last executing test programs: 34.380385428s ago: executing program 2 (id=736): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000018c0)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000022780)=@newlink={0x40, 0x10, 0x49920d862a92153b, 0xc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90c1, 0x5c81}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x40}}, 0x48010) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x8e}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={0x2c, r4, 0x1, 0x0, 0x0, {0x23}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0) r5 = socket$inet6(0xa, 0x80000, 0xfffff000) connect$inet6(r5, &(0x7f0000000040)={0xa, 0x4e21, 0x7, @empty}, 0x1c) 34.07845766s ago: executing program 2 (id=741): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="0200000002f200000000000000", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r3, @ANYRES32=r4, @ANYBLOB="020000000200000000000000", @ANYRES32, @ANYBLOB="040682d3249bc9bca5a83e860d326b23ed29cf636f00ac6a5a5ca8fd01d7d7af50a999879e2c8355a88fbba381ee7b1220d179bbc5af8fa799e3f2f27446d20000000000000058d21d8077c8267ccaf9b7cb0ece044fee0c909655eb00eb3555bb324b0fec3ba27b65b4349acf3cfad201dd4977", @ANYRES64=0x0], 0x10) socket$inet6(0xa, 0x2, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r5 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r5, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000003c80)=ANY=[], 0x12f4}}, 0x0) recvmsg$unix(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/19, 0x13}], 0x1}, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000380)={'gre0\x00', &(0x7f0000000300)={'tunl0\x00', 0x0, 0x7, 0x20, 0x7, 0x0, {{0xa, 0x4, 0x1, 0x0, 0x28, 0x64, 0x0, 0x6, 0x2f, 0x0, @multicast2, @dev={0xac, 0x14, 0x14, 0x18}, {[@lsrr={0x83, 0x13, 0xd1, [@remote, @multicast2, @loopback, @empty]}]}}}}}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000003480)={0x6, 0x2, &(0x7f00000001c0)=ANY=[@ANYRES8=0x0], &(0x7f00000002c0)='GPL\x00', 0x4000005, 0x0, 0x0, 0x41100, 0x0, '\x00', r7, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x11}, 0x94) bind$inet(r6, 0x0, 0x0) r8 = socket(0x2c, 0x3, 0x0) r9 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000000100)) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c000000021301000600000600000000000000000e0003006269746d61f03a6970000000050003"], 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x63, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, {0xe, 0x3}, {0x6}, {0x4, 0x8}}}, 0x24}}, 0x40004) r10 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x84) epoll_wait(r9, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}], 0x7, 0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="b4000000000000007b110b0400001fbab74e208c02126a4c000040000000000000009500000000000000715d75a84a91b16e741cfba676fc8b698020dd07ceded2efa901ae0850aee9c391ba492fc67c0849460f5c9a357104d44cc89cbff8ce0c11f000ba0d01a0e0b07ae836058ba9d057f8fadb24b8b6b7046217252092a2a3ea0d73cac6c0314ad8552d3a1bacafccd646befdb750517e90b1e3354a8195c5716a331e5424b1490a581276"], &(0x7f0000000080)='GPL\x00', 0x4, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0xe, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76}, 0x48) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000000)='cubic\x00', 0x6) sendmsg$TIPC_CMD_ENABLE_BEARER(r8, &(0x7f0000000a80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8020200}, 0xc, &(0x7f0000000a40)={&(0x7f0000000400)={0x34, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {}, {0x18, 0x17, {0xa, 0x6, @l2={'ib', 0x3a, 'vlan0\x00'}}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x2044004}, 0x8000) socket$inet6_mptcp(0xa, 0x1, 0x106) 33.798556443s ago: executing program 2 (id=748): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c000000020601030000000000000000000000000500010007000000050004000000000005000500000000000900020073797a3100000000120003006269746d61703a69702c6d0063000000cfe3a500a16e5c37548efc301db67ac7f4d8d4f1cc762deea214c15ffe2a23971b31a3989149ce49b455b8cdeb264131e85fea8af257bf5d0086c60a82e0b91663c93eb7f17ecb56785ebf90b358714c378f3398c60f6d9b829369b21dca67d9ccd13c426abe9ccb96bd"], 0x4c}}, 0x0) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) splice(r3, &(0x7f0000000240)=0xffffffffffffffe0, r1, &(0x7f0000000280)=0x8, 0xc, 0x0) sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="09180000000000000000010000000800020002000000080001"], 0x24}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8001000d, 0xad, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x8d}, 0x90) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl(r4, 0x8b1a, &(0x7f0000000040)) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r5, &(0x7f00000002c0)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x3}}, 0x12) sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="140100001f000504000000000000000005"], 0x114}], 0x1}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x17}, @NFTA_CT_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000001100)=ANY=[@ANYBLOB="0180c20000030180c200000008004500001c0000e00000119078000000000000000000001b0000089078"], 0x0) syz_emit_ethernet(0x2a, &(0x7f0000001a80)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0) ioctl$BTRFS_IOC_DEFRAG_RANGE(r3, 0x40309410, 0x0) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c0001800500020000000000080004000500000008000100020000"], 0x7c}}, 0x0) 32.159220539s ago: executing program 2 (id=758): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040), 0x6) write(r0, &(0x7f0000000240)="b7fb1343", 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) r6 = socket$igmp(0x2, 0x3, 0x2) getsockopt$inet_mtu(r6, 0x0, 0xa, &(0x7f0000000080), &(0x7f00000000c0)=0x1) syz_emit_ethernet(0x5e, &(0x7f0000002e40)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x89, 0x0, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [{0x0, 0x2, "122b472e41e24b11f34b608816e5"}]}}}}}}, 0x0) write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x2d, 'cpu'}]}, 0x5) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010100000000000000008100000008000300", @ANYRES32=r7, @ANYBLOB="0a0006000802110000010000060066008e8800004a0033"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x2f, 0x2, 0x9, 0x3, 0x0, @remote, @empty, 0x700, 0x20, 0x1a, 0x8}}) 14.788737761s ago: executing program 2 (id=758): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040), 0x6) write(r0, &(0x7f0000000240)="b7fb1343", 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) r6 = socket$igmp(0x2, 0x3, 0x2) getsockopt$inet_mtu(r6, 0x0, 0xa, &(0x7f0000000080), &(0x7f00000000c0)=0x1) syz_emit_ethernet(0x5e, &(0x7f0000002e40)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x89, 0x0, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [{0x0, 0x2, "122b472e41e24b11f34b608816e5"}]}}}}}}, 0x0) write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x2d, 'cpu'}]}, 0x5) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010100000000000000008100000008000300", @ANYRES32=r7, @ANYBLOB="0a0006000802110000010000060066008e8800004a0033"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x2f, 0x2, 0x9, 0x3, 0x0, @remote, @empty, 0x700, 0x20, 0x1a, 0x8}}) 5.778265839s ago: executing program 3 (id=1030): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@polexpire={0xcc, 0x1b, 0x57a500b9b82fd89, 0x0, 0x0, {{{@in6=@private0, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20, 0x60}, {0x0, 0x0, 0x0, 0x1}, {}, 0xfffffffc}}, [@sec_ctx={0xc, 0x8, {0x8}}]}, 0xcc}}, 0x0) syz_emit_ethernet(0xc4, &(0x7f00000001c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}, @val={@val={0x88a8, 0x6, 0x1, 0x1}, {0x8100, 0x3, 0x1}}, {@llc_tr={0x11, {@snap={0x1, 0xaa, "0e8d", "71d5b4", 0x8914, "adb453b9415f1c5ddabf326b014ebea6bdf4c582e873086c37b8f7715606f03bb0278692f36c1c897d346b66b7d480e40a4bbbd1e7e58e899d15f995bce77f36b6dd9b8c1516f31cd7ef516d0850d68a5ea445b6eacf1988b336f2b16867e64e1f345304aa270cf07cc47cc877fd58282627909caa6cac4fd49819de08b2d2c04ebd181f53268feed31f2b732777aef600c84348024d2c70cf8f2c3d5b65f84a76031469d9"}}}}}, &(0x7f0000000080)={0x1, 0x1, [0xf73, 0xdc8, 0x1e6, 0xade]}) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8923, &(0x7f0000000040)={'virt_wifi0\x00', 0x102e}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'dvmrp0\x00', 0x2}) 5.608532177s ago: executing program 3 (id=1035): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@ipv6_newrule={0x44, 0x20, 0x1, 0x0, 0x0, {0xa, 0x80, 0x20, 0x40, 0x0, 0x0, 0x0, 0x8}, [@FRA_SRC={0x14, 0x2, @remote}, @FRA_DST={0x14, 0x1, @remote}]}, 0x44}, 0x1, 0x0, 0x0, 0x24040804}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000340)="e7ff", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0) sendmsg$SMC_PNETID_GET(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x7c, r1, 0x8, 0x70bd2b, 0x25dfdbfc, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'bridge_slave_1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}]}, 0x7c}, 0x1, 0x0, 0x0, 0x8004}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'ip6_vti0\x00', 0x0}) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r7, 0x29, 0x3c, 0x0, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@dellink={0x20, 0x11, 0x101, 0x0, 0x0, {0x0, 0x0, 0x0, r6}}, 0x20}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x11, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000000000000000000008500000087000000b500000000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6}, 0x94) 5.504935893s ago: executing program 3 (id=1038): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f00000001c0)={'ip6_vti0\x00', 0x0, 0x2f, 0x5, 0x1, 0xfff, 0x5, @dev={0xfe, 0x80, '\x00', 0xf}, @empty, 0x40, 0x0, 0x19, 0x801}}) socket$kcm(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0x20, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x1c, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}]}]}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0xac}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 5.382400876s ago: executing program 3 (id=1042): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000880)=ANY=[@ANYBLOB="b4050018000000007110630000000000060000000000000095000000000000001f3d4eb3edc86c04e323b24d9426e5339e162b4915ca4c92ec3a4a3935b6d581c304908f84d3f0e99ac4402141407b980e454bd575dd0dc0f1a682f6ba574e0700000000000000515ec25d0b1f1c8c9cd8eb72385ad6136789dcd5a694d3cfb4cec510d0d4d980e649aa4492032c5888f5f9b246b9f5117cb89f3ff246280a1ab186bbd42370e30e9a2028d82bd071a329b281c4393e1e8ce723f67552961cd23f056542399289825a0d3e13b1401cda214d8f87ba4e8a5fff7be68fe15f3c1df84f2086f79ab69bbb072848357dc3bbc144cca554fdf459a2b6dd58c29bafe29a5b1d630a94c14753a1b0d26203185b5735d393c9a6367767ff9f9edf5e6e7e94aefd0d49ad707a4a7027185086a66c0a321f386bc40caed35d63967e3809ad3187a72972c5c22c085f0a481e7ce9458e8c21647d100c9fc91eb8fe87d05e6545dcbe6cd28444fcdaac12f6469abc71af781f79c7aeafcdcadda97413e2539860ae46370405f742edd486fc26697c52d18f7adeaf79101b3da624ef12673df25d15d6f3f0be93636d8ea88eaafe20257812496258c87d3e97c35fbf3967e1ae86639489758fa8759006669c0d7ed1710d80bf8424e190cb78e36dd7e2e01034991761ff243405d75021155bf4e831208f0a845897ac198e36dc9e0928727ea3a6dc3f2f64aa4007cf52c41ffff9c7a51dc635d7d34f509725530e2f1d1f5ba90c325591f90c354764997bd47abcab66966d683c392ea96668506002589df1c948237f1533f3157fec94ebf2ce6347f6516a"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd96, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 5.238996872s ago: executing program 3 (id=1043): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) socket$inet(0x2, 0xa, 0x400) sendmsg$NFT_BATCH(r0, 0x0, 0x40004) r1 = socket$inet_udp(0x2, 0x2, 0x0) socket(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) writev(r2, 0x0, 0x0) close(r1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="3900000013000318680907070000000f0000ff3f04000000170a001700000000040037000d00030001332564aa58b9a64411f6bbf44d", 0x36}], 0x1) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000480)=@bpf_lsm={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180017370200f70000000000400500007c"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x8}, 0x94) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4c00000002060108000034e400000000000000020500010006000000050004000000fe0009"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000090601080000000000000000050000000900020073797a310000000005000100070000002c000780060004404e21000005000700e30000000c00018008000140850101010c00028008000140"], 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 4.838339718s ago: executing program 2 (id=758): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040), 0x6) write(r0, &(0x7f0000000240)="b7fb1343", 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) r6 = socket$igmp(0x2, 0x3, 0x2) getsockopt$inet_mtu(r6, 0x0, 0xa, &(0x7f0000000080), &(0x7f00000000c0)=0x1) syz_emit_ethernet(0x5e, &(0x7f0000002e40)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x89, 0x0, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [{0x0, 0x2, "122b472e41e24b11f34b608816e5"}]}}}}}}, 0x0) write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x2d, 'cpu'}]}, 0x5) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010100000000000000008100000008000300", @ANYRES32=r7, @ANYBLOB="0a0006000802110000010000060066008e8800004a0033"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x2f, 0x2, 0x9, 0x3, 0x0, @remote, @empty, 0x700, 0x20, 0x1a, 0x8}}) 3.25755184s ago: executing program 4 (id=1054): setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000200)={@in={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x0, 0x0, 0x22, 0x0, "42c99d16bed82f36a03fdc8c947d5bcec7615222d1fe5a9a59bd90ac5abf8ce35792898dd28a379bb8a7192f4359010907c81ca13a6ef8f266d1228cff930f5506989e524d267b743f686a44296443b2"}, 0xd8) writev(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x4, {[@window={0xa, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) 2.901200091s ago: executing program 1 (id=1055): syz_emit_ethernet(0x5e, &(0x7f0000001900)={@local, @broadcast, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0xc, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @multicast2, {[@cipso={0x86, 0x6}, @lsrr={0x83, 0x13, 0x0, [@dev, @broadcast, @loopback, @multicast2]}]}}}}}}}, 0x0) 2.777333769s ago: executing program 4 (id=1056): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@iv={0x30, 0x117, 0x2, 0x16, "e2ccc08cd7dfbe3b4d9a7b0a8f1f4e83d48c56335759"}], 0x30}], 0x1, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="a00000001800092d00000000000000001c140000fe000001"], 0xa0}}, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r0, 0x0, 0x2c, &(0x7f0000000180)="17000000020002000003be8c5ee17688a8006c00030100ecff3f0000000300000a0001000098fc5a53d3f5b7e4a96c6b06169da9c0f8d9485bbb6a880000d6c8db0000dba67e06000000e289c46f8ab8b4028a7a63c900000200df0180000000000100000000000080c457681f009cee4a5acb3da400001fb7315033bf79ac2df5bc080236e2b68c8eec25a02aff06011500394100000000000affff02dfccebf6ba00085d024f0298e9e90554062a80e605007f71174aa9", 0xb8) 2.759620932s ago: executing program 1 (id=1057): syz_emit_ethernet(0x0, 0x0, 0x0) sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window, @mss, @window, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='highspeed\x00', 0xa) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000700), 0x4) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x14, 0x0, 0x1, 0x70bd2b, 0x25dfdbff}, 0x14}}, 0x4000000) accept4(0xffffffffffffffff, &(0x7f0000001ac0)=@ax25={{0x3, @default}, [@remote, @rose, @remote, @default, @default, @rose, @default, @bcast]}, 0x0, 0x80800) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_RECONFIGURE(r1, 0x0, 0x4880) 1.790638s ago: executing program 4 (id=1061): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x48010}, 0x20004000) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x43}, 0x94) syz_emit_ethernet(0x7a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd6015690900442f"], 0x0) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{0x1, 0xffffffffffffffff}, &(0x7f0000000540), &(0x7f0000000580)=r2}, 0x20) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000018c0)={&(0x7f00000006c0)="ab6ba2ef5629c3a37b52b3dc8f38ab733540692ee5415b4826beb1524936abaca539d368bc8e580a72e29c6be6fdaa4915531eca254e0843e28a35b39691d6a008f3c94e1363499ffd469850791a254af3a9e84e785ce5d95a55788ce48fc218d264b4cc57c157295916a62ca87e970cb06440be817678f92024f1b3c6210d6b81885190a79310aa28ec77d72670af05510dd6af50e0597d550fcbde2ff123087e0ddf44f704131bf37fe1b704f9ed3e6c54e31aa6305c8fda06fe289c7f6635262ad4", &(0x7f00000007c0)=""/4096, &(0x7f00000003c0)="6ac60c8ead48e9002f4a8bc3f00e220ea8121c05af63f7c38c350dfa4f693bb9d33faca93ba75a57bcfa27ca68fcb489b230e95a326a3dd429ce7abff3148e5bbe3132a38c6c443ee56beac1fb5fd761799808b5afba0b175be2fbf0cadf6d69505f4d18c0fc190bb4613988091d953cac9f4b5133d971aceb150abf74dfddbb937cecb921306753332c3e1f0e07e93be796ee9983dfc214dcb284a830e2695aff", &(0x7f00000017c0)="40ca1906615b8c46c834a5cc65a030752bbd9dd704289044be52205e68ad32906768bcbf61054d65809f71b0654fd7ad368629cf1c0a167e988cad1da15b380d3fab48c0c6b34372aaa315187a845682482b7f00982ad0051431bae3bc945a1904dac4fa03fe65bf1e3af23dd2c384f32fb691bbe2fb43f0b931d5bb81af4c00d34d8811a1318dae91dc71226fe82159bf83b51b06cf4ded2ca124887c00212982e04c1a6e3db0c8968b394372aaf26879e482313dc62bc2735b55c65bb81f95196825", 0x8, r4, 0x4}, 0x38) sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000100001000000000000dfff000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e65766530000000000000000000140001006c6f0000000000000000000000000000080002"], 0xb4}}, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@fallback=r0, 0x15, 0x0, 0x9, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000380)={@fallback=r2, r2, 0x30, 0x2004, 0x0, @value, @void, @void, @void, r5}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000920c0000001d65dbd13a2f2837000000950000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0xe}, 0x94) 1.646720022s ago: executing program 1 (id=1062): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r3 = socket(0x40000000015, 0x5, 0x0) bind$inet(r3, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) r4 = socket$alg(0x26, 0x5, 0x0) splice(r0, &(0x7f0000000180)=0x7fffffffffffffff, r4, &(0x7f00000001c0)=0x9, 0x5, 0x6) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r3, 0x0, &(0x7f0000000380)) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, 0x0, 0x48890) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x11c, 0x2b, 0x1, 0x2, 0x25dfdbfd, "", [@nested={0x109, 0x0, 0x0, 0x1, [@typed={0x14, 0x0, 0x0, 0x0, @ipv6=@remote}, @typed={0x14, 0x2, 0x0, 0x0, @ipv6=@loopback={0x100000000000000}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd"]}]}, 0x11c}], 0x1}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r1, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) 1.258068083s ago: executing program 4 (id=1063): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f00000001c0)={'ip6_vti0\x00', 0x0, 0x2f, 0x5, 0x1, 0xfff, 0x5, @dev={0xfe, 0x80, '\x00', 0xf}, @empty, 0x40, 0x0, 0x19, 0x801}}) socket$kcm(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0x20, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x1c, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}]}]}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0xac}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 757.406958ms ago: executing program 0 (id=1065): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000002700)=@raw={'raw\x00', 0x8, 0x3, 0x1e8, 0x98, 0x8, 0xfa04, 0x98, 0x6c02, 0x150, 0x194, 0x194, 0x150, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {0xff}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@multicast2, @dev, 0x0, 0xffffff00, '\x00', 'tunl0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x400, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x248) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x401, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x202}, [@IFLA_TARGET_NETNSID={0x8}]}, 0x28}}, 0x0) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20) r4 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, &(0x7f0000001440)=ANY=[], 0xc0) setsockopt$inet6_IPV6_RTHDR(r4, 0x29, 0x39, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000010000895000000354f0000d578e9f076fe1083e55b8ad3a5c34e45db541359293d6874b8c20f89f0f7df7f2297b286d9954204d4403dd1664a00bf6666d0756f82e4f5ca28cd58714a47974ecd2e4bf01754920b6e7133400f6c47c7dc8d38e2dde689fe4146bcf469e20b3cbe031c1cdbaf9004dc7f8d31f06ae10075a58b3b5874b29f321d57b3ca363e"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x90) sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000ffc7511768003b2a4efe00000000000002000000040000b6"], 0x1c}}, 0x0) r5 = socket$inet(0x2, 0x3, 0x8) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000001900)=@raw={'raw\x00', 0x8, 0x3, 0x338, 0x0, 0xe138, 0x198, 0x1c0, 0x198, 0x2a0, 0x358, 0x358, 0x2a0, 0x358, 0x3, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'pimreg\x00', 'veth0_to_bond\x00'}, 0x0, 0x158, 0x1c0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'fsm\x00', "0d0004000000000000000404fff0cf81dfd28c89544e14cd3e01dd24289831867846c88621039b284c3ff45c42995560a99952bed40cf5a8c1df6cdbdb7e2378d5afd35f4c16827f55b3af494e39e8fb330200000000000032b6a99a8d87298e88a94cb519f5c17631af916a0002000000000000000000000000000000000049", 0x50}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x98, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x398) syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff080045000000019078ac1e0000000000000000000000fd1c624c68db7824eb952bb7493a592963f5e31216545b8dac7894a77ad2518d9002b91eb00daf912c12ae3b8e7b5e7cc14147de30c73ff15768c01653aa20da4c73afe4353b7b814820cd117b5f8d67673acf82059a819664bbaf3657edf49d7abd516baadbe0d5268003dba99b885ba2076c7b16c08e9bfdae36bcca05b71d86829c8cd6c5d0869fadf717097ced23fd8d4e869313b73a85"], 0x0) 748.898254ms ago: executing program 4 (id=1066): setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000200)={@in={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x0, 0x0, 0x22, 0x0, "42c99d16bed82f36a03fdc8c947d5bcec7615222d1fe5a9a59bd90ac5abf8ce35792898dd28a379bb8a7192f4359010907c81ca13a6ef8f266d1228cff930f5506989e524d267b743f686a44296443b2"}, 0xd8) writev(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x4, {[@window={0xa, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) 698.944242ms ago: executing program 1 (id=1067): syz_emit_ethernet(0x6e, &(0x7f0000001900)={@local, @broadcast, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @multicast2, {[@cipso={0x86, 0x18, 0x0, [{0x0, 0xd, "5e000000ff000000000000"}, {0x0, 0x5, "4eb8a6"}]}, @lsrr={0x83, 0x13, 0x0, [@dev, @broadcast, @loopback, @multicast2]}]}}}}}}}, 0x0) 693.974228ms ago: executing program 0 (id=1068): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@bloom_filter={0x1e, 0x0, 0xca, 0x3, 0x0, 0x1}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x1d, 0xf, &(0x7f0000000000)=@ringbuf={{0x18, 0x2}, {{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0x2}, {}, {0x85, 0x0, 0x0, 0x31}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x6c}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2b}, 0x90) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000080)={@cgroup, 0x3, 0x1, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0}, 0x9c) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_WOWLAN(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x24, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x1, 0x57}, @val={0x8, 0x3, r3}, @void}}}, 0x24}}, 0x0) (async) r4 = socket$inet6(0xa, 0x3, 0x3) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0xc7ec}, 0x1c) (async, rerun: 64) r5 = socket$igmp6(0xa, 0x3, 0x2) (rerun: 64) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) (async) sendmsg(r4, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 552.149541ms ago: executing program 1 (id=1069): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f00000001c0)={'ip6_vti0\x00', 0x0, 0x2f, 0x5, 0x1, 0xfff, 0x5, @dev={0xfe, 0x80, '\x00', 0xf}, @empty, 0x40, 0x0, 0x19, 0x801}}) socket$kcm(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x64, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0x1c, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0xa8}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 471.055586ms ago: executing program 0 (id=1070): syz_emit_ethernet(0x7e, &(0x7f00000013c0)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @broadcast=0xac14140a, @empty}}}}}}, 0x0) 337.566594ms ago: executing program 0 (id=1071): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000000c0)={0x9, 0xc4d5, 0x1, 0x4, 0x7fffffff, 0x8, 0x3, 0xa879, r1}, &(0x7f0000000240)=0x20) 304.12904ms ago: executing program 1 (id=1072): sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window, @mss, @window, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='highspeed\x00', 0xa) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000700), 0x4) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x14, 0x0, 0x1, 0x70bd2b, 0x25dfdbff}, 0x14}}, 0x4000000) accept4(0xffffffffffffffff, &(0x7f0000001ac0)=@ax25={{0x3, @default}, [@remote, @rose, @remote, @default, @default, @rose, @default, @bcast]}, 0x0, 0x80800) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_RECONFIGURE(r1, 0x0, 0x4880) 162.885274ms ago: executing program 4 (id=1073): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f0000000140)=@raw=[@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x59}, @exit], &(0x7f0000000200)='GPL\x00'}, 0x90) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="5c0000000206010200000000000000000c0000000c00078008001240000600000500010006000000050005000a000000050004000000000009bccc0fd7786df6297700020073797a300000000015000300686173683a69702c706f72742c6e657400000000914a2f2db59edf952a4e93e1865e6a6f5bc9d73412b56fc16b3f50675a167535bad61b68c2695f7dcfadcdbf99b44ff9d6c436011d88b43181251b9ec3773629bec8e722619fbace19bcd96065087969e46b7eb2a808906a10e9b9a928924473f4ebc8a5de10bb9790376ce80ab009ef45ff4ac6ab4eb3"], 0x5c}}, 0x4020) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x80000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_int(r6, 0x107, 0xb, 0x0, &(0x7f0000000100)=0x2be628de19587dbc) listen(r3, 0x0) r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r7, &(0x7f0000000100)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @null}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000001740)=[{{&(0x7f0000000200)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000080)="ae", 0x1}], 0x1}}], 0x1, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa0806000108000604cdbdaaaaaaaaaaaaac1414bb0180c2000000ffffffff"], 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)=ANY=[@ANYBLOB="010000801000001000"/20, @ANYRES32=0x0, @ANYBLOB="0800000000000000280012800b0001006272696467650000180002800a001400aaaaaaaaaabb00000800090000000000"], 0x48}}, 0x0) 161.219309ms ago: executing program 0 (id=1074): r0 = socket$inet6(0xa, 0x1, 0x100) listen(r0, 0x0) (async) syz_emit_ethernet(0x4e, &(0x7f0000000b80)={@link_local, @empty, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2c96ed", 0x18, 0x0, 0x0, @dev, @local, {[@hopopts={0x0, 0x2, '\x00', [@generic={0x7, 0x8, "846ddaa35696f9a4"}, @pad1, @generic={0x0, 0x1, '('}]}]}}}}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x20, r2, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}]}, 0x20}}, 0x0) (async) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='net_prio.prioidx\x00', 0x0, 0x0) sendmsg$AUDIT_LIST_RULES(r3, &(0x7f0000000100)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0xff93, 0x3f5, 0x200, 0x70bd29, 0x25dfdbfe, "", ["", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x100}, 0xa0) 777.477µs ago: executing program 0 (id=1075): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000001740)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000bc7ef9642d29ba564165605dca29708efdf9b15a5c10a126121b2751f642635bcd9a8bf7a928a5d054b0d2c54d519ea75c52f41ed6f2886973626b684c8bd9108c0b0b2ea7e556948f0367aff4fbcede3294f6e73d06ad16dc2d26725ff833b5f83b499918e6a6ec245b781d41aee9624c847e2f2312d6b9db45bad354fc1a3f20407ffe406483a0524937ee7559e4bf70136746b37fdfbbb152758d37ed8bcac41fb7243bdcd536249c7996e898b61927eaa5a8790054ba13d3ade593220f96027090a34aaf7ea92f41aab73e7a85eef87e956bb7c5c76a347264fd99359f4e57b0dcc2bcc188ea880a4b11a8bb81eb22b0ddfc689e3218cf310dcc61cab354149d9107d8a88b0aa5b5661555f00443aee5e714009e52cee5e88f008148ddbc0fa81bf938bed4a1ac778d5337cc0311d0772eeac3eab38426e8d1472ff514aa5379ed21551790cc10148410b4fc27582fd7106a8887a9a0b613dfe10aee77542d887208f5534f5dce4d43f258fc9ef975834e1917666e2aff1cebfc3ce2c1e8ff66bba1d9050000000000000078db7024bf321636bede8651e672ed4f01ba5da2c3f9042a8552bd3f2c9ad546ad0ea20b4d35fb0a15c6239f67c7747a40fe26a88adf727fd1b801b4e56fbffcad99ce68fe2af0d94fdc78d27268de435021dca51acaa7a9e0944bdf579c170db6405944b6791a7713ee54f650fdf71b57c3629fb185efce700620ef5744623be08ec935dd563e6ba0b461bda98b364acf3dcdafa9b0e68c21ea509212c2938aa09cc31aa4ee5bfb8e507181909f5854b13997af4888cd61c8aab5fdfd701a16d546e5a533cd9b985dcc582b67979551dcc750fc51f2c9b6814edeffc76a86ea9f58b7c66fa24540daf14c2163d064f8cf0b4878f81e6b8bc4dabc10dac82b39e033963a6d02434cb783a198829d1373790a85c0e01a362d89e80165d280283af3c2060000000000000034b12a73b0c53bfae5d2f6e55728052247adfe0966c6c5eca57918c4540c979a70a281ba00e408c9fe1b20fa208976dd6a56f9bd9a74d81447c9b265d8c23f0e983e0b1d2d62d1e57c9188e4882634476e62ab1b7415a58208eaaf166d14720092f79a6197fe8b4ea7d5485cc6b3630afed8d3403cfa4d7bf48efb371706e0e65901eea3743c98261cbb7a246cf62f99bbc918741d32539ec0754e7d7f08dd45aaf49623342eabf466e54d8da4346e73da54ba2e4b5e2ae2823864d4147b490e55c9509f75c8828500ac32cab11b0262e75fa9e39e3792d01e0b210fdfb686bfffdc677432f6332c1a27502b43997060acdf7784c79fed0325e06f6b64b6434ebf4730509bcf95b9a1d0ba7c469d55351cc1dce6c90f5872e7ad5eed5f850d9d1f928b4e0263b241e8fe03e5e66252c8a3bd320e8deee5b91c653b8f22f58cff36c2ba4d6774f14229939595d2beb998c9312212de00468fc488591aca07ab75fba4a318d3ee4581711927b77a7f14dbcd639892f8cb0000000000000080411736eb1ee86eec338197a56293c9cdb72e84155681553b896d58b62a96852320e74dc4c9b41d6f90d2353dc573a94a092a84209c12da57f8c78e161b0899eb1c8b694d26c5fbf7f65fefacdbf39151f335dddc3b179a13f6de93ffb338e94738c86e35e9fcc654e4d6618dc1201cbd16e1281df911e6c699da16fbbb7a2e5c77966c98d3e7edd58cabfe6bf1bb7f6329084e3e4a2a36da07bbac3ebc00472f55b7966f250109fcce0ad5d4526d20ef74d1a634d724"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x0, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1c, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000002ff0100000000000000000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r4, r3}, 0x94) pipe(&(0x7f00000055c0)={0xffffffffffffffff}) shutdown(r5, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f0000000380)={'gre0\x00', &(0x7f0000000580)={'gretap0\x00', 0x0, 0x1, 0x7800, 0x82, 0x5, {{0x27, 0x4, 0x2, 0x1, 0x9c, 0x68, 0x0, 0x9, 0x29, 0x0, @private=0xa010100, @remote, {[@timestamp_addr={0x44, 0x1c, 0x73, 0x1, 0x3, [{@loopback, 0x40}, {@multicast2, 0xffffffff}, {@local, 0x7ca}]}, @timestamp_prespec={0x44, 0x44, 0xaa, 0x3, 0xf, [{@rand_addr=0x64010101, 0x3}, {@remote, 0x8}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8}, {@rand_addr=0x64010100, 0x9}, {@remote, 0x9}, {@empty, 0x6}, {@rand_addr=0x64010100, 0x2}, {@dev={0xac, 0x14, 0x14, 0x2e}, 0x7}]}, @timestamp={0x44, 0x24, 0xad, 0x0, 0x2, [0x9, 0x5, 0x6, 0xf, 0x0, 0x1, 0x7, 0x4]}, @end]}}}}}) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xd, &(0x7f0000000280)=ANY=[], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', r6, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r7, 0x0, 0x2}, 0x18) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r8) sendmsg$DEVLINK_CMD_RATE_NEW(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r9, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) 0s ago: executing program 3 (id=1076): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f00000001c0)={'ip6_vti0\x00', 0x0, 0x2f, 0x5, 0x1, 0xfff, 0x5, @dev={0xfe, 0x80, '\x00', 0xf}, @empty, 0x40, 0x0, 0x19, 0x801}}) socket$kcm(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0x20, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x1c, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}]}]}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0xac}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) kernel console output (not intermixed with test programs): 17] ? rcu_is_watching+0x15/0xb0 [ 127.651894][ T7517] __x64_sys_bpf+0x7c/0x90 [ 127.651915][ T7517] do_syscall_64+0xfa/0x3b0 [ 127.651930][ T7517] ? lockdep_hardirqs_on+0x9c/0x150 [ 127.651953][ T7517] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.651970][ T7517] ? clear_bhb_loop+0x60/0xb0 [ 127.651991][ T7517] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.652008][ T7517] RIP: 0033:0x7f096e78e929 [ 127.652024][ T7517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.652039][ T7517] RSP: 002b:00007f096c5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 127.652058][ T7517] RAX: ffffffffffffffda RBX: 00007f096e9b5fa0 RCX: 00007f096e78e929 [ 127.652071][ T7517] RDX: 0000000000000038 RSI: 0000200000000400 RDI: 000000000000001a [ 127.652113][ T7517] RBP: 00007f096c5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 127.652123][ T7517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 127.652134][ T7517] R13: 0000000000000000 R14: 00007f096e9b5fa0 R15: 00007ffdab0e6ca8 [ 127.652163][ T7517] [ 128.535305][ T7552] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 128.699069][ T7561] netlink: 'syz.0.577': attribute type 10 has an invalid length. [ 128.729740][ T7561] team0: Port device geneve0 added [ 128.936844][ T7569] FAULT_INJECTION: forcing a failure. [ 128.936844][ T7569] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 128.943376][ T7568] netlink: 'syz.3.580': attribute type 3 has an invalid length. [ 128.970993][ T7569] CPU: 0 UID: 0 PID: 7569 Comm: syz.1.581 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 128.971019][ T7569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 128.971030][ T7569] Call Trace: [ 128.971037][ T7569] [ 128.971045][ T7569] dump_stack_lvl+0x189/0x250 [ 128.971073][ T7569] ? __pfx____ratelimit+0x10/0x10 [ 128.971098][ T7569] ? __pfx_dump_stack_lvl+0x10/0x10 [ 128.971123][ T7569] ? __pfx__printk+0x10/0x10 [ 128.971141][ T7569] ? __might_fault+0xb0/0x130 [ 128.971168][ T7569] should_fail_ex+0x414/0x560 [ 128.971193][ T7569] _copy_from_user+0x2d/0xb0 [ 128.971211][ T7569] generic_map_update_batch+0x51b/0x7f0 [ 128.971242][ T7569] ? __pfx_generic_map_update_batch+0x10/0x10 [ 128.971261][ T7569] ? __fget_files+0x2a/0x420 [ 128.971287][ T7569] ? __pfx_generic_map_update_batch+0x10/0x10 [ 128.971305][ T7569] bpf_map_do_batch+0x36c/0x5f0 [ 128.971333][ T7569] __sys_bpf+0x384/0x860 [ 128.971358][ T7569] ? __pfx___sys_bpf+0x10/0x10 [ 128.971392][ T7569] ? ksys_write+0x22a/0x250 [ 128.971410][ T7569] ? __pfx_ksys_write+0x10/0x10 [ 128.971429][ T7569] ? rcu_is_watching+0x15/0xb0 [ 128.971461][ T7569] __x64_sys_bpf+0x7c/0x90 [ 128.971482][ T7569] do_syscall_64+0xfa/0x3b0 [ 128.971496][ T7569] ? lockdep_hardirqs_on+0x9c/0x150 [ 128.971519][ T7569] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.971535][ T7569] ? clear_bhb_loop+0x60/0xb0 [ 128.971555][ T7569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.971570][ T7569] RIP: 0033:0x7fa13cb8e929 [ 128.971585][ T7569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.971600][ T7569] RSP: 002b:00007fa13d979038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 128.971618][ T7569] RAX: ffffffffffffffda RBX: 00007fa13cdb5fa0 RCX: 00007fa13cb8e929 [ 128.971631][ T7569] RDX: 0000000000000038 RSI: 0000200000000400 RDI: 000000000000001a [ 128.971641][ T7569] RBP: 00007fa13d979090 R08: 0000000000000000 R09: 0000000000000000 [ 128.971652][ T7569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 128.971662][ T7569] R13: 0000000000000000 R14: 00007fa13cdb5fa0 R15: 00007ffd87cbd308 [ 128.971694][ T7569] [ 129.527028][ T7586] veth0: entered promiscuous mode [ 129.540061][ T7585] veth0: left promiscuous mode [ 129.625768][ T7590] netlink: 'syz.4.588': attribute type 2 has an invalid length. [ 129.723139][ T7596] FAULT_INJECTION: forcing a failure. [ 129.723139][ T7596] name failslab, interval 1, probability 0, space 0, times 0 [ 129.745040][ T7596] CPU: 1 UID: 0 PID: 7596 Comm: syz.3.590 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 129.745066][ T7596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.745077][ T7596] Call Trace: [ 129.745083][ T7596] [ 129.745091][ T7596] dump_stack_lvl+0x189/0x250 [ 129.745128][ T7596] ? __pfx____ratelimit+0x10/0x10 [ 129.745151][ T7596] ? __pfx_dump_stack_lvl+0x10/0x10 [ 129.745175][ T7596] ? __pfx__printk+0x10/0x10 [ 129.745207][ T7596] should_fail_ex+0x414/0x560 [ 129.745234][ T7596] should_failslab+0xa8/0x100 [ 129.745255][ T7596] kmem_cache_alloc_noprof+0x73/0x3c0 [ 129.745281][ T7596] ? skb_clone+0x212/0x3a0 [ 129.745307][ T7596] skb_clone+0x212/0x3a0 [ 129.745333][ T7596] __netlink_deliver_tap+0x404/0x850 [ 129.745366][ T7596] ? netlink_deliver_tap+0x2e/0x1b0 [ 129.745388][ T7596] netlink_deliver_tap+0x19c/0x1b0 [ 129.745409][ T7596] netlink_sendskb+0x68/0x140 [ 129.745429][ T7596] netlink_rcv_skb+0x28c/0x470 [ 129.745450][ T7596] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 129.745470][ T7596] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 129.745504][ T7596] ? netlink_deliver_tap+0x2e/0x1b0 [ 129.745522][ T7596] ? netlink_deliver_tap+0x2e/0x1b0 [ 129.745547][ T7596] netlink_unicast+0x75b/0x8d0 [ 129.745576][ T7596] netlink_sendmsg+0x805/0xb30 [ 129.745606][ T7596] ? __pfx_netlink_sendmsg+0x10/0x10 [ 129.745629][ T7596] ? aa_sock_msg_perm+0x94/0x160 [ 129.745652][ T7596] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 129.745673][ T7596] ? __pfx_netlink_sendmsg+0x10/0x10 [ 129.745693][ T7596] __sock_sendmsg+0x21c/0x270 [ 129.745721][ T7596] ____sys_sendmsg+0x505/0x830 [ 129.745748][ T7596] ? __pfx_____sys_sendmsg+0x10/0x10 [ 129.745779][ T7596] ? import_iovec+0x74/0xa0 [ 129.745800][ T7596] ___sys_sendmsg+0x21f/0x2a0 [ 129.745823][ T7596] ? __pfx____sys_sendmsg+0x10/0x10 [ 129.745882][ T7596] ? __fget_files+0x2a/0x420 [ 129.745898][ T7596] ? __fget_files+0x3a0/0x420 [ 129.745927][ T7596] __x64_sys_sendmsg+0x19b/0x260 [ 129.745949][ T7596] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 129.745979][ T7596] ? __pfx_ksys_write+0x10/0x10 [ 129.745998][ T7596] ? do_syscall_64+0xbe/0x3b0 [ 129.746013][ T7596] do_syscall_64+0xfa/0x3b0 [ 129.746025][ T7596] ? lockdep_hardirqs_on+0x9c/0x150 [ 129.746043][ T7596] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.746057][ T7596] ? clear_bhb_loop+0x60/0xb0 [ 129.746074][ T7596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.746087][ T7596] RIP: 0033:0x7f2e0bf8e929 [ 129.746100][ T7596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.746111][ T7596] RSP: 002b:00007f2e0cda0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 129.746136][ T7596] RAX: ffffffffffffffda RBX: 00007f2e0c1b6080 RCX: 00007f2e0bf8e929 [ 129.746147][ T7596] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 129.746156][ T7596] RBP: 00007f2e0cda0090 R08: 0000000000000000 R09: 0000000000000000 [ 129.746164][ T7596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 129.746173][ T7596] R13: 0000000000000001 R14: 00007f2e0c1b6080 R15: 00007ffdba4c1438 [ 129.746196][ T7596] [ 130.587249][ T7621] openvswitch: netlink: Message has 29 unknown bytes. [ 130.629824][ T7624] netlink: 'syz.1.602': attribute type 29 has an invalid length. [ 130.658679][ T7624] netlink: 'syz.1.602': attribute type 29 has an invalid length. [ 130.708346][ T7624] __nla_validate_parse: 4 callbacks suppressed [ 130.708363][ T7624] netlink: 500 bytes leftover after parsing attributes in process `syz.1.602'. [ 130.738173][ T7626] tipc: Enabled bearer , priority 0 [ 130.764786][ T7626] syzkaller0: entered promiscuous mode [ 130.769146][ T7624] unsupported nla_type 58 [ 130.790986][ T7626] syzkaller0: entered allmulticast mode [ 130.842834][ T7626] tipc: Resetting bearer [ 130.859127][ T7625] tipc: Resetting bearer [ 130.879976][ T7625] tipc: Disabling bearer [ 130.929638][ T7633] netlink: 8 bytes leftover after parsing attributes in process `syz.3.603'. [ 131.127497][ T7644] FAULT_INJECTION: forcing a failure. [ 131.127497][ T7644] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 131.142587][ T7644] CPU: 0 UID: 0 PID: 7644 Comm: syz.3.608 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 131.142612][ T7644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.142622][ T7644] Call Trace: [ 131.142629][ T7644] [ 131.142636][ T7644] dump_stack_lvl+0x189/0x250 [ 131.142665][ T7644] ? __pfx____ratelimit+0x10/0x10 [ 131.142688][ T7644] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.142712][ T7644] ? __pfx__printk+0x10/0x10 [ 131.142732][ T7644] ? __might_fault+0xb0/0x130 [ 131.142758][ T7644] should_fail_ex+0x414/0x560 [ 131.142784][ T7644] _copy_from_user+0x2d/0xb0 [ 131.142802][ T7644] ___sys_sendmsg+0x158/0x2a0 [ 131.142825][ T7644] ? __pfx____sys_sendmsg+0x10/0x10 [ 131.142881][ T7644] ? __fget_files+0x2a/0x420 [ 131.142898][ T7644] ? __fget_files+0x3a0/0x420 [ 131.142926][ T7644] __x64_sys_sendmsg+0x19b/0x260 [ 131.142949][ T7644] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 131.142979][ T7644] ? __pfx_ksys_write+0x10/0x10 [ 131.142993][ T7644] ? rcu_is_watching+0x15/0xb0 [ 131.143032][ T7644] ? do_syscall_64+0xbe/0x3b0 [ 131.143051][ T7644] do_syscall_64+0xfa/0x3b0 [ 131.143065][ T7644] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.143088][ T7644] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.143104][ T7644] ? clear_bhb_loop+0x60/0xb0 [ 131.143125][ T7644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.143142][ T7644] RIP: 0033:0x7f2e0bf8e929 [ 131.143157][ T7644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.143172][ T7644] RSP: 002b:00007f2e0cdc1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 131.143191][ T7644] RAX: ffffffffffffffda RBX: 00007f2e0c1b5fa0 RCX: 00007f2e0bf8e929 [ 131.143203][ T7644] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 131.143214][ T7644] RBP: 00007f2e0cdc1090 R08: 0000000000000000 R09: 0000000000000000 [ 131.143225][ T7644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.143235][ T7644] R13: 0000000000000000 R14: 00007f2e0c1b5fa0 R15: 00007ffdba4c1438 [ 131.143262][ T7644] [ 131.408348][ T7650] netlink: 'syz.4.609': attribute type 10 has an invalid length. [ 131.508282][ T7650] netlink: 40 bytes leftover after parsing attributes in process `syz.4.609'. [ 131.573355][ T7650] team0: Port device geneve0 added [ 131.606691][ T7654] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 131.659275][ T7657] netlink: 8 bytes leftover after parsing attributes in process `syz.3.611'. [ 131.694915][ T7657] netlink: 8 bytes leftover after parsing attributes in process `syz.3.611'. [ 132.101916][ T7678] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.249156][ T7683] netlink: 72 bytes leftover after parsing attributes in process `syz.4.624'. [ 132.356076][ T7689] netlink: 240 bytes leftover after parsing attributes in process `syz.1.625'. [ 132.407138][ T7685] netlink: 20 bytes leftover after parsing attributes in process `syz.1.625'. [ 132.430947][ T7685] netlink: 9 bytes leftover after parsing attributes in process `syz.1.625'. [ 132.864125][ T7713] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 132.889113][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.896458][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.042710][ T7720] netlink: 5 bytes leftover after parsing attributes in process `syz.1.639'. [ 133.074558][ T7720] 1ªX¹¦D: renamed from 30ªX¹¦D (while UP) [ 133.089693][ T7720] A link change request failed with some changes committed already. Interface 31ªX¹¦D may have been left with an inconsistent configuration, please check. [ 134.067040][ T7766] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 134.860364][ T7799] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 134.965795][ T1092] wlan1: Trigger new scan to find an IBSS to join [ 135.043741][ T7810] netlink: zone id is out of range [ 136.277284][ T7834] __nla_validate_parse: 4 callbacks suppressed [ 136.277302][ T7834] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.686'. [ 136.322887][ T7835] netlink: 8 bytes leftover after parsing attributes in process `syz.1.687'. [ 136.334357][ T7832] IPVS: wrr: UDP 224.0.0.2:20004 - no destination available [ 137.086185][ T7863] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 137.301262][ T7869] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 137.334154][ T7869] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 137.365826][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 137.929094][ T1092] wlan1: Trigger new scan to find an IBSS to join [ 138.102815][ T7900] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 138.161077][ T7904] FAULT_INJECTION: forcing a failure. [ 138.161077][ T7904] name failslab, interval 1, probability 0, space 0, times 0 [ 138.210722][ T7904] CPU: 0 UID: 0 PID: 7904 Comm: syz.3.708 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 138.210748][ T7904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 138.210758][ T7904] Call Trace: [ 138.210764][ T7904] [ 138.210772][ T7904] dump_stack_lvl+0x189/0x250 [ 138.210801][ T7904] ? __pfx____ratelimit+0x10/0x10 [ 138.210824][ T7904] ? __pfx_dump_stack_lvl+0x10/0x10 [ 138.210848][ T7904] ? __pfx__printk+0x10/0x10 [ 138.210871][ T7904] ? __pfx___might_resched+0x10/0x10 [ 138.210900][ T7904] should_fail_ex+0x414/0x560 [ 138.210925][ T7904] should_failslab+0xa8/0x100 [ 138.210943][ T7904] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 138.210960][ T7904] ? __alloc_skb+0x112/0x2d0 [ 138.210981][ T7904] __alloc_skb+0x112/0x2d0 [ 138.211002][ T7904] netlink_sendmsg+0x5c6/0xb30 [ 138.211029][ T7904] ? __pfx_netlink_sendmsg+0x10/0x10 [ 138.211051][ T7904] ? aa_sock_msg_perm+0x94/0x160 [ 138.211072][ T7904] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 138.211093][ T7904] ? __pfx_netlink_sendmsg+0x10/0x10 [ 138.211112][ T7904] __sock_sendmsg+0x21c/0x270 [ 138.211140][ T7904] ____sys_sendmsg+0x505/0x830 [ 138.211164][ T7904] ? __pfx_____sys_sendmsg+0x10/0x10 [ 138.211191][ T7904] ? import_iovec+0x74/0xa0 [ 138.211210][ T7904] ___sys_sendmsg+0x21f/0x2a0 [ 138.211233][ T7904] ? __pfx____sys_sendmsg+0x10/0x10 [ 138.211284][ T7904] ? __fget_files+0x2a/0x420 [ 138.211301][ T7904] ? __fget_files+0x3a0/0x420 [ 138.211328][ T7904] __x64_sys_sendmsg+0x19b/0x260 [ 138.211351][ T7904] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 138.211381][ T7904] ? __pfx_ksys_write+0x10/0x10 [ 138.211429][ T7904] ? do_syscall_64+0xbe/0x3b0 [ 138.211449][ T7904] do_syscall_64+0xfa/0x3b0 [ 138.211463][ T7904] ? lockdep_hardirqs_on+0x9c/0x150 [ 138.211485][ T7904] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.211503][ T7904] ? clear_bhb_loop+0x60/0xb0 [ 138.211523][ T7904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.211540][ T7904] RIP: 0033:0x7f2e0bf8e929 [ 138.211556][ T7904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.211571][ T7904] RSP: 002b:00007f2e0cda0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 138.211597][ T7904] RAX: ffffffffffffffda RBX: 00007f2e0c1b6080 RCX: 00007f2e0bf8e929 [ 138.211610][ T7904] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004 [ 138.211620][ T7904] RBP: 00007f2e0cda0090 R08: 0000000000000000 R09: 0000000000000000 [ 138.211629][ T7904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 138.211640][ T7904] R13: 0000000000000001 R14: 00007f2e0c1b6080 R15: 00007ffdba4c1438 [ 138.211667][ T7904] [ 138.579636][ T7913] netlink: 36 bytes leftover after parsing attributes in process `syz.0.710'. [ 138.872929][ T7930] netlink: 'syz.4.717': attribute type 10 has an invalid length. [ 138.907986][ T7932] netlink: 'syz.1.715': attribute type 10 has an invalid length. [ 138.933138][ T7930] netlink: 40 bytes leftover after parsing attributes in process `syz.4.717'. [ 138.976929][ T7932] netlink: 40 bytes leftover after parsing attributes in process `syz.1.715'. [ 138.997889][ T7935] netlink: 8 bytes leftover after parsing attributes in process `syz.3.716'. [ 139.018436][ T7928] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.052121][ T7931] netlink: 24 bytes leftover after parsing attributes in process `syz.3.716'. [ 139.078439][ T7927] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.090564][ T7927] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 139.097860][ T7938] netlink: 8 bytes leftover after parsing attributes in process `syz.0.719'. [ 139.112521][ T7938] netlink: 12 bytes leftover after parsing attributes in process `syz.0.719'. [ 139.121831][ T7938] netlink: 12 bytes leftover after parsing attributes in process `syz.0.719'. [ 139.134118][ T7932] team0: Port device geneve0 added [ 139.181675][ T7935] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 139.222736][ T7928] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.277204][ T7938] bridge0: port 1(vlan2) entered blocking state [ 139.302196][ T7938] bridge0: port 1(vlan2) entered disabled state [ 139.309096][ T7938] vlan2: entered allmulticast mode [ 139.314666][ T7938] bridge0: entered allmulticast mode [ 139.324969][ T7938] vlan2: left allmulticast mode [ 139.330046][ T7938] bridge0: left allmulticast mode [ 139.346155][ T7943] netlink: 'syz.2.720': attribute type 20 has an invalid length. [ 139.368210][ T7927] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.380275][ T7927] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 139.427161][ T7928] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.513486][ T7927] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.532451][ T7927] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 139.652284][ T7928] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.770301][ T7927] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.842711][ T7957] netlink: 'syz.2.725': attribute type 24 has an invalid length. [ 139.844996][ T7927] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 139.944616][ T7961] netlink: 'syz.0.726': attribute type 1 has an invalid length. [ 140.046398][ T7928] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.069566][ T7927] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.093778][ T7927] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 140.140768][ T7928] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.165840][ T7927] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.174414][ T7927] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 140.195422][ T7928] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.237271][ T7928] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.258049][ T7927] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.266848][ T7927] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 140.354137][ T7927] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.367731][ T7927] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 140.385127][ T7973] netlink: 'syz.0.731': attribute type 30 has an invalid length. [ 140.401927][ T7973] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 140.411533][ T7973] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 140.421777][ T7973] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 140.431426][ T7973] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 140.446206][ T7975] FAULT_INJECTION: forcing a failure. [ 140.446206][ T7975] name failslab, interval 1, probability 0, space 0, times 0 [ 140.461737][ T7973] netlink: 'syz.0.731': attribute type 30 has an invalid length. [ 140.484659][ T7975] CPU: 0 UID: 0 PID: 7975 Comm: syz.4.732 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 140.484683][ T7975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 140.484693][ T7975] Call Trace: [ 140.484700][ T7975] [ 140.484708][ T7975] dump_stack_lvl+0x189/0x250 [ 140.484737][ T7975] ? __pfx____ratelimit+0x10/0x10 [ 140.484760][ T7975] ? __pfx_dump_stack_lvl+0x10/0x10 [ 140.484782][ T7975] ? __pfx__printk+0x10/0x10 [ 140.484804][ T7975] ? __pfx___might_resched+0x10/0x10 [ 140.484825][ T7975] ? fs_reclaim_acquire+0x7d/0x100 [ 140.484848][ T7975] should_fail_ex+0x414/0x560 [ 140.484872][ T7975] should_failslab+0xa8/0x100 [ 140.484891][ T7975] __kmalloc_cache_noprof+0x70/0x3d0 [ 140.484906][ T7975] ? xprt_alloc+0x504/0x7a0 [ 140.484922][ T7975] ? __rpc_init_priority_wait_queue+0x300/0x400 [ 140.484951][ T7975] xprt_alloc+0x504/0x7a0 [ 140.484977][ T7975] xs_setup_xprt+0x9e/0x3b0 [ 140.485004][ T7975] xs_setup_local+0x4f/0x5e0 [ 140.485026][ T7975] xprt_create_transport+0x166/0x600 [ 140.485049][ T7975] rpc_create+0x4be/0x870 [ 140.485071][ T7975] ? __pfx_rpc_create+0x10/0x10 [ 140.485129][ T7975] ? rcu_is_watching+0x15/0xb0 [ 140.485154][ T7975] ? trace_contention_end+0x39/0x120 [ 140.485178][ T7975] rpcb_create_af_local+0x196/0x370 [ 140.485197][ T7975] ? __pfx_rpcb_create_af_local+0x10/0x10 [ 140.485214][ T7975] ? __lock_acquire+0xab9/0xd20 [ 140.485260][ T7975] ? do_raw_spin_unlock+0x122/0x240 [ 140.485285][ T7975] rpcb_create_local+0x251/0x610 [ 140.485305][ T7975] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 140.485330][ T7975] ? __pfx_rpcb_create_local+0x10/0x10 [ 140.485355][ T7975] ? __percpu_counter_init_many+0x364/0x380 [ 140.485381][ T7975] ? __svc_create+0x888/0x980 [ 140.485411][ T7975] svc_bind+0x1b4/0x230 [ 140.485441][ T7975] nfsd_create_serv+0x541/0x840 [ 140.485468][ T7975] ? __pfx_nfsd_create_serv+0x10/0x10 [ 140.485481][ T7975] ? nfsd_nl_listener_set_doit+0x12a/0x1650 [ 140.485501][ T7975] ? __pfx___mutex_lock+0x10/0x10 [ 140.485525][ T7975] ? __asan_memset+0x22/0x50 [ 140.485548][ T7975] ? ____sys_sendmsg+0x505/0x830 [ 140.485566][ T7975] ? __x64_sys_sendmsg+0x19b/0x260 [ 140.485596][ T7975] nfsd_nl_listener_set_doit+0x132/0x1650 [ 140.485620][ T7975] ? __pfx___nla_validate_parse+0x10/0x10 [ 140.485667][ T7975] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 140.485693][ T7975] ? __nla_parse+0x40/0x60 [ 140.485718][ T7975] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 140.485750][ T7975] genl_family_rcv_msg_doit+0x212/0x300 [ 140.485781][ T7975] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 140.485818][ T7975] ? bpf_lsm_capable+0x9/0x20 [ 140.485834][ T7975] ? security_capable+0x7e/0x2e0 [ 140.485862][ T7975] genl_rcv_msg+0x60e/0x790 [ 140.485892][ T7975] ? __pfx_genl_rcv_msg+0x10/0x10 [ 140.485914][ T7975] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 140.485950][ T7975] netlink_rcv_skb+0x208/0x470 [ 140.485969][ T7975] ? __pfx_genl_rcv_msg+0x10/0x10 [ 140.485995][ T7975] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 140.486031][ T7975] ? down_read+0x1ad/0x2e0 [ 140.486051][ T7975] genl_rcv+0x28/0x40 [ 140.486072][ T7975] netlink_unicast+0x75b/0x8d0 [ 140.486101][ T7975] netlink_sendmsg+0x805/0xb30 [ 140.486131][ T7975] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.486154][ T7975] ? aa_sock_msg_perm+0x94/0x160 [ 140.486178][ T7975] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 140.486197][ T7975] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.486217][ T7975] __sock_sendmsg+0x21c/0x270 [ 140.486246][ T7975] ____sys_sendmsg+0x505/0x830 [ 140.486273][ T7975] ? __pfx_____sys_sendmsg+0x10/0x10 [ 140.486304][ T7975] ? import_iovec+0x74/0xa0 [ 140.486326][ T7975] ___sys_sendmsg+0x21f/0x2a0 [ 140.486348][ T7975] ? __pfx____sys_sendmsg+0x10/0x10 [ 140.486404][ T7975] ? __fget_files+0x2a/0x420 [ 140.486421][ T7975] ? __fget_files+0x3a0/0x420 [ 140.486450][ T7975] __x64_sys_sendmsg+0x19b/0x260 [ 140.486471][ T7975] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 140.486500][ T7975] ? __pfx_ksys_write+0x10/0x10 [ 140.486514][ T7975] ? rcu_is_watching+0x15/0xb0 [ 140.486541][ T7975] ? do_syscall_64+0xbe/0x3b0 [ 140.486559][ T7975] do_syscall_64+0xfa/0x3b0 [ 140.486573][ T7975] ? lockdep_hardirqs_on+0x9c/0x150 [ 140.486595][ T7975] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.486613][ T7975] ? clear_bhb_loop+0x60/0xb0 [ 140.486632][ T7975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.486656][ T7975] RIP: 0033:0x7f9fd7b8e929 [ 140.486672][ T7975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.486685][ T7975] RSP: 002b:00007f9fd89ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 140.486702][ T7975] RAX: ffffffffffffffda RBX: 00007f9fd7db5fa0 RCX: 00007f9fd7b8e929 [ 140.486712][ T7975] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 140.486721][ T7975] RBP: 00007f9fd89ad090 R08: 0000000000000000 R09: 0000000000000000 [ 140.486731][ T7975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 140.486740][ T7975] R13: 0000000000000000 R14: 00007f9fd7db5fa0 R15: 00007fff82556c78 [ 140.486771][ T7975] [ 140.991174][ T7017] wlan1: Creating new IBSS network, BSSID 82:98:08:ab:4e:73 [ 141.071958][ T7980] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 141.239554][ T7984] team0: Device gtp0 is of different type [ 141.291821][ T7988] netlink: 'syz.3.738': attribute type 24 has an invalid length. [ 141.305073][ T7987] 0ªX¹¦D: renamed from 31ªX¹¦D (while UP) [ 141.315799][ T7987] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 141.491460][ T7999] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 141.737595][ T8013] FAULT_INJECTION: forcing a failure. [ 141.737595][ T8013] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 141.743210][ T8011] FAULT_INJECTION: forcing a failure. [ 141.743210][ T8011] name failslab, interval 1, probability 0, space 0, times 0 [ 141.752533][ T8013] CPU: 1 UID: 0 PID: 8013 Comm: syz.1.749 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 141.752557][ T8013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 141.752568][ T8013] Call Trace: [ 141.752576][ T8013] [ 141.752584][ T8013] dump_stack_lvl+0x189/0x250 [ 141.752621][ T8013] ? __pfx____ratelimit+0x10/0x10 [ 141.752646][ T8013] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.752670][ T8013] ? __pfx__printk+0x10/0x10 [ 141.752689][ T8013] ? __might_fault+0xb0/0x130 [ 141.752717][ T8013] should_fail_ex+0x414/0x560 [ 141.752742][ T8013] _copy_from_user+0x2d/0xb0 [ 141.752760][ T8013] generic_map_update_batch+0x51b/0x7f0 [ 141.752792][ T8013] ? __pfx_generic_map_update_batch+0x10/0x10 [ 141.752810][ T8013] ? __fget_files+0x2a/0x420 [ 141.752835][ T8013] ? __pfx_generic_map_update_batch+0x10/0x10 [ 141.752852][ T8013] bpf_map_do_batch+0x36c/0x5f0 [ 141.752881][ T8013] __sys_bpf+0x384/0x860 [ 141.752904][ T8013] ? __pfx___sys_bpf+0x10/0x10 [ 141.752938][ T8013] ? ksys_write+0x22a/0x250 [ 141.752956][ T8013] ? __pfx_ksys_write+0x10/0x10 [ 141.752970][ T8013] ? rcu_is_watching+0x15/0xb0 [ 141.753000][ T8013] __x64_sys_bpf+0x7c/0x90 [ 141.753021][ T8013] do_syscall_64+0xfa/0x3b0 [ 141.753036][ T8013] ? lockdep_hardirqs_on+0x9c/0x150 [ 141.753058][ T8013] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.753075][ T8013] ? clear_bhb_loop+0x60/0xb0 [ 141.753095][ T8013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.753111][ T8013] RIP: 0033:0x7fa13cb8e929 [ 141.753127][ T8013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.753142][ T8013] RSP: 002b:00007fa13d979038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 141.753160][ T8013] RAX: ffffffffffffffda RBX: 00007fa13cdb5fa0 RCX: 00007fa13cb8e929 [ 141.753173][ T8013] RDX: 0000000000000038 RSI: 0000200000000400 RDI: 000000000000001a [ 141.753184][ T8013] RBP: 00007fa13d979090 R08: 0000000000000000 R09: 0000000000000000 [ 141.753194][ T8013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 141.753204][ T8013] R13: 0000000000000000 R14: 00007fa13cdb5fa0 R15: 00007ffd87cbd308 [ 141.753233][ T8013] [ 141.877317][ T8015] __nla_validate_parse: 11 callbacks suppressed [ 141.877397][ T8015] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.750'. [ 141.942869][ T8011] CPU: 0 UID: 0 PID: 8011 Comm: syz.4.747 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 141.942895][ T8011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 141.942906][ T8011] Call Trace: [ 141.942914][ T8011] [ 141.942923][ T8011] dump_stack_lvl+0x189/0x250 [ 141.942957][ T8011] ? __pfx____ratelimit+0x10/0x10 [ 141.942981][ T8011] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.943005][ T8011] ? __pfx__printk+0x10/0x10 [ 141.943039][ T8011] should_fail_ex+0x414/0x560 [ 141.943066][ T8011] should_failslab+0xa8/0x100 [ 141.943086][ T8011] kmem_cache_alloc_noprof+0x73/0x3c0 [ 141.943111][ T8011] ? skb_clone+0x212/0x3a0 [ 141.943137][ T8011] skb_clone+0x212/0x3a0 [ 141.943161][ T8011] __netlink_deliver_tap+0x404/0x850 [ 141.943193][ T8011] ? netlink_deliver_tap+0x2e/0x1b0 [ 141.943214][ T8011] netlink_deliver_tap+0x19c/0x1b0 [ 141.943233][ T8011] netlink_sendskb+0x68/0x140 [ 141.943253][ T8011] netlink_rcv_skb+0x28c/0x470 [ 141.943272][ T8011] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 141.943292][ T8011] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 141.943333][ T8011] ? netlink_deliver_tap+0x2e/0x1b0 [ 141.943352][ T8011] ? netlink_deliver_tap+0x2e/0x1b0 [ 141.943376][ T8011] netlink_unicast+0x75b/0x8d0 [ 141.943405][ T8011] netlink_sendmsg+0x805/0xb30 [ 141.943434][ T8011] ? __pfx_netlink_sendmsg+0x10/0x10 [ 141.943456][ T8011] ? aa_sock_msg_perm+0x94/0x160 [ 141.943480][ T8011] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 141.943499][ T8011] ? __pfx_netlink_sendmsg+0x10/0x10 [ 141.943519][ T8011] __sock_sendmsg+0x21c/0x270 [ 141.943547][ T8011] ____sys_sendmsg+0x505/0x830 [ 141.943573][ T8011] ? __pfx_____sys_sendmsg+0x10/0x10 [ 141.943602][ T8011] ? import_iovec+0x74/0xa0 [ 141.943623][ T8011] ___sys_sendmsg+0x21f/0x2a0 [ 141.943646][ T8011] ? __pfx____sys_sendmsg+0x10/0x10 [ 141.943703][ T8011] ? __fget_files+0x2a/0x420 [ 141.943720][ T8011] ? __fget_files+0x3a0/0x420 [ 141.943749][ T8011] __x64_sys_sendmsg+0x19b/0x260 [ 141.943772][ T8011] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 141.943802][ T8011] ? __pfx_ksys_write+0x10/0x10 [ 141.943815][ T8011] ? rcu_is_watching+0x15/0xb0 [ 141.943845][ T8011] ? do_syscall_64+0xbe/0x3b0 [ 141.943865][ T8011] do_syscall_64+0xfa/0x3b0 [ 141.943878][ T8011] ? lockdep_hardirqs_on+0x9c/0x150 [ 141.943900][ T8011] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.943917][ T8011] ? clear_bhb_loop+0x60/0xb0 [ 141.943938][ T8011] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.943955][ T8011] RIP: 0033:0x7f9fd7b8e929 [ 141.943970][ T8011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.943984][ T8011] RSP: 002b:00007f9fd89ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 141.944003][ T8011] RAX: ffffffffffffffda RBX: 00007f9fd7db5fa0 RCX: 00007f9fd7b8e929 [ 141.944016][ T8011] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 141.944026][ T8011] RBP: 00007f9fd89ad090 R08: 0000000000000000 R09: 0000000000000000 [ 141.944036][ T8011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 141.944047][ T8011] R13: 0000000000000000 R14: 00007f9fd7db5fa0 R15: 00007fff82556c78 [ 141.944075][ T8011] [ 142.262535][ T8023] FAULT_INJECTION: forcing a failure. [ 142.262535][ T8023] name failslab, interval 1, probability 0, space 0, times 0 [ 142.349586][ T8023] CPU: 0 UID: 0 PID: 8023 Comm: syz.0.752 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 142.349610][ T8023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 142.349621][ T8023] Call Trace: [ 142.349627][ T8023] [ 142.349634][ T8023] dump_stack_lvl+0x189/0x250 [ 142.349663][ T8023] ? __pfx____ratelimit+0x10/0x10 [ 142.349685][ T8023] ? __pfx_dump_stack_lvl+0x10/0x10 [ 142.349709][ T8023] ? __pfx__printk+0x10/0x10 [ 142.349732][ T8023] ? __pfx___might_resched+0x10/0x10 [ 142.349756][ T8023] ? fs_reclaim_acquire+0x7d/0x100 [ 142.349780][ T8023] should_fail_ex+0x414/0x560 [ 142.349805][ T8023] should_failslab+0xa8/0x100 [ 142.349824][ T8023] __kmalloc_cache_noprof+0x70/0x3d0 [ 142.349841][ T8023] ? xprt_alloc+0x504/0x7a0 [ 142.349865][ T8023] xprt_alloc+0x504/0x7a0 [ 142.349894][ T8023] xs_setup_xprt+0x9e/0x3b0 [ 142.349920][ T8023] xs_setup_local+0x4f/0x5e0 [ 142.349944][ T8023] xprt_create_transport+0x166/0x600 [ 142.349968][ T8023] rpc_create+0x4be/0x870 [ 142.349991][ T8023] ? __pfx_rpc_create+0x10/0x10 [ 142.350047][ T8023] ? rcu_is_watching+0x15/0xb0 [ 142.350071][ T8023] ? trace_contention_end+0x39/0x120 [ 142.350094][ T8023] rpcb_create_af_local+0x196/0x370 [ 142.350115][ T8023] ? __pfx_rpcb_create_af_local+0x10/0x10 [ 142.350129][ T8023] ? __lock_acquire+0xab9/0xd20 [ 142.350166][ T8023] ? do_raw_spin_unlock+0x122/0x240 [ 142.350184][ T8023] rpcb_create_local+0x251/0x610 [ 142.350200][ T8023] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 142.350219][ T8023] ? __pfx_rpcb_create_local+0x10/0x10 [ 142.350239][ T8023] ? __percpu_counter_init_many+0x364/0x380 [ 142.350261][ T8023] ? __svc_create+0x888/0x980 [ 142.350287][ T8023] svc_bind+0x1b4/0x230 [ 142.350308][ T8023] nfsd_create_serv+0x541/0x840 [ 142.350341][ T8023] ? __pfx_nfsd_create_serv+0x10/0x10 [ 142.350353][ T8023] ? nfsd_nl_listener_set_doit+0x12a/0x1650 [ 142.350372][ T8023] ? __pfx___mutex_lock+0x10/0x10 [ 142.350392][ T8023] ? __asan_memset+0x22/0x50 [ 142.350413][ T8023] ? ____sys_sendmsg+0x505/0x830 [ 142.350430][ T8023] ? __x64_sys_sendmsg+0x19b/0x260 [ 142.350455][ T8023] nfsd_nl_listener_set_doit+0x132/0x1650 [ 142.350474][ T8023] ? __pfx___nla_validate_parse+0x10/0x10 [ 142.350513][ T8023] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 142.350534][ T8023] ? __nla_parse+0x40/0x60 [ 142.350555][ T8023] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 142.350584][ T8023] genl_family_rcv_msg_doit+0x212/0x300 [ 142.350612][ T8023] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 142.350646][ T8023] ? bpf_lsm_capable+0x9/0x20 [ 142.350659][ T8023] ? security_capable+0x7e/0x2e0 [ 142.350684][ T8023] genl_rcv_msg+0x60e/0x790 [ 142.350713][ T8023] ? __pfx_genl_rcv_msg+0x10/0x10 [ 142.350734][ T8023] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 142.350766][ T8023] netlink_rcv_skb+0x208/0x470 [ 142.350783][ T8023] ? __pfx_genl_rcv_msg+0x10/0x10 [ 142.350804][ T8023] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 142.350838][ T8023] ? down_read+0x1ad/0x2e0 [ 142.350856][ T8023] genl_rcv+0x28/0x40 [ 142.350874][ T8023] netlink_unicast+0x75b/0x8d0 [ 142.350902][ T8023] netlink_sendmsg+0x805/0xb30 [ 142.350930][ T8023] ? __pfx_netlink_sendmsg+0x10/0x10 [ 142.350952][ T8023] ? aa_sock_msg_perm+0x94/0x160 [ 142.350973][ T8023] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 142.350992][ T8023] ? __pfx_netlink_sendmsg+0x10/0x10 [ 142.351011][ T8023] __sock_sendmsg+0x21c/0x270 [ 142.351038][ T8023] ____sys_sendmsg+0x505/0x830 [ 142.351064][ T8023] ? __pfx_____sys_sendmsg+0x10/0x10 [ 142.351093][ T8023] ? import_iovec+0x74/0xa0 [ 142.351113][ T8023] ___sys_sendmsg+0x21f/0x2a0 [ 142.351158][ T8023] ? __pfx____sys_sendmsg+0x10/0x10 [ 142.351213][ T8023] ? __fget_files+0x2a/0x420 [ 142.351226][ T8023] ? __fget_files+0x3a0/0x420 [ 142.351250][ T8023] __x64_sys_sendmsg+0x19b/0x260 [ 142.351268][ T8023] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 142.351292][ T8023] ? __pfx_ksys_write+0x10/0x10 [ 142.351301][ T8023] ? rcu_is_watching+0x15/0xb0 [ 142.351332][ T8023] ? do_syscall_64+0xbe/0x3b0 [ 142.351348][ T8023] do_syscall_64+0xfa/0x3b0 [ 142.351358][ T8023] ? lockdep_hardirqs_on+0x9c/0x150 [ 142.351376][ T8023] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.351389][ T8023] ? clear_bhb_loop+0x60/0xb0 [ 142.351406][ T8023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.351419][ T8023] RIP: 0033:0x7f08ae58e929 [ 142.351432][ T8023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.351443][ T8023] RSP: 002b:00007f08af436038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 142.351459][ T8023] RAX: ffffffffffffffda RBX: 00007f08ae7b5fa0 RCX: 00007f08ae58e929 [ 142.351469][ T8023] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 142.351477][ T8023] RBP: 00007f08af436090 R08: 0000000000000000 R09: 0000000000000000 [ 142.351486][ T8023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 142.351494][ T8023] R13: 0000000000000000 R14: 00007f08ae7b5fa0 R15: 00007ffdf533a3b8 [ 142.351519][ T8023] [ 142.966703][ T8025] netlink: 'syz.1.754': attribute type 25 has an invalid length. [ 143.053359][ T8027] netlink: 'syz.4.753': attribute type 1 has an invalid length. [ 143.336333][ T49] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.608410][ T8034] veth0: entered promiscuous mode [ 143.637260][ T8036] veth0: left promiscuous mode [ 143.642407][ T8040] netlink: 24 bytes leftover after parsing attributes in process `syz.3.759'. [ 143.652080][ T8040] netlink: 10 bytes leftover after parsing attributes in process `syz.3.759'. [ 143.805756][ T49] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.871774][ T8057] FAULT_INJECTION: forcing a failure. [ 143.871774][ T8057] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 143.935654][ T8057] CPU: 1 UID: 0 PID: 8057 Comm: syz.3.761 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 143.935682][ T8057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 143.935694][ T8057] Call Trace: [ 143.935701][ T8057] [ 143.935708][ T8057] dump_stack_lvl+0x189/0x250 [ 143.935739][ T8057] ? __pfx____ratelimit+0x10/0x10 [ 143.935765][ T8057] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.935789][ T8057] ? __pfx__printk+0x10/0x10 [ 143.935822][ T8057] should_fail_ex+0x414/0x560 [ 143.935849][ T8057] _copy_to_user+0x31/0xb0 [ 143.935868][ T8057] simple_read_from_buffer+0xe1/0x170 [ 143.935892][ T8057] proc_fail_nth_read+0x1df/0x250 [ 143.935916][ T8057] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 143.935940][ T8057] ? rw_verify_area+0x258/0x650 [ 143.935965][ T8057] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 143.935987][ T8057] vfs_read+0x200/0x980 [ 143.936018][ T8057] ? __pfx___mutex_lock+0x10/0x10 [ 143.936044][ T8057] ? __pfx_vfs_read+0x10/0x10 [ 143.936070][ T8057] ? __fget_files+0x2a/0x420 [ 143.936093][ T8057] ? __fget_files+0x3a0/0x420 [ 143.936110][ T8057] ? __fget_files+0x2a/0x420 [ 143.936138][ T8057] ksys_read+0x145/0x250 [ 143.936163][ T8057] ? __pfx_ksys_read+0x10/0x10 [ 143.936185][ T8057] ? rcu_is_watching+0x15/0xb0 [ 143.936216][ T8057] ? do_syscall_64+0xbe/0x3b0 [ 143.936236][ T8057] do_syscall_64+0xfa/0x3b0 [ 143.936250][ T8057] ? lockdep_hardirqs_on+0x9c/0x150 [ 143.936273][ T8057] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.936290][ T8057] ? clear_bhb_loop+0x60/0xb0 [ 143.936311][ T8057] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.936328][ T8057] RIP: 0033:0x7f2e0bf8d33c [ 143.936344][ T8057] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 143.936358][ T8057] RSP: 002b:00007f2e0cdc1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 143.936377][ T8057] RAX: ffffffffffffffda RBX: 00007f2e0c1b5fa0 RCX: 00007f2e0bf8d33c [ 143.936390][ T8057] RDX: 000000000000000f RSI: 00007f2e0cdc10a0 RDI: 0000000000000004 [ 143.936400][ T8057] RBP: 00007f2e0cdc1090 R08: 0000000000000000 R09: 0000000000000000 [ 143.936419][ T8057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.936429][ T8057] R13: 0000000000000000 R14: 00007f2e0c1b5fa0 R15: 00007ffdba4c1438 [ 143.936457][ T8057] [ 144.305813][ T49] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.319879][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 144.340079][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 144.366375][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 144.375020][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 144.382696][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 144.535560][ T8073] netlink: 'syz.3.765': attribute type 25 has an invalid length. [ 144.590332][ T49] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.628660][ T8071] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.764'. [ 144.656826][ T8078] netlink: 12 bytes leftover after parsing attributes in process `syz.0.763'. [ 144.712210][ T8080] netlink: 12 bytes leftover after parsing attributes in process `syz.4.767'. [ 144.847543][ T8084] FAULT_INJECTION: forcing a failure. [ 144.847543][ T8084] name failslab, interval 1, probability 0, space 0, times 0 [ 144.887895][ T8084] CPU: 0 UID: 0 PID: 8084 Comm: syz.3.768 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 144.887921][ T8084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 144.887932][ T8084] Call Trace: [ 144.887939][ T8084] [ 144.887947][ T8084] dump_stack_lvl+0x189/0x250 [ 144.887978][ T8084] ? __pfx____ratelimit+0x10/0x10 [ 144.888003][ T8084] ? __pfx_dump_stack_lvl+0x10/0x10 [ 144.888027][ T8084] ? __pfx__printk+0x10/0x10 [ 144.888050][ T8084] ? __pfx___might_resched+0x10/0x10 [ 144.888075][ T8084] ? fs_reclaim_acquire+0x7d/0x100 [ 144.888107][ T8084] should_fail_ex+0x414/0x560 [ 144.888135][ T8084] should_failslab+0xa8/0x100 [ 144.888155][ T8084] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 144.888174][ T8084] ? xs_format_peer_addresses+0x357/0x4d0 [ 144.888206][ T8084] kstrdup+0x42/0x100 [ 144.888229][ T8084] xs_format_peer_addresses+0x357/0x4d0 [ 144.888258][ T8084] ? __pfx_xs_format_peer_addresses+0x10/0x10 [ 144.888302][ T8084] ? timer_init_key+0x171/0x2d0 [ 144.888327][ T8084] xs_setup_local+0x4ad/0x5e0 [ 144.888353][ T8084] xprt_create_transport+0x166/0x600 [ 144.888379][ T8084] rpc_create+0x4be/0x870 [ 144.888402][ T8084] ? __pfx_rpc_create+0x10/0x10 [ 144.888467][ T8084] ? rcu_is_watching+0x15/0xb0 [ 144.888493][ T8084] ? trace_contention_end+0x39/0x120 [ 144.888519][ T8084] rpcb_create_af_local+0x196/0x370 [ 144.888541][ T8084] ? __pfx_rpcb_create_af_local+0x10/0x10 [ 144.888559][ T8084] ? __lock_acquire+0xab9/0xd20 [ 144.888606][ T8084] ? do_raw_spin_unlock+0x122/0x240 [ 144.888631][ T8084] rpcb_create_local+0x251/0x610 [ 144.888652][ T8084] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 144.888676][ T8084] ? __pfx_rpcb_create_local+0x10/0x10 [ 144.888703][ T8084] ? __percpu_counter_init_many+0x364/0x380 [ 144.888731][ T8084] ? __svc_create+0x888/0x980 [ 144.888764][ T8084] svc_bind+0x1b4/0x230 [ 144.888792][ T8084] nfsd_create_serv+0x541/0x840 [ 144.888819][ T8084] ? __pfx_nfsd_create_serv+0x10/0x10 [ 144.888832][ T8084] ? nfsd_nl_listener_set_doit+0x12a/0x1650 [ 144.888853][ T8084] ? __pfx___mutex_lock+0x10/0x10 [ 144.888877][ T8084] ? __asan_memset+0x22/0x50 [ 144.888898][ T8084] ? ____sys_sendmsg+0x505/0x830 [ 144.888915][ T8084] ? __x64_sys_sendmsg+0x19b/0x260 [ 144.888944][ T8084] nfsd_nl_listener_set_doit+0x132/0x1650 [ 144.888965][ T8084] ? __pfx___nla_validate_parse+0x10/0x10 [ 144.889008][ T8084] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 144.889032][ T8084] ? __nla_parse+0x40/0x60 [ 144.889056][ T8084] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 144.889088][ T8084] genl_family_rcv_msg_doit+0x212/0x300 [ 144.889124][ T8084] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 144.889160][ T8084] ? bpf_lsm_capable+0x9/0x20 [ 144.889174][ T8084] ? security_capable+0x7e/0x2e0 [ 144.889198][ T8084] genl_rcv_msg+0x60e/0x790 [ 144.889225][ T8084] ? __pfx_genl_rcv_msg+0x10/0x10 [ 144.889246][ T8084] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 144.889282][ T8084] netlink_rcv_skb+0x208/0x470 [ 144.889303][ T8084] ? __pfx_genl_rcv_msg+0x10/0x10 [ 144.889326][ T8084] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 144.889364][ T8084] ? down_read+0x1ad/0x2e0 [ 144.889384][ T8084] genl_rcv+0x28/0x40 [ 144.889404][ T8084] netlink_unicast+0x75b/0x8d0 [ 144.889434][ T8084] netlink_sendmsg+0x805/0xb30 [ 144.889464][ T8084] ? __pfx_netlink_sendmsg+0x10/0x10 [ 144.889488][ T8084] ? aa_sock_msg_perm+0x94/0x160 [ 144.889510][ T8084] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 144.889529][ T8084] ? __pfx_netlink_sendmsg+0x10/0x10 [ 144.889548][ T8084] __sock_sendmsg+0x21c/0x270 [ 144.889576][ T8084] ____sys_sendmsg+0x505/0x830 [ 144.889600][ T8084] ? __pfx_____sys_sendmsg+0x10/0x10 [ 144.889630][ T8084] ? import_iovec+0x74/0xa0 [ 144.889649][ T8084] ___sys_sendmsg+0x21f/0x2a0 [ 144.889670][ T8084] ? __pfx____sys_sendmsg+0x10/0x10 [ 144.889730][ T8084] ? __fget_files+0x2a/0x420 [ 144.889748][ T8084] ? __fget_files+0x3a0/0x420 [ 144.889776][ T8084] __x64_sys_sendmsg+0x19b/0x260 [ 144.889799][ T8084] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 144.889827][ T8084] ? __pfx_ksys_write+0x10/0x10 [ 144.889841][ T8084] ? rcu_is_watching+0x15/0xb0 [ 144.889871][ T8084] ? do_syscall_64+0xbe/0x3b0 [ 144.889892][ T8084] do_syscall_64+0xfa/0x3b0 [ 144.889905][ T8084] ? lockdep_hardirqs_on+0x9c/0x150 [ 144.889928][ T8084] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.889950][ T8084] ? clear_bhb_loop+0x60/0xb0 [ 144.889970][ T8084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.889985][ T8084] RIP: 0033:0x7f2e0bf8e929 [ 144.890002][ T8084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.890017][ T8084] RSP: 002b:00007f2e0cdc1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 144.890037][ T8084] RAX: ffffffffffffffda RBX: 00007f2e0c1b5fa0 RCX: 00007f2e0bf8e929 [ 144.890050][ T8084] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 144.890060][ T8084] RBP: 00007f2e0cdc1090 R08: 0000000000000000 R09: 0000000000000000 [ 144.890070][ T8084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 144.890080][ T8084] R13: 0000000000000000 R14: 00007f2e0c1b5fa0 R15: 00007ffdba4c1438 [ 144.890120][ T8084] [ 145.447844][ T8089] sctp: [Deprecated]: syz.1.769 (pid 8089) Use of int in maxseg socket option. [ 145.447844][ T8089] Use struct sctp_assoc_value instead [ 145.486038][ T8086] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.496609][ T8091] netlink: 16 bytes leftover after parsing attributes in process `syz.0.771'. [ 145.692475][ T8086] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.858118][ T8086] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.932088][ T49] bridge_slave_1: left allmulticast mode [ 145.938853][ T8109] netlink: 'syz.1.776': attribute type 25 has an invalid length. [ 145.959416][ T49] bridge_slave_1: left promiscuous mode [ 145.988195][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.026648][ T49] bridge_slave_0: left allmulticast mode [ 146.041839][ T49] bridge_slave_0: left promiscuous mode [ 146.052406][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.075727][ T8114] netlink: 'syz.1.778': attribute type 1 has an invalid length. [ 146.084892][ T8114] netlink: 244 bytes leftover after parsing attributes in process `syz.1.778'. [ 146.107701][ T8114] netlink: 'syz.1.778': attribute type 11 has an invalid length. [ 146.487396][ T51] Bluetooth: hci2: command tx timeout [ 146.710851][ T49] bond0 (unregistering): left promiscuous mode [ 146.717332][ T49] bond_slave_0: left promiscuous mode [ 146.722875][ T49] bond_slave_1: left promiscuous mode [ 146.735911][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 146.747863][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 146.759532][ T49] bond0 (unregistering): Released all slaves [ 146.854054][ T49] bond1 (unregistering): (slave veth3): Releasing active interface [ 146.863748][ T49] bond1 (unregistering): Released all slaves [ 146.886816][ T8086] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.040062][ T49] tipc: Left network mode [ 147.145418][ T8138] netlink: 12 bytes leftover after parsing attributes in process `syz.3.782'. [ 147.255903][ T8144] IPVS: set_ctl: invalid protocol: 168 100.1.1.2:21 [ 147.292533][ T8138] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 147.333959][ T8138] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 147.410868][ T8086] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.499780][ T8065] chnl_net:caif_netlink_parms(): no params data found [ 147.539692][ T8144] syz.3.782 (8144) used greatest stack depth: 15736 bytes left [ 147.565537][ T8086] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.610123][ T8155] FAULT_INJECTION: forcing a failure. [ 147.610123][ T8155] name failslab, interval 1, probability 0, space 0, times 0 [ 147.661482][ T8155] CPU: 1 UID: 0 PID: 8155 Comm: syz.0.785 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 147.661509][ T8155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 147.661520][ T8155] Call Trace: [ 147.661527][ T8155] [ 147.661535][ T8155] dump_stack_lvl+0x189/0x250 [ 147.661565][ T8155] ? __pfx____ratelimit+0x10/0x10 [ 147.661590][ T8155] ? __pfx_dump_stack_lvl+0x10/0x10 [ 147.661615][ T8155] ? __pfx__printk+0x10/0x10 [ 147.661637][ T8155] ? __pfx___might_resched+0x10/0x10 [ 147.661662][ T8155] ? fs_reclaim_acquire+0x7d/0x100 [ 147.661688][ T8155] should_fail_ex+0x414/0x560 [ 147.661715][ T8155] should_failslab+0xa8/0x100 [ 147.661736][ T8155] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 147.661753][ T8155] ? xs_format_peer_addresses+0x392/0x4d0 [ 147.661784][ T8155] kstrdup+0x42/0x100 [ 147.661806][ T8155] xs_format_peer_addresses+0x392/0x4d0 [ 147.661833][ T8155] ? __pfx_xs_format_peer_addresses+0x10/0x10 [ 147.661874][ T8155] ? timer_init_key+0x171/0x2d0 [ 147.661898][ T8155] xs_setup_local+0x4ad/0x5e0 [ 147.661923][ T8155] xprt_create_transport+0x166/0x600 [ 147.661949][ T8155] rpc_create+0x4be/0x870 [ 147.661973][ T8155] ? __pfx_rpc_create+0x10/0x10 [ 147.662039][ T8155] ? rcu_is_watching+0x15/0xb0 [ 147.662062][ T8155] ? trace_contention_end+0x39/0x120 [ 147.662086][ T8155] rpcb_create_af_local+0x196/0x370 [ 147.662107][ T8155] ? __pfx_rpcb_create_af_local+0x10/0x10 [ 147.662123][ T8155] ? __lock_acquire+0xab9/0xd20 [ 147.662175][ T8155] ? do_raw_spin_unlock+0x122/0x240 [ 147.662200][ T8155] rpcb_create_local+0x251/0x610 [ 147.662219][ T8155] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 147.662242][ T8155] ? __pfx_rpcb_create_local+0x10/0x10 [ 147.662266][ T8155] ? __percpu_counter_init_many+0x364/0x380 [ 147.662291][ T8155] ? __svc_create+0x888/0x980 [ 147.662324][ T8155] svc_bind+0x1b4/0x230 [ 147.662353][ T8155] nfsd_create_serv+0x541/0x840 [ 147.662379][ T8155] ? __pfx_nfsd_create_serv+0x10/0x10 [ 147.662394][ T8155] ? nfsd_nl_listener_set_doit+0x12a/0x1650 [ 147.662417][ T8155] ? __pfx___mutex_lock+0x10/0x10 [ 147.662441][ T8155] ? __asan_memset+0x22/0x50 [ 147.662463][ T8155] ? ____sys_sendmsg+0x505/0x830 [ 147.662482][ T8155] ? __x64_sys_sendmsg+0x19b/0x260 [ 147.662515][ T8155] nfsd_nl_listener_set_doit+0x132/0x1650 [ 147.662538][ T8155] ? __pfx___nla_validate_parse+0x10/0x10 [ 147.662583][ T8155] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 147.662611][ T8155] ? __nla_parse+0x40/0x60 [ 147.662637][ T8155] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 147.662671][ T8155] genl_family_rcv_msg_doit+0x212/0x300 [ 147.662703][ T8155] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 147.662741][ T8155] ? bpf_lsm_capable+0x9/0x20 [ 147.662757][ T8155] ? security_capable+0x7e/0x2e0 [ 147.662785][ T8155] genl_rcv_msg+0x60e/0x790 [ 147.662816][ T8155] ? __pfx_genl_rcv_msg+0x10/0x10 [ 147.662838][ T8155] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 147.662874][ T8155] netlink_rcv_skb+0x208/0x470 [ 147.662894][ T8155] ? __pfx_genl_rcv_msg+0x10/0x10 [ 147.662918][ T8155] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 147.662958][ T8155] ? down_read+0x1ad/0x2e0 [ 147.662978][ T8155] genl_rcv+0x28/0x40 [ 147.662999][ T8155] netlink_unicast+0x75b/0x8d0 [ 147.663028][ T8155] netlink_sendmsg+0x805/0xb30 [ 147.663059][ T8155] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.663083][ T8155] ? aa_sock_msg_perm+0x94/0x160 [ 147.663106][ T8155] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 147.663125][ T8155] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.663146][ T8155] __sock_sendmsg+0x21c/0x270 [ 147.663179][ T8155] ____sys_sendmsg+0x505/0x830 [ 147.663206][ T8155] ? __pfx_____sys_sendmsg+0x10/0x10 [ 147.663236][ T8155] ? import_iovec+0x74/0xa0 [ 147.663258][ T8155] ___sys_sendmsg+0x21f/0x2a0 [ 147.663285][ T8155] ? __pfx____sys_sendmsg+0x10/0x10 [ 147.663355][ T8155] ? __fget_files+0x2a/0x420 [ 147.663378][ T8155] ? __fget_files+0x3a0/0x420 [ 147.663404][ T8155] __x64_sys_sendmsg+0x19b/0x260 [ 147.663427][ T8155] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 147.663464][ T8155] ? __pfx_ksys_write+0x10/0x10 [ 147.663479][ T8155] ? rcu_is_watching+0x15/0xb0 [ 147.663505][ T8155] ? do_syscall_64+0xbe/0x3b0 [ 147.663524][ T8155] do_syscall_64+0xfa/0x3b0 [ 147.663538][ T8155] ? lockdep_hardirqs_on+0x9c/0x150 [ 147.663561][ T8155] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.663578][ T8155] ? clear_bhb_loop+0x60/0xb0 [ 147.663604][ T8155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.663621][ T8155] RIP: 0033:0x7f08ae58e929 [ 147.663638][ T8155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.663653][ T8155] RSP: 002b:00007f08af436038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 147.663673][ T8155] RAX: ffffffffffffffda RBX: 00007f08ae7b5fa0 RCX: 00007f08ae58e929 [ 147.663686][ T8155] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 147.663698][ T8155] RBP: 00007f08af436090 R08: 0000000000000000 R09: 0000000000000000 [ 147.663709][ T8155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 147.663719][ T8155] R13: 0000000000000000 R14: 00007f08ae7b5fa0 R15: 00007ffdf533a3b8 [ 147.663751][ T8155] [ 148.313418][ T8086] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.392430][ T8161] netlink: 28 bytes leftover after parsing attributes in process `syz.3.787'. [ 148.416803][ T8163] netlink: 'syz.0.788': attribute type 25 has an invalid length. [ 148.444180][ T8086] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.574446][ T51] Bluetooth: hci2: command tx timeout [ 148.635300][ T49] team0: left promiscuous mode [ 148.650643][ T49] team_slave_0: left promiscuous mode [ 148.659281][ T49] team_slave_1: left promiscuous mode [ 148.673829][ T49] hsr_slave_0: left promiscuous mode [ 148.679942][ T49] hsr_slave_1: left promiscuous mode [ 148.688161][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 148.696084][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 148.708088][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 148.723866][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 148.766086][ T49] veth1_macvtap: left promiscuous mode [ 148.783936][ T49] veth0_macvtap: left promiscuous mode [ 148.792896][ T49] veth1_vlan: left promiscuous mode [ 148.804161][ T49] veth0_vlan: left promiscuous mode [ 149.373208][ T49] team0 (unregistering): Port device team_slave_1 removed [ 149.408609][ T49] team0 (unregistering): Port device team_slave_0 removed [ 149.756742][ T8165] netlink: 20 bytes leftover after parsing attributes in process `syz.0.789'. [ 150.096395][ T8065] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.107669][ T8065] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.118448][ T8065] bridge_slave_0: entered allmulticast mode [ 150.127672][ T8205] FAULT_INJECTION: forcing a failure. [ 150.127672][ T8205] name failslab, interval 1, probability 0, space 0, times 0 [ 150.152807][ T8065] bridge_slave_0: entered promiscuous mode [ 150.164036][ T8205] CPU: 1 UID: 0 PID: 8205 Comm: syz.1.798 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 150.164065][ T8205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 150.164076][ T8205] Call Trace: [ 150.164084][ T8205] [ 150.164092][ T8205] dump_stack_lvl+0x189/0x250 [ 150.164123][ T8205] ? __pfx____ratelimit+0x10/0x10 [ 150.164148][ T8205] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.164173][ T8205] ? __pfx__printk+0x10/0x10 [ 150.164195][ T8205] ? __pfx___might_resched+0x10/0x10 [ 150.164220][ T8205] ? fs_reclaim_acquire+0x7d/0x100 [ 150.164246][ T8205] should_fail_ex+0x414/0x560 [ 150.164273][ T8205] should_failslab+0xa8/0x100 [ 150.164294][ T8205] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 150.164313][ T8205] ? xs_format_common_peer_ports+0x12e/0x2d0 [ 150.164338][ T8205] kstrdup+0x42/0x100 [ 150.164360][ T8205] xs_format_common_peer_ports+0x12e/0x2d0 [ 150.164383][ T8205] ? __pfx_xs_format_common_peer_ports+0x10/0x10 [ 150.164425][ T8205] xs_format_peer_addresses+0x3be/0x4d0 [ 150.164452][ T8205] ? __pfx_xs_format_peer_addresses+0x10/0x10 [ 150.164496][ T8205] ? timer_init_key+0x171/0x2d0 [ 150.164520][ T8205] xs_setup_local+0x4ad/0x5e0 [ 150.164547][ T8205] xprt_create_transport+0x166/0x600 [ 150.164573][ T8205] rpc_create+0x4be/0x870 [ 150.164596][ T8205] ? __pfx_rpc_create+0x10/0x10 [ 150.164655][ T8205] ? rcu_is_watching+0x15/0xb0 [ 150.164681][ T8205] ? trace_contention_end+0x39/0x120 [ 150.164706][ T8205] rpcb_create_af_local+0x196/0x370 [ 150.164726][ T8205] ? __pfx_rpcb_create_af_local+0x10/0x10 [ 150.164744][ T8205] ? __lock_acquire+0xab9/0xd20 [ 150.164791][ T8205] ? do_raw_spin_unlock+0x122/0x240 [ 150.164816][ T8205] rpcb_create_local+0x251/0x610 [ 150.164836][ T8205] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 150.164868][ T8205] ? __pfx_rpcb_create_local+0x10/0x10 [ 150.164894][ T8205] ? __percpu_counter_init_many+0x364/0x380 [ 150.164923][ T8205] ? __svc_create+0x888/0x980 [ 150.164956][ T8205] svc_bind+0x1b4/0x230 [ 150.164984][ T8205] nfsd_create_serv+0x541/0x840 [ 150.165014][ T8205] ? __pfx_nfsd_create_serv+0x10/0x10 [ 150.165029][ T8205] ? nfsd_nl_listener_set_doit+0x12a/0x1650 [ 150.165053][ T8205] ? __pfx___mutex_lock+0x10/0x10 [ 150.165077][ T8205] ? __asan_memset+0x22/0x50 [ 150.165101][ T8205] ? ____sys_sendmsg+0x505/0x830 [ 150.165119][ T8205] ? __x64_sys_sendmsg+0x19b/0x260 [ 150.165146][ T8205] nfsd_nl_listener_set_doit+0x132/0x1650 [ 150.165168][ T8205] ? __pfx___nla_validate_parse+0x10/0x10 [ 150.165216][ T8205] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 150.165245][ T8205] ? __nla_parse+0x40/0x60 [ 150.165272][ T8205] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 150.165302][ T8205] genl_family_rcv_msg_doit+0x212/0x300 [ 150.165329][ T8205] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 150.165364][ T8205] ? bpf_lsm_capable+0x9/0x20 [ 150.165377][ T8205] ? security_capable+0x7e/0x2e0 [ 150.165405][ T8205] genl_rcv_msg+0x60e/0x790 [ 150.165436][ T8205] ? __pfx_genl_rcv_msg+0x10/0x10 [ 150.165458][ T8205] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 150.165494][ T8205] netlink_rcv_skb+0x208/0x470 [ 150.165515][ T8205] ? __pfx_genl_rcv_msg+0x10/0x10 [ 150.165540][ T8205] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 150.165579][ T8205] ? down_read+0x1ad/0x2e0 [ 150.165599][ T8205] genl_rcv+0x28/0x40 [ 150.165620][ T8205] netlink_unicast+0x75b/0x8d0 [ 150.165649][ T8205] netlink_sendmsg+0x805/0xb30 [ 150.165678][ T8205] ? __pfx_netlink_sendmsg+0x10/0x10 [ 150.165702][ T8205] ? aa_sock_msg_perm+0x94/0x160 [ 150.165726][ T8205] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 150.165747][ T8205] ? __pfx_netlink_sendmsg+0x10/0x10 [ 150.165767][ T8205] __sock_sendmsg+0x21c/0x270 [ 150.165796][ T8205] ____sys_sendmsg+0x505/0x830 [ 150.165820][ T8205] ? __pfx_____sys_sendmsg+0x10/0x10 [ 150.165856][ T8205] ? import_iovec+0x74/0xa0 [ 150.165874][ T8205] ___sys_sendmsg+0x21f/0x2a0 [ 150.165896][ T8205] ? __pfx____sys_sendmsg+0x10/0x10 [ 150.165958][ T8205] ? __fget_files+0x2a/0x420 [ 150.165976][ T8205] ? __fget_files+0x3a0/0x420 [ 150.166007][ T8205] __x64_sys_sendmsg+0x19b/0x260 [ 150.166031][ T8205] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 150.166064][ T8205] ? __pfx_ksys_write+0x10/0x10 [ 150.166078][ T8205] ? rcu_is_watching+0x15/0xb0 [ 150.166125][ T8205] ? do_syscall_64+0xbe/0x3b0 [ 150.166146][ T8205] do_syscall_64+0xfa/0x3b0 [ 150.166160][ T8205] ? lockdep_hardirqs_on+0x9c/0x150 [ 150.166183][ T8205] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.166201][ T8205] ? clear_bhb_loop+0x60/0xb0 [ 150.166222][ T8205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.166238][ T8205] RIP: 0033:0x7fa13cb8e929 [ 150.166253][ T8205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.166267][ T8205] RSP: 002b:00007fa13d979038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 150.166286][ T8205] RAX: ffffffffffffffda RBX: 00007fa13cdb5fa0 RCX: 00007fa13cb8e929 [ 150.166299][ T8205] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 150.166309][ T8205] RBP: 00007fa13d979090 R08: 0000000000000000 R09: 0000000000000000 [ 150.166319][ T8205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 150.166330][ T8205] R13: 0000000000000000 R14: 00007fa13cdb5fa0 R15: 00007ffd87cbd308 [ 150.166360][ T8205] [ 150.711117][ T51] Bluetooth: hci2: command tx timeout [ 150.725097][ T8065] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.732508][ T8065] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.741230][ T8065] bridge_slave_1: entered allmulticast mode [ 150.749478][ T8065] bridge_slave_1: entered promiscuous mode [ 150.776349][ T8201] xt_cgroup: path and classid specified [ 150.851622][ T8212] netlink: 'syz.1.799': attribute type 25 has an invalid length. [ 151.031836][ T8065] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 151.046393][ T8065] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 151.161469][ T8065] team0: Port device team_slave_0 added [ 151.173181][ T8065] team0: Port device team_slave_1 added [ 151.408410][ T8065] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 151.447740][ T8065] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.509842][ T8065] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 151.531867][ T8065] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 151.557705][ T8236] netlink: 40 bytes leftover after parsing attributes in process `syz.3.806'. [ 151.558790][ T8065] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.636736][ T8065] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 151.681023][ T49] IPVS: stop unused estimator thread 0... [ 151.682579][ T8247] FAULT_INJECTION: forcing a failure. [ 151.682579][ T8247] name failslab, interval 1, probability 0, space 0, times 0 [ 151.725974][ T8244] netlink: 8 bytes leftover after parsing attributes in process `syz.0.810'. [ 151.747323][ T8247] CPU: 1 UID: 0 PID: 8247 Comm: syz.4.809 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 151.747348][ T8247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 151.747359][ T8247] Call Trace: [ 151.747365][ T8247] [ 151.747373][ T8247] dump_stack_lvl+0x189/0x250 [ 151.747402][ T8247] ? __pfx____ratelimit+0x10/0x10 [ 151.747426][ T8247] ? __pfx_dump_stack_lvl+0x10/0x10 [ 151.747449][ T8247] ? __pfx__printk+0x10/0x10 [ 151.747470][ T8247] ? __pfx___might_resched+0x10/0x10 [ 151.747493][ T8247] ? fs_reclaim_acquire+0x7d/0x100 [ 151.747517][ T8247] should_fail_ex+0x414/0x560 [ 151.747544][ T8247] should_failslab+0xa8/0x100 [ 151.747563][ T8247] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 151.747581][ T8247] ? xs_format_common_peer_ports+0x1e4/0x2d0 [ 151.747604][ T8247] kstrdup+0x42/0x100 [ 151.747627][ T8247] xs_format_common_peer_ports+0x1e4/0x2d0 [ 151.747649][ T8247] ? __pfx_xs_format_common_peer_ports+0x10/0x10 [ 151.747703][ T8247] xs_format_peer_addresses+0x3be/0x4d0 [ 151.747732][ T8247] ? __pfx_xs_format_peer_addresses+0x10/0x10 [ 151.747776][ T8247] ? timer_init_key+0x171/0x2d0 [ 151.747805][ T8247] xs_setup_local+0x4ad/0x5e0 [ 151.747832][ T8247] xprt_create_transport+0x166/0x600 [ 151.747858][ T8247] rpc_create+0x4be/0x870 [ 151.747881][ T8247] ? __pfx_rpc_create+0x10/0x10 [ 151.747944][ T8247] ? rcu_is_watching+0x15/0xb0 [ 151.747970][ T8247] ? trace_contention_end+0x39/0x120 [ 151.748008][ T8247] rpcb_create_af_local+0x196/0x370 [ 151.748035][ T8247] ? __pfx_rpcb_create_af_local+0x10/0x10 [ 151.748053][ T8247] ? __lock_acquire+0xab9/0xd20 [ 151.748099][ T8247] ? do_raw_spin_unlock+0x122/0x240 [ 151.748124][ T8247] rpcb_create_local+0x251/0x610 [ 151.748144][ T8247] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 151.748165][ T8247] ? __pfx_rpcb_create_local+0x10/0x10 [ 151.748191][ T8247] ? __percpu_counter_init_many+0x364/0x380 [ 151.748219][ T8247] ? __svc_create+0x888/0x980 [ 151.748253][ T8247] svc_bind+0x1b4/0x230 [ 151.748280][ T8247] nfsd_create_serv+0x541/0x840 [ 151.748310][ T8247] ? __pfx_nfsd_create_serv+0x10/0x10 [ 151.748324][ T8247] ? nfsd_nl_listener_set_doit+0x12a/0x1650 [ 151.748347][ T8247] ? __pfx___mutex_lock+0x10/0x10 [ 151.748374][ T8247] ? __asan_memset+0x22/0x50 [ 151.748398][ T8247] ? ____sys_sendmsg+0x505/0x830 [ 151.748417][ T8247] ? __x64_sys_sendmsg+0x19b/0x260 [ 151.748449][ T8247] nfsd_nl_listener_set_doit+0x132/0x1650 [ 151.748474][ T8247] ? __pfx___nla_validate_parse+0x10/0x10 [ 151.748519][ T8247] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 151.748547][ T8247] ? __nla_parse+0x40/0x60 [ 151.748574][ T8247] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 151.748608][ T8247] genl_family_rcv_msg_doit+0x212/0x300 [ 151.748640][ T8247] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 151.748679][ T8247] ? bpf_lsm_capable+0x9/0x20 [ 151.748700][ T8247] ? security_capable+0x7e/0x2e0 [ 151.748730][ T8247] genl_rcv_msg+0x60e/0x790 [ 151.748760][ T8247] ? __pfx_genl_rcv_msg+0x10/0x10 [ 151.748782][ T8247] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 151.748822][ T8247] netlink_rcv_skb+0x208/0x470 [ 151.748844][ T8247] ? __pfx_genl_rcv_msg+0x10/0x10 [ 151.748868][ T8247] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 151.748908][ T8247] ? down_read+0x1ad/0x2e0 [ 151.748928][ T8247] genl_rcv+0x28/0x40 [ 151.748949][ T8247] netlink_unicast+0x75b/0x8d0 [ 151.748980][ T8247] netlink_sendmsg+0x805/0xb30 [ 151.749014][ T8247] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.749038][ T8247] ? aa_sock_msg_perm+0x94/0x160 [ 151.749062][ T8247] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 151.749082][ T8247] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.749103][ T8247] __sock_sendmsg+0x21c/0x270 [ 151.749132][ T8247] ____sys_sendmsg+0x505/0x830 [ 151.749159][ T8247] ? __pfx_____sys_sendmsg+0x10/0x10 [ 151.749191][ T8247] ? import_iovec+0x74/0xa0 [ 151.749217][ T8247] ___sys_sendmsg+0x21f/0x2a0 [ 151.749240][ T8247] ? __pfx____sys_sendmsg+0x10/0x10 [ 151.749304][ T8247] ? __fget_files+0x2a/0x420 [ 151.749322][ T8247] ? __fget_files+0x3a0/0x420 [ 151.749357][ T8247] __x64_sys_sendmsg+0x19b/0x260 [ 151.749385][ T8247] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 151.749417][ T8247] ? __pfx_ksys_write+0x10/0x10 [ 151.749431][ T8247] ? rcu_is_watching+0x15/0xb0 [ 151.749462][ T8247] ? do_syscall_64+0xbe/0x3b0 [ 151.749483][ T8247] do_syscall_64+0xfa/0x3b0 [ 151.749497][ T8247] ? lockdep_hardirqs_on+0x9c/0x150 [ 151.749520][ T8247] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.749537][ T8247] ? clear_bhb_loop+0x60/0xb0 [ 151.749558][ T8247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.749575][ T8247] RIP: 0033:0x7f9fd7b8e929 [ 151.749591][ T8247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.749606][ T8247] RSP: 002b:00007f9fd89ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 151.749625][ T8247] RAX: ffffffffffffffda RBX: 00007f9fd7db5fa0 RCX: 00007f9fd7b8e929 [ 151.749639][ T8247] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 151.749650][ T8247] RBP: 00007f9fd89ad090 R08: 0000000000000000 R09: 0000000000000000 [ 151.749661][ T8247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 151.749675][ T8247] R13: 0000000000000000 R14: 00007f9fd7db5fa0 R15: 00007fff82556c78 [ 151.749713][ T8247] [ 152.595737][ T8065] hsr_slave_0: entered promiscuous mode [ 152.602523][ T8065] hsr_slave_1: entered promiscuous mode [ 152.609046][ T8065] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 152.616981][ T8065] Cannot create hsr debugfs directory [ 152.653315][ T8257] netlink: 'syz.4.813': attribute type 25 has an invalid length. [ 152.726034][ T51] Bluetooth: hci2: command tx timeout [ 152.754699][ T8259] netlink: 8 bytes leftover after parsing attributes in process `syz.3.814'. [ 153.397185][ T8289] FAULT_INJECTION: forcing a failure. [ 153.397185][ T8289] name failslab, interval 1, probability 0, space 0, times 0 [ 153.410074][ T8289] CPU: 1 UID: 0 PID: 8289 Comm: syz.4.824 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 153.410098][ T8289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 153.410109][ T8289] Call Trace: [ 153.410117][ T8289] [ 153.410125][ T8289] dump_stack_lvl+0x189/0x250 [ 153.410155][ T8289] ? __pfx____ratelimit+0x10/0x10 [ 153.410180][ T8289] ? __pfx_dump_stack_lvl+0x10/0x10 [ 153.410205][ T8289] ? __pfx__printk+0x10/0x10 [ 153.410231][ T8289] ? __pfx___might_resched+0x10/0x10 [ 153.410262][ T8289] should_fail_ex+0x414/0x560 [ 153.410289][ T8289] should_failslab+0xa8/0x100 [ 153.410311][ T8289] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 153.410329][ T8289] ? xprt_create_transport+0x39b/0x600 [ 153.410359][ T8289] kstrdup+0x42/0x100 [ 153.410382][ T8289] xprt_create_transport+0x39b/0x600 [ 153.410433][ T8289] rpc_create+0x4be/0x870 [ 153.410454][ T8289] ? __pfx_rpc_create+0x10/0x10 [ 153.410506][ T8289] ? rcu_is_watching+0x15/0xb0 [ 153.410529][ T8289] ? trace_contention_end+0x39/0x120 [ 153.410551][ T8289] rpcb_create_af_local+0x196/0x370 [ 153.410570][ T8289] ? __pfx_rpcb_create_af_local+0x10/0x10 [ 153.410586][ T8289] ? __lock_acquire+0xab9/0xd20 [ 153.410631][ T8289] ? do_raw_spin_unlock+0x122/0x240 [ 153.410656][ T8289] rpcb_create_local+0x251/0x610 [ 153.410674][ T8289] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 153.410697][ T8289] ? __pfx_rpcb_create_local+0x10/0x10 [ 153.410723][ T8289] ? __percpu_counter_init_many+0x364/0x380 [ 153.410751][ T8289] ? __svc_create+0x888/0x980 [ 153.410783][ T8289] svc_bind+0x1b4/0x230 [ 153.410809][ T8289] nfsd_create_serv+0x541/0x840 [ 153.410851][ T8289] ? __pfx_nfsd_create_serv+0x10/0x10 [ 153.410867][ T8289] ? nfsd_nl_listener_set_doit+0x12a/0x1650 [ 153.410889][ T8289] ? __pfx___mutex_lock+0x10/0x10 [ 153.410915][ T8289] ? __asan_memset+0x22/0x50 [ 153.410939][ T8289] ? ____sys_sendmsg+0x505/0x830 [ 153.410959][ T8289] ? __x64_sys_sendmsg+0x19b/0x260 [ 153.410985][ T8289] nfsd_nl_listener_set_doit+0x132/0x1650 [ 153.411006][ T8289] ? __pfx___nla_validate_parse+0x10/0x10 [ 153.411049][ T8289] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 153.411078][ T8289] ? __nla_parse+0x40/0x60 [ 153.411104][ T8289] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 153.411137][ T8289] genl_family_rcv_msg_doit+0x212/0x300 [ 153.411166][ T8289] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 153.411203][ T8289] ? bpf_lsm_capable+0x9/0x20 [ 153.411219][ T8289] ? security_capable+0x7e/0x2e0 [ 153.411244][ T8289] genl_rcv_msg+0x60e/0x790 [ 153.411272][ T8289] ? __pfx_genl_rcv_msg+0x10/0x10 [ 153.411294][ T8289] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 153.411331][ T8289] netlink_rcv_skb+0x208/0x470 [ 153.411349][ T8289] ? __pfx_genl_rcv_msg+0x10/0x10 [ 153.411373][ T8289] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 153.411411][ T8289] ? down_read+0x1ad/0x2e0 [ 153.411430][ T8289] genl_rcv+0x28/0x40 [ 153.411451][ T8289] netlink_unicast+0x75b/0x8d0 [ 153.411480][ T8289] netlink_sendmsg+0x805/0xb30 [ 153.411509][ T8289] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.411531][ T8289] ? aa_sock_msg_perm+0x94/0x160 [ 153.411554][ T8289] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 153.411572][ T8289] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.411592][ T8289] __sock_sendmsg+0x21c/0x270 [ 153.411621][ T8289] ____sys_sendmsg+0x505/0x830 [ 153.411648][ T8289] ? __pfx_____sys_sendmsg+0x10/0x10 [ 153.411680][ T8289] ? import_iovec+0x74/0xa0 [ 153.411701][ T8289] ___sys_sendmsg+0x21f/0x2a0 [ 153.411725][ T8289] ? __pfx____sys_sendmsg+0x10/0x10 [ 153.411789][ T8289] ? __fget_files+0x2a/0x420 [ 153.411807][ T8289] ? __fget_files+0x3a0/0x420 [ 153.411843][ T8289] __x64_sys_sendmsg+0x19b/0x260 [ 153.411867][ T8289] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 153.411900][ T8289] ? __pfx_ksys_write+0x10/0x10 [ 153.411913][ T8289] ? rcu_is_watching+0x15/0xb0 [ 153.411943][ T8289] ? do_syscall_64+0xbe/0x3b0 [ 153.411963][ T8289] do_syscall_64+0xfa/0x3b0 [ 153.411976][ T8289] ? lockdep_hardirqs_on+0x9c/0x150 [ 153.411998][ T8289] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.412014][ T8289] ? clear_bhb_loop+0x60/0xb0 [ 153.412036][ T8289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.412053][ T8289] RIP: 0033:0x7f9fd7b8e929 [ 153.412070][ T8289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 153.412085][ T8289] RSP: 002b:00007f9fd89ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 153.412104][ T8289] RAX: ffffffffffffffda RBX: 00007f9fd7db5fa0 RCX: 00007f9fd7b8e929 [ 153.412118][ T8289] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 153.412129][ T8289] RBP: 00007f9fd89ad090 R08: 0000000000000000 R09: 0000000000000000 [ 153.412140][ T8289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 153.412150][ T8289] R13: 0000000000000000 R14: 00007f9fd7db5fa0 R15: 00007fff82556c78 [ 153.412182][ T8289] [ 154.638637][ T8325] FAULT_INJECTION: forcing a failure. [ 154.638637][ T8325] name failslab, interval 1, probability 0, space 0, times 0 [ 154.656746][ T8325] CPU: 0 UID: 0 PID: 8325 Comm: syz.4.838 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 154.656772][ T8325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 154.656784][ T8325] Call Trace: [ 154.656791][ T8325] [ 154.656799][ T8325] dump_stack_lvl+0x189/0x250 [ 154.656828][ T8325] ? __pfx____ratelimit+0x10/0x10 [ 154.656853][ T8325] ? __pfx_dump_stack_lvl+0x10/0x10 [ 154.656878][ T8325] ? __pfx__printk+0x10/0x10 [ 154.656902][ T8325] ? __pfx___might_resched+0x10/0x10 [ 154.656932][ T8325] should_fail_ex+0x414/0x560 [ 154.656958][ T8325] should_failslab+0xa8/0x100 [ 154.656979][ T8325] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 154.656998][ T8325] ? xprt_create_transport+0x39b/0x600 [ 154.657027][ T8325] kstrdup+0x42/0x100 [ 154.657050][ T8325] xprt_create_transport+0x39b/0x600 [ 154.657077][ T8325] rpc_create+0x4be/0x870 [ 154.657100][ T8325] ? __pfx_rpc_create+0x10/0x10 [ 154.657165][ T8325] ? rcu_is_watching+0x15/0xb0 [ 154.657190][ T8325] ? trace_contention_end+0x39/0x120 [ 154.657216][ T8325] rpcb_create_af_local+0x196/0x370 [ 154.657237][ T8325] ? __pfx_rpcb_create_af_local+0x10/0x10 [ 154.657255][ T8325] ? __lock_acquire+0xab9/0xd20 [ 154.657303][ T8325] ? do_raw_spin_unlock+0x122/0x240 [ 154.657328][ T8325] rpcb_create_local+0x251/0x610 [ 154.657348][ T8325] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 154.657374][ T8325] ? __pfx_rpcb_create_local+0x10/0x10 [ 154.657400][ T8325] ? __percpu_counter_init_many+0x364/0x380 [ 154.657429][ T8325] ? __svc_create+0x888/0x980 [ 154.657462][ T8325] svc_bind+0x1b4/0x230 [ 154.657498][ T8325] nfsd_create_serv+0x541/0x840 [ 154.657528][ T8325] ? __pfx_nfsd_create_serv+0x10/0x10 [ 154.657543][ T8325] ? nfsd_nl_listener_set_doit+0x12a/0x1650 [ 154.657564][ T8325] ? __pfx___mutex_lock+0x10/0x10 [ 154.657590][ T8325] ? __asan_memset+0x22/0x50 [ 154.657615][ T8325] ? ____sys_sendmsg+0x505/0x830 [ 154.657634][ T8325] ? __x64_sys_sendmsg+0x19b/0x260 [ 154.657666][ T8325] nfsd_nl_listener_set_doit+0x132/0x1650 [ 154.657691][ T8325] ? __pfx___nla_validate_parse+0x10/0x10 [ 154.657738][ T8325] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 154.657767][ T8325] ? __nla_parse+0x40/0x60 [ 154.657794][ T8325] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 154.657828][ T8325] genl_family_rcv_msg_doit+0x212/0x300 [ 154.657859][ T8325] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 154.657898][ T8325] ? bpf_lsm_capable+0x9/0x20 [ 154.657913][ T8325] ? security_capable+0x7e/0x2e0 [ 154.657941][ T8325] genl_rcv_msg+0x60e/0x790 [ 154.657972][ T8325] ? __pfx_genl_rcv_msg+0x10/0x10 [ 154.657992][ T8325] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 154.658025][ T8325] netlink_rcv_skb+0x208/0x470 [ 154.658045][ T8325] ? __pfx_genl_rcv_msg+0x10/0x10 [ 154.658069][ T8325] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 154.658109][ T8325] ? down_read+0x1ad/0x2e0 [ 154.658129][ T8325] genl_rcv+0x28/0x40 [ 154.658150][ T8325] netlink_unicast+0x75b/0x8d0 [ 154.658181][ T8325] netlink_sendmsg+0x805/0xb30 [ 154.658212][ T8325] ? __pfx_netlink_sendmsg+0x10/0x10 [ 154.658236][ T8325] ? aa_sock_msg_perm+0x94/0x160 [ 154.658260][ T8325] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 154.658280][ T8325] ? __pfx_netlink_sendmsg+0x10/0x10 [ 154.658300][ T8325] __sock_sendmsg+0x21c/0x270 [ 154.658329][ T8325] ____sys_sendmsg+0x505/0x830 [ 154.658357][ T8325] ? __pfx_____sys_sendmsg+0x10/0x10 [ 154.658389][ T8325] ? import_iovec+0x74/0xa0 [ 154.658411][ T8325] ___sys_sendmsg+0x21f/0x2a0 [ 154.658434][ T8325] ? __pfx____sys_sendmsg+0x10/0x10 [ 154.658503][ T8325] ? __fget_files+0x2a/0x420 [ 154.658521][ T8325] ? __fget_files+0x3a0/0x420 [ 154.658553][ T8325] __x64_sys_sendmsg+0x19b/0x260 [ 154.658577][ T8325] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 154.658609][ T8325] ? __pfx_ksys_write+0x10/0x10 [ 154.658622][ T8325] ? rcu_is_watching+0x15/0xb0 [ 154.658653][ T8325] ? do_syscall_64+0xbe/0x3b0 [ 154.658673][ T8325] do_syscall_64+0xfa/0x3b0 [ 154.658688][ T8325] ? lockdep_hardirqs_on+0x9c/0x150 [ 154.658711][ T8325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.658727][ T8325] ? clear_bhb_loop+0x60/0xb0 [ 154.658747][ T8325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.658765][ T8325] RIP: 0033:0x7f9fd7b8e929 [ 154.658782][ T8325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.658797][ T8325] RSP: 002b:00007f9fd89ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 154.658816][ T8325] RAX: ffffffffffffffda RBX: 00007f9fd7db5fa0 RCX: 00007f9fd7b8e929 [ 154.658829][ T8325] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 154.658841][ T8325] RBP: 00007f9fd89ad090 R08: 0000000000000000 R09: 0000000000000000 [ 154.658852][ T8325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 154.658862][ T8325] R13: 0000000000000000 R14: 00007f9fd7db5fa0 R15: 00007fff82556c78 [ 154.658894][ T8325] [ 154.665256][ T8317] netlink: 'syz.0.835': attribute type 1 has an invalid length. [ 155.250983][ T8333] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.840'. [ 155.416514][ T8065] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 155.441110][ T8065] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 155.461735][ T8065] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 155.486973][ T8065] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 155.509525][ T8346] netlink: 'syz.0.845': attribute type 21 has an invalid length. [ 155.511829][ T8345] netlink: 'syz.0.845': attribute type 21 has an invalid length. [ 155.526916][ T8343] No such timeout policy "syz0" [ 155.651732][ T8065] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.701463][ T8065] 8021q: adding VLAN 0 to HW filter on device team0 [ 155.721896][ T7022] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.729834][ T7022] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.750885][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.758076][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.982094][ T8370] FAULT_INJECTION: forcing a failure. [ 155.982094][ T8370] name failslab, interval 1, probability 0, space 0, times 0 [ 156.000374][ T8370] CPU: 0 UID: 0 PID: 8370 Comm: syz.3.852 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 156.000400][ T8370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 156.000411][ T8370] Call Trace: [ 156.000419][ T8370] [ 156.000426][ T8370] dump_stack_lvl+0x189/0x250 [ 156.000456][ T8370] ? __pfx____ratelimit+0x10/0x10 [ 156.000481][ T8370] ? __pfx_dump_stack_lvl+0x10/0x10 [ 156.000507][ T8370] ? __pfx__printk+0x10/0x10 [ 156.000533][ T8370] ? __pfx___might_resched+0x10/0x10 [ 156.000557][ T8370] ? fs_reclaim_acquire+0x7d/0x100 [ 156.000583][ T8370] should_fail_ex+0x414/0x560 [ 156.000611][ T8370] should_failslab+0xa8/0x100 [ 156.000638][ T8370] __kmalloc_cache_noprof+0x70/0x3d0 [ 156.000655][ T8370] ? rpc_sysfs_xprt_switch_setup+0xe2/0x2b0 [ 156.000686][ T8370] rpc_sysfs_xprt_switch_setup+0xe2/0x2b0 [ 156.000718][ T8370] xprt_switch_alloc+0x251/0x5a0 [ 156.000752][ T8370] rpc_create_xprt+0x1a5/0xa30 [ 156.000776][ T8370] ? __pfx_rpc_create_xprt+0x10/0x10 [ 156.000813][ T8370] ? xprt_create_transport+0x39b/0x600 [ 156.000838][ T8370] ? rcu_is_watching+0x15/0xb0 [ 156.000863][ T8370] ? trace_kmalloc+0x1f/0xd0 [ 156.000882][ T8370] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 156.000900][ T8370] ? kstrdup+0x81/0x100 [ 156.000921][ T8370] ? __asan_memcpy+0x40/0x70 [ 156.000951][ T8370] ? xprt_create_transport+0x43c/0x600 [ 156.000976][ T8370] rpc_create+0x60b/0x870 [ 156.000998][ T8370] ? __pfx_rpc_create+0x10/0x10 [ 156.001065][ T8370] ? rcu_is_watching+0x15/0xb0 [ 156.001090][ T8370] ? trace_contention_end+0x39/0x120 [ 156.001117][ T8370] rpcb_create_af_local+0x196/0x370 [ 156.001140][ T8370] ? __pfx_rpcb_create_af_local+0x10/0x10 [ 156.001158][ T8370] ? __lock_acquire+0xab9/0xd20 [ 156.001206][ T8370] ? do_raw_spin_unlock+0x122/0x240 [ 156.001232][ T8370] rpcb_create_local+0x251/0x610 [ 156.001253][ T8370] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 156.001277][ T8370] ? __pfx_rpcb_create_local+0x10/0x10 [ 156.001303][ T8370] ? __percpu_counter_init_many+0x364/0x380 [ 156.001333][ T8370] ? __svc_create+0x888/0x980 [ 156.001367][ T8370] svc_bind+0x1b4/0x230 [ 156.001397][ T8370] nfsd_create_serv+0x541/0x840 [ 156.001428][ T8370] ? __pfx_nfsd_create_serv+0x10/0x10 [ 156.001443][ T8370] ? nfsd_nl_listener_set_doit+0x12a/0x1650 [ 156.001467][ T8370] ? __pfx___mutex_lock+0x10/0x10 [ 156.001493][ T8370] ? __asan_memset+0x22/0x50 [ 156.001518][ T8370] ? ____sys_sendmsg+0x505/0x830 [ 156.001538][ T8370] ? __x64_sys_sendmsg+0x19b/0x260 [ 156.001569][ T8370] nfsd_nl_listener_set_doit+0x132/0x1650 [ 156.001594][ T8370] ? __pfx___nla_validate_parse+0x10/0x10 [ 156.001645][ T8370] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 156.001674][ T8370] ? __nla_parse+0x40/0x60 [ 156.001702][ T8370] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 156.001736][ T8370] genl_family_rcv_msg_doit+0x212/0x300 [ 156.001769][ T8370] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 156.001808][ T8370] ? bpf_lsm_capable+0x9/0x20 [ 156.001824][ T8370] ? security_capable+0x7e/0x2e0 [ 156.001852][ T8370] genl_rcv_msg+0x60e/0x790 [ 156.001883][ T8370] ? __pfx_genl_rcv_msg+0x10/0x10 [ 156.001905][ T8370] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 156.001943][ T8370] netlink_rcv_skb+0x208/0x470 [ 156.001965][ T8370] ? __pfx_genl_rcv_msg+0x10/0x10 [ 156.001990][ T8370] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 156.002028][ T8370] ? down_read+0x1ad/0x2e0 [ 156.002048][ T8370] genl_rcv+0x28/0x40 [ 156.002068][ T8370] netlink_unicast+0x75b/0x8d0 [ 156.002101][ T8370] netlink_sendmsg+0x805/0xb30 [ 156.002131][ T8370] ? __pfx_netlink_sendmsg+0x10/0x10 [ 156.002155][ T8370] ? aa_sock_msg_perm+0x94/0x160 [ 156.002177][ T8370] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 156.002197][ T8370] ? __pfx_netlink_sendmsg+0x10/0x10 [ 156.002217][ T8370] __sock_sendmsg+0x21c/0x270 [ 156.002247][ T8370] ____sys_sendmsg+0x505/0x830 [ 156.002274][ T8370] ? __pfx_____sys_sendmsg+0x10/0x10 [ 156.002304][ T8370] ? import_iovec+0x74/0xa0 [ 156.002324][ T8370] ___sys_sendmsg+0x21f/0x2a0 [ 156.002347][ T8370] ? __pfx____sys_sendmsg+0x10/0x10 [ 156.002407][ T8370] ? __fget_files+0x2a/0x420 [ 156.002427][ T8370] ? __fget_files+0x3a0/0x420 [ 156.002456][ T8370] __x64_sys_sendmsg+0x19b/0x260 [ 156.002480][ T8370] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 156.002514][ T8370] ? rcu_is_watching+0x15/0xb0 [ 156.002539][ T8370] ? trace_sys_enter+0x25/0x120 [ 156.002568][ T8370] do_syscall_64+0xfa/0x3b0 [ 156.002583][ T8370] ? lockdep_hardirqs_on+0x9c/0x150 [ 156.002606][ T8370] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.002629][ T8370] ? clear_bhb_loop+0x60/0xb0 [ 156.002652][ T8370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.002668][ T8370] RIP: 0033:0x7f2e0bf8e929 [ 156.002685][ T8370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.002699][ T8370] RSP: 002b:00007f2e0cdc1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 156.002718][ T8370] RAX: ffffffffffffffda RBX: 00007f2e0c1b5fa0 RCX: 00007f2e0bf8e929 [ 156.002731][ T8370] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 156.002742][ T8370] RBP: 00007f2e0cdc1090 R08: 0000000000000000 R09: 0000000000000000 [ 156.002753][ T8370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 156.002763][ T8370] R13: 0000000000000000 R14: 00007f2e0c1b5fa0 R15: 00007ffdba4c1438 [ 156.002795][ T8370] [ 156.573441][ T8372] xt_CT: No such helper "syz0" [ 156.701590][ T8378] netlink: 12 bytes leftover after parsing attributes in process `syz.1.854'. [ 156.736213][ T8065] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 156.797095][ T8065] veth0_vlan: entered promiscuous mode [ 156.816991][ T8065] veth1_vlan: entered promiscuous mode [ 156.886994][ T8065] veth0_macvtap: entered promiscuous mode [ 156.897575][ T8065] veth1_macvtap: entered promiscuous mode [ 156.922635][ T8065] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 156.958291][ T8065] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 156.978665][ T8065] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.987447][ T8065] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.997081][ T8065] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.006702][ T8065] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.233118][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.291927][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.429115][ T7022] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.440804][ T7022] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.929194][ T8409] netlink: 20 bytes leftover after parsing attributes in process `syz.3.867'. [ 158.092206][ T8417] netlink: 8 bytes leftover after parsing attributes in process `syz.0.870'. [ 158.101361][ T8417] netlink: 'syz.0.870': attribute type 4 has an invalid length. [ 158.561971][ T8445] FAULT_INJECTION: forcing a failure. [ 158.561971][ T8445] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 158.577218][ T8445] CPU: 0 UID: 0 PID: 8445 Comm: syz.0.882 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 158.577246][ T8445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 158.577256][ T8445] Call Trace: [ 158.577264][ T8445] [ 158.577271][ T8445] dump_stack_lvl+0x189/0x250 [ 158.577302][ T8445] ? __pfx____ratelimit+0x10/0x10 [ 158.577327][ T8445] ? __pfx_dump_stack_lvl+0x10/0x10 [ 158.577352][ T8445] ? __pfx__printk+0x10/0x10 [ 158.577370][ T8445] ? __might_fault+0xb0/0x130 [ 158.577400][ T8445] should_fail_ex+0x414/0x560 [ 158.577427][ T8445] _copy_from_user+0x2d/0xb0 [ 158.577446][ T8445] generic_map_update_batch+0x572/0x7f0 [ 158.577487][ T8445] ? __pfx_generic_map_update_batch+0x10/0x10 [ 158.577506][ T8445] ? __fget_files+0x2a/0x420 [ 158.577532][ T8445] ? __pfx_generic_map_update_batch+0x10/0x10 [ 158.577551][ T8445] bpf_map_do_batch+0x36c/0x5f0 [ 158.577581][ T8445] __sys_bpf+0x384/0x860 [ 158.577605][ T8445] ? __pfx___sys_bpf+0x10/0x10 [ 158.577642][ T8445] ? ksys_write+0x22a/0x250 [ 158.577661][ T8445] ? __pfx_ksys_write+0x10/0x10 [ 158.577675][ T8445] ? rcu_is_watching+0x15/0xb0 [ 158.577705][ T8445] __x64_sys_bpf+0x7c/0x90 [ 158.577725][ T8445] do_syscall_64+0xfa/0x3b0 [ 158.577738][ T8445] ? lockdep_hardirqs_on+0x9c/0x150 [ 158.577762][ T8445] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.577779][ T8445] ? clear_bhb_loop+0x60/0xb0 [ 158.577799][ T8445] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.577816][ T8445] RIP: 0033:0x7f08ae58e929 [ 158.577831][ T8445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.577846][ T8445] RSP: 002b:00007f08af436038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 158.577865][ T8445] RAX: ffffffffffffffda RBX: 00007f08ae7b5fa0 RCX: 00007f08ae58e929 [ 158.577877][ T8445] RDX: 0000000000000038 RSI: 0000200000000400 RDI: 000000000000001a [ 158.577888][ T8445] RBP: 00007f08af436090 R08: 0000000000000000 R09: 0000000000000000 [ 158.577899][ T8445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 158.577910][ T8445] R13: 0000000000000000 R14: 00007f08ae7b5fa0 R15: 00007ffdf533a3b8 [ 158.577940][ T8445] [ 159.184895][ T8475] FAULT_INJECTION: forcing a failure. [ 159.184895][ T8475] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 159.214999][ T8475] CPU: 0 UID: 0 PID: 8475 Comm: syz.0.895 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 159.215027][ T8475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 159.215038][ T8475] Call Trace: [ 159.215045][ T8475] [ 159.215053][ T8475] dump_stack_lvl+0x189/0x250 [ 159.215082][ T8475] ? __pfx____ratelimit+0x10/0x10 [ 159.215106][ T8475] ? __pfx_dump_stack_lvl+0x10/0x10 [ 159.215131][ T8475] ? __pfx__printk+0x10/0x10 [ 159.215150][ T8475] ? __might_fault+0xb0/0x130 [ 159.215178][ T8475] should_fail_ex+0x414/0x560 [ 159.215203][ T8475] _copy_from_user+0x2d/0xb0 [ 159.215221][ T8475] generic_map_update_batch+0x51b/0x7f0 [ 159.215251][ T8475] ? __pfx_generic_map_update_batch+0x10/0x10 [ 159.215269][ T8475] ? __fget_files+0x2a/0x420 [ 159.215294][ T8475] ? __pfx_generic_map_update_batch+0x10/0x10 [ 159.215311][ T8475] bpf_map_do_batch+0x36c/0x5f0 [ 159.215341][ T8475] __sys_bpf+0x384/0x860 [ 159.215365][ T8475] ? __pfx___sys_bpf+0x10/0x10 [ 159.215399][ T8475] ? ksys_write+0x22a/0x250 [ 159.215416][ T8475] ? __pfx_ksys_write+0x10/0x10 [ 159.215430][ T8475] ? rcu_is_watching+0x15/0xb0 [ 159.215461][ T8475] __x64_sys_bpf+0x7c/0x90 [ 159.215485][ T8475] do_syscall_64+0xfa/0x3b0 [ 159.215500][ T8475] ? lockdep_hardirqs_on+0x9c/0x150 [ 159.215522][ T8475] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.215539][ T8475] ? clear_bhb_loop+0x60/0xb0 [ 159.215561][ T8475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.215578][ T8475] RIP: 0033:0x7f08ae58e929 [ 159.215594][ T8475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.215608][ T8475] RSP: 002b:00007f08af436038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 159.215626][ T8475] RAX: ffffffffffffffda RBX: 00007f08ae7b5fa0 RCX: 00007f08ae58e929 [ 159.215637][ T8475] RDX: 0000000000000038 RSI: 0000200000000400 RDI: 000000000000001a [ 159.215649][ T8475] RBP: 00007f08af436090 R08: 0000000000000000 R09: 0000000000000000 [ 159.215659][ T8475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 159.215669][ T8475] R13: 0000000000000000 R14: 00007f08ae7b5fa0 R15: 00007ffdf533a3b8 [ 159.215698][ T8475] [ 159.522886][ T8481] netlink: 16 bytes leftover after parsing attributes in process `syz.4.896'. [ 159.533772][ T8481] netlink: 8 bytes leftover after parsing attributes in process `syz.4.896'. [ 159.568340][ T8488] bridge0: entered allmulticast mode [ 159.577291][ T8489] netlink: 4 bytes leftover after parsing attributes in process `syz.1.898'. [ 159.593742][ T8489] bridge_slave_1: left allmulticast mode [ 159.599849][ T8489] bridge_slave_1: left promiscuous mode [ 159.610841][ T8489] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.649323][ T8489] bridge_slave_0: left allmulticast mode [ 159.669307][ T8489] bridge_slave_0: left promiscuous mode [ 159.679640][ T8496] netlink: 4 bytes leftover after parsing attributes in process `syz.4.901'. [ 159.697736][ T8489] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.720300][ T8499] netlink: 8 bytes leftover after parsing attributes in process `syz.3.899'. [ 159.729435][ T8499] netlink: 'syz.3.899': attribute type 3 has an invalid length. [ 159.758013][ T8489] bridge0 (unregistering): left allmulticast mode [ 160.035415][ T8516] FAULT_INJECTION: forcing a failure. [ 160.035415][ T8516] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 160.052327][ T8516] CPU: 1 UID: 0 PID: 8516 Comm: syz.1.908 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 160.052361][ T8516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 160.052372][ T8516] Call Trace: [ 160.052380][ T8516] [ 160.052387][ T8516] dump_stack_lvl+0x189/0x250 [ 160.052418][ T8516] ? __pfx____ratelimit+0x10/0x10 [ 160.052442][ T8516] ? __pfx_dump_stack_lvl+0x10/0x10 [ 160.052467][ T8516] ? __pfx__printk+0x10/0x10 [ 160.052487][ T8516] ? __might_fault+0xb0/0x130 [ 160.052517][ T8516] should_fail_ex+0x414/0x560 [ 160.052544][ T8516] _copy_from_user+0x2d/0xb0 [ 160.052563][ T8516] generic_map_update_batch+0x572/0x7f0 [ 160.052596][ T8516] ? __pfx_generic_map_update_batch+0x10/0x10 [ 160.052615][ T8516] ? __fget_files+0x2a/0x420 [ 160.052642][ T8516] ? __pfx_generic_map_update_batch+0x10/0x10 [ 160.052660][ T8516] bpf_map_do_batch+0x36c/0x5f0 [ 160.052690][ T8516] __sys_bpf+0x384/0x860 [ 160.052711][ T8516] ? __pfx___sys_bpf+0x10/0x10 [ 160.052744][ T8516] ? ksys_write+0x22a/0x250 [ 160.052763][ T8516] ? __pfx_ksys_write+0x10/0x10 [ 160.052776][ T8516] ? rcu_is_watching+0x15/0xb0 [ 160.052807][ T8516] __x64_sys_bpf+0x7c/0x90 [ 160.052827][ T8516] do_syscall_64+0xfa/0x3b0 [ 160.052842][ T8516] ? lockdep_hardirqs_on+0x9c/0x150 [ 160.052865][ T8516] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.052882][ T8516] ? clear_bhb_loop+0x60/0xb0 [ 160.052904][ T8516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.052920][ T8516] RIP: 0033:0x7fa13cb8e929 [ 160.052937][ T8516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.052951][ T8516] RSP: 002b:00007fa13d979038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 160.052970][ T8516] RAX: ffffffffffffffda RBX: 00007fa13cdb5fa0 RCX: 00007fa13cb8e929 [ 160.052983][ T8516] RDX: 0000000000000038 RSI: 0000200000000400 RDI: 000000000000001a [ 160.052994][ T8516] RBP: 00007fa13d979090 R08: 0000000000000000 R09: 0000000000000000 [ 160.053005][ T8516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 160.053015][ T8516] R13: 0000000000000000 R14: 00007fa13cdb5fa0 R15: 00007ffd87cbd308 [ 160.053045][ T8516] [ 160.284947][ T8518] netlink: 'syz.3.909': attribute type 25 has an invalid length. [ 160.501913][ T8530] netlink: 'syz.3.915': attribute type 21 has an invalid length. [ 160.570191][ T8532] netlink: 28 bytes leftover after parsing attributes in process `syz.1.917'. [ 160.750421][ T8545] netlink: 28 bytes leftover after parsing attributes in process `syz.1.920'. [ 160.768760][ T8545] netlink: 28 bytes leftover after parsing attributes in process `syz.1.920'. [ 160.934598][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.979676][ T8545] bond0: entered promiscuous mode [ 160.984851][ T8545] bond_slave_0: entered promiscuous mode [ 160.999106][ T8545] bond_slave_1: entered promiscuous mode [ 161.031520][ T8545] bond0: left promiscuous mode [ 161.041753][ T8545] bond_slave_0: left promiscuous mode [ 161.054890][ T8545] bond_slave_1: left promiscuous mode [ 161.129953][ T8548] netlink: 'syz.4.921': attribute type 25 has an invalid length. [ 161.336288][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.506370][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.634213][ T5149] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 161.646463][ T5149] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 161.655342][ T5149] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 161.678999][ T5149] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 161.695575][ T5149] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 161.725515][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.795304][ T8583] netlink: 'syz.3.933': attribute type 1 has an invalid length. [ 161.804161][ T8583] netlink: 'syz.3.933': attribute type 1 has an invalid length. [ 161.811829][ T8583] netlink: 'syz.3.933': attribute type 2 has an invalid length. [ 161.883262][ T8586] netlink: 'syz.4.935': attribute type 25 has an invalid length. [ 162.047765][ T8593] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 162.097552][ T8593] IPv6: sit1: Disabled Multicast RS [ 162.164014][ T12] bridge_slave_1: left allmulticast mode [ 162.169726][ T12] bridge_slave_1: left promiscuous mode [ 162.200418][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.218844][ T8605] netlink: 'syz.4.939': attribute type 10 has an invalid length. [ 162.237722][ T12] bridge_slave_0: left allmulticast mode [ 162.243423][ T12] bridge_slave_0: left promiscuous mode [ 162.249786][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.599039][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 162.610362][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 162.627337][ T12] bond0 (unregistering): Released all slaves [ 162.683137][ T8605] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 162.980492][ T8621] __nla_validate_parse: 5 callbacks suppressed [ 162.980510][ T8621] netlink: 240 bytes leftover after parsing attributes in process `syz.1.948'. [ 163.079345][ T12] hsr_slave_0: left promiscuous mode [ 163.097259][ T12] hsr_slave_1: left promiscuous mode [ 163.106893][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.119701][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.140285][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.156137][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.192504][ T12] veth1_macvtap: left promiscuous mode [ 163.199787][ T12] veth0_macvtap: left promiscuous mode [ 163.205851][ T12] veth1_vlan: left promiscuous mode [ 163.211864][ T12] veth0_vlan: left promiscuous mode [ 163.301149][ T8640] netlink: 224 bytes leftover after parsing attributes in process `syz.1.955'. [ 163.655839][ T12] team0 (unregistering): Port device team_slave_1 removed [ 163.691743][ T12] team0 (unregistering): Port device team_slave_0 removed [ 163.765282][ T5149] Bluetooth: hci2: command tx timeout [ 164.060400][ T8572] chnl_net:caif_netlink_parms(): no params data found [ 164.078640][ T8630] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 164.414651][ T8572] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.432807][ T8572] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.453290][ T8572] bridge_slave_0: entered allmulticast mode [ 164.478927][ T8572] bridge_slave_0: entered promiscuous mode [ 164.516011][ T8572] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.537485][ T8572] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.554936][ T8572] bridge_slave_1: entered allmulticast mode [ 164.571165][ T8572] bridge_slave_1: entered promiscuous mode [ 164.644235][ T8663] netlink: 16 bytes leftover after parsing attributes in process `syz.1.963'. [ 164.646982][ T8664] validate_nla: 1 callbacks suppressed [ 164.646999][ T8664] netlink: 'syz.1.963': attribute type 10 has an invalid length. [ 164.706544][ T8664] 8021q: adding VLAN 0 to HW filter on device team0 [ 164.717493][ T8664] bond0: (slave team0): Enslaving as an active interface with an up link [ 164.747036][ T8572] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 164.788603][ T8572] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 164.867277][ T8679] netlink: 'syz.3.969': attribute type 12 has an invalid length. [ 164.878614][ T8679] netlink: 132 bytes leftover after parsing attributes in process `syz.3.969'. [ 164.905191][ T8681] openvswitch: netlink: VXLAN extension message has 12 unknown bytes. [ 164.979929][ T8572] team0: Port device team_slave_0 added [ 165.002351][ T8572] team0: Port device team_slave_1 added [ 165.026584][ T8685] sctp: [Deprecated]: syz.3.972 (pid 8685) Use of struct sctp_assoc_value in delayed_ack socket option. [ 165.026584][ T8685] Use struct sctp_sack_info instead [ 165.085590][ T8690] sctp: [Deprecated]: syz.3.972 (pid 8690) Use of struct sctp_assoc_value in delayed_ack socket option. [ 165.085590][ T8690] Use struct sctp_sack_info instead [ 165.109427][ T8572] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 165.120793][ T8572] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.154469][ T8572] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 165.173090][ T8572] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 165.180300][ T8572] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.190544][ T8695] FAULT_INJECTION: forcing a failure. [ 165.190544][ T8695] name failslab, interval 1, probability 0, space 0, times 0 [ 165.243406][ T8695] CPU: 0 UID: 0 PID: 8695 Comm: syz.4.975 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 165.243431][ T8695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 165.243443][ T8695] Call Trace: [ 165.243450][ T8695] [ 165.243458][ T8695] dump_stack_lvl+0x189/0x250 [ 165.243490][ T8695] ? __pfx____ratelimit+0x10/0x10 [ 165.243513][ T8695] ? __pfx_dump_stack_lvl+0x10/0x10 [ 165.243536][ T8695] ? __pfx__printk+0x10/0x10 [ 165.243556][ T8695] ? __pfx___might_resched+0x10/0x10 [ 165.243580][ T8695] ? fs_reclaim_acquire+0x7d/0x100 [ 165.243605][ T8695] should_fail_ex+0x414/0x560 [ 165.243629][ T8695] should_failslab+0xa8/0x100 [ 165.243647][ T8695] __kmalloc_cache_noprof+0x70/0x3d0 [ 165.243663][ T8695] ? kobject_uevent_env+0x27c/0x8c0 [ 165.243686][ T8695] kobject_uevent_env+0x27c/0x8c0 [ 165.243709][ T8695] ? rpc_sysfs_xprt_switch_setup+0x1c6/0x2b0 [ 165.243740][ T8695] xprt_switch_alloc+0x251/0x5a0 [ 165.243773][ T8695] rpc_create_xprt+0x1a5/0xa30 [ 165.243797][ T8695] ? __pfx_rpc_create_xprt+0x10/0x10 [ 165.243847][ T8695] ? rcu_is_watching+0x15/0xb0 [ 165.243873][ T8695] ? trace_kmalloc+0x1f/0xd0 [ 165.243887][ T8695] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 165.243904][ T8695] ? kstrdup+0x81/0x100 [ 165.243925][ T8695] ? __asan_memcpy+0x40/0x70 [ 165.243954][ T8695] ? xprt_create_transport+0x43c/0x600 [ 165.243980][ T8695] rpc_create+0x60b/0x870 [ 165.244003][ T8695] ? __pfx_rpc_create+0x10/0x10 [ 165.244068][ T8695] ? rcu_is_watching+0x15/0xb0 [ 165.244092][ T8695] ? trace_contention_end+0x39/0x120 [ 165.244118][ T8695] rpcb_create_af_local+0x196/0x370 [ 165.244138][ T8695] ? __pfx_rpcb_create_af_local+0x10/0x10 [ 165.244156][ T8695] ? __lock_acquire+0xab9/0xd20 [ 165.244204][ T8695] ? do_raw_spin_unlock+0x122/0x240 [ 165.244229][ T8695] rpcb_create_local+0x251/0x610 [ 165.244248][ T8695] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 165.244273][ T8695] ? __pfx_rpcb_create_local+0x10/0x10 [ 165.244299][ T8695] ? __percpu_counter_init_many+0x364/0x380 [ 165.244327][ T8695] ? __svc_create+0x888/0x980 [ 165.244361][ T8695] svc_bind+0x1b4/0x230 [ 165.244389][ T8695] nfsd_create_serv+0x541/0x840 [ 165.244416][ T8695] ? __pfx_nfsd_create_serv+0x10/0x10 [ 165.244430][ T8695] ? nfsd_nl_listener_set_doit+0x12a/0x1650 [ 165.244449][ T8695] ? __pfx___mutex_lock+0x10/0x10 [ 165.244469][ T8695] ? __asan_memset+0x22/0x50 [ 165.244473][ T8572] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 165.244491][ T8695] ? ____sys_sendmsg+0x505/0x830 [ 165.244508][ T8695] ? __x64_sys_sendmsg+0x19b/0x260 [ 165.244533][ T8695] nfsd_nl_listener_set_doit+0x132/0x1650 [ 165.244556][ T8695] ? __pfx___nla_validate_parse+0x10/0x10 [ 165.244600][ T8695] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 165.244628][ T8695] ? __nla_parse+0x40/0x60 [ 165.244653][ T8695] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 165.244687][ T8695] genl_family_rcv_msg_doit+0x212/0x300 [ 165.244717][ T8695] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 165.244755][ T8695] ? bpf_lsm_capable+0x9/0x20 [ 165.244770][ T8695] ? security_capable+0x7e/0x2e0 [ 165.244797][ T8695] genl_rcv_msg+0x60e/0x790 [ 165.244832][ T8695] ? __pfx_genl_rcv_msg+0x10/0x10 [ 165.244854][ T8695] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 165.244890][ T8695] netlink_rcv_skb+0x208/0x470 [ 165.244909][ T8695] ? __pfx_genl_rcv_msg+0x10/0x10 [ 165.244933][ T8695] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 165.244971][ T8695] ? down_read+0x1ad/0x2e0 [ 165.244990][ T8695] genl_rcv+0x28/0x40 [ 165.245010][ T8695] netlink_unicast+0x75b/0x8d0 [ 165.245040][ T8695] netlink_sendmsg+0x805/0xb30 [ 165.245070][ T8695] ? __pfx_netlink_sendmsg+0x10/0x10 [ 165.245093][ T8695] ? aa_sock_msg_perm+0x94/0x160 [ 165.245115][ T8695] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 165.245135][ T8695] ? __pfx_netlink_sendmsg+0x10/0x10 [ 165.245155][ T8695] __sock_sendmsg+0x21c/0x270 [ 165.245183][ T8695] ____sys_sendmsg+0x505/0x830 [ 165.245209][ T8695] ? __pfx_____sys_sendmsg+0x10/0x10 [ 165.245240][ T8695] ? import_iovec+0x74/0xa0 [ 165.245261][ T8695] ___sys_sendmsg+0x21f/0x2a0 [ 165.245284][ T8695] ? __pfx____sys_sendmsg+0x10/0x10 [ 165.245343][ T8695] ? __fget_files+0x2a/0x420 [ 165.245361][ T8695] ? __fget_files+0x3a0/0x420 [ 165.245390][ T8695] __x64_sys_sendmsg+0x19b/0x260 [ 165.245414][ T8695] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 165.245445][ T8695] ? __pfx_ksys_write+0x10/0x10 [ 165.245458][ T8695] ? rcu_is_watching+0x15/0xb0 [ 165.245488][ T8695] ? do_syscall_64+0xbe/0x3b0 [ 165.245507][ T8695] do_syscall_64+0xfa/0x3b0 [ 165.245521][ T8695] ? lockdep_hardirqs_on+0x9c/0x150 [ 165.245543][ T8695] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.245560][ T8695] ? clear_bhb_loop+0x60/0xb0 [ 165.245580][ T8695] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.245596][ T8695] RIP: 0033:0x7f9fd7b8e929 [ 165.245613][ T8695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 165.245627][ T8695] RSP: 002b:00007f9fd89ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 165.245646][ T8695] RAX: ffffffffffffffda RBX: 00007f9fd7db5fa0 RCX: 00007f9fd7b8e929 [ 165.245659][ T8695] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 165.245670][ T8695] RBP: 00007f9fd89ad090 R08: 0000000000000000 R09: 0000000000000000 [ 165.245680][ T8695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 165.245690][ T8695] R13: 0000000000000000 R14: 00007f9fd7db5fa0 R15: 00007fff82556c78 [ 165.245719][ T8695] [ 165.844084][ T5149] Bluetooth: hci2: command tx timeout [ 165.852310][ T8690] bond3: entered promiscuous mode [ 165.859432][ T8690] bond3: entered allmulticast mode [ 165.865159][ T8690] 8021q: adding VLAN 0 to HW filter on device bond3 [ 165.995376][ T8718] netlink: 92 bytes leftover after parsing attributes in process `syz.1.981'. [ 166.023129][ T8572] hsr_slave_0: entered promiscuous mode [ 166.030958][ T8718] netlink: 8 bytes leftover after parsing attributes in process `syz.1.981'. [ 166.042954][ T8572] hsr_slave_1: entered promiscuous mode [ 166.049480][ T8572] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 166.058312][ T8718] netlink: 4 bytes leftover after parsing attributes in process `syz.1.981'. [ 166.067429][ T8572] Cannot create hsr debugfs directory [ 166.073142][ T8718] netlink: 'syz.1.981': attribute type 14 has an invalid length. [ 166.101819][ T8718] netlink: 'syz.1.981': attribute type 13 has an invalid length. [ 166.125383][ T8721] netlink: 44 bytes leftover after parsing attributes in process `syz.1.981'. [ 166.405643][ T8730] netlink: 28 bytes leftover after parsing attributes in process `syz.1.983'. [ 166.442524][ T8730] netlink: 28 bytes leftover after parsing attributes in process `syz.1.983'. [ 166.545332][ T8730] bond0: entered promiscuous mode [ 166.550420][ T8730] bond_slave_0: entered promiscuous mode [ 166.566499][ T8730] bond_slave_1: entered promiscuous mode [ 166.572402][ T8730] team0: entered promiscuous mode [ 166.579262][ T8730] team_slave_0: entered promiscuous mode [ 166.593380][ T8730] team_slave_1: entered promiscuous mode [ 166.600712][ T8730] geneve0: entered promiscuous mode [ 166.636530][ T8730] bond0: left promiscuous mode [ 166.641369][ T8730] bond_slave_0: left promiscuous mode [ 166.657741][ T8730] bond_slave_1: left promiscuous mode [ 166.663388][ T8730] team0: left promiscuous mode [ 166.680100][ T8730] team_slave_0: left promiscuous mode [ 166.681154][ T8738] af_packet: tpacket_rcv: packet too big, clamped from 56584 to 4. macoff=68 [ 166.686062][ T8730] team_slave_1: left promiscuous mode [ 166.700813][ T8730] geneve0: left promiscuous mode [ 167.046950][ T8749] FAULT_INJECTION: forcing a failure. [ 167.046950][ T8749] name failslab, interval 1, probability 0, space 0, times 0 [ 167.096037][ T8749] CPU: 0 UID: 0 PID: 8749 Comm: syz.1.991 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 167.096063][ T8749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 167.096073][ T8749] Call Trace: [ 167.096081][ T8749] [ 167.096089][ T8749] dump_stack_lvl+0x189/0x250 [ 167.096118][ T8749] ? __pfx____ratelimit+0x10/0x10 [ 167.096143][ T8749] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.096168][ T8749] ? __pfx__printk+0x10/0x10 [ 167.096190][ T8749] ? __pfx___might_resched+0x10/0x10 [ 167.096214][ T8749] ? fs_reclaim_acquire+0x7d/0x100 [ 167.096241][ T8749] should_fail_ex+0x414/0x560 [ 167.096267][ T8749] should_failslab+0xa8/0x100 [ 167.096288][ T8749] __kmalloc_cache_noprof+0x70/0x3d0 [ 167.096304][ T8749] ? kobject_uevent_env+0x27c/0x8c0 [ 167.096327][ T8749] kobject_uevent_env+0x27c/0x8c0 [ 167.096346][ T8749] ? rpc_sysfs_xprt_switch_setup+0x1c6/0x2b0 [ 167.096376][ T8749] xprt_switch_alloc+0x251/0x5a0 [ 167.096406][ T8749] rpc_create_xprt+0x1a5/0xa30 [ 167.096429][ T8749] ? __pfx_rpc_create_xprt+0x10/0x10 [ 167.096463][ T8749] ? xprt_create_transport+0x39b/0x600 [ 167.096488][ T8749] ? rcu_is_watching+0x15/0xb0 [ 167.096512][ T8749] ? trace_kmalloc+0x1f/0xd0 [ 167.096525][ T8749] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 167.096542][ T8749] ? kstrdup+0x81/0x100 [ 167.096562][ T8749] ? __asan_memcpy+0x40/0x70 [ 167.096590][ T8749] ? xprt_create_transport+0x43c/0x600 [ 167.096615][ T8749] rpc_create+0x60b/0x870 [ 167.096637][ T8749] ? __pfx_rpc_create+0x10/0x10 [ 167.096699][ T8749] ? rcu_is_watching+0x15/0xb0 [ 167.096723][ T8749] ? trace_contention_end+0x39/0x120 [ 167.096750][ T8749] rpcb_create_af_local+0x196/0x370 [ 167.096771][ T8749] ? __pfx_rpcb_create_af_local+0x10/0x10 [ 167.096789][ T8749] ? __lock_acquire+0xab9/0xd20 [ 167.096835][ T8749] ? do_raw_spin_unlock+0x122/0x240 [ 167.096860][ T8749] rpcb_create_local+0x251/0x610 [ 167.096879][ T8749] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 167.096903][ T8749] ? __pfx_rpcb_create_local+0x10/0x10 [ 167.096935][ T8749] ? __percpu_counter_init_many+0x364/0x380 [ 167.096962][ T8749] ? __svc_create+0x888/0x980 [ 167.096995][ T8749] svc_bind+0x1b4/0x230 [ 167.097023][ T8749] nfsd_create_serv+0x541/0x840 [ 167.097045][ T8749] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 167.097073][ T8749] ? __pfx_nfsd_create_serv+0x10/0x10 [ 167.097087][ T8749] ? nfsd_nl_listener_set_doit+0x12a/0x1650 [ 167.097105][ T8749] ? kasan_save_track+0x5e/0x80 [ 167.097129][ T8749] ? __pfx___mutex_lock+0x10/0x10 [ 167.097155][ T8749] ? __asan_memset+0x22/0x50 [ 167.097178][ T8749] ? ____sys_sendmsg+0x505/0x830 [ 167.097195][ T8749] ? __x64_sys_sendmsg+0x19b/0x260 [ 167.097225][ T8749] nfsd_nl_listener_set_doit+0x132/0x1650 [ 167.097249][ T8749] ? __pfx___nla_validate_parse+0x10/0x10 [ 167.097294][ T8749] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 167.097321][ T8749] ? __nla_parse+0x40/0x60 [ 167.097346][ T8749] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 167.097378][ T8749] genl_family_rcv_msg_doit+0x212/0x300 [ 167.097408][ T8749] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 167.097444][ T8749] ? bpf_lsm_capable+0x9/0x20 [ 167.097458][ T8749] ? security_capable+0x7e/0x2e0 [ 167.097487][ T8749] genl_rcv_msg+0x60e/0x790 [ 167.097518][ T8749] ? __pfx_genl_rcv_msg+0x10/0x10 [ 167.097539][ T8749] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 167.097572][ T8749] netlink_rcv_skb+0x208/0x470 [ 167.097594][ T8749] ? __pfx_genl_rcv_msg+0x10/0x10 [ 167.097618][ T8749] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 167.097654][ T8749] ? down_read+0x1ad/0x2e0 [ 167.097673][ T8749] genl_rcv+0x28/0x40 [ 167.097694][ T8749] netlink_unicast+0x75b/0x8d0 [ 167.097723][ T8749] netlink_sendmsg+0x805/0xb30 [ 167.097751][ T8749] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.097774][ T8749] ? aa_sock_msg_perm+0x94/0x160 [ 167.097796][ T8749] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 167.097816][ T8749] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.097834][ T8749] __sock_sendmsg+0x21c/0x270 [ 167.097863][ T8749] ____sys_sendmsg+0x505/0x830 [ 167.097889][ T8749] ? __pfx_____sys_sendmsg+0x10/0x10 [ 167.097922][ T8749] ? import_iovec+0x74/0xa0 [ 167.097944][ T8749] ___sys_sendmsg+0x21f/0x2a0 [ 167.097968][ T8749] ? __pfx____sys_sendmsg+0x10/0x10 [ 167.098025][ T8749] ? __fget_files+0x2a/0x420 [ 167.098042][ T8749] ? __fget_files+0x3a0/0x420 [ 167.098073][ T8749] __x64_sys_sendmsg+0x19b/0x260 [ 167.098097][ T8749] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 167.098128][ T8749] ? __pfx_ksys_write+0x10/0x10 [ 167.098142][ T8749] ? rcu_is_watching+0x15/0xb0 [ 167.098172][ T8749] ? do_syscall_64+0xbe/0x3b0 [ 167.098194][ T8749] do_syscall_64+0xfa/0x3b0 [ 167.098208][ T8749] ? lockdep_hardirqs_on+0x9c/0x150 [ 167.098231][ T8749] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.098249][ T8749] ? clear_bhb_loop+0x60/0xb0 [ 167.098270][ T8749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.098287][ T8749] RIP: 0033:0x7fa13cb8e929 [ 167.098303][ T8749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.098318][ T8749] RSP: 002b:00007fa13d979038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 167.098337][ T8749] RAX: ffffffffffffffda RBX: 00007fa13cdb5fa0 RCX: 00007fa13cb8e929 [ 167.098349][ T8749] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 167.098360][ T8749] RBP: 00007fa13d979090 R08: 0000000000000000 R09: 0000000000000000 [ 167.098371][ T8749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 167.098380][ T8749] R13: 0000000000000000 R14: 00007fa13cdb5fa0 R15: 00007ffd87cbd308 [ 167.098409][ T8749] [ 167.677336][ T8755] sctp: [Deprecated]: syz.0.994 (pid 8755) Use of struct sctp_assoc_value in delayed_ack socket option. [ 167.677336][ T8755] Use struct sctp_sack_info instead [ 167.927771][ T5149] Bluetooth: hci2: command tx timeout [ 167.982247][ T8572] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 168.003903][ T8572] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 168.024428][ T8572] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 168.041927][ T8572] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 168.229994][ T8572] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.249853][ T8572] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.268175][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.275392][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.296683][ T7017] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.303976][ T7017] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.422365][ T8572] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 168.739404][ T8572] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.820511][ T8572] veth0_vlan: entered promiscuous mode [ 168.836062][ T8815] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 168.852070][ T8572] veth1_vlan: entered promiscuous mode [ 168.866922][ T8815] xt_SECMARK: invalid mode: 0 [ 168.912051][ T8572] veth0_macvtap: entered promiscuous mode [ 168.929254][ T8572] veth1_macvtap: entered promiscuous mode [ 168.960555][ T8572] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 168.983305][ T8572] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 169.011619][ T8572] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.027564][ T8572] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.040063][ T8572] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.049499][ T8572] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.066057][ T8823] xt_CT: You must specify a L4 protocol and not use inversions on it [ 169.088555][ T49] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 169.207166][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 169.223815][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 169.279374][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 169.298037][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 169.553773][ T8842] bridge0: port 3(gretap0) entered blocking state [ 169.560365][ T8842] bridge0: port 3(gretap0) entered disabled state [ 169.583821][ T8842] gretap0: entered allmulticast mode [ 169.590843][ T8842] gretap0: entered promiscuous mode [ 169.613108][ T8842] bridge0: port 3(gretap0) entered blocking state [ 169.619710][ T8842] bridge0: port 3(gretap0) entered forwarding state [ 169.751433][ T8857] __nla_validate_parse: 1 callbacks suppressed [ 169.751451][ T8857] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1032'. [ 169.872383][ T8861] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1034'. [ 169.894882][ T8863] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1035'. [ 170.301844][ T8886] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1043'. [ 170.902191][ T1092] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.573767][ T8905] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1050'. [ 171.718188][ T8909] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1051'. [ 171.734029][ T8909] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1051'. [ 171.758602][ T8909] dummy0: entered promiscuous mode [ 171.825030][ T8909] team0: entered promiscuous mode [ 171.833977][ T8909] team_slave_0: entered promiscuous mode [ 171.864980][ T8909] team_slave_1: entered promiscuous mode [ 171.896542][ T8909] geneve0: entered promiscuous mode [ 171.924700][ T8909] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 171.952991][ T8909] Cannot create hsr debugfs directory [ 172.216365][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 172.228133][ T1092] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.248539][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 172.257040][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 172.353831][ T8916] delete_channel: no stack [ 172.387522][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 172.470601][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 172.599243][ T1092] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.717543][ T1092] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.866685][ T8930] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1058'. [ 172.885926][ T8931] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1056'. [ 173.130485][ T1092] bridge_slave_1: left allmulticast mode [ 173.148216][ T1092] bridge_slave_1: left promiscuous mode [ 173.173243][ T1092] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.206189][ T1092] bridge_slave_0: left allmulticast mode [ 173.229333][ T1092] bridge_slave_0: left promiscuous mode [ 173.248115][ T1092] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.862860][ T8949] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1062'. [ 174.563909][ T51] Bluetooth: hci2: command tx timeout [ 174.570583][ T1092] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 174.586712][ T1092] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 174.602501][ T1092] bond0 (unregistering): Released all slaves [ 174.741540][ T8957] xt_TCPMSS: Only works on TCP SYN packets [ 175.192844][ T8913] chnl_net:caif_netlink_parms(): no params data found [ 175.354617][ T8981] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1073'. [ 175.363232][ T8886] Set syz1 is full, maxelem 65536 reached [ 175.378932][ T1092] hsr_slave_0: left promiscuous mode [ 175.396687][ T1092] hsr_slave_1: left promiscuous mode [ 175.402564][ T1092] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 175.484503][ T1092] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 175.495965][ T8987] ================================================================== [ 175.504065][ T8987] BUG: KASAN: slab-use-after-free in rose_get_neigh+0x391/0x990 [ 175.511725][ T8987] Read of size 1 at addr ffff888055ef4830 by task syz.4.1073/8987 [ 175.519522][ T8987] [ 175.521842][ T8987] CPU: 0 UID: 0 PID: 8987 Comm: syz.4.1073 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 175.521862][ T8987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 175.521871][ T8987] Call Trace: [ 175.521878][ T8987] [ 175.521885][ T8987] dump_stack_lvl+0x189/0x250 [ 175.521909][ T8987] ? __virt_addr_valid+0x1c8/0x5c0 [ 175.521923][ T8987] ? rcu_is_watching+0x15/0xb0 [ 175.521944][ T8987] ? __kasan_check_byte+0x12/0x40 [ 175.521960][ T8987] ? __pfx_dump_stack_lvl+0x10/0x10 [ 175.521980][ T8987] ? rcu_is_watching+0x15/0xb0 [ 175.522001][ T8987] ? lock_release+0x4b/0x3e0 [ 175.522021][ T8987] ? __virt_addr_valid+0x1c8/0x5c0 [ 175.522035][ T8987] ? __virt_addr_valid+0x4a5/0x5c0 [ 175.522049][ T8987] print_report+0xd2/0x2b0 [ 175.522068][ T8987] ? rose_get_neigh+0x391/0x990 [ 175.522087][ T8987] kasan_report+0x118/0x150 [ 175.522102][ T8987] ? rose_get_neigh+0x391/0x990 [ 175.522130][ T8987] rose_get_neigh+0x391/0x990 [ 175.522152][ T8987] rose_connect+0x416/0x10a0 [ 175.522169][ T8987] ? __pfx_current_check_access_socket+0x10/0x10 [ 175.522189][ T8987] ? aa_sk_perm+0x81e/0x950 [ 175.522203][ T8987] ? __might_fault+0xb0/0x130 [ 175.522216][ T8987] ? __pfx_rose_connect+0x10/0x10 [ 175.522232][ T8987] ? aa_af_perm+0x210/0x2b0 [ 175.522246][ T8987] ? tomoyo_socket_connect_permission+0x164/0x290 [ 175.522269][ T8987] ? bpf_lsm_socket_connect+0x9/0x20 [ 175.522292][ T8987] __sys_connect+0x316/0x440 [ 175.522307][ T8987] ? __pfx___sys_connect+0x10/0x10 [ 175.522331][ T8987] __x64_sys_connect+0x7a/0x90 [ 175.522346][ T8987] do_syscall_64+0xfa/0x3b0 [ 175.522359][ T8987] ? lockdep_hardirqs_on+0x9c/0x150 [ 175.522379][ T8987] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.522393][ T8987] ? clear_bhb_loop+0x60/0xb0 [ 175.522408][ T8987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.522422][ T8987] RIP: 0033:0x7f9fd7b8e929 [ 175.522436][ T8987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.522448][ T8987] RSP: 002b:00007f9fd898c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 175.522463][ T8987] RAX: ffffffffffffffda RBX: 00007f9fd7db6080 RCX: 00007f9fd7b8e929 [ 175.522474][ T8987] RDX: 000000000000001c RSI: 0000200000000100 RDI: 0000000000000010 [ 175.522484][ T8987] RBP: 00007f9fd7c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 175.522493][ T8987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 175.522502][ T8987] R13: 0000000000000000 R14: 00007f9fd7db6080 R15: 00007fff82556c78 [ 175.522519][ T8987] [ 175.522525][ T8987] [ 175.777077][ T8987] Allocated by task 7467: [ 175.781394][ T8987] kasan_save_track+0x3e/0x80 [ 175.786075][ T8987] __kasan_kmalloc+0x93/0xb0 [ 175.790656][ T8987] __kmalloc_cache_noprof+0x230/0x3d0 [ 175.796019][ T8987] rose_add_node+0x23a/0xde0 [ 175.800604][ T8987] rose_rt_ioctl+0xa48/0xfb0 [ 175.805189][ T8987] rose_ioctl+0x3ce/0x8b0 [ 175.809511][ T8987] sock_do_ioctl+0xdc/0x300 [ 175.814013][ T8987] sock_ioctl+0x576/0x790 [ 175.818337][ T8987] __se_sys_ioctl+0xf9/0x170 [ 175.822925][ T8987] do_syscall_64+0xfa/0x3b0 [ 175.827414][ T8987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.833297][ T8987] [ 175.835607][ T8987] Freed by task 8671: [ 175.839570][ T8987] kasan_save_track+0x3e/0x80 [ 175.844241][ T8987] kasan_save_free_info+0x46/0x50 [ 175.849258][ T8987] __kasan_slab_free+0x62/0x70 [ 175.854013][ T8987] kfree+0x18e/0x440 [ 175.857907][ T8987] rose_rt_device_down+0x66d/0x6c0 [ 175.863014][ T8987] rose_device_event+0x603/0x6a0 [ 175.867944][ T8987] notifier_call_chain+0x1b3/0x3e0 [ 175.873053][ T8987] dev_close_many+0x29c/0x410 [ 175.877720][ T8987] netif_close+0x158/0x210 [ 175.882125][ T8987] dev_close+0x10a/0x220 [ 175.886361][ T8987] bpq_device_event+0x2f4/0x600 [ 175.891200][ T8987] notifier_call_chain+0x1b3/0x3e0 [ 175.896309][ T8987] __dev_notify_flags+0x18d/0x2e0 [ 175.901328][ T8987] netif_change_flags+0xe8/0x1a0 [ 175.906258][ T8987] dev_change_flags+0x130/0x260 [ 175.911123][ T8987] dev_ioctl+0x7b4/0x1150 [ 175.915454][ T8987] sock_do_ioctl+0x22c/0x300 [ 175.920047][ T8987] sock_ioctl+0x576/0x790 [ 175.924374][ T8987] __se_sys_ioctl+0xf9/0x170 [ 175.928968][ T8987] do_syscall_64+0xfa/0x3b0 [ 175.933485][ T8987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.939372][ T8987] [ 175.941683][ T8987] The buggy address belongs to the object at ffff888055ef4800 [ 175.941683][ T8987] which belongs to the cache kmalloc-512 of size 512 [ 175.955734][ T8987] The buggy address is located 48 bytes inside of [ 175.955734][ T8987] freed 512-byte region [ffff888055ef4800, ffff888055ef4a00) [ 175.969447][ T8987] [ 175.971763][ T8987] The buggy address belongs to the physical page: [ 175.978171][ T8987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888055ef4400 pfn:0x55ef4 [ 175.988228][ T8987] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 175.996715][ T8987] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 176.005221][ T8987] page_type: f5(slab) [ 176.009205][ T8987] raw: 00fff00000000240 ffff88801a441c80 ffffea0000cf4510 ffffea00015a9810 [ 176.017778][ T8987] raw: ffff888055ef4400 000000000010000f 00000000f5000000 0000000000000000 [ 176.026351][ T8987] head: 00fff00000000240 ffff88801a441c80 ffffea0000cf4510 ffffea00015a9810 [ 176.035012][ T8987] head: ffff888055ef4400 000000000010000f 00000000f5000000 0000000000000000 [ 176.043934][ T8987] head: 00fff00000000002 ffffea000157bd01 00000000ffffffff 00000000ffffffff [ 176.052594][ T8987] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 176.061249][ T8987] page dumped because: kasan: bad access detected [ 176.067661][ T8987] page_owner tracks the page as allocated [ 176.073360][ T8987] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5945, tgid 5944 (syz.3.4), ts 77177856499, free_ts 21471165642 [ 176.094282][ T8987] post_alloc_hook+0x240/0x2a0 [ 176.099042][ T8987] get_page_from_freelist+0x21e4/0x22c0 [ 176.104582][ T8987] __alloc_frozen_pages_noprof+0x181/0x370 [ 176.110380][ T8987] alloc_pages_mpol+0x232/0x4a0 [ 176.115223][ T8987] allocate_slab+0x8a/0x3b0 [ 176.119722][ T8987] ___slab_alloc+0xbfc/0x1480 [ 176.124391][ T8987] __kmalloc_cache_noprof+0x296/0x3d0 [ 176.129758][ T8987] device_add+0xbe/0xb50 [ 176.134018][ T8987] netdev_register_kobject+0x156/0x2f0 [ 176.139472][ T8987] register_netdevice+0x126c/0x1ae0 [ 176.144663][ T8987] register_netdev+0x40/0x60 [ 176.149252][ T8987] ip6_tnl_init_net+0x259/0x3b0 [ 176.154096][ T8987] ops_init+0x359/0x5c0 [ 176.158248][ T8987] setup_net+0x219/0x4b0 [ 176.162478][ T8987] copy_net_ns+0x31b/0x4d0 [ 176.166884][ T8987] create_new_namespaces+0x3f3/0x720 [ 176.172174][ T8987] page last free pid 1 tgid 1 stack trace: [ 176.177972][ T8987] __free_frozen_pages+0xc71/0xe70 [ 176.183075][ T8987] free_contig_range+0x1bd/0x4a0 [ 176.188006][ T8987] destroy_args+0x7e/0x5d0 [ 176.192422][ T8987] debug_vm_pgtable+0x412/0x450 [ 176.197268][ T8987] do_one_initcall+0x233/0x820 [ 176.202019][ T8987] do_initcall_level+0x137/0x1f0 [ 176.206946][ T8987] do_initcalls+0x69/0xd0 [ 176.211743][ T8987] kernel_init_freeable+0x3d9/0x570 [ 176.216930][ T8987] kernel_init+0x1d/0x1d0 [ 176.221251][ T8987] ret_from_fork+0x3fc/0x770 [ 176.225833][ T8987] ret_from_fork_asm+0x1a/0x30 [ 176.230588][ T8987] [ 176.232900][ T8987] Memory state around the buggy address: [ 176.238560][ T8987] ffff888055ef4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 176.246614][ T8987] ffff888055ef4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 176.255537][ T8987] >ffff888055ef4800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 176.263597][ T8987] ^ [ 176.269219][ T8987] ffff888055ef4880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 176.277269][ T8987] ffff888055ef4900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 176.285316][ T8987] ================================================================== [ 176.293523][ T8987] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 176.300756][ T8987] CPU: 0 UID: 0 PID: 8987 Comm: syz.4.1073 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) [ 176.312733][ T8987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 176.322789][ T8987] Call Trace: [ 176.326064][ T8987] [ 176.328987][ T8987] dump_stack_lvl+0x99/0x250 [ 176.333596][ T8987] ? __asan_memcpy+0x40/0x70 [ 176.338186][ T8987] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.343382][ T8987] ? __pfx__printk+0x10/0x10 [ 176.348065][ T8987] panic+0x2db/0x790 [ 176.351965][ T8987] ? __pfx_panic+0x10/0x10 [ 176.356381][ T8987] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 176.362285][ T8987] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 176.368180][ T8987] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 176.374506][ T8987] ? print_memory_metadata+0x314/0x400 [ 176.379965][ T8987] ? rose_get_neigh+0x391/0x990 [ 176.384815][ T8987] check_panic_on_warn+0x89/0xb0 [ 176.389751][ T8987] ? rose_get_neigh+0x391/0x990 [ 176.394598][ T8987] end_report+0x78/0x160 [ 176.398852][ T8987] kasan_report+0x129/0x150 [ 176.403347][ T8987] ? rose_get_neigh+0x391/0x990 [ 176.408206][ T8987] rose_get_neigh+0x391/0x990 [ 176.412886][ T8987] rose_connect+0x416/0x10a0 [ 176.417475][ T8987] ? __pfx_current_check_access_socket+0x10/0x10 [ 176.423803][ T8987] ? aa_sk_perm+0x81e/0x950 [ 176.428305][ T8987] ? __might_fault+0xb0/0x130 [ 176.432973][ T8987] ? __pfx_rose_connect+0x10/0x10 [ 176.437991][ T8987] ? aa_af_perm+0x210/0x2b0 [ 176.442486][ T8987] ? tomoyo_socket_connect_permission+0x164/0x290 [ 176.448914][ T8987] ? bpf_lsm_socket_connect+0x9/0x20 [ 176.454197][ T8987] __sys_connect+0x316/0x440 [ 176.458784][ T8987] ? __pfx___sys_connect+0x10/0x10 [ 176.463902][ T8987] __x64_sys_connect+0x7a/0x90 [ 176.468660][ T8987] do_syscall_64+0xfa/0x3b0 [ 176.473157][ T8987] ? lockdep_hardirqs_on+0x9c/0x150 [ 176.478353][ T8987] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.484415][ T8987] ? clear_bhb_loop+0x60/0xb0 [ 176.489086][ T8987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.494973][ T8987] RIP: 0033:0x7f9fd7b8e929 [ 176.499391][ T8987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.518989][ T8987] RSP: 002b:00007f9fd898c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 176.527401][ T8987] RAX: ffffffffffffffda RBX: 00007f9fd7db6080 RCX: 00007f9fd7b8e929 [ 176.535366][ T8987] RDX: 000000000000001c RSI: 0000200000000100 RDI: 0000000000000010 [ 176.543334][ T8987] RBP: 00007f9fd7c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 176.551300][ T8987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 176.559265][ T8987] R13: 0000000000000000 R14: 00007f9fd7db6080 R15: 00007fff82556c78 [ 176.567245][ T8987] [ 176.570509][ T8987] Kernel Offset: disabled [ 176.574826][ T8987] Rebooting in 86400 seconds..