last executing test programs: 1.924202035s ago: executing program 4 (id=2521): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x70, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100cb3a}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x2}, 0x18) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r1, &(0x7f0000000040)={0x23, 0x3, 0x0, 0x83}, 0x10) ioctl$SIOCPNENABLEPIPE(r1, 0x89ed, 0x0) 1.727133718s ago: executing program 4 (id=2527): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x94, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r2, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x22, 0x1, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}}]}, 0x94}}, 0x0) 1.612158059s ago: executing program 3 (id=2529): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x88a8}]}}}]}, 0x3c}}, 0x0) 1.527256869s ago: executing program 4 (id=2532): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x40}, 0x18) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x70bd27, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x93, 0xfc}, [{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0xfffffffc}, {0x1, 0x0, 0x0, 0x4000000, 0x7, 0x80000}, {0x8, 0x5, 0x0, 0xfffffffc, 0x5}, {0x0, 0x0, 0x40, 0x0, 0x20000}, {0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0xc3}, {0x0, 0x5}, {0x5}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x10}, {0x0, 0x404, 0x0, 0x8000000}, {0x0, 0xffffffff, 0x0, 0x0, 0xfffffffd}, {0x2, 0x0, 0x400000, 0x0, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x20}, {0xfffffffd}, {}, {0x0, 0x0, 0x0, 0xfffffffc}, {0x0, 0x2000}, {}, {0x0, 0x7, 0x0, 0x1, 0xffffffff}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffd}, {0xffffffff, 0x10000000}, {}, {0x0, 0x0, 0xc, 0x0, 0x0, 0x6}, {0xffffffff}, {}, {}, {}, {0xffffffff, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x29, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x1, 0x3}, {0x80}, {0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0x0, 0x6}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x6}, {0x0, 0x15, 0x0, 0x48510}, {}, {0x0, 0x0, 0x0, 0x0, 0x10000, 0x4000}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xd, 0xffffffff}, {}, {}, {0x0, 0xfffefffd}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x2, 0x0, 0x88}, {0x5}, {}, {0x0, 0xfffffffc, 0x0, 0x3ff, 0x40000000}, {0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x400000}, {0x4, 0x0, 0x200, 0x0, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x5}, {}, {0x0, 0x0, 0x0, 0x4000, 0x0, 0xfb4}, {}, {0x0, 0x101, 0x0, 0x0, 0x0, 0xffffffff}, {}, {0xfffffffd, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x4, 0x9}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x80000}, {}, {0x800000, 0x0, 0x0, 0x0, 0x0, 0x56}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffefffff}, {0x0, 0xfffffffe}, {0x0, 0x0, 0x6, 0x0, 0x4}, {}, {}, {0x0, 0xfffffffd}, {0x6}, {0x7f, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x2, 0x0, 0x20000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x292}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x80000000, 0x0, 0x0, 0x0, 0x101}, {0x0, 0x5, 0x0, 0x0, 0x1}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x80}, {0x10000000, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x2e9c, 0x0, 0x0, 0x7}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x1}, {}, {0xfffffffe, 0x0, 0x0, 0x0, 0x8000, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x8000}, {0x0, 0x0, 0x10000, 0x0, 0xfffffffc, 0x2}, {0x0, 0x80000000, 0x0, 0x7dff800}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}], [{}, {}, {}, {}, {}, {0x3}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x4, 0x1}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {0x4}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x1, 0x1}, {}, {}, {}, {0x0, 0x1}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {0x2}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {0x3}, {0x0, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {}, {0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x1}, {}, {0x5}, {}, {0x3}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {}, {}, {0x3}, {0x0, 0x1}, {}, {}, {0x4}, {0x2}, {}, {}, {0x4}, {0x3}, {}, {}, {0x0, 0x1}, {0x2}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0) 1.483765112s ago: executing program 3 (id=2534): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'veth1_virt_wifi\x00'}}, 0x1e) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) close(r0) 1.407704809s ago: executing program 2 (id=2536): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b708000000003b6f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x8}, 0x18) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2eb2b00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c08000140000000020800014000000030080002400000000308000140000000120800034000000000080003400000000a"], 0x122}}, 0x8010) 1.336139028s ago: executing program 3 (id=2537): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0}, 0x18) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4) sendmmsg$inet(r1, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000100)='\x00', 0x1}], 0x1}}], 0x1, 0x2400c042) 1.287159431s ago: executing program 4 (id=2540): ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x890b, &(0x7f0000000000)) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000300)=@assoc_value={r2, 0x8}, 0x8) 1.147566441s ago: executing program 3 (id=2542): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8000009, 0x5, 0x1}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000400000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0bfc0000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}, 0x1, 0x0, 0x0, 0x40820}, 0x0) writev(r2, &(0x7f0000000040), 0x2) close(r2) 1.147363297s ago: executing program 4 (id=2543): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f00000008c0)={0x50, 0x12, 0x31d8ffa3035776f3, 0x70bd2d, 0x25dfdbff, {0x22, 0x2, 0xff, 0x2, {0x4e20, 0x4e22, [0x1, 0x8, 0x9, 0x6], [0x6, 0x8, 0xa83, 0x3], 0x0, [0x5, 0x4]}, 0x0, 0x7f}, [@INET_DIAG_REQ_BYTECODE={0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x8010}, 0x40004) 1.141444057s ago: executing program 2 (id=2544): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111ae00000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9001}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffcec, 0x0, 0x0, 0x0, 0x0, 0x7fffffd, 0x0, 0xffffffffffffffd0, 0x10, &(0x7f0000002e00), &(0x7f0000001000), 0x8, 0x24, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r0, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 987.425671ms ago: executing program 1 (id=2546): ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18010000008000000000000000000004850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x2, @multicast, 'ip_vti0\x00'}}, 0x1e) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e) connect$pppoe(r0, &(0x7f0000000340)={0x18, 0x0, {0x0, @multicast, 'macvlan0\x00'}}, 0x1e) 987.000764ms ago: executing program 4 (id=2547): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x8000) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1b, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r2}, 0x10) 986.757669ms ago: executing program 3 (id=2548): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) 986.483595ms ago: executing program 2 (id=2549): r0 = socket$netlink(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80d0}, 0x0) 884.0763ms ago: executing program 1 (id=2551): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x20000, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000001c0)='cachefiles_vol_coherency\x00', r1, 0x0, 0x40002}, 0x18) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x1000000, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0) 749.064786ms ago: executing program 0 (id=2553): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000ff0000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c000280050003001b000000080002400000001108000440000000040900010073797a30000000000900020073797a32"], 0x80}}, 0x0) 643.524108ms ago: executing program 1 (id=2554): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000005304"], 0x14}, 0x1, 0x0, 0x0, 0x24000841}, 0x4008840) 596.234504ms ago: executing program 0 (id=2555): bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x18) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r1, &(0x7f0000000040)}, 0x20) 521.159231ms ago: executing program 1 (id=2556): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000e8ff0000000000ff000044850000000e0000003f0000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000340)='kfree\x00', r0}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000540)={r1, 0x0, 0x0}, 0x20) 507.184776ms ago: executing program 0 (id=2557): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4c, &(0x7f0000000040)=0x40000006, 0x4) 430.78631ms ago: executing program 1 (id=2558): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'gretap0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x5}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x77359401}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x48}}, 0x0) 316.254196ms ago: executing program 0 (id=2559): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000400000850000000600000095000000000000"], &(0x7f0000000000)='GPL\x00', 0x2}, 0x94) 277.019793ms ago: executing program 2 (id=2560): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD(0x4, &(0x7f0000000680)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 257.660039ms ago: executing program 0 (id=2561): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], 0x0, 0x5, 0x0, 0x0, 0x0, 0x25}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x23) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10) close(r0) 186.980027ms ago: executing program 1 (id=2562): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r4, 0x0, 0xf3a, 0x0) close(r3) write(r1, 0x0, 0x0) 134.738778ms ago: executing program 2 (id=2563): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000340)={0x5, {{0x2, 0x0, @multicast1}}, {{0x2, 0xfffc, @loopback}}}, 0x108) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000480)={0x3, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @multicast2}}}, 0x108) getsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1) 82.50411ms ago: executing program 0 (id=2564): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'pim6reg1\x00', 0x1}) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000111e6ca5b70300000000b1098500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x59, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) close(r0) 262.466µs ago: executing program 3 (id=2565): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="580000001000010400000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="83200000c6010700240012800b00010067656e65766500001400028005000c00080000000800010001000000140003"], 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x4000880) 0s ago: executing program 2 (id=2566): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002300000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[], 0x48) r1 = socket$nl_route(0x10, 0x3, 0x0) connect$netlink(r1, &(0x7f0000000280)=@proc={0x10, 0x0, 0x25dfdbf8, 0x2000}, 0xc) sendmsg$nl_route(r1, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000021000f0000f909000000210002"], 0x1c}}, 0x0) kernel console output (not intermixed with test programs): . [ 173.382481][ T9373] bond0: (slave wlan1): Releasing backup interface [ 173.392503][ T9370] netlink: 'syz.2.922': attribute type 17 has an invalid length. [ 173.405806][ T9373] mac80211_hwsim hwsim4 wlan1 (unregistering): left promiscuous mode [ 173.518250][ T9382] IPVS: set_ctl: invalid protocol: 29 224.0.0.2:20003 [ 174.207019][ T9381] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 174.445200][ T9370] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.465333][ T9370] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.511770][ T9370] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 174.578438][ T9387] netlink: 12 bytes leftover after parsing attributes in process `syz.0.926'. [ 174.607714][ T9398] syzkaller1: tun_chr_ioctl cmd 1074025672 [ 174.617145][ T9398] syzkaller1: ignored: set checksum disabled [ 175.058309][ T9419] Bluetooth: MGMT ver 1.23 [ 175.321285][ T9436] netlink: 4 bytes leftover after parsing attributes in process `syz.1.940'. [ 175.478023][ T30] audit: type=1800 audit(1753511296.089:4): pid=9444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.943" name="net_prio.prioidx" dev="tmpfs" ino=1017 res=0 errno=0 [ 175.710560][ T9442] netlink: 'syz.2.943': attribute type 25 has an invalid length. [ 175.746648][ T9438] lo speed is unknown, defaulting to 1000 [ 175.868840][ T9452] dvmrp0: entered allmulticast mode [ 176.025105][ T9461] netlink: 'syz.0.949': attribute type 1 has an invalid length. [ 176.060117][ T9461] netlink: 'syz.0.949': attribute type 1 has an invalid length. [ 176.078109][ T9463] netlink: 8 bytes leftover after parsing attributes in process `syz.2.950'. [ 176.119847][ T9463] (unnamed net_device) (uninitialized): option use_carrier: invalid value (24) [ 176.171195][ T9471] netlink: 'syz.1.952': attribute type 39 has an invalid length. [ 176.245127][ T9438] IPv6: syztnl1: Disabled Multicast RS [ 176.397379][ T9468] netlink: 28 bytes leftover after parsing attributes in process `syz.3.941'. [ 176.563023][ T9498] netlink: 'syz.4.960': attribute type 2 has an invalid length. [ 176.727935][ T9502] netlink: 80 bytes leftover after parsing attributes in process `syz.3.961'. [ 176.931000][ T9510] pim6reg1: entered promiscuous mode [ 176.936510][ T9510] pim6reg1: entered allmulticast mode [ 177.066236][ T9510] 8021q: adding VLAN 0 to HW filter on device bond3 [ 177.086493][ T9510] team0: Port device bond3 added [ 177.103299][ T9517] netlink: 28 bytes leftover after parsing attributes in process `syz.4.967'. [ 177.120664][ T5856] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 177.133174][ T5167] Bluetooth: hci0: command 0x0401 tx timeout [ 177.155958][ T9517] tipc: Enabling of bearer rejected, failed to enable media [ 177.560532][ T9536] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 177.625220][ T9536] tun0: tun_chr_ioctl cmd 2147767521 [ 177.638118][ T9536] netlink: 16 bytes leftover after parsing attributes in process `syz.1.971'. [ 177.707401][ T9543] sch_tbf: burst 0 is lower than device veth0_to_team mtu (1514) ! [ 177.794985][ T9545] netlink: 8 bytes leftover after parsing attributes in process `syz.4.973'. [ 177.805068][ T9545] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 177.935433][ T9550] lo speed is unknown, defaulting to 1000 [ 178.158748][ T9560] sctp: [Deprecated]: syz.3.979 (pid 9560) Use of struct sctp_assoc_value in delayed_ack socket option. [ 178.158748][ T9560] Use struct sctp_sack_info instead [ 178.252319][ T9566] sctp: [Deprecated]: syz.3.979 (pid 9566) Use of struct sctp_assoc_value in delayed_ack socket option. [ 178.252319][ T9566] Use struct sctp_sack_info instead [ 178.341449][ T9566] ieee802154 phy1 wpan1: encryption failed: -22 [ 178.408584][ T6242] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 178.417882][ T6242] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 178.431194][ T5854] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 178.782245][ T9586] netlink: 36 bytes leftover after parsing attributes in process `syz.1.989'. [ 178.813385][ T9584] netlink: 'syz.3.988': attribute type 1 has an invalid length. [ 178.833012][ T9584] netlink: 'syz.3.988': attribute type 4 has an invalid length. [ 178.869672][ T9584] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.988'. [ 179.000757][ T9595] netlink: 14 bytes leftover after parsing attributes in process `syz.1.992'. [ 179.041394][ T9596] lo speed is unknown, defaulting to 1000 [ 179.051077][ T9594] netlink: 14 bytes leftover after parsing attributes in process `syz.1.992'. [ 179.361429][ T5854] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 179.439646][ T5854] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 179.693309][ T9621] netlink: 8 bytes leftover after parsing attributes in process `syz.3.998'. [ 179.956992][ T9633] xt_CT: No such helper "snmp" [ 180.114907][ T9648] FAULT_INJECTION: forcing a failure. [ 180.114907][ T9648] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 180.131643][ T9648] CPU: 1 UID: 0 PID: 9648 Comm: syz.0.1005 Not tainted 6.16.0-rc7-syzkaller-01904-g9312ee76490d #0 PREEMPT(full) [ 180.131671][ T9648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 180.131682][ T9648] Call Trace: [ 180.131689][ T9648] [ 180.131697][ T9648] dump_stack_lvl+0x189/0x250 [ 180.131724][ T9648] ? __pfx____ratelimit+0x10/0x10 [ 180.131744][ T9648] ? __pfx_dump_stack_lvl+0x10/0x10 [ 180.131764][ T9648] ? __pfx__printk+0x10/0x10 [ 180.131800][ T9648] should_fail_ex+0x414/0x560 [ 180.131824][ T9648] _copy_to_user+0x31/0xb0 [ 180.131850][ T9648] simple_read_from_buffer+0xe1/0x170 [ 180.131880][ T9648] proc_fail_nth_read+0x1df/0x250 [ 180.131899][ T9648] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 180.131919][ T9648] ? rw_verify_area+0x258/0x650 [ 180.131939][ T9648] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 180.131957][ T9648] vfs_read+0x200/0x980 [ 180.131983][ T9648] ? __pfx___mutex_lock+0x10/0x10 [ 180.132003][ T9648] ? __pfx_vfs_read+0x10/0x10 [ 180.132026][ T9648] ? __fget_files+0x2a/0x420 [ 180.132045][ T9648] ? __fget_files+0x3a0/0x420 [ 180.132059][ T9648] ? __fget_files+0x2a/0x420 [ 180.132084][ T9648] ksys_read+0x145/0x250 [ 180.132107][ T9648] ? __pfx_ksys_read+0x10/0x10 [ 180.132126][ T9648] ? rcu_is_watching+0x15/0xb0 [ 180.132150][ T9648] ? do_syscall_64+0xbe/0x3b0 [ 180.132173][ T9648] do_syscall_64+0xfa/0x3b0 [ 180.132190][ T9648] ? lockdep_hardirqs_on+0x9c/0x150 [ 180.132207][ T9648] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.132224][ T9648] ? clear_bhb_loop+0x60/0xb0 [ 180.132246][ T9648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.132262][ T9648] RIP: 0033:0x7f436378d3bc [ 180.132279][ T9648] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 180.132292][ T9648] RSP: 002b:00007f43645db030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 180.132309][ T9648] RAX: ffffffffffffffda RBX: 00007f43639b5fa0 RCX: 00007f436378d3bc [ 180.132322][ T9648] RDX: 000000000000000f RSI: 00007f43645db0a0 RDI: 0000000000000004 [ 180.132333][ T9648] RBP: 00007f43645db090 R08: 0000000000000000 R09: 0000000000000000 [ 180.132344][ T9648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 180.132354][ T9648] R13: 0000000000000000 R14: 00007f43639b5fa0 R15: 00007ffeecb80138 [ 180.132384][ T9648] [ 180.377531][ T9652] netlink: 'syz.2.1003': attribute type 1 has an invalid length. [ 180.417869][ T9659] batadv_slave_1: entered allmulticast mode [ 180.425797][ T9659] tipc: Enabling of bearer rejected, failed to enable media [ 180.465370][ T9642] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1003'. [ 180.537918][ T9661] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 180.617070][ T9663] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1012'. [ 180.758963][ T9681] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1014'. [ 181.230073][ T9690] lo speed is unknown, defaulting to 1000 [ 181.381191][ T9701] tun0: tun_chr_ioctl cmd 1074025681 [ 181.584347][ T9720] x_tables: ip_tables: bpf.1 match: invalid size 528 (kernel) != (user) 536 [ 181.783790][ T9727] ieee802154 phy1 wpan1: encryption failed: -22 [ 181.927038][ T9720] syz.3.1026 (9720) used greatest stack depth: 16952 bytes left [ 182.008517][ T9737] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 182.097269][ T9740] netlink: 'syz.1.1032': attribute type 4 has an invalid length. [ 182.150997][ T9744] netlink: 'syz.1.1032': attribute type 4 has an invalid length. [ 182.229707][ T7637] lo speed is unknown, defaulting to 1000 [ 182.229713][ T7636] lo speed is unknown, defaulting to 1000 [ 182.502429][ T9761] netlink: 'syz.2.1035': attribute type 10 has an invalid length. [ 182.537212][ T9761] dummy0: entered promiscuous mode [ 182.558321][ T9761] dummy0: entered allmulticast mode [ 182.580849][ T9761] bond0: (slave dummy0): Releasing backup interface [ 182.662099][ T9761] bridge0: port 4(dummy0) entered blocking state [ 182.676482][ T9761] bridge0: port 4(dummy0) entered disabled state [ 182.713380][ T9767] netlink: 'syz.4.1037': attribute type 1 has an invalid length. [ 182.722561][ T9767] __nla_validate_parse: 92 callbacks suppressed [ 182.722659][ T9767] netlink: 208 bytes leftover after parsing attributes in process `syz.4.1037'. [ 182.772256][ T9773] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1039'. [ 182.796284][ T9773] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 182.803600][ T9773] IPv6: NLM_F_CREATE should be set when creating new route [ 182.816133][ T9773] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1039'. [ 182.826734][ T9773] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 182.879579][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 183.291089][ T9800] netlink: 'syz.2.1046': attribute type 10 has an invalid length. [ 183.390063][ T9800] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.1046'. [ 183.766970][ T9823] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1052'. [ 183.928982][ T9832] lo speed is unknown, defaulting to 1000 [ 183.947732][ T9831] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 183.955666][ T9834] netlink: 'syz.2.1053': attribute type 13 has an invalid length. [ 183.980211][ T9834] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1053'. [ 184.076076][ T9835] syz.1.1055: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 184.124637][ T9835] CPU: 1 UID: 0 PID: 9835 Comm: syz.1.1055 Not tainted 6.16.0-rc7-syzkaller-01904-g9312ee76490d #0 PREEMPT(full) [ 184.124665][ T9835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 184.124677][ T9835] Call Trace: [ 184.124684][ T9835] [ 184.124692][ T9835] dump_stack_lvl+0x189/0x250 [ 184.124721][ T9835] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.124743][ T9835] ? __pfx__printk+0x10/0x10 [ 184.124767][ T9835] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 184.124790][ T9835] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 184.124812][ T9835] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 184.124837][ T9835] warn_alloc+0x214/0x310 [ 184.124855][ T9835] ? stack_depot_save_flags+0x40/0x900 [ 184.124879][ T9835] ? __pfx_warn_alloc+0x10/0x10 [ 184.124898][ T9835] ? kasan_save_track+0x4f/0x80 [ 184.124922][ T9835] ? xskq_create+0x56/0x170 [ 184.124938][ T9835] ? xsk_init_queue+0xb0/0x110 [ 184.124954][ T9835] ? xsk_setsockopt+0x4dc/0x8d0 [ 184.124969][ T9835] ? do_sock_setsockopt+0x179/0x1b0 [ 184.124988][ T9835] ? __x64_sys_setsockopt+0x13f/0x1b0 [ 184.125007][ T9835] ? do_syscall_64+0xfa/0x3b0 [ 184.125024][ T9835] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.125051][ T9835] __vmalloc_node_range_noprof+0x125/0x12f0 [ 184.125110][ T9835] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 184.125142][ T9835] ? __kasan_kmalloc+0x93/0xb0 [ 184.125167][ T9835] vmalloc_user_noprof+0xad/0xf0 [ 184.125191][ T9835] ? xskq_create+0xbf/0x170 [ 184.125210][ T9835] xskq_create+0xbf/0x170 [ 184.125232][ T9835] xsk_init_queue+0xb0/0x110 [ 184.125254][ T9835] xsk_setsockopt+0x4dc/0x8d0 [ 184.125283][ T9835] ? __pfx_xsk_setsockopt+0x10/0x10 [ 184.125300][ T9835] ? __pfx_aa_sk_perm+0x10/0x10 [ 184.125324][ T9835] ? aa_sock_opt_perm+0x74/0x110 [ 184.125346][ T9835] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 184.125364][ T9835] ? __pfx_xsk_setsockopt+0x10/0x10 [ 184.125383][ T9835] do_sock_setsockopt+0x179/0x1b0 [ 184.125409][ T9835] __x64_sys_setsockopt+0x13f/0x1b0 [ 184.125436][ T9835] do_syscall_64+0xfa/0x3b0 [ 184.125454][ T9835] ? lockdep_hardirqs_on+0x9c/0x150 [ 184.125473][ T9835] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.125490][ T9835] ? clear_bhb_loop+0x60/0xb0 [ 184.125512][ T9835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.125529][ T9835] RIP: 0033:0x7f06de98e9a9 [ 184.125546][ T9835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.125561][ T9835] RSP: 002b:00007f06dc7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 184.125580][ T9835] RAX: ffffffffffffffda RBX: 00007f06debb6080 RCX: 00007f06de98e9a9 [ 184.125592][ T9835] RDX: 0000000000000006 RSI: 000000000000011b RDI: 000000000000000a [ 184.125603][ T9835] RBP: 00007f06dea10d69 R08: 0000000000000004 R09: 0000000000000000 [ 184.125615][ T9835] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 184.125626][ T9835] R13: 0000000000000000 R14: 00007f06debb6080 R15: 00007ffe271860a8 [ 184.125657][ T9835] [ 184.125681][ T9835] Mem-Info: [ 184.213057][ T9838] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1056'. [ 184.219814][ T9835] active_anon:4422 inactive_anon:0 isolated_anon:0 [ 184.219814][ T9835] active_file:1667 inactive_file:39873 isolated_file:0 [ 184.219814][ T9835] unevictable:768 dirty:183 writeback:0 [ 184.219814][ T9835] slab_reclaimable:11456 slab_unreclaimable:155878 [ 184.219814][ T9835] mapped:31405 shmem:1371 pagetables:1085 [ 184.219814][ T9835] sec_pagetables:0 bounce:0 [ 184.219814][ T9835] kernel_misc_reclaimable:0 [ 184.219814][ T9835] free:1266348 free_pcp:16940 free_cma:0 [ 184.219905][ T9835] Node 0 active_anon:17688kB inactive_anon:0kB active_file:6668kB inactive_file:159292kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:125620kB dirty:728kB writeback:0kB shmem:3948kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12964kB pagetables:4188kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 184.219957][ T9835] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 184.220005][ T9835] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 184.220059][ T9835] lowmem_reserve[]: 0 2498 2499 2499 2499 [ 184.220097][ T9835] Node 0 [ 184.285275][ T9838] netlink: 'syz.3.1056': attribute type 20 has an invalid length. [ 184.297264][ T9837] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1056'. [ 184.337430][ T9835] DMA32 free:1158568kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:17740kB inactive_anon:0kB active_file:6668kB inactive_file:157716kB unevictable:1536kB writepending:728kB present:3129332kB managed:2558296kB mlocked:0kB bounce:0kB free_pcp:42660kB local_pcp:15952kB free_cma:0kB [ 184.660277][ T9835] lowmem_reserve[]: 0 0 1 1 1 [ 184.679802][ T9835] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 184.717790][ T9845] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1057'. [ 184.752867][ T9835] lowmem_reserve[]: 0 0 0 0 0 [ 184.827761][ T9835] Node 1 Normal free:3891136kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:25092kB local_pcp:12896kB free_cma:0kB [ 184.863416][ T9835] lowmem_reserve[]: 0 0 0 0 0 [ 184.893580][ T9835] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 184.907736][ T9835] Node 0 DMA32: 1617*4kB (UME) 1137*8kB (UME) 475*16kB (UME) 619*32kB (UME) 340*64kB (UME) 141*128kB (UME) 98*256kB (UME) 41*512kB (UME) 25*1024kB (UME) 6*2048kB (UME) 242*4096kB (M) = 1157980kB [ 184.928715][ T9835] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 184.981961][ T9835] Node 1 Normal: 238*4kB (UE) 53*8kB (UME) 44*16kB (UME) 69*32kB (UME) 20*64kB (UME) 6*128kB (UME) 4*256kB (UM) 4*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 946*4096kB (M) = 3891392kB [ 185.028806][ T9835] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 185.058685][ T9835] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 185.099335][ T9835] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 185.120504][ T9835] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 185.146810][ T9835] 42895 total pagecache pages [ 185.157541][ T9867] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1062'. [ 185.159255][ T9835] 0 pages in swap cache [ 185.181486][ T9835] Free swap = 124996kB [ 185.185766][ T9835] Total swap = 124996kB [ 185.194890][ T9835] 2097051 pages RAM [ 185.199387][ T9835] 0 pages HighMem/MovableOnly [ 185.204264][ T9835] 425435 pages reserved [ 185.208606][ T9835] 0 pages cma reserved [ 185.273059][ T9833] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 185.275585][ T9857] netlink: 'syz.3.1059': attribute type 5 has an invalid length. [ 185.394222][ T9872] netlink: 'syz.4.1063': attribute type 25 has an invalid length. [ 185.825858][ T9895] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.083702][ T9895] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.208188][ T9895] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.382583][ T9895] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.656032][ T9927] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 187.141176][ T9929] netlink: 'syz.4.1076': attribute type 1 has an invalid length. [ 187.326160][ T6240] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.335503][ T6240] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.361477][ T5856] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 187.387752][ T6240] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.396793][ T6240] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.556613][ T7637] IPVS: starting estimator thread 0... [ 187.659350][ T9955] IPVS: using max 24 ests per chain, 57600 per kthread [ 187.699812][ T9960] netlink: 'syz.3.1087': attribute type 10 has an invalid length. [ 187.814902][ T9968] netlink: 'syz.1.1089': attribute type 2 has an invalid length. [ 188.074388][ T9973] __nla_validate_parse: 10 callbacks suppressed [ 188.074406][ T9973] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1092'. [ 188.110248][ T9976] lo speed is unknown, defaulting to 1000 [ 188.178198][ T9982] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1093'. [ 188.699984][ T9999] !: renamed from dummy0 (while UP) [ 188.821734][T10009] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 188.946906][T10009] lo speed is unknown, defaulting to 1000 [ 189.266741][ T5854] IPVS: starting estimator thread 0... [ 189.379239][T10028] IPVS: using max 23 ests per chain, 55200 per kthread [ 189.900027][T10058] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1113'. [ 190.491206][T10079] netlink: 'syz.4.1120': attribute type 1 has an invalid length. [ 190.507625][T10079] netlink: 208 bytes leftover after parsing attributes in process `syz.4.1120'. [ 191.039978][T10106] xt_CT: You must specify a L4 protocol and not use inversions on it [ 191.373658][T10122] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode active-backup(1) [ 191.632712][T10138] netlink: 'syz.2.1139': attribute type 1 has an invalid length. [ 191.839292][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 192.117936][T10157] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1147'. [ 192.447901][T10170] RDS: rds_bind could not find a transport for fe80::, load rds_tcp or rds_rdma? [ 192.531261][T10172] netlink: 'syz.3.1152': attribute type 1 has an invalid length. [ 192.575266][T10172] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1152'. [ 192.589823][T10172] netlink: 'syz.3.1152': attribute type 1 has an invalid length. [ 192.607941][T10172] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1152'. [ 192.631000][T10172] netlink: 'syz.3.1152': attribute type 1 has an invalid length. [ 192.640124][T10172] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1152'. [ 192.650288][T10172] netlink: 'syz.3.1152': attribute type 1 has an invalid length. [ 192.658042][T10172] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1152'. [ 192.670169][T10172] netlink: 'syz.3.1152': attribute type 1 has an invalid length. [ 192.678647][T10172] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1152'. [ 192.688891][T10172] netlink: 'syz.3.1152': attribute type 1 has an invalid length. [ 192.698359][T10172] netlink: 'syz.3.1152': attribute type 1 has an invalid length. [ 192.707586][T10172] netlink: 'syz.3.1152': attribute type 1 has an invalid length. [ 193.132937][T10195] lo speed is unknown, defaulting to 1000 [ 193.989043][T10228] __nla_validate_parse: 80 callbacks suppressed [ 194.019327][T10228] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1166'. [ 194.048218][T10231] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1166'. [ 194.413128][T10242] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 194.949935][T10258] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1169'. [ 195.046569][T10260] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1169'. [ 195.167154][T10263] wg1: entered promiscuous mode [ 195.175445][T10263] wg1: entered allmulticast mode [ 195.360994][T10269] netlink: 212260 bytes leftover after parsing attributes in process `syz.2.1172'. [ 195.701639][T10276] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1176'. [ 196.023157][T10296] FAULT_INJECTION: forcing a failure. [ 196.023157][T10296] name failslab, interval 1, probability 0, space 0, times 0 [ 196.059445][T10296] CPU: 1 UID: 0 PID: 10296 Comm: syz.0.1180 Not tainted 6.16.0-rc7-syzkaller-01904-g9312ee76490d #0 PREEMPT(full) [ 196.059473][T10296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 196.059483][T10296] Call Trace: [ 196.059491][T10296] [ 196.059499][T10296] dump_stack_lvl+0x189/0x250 [ 196.059535][T10296] ? __pfx____ratelimit+0x10/0x10 [ 196.059555][T10296] ? __pfx_dump_stack_lvl+0x10/0x10 [ 196.059573][T10296] ? __pfx__printk+0x10/0x10 [ 196.059600][T10296] ? __pfx___might_resched+0x10/0x10 [ 196.059623][T10296] should_fail_ex+0x414/0x560 [ 196.059644][T10296] should_failslab+0xa8/0x100 [ 196.059671][T10296] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 196.059695][T10296] ? __alloc_skb+0x112/0x2d0 [ 196.059718][T10296] __alloc_skb+0x112/0x2d0 [ 196.059742][T10296] netlink_sendmsg+0x5c6/0xb30 [ 196.059771][T10296] ? __pfx_netlink_sendmsg+0x10/0x10 [ 196.059793][T10296] ? aa_sock_msg_perm+0x94/0x160 [ 196.059814][T10296] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 196.059832][T10296] ? __pfx_netlink_sendmsg+0x10/0x10 [ 196.059852][T10296] __sock_sendmsg+0x21c/0x270 [ 196.059880][T10296] ____sys_sendmsg+0x505/0x830 [ 196.059908][T10296] ? __pfx_____sys_sendmsg+0x10/0x10 [ 196.059939][T10296] ? import_iovec+0x74/0xa0 [ 196.059966][T10296] ___sys_sendmsg+0x21f/0x2a0 [ 196.059990][T10296] ? __pfx____sys_sendmsg+0x10/0x10 [ 196.060049][T10296] ? __fget_files+0x2a/0x420 [ 196.060064][T10296] ? __fget_files+0x3a0/0x420 [ 196.060088][T10296] __x64_sys_sendmsg+0x19b/0x260 [ 196.060111][T10296] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 196.060141][T10296] ? __pfx_ksys_write+0x10/0x10 [ 196.060160][T10296] ? rcu_is_watching+0x15/0xb0 [ 196.060186][T10296] ? do_syscall_64+0xbe/0x3b0 [ 196.060210][T10296] do_syscall_64+0xfa/0x3b0 [ 196.060227][T10296] ? lockdep_hardirqs_on+0x9c/0x150 [ 196.060245][T10296] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.060261][T10296] ? clear_bhb_loop+0x60/0xb0 [ 196.060282][T10296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.060298][T10296] RIP: 0033:0x7f436378e9a9 [ 196.060314][T10296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 196.060329][T10296] RSP: 002b:00007f43645db038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 196.060348][T10296] RAX: ffffffffffffffda RBX: 00007f43639b5fa0 RCX: 00007f436378e9a9 [ 196.060361][T10296] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000004 [ 196.060372][T10296] RBP: 00007f43645db090 R08: 0000000000000000 R09: 0000000000000000 [ 196.060383][T10296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 196.060393][T10296] R13: 0000000000000000 R14: 00007f43639b5fa0 R15: 00007ffeecb80138 [ 196.060423][T10296] [ 196.377448][T10299] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1182'. [ 196.672694][T10308] dvmrp1: tun_chr_ioctl cmd 1074025677 [ 196.678321][T10308] dvmrp1: linktype set to 15 [ 196.759290][T10304] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 196.877660][T10317] validate_nla: 81 callbacks suppressed [ 196.877677][T10317] netlink: 'syz.1.1186': attribute type 1 has an invalid length. [ 196.903178][T10317] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1186'. [ 196.912497][T10317] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1186'. [ 196.993765][T10319] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1187'. [ 197.066911][T10321] netlink: 'syz.2.1188': attribute type 25 has an invalid length. [ 197.657693][T10343] netlink: 'syz.3.1196': attribute type 1 has an invalid length. [ 198.096753][T10374] syzkaller1: entered promiscuous mode [ 198.118960][T10374] syzkaller1: entered allmulticast mode [ 198.472008][T10398] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 198.621601][T10395] netlink: 'syz.1.1211': attribute type 1 has an invalid length. [ 199.193772][T10426] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 199.501521][T10426] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 199.620417][T10448] __nla_validate_parse: 7 callbacks suppressed [ 199.620437][T10448] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1218'. [ 199.627281][T10447] xt_hashlimit: overflow, try lower: 2/0 [ 199.641902][T10445] tipc: Can't bind to reserved service type 1 [ 199.704215][T10426] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 199.855601][T10426] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 199.906012][T10465] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1223'. [ 199.916781][T10465] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1223'. [ 200.176853][T10469] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1224'. [ 200.275699][ T6240] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 200.312577][ T6240] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 200.360028][ T6240] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 200.374155][T10470] lo speed is unknown, defaulting to 1000 [ 200.462305][ T6253] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 200.564803][T10491] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1229'. [ 200.667959][T10489] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 200.775251][T10487] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1229'. [ 200.863303][T10474] lo speed is unknown, defaulting to 1000 [ 201.397089][T10525] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1233'. [ 201.461839][T10525] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1233'. [ 201.558046][T10525] gretap1: entered promiscuous mode [ 201.568445][T10525] gretap1: entered allmulticast mode [ 201.593397][T10532] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1235'. [ 201.610326][ T5856] Bluetooth: hci1: command 0x0406 tx timeout [ 201.617148][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 201.617161][ T5861] Bluetooth: hci3: command 0x0406 tx timeout [ 201.673713][T10531] smc: net device bond0 applied user defined pnetid SYZ2 [ 202.018893][T10537] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1237'. [ 202.041291][T10537] netlink: 'syz.0.1237': attribute type 11 has an invalid length. [ 202.318698][T10548] netlink: 'syz.3.1240': attribute type 3 has an invalid length. [ 202.594047][T10568] lo speed is unknown, defaulting to 1000 [ 202.601060][T10554] delete_channel: no stack [ 202.817102][T10575] rdma_rxe: rxe_newlink: failed to add macvlan1 [ 203.858330][T10621] openvswitch: netlink: Key type 16144 is out of range max 32 [ 204.254536][T10629] tipc: Enabled bearer , priority 0 [ 204.262814][T10629] syzkaller0: entered promiscuous mode [ 204.268351][T10629] syzkaller0: entered allmulticast mode [ 204.416204][T10634] syzkaller0: entered promiscuous mode [ 204.425189][T10634] syzkaller0: entered allmulticast mode [ 204.433644][T10633] tipc: Started in network mode [ 204.438967][T10633] tipc: Node identity 0264ca0c260e, cluster identity 4711 [ 204.451380][T10633] tipc: Enabled bearer , priority 0 [ 204.459916][T10629] tipc: Resetting bearer [ 204.482970][T10629] tipc: Disabling bearer [ 204.512117][T10633] tipc: Resetting bearer [ 205.494528][ T24] tipc: Node number set to 610978316 [ 206.235778][T10633] tipc: Disabling bearer [ 206.261938][T10648] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 206.270341][T10641] lo speed is unknown, defaulting to 1000 [ 206.562305][T10670] __nla_validate_parse: 7 callbacks suppressed [ 206.562323][T10670] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1275'. [ 206.823147][T10687] lo speed is unknown, defaulting to 1000 [ 207.118784][T10697] netlink: 'syz.1.1282': attribute type 1 has an invalid length. [ 207.146857][T10703] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1284'. [ 207.176911][T10703] FAULT_INJECTION: forcing a failure. [ 207.176911][T10703] name failslab, interval 1, probability 0, space 0, times 0 [ 207.211127][T10703] CPU: 0 UID: 0 PID: 10703 Comm: syz.0.1284 Not tainted 6.16.0-rc7-syzkaller-01904-g9312ee76490d #0 PREEMPT(full) [ 207.211154][T10703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 207.211164][T10703] Call Trace: [ 207.211172][T10703] [ 207.211180][T10703] dump_stack_lvl+0x189/0x250 [ 207.211207][T10703] ? __pfx____ratelimit+0x10/0x10 [ 207.211226][T10703] ? __pfx_dump_stack_lvl+0x10/0x10 [ 207.211245][T10703] ? __pfx__printk+0x10/0x10 [ 207.211267][T10703] ? __pfx___might_resched+0x10/0x10 [ 207.211287][T10703] ? fs_reclaim_acquire+0x7d/0x100 [ 207.211308][T10703] should_fail_ex+0x414/0x560 [ 207.211332][T10703] should_failslab+0xa8/0x100 [ 207.211359][T10703] __kmalloc_node_noprof+0xd1/0x4e0 [ 207.211381][T10703] ? blk_mq_alloc_tag_set+0x41a/0xfd0 [ 207.211409][T10703] blk_mq_alloc_tag_set+0x41a/0xfd0 [ 207.211443][T10703] nbd_dev_add+0x2e3/0xb00 [ 207.211473][T10703] ? __pfx_nbd_dev_add+0x10/0x10 [ 207.211516][T10703] ? bpf_lsm_capable+0x9/0x20 [ 207.211537][T10703] ? security_capable+0x7e/0x2e0 [ 207.211557][T10703] ? radix_tree_lookup+0x25c/0x290 [ 207.211578][T10703] nbd_genl_connect+0x919/0x18f0 [ 207.211610][T10703] ? __pfx_nbd_genl_connect+0x10/0x10 [ 207.211645][T10703] ? __nla_parse+0x40/0x60 [ 207.211669][T10703] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 207.211701][T10703] genl_family_rcv_msg_doit+0x212/0x300 [ 207.211741][T10703] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 207.211780][T10703] ? stack_trace_save+0x9c/0xe0 [ 207.211808][T10703] genl_rcv_msg+0x60e/0x790 [ 207.211838][T10703] ? __pfx_genl_rcv_msg+0x10/0x10 [ 207.211859][T10703] ? __pfx_nbd_genl_connect+0x10/0x10 [ 207.211896][T10703] netlink_rcv_skb+0x205/0x470 [ 207.211911][T10703] ? __lock_acquire+0xab9/0xd20 [ 207.211930][T10703] ? __pfx_genl_rcv_msg+0x10/0x10 [ 207.211954][T10703] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 207.211993][T10703] ? down_read+0x1ad/0x2e0 [ 207.212015][T10703] genl_rcv+0x28/0x40 [ 207.212034][T10703] netlink_unicast+0x82f/0x9e0 [ 207.212070][T10703] ? __pfx_netlink_unicast+0x10/0x10 [ 207.212096][T10703] ? netlink_sendmsg+0x642/0xb30 [ 207.212113][T10703] ? skb_put+0x11b/0x210 [ 207.212141][T10703] netlink_sendmsg+0x805/0xb30 [ 207.212169][T10703] ? __pfx_netlink_sendmsg+0x10/0x10 [ 207.212191][T10703] ? aa_sock_msg_perm+0x94/0x160 [ 207.212212][T10703] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 207.212230][T10703] ? __pfx_netlink_sendmsg+0x10/0x10 [ 207.212248][T10703] __sock_sendmsg+0x21c/0x270 [ 207.212277][T10703] ____sys_sendmsg+0x505/0x830 [ 207.212305][T10703] ? __pfx_____sys_sendmsg+0x10/0x10 [ 207.212336][T10703] ? import_iovec+0x74/0xa0 [ 207.212362][T10703] ___sys_sendmsg+0x21f/0x2a0 [ 207.212385][T10703] ? __pfx____sys_sendmsg+0x10/0x10 [ 207.212443][T10703] ? __fget_files+0x2a/0x420 [ 207.212459][T10703] ? __fget_files+0x3a0/0x420 [ 207.212484][T10703] __x64_sys_sendmsg+0x19b/0x260 [ 207.212508][T10703] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 207.212539][T10703] ? __pfx_ksys_write+0x10/0x10 [ 207.212558][T10703] ? rcu_is_watching+0x15/0xb0 [ 207.212585][T10703] ? do_syscall_64+0xbe/0x3b0 [ 207.212609][T10703] do_syscall_64+0xfa/0x3b0 [ 207.212625][T10703] ? lockdep_hardirqs_on+0x9c/0x150 [ 207.212643][T10703] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.212660][T10703] ? clear_bhb_loop+0x60/0xb0 [ 207.212682][T10703] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.212698][T10703] RIP: 0033:0x7f436378e9a9 [ 207.212720][T10703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 207.212735][T10703] RSP: 002b:00007f43645db038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 207.212755][T10703] RAX: ffffffffffffffda RBX: 00007f43639b5fa0 RCX: 00007f436378e9a9 [ 207.212768][T10703] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000004 [ 207.212779][T10703] RBP: 00007f43645db090 R08: 0000000000000000 R09: 0000000000000000 [ 207.212789][T10703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 207.212799][T10703] R13: 0000000000000000 R14: 00007f43639b5fa0 R15: 00007ffeecb80138 [ 207.212828][T10703] [ 207.249978][T10707] ipvlan2: entered allmulticast mode [ 207.293924][T10703] nbd: failed to add new device [ 207.298466][T10707] syz_tun: entered allmulticast mode [ 207.885314][T10727] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1292'. [ 208.128984][T10745] sctp: [Deprecated]: syz.3.1293 (pid 10745) Use of int in maxseg socket option. [ 208.128984][T10745] Use struct sctp_assoc_value instead [ 208.305406][T10745] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1293'. [ 208.480667][T10763] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1299'. [ 208.502022][T10763] FAULT_INJECTION: forcing a failure. [ 208.502022][T10763] name failslab, interval 1, probability 0, space 0, times 0 [ 208.528735][T10763] CPU: 0 UID: 0 PID: 10763 Comm: syz.4.1299 Not tainted 6.16.0-rc7-syzkaller-01904-g9312ee76490d #0 PREEMPT(full) [ 208.528767][T10763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 208.528777][T10763] Call Trace: [ 208.528784][T10763] [ 208.528793][T10763] dump_stack_lvl+0x189/0x250 [ 208.528819][T10763] ? __pfx____ratelimit+0x10/0x10 [ 208.528840][T10763] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.528860][T10763] ? __pfx__printk+0x10/0x10 [ 208.528886][T10763] ? __pfx___might_resched+0x10/0x10 [ 208.528907][T10763] ? fs_reclaim_acquire+0x7d/0x100 [ 208.528930][T10763] should_fail_ex+0x414/0x560 [ 208.528955][T10763] should_failslab+0xa8/0x100 [ 208.528982][T10763] __kmalloc_node_noprof+0xd1/0x4e0 [ 208.529004][T10763] ? blk_mq_alloc_tag_set+0x4e8/0xfd0 [ 208.529033][T10763] blk_mq_alloc_tag_set+0x4e8/0xfd0 [ 208.529064][T10763] nbd_dev_add+0x2e3/0xb00 [ 208.529092][T10763] ? __pfx_nbd_dev_add+0x10/0x10 [ 208.529131][T10763] ? bpf_lsm_capable+0x9/0x20 [ 208.529151][T10763] ? security_capable+0x7e/0x2e0 [ 208.529169][T10763] ? radix_tree_lookup+0x25c/0x290 [ 208.529188][T10763] nbd_genl_connect+0x919/0x18f0 [ 208.529217][T10763] ? __pfx_nbd_genl_connect+0x10/0x10 [ 208.529242][T10763] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 208.529274][T10763] ? __nla_parse+0x40/0x60 [ 208.529297][T10763] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 208.529328][T10763] genl_family_rcv_msg_doit+0x212/0x300 [ 208.529358][T10763] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 208.529409][T10763] ? stack_trace_save+0x9c/0xe0 [ 208.529438][T10763] genl_rcv_msg+0x60e/0x790 [ 208.529469][T10763] ? __pfx_genl_rcv_msg+0x10/0x10 [ 208.529490][T10763] ? __pfx_nbd_genl_connect+0x10/0x10 [ 208.529528][T10763] netlink_rcv_skb+0x205/0x470 [ 208.529544][T10763] ? __lock_acquire+0xab9/0xd20 [ 208.529563][T10763] ? __pfx_genl_rcv_msg+0x10/0x10 [ 208.529587][T10763] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 208.529627][T10763] ? down_read+0x1ad/0x2e0 [ 208.529651][T10763] genl_rcv+0x28/0x40 [ 208.529670][T10763] netlink_unicast+0x82f/0x9e0 [ 208.529704][T10763] ? __pfx_netlink_unicast+0x10/0x10 [ 208.529730][T10763] ? netlink_sendmsg+0x642/0xb30 [ 208.529747][T10763] ? skb_put+0x11b/0x210 [ 208.529770][T10763] netlink_sendmsg+0x805/0xb30 [ 208.529800][T10763] ? __pfx_netlink_sendmsg+0x10/0x10 [ 208.529823][T10763] ? aa_sock_msg_perm+0x94/0x160 [ 208.529844][T10763] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 208.529862][T10763] ? __pfx_netlink_sendmsg+0x10/0x10 [ 208.529882][T10763] __sock_sendmsg+0x21c/0x270 [ 208.529912][T10763] ____sys_sendmsg+0x505/0x830 [ 208.529940][T10763] ? __pfx_____sys_sendmsg+0x10/0x10 [ 208.529972][T10763] ? import_iovec+0x74/0xa0 [ 208.529999][T10763] ___sys_sendmsg+0x21f/0x2a0 [ 208.530023][T10763] ? __pfx____sys_sendmsg+0x10/0x10 [ 208.530085][T10763] ? __fget_files+0x2a/0x420 [ 208.530100][T10763] ? __fget_files+0x3a0/0x420 [ 208.530128][T10763] __x64_sys_sendmsg+0x19b/0x260 [ 208.530152][T10763] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 208.530184][T10763] ? __pfx_ksys_write+0x10/0x10 [ 208.530204][T10763] ? rcu_is_watching+0x15/0xb0 [ 208.530230][T10763] ? do_syscall_64+0xbe/0x3b0 [ 208.530255][T10763] do_syscall_64+0xfa/0x3b0 [ 208.530272][T10763] ? lockdep_hardirqs_on+0x9c/0x150 [ 208.530289][T10763] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.530307][T10763] ? clear_bhb_loop+0x60/0xb0 [ 208.530329][T10763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.530345][T10763] RIP: 0033:0x7fd86878e9a9 [ 208.530363][T10763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.530385][T10763] RSP: 002b:00007fd8695fb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 208.530405][T10763] RAX: ffffffffffffffda RBX: 00007fd8689b5fa0 RCX: 00007fd86878e9a9 [ 208.530419][T10763] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000004 [ 208.530430][T10763] RBP: 00007fd8695fb090 R08: 0000000000000000 R09: 0000000000000000 [ 208.530441][T10763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 208.530452][T10763] R13: 0000000000000000 R14: 00007fd8689b5fa0 R15: 00007ffc0441f938 [ 208.530483][T10763] [ 208.949401][T10763] nbd: failed to add new device [ 209.075762][T10773] bridge_slave_0: default FDB implementation only supports local addresses [ 209.366552][T10791] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1311'. [ 209.406502][T10796] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1307'. [ 209.539588][T10802] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1312'. [ 209.598113][T10806] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1315'. [ 209.761193][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 209.987037][T10799] syzkaller1: entered promiscuous mode [ 209.993544][T10799] syzkaller1: entered allmulticast mode [ 210.153683][T10826] netlink: 'syz.1.1321': attribute type 2 has an invalid length. [ 210.159277][T10825] bridge0: entered allmulticast mode [ 210.168804][T10825] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1319'. [ 210.178205][T10825] veth0_to_bridge: left allmulticast mode [ 210.185202][T10825] veth0_to_bridge: left promiscuous mode [ 210.199530][T10825] bridge0: port 1(veth0_to_bridge) entered disabled state [ 210.235467][T10830] netlink: 'syz.1.1321': attribute type 1 has an invalid length. [ 210.288052][T10825] bridge0 (unregistering): left allmulticast mode [ 210.509306][T10843] nbd: device at index 64 is going down [ 210.834462][T10853] lo speed is unknown, defaulting to 1000 [ 210.862646][T10859] lo speed is unknown, defaulting to 1000 [ 211.296253][T10873] bridge0: entered promiscuous mode [ 211.306819][T10873] macvlan3: entered allmulticast mode [ 211.318611][T10873] bridge0: entered allmulticast mode [ 211.331259][T10873] bridge0: port 1(macvlan3) entered blocking state [ 211.338140][T10873] bridge0: port 1(macvlan3) entered disabled state [ 211.358644][T10873] bridge0: left allmulticast mode [ 211.368942][T10873] bridge0: left promiscuous mode [ 211.980163][T10888] __nla_validate_parse: 7 callbacks suppressed [ 211.980184][T10888] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1341'. [ 212.049842][T10888] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1341'. [ 212.071576][T10895] FAULT_INJECTION: forcing a failure. [ 212.071576][T10895] name failslab, interval 1, probability 0, space 0, times 0 [ 212.101425][T10895] CPU: 1 UID: 0 PID: 10895 Comm: syz.3.1343 Not tainted 6.16.0-rc7-syzkaller-01904-g9312ee76490d #0 PREEMPT(full) [ 212.101454][T10895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 212.101466][T10895] Call Trace: [ 212.101473][T10895] [ 212.101481][T10895] dump_stack_lvl+0x189/0x250 [ 212.101507][T10895] ? __pfx____ratelimit+0x10/0x10 [ 212.101527][T10895] ? __pfx_dump_stack_lvl+0x10/0x10 [ 212.101547][T10895] ? __pfx__printk+0x10/0x10 [ 212.101576][T10895] ? __pfx___might_resched+0x10/0x10 [ 212.101594][T10895] ? fs_reclaim_acquire+0x7d/0x100 [ 212.101617][T10895] should_fail_ex+0x414/0x560 [ 212.101641][T10895] should_failslab+0xa8/0x100 [ 212.101667][T10895] __kmalloc_noprof+0xcb/0x4f0 [ 212.101688][T10895] ? kfree+0x4d/0x440 [ 212.101706][T10895] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 212.101732][T10895] tomoyo_realpath_from_path+0xe3/0x5d0 [ 212.101755][T10895] ? tomoyo_domain+0xd9/0x130 [ 212.101782][T10895] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 212.101808][T10895] tomoyo_path_number_perm+0x1e8/0x5a0 [ 212.101836][T10895] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 212.101880][T10895] ? __lock_acquire+0xab9/0xd20 [ 212.101922][T10895] ? __fget_files+0x2a/0x420 [ 212.101941][T10895] ? __fget_files+0x2a/0x420 [ 212.101955][T10895] ? __fget_files+0x3a0/0x420 [ 212.101969][T10895] ? __fget_files+0x2a/0x420 [ 212.101989][T10895] security_file_ioctl+0xcb/0x2d0 [ 212.102016][T10895] __se_sys_ioctl+0x47/0x170 [ 212.102040][T10895] do_syscall_64+0xfa/0x3b0 [ 212.102060][T10895] ? lockdep_hardirqs_on+0x9c/0x150 [ 212.102078][T10895] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.102095][T10895] ? clear_bhb_loop+0x60/0xb0 [ 212.102117][T10895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.102133][T10895] RIP: 0033:0x7fcc5a98e9a9 [ 212.102148][T10895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.102163][T10895] RSP: 002b:00007fcc587f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 212.102182][T10895] RAX: ffffffffffffffda RBX: 00007fcc5abb5fa0 RCX: 00007fcc5a98e9a9 [ 212.102195][T10895] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000005 [ 212.102207][T10895] RBP: 00007fcc587f6090 R08: 0000000000000000 R09: 0000000000000000 [ 212.102218][T10895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.102229][T10895] R13: 0000000000000000 R14: 00007fcc5abb5fa0 R15: 00007ffd139221d8 [ 212.102259][T10895] [ 212.102267][T10895] ERROR: Out of memory at tomoyo_realpath_from_path. [ 212.433582][T10899] netlink: 47 bytes leftover after parsing attributes in process `syz.0.1344'. [ 212.555662][T10902] TCP: TCP_TX_DELAY enabled [ 212.583131][T10904] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1346'. [ 213.216574][T10929] sctp: [Deprecated]: syz.2.1351 (pid 10929) Use of int in max_burst socket option deprecated. [ 213.216574][T10929] Use struct sctp_assoc_value instead [ 213.578956][T10941] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1355'. [ 213.733375][T10941] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1355'. [ 214.017889][T10955] lo speed is unknown, defaulting to 1000 [ 214.034379][ T12] bond0: (slave wlan1): link status definitely down, disabling slave [ 214.101843][ T12] bond0: now running without any active interface! [ 214.366396][T10973] x_tables: duplicate underflow at hook 1 [ 215.190289][T10989] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1366'. [ 215.431832][T10995] netlink: 'syz.3.1367': attribute type 1 has an invalid length. [ 215.495444][T10995] 8021q: adding VLAN 0 to HW filter on device bond4 [ 215.507139][T10995] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1367'. [ 215.616248][T10999] pim6reg1: entered promiscuous mode [ 215.639895][T10999] pim6reg1: entered allmulticast mode [ 215.755348][T11004] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1370'. [ 215.853335][T11004] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1370'. [ 217.167492][T11055] __nla_validate_parse: 2 callbacks suppressed [ 217.167511][T11055] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1386'. [ 217.194621][T11056] xt_HMARK: spi-set and port-set can't be combined [ 217.223878][T11055] geneve2: entered promiscuous mode [ 217.230273][T11056] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1385'. [ 217.248133][T11055] geneve2: entered allmulticast mode [ 217.346808][T11062] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1388'. [ 217.358760][T11062] netlink: 'syz.2.1388': attribute type 7 has an invalid length. [ 217.553050][T11067] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1388'. [ 217.602232][T11066] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 217.739457][T11069] pim6reg1: entered promiscuous mode [ 217.755073][T11069] pim6reg1: entered allmulticast mode [ 217.960130][T11073] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 217.991239][T11075] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1392'. [ 218.000645][T11075] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1392'. [ 218.080095][T11080] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1394'. [ 218.246007][T11082] syzkaller0: entered promiscuous mode [ 218.272697][T11082] syzkaller0: entered allmulticast mode [ 218.292914][T11088] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1397'. [ 218.304696][T11092] hsr0: entered promiscuous mode [ 218.311505][T11092] macvlan0: entered allmulticast mode [ 218.316969][T11092] hsr0: entered allmulticast mode [ 218.322508][T11088] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1397'. [ 218.332246][T11092] hsr_slave_0: entered allmulticast mode [ 218.338247][T11092] hsr_slave_1: entered allmulticast mode [ 218.360625][T11088] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1397'. [ 218.384945][T11092] hsr0: left allmulticast mode [ 218.390245][T11092] hsr_slave_0: left allmulticast mode [ 218.396148][T11092] hsr_slave_1: left allmulticast mode [ 220.298775][T11131] netlink: 'syz.1.1408': attribute type 13 has an invalid length. [ 220.308627][T11131] netlink: 'syz.1.1408': attribute type 17 has an invalid length. [ 220.587767][T11134] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 220.688565][T11134] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 220.796824][T11135] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 223.731695][T11131] gre0: left allmulticast mode [ 223.844697][T11131] !: left promiscuous mode [ 223.855956][T11137] __nla_validate_parse: 2 callbacks suppressed [ 223.855974][T11137] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1410'. [ 223.878408][T11131] !: left allmulticast mode [ 223.888688][T11131] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 223.942884][T11137] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1410'. [ 223.993539][T11117] Set syz1 is full, maxelem 65536 reached [ 224.032692][T11132] lo speed is unknown, defaulting to 1000 [ 224.206501][T11149] tipc: Enabled bearer , priority 0 [ 224.223053][T11153] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1415'. [ 224.232834][T11153] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1415'. [ 224.255608][T11149] syzkaller0: entered promiscuous mode [ 224.273729][T11149] syzkaller0: entered allmulticast mode [ 224.310603][T11159] sctp: [Deprecated]: syz.4.1416 (pid 11159) Use of struct sctp_assoc_value in delayed_ack socket option. [ 224.310603][T11159] Use struct sctp_sack_info instead [ 224.401146][T11149] tipc: Resetting bearer [ 224.424967][T11148] tipc: Resetting bearer [ 224.448936][T11148] tipc: Disabling bearer [ 224.485654][T11157] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1417'. [ 224.527130][T11157] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1417'. [ 224.862254][T11189] netlink: 27 bytes leftover after parsing attributes in process `syz.2.1422'. [ 224.957508][T11192] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 225.153065][T11203] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1425'. [ 225.316392][T11203] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1425'. [ 225.451908][T11213] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1428'. [ 225.672713][T11228] netlink: 'syz.0.1432': attribute type 3 has an invalid length. [ 225.737382][T11231] netlink: 'syz.2.1430': attribute type 12 has an invalid length. [ 226.488551][T11227] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 226.957131][T11281] IPv6: sit2: Disabled Multicast RS [ 226.969923][T11281] sit2: entered allmulticast mode [ 228.178739][T11343] xt_CT: No such helper "snmp" [ 228.219419][T11355] FAULT_INJECTION: forcing a failure. [ 228.219419][T11355] name failslab, interval 1, probability 0, space 0, times 0 [ 228.280666][T11355] CPU: 0 UID: 0 PID: 11355 Comm: syz.1.1459 Not tainted 6.16.0-rc7-syzkaller-01904-g9312ee76490d #0 PREEMPT(full) [ 228.280703][T11355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 228.280714][T11355] Call Trace: [ 228.280722][T11355] [ 228.280731][T11355] dump_stack_lvl+0x189/0x250 [ 228.280757][T11355] ? __pfx____ratelimit+0x10/0x10 [ 228.280778][T11355] ? __pfx_dump_stack_lvl+0x10/0x10 [ 228.280798][T11355] ? __pfx__printk+0x10/0x10 [ 228.280824][T11355] ? __pfx___might_resched+0x10/0x10 [ 228.280844][T11355] ? fs_reclaim_acquire+0x7d/0x100 [ 228.280871][T11355] should_fail_ex+0x414/0x560 [ 228.280906][T11355] should_failslab+0xa8/0x100 [ 228.280932][T11355] kmem_cache_alloc_noprof+0x73/0x3c0 [ 228.280954][T11355] ? radix_tree_node_alloc+0x7e/0x3a0 [ 228.280986][T11355] radix_tree_node_alloc+0x7e/0x3a0 [ 228.281022][T11355] radix_tree_extend+0x13b/0x550 [ 228.281050][T11355] idr_get_free+0x1c2/0xa70 [ 228.281083][T11355] idr_alloc_u32+0x159/0x2d0 [ 228.281109][T11355] ? __pfx_idr_alloc_u32+0x10/0x10 [ 228.281134][T11355] ? blk_mq_alloc_tag_set+0xb2b/0xfd0 [ 228.281163][T11355] idr_alloc+0x6e/0xd0 [ 228.281185][T11355] nbd_dev_add+0x350/0xb00 [ 228.281219][T11355] ? __pfx_nbd_dev_add+0x10/0x10 [ 228.281267][T11355] ? bpf_lsm_capable+0x9/0x20 [ 228.281288][T11355] ? security_capable+0x7e/0x2e0 [ 228.281317][T11355] ? radix_tree_lookup+0x25c/0x290 [ 228.281338][T11355] nbd_genl_connect+0x919/0x18f0 [ 228.281370][T11355] ? __pfx_nbd_genl_connect+0x10/0x10 [ 228.281408][T11355] ? __nla_parse+0x40/0x60 [ 228.281433][T11355] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 228.281467][T11355] genl_family_rcv_msg_doit+0x212/0x300 [ 228.281498][T11355] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 228.281543][T11355] ? stack_trace_save+0x9c/0xe0 [ 228.281573][T11355] genl_rcv_msg+0x60e/0x790 [ 228.281603][T11355] ? __pfx_genl_rcv_msg+0x10/0x10 [ 228.281625][T11355] ? __pfx_nbd_genl_connect+0x10/0x10 [ 228.281663][T11355] netlink_rcv_skb+0x205/0x470 [ 228.281684][T11355] ? __lock_acquire+0xab9/0xd20 [ 228.281702][T11355] ? __pfx_genl_rcv_msg+0x10/0x10 [ 228.281726][T11355] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 228.281766][T11355] ? down_read+0x1ad/0x2e0 [ 228.281790][T11355] genl_rcv+0x28/0x40 [ 228.281809][T11355] netlink_unicast+0x82f/0x9e0 [ 228.281858][T11355] ? __pfx_netlink_unicast+0x10/0x10 [ 228.281885][T11355] ? netlink_sendmsg+0x642/0xb30 [ 228.281906][T11355] ? skb_put+0x11b/0x210 [ 228.281935][T11355] netlink_sendmsg+0x805/0xb30 [ 228.281966][T11355] ? __pfx_netlink_sendmsg+0x10/0x10 [ 228.281993][T11355] ? aa_sock_msg_perm+0x94/0x160 [ 228.282020][T11355] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 228.282038][T11355] ? __pfx_netlink_sendmsg+0x10/0x10 [ 228.282057][T11355] __sock_sendmsg+0x21c/0x270 [ 228.282093][T11355] ____sys_sendmsg+0x505/0x830 [ 228.282121][T11355] ? __pfx_____sys_sendmsg+0x10/0x10 [ 228.282154][T11355] ? import_iovec+0x74/0xa0 [ 228.282181][T11355] ___sys_sendmsg+0x21f/0x2a0 [ 228.282205][T11355] ? __pfx____sys_sendmsg+0x10/0x10 [ 228.282270][T11355] ? __fget_files+0x2a/0x420 [ 228.282291][T11355] ? __fget_files+0x3a0/0x420 [ 228.282325][T11355] __x64_sys_sendmsg+0x19b/0x260 [ 228.282350][T11355] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 228.282383][T11355] ? __pfx_ksys_write+0x10/0x10 [ 228.282407][T11355] ? rcu_is_watching+0x15/0xb0 [ 228.282433][T11355] ? do_syscall_64+0xbe/0x3b0 [ 228.282458][T11355] do_syscall_64+0xfa/0x3b0 [ 228.282476][T11355] ? lockdep_hardirqs_on+0x9c/0x150 [ 228.282495][T11355] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.282512][T11355] ? clear_bhb_loop+0x60/0xb0 [ 228.282533][T11355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.282550][T11355] RIP: 0033:0x7f06de98e9a9 [ 228.282568][T11355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.282583][T11355] RSP: 002b:00007f06df72d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 228.282604][T11355] RAX: ffffffffffffffda RBX: 00007f06debb5fa0 RCX: 00007f06de98e9a9 [ 228.282618][T11355] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000004 [ 228.282629][T11355] RBP: 00007f06df72d090 R08: 0000000000000000 R09: 0000000000000000 [ 228.282641][T11355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 228.282655][T11355] R13: 0000000000000000 R14: 00007f06debb5fa0 R15: 00007ffe271860a8 [ 228.282698][T11355] [ 228.285610][T11355] nbd: failed to add new device [ 229.015168][T11376] __nla_validate_parse: 8 callbacks suppressed [ 229.015187][T11376] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1465'. [ 229.194093][T11391] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1469'. [ 229.304028][T11391] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1469'. [ 229.381281][T11401] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1473'. [ 229.443741][T11401] nbd: device at index 64 is going down [ 229.492740][T11403] lo speed is unknown, defaulting to 1000 [ 229.695307][T11416] xt_hashlimit: size too large, truncated to 1048576 [ 230.094785][T11432] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1479'. [ 230.167952][T11434] xfrm1: entered allmulticast mode [ 230.193161][T11436] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1481'. [ 230.210277][T11432] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1479'. [ 230.230632][T11440] netlink: 'syz.4.1482': attribute type 6 has an invalid length. [ 230.251269][T11440] netlink: 'syz.4.1482': attribute type 6 has an invalid length. [ 230.553074][T11458] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1487'. [ 230.664674][T11458] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1487'. [ 230.957520][T11469] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1491'. [ 236.434557][T11473] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1493'. [ 236.750650][T11498] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1498'. [ 236.866611][T11498] nbd: socks must be embedded in a SOCK_ITEM attr [ 236.887982][T11502] netlink: 'syz.0.1502': attribute type 3 has an invalid length. [ 236.933150][T11505] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1501'. [ 236.949700][T11505] nbd: device at index 64 is going down [ 236.958798][T11506] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1500'. [ 236.977053][T11506] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1500'. [ 237.298688][T11523] netlink: 172 bytes leftover after parsing attributes in process `syz.2.1504'. [ 237.348086][T11523] netlink: 172 bytes leftover after parsing attributes in process `syz.2.1504'. [ 237.424842][T11523] netlink: 'syz.2.1504': attribute type 1 has an invalid length. [ 237.477111][T11532] delete_channel: no stack [ 237.540062][T11532] netlink: 248 bytes leftover after parsing attributes in process `syz.1.1509'. [ 237.662750][T11544] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1510'. [ 237.698395][T11541] netlink: 'syz.0.1505': attribute type 1 has an invalid length. [ 237.750363][T11545] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 237.756506][T11541] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1505'. [ 237.861225][T11549] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 238.265639][T11568] tipc: Enabled bearer , priority 0 [ 238.302790][T11569] tipc: Resetting bearer [ 238.329009][T11567] tipc: Disabling bearer [ 238.425721][T11579] bridge0: port 1(veth0_to_bridge) entered blocking state [ 238.453724][T11579] bridge0: port 1(veth0_to_bridge) entered disabled state [ 238.462867][T11579] veth0_to_bridge: entered allmulticast mode [ 238.475565][T11579] veth0_to_bridge: entered promiscuous mode [ 238.505034][T11582] ipvlan1: entered promiscuous mode [ 238.510655][T11582] ipvlan1: entered allmulticast mode [ 238.518580][T11586] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 238.526197][T11582] veth0_vlan: entered allmulticast mode [ 238.612845][T11592] ipvlan1: left promiscuous mode [ 238.619726][T11592] ipvlan1: left allmulticast mode [ 238.630085][T11592] veth0_vlan: left allmulticast mode [ 238.682738][T11594] FAULT_INJECTION: forcing a failure. [ 238.682738][T11594] name failslab, interval 1, probability 0, space 0, times 0 [ 238.724211][T11594] CPU: 0 UID: 0 PID: 11594 Comm: syz.0.1523 Not tainted 6.16.0-rc7-syzkaller-01904-g9312ee76490d #0 PREEMPT(full) [ 238.724242][T11594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 238.724252][T11594] Call Trace: [ 238.724261][T11594] [ 238.724269][T11594] dump_stack_lvl+0x189/0x250 [ 238.724296][T11594] ? __pfx____ratelimit+0x10/0x10 [ 238.724317][T11594] ? __pfx_dump_stack_lvl+0x10/0x10 [ 238.724337][T11594] ? __pfx__printk+0x10/0x10 [ 238.724366][T11594] ? __pfx___might_resched+0x10/0x10 [ 238.724386][T11594] ? fs_reclaim_acquire+0x7d/0x100 [ 238.724410][T11594] should_fail_ex+0x414/0x560 [ 238.724435][T11594] should_failslab+0xa8/0x100 [ 238.724461][T11594] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 238.724485][T11594] ? __alloc_skb+0x112/0x2d0 [ 238.724510][T11594] __alloc_skb+0x112/0x2d0 [ 238.724534][T11594] netlink_ack+0x146/0xa50 [ 238.724551][T11594] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 238.724577][T11594] ? ref_tracker_free+0x63a/0x7d0 [ 238.724597][T11594] ? __asan_memcpy+0x40/0x70 [ 238.724616][T11594] ? __pfx_ref_tracker_free+0x10/0x10 [ 238.724647][T11594] netlink_rcv_skb+0x28c/0x470 [ 238.724668][T11594] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 238.724688][T11594] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 238.724720][T11594] ? netlink_deliver_tap+0x2e/0x1b0 [ 238.724748][T11594] netlink_unicast+0x82f/0x9e0 [ 238.724783][T11594] ? __pfx_netlink_unicast+0x10/0x10 [ 238.724811][T11594] ? netlink_sendmsg+0x642/0xb30 [ 238.724828][T11594] ? skb_put+0x11b/0x210 [ 238.724852][T11594] netlink_sendmsg+0x805/0xb30 [ 238.724881][T11594] ? __pfx_netlink_sendmsg+0x10/0x10 [ 238.724904][T11594] ? aa_sock_msg_perm+0x94/0x160 [ 238.724925][T11594] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 238.724943][T11594] ? __pfx_netlink_sendmsg+0x10/0x10 [ 238.724963][T11594] __sock_sendmsg+0x21c/0x270 [ 238.724991][T11594] ____sys_sendmsg+0x505/0x830 [ 238.725019][T11594] ? __pfx_____sys_sendmsg+0x10/0x10 [ 238.725047][T11594] ? import_iovec+0x74/0xa0 [ 238.725074][T11594] ___sys_sendmsg+0x21f/0x2a0 [ 238.725097][T11594] ? __pfx____sys_sendmsg+0x10/0x10 [ 238.725158][T11594] ? __fget_files+0x2a/0x420 [ 238.725173][T11594] ? __fget_files+0x3a0/0x420 [ 238.725200][T11594] __x64_sys_sendmsg+0x19b/0x260 [ 238.725224][T11594] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 238.725256][T11594] ? __pfx_ksys_write+0x10/0x10 [ 238.725276][T11594] ? rcu_is_watching+0x15/0xb0 [ 238.725302][T11594] ? do_syscall_64+0xbe/0x3b0 [ 238.725325][T11594] do_syscall_64+0xfa/0x3b0 [ 238.725344][T11594] ? lockdep_hardirqs_on+0x9c/0x150 [ 238.725362][T11594] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.725380][T11594] ? clear_bhb_loop+0x60/0xb0 [ 238.725402][T11594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.725419][T11594] RIP: 0033:0x7f436378e9a9 [ 238.725436][T11594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.725451][T11594] RSP: 002b:00007f43645db038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 238.725471][T11594] RAX: ffffffffffffffda RBX: 00007f43639b5fa0 RCX: 00007f436378e9a9 [ 238.725484][T11594] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000004 [ 238.725496][T11594] RBP: 00007f43645db090 R08: 0000000000000000 R09: 0000000000000000 [ 238.725507][T11594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 238.725518][T11594] R13: 0000000000000000 R14: 00007f43639b5fa0 R15: 00007ffeecb80138 [ 238.725549][T11594] [ 239.583801][T11632] FAULT_INJECTION: forcing a failure. [ 239.583801][T11632] name failslab, interval 1, probability 0, space 0, times 0 [ 239.610346][T11632] CPU: 0 UID: 0 PID: 11632 Comm: syz.2.1538 Not tainted 6.16.0-rc7-syzkaller-01904-g9312ee76490d #0 PREEMPT(full) [ 239.610376][T11632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 239.610387][T11632] Call Trace: [ 239.610395][T11632] [ 239.610404][T11632] dump_stack_lvl+0x189/0x250 [ 239.610430][T11632] ? __pfx____ratelimit+0x10/0x10 [ 239.610531][T11632] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.610562][T11632] ? __pfx__printk+0x10/0x10 [ 239.610590][T11632] ? __pfx___might_resched+0x10/0x10 [ 239.610703][T11632] ? fs_reclaim_acquire+0x7d/0x100 [ 239.610728][T11632] should_fail_ex+0x414/0x560 [ 239.610753][T11632] should_failslab+0xa8/0x100 [ 239.610779][T11632] __kmalloc_noprof+0xcb/0x4f0 [ 239.610801][T11632] ? taprio_init+0x2cf/0xbd0 [ 239.610825][T11632] taprio_init+0x2cf/0xbd0 [ 239.610858][T11632] ? __pfx_taprio_init+0x10/0x10 [ 239.610875][T11632] ? qdisc_alloc+0x7a1/0xaa0 [ 239.610898][T11632] ? __pfx_taprio_init+0x10/0x10 [ 239.610925][T11632] qdisc_create+0x7ac/0xea0 [ 239.610960][T11632] tc_modify_qdisc+0x1538/0x20e0 [ 239.611003][T11632] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 239.611066][T11632] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 239.611088][T11632] rtnetlink_rcv_msg+0x779/0xb70 [ 239.611113][T11632] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 239.611130][T11632] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 239.611144][T11632] ? ref_tracker_free+0x63a/0x7d0 [ 239.611162][T11632] ? __asan_memcpy+0x40/0x70 [ 239.611180][T11632] ? __pfx_ref_tracker_free+0x10/0x10 [ 239.611210][T11632] netlink_rcv_skb+0x205/0x470 [ 239.611227][T11632] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 239.611244][T11632] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 239.611276][T11632] ? netlink_deliver_tap+0x2e/0x1b0 [ 239.611304][T11632] netlink_unicast+0x82f/0x9e0 [ 239.611340][T11632] ? __pfx_netlink_unicast+0x10/0x10 [ 239.611367][T11632] ? netlink_sendmsg+0x642/0xb30 [ 239.611384][T11632] ? skb_put+0x11b/0x210 [ 239.611417][T11632] netlink_sendmsg+0x805/0xb30 [ 239.611448][T11632] ? __pfx_netlink_sendmsg+0x10/0x10 [ 239.611477][T11632] ? aa_sock_msg_perm+0x94/0x160 [ 239.611499][T11632] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 239.611517][T11632] ? __pfx_netlink_sendmsg+0x10/0x10 [ 239.611537][T11632] __sock_sendmsg+0x21c/0x270 [ 239.611566][T11632] ____sys_sendmsg+0x505/0x830 [ 239.611594][T11632] ? __pfx_____sys_sendmsg+0x10/0x10 [ 239.611626][T11632] ? import_iovec+0x74/0xa0 [ 239.611653][T11632] ___sys_sendmsg+0x21f/0x2a0 [ 239.611678][T11632] ? __pfx____sys_sendmsg+0x10/0x10 [ 239.611741][T11632] ? __fget_files+0x2a/0x420 [ 239.611756][T11632] ? __fget_files+0x3a0/0x420 [ 239.611786][T11632] __x64_sys_sendmsg+0x19b/0x260 [ 239.611810][T11632] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 239.611843][T11632] ? __pfx_ksys_write+0x10/0x10 [ 239.611862][T11632] ? rcu_is_watching+0x15/0xb0 [ 239.611895][T11632] ? do_syscall_64+0xbe/0x3b0 [ 239.611921][T11632] do_syscall_64+0xfa/0x3b0 [ 239.611940][T11632] ? lockdep_hardirqs_on+0x9c/0x150 [ 239.611958][T11632] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.611975][T11632] ? clear_bhb_loop+0x60/0xb0 [ 239.611997][T11632] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.612014][T11632] RIP: 0033:0x7f2ccf58e9a9 [ 239.612031][T11632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.612047][T11632] RSP: 002b:00007f2cd0386038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 239.612067][T11632] RAX: ffffffffffffffda RBX: 00007f2ccf7b5fa0 RCX: 00007f2ccf58e9a9 [ 239.612080][T11632] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000004 [ 239.612092][T11632] RBP: 00007f2cd0386090 R08: 0000000000000000 R09: 0000000000000000 [ 239.612103][T11632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 239.612114][T11632] R13: 0000000000000000 R14: 00007f2ccf7b5fa0 R15: 00007fffac1b8a68 [ 239.612146][T11632] [ 240.676947][T11657] netem: incorrect ge model size [ 240.684640][T11657] netem: change failed [ 240.939030][T11668] tipc: Enabled bearer , priority 0 [ 240.973545][T11668] syzkaller0: entered promiscuous mode [ 240.990471][T11668] syzkaller0: entered allmulticast mode [ 241.015167][T11672] FAULT_INJECTION: forcing a failure. [ 241.015167][T11672] name failslab, interval 1, probability 0, space 0, times 0 [ 241.042611][T11672] CPU: 1 UID: 0 PID: 11672 Comm: syz.0.1551 Not tainted 6.16.0-rc7-syzkaller-01904-g9312ee76490d #0 PREEMPT(full) [ 241.042639][T11672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 241.042650][T11672] Call Trace: [ 241.042657][T11672] [ 241.042665][T11672] dump_stack_lvl+0x189/0x250 [ 241.042690][T11672] ? __pfx____ratelimit+0x10/0x10 [ 241.042708][T11672] ? __pfx_dump_stack_lvl+0x10/0x10 [ 241.042727][T11672] ? __pfx__printk+0x10/0x10 [ 241.042746][T11672] ? netlink_unicast+0x82f/0x9e0 [ 241.042771][T11672] ? ___sys_sendmsg+0x21f/0x2a0 [ 241.042790][T11672] ? do_syscall_64+0xfa/0x3b0 [ 241.042820][T11672] should_fail_ex+0x414/0x560 [ 241.042843][T11672] should_failslab+0xa8/0x100 [ 241.042868][T11672] kmem_cache_alloc_noprof+0x73/0x3c0 [ 241.042890][T11672] ? skb_clone+0x212/0x3a0 [ 241.042917][T11672] skb_clone+0x212/0x3a0 [ 241.042943][T11672] __netlink_deliver_tap+0x404/0x850 [ 241.042978][T11672] ? netlink_deliver_tap+0x2e/0x1b0 [ 241.042999][T11672] netlink_deliver_tap+0x19c/0x1b0 [ 241.043019][T11672] netlink_sendskb+0x68/0x140 [ 241.043047][T11672] netlink_unicast+0x397/0x9e0 [ 241.043069][T11672] ? __asan_memcpy+0x40/0x70 [ 241.043098][T11672] ? __pfx_netlink_unicast+0x10/0x10 [ 241.043134][T11672] netlink_rcv_skb+0x28c/0x470 [ 241.043153][T11672] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 241.043173][T11672] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 241.043205][T11672] ? netlink_deliver_tap+0x2e/0x1b0 [ 241.043233][T11672] netlink_unicast+0x82f/0x9e0 [ 241.043269][T11672] ? __pfx_netlink_unicast+0x10/0x10 [ 241.043295][T11672] ? netlink_sendmsg+0x642/0xb30 [ 241.043312][T11672] ? skb_put+0x11b/0x210 [ 241.043336][T11672] netlink_sendmsg+0x805/0xb30 [ 241.043366][T11672] ? __pfx_netlink_sendmsg+0x10/0x10 [ 241.043389][T11672] ? aa_sock_msg_perm+0x94/0x160 [ 241.043418][T11672] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 241.043437][T11672] ? __pfx_netlink_sendmsg+0x10/0x10 [ 241.043457][T11672] __sock_sendmsg+0x21c/0x270 [ 241.043485][T11672] ____sys_sendmsg+0x505/0x830 [ 241.043513][T11672] ? __pfx_____sys_sendmsg+0x10/0x10 [ 241.043546][T11672] ? import_iovec+0x74/0xa0 [ 241.043574][T11672] ___sys_sendmsg+0x21f/0x2a0 [ 241.043598][T11672] ? __pfx____sys_sendmsg+0x10/0x10 [ 241.043662][T11672] ? __fget_files+0x2a/0x420 [ 241.043677][T11672] ? __fget_files+0x3a0/0x420 [ 241.043705][T11672] __x64_sys_sendmsg+0x19b/0x260 [ 241.043729][T11672] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 241.043760][T11672] ? __pfx_ksys_write+0x10/0x10 [ 241.043789][T11672] ? do_syscall_64+0xbe/0x3b0 [ 241.043813][T11672] do_syscall_64+0xfa/0x3b0 [ 241.043832][T11672] ? lockdep_hardirqs_on+0x9c/0x150 [ 241.043850][T11672] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.043867][T11672] ? clear_bhb_loop+0x60/0xb0 [ 241.043889][T11672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.043906][T11672] RIP: 0033:0x7f436378e9a9 [ 241.043922][T11672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.043937][T11672] RSP: 002b:00007f43645db038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 241.043957][T11672] RAX: ffffffffffffffda RBX: 00007f43639b5fa0 RCX: 00007f436378e9a9 [ 241.043971][T11672] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000004 [ 241.043982][T11672] RBP: 00007f43645db090 R08: 0000000000000000 R09: 0000000000000000 [ 241.043993][T11672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 241.044004][T11672] R13: 0000000000000000 R14: 00007f43639b5fa0 R15: 00007ffeecb80138 [ 241.044036][T11672] [ 241.517158][T11676] tipc: Resetting bearer [ 241.554652][T11668] tipc: Resetting bearer [ 241.650967][T11668] tipc: Disabling bearer [ 242.121557][T11701] lo speed is unknown, defaulting to 1000 [ 242.127803][T11704] FAULT_INJECTION: forcing a failure. [ 242.127803][T11704] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 242.259713][T11704] CPU: 1 UID: 0 PID: 11704 Comm: syz.4.1564 Not tainted 6.16.0-rc7-syzkaller-01904-g9312ee76490d #0 PREEMPT(full) [ 242.259741][T11704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 242.259751][T11704] Call Trace: [ 242.259759][T11704] [ 242.259767][T11704] dump_stack_lvl+0x189/0x250 [ 242.259792][T11704] ? __pfx____ratelimit+0x10/0x10 [ 242.259811][T11704] ? __pfx_dump_stack_lvl+0x10/0x10 [ 242.259832][T11704] ? __pfx__printk+0x10/0x10 [ 242.259869][T11704] should_fail_ex+0x414/0x560 [ 242.259892][T11704] _copy_to_user+0x31/0xb0 [ 242.259918][T11704] simple_read_from_buffer+0xe1/0x170 [ 242.259948][T11704] proc_fail_nth_read+0x1df/0x250 [ 242.259969][T11704] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 242.259991][T11704] ? rw_verify_area+0x258/0x650 [ 242.260013][T11704] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 242.260032][T11704] vfs_read+0x200/0x980 [ 242.260059][T11704] ? __pfx___mutex_lock+0x10/0x10 [ 242.260080][T11704] ? __pfx_vfs_read+0x10/0x10 [ 242.260101][T11704] ? __fget_files+0x2a/0x420 [ 242.260123][T11704] ? __fget_files+0x3a0/0x420 [ 242.260138][T11704] ? __fget_files+0x2a/0x420 [ 242.260162][T11704] ksys_read+0x145/0x250 [ 242.260185][T11704] ? __pfx_ksys_read+0x10/0x10 [ 242.260203][T11704] ? rcu_is_watching+0x15/0xb0 [ 242.260229][T11704] ? do_syscall_64+0xbe/0x3b0 [ 242.260253][T11704] do_syscall_64+0xfa/0x3b0 [ 242.260271][T11704] ? lockdep_hardirqs_on+0x9c/0x150 [ 242.260290][T11704] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.260306][T11704] ? clear_bhb_loop+0x60/0xb0 [ 242.260327][T11704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.260349][T11704] RIP: 0033:0x7fd86878d3bc [ 242.260366][T11704] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 242.260381][T11704] RSP: 002b:00007fd8695fb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 242.260401][T11704] RAX: ffffffffffffffda RBX: 00007fd8689b5fa0 RCX: 00007fd86878d3bc [ 242.260414][T11704] RDX: 000000000000000f RSI: 00007fd8695fb0a0 RDI: 0000000000000005 [ 242.260425][T11704] RBP: 00007fd8695fb090 R08: 0000000000000000 R09: 0000000000000000 [ 242.260436][T11704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 242.260447][T11704] R13: 0000000000000000 R14: 00007fd8689b5fa0 R15: 00007ffc0441f938 [ 242.260478][T11704] [ 242.684126][T11711] __nla_validate_parse: 8 callbacks suppressed [ 242.684146][T11711] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1568'. [ 243.039256][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 243.202031][T11732] 8021q: adding VLAN 0 to HW filter on device bond2 [ 243.506052][T11746] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1577'. [ 243.550789][T11746] nbd: must specify at least one socket [ 243.628269][T11755] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551612) [ 243.646599][T11755] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647 [ 243.831058][T11769] netlink: 'syz.1.1584': attribute type 13 has an invalid length. [ 243.927924][T11769] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 244.041889][T11780] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1588'. [ 244.730143][T11813] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1599'. [ 244.864872][T11822] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1603'. [ 244.904349][T11820] netlink: 'syz.4.1602': attribute type 10 has an invalid length. [ 244.925338][T11820] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1602'. [ 244.987124][T11820] team0: Port device geneve0 added [ 245.310783][T11857] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1611'. [ 245.975457][T11893] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1624'. [ 245.995437][T11893] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1624'. [ 246.008175][T11893] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 246.185526][T11908] xt_cgroup: invalid path, errno=-2 [ 246.260923][T11910] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1631'. [ 246.852437][T11945] sit0: entered promiscuous mode [ 246.876312][T11945] netlink: 'syz.2.1640': attribute type 1 has an invalid length. [ 246.903974][T11945] netlink: 'syz.2.1640': attribute type 3 has an invalid length. [ 247.112729][T11957] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.117226][T11958] xt_hashlimit: invalid rate [ 247.207495][T11957] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.385760][T11957] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.476536][T11957] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.771821][ T6240] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.780948][ T6240] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.817064][ T6240] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.838171][ T6240] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.118132][T11996] lo speed is unknown, defaulting to 1000 [ 248.275332][T12009] __nla_validate_parse: 4 callbacks suppressed [ 248.275353][T12009] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1655'. [ 249.087385][T12043] netlink: 'syz.2.1669': attribute type 1 has an invalid length. [ 249.175632][T12043] 8021q: adding VLAN 0 to HW filter on device bond4 [ 249.228655][T12043] bond4: (slave ip6gretap2): making interface the new active one [ 249.240295][T12043] bond4: (slave ip6gretap2): Enslaving as an active interface with an up link [ 249.325257][T12044] veth5: entered promiscuous mode [ 249.334972][T12044] bond4: (slave veth5): Enslaving as an active interface with a down link [ 249.346592][T12043] erspan0: entered allmulticast mode [ 249.425699][T12056] unknown channel width for channel at 909000KHz? [ 249.445726][T12056] unknown channel width for channel at 909000KHz? [ 249.470999][T12056] unknown channel width for channel at 909000KHz? [ 249.613695][T12069] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 249.644507][T12069] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 249.692610][T12073] netlink: 'syz.1.1676': attribute type 10 has an invalid length. [ 249.957417][T12084] lo speed is unknown, defaulting to 1000 [ 249.996430][T12087] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1683'. [ 250.041264][T12090] netlink: 'syz.2.1684': attribute type 1 has an invalid length. [ 250.065182][T12090] netlink: 232 bytes leftover after parsing attributes in process `syz.2.1684'. [ 250.091594][T12090] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1684'. [ 250.116851][T12091] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1684'. [ 250.170829][T12092] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1684'. [ 250.346894][T12097] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1684'. [ 250.356448][T12097] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1684'. [ 250.370406][T12097] netlink: 'syz.2.1684': attribute type 14 has an invalid length. [ 250.412128][T12087] macvlan1 (unregistering): left promiscuous mode [ 251.247460][T12126] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1696'. [ 251.348859][T12132] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1696'. [ 251.424507][T12131] sctp: [Deprecated]: syz.2.1698 (pid 12131) Use of struct sctp_assoc_value in delayed_ack socket option. [ 251.424507][T12131] Use struct sctp_sack_info instead [ 251.962346][T12161] sctp: [Deprecated]: syz.4.1706 (pid 12161) Use of struct sctp_assoc_value in delayed_ack socket option. [ 251.962346][T12161] Use struct sctp_sack_info instead [ 252.337723][T12174] netlink: zone id is out of range [ 252.347019][T12174] netlink: zone id is out of range [ 252.361496][T12174] netlink: zone id is out of range [ 252.367440][T12179] netlink: 'syz.3.1713': attribute type 1 has an invalid length. [ 252.367646][T12174] netlink: zone id is out of range [ 252.385898][T12174] netlink: zone id is out of range [ 252.392845][T12174] netlink: zone id is out of range [ 252.418903][T12174] netlink: zone id is out of range [ 252.447005][T12174] netlink: zone id is out of range [ 252.455875][T12174] netlink: zone id is out of range [ 252.484921][T12174] netlink: zone id is out of range [ 253.011201][T12201] lo speed is unknown, defaulting to 1000 [ 253.135386][T12211] xt_TCPMSS: Only works on TCP SYN packets [ 253.495268][T12233] (unnamed net_device) (uninitialized): ARP target 9.0.0.0 is already present [ 253.513085][T12233] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (9) [ 253.557408][T12233] netlink: 'syz.1.1728': attribute type 1 has an invalid length. [ 254.073260][T12254] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 254.596331][T12274] __nla_validate_parse: 4 callbacks suppressed [ 254.596351][T12274] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1736'. [ 254.668411][T12281] netlink: 'syz.1.1743': attribute type 1 has an invalid length. [ 254.691089][T12283] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1736'. [ 254.879945][ T5857] Bluetooth: hci4: command 0x0405 tx timeout [ 255.082728][T12307] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1746'. [ 255.117714][T12297] lo speed is unknown, defaulting to 1000 [ 255.132826][T12298] lo speed is unknown, defaulting to 1000 [ 255.657851][T12321] lo speed is unknown, defaulting to 1000 [ 255.695064][T12328] tipc: Enabled bearer , priority 0 [ 255.762821][T12328] syzkaller0: entered promiscuous mode [ 255.777448][T12328] syzkaller0: entered allmulticast mode [ 255.818140][T12335] netlink: 'syz.2.1757': attribute type 5 has an invalid length. [ 255.843114][T12319] lo speed is unknown, defaulting to 1000 [ 255.955783][T12331] tipc: Resetting bearer [ 256.038302][T12327] tipc: Resetting bearer [ 256.078963][T12327] tipc: Disabling bearer [ 256.186627][T12352] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1761'. [ 256.229979][T12348] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1762'. [ 256.364437][T12348] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1762'. [ 256.592230][T12367] Cannot find add_set index 3 as target [ 256.637149][T12368] Cannot find add_set index 3 as target [ 256.840687][T12378] lo speed is unknown, defaulting to 1000 [ 256.883028][T12384] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1774'. [ 257.112455][T12395] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1779'. [ 257.198941][T12395] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1779'. [ 257.268240][T12403] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1782'. [ 257.910516][T12439] pim6reg1: entered promiscuous mode [ 257.922179][T12439] pim6reg1: entered allmulticast mode [ 258.137888][T12443] tipc: Enabled bearer , priority 0 [ 258.146131][T12456] veth1_to_batadv: entered allmulticast mode [ 258.200158][T12463] net_ratelimit: 162 callbacks suppressed [ 258.200175][T12463] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 258.234723][T12443] tipc: Resetting bearer [ 258.270211][T12466] tipc: Enabled bearer , priority 0 [ 258.277913][T12466] syzkaller0: entered promiscuous mode [ 258.284160][T12466] syzkaller0: entered allmulticast mode [ 258.318142][T12466] tipc: Resetting bearer [ 258.747086][T12441] tipc: Disabling bearer [ 258.855690][T12501] (unnamed net_device) (uninitialized): option updelay: invalid value (18446744073701165882) [ 258.867727][T12501] (unnamed net_device) (uninitialized): option updelay: allowed values 0 - 2147483647 [ 258.920501][T12504] team0: Port device geneve0 removed [ 259.003585][ T6244] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 259.016774][ T6244] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 259.026847][ T6244] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 259.038153][T12460] tipc: Resetting bearer [ 259.060513][T12460] tipc: Disabling bearer [ 259.107490][T12506] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.187444][T12511] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled [ 259.308606][T12517] lo speed is unknown, defaulting to 1000 [ 259.563422][T12515] netlink: 'syz.0.1815': attribute type 2 has an invalid length. [ 259.765421][T12527] __nla_validate_parse: 6 callbacks suppressed [ 259.765440][T12527] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1819'. [ 259.782702][T12527] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 260.376207][T12551] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1825'. [ 260.456565][T12556] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1826'. [ 260.546493][T12556] tipc: Enabled bearer , priority 0 [ 260.588194][T12556] syzkaller0: entered promiscuous mode [ 260.630081][T12556] syzkaller0: entered allmulticast mode [ 260.639943][T12558] lo speed is unknown, defaulting to 1000 [ 260.731597][T12556] tipc: Resetting bearer [ 260.772069][T12555] tipc: Resetting bearer [ 260.797432][T12555] tipc: Disabling bearer [ 260.846236][T12506] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 260.878623][T12506] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.093890][T12506] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 261.105767][T12506] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.347076][T12506] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 261.363885][T12506] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.637876][ T13] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 261.662075][ T13] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.729918][ T36] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 261.738331][ T36] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.852261][T12604] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 261.894649][ T36] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 261.924622][ T36] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.942506][T12627] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1845'. [ 261.979840][T12607] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 262.003274][T12607] syzkaller0: entered promiscuous mode [ 262.009666][T12607] syzkaller0: entered allmulticast mode [ 262.018749][T12627] netlink: 112 bytes leftover after parsing attributes in process `syz.4.1845'. [ 262.040141][ T36] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 262.048935][ T36] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.078957][T12604] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 262.117622][T12630] 8021q: VLANs not supported on ip_vti0 [ 262.147085][T12604] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 262.205465][T12604] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 262.318129][ T36] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 262.324277][T12636] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1848'. [ 262.336909][T12636] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1848'. [ 262.384275][ T6253] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 262.442481][ T36] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 262.488760][ T36] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 264.638257][T12645] tipc: Resetting bearer [ 264.746108][T12671] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1857'. [ 264.990923][T12689] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1863'. [ 265.024547][T12689] netlink: 'syz.3.1863': attribute type 1 has an invalid length. [ 265.155488][T12700] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1867'. [ 265.333889][T12710] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 265.347455][T12710] bond0: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 265.367358][T12712] netlink: 'syz.0.1869': attribute type 1 has an invalid length. [ 265.381339][T12710] bond0: (slave ipvlan2): Error -95 calling set_mac_address [ 265.388859][T12712] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1869'. [ 265.402090][T12712] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1869'. [ 265.426403][T12714] @ÿ: renamed from veth0_vlan [ 266.627021][T12764] lo speed is unknown, defaulting to 1000 [ 266.680460][T12767] lo speed is unknown, defaulting to 1000 [ 267.623735][T12797] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1890'. [ 267.665924][T12788] dvmrp0: left allmulticast mode [ 267.863637][T12803] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1891'. [ 268.193253][T12815] netlink: 'syz.3.1896': attribute type 1 has an invalid length. [ 268.235194][T12815] netlink: 'syz.3.1896': attribute type 10 has an invalid length. [ 268.272737][T12815] netlink: 'syz.3.1896': attribute type 4 has an invalid length. [ 268.292727][T12815] netlink: 192 bytes leftover after parsing attributes in process `syz.3.1896'. [ 268.328603][T12821] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1896'. [ 268.415431][T12815] bridge0: entered allmulticast mode [ 268.477011][T12830] : entered promiscuous mode [ 268.516583][T12826] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1897'. [ 268.538965][T12826] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1897'. [ 268.574118][T12817] lo speed is unknown, defaulting to 1000 [ 269.347573][T12845] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode [ 269.728285][T12817] syz.1.1895: vmalloc error: size 268435456, failed to allocated page array size 524288, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 269.750463][T12817] CPU: 1 UID: 0 PID: 12817 Comm: syz.1.1895 Not tainted 6.16.0-rc7-syzkaller-01904-g9312ee76490d #0 PREEMPT(full) [ 269.750521][T12817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 269.750547][T12817] Call Trace: [ 269.750556][T12817] [ 269.750565][T12817] dump_stack_lvl+0x189/0x250 [ 269.750595][T12817] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 269.750624][T12817] ? __pfx_dump_stack_lvl+0x10/0x10 [ 269.750646][T12817] ? __pfx__printk+0x10/0x10 [ 269.750671][T12817] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 269.750695][T12817] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 269.750725][T12817] warn_alloc+0x214/0x310 [ 269.750749][T12817] ? __pfx_warn_alloc+0x10/0x10 [ 269.750776][T12817] ? __get_vm_area_node+0x28f/0x300 [ 269.750803][T12817] ? __do_replace+0xb4/0xaa0 [ 269.750831][T12817] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 269.750856][T12817] ? stack_depot_save_flags+0x40/0x900 [ 269.750900][T12817] ? translate_table+0x1b4d/0x1f90 [ 269.750925][T12817] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 269.750958][T12817] ? __do_replace+0xb4/0xaa0 [ 269.750981][T12817] vzalloc_noprof+0xb2/0xf0 [ 269.751006][T12817] ? __do_replace+0xb4/0xaa0 [ 269.751030][T12817] __do_replace+0xb4/0xaa0 [ 269.751057][T12817] ? __pfx_translate_table+0x10/0x10 [ 269.751086][T12817] ? __pfx___do_replace+0x10/0x10 [ 269.751118][T12817] ? _copy_from_user+0x94/0xb0 [ 269.751148][T12817] do_arpt_set_ctl+0xa2a/0xf10 [ 269.751173][T12817] ? __mutex_trylock_common+0x153/0x260 [ 269.751199][T12817] ? __pfx_do_arpt_set_ctl+0x10/0x10 [ 269.751225][T12817] ? rcu_is_watching+0x15/0xb0 [ 269.751263][T12817] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 269.751286][T12817] ? __pfx___mutex_lock+0x10/0x10 [ 269.751305][T12817] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 269.751323][T12817] ? aa_sk_perm+0x81e/0x950 [ 269.751346][T12817] ? __pfx_aa_sk_perm+0x10/0x10 [ 269.751371][T12817] nf_setsockopt+0x26f/0x290 [ 269.751396][T12817] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 269.751425][T12817] do_sock_setsockopt+0x179/0x1b0 [ 269.751454][T12817] __x64_sys_setsockopt+0x13f/0x1b0 [ 269.751482][T12817] do_syscall_64+0xfa/0x3b0 [ 269.751503][T12817] ? lockdep_hardirqs_on+0x9c/0x150 [ 269.751523][T12817] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.751541][T12817] ? clear_bhb_loop+0x60/0xb0 [ 269.751563][T12817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.751582][T12817] RIP: 0033:0x7f06de98e9a9 [ 269.751599][T12817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 269.751615][T12817] RSP: 002b:00007f06dc7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 269.751636][T12817] RAX: ffffffffffffffda RBX: 00007f06debb6080 RCX: 00007f06de98e9a9 [ 269.751651][T12817] RDX: 0000000000000060 RSI: 0000000000000000 RDI: 0000000000000004 [ 269.751663][T12817] RBP: 00007f06dea10d69 R08: 0000000000000068 R09: 0000000000000000 [ 269.751675][T12817] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 269.751688][T12817] R13: 0000000000000000 R14: 00007f06debb6080 R15: 00007ffe271860a8 [ 269.751718][T12817] [ 269.751726][T12817] Mem-Info: [ 270.046300][T12865] __nla_validate_parse: 2 callbacks suppressed [ 270.046318][T12865] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1910'. [ 270.051721][T12817] active_anon:15007 inactive_anon:0 isolated_anon:0 [ 270.051721][T12817] active_file:1575 inactive_file:39932 isolated_file:0 [ 270.051721][T12817] unevictable:768 dirty:119 writeback:0 [ 270.051721][T12817] slab_reclaimable:12326 slab_unreclaimable:152890 [ 270.051721][T12817] mapped:33285 shmem:4229 pagetables:1165 [ 270.051721][T12817] sec_pagetables:0 bounce:0 [ 270.051721][T12817] kernel_misc_reclaimable:0 [ 270.051721][T12817] free:1250273 free_pcp:12541 free_cma:0 [ 270.104540][T12864] gtp0: entered promiscuous mode [ 270.108153][T12817] Node 0 active_anon:60228kB inactive_anon:0kB active_file:6300kB inactive_file:159528kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:133140kB dirty:476kB writeback:0kB shmem:15380kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13028kB pagetables:4508kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 270.204171][T12817] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 270.282249][T12817] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 270.351474][T12817] lowmem_reserve[]: 0 2498 2499 2499 2499 [ 270.368003][T12817] Node 0 DMA32 free:1092988kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:60880kB inactive_anon:0kB active_file:6300kB inactive_file:157952kB unevictable:1536kB writepending:476kB present:3129332kB managed:2558296kB mlocked:0kB bounce:0kB free_pcp:26284kB local_pcp:10816kB free_cma:0kB [ 270.439891][T12817] lowmem_reserve[]: 0 0 1 1 1 [ 270.444690][T12817] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 270.579838][T12817] lowmem_reserve[]: 0 0 0 0 0 [ 270.585231][T12817] Node 1 Normal free:3891932kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:24308kB local_pcp:12208kB free_cma:0kB [ 270.648854][T12817] lowmem_reserve[]: 0 0 0 0 0 [ 270.658988][T12817] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 270.701910][T12817] Node 0 DMA32: 0*4kB 0*8kB 0*16kB 29*32kB (UME) 465*64kB (UM) 250*128kB (UME) 142*256kB (UME) 78*512kB (UME) 53*1024kB (UME) 13*2048kB (UM) 212*4096kB (UM) = 1088224kB [ 270.752535][T12817] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 270.777722][T12817] Node 1 Normal: 237*4kB (UE) 53*8kB (UME) 44*16kB (UME) 84*32kB (UME) 21*64kB (UME) 6*128kB (UME) 4*256kB (UM) 4*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 946*4096kB (M) = 3891932kB [ 270.798826][T12817] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 270.812705][T12817] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 270.824564][T12817] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 270.836314][T12817] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 270.847855][T12817] 45732 total pagecache pages [ 270.853950][T12817] 0 pages in swap cache [ 270.858302][T12817] Free swap = 124996kB [ 270.863183][T12817] Total swap = 124996kB [ 270.867452][T12817] 2097051 pages RAM [ 270.871725][T12817] 0 pages HighMem/MovableOnly [ 270.876422][T12817] 425435 pages reserved [ 270.939577][T12817] 0 pages cma reserved [ 270.974404][T12884] netlink: 'syz.3.1916': attribute type 3 has an invalid length. [ 271.025346][T12884] netlink: 'syz.3.1916': attribute type 3 has an invalid length. [ 271.584072][T12904] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1922'. [ 271.643543][T12904] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1922'. [ 271.987311][T12924] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1924'. [ 272.087239][T12928] netlink: 'syz.4.1928': attribute type 1 has an invalid length. [ 272.190859][T12928] 8021q: adding VLAN 0 to HW filter on device bond3 [ 272.214969][T12937] vlan3: entered promiscuous mode [ 272.220836][T12937] bridge0: entered promiscuous mode [ 272.283038][T12939] delete_channel: no stack [ 272.473400][T12948] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1934'. [ 272.510188][T12948] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1934'. [ 272.591185][T12952] @ÿ: renamed from bond_slave_0 [ 272.768766][T12960] tipc: Enabled bearer , priority 0 [ 272.783873][T12961] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1939'. [ 272.796691][T12960] syzkaller0: entered promiscuous mode [ 272.808086][T12960] syzkaller0: entered allmulticast mode [ 272.953619][T12960] tipc: Resetting bearer [ 272.991543][T12967] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551612) [ 273.015763][T12967] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647 [ 273.042615][T12970] IPv6: addrconf: prefix option has invalid lifetime [ 273.045562][T12969] netlink: 'syz.2.1942': attribute type 1 has an invalid length. [ 273.064143][T12959] tipc: Resetting bearer [ 273.106715][T12971] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1942'. [ 273.127147][T12959] tipc: Disabling bearer [ 273.266267][T12976] pim6reg1: entered promiscuous mode [ 273.272433][T12976] pim6reg1: entered allmulticast mode [ 273.532060][T12985] IPVS: set_ctl: invalid protocol: 44 172.20.20.187:20000 [ 273.710330][T12991] netlink: 'syz.1.1949': attribute type 11 has an invalid length. [ 273.728684][T12991] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1949'. [ 274.154268][T13006] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1955'. [ 274.481121][T13014] syzkaller0: entered promiscuous mode [ 274.498600][T13014] syzkaller0: entered allmulticast mode [ 274.711718][T13027] netlink: 'syz.0.1960': attribute type 7 has an invalid length. [ 275.393537][T13055] __nla_validate_parse: 1 callbacks suppressed [ 275.393557][T13055] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1960'. [ 275.537289][T13061] ip6gretap0: entered promiscuous mode [ 275.549857][T13061] macsec1: entered promiscuous mode [ 275.555334][T13061] macsec1: entered allmulticast mode [ 275.574641][T13061] ip6gretap0: entered allmulticast mode [ 275.604167][T13065] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1973'. [ 275.636957][T13061] netlink: 'syz.2.1973': attribute type 11 has an invalid length. [ 275.680135][T13061] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1973'. [ 275.730599][T13061] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1973'. [ 275.875680][T13079] netlink: zone id is out of range [ 275.884498][T13079] netlink: zone id is out of range [ 275.946709][T13085] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1976'. [ 275.993997][T13079] netlink: zone id is out of range [ 275.999955][T13079] netlink: zone id is out of range [ 276.008595][T13079] netlink: zone id is out of range [ 276.015123][T13079] netlink: zone id is out of range [ 276.024771][T13079] netlink: zone id is out of range [ 276.025708][T13090] netlink: 'syz.4.1979': attribute type 1 has an invalid length. [ 276.039830][T13090] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1979'. [ 276.044110][T13079] netlink: zone id is out of range [ 276.054887][ T5167] Bluetooth: hci4: link tx timeout [ 276.064470][ T5167] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 276.076107][T13079] netlink: zone id is out of range [ 276.646043][T13115] lo speed is unknown, defaulting to 1000 [ 276.684570][T13119] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1990'. [ 276.845972][T13119] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1990'. [ 276.965696][T13129] vxcan2: entered promiscuous mode [ 276.995921][T13134] netlink: 'syz.1.1996': attribute type 1 has an invalid length. [ 277.004713][T13134] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1996'. [ 277.014666][T13127] lo speed is unknown, defaulting to 1000 [ 277.020463][T13134] netlink: 'syz.1.1996': attribute type 1 has an invalid length. [ 277.076447][T13134] 8021q: adding VLAN 0 to HW filter on device bond4 [ 277.202854][T13140] bond4: (slave ip6gretap2): making interface the new active one [ 277.238278][T13140] bond4: (slave ip6gretap2): Enslaving as an active interface with an up link [ 277.344605][T13134] veth5: entered promiscuous mode [ 277.363094][T13134] bond4: (slave veth5): Enslaving as an active interface with a down link [ 277.447011][T13140] erspan0: entered allmulticast mode [ 277.458256][T13153] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2001'. [ 277.505887][T13156] tipc: Enabled bearer , priority 0 [ 277.529727][T13153] veth1: entered promiscuous mode [ 277.536824][T13153] netlink: 'syz.0.2001': attribute type 1 has an invalid length. [ 277.573511][T13150] syzkaller0: entered promiscuous mode [ 277.595061][T13150] syzkaller0: entered allmulticast mode [ 277.862443][T13156] tipc: Resetting bearer [ 277.887159][T13172] netlink: 'syz.2.2004': attribute type 17 has an invalid length. [ 277.903709][T13147] tipc: Resetting bearer [ 277.978093][T13147] tipc: Disabling bearer [ 278.080242][ T5857] Bluetooth: hci4: command 0x0405 tx timeout [ 278.251552][T13187] x_tables: duplicate underflow at hook 2 [ 278.646567][T13202] sctp: [Deprecated]: syz.1.2014 (pid 13202) Use of int in max_burst socket option. [ 278.646567][T13202] Use struct sctp_assoc_value instead [ 279.283783][T13229] bond2: (slave gretap1): Releasing active interface [ 279.540036][T13241] bond0 (unregistering): left promiscuous mode [ 279.584916][T13241] bond0 (unregistering): Released all slaves [ 279.616834][T13239] smc: net device bond0 applied user defined pnetid SYZ2 [ 279.972388][T13261] macvtap1: entered promiscuous mode [ 280.004769][T13261] macvtap1: entered allmulticast mode [ 280.763000][T13241] smc: removing net device bond0 with user defined pnetid SYZ2 [ 280.992441][T13294] syzkaller0: entered promiscuous mode [ 280.998018][T13294] syzkaller0: entered allmulticast mode [ 281.057876][T13299] lo speed is unknown, defaulting to 1000 [ 281.400961][T13312] net_ratelimit: 99 callbacks suppressed [ 281.400981][T13312] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 281.495379][T13307] dummy0: left promiscuous mode [ 281.675838][T13307] batadv_slave_1: left promiscuous mode [ 281.688568][T13307] hsr0: left promiscuous mode [ 281.725612][T13307] xfrm1: left promiscuous mode [ 281.789619][T13307] macvtap1: left promiscuous mode [ 282.074365][T13336] syzkaller1: entered promiscuous mode [ 282.086943][T13336] syzkaller1: entered allmulticast mode [ 282.143608][T13339] __nla_validate_parse: 10 callbacks suppressed [ 282.143626][T13339] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2060'. [ 282.183853][T13339] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2060'. [ 282.325999][T13339] smc: adding net device bond0 with user defined pnetid SYZ2 [ 282.826673][T13361] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2063'. [ 282.916390][T13361] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2063'. [ 283.122507][T13368] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2066'. [ 283.227649][T13304] Cannot find add_set index 3 as target [ 283.418028][T13379] netlink: 'syz.3.2070': attribute type 39 has an invalid length. [ 283.572895][T13387] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2072'. [ 283.657792][T13384] lo speed is unknown, defaulting to 1000 [ 284.278552][T13406] (unnamed net_device) (uninitialized): ARP target 9.0.0.0 is already present [ 284.293639][T13406] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (9) [ 284.315454][T13406] netlink: 'syz.3.2078': attribute type 1 has an invalid length. [ 284.808549][T13425] vxcan1 speed is unknown, defaulting to 1000 [ 284.818375][T13425] vxcan1 speed is unknown, defaulting to 1000 [ 284.826970][T13425] vxcan1 speed is unknown, defaulting to 1000 [ 284.864139][T13428] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2084'. [ 285.183453][T13435] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2085'. [ 285.392777][ T7631] vxcan1 speed is unknown, defaulting to 1000 [ 285.409723][T13425] infiniband syz2: set down [ 285.479560][T13425] infiniband syz2: added vxcan1 [ 285.647970][T13446] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2088'. [ 285.670464][T13445] pimreg3: entered allmulticast mode [ 285.678060][T13425] RDS/IB: syz2: added [ 285.698463][T13425] smc: adding ib device syz2 with port count 1 [ 285.750579][T13425] smc: ib device syz2 port 1 has pnetid [ 285.788765][T13425] vxcan1 speed is unknown, defaulting to 1000 [ 285.798511][T13446] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2088'. [ 285.870989][ T5854] vxcan1 speed is unknown, defaulting to 1000 [ 285.920888][ C1] vcan0: j1939_session_tx_dat: 0xffff888053079000: queue data error: -100 [ 286.380509][T13458] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 286.683708][T13473] lo speed is unknown, defaulting to 1000 [ 286.788725][T13213] Set syz1 is full, maxelem 65536 reached [ 286.803681][T13425] vxcan1 speed is unknown, defaulting to 1000 [ 286.809767][T13477] (unnamed net_device) (uninitialized): ARP target 9.0.0.0 is already present [ 286.809794][T13477] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (9) [ 286.841505][T13477] netlink: 'syz.4.2098': attribute type 1 has an invalid length. [ 287.186081][T13473] vxcan1 speed is unknown, defaulting to 1000 [ 287.248140][T13490] pimreg: entered allmulticast mode [ 287.292582][T13491] netlink: 'syz.0.2104': attribute type 10 has an invalid length. [ 287.350162][T13491] team0: Port device 0! added [ 287.383196][T13489] pimreg: left allmulticast mode [ 287.785568][T13425] vxcan1 speed is unknown, defaulting to 1000 [ 288.434570][T13425] vxcan1 speed is unknown, defaulting to 1000 [ 289.013669][T13425] vxcan1 speed is unknown, defaulting to 1000 [ 289.241374][T13525] syzkaller1: entered promiscuous mode [ 289.246880][T13525] syzkaller1: entered allmulticast mode [ 290.541739][T13561] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 290.824572][T13572] netlink: 'syz.0.2141': attribute type 3 has an invalid length. [ 290.880693][T13574] __nla_validate_parse: 1 callbacks suppressed [ 290.880713][T13574] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2142'. [ 290.983969][T13579] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2144'. [ 291.043598][ T30] audit: type=1107 audit(1753511411.649:5): pid=13578 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 291.058909][T13579] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2144'. [ 291.100635][T13583] netlink: 'syz.0.2146': attribute type 13 has an invalid length. [ 291.181008][T13583] gretap0: refused to change device tx_queue_len [ 291.187809][T13583] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 292.460556][T13628] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2169'. [ 292.625012][T13631] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2170'. [ 292.650919][T13631] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 292.766840][T13642] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2176'. [ 292.820112][T13644] netlink: 176 bytes leftover after parsing attributes in process `syz.2.2177'. [ 293.076763][T13654] pimreg: entered allmulticast mode [ 293.087685][T13654] pimreg: left allmulticast mode [ 293.341613][T13662] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2186'. [ 293.368795][T13665] openvswitch: netlink: Message has 8 unknown bytes. [ 293.687504][T13680] openvswitch: netlink: Message has 8 unknown bytes. [ 293.894617][ T30] audit: type=1107 audit(1753511414.499:6): pid=13687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 294.427894][T13712] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2210'. [ 294.456042][T13712] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2210'. [ 295.747755][T13769] syz_tun: entered allmulticast mode [ 295.856463][T13768] syz_tun: left allmulticast mode [ 295.948392][T13776] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2235'. [ 296.401651][T13783] wireguard0: entered promiscuous mode [ 296.407311][T13783] wireguard0: entered allmulticast mode [ 297.430870][T13808] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2249'. [ 297.503534][T13808] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2249'. [ 297.518639][T13811] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2251'. [ 297.712042][T13817] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 297.749951][T13817] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 297.819881][T13822] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2256'. [ 297.859818][T13822] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2256'. [ 298.054384][T13834] netlink: 'syz.4.2263': attribute type 10 has an invalid length. [ 298.092797][T13834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 298.122931][T13834] team0: Port device bond0 added [ 298.314228][T13843] netlink: 'syz.4.2267': attribute type 10 has an invalid length. [ 298.388624][T13843] team0: Device hsr_slave_0 failed to register rx_handler [ 298.815363][T13869] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2279'. [ 299.835750][T13892] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2290'. [ 299.848921][T13892] ksmbd: Unknown IPC event: 4, ignore. [ 299.894612][T13895] netlink: 'syz.4.2292': attribute type 32 has an invalid length. [ 300.205823][T13907] xt_CT: You must specify a L4 protocol and not use inversions on it [ 300.319732][T13897] syzkaller0: entered promiscuous mode [ 300.325455][T13897] syzkaller0: entered allmulticast mode [ 300.923005][T13923] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2301'. [ 303.227123][T13923] hsr_slave_0: left promiscuous mode [ 303.237830][T13923] hsr_slave_1: left promiscuous mode [ 303.348799][T13952] netem: change failed [ 303.470472][T13958] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2314'. [ 303.470757][T13959] netlink: 7 bytes leftover after parsing attributes in process `syz.0.2315'. [ 303.561338][T13959] netlink: 7 bytes leftover after parsing attributes in process `syz.0.2315'. [ 303.777990][T13973] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2324'. [ 303.806329][T13973] netlink: 312 bytes leftover after parsing attributes in process `syz.4.2324'. [ 303.826707][T13973] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2324'. [ 304.875976][T14029] pimreg: entered allmulticast mode [ 304.902627][T14029] dvmrp0: left allmulticast mode [ 304.907935][T14029] pimreg: left allmulticast mode [ 305.033416][T14034] netlink: 'syz.1.2352': attribute type 3 has an invalid length. [ 305.257792][T14052] netlink: 272 bytes leftover after parsing attributes in process `syz.2.2359'. [ 305.660254][T14073] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2369'. [ 305.793293][T14078] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2371'. [ 306.598806][T14101] erspan0: left allmulticast mode [ 306.611717][T14101] sit0: left promiscuous mode [ 306.691822][T14101] bridge0: port 4(dummy0) entered blocking state [ 306.698673][T14101] bridge0: port 4(dummy0) entered forwarding state [ 306.737534][T14101] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 307.378851][T14126] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2392'. [ 308.044966][ T30] audit: type=1107 audit(1753511428.659:7): pid=14147 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 308.843473][T14169] atomic_op ffff888054574198 conn xmit_atomic 0000000000000000 [ 309.012288][T14180] netlink: 'syz.2.2418': attribute type 10 has an invalid length. [ 309.024019][T14180] bridge0: port 4(dummy0) entered disabled state [ 309.032528][T14180] dummy0: left allmulticast mode [ 309.037660][T14180] dummy0: left promiscuous mode [ 309.043945][T14180] bridge0: port 4(dummy0) entered disabled state [ 309.063209][T14180] team0: Port device dummy0 added [ 309.100404][T14180] netlink: 'syz.2.2418': attribute type 10 has an invalid length. [ 309.201962][T14176] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 309.221082][T14176] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.235763][T14189] netlink: 'syz.0.2421': attribute type 10 has an invalid length. [ 309.260835][T14180] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 309.272645][T14180] team0: Failed to send options change via netlink (err -105) [ 309.281186][T14180] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 309.299904][T14180] team0: Port device dummy0 removed [ 309.308195][T14180] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 309.317520][T14186] netlink: 'syz.3.2420': attribute type 29 has an invalid length. [ 309.333247][T14189] team0: Device hsr_slave_0 failed to register rx_handler [ 309.435987][T14176] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 309.470440][T14176] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.477722][T14197] __nla_validate_parse: 2 callbacks suppressed [ 309.477741][T14197] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2424'. [ 309.517363][T14197] ksmbd: Unknown IPC event: 4, ignore. [ 309.611414][T14176] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 309.670060][T14176] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.703250][T14204] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2428'. [ 309.734292][T14205] bridge0: entered promiscuous mode [ 309.739133][T14204] ksmbd: Unknown IPC event: 3, ignore. [ 309.741564][T14205] bridge0: port 2(macsec0) entered blocking state [ 309.756653][T14205] bridge0: port 2(macsec0) entered disabled state [ 309.764059][T14205] macsec0: entered allmulticast mode [ 309.779868][T14205] bridge0: entered allmulticast mode [ 309.788420][T14205] macsec0: left allmulticast mode [ 309.796800][T14205] bridge0: left allmulticast mode [ 309.803415][T14205] bridge0: left promiscuous mode [ 309.875332][T14176] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 309.912439][T14176] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.981746][T14209] lo speed is unknown, defaulting to 1000 [ 310.001513][T14209] vxcan1 speed is unknown, defaulting to 1000 [ 310.183299][ T12] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 310.199646][ T12] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.266343][ T59] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 310.282618][ T59] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.348881][ T59] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 310.384656][ T59] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.499736][ T59] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 310.508307][ T59] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.351665][T14252] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2450'. [ 311.531655][T14260] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2453'. [ 312.161300][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 312.293401][T14290] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2465'. [ 312.322829][T14290] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2465'. [ 312.371517][T14290] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2465'. [ 312.871649][T14327] netlink: 87 bytes leftover after parsing attributes in process `syz.3.2482'. [ 313.244717][T14344] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2493'. [ 313.393933][ T30] audit: type=1107 audit(1753511433.999:8): pid=14352 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='+ËÇä' [ 313.837568][T14354] smc: net device bond0 erased user defined pnetid SYZ2 [ 314.354922][T14398] bond5: entered promiscuous mode [ 314.374233][T14398] bond5: entered allmulticast mode [ 314.382652][T14406] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2516'. [ 314.391459][T14398] 8021q: adding VLAN 0 to HW filter on device bond5 [ 314.583824][T14398] bond5 (unregistering): Released all slaves [ 314.913780][T14426] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only [ 315.061871][T14430] ip6tnl3: entered promiscuous mode [ 315.090488][T14438] __nla_validate_parse: 1 callbacks suppressed [ 315.090509][T14438] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2530'. [ 315.131178][T14438] ksmbd: Unknown IPC event: 4, ignore. [ 315.340863][T14451] netlink: 7 bytes leftover after parsing attributes in process `syz.2.2536'. [ 315.411341][T14451] netlink: 7 bytes leftover after parsing attributes in process `syz.2.2536'. [ 315.752286][T14472] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.795171][T14472] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.860378][T14483] netlink: 'syz.1.2551': attribute type 13 has an invalid length. [ 315.898932][T14483] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 315.943536][T14472] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.955447][T14472] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.018241][T14472] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 316.056273][T14472] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.074020][ T30] audit: type=1107 audit(1753511436.689:9): pid=14487 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 316.213008][T14472] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 316.226533][T14472] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.463349][ T6244] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 316.480961][ T6244] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.523287][ T36] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 316.535323][ T36] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.594227][ T59] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 316.613103][ T59] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.635598][T14472] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 316.654567][T14472] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.678150][ T59] ================================================================== [ 316.686251][ T59] BUG: KASAN: slab-use-after-free in __mutex_lock+0x144/0xe80 [ 316.693725][ T59] Read of size 8 at addr ffff88802ff126b0 by task kworker/u8:4/59 [ 316.701621][ T59] [ 316.703939][ T59] CPU: 1 UID: 0 PID: 59 Comm: kworker/u8:4 Not tainted 6.16.0-rc7-syzkaller-01904-g9312ee76490d #0 PREEMPT(full) [ 316.703959][ T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 316.703969][ T59] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work [ 316.703992][ T59] Call Trace: [ 316.703999][ T59] [ 316.704014][ T59] dump_stack_lvl+0x189/0x250 [ 316.704032][ T59] ? __kasan_check_byte+0x12/0x40 [ 316.704051][ T59] ? __pfx_dump_stack_lvl+0x10/0x10 [ 316.704067][ T59] ? lock_release+0x4b/0x3e0 [ 316.704083][ T59] ? __virt_addr_valid+0x4a5/0x5c0 [ 316.704101][ T59] print_report+0xca/0x230 [ 316.704113][ T59] ? __mutex_lock+0x144/0xe80 [ 316.704128][ T59] kasan_report+0x118/0x150 [ 316.704145][ T59] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 316.704159][ T59] ? __mutex_lock+0x144/0xe80 [ 316.704176][ T59] __mutex_lock+0x144/0xe80 [ 316.704190][ T59] ? __lock_acquire+0xab9/0xd20 [ 316.704203][ T59] ? __mutex_lock+0x51b/0xe80 [ 316.704219][ T59] ? udp_tunnel_nic_device_sync_work+0x39/0xa50 [ 316.704233][ T59] ? __pfx___mutex_lock+0x10/0x10 [ 316.704250][ T59] ? __lock_acquire+0xab9/0xd20 [ 316.704268][ T59] udp_tunnel_nic_device_sync_work+0x39/0xa50 [ 316.704285][ T59] ? process_scheduled_works+0x9ef/0x17b0 [ 316.704299][ T59] ? process_scheduled_works+0x9ef/0x17b0 [ 316.704315][ T59] process_scheduled_works+0xae1/0x17b0 [ 316.704340][ T59] ? __pfx_process_scheduled_works+0x10/0x10 [ 316.704360][ T59] worker_thread+0x8a0/0xda0 [ 316.704376][ T59] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 316.704392][ T59] ? __kthread_parkme+0x7b/0x200 [ 316.704411][ T59] kthread+0x70e/0x8a0 [ 316.704430][ T59] ? __pfx_worker_thread+0x10/0x10 [ 316.704444][ T59] ? __pfx_kthread+0x10/0x10 [ 316.704462][ T59] ? _raw_spin_unlock_irq+0x23/0x50 [ 316.704474][ T59] ? lockdep_hardirqs_on+0x9c/0x150 [ 316.704488][ T59] ? __pfx_kthread+0x10/0x10 [ 316.704506][ T59] ret_from_fork+0x3fc/0x770 [ 316.704521][ T59] ? __pfx_ret_from_fork+0x10/0x10 [ 316.704537][ T59] ? __switch_to_asm+0x39/0x70 [ 316.704553][ T59] ? __switch_to_asm+0x33/0x70 [ 316.704568][ T59] ? __pfx_kthread+0x10/0x10 [ 316.704586][ T59] ret_from_fork_asm+0x1a/0x30 [ 316.704608][ T59] [ 316.704613][ T59] [ 316.928057][ T59] Allocated by task 14472: [ 316.932458][ T59] kasan_save_track+0x3e/0x80 [ 316.937133][ T59] __kasan_kmalloc+0x93/0xb0 [ 316.941718][ T59] __kmalloc_noprof+0x27a/0x4f0 [ 316.946568][ T59] udp_tunnel_nic_netdevice_event+0x854/0x19f0 [ 316.952711][ T59] notifier_call_chain+0x1b3/0x3e0 [ 316.957821][ T59] register_netdevice+0x1608/0x1ae0 [ 316.963035][ T59] nsim_create+0xae8/0xf10 [ 316.967495][ T59] __nsim_dev_port_add+0x6b6/0xb10 [ 316.972614][ T59] nsim_dev_port_add_all+0x37/0xf0 [ 316.977749][ T59] nsim_dev_reload_up+0x451/0x780 [ 316.982791][ T59] devlink_reload+0x4ec/0x8d0 [ 316.987652][ T59] devlink_nl_reload_doit+0xb35/0xd50 [ 316.993031][ T59] genl_family_rcv_msg_doit+0x212/0x300 [ 316.998604][ T59] genl_rcv_msg+0x60e/0x790 [ 317.003120][ T59] netlink_rcv_skb+0x205/0x470 [ 317.007878][ T59] genl_rcv+0x28/0x40 [ 317.011849][ T59] netlink_unicast+0x82f/0x9e0 [ 317.016731][ T59] netlink_sendmsg+0x805/0xb30 [ 317.021496][ T59] __sock_sendmsg+0x21c/0x270 [ 317.026173][ T59] ____sys_sendmsg+0x505/0x830 [ 317.030943][ T59] ___sys_sendmsg+0x21f/0x2a0 [ 317.035623][ T59] __x64_sys_sendmsg+0x19b/0x260 [ 317.040549][ T59] do_syscall_64+0xfa/0x3b0 [ 317.045076][ T59] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.050961][ T59] [ 317.053275][ T59] Freed by task 14472: [ 317.057358][ T59] kasan_save_track+0x3e/0x80 [ 317.062113][ T59] kasan_save_free_info+0x46/0x50 [ 317.067216][ T59] __kasan_slab_free+0x62/0x70 [ 317.072024][ T59] kfree+0x18e/0x440 [ 317.075959][ T59] udp_tunnel_nic_netdevice_event+0x1332/0x19f0 [ 317.082240][ T59] notifier_call_chain+0x1b3/0x3e0 [ 317.087785][ T59] unregister_netdevice_many_notify+0x14d7/0x1ff0 [ 317.094204][ T59] unregister_netdevice_queue+0x33c/0x380 [ 317.099938][ T59] nsim_destroy+0x1dd/0x670 [ 317.104437][ T59] __nsim_dev_port_del+0x14d/0x1b0 [ 317.109712][ T59] nsim_dev_port_add_all+0xae/0xf0 [ 317.114828][ T59] nsim_dev_reload_up+0x451/0x780 [ 317.119859][ T59] devlink_reload+0x4ec/0x8d0 [ 317.124620][ T59] devlink_nl_reload_doit+0xb35/0xd50 [ 317.129981][ T59] genl_family_rcv_msg_doit+0x212/0x300 [ 317.135520][ T59] genl_rcv_msg+0x60e/0x790 [ 317.140043][ T59] netlink_rcv_skb+0x205/0x470 [ 317.144794][ T59] genl_rcv+0x28/0x40 [ 317.148769][ T59] netlink_unicast+0x82f/0x9e0 [ 317.153544][ T59] netlink_sendmsg+0x805/0xb30 [ 317.158303][ T59] __sock_sendmsg+0x21c/0x270 [ 317.162973][ T59] ____sys_sendmsg+0x505/0x830 [ 317.167727][ T59] ___sys_sendmsg+0x21f/0x2a0 [ 317.172393][ T59] __x64_sys_sendmsg+0x19b/0x260 [ 317.177330][ T59] do_syscall_64+0xfa/0x3b0 [ 317.181850][ T59] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.187757][ T59] [ 317.190236][ T59] Last potentially related work creation: [ 317.195957][ T59] kasan_save_stack+0x3e/0x60 [ 317.200729][ T59] kasan_record_aux_stack+0xbd/0xd0 [ 317.205923][ T59] insert_work+0x3d/0x330 [ 317.210243][ T59] __queue_work+0xbd9/0xfe0 [ 317.214872][ T59] queue_work_on+0x181/0x270 [ 317.219485][ T59] __udp_tunnel_nic_add_port+0xb71/0xd60 [ 317.225141][ T59] udp_tunnel_push_rx_port+0x180/0x200 [ 317.230643][ T59] geneve_offload_rx_ports+0xd7/0x160 [ 317.236028][ T59] geneve_netdevice_event+0x6a/0x80 [ 317.241231][ T59] notifier_call_chain+0x1b3/0x3e0 [ 317.246352][ T59] call_netdevice_notifiers+0x88/0xc0 [ 317.251722][ T59] udp_tunnel_nic_netdevice_event+0x134d/0x19f0 [ 317.257974][ T59] notifier_call_chain+0x1b3/0x3e0 [ 317.263244][ T59] register_netdevice+0x1608/0x1ae0 [ 317.268485][ T59] nsim_create+0xae8/0xf10 [ 317.272907][ T59] __nsim_dev_port_add+0x6b6/0xb10 [ 317.278011][ T59] nsim_dev_port_add_all+0x37/0xf0 [ 317.283110][ T59] nsim_dev_reload_up+0x451/0x780 [ 317.288386][ T59] devlink_reload+0x4ec/0x8d0 [ 317.293089][ T59] devlink_nl_reload_doit+0xb35/0xd50 [ 317.298460][ T59] genl_family_rcv_msg_doit+0x212/0x300 [ 317.304003][ T59] genl_rcv_msg+0x60e/0x790 [ 317.308500][ T59] netlink_rcv_skb+0x205/0x470 [ 317.313248][ T59] genl_rcv+0x28/0x40 [ 317.317305][ T59] netlink_unicast+0x82f/0x9e0 [ 317.322061][ T59] netlink_sendmsg+0x805/0xb30 [ 317.326816][ T59] __sock_sendmsg+0x21c/0x270 [ 317.331484][ T59] ____sys_sendmsg+0x505/0x830 [ 317.336235][ T59] ___sys_sendmsg+0x21f/0x2a0 [ 317.340897][ T59] __x64_sys_sendmsg+0x19b/0x260 [ 317.345823][ T59] do_syscall_64+0xfa/0x3b0 [ 317.350317][ T59] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.356203][ T59] [ 317.358520][ T59] Second to last potentially related work creation: [ 317.365152][ T59] kasan_save_stack+0x3e/0x60 [ 317.369826][ T59] kasan_record_aux_stack+0xbd/0xd0 [ 317.375011][ T59] insert_work+0x3d/0x330 [ 317.379329][ T59] __queue_work+0xcfc/0xfe0 [ 317.383826][ T59] queue_work_on+0x181/0x270 [ 317.388414][ T59] __udp_tunnel_nic_add_port+0xb71/0xd60 [ 317.394037][ T59] udp_tunnel_push_rx_port+0x180/0x200 [ 317.399486][ T59] vxlan_offload_rx_ports+0x139/0x200 [ 317.404845][ T59] vxlan_netdevice_event+0x111/0x470 [ 317.410118][ T59] notifier_call_chain+0x1b3/0x3e0 [ 317.415287][ T59] call_netdevice_notifiers+0x88/0xc0 [ 317.420663][ T59] udp_tunnel_nic_netdevice_event+0x134d/0x19f0 [ 317.426903][ T59] notifier_call_chain+0x1b3/0x3e0 [ 317.432006][ T59] register_netdevice+0x1608/0x1ae0 [ 317.437549][ T59] nsim_create+0xae8/0xf10 [ 317.441961][ T59] __nsim_dev_port_add+0x6b6/0xb10 [ 317.447067][ T59] nsim_dev_port_add_all+0x37/0xf0 [ 317.452169][ T59] nsim_dev_reload_up+0x451/0x780 [ 317.457205][ T59] devlink_reload+0x4ec/0x8d0 [ 317.461877][ T59] devlink_nl_reload_doit+0xb35/0xd50 [ 317.467241][ T59] genl_family_rcv_msg_doit+0x212/0x300 [ 317.472810][ T59] genl_rcv_msg+0x60e/0x790 [ 317.477303][ T59] netlink_rcv_skb+0x205/0x470 [ 317.482057][ T59] genl_rcv+0x28/0x40 [ 317.486031][ T59] netlink_unicast+0x82f/0x9e0 [ 317.490785][ T59] netlink_sendmsg+0x805/0xb30 [ 317.495532][ T59] __sock_sendmsg+0x21c/0x270 [ 317.500285][ T59] ____sys_sendmsg+0x505/0x830 [ 317.505050][ T59] ___sys_sendmsg+0x21f/0x2a0 [ 317.509717][ T59] __x64_sys_sendmsg+0x19b/0x260 [ 317.514647][ T59] do_syscall_64+0xfa/0x3b0 [ 317.519152][ T59] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.525041][ T59] [ 317.527350][ T59] The buggy address belongs to the object at ffff88802ff12600 [ 317.527350][ T59] which belongs to the cache kmalloc-256 of size 256 [ 317.541395][ T59] The buggy address is located 176 bytes inside of [ 317.541395][ T59] freed 256-byte region [ffff88802ff12600, ffff88802ff12700) [ 317.555197][ T59] [ 317.557513][ T59] The buggy address belongs to the physical page: [ 317.563921][ T59] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ff12 [ 317.572673][ T59] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 317.581160][ T59] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 317.588705][ T59] page_type: f5(slab) [ 317.592764][ T59] raw: 00fff00000000040 ffff88801a441b40 ffffea0001ddf200 dead000000000004 [ 317.601339][ T59] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 317.610012][ T59] head: 00fff00000000040 ffff88801a441b40 ffffea0001ddf200 dead000000000004 [ 317.618785][ T59] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 317.628061][ T59] head: 00fff00000000001 ffffea0000bfc481 00000000ffffffff 00000000ffffffff [ 317.636729][ T59] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 317.645388][ T59] page dumped because: kasan: bad access detected [ 317.651810][ T59] page_owner tracks the page as allocated [ 317.657528][ T59] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5855, tgid 5855 (syz-executor), ts 83812704492, free_ts 83753318047 [ 317.678915][ T59] post_alloc_hook+0x240/0x2a0 [ 317.683705][ T59] get_page_from_freelist+0x21e4/0x22c0 [ 317.689241][ T59] __alloc_frozen_pages_noprof+0x181/0x370 [ 317.695052][ T59] alloc_pages_mpol+0x232/0x4a0 [ 317.699990][ T59] allocate_slab+0x8a/0x3b0 [ 317.704492][ T59] ___slab_alloc+0xbfc/0x1480 [ 317.709237][ T59] __kmalloc_noprof+0x305/0x4f0 [ 317.714128][ T59] fib_create_info+0x1728/0x3210 [ 317.719065][ T59] fib_table_insert+0xc6/0x1b50 [ 317.723917][ T59] fib_magic+0x2c4/0x390 [ 317.728157][ T59] fib_add_ifaddr+0x144/0x5f0 [ 317.732825][ T59] fib_inetaddr_event+0x12e/0x190 [ 317.737843][ T59] notifier_call_chain+0x1b3/0x3e0 [ 317.742979][ T59] blocking_notifier_call_chain+0x6a/0x90 [ 317.748699][ T59] __inet_insert_ifa+0xa13/0xbf0 [ 317.753819][ T59] inet_rtm_newaddr+0xf3a/0x18b0 [ 317.758764][ T59] page last free pid 5958 tgid 5958 stack trace: [ 317.765137][ T59] __free_frozen_pages+0xc71/0xe70 [ 317.770266][ T59] pagetable_dtor_free+0x2d2/0x3b0 [ 317.775393][ T59] __mmdrop+0xb5/0x460 [ 317.779464][ T59] exit_mm+0x1da/0x2c0 [ 317.783532][ T59] do_exit+0x648/0x22e0 [ 317.787677][ T59] do_group_exit+0x21c/0x2d0 [ 317.792254][ T59] __x64_sys_exit_group+0x3f/0x40 [ 317.797288][ T59] x64_sys_call+0x21ba/0x21c0 [ 317.802106][ T59] do_syscall_64+0xfa/0x3b0 [ 317.806608][ T59] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.812513][ T59] [ 317.815133][ T59] Memory state around the buggy address: [ 317.820865][ T59] ffff88802ff12580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 317.829141][ T59] ffff88802ff12600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 317.837305][ T59] >ffff88802ff12680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 317.845366][ T59] ^ [ 317.850986][ T59] ffff88802ff12700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 317.859051][ T59] ffff88802ff12780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 317.867387][ T59] ================================================================== [ 317.889437][ T59] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 317.896675][ T59] CPU: 1 UID: 0 PID: 59 Comm: kworker/u8:4 Not tainted 6.16.0-rc7-syzkaller-01904-g9312ee76490d #0 PREEMPT(full) [ 317.908663][ T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 317.918759][ T59] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work [ 317.926260][ T59] Call Trace: [ 317.929726][ T59] [ 317.932664][ T59] dump_stack_lvl+0x99/0x250 [ 317.937256][ T59] ? __asan_memcpy+0x40/0x70 [ 317.941842][ T59] ? __pfx_dump_stack_lvl+0x10/0x10 [ 317.947050][ T59] ? __pfx__printk+0x10/0x10 [ 317.951645][ T59] panic+0x2db/0x790 [ 317.955556][ T59] ? __pfx_panic+0x10/0x10 [ 317.959990][ T59] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 317.965890][ T59] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 317.972221][ T59] ? print_memory_metadata+0x314/0x400 [ 317.977706][ T59] ? __mutex_lock+0x144/0xe80 [ 317.982386][ T59] check_panic_on_warn+0x89/0xb0 [ 317.987338][ T59] ? __mutex_lock+0x144/0xe80 [ 317.992032][ T59] end_report+0x78/0x160 [ 317.996303][ T59] kasan_report+0x129/0x150 [ 318.000817][ T59] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 318.006716][ T59] ? __mutex_lock+0x144/0xe80 [ 318.011404][ T59] __mutex_lock+0x144/0xe80 [ 318.015955][ T59] ? __lock_acquire+0xab9/0xd20 [ 318.020813][ T59] ? __mutex_lock+0x51b/0xe80 [ 318.025492][ T59] ? udp_tunnel_nic_device_sync_work+0x39/0xa50 [ 318.031737][ T59] ? __pfx___mutex_lock+0x10/0x10 [ 318.036773][ T59] ? __lock_acquire+0xab9/0xd20 [ 318.041617][ T59] udp_tunnel_nic_device_sync_work+0x39/0xa50 [ 318.047687][ T59] ? process_scheduled_works+0x9ef/0x17b0 [ 318.053403][ T59] ? process_scheduled_works+0x9ef/0x17b0 [ 318.059117][ T59] process_scheduled_works+0xae1/0x17b0 [ 318.064682][ T59] ? __pfx_process_scheduled_works+0x10/0x10 [ 318.070675][ T59] worker_thread+0x8a0/0xda0 [ 318.075261][ T59] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 318.081603][ T59] ? __kthread_parkme+0x7b/0x200 [ 318.086539][ T59] kthread+0x70e/0x8a0 [ 318.090602][ T59] ? __pfx_worker_thread+0x10/0x10 [ 318.095705][ T59] ? __pfx_kthread+0x10/0x10 [ 318.100292][ T59] ? _raw_spin_unlock_irq+0x23/0x50 [ 318.105481][ T59] ? lockdep_hardirqs_on+0x9c/0x150 [ 318.110672][ T59] ? __pfx_kthread+0x10/0x10 [ 318.115274][ T59] ret_from_fork+0x3fc/0x770 [ 318.119958][ T59] ? __pfx_ret_from_fork+0x10/0x10 [ 318.125069][ T59] ? __switch_to_asm+0x39/0x70 [ 318.129857][ T59] ? __switch_to_asm+0x33/0x70 [ 318.134625][ T59] ? __pfx_kthread+0x10/0x10 [ 318.139220][ T59] ret_from_fork_asm+0x1a/0x30 [ 318.144011][ T59] [ 318.147315][ T59] Kernel Offset: disabled [ 318.151634][ T59] Rebooting in 86400 seconds..