last executing test programs: 20.484967184s ago: executing program 2 (id=2662): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d00", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0) 20.391597241s ago: executing program 4 (id=2665): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001c80)={&(0x7f0000000740)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0xb86}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0xa6, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0x2, 0xb}, {0xd, 0xfff3}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_ATM={0x8, 0x4, 0x2}]}}]}, 0x3c}}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 20.285745799s ago: executing program 2 (id=2666): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) socket$packet(0x11, 0x3, 0x300) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)=0x10000, 0x12) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000380)={0x0, 0x0, 0xfffc}, 0x8) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000002c0)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) write$tun(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="000086dd000311000400000000206eec00be10a42f01fe8000000000000000f3837bfd23c93f9f6b06e75539440ef60a5cb3e9c8f0b5835580ea975dd4c175fdfdd6097900652a1bc9aa7da0e45e4fdd226ef4c49a3f76f25f6c12ec024ec8262bc0476fc24709c2c1"], 0x10da) 19.940219133s ago: executing program 4 (id=2671): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000400)="318f2248b29f3b5e22076d551c8531852d01685bf397070c6a35a6e6f27a0703bd912a7a20065eaf27ff5f1421ab7657f147b063b356d7e045bd27466a323011c739487ede691e508ba1828189aba6c6", 0x50}], 0x1}}], 0x1, 0x4004090) r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vxcan1\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000000)={0x1d, r1}, 0x10) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f00000000c0), 0xf00) bind$can_raw(r0, &(0x7f0000000080), 0x10) 19.833185647s ago: executing program 2 (id=2674): syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='kfree\x00', r0}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000080), 0x8000, r1}, 0x38) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, 0x0, 0x96}, 0x28) r3 = socket(0x15, 0x80000, 0x52) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_GET(r3, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000340)={&(0x7f0000000500)={0x40, r4, 0x20, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x81}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x375}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x6}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x81}, 0x48894) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000000c000000"], 0x0, 0x26, 0x0, 0x1}, 0x28) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r6, 0x400448c8, &(0x7f0000000100)={r5, r5, 0xfffe, 0x0, 0x0, 0xc2, 0x85, 0x15c2, 0x5886, 0x6, 0x0, 0x0, 'syz0\x00'}) ioctl$sock_bt_hidp_HIDPCONNDEL(r6, 0x400448c9, &(0x7f00000000c0)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r7) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r7, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x4c, r8, 0x1, 0x0, 0x0, {0x6, 0x0, 0x900}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @loopback}, @NLBL_UNLABEL_A_SECCTX={0xf, 0x7, 'unconfined\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast1}]}, 0x4c}, 0x2, 0x34005}, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(0xffffffffffffffff, 0x0, 0x80) r9 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) close(r9) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000440), 0x10}, 0x94) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) 19.569447224s ago: executing program 4 (id=2679): socket$inet6(0xa, 0x80003, 0xff) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.swap.events\x00', 0x275a, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6(0xa, 0x5, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet6(0xa, 0x5, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000050000000000000080000000850000007500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) r1 = socket(0x10, 0x803, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r2, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r3], 0x3c}}, 0x0) 19.438553973s ago: executing program 4 (id=2682): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x100, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 19.383029476s ago: executing program 2 (id=2684): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="54010000100001000000000000000000fc010000000000000000000000000000fc0200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe80000000000000000000000000001d000004d532000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000018bfffff0000000000000000000000000000000002000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017"], 0x154}}, 0x0) 19.267938515s ago: executing program 2 (id=2687): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0xafe6) bind$alg(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x0, 0xc, 0x6, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x0, 0x200000000000000e}, 0x50) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) setsockopt(0xffffffffffffffff, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10001}}}}}, 0x0) 19.212176s ago: executing program 4 (id=2689): syz_emit_ethernet(0x66, 0x0, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="e706f2ffff1f391e7dd7a2d786dd609907a600302c03cb697a653e336f"], 0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, &(0x7f00000000c0)) r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'lc\x00', 0x1, 0x4, 0x8}, 0x2c) r1 = socket$kcm(0xa, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x10000, 0x0, 0x12d5c, 0x12d5c}}, 0x44) sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 19.132914166s ago: executing program 2 (id=2691): syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, 0x0, 0x0) write$nci(0xffffffffffffffff, 0x0, 0x12) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010023010000340200000200000008000100", @ANYRES32=r1], 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="12010101"], 0x4) 19.132103253s ago: executing program 4 (id=2692): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x4000844}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x4000000000001f2, 0x0) socket$alg(0x26, 0x5, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0, 0x0, 0x5}, 0x18) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x101801, 0x0) write$rfkill(r1, &(0x7f0000000000)={0x5, 0x0, 0x3, 0xfc}, 0x8) 17.509101749s ago: executing program 0 (id=2710): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000240)="98c6a53744c9", 0x6}], 0x1) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000140)=@ccm_128={{0x304}, "16eb7eec59512e9e", "debf960e4b26ab6248cae3e9e2e733fa", "d4b503d8", "edbf63fa7a412556"}, 0x28) 17.421398275s ago: executing program 0 (id=2712): bpf$TOKEN_CREATE(0x24, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000001000000280001801400040000000000000002000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094) 17.342100194s ago: executing program 0 (id=2714): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="6000000002060500000000000000000000000000050001000700000f0900020073797a3000000000140007800800124040000000080013400000000014000300686173683a69702c706f72742c697000050005"], 0x60}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c0100001200576d10000010fbdbdf2507000000", @ANYRES32=0x0, @ANYBLOB="000002000000000008001d"], 0x11c}, 0x1, 0x0, 0x0, 0x40084}, 0x0) 17.241629817s ago: executing program 0 (id=2715): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000700), 0x4) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) 17.239810514s ago: executing program 0 (id=2716): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000180)={'sit0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x7800, 0x700, 0x60d43635, 0x7f, {{0x5, 0x4, 0x1, 0x9, 0x14, 0x64, 0x0, 0xc, 0x29, 0x0, @remote, @empty}}}}) 17.176747502s ago: executing program 1 (id=2717): unshare(0x2c020400) r0 = socket$inet6(0xa, 0x2, 0x3a) bind$inet6(r0, 0x0, 0x0) 17.17220191s ago: executing program 3 (id=2718): r0 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r0, &(0x7f00000001c0)={&(0x7f0000000380)={0x8, 0xfc02, @multicast2}, 0x10, &(0x7f0000000fc0)=[{&(0x7f0000000780)="08003b117cc64cc19db8", 0xa}, {0x0}], 0x2}, 0x0) 17.109418928s ago: executing program 0 (id=2719): socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x2, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x80002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001480)={'syzkaller0\x00', 0xc101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) pselect6(0xe, 0x0, 0x0, &(0x7f0000000100)={0x3ff, 0xee, 0xffffffffffffffff, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 17.041557177s ago: executing program 1 (id=2721): socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x2d, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002ec0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a48000000060a010400000000000000000a0000060900010073797a310000000014000480100001800c000100636f756e746572000900020073797a320000000005000740f200000014000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="20000000190a0103"], 0x20}, 0x1, 0x0, 0x0, 0x40004}, 0x20002004) 17.041143281s ago: executing program 3 (id=2722): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) write(0xffffffffffffffff, &(0x7f0000000000)="240000001a", 0x5) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000400)={r2, @in={{0x2, 0x4e24, @rand_addr=0x64010100}}, [0xfffffffffffffff7, 0x7fffffff, 0xffffffffffff9773, 0x10000000000, 0x2, 0x1ff, 0x5, 0x200, 0x2, 0x0, 0x1520000000000000, 0x8000000000000000, 0x3, 0x48, 0x1]}, &(0x7f0000000500)=0x100) 16.905482059s ago: executing program 3 (id=2723): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000024c0)={0x50, 0x3e, 0x107, 0xfffffffa, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x2c, 0x2, 0x0, 0x1, [@nested={0x26, 0x14, 0x0, 0x1, [@typed={0x4, 0xf}, @generic="43fd698a4d99cd7fc64ea245be01f197c7a1f56989dba98782eb0099858f"]}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) 16.898490193s ago: executing program 1 (id=2724): bpf$TOKEN_CREATE(0x24, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000001000000280001801400040000000000000002000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094) 16.792765134s ago: executing program 3 (id=2725): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4048801) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x100, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 16.541122192s ago: executing program 3 (id=2726): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000700), 0x4) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) 16.453483352s ago: executing program 3 (id=2727): socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'xfrm0\x00'}) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40002000, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) r2 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r2, &(0x7f0000000000), 0xc) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000140)={0x0, 0x4, 0x0, 0xfffffffe, @vifc_lcl_addr=@local, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) recvmmsg(0xffffffffffffffff, &(0x7f000001ef40)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x60, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x3, 0xfd}, 0x8) write$rfkill(r0, &(0x7f00000001c0)={0x6, 0x8, 0x2}, 0x8) accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r3, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d424000000000000002900000008", 0x2d) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x40000000000, 0x3, 0x4, 0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 15.992602022s ago: executing program 1 (id=2728): unshare(0x22020600) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, 0x0, &(0x7f0000000400)) 15.963419804s ago: executing program 1 (id=2729): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x10c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x41, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}, 0x0, @random=0x7, 0x1, @void, @void, @void, @val={0x4, 0x6, {0xf0, 0x2, 0x7f, 0xa70a}}, @val={0x6, 0x2, 0x6}, @void, @val={0x25, 0x3, {0x1, 0x8c, 0x8}}, @void, @void, @void, @val={0x72, 0x6}, @void, @void}}, @NL80211_ATTR_FTM_RESPONDER={0x94, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x46, 0x2, "6f28cae7e763e81067d4ceb813e7feb2a199aa4d55a1ab96f08a0f0e794136b12fef25420295cc1e507f98d439d24055b3819ebc8073730523a0a085ad7669c2155f"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x41, 0x3, "5ae3420e80c07506bfd5002f75393ca25f1b4eaf61a166ad9b6b03caed34ec7ca2d030cc7a9c46dec5fa602fdf022276c1d032155f658f98a411e682d7"}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x10c}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) 15.93272797s ago: executing program 1 (id=2730): socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x2, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) pselect6(0xe, 0x0, 0x0, &(0x7f0000000100)={0x3ff, 0xee, 0xffffffffffffffff, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 3.52167353s ago: executing program 32 (id=2691): syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, 0x0, 0x0) write$nci(0xffffffffffffffff, 0x0, 0x12) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010023010000340200000200000008000100", @ANYRES32=r1], 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="12010101"], 0x4) 3.477551254s ago: executing program 33 (id=2692): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x4000844}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x4000000000001f2, 0x0) socket$alg(0x26, 0x5, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0, 0x0, 0x5}, 0x18) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x101801, 0x0) write$rfkill(r1, &(0x7f0000000000)={0x5, 0x0, 0x3, 0xfc}, 0x8) 1.017775989s ago: executing program 34 (id=2727): socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'xfrm0\x00'}) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40002000, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) r2 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r2, &(0x7f0000000000), 0xc) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000140)={0x0, 0x4, 0x0, 0xfffffffe, @vifc_lcl_addr=@local, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) recvmmsg(0xffffffffffffffff, &(0x7f000001ef40)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x60, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x3, 0xfd}, 0x8) write$rfkill(r0, &(0x7f00000001c0)={0x6, 0x8, 0x2}, 0x8) accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r3, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d424000000000000002900000008", 0x2d) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x40000000000, 0x3, 0x4, 0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 0s ago: executing program 35 (id=2730): socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x2, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) pselect6(0xe, 0x0, 0x0, &(0x7f0000000100)={0x3ff, 0xee, 0xffffffffffffffff, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) kernel console output (not intermixed with test programs): ogle 08/18/2025 [ 117.082960][ T7527] Call Trace: [ 117.082967][ T7527] [ 117.082974][ T7527] dump_stack_lvl+0x189/0x250 [ 117.082999][ T7527] ? __pfx____ratelimit+0x10/0x10 [ 117.083022][ T7527] ? __pfx_dump_stack_lvl+0x10/0x10 [ 117.083040][ T7527] ? __pfx__printk+0x10/0x10 [ 117.083061][ T7527] ? __might_fault+0xb0/0x130 [ 117.083092][ T7527] should_fail_ex+0x414/0x560 [ 117.083118][ T7527] _copy_from_user+0x2d/0xb0 [ 117.083137][ T7527] __sys_connect+0x123/0x440 [ 117.083154][ T7527] ? __fget_files+0x3a0/0x420 [ 117.083170][ T7527] ? __pfx___sys_connect+0x10/0x10 [ 117.083199][ T7527] ? __pfx_ksys_write+0x10/0x10 [ 117.083218][ T7527] ? rcu_is_watching+0x15/0xb0 [ 117.083243][ T7527] __x64_sys_connect+0x7a/0x90 [ 117.083260][ T7527] do_syscall_64+0xfa/0x3b0 [ 117.083275][ T7527] ? lockdep_hardirqs_on+0x9c/0x150 [ 117.083297][ T7527] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.083312][ T7527] ? clear_bhb_loop+0x60/0xb0 [ 117.083331][ T7527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.083347][ T7527] RIP: 0033:0x7fbb0a18eba9 [ 117.083362][ T7527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.083375][ T7527] RSP: 002b:00007fbb0af50038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 117.083400][ T7527] RAX: ffffffffffffffda RBX: 00007fbb0a3d5fa0 RCX: 00007fbb0a18eba9 [ 117.083412][ T7527] RDX: 000000000000000e RSI: 0000200000000040 RDI: 0000000000000004 [ 117.083423][ T7527] RBP: 00007fbb0af50090 R08: 0000000000000000 R09: 0000000000000000 [ 117.083432][ T7527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.083442][ T7527] R13: 00007fbb0a3d6038 R14: 00007fbb0a3d5fa0 R15: 00007ffd10c5e1b8 [ 117.083469][ T7527] [ 117.552779][ T7542] bond1: entered promiscuous mode [ 117.582822][ T7542] bond1: entered allmulticast mode [ 117.595308][ T7542] 8021q: adding VLAN 0 to HW filter on device bond1 [ 117.837596][ T7542] bond1 (unregistering): Released all slaves [ 117.867990][ T7548] xfrm1: entered promiscuous mode [ 117.873175][ T7548] xfrm1: entered allmulticast mode [ 118.616321][ T7591] netlink: 'syz.2.509': attribute type 7 has an invalid length. [ 119.343662][ T7627] netlink: 'syz.0.522': attribute type 7 has an invalid length. [ 119.599916][ T7638] __nla_validate_parse: 8 callbacks suppressed [ 119.599932][ T7638] netlink: 44 bytes leftover after parsing attributes in process `syz.3.525'. [ 119.640909][ T7637] netlink: 24 bytes leftover after parsing attributes in process `syz.2.526'. [ 119.841290][ T7649] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.531'. [ 119.871132][ T7649] netlink: zone id is out of range [ 119.880173][ T7649] netlink: get zone limit has 8 unknown bytes [ 120.102105][ T7657] netlink: 16 bytes leftover after parsing attributes in process `syz.1.535'. [ 120.140404][ T7657] tipc: Started in network mode [ 120.147925][ T7657] tipc: Node identity ac14140f, cluster identity 4711 [ 120.158300][ T7657] tipc: New replicast peer: 255.255.255.255 [ 120.170009][ T7657] tipc: Enabled bearer , priority 10 [ 120.251030][ T7661] bridge_slave_0: left allmulticast mode [ 120.267021][ T7661] bridge_slave_0: left promiscuous mode [ 120.273543][ T7661] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.295319][ T7666] netlink: 'syz.4.539': attribute type 6 has an invalid length. [ 120.327506][ T7661] bridge_slave_1: left allmulticast mode [ 120.343432][ T7661] bridge_slave_1: left promiscuous mode [ 120.351069][ T7661] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.395887][ T7661] bond0: (slave bond_slave_0): Releasing backup interface [ 120.423883][ T7661] bond0: (slave bond_slave_1): Releasing backup interface [ 120.449966][ T7661] team0: Port device team_slave_0 removed [ 120.466610][ T7661] team0: Port device team_slave_1 removed [ 120.473149][ T7661] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 120.486702][ T7661] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 120.506593][ T7661] A link change request failed with some changes committed already. Interface bond1 may have been left with an inconsistent configuration, please check. [ 120.538383][ T7673] IPv6: syztnl2: Disabled Multicast RS [ 120.586199][ T7682] netlink: 'syz.3.543': attribute type 6 has an invalid length. [ 120.654255][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 120.705872][ T7686] netlink: 8 bytes leftover after parsing attributes in process `syz.4.544'. [ 120.871481][ T7694] netlink: 8 bytes leftover after parsing attributes in process `syz.3.547'. [ 121.076786][ T7706] netlink: 12 bytes leftover after parsing attributes in process `syz.3.550'. [ 121.151354][ T7708] netlink: 12 bytes leftover after parsing attributes in process `syz.0.551'. [ 121.284456][ T24] tipc: Node number set to 2886997007 [ 121.632492][ T7727] workqueue: Failed to create a rescuer kthread for wq "nfc8_nci_rx_wq": -EINTR [ 121.749018][ T7752] syzkaller0: entered promiscuous mode [ 121.763833][ T7752] syzkaller0: entered allmulticast mode [ 121.982660][ T7759] netlink: 'syz.4.562': attribute type 10 has an invalid length. [ 122.026516][ T7759] veth0_vlan: entered allmulticast mode [ 122.085388][ T7759] veth0_vlan: left promiscuous mode [ 122.116772][ T7759] veth0_vlan: entered promiscuous mode [ 122.146656][ T7759] team0: Device veth0_vlan failed to register rx_handler [ 122.151534][ T7769] netlink: 12 bytes leftover after parsing attributes in process `syz.3.566'. [ 122.287268][ T7717] delete_channel: no stack [ 122.297302][ T7769] 8021q: adding VLAN 0 to HW filter on device bond3 [ 122.306192][ T7770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 122.315126][ T7774] netlink: 4 bytes leftover after parsing attributes in process `syz.2.567'. [ 122.427128][ T7780] tipc: Enabled bearer , priority 0 [ 122.502323][ T7779] tipc: Disabling bearer [ 122.575419][ T7787] nbd: illegal input index -8454144 [ 122.839628][ T7802] netlink: 'syz.2.577': attribute type 7 has an invalid length. [ 123.035983][ T7809] veth1_to_bond: entered allmulticast mode [ 123.223886][ T7809] veth1_to_bond (unregistering): left allmulticast mode [ 123.392890][ T7830] netlink: 'syz.4.590': attribute type 6 has an invalid length. [ 123.756466][ T7844] netlink: 'syz.0.594': attribute type 7 has an invalid length. [ 123.913490][ T7851] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 123.929515][ T7851] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 123.938120][ T7851] gretap1: entered promiscuous mode [ 123.943429][ T7851] gretap1: entered allmulticast mode [ 124.298090][ T7867] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.306792][ T7867] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.691561][ T7878] netlink: 'syz.1.607': attribute type 7 has an invalid length. [ 125.459644][ T7927] Bluetooth: MGMT ver 1.23 [ 125.500953][ T7887] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 125.618277][ T7933] __nla_validate_parse: 12 callbacks suppressed [ 125.618294][ T7933] netlink: 112 bytes leftover after parsing attributes in process `syz.1.627'. [ 125.913936][ T7957] netlink: 'syz.2.636': attribute type 7 has an invalid length. [ 126.454340][ T7981] erspan0: entered allmulticast mode [ 126.653889][ T8000] netlink: 12 bytes leftover after parsing attributes in process `syz.2.653'. [ 126.734493][ T5874] Bluetooth: hci0: command 0x080f tx timeout [ 126.747371][ T5952] IPVS: starting estimator thread 0... [ 126.747586][ T7999] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 126.888055][ T8004] IPVS: using max 32 ests per chain, 76800 per kthread [ 126.917654][ T8013] netlink: 112 bytes leftover after parsing attributes in process `syz.1.659'. [ 127.036768][ T8018] netlink: 'syz.4.660': attribute type 6 has an invalid length. [ 127.267832][ T8032] FAULT_INJECTION: forcing a failure. [ 127.267832][ T8032] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 127.304204][ T8032] CPU: 0 UID: 0 PID: 8032 Comm: syz.1.665 Not tainted syzkaller #0 PREEMPT(full) [ 127.304228][ T8032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 127.304239][ T8032] Call Trace: [ 127.304245][ T8032] [ 127.304252][ T8032] dump_stack_lvl+0x189/0x250 [ 127.304283][ T8032] ? __pfx____ratelimit+0x10/0x10 [ 127.304304][ T8032] ? __pfx_dump_stack_lvl+0x10/0x10 [ 127.304320][ T8032] ? __pfx__printk+0x10/0x10 [ 127.304355][ T8032] should_fail_ex+0x414/0x560 [ 127.304381][ T8032] _copy_to_user+0x31/0xb0 [ 127.304402][ T8032] simple_read_from_buffer+0xe1/0x170 [ 127.304427][ T8032] proc_fail_nth_read+0x1b3/0x220 [ 127.304446][ T8032] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 127.304466][ T8032] ? rw_verify_area+0x2a6/0x4d0 [ 127.304484][ T8032] ? __lock_acquire+0xab9/0xd20 [ 127.304502][ T8032] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 127.304521][ T8032] vfs_read+0x200/0xa30 [ 127.304537][ T8032] ? fdget_pos+0x247/0x320 [ 127.304562][ T8032] ? __pfx___mutex_lock+0x10/0x10 [ 127.304579][ T8032] ? __pfx_vfs_read+0x10/0x10 [ 127.304597][ T8032] ? __fget_files+0x2a/0x420 [ 127.304616][ T8032] ? __fget_files+0x3a0/0x420 [ 127.304628][ T8032] ? __fget_files+0x2a/0x420 [ 127.304650][ T8032] ksys_read+0x145/0x250 [ 127.304672][ T8032] ? __pfx_ksys_read+0x10/0x10 [ 127.304688][ T8032] ? rcu_is_watching+0x15/0xb0 [ 127.304711][ T8032] ? do_syscall_64+0xbe/0x3b0 [ 127.304731][ T8032] do_syscall_64+0xfa/0x3b0 [ 127.304746][ T8032] ? lockdep_hardirqs_on+0x9c/0x150 [ 127.304767][ T8032] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.304782][ T8032] ? clear_bhb_loop+0x60/0xb0 [ 127.304802][ T8032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.304817][ T8032] RIP: 0033:0x7fc900f8d5bc [ 127.304841][ T8032] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 127.304854][ T8032] RSP: 002b:00007fc901de9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 127.304876][ T8032] RAX: ffffffffffffffda RBX: 00007fc9011d5fa0 RCX: 00007fc900f8d5bc [ 127.304888][ T8032] RDX: 000000000000000f RSI: 00007fc901de90a0 RDI: 0000000000000004 [ 127.304898][ T8032] RBP: 00007fc901de9090 R08: 0000000000000000 R09: 0000000000000000 [ 127.304909][ T8032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 127.304918][ T8032] R13: 00007fc9011d6038 R14: 00007fc9011d5fa0 R15: 00007ffc6d88a308 [ 127.304948][ T8032] [ 127.643147][ T8044] netlink: 8 bytes leftover after parsing attributes in process `syz.3.671'. [ 127.672914][ T8048] netlink: 12 bytes leftover after parsing attributes in process `syz.4.670'. [ 127.727998][ T8048] bond2: (slave vcan1): The slave device specified does not support setting the MAC address [ 127.740289][ T8048] bond2: (slave vcan1): Error -95 calling set_mac_address [ 128.293046][ T8080] netlink: 48 bytes leftover after parsing attributes in process `syz.2.681'. [ 128.332783][ T8085] openvswitch: netlink: IP tunnel TTL not specified. [ 128.413004][ T8087] netlink: 8 bytes leftover after parsing attributes in process `syz.1.684'. [ 128.483359][ T8091] netlink: 12 bytes leftover after parsing attributes in process `syz.4.686'. [ 128.547709][ T8096] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 128.562035][ T8096] netlink: 4 bytes leftover after parsing attributes in process `syz.2.687'. [ 128.613684][ T8091] bond3: (slave vcan1): The slave device specified does not support setting the MAC address [ 128.627279][ T8091] bond3: (slave vcan1): Error -95 calling set_mac_address [ 128.721572][ T8103] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 128.798585][ T8106] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 129.058926][ T8124] netlink: 196 bytes leftover after parsing attributes in process `syz.1.696'. [ 129.080393][ T8124] (unnamed net_device) (uninitialized): option mode: invalid value (133) [ 129.104361][ T8126] syzkaller0: tun_chr_ioctl cmd 1074025673 [ 129.216418][ T8126] syzkaller0: tun_chr_ioctl cmd 1074025673 [ 129.289280][ T8135] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 129.339471][ T8135] bond1: (slave vcan1): Error -95 calling set_mac_address [ 129.646037][ T8160] bond2: (slave vcan0): The slave device specified does not support setting the MAC address [ 129.668942][ T8160] bond2: (slave vcan0): Error -95 calling set_mac_address [ 129.718965][ T8169] netlink: 'syz.4.710': attribute type 12 has an invalid length. [ 130.031485][ T8181] dvmrp0: entered allmulticast mode [ 130.063070][ T8183] wg2: entered promiscuous mode [ 130.080123][ T8186] netlink: 'syz.0.715': attribute type 7 has an invalid length. [ 131.132943][ T8247] __nla_validate_parse: 5 callbacks suppressed [ 131.132960][ T8247] netlink: 8 bytes leftover after parsing attributes in process `syz.4.739'. [ 131.298102][ T8256] netlink: 'syz.4.742': attribute type 1 has an invalid length. [ 131.320588][ T8256] netlink: 220 bytes leftover after parsing attributes in process `syz.4.742'. [ 131.358391][ T8256] netlink: 'syz.4.742': attribute type 1 has an invalid length. [ 131.429087][ T8256] tipc: Started in network mode [ 131.454480][ T8256] tipc: Node identity 12563dbdb00c, cluster identity 4711 [ 131.472593][ T8256] tipc: Enabled bearer , priority 0 [ 131.569239][ T8271] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.580958][ T8260] syzkaller0: entered promiscuous mode [ 131.589079][ T8260] syzkaller0: entered allmulticast mode [ 131.595735][ T8260] tipc: Resetting bearer [ 131.680386][ T3513] tipc: Resetting bearer [ 131.687607][ T8255] tipc: Resetting bearer [ 132.139732][ T8290] netlink: 8 bytes leftover after parsing attributes in process `syz.3.752'. [ 132.527361][ T849] tipc: Node number set to 2723823037 [ 132.821348][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.827997][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.861314][ T8255] tipc: Disabling bearer [ 132.869780][ T8273] netlink: 'syz.0.749': attribute type 7 has an invalid length. [ 132.890752][ T8282] netlink: 112 bytes leftover after parsing attributes in process `syz.2.751'. [ 132.936691][ T8294] tipc: Started in network mode [ 132.961129][ T8294] tipc: Node identity 0ea255e474ce, cluster identity 4711 [ 132.975237][ T8294] tipc: Enabled bearer , priority 0 [ 133.036340][ T8291] tipc: Disabling bearer [ 133.145549][ T8305] netlink: 112 bytes leftover after parsing attributes in process `syz.2.758'. [ 133.198422][ T8309] netlink: 'syz.1.760': attribute type 6 has an invalid length. [ 133.329746][ T8316] netlink: 8 bytes leftover after parsing attributes in process `syz.2.763'. [ 133.506849][ T8325] netlink: 20 bytes leftover after parsing attributes in process `syz.2.767'. [ 133.519769][ T8322] macvtap1: entered allmulticast mode [ 133.543848][ T8322] veth0_to_bridge: entered allmulticast mode [ 133.558084][ T8329] netlink: 'syz.4.769': attribute type 7 has an invalid length. [ 133.892496][ T8340] syzkaller0: entered promiscuous mode [ 133.902837][ T8340] syzkaller0: entered allmulticast mode [ 133.920359][ T8351] FAULT_INJECTION: forcing a failure. [ 133.920359][ T8351] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 133.934387][ T8351] CPU: 1 UID: 0 PID: 8351 Comm: syz.4.774 Not tainted syzkaller #0 PREEMPT(full) [ 133.934409][ T8351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 133.934419][ T8351] Call Trace: [ 133.934426][ T8351] [ 133.934432][ T8351] dump_stack_lvl+0x189/0x250 [ 133.934456][ T8351] ? __pfx____ratelimit+0x10/0x10 [ 133.934479][ T8351] ? __pfx_dump_stack_lvl+0x10/0x10 [ 133.934494][ T8351] ? __pfx__printk+0x10/0x10 [ 133.934513][ T8351] ? __might_fault+0xb0/0x130 [ 133.934540][ T8351] should_fail_ex+0x414/0x560 [ 133.934561][ T8351] _copy_from_user+0x2d/0xb0 [ 133.934577][ T8351] ___sys_sendmsg+0x158/0x2a0 [ 133.934593][ T8351] ? __pfx____sys_sendmsg+0x10/0x10 [ 133.934635][ T8351] ? __fget_files+0x2a/0x420 [ 133.934646][ T8351] ? __fget_files+0x3a0/0x420 [ 133.934665][ T8351] __x64_sys_sendmsg+0x19b/0x260 [ 133.934681][ T8351] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 133.934703][ T8351] ? __pfx_ksys_write+0x10/0x10 [ 133.934718][ T8351] ? rcu_is_watching+0x15/0xb0 [ 133.934735][ T8351] ? do_syscall_64+0xbe/0x3b0 [ 133.934750][ T8351] do_syscall_64+0xfa/0x3b0 [ 133.934761][ T8351] ? lockdep_hardirqs_on+0x9c/0x150 [ 133.934779][ T8351] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.934791][ T8351] ? clear_bhb_loop+0x60/0xb0 [ 133.934806][ T8351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.934818][ T8351] RIP: 0033:0x7fbb0a18eba9 [ 133.934831][ T8351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.934841][ T8351] RSP: 002b:00007fbb0af50038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 133.934856][ T8351] RAX: ffffffffffffffda RBX: 00007fbb0a3d5fa0 RCX: 00007fbb0a18eba9 [ 133.934865][ T8351] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 133.934873][ T8351] RBP: 00007fbb0af50090 R08: 0000000000000000 R09: 0000000000000000 [ 133.934881][ T8351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.934888][ T8351] R13: 00007fbb0a3d6038 R14: 00007fbb0a3d5fa0 R15: 00007ffd10c5e1b8 [ 133.934911][ T8351] [ 134.562248][ T8365] netlink: 112 bytes leftover after parsing attributes in process `syz.2.778'. [ 135.301034][ T8360] vlan0: entered promiscuous mode [ 135.428702][ T8367] netlink: 'syz.4.779': attribute type 6 has an invalid length. [ 135.604002][ T8377] netlink: 12 bytes leftover after parsing attributes in process `syz.1.784'. [ 135.611015][ T8380] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 135.848690][ T8393] dvmrp0: entered allmulticast mode [ 136.081231][ T8404] netlink: 12 bytes leftover after parsing attributes in process `syz.3.794'. [ 136.102957][ T8402] syzkaller0: entered promiscuous mode [ 136.108782][ T8402] syzkaller0: entered allmulticast mode [ 136.233206][ T8411] netlink: 24 bytes leftover after parsing attributes in process `syz.4.797'. [ 137.253449][ T8407] bond4: (slave vcan0): The slave device specified does not support setting the MAC address [ 137.264839][ T8407] bond4: (slave vcan0): Error -95 calling set_mac_address [ 137.277956][ T8415] vlan0: entered promiscuous mode [ 137.426247][ T8420] netlink: 'syz.1.801': attribute type 6 has an invalid length. [ 137.759869][ T8424] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 137.773877][ T8438] netlink: 12 bytes leftover after parsing attributes in process `syz.3.809'. [ 137.781268][ T8424] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 137.896987][ T8438] bond5: (slave vcan0): The slave device specified does not support setting the MAC address [ 137.933025][ T8438] bond5: (slave vcan0): Error -95 calling set_mac_address [ 137.940449][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 137.990074][ T8453] netlink: 12 bytes leftover after parsing attributes in process `syz.1.813'. [ 138.092347][ T8463] FAULT_INJECTION: forcing a failure. [ 138.092347][ T8463] name failslab, interval 1, probability 0, space 0, times 0 [ 138.114860][ T8463] CPU: 1 UID: 0 PID: 8463 Comm: syz.4.815 Not tainted syzkaller #0 PREEMPT(full) [ 138.114883][ T8463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 138.114892][ T8463] Call Trace: [ 138.114899][ T8463] [ 138.114907][ T8463] dump_stack_lvl+0x189/0x250 [ 138.114932][ T8463] ? __pfx____ratelimit+0x10/0x10 [ 138.114955][ T8463] ? __pfx_dump_stack_lvl+0x10/0x10 [ 138.114975][ T8463] ? __pfx__printk+0x10/0x10 [ 138.114998][ T8463] ? __lock_acquire+0xab9/0xd20 [ 138.115030][ T8463] should_fail_ex+0x414/0x560 [ 138.115058][ T8463] should_failslab+0xa8/0x100 [ 138.115083][ T8463] kmem_cache_alloc_noprof+0x73/0x3c0 [ 138.115103][ T8463] ? skb_clone+0x212/0x3a0 [ 138.115126][ T8463] skb_clone+0x212/0x3a0 [ 138.115149][ T8463] __netlink_deliver_tap+0x404/0x850 [ 138.115181][ T8463] ? netlink_deliver_tap+0x2e/0x1b0 [ 138.115204][ T8463] netlink_deliver_tap+0x19c/0x1b0 [ 138.115228][ T8463] netlink_unicast+0x7fa/0x9e0 [ 138.115259][ T8463] ? __pfx_netlink_unicast+0x10/0x10 [ 138.115283][ T8463] ? netlink_sendmsg+0x642/0xb30 [ 138.115296][ T8463] ? skb_put+0x11b/0x210 [ 138.115316][ T8463] netlink_sendmsg+0x805/0xb30 [ 138.115341][ T8463] ? __pfx_netlink_sendmsg+0x10/0x10 [ 138.115361][ T8463] ? aa_sock_msg_perm+0xf1/0x1d0 [ 138.115380][ T8463] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 138.115397][ T8463] ? __pfx_netlink_sendmsg+0x10/0x10 [ 138.115413][ T8463] __sock_sendmsg+0x21c/0x270 [ 138.115438][ T8463] ____sys_sendmsg+0x505/0x830 [ 138.115463][ T8463] ? __pfx_____sys_sendmsg+0x10/0x10 [ 138.115490][ T8463] ? import_iovec+0x74/0xa0 [ 138.115513][ T8463] ___sys_sendmsg+0x21f/0x2a0 [ 138.115534][ T8463] ? __pfx____sys_sendmsg+0x10/0x10 [ 138.115587][ T8463] ? __fget_files+0x2a/0x420 [ 138.115601][ T8463] ? __fget_files+0x3a0/0x420 [ 138.115633][ T8463] __x64_sys_sendmsg+0x19b/0x260 [ 138.115653][ T8463] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 138.115681][ T8463] ? __pfx_ksys_write+0x10/0x10 [ 138.115707][ T8463] ? do_syscall_64+0xbe/0x3b0 [ 138.115728][ T8463] do_syscall_64+0xfa/0x3b0 [ 138.115743][ T8463] ? lockdep_hardirqs_on+0x9c/0x150 [ 138.115764][ T8463] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.115779][ T8463] ? clear_bhb_loop+0x60/0xb0 [ 138.115799][ T8463] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.115815][ T8463] RIP: 0033:0x7fbb0a18eba9 [ 138.115830][ T8463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.115843][ T8463] RSP: 002b:00007fbb0af2f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 138.115864][ T8463] RAX: ffffffffffffffda RBX: 00007fbb0a3d6090 RCX: 00007fbb0a18eba9 [ 138.115875][ T8463] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 138.115883][ T8463] RBP: 00007fbb0af2f090 R08: 0000000000000000 R09: 0000000000000000 [ 138.115893][ T8463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 138.115903][ T8463] R13: 00007fbb0a3d6128 R14: 00007fbb0a3d6090 R15: 00007ffd10c5e1b8 [ 138.115932][ T8463] [ 138.119049][ T8451] syzkaller0: entered promiscuous mode [ 138.419542][ T8451] syzkaller0: entered allmulticast mode [ 138.450651][ T8462] bond3: (slave vcan0): The slave device specified does not support setting the MAC address [ 138.461868][ T8462] bond3: (slave vcan0): Error -95 calling set_mac_address [ 139.713833][ T8477] netlink: 'syz.1.820': attribute type 7 has an invalid length. [ 140.024737][ T8498] netlink: 12 bytes leftover after parsing attributes in process `syz.3.828'. [ 140.186069][ T8504] bond6: (slave vcan0): The slave device specified does not support setting the MAC address [ 140.254349][ T8504] bond6: (slave vcan0): Error -95 calling set_mac_address [ 140.395590][ T8522] netlink: 12 bytes leftover after parsing attributes in process `syz.4.839'. [ 140.452029][ T8524] tipc: Enabled bearer , priority 10 [ 140.604914][ T8535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.843'. [ 140.620537][ T8533] netlink: 'syz.4.841': attribute type 10 has an invalid length. [ 141.171789][ T8558] netlink: 8 bytes leftover after parsing attributes in process `syz.2.853'. [ 141.204002][ T8562] netlink: 8 bytes leftover after parsing attributes in process `syz.4.857'. [ 141.221944][ T8560] netlink: 12 bytes leftover after parsing attributes in process `syz.0.855'. [ 141.803187][ T8600] netlink: 8 bytes leftover after parsing attributes in process `syz.2.872'. [ 141.962666][ T8607] netlink: 'syz.2.874': attribute type 6 has an invalid length. [ 142.169525][ T8616] netlink: 'syz.2.877': attribute type 6 has an invalid length. [ 142.203627][ T8592] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 142.384534][ T8628] netlink: 4 bytes leftover after parsing attributes in process `syz.1.880'. [ 142.642031][ T8641] netlink: 'syz.1.883': attribute type 7 has an invalid length. [ 142.858707][ T8654] sock: sock_timestamping_bind_phc: sock not bind to device [ 142.986712][ T8662] netlink: 8 bytes leftover after parsing attributes in process `syz.0.892'. [ 143.025157][ T8662] netlink: 4 bytes leftover after parsing attributes in process `syz.0.892'. [ 143.035071][ T8662] netlink: 'syz.0.892': attribute type 14 has an invalid length. [ 143.042997][ T8662] netlink: 'syz.0.892': attribute type 13 has an invalid length. [ 143.355029][ T8675] netlink: 4 bytes leftover after parsing attributes in process `syz.1.896'. [ 143.423255][ T8679] netlink: 'syz.2.899': attribute type 6 has an invalid length. [ 143.585449][ T8692] FAULT_INJECTION: forcing a failure. [ 143.585449][ T8692] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 143.641967][ T8692] CPU: 0 UID: 0 PID: 8692 Comm: syz.4.903 Not tainted syzkaller #0 PREEMPT(full) [ 143.641990][ T8692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 143.641999][ T8692] Call Trace: [ 143.642005][ T8692] [ 143.642013][ T8692] dump_stack_lvl+0x189/0x250 [ 143.642037][ T8692] ? __pfx____ratelimit+0x10/0x10 [ 143.642059][ T8692] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.642077][ T8692] ? __pfx__printk+0x10/0x10 [ 143.642098][ T8692] ? __might_fault+0xb0/0x130 [ 143.642131][ T8692] should_fail_ex+0x414/0x560 [ 143.642157][ T8692] _copy_from_user+0x2d/0xb0 [ 143.642177][ T8692] ___sys_sendmsg+0x158/0x2a0 [ 143.642197][ T8692] ? __pfx____sys_sendmsg+0x10/0x10 [ 143.642246][ T8692] ? __fget_files+0x2a/0x420 [ 143.642261][ T8692] ? __fget_files+0x3a0/0x420 [ 143.642286][ T8692] __x64_sys_sendmsg+0x19b/0x260 [ 143.642307][ T8692] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 143.642341][ T8692] ? __pfx_ksys_write+0x10/0x10 [ 143.642359][ T8692] ? rcu_is_watching+0x15/0xb0 [ 143.642381][ T8692] ? do_syscall_64+0xbe/0x3b0 [ 143.642401][ T8692] do_syscall_64+0xfa/0x3b0 [ 143.642414][ T8692] ? lockdep_hardirqs_on+0x9c/0x150 [ 143.642435][ T8692] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.642451][ T8692] ? clear_bhb_loop+0x60/0xb0 [ 143.642471][ T8692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.642487][ T8692] RIP: 0033:0x7fbb0a18eba9 [ 143.642502][ T8692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.642515][ T8692] RSP: 002b:00007fbb0af50038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 143.642534][ T8692] RAX: ffffffffffffffda RBX: 00007fbb0a3d5fa0 RCX: 00007fbb0a18eba9 [ 143.642546][ T8692] RDX: 0000000020040810 RSI: 0000200000000080 RDI: 0000000000000003 [ 143.642557][ T8692] RBP: 00007fbb0af50090 R08: 0000000000000000 R09: 0000000000000000 [ 143.642567][ T8692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.642577][ T8692] R13: 00007fbb0a3d6038 R14: 00007fbb0a3d5fa0 R15: 00007ffd10c5e1b8 [ 143.642605][ T8692] [ 143.854598][ C0] Illegal XDP return value 16128 on prog (id 129) dev team0, expect packet loss! [ 143.981834][ T8702] netlink: 84 bytes leftover after parsing attributes in process `syz.3.907'. [ 144.076187][ T8702] netlink: 8 bytes leftover after parsing attributes in process `syz.3.907'. [ 144.099684][ T8709] netlink: 16 bytes leftover after parsing attributes in process `syz.4.909'. [ 144.319558][ T8721] netlink: 'syz.2.915': attribute type 1 has an invalid length. [ 144.349360][ T8721] netlink: 224 bytes leftover after parsing attributes in process `syz.2.915'. [ 144.376635][ T8721] netlink: 8 bytes leftover after parsing attributes in process `syz.2.915'. [ 144.744565][ T8744] RDS: rds_bind could not find a transport for fc02::1, load rds_tcp or rds_rdma? [ 144.762247][ T8744] RDS: rds_bind could not find a transport for fc02::1, load rds_tcp or rds_rdma? [ 145.078852][ T8760] netem: change failed [ 145.108895][ T8766] netlink: 'syz.4.932': attribute type 6 has an invalid length. [ 145.196311][ T8773] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 145.706444][ T8798] FAULT_INJECTION: forcing a failure. [ 145.706444][ T8798] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 145.731787][ T8798] CPU: 1 UID: 0 PID: 8798 Comm: syz.1.944 Not tainted syzkaller #0 PREEMPT(full) [ 145.731810][ T8798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 145.731820][ T8798] Call Trace: [ 145.731826][ T8798] [ 145.731834][ T8798] dump_stack_lvl+0x189/0x250 [ 145.731860][ T8798] ? __pfx____ratelimit+0x10/0x10 [ 145.731882][ T8798] ? __pfx_dump_stack_lvl+0x10/0x10 [ 145.731902][ T8798] ? __pfx__printk+0x10/0x10 [ 145.731936][ T8798] should_fail_ex+0x414/0x560 [ 145.731963][ T8798] _copy_to_user+0x31/0xb0 [ 145.731984][ T8798] simple_read_from_buffer+0xe1/0x170 [ 145.732011][ T8798] proc_fail_nth_read+0x1b3/0x220 [ 145.732033][ T8798] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 145.732055][ T8798] ? rw_verify_area+0x2a6/0x4d0 [ 145.732074][ T8798] ? __lock_acquire+0xab9/0xd20 [ 145.732094][ T8798] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 145.732114][ T8798] vfs_read+0x200/0xa30 [ 145.732140][ T8798] ? fdget_pos+0x247/0x320 [ 145.732159][ T8798] ? __pfx___mutex_lock+0x10/0x10 [ 145.732177][ T8798] ? __pfx_vfs_read+0x10/0x10 [ 145.732198][ T8798] ? __fget_files+0x2a/0x420 [ 145.732218][ T8798] ? __fget_files+0x3a0/0x420 [ 145.732231][ T8798] ? __fget_files+0x2a/0x420 [ 145.732255][ T8798] ksys_read+0x145/0x250 [ 145.732278][ T8798] ? __pfx_ksys_read+0x10/0x10 [ 145.732303][ T8798] ? do_syscall_64+0xbe/0x3b0 [ 145.732323][ T8798] do_syscall_64+0xfa/0x3b0 [ 145.732337][ T8798] ? lockdep_hardirqs_on+0x9c/0x150 [ 145.732357][ T8798] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.732371][ T8798] ? clear_bhb_loop+0x60/0xb0 [ 145.732390][ T8798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.732405][ T8798] RIP: 0033:0x7fc900f8d5bc [ 145.732419][ T8798] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 145.732432][ T8798] RSP: 002b:00007fc901de9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 145.732449][ T8798] RAX: ffffffffffffffda RBX: 00007fc9011d5fa0 RCX: 00007fc900f8d5bc [ 145.732460][ T8798] RDX: 000000000000000f RSI: 00007fc901de90a0 RDI: 0000000000000005 [ 145.732470][ T8798] RBP: 00007fc901de9090 R08: 0000000000000000 R09: 0000000000000000 [ 145.732480][ T8798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 145.732489][ T8798] R13: 00007fc9011d6038 R14: 00007fc9011d5fa0 R15: 00007ffc6d88a308 [ 145.732518][ T8798] [ 146.633317][ T8839] IPVS: persistence engine module ip_vs_pe_À not found [ 147.516361][ T8890] netlink: 'syz.0.973': attribute type 6 has an invalid length. [ 148.080908][ T8905] __nla_validate_parse: 11 callbacks suppressed [ 148.080925][ T8905] netlink: 4 bytes leftover after parsing attributes in process `syz.0.978'. [ 148.166790][ T8910] netlink: 12 bytes leftover after parsing attributes in process `syz.3.981'. [ 148.512396][ T8933] netlink: 104 bytes leftover after parsing attributes in process `syz.3.986'. [ 148.657843][ T8940] netlink: 12 bytes leftover after parsing attributes in process `syz.0.990'. [ 148.788711][ T8943] bond2: (slave vcan1): The slave device specified does not support setting the MAC address [ 148.819189][ T8943] bond2: (slave vcan1): Error -95 calling set_mac_address [ 149.072853][ T8963] netlink: 12 bytes leftover after parsing attributes in process `syz.4.996'. [ 149.296599][ T8968] syzkaller0: entered promiscuous mode [ 149.303627][ T8968] syzkaller0: entered allmulticast mode [ 150.635700][ T8993] mac80211_hwsim hwsim4 syzkaller0: entered promiscuous mode [ 150.643164][ T8993] mac80211_hwsim hwsim4 syzkaller0: entered allmulticast mode [ 150.875828][ T9007] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1014'. [ 150.886328][ T9009] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1012'. [ 150.896732][ T9008] netlink: 112 bytes leftover after parsing attributes in process `syz.0.1013'. [ 150.905473][ T9007] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1014'. [ 151.334183][ T9038] syz.0.1024: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 151.371292][ T9038] CPU: 0 UID: 0 PID: 9038 Comm: syz.0.1024 Not tainted syzkaller #0 PREEMPT(full) [ 151.371317][ T9038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 151.371328][ T9038] Call Trace: [ 151.371335][ T9038] [ 151.371344][ T9038] dump_stack_lvl+0x189/0x250 [ 151.371374][ T9038] ? __pfx_dump_stack_lvl+0x10/0x10 [ 151.371396][ T9038] ? __pfx__printk+0x10/0x10 [ 151.371419][ T9038] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 151.371439][ T9038] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 151.371461][ T9038] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 151.371485][ T9038] warn_alloc+0x214/0x310 [ 151.371511][ T9038] ? stack_depot_save_flags+0x40/0x860 [ 151.371536][ T9038] ? __pfx_warn_alloc+0x10/0x10 [ 151.371561][ T9038] ? kasan_save_track+0x4f/0x80 [ 151.371583][ T9038] ? xskq_create+0x56/0x170 [ 151.371604][ T9038] ? xsk_init_queue+0xb0/0x110 [ 151.371623][ T9038] ? xsk_setsockopt+0x4dc/0x8d0 [ 151.371642][ T9038] ? do_sock_setsockopt+0x17c/0x1b0 [ 151.371658][ T9038] ? __x64_sys_setsockopt+0x13f/0x1b0 [ 151.371675][ T9038] ? do_syscall_64+0xfa/0x3b0 [ 151.371698][ T9038] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.371724][ T9038] __vmalloc_node_range_noprof+0x125/0x12f0 [ 151.371782][ T9038] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 151.371813][ T9038] ? __kasan_kmalloc+0x93/0xb0 [ 151.371838][ T9038] vmalloc_user_noprof+0xad/0xf0 [ 151.371862][ T9038] ? xskq_create+0xbf/0x170 [ 151.371885][ T9038] xskq_create+0xbf/0x170 [ 151.371912][ T9038] xsk_init_queue+0xb0/0x110 [ 151.371936][ T9038] xsk_setsockopt+0x4dc/0x8d0 [ 151.371960][ T9038] ? __pfx_xsk_setsockopt+0x10/0x10 [ 151.371980][ T9038] ? __pfx_aa_sk_perm+0x10/0x10 [ 151.372007][ T9038] ? aa_sock_opt_perm+0xff/0x1b0 [ 151.372026][ T9038] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 151.372043][ T9038] ? __pfx_xsk_setsockopt+0x10/0x10 [ 151.372066][ T9038] do_sock_setsockopt+0x17c/0x1b0 [ 151.372088][ T9038] __x64_sys_setsockopt+0x13f/0x1b0 [ 151.372107][ T9038] do_syscall_64+0xfa/0x3b0 [ 151.372120][ T9038] ? lockdep_hardirqs_on+0x9c/0x150 [ 151.372143][ T9038] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.372159][ T9038] ? clear_bhb_loop+0x60/0xb0 [ 151.372180][ T9038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.372196][ T9038] RIP: 0033:0x7ffa9518eba9 [ 151.372212][ T9038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.372225][ T9038] RSP: 002b:00007ffa95f90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 151.372244][ T9038] RAX: ffffffffffffffda RBX: 00007ffa953d5fa0 RCX: 00007ffa9518eba9 [ 151.372258][ T9038] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000005 [ 151.372269][ T9038] RBP: 00007ffa95211e19 R08: 0000000000000004 R09: 0000000000000000 [ 151.372280][ T9038] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 151.372291][ T9038] R13: 00007ffa953d6038 R14: 00007ffa953d5fa0 R15: 00007ffca2f2e278 [ 151.372322][ T9038] [ 151.372344][ T9038] Mem-Info: [ 151.682801][ T9038] active_anon:7822 inactive_anon:0 isolated_anon:0 [ 151.682801][ T9038] active_file:3541 inactive_file:39891 isolated_file:0 [ 151.682801][ T9038] unevictable:768 dirty:132 writeback:0 [ 151.682801][ T9038] slab_reclaimable:10811 slab_unreclaimable:98514 [ 151.682801][ T9038] mapped:30557 shmem:1362 pagetables:1262 [ 151.682801][ T9038] sec_pagetables:0 bounce:0 [ 151.682801][ T9038] kernel_misc_reclaimable:0 [ 151.682801][ T9038] free:1324467 free_pcp:15159 free_cma:0 [ 151.797277][ T9038] Node 0 active_anon:31388kB inactive_anon:0kB active_file:14164kB inactive_file:159364kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:122028kB dirty:528kB writeback:0kB shmem:3912kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12900kB pagetables:4732kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 151.852556][ T9038] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 151.853247][ T9051] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1029'. [ 151.969760][ T9038] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 152.071515][ T9038] lowmem_reserve[]: 0 2497 2499 2499 2499 [ 152.100666][ T9038] Node 0 DMA32 free:1396672kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:31180kB inactive_anon:0kB active_file:14164kB inactive_file:157796kB unevictable:1536kB writepending:536kB present:3129332kB managed:2557428kB mlocked:0kB bounce:0kB free_pcp:38604kB local_pcp:18708kB free_cma:0kB [ 152.267889][ T9038] lowmem_reserve[]: 0 0 1 1 1 [ 152.278882][ T9038] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 152.323994][ T9038] lowmem_reserve[]: 0 0 0 0 0 [ 152.332823][ T9038] Node 1 Normal free:3885564kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:22528kB local_pcp:10112kB free_cma:0kB [ 152.384222][ T9038] lowmem_reserve[]: 0 0 0 0 0 [ 152.403430][ T9038] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 152.419895][ T9038] Node 0 DMA32: 104*4kB (UM) 316*8kB (UME) 188*16kB (UM) 506*32kB (UM) 67*64kB (UME) 13*128kB (UM) 12*256kB (M) 7*512kB (ME) 4*1024kB (UM) 3*2048kB (M) 330*4096kB (M) = 1396672kB [ 152.508796][ T9038] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB [ 152.529460][ T9038] Node 1 Normal: 189*4kB (UE) 49*8kB (UME) 48*16kB (UME) 48*32kB (UME) 24*64kB (UME) 5*128kB (UME) 4*256kB (UME) 2*512kB (M) 3*1024kB (UME) 2*2048kB (UE) 945*4096kB (M) = 3885564kB [ 152.551133][ T9038] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 152.561411][ T9038] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 152.570912][ T9038] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 152.580700][ T9038] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 152.590224][ T9038] 44790 total pagecache pages [ 152.595102][ T9038] 0 pages in swap cache [ 152.599348][ T9038] Free swap = 124996kB [ 152.603505][ T9038] Total swap = 124996kB [ 152.610845][ T9038] 2097051 pages RAM [ 152.614805][ T9038] 0 pages HighMem/MovableOnly [ 152.619586][ T9038] 425668 pages reserved [ 152.623741][ T9038] 0 pages cma reserved [ 152.998912][ T9101] netlink: 'syz.4.1048': attribute type 6 has an invalid length. [ 153.316479][ T9116] netlink: 'syz.4.1053': attribute type 6 has an invalid length. [ 153.589104][ T9131] __nla_validate_parse: 5 callbacks suppressed [ 153.589121][ T9131] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1058'. [ 153.649423][ T9131] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1058'. [ 153.866772][ T9147] netlink: 'syz.1.1065': attribute type 6 has an invalid length. [ 154.106991][ T9160] FAULT_INJECTION: forcing a failure. [ 154.106991][ T9160] name failslab, interval 1, probability 0, space 0, times 0 [ 154.144229][ T9160] CPU: 0 UID: 0 PID: 9160 Comm: syz.1.1070 Not tainted syzkaller #0 PREEMPT(full) [ 154.144253][ T9160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 154.144262][ T9160] Call Trace: [ 154.144269][ T9160] [ 154.144276][ T9160] dump_stack_lvl+0x189/0x250 [ 154.144302][ T9160] ? __pfx____ratelimit+0x10/0x10 [ 154.144325][ T9160] ? __pfx_dump_stack_lvl+0x10/0x10 [ 154.144344][ T9160] ? __pfx__printk+0x10/0x10 [ 154.144372][ T9160] ? __pfx___might_resched+0x10/0x10 [ 154.144387][ T9160] ? fs_reclaim_acquire+0x7d/0x100 [ 154.144415][ T9160] should_fail_ex+0x414/0x560 [ 154.144441][ T9160] should_failslab+0xa8/0x100 [ 154.144465][ T9160] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 154.144493][ T9160] ? __d_alloc+0x36/0x7a0 [ 154.144515][ T9160] __d_alloc+0x36/0x7a0 [ 154.144537][ T9160] d_alloc_parallel+0xe5/0x15e0 [ 154.144567][ T9160] ? __lock_acquire+0xab9/0xd20 [ 154.144595][ T9160] ? __pfx_d_alloc_parallel+0x10/0x10 [ 154.144617][ T9160] ? __raw_spin_lock_init+0x45/0x100 [ 154.144637][ T9160] ? __init_waitqueue_head+0xa9/0x150 [ 154.144660][ T9160] __lookup_slow+0x116/0x3d0 [ 154.144680][ T9160] ? __pfx___lookup_slow+0x10/0x10 [ 154.144708][ T9160] ? d_lookup+0x8a/0xa0 [ 154.144726][ T9160] ? lookup_noperm+0x112/0x220 [ 154.144748][ T9160] simple_start_creating+0xfd/0x1e0 [ 154.144764][ T9160] ? __pfx_simple_start_creating+0x10/0x10 [ 154.144793][ T9160] start_creating+0x10f/0x180 [ 154.144818][ T9160] __debugfs_create_file+0x79/0x4f0 [ 154.144845][ T9160] debugfs_create_file_full+0x3f/0x60 [ 154.144870][ T9160] ref_tracker_dir_debugfs+0x14e/0x270 [ 154.144892][ T9160] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 154.144940][ T9160] ? alloc_netdev_mqs+0xa3/0x11b0 [ 154.144958][ T9160] ? alloc_netdev_mqs+0xa3/0x11b0 [ 154.144975][ T9160] ? rcu_is_watching+0x15/0xb0 [ 154.144990][ T9160] ? alloc_netdev_mqs+0xa3/0x11b0 [ 154.145014][ T9160] ? __raw_spin_lock_init+0x45/0x100 [ 154.145035][ T9160] alloc_netdev_mqs+0x26f/0x11b0 [ 154.145054][ T9160] ? __pfx_tun_setup+0x10/0x10 [ 154.145082][ T9160] tun_set_iff+0x532/0xef0 [ 154.145109][ T9160] __tun_chr_ioctl+0x788/0x1df0 [ 154.145134][ T9160] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 154.145156][ T9160] ? __fget_files+0x2a/0x420 [ 154.145170][ T9160] ? __fget_files+0x3a0/0x420 [ 154.145183][ T9160] ? __fget_files+0x2a/0x420 [ 154.145202][ T9160] ? bpf_lsm_file_ioctl+0x9/0x20 [ 154.145222][ T9160] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 154.145237][ T9160] __se_sys_ioctl+0xfc/0x170 [ 154.145259][ T9160] do_syscall_64+0xfa/0x3b0 [ 154.145274][ T9160] ? lockdep_hardirqs_on+0x9c/0x150 [ 154.145295][ T9160] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.145311][ T9160] ? clear_bhb_loop+0x60/0xb0 [ 154.145330][ T9160] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.145345][ T9160] RIP: 0033:0x7fc900f8eba9 [ 154.145361][ T9160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.145375][ T9160] RSP: 002b:00007fc901de9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 154.145393][ T9160] RAX: ffffffffffffffda RBX: 00007fc9011d5fa0 RCX: 00007fc900f8eba9 [ 154.145405][ T9160] RDX: 00002000000000c0 RSI: 00000000400454ca RDI: 0000000000000004 [ 154.145416][ T9160] RBP: 00007fc901de9090 R08: 0000000000000000 R09: 0000000000000000 [ 154.145426][ T9160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 154.145435][ T9160] R13: 00007fc9011d6038 R14: 00007fc9011d5fa0 R15: 00007ffc6d88a308 [ 154.145466][ T9160] [ 154.629435][ T9172] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1075'. [ 154.639941][ T9172] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1075'. [ 155.309255][ T9204] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1086'. [ 155.335580][ T9206] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1087'. [ 155.357038][ T9204] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1086'. [ 155.427900][ T9214] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 155.528446][ T9212] bond5: (slave vcan1): The slave device specified does not support setting the MAC address [ 155.541402][ T9212] bond5: (slave vcan1): Error -95 calling set_mac_address [ 155.674896][ T9227] netlink: 'syz.2.1092': attribute type 6 has an invalid length. [ 155.712161][ T9229] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1093'. [ 155.808545][ T9233] bond7: (slave vcan0): The slave device specified does not support setting the MAC address [ 155.830840][ T9233] bond7: (slave vcan0): Error -95 calling set_mac_address [ 155.859573][ T9238] FAULT_INJECTION: forcing a failure. [ 155.859573][ T9238] name failslab, interval 1, probability 0, space 0, times 0 [ 155.891558][ T9238] CPU: 0 UID: 0 PID: 9238 Comm: syz.2.1095 Not tainted syzkaller #0 PREEMPT(full) [ 155.891584][ T9238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 155.891594][ T9238] Call Trace: [ 155.891601][ T9238] [ 155.891609][ T9238] dump_stack_lvl+0x189/0x250 [ 155.891634][ T9238] ? __pfx____ratelimit+0x10/0x10 [ 155.891657][ T9238] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.891676][ T9238] ? __pfx__printk+0x10/0x10 [ 155.891704][ T9238] ? __pfx___might_resched+0x10/0x10 [ 155.891726][ T9238] should_fail_ex+0x414/0x560 [ 155.891751][ T9238] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 155.891774][ T9238] should_failslab+0xa8/0x100 [ 155.891798][ T9238] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 155.891817][ T9238] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 155.891838][ T9238] ? alloc_inode+0x67/0x1b0 [ 155.891858][ T9238] ? __pfx_simple_start_creating+0x10/0x10 [ 155.891877][ T9238] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 155.891898][ T9238] alloc_inode+0x67/0x1b0 [ 155.891921][ T9238] new_inode+0x22/0x170 [ 155.891949][ T9238] __debugfs_create_file+0x14d/0x4f0 [ 155.891977][ T9238] debugfs_create_file_full+0x3f/0x60 [ 155.892003][ T9238] ref_tracker_dir_debugfs+0x14e/0x270 [ 155.892026][ T9238] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 155.892075][ T9238] ? alloc_netdev_mqs+0xa3/0x11b0 [ 155.892094][ T9238] ? alloc_netdev_mqs+0xa3/0x11b0 [ 155.892111][ T9238] ? rcu_is_watching+0x15/0xb0 [ 155.892127][ T9238] ? alloc_netdev_mqs+0xa3/0x11b0 [ 155.892150][ T9238] ? __raw_spin_lock_init+0x45/0x100 [ 155.892174][ T9238] alloc_netdev_mqs+0x26f/0x11b0 [ 155.892192][ T9238] ? __pfx_tun_setup+0x10/0x10 [ 155.892221][ T9238] tun_set_iff+0x532/0xef0 [ 155.892249][ T9238] __tun_chr_ioctl+0x788/0x1df0 [ 155.892274][ T9238] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 155.892297][ T9238] ? __fget_files+0x2a/0x420 [ 155.892312][ T9238] ? __fget_files+0x3a0/0x420 [ 155.892331][ T9238] ? __fget_files+0x2a/0x420 [ 155.892350][ T9238] ? bpf_lsm_file_ioctl+0x9/0x20 [ 155.892369][ T9238] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 155.892384][ T9238] __se_sys_ioctl+0xfc/0x170 [ 155.892407][ T9238] do_syscall_64+0xfa/0x3b0 [ 155.892422][ T9238] ? lockdep_hardirqs_on+0x9c/0x150 [ 155.892443][ T9238] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.892457][ T9238] ? clear_bhb_loop+0x60/0xb0 [ 155.892475][ T9238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.892490][ T9238] RIP: 0033:0x7f3704d8eba9 [ 155.892505][ T9238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.892517][ T9238] RSP: 002b:00007f3705b43038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 155.892533][ T9238] RAX: ffffffffffffffda RBX: 00007f3704fd5fa0 RCX: 00007f3704d8eba9 [ 155.892548][ T9238] RDX: 00002000000000c0 RSI: 00000000400454ca RDI: 0000000000000004 [ 155.892558][ T9238] RBP: 00007f3705b43090 R08: 0000000000000000 R09: 0000000000000000 [ 155.892566][ T9238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.892575][ T9238] R13: 00007f3704fd6038 R14: 00007f3704fd5fa0 R15: 00007ffce1f54e28 [ 155.892601][ T9238] [ 155.893769][ T9238] debugfs: out of free dentries, can not create file 'netdev@ffff88805a434610' [ 156.402403][ T9257] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1101'. [ 156.409447][ T9255] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 156.413064][ T9257] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1101'. [ 156.769023][ T9270] netlink: 'syz.4.1107': attribute type 29 has an invalid length. [ 156.795796][ T9272] netlink: 'syz.2.1108': attribute type 6 has an invalid length. [ 156.822103][ T9270] netlink: 'syz.4.1107': attribute type 29 has an invalid length. [ 156.986170][ T9282] bond8: (slave vcan0): The slave device specified does not support setting the MAC address [ 157.001996][ T9282] bond8: (slave vcan0): Error -95 calling set_mac_address [ 157.038465][ T9289] netlink: 'syz.2.1113': attribute type 7 has an invalid length. [ 157.139880][ T9295] bond4: (slave vcan0): The slave device specified does not support setting the MAC address [ 157.170899][ T9295] bond4: (slave vcan0): Error -95 calling set_mac_address [ 157.261964][ T9303] FAULT_INJECTION: forcing a failure. [ 157.261964][ T9303] name failslab, interval 1, probability 0, space 0, times 0 [ 157.275888][ T9303] CPU: 1 UID: 0 PID: 9303 Comm: syz.2.1119 Not tainted syzkaller #0 PREEMPT(full) [ 157.275910][ T9303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 157.275920][ T9303] Call Trace: [ 157.275927][ T9303] [ 157.275935][ T9303] dump_stack_lvl+0x189/0x250 [ 157.275959][ T9303] ? __pfx____ratelimit+0x10/0x10 [ 157.275983][ T9303] ? __pfx_dump_stack_lvl+0x10/0x10 [ 157.276003][ T9303] ? __pfx__printk+0x10/0x10 [ 157.276031][ T9303] ? __pfx___might_resched+0x10/0x10 [ 157.276046][ T9303] ? fs_reclaim_acquire+0x7d/0x100 [ 157.276075][ T9303] should_fail_ex+0x414/0x560 [ 157.276101][ T9303] should_failslab+0xa8/0x100 [ 157.276125][ T9303] kmem_cache_alloc_noprof+0x73/0x3c0 [ 157.276144][ T9303] ? security_inode_alloc+0x39/0x330 [ 157.276167][ T9303] security_inode_alloc+0x39/0x330 [ 157.276186][ T9303] inode_init_always_gfp+0x9ed/0xdc0 [ 157.276221][ T9303] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 157.276244][ T9303] alloc_inode+0x82/0x1b0 [ 157.276267][ T9303] new_inode+0x22/0x170 [ 157.276293][ T9303] __debugfs_create_file+0x14d/0x4f0 [ 157.276321][ T9303] debugfs_create_file_full+0x3f/0x60 [ 157.276347][ T9303] ref_tracker_dir_debugfs+0x14e/0x270 [ 157.276369][ T9303] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 157.276418][ T9303] ? alloc_netdev_mqs+0xa3/0x11b0 [ 157.276437][ T9303] ? alloc_netdev_mqs+0xa3/0x11b0 [ 157.276454][ T9303] ? rcu_is_watching+0x15/0xb0 [ 157.276470][ T9303] ? alloc_netdev_mqs+0xa3/0x11b0 [ 157.276494][ T9303] ? __raw_spin_lock_init+0x45/0x100 [ 157.276516][ T9303] alloc_netdev_mqs+0x26f/0x11b0 [ 157.276534][ T9303] ? __pfx_tun_setup+0x10/0x10 [ 157.276563][ T9303] tun_set_iff+0x532/0xef0 [ 157.276590][ T9303] __tun_chr_ioctl+0x788/0x1df0 [ 157.276616][ T9303] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 157.276639][ T9303] ? __fget_files+0x2a/0x420 [ 157.276654][ T9303] ? __fget_files+0x3a0/0x420 [ 157.276668][ T9303] ? __fget_files+0x2a/0x420 [ 157.276687][ T9303] ? bpf_lsm_file_ioctl+0x9/0x20 [ 157.276706][ T9303] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 157.276723][ T9303] __se_sys_ioctl+0xfc/0x170 [ 157.276746][ T9303] do_syscall_64+0xfa/0x3b0 [ 157.276761][ T9303] ? lockdep_hardirqs_on+0x9c/0x150 [ 157.276782][ T9303] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.276798][ T9303] ? clear_bhb_loop+0x60/0xb0 [ 157.276819][ T9303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.276835][ T9303] RIP: 0033:0x7f3704d8eba9 [ 157.276850][ T9303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.276863][ T9303] RSP: 002b:00007f3705b43038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 157.276881][ T9303] RAX: ffffffffffffffda RBX: 00007f3704fd5fa0 RCX: 00007f3704d8eba9 [ 157.276897][ T9303] RDX: 00002000000000c0 RSI: 00000000400454ca RDI: 0000000000000004 [ 157.276908][ T9303] RBP: 00007f3705b43090 R08: 0000000000000000 R09: 0000000000000000 [ 157.276918][ T9303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 157.276928][ T9303] R13: 00007f3704fd6038 R14: 00007f3704fd5fa0 R15: 00007ffce1f54e28 [ 157.276957][ T9303] [ 157.277103][ T9303] debugfs: out of free dentries, can not create file 'netdev@ffff888065ce8610' [ 158.031049][ T9328] unknown channel width for channel at 909000KHz? [ 158.049610][ T9329] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.260615][ T9344] bond6: (slave vcan1): The slave device specified does not support setting the MAC address [ 158.311282][ T9344] bond6: (slave vcan1): Error -95 calling set_mac_address [ 158.332473][ T9349] tipc: Enabling of bearer rejected, failed to enable media [ 158.601784][ T9365] netlink: 'syz.2.1143': attribute type 6 has an invalid length. [ 158.937932][ T9382] __nla_validate_parse: 10 callbacks suppressed [ 158.937951][ T9382] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1149'. [ 158.974625][ T9382] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1149'. [ 159.152255][ T9389] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1152'. [ 159.289299][ T9402] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1157'. [ 159.353115][ T9405] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1158'. [ 159.629123][ T9420] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1164'. [ 159.694746][ T9420] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1164'. [ 159.755085][ T9427] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1165'. [ 159.848620][ T9427] bond4: (slave vcan1): The slave device specified does not support setting the MAC address [ 159.860466][ T9427] bond4: (slave vcan1): Error -95 calling set_mac_address [ 159.906551][ T9434] trusted_key: syz.4.1170 sent an empty control message without MSG_MORE. [ 159.957129][ T9436] syzkaller0: entered promiscuous mode [ 159.962628][ T9436] syzkaller0: entered allmulticast mode [ 159.995572][ T9440] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1172'. [ 160.105454][ T9449] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1173'. [ 160.401980][ T9454] netlink: 'syz.4.1176': attribute type 4 has an invalid length. [ 160.518401][ T9467] tipc: Enabling of bearer rejected, failed to enable media [ 160.708794][ T9478] netlink: 'syz.4.1184': attribute type 2 has an invalid length. [ 160.769464][ T9478] : entered promiscuous mode [ 160.835152][ T9481] netlink: 'syz.3.1185': attribute type 6 has an invalid length. [ 161.369601][ T9508] bond7: (slave vcan1): The slave device specified does not support setting the MAC address [ 161.388245][ T9508] bond7: (slave vcan1): Error -95 calling set_mac_address [ 161.822674][ T9538] tipc: Enabled bearer , priority 0 [ 161.832784][ T9538] syzkaller0: entered promiscuous mode [ 161.864247][ T9538] syzkaller0: entered allmulticast mode [ 161.940716][ T9541] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 162.192774][ T9545] tipc: Resetting bearer [ 162.441932][ T9557] netlink: 'syz.3.1211': attribute type 6 has an invalid length. [ 162.672833][ T9537] tipc: Resetting bearer [ 162.743071][ T9537] tipc: Disabling bearer [ 163.146187][ T9587] bond3: (slave vcan1): The slave device specified does not support setting the MAC address [ 163.201968][ T9587] bond3: (slave vcan1): Error -95 calling set_mac_address [ 163.763704][ T9618] netlink: 'syz.4.1235': attribute type 1 has an invalid length. [ 163.833356][ T9618] 8021q: adding VLAN 0 to HW filter on device bond8 [ 163.900408][ T9624] 8021q: adding VLAN 0 to HW filter on device bond8 [ 163.914653][ T9624] bond8: (slave vxcan3): The slave device specified does not support setting the MAC address [ 163.929321][ T9624] bond8: (slave vxcan3): Error -95 calling set_mac_address [ 164.061196][ T9618] veth9: entered promiscuous mode [ 164.079764][ T9618] bond8: (slave veth9): Enslaving as an active interface with a down link [ 164.083368][ T9637] __nla_validate_parse: 10 callbacks suppressed [ 164.083385][ T9637] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1239'. [ 164.103246][ T9630] gretap1: entered allmulticast mode [ 164.116021][ T9630] bond8: (slave gretap1): making interface the new active one [ 164.128044][ T9630] bond8: (slave gretap1): Enslaving as an active interface with an up link [ 164.187506][ T9641] netlink: 'syz.4.1240': attribute type 1 has an invalid length. [ 164.191061][ T9639] bond5: (slave vcan1): The slave device specified does not support setting the MAC address [ 164.208362][ T9639] bond5: (slave vcan1): Error -95 calling set_mac_address [ 164.256079][ T9641] bond9 (unregistering): Released all slaves [ 164.310259][ T9646] ip6tnl1: entered promiscuous mode [ 164.320692][ T9646] ip6tnl1: entered allmulticast mode [ 164.349054][ T9645] netlink: 284 bytes leftover after parsing attributes in process `syz.3.1241'. [ 164.487344][ T9655] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1244'. [ 164.506752][ T9657] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1245'. [ 164.527107][ T9655] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 164.655737][ T9666] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1249'. [ 165.003722][ T9685] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1255'. [ 165.013056][ T9685] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1255'. [ 165.022365][ T9685] netlink: 'syz.0.1255': attribute type 3 has an invalid length. [ 165.197357][ T9696] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1261'. [ 165.246788][ T9696] bond9: (slave vcan1): The slave device specified does not support setting the MAC address [ 165.258550][ T9696] bond9: (slave vcan1): Error -95 calling set_mac_address [ 165.288895][ T9699] tipc: Enabled bearer , priority 0 [ 165.319625][ T9699] tipc: Resetting bearer [ 165.357075][ T9699] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1262'. [ 165.398077][ T6810] IPVS: starting estimator thread 0... [ 165.504211][ T9703] IPVS: using max 32 ests per chain, 76800 per kthread [ 165.683268][ T9716] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1267'. [ 165.758256][ T9716] bond4: (slave vcan1): The slave device specified does not support setting the MAC address [ 165.773997][ T9716] bond4: (slave vcan1): Error -95 calling set_mac_address [ 165.808297][ T9722] tipc: Enabled bearer , priority 0 [ 165.817123][ T9718] syzkaller0: entered promiscuous mode [ 165.822679][ T9718] syzkaller0: entered allmulticast mode [ 165.893937][ T9722] tipc: Resetting bearer [ 165.990661][ T9724] tipc: Enabled bearer , priority 0 [ 166.035699][ T9724] syzkaller0: entered promiscuous mode [ 166.043983][ T9724] syzkaller0: entered allmulticast mode [ 166.082465][ T9724] tipc: Resetting bearer [ 166.099579][ T9723] tipc: Resetting bearer [ 166.141854][ T9723] tipc: Disabling bearer [ 166.325125][ T8619] tipc: Node number set to 3474762878 [ 166.542307][ T9755] FAULT_INJECTION: forcing a failure. [ 166.542307][ T9755] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 166.555937][ T9717] tipc: Resetting bearer [ 166.604007][ T9755] CPU: 1 UID: 0 PID: 9755 Comm: syz.2.1282 Not tainted syzkaller #0 PREEMPT(full) [ 166.604031][ T9755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 166.604041][ T9755] Call Trace: [ 166.604048][ T9755] [ 166.604056][ T9755] dump_stack_lvl+0x189/0x250 [ 166.604085][ T9755] ? __pfx____ratelimit+0x10/0x10 [ 166.604107][ T9755] ? __pfx_dump_stack_lvl+0x10/0x10 [ 166.604125][ T9755] ? __pfx__printk+0x10/0x10 [ 166.604146][ T9755] ? __might_fault+0xb0/0x130 [ 166.604176][ T9755] should_fail_ex+0x414/0x560 [ 166.604202][ T9755] _copy_from_user+0x2d/0xb0 [ 166.604220][ T9755] ___sys_sendmsg+0x158/0x2a0 [ 166.604241][ T9755] ? __pfx____sys_sendmsg+0x10/0x10 [ 166.604293][ T9755] ? __fget_files+0x2a/0x420 [ 166.604307][ T9755] ? __fget_files+0x3a0/0x420 [ 166.604331][ T9755] __x64_sys_sendmsg+0x19b/0x260 [ 166.604359][ T9755] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 166.604386][ T9755] ? __pfx_ksys_write+0x10/0x10 [ 166.604403][ T9755] ? rcu_is_watching+0x15/0xb0 [ 166.604425][ T9755] ? do_syscall_64+0xbe/0x3b0 [ 166.604444][ T9755] do_syscall_64+0xfa/0x3b0 [ 166.604458][ T9755] ? lockdep_hardirqs_on+0x9c/0x150 [ 166.604478][ T9755] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.604493][ T9755] ? clear_bhb_loop+0x60/0xb0 [ 166.604510][ T9755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.604524][ T9755] RIP: 0033:0x7f3704d8eba9 [ 166.604538][ T9755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.604550][ T9755] RSP: 002b:00007f3705b43038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 166.604567][ T9755] RAX: ffffffffffffffda RBX: 00007f3704fd5fa0 RCX: 00007f3704d8eba9 [ 166.604578][ T9755] RDX: 0000000000000040 RSI: 0000200000001200 RDI: 0000000000000003 [ 166.604588][ T9755] RBP: 00007f3705b43090 R08: 0000000000000000 R09: 0000000000000000 [ 166.604597][ T9755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 166.604605][ T9755] R13: 00007f3704fd6038 R14: 00007f3704fd5fa0 R15: 00007ffce1f54e28 [ 166.604631][ T9755] [ 166.825009][ T9763] IPVS: set_ctl: invalid protocol: 137 172.20.20.39:20001 [ 166.835037][ T9717] tipc: Disabling bearer [ 167.101276][ T9780] FAULT_INJECTION: forcing a failure. [ 167.101276][ T9780] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 167.125790][ T9777] netlink: 'syz.2.1288': attribute type 1 has an invalid length. [ 167.133558][ T9777] netlink: 'syz.2.1288': attribute type 2 has an invalid length. [ 167.147501][ T9783] syz_tun: entered allmulticast mode [ 167.154210][ T9780] CPU: 1 UID: 0 PID: 9780 Comm: syz.3.1291 Not tainted syzkaller #0 PREEMPT(full) [ 167.154233][ T9780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 167.154244][ T9780] Call Trace: [ 167.154251][ T9780] [ 167.154259][ T9780] dump_stack_lvl+0x189/0x250 [ 167.154284][ T9780] ? __pfx____ratelimit+0x10/0x10 [ 167.154315][ T9780] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.154334][ T9780] ? __pfx__printk+0x10/0x10 [ 167.154372][ T9780] should_fail_ex+0x414/0x560 [ 167.154399][ T9780] _copy_to_user+0x31/0xb0 [ 167.154421][ T9780] simple_read_from_buffer+0xe1/0x170 [ 167.154447][ T9780] proc_fail_nth_read+0x1b3/0x220 [ 167.154470][ T9780] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 167.154493][ T9780] ? rw_verify_area+0x2a6/0x4d0 [ 167.154512][ T9780] ? __lock_acquire+0xab9/0xd20 [ 167.154532][ T9780] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 167.154552][ T9780] vfs_read+0x200/0xa30 [ 167.154571][ T9780] ? fdget_pos+0x247/0x320 [ 167.154592][ T9780] ? __pfx___mutex_lock+0x10/0x10 [ 167.154609][ T9780] ? __pfx_vfs_read+0x10/0x10 [ 167.154631][ T9780] ? __fget_files+0x2a/0x420 [ 167.154651][ T9780] ? __fget_files+0x3a0/0x420 [ 167.154664][ T9780] ? __fget_files+0x2a/0x420 [ 167.154689][ T9780] ksys_read+0x145/0x250 [ 167.154712][ T9780] ? __pfx_ksys_read+0x10/0x10 [ 167.154738][ T9780] ? do_syscall_64+0xbe/0x3b0 [ 167.154758][ T9780] do_syscall_64+0xfa/0x3b0 [ 167.154772][ T9780] ? lockdep_hardirqs_on+0x9c/0x150 [ 167.154794][ T9780] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.154810][ T9780] ? clear_bhb_loop+0x60/0xb0 [ 167.154831][ T9780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.154847][ T9780] RIP: 0033:0x7fb09418d5bc [ 167.154861][ T9780] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 167.154875][ T9780] RSP: 002b:00007fb0950e4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 167.154892][ T9780] RAX: ffffffffffffffda RBX: 00007fb0943d5fa0 RCX: 00007fb09418d5bc [ 167.154904][ T9780] RDX: 000000000000000f RSI: 00007fb0950e40a0 RDI: 0000000000000003 [ 167.154915][ T9780] RBP: 00007fb0950e4090 R08: 0000000000000000 R09: 0000000000000000 [ 167.154925][ T9780] R10: 0000000000000082 R11: 0000000000000246 R12: 0000000000000001 [ 167.154936][ T9780] R13: 00007fb0943d6038 R14: 00007fb0943d5fa0 R15: 00007ffcd1bd2d58 [ 167.154966][ T9780] [ 167.159027][ T9777] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 167.457521][ T9795] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 167.465621][ T9792] bond9: (slave vcan0): The slave device specified does not support setting the MAC address [ 167.547274][ T9792] bond9: (slave vcan0): Error -95 calling set_mac_address [ 167.572533][ T9793] syz_tun: left allmulticast mode [ 167.670508][ T9807] netlink: 'syz.4.1296': attribute type 6 has an invalid length. [ 167.791209][ T9811] netlink: 'syz.2.1298': attribute type 7 has an invalid length. [ 168.801353][ T3513] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 168.839008][ T3513] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 168.859067][ T3513] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 168.893990][ T3513] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 168.925130][ T9862] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 169.000896][ T9868] FAULT_INJECTION: forcing a failure. [ 169.000896][ T9868] name failslab, interval 1, probability 0, space 0, times 0 [ 169.018162][ T9868] CPU: 1 UID: 0 PID: 9868 Comm: syz.1.1319 Not tainted syzkaller #0 PREEMPT(full) [ 169.018208][ T9868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 169.018231][ T9868] Call Trace: [ 169.018245][ T9868] [ 169.018253][ T9868] dump_stack_lvl+0x189/0x250 [ 169.018279][ T9868] ? __pfx____ratelimit+0x10/0x10 [ 169.018302][ T9868] ? __pfx_dump_stack_lvl+0x10/0x10 [ 169.018322][ T9868] ? __pfx__printk+0x10/0x10 [ 169.018350][ T9868] ? __pfx___might_resched+0x10/0x10 [ 169.018371][ T9868] should_fail_ex+0x414/0x560 [ 169.018399][ T9868] should_failslab+0xa8/0x100 [ 169.018424][ T9868] __kmalloc_cache_noprof+0x70/0x3d0 [ 169.018445][ T9868] ? alloc_netdev_mqs+0xb90/0x11b0 [ 169.018464][ T9868] ? __xdp_rxq_info_reg+0x189/0x2a0 [ 169.018486][ T9868] alloc_netdev_mqs+0xb90/0x11b0 [ 169.018514][ T9868] tun_set_iff+0x532/0xef0 [ 169.018542][ T9868] __tun_chr_ioctl+0x788/0x1df0 [ 169.018567][ T9868] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 169.018589][ T9868] ? __fget_files+0x2a/0x420 [ 169.018604][ T9868] ? __fget_files+0x3a0/0x420 [ 169.018618][ T9868] ? __fget_files+0x2a/0x420 [ 169.018637][ T9868] ? bpf_lsm_file_ioctl+0x9/0x20 [ 169.018657][ T9868] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 169.018673][ T9868] __se_sys_ioctl+0xfc/0x170 [ 169.018697][ T9868] do_syscall_64+0xfa/0x3b0 [ 169.018713][ T9868] ? lockdep_hardirqs_on+0x9c/0x150 [ 169.018735][ T9868] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.018751][ T9868] ? clear_bhb_loop+0x60/0xb0 [ 169.018772][ T9868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.018788][ T9868] RIP: 0033:0x7fc900f8eba9 [ 169.018804][ T9868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.018819][ T9868] RSP: 002b:00007fc901de9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 169.018838][ T9868] RAX: ffffffffffffffda RBX: 00007fc9011d5fa0 RCX: 00007fc900f8eba9 [ 169.018851][ T9868] RDX: 00002000000000c0 RSI: 00000000400454ca RDI: 0000000000000004 [ 169.018869][ T9868] RBP: 00007fc901de9090 R08: 0000000000000000 R09: 0000000000000000 [ 169.018879][ T9868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 169.018889][ T9868] R13: 00007fc9011d6038 R14: 00007fc9011d5fa0 R15: 00007ffc6d88a308 [ 169.018920][ T9868] [ 169.341659][ T9876] tipc: Enabled bearer , priority 0 [ 169.349470][ T9876] syzkaller0: entered promiscuous mode [ 169.354996][ T9876] syzkaller0: entered allmulticast mode [ 169.418405][ T9881] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 169.489270][ T9881] tipc: Resetting bearer [ 169.787932][ T9900] netlink: ct family unspecified [ 169.801840][ T9902] __nla_validate_parse: 11 callbacks suppressed [ 169.801857][ T9902] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1335'. [ 169.812182][ T9900] openvswitch: netlink: Actions may not be safe on all matching packets [ 170.179428][ T9875] tipc: Resetting bearer [ 170.197957][ T9875] tipc: Disabling bearer [ 170.301674][ T9919] netlink: 516 bytes leftover after parsing attributes in process `syz.3.1341'. [ 170.405434][ T9919] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 170.440530][ T9932] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1345'. [ 170.540290][ T9941] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1341'. [ 170.560297][ T9940] vcan0: entered allmulticast mode [ 170.574285][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 170.853639][ T9962] FAULT_INJECTION: forcing a failure. [ 170.853639][ T9962] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 170.872637][ T9962] CPU: 0 UID: 0 PID: 9962 Comm: syz.2.1355 Not tainted syzkaller #0 PREEMPT(full) [ 170.872660][ T9962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 170.872671][ T9962] Call Trace: [ 170.872678][ T9962] [ 170.872686][ T9962] dump_stack_lvl+0x189/0x250 [ 170.872710][ T9962] ? __pfx____ratelimit+0x10/0x10 [ 170.872741][ T9962] ? __pfx_dump_stack_lvl+0x10/0x10 [ 170.872760][ T9962] ? __pfx__printk+0x10/0x10 [ 170.872780][ T9962] ? __might_fault+0xb0/0x130 [ 170.872811][ T9962] should_fail_ex+0x414/0x560 [ 170.872837][ T9962] _copy_from_iter+0x1de/0x1790 [ 170.872861][ T9962] ? rcu_is_watching+0x15/0xb0 [ 170.872878][ T9962] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 170.872901][ T9962] ? __pfx__copy_from_iter+0x10/0x10 [ 170.872921][ T9962] ? __build_skb_around+0x257/0x3e0 [ 170.872941][ T9962] ? netlink_sendmsg+0x642/0xb30 [ 170.872955][ T9962] ? skb_put+0x11b/0x210 [ 170.872975][ T9962] netlink_sendmsg+0x6b2/0xb30 [ 170.873001][ T9962] ? __pfx_netlink_sendmsg+0x10/0x10 [ 170.873021][ T9962] ? aa_sock_msg_perm+0xf1/0x1d0 [ 170.873039][ T9962] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 170.873055][ T9962] ? __pfx_netlink_sendmsg+0x10/0x10 [ 170.873071][ T9962] __sock_sendmsg+0x21c/0x270 [ 170.873095][ T9962] ____sys_sendmsg+0x505/0x830 [ 170.873119][ T9962] ? __pfx_____sys_sendmsg+0x10/0x10 [ 170.873146][ T9962] ? import_iovec+0x74/0xa0 [ 170.873168][ T9962] ___sys_sendmsg+0x21f/0x2a0 [ 170.873188][ T9962] ? __pfx____sys_sendmsg+0x10/0x10 [ 170.873240][ T9962] ? __fget_files+0x2a/0x420 [ 170.873254][ T9962] ? __fget_files+0x3a0/0x420 [ 170.873278][ T9962] __x64_sys_sendmsg+0x19b/0x260 [ 170.873298][ T9962] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 170.873325][ T9962] ? __pfx_ksys_write+0x10/0x10 [ 170.873342][ T9962] ? rcu_is_watching+0x15/0xb0 [ 170.873364][ T9962] ? do_syscall_64+0xbe/0x3b0 [ 170.873384][ T9962] do_syscall_64+0xfa/0x3b0 [ 170.873398][ T9962] ? lockdep_hardirqs_on+0x9c/0x150 [ 170.873420][ T9962] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.873437][ T9962] ? clear_bhb_loop+0x60/0xb0 [ 170.873457][ T9962] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.873473][ T9962] RIP: 0033:0x7f3704d8eba9 [ 170.873489][ T9962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.873503][ T9962] RSP: 002b:00007f3705b43038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 170.873522][ T9962] RAX: ffffffffffffffda RBX: 00007f3704fd5fa0 RCX: 00007f3704d8eba9 [ 170.873534][ T9962] RDX: 0000000000000040 RSI: 0000200000001200 RDI: 0000000000000003 [ 170.873545][ T9962] RBP: 00007f3705b43090 R08: 0000000000000000 R09: 0000000000000000 [ 170.873556][ T9962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 170.873565][ T9962] R13: 00007f3704fd6038 R14: 00007f3704fd5fa0 R15: 00007ffce1f54e28 [ 170.873593][ T9962] [ 170.895138][ T9964] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1356'. [ 170.970960][ T9966] netlink: 'syz.4.1357': attribute type 6 has an invalid length. [ 171.655107][T10000] dvmrp0: left allmulticast mode [ 171.783682][T10005] netlink: 112 bytes leftover after parsing attributes in process `syz.4.1367'. [ 172.066798][T10015] FAULT_INJECTION: forcing a failure. [ 172.066798][T10015] name failslab, interval 1, probability 0, space 0, times 0 [ 172.107084][T10015] CPU: 0 UID: 0 PID: 10015 Comm: syz.3.1372 Not tainted syzkaller #0 PREEMPT(full) [ 172.107109][T10015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 172.107119][T10015] Call Trace: [ 172.107126][T10015] [ 172.107135][T10015] dump_stack_lvl+0x189/0x250 [ 172.107159][T10015] ? __pfx____ratelimit+0x10/0x10 [ 172.107183][T10015] ? __pfx_dump_stack_lvl+0x10/0x10 [ 172.107202][T10015] ? __pfx__printk+0x10/0x10 [ 172.107230][T10015] ? __pfx___might_resched+0x10/0x10 [ 172.107253][T10015] should_fail_ex+0x414/0x560 [ 172.107280][T10015] should_failslab+0xa8/0x100 [ 172.107304][T10015] __kmalloc_cache_noprof+0x70/0x3d0 [ 172.107325][T10015] ? alloc_netdev_mqs+0xb90/0x11b0 [ 172.107344][T10015] ? __xdp_rxq_info_reg+0x189/0x2a0 [ 172.107367][T10015] alloc_netdev_mqs+0xb90/0x11b0 [ 172.107394][T10015] tun_set_iff+0x532/0xef0 [ 172.107422][T10015] __tun_chr_ioctl+0x788/0x1df0 [ 172.107447][T10015] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 172.107470][T10015] ? __fget_files+0x2a/0x420 [ 172.107484][T10015] ? __fget_files+0x3a0/0x420 [ 172.107498][T10015] ? __fget_files+0x2a/0x420 [ 172.107517][T10015] ? bpf_lsm_file_ioctl+0x9/0x20 [ 172.107537][T10015] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 172.107554][T10015] __se_sys_ioctl+0xfc/0x170 [ 172.107577][T10015] do_syscall_64+0xfa/0x3b0 [ 172.107593][T10015] ? lockdep_hardirqs_on+0x9c/0x150 [ 172.107614][T10015] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.107630][T10015] ? clear_bhb_loop+0x60/0xb0 [ 172.107651][T10015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.107667][T10015] RIP: 0033:0x7fb09418eba9 [ 172.107683][T10015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.107698][T10015] RSP: 002b:00007fb0950e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 172.107716][T10015] RAX: ffffffffffffffda RBX: 00007fb0943d5fa0 RCX: 00007fb09418eba9 [ 172.107729][T10015] RDX: 00002000000000c0 RSI: 00000000400454ca RDI: 0000000000000004 [ 172.107741][T10015] RBP: 00007fb0950e4090 R08: 0000000000000000 R09: 0000000000000000 [ 172.107751][T10015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 172.107761][T10015] R13: 00007fb0943d6038 R14: 00007fb0943d5fa0 R15: 00007ffcd1bd2d58 [ 172.107792][T10015] [ 172.363468][T10025] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1374'. [ 172.569744][T10038] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1379'. [ 173.063828][T10064] FAULT_INJECTION: forcing a failure. [ 173.063828][T10064] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 173.084432][T10064] CPU: 1 UID: 0 PID: 10064 Comm: syz.3.1390 Not tainted syzkaller #0 PREEMPT(full) [ 173.084456][T10064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 173.084467][T10064] Call Trace: [ 173.084483][T10064] [ 173.084491][T10064] dump_stack_lvl+0x189/0x250 [ 173.084515][T10064] ? __pfx____ratelimit+0x10/0x10 [ 173.084538][T10064] ? __pfx_dump_stack_lvl+0x10/0x10 [ 173.084557][T10064] ? __pfx__printk+0x10/0x10 [ 173.084578][T10064] ? __might_fault+0xb0/0x130 [ 173.084607][T10064] should_fail_ex+0x414/0x560 [ 173.084633][T10064] _copy_from_user+0x2d/0xb0 [ 173.084652][T10064] __sys_connect+0x123/0x440 [ 173.084669][T10064] ? __fget_files+0x3a0/0x420 [ 173.084685][T10064] ? __pfx___sys_connect+0x10/0x10 [ 173.084714][T10064] ? __pfx_ksys_write+0x10/0x10 [ 173.084732][T10064] ? rcu_is_watching+0x15/0xb0 [ 173.084757][T10064] __x64_sys_connect+0x7a/0x90 [ 173.084775][T10064] do_syscall_64+0xfa/0x3b0 [ 173.084790][T10064] ? lockdep_hardirqs_on+0x9c/0x150 [ 173.084811][T10064] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.084827][T10064] ? clear_bhb_loop+0x60/0xb0 [ 173.084848][T10064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.084864][T10064] RIP: 0033:0x7fb09418eba9 [ 173.084880][T10064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.084894][T10064] RSP: 002b:00007fb0950e4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 173.084912][T10064] RAX: ffffffffffffffda RBX: 00007fb0943d5fa0 RCX: 00007fb09418eba9 [ 173.084924][T10064] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000003 [ 173.084935][T10064] RBP: 00007fb0950e4090 R08: 0000000000000000 R09: 0000000000000000 [ 173.084945][T10064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 173.084956][T10064] R13: 00007fb0943d6038 R14: 00007fb0943d5fa0 R15: 00007ffcd1bd2d58 [ 173.084984][T10064] [ 173.288868][T10067] IPVS: set_ctl: invalid protocol: 137 172.20.20.39:20001 [ 173.420764][T10076] netlink: 'syz.2.1395': attribute type 6 has an invalid length. [ 173.482033][T10079] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1396'. [ 173.580661][T10083] netlink: 'syz.0.1397': attribute type 7 has an invalid length. [ 173.722881][T10092] netlink: 112 bytes leftover after parsing attributes in process `syz.0.1400'. [ 174.090000][T10117] netlink: zone id is out of range [ 174.113970][T10120] FAULT_INJECTION: forcing a failure. [ 174.113970][T10120] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 174.114530][T10117] netlink: zone id is out of range [ 174.137307][T10117] netlink: zone id is out of range [ 174.142440][T10117] netlink: zone id is out of range [ 174.148707][T10120] CPU: 0 UID: 0 PID: 10120 Comm: syz.1.1410 Not tainted syzkaller #0 PREEMPT(full) [ 174.148727][T10120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 174.148737][T10120] Call Trace: [ 174.148744][T10120] [ 174.148751][T10120] dump_stack_lvl+0x189/0x250 [ 174.148774][T10120] ? __pfx____ratelimit+0x10/0x10 [ 174.148797][T10120] ? __pfx_dump_stack_lvl+0x10/0x10 [ 174.148815][T10120] ? __pfx__printk+0x10/0x10 [ 174.148837][T10120] ? __might_fault+0xb0/0x130 [ 174.148868][T10120] should_fail_ex+0x414/0x560 [ 174.148892][T10120] _copy_from_user+0x2d/0xb0 [ 174.148909][T10120] kstrtouint_from_user+0xc4/0x170 [ 174.148931][T10120] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 174.148962][T10120] proc_fail_nth_write+0x88/0x200 [ 174.148977][T10120] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 174.148995][T10120] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 174.149014][T10120] vfs_write+0x27b/0xb30 [ 174.149041][T10120] ? __pfx_vfs_write+0x10/0x10 [ 174.149062][T10120] ? __fget_files+0x2a/0x420 [ 174.149082][T10120] ? __fget_files+0x3a0/0x420 [ 174.149095][T10120] ? __fget_files+0x2a/0x420 [ 174.149118][T10120] ksys_write+0x145/0x250 [ 174.149141][T10120] ? __pfx_ksys_write+0x10/0x10 [ 174.149159][T10120] ? rcu_is_watching+0x15/0xb0 [ 174.149182][T10120] ? do_syscall_64+0xbe/0x3b0 [ 174.149203][T10120] do_syscall_64+0xfa/0x3b0 [ 174.149217][T10120] ? lockdep_hardirqs_on+0x9c/0x150 [ 174.149239][T10120] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.149256][T10120] ? clear_bhb_loop+0x60/0xb0 [ 174.149277][T10120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.149293][T10120] RIP: 0033:0x7fc900f8d65f [ 174.149309][T10120] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 174.149324][T10120] RSP: 002b:00007fc901de9030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 174.149342][T10120] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc900f8d65f [ 174.149355][T10120] RDX: 0000000000000001 RSI: 00007fc901de90a0 RDI: 0000000000000006 [ 174.149366][T10120] RBP: 00007fc901de9090 R08: 0000000000000000 R09: 0000000000000000 [ 174.149376][T10120] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 174.149387][T10120] R13: 00007fc9011d6038 R14: 00007fc9011d5fa0 R15: 00007ffc6d88a308 [ 174.149418][T10120] [ 174.178230][T10117] netlink: zone id is out of range [ 174.259506][T10121] syzkaller0: entered promiscuous mode [ 174.299529][T10117] netlink: zone id is out of range [ 174.299543][T10117] netlink: zone id is out of range [ 174.299552][T10117] netlink: zone id is out of range [ 174.299561][T10117] netlink: zone id is out of range [ 174.299569][T10117] netlink: zone id is out of range [ 174.344017][T10127] netlink: 'syz.1.1414': attribute type 6 has an invalid length. [ 174.364319][T10121] syzkaller0: entered allmulticast mode [ 174.773955][T10147] IPVS: set_ctl: invalid protocol: 137 172.20.20.39:20001 [ 175.796259][T10153] wireguard: wg0: Could not create IPv4 socket [ 176.013112][T10168] netlink: 'syz.0.1427': attribute type 6 has an invalid length. [ 176.161627][T10175] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 176.220281][T10182] tipc: Enabled bearer , priority 0 [ 176.227447][T10180] netlink: 'syz.2.1431': attribute type 7 has an invalid length. [ 176.238312][T10182] syzkaller0: entered promiscuous mode [ 176.243798][T10182] syzkaller0: entered allmulticast mode [ 176.321776][T10189] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 176.390502][T10189] tipc: Resetting bearer [ 176.565065][T10207] __nla_validate_parse: 1 callbacks suppressed [ 176.565083][T10207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1439'. [ 176.731360][T10215] netlink: 'syz.4.1443': attribute type 6 has an invalid length. [ 177.066336][T10233] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode [ 177.073419][T10233] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode [ 177.094446][T10181] tipc: Resetting bearer [ 177.121632][T10181] tipc: Disabling bearer [ 177.127149][T10238] netlink: 112 bytes leftover after parsing attributes in process `syz.4.1453'. [ 177.142534][T10233] netlink: 'syz.2.1451': attribute type 10 has an invalid length. [ 177.173594][T10233] mac80211_hwsim hwsim11 wlan1: left promiscuous mode [ 177.213631][T10233] mac80211_hwsim hwsim11 wlan1: left allmulticast mode [ 177.252421][T10233] bond0: (slave wlan1): Enslaving as an active interface with a down link [ 177.342941][T10245] bridge_slave_0: left allmulticast mode [ 177.393688][T10245] bridge_slave_0: left promiscuous mode [ 177.411198][T10245] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.423737][T10245] bridge_slave_1: left allmulticast mode [ 177.429976][T10245] bridge_slave_1: left promiscuous mode [ 177.437239][T10245] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.457466][T10245] bond0: (slave bond_slave_0): Releasing backup interface [ 177.490443][T10245] bond0: (slave bond_slave_1): Releasing backup interface [ 177.540689][T10245] team0: Port device team_slave_0 removed [ 177.555955][T10245] team0: Port device team_slave_1 removed [ 177.567232][T10245] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 177.575095][T10245] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 177.586530][T10245] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 177.594695][T10245] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 177.609511][T10245] bond0: (slave wlan1): Releasing backup interface [ 178.064886][T10287] pim6reg1: entered promiscuous mode [ 178.070290][T10287] pim6reg1: entered allmulticast mode [ 178.386995][T10299] netlink: 112 bytes leftover after parsing attributes in process `syz.1.1471'. [ 178.667350][T10312] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 178.680025][T10315] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1482'. [ 178.932288][T10327] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1487'. [ 179.150628][T10343] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1493'. [ 179.222384][T10345] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1494'. [ 179.259374][T10348] syz_tun: entered allmulticast mode [ 179.290849][T10348] dvmrp8: entered allmulticast mode [ 179.306887][T10347] syz_tun: left allmulticast mode [ 179.598003][T10363] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1503'. [ 179.744803][T10370] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1506'. [ 180.203116][T10395] net_ratelimit: 60 callbacks suppressed [ 180.203134][T10395] openvswitch: netlink: IP tunnel dst address not specified [ 180.607301][T10421] tipc: Enabling of bearer rejected, already enabled [ 180.657984][T10419] netlink: zone id is out of range [ 180.663133][T10419] netlink: zone id is out of range [ 180.700341][T10419] netlink: zone id is out of range [ 180.716724][T10429] netlink: del zone limit has 4 unknown bytes [ 180.750514][T10419] netlink: zone id is out of range [ 180.761154][T10419] netlink: zone id is out of range [ 180.777041][T10419] netlink: zone id is out of range [ 180.782186][T10419] netlink: zone id is out of range [ 180.803395][T10419] netlink: zone id is out of range [ 180.882793][T10437] netlink: 'syz.0.1536': attribute type 1 has an invalid length. [ 181.020956][T10437] 8021q: adding VLAN 0 to HW filter on device bond5 [ 181.223989][T10456] netlink: 'syz.3.1544': attribute type 1 has an invalid length. [ 181.234575][T10456] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1544'. [ 181.672959][T10479] macvtap1: entered allmulticast mode [ 181.701852][T10479] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode [ 181.723424][T10479] mac80211_hwsim hwsim6 wlan0: left allmulticast mode [ 182.331333][T10513] mpoa:mpoad_close: () going down [ 182.470240][T10517] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 182.681945][T10523] netlink: 'syz.3.1568': attribute type 2 has an invalid length. [ 182.740694][T10523] __nla_validate_parse: 5 callbacks suppressed [ 182.740711][T10523] netlink: 5356 bytes leftover after parsing attributes in process `syz.3.1568'. [ 182.978184][T10531] netlink: 'syz.4.1572': attribute type 1 has an invalid length. [ 182.990508][T10531] netlink: 200 bytes leftover after parsing attributes in process `syz.4.1572'. [ 183.055298][ T5866] Bluetooth: hci0: command 0x080f tx timeout [ 183.061443][ T5874] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 183.183057][T10543] netlink: 'syz.1.1578': attribute type 1 has an invalid length. [ 183.439419][T10546] bond5: (slave ip6gretap1): making interface the new active one [ 183.465344][T10546] bond5: (slave ip6gretap1): Enslaving as an active interface with an up link [ 183.546598][T10548] macvlan2: entered promiscuous mode [ 183.551943][T10548] macvlan2: entered allmulticast mode [ 183.603996][T10548] bond5: entered promiscuous mode [ 183.633920][T10548] ip6gretap1: entered promiscuous mode [ 183.647800][T10548] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 183.670075][T10548] bond5: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 183.706960][T10548] bond5: left promiscuous mode [ 183.711895][T10548] ip6gretap1: left promiscuous mode [ 183.894582][T10575] netlink: 'syz.2.1592': attribute type 4 has an invalid length. [ 184.095087][T10590] tipc: Enabling of bearer rejected, failed to enable media [ 184.940289][T10630] Bluetooth: MGMT ver 1.23 [ 184.970737][T10630] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1615'. [ 185.013449][T10630] netlink: 'syz.4.1615': attribute type 2 has an invalid length. [ 185.151081][T10640] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1619'. [ 186.268099][T10704] net_ratelimit: 22 callbacks suppressed [ 186.268118][T10704] netlink: zone id is out of range [ 186.304259][T10704] netlink: zone id is out of range [ 186.309413][T10704] netlink: zone id is out of range [ 186.340022][T10704] netlink: zone id is out of range [ 186.361599][T10709] netlink: del zone limit has 4 unknown bytes [ 186.382174][T10704] netlink: zone id is out of range [ 186.404591][T10704] netlink: zone id is out of range [ 186.414586][T10704] netlink: zone id is out of range [ 186.421974][T10704] netlink: zone id is out of range [ 186.430859][T10704] netlink: zone id is out of range [ 186.693549][T10728] tipc: Enabled bearer , priority 0 [ 186.750172][T10728] syzkaller0: entered promiscuous mode [ 186.795850][T10728] syzkaller0: entered allmulticast mode [ 186.819937][T10734] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1663'. [ 186.843137][T10741] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 186.855685][T10742] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1663'. [ 186.865453][T10728] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 187.441854][T10737] tipc: Resetting bearer [ 187.576362][T10727] tipc: Resetting bearer [ 187.611016][T10727] tipc: Disabling bearer [ 188.442811][T10794] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 188.685663][T10811] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1688'. [ 188.761386][T10816] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1689'. [ 189.133376][ T1172] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 189.167677][ T1172] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.184682][ T3581] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 189.214741][ T3581] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.257593][ T3581] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 189.299912][ T3581] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.344165][ T3581] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 189.394381][ T3581] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.499882][T10832] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 189.534211][ T5866] Bluetooth: hci0: command 0x080f tx timeout [ 189.540273][ T5874] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 190.248698][T10870] netlink: 'syz.1.1705': attribute type 6 has an invalid length. [ 190.536431][T10881] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 190.869745][T10905] syz_tun: entered allmulticast mode [ 190.921245][T10909] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1718'. [ 190.921440][T10903] syz_tun: left allmulticast mode [ 191.247374][T10923] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1723'. [ 192.393565][T10987] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1745'. [ 193.144051][T11031] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1760'. [ 193.174943][T11028] netlink: 'syz.3.1759': attribute type 41 has an invalid length. [ 193.542690][T11055] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1769'. [ 193.762819][T11065] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 193.917734][T11073] tipc: Enabled bearer , priority 0 [ 194.260999][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.617001][T11105] sch_tbf: burst 1023 is lower than device lo mtu (65550) ! [ 194.897265][T11120] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1791'. [ 194.930776][T11120] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1791'. [ 194.957324][T11120] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1791'. [ 195.332717][T11146] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1799'. [ 195.492052][T11151] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1801'. [ 195.961190][T11175] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1809'. [ 196.240411][T11190] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 196.251413][T11189] !: renamed from dummy0 [ 196.292032][T11189] net_ratelimit: 12 callbacks suppressed [ 196.292050][T11189] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 196.617372][T11178] mpoa:mpoad_close: () going down [ 197.033204][T11212] syzkaller1: entered promiscuous mode [ 197.073629][T11212] syzkaller1: entered allmulticast mode [ 197.266419][T11221] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1820'. [ 197.471456][T11233] netlink: 308 bytes leftover after parsing attributes in process `syz.3.1825'. [ 197.488030][T11233] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1825'. [ 197.508251][T11233] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1825'. [ 197.853851][T11255] netlink: 'syz.4.1830': attribute type 39 has an invalid length. [ 198.017001][T11257] syzkaller0: entered promiscuous mode [ 198.049817][T11257] syzkaller0: entered allmulticast mode [ 199.418246][T11339] tipc: Enabled bearer , priority 0 [ 199.433179][T11339] syzkaller0: entered promiscuous mode [ 199.440614][T11339] syzkaller0: entered allmulticast mode [ 199.463747][T11339] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 199.550950][T11339] tipc: Resetting bearer [ 199.577191][T11338] tipc: Resetting bearer [ 199.617619][T11338] tipc: Disabling bearer [ 201.454300][ T5878] Bluetooth: hci2: command 0x0406 tx timeout [ 201.460484][ T5868] Bluetooth: hci1: command 0x0406 tx timeout [ 202.253429][T11459] vlan2: entered promiscuous mode [ 202.259804][T11459] gretap0: entered promiscuous mode [ 202.813138][T11487] __nla_validate_parse: 7 callbacks suppressed [ 202.813157][T11487] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1894'. [ 203.138099][T11507] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1903'. [ 203.153080][T11508] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1904'. [ 203.242400][T11514] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1907'. [ 203.606800][T11525] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1912'. [ 203.710118][T11542] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 204.053819][T11564] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1926'. [ 204.083468][T11562] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1925'. [ 204.942671][T11604] netlink: 9896 bytes leftover after parsing attributes in process `syz.4.1941'. [ 205.204397][T11615] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1945'. [ 205.213293][T11615] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1945'. [ 205.814477][T11639] tipc: Enabling of bearer rejected, already enabled [ 205.854577][T11639] tipc: Resetting bearer [ 205.939300][T11643] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 206.046152][T11643] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 206.081360][T11648] macvtap2: entered promiscuous mode [ 206.108100][T11648] batadv0: entered promiscuous mode [ 206.133863][T11648] macvtap2: entered allmulticast mode [ 206.168415][T11648] batadv0: entered allmulticast mode [ 206.176806][T11648] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 206.189890][T11643] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 206.219569][T11654] batadv0: left allmulticast mode [ 206.238293][T11654] batadv0: left promiscuous mode [ 206.278444][ T3463] tipc: Resetting bearer [ 206.313248][T11643] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 206.458634][ T3581] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 206.467260][T11664] !: renamed from dummy0 [ 206.493979][ T3581] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 206.512902][ T3581] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 206.536641][ T3581] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 206.750187][T11674] tipc: Enabled bearer , priority 0 [ 206.759077][T11674] syzkaller0: entered promiscuous mode [ 206.768606][T11674] syzkaller0: entered allmulticast mode [ 206.813555][T11674] tipc: Resetting bearer [ 206.830105][T11673] tipc: Resetting bearer [ 206.859096][T11673] tipc: Disabling bearer [ 207.742079][T11712] macvtap1: entered promiscuous mode [ 207.760774][T11712] erspan0: entered promiscuous mode [ 207.766868][T11712] macvtap1: entered allmulticast mode [ 207.799876][T11718] erspan0: left promiscuous mode [ 207.874337][T11708] __nla_validate_parse: 9 callbacks suppressed [ 207.874355][T11708] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1987'. [ 207.978436][T11728] netlink: 9896 bytes leftover after parsing attributes in process `syz.3.1992'. [ 208.508529][T11756] netlink: 9896 bytes leftover after parsing attributes in process `syz.0.2004'. [ 208.920867][T11775] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 209.421614][T11794] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2020'. [ 209.665753][T11810] tipc: Enabled bearer , priority 0 [ 209.695369][T11810] syzkaller0: entered promiscuous mode [ 209.703870][T11810] syzkaller0: entered allmulticast mode [ 209.776676][T11810] tipc: Resetting bearer [ 209.806509][T11806] tipc: Resetting bearer [ 209.863712][T11806] tipc: Disabling bearer [ 209.912983][T11824] Bluetooth: hci4: Opcode 0x0401 failed: -4 [ 210.041550][T11835] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 210.062307][T11836] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2037'. [ 210.225007][T11839] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2039'. [ 210.237110][T11839] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2039'. [ 210.268298][T11839] dvmrp8: entered allmulticast mode [ 210.422244][T11838] dvmrp8: left allmulticast mode [ 210.516357][T11845] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.583673][T11847] netlink: 136 bytes leftover after parsing attributes in process `syz.4.2042'. [ 211.287243][T11853] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2044'. [ 211.302985][T11870] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2051'. [ 211.565237][T11881] netlink: 'syz.1.2052': attribute type 1 has an invalid length. [ 211.623932][T11881] 8021q: adding VLAN 0 to HW filter on device bond7 [ 211.644000][T11884] bond7: (slave wlan0): Enslaving as an active interface with a down link [ 211.709470][T11881] vlan2: entered allmulticast mode [ 211.721405][T11881] veth1: entered allmulticast mode [ 211.729287][T11881] bond7: (slave vlan2): Opening slave failed [ 211.934557][ T5874] Bluetooth: hci4: command 0x0405 tx timeout [ 212.018128][T11893] syzkaller1: entered promiscuous mode [ 212.023641][T11893] syzkaller1: entered allmulticast mode [ 212.998020][T11924] syzkaller1: entered promiscuous mode [ 213.026075][T11924] syzkaller1: entered allmulticast mode [ 213.347413][T11935] IPVS: length: 163 != 8 [ 213.462134][T11937] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7 [ 213.780279][T11946] __nla_validate_parse: 5 callbacks suppressed [ 213.780297][T11946] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2079'. [ 214.095798][T11961] syzkaller1: entered promiscuous mode [ 214.107777][T11961] syzkaller1: entered allmulticast mode [ 214.519816][T11978] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2093'. [ 214.542431][T11978] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2093'. [ 214.886534][T11988] syzkaller1: entered promiscuous mode [ 214.913210][T11988] syzkaller1: entered allmulticast mode [ 214.993385][T11991] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2100'. [ 215.358303][T12000] netdevsim0: renamed from gre0 [ 215.385411][T12000] netdevsim0: entered allmulticast mode [ 215.397264][T12000] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 215.538136][T12008] tipc: Enabled bearer , priority 0 [ 215.555714][T12006] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.2107'. [ 215.569443][T12008] syzkaller0: entered promiscuous mode [ 215.578474][T12008] syzkaller0: entered allmulticast mode [ 215.587631][T12006] netlink: zone id is out of range [ 215.602691][T12008] tipc: Resetting bearer [ 215.612158][T12006] netlink: zone id is out of range [ 215.619493][T12006] netlink: zone id is out of range [ 215.625565][T12007] tipc: Resetting bearer [ 215.641781][T12006] netlink: zone id is out of range [ 215.663688][T12006] netlink: zone id is out of range [ 215.671217][T12006] netlink: zone id is out of range [ 215.677319][T12007] tipc: Disabling bearer [ 215.683915][T12006] netlink: zone id is out of range [ 215.695715][T12006] netlink: zone id is out of range [ 215.701000][T12006] netlink: zone id is out of range [ 215.767285][T12013] tipc: Enabling of bearer rejected, already enabled [ 215.799148][T12013] syzkaller0: entered promiscuous mode [ 215.820130][T12013] syzkaller0: entered allmulticast mode [ 215.857322][T12013] tipc: Resetting bearer [ 215.893242][T12017] syzkaller1: entered promiscuous mode [ 215.925125][T12017] syzkaller1: entered allmulticast mode [ 216.338958][T12042] tipc: Enabled bearer , priority 0 [ 216.347398][T12042] syzkaller0: entered promiscuous mode [ 216.352883][T12042] syzkaller0: entered allmulticast mode [ 216.389719][T12042] tipc: Resetting bearer [ 216.409373][T12041] tipc: Resetting bearer [ 216.465287][T12041] tipc: Disabling bearer [ 216.492704][T12044] tipc: Enabled bearer , priority 0 [ 216.501127][T12044] syzkaller0: entered promiscuous mode [ 216.507285][T12044] syzkaller0: entered allmulticast mode [ 216.532559][T12044] tipc: Resetting bearer [ 216.544669][T12043] tipc: Resetting bearer [ 216.589350][T12043] tipc: Disabling bearer [ 216.715271][ T8623] IPVS: starting estimator thread 0... [ 216.816726][T12054] IPVS: using max 26 ests per chain, 62400 per kthread [ 216.837744][T12059] syzkaller1: entered promiscuous mode [ 216.843444][T12059] syzkaller1: entered allmulticast mode [ 217.090489][T12071] tipc: Enabled bearer , priority 0 [ 217.099171][T12071] syzkaller0: entered promiscuous mode [ 217.104752][T12071] syzkaller0: entered allmulticast mode [ 217.123461][T12071] tipc: Resetting bearer [ 217.140339][T12070] tipc: Resetting bearer [ 217.192333][T12075] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2137'. [ 217.202094][T12070] tipc: Disabling bearer [ 217.439007][ T5874] Bluetooth: hci4: link tx timeout [ 217.447363][ T5874] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 217.538903][T12091] syzkaller1: entered promiscuous mode [ 217.563312][T12091] syzkaller1: entered allmulticast mode [ 217.998678][T12113] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 218.289232][T12127] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2154'. [ 218.521468][T12138] tipc: Enabled bearer , priority 0 [ 218.540857][T12138] syzkaller0: entered promiscuous mode [ 218.554268][T12138] syzkaller0: entered allmulticast mode [ 218.599183][T12138] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2157'. [ 218.705000][T12138] tipc: Resetting bearer [ 218.711446][T12144] syzkaller1: entered promiscuous mode [ 218.719986][T12144] syzkaller1: entered allmulticast mode [ 218.763374][T12135] tipc: Resetting bearer [ 218.792376][T12135] tipc: Disabling bearer [ 219.425375][ T3513] syzkaller0: tun_net_xmit 76 [ 219.429901][T12177] syzkaller0: create flow: hash 4150813678 index 1 [ 219.430484][ T3513] syzkaller0: tun_net_xmit 48 [ 219.444529][ T5963] syzkaller0: tun_net_xmit 76 [ 219.473384][ T5866] Bluetooth: hci4: link tx timeout [ 219.478889][ T5866] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 219.534412][ T5866] Bluetooth: hci4: command 0x0405 tx timeout [ 219.592997][ T24] syzkaller0: tun_net_xmit 76 [ 219.652111][T12177] syzkaller0: delete flow: hash 4150813678 index 1 [ 221.147065][T12202] geneve2: entered promiscuous mode [ 221.253695][ T3463] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.271999][ T3463] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.311207][ T3463] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.329203][ T3463] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.351469][T12214] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2187'. [ 221.497442][T12221] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2187'. [ 221.581868][T12230] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2193'. [ 221.605266][T12233] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2192'. [ 221.633808][T12233] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2192'. [ 221.652555][T12232] tipc: Enabling of bearer rejected, already enabled [ 221.771210][T12240] tipc: Enabling of bearer rejected, already enabled [ 222.134005][T12258] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2208'. [ 222.279690][T12265] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2208'. [ 222.456369][T12270] net_ratelimit: 3 callbacks suppressed [ 222.456386][T12270] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 222.497730][T12272] tipc: Enabled bearer , priority 0 [ 222.526910][T12272] syzkaller0: entered promiscuous mode [ 222.564288][T12272] syzkaller0: entered allmulticast mode [ 222.649056][T12256] mpoa:mpoad_close: () going down [ 222.657378][T12271] tipc: Resetting bearer [ 222.713784][T12271] tipc: Disabling bearer [ 222.954800][T12296] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2219'. [ 223.141706][T12306] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2221'. [ 223.175980][T12306] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2221'. [ 223.212927][T12310] tipc: Enabling of bearer rejected, already enabled [ 223.325907][T12316] geneve2: entered promiscuous mode [ 224.073736][T12322] mpoa:mpoad_close: () going down [ 224.076962][T12345] tipc: Enabling of bearer rejected, already enabled [ 224.209652][T12347] macvtap1: entered promiscuous mode [ 224.215029][T12347] batadv0: entered promiscuous mode [ 224.220558][T12347] macvtap1: entered allmulticast mode [ 224.230503][T12347] batadv0: entered allmulticast mode [ 224.242415][T12347] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 224.261590][T12349] mac80211_hwsim hwsim4 syzkaller0: left promiscuous mode [ 224.278885][T12349] mac80211_hwsim hwsim4 syzkaller0: left allmulticast mode [ 224.296732][T12349] tipc: Resetting bearer [ 224.661096][T12360] tipc: Enabling of bearer rejected, already enabled [ 224.982731][T12373] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0 [ 224.996836][T12372] IPVS: stopping backup sync thread 12373 ... [ 225.065359][T12377] tipc: Enabling of bearer rejected, already enabled [ 225.075268][T12377] mac80211_hwsim hwsim4 syzkaller0: entered promiscuous mode [ 225.082851][T12377] mac80211_hwsim hwsim4 syzkaller0: entered allmulticast mode [ 225.111078][T12377] tipc: Resetting bearer [ 225.120546][ T8623] IPVS: starting estimator thread 0... [ 225.214257][T12380] IPVS: using max 31 ests per chain, 74400 per kthread [ 225.384770][ T24] IPVS: starting estimator thread 0... [ 225.474265][T12394] IPVS: using max 40 ests per chain, 96000 per kthread [ 225.940059][T12415] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 225.953706][T12415] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 225.969805][T12415] bond0 (unregistering): Released all slaves [ 225.988029][T12408] xfrm0: entered promiscuous mode [ 225.993173][T12408] xfrm0: entered allmulticast mode [ 226.093344][T12422] syzkaller1: entered promiscuous mode [ 226.111018][T12422] syzkaller1: entered allmulticast mode [ 226.337403][T12433] tipc: Enabling of bearer rejected, failed to enable media [ 226.422067][T12435] netlink: 'syz.0.2276': attribute type 13 has an invalid length. [ 226.431056][T12435] netlink: 'syz.0.2276': attribute type 17 has an invalid length. [ 226.466923][T12435] erspan0: left allmulticast mode [ 226.622292][T12435] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.638831][T12435] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.657913][T12435] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 226.703976][T12435] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 227.011241][T12456] __nla_validate_parse: 10 callbacks suppressed [ 227.011259][T12456] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2283'. [ 227.309703][T12474] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2291'. [ 227.400927][T12478] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2293'. [ 227.424827][T12478] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2293'. [ 228.102808][T12503] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.2304'. [ 228.117020][T12503] netlink: zone id is out of range [ 228.122298][T12503] netlink: get zone limit has 8 unknown bytes [ 228.163242][T12505] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2305'. [ 228.178096][T12505] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2305'. [ 228.393799][T12519] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2312'. [ 228.447336][T12519] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2312'. [ 228.553552][T12526] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2315'. [ 228.714253][T12532] netlink: zone id is out of range [ 228.735724][T12532] netlink: get zone limit has 8 unknown bytes [ 229.005620][T12545] vxcan2: entered allmulticast mode [ 229.207522][T12560] netlink: zone id is out of range [ 229.212947][T12560] netlink: get zone limit has 8 unknown bytes [ 229.747222][T12587] netlink: zone id is out of range [ 229.762693][T12587] netlink: get zone limit has 8 unknown bytes [ 230.367546][T12618] netlink: zone id is out of range [ 230.373017][T12618] netlink: get zone limit has 8 unknown bytes [ 231.857434][T12676] netlink: 'syz.2.2381': attribute type 21 has an invalid length. [ 231.929926][T12676] netlink: 'syz.2.2381': attribute type 21 has an invalid length. [ 232.212489][T12688] __nla_validate_parse: 32 callbacks suppressed [ 232.212509][T12688] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2387'. [ 232.260890][T12688] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2387'. [ 232.277441][T12692] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2388'. [ 232.652269][T12711] vlan2: entered promiscuous mode [ 232.675816][T12711] vlan2: entered allmulticast mode [ 232.680980][T12711] hsr_slave_1: entered allmulticast mode [ 232.794593][T12718] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0 [ 232.794636][T12716] IPVS: stopping backup sync thread 12718 ... [ 232.814425][T12719] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2401'. [ 232.868762][T12721] syzkaller0: entered promiscuous mode [ 232.875053][T12721] syzkaller0: entered allmulticast mode [ 233.045389][T12732] netlink: 'syz.2.2406': attribute type 12 has an invalid length. [ 233.155826][T12739] netlink: 'syz.0.2410': attribute type 5 has an invalid length. [ 233.328516][T12751] netlink: 'syz.3.2415': attribute type 4 has an invalid length. [ 233.457439][T12758] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2416'. [ 233.771592][T12770] netem: change failed [ 233.907549][ T3513] net_ratelimit: 3 callbacks suppressed [ 233.907569][ T3513] bond7: (slave wlan0): failed to get link speed/duplex [ 234.055105][ T3513] bond7: (slave wlan0): failed to get link speed/duplex [ 234.166649][T12785] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add() [ 234.194818][ T3513] bond7: (slave wlan0): failed to get link speed/duplex [ 234.324245][ T3463] bond7: (slave wlan0): failed to get link speed/duplex [ 234.441745][T12803] tipc: Enabled bearer , priority 0 [ 234.464616][ T66] bond7: (slave wlan0): failed to get link speed/duplex [ 234.488970][T12803] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 234.506294][T12803] tipc: Resetting bearer [ 234.585472][T12802] tipc: Disabling bearer [ 234.605279][ T3513] bond7: (slave wlan0): failed to get link speed/duplex [ 234.725159][ T66] bond7: (slave wlan0): failed to get link speed/duplex [ 234.869083][ T3463] bond7: (slave wlan0): failed to get link speed/duplex [ 234.923775][T12831] netlink: 'syz.4.2451': attribute type 10 has an invalid length. [ 234.960484][T12831] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 234.999115][T12831] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 235.024310][ T66] bond7: (slave wlan0): failed to get link speed/duplex [ 235.134541][ T66] bond7: (slave wlan0): failed to get link speed/duplex [ 235.214339][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 235.237137][T12850] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2459'. [ 235.309245][T12854] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0 [ 235.756212][T12878] tipc: Enabling of bearer rejected, already enabled [ 235.887299][T12885] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2474'. [ 236.157394][T12898] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 236.389243][T12914] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2489'. [ 236.908920][T12944] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2500'. [ 236.949591][T12945] netlink: 144 bytes leftover after parsing attributes in process `syz.1.2501'. [ 237.188223][T12963] netlink: 'syz.2.2511': attribute type 1 has an invalid length. [ 237.234705][T12963] netlink: 208 bytes leftover after parsing attributes in process `syz.2.2511'. [ 237.275811][T12963] netlink: 'syz.2.2511': attribute type 1 has an invalid length. [ 237.303006][T12963] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2511'. [ 237.368095][T12965] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 237.616647][T12986] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2521'. [ 238.241706][T13017] syzkaller0: entered promiscuous mode [ 238.247467][T13017] syzkaller0: entered allmulticast mode [ 238.266476][T13017] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 238.772327][T13018] mpoa:mpoad_close: () going down [ 238.954837][ T66] net_ratelimit: 31 callbacks suppressed [ 238.954855][ T66] bond7: (slave wlan0): failed to get link speed/duplex [ 239.098426][ T13] bond7: (slave wlan0): failed to get link speed/duplex [ 239.159624][T13053] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2548'. [ 239.191417][T13053] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2548'. [ 239.219530][ T66] bond7: (slave wlan0): failed to get link speed/duplex [ 239.345764][ T13] bond7: (slave wlan0): failed to get link speed/duplex [ 239.464334][ T3513] bond7: (slave wlan0): failed to get link speed/duplex [ 239.508358][T13077] syzkaller0: entered promiscuous mode [ 239.514318][T13077] syzkaller0: entered allmulticast mode [ 239.527929][T13077] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 239.708029][ T66] bond7: (slave wlan0): failed to get link speed/duplex [ 239.769122][T13090] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2564'. [ 239.787560][T13090] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2564'. [ 239.834933][ T66] bond7: (slave wlan0): failed to get link speed/duplex [ 239.983322][T13100] tipc: Enabling of bearer rejected, already enabled [ 240.019948][T13100] syzkaller0: Caught tx_queue_len zero misconfig [ 240.065057][ T66] bond7: (slave wlan0): failed to get link speed/duplex [ 240.093499][T13078] mpoa:mpoad_close: () going down [ 240.095649][T13102] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2570'. [ 240.216180][ T66] bond7: (slave wlan0): failed to get link speed/duplex [ 240.455165][ T3463] bond7: (slave wlan0): failed to get link speed/duplex [ 240.541241][T13120] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2577'. [ 240.910468][T13134] tipc: Enabled bearer , priority 0 [ 240.946181][T13130] tipc: Resetting bearer [ 240.997030][T13129] tipc: Disabling bearer [ 241.032519][T13137] geneve2: entered promiscuous mode [ 241.043569][ T3581] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.077883][ T3581] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.108848][ T3581] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.131170][ T3581] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.185523][T13147] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 241.397025][T13138] mpoa:mpoad_close: () going down [ 241.749987][T13173] geneve2: entered promiscuous mode [ 242.257424][T13196] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2609'. [ 242.543905][T13206] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2613'. [ 242.832854][T13216] netlink: 'syz.3.2618': attribute type 1 has an invalid length. [ 242.863289][T13216] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2618'. [ 242.954907][T13194] mpoa:mpoad_close: () going down [ 242.966170][T13224] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2621'. [ 243.205424][T13232] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2625'. [ 243.226506][T13236] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2628'. [ 243.370888][T13247] netlink: 'syz.0.2632': attribute type 1 has an invalid length. [ 243.395669][T13247] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2632'. [ 243.604184][T13257] tipc: Resetting bearer [ 243.619070][T13258] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2636'. [ 243.660685][T13261] geneve2: entered promiscuous mode [ 243.671766][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.732464][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.758942][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.790367][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.161403][T13264] mpoa:mpoad_close: () going down [ 244.309712][T13278] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2641'. [ 244.821929][T13302] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2649'. [ 245.070738][T13316] netlink: 'syz.1.2655': attribute type 1 has an invalid length. [ 245.193483][T13316] 8021q: adding VLAN 0 to HW filter on device bond8 [ 245.294511][T13321] 8021q: adding VLAN 0 to HW filter on device bond8 [ 245.307461][T13321] bond8: (slave vxcan1): The slave device specified does not support setting the MAC address [ 245.356662][T13321] bond8: (slave vxcan1): Error -95 calling set_mac_address [ 245.477199][T13325] veth5: entered promiscuous mode [ 245.497799][T13325] bond8: (slave veth5): Enslaving as an active interface with a down link [ 245.559664][T13342] tipc: Enabled bearer , priority 0 [ 245.588246][T13342] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 245.614853][ T5866] Bluetooth: hci4: command 0x0405 tx timeout [ 245.652360][T13342] tipc: Resetting bearer [ 245.802428][T13341] tipc: Disabling bearer [ 246.550485][ T66] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 246.571311][ T66] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 246.595904][ T66] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 246.625927][ T66] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 246.860168][ T12] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.882864][ T12] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.914044][ T12] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.923589][ T12] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.648361][T13415] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 247.683879][T13415] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 247.716330][T13415] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 247.748710][T13415] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 247.800795][T13415] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 247.833752][T13415] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 248.431407][T13464] netlink: 'syz.3.2711': attribute type 1 has an invalid length. [ 248.546988][T13470] netlink: 'syz.0.2714': attribute type 5 has an invalid length. [ 248.870662][T13483] __nla_validate_parse: 8 callbacks suppressed [ 248.870678][T13483] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2721'. [ 248.962820][T13487] net_ratelimit: 20 callbacks suppressed [ 248.962839][T13487] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 249.142535][T13492] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2725'. [ 249.184255][T13492] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2725'. [ 249.228890][ T49] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 249.228969][T13492] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2725'. [ 249.244211][ T49] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 249.246505][T13492] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2725'. [ 249.264226][ T66] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 249.273260][ T66] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 249.446783][T13498] pimreg: entered allmulticast mode [ 255.697258][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.147095][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 363.214821][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 378.577990][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 398.414447][ T31] INFO: task syz-executor:5870 blocked for more than 143 seconds. [ 398.422408][ T31] Not tainted syzkaller #0 [ 398.427414][ T31] Blocked by coredump. [ 398.431989][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 398.440684][ T31] task:syz-executor state:D stack:20952 pid:5870 tgid:5870 ppid:1 task_flags:0x40054c flags:0x00004006 [ 398.452645][ T31] Call Trace: [ 398.455954][ T31] [ 398.458899][ T31] __schedule+0x1798/0x4cc0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 398.463434][ T31] ? __lock_acquire+0xab9/0xd20 [ 398.468503][ T31] ? __lock_acquire+0xab9/0xd20 [ 398.473372][ T31] ? __pfx___schedule+0x10/0x10 [ 398.479735][ T31] ? schedule+0x91/0x360 [ 398.484306][ T31] schedule+0x165/0x360 [ 398.488482][ T31] schedule_preempt_disabled+0x13/0x30 [ 398.493952][ T31] __mutex_lock+0x7e6/0x1350 [ 398.498894][ T31] ? __mutex_lock+0x5bb/0x1350 [ 398.503671][ T31] ? rfkill_unregister+0xc8/0x220 [ 398.508936][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 398.513974][ T31] ? __pfx_device_del+0x10/0x10 [ 398.521878][ T31] ? hci_sock_dev_event+0x42d/0x600 [ 398.528076][ T31] rfkill_unregister+0xc8/0x220 [ 398.548790][ T31] hci_unregister_dev+0x374/0x510 [ 398.553887][ T31] vhci_release+0x152/0x1a0 [ 398.574162][ T31] ? __pfx_vhci_release+0x10/0x10 [ 398.579250][ T31] __fput+0x449/0xa70 [ 398.583255][ T31] task_work_run+0x1d1/0x260 [ 398.595120][ T31] ? __pfx_task_work_run+0x10/0x10 [ 398.600305][ T31] ? kmem_cache_free+0x18f/0x400 [ 398.608348][ T31] do_exit+0x6b5/0x2300 [ 398.612552][ T31] ? do_raw_spin_lock+0x121/0x290 [ 398.617655][ T31] ? __pfx_do_exit+0x10/0x10 [ 398.622271][ T31] do_group_exit+0x21c/0x2d0 [ 398.627788][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 398.633013][ T31] get_signal+0x1286/0x1340 [ 398.637563][ T31] arch_do_signal_or_restart+0x9a/0x750 [ 398.643100][ T31] ? fput_close_sync+0x119/0x200 [ 398.648141][ T31] ? kmem_cache_free+0x309/0x400 [ 398.653094][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 398.659308][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 398.664916][ T31] exit_to_user_mode_loop+0x75/0x110 [ 398.670216][ T31] do_syscall_64+0x2bd/0x3b0 [ 398.675045][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 398.680274][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.686411][ T31] ? clear_bhb_loop+0x60/0xb0 [ 398.691103][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.697027][ T31] RIP: 0033:0x7ffa9518d5bc [ 398.701464][ T31] RSP: 002b:00007ffca2f2e5d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 398.710124][ T31] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 00007ffa9518d5bc [ 398.718196][ T31] RDX: 0000000000000030 RSI: 00007ffca2f2e690 RDI: 00000000000000f9 [ 398.726217][ T31] RBP: 00007ffca2f2e63c R08: 0000000000000000 R09: 00007ffca2f2e347 [ 398.734432][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000258 [ 398.742418][ T31] R13: 00000000000927c0 R14: 000000000003cb8d R15: 00007ffca2f2e690 [ 398.750472][ T31] [ 398.753536][ T31] INFO: task kworker/0:10:8619 blocked for more than 143 seconds. [ 398.763000][ T31] Not tainted syzkaller #0 [ 398.767972][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 398.776646][ T31] task:kworker/0:10 state:D stack:25464 pid:8619 tgid:8619 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 398.788770][ T31] Workqueue: events rfkill_global_led_trigger_worker [ 398.795480][ T31] Call Trace: [ 398.798743][ T31] [ 398.801658][ T31] __schedule+0x1798/0x4cc0 [ 398.806232][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 398.811612][ T31] ? __pfx___schedule+0x10/0x10 [ 398.816533][ T31] ? schedule+0x91/0x360 [ 398.820793][ T31] schedule+0x165/0x360 [ 398.824989][ T31] schedule_preempt_disabled+0x13/0x30 [ 398.830459][ T31] __mutex_lock+0x7e6/0x1350 [ 398.835153][ T31] ? __mutex_lock+0x5bb/0x1350 [ 398.839902][ T31] ? rfkill_global_led_trigger_worker+0x27/0xd0 [ 398.846193][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 398.851234][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 398.857019][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 398.862748][ T31] rfkill_global_led_trigger_worker+0x27/0xd0 [ 398.868847][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 398.874582][ T31] process_scheduled_works+0xae1/0x17b0 [ 398.880129][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 398.886174][ T31] worker_thread+0x8a0/0xda0 [ 398.890796][ T31] kthread+0x70e/0x8a0 [ 398.895043][ T31] ? __pfx_worker_thread+0x10/0x10 [ 398.900148][ T31] ? __pfx_kthread+0x10/0x10 [ 398.904790][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 398.909994][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 398.915218][ T31] ? __pfx_kthread+0x10/0x10 [ 398.919821][ T31] ret_from_fork+0x3fc/0x770 [ 398.924426][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 398.929544][ T31] ? __switch_to_asm+0x39/0x70 [ 398.934341][ T31] ? __switch_to_asm+0x33/0x70 [ 398.939101][ T31] ? __pfx_kthread+0x10/0x10 [ 398.943674][ T31] ret_from_fork_asm+0x1a/0x30 [ 398.948466][ T31] [ 398.951517][ T31] INFO: task syz.2.2691:13407 blocked for more than 143 seconds. [ 398.959283][ T31] Not tainted syzkaller #0 [ 398.964256][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 398.972939][ T31] task:syz.2.2691 state:D stack:25096 pid:13407 tgid:13407 ppid:5859 task_flags:0x400040 flags:0x00004004 [ 398.985208][ T31] Call Trace: [ 398.988506][ T31] [ 398.991496][ T31] __schedule+0x1798/0x4cc0 [ 398.996107][ T31] ? __lock_acquire+0xab9/0xd20 [ 399.000975][ T31] ? __pfx___schedule+0x10/0x10 [ 399.006016][ T31] ? schedule+0x91/0x360 [ 399.010272][ T31] schedule+0x165/0x360 [ 399.014480][ T31] schedule_preempt_disabled+0x13/0x30 [ 399.019954][ T31] __mutex_lock+0x7e6/0x1350 [ 399.024651][ T31] ? __mutex_lock+0x5bb/0x1350 [ 399.029426][ T31] ? rfkill_unregister+0xc8/0x220 [ 399.034487][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 399.039512][ T31] ? __pfx_device_del+0x10/0x10 [ 399.044404][ T31] rfkill_unregister+0xc8/0x220 [ 399.049260][ T31] nfc_unregister_device+0x96/0x2a0 [ 399.054520][ T31] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 399.060253][ T31] virtual_ncidev_close+0x56/0x90 [ 399.065373][ T31] __fput+0x449/0xa70 [ 399.069365][ T31] task_work_run+0x1d1/0x260 [ 399.073948][ T31] ? __pfx_task_work_run+0x10/0x10 [ 399.079107][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 399.084597][ T31] exit_to_user_mode_loop+0xec/0x110 [ 399.089913][ T31] do_syscall_64+0x2bd/0x3b0 [ 399.094635][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.100721][ T31] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 399.106915][ T31] ? clear_bhb_loop+0x60/0xb0 [ 399.111619][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.117632][ T31] RIP: 0033:0x7f3704d8eba9 [ 399.122032][ T31] RSP: 002b:00007ffce1f54f88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 399.131005][ T31] RAX: 0000000000000000 RBX: 00007f3704fd7da0 RCX: 00007f3704d8eba9 [ 399.139014][ T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 399.147003][ T31] RBP: 00007f3704fd7da0 R08: 00000000000000c0 R09: 00000009e1f5527f [ 399.154998][ T31] R10: 00007f3704fd7cb0 R11: 0000000000000246 R12: 000000000003c6fa [ 399.162967][ T31] R13: 00007f3704fd6090 R14: ffffffffffffffff R15: 00007ffce1f550a0 [ 399.170971][ T31] [ 399.173986][ T31] INFO: task syz.4.2692:13415 blocked for more than 144 seconds. [ 399.183410][ T31] Not tainted syzkaller #0 [ 399.188379][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 399.197095][ T31] task:syz.4.2692 state:D stack:25896 pid:13415 tgid:13413 ppid:5864 task_flags:0x400140 flags:0x00004006 [ 399.209080][ T31] Call Trace: [ 399.212358][ T31] [ 399.215441][ T31] __schedule+0x1798/0x4cc0 [ 399.220003][ T31] ? __lock_acquire+0xab9/0xd20 [ 399.225052][ T31] ? __lock_acquire+0xab9/0xd20 [ 399.229915][ T31] ? __pfx___schedule+0x10/0x10 [ 399.235177][ T31] ? schedule+0x91/0x360 [ 399.239457][ T31] schedule+0x165/0x360 [ 399.243603][ T31] schedule_preempt_disabled+0x13/0x30 [ 399.249231][ T31] __mutex_lock+0x7e6/0x1350 [ 399.253827][ T31] ? __mutex_lock+0x5bb/0x1350 [ 399.258765][ T31] ? nfc_rfkill_set_block+0x50/0x2e0 [ 399.264051][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 399.269304][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 399.274650][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 399.280585][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 399.287176][ T31] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 399.292933][ T31] nfc_rfkill_set_block+0x50/0x2e0 [ 399.298227][ T31] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 399.303986][ T31] rfkill_set_block+0x1cf/0x440 [ 399.308997][ T31] rfkill_fop_write+0x44b/0x570 [ 399.313877][ T31] ? __pfx_rfkill_fop_write+0x10/0x10 [ 399.319306][ T31] ? security_kernfs_init_security+0x290/0x290 [ 399.325492][ T31] ? rw_verify_area+0x255/0x4d0 [ 399.330343][ T31] ? __lock_acquire+0xab9/0xd20 [ 399.335413][ T31] ? __pfx_rfkill_fop_write+0x10/0x10 [ 399.340799][ T31] vfs_write+0x27b/0xb30 [ 399.345107][ T31] ? __pfx_vfs_write+0x10/0x10 [ 399.349879][ T31] ? __fget_files+0x2a/0x420 [ 399.354524][ T31] ? __fget_files+0x2a/0x420 [ 399.359110][ T31] ? __fget_files+0x3a0/0x420 [ 399.363766][ T31] ? __fget_files+0x2a/0x420 [ 399.368387][ T31] ksys_write+0x145/0x250 [ 399.372715][ T31] ? __pfx_ksys_write+0x10/0x10 [ 399.377634][ T31] ? rcu_is_watching+0x15/0xb0 [ 399.382428][ T31] ? do_syscall_64+0xbe/0x3b0 [ 399.387224][ T31] do_syscall_64+0xfa/0x3b0 [ 399.391786][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 399.397072][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.403232][ T31] ? clear_bhb_loop+0x60/0xb0 [ 399.407928][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.413807][ T31] RIP: 0033:0x7fbb0a18eba9 [ 399.418283][ T31] RSP: 002b:00007fbb0af50038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 399.426884][ T31] RAX: ffffffffffffffda RBX: 00007fbb0a3d5fa0 RCX: 00007fbb0a18eba9 [ 399.434911][ T31] RDX: 0000000000000008 RSI: 0000200000000000 RDI: 0000000000000006 [ 399.442888][ T31] RBP: 00007fbb0a211e19 R08: 0000000000000000 R09: 0000000000000000 [ 399.450878][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 399.459169][ T31] R13: 00007fbb0a3d6038 R14: 00007fbb0a3d5fa0 R15: 00007ffd10c5e1b8 [ 399.467547][ T31] [ 399.470590][ T31] INFO: task syz-executor:13493 blocked for more than 144 seconds. [ 399.478640][ T31] Not tainted syzkaller #0 [ 399.483575][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 399.492360][ T31] task:syz-executor state:D stack:28040 pid:13493 tgid:13493 ppid:1 task_flags:0x400040 flags:0x00004000 [ 399.504490][ T31] Call Trace: [ 399.507779][ T31] [ 399.510728][ T31] __schedule+0x1798/0x4cc0 [ 399.515500][ T31] ? __lock_acquire+0xab9/0xd20 [ 399.520376][ T31] ? __lock_acquire+0xab9/0xd20 [ 399.525753][ T31] ? __pfx___schedule+0x10/0x10 [ 399.530624][ T31] ? schedule+0x91/0x360 [ 399.534909][ T31] schedule+0x165/0x360 [ 399.539053][ T31] schedule_preempt_disabled+0x13/0x30 [ 399.544612][ T31] __mutex_lock+0x7e6/0x1350 [ 399.549216][ T31] ? __mutex_lock+0x5bb/0x1350 [ 399.553972][ T31] ? rfkill_register+0x37/0x8e0 [ 399.559049][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 399.564290][ T31] ? __raw_spin_lock_init+0x45/0x100 [ 399.569596][ T31] ? __init_waitqueue_head+0xa9/0x150 [ 399.575021][ T31] ? device_initialize+0x24b/0x440 [ 399.580120][ T31] rfkill_register+0x37/0x8e0 [ 399.584897][ T31] hci_register_dev+0x3f5/0x890 [ 399.589767][ T31] vhci_create_device+0x39c/0x650 [ 399.595242][ T31] vhci_write+0x3ce/0x4a0 [ 399.599579][ T31] vfs_write+0x5c6/0xb30 [ 399.603820][ T31] ? __pfx_vhci_write+0x10/0x10 [ 399.608712][ T31] ? __pfx_vfs_write+0x10/0x10 [ 399.613513][ T31] ? count_memcg_event_mm+0x21/0x260 [ 399.619068][ T31] ksys_write+0x145/0x250 [ 399.623414][ T31] ? __pfx_ksys_write+0x10/0x10 [ 399.628373][ T31] ? do_syscall_64+0xbe/0x3b0 [ 399.633065][ T31] do_syscall_64+0xfa/0x3b0 [ 399.637637][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 399.642888][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.649010][ T31] ? clear_bhb_loop+0x60/0xb0 [ 399.653748][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.659678][ T31] RIP: 0033:0x7fa176b8d620 [ 399.664460][ T31] RSP: 002b:00007ffdd43d92b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 399.672894][ T31] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fa176b8d620 [ 399.680951][ T31] RDX: 0000000000000002 RSI: 00007ffdd43d92ca RDI: 00000000000000ca [ 399.688954][ T31] RBP: 00007fa176dd67b8 R08: 0000000000000000 R09: 00007fa17790d6c0 [ 399.696976][ T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 399.705022][ T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 399.713008][ T31] [ 399.716053][ T31] INFO: task syz.3.2727:13497 blocked for more than 144 seconds. [ 399.723772][ T31] Not tainted syzkaller #0 [ 399.729021][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 399.737709][ T31] task:syz.3.2727 state:D stack:28328 pid:13497 tgid:13496 ppid:5863 task_flags:0x400140 flags:0x00004004 [ 399.749712][ T31] Call Trace: [ 399.752994][ T31] [ 399.755969][ T31] __schedule+0x1798/0x4cc0 [ 399.760497][ T31] ? __lock_acquire+0xab9/0xd20 [ 399.765373][ T31] ? __lock_acquire+0xab9/0xd20 [ 399.770227][ T31] ? __pfx___schedule+0x10/0x10 [ 399.775227][ T31] ? schedule+0x91/0x360 [ 399.779476][ T31] schedule+0x165/0x360 [ 399.783626][ T31] schedule_preempt_disabled+0x13/0x30 [ 399.789127][ T31] __mutex_lock+0x7e6/0x1350 [ 399.793710][ T31] ? __mutex_lock+0x5bb/0x1350 [ 399.798492][ T31] ? rfkill_fop_open+0x12d/0x820 [ 399.803414][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 399.808463][ T31] ? __raw_spin_lock_init+0x45/0x100 [ 399.813803][ T31] ? __init_waitqueue_head+0xa9/0x150 [ 399.819199][ T31] rfkill_fop_open+0x12d/0x820 [ 399.823957][ T31] ? __pfx_rfkill_fop_open+0x10/0x10 [ 399.829244][ T31] misc_open+0x2bc/0x330 [ 399.833475][ T31] chrdev_open+0x4cc/0x5e0 [ 399.837913][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 399.842841][ T31] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 399.849277][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 399.854363][ T31] do_dentry_open+0x953/0x13f0 [ 399.859145][ T31] vfs_open+0x3b/0x340 [ 399.863198][ T31] ? path_openat+0x2ecd/0x3830 [ 399.867984][ T31] path_openat+0x2ee5/0x3830 [ 399.872559][ T31] ? arch_stack_walk+0xfc/0x150 [ 399.877441][ T31] ? stack_depot_save_flags+0x40/0x860 [ 399.882896][ T31] ? __pfx_path_openat+0x10/0x10 [ 399.887959][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.894092][ T31] do_filp_open+0x1fa/0x410 [ 399.898592][ T31] ? __lock_acquire+0xab9/0xd20 [ 399.903430][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 399.908492][ T31] ? _raw_spin_unlock+0x28/0x50 [ 399.913328][ T31] ? alloc_fd+0x64c/0x6c0 [ 399.917691][ T31] do_sys_openat2+0x121/0x1c0 [ 399.922379][ T31] ? __se_sys_futex+0x36f/0x400 [ 399.927306][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 399.932594][ T31] ? rcu_is_watching+0x15/0xb0 [ 399.937399][ T31] __x64_sys_openat+0x138/0x170 [ 399.942247][ T31] do_syscall_64+0xfa/0x3b0 [ 399.946796][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 399.952006][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.958103][ T31] ? clear_bhb_loop+0x60/0xb0 [ 399.962799][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.968749][ T31] RIP: 0033:0x7fb09418eba9 [ 399.973165][ T31] RSP: 002b:00007fb0950e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 399.981605][ T31] RAX: ffffffffffffffda RBX: 00007fb0943d5fa0 RCX: 00007fb09418eba9 [ 399.989584][ T31] RDX: 0000000000000801 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 399.997677][ T31] RBP: 00007fb094211e19 R08: 0000000000000000 R09: 0000000000000000 [ 400.005787][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 400.013759][ T31] R13: 00007fb0943d6038 R14: 00007fb0943d5fa0 R15: 00007ffcd1bd2d58 [ 400.021770][ T31] [ 400.024991][ T31] INFO: task syz.1.2730:13504 blocked for more than 144 seconds. [ 400.033414][ T31] Not tainted syzkaller #0 [ 400.038410][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 400.047114][ T31] task:syz.1.2730 state:D stack:28328 pid:13504 tgid:13503 ppid:5872 task_flags:0x400040 flags:0x00004004 [ 400.059057][ T31] Call Trace: [ 400.062337][ T31] [ 400.065305][ T31] __schedule+0x1798/0x4cc0 [ 400.069817][ T31] ? kasan_save_free_info+0x46/0x50 [ 400.075060][ T31] ? __lock_acquire+0xab9/0xd20 [ 400.079931][ T31] ? __lock_acquire+0xab9/0xd20 [ 400.084846][ T31] ? __pfx___schedule+0x10/0x10 [ 400.089706][ T31] ? schedule+0x91/0x360 [ 400.093932][ T31] schedule+0x165/0x360 [ 400.098226][ T31] schedule_preempt_disabled+0x13/0x30 [ 400.103694][ T31] __mutex_lock+0x7e6/0x1350 [ 400.108428][ T31] ? __mutex_lock+0x5bb/0x1350 [ 400.113181][ T31] ? misc_open+0x51/0x330 [ 400.117551][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 400.122671][ T31] misc_open+0x51/0x330 [ 400.126885][ T31] chrdev_open+0x4cc/0x5e0 [ 400.131308][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 400.136290][ T31] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 400.142613][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 400.147566][ T31] do_dentry_open+0x953/0x13f0 [ 400.152321][ T31] vfs_open+0x3b/0x340 [ 400.156397][ T31] ? path_openat+0x2ecd/0x3830 [ 400.161168][ T31] path_openat+0x2ee5/0x3830 [ 400.165785][ T31] ? arch_stack_walk+0xfc/0x150 [ 400.170685][ T31] ? stack_depot_save_flags+0x40/0x860 [ 400.176170][ T31] ? __pfx_path_openat+0x10/0x10 [ 400.181103][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.187246][ T31] do_filp_open+0x1fa/0x410 [ 400.191828][ T31] ? __lock_acquire+0xab9/0xd20 [ 400.196757][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 400.201802][ T31] ? _raw_spin_unlock+0x28/0x50 [ 400.206705][ T31] ? alloc_fd+0x64c/0x6c0 [ 400.211061][ T31] do_sys_openat2+0x121/0x1c0 [ 400.215881][ T31] ? __se_sys_futex+0x36f/0x400 [ 400.220727][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 400.225970][ T31] ? __pfx___se_sys_futex+0x10/0x10 [ 400.231199][ T31] ? fd_install+0x30d/0x540 [ 400.235723][ T31] __x64_sys_openat+0x138/0x170 [ 400.240562][ T31] do_syscall_64+0xfa/0x3b0 [ 400.245309][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 400.250525][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.256611][ T31] ? clear_bhb_loop+0x60/0xb0 [ 400.261309][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.267236][ T31] RIP: 0033:0x7fc900f8eba9 [ 400.271644][ T31] RSP: 002b:00007fc901de9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 400.280105][ T31] RAX: ffffffffffffffda RBX: 00007fc9011d5fa0 RCX: 00007fc900f8eba9 [ 400.288104][ T31] RDX: 0000000000080002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 400.296104][ T31] RBP: 00007fc901011e19 R08: 0000000000000000 R09: 0000000000000000 [ 400.304102][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 400.312156][ T31] R13: 00007fc9011d6038 R14: 00007fc9011d5fa0 R15: 00007ffc6d88a308 [ 400.320160][ T31] [ 400.323177][ T31] INFO: task syz.1.2730:13505 blocked for more than 145 seconds. [ 400.331057][ T31] Not tainted syzkaller #0 [ 400.336131][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 400.344858][ T31] task:syz.1.2730 state:D stack:26856 pid:13505 tgid:13503 ppid:5872 task_flags:0x400040 flags:0x00004004 [ 400.356896][ T31] Call Trace: [ 400.360161][ T31] [ 400.363081][ T31] __schedule+0x1798/0x4cc0 [ 400.367637][ T31] ? kasan_save_free_info+0x46/0x50 [ 400.372857][ T31] ? __lock_acquire+0xab9/0xd20 [ 400.377791][ T31] ? __lock_acquire+0xab9/0xd20 [ 400.382641][ T31] ? __pfx___schedule+0x10/0x10 [ 400.387523][ T31] ? schedule+0x91/0x360 [ 400.391756][ T31] schedule+0x165/0x360 [ 400.395931][ T31] schedule_preempt_disabled+0x13/0x30 [ 400.401389][ T31] __mutex_lock+0x7e6/0x1350 [ 400.406018][ T31] ? __mutex_lock+0x5bb/0x1350 [ 400.410794][ T31] ? misc_open+0x51/0x330 [ 400.415175][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 400.420196][ T31] misc_open+0x51/0x330 [ 400.424407][ T31] chrdev_open+0x4cc/0x5e0 [ 400.428835][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 400.433774][ T31] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 400.440290][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 400.445294][ T31] do_dentry_open+0x953/0x13f0 [ 400.450092][ T31] vfs_open+0x3b/0x340 [ 400.454176][ T31] ? path_openat+0x2ecd/0x3830 [ 400.458942][ T31] path_openat+0x2ee5/0x3830 [ 400.463554][ T31] ? arch_stack_walk+0xfc/0x150 [ 400.468452][ T31] ? stack_depot_save_flags+0x40/0x860 [ 400.473924][ T31] ? __pfx_path_openat+0x10/0x10 [ 400.478921][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.485049][ T31] do_filp_open+0x1fa/0x410 [ 400.489568][ T31] ? __lock_acquire+0xab9/0xd20 [ 400.494648][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 400.499724][ T31] ? _raw_spin_unlock+0x28/0x50 [ 400.504736][ T31] ? alloc_fd+0x64c/0x6c0 [ 400.509093][ T31] do_sys_openat2+0x121/0x1c0 [ 400.513940][ T31] ? __se_sys_futex+0x36f/0x400 [ 400.518827][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 400.524029][ T31] ? rcu_is_watching+0x15/0xb0 [ 400.528832][ T31] __x64_sys_openat+0x138/0x170 [ 400.533676][ T31] do_syscall_64+0xfa/0x3b0 [ 400.538205][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 400.543402][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.549593][ T31] ? clear_bhb_loop+0x60/0xb0 [ 400.554285][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.560188][ T31] RIP: 0033:0x7fc900f8eba9 [ 400.564640][ T31] RSP: 002b:00007fc901dc8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 400.573042][ T31] RAX: ffffffffffffffda RBX: 00007fc9011d6090 RCX: 00007fc900f8eba9 [ 400.581132][ T31] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 400.589142][ T31] RBP: 00007fc901011e19 R08: 0000000000000000 R09: 0000000000000000 [ 400.597690][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 400.605718][ T31] R13: 00007fc9011d6128 R14: 00007fc9011d6090 R15: 00007ffc6d88a308 [ 400.613713][ T31] [ 400.616837][ T31] [ 400.616837][ T31] Showing all locks held in the system: [ 400.624620][ T31] 5 locks held by kworker/u8:0/12: [ 400.629733][ T31] #0: ffff8880b8739f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 400.639747][ T31] #1: ffff8880b8724008 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 [ 400.648663][ T31] #2: ffff8880b8725918 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30 [ 400.657783][ T31] #3: ffffffff99cd64e8 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0xbb/0x420 [ 400.668103][ T31] #4: ffffffff8dfe63e8 (text_mutex){+.+.}-{4:4}, at: arch_jump_label_transform_apply+0x17/0x30 [ 400.678591][ T31] 1 lock held by khungtaskd/31: [ 400.683423][ T31] #0: ffffffff8e139f20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 400.693360][ T31] 2 locks held by getty/5618: [ 400.698074][ T31] #0: ffff888033af20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 400.707845][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 400.717959][ T31] 1 lock held by syz-executor/5870: [ 400.723137][ T31] #0: ffffffff8f813108 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220 [ 400.733294][ T31] 3 locks held by kworker/0:10/8619: [ 400.738638][ T31] #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 400.749676][ T31] #1: ffffc9001cbbfbc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 400.763180][ T31] #2: ffffffff8f813108 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0 [ 400.774722][ T31] 2 locks held by syz.2.2691/13407: [ 400.779927][ T31] #0: ffff88807ba14100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0 [ 400.789731][ T31] #1: ffffffff8f813108 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220 [ 400.799849][ T31] 2 locks held by syz.4.2692/13415: [ 400.805074][ T31] #0: ffffffff8f813108 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570 [ 400.815356][ T31] #1: ffff88807ba14100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0 [ 400.825085][ T31] 2 locks held by syz-executor/13493: [ 400.830455][ T31] #0: ffff8880640e7918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650 [ 400.840516][ T31] #1: ffffffff8f813108 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 400.850456][ T31] 2 locks held by syz.3.2727/13497: [ 400.855673][ T31] #0: ffffffff8e9c1b88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 400.864178][ T31] #1: ffffffff8f813108 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x12d/0x820 [ 400.874257][ T31] 1 lock held by syz.1.2730/13504: [ 400.879368][ T31] #0: ffffffff8e9c1b88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 400.887996][ T31] 1 lock held by syz.1.2730/13505: [ 400.893096][ T31] #0: ffffffff8e9c1b88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 400.901641][ T31] 1 lock held by syz-executor/13509: [ 400.906948][ T31] #0: ffffffff8e9c1b88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 400.915416][ T31] 1 lock held by syz-executor/13510: [ 400.920694][ T31] #0: ffffffff8e9c1b88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 400.929162][ T31] 1 lock held by syz-executor/13512: [ 400.934450][ T31] #0: ffffffff8e9c1b88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 400.942920][ T31] 1 lock held by syz-executor/13514: [ 400.948232][ T31] #0: ffffffff8e9c1b88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 400.956744][ T31] 1 lock held by syz-executor/13521: [ 400.962030][ T31] #0: ffffffff8e9c1b88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 400.970543][ T31] 1 lock held by syz-executor/13524: [ 400.975856][ T31] #0: ffffffff8e9c1b88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 400.984327][ T31] 1 lock held by syz-executor/13525: [ 400.989599][ T31] #0: ffffffff8e9c1b88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 400.998170][ T31] 1 lock held by syz-executor/13527: [ 401.003524][ T31] #0: ffffffff8e9c1b88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 401.012006][ T31] 1 lock held by syz-executor/13529: [ 401.017294][ T31] #0: ffffffff8e9c1b88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 401.025791][ T31] 1 lock held by syz-executor/13536: [ 401.031087][ T31] #0: ffffffff8e9c1b88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 401.039562][ T31] 1 lock held by syz-executor/13539: [ 401.044878][ T31] #0: ffffffff8e9c1b88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 401.053427][ T31] 1 lock held by syz-executor/13540: [ 401.058727][ T31] #0: ffffffff8e9c1b88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 401.067187][ T31] 1 lock held by syz-executor/13542: [ 401.072469][ T31] #0: ffffffff8e9c1b88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 401.080999][ T31] 1 lock held by syz-executor/13544: [ 401.086344][ T31] #0: ffffffff8e9c1b88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 401.094834][ T31] [ 401.097161][ T31] ============================================= [ 401.097161][ T31] [ 401.105719][ T31] NMI backtrace for cpu 0 [ 401.105736][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 401.105747][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 401.105753][ T31] Call Trace: [ 401.105758][ T31] [ 401.105764][ T31] dump_stack_lvl+0x189/0x250 [ 401.105782][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 401.105793][ T31] ? __pfx__printk+0x10/0x10 [ 401.105813][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 401.105828][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 401.105841][ T31] ? __pfx__printk+0x10/0x10 [ 401.105856][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 401.105873][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 401.105887][ T31] watchdog+0xf93/0xfe0 [ 401.105903][ T31] ? watchdog+0x1de/0xfe0 [ 401.105919][ T31] kthread+0x70e/0x8a0 [ 401.105933][ T31] ? __pfx_watchdog+0x10/0x10 [ 401.105945][ T31] ? __pfx_kthread+0x10/0x10 [ 401.105957][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 401.105971][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 401.105985][ T31] ? __pfx_kthread+0x10/0x10 [ 401.105997][ T31] ret_from_fork+0x3fc/0x770 [ 401.106008][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 401.106021][ T31] ? __switch_to_asm+0x39/0x70 [ 401.106033][ T31] ? __switch_to_asm+0x33/0x70 [ 401.106044][ T31] ? __pfx_kthread+0x10/0x10 [ 401.106056][ T31] ret_from_fork_asm+0x1a/0x30 [ 401.106076][ T31] [ 401.106080][ T31] Sending NMI from CPU 0 to CPUs 1: [ 401.250996][ C1] NMI backtrace for cpu 1 [ 401.251012][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) [ 401.251029][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 401.251039][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 401.251064][ C1] Code: 13 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 73 27 0e 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 401.251078][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c2 [ 401.251093][ C1] RAX: 501c3b2068d1ed00 RBX: ffffffff819683f8 RCX: 501c3b2068d1ed00 [ 401.251105][ C1] RDX: 0000000000000001 RSI: ffffffff8d9b8d8d RDI: ffffffff8be33880 [ 401.251115][ C1] RBP: ffffc90000197f20 R08: ffff8880b8732f9b R09: 1ffff110170e65f3 [ 401.251127][ C1] R10: dffffc0000000000 R11: ffffed10170e65f4 R12: ffffffff8fa39830 [ 401.251138][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110039d5b40 [ 401.251148][ C1] FS: 0000000000000000(0000) GS:ffff888125d18000(0000) knlGS:0000000000000000 [ 401.251161][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 401.251171][ C1] CR2: 000055cd29283fb0 CR3: 000000000df36000 CR4: 00000000003526f0 [ 401.251186][ C1] Call Trace: [ 401.251194][ C1] [ 401.251200][ C1] default_idle+0x13/0x20 [ 401.251216][ C1] default_idle_call+0x74/0xb0 [ 401.251232][ C1] do_idle+0x1e8/0x510 [ 401.251250][ C1] ? __pfx_do_idle+0x10/0x10 [ 401.251273][ C1] cpu_startup_entry+0x44/0x60 [ 401.251287][ C1] start_secondary+0x101/0x110 [ 401.251306][ C1] common_startup_64+0x13e/0x147 [ 401.251333][ C1] [ 401.252030][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 401.417687][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 401.426781][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 401.436824][ T31] Call Trace: [ 401.440092][ T31] [ 401.443013][ T31] dump_stack_lvl+0x99/0x250 [ 401.447595][ T31] ? __asan_memcpy+0x40/0x70 [ 401.452172][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 401.457355][ T31] ? __pfx__printk+0x10/0x10 [ 401.461945][ T31] vpanic+0x281/0x750 [ 401.465916][ T31] ? __pfx_vpanic+0x10/0x10 [ 401.470403][ T31] ? preempt_schedule+0xae/0xc0 [ 401.475259][ T31] ? preempt_schedule_common+0x83/0xd0 [ 401.480730][ T31] panic+0xb9/0xc0 [ 401.484453][ T31] ? __pfx_panic+0x10/0x10 [ 401.488866][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 401.494237][ T31] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 401.500384][ T31] watchdog+0xfd2/0xfe0 [ 401.504536][ T31] ? watchdog+0x1de/0xfe0 [ 401.508859][ T31] kthread+0x70e/0x8a0 [ 401.512919][ T31] ? __pfx_watchdog+0x10/0x10 [ 401.517612][ T31] ? __pfx_kthread+0x10/0x10 [ 401.522214][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 401.527556][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 401.532753][ T31] ? __pfx_kthread+0x10/0x10 [ 401.537342][ T31] ret_from_fork+0x3fc/0x770 [ 401.541925][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 401.547026][ T31] ? __switch_to_asm+0x39/0x70 [ 401.551800][ T31] ? __switch_to_asm+0x33/0x70 [ 401.556572][ T31] ? __pfx_kthread+0x10/0x10 [ 401.561183][ T31] ret_from_fork_asm+0x1a/0x30 [ 401.565975][ T31] [ 401.569303][ T31] Kernel Offset: disabled [ 401.573619][ T31] Rebooting in 86400 seconds..