unable to read partition table [ 106.051027][ T6327] 8021q: adding VLAN 0 to HW filter on device bond1 [ 106.073663][ T6342] netlink: 16 bytes leftover after parsing attributes in process `syz.1.93'. [ 106.142035][ T6342] netlink: 72 bytes leftover after parsing attributes in process `syz.1.93'. [ 106.259435][ T6324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 106.341291][ T6320] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 106.408617][ T6333] vlan2: entered allmulticast mode [ 106.429615][ T6333] veth1: entered allmulticast mode [ 106.449532][ T6337] netlink: 24 bytes leftover after parsing attributes in process `syz.1.93'. [ 107.018628][ T6373] netlink: 12 bytes leftover after parsing attributes in process `syz.1.96'. [ 107.075803][ T6374] netlink: 44 bytes leftover after parsing attributes in process `syz.4.99'. [ 107.086634][ T6373] vlan2: entered promiscuous mode [ 107.112286][ T6374] netlink: 43 bytes leftover after parsing attributes in process `syz.4.99'. [ 107.134398][ T6374] netlink: 'syz.4.99': attribute type 5 has an invalid length. [ 107.149921][ T6373] bond0: entered promiscuous mode [ 107.160812][ T6374] netlink: 43 bytes leftover after parsing attributes in process `syz.4.99'. [ 107.180398][ T6373] bond_slave_0: entered promiscuous mode [ 107.217315][ T6373] bond_slave_1: entered promiscuous mode [ 107.250773][ T6374] netlink: 192 bytes leftover after parsing attributes in process `syz.4.99'. [ 108.494500][ T6429] veth0_to_team: entered promiscuous mode [ 108.507070][ T6429] veth0_to_team: entered allmulticast mode [ 108.557767][ T6435] netlink: 'syz.3.108': attribute type 4 has an invalid length. [ 108.608879][ T6432] netlink: 'syz.3.108': attribute type 4 has an invalid length. [ 109.005440][ T6452] bridge1: entered allmulticast mode [ 109.024838][ T6447] nbd4: detected capacity change from 0 to 127 [ 109.036284][ T5159] block nbd4: Receive control failed (result -32) [ 109.037721][ T6450] netlink: 'syz.3.113': attribute type 1 has an invalid length. [ 109.239127][ T6459] netlink: 44 bytes leftover after parsing attributes in process `syz.0.114'. [ 109.260363][ T6459] netlink: 'syz.0.114': attribute type 5 has an invalid length. [ 109.277679][ T6450] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 109.311313][ T6450] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 109.389005][ T6465] netlink: 'syz.2.116': attribute type 5 has an invalid length. [ 109.598972][ T6473] FAULT_INJECTION: forcing a failure. [ 109.598972][ T6473] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.625232][ T6473] CPU: 0 UID: 0 PID: 6473 Comm: syz.3.119 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 109.625258][ T6473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 109.625268][ T6473] Call Trace: [ 109.625275][ T6473] [ 109.625283][ T6473] dump_stack_lvl+0x189/0x250 [ 109.625314][ T6473] ? __pfx____ratelimit+0x10/0x10 [ 109.625338][ T6473] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.625354][ T6473] ? __pfx__printk+0x10/0x10 [ 109.625387][ T6473] should_fail_ex+0x414/0x560 [ 109.625417][ T6473] _copy_to_user+0x31/0xb0 [ 109.625442][ T6473] simple_read_from_buffer+0xe1/0x170 [ 109.625472][ T6473] proc_fail_nth_read+0x1b3/0x220 [ 109.625494][ T6473] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 109.625515][ T6473] ? rw_verify_area+0x258/0x650 [ 109.625535][ T6473] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 109.625554][ T6473] vfs_read+0x1fd/0x980 [ 109.625575][ T6473] ? fdget_pos+0x247/0x320 [ 109.625594][ T6473] ? __pfx___mutex_lock+0x10/0x10 [ 109.625617][ T6473] ? __pfx_vfs_read+0x10/0x10 [ 109.625638][ T6473] ? __fget_files+0x2a/0x420 [ 109.625658][ T6473] ? __fget_files+0x3a0/0x420 [ 109.625671][ T6473] ? __fget_files+0x2a/0x420 [ 109.625694][ T6473] ksys_read+0x145/0x250 [ 109.625719][ T6473] ? __pfx_ksys_read+0x10/0x10 [ 109.625737][ T6473] ? rcu_is_watching+0x15/0xb0 [ 109.625765][ T6473] ? do_syscall_64+0xbe/0x3b0 [ 109.625801][ T6473] do_syscall_64+0xfa/0x3b0 [ 109.625821][ T6473] ? lockdep_hardirqs_on+0x9c/0x150 [ 109.625842][ T6473] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.625858][ T6473] ? clear_bhb_loop+0x60/0xb0 [ 109.625880][ T6473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.625895][ T6473] RIP: 0033:0x7f4fc798d57c [ 109.625911][ T6473] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 109.625925][ T6473] RSP: 002b:00007f4fc8844030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 109.625946][ T6473] RAX: ffffffffffffffda RBX: 00007f4fc7bb5fa0 RCX: 00007f4fc798d57c [ 109.625958][ T6473] RDX: 000000000000000f RSI: 00007f4fc88440a0 RDI: 0000000000000007 [ 109.625969][ T6473] RBP: 00007f4fc8844090 R08: 0000000000000000 R09: 0000000000000000 [ 109.625987][ T6473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.625997][ T6473] R13: 0000000000000000 R14: 00007f4fc7bb5fa0 R15: 00007ffea05df7b8 [ 109.626026][ T6473] [ 110.315991][ T6484] ip6gre1: entered promiscuous mode [ 110.546843][ T6492] syzkaller0: entered promiscuous mode [ 110.559253][ T6492] syzkaller0: entered allmulticast mode [ 110.588173][ T6503] netlink: 'syz.1.129': attribute type 1 has an invalid length. [ 111.009651][ T6520] __nla_validate_parse: 7 callbacks suppressed [ 111.009669][ T6520] netlink: 44 bytes leftover after parsing attributes in process `syz.0.134'. [ 111.027190][ T6520] netlink: 43 bytes leftover after parsing attributes in process `syz.0.134'. [ 111.037983][ T6520] netlink: 'syz.0.134': attribute type 5 has an invalid length. [ 111.046876][ T6520] netlink: 43 bytes leftover after parsing attributes in process `syz.0.134'. [ 111.160212][ T6522] netlink: 192 bytes leftover after parsing attributes in process `syz.0.134'. [ 111.970322][ T6503] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 111.988316][ T6515] FAULT_INJECTION: forcing a failure. [ 111.988316][ T6515] name failslab, interval 1, probability 0, space 0, times 1 [ 112.011936][ T6515] CPU: 1 UID: 0 PID: 6515 Comm: syz.4.132 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 112.011962][ T6515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 112.011972][ T6515] Call Trace: [ 112.011980][ T6515] [ 112.011987][ T6515] dump_stack_lvl+0x189/0x250 [ 112.012018][ T6515] ? __pfx____ratelimit+0x10/0x10 [ 112.012046][ T6515] ? __pfx_dump_stack_lvl+0x10/0x10 [ 112.012064][ T6515] ? __pfx__printk+0x10/0x10 [ 112.012091][ T6515] ? __pfx___might_resched+0x10/0x10 [ 112.012120][ T6515] should_fail_ex+0x414/0x560 [ 112.012151][ T6515] should_failslab+0xa8/0x100 [ 112.012170][ T6515] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 112.012194][ T6515] ? ethnl_bitset32_size+0x3a/0x280 [ 112.012210][ T6515] ? __alloc_skb+0x112/0x2d0 [ 112.012238][ T6515] __alloc_skb+0x112/0x2d0 [ 112.012267][ T6515] ethnl_default_notify+0x5da/0xb70 [ 112.012294][ T6515] ? __pfx_ethnl_default_notify+0x10/0x10 [ 112.012329][ T6515] ? trace_kmalloc+0x1f/0xd0 [ 112.012349][ T6515] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 112.012377][ T6515] ? mutex_is_locked+0x17/0x50 [ 112.012392][ T6515] ? rtnl_is_locked+0x15/0x20 [ 112.012414][ T6515] ethnl_default_set_doit+0x4f8/0x890 [ 112.012442][ T6515] genl_family_rcv_msg_doit+0x215/0x300 [ 112.012470][ T6515] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 112.012504][ T6515] ? bpf_lsm_capable+0x9/0x20 [ 112.012526][ T6515] ? security_capable+0x7e/0x2e0 [ 112.012555][ T6515] genl_rcv_msg+0x60e/0x790 [ 112.012681][ T6515] ? __pfx_genl_rcv_msg+0x10/0x10 [ 112.012700][ T6515] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 112.012719][ T6515] ? __asan_memcpy+0x40/0x70 [ 112.012739][ T6515] ? __pfx_ref_tracker_free+0x10/0x10 [ 112.012765][ T6515] netlink_rcv_skb+0x205/0x470 [ 112.012786][ T6515] ? __lock_acquire+0xab9/0xd20 [ 112.012809][ T6515] ? __pfx_genl_rcv_msg+0x10/0x10 [ 112.012829][ T6515] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 112.012873][ T6515] ? down_read+0x1ad/0x2e0 [ 112.012893][ T6515] genl_rcv+0x28/0x40 [ 112.012914][ T6515] netlink_unicast+0x82c/0x9e0 [ 112.012945][ T6515] ? __pfx_netlink_unicast+0x10/0x10 [ 112.012968][ T6515] ? netlink_sendmsg+0x642/0xb30 [ 112.012988][ T6515] ? skb_put+0x11b/0x210 [ 112.013009][ T6515] netlink_sendmsg+0x805/0xb30 [ 112.013042][ T6515] ? __pfx_netlink_sendmsg+0x10/0x10 [ 112.013069][ T6515] ? aa_sock_msg_perm+0x94/0x160 [ 112.013093][ T6515] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 112.013112][ T6515] ? __pfx_netlink_sendmsg+0x10/0x10 [ 112.013136][ T6515] __sock_sendmsg+0x219/0x270 [ 112.013162][ T6515] ____sys_sendmsg+0x505/0x830 [ 112.013186][ T6515] ? __pfx_____sys_sendmsg+0x10/0x10 [ 112.013215][ T6515] ? import_iovec+0x74/0xa0 [ 112.013242][ T6515] ___sys_sendmsg+0x21f/0x2a0 [ 112.013263][ T6515] ? __pfx____sys_sendmsg+0x10/0x10 [ 112.013319][ T6515] ? __fget_files+0x2a/0x420 [ 112.013335][ T6515] ? __fget_files+0x3a0/0x420 [ 112.013364][ T6515] __x64_sys_sendmsg+0x19b/0x260 [ 112.013385][ T6515] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 112.013413][ T6515] ? __pfx_ksys_write+0x10/0x10 [ 112.013433][ T6515] ? rcu_is_watching+0x15/0xb0 [ 112.013463][ T6515] ? do_syscall_64+0xbe/0x3b0 [ 112.013491][ T6515] do_syscall_64+0xfa/0x3b0 [ 112.013512][ T6515] ? lockdep_hardirqs_on+0x9c/0x150 [ 112.013534][ T6515] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.013551][ T6515] ? clear_bhb_loop+0x60/0xb0 [ 112.013576][ T6515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.013593][ T6515] RIP: 0033:0x7efd8f98eb69 [ 112.013610][ T6515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.013624][ T6515] RSP: 002b:00007efd90818038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 112.013645][ T6515] RAX: ffffffffffffffda RBX: 00007efd8fbb6080 RCX: 00007efd8f98eb69 [ 112.013658][ T6515] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 112.013668][ T6515] RBP: 00007efd90818090 R08: 0000000000000000 R09: 0000000000000000 [ 112.013679][ T6515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 112.013689][ T6515] R13: 0000000000000001 R14: 00007efd8fbb6080 R15: 00007ffc789f5458 [ 112.013719][ T6515] [ 113.324762][ T6561] netlink: 56 bytes leftover after parsing attributes in process `syz.0.145'. [ 113.404037][ T6562] pim6reg0: tun_chr_ioctl cmd 2148553947 [ 113.635224][ T6568] netlink: 32 bytes leftover after parsing attributes in process `syz.3.148'. [ 113.656833][ T6569] netlink: 'syz.0.147': attribute type 1 has an invalid length. [ 113.717782][ T6569] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 113.731126][ T6569] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 113.879828][ T6577] bridge2: entered allmulticast mode [ 114.436838][ T6597] netlink: 12 bytes leftover after parsing attributes in process `syz.1.159'. [ 114.524042][ T6596] netlink: 4 bytes leftover after parsing attributes in process `syz.4.156'. [ 114.858551][ T6619] netlink: 'syz.3.164': attribute type 1 has an invalid length. [ 114.907398][ T6621] netlink: 56 bytes leftover after parsing attributes in process `syz.1.165'. [ 114.930474][ T6624] netlink: 9 bytes leftover after parsing attributes in process `syz.2.167'. [ 114.944585][ T6627] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 114.957408][ T6627] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 114.992008][ T6624] gretap0: entered promiscuous mode [ 115.038994][ T6619] gretap1: entered promiscuous mode [ 115.045861][ T6628] 0ªî{X¹¦: renamed from gretap0 [ 115.067419][ T6628] 0ªî{X¹¦: left promiscuous mode [ 115.075657][ T6628] 0ªî{X¹¦: entered allmulticast mode [ 115.087080][ T6628] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 115.315761][ T6645] netlink: zone id is out of range [ 115.769952][ T6675] netlink: 'syz.2.182': attribute type 1 has an invalid length. [ 115.827763][ T6675] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 115.841442][ T6675] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 115.916418][ T6678] gretap0: entered promiscuous mode [ 115.927264][ T6681] batadv_slave_0: entered promiscuous mode [ 115.957214][ T6681] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 116.080209][ T6681] batadv_slave_0 (unregistering): left promiscuous mode [ 116.090847][ T6681] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 116.474526][ T6701] __nla_validate_parse: 8 callbacks suppressed [ 116.474544][ T6701] netlink: 32 bytes leftover after parsing attributes in process `syz.0.190'. [ 116.641425][ T6711] netlink: 8 bytes leftover after parsing attributes in process `syz.2.192'. [ 116.684610][ T6710] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 116.802011][ T6716] (unnamed net_device) (uninitialized): option updelay: invalid value (18446744073701165882) [ 116.812837][ T6716] (unnamed net_device) (uninitialized): option updelay: allowed values 0 - 2147483647 [ 117.055162][ T6723] netlink: 'syz.2.197': attribute type 1 has an invalid length. [ 117.270413][ T6725] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 117.294898][ T6725] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 117.800890][ T6729] hsr_slave_0: left promiscuous mode [ 117.815983][ T6729] hsr_slave_1: left promiscuous mode [ 117.954312][ T6737] bridge4: entered allmulticast mode [ 118.151188][ T6748] netlink: 32 bytes leftover after parsing attributes in process `syz.0.204'. [ 118.197510][ T6740] netlink: 'syz.2.203': attribute type 10 has an invalid length. [ 118.500388][ T6766] netlink: 40 bytes leftover after parsing attributes in process `syz.1.209'. [ 118.545481][ T6760] 8021q: adding VLAN 0 to HW filter on device bond3 [ 118.801926][ T5159] Bluetooth: hci4: command tx timeout [ 118.819107][ T6777] netlink: 20 bytes leftover after parsing attributes in process `syz.2.212'. [ 119.637980][ T6796] netlink: 56 bytes leftover after parsing attributes in process `syz.0.217'. [ 119.948635][ T6815] netlink: 'syz.1.225': attribute type 2 has an invalid length. [ 119.970608][ T6815] k›*·]‘: entered promiscuous mode [ 119.985827][ T6819] netlink: 20 bytes leftover after parsing attributes in process `syz.2.226'. [ 120.021535][ T6819] netlink: 216 bytes leftover after parsing attributes in process `syz.2.226'. [ 120.029961][ T6815] netlink: 8 bytes leftover after parsing attributes in process `syz.1.225'. [ 120.042477][ T6819] netlink: 24 bytes leftover after parsing attributes in process `syz.2.226'. [ 120.080051][ T6815] veth0_to_team: entered promiscuous mode [ 120.102561][ T6815] veth0_to_team: entered allmulticast mode [ 120.196527][ T6822] 8021q: adding VLAN 0 to HW filter on device bond4 [ 121.096949][ T6829] team0: Device vti0 is of different type [ 121.430709][ T6850] Bluetooth: MGMT ver 1.23 [ 121.493866][ T6847] __nla_validate_parse: 5 callbacks suppressed [ 121.493884][ T6847] netlink: 8 bytes leftover after parsing attributes in process `syz.4.233'. [ 121.645967][ T6847] syz.4.233 (6847) used greatest stack depth: 17864 bytes left [ 122.741634][ T6888] veth1: mtu greater than device maximum [ 122.766097][ T6888] netlink: 20 bytes leftover after parsing attributes in process `syz.4.247'. [ 122.836221][ T6893] netlink: 56 bytes leftover after parsing attributes in process `syz.0.248'. [ 123.019889][ T6899] Driver unsupported XDP return value 0 on prog (id 80) dev N/A, expect packet loss! [ 123.054081][ T6906] netlink: 8 bytes leftover after parsing attributes in process `syz.0.254'. [ 123.087215][ T6906] netlink: 40 bytes leftover after parsing attributes in process `syz.0.254'. [ 123.104967][ T6910] netlink: 20 bytes leftover after parsing attributes in process `syz.4.257'. [ 123.359786][ T6923] netlink: 'syz.2.261': attribute type 13 has an invalid length. [ 123.379838][ T6923] netlink: 8 bytes leftover after parsing attributes in process `syz.2.261'. [ 124.019961][ T6930] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 124.518841][ T6959] netlink: 12 bytes leftover after parsing attributes in process `syz.0.275'. [ 124.558140][ T6959] vlan3: entered promiscuous mode [ 124.584799][ T6959] team0: entered promiscuous mode [ 124.599782][ T6959] team_slave_0: entered promiscuous mode [ 124.624812][ T6959] team_slave_1: entered promiscuous mode [ 125.214180][ T6985] netlink: 44 bytes leftover after parsing attributes in process `syz.0.284'. [ 125.234176][ T6985] netlink: 43 bytes leftover after parsing attributes in process `syz.0.284'. [ 125.258965][ T6985] netlink: 'syz.0.284': attribute type 5 has an invalid length. [ 125.859593][ T6972] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 126.531660][ T7038] FAULT_INJECTION: forcing a failure. [ 126.531660][ T7038] name failslab, interval 1, probability 0, space 0, times 0 [ 126.579453][ T7038] CPU: 0 UID: 0 PID: 7038 Comm: syz.4.299 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 126.579488][ T7038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 126.579497][ T7038] Call Trace: [ 126.579505][ T7038] [ 126.579513][ T7038] dump_stack_lvl+0x189/0x250 [ 126.579547][ T7038] ? __pfx____ratelimit+0x10/0x10 [ 126.579572][ T7038] ? __pfx_dump_stack_lvl+0x10/0x10 [ 126.579591][ T7038] ? __pfx__printk+0x10/0x10 [ 126.579618][ T7038] ? __pfx___might_resched+0x10/0x10 [ 126.579643][ T7038] ? fs_reclaim_acquire+0x7d/0x100 [ 126.579667][ T7038] should_fail_ex+0x414/0x560 [ 126.579698][ T7038] should_failslab+0xa8/0x100 [ 126.579717][ T7038] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 126.579742][ T7038] ? __alloc_skb+0x112/0x2d0 [ 126.579772][ T7038] __alloc_skb+0x112/0x2d0 [ 126.579801][ T7038] netlink_ack+0x146/0xa50 [ 126.579822][ T7038] ? __pfx_genl_rcv_msg+0x10/0x10 [ 126.579843][ T7038] ? ref_tracker_free+0x63a/0x7d0 [ 126.579861][ T7038] ? __asan_memcpy+0x40/0x70 [ 126.579882][ T7038] ? __pfx_ref_tracker_free+0x10/0x10 [ 126.579908][ T7038] netlink_rcv_skb+0x28c/0x470 [ 126.579930][ T7038] ? __lock_acquire+0xab9/0xd20 [ 126.579953][ T7038] ? __pfx_genl_rcv_msg+0x10/0x10 [ 126.579974][ T7038] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 126.580019][ T7038] ? down_read+0x1ad/0x2e0 [ 126.580039][ T7038] genl_rcv+0x28/0x40 [ 126.580056][ T7038] netlink_unicast+0x82c/0x9e0 [ 126.580089][ T7038] ? __pfx_netlink_unicast+0x10/0x10 [ 126.580113][ T7038] ? netlink_sendmsg+0x642/0xb30 [ 126.580135][ T7038] ? skb_put+0x11b/0x210 [ 126.580156][ T7038] netlink_sendmsg+0x805/0xb30 [ 126.580190][ T7038] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.580216][ T7038] ? aa_sock_msg_perm+0x94/0x160 [ 126.580476][ T7038] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 126.580508][ T7038] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.580539][ T7038] __sock_sendmsg+0x219/0x270 [ 126.580567][ T7038] ____sys_sendmsg+0x505/0x830 [ 126.580593][ T7038] ? __pfx_____sys_sendmsg+0x10/0x10 [ 126.580623][ T7038] ? import_iovec+0x74/0xa0 [ 126.580651][ T7038] ___sys_sendmsg+0x21f/0x2a0 [ 126.580673][ T7038] ? __pfx____sys_sendmsg+0x10/0x10 [ 126.580733][ T7038] ? __fget_files+0x2a/0x420 [ 126.580751][ T7038] ? __fget_files+0x3a0/0x420 [ 126.580780][ T7038] __x64_sys_sendmsg+0x19b/0x260 [ 126.580802][ T7038] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 126.580833][ T7038] ? __pfx_ksys_write+0x10/0x10 [ 126.580854][ T7038] ? rcu_is_watching+0x15/0xb0 [ 126.580886][ T7038] ? do_syscall_64+0xbe/0x3b0 [ 126.580915][ T7038] do_syscall_64+0xfa/0x3b0 [ 126.580938][ T7038] ? lockdep_hardirqs_on+0x9c/0x150 [ 126.580960][ T7038] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.580975][ T7038] ? clear_bhb_loop+0x60/0xb0 [ 126.580993][ T7038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.581010][ T7038] RIP: 0033:0x7efd8f98eb69 [ 126.581036][ T7038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.581049][ T7038] RSP: 002b:00007efd90839038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 126.581073][ T7038] RAX: ffffffffffffffda RBX: 00007efd8fbb5fa0 RCX: 00007efd8f98eb69 [ 126.581084][ T7038] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 126.581094][ T7038] RBP: 00007efd90839090 R08: 0000000000000000 R09: 0000000000000000 [ 126.581103][ T7038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 126.581112][ T7038] R13: 0000000000000000 R14: 00007efd8fbb5fa0 R15: 00007ffc789f5458 [ 126.581136][ T7038] [ 129.149459][ T7097] __nla_validate_parse: 3 callbacks suppressed [ 129.149479][ T7097] netlink: 8 bytes leftover after parsing attributes in process `syz.1.318'. [ 129.254390][ T7097] netlink: 8 bytes leftover after parsing attributes in process `syz.1.318'. [ 129.359126][ T7097] netlink: 188 bytes leftover after parsing attributes in process `syz.1.318'. [ 131.626733][ T7124] netlink: 'syz.2.326': attribute type 10 has an invalid length. [ 131.713056][ T7124] team0: Device ipvlan1 failed to register rx_handler [ 131.773645][ T7130] netlink: 8 bytes leftover after parsing attributes in process `syz.0.330'. [ 132.139498][ T7138] netlink: 24 bytes leftover after parsing attributes in process `syz.1.334'. [ 132.572021][ T7150] tipc: Started in network mode [ 132.605787][ T7150] tipc: Node identity f2a6f011b292, cluster identity 4711 [ 132.710320][ T7150] tipc: Enabled bearer , priority 0 [ 132.765730][ T7155] syzkaller0: entered promiscuous mode [ 132.845426][ T7155] syzkaller0: entered allmulticast mode [ 133.095827][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.103563][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.352017][ T7155] tipc: Resetting bearer [ 133.405582][ T7149] tipc: Resetting bearer [ 133.730160][ T5961] tipc: Node number set to 1077211153 [ 134.378217][ T7149] tipc: Disabling bearer [ 134.799998][ T7196] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.347'. [ 135.312959][ T7206] IPv6: addrconf: prefix option has invalid lifetime [ 135.896875][ T7220] tipc: Enabling of bearer rejected, failed to enable media [ 136.262168][ T7225] netlink: 44 bytes leftover after parsing attributes in process `syz.3.358'. [ 136.342433][ T7225] netlink: 43 bytes leftover after parsing attributes in process `syz.3.358'. [ 136.473468][ T7225] netlink: 'syz.3.358': attribute type 5 has an invalid length. [ 136.651137][ T7239] netlink: 192 bytes leftover after parsing attributes in process `syz.3.358'. [ 136.708645][ T7225] netlink: 43 bytes leftover after parsing attributes in process `syz.3.358'. [ 138.537157][ T7282] sock: sock_timestamping_bind_phc: sock not bind to device [ 138.840086][ T7280] netlink: 'syz.4.374': attribute type 6 has an invalid length. [ 139.223270][ T7288] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 139.281044][ T7294] netlink: 48 bytes leftover after parsing attributes in process `syz.3.378'. [ 139.448943][ T7300] nbd5: detected capacity change from 0 to 127 [ 139.492841][ T7302] bridge6: entered allmulticast mode [ 139.560497][ T5159] block nbd5: Receive control failed (result -32) [ 139.636550][ T7306] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:20003 [ 139.829316][ T7305] netlink: 'syz.4.383': attribute type 10 has an invalid length. [ 140.630983][ T7348] netlink: 'syz.3.399': attribute type 33 has an invalid length. [ 140.733420][ T7348] netlink: 20 bytes leftover after parsing attributes in process `syz.3.399'. [ 140.753168][ T7348] bond0: option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0) [ 140.970452][ T7357] netlink: 8 bytes leftover after parsing attributes in process `syz.1.403'. [ 141.153759][ T7362] netlink: 'syz.3.405': attribute type 46 has an invalid length. [ 141.617811][ T7391] FAULT_INJECTION: forcing a failure. [ 141.617811][ T7391] name failslab, interval 1, probability 0, space 0, times 0 [ 141.698161][ T7391] CPU: 1 UID: 0 PID: 7391 Comm: syz.2.416 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 141.698189][ T7391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 141.698199][ T7391] Call Trace: [ 141.698207][ T7391] [ 141.698216][ T7391] dump_stack_lvl+0x189/0x250 [ 141.698240][ T7391] ? __pfx____ratelimit+0x10/0x10 [ 141.698265][ T7391] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.698283][ T7391] ? __pfx__printk+0x10/0x10 [ 141.698310][ T7391] ? __pfx___might_resched+0x10/0x10 [ 141.698341][ T7391] should_fail_ex+0x414/0x560 [ 141.698381][ T7391] should_failslab+0xa8/0x100 [ 141.698401][ T7391] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 141.698426][ T7391] ? dev_exception_add+0x94/0x4a0 [ 141.698455][ T7391] kmemdup_noprof+0x2b/0x70 [ 141.698477][ T7391] dev_exception_add+0x94/0x4a0 [ 141.698500][ T7391] ? bpf_lsm_capable+0x9/0x20 [ 141.698522][ T7391] ? security_capable+0x7e/0x2e0 [ 141.698551][ T7391] devcgroup_access_write+0xfdf/0x18b0 [ 141.698582][ T7391] ? __pfx_devcgroup_access_write+0x10/0x10 [ 141.698605][ T7391] ? register_lock_class+0x51/0x320 [ 141.698635][ T7391] ? __lock_acquire+0xab9/0xd20 [ 141.698696][ T7391] ? kernfs_root+0x1c/0x230 [ 141.698716][ T7391] ? kernfs_root+0x1c/0x230 [ 141.698732][ T7391] ? kernfs_root+0x1c/0x230 [ 141.698753][ T7391] ? kernfs_root+0x1ea/0x230 [ 141.698770][ T7391] ? __pfx_devcgroup_access_write+0x10/0x10 [ 141.698796][ T7391] cgroup_file_write+0x39e/0x740 [ 141.698826][ T7391] ? __pfx_cgroup_file_write+0x10/0x10 [ 141.698863][ T7391] ? __pfx_cgroup_file_write+0x10/0x10 [ 141.698882][ T7391] kernfs_fop_write_iter+0x378/0x4f0 [ 141.698915][ T7391] iter_file_splice_write+0x937/0x1000 [ 141.698970][ T7391] ? __pfx_iter_file_splice_write+0x10/0x10 [ 141.699000][ T7391] ? rcu_read_lock_any_held+0xb3/0x120 [ 141.699035][ T7391] ? __pfx_iter_file_splice_write+0x10/0x10 [ 141.699058][ T7391] do_splice+0xc79/0x1660 [ 141.699129][ T7391] ? __pfx_do_splice+0x10/0x10 [ 141.699167][ T7391] __se_sys_splice+0x2e1/0x460 [ 141.699191][ T7391] ? __pfx___se_sys_splice+0x10/0x10 [ 141.699205][ T7391] ? rcu_is_watching+0x15/0xb0 [ 141.699235][ T7391] ? __x64_sys_splice+0x21/0xf0 [ 141.699255][ T7391] do_syscall_64+0xfa/0x3b0 [ 141.699281][ T7391] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.699297][ T7391] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 141.699314][ T7391] ? clear_bhb_loop+0x60/0xb0 [ 141.699335][ T7391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.699352][ T7391] RIP: 0033:0x7f552ad8eb69 [ 141.699375][ T7391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.699389][ T7391] RSP: 002b:00007f552bbf8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 141.699409][ T7391] RAX: ffffffffffffffda RBX: 00007f552afb5fa0 RCX: 00007f552ad8eb69 [ 141.699422][ T7391] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000003 [ 141.699432][ T7391] RBP: 00007f552bbf8090 R08: 0000000000000008 R09: 0000000000000000 [ 141.699443][ T7391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 141.699453][ T7391] R13: 0000000000000000 R14: 00007f552afb5fa0 R15: 00007ffc57e3a598 [ 141.699485][ T7391] [ 141.747248][ T7395] netlink: 132 bytes leftover after parsing attributes in process `syz.2.416'. [ 142.260026][ T7409] nbd6: detected capacity change from 0 to 127 [ 142.284894][ T7414] bridge5: entered allmulticast mode [ 142.310260][ T5159] block nbd6: Receive control failed (result -32) [ 142.507064][ T7425] netlink: 'syz.4.428': attribute type 10 has an invalid length. [ 142.648048][ T7433] netlink: 28 bytes leftover after parsing attributes in process `syz.4.431'. [ 142.811435][ T7439] netlink: 132 bytes leftover after parsing attributes in process `syz.3.434'. [ 143.264426][ T7460] nbd7: detected capacity change from 0 to 127 [ 143.267979][ T7462] bridge4: entered allmulticast mode [ 143.337447][ T5159] block nbd7: Receive control failed (result -32) [ 143.569585][ T7478] netlink: 16 bytes leftover after parsing attributes in process `syz.3.447'. [ 144.289097][ T7500] netlink: 64 bytes leftover after parsing attributes in process `syz.1.452'. [ 144.657019][ T7509] bridge6: entered allmulticast mode [ 144.662529][ T7504] nbd8: detected capacity change from 0 to 127 [ 144.742624][ T5159] block nbd8: Receive control failed (result -32) [ 145.059248][ T7524] netlink: 'syz.4.459': attribute type 1 has an invalid length. [ 145.081604][ T7524] netlink: 4 bytes leftover after parsing attributes in process `syz.4.459'. [ 145.103730][ T7524] netlink: 45 bytes leftover after parsing attributes in process `syz.4.459'. [ 145.352510][ T30] audit: type=1804 audit(1754059205.872:2): pid=7524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.459" name="x000000000000000800000000000000000000010" dev="tmpfs" ino=398 res=1 errno=0 [ 145.412015][ T30] audit: type=1800 audit(1754059205.872:3): pid=7524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.459" name="x000000000000000800000000000000000000010" dev="tmpfs" ino=398 res=0 errno=0 [ 146.439498][ T7551] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 146.764189][ T7575] netlink: 'syz.2.478': attribute type 9 has an invalid length. [ 146.768842][ T7573] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 146.789750][ T7575] netlink: 8 bytes leftover after parsing attributes in process `syz.2.478'. [ 146.911732][ T7586] netlink: 44 bytes leftover after parsing attributes in process `syz.0.483'. [ 146.921217][ T7586] netlink: 43 bytes leftover after parsing attributes in process `syz.0.483'. [ 146.951880][ T7586] netlink: 'syz.0.483': attribute type 5 has an invalid length. [ 146.961134][ T7586] netlink: 43 bytes leftover after parsing attributes in process `syz.0.483'. [ 147.140016][ T7594] netlink: 192 bytes leftover after parsing attributes in process `syz.0.483'. [ 147.591016][ T7615] netlink: 12 bytes leftover after parsing attributes in process `syz.3.490'. [ 147.602047][ T7615] netlink: 12 bytes leftover after parsing attributes in process `syz.3.490'. [ 147.722580][ T7620] netlink: 8 bytes leftover after parsing attributes in process `syz.1.491'. [ 147.736618][ T7615] netlink: 'syz.3.490': attribute type 2 has an invalid length. [ 147.873068][ T7628] netlink: 8 bytes leftover after parsing attributes in process `syz.2.494'. [ 147.897139][ T7630] FAULT_INJECTION: forcing a failure. [ 147.897139][ T7630] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 147.913068][ T7628] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 147.925814][ T7630] CPU: 0 UID: 0 PID: 7630 Comm: syz.3.493 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 147.925842][ T7630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 147.925853][ T7630] Call Trace: [ 147.925860][ T7630] [ 147.925868][ T7630] dump_stack_lvl+0x189/0x250 [ 147.925892][ T7630] ? __pfx____ratelimit+0x10/0x10 [ 147.925916][ T7630] ? __pfx_dump_stack_lvl+0x10/0x10 [ 147.925934][ T7630] ? __pfx__printk+0x10/0x10 [ 147.925960][ T7630] ? __might_fault+0xb0/0x130 [ 147.925993][ T7630] should_fail_ex+0x414/0x560 [ 147.926022][ T7630] _copy_from_iter+0x1db/0x16f0 [ 147.926047][ T7630] ? rcu_is_watching+0x15/0xb0 [ 147.926073][ T7630] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 147.926099][ T7630] ? __pfx__copy_from_iter+0x10/0x10 [ 147.926121][ T7630] ? __build_skb_around+0x257/0x3e0 [ 147.926151][ T7630] ? netlink_sendmsg+0x642/0xb30 [ 147.926173][ T7630] ? skb_put+0x11b/0x210 [ 147.926193][ T7630] netlink_sendmsg+0x6b2/0xb30 [ 147.926223][ T7630] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.926249][ T7630] ? aa_sock_msg_perm+0x94/0x160 [ 147.926269][ T7630] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 147.926288][ T7630] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.926311][ T7630] __sock_sendmsg+0x219/0x270 [ 147.926335][ T7630] ____sys_sendmsg+0x505/0x830 [ 147.926359][ T7630] ? __pfx_____sys_sendmsg+0x10/0x10 [ 147.926390][ T7630] ? import_iovec+0x74/0xa0 [ 147.926416][ T7630] ___sys_sendmsg+0x21f/0x2a0 [ 147.926437][ T7630] ? __pfx____sys_sendmsg+0x10/0x10 [ 147.926492][ T7630] ? __fget_files+0x2a/0x420 [ 147.926508][ T7630] ? __fget_files+0x3a0/0x420 [ 147.926536][ T7630] __x64_sys_sendmsg+0x19b/0x260 [ 147.926557][ T7630] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 147.926583][ T7630] ? __pfx_ksys_write+0x10/0x10 [ 147.926603][ T7630] ? rcu_is_watching+0x15/0xb0 [ 147.926631][ T7630] ? do_syscall_64+0xbe/0x3b0 [ 147.926659][ T7630] do_syscall_64+0xfa/0x3b0 [ 147.926680][ T7630] ? lockdep_hardirqs_on+0x9c/0x150 [ 147.926701][ T7630] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.926719][ T7630] ? clear_bhb_loop+0x60/0xb0 [ 147.926740][ T7630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.926757][ T7630] RIP: 0033:0x7f4fc798eb69 [ 147.926778][ T7630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.926792][ T7630] RSP: 002b:00007f4fc8823038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 147.926812][ T7630] RAX: ffffffffffffffda RBX: 00007f4fc7bb6080 RCX: 00007f4fc798eb69 [ 147.926826][ T7630] RDX: 0000000000004000 RSI: 0000200000000000 RDI: 000000000000000a [ 147.926837][ T7630] RBP: 00007f4fc8823090 R08: 0000000000000000 R09: 0000000000000000 [ 147.926848][ T7630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 147.926858][ T7630] R13: 0000000000000000 R14: 00007f4fc7bb6080 R15: 00007ffea05df7b8 [ 147.926888][ T7630] [ 148.404042][ T7633] netlink: 4 bytes leftover after parsing attributes in process `syz.4.495'. [ 149.008622][ T7666] netlink: 'syz.3.505': attribute type 5 has an invalid length. [ 149.420683][ T7682] lo speed is unknown, defaulting to 1000 [ 149.429318][ T7682] lo speed is unknown, defaulting to 1000 [ 149.440512][ T7682] lo speed is unknown, defaulting to 1000 [ 149.493777][ T7682] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 149.604512][ T7682] lo speed is unknown, defaulting to 1000 [ 149.633988][ T7682] lo speed is unknown, defaulting to 1000 [ 149.690114][ T7682] lo speed is unknown, defaulting to 1000 [ 149.709918][ T7682] lo speed is unknown, defaulting to 1000 [ 149.722800][ T7682] lo speed is unknown, defaulting to 1000 [ 149.812619][ T7695] netlink: 'syz.0.515': attribute type 1 has an invalid length. [ 149.934951][ T7704] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address [ 149.952287][ T7704] bond5: (slave vxcan3): Error -95 calling set_mac_address [ 150.765517][ T7728] netlink: 'syz.1.520': attribute type 5 has an invalid length. [ 150.788124][ T7708] tipc: Enabling of bearer rejected, failed to enable media [ 150.943018][ T7730] lo speed is unknown, defaulting to 1000 [ 151.471836][ T7759] nbd9: detected capacity change from 0 to 127 [ 151.527976][ T7760] bridge4: entered allmulticast mode [ 151.548507][ T5159] block nbd9: Receive control failed (result -32) [ 151.730052][ T7773] veth1: entered promiscuous mode [ 151.766968][ T7773] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 151.838089][ T7773] __nla_validate_parse: 13 callbacks suppressed [ 151.838108][ T7773] netlink: 8 bytes leftover after parsing attributes in process `syz.0.533'. [ 151.888057][ T7773] netlink: 8 bytes leftover after parsing attributes in process `syz.0.533'. [ 152.511427][ T7790] netlink: 44 bytes leftover after parsing attributes in process `syz.2.537'. [ 152.521759][ T7790] netlink: 43 bytes leftover after parsing attributes in process `syz.2.537'. [ 152.531163][ T7790] netlink: 'syz.2.537': attribute type 5 has an invalid length. [ 152.553652][ T7790] netlink: 43 bytes leftover after parsing attributes in process `syz.2.537'. [ 152.681406][ T7793] netlink: 192 bytes leftover after parsing attributes in process `syz.2.537'. [ 152.701968][ T7796] netlink: 52 bytes leftover after parsing attributes in process `syz.1.538'. [ 152.734081][ T7790] lo speed is unknown, defaulting to 1000 [ 152.790534][ T7796] netlink: 24 bytes leftover after parsing attributes in process `syz.1.538'. [ 152.867419][ T7803] netlink: 4 bytes leftover after parsing attributes in process `syz.0.540'. [ 152.998529][ T7813] netlink: 'syz.1.542': attribute type 1 has an invalid length. [ 153.014084][ T7813] netlink: 'syz.1.542': attribute type 2 has an invalid length. [ 153.052390][ T7813] netlink: 4 bytes leftover after parsing attributes in process `syz.1.542'. [ 153.065471][ T7816] FAULT_INJECTION: forcing a failure. [ 153.065471][ T7816] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 153.081047][ T7816] CPU: 1 UID: 0 PID: 7816 Comm: syz.1.542 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 153.081073][ T7816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 153.081083][ T7816] Call Trace: [ 153.081091][ T7816] [ 153.081098][ T7816] dump_stack_lvl+0x189/0x250 [ 153.081123][ T7816] ? __pfx____ratelimit+0x10/0x10 [ 153.081146][ T7816] ? __pfx_dump_stack_lvl+0x10/0x10 [ 153.081164][ T7816] ? __pfx__printk+0x10/0x10 [ 153.081185][ T7816] ? __might_fault+0xb0/0x130 [ 153.081221][ T7816] should_fail_ex+0x414/0x560 [ 153.081251][ T7816] _copy_from_iter+0x1db/0x16f0 [ 153.081276][ T7816] ? rcu_is_watching+0x15/0xb0 [ 153.081302][ T7816] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 153.081328][ T7816] ? __pfx__copy_from_iter+0x10/0x10 [ 153.081350][ T7816] ? __build_skb_around+0x257/0x3e0 [ 153.081380][ T7816] ? netlink_sendmsg+0x642/0xb30 [ 153.081402][ T7816] ? skb_put+0x11b/0x210 [ 153.081438][ T7816] netlink_sendmsg+0x6b2/0xb30 [ 153.081476][ T7816] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.081501][ T7816] ? aa_sock_msg_perm+0x94/0x160 [ 153.081530][ T7816] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 153.081547][ T7816] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.081571][ T7816] __sock_sendmsg+0x219/0x270 [ 153.081596][ T7816] ____sys_sendmsg+0x505/0x830 [ 153.081618][ T7816] ? __pfx_____sys_sendmsg+0x10/0x10 [ 153.081644][ T7816] ? import_iovec+0x74/0xa0 [ 153.081670][ T7816] ___sys_sendmsg+0x21f/0x2a0 [ 153.081689][ T7816] ? __pfx____sys_sendmsg+0x10/0x10 [ 153.081748][ T7816] ? __fget_files+0x2a/0x420 [ 153.081764][ T7816] ? __fget_files+0x3a0/0x420 [ 153.081791][ T7816] __x64_sys_sendmsg+0x19b/0x260 [ 153.081811][ T7816] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 153.081839][ T7816] ? __pfx_ksys_write+0x10/0x10 [ 153.081859][ T7816] ? rcu_is_watching+0x15/0xb0 [ 153.081888][ T7816] ? do_syscall_64+0xbe/0x3b0 [ 153.081915][ T7816] do_syscall_64+0xfa/0x3b0 [ 153.081937][ T7816] ? lockdep_hardirqs_on+0x9c/0x150 [ 153.081958][ T7816] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.081973][ T7816] ? clear_bhb_loop+0x60/0xb0 [ 153.081994][ T7816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.082010][ T7816] RIP: 0033:0x7f2e36d8eb69 [ 153.082026][ T7816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 153.082040][ T7816] RSP: 002b:00007f2e37baa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 153.082060][ T7816] RAX: ffffffffffffffda RBX: 00007f2e36fb6080 RCX: 00007f2e36d8eb69 [ 153.082073][ T7816] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000008 [ 153.082084][ T7816] RBP: 00007f2e37baa090 R08: 0000000000000000 R09: 0000000000000000 [ 153.082094][ T7816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 153.082104][ T7816] R13: 0000000000000000 R14: 00007f2e36fb6080 R15: 00007fff040c3ab8 [ 153.082133][ T7816] [ 153.902464][ T7847] netlink: 'syz.2.551': attribute type 5 has an invalid length. [ 154.001150][ T7847] lo speed is unknown, defaulting to 1000 [ 154.544346][ T7878] syzkaller1: entered promiscuous mode [ 154.559832][ T7878] syzkaller1: entered allmulticast mode [ 155.059974][ T7898] netlink: 'syz.3.566': attribute type 5 has an invalid length. [ 155.356243][ T7909] lo speed is unknown, defaulting to 1000 [ 155.481326][ T7921] bridge8: entered allmulticast mode [ 157.037220][ T7969] __nla_validate_parse: 9 callbacks suppressed [ 157.037238][ T7969] netlink: 44 bytes leftover after parsing attributes in process `syz.1.584'. [ 157.060683][ T7969] netlink: 43 bytes leftover after parsing attributes in process `syz.1.584'. [ 157.078134][ T7969] netlink: 'syz.1.584': attribute type 5 has an invalid length. [ 157.086873][ T7969] netlink: 43 bytes leftover after parsing attributes in process `syz.1.584'. [ 157.196851][ T7982] lo speed is unknown, defaulting to 1000 [ 157.213183][ T7969] netlink: 192 bytes leftover after parsing attributes in process `syz.1.584'. [ 157.296219][ T7980] netlink: 12 bytes leftover after parsing attributes in process `syz.0.585'. [ 157.376827][ T7980] vlan3: entered promiscuous mode [ 157.397728][ T7980] bond0: entered promiscuous mode [ 157.414524][ T7980] bond_slave_0: entered promiscuous mode [ 157.438260][ T7980] bond_slave_1: entered promiscuous mode [ 157.961404][ T7991] FAULT_INJECTION: forcing a failure. [ 157.961404][ T7991] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 158.000375][ T7991] CPU: 1 UID: 0 PID: 7991 Comm: syz.3.588 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 158.000401][ T7991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 158.000411][ T7991] Call Trace: [ 158.000419][ T7991] [ 158.000427][ T7991] dump_stack_lvl+0x189/0x250 [ 158.000450][ T7991] ? __pfx____ratelimit+0x10/0x10 [ 158.000473][ T7991] ? __pfx_dump_stack_lvl+0x10/0x10 [ 158.000491][ T7991] ? __pfx__printk+0x10/0x10 [ 158.000514][ T7991] ? fs_reclaim_acquire+0x7d/0x100 [ 158.000541][ T7991] should_fail_ex+0x414/0x560 [ 158.000572][ T7991] prepare_alloc_pages+0x213/0x610 [ 158.000599][ T7991] __alloc_frozen_pages_noprof+0x123/0x370 [ 158.000622][ T7991] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 158.000653][ T7991] ? policy_nodemask+0x27c/0x720 [ 158.000683][ T7991] alloc_pages_mpol+0x232/0x4a0 [ 158.000713][ T7991] alloc_pages_noprof+0xa9/0x190 [ 158.000740][ T7991] get_free_pages_noprof+0xf/0x80 [ 158.000759][ T7991] __pollwait+0x27b/0x460 [ 158.000785][ T7991] ? __pfx___pollwait+0x10/0x10 [ 158.000807][ T7991] datagram_poll+0x7f/0x420 [ 158.000831][ T7991] sock_poll+0x32c/0x3e0 [ 158.000854][ T7991] ? __pfx_sock_poll+0x10/0x10 [ 158.000875][ T7991] do_select+0x105b/0x17e0 [ 158.000898][ T7991] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 158.000927][ T7991] ? do_select+0x871/0x17e0 [ 158.000972][ T7991] ? __pfx_do_select+0x10/0x10 [ 158.000995][ T7991] ? __lock_acquire+0xab9/0xd20 [ 158.001023][ T7991] ? __pfx___pollwait+0x10/0x10 [ 158.001067][ T7991] ? __pfx_pollwake+0x10/0x10 [ 158.001095][ T7991] ? __pfx_pollwake+0x10/0x10 [ 158.001122][ T7991] ? __pfx_pollwake+0x10/0x10 [ 158.001148][ T7991] ? __pfx_pollwake+0x10/0x10 [ 158.001181][ T7991] ? __pfx_pollwake+0x10/0x10 [ 158.001208][ T7991] ? __pfx_pollwake+0x10/0x10 [ 158.001235][ T7991] ? __pfx_pollwake+0x10/0x10 [ 158.001262][ T7991] ? __pfx_pollwake+0x10/0x10 [ 158.001289][ T7991] ? __pfx_pollwake+0x10/0x10 [ 158.001335][ T7991] core_sys_select+0x6dd/0xa20 [ 158.001372][ T7991] ? __pfx_core_sys_select+0x10/0x10 [ 158.001421][ T7991] ? __pfx_set_user_sigmask+0x10/0x10 [ 158.001459][ T7991] __se_sys_pselect6+0x27a/0x300 [ 158.001486][ T7991] ? __pfx___se_sys_pselect6+0x10/0x10 [ 158.001508][ T7991] ? __pfx_ksys_write+0x10/0x10 [ 158.001528][ T7991] ? rcu_is_watching+0x15/0xb0 [ 158.001555][ T7991] ? __x64_sys_pselect6+0x21/0xf0 [ 158.001581][ T7991] do_syscall_64+0xfa/0x3b0 [ 158.001603][ T7991] ? lockdep_hardirqs_on+0x9c/0x150 [ 158.001624][ T7991] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.001639][ T7991] ? clear_bhb_loop+0x60/0xb0 [ 158.001659][ T7991] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.001674][ T7991] RIP: 0033:0x7f4fc798eb69 [ 158.001690][ T7991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.001703][ T7991] RSP: 002b:00007f4fc8823038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 158.001722][ T7991] RAX: ffffffffffffffda RBX: 00007f4fc7bb6080 RCX: 00007f4fc798eb69 [ 158.001734][ T7991] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040 [ 158.001744][ T7991] RBP: 00007f4fc8823090 R08: 0000000000000000 R09: 0000000000000000 [ 158.001753][ T7991] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 158.001763][ T7991] R13: 0000000000000000 R14: 00007f4fc7bb6080 R15: 00007ffea05df7b8 [ 158.001790][ T7991] [ 158.895474][ T8022] netlink: 4 bytes leftover after parsing attributes in process `syz.4.596'. [ 159.090241][ T8027] netlink: 'syz.3.601': attribute type 1 has an invalid length. [ 159.190438][ T8027] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 159.205636][ T8027] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 159.209146][ T5935] IPVS: starting estimator thread 0... [ 159.221052][ T8040] FAULT_INJECTION: forcing a failure. [ 159.221052][ T8040] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 159.237933][ T8040] CPU: 0 UID: 0 PID: 8040 Comm: syz.2.603 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 159.237958][ T8040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 159.237966][ T8040] Call Trace: [ 159.237972][ T8040] [ 159.237978][ T8040] dump_stack_lvl+0x189/0x250 [ 159.237998][ T8040] ? __pfx____ratelimit+0x10/0x10 [ 159.238019][ T8040] ? __pfx_dump_stack_lvl+0x10/0x10 [ 159.238042][ T8040] ? __pfx__printk+0x10/0x10 [ 159.238060][ T8040] ? fs_reclaim_acquire+0x7d/0x100 [ 159.238087][ T8040] should_fail_ex+0x414/0x560 [ 159.238113][ T8040] prepare_alloc_pages+0x213/0x610 [ 159.238219][ T8040] __alloc_frozen_pages_noprof+0x123/0x370 [ 159.238242][ T8040] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 159.238261][ T8040] ? __pfx__copy_from_iter+0x10/0x10 [ 159.238280][ T8040] ? policy_nodemask+0x27c/0x720 [ 159.238300][ T8040] ? aa_file_perm+0x122/0xe70 [ 159.238322][ T8040] alloc_pages_mpol+0x232/0x4a0 [ 159.238347][ T8040] alloc_pages_noprof+0xa9/0x190 [ 159.238369][ T8040] anon_pipe_write+0xb85/0x1360 [ 159.238405][ T8040] ? __pfx_anon_pipe_write+0x10/0x10 [ 159.238441][ T8040] ? common_file_perm+0x199/0x200 [ 159.238462][ T8040] ? bpf_lsm_file_permission+0x9/0x20 [ 159.238480][ T8040] ? security_file_permission+0x75/0x290 [ 159.238506][ T8040] vfs_write+0x54b/0xa90 [ 159.238530][ T8040] ? __pfx_anon_pipe_write+0x10/0x10 [ 159.238548][ T8040] ? __pfx_vfs_write+0x10/0x10 [ 159.238576][ T8040] ? __fget_files+0x2a/0x420 [ 159.238597][ T8040] ksys_write+0x145/0x250 [ 159.238618][ T8040] ? __pfx_ksys_write+0x10/0x10 [ 159.238635][ T8040] ? rcu_is_watching+0x15/0xb0 [ 159.238660][ T8040] ? do_syscall_64+0xbe/0x3b0 [ 159.238683][ T8040] do_syscall_64+0xfa/0x3b0 [ 159.238701][ T8040] ? lockdep_hardirqs_on+0x9c/0x150 [ 159.238719][ T8040] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.238733][ T8040] ? clear_bhb_loop+0x60/0xb0 [ 159.238750][ T8040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.238763][ T8040] RIP: 0033:0x7f552ad8eb69 [ 159.238776][ T8040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.238788][ T8040] RSP: 002b:00007f552bbf8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 159.238805][ T8040] RAX: ffffffffffffffda RBX: 00007f552afb5fa0 RCX: 00007f552ad8eb69 [ 159.238815][ T8040] RDX: 00000000fffffdef RSI: 00002000000001c0 RDI: 0000000000000000 [ 159.238824][ T8040] RBP: 00007f552bbf8090 R08: 0000000000000000 R09: 0000000000000000 [ 159.238832][ T8040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 159.238841][ T8040] R13: 0000000000000000 R14: 00007f552afb5fa0 R15: 00007ffc57e3a598 [ 159.238864][ T8040] [ 159.611713][ T8039] IPVS: using max 24 ests per chain, 57600 per kthread [ 159.946499][ T8060] netlink: 44 bytes leftover after parsing attributes in process `syz.0.610'. [ 159.952467][ T8056] netlink: 8 bytes leftover after parsing attributes in process `syz.3.607'. [ 159.971607][ T8060] netlink: 43 bytes leftover after parsing attributes in process `syz.0.610'. [ 160.002630][ T8060] netlink: 'syz.0.610': attribute type 5 has an invalid length. [ 160.023916][ T8060] netlink: 43 bytes leftover after parsing attributes in process `syz.0.610'. [ 160.210846][ T8060] lo speed is unknown, defaulting to 1000 [ 160.500635][ T8087] 8021q: VLANs not supported on nlmon0 [ 160.608338][ T8093] netlink: 'syz.2.617': attribute type 1 has an invalid length. [ 160.659328][ T8096] tipc: Enabled bearer , priority 0 [ 160.691261][ T8089] netlink: 'syz.3.616': attribute type 1 has an invalid length. [ 160.800631][ T8099] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 160.820712][ T8099] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 160.867525][ T8096] syzkaller0: entered promiscuous mode [ 160.884372][ T8096] syzkaller0: entered allmulticast mode [ 160.992121][ T8110] tipc: Resetting bearer [ 161.050654][ T8095] tipc: Resetting bearer [ 161.164945][ T8095] tipc: Disabling bearer [ 161.586374][ T8143] wg2: entered promiscuous mode [ 161.612211][ T8143] wg2: entered allmulticast mode [ 161.769927][ T8146] syzkaller0: entered promiscuous mode [ 161.777425][ T8146] syzkaller0: entered allmulticast mode [ 163.503136][ T8172] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.511392][ T8172] bridge0: port 1(bridge_slave_0) entered forwarding state [ 163.936529][ T8190] lo speed is unknown, defaulting to 1000 [ 164.089635][ T8196] __nla_validate_parse: 2 callbacks suppressed [ 164.089655][ T8196] netlink: 12 bytes leftover after parsing attributes in process `syz.0.658'. [ 164.354071][ T8202] syzkaller0: entered promiscuous mode [ 164.395809][ T8202] syzkaller0: entered allmulticast mode [ 168.384736][ T8253] tipc: Started in network mode [ 168.403655][ T8253] tipc: Node identity ce29d5c92403, cluster identity 4711 [ 168.454156][ T8253] tipc: Enabled bearer , priority 0 [ 168.481285][ T8280] netlink: 4 bytes leftover after parsing attributes in process `syz.1.682'. [ 168.497312][ T8256] syzkaller0: entered promiscuous mode [ 168.519999][ T8256] syzkaller0: entered allmulticast mode [ 168.739555][ T8266] tipc: Resetting bearer [ 168.834191][ T8266] tipc: Disabling bearer [ 169.469419][ T8287] ------------[ cut here ]------------ [ 169.470513][ T8287] [ 169.470523][ T8287] ====================================================== [ 169.470529][ T8287] WARNING: possible circular locking dependency detected [ 169.470543][ T8287] 6.16.0-syzkaller-06574-gd9104cec3e8f #0 Not tainted [ 169.470553][ T8287] ------------------------------------------------------ [ 169.470559][ T8287] syz.3.685/8287 is trying to acquire lock: [ 169.470568][ T8287] ffffffff8e130720 (console_owner){-...}-{0:0}, at: console_flush_all+0x13a/0xc40 [ 169.470614][ T8287] [ 169.470614][ T8287] but task is already holding lock: [ 169.470620][ T8287] ffff8880b8639f58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 169.470664][ T8287] [ 169.470664][ T8287] which lock already depends on the new lock. [ 169.470664][ T8287] [ 169.470669][ T8287] [ 169.470669][ T8287] the existing dependency chain (in reverse order) is: [ 169.470675][ T8287] [ 169.470675][ T8287] -> #4 (&rq->__lock){-.-.}-{2:2}: [ 169.470699][ T8287] lock_acquire+0x120/0x360 [ 169.470718][ T8287] _raw_spin_lock_nested+0x32/0x50 [ 169.470738][ T8287] raw_spin_rq_lock_nested+0x2a/0x140 [ 169.470758][ T8287] task_rq_lock+0xbc/0x470 [ 169.470778][ T8287] cgroup_move_task+0x92/0x2a0 [ 169.470791][ T8287] css_set_move_task+0x658/0x9e0 [ 169.470807][ T8287] cgroup_post_fork+0x1ef/0x790 [ 169.470822][ T8287] copy_process+0x3862/0x3c00 [ 169.470837][ T8287] kernel_clone+0x21e/0x840 [ 169.470851][ T8287] user_mode_thread+0xdd/0x140 [ 169.470865][ T8287] rest_init+0x23/0x300 [ 169.470879][ T8287] start_kernel+0x3a9/0x410 [ 169.470899][ T8287] x86_64_start_reservations+0x24/0x30 [ 169.470915][ T8287] x86_64_start_kernel+0x143/0x1c0 [ 169.470931][ T8287] common_startup_64+0x13e/0x147 [ 169.470949][ T8287] [ 169.470949][ T8287] -> #3 (&p->pi_lock){-.-.}-{2:2}: [ 169.470973][ T8287] lock_acquire+0x120/0x360 [ 169.470991][ T8287] _raw_spin_lock_irqsave+0xa7/0xf0 [ 169.471009][ T8287] try_to_wake_up+0x6e/0x1290 [ 169.471025][ T8287] __wake_up_common_lock+0x137/0x1f0 [ 169.471042][ T8287] tty_port_default_wakeup+0xa2/0xf0 [ 169.471060][ T8287] serial8250_tx_chars+0x72e/0x970 [ 169.471076][ T8287] serial8250_handle_irq+0x633/0xbb0 [ 169.471092][ T8287] serial8250_default_handle_irq+0xbf/0x1e0 [ 169.471111][ T8287] serial8250_interrupt+0x8d/0x160 [ 169.471132][ T8287] __handle_irq_event_percpu+0x289/0x980 [ 169.471149][ T8287] handle_irq_event+0x8b/0x1e0 [ 169.471165][ T8287] handle_edge_irq+0x23b/0x9f0 [ 169.471179][ T8287] __common_interrupt+0x143/0x250 [ 169.471199][ T8287] common_interrupt+0xb6/0xe0 [ 169.471214][ T8287] asm_common_interrupt+0x26/0x40 [ 169.471228][ T8287] kasan_byte_accessible+0x16/0x30 [ 169.471243][ T8287] __kasan_check_byte+0x12/0x40 [ 169.471263][ T8287] lock_acquire+0x8d/0x360 [ 169.471281][ T8287] _raw_spin_lock+0x2e/0x40 [ 169.471297][ T8287] pgd_alloc+0xf1/0x570 [ 169.471311][ T8287] mm_init+0x5ef/0xef0 [ 169.471331][ T8287] alloc_bprm+0x378/0x5b0 [ 169.471349][ T8287] do_execveat_common+0x1b3/0x6a0 [ 169.471376][ T8287] __x64_sys_execve+0x94/0xb0 [ 169.471395][ T8287] do_syscall_64+0xfa/0x3b0 [ 169.471416][ T8287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.471431][ T8287] [ 169.471431][ T8287] -> #2 (&tty->write_wait){-.-.}-{3:3}: [ 169.471453][ T8287] lock_acquire+0x120/0x360 [ 169.471470][ T8287] _raw_spin_lock_irqsave+0xa7/0xf0 [ 169.471485][ T8287] __wake_up_common_lock+0x2f/0x1f0 [ 169.471502][ T8287] tty_port_default_wakeup+0xa2/0xf0 [ 169.471527][ T8287] serial8250_tx_chars+0x72e/0x970 [ 169.471543][ T8287] serial8250_handle_irq+0x633/0xbb0 [ 169.471558][ T8287] serial8250_default_handle_irq+0xbf/0x1e0 [ 169.471576][ T8287] serial8250_interrupt+0x8d/0x160 [ 169.471596][ T8287] __handle_irq_event_percpu+0x289/0x980 [ 169.471613][ T8287] handle_irq_event+0x8b/0x1e0 [ 169.471628][ T8287] handle_edge_irq+0x23b/0x9f0 [ 169.471642][ T8287] __common_interrupt+0x143/0x250 [ 169.471662][ T8287] common_interrupt+0xb6/0xe0 [ 169.471676][ T8287] asm_common_interrupt+0x26/0x40 [ 169.471690][ T8287] _raw_spin_unlock_irqrestore+0xa8/0x110 [ 169.471709][ T8287] uart_port_unlock_deref+0x111/0x2f0 [ 169.471724][ T8287] uart_write+0xe8/0x130 [ 169.471738][ T8287] n_tty_write+0xd32/0x11d0 [ 169.471757][ T8287] file_tty_write+0x503/0x990 [ 169.471771][ T8287] vfs_write+0x54b/0xa90 [ 169.471790][ T8287] ksys_write+0x145/0x250 [ 169.471808][ T8287] do_syscall_64+0xfa/0x3b0 [ 169.471829][ T8287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.471844][ T8287] [ 169.471844][ T8287] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 169.471868][ T8287] lock_acquire+0x120/0x360 [ 169.471887][ T8287] _raw_spin_lock_irqsave+0xa7/0xf0 [ 169.471904][ T8287] serial8250_console_write+0x17e/0x1ba0 [ 169.471921][ T8287] console_flush_all+0x728/0xc40 [ 169.471937][ T8287] console_unlock+0xc4/0x270 [ 169.471951][ T8287] vprintk_emit+0x5b7/0x7a0 [ 169.471964][ T8287] _printk+0xcf/0x120 [ 169.471981][ T8287] register_console+0xa8b/0xf90 [ 169.471996][ T8287] univ8250_console_init+0x3a/0x70 [ 169.472013][ T8287] console_init+0x10e/0x430 [ 169.472028][ T8287] start_kernel+0x254/0x410 [ 169.472048][ T8287] x86_64_start_reservations+0x24/0x30 [ 169.472065][ T8287] x86_64_start_kernel+0x143/0x1c0 [ 169.472081][ T8287] common_startup_64+0x13e/0x147 [ 169.472098][ T8287] [ 169.472098][ T8287] -> #0 (console_owner){-...}-{0:0}: [ 169.472122][ T8287] validate_chain+0xb9b/0x2140 [ 169.472136][ T8287] __lock_acquire+0xab9/0xd20 [ 169.472154][ T8287] lock_acquire+0x120/0x360 [ 169.472172][ T8287] console_flush_all+0x6d2/0xc40 [ 169.472187][ T8287] console_unlock+0xc4/0x270 [ 169.472200][ T8287] vprintk_emit+0x5b7/0x7a0 [ 169.472214][ T8287] _printk+0xcf/0x120 [ 169.472229][ T8287] report_bug+0x34e/0x4f0 [ 169.472248][ T8287] handle_bug+0x84/0x160 [ 169.472260][ T8287] exc_invalid_op+0x1a/0x50 [ 169.472274][ T8287] asm_exc_invalid_op+0x1a/0x20 [ 169.472288][ T8287] __schedule+0x19d9/0x4d30 [ 169.472305][ T8287] schedule+0x165/0x360 [ 169.472322][ T8287] __futex_wait+0x1c3/0x3e0 [ 169.472342][ T8287] futex_wait+0x104/0x360 [ 169.472367][ T8287] do_futex+0x333/0x420 [ 169.472382][ T8287] __se_sys_futex+0x36f/0x400 [ 169.472399][ T8287] do_syscall_64+0xfa/0x3b0 [ 169.472419][ T8287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.472433][ T8287] [ 169.472433][ T8287] other info that might help us debug this: [ 169.472433][ T8287] [ 169.472439][ T8287] Chain exists of: [ 169.472439][ T8287] console_owner --> &p->pi_lock --> &rq->__lock [ 169.472439][ T8287] [ 169.472467][ T8287] Possible unsafe locking scenario: [ 169.472467][ T8287] [ 169.472472][ T8287] CPU0 CPU1 [ 169.472477][ T8287] ---- ---- [ 169.472482][ T8287] lock(&rq->__lock); [ 169.472493][ T8287] lock(&p->pi_lock); [ 169.472506][ T8287] lock(&rq->__lock); [ 169.472518][ T8287] lock(console_owner); [ 169.472529][ T8287] [ 169.472529][ T8287] *** DEADLOCK *** [ 169.472529][ T8287] [ 169.472533][ T8287] 3 locks held by syz.3.685/8287: [ 169.472543][ T8287] #0: ffff8880b8639f58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 169.472590][ T8287] #1: ffffffff8e130780 (console_lock){+.+.}-{0:0}, at: _printk+0xcf/0x120 [ 169.472631][ T8287] #2: ffffffff8e018050 (console_srcu){....}-{0:0}, at: console_flush_all+0x13a/0xc40 [ 169.472672][ T8287] [ 169.472672][ T8287] stack backtrace: [ 169.472681][ T8287] CPU: 0 UID: 0 PID: 8287 Comm: syz.3.685 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 169.472701][ T8287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 169.472711][ T8287] Call Trace: [ 169.472718][ T8287] [ 169.472725][ T8287] dump_stack_lvl+0x189/0x250 [ 169.472745][ T8287] ? __pfx_dump_stack_lvl+0x10/0x10 [ 169.472761][ T8287] ? __pfx__printk+0x10/0x10 [ 169.472781][ T8287] ? print_lock_name+0xde/0x100 [ 169.472801][ T8287] print_circular_bug+0x2ee/0x310 [ 169.472819][ T8287] check_noncircular+0x134/0x160 [ 169.472839][ T8287] validate_chain+0xb9b/0x2140 [ 169.472863][ T8287] __lock_acquire+0xab9/0xd20 [ 169.472887][ T8287] ? console_flush_all+0x13a/0xc40 [ 169.472903][ T8287] lock_acquire+0x120/0x360 [ 169.472923][ T8287] ? console_flush_all+0x13a/0xc40 [ 169.472943][ T8287] ? do_raw_spin_unlock+0x122/0x240 [ 169.472960][ T8287] ? console_flush_all+0x13a/0xc40 [ 169.472978][ T8287] console_flush_all+0x6d2/0xc40 [ 169.472995][ T8287] ? console_flush_all+0x13a/0xc40 [ 169.473013][ T8287] ? console_flush_all+0x13a/0xc40 [ 169.473032][ T8287] ? __pfx_console_flush_all+0x10/0x10 [ 169.473051][ T8287] ? ktime_get+0x3e/0x1f0 [ 169.473069][ T8287] ? is_printk_cpu_sync_owner+0x32/0x40 [ 169.473090][ T8287] console_unlock+0xc4/0x270 [ 169.473107][ T8287] ? __pfx_console_unlock+0x10/0x10 [ 169.473123][ T8287] ? is_printk_cpu_sync_owner+0x32/0x40 [ 169.473145][ T8287] vprintk_emit+0x5b7/0x7a0 [ 169.473161][ T8287] ? __pfx_vprintk_emit+0x10/0x10 [ 169.473177][ T8287] ? __resched_curr+0x10b/0x3d0 [ 169.473205][ T8287] _printk+0xcf/0x120 [ 169.473226][ T8287] ? __pfx__printk+0x10/0x10 [ 169.473246][ T8287] ? find_bug+0xa5/0x370 [ 169.473265][ T8287] ? __schedule+0x19d9/0x4d30 [ 169.473286][ T8287] report_bug+0x34e/0x4f0 [ 169.473305][ T8287] ? __schedule+0x19d9/0x4d30 [ 169.473324][ T8287] ? __schedule+0x19d9/0x4d30 [ 169.473343][ T8287] ? __schedule+0x19db/0x4d30 [ 169.473368][ T8287] handle_bug+0x84/0x160 [ 169.473384][ T8287] exc_invalid_op+0x1a/0x50 [ 169.473399][ T8287] asm_exc_invalid_op+0x1a/0x20 [ 169.473414][ T8287] RIP: 0010:__schedule+0x19d9/0x4d30 [ 169.473435][ T8287] Code: ff 4c 89 ff 48 83 c7 18 8b b4 24 b8 01 00 00 e8 4d d0 2c f6 4c 89 ff e8 d5 ae 20 f6 4c 89 ff e8 bd 8d 21 f6 e9 67 fd ff ff 90 <0f> 0b 90 e9 90 fb ff ff c6 05 3f b1 19 04 01 90 48 c7 c7 20 65 8a [ 169.473449][ T8287] RSP: 0018:ffffc9001ca8f7a0 EFLAGS: 00010016 [ 169.473464][ T8287] RAX: 0000000080000020 RBX: 0000000000000020 RCX: 00000000ffffffff [ 169.473476][ T8287] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc9001ca8f8e0 [ 169.473487][ T8287] RBP: ffffc9001ca8f9d8 R08: 0000000000000003 R09: 0000000000000004 [ 169.473497][ T8287] R10: dffffc0000000000 R11: fffff52003951f1c R12: ffff88801d293c00 [ 169.473509][ T8287] R13: dffffc0000000000 R14: ffff88802ab59e00 R15: ffff888029386010 [ 169.473538][ T8287] ? schedule+0x165/0x360 [ 169.473559][ T8287] ? __lock_acquire+0xab9/0xd20 [ 169.473579][ T8287] ? __pfx___schedule+0x10/0x10 [ 169.473605][ T8287] ? schedule+0x91/0x360 [ 169.473626][ T8287] schedule+0x165/0x360 [ 169.473646][ T8287] __futex_wait+0x1c3/0x3e0 [ 169.473670][ T8287] ? __pfx___futex_wait+0x10/0x10 [ 169.473692][ T8287] ? __pfx_futex_wake_mark+0x10/0x10 [ 169.473717][ T8287] ? futex_private_hash_put+0x4b/0x280 [ 169.473737][ T8287] futex_wait+0x104/0x360 [ 169.473759][ T8287] ? __pfx_futex_wait+0x10/0x10 [ 169.473787][ T8287] do_futex+0x333/0x420 [ 169.473807][ T8287] ? __pfx_do_futex+0x10/0x10 [ 169.473823][ T8287] ? __pfx_task_mm_cid_work+0x10/0x10 [ 169.473842][ T8287] __se_sys_futex+0x36f/0x400 [ 169.473863][ T8287] ? __pfx___se_sys_futex+0x10/0x10 [ 169.473881][ T8287] ? rcu_is_watching+0x15/0xb0 [ 169.473907][ T8287] ? __x64_sys_futex+0x21/0xf0 [ 169.473926][ T8287] do_syscall_64+0xfa/0x3b0 [ 169.473948][ T8287] ? lockdep_hardirqs_on+0x9c/0x150 [ 169.473968][ T8287] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.473985][ T8287] ? clear_bhb_loop+0x60/0xb0 [ 169.474003][ T8287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.474019][ T8287] RIP: 0033:0x7f4fc798eb69 [ 169.474034][ T8287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.474047][ T8287] RSP: 002b:00007f4fc88440e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 169.474064][ T8287] RAX: ffffffffffffffda RBX: 00007f4fc7bb5fa8 RCX: 00007f4fc798eb69 [ 169.474076][ T8287] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4fc7bb5fa8 [ 169.474086][ T8287] RBP: 00007f4fc7bb5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 169.474097][ T8287] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4fc7bb5fac [ 169.474107][ T8287] R13: 0000000000000000 R14: 00007ffea05df6d0 R15: 00007ffea05df7b8 [ 169.474125][ T8287] [ 170.753654][ T8287] WARNING: CPU: 0 PID: 8287 at ./include/linux/cpumask.h:135 __schedule+0x19d9/0x4d30 [ 170.763608][ T8287] Modules linked in: [ 170.767694][ T8287] CPU: 0 UID: 0 PID: 8287 Comm: syz.3.685 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 170.779627][ T8287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 170.796019][ T8287] RIP: 0010:__schedule+0x19d9/0x4d30 [ 170.801414][ T8287] Code: ff 4c 89 ff 48 83 c7 18 8b b4 24 b8 01 00 00 e8 4d d0 2c f6 4c 89 ff e8 d5 ae 20 f6 4c 89 ff e8 bd 8d 21 f6 e9 67 fd ff ff 90 <0f> 0b 90 e9 90 fb ff ff c6 05 3f b1 19 04 01 90 48 c7 c7 20 65 8a [ 170.827284][ T8287] RSP: 0018:ffffc9001ca8f7a0 EFLAGS: 00010016 [ 170.833698][ T8287] RAX: 0000000080000020 RBX: 0000000000000020 RCX: 00000000ffffffff [ 170.842904][ T8287] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc9001ca8f8e0 [ 170.851405][ T8287] RBP: ffffc9001ca8f9d8 R08: 0000000000000003 R09: 0000000000000004 [ 170.860994][ T8287] R10: dffffc0000000000 R11: fffff52003951f1c R12: ffff88801d293c00 [ 170.869590][ T8287] R13: dffffc0000000000 R14: ffff88802ab59e00 R15: ffff888029386010 [ 170.877903][ T8287] FS: 00007f4fc88446c0(0000) GS:ffff888125c80000(0000) knlGS:0000000000000000 [ 170.887886][ T8287] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 170.895609][ T8287] CR2: 0000000000000000 CR3: 000000004f8b6000 CR4: 00000000003526f0 [ 170.904382][ T8287] Call Trace: [ 170.908197][ T8287] [ 170.911437][ T8287] ? schedule+0x165/0x360 [ 170.916131][ T8287] ? __lock_acquire+0xab9/0xd20 [ 170.921065][ T8287] ? __pfx___schedule+0x10/0x10 [ 170.926594][ T8287] ? schedule+0x91/0x360 [ 170.931090][ T8287] schedule+0x165/0x360 [ 170.935756][ T8287] __futex_wait+0x1c3/0x3e0 [ 170.940793][ T8287] ? __pfx___futex_wait+0x10/0x10 [ 170.946170][ T8287] ? __pfx_futex_wake_mark+0x10/0x10 [ 170.951641][ T8287] ? futex_private_hash_put+0x4b/0x280 [ 170.957463][ T8287] futex_wait+0x104/0x360 [ 170.962409][ T8287] ? __pfx_futex_wait+0x10/0x10 [ 170.967968][ T8287] do_futex+0x333/0x420 [ 170.972422][ T8287] ? __pfx_do_futex+0x10/0x10 [ 170.978202][ T8287] ? __pfx_task_mm_cid_work+0x10/0x10 [ 170.983818][ T8287] __se_sys_futex+0x36f/0x400 [ 170.988943][ T8287] ? __pfx___se_sys_futex+0x10/0x10 [ 170.994162][ T8287] ? rcu_is_watching+0x15/0xb0 [ 170.999057][ T8287] ? __x64_sys_futex+0x21/0xf0 [ 171.003983][ T8287] do_syscall_64+0xfa/0x3b0 [ 171.008651][ T8287] ? lockdep_hardirqs_on+0x9c/0x150 [ 171.014095][ T8287] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.020260][ T8287] ? clear_bhb_loop+0x60/0xb0 [ 171.025018][ T8287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.031161][ T8287] RIP: 0033:0x7f4fc798eb69 [ 171.035693][ T8287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.056419][ T8287] RSP: 002b:00007f4fc88440e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 171.065247][ T8287] RAX: ffffffffffffffda RBX: 00007f4fc7bb5fa8 RCX: 00007f4fc798eb69 [ 171.075921][ T8287] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4fc7bb5fa8 [ 171.085759][ T8287] RBP: 00007f4fc7bb5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 171.095214][ T8287] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4fc7bb5fac [ 171.103779][ T8287] R13: 0000000000000000 R14: 00007ffea05df6d0 R15: 00007ffea05df7b8 [ 171.112378][ T8287] [ 171.115484][ T8287] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 171.123383][ T8287] CPU: 0 UID: 0 PID: 8287 Comm: syz.3.685 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) [ 171.136056][ T8287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 171.146811][ T8287] Call Trace: [ 171.150438][ T8287] [ 171.153445][ T8287] dump_stack_lvl+0x99/0x250 [ 171.158025][ T8287] ? __asan_memcpy+0x40/0x70 [ 171.162604][ T8287] ? __pfx_dump_stack_lvl+0x10/0x10 [ 171.168027][ T8287] ? __pfx__printk+0x10/0x10 [ 171.172628][ T8287] panic+0x2db/0x790 [ 171.176626][ T8287] ? __pfx_panic+0x10/0x10 [ 171.181381][ T8287] ? show_trace_log_lvl+0x4fb/0x550 [ 171.187201][ T8287] __warn+0x31b/0x4b0 [ 171.191267][ T8287] ? __schedule+0x19d9/0x4d30 [ 171.196041][ T8287] ? __schedule+0x19d9/0x4d30 [ 171.200893][ T8287] report_bug+0x2be/0x4f0 [ 171.205311][ T8287] ? __schedule+0x19d9/0x4d30 [ 171.210201][ T8287] ? __schedule+0x19d9/0x4d30 [ 171.215228][ T8287] ? __schedule+0x19db/0x4d30 [ 171.220087][ T8287] handle_bug+0x84/0x160 [ 171.224585][ T8287] exc_invalid_op+0x1a/0x50 [ 171.229696][ T8287] asm_exc_invalid_op+0x1a/0x20 [ 171.234552][ T8287] RIP: 0010:__schedule+0x19d9/0x4d30 [ 171.240178][ T8287] Code: ff 4c 89 ff 48 83 c7 18 8b b4 24 b8 01 00 00 e8 4d d0 2c f6 4c 89 ff e8 d5 ae 20 f6 4c 89 ff e8 bd 8d 21 f6 e9 67 fd ff ff 90 <0f> 0b 90 e9 90 fb ff ff c6 05 3f b1 19 04 01 90 48 c7 c7 20 65 8a [ 171.260045][ T8287] RSP: 0018:ffffc9001ca8f7a0 EFLAGS: 00010016 [ 171.266189][ T8287] RAX: 0000000080000020 RBX: 0000000000000020 RCX: 00000000ffffffff [ 171.274334][ T8287] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc9001ca8f8e0 [ 171.283284][ T8287] RBP: ffffc9001ca8f9d8 R08: 0000000000000003 R09: 0000000000000004 [ 171.291618][ T8287] R10: dffffc0000000000 R11: fffff52003951f1c R12: ffff88801d293c00 [ 171.300357][ T8287] R13: dffffc0000000000 R14: ffff88802ab59e00 R15: ffff888029386010 [ 171.308718][ T8287] ? schedule+0x165/0x360 [ 171.313237][ T8287] ? __lock_acquire+0xab9/0xd20 [ 171.318636][ T8287] ? __pfx___schedule+0x10/0x10 [ 171.323751][ T8287] ? schedule+0x91/0x360 [ 171.328551][ T8287] schedule+0x165/0x360 [ 171.333169][ T8287] __futex_wait+0x1c3/0x3e0 [ 171.337787][ T8287] ? __pfx___futex_wait+0x10/0x10 [ 171.343285][ T8287] ? __pfx_futex_wake_mark+0x10/0x10 [ 171.348758][ T8287] ? futex_private_hash_put+0x4b/0x280 [ 171.354827][ T8287] futex_wait+0x104/0x360 [ 171.360010][ T8287] ? __pfx_futex_wait+0x10/0x10 [ 171.365223][ T8287] do_futex+0x333/0x420 [ 171.369588][ T8287] ? __pfx_do_futex+0x10/0x10 [ 171.374548][ T8287] ? __pfx_task_mm_cid_work+0x10/0x10 [ 171.380257][ T8287] __se_sys_futex+0x36f/0x400 [ 171.385295][ T8287] ? __pfx___se_sys_futex+0x10/0x10 [ 171.390834][ T8287] ? rcu_is_watching+0x15/0xb0 [ 171.395951][ T8287] ? __x64_sys_futex+0x21/0xf0 [ 171.400813][ T8287] do_syscall_64+0xfa/0x3b0 [ 171.405814][ T8287] ? lockdep_hardirqs_on+0x9c/0x150 [ 171.411201][ T8287] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.417725][ T8287] ? clear_bhb_loop+0x60/0xb0 [ 171.422866][ T8287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.429390][ T8287] RIP: 0033:0x7f4fc798eb69 [ 171.434261][ T8287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.455360][ T8287] RSP: 002b:00007f4fc88440e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 171.464291][ T8287] RAX: ffffffffffffffda RBX: 00007f4fc7bb5fa8 RCX: 00007f4fc798eb69 [ 171.473081][ T8287] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4fc7bb5fa8 [ 171.481486][ T8287] RBP: 00007f4fc7bb5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 171.489893][ T8287] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4fc7bb5fac [ 171.498028][ T8287] R13: 0000000000000000 R14: 00007ffea05df6d0 R15: 00007ffea05df7b8 [ 171.506351][ T8287] [ 172.597172][ T8287] Shutting down cpus with NMI [ 172.602732][ T8287] Kernel Offset: disabled [ 172.607491][ T8287] Rebooting in 86400 seconds..