last executing test programs: 14.967531597s ago: executing program 1 (id=2647): ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18) syz_emit_ethernet(0x411, &(0x7f0000001180)={@local, @multicast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x3db, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @local, {[@routing={0x84}], "223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d52f8c3785143e92da5d2d81edc09f68f122fbf741257bf1319408347a17c89212dfe27a0fc65362487e5afe673f0954f60d9d08b61276ce0b3aa520b5f30a9f52c4aa53fc003f8570383ca63530d93b78a7875338b3d7645ef2c24ab05db63cfdcde7b3cac2248c9d1c73d0d4382b3f520ad6e9be698eaa9bf5b939ce09919c9485c4725690ee2483315829a196f85a5ae552ebe19a2d6768ce2a6bf60fbb53104c7919b7cf28fa555fc9460df11e72eddebb2fc4eb6f83b16e0d65307e4210dfc209f0c68df65b57f420fd215546b798af6b6ab7bfb2fe6bd6142f877852717370b1ca39d199c149c3ead97c4e16229ce4c08a111a0fc64651c21e9174dd72442a9ae2a42d9433c7b54c8dd4b59203f9a2e227e9b043eb430e606cf98f3428ac8511948dd553bc0728c0626fbda71bd2a1d734d605e27bdb0be93b7b91284689e31fccb70c15f2c39da9011c84d36fe4b4b36ff26e45a34685fc638dbdaa068a3d3d4f5d44b74afc0fc7956e5fcc3fe405ac6d292d1d90f257f18fe14a3192d28ed369956aa2f91f9fee773cf7fb5d90705347eeadc1af86de78a498fa1a20e5b3f481a0595769654d969299506d8ffbc172a7fb9453a8a3787e80b167936863f2cc16c1d03481bd40e1abcf87a292559771572136932bf30e48174012a1d4d5f138f93140af2ceb9c821c7966ea7592d762975b5b33ef141b6b91eb388c91b924945c3231d0f299adb5a36e0c95a17872e7ebf0bc0e33baf5c46f9e2087b77bad0794d519ce7bc8674a70f3545d020454ded22f164185df3b4f952b132947b75333993fd73a6bac5836dd5720e559bcb82a4926734c5c3b1287c5fec219a99f71eb398430001f007306e9232c269c2886357f75d935e8de054341ac36f1df1fc77fbc347d90660f4d5658cfeb9e289f70968a7c0b38ae34c4bfa46b47964e223ac34f472e3231e8c285add5713592c76c062c3477beb55b279846f04f8d6a5ce2743c6a2020f0c5164953b8dca7e57239dc8a7f507bcf77767ab0b4602437171a09c8e80f5a165c4c37eaae386cfcb927dd1a935fa717fa1608792b34bafbc20cf11a678455894ede62788309ab7a7075535847a2b48260a613e521b01d75648263ad78e6176528dbf3e6c4e4d72066e617be5387183a51dd97d2e846c5d173b51e17a4c8d78a49c914cbe44236c52c78de45b44f9d80bc6f77c75135922a84579bce77baa71311889f5b7b90c5124b8298d5e9c81c442d60df00795854d3213a1ac254c8963c109f68b3ff5451c381f6fb56c116f86b71f988d1e9f732280cbf3d4e9791fefc4bdec5dc"}}}}}, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000100)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0xfe, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x27, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x9, @local, @rand_addr=0x640100fe}, "2d8a728fdbb966aa"}}}}}, 0x0) r1 = accept$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xe8001, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x2}) ioctl$TUNSETIFF(r2, 0x400454da, &(0x7f0000000080)={'geneve1\x00', 0x10}) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000080)=@req3={0x0, 0x5, 0x3, 0x12000000, 0x2c2, 0xe0a, 0x10}, 0x1c) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0xffff0002, @empty, 0xffffffff}, 0x1c) 14.444476637s ago: executing program 1 (id=2657): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'ip6gre0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001240)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x4000000, {0x0, 0x0, 0x0, r0, {}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0x0, 0x1fc, 0x0, 0xfdfffc80, 0x0, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f, 0x0, 0x0, 0x2, 0xffffffff, 0x2, 0xc00, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x1000, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x272, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x0, 0xb97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5e, 0xfffffffc, 0x8, 0x0, 0x0, 0x400004, 0x7, 0x4, 0xc, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x10000, 0x1, 0xfff, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffc, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0xb3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0xd79, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x100, 0x0, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffefffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xff}, 0x0, 0x7f}}]}}]}, 0x45c}}, 0x0) 14.302372382s ago: executing program 1 (id=2660): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004040)=ANY=[@ANYBLOB="682400003e000701feffffff00000000037c000008004280040008000c000180060006008848"], 0x2468}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="02000000020000", @ANYRES64=0x0], 0x10) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073727a3100000000080041007369770014003300626f6e6430"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000048000000030a05020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a3000000000080007006e6174003c000000060a01040000000000000000010000001400048010000180090001006d6173710000000008000b40000000000900010073797a300000000014000000110001"], 0xcc}, 0x1, 0x0, 0x0, 0x880}, 0x0) 13.710254324s ago: executing program 1 (id=2664): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) (async) r0 = socket$inet_tcp(0x2, 0x1, 0x0) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100004, 0x220104, 0xb, 0x1}, 0x48) (async) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000380), &(0x7f0000000380), 0x2, r1}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=""/40, &(0x7f00000001c0), &(0x7f00000000c0), 0x1, r1}, 0x38) (async, rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xc, 0x16, &(0x7f0000000200)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560602000f0200006706000020000000620a00ff0ee60000bf250000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffcd35010000000000ce040000000000001c000000000000009500000000000000db13d5d8b741f2cdaabc8383c8f56bb5df3083d20f8c2bf304000000815dcf0066d7ded3c5c49a08a503ea6d54f7f3125a8200578ac0836d6454745e70a27444003c5b20451b624db6f5320e9befc1e00b8b32917c4d30d16b7edb732bc3ac330b16c442aff70d27659bc58e296b16750c5577c848754b4894b07f15bab1c640a5c0c4fd62f9db829b301ef67fd2b2736f3af0c54af2412313b17c4c8081c4ed0572261960e227d34cfbfdb247bc2351c9d8363a8cb18b7330604da78b0aba47545f9a25a80dd7d28a5ae41824f611dd2de6dd581c52698f9542a444a8a3969946faded5275c00"/420], &(0x7f0000000100)='GPL\x00'}, 0x48) (async, rerun: 64) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1400000015000103000000000000000001"], 0x14}}, 0x0) (async) r4 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPCONNADD(r4, 0x400442c8, 0x0) (async) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r4, 0x800442d2, &(0x7f0000000080)={0x1, &(0x7f0000000280)=[{0x0, 0x0, 0x0, @random}]}) (async) read(r3, &(0x7f0000000080)=""/186, 0xba) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000044000701fc"], 0x20}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) ioctl$sock_SIOCSIFBR(r0, 0x890c, &(0x7f0000000000)=@generic={0x0, 0x2}) (async, rerun: 32) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x28) (async, rerun: 32) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000000), 0x8) r7 = socket$inet_icmp(0x2, 0x2, 0x1) ioctl$BTRFS_IOC_QUOTA_CTL(r7, 0xc0109428, &(0x7f0000000000)={0x1, 0x61}) (async, rerun: 32) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x8, 0x6, &(0x7f0000000240)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c200000000009500001200000000b609c5d8cc5a475dd466048a2af0057092bcc1631cb63d7cdb"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) (rerun: 32) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r8, 0xe0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, &(0x7f0000001640)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x124}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) (async, rerun: 64) r9 = socket$inet6(0xa, 0x2, 0x3a) (rerun: 64) sendmmsg$inet6(r9, &(0x7f0000000b80)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x7ffe, @remote, 0x4}, 0x1c, 0x0, 0x0, &(0x7f00000006c0)=ANY=[], 0x18}}], 0x1, 0x4000084) 13.616335118s ago: executing program 1 (id=2665): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) sendmmsg$inet(r0, &(0x7f00000013c0)=[{{&(0x7f0000000340)={0x2, 0x4e23, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x1a}, @multicast1=0xe00005c0}}}], 0x20}}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000002dc0)='D', 0x1}], 0x1}}], 0x2, 0x40080c0) 2.870724509s ago: executing program 0 (id=2764): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="2c0000000a0a03000000000000000000010000060900020073790c96000000000900010073797a30"], 0x2c}, 0x1, 0x2000, 0x0, 0x4004}, 0x24002840) 2.750772963s ago: executing program 0 (id=2765): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000480)=[@in6={0xa, 0x4e20, 0x0, @loopback}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x2c, &(0x7f0000000900)=[@in6={0xa, 0x4e20, 0x0, @loopback={0x9000000}}, @in={0x2, 0x4e20, @loopback}]}, &(0x7f00000002c0)=0x10) 2.673130243s ago: executing program 3 (id=2767): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={0x0, 0x0, 0x22}, 0x28) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x0) socketpair(0x1, 0x1, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) listen(0xffffffffffffffff, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) accept(r2, 0x0, 0x0) connect$inet(r3, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000001000000280001801400040000000000000000000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094) 1.742651802s ago: executing program 0 (id=2774): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'ip6gre0\x00'}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 1.7224541s ago: executing program 3 (id=2775): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000002000010000000000000000000220000000000000000000000500150002000000080009000000000008000b0005000000080017004e214e22080001"], 0x5c}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB='\\\x00\x00\x00!', @ANYRES32=r1, @ANYRES16=r0], 0x5c}}, 0x0) 1.538540991s ago: executing program 4 (id=2777): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x2, 0x0, 0x2, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8, 0x1000}}, 0x1c}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r2) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000140)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r2, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)={0x2c, r3, 0x1, 0x70bd25, 0x5dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SEC_DEVKEY={0x10, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x7}, @NL802154_DEVKEY_ATTR_ID={0xfffffcd1, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x0, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x0, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_MODE={0x0, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x0, 0x4, 0x40000000}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x0, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x0, 0x4, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0x0, 0x5, 0x6}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000041}, 0x2000c0c0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001900dd8d000000000000000002000000"], 0x1c}}, 0x8c0) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x2, 0x0, 0x2, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8, 0x1000}}, 0x1c}}, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r2) (async) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000140)={'wpan0\x00'}) (async) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r2, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)={0x2c, r3, 0x1, 0x70bd25, 0x5dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SEC_DEVKEY={0x10, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x7}, @NL802154_DEVKEY_ATTR_ID={0xfffffcd1, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x0, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x0, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_MODE={0x0, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x0, 0x4, 0x40000000}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x0, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x0, 0x4, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0x0, 0x5, 0x6}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000041}, 0x2000c0c0) (async) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001900dd8d000000000000000002000000"], 0x1c}}, 0x8c0) (async) 1.252159342s ago: executing program 3 (id=2778): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="1400000017000103000000080000000001"], 0x14}}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x8000000}, 0x0) 1.251268448s ago: executing program 0 (id=2779): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2c, 0x0, 0x2, 0x3, 0x0, 0x0, {0x2, 0x0, 0x5}, [@CTA_EXPECT_TUPLE={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}]}]}, 0x2c}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000006a0001002abd7000ffdb"], 0x20}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) 1.210556004s ago: executing program 2 (id=2780): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x10, &(0x7f0000000040)=0x9, 0x4) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f0000000080)={0xa, 0x4e21, 0x80000, @dev={0xfe, 0x80, '\x00', 0x14}}, 0x1c, 0x0, 0x0, &(0x7f0000004540)=[@dstopts={{0x18, 0x29, 0x37, {0x33}}}], 0x18}, 0x40) 1.070853877s ago: executing program 4 (id=2781): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x90ff, 0x71, 0x11, 0x71}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70) 1.040456544s ago: executing program 3 (id=2782): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) r4 = socket$inet6(0xa, 0x3, 0x5) getsockopt$inet6_int(r4, 0x29, 0xb, 0x0, &(0x7f0000000180)) socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/pid\x00') ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0) r5 = ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0) ioctl$NS_GET_PARENT(r5, 0x8004b707, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r6) r7 = socket$unix(0x1, 0x1, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000840), r9) r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r11, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f00000009c0)={0x14, r10, 0x1, 0x70bd2d, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x24000010}, 0x8000) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r12, {0x0, 0xe}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.023239797s ago: executing program 2 (id=2783): socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x3b6, &(0x7f0000000780)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x380, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0xf8, 0xfffffffc, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, '\x00'/12}, {0x18, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x18, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4610001394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "00000000000000000000000200000000000000000000000000008879e66485201a0015ca837400000000000000000000001c0000000000"}, {0xe, 0x14, "5e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fa632dbf04542188b196e213408c"}, {0x3, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001400)=@newlink={0x44, 0x10, 0x49920d862a92153b, 0x800, 0xfff0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1b400}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}}, 0x0) 950.672929ms ago: executing program 4 (id=2784): r0 = socket$kcm(0x2, 0x1000000000000002, 0x0) sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x2, 0x4e1f, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000100)='\x00', 0x1}, {0x0}], 0x2, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xb}, @multicast2}}}], 0x20}, 0x10000000000) 935.620026ms ago: executing program 0 (id=2785): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={0x0, 0x0, 0x22}, 0x28) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x0) socketpair(0x1, 0x1, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) listen(r3, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) accept(r2, 0x0, 0x0) connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000001000000280001801400040000000000000000000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094) 928.483072ms ago: executing program 4 (id=2786): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) sendfile(r1, r1, 0x0, 0x1) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newlink={0x3c, 0x10, 0x437, 0x0, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x5120b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0xfffffffffffffe3f}}}]}, 0x3c}}, 0x4000010) 777.323864ms ago: executing program 4 (id=2787): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="09000000180000000800000040"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r0}, 0x38) (fail_nth: 83) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r0, 0x0, &(0x7f0000001580)=""/92}, 0x20) 658.438199ms ago: executing program 4 (id=2788): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="180000000000000000000000000000009500160000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) syz_init_net_socket$x25(0x9, 0x5, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x80, 0x0, 0x6}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x88, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x44, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}]}}}, {0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xe41f}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x120}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd0}}, 0x20050800) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000001bc0)=ANY=[], 0x28}}, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000200)={'ip6tnl0\x00', 0x0}) r8 = socket$kcm(0x29, 0x2, 0x0) r9 = socket$inet6(0xa, 0x803, 0x7) ioctl$BTRFS_IOC_INO_PATHS(r6, 0xc0389423, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r8, 0x89e0, &(0x7f0000000240)={r9, r6}) bind$alg(r5, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r10 = accept4(r5, 0x0, 0x0, 0x800) ppoll(&(0x7f0000000200)=[{r10, 0x801a}], 0x1, &(0x7f0000000100)={0x0, 0x3938700}, 0x0, 0x0) ioctl$FS_IOC_GETFSLABEL(r5, 0x81009431, &(0x7f0000000340)) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0xa0, 0x0, 0x1, 0x401, 0x0, 0x0, {0x3}, [@CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x66, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x3, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0xfffffc8b}, 0x1, 0x0, 0x0, 0x44000}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000500000000000000000000000095000096020ee900"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$IPCTNL_MSG_CT_NEW(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xac}}, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00042bbd7000fddb183300000000"], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x8001) 586.460166ms ago: executing program 2 (id=2789): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x2000000}, 0x0) 508.132089ms ago: executing program 2 (id=2790): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x2, 0x4) 326.443169ms ago: executing program 2 (id=2791): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan3\x00', 0x0}) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x19, 0x1c, &(0x7f0000001840)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1b}}, {}, [@snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x5}, {0x3, 0x3, 0x6, 0xa, 0xa}, {0x5, 0x1, 0xb, 0x8, 0xa, 0x4}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x0}, {}, {0x18, 0x2, 0x2, 0x0, r4}, {0x7, 0x0, 0xb, 0x2}, {0x46, 0x0, 0x0, 0x76}}], {{}, {0x6, 0x0, 0xb, 0x8}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x480}, 0x94) sendmsg$NL802154_CMD_DEL_SEC_KEY(r0, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800c000}, 0xc, &(0x7f0000000340)={&(0x7f0000000100)={0x204, r1, 0x10, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_KEY={0x88, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "39ae39977f8c2d39fb38d24bc1b8a4eb"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xc}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "20883b9a306bc1c264dbbe31d828b824"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "77cc9e23dc2b07b06c8f7ced3b2bf5ac317029aa32ebe754d2a9ce0f7d40a141"}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "2c15a20cc7aa58f4726daa5ee90ab337"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x10}, @NL802154_KEY_ATTR_ID={0x14, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_SEC_KEY={0x14c, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "42e91addae431f98dc52603d696b3304b02dfe969b46921dbb64c7a632a72df1"}, @NL802154_KEY_ATTR_ID={0x98, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x3c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xfffffffffffffab7}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa3}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "bd79373dcf21bcf5799e4eecfaa3f6103199705d96ea9dafa069f7131871ca5b"}, @NL802154_KEY_ATTR_ID={0x34, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x80000000}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x578}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x4}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "dd96b957bdee403adb0d15437fc6638b3dd5592431d7a52c415b799f607a3988"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5}]}]}, 0x204}}, 0x4000040) r6 = socket$inet6(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r7, &(0x7f0000000b80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)=[@rights={{0x1c, 0x1, 0x1, [r8, r7, 0xffffffffffffffff]}}], 0x20, 0x40001}}], 0x2, 0x44000) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x17, 0x18, &(0x7f0000000240)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r9}}, {}, [@printk={@p, {}, {0x5}, {0x7, 0x0, 0x9}, {}, {}, {0x15}}, @ldst={0x1, 0x0, 0x3}], {{}, {0x5}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f00000004c0)={'ip6tnl0\x00', &(0x7f00000003c0)={'syztnl1\x00', 0x0, 0x4, 0x4, 0x3, 0x2, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7, 0x7, 0x1202, 0x8}}) r10 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_INIT(r10, 0x29, 0xc8, &(0x7f0000000340), 0x4) setsockopt$MRT6_ADD_MIF(r10, 0x29, 0xca, 0x0, 0x0) r11 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x30, r11, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000001}, 0x4) 278.580326ms ago: executing program 3 (id=2792): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000980)=@newsa={0x110, 0x1a, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x2, 0x0, 0xee00}, {@in6=@loopback, 0x0, 0x2b}, @in=@rand_addr=0x64010100, {0x200000000000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}, @offload={0xc, 0x1c, {0x0, 0x1}}]}, 0x110}}, 0x0) 180.861027ms ago: executing program 2 (id=2793): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000900)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010002000000010000000b000000080003006561bbd575d96a2ac8f23b788da8db773e3f9b164fb5ea3cdc9819b2017d8b705125a05003b3456c4c6b3e975516cfe7408d5054e749c1794cc66f5544bc927e7963da65d2b89b345bfe49027e34f823927922fa5b52240aa56911c4eec06d40abc0a567f2f385ff77c40c70cfe7ab965a9645f293467dd6f16a27b043edeff2f7d552a763d0745eaf2dace8868f2678b366779cd1fc16e2c99aab885d1f92", @ANYRES32=r5, @ANYRESOCT=r1], 0x34}, 0x1, 0x0, 0x0, 0x8005}, 0x0) setsockopt$bt_BT_SECURITY(r1, 0x12, 0x4, 0x0, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) bpf$MAP_CREATE(0x600000000000000, &(0x7f00000007c0)=ANY=[@ANYBLOB="0f00000004000000040000000200020000000000", @ANYRES32=0x1, @ANYBLOB="fdffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00f60000f1ff00000000000000000000000000000000000000000000c965259cf6cd29f386cb67335ce9440658a77c90ff3eadd6e8a1ed822ac5f27ef28bea5d9e9032b10c0fcb93568df157a2376e35234d49ed9e35038096100ef1be234bbf8dcde4b0dca32a8bdb8a4a29a52c4c92117a2ac8dad5bc30d4c7f31476f6ea2e478b3ef46849eebd0bb5c3b4fb6aa86e75f598bc91a84cf0b62fca97efdfb93d0486375df3e82b78487e6645c1db788c3c740a0e5398079a114d95c26432586b3fb410ec5fdddfb5dfdfc02cef000000"], 0x48) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c0000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="332000000000000004002b8008001bf6ff000000"], 0x2c}, 0x1, 0x0, 0x0, 0x20048054}, 0x0) r7 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r9, {0x0, 0xa}, {0xb, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0xc, 0x2, [@TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x6}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4048000}, 0x44080) sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x30, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r9, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x55}, 0x4000) r10 = socket$netlink(0x10, 0x3, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) bind$alg(r11, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx\x00'}, 0x58) r12 = accept4(r11, 0x0, 0x0, 0x0) r13 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r13}, 0x10) r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r10) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r12, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000400)={&(0x7f00000027c0)=ANY=[@ANYBLOB="dc16008def04c5ae7eae2b11e8261d0d873dae00953651d64638767e8c1a45b6c32a52880ce0f6fa9f1d393301ff8176f1beb53c55a7d5c6e6adeb6a863e97070837e245ba3c3c35e249e2bfd271d34d9952215f7d5f9db77f2a8a6c0d3250bd85348b9037621c535155727f85bcc60a29eacffa7298a30dbd62a57311a68539e1cde1ef870000", @ANYRES16=r14, @ANYBLOB="000129bd7000fcdbdf25660000000800b700fa0000000800b700840000000800270001000000050019010b0000000800270002000000480eb9800c00ba00010165000a0071a500010e8043000200930f801f612a56bccd598f8bf23005e0ce0c4f79cc713968425464bd40d4bdf3a3beca2bb9836f2260726089058796a68c8636c4f5533928eeec66c34dc6c10004000100b400020016686681b0349752045e5fcbd2a145dc995b357d07920f56bc19a240c83afa463dca0916dd0a0879cead742f4f8bd350bc5c37596c2b186d977bc6122d139de9cc72d17f72e92ddf5d4de2d24376979e5c317c6e27310b5c7837b097d887e51af087b06e57ded2f8f806cda31f951257cd327e54a44fe8606fe05eec73362a8c986d1b4bc7cfc5c7922384687c8816e066ac51c1e5bd9ea6011c1e2c74d7787ad914c1d9d60452d5a7439dad709f2aa87d007f00000e5696adc53c9f73666fa5ce1964278c10860a530e866c9572bc53691d0931fc0e0602080083254007f708021100000101000000ffffffffffff0100000005000000ffffffffffff0300000003018c7107010000ff01016868040700db738c18b5050ad40c8ade73f80da104d47356a8da4901d5cf9183a6000000db030e0080bc0000080211000000080211000001505050505050000000010a808000000000000000a4084008010884096c16988389812a01043c040099a5087206030303030303dd3bab89f9801891cd5ad229c78573c07470a31161ac7f4052141cedca4f28b791c0479c4b123d60bfb8540a4f9e3ef7d6f4fa27161e32128bfe070507dddacc75f270c0c25e59d056d035f553b703f10a323fef8a1895b981dc240666c857a56b71e99b9f3a17cd672a44ee65cb5d1d378d5fae1a4159d36de544fcabaa3f330ab7ccd0120882031f6efc1ba052aef9c175a0d1fe091ca8a95fb564254c194ae946b91558f452dd876b90ad2904613a526c0c846c0ab53bf549ae934ab2a63d695bdb19b5f17734d0ab3215f9403403889e16f4c2f8e582f56a6a7925a69f5d0370c8675d6e04151eb3845b94341507110071804833e86c28459c7c9e69a811d1faf30e78f3fb2b8439505d495622d1dafdd5b745dc60e070ddb02c5a1e12bbbd6923afa592f89a72ace0320b607d0064d8757ea61fbe94652e0591fdd8df965f76b301d31a6f013a1195b5713cad63be5c20eb0d08f761cb514a56fc5505bc8e4562f95f252098f570331bb8c0644770465cf1481560cf3dfad5710b70cd72feef35894cd335c007c4871e64f21d05e1adb85862eb680b3564653dbf186aa112a387eb4963c7c1534e450a34df034e69f56c7cb7049f4f7dd8553da41c5987a9b91b5febd24b98918478dddf27dfadd5777f6d4a166b24b861408a85228d7a3672beaabc8799b48e9b74421a0e9e9eefa8f8611f6c52f535451f2116e3e9ee4e7bddf82f80f007d78bfb5a20ad563ceaa8e53a5d37b8cc182c6b7f31d555cfe8f2159719773d62522811cc960bb966c66e0abb924a6eabfbf6560aeaf7b5d1926fd646e18ea3a0d5fe550c8560b3bd8e3f07af9193447ca54ad15de6d959ecb7dc397cdb63ca8b92d7bd1770c6a9cdeff2e23ab13a3c85bfc05bd24981abe4bc59995207ceb4d98c981469e165c899140e679bd7d13dc60e3a440631680f75a17017b1324138402bb71d40dd50e0012ea08103e5a4e65ab40d61da4b75370594a693856cca946b3e219bc254e6e657d35db9be4030dd8e3023b3c553deab7de77f02706a85674059b3ee8347972d4b347cda5266e74f18b3e78d8d0355dd949c4b3ea6d7e3a35f4a805c684ff672ba85923424c99e9b223ea1978a0831559f9a5d6f2de2eae2116c9f82b9736bc3abebfb190fe1a7db78ceb1299a7c81cd24dd0fd0b0fef2078f2a6c11fcf82751daa3beb209d33f1c7467fd1d565aa7cb073202da16cc95daeea1f42fc0d72ea3fcb89a5d4bfce170bf31dc2a2c8312f19f9875324bace965f2ccbb4f4ae584593a00b8109c00e3007f002503012c07720603030303030305970d7b0219766ccec622bbbc93f7dcbcf455a9c56add4991683452d61be02030ef7f48f564ac9416d0ca348c63d54a6b6a7ca0e9cd7d19cc58255a3bb5377ddfa214b9359523e8c791db6d4ac53000a0eb8e23b038e00366dae3120812d2a658deccb64e170fb488c97637dda9d50de573da519b4c229cf2c20f33a9de8255a783b3c36f434fbbe9bfc8386b2ac685fc7c23a6343826b141fb2ba311abcb18cf88aa7393454fb1418f3992e3e5c1456ed2c9848fc021b993d2119aad4f09828bc8e7e3924a060262000406a7050002040000cc010e805300030056b0992d22925b0d81dd48cf08598374209f6148992539ef3ba1d425353effde209ad57448b64f720677152c49e48aa92e365d7e472bf731cd67e4837cf8022c45562fa9b3c67edf40d6fc7a877dad00c1000300caeff5055c6955b881c446fa14eaa285c213071273df6cc4860db5238fee597bc5bbc1ca69dc708c65990faa447e3ac279dba721b4c529d77e4ff84292f50011203a593d7fde5a5ca80e6b02db232bdd48ec1421ecb4c712c4a35306499382a70daa9ef15d0128c107f80842adcd09ba6612b3a5e8e4ea0fb0bd1c7dc5f72ee5f08c3cf0526b0cb5ade1f34289c7d833b5626365606e5f0c2adabd93fe370a280eb3ac2c6c5298ee33eb1af3597d49314871a8a3015ab1569f8ae2e53000000004000100a80002008055905f9324c351bc022c406c9b678aacc7868ca130980035f660b216e55980bd8c0d54f36b90a4bb6f1a7dc60686d10d7ba11bdc2b675aa44bd7627a9a3112ba2d474d555d0337a1d74857f61b591c9f5b138a57714be4cec3a66abb28b8dbb67a8d6c37ebe4f90d97e54afca07be4e1040ff1135092441033858a109442faefe2100f0ecc69459495f2b65c39ffbdc8a197fe0bf26f235a5ee71cb468fd53c7033e29040003000a00bb00050004000a0000001e050e00808c0200fffffffffffffffffffffffff3ce9b266b2d46ee06008941290f00000000000064000440000c52cf5f13ea5b0ca6e4068329010524960601300301b2040605fb12720400060200040531cb5b082f00118d42e6b6bb84facdd8bc5e4bf0fe486fddfe46b7dc8b3a84ce057636cd3d54e03a75b37656f198a55ca4422a0107760606021f000101dda1643618aa94c82bb4e58f62edd2dec24cfeacaf33bfd55afe9b26c7355e6a941ab46e42db9737469fbe700b4474e335c572189b7f8bb26a980c90ca8800847f66e247001544b874c8806030db699fc5e1c4ffbb585d50ef90c1b8b1005b9410d0789dfbc3b921b4aacc52f49f83180af5bfc7ffc3c7d1b86c0ef6b44bf8efb80e2070ee1741cc7744079e85e1f1426f4dc6b023cb5310e30c3473be5c49aa9a439fdd5708d958d0105d359448f564c9f99ea1cb67e3abcfb3d43adc37f97d99152b2e04c329838a55b1daa170811538f2fbb38de5e9e512407e5e8489650cd86b0f5eddb1bb9663f9ef9630f6206231288a45f97f92a326ee0865dd83bf370cc7e093f31b374de8b2be002c9d77fc01138e7266165aae912e20b1abc4ae45d70d64791c52f602fd5b0c9609201fcd7a58d1c7b51af9391d583f9b6b6840be13f30a67a474fee2a2aa83992426efad3ddf0dbe86918a5085854e248e06e0551332c762cd6a5fda67a3aa0fdfc8678cd0ca6d5ad6a37dc150b05978c91daf65fddde405502a9c0a2aa3a0db2be6e51bdd375d59c1db2fd1e1ad7450347c8b23ee6e3899917f698110f55203b47db8e8d256a28def54eec383a0e102d52a7f0136d9d1543bf16c8d9e1b13afec9930fb1f180610778d66a01c26550b3776b8df1c33e7468ac3b485c5658d859af34ebe22cbe2d87e9452c144e0947966fe6177df67d1330361a99d24d5a3db857234ea821dd22b9977db8fa4d94374e9ab92ab7f066406e612c8d9912d76294035cec0a5ae1143150751033b9ad1be3b8ae272dcd858776ce5a740bde0c3f2a521409a68bd8fb56f6bf4f99ea67890815354e35689a186b24570dd7320025052de02c36686372868fa002fd8087a73e31bfa12a505921d433b315cf4ce5cfee3227d99bfa75870e8362dd5b3a4245a92c92d1cf27b16cd895c9002bc17131616418ade46cb8989224022321050e61484f556e3950fc442992041b82323f90ccae94700f9a0a30da7ff6342e9140268dddfea365ad287bc950525fe18987a843d6802e787f72a96f7274321af371fdd934bd220d3bb314ea4b0f7d8288add2ff8ff18abceb4dfd3147dd7010d9d581e875f1986e1fcaf23cd8d694649c489219d8d5e0dec4debf852473716b6db3619a1dd1f835fccda780041996b91f2206cb26db7d657ea1a93d3afa64484fbb1dc2d077bfbb1abedbd54a7b89ed315087d556772c8f0b8e161d79e00991ee5b0962aeb663d82d92e2a66550dc5e2289a415d74ccd95b1f8b56609471f860369cbdf7158801641c56538ae0b06ed7ca1407d0a93adb790da11e0fe1de264b1df36c2addd11336e86389e4cc42f0194ea055bfc43d6cb34103ead19b30ec41a971c82a63a7fff0cda9b22a07e3c53fe94e1697d848901cadb68d76b2994f4c1405a72bd73b8119769417071c952563b5d8c665a174adc3101f122850d8dbfdb45d302ed8eaff0aa54c60b298eab1f937891aa7781f96588915c3eab3bf51803b4101b9c1455376119f7d17adc59b51cf85d7c3a9015cde602d3a45212ee4f7f082e392d589095b4cc330f88549200a6de5c7b0254d274b23c84df880fb12bdc09a28d46dd6cfd6caa93a68cc76c35f1b7f57d09a778000001200bb000600030002000800ff03090002000000ec000e80e0000200622b5211fff654ff299c70d26eeddad8793c9fe263b9bdd5bc63fc6a9b6765c9d089f67d3446c6698ceb24cbef62e90aff6fd904d787ddab0720d2b37b328a535e5da60a479033caad666255908671a2c40a3bb7b64a186d7c39e8ab2ea9fbb139ef5d3161ca4c74d2e8c89da43128798e0cb1a5afa39baced1af4f12a04ddd3f21d151f1ae9e9cc57cc0578aa04a1493d7d0c09c7c0395cfcbb2f62d0a9e47cbd8d2d05dd311e49b8c126e881fc3ea43de82e604107f993e77828f545e0360649d66ef055b63fcac09cdf5e2887e25a24bbce1cf0717f8352fa78bd04000100040001000800a100040000000800a0000700000008009f000700000008009f0003000000050019010a00000008009f0006000000050018010d00000005001801020000000800b7007c0000000808b980c8010e80ba0002007ee8a0d28cc9e2c885d9ac6dc59c828d0887cad93d6af2e768647bf24702fcfb39b57c5a91c808d9276a5bb664cfb78661ecd7680a89024d6defa0d4a395cd8338186cd1ada381402362b4112410e3565ec0b293f5c8721e9140cdad3f2e2e0af9476d1f57175ae63daee3358f12daf2ab8d1e02439cbe00cd5fd3ec32da0976904afbdee118e9cd35d0355a4c349d361ad4227f4f810677b0d9a4884a26e3f6f179c1276ef8bff419005b308bd0678683039e81aa36000070000200ded47301da19ffa1ff473d34befa5eecc7927c7654d20159896b584dacf5922793a8284f02beb0d358942c8b9288ed8d767586db292cf805017bb48f1b22aea20f8d6cb0f50d938413c88f92702fb3107bac4025df1b5972417aa3ba41c1798fd17e5a584a6c833574a4d0bc92000200c9668825d9484af4b213d99743608debac628e81bf8be43c1356abcb95aa1b33c998309e7bc162341524042d9e6cc86f2951d398a95dc19fc42458819dff0f097ba3dde2100bc48940d3744a5f88e432ae87e0c581102c487a91f2eb74f2071bc3d5ce5d507388e6b9330ab3dd3e220c6efa33d5038550f96582343d06aa667c442daeb3a0a9a86a366332022ebb000004000100ea0080006512c276f85dca86080211000001080211000000751600000200130016bdc3a4d29afee2c570b3d8800bc50f824c4500030400000008021100000001800000ffffffffffff080000009abe00000400ffffffffffff04000000050802110000010200000000ffffffffffff030000000108021100000109000000bd060802110000003c0400fc0c01825c05030904000000080211000000010000004cfbfffff600000006010802110000000600000000ffffffffffff0f00000001ffffffffffff8000000001080211000001000000000108021100000082ffffff00ffffffffffff0001000000003002800000060101010101018c102a066a734167781a91a8f61cfeb7d0707206030303030303ddf735b1c5d76f6c2fbc2a772dba466bbbc3f6d766c963da44b3832efe3d5c77406de262a3479f5cd3e78b99703e1fe4cc9c72cb728dda32a1879685e03bff81308eaf05fe4791334312c8ad8540b4163dda4a516dcf9b69fc91312c2f2a0a342b8d717856366563432a9812e870786001fa4f533864208527978101d7c6be719e1cf07dd3663b099d2ab8ab167d25e2304b8c75a1da01d831ddc02fe75e1344ccf6211e75a301d7701f94a53facac33e0f6cddefa005bc38b772246e0eac101b1a00060d2a757b13e0e43220260b0470fef267345d9a6da4c69697829fdf176017dbd833cbbdfd1cac8d71eddf659fb71f917dd9bb3a8021ddded0276fc5811fb0011b4bc2b7da0a54618a534d573677f8a7ab5d45372832ee22a546d03497b3e338b7183b0ce75ca292f6a2584f608b0df5df8e8b13ae7c3712a1551f197d66a3fbb783ea927cb49ee851a6b592975a39167d7f23a942aad12c53debfb61d31c3499eea10c7287d52dc72ddba69834d86eab2fd4d74a0bde1f3f7144ed450306540891bd5d28fa63e46a1597bf35f6b8aa8c471e6995375a4e949810e5fab9202c718f1430d549e8e60c7d1dd8461bfc85eb2f896ad1bee3ad9c02af9778b98c541c6f1c2ebb4d7b73baf200f9c080ed86d65a3455216f93cf5d709ef5b8c0bb3217ce97fbb4c23e01033e01022d1a00100d060000000000000008000100150000000004885c777309dd000e00800c0100ffffffffffff0802110000016969d64321f6a2e30e000000000000006400000800060101010101010104d989986c2a0102710701000000ffff00760608082f000100dd3e4f69ed508d45b5715f36f0dca03a3ed14a4ddc8b443df5eba3e3485f5f4bdd26d321d92f57fb93f888191d8f4ac53c2d6041000335bf7ac7f203f5961fdfdd3a7c77a443e8a11e3d2ab6a425a1cc303b0ff222fd8b36f482ad965b8a1ee63f90a99b24c45af4749efbc6908247cf63af50eee7f3f78af0218bebdd15045e8cc3bf3ef176628ee4580e8c2a70a91d7a44100000001b0180002d1a800010040000000000000002009f000f0000000004000000008184cf020d00080211000000000000000d004008021100000105000000ffffffffffff1d0000ffffffffffff0180000021000008021100000107000000410000080211000000090000000100000802110000017f000000230040080211000000050000000802110000010c004008021100000102000000ffffffffffff2e0000ffffffffffff800000001600000802110000010500000037004008021100000001000100080211000001340040080211000000d9030000ffffffffffff1e0040ffffffffffff06000000080211000000ee043c0401093d1d250300881bbd06ffffffffffff7e15110408ffffffffffff01000080000200007f4e0000000c007f0000060101010101014b002a003c040009b809651208021100000008021100000108021100000171070000ff0002044000060101010101012d1a00101108000000000000004700cf00140000000004ffffff7f0000a5002a000442d778f3f215310091f822c797d7323c02cd050c376a0ace51cba5b7c61d5ad17eff6afa468f7e340dfe23acb9b92d64d011fb9ce7879edf4206ff9e77255ce17f0476760602002000c9007e158f430008021100000103000000008000000b000000bd06080211000000750800000400ff0307003e01010006020202020202831f000409ffffffffffffd00700000400000001000100080211000000030000000000000800bb00000002001400ba000900b46a06003a0040ff0100020005000600ba00250300000800b7006b000000"], 0x16dc}}, 0x8000) sendmsg$nl_route(r12, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[], 0x5c}, 0x1, 0x0, 0x0, 0xb0}, 0x49004) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r12, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0xbfa8be5ef523b773, 0x70bd25, 0x25dfdbfd}, 0xfffffe7f}, 0x1, 0x0, 0x0, 0xc010}, 0x20000880) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r7, 0x118, 0x1, &(0x7f0000000540)=0x448, 0x4) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r10, 0x10e, 0xc, &(0x7f0000000080)=0x4, 0x4) sendmsg$netlink(r10, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000180)=ANY=[@ANYBLOB="30000000120001000000000000000000100000000c00000000000000000000000d002e020000002d7d2d2b2900000000de"], 0x30}], 0x1}, 0x0) 94.772207ms ago: executing program 3 (id=2794): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$can_bcm(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)=ANY=[@ANYBLOB="05000000030000004d6d000000000000", @ANYRES64=0x0, @ANYRES64=r0], 0x48}}, 0x0) 60.072815ms ago: executing program 1 (id=2665): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) sendmmsg$inet(r0, &(0x7f00000013c0)=[{{&(0x7f0000000340)={0x2, 0x4e23, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x1a}, @multicast1=0xe00005c0}}}], 0x20}}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000002dc0)='D', 0x1}], 0x1}}], 0x2, 0x40080c0) 0s ago: executing program 0 (id=2795): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2c, 0x0, 0x2, 0x3, 0x0, 0x0, {0x2, 0x0, 0x5}, [@CTA_EXPECT_TUPLE={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}]}]}, 0x2c}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000006a0001002abd7000ffdb"], 0x20}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) kernel console output (not intermixed with test programs): 1] should_fail_ex+0x414/0x560 [ 191.538909][ T9151] should_failslab+0xa8/0x100 [ 191.538942][ T9151] __kmalloc_cache_noprof+0x70/0x3d0 [ 191.538970][ T9151] ? sctp_add_bind_addr+0x8c/0x370 [ 191.539004][ T9151] sctp_add_bind_addr+0x8c/0x370 [ 191.539038][ T9151] sctp_copy_local_addr_list+0x30b/0x4e0 [ 191.539072][ T9151] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 191.539100][ T9151] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 191.539135][ T9151] ? sctp_v4_is_any+0x35/0x60 [ 191.539163][ T9151] ? sctp_copy_one_addr+0x93/0x360 [ 191.539197][ T9151] sctp_bind_addr_copy+0xb3/0x3c0 [ 191.539227][ T9151] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 191.539258][ T9151] sctp_connect_new_asoc+0x2e0/0x690 [ 191.539283][ T9151] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 191.539316][ T9151] ? __local_bh_enable_ip+0x12d/0x1c0 [ 191.539351][ T9151] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 191.539374][ T9151] ? security_sctp_bind_connect+0x7e/0x2e0 [ 191.539413][ T9151] sctp_sendmsg+0x155c/0x2810 [ 191.539464][ T9151] ? __pfx_sctp_sendmsg+0x10/0x10 [ 191.539503][ T9151] ? aa_sk_perm+0x81e/0x950 [ 191.539540][ T9151] ? __pfx_aa_sk_perm+0x10/0x10 [ 191.539575][ T9151] ? sock_rps_record_flow+0x19/0x410 [ 191.539605][ T9151] ? inet_sendmsg+0x2f4/0x370 [ 191.539635][ T9151] __sock_sendmsg+0x19c/0x270 [ 191.539672][ T9151] ____sys_sendmsg+0x52d/0x830 [ 191.539715][ T9151] ? __pfx_____sys_sendmsg+0x10/0x10 [ 191.539761][ T9151] ? import_iovec+0x74/0xa0 [ 191.539793][ T9151] ___sys_sendmsg+0x21f/0x2a0 [ 191.539818][ T9151] ? __pfx____sys_sendmsg+0x10/0x10 [ 191.539877][ T9151] ? __fget_files+0x2a/0x420 [ 191.539905][ T9151] ? __fget_files+0x3a0/0x420 [ 191.539949][ T9151] __sys_sendmmsg+0x227/0x430 [ 191.539977][ T9151] ? __pfx___sys_sendmmsg+0x10/0x10 [ 191.539995][ T9151] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 191.540059][ T9151] ? ksys_write+0x22a/0x250 [ 191.540089][ T9151] ? __pfx_ksys_write+0x10/0x10 [ 191.540113][ T9151] ? rcu_is_watching+0x15/0xb0 [ 191.540148][ T9151] __x64_sys_sendmmsg+0xa0/0xc0 [ 191.540172][ T9151] do_syscall_64+0xfa/0x3b0 [ 191.540202][ T9151] ? lockdep_hardirqs_on+0x9c/0x150 [ 191.540230][ T9151] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.540301][ T9151] ? clear_bhb_loop+0x60/0xb0 [ 191.540330][ T9151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.540410][ T9151] RIP: 0033:0x7ffa7198e929 [ 191.540429][ T9151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.540448][ T9151] RSP: 002b:00007ffa7289f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 191.540471][ T9151] RAX: ffffffffffffffda RBX: 00007ffa71bb5fa0 RCX: 00007ffa7198e929 [ 191.540488][ T9151] RDX: 0000000000000001 RSI: 0000200000003f40 RDI: 0000000000000005 [ 191.540502][ T9151] RBP: 00007ffa7289f090 R08: 0000000000000000 R09: 0000000000000000 [ 191.540515][ T9151] R10: 00000000200000d0 R11: 0000000000000246 R12: 0000000000000002 [ 191.540528][ T9151] R13: 0000000000000000 R14: 00007ffa71bb5fa0 R15: 00007fffa93347e8 [ 191.540564][ T9151] [ 191.967181][ T9157] netlink: 180 bytes leftover after parsing attributes in process `syz.2.1041'. [ 192.102746][ T9157] nbd2: detected capacity change from 0 to 127 [ 192.114372][ T9160] block nbd2: NBD_DISCONNECT [ 192.134170][ T9160] block nbd2: Disconnected due to user request. [ 192.158052][ T9160] block nbd2: shutting down sockets [ 192.467860][ T9177] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1046'. [ 192.505744][ T9177] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1046'. [ 192.527576][ T9181] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 192.534448][ T9181] syzkaller1: linktype set to 6 [ 192.539405][ C0] vcan0: j1939_tp_rxtimer: 0xffff888029c24400: rx timeout, send abort [ 192.880997][ T9187] netlink: 'syz.1.1051': attribute type 1 has an invalid length. [ 192.893384][ T9187] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1051'. [ 193.039460][ C0] vcan0: j1939_tp_rxtimer: 0xffff888029c24400: abort rx timeout. Force session deactivation [ 193.143420][ T9194] ip6tnl2: entered promiscuous mode [ 193.148696][ T9194] ip6tnl2: entered allmulticast mode [ 193.182736][ T9194] team0: Device ip6tnl2 is up. Set it down before adding it as a team port [ 193.611005][ T9215] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 193.621777][ T9215] syzkaller1: linktype set to 6 [ 193.730502][ T9225] ipt_ECN: cannot use operation on non-tcp rule [ 194.084005][ T9234] syzkaller0: entered allmulticast mode [ 194.245870][ T9236] syzkaller0 (unregistering): left allmulticast mode [ 194.282439][ T9244] FAULT_INJECTION: forcing a failure. [ 194.282439][ T9244] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 194.296790][ T9244] CPU: 1 UID: 0 PID: 9244 Comm: syz.1.1071 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 194.296822][ T9244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 194.296836][ T9244] Call Trace: [ 194.296845][ T9244] [ 194.296854][ T9244] dump_stack_lvl+0x189/0x250 [ 194.296886][ T9244] ? __pfx____ratelimit+0x10/0x10 [ 194.296916][ T9244] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.296942][ T9244] ? __pfx__printk+0x10/0x10 [ 194.296981][ T9244] ? __might_fault+0xb0/0x130 [ 194.297021][ T9244] should_fail_ex+0x414/0x560 [ 194.297060][ T9244] _copy_from_iter+0x1db/0x16f0 [ 194.297080][ T9244] ? schedule+0x165/0x360 [ 194.297109][ T9244] ? __lock_acquire+0xab9/0xd20 [ 194.297137][ T9244] ? anon_pipe_write+0xbf4/0x1360 [ 194.297168][ T9244] ? __pfx__copy_from_iter+0x10/0x10 [ 194.297190][ T9244] ? __pfx___mutex_lock+0x10/0x10 [ 194.297229][ T9244] ? page_copy_sane+0x4e/0x280 [ 194.297255][ T9244] copy_page_from_iter+0xdd/0x170 [ 194.297284][ T9244] anon_pipe_write+0x99a/0x1360 [ 194.297318][ T9244] ? anon_pipe_write+0xb91/0x1360 [ 194.297367][ T9244] ? __pfx_anon_pipe_write+0x10/0x10 [ 194.297398][ T9244] ? __pfx_autoremove_wake_function+0x10/0x10 [ 194.297433][ T9244] ? bpf_lsm_file_permission+0x9/0x20 [ 194.297455][ T9244] ? security_file_permission+0x75/0x290 [ 194.297494][ T9244] vfs_write+0x54b/0xa90 [ 194.297525][ T9244] ? __pfx_anon_pipe_write+0x10/0x10 [ 194.297557][ T9244] ? __pfx_vfs_write+0x10/0x10 [ 194.297595][ T9244] ? __fget_files+0x2a/0x420 [ 194.297635][ T9244] ksys_write+0x145/0x250 [ 194.297663][ T9244] ? __pfx_ksys_write+0x10/0x10 [ 194.297687][ T9244] ? rcu_is_watching+0x15/0xb0 [ 194.297718][ T9244] ? do_syscall_64+0xbe/0x3b0 [ 194.297753][ T9244] do_syscall_64+0xfa/0x3b0 [ 194.297781][ T9244] ? lockdep_hardirqs_on+0x9c/0x150 [ 194.297809][ T9244] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.297831][ T9244] ? clear_bhb_loop+0x60/0xb0 [ 194.297858][ T9244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.297880][ T9244] RIP: 0033:0x7f62dd38e929 [ 194.297900][ T9244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 194.297919][ T9244] RSP: 002b:00007f62db1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 194.297942][ T9244] RAX: ffffffffffffffda RBX: 00007f62dd5b5fa0 RCX: 00007f62dd38e929 [ 194.297958][ T9244] RDX: 00000000fffffdef RSI: 00002000000001c0 RDI: 0000000000000000 [ 194.297978][ T9244] RBP: 00007f62db1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 194.297992][ T9244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 194.298004][ T9244] R13: 0000000000000000 R14: 00007f62dd5b5fa0 R15: 00007fffc6c38398 [ 194.298040][ T9244] [ 194.744468][ T9242] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 194.906907][ T9255] __nla_validate_parse: 2 callbacks suppressed [ 194.906928][ T9255] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1074'. [ 194.982019][ T9263] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 194.988279][ T9263] syzkaller1: linktype set to 6 [ 195.109941][ T9271] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1080'. [ 195.236539][ T9278] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1083'. [ 195.257857][ T9278] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1083'. [ 195.428644][ T9283] netlink: 248 bytes leftover after parsing attributes in process `syz.2.1084'. [ 195.496282][ T9280] xt_CT: No such helper "syz1" [ 196.189708][ T9296] bridge0: left promiscuous mode [ 196.200373][ T9296] team0: left promiscuous mode [ 196.210041][ T9296] team0: left allmulticast mode [ 196.226826][ T9296] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 196.425548][ T9302] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 196.434464][ T9302] syzkaller1: linktype set to 6 [ 196.767357][ T9320] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1100'. [ 197.231870][ T9340] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048) [ 197.506907][ T9352] syz0: rxe_newlink: already configured on lo [ 197.621281][ T9363] netlink: 'syz.1.1118': attribute type 9 has an invalid length. [ 197.631035][ T9363] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1118'. [ 197.659069][ T9363] hsr0: entered promiscuous mode [ 197.676295][ T9363] macvlan2: entered promiscuous mode [ 197.690949][ T9363] macvlan2: entered allmulticast mode [ 197.697793][ T9363] hsr0: entered allmulticast mode [ 197.708808][ T9363] hsr_slave_0: entered allmulticast mode [ 197.715164][ T9363] hsr_slave_1: entered allmulticast mode [ 197.816915][ T9371] netlink: 'syz.3.1122': attribute type 1 has an invalid length. [ 198.103916][ T9384] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1128'. [ 198.215987][ T9394] netlink: 116 bytes leftover after parsing attributes in process `syz.3.1133'. [ 198.260922][ T9398] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1134'. [ 198.325362][ T9390] lo speed is unknown, defaulting to 1000 [ 198.990268][ T9411] 8021q: adding VLAN 0 to HW filter on device bond4 [ 199.007329][ T9411] bond0: (slave bond4): Enslaving as an active interface with an up link [ 199.373595][ T9427] netlink: 'syz.2.1144': attribute type 2 has an invalid length. [ 200.310634][ T9458] __nla_validate_parse: 7 callbacks suppressed [ 200.310655][ T9458] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1155'. [ 200.756695][ T9485] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1162'. [ 200.777503][ T9485] netlink: 'syz.2.1162': attribute type 2 has an invalid length. [ 200.934777][ T9491] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1165'. [ 201.006771][ T9495] xt_CT: You must specify a L4 protocol and not use inversions on it [ 201.047359][ T9489] lo speed is unknown, defaulting to 1000 [ 201.306871][ T9507] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1170'. [ 201.380461][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802f38c400: rx timeout, send abort [ 201.409329][ T9506] lo speed is unknown, defaulting to 1000 [ 201.874899][ T9519] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1176'. [ 201.888814][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802f38c400: abort rx timeout. Force session deactivation [ 201.933637][ T9518] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1174'. [ 202.110565][ T9528] netlink: 'syz.1.1178': attribute type 10 has an invalid length. [ 202.220723][ T9528] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 202.336622][ T6728] syz1: Port: 1 Link ACTIVE [ 202.483521][ T9540] FAULT_INJECTION: forcing a failure. [ 202.483521][ T9540] name failslab, interval 1, probability 0, space 0, times 0 [ 202.496486][ T9540] CPU: 0 UID: 0 PID: 9540 Comm: syz.4.1182 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 202.496517][ T9540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 202.496531][ T9540] Call Trace: [ 202.496540][ T9540] [ 202.496550][ T9540] dump_stack_lvl+0x189/0x250 [ 202.496590][ T9540] ? __pfx____ratelimit+0x10/0x10 [ 202.496620][ T9540] ? __pfx_dump_stack_lvl+0x10/0x10 [ 202.496647][ T9540] ? __pfx__printk+0x10/0x10 [ 202.496684][ T9540] ? __pfx___might_resched+0x10/0x10 [ 202.496711][ T9540] ? fs_reclaim_acquire+0x7d/0x100 [ 202.496749][ T9540] should_fail_ex+0x414/0x560 [ 202.496788][ T9540] should_failslab+0xa8/0x100 [ 202.496820][ T9540] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 202.496848][ T9540] ? ovs_flow_alloc+0x103/0x1f0 [ 202.496878][ T9540] ovs_flow_alloc+0x103/0x1f0 [ 202.496912][ T9540] ovs_flow_cmd_new+0x1ee/0xd80 [ 202.496941][ T9540] ? netlink_sendmsg+0x751/0xb30 [ 202.496972][ T9540] ? ___sys_sendmsg+0x21f/0x2a0 [ 202.497000][ T9540] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 202.497103][ T9540] ? __nla_parse+0x40/0x60 [ 202.497131][ T9540] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 202.497164][ T9540] genl_family_rcv_msg_doit+0x215/0x300 [ 202.497197][ T9540] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 202.497234][ T9540] ? bpf_lsm_capable+0x9/0x20 [ 202.497259][ T9540] ? security_capable+0x7e/0x2e0 [ 202.497316][ T9540] genl_rcv_msg+0x60e/0x790 [ 202.497345][ T9540] ? __pfx_genl_rcv_msg+0x10/0x10 [ 202.497364][ T9540] ? ref_tracker_free+0x63a/0x7d0 [ 202.497384][ T9540] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 202.497414][ T9540] ? __pfx_ref_tracker_free+0x10/0x10 [ 202.497449][ T9540] netlink_rcv_skb+0x205/0x470 [ 202.497479][ T9540] ? __pfx_genl_rcv_msg+0x10/0x10 [ 202.497504][ T9540] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 202.497553][ T9540] ? down_read+0x1ad/0x2e0 [ 202.497600][ T9540] genl_rcv+0x28/0x40 [ 202.497620][ T9540] netlink_unicast+0x758/0x8d0 [ 202.497660][ T9540] netlink_sendmsg+0x805/0xb30 [ 202.497702][ T9540] ? __pfx_netlink_sendmsg+0x10/0x10 [ 202.497737][ T9540] ? aa_sock_msg_perm+0x94/0x160 [ 202.497772][ T9540] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 202.497792][ T9540] ? __pfx_netlink_sendmsg+0x10/0x10 [ 202.497823][ T9540] __sock_sendmsg+0x219/0x270 [ 202.497854][ T9540] ____sys_sendmsg+0x505/0x830 [ 202.497896][ T9540] ? __pfx_____sys_sendmsg+0x10/0x10 [ 202.497942][ T9540] ? import_iovec+0x74/0xa0 [ 202.497973][ T9540] ___sys_sendmsg+0x21f/0x2a0 [ 202.497997][ T9540] ? __pfx____sys_sendmsg+0x10/0x10 [ 202.498061][ T9540] ? __fget_files+0x2a/0x420 [ 202.498090][ T9540] ? __fget_files+0x3a0/0x420 [ 202.498133][ T9540] __x64_sys_sendmsg+0x19b/0x260 [ 202.498158][ T9540] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 202.498195][ T9540] ? rcu_is_watching+0x15/0xb0 [ 202.498222][ T9540] ? trace_sys_enter+0x25/0x120 [ 202.498251][ T9540] do_syscall_64+0xfa/0x3b0 [ 202.498280][ T9540] ? lockdep_hardirqs_on+0x9c/0x150 [ 202.498308][ T9540] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.498331][ T9540] ? clear_bhb_loop+0x60/0xb0 [ 202.498359][ T9540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.498380][ T9540] RIP: 0033:0x7f18cf18e929 [ 202.498400][ T9540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 202.498420][ T9540] RSP: 002b:00007f18cffb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 202.498442][ T9540] RAX: ffffffffffffffda RBX: 00007f18cf3b5fa0 RCX: 00007f18cf18e929 [ 202.498458][ T9540] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000007 [ 202.498473][ T9540] RBP: 00007f18cffb4090 R08: 0000000000000000 R09: 0000000000000000 [ 202.498486][ T9540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 202.498499][ T9540] R13: 0000000000000000 R14: 00007f18cf3b5fa0 R15: 00007ffd49db55e8 [ 202.498534][ T9540] [ 203.209626][ T9553] Cannot find add_set index 0 as target [ 203.219829][ T9551] dvmrp1: entered allmulticast mode [ 203.241176][ T9554] dvmrp1: left allmulticast mode [ 203.465272][ T9561] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 203.747997][ T9572] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1195'. [ 203.790340][ T9573] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 204.057312][ T9576] lo speed is unknown, defaulting to 1000 [ 204.107111][ T9581] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1197'. [ 204.508239][ T9592] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1199'. [ 204.606927][ T9595] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1200'. [ 205.283198][ T9610] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 205.316658][ T9610] syzkaller1: linktype set to 6 [ 205.377141][ T9613] FAULT_INJECTION: forcing a failure. [ 205.377141][ T9613] name failslab, interval 1, probability 0, space 0, times 0 [ 205.389914][ T9613] CPU: 1 UID: 0 PID: 9613 Comm: syz.3.1207 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 205.389945][ T9613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 205.389959][ T9613] Call Trace: [ 205.389968][ T9613] [ 205.389977][ T9613] dump_stack_lvl+0x189/0x250 [ 205.390010][ T9613] ? __pfx____ratelimit+0x10/0x10 [ 205.390040][ T9613] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.390068][ T9613] ? __pfx__printk+0x10/0x10 [ 205.390115][ T9613] should_fail_ex+0x414/0x560 [ 205.390154][ T9613] should_failslab+0xa8/0x100 [ 205.390194][ T9613] kmem_cache_alloc_noprof+0x73/0x3c0 [ 205.390222][ T9613] ? skb_clone+0x212/0x3a0 [ 205.390249][ T9613] skb_clone+0x212/0x3a0 [ 205.390276][ T9613] bpf_clone_redirect+0xad/0x3d0 [ 205.390314][ T9613] bpf_prog_4a8c2353fb668905+0x65/0x71 [ 205.390342][ T9613] ? ktime_get+0x3e/0x1f0 [ 205.390380][ T9613] ? seqcount_lockdep_reader_access+0x123/0x1c0 [ 205.390410][ T9613] ? lockdep_hardirqs_on+0x9c/0x150 [ 205.390438][ T9613] ? ktime_get+0x3e/0x1f0 [ 205.390465][ T9613] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 205.390503][ T9613] ? __local_bh_disable_ip+0xf1/0x190 [ 205.390529][ T9613] ? __pfx___cant_migrate+0x10/0x10 [ 205.390554][ T9613] ? __local_bh_enable_ip+0x12d/0x1c0 [ 205.390578][ T9613] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 205.390608][ T9613] ? bpf_test_timer_continue+0x136/0x350 [ 205.390645][ T9613] bpf_test_run+0x38e/0x830 [ 205.390686][ T9613] ? bpf_test_run+0x205/0x830 [ 205.390723][ T9613] ? __pfx_bpf_test_run+0x10/0x10 [ 205.390780][ T9613] ? slab_build_skb+0x273/0x3e0 [ 205.390811][ T9613] ? convert___skb_to_skb+0x3d/0x590 [ 205.390842][ T9613] bpf_prog_test_run_skb+0xb30/0x1560 [ 205.390890][ T9613] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 205.390920][ T9613] bpf_prog_test_run+0x2c4/0x340 [ 205.390949][ T9613] __sys_bpf+0x4a4/0x860 [ 205.390973][ T9613] ? __pfx___sys_bpf+0x10/0x10 [ 205.391009][ T9613] ? ksys_write+0x22a/0x250 [ 205.391038][ T9613] ? __pfx_ksys_write+0x10/0x10 [ 205.391061][ T9613] ? rcu_is_watching+0x15/0xb0 [ 205.391096][ T9613] __x64_sys_bpf+0x7c/0x90 [ 205.391130][ T9613] do_syscall_64+0xfa/0x3b0 [ 205.391158][ T9613] ? lockdep_hardirqs_on+0x9c/0x150 [ 205.391194][ T9613] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.391216][ T9613] ? clear_bhb_loop+0x60/0xb0 [ 205.391243][ T9613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.391264][ T9613] RIP: 0033:0x7f185eb8e929 [ 205.391288][ T9613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.391305][ T9613] RSP: 002b:00007f185f987038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 205.391327][ T9613] RAX: ffffffffffffffda RBX: 00007f185edb5fa0 RCX: 00007f185eb8e929 [ 205.391342][ T9613] RDX: 0000000000000023 RSI: 0000200000000240 RDI: 000000000000000a [ 205.391355][ T9613] RBP: 00007f185f987090 R08: 0000000000000000 R09: 0000000000000000 [ 205.391369][ T9613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.391382][ T9613] R13: 0000000000000000 R14: 00007f185edb5fa0 R15: 00007ffe05cbca78 [ 205.391416][ T9613] [ 206.840679][ T9647] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 206.847321][ T9647] syzkaller1: linktype set to 6 [ 206.943203][ T9651] lo speed is unknown, defaulting to 1000 [ 207.462201][ T9662] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1226'. [ 207.498673][ T9662] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1226'. [ 207.656617][ T9668] Cannot find set identified by id 0 to match [ 207.859277][ T9676] rdma_rxe: rxe_newlink: failed to add lo [ 207.932962][ T9677] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1230'. [ 208.034765][ T9674] lo speed is unknown, defaulting to 1000 [ 208.119720][ T9681] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1232'. [ 208.785024][ T9694] lo speed is unknown, defaulting to 1000 [ 209.290250][ T9695] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1235'. [ 209.585533][ T9695] smc: removing ib device syz0 [ 210.230115][ T9710] netlink: 'syz.1.1241': attribute type 1 has an invalid length. [ 210.340772][ T9711] netlink: 26 bytes leftover after parsing attributes in process `syz.1.1241'. [ 211.807093][ T5863] Bluetooth: hci0: command 0x0406 tx timeout [ 211.813918][ T5169] Bluetooth: hci2: command 0x0401 tx timeout [ 211.814714][ T5865] Bluetooth: hci3: command 0x0406 tx timeout [ 211.820000][ T5169] Bluetooth: hci1: command 0x0406 tx timeout [ 211.993094][ T9734] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1247'. [ 212.189918][ T9734] bond3: entered promiscuous mode [ 212.220429][ T9734] 8021q: adding VLAN 0 to HW filter on device bond3 [ 212.493123][ T9745] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1250'. [ 213.083242][ T9761] netlink: 276 bytes leftover after parsing attributes in process `syz.1.1254'. [ 213.199596][ T9760] syzkaller1: entered promiscuous mode [ 213.218772][ T9760] syzkaller1: entered allmulticast mode [ 213.974285][ T9777] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 213.994481][ T9777] syzkaller1: linktype set to 6 [ 214.896208][ T9814] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1276'. [ 214.941676][ T9814] openvswitch: netlink: Flow key attr not present in new flow. [ 214.977975][ T9817] ipvlan0: entered promiscuous mode [ 215.294403][ T9829] syzkaller1: entered promiscuous mode [ 215.304027][ T9829] syzkaller1: entered allmulticast mode [ 215.336527][ T9835] netlink: 276 bytes leftover after parsing attributes in process `syz.3.1284'. [ 215.356516][ T9829] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1282'. [ 215.440295][ T9838] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1282'. [ 215.682010][ T9848] netlink: 'syz.2.1289': attribute type 9 has an invalid length. [ 215.741444][ T9848] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1289'. [ 215.788451][ T9848] macvlan2: entered promiscuous mode [ 215.835238][ T9848] hsr0: entered promiscuous mode [ 215.868054][ T9848] macvlan2: entered allmulticast mode [ 215.911695][ T9848] hsr0: entered allmulticast mode [ 215.931505][ T9848] hsr_slave_0: entered allmulticast mode [ 215.937405][ T9848] hsr_slave_1: entered allmulticast mode [ 215.955507][ T9857] netlink: 276 bytes leftover after parsing attributes in process `syz.0.1291'. [ 216.043070][ T9859] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1293'. [ 216.310168][ T9869] netlink: 'syz.2.1295': attribute type 1 has an invalid length. [ 216.399099][ T9873] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 216.511185][ T9876] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1298'. [ 216.796566][ T9886] vlan0: entered promiscuous mode [ 216.844325][ T9888] openvswitch: netlink: nsh attribute has 65520 unknown bytes. [ 216.903246][ T9888] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 217.146134][ T9893] FAULT_INJECTION: forcing a failure. [ 217.146134][ T9893] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 217.203166][ T9893] CPU: 1 UID: 0 PID: 9893 Comm: syz.3.1303 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 217.203202][ T9893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 217.203215][ T9893] Call Trace: [ 217.203224][ T9893] [ 217.203234][ T9893] dump_stack_lvl+0x189/0x250 [ 217.203267][ T9893] ? __pfx____ratelimit+0x10/0x10 [ 217.203298][ T9893] ? __pfx_dump_stack_lvl+0x10/0x10 [ 217.203325][ T9893] ? __pfx__printk+0x10/0x10 [ 217.203356][ T9893] ? __might_fault+0xb0/0x130 [ 217.203396][ T9893] should_fail_ex+0x414/0x560 [ 217.203435][ T9893] _copy_from_iter+0x1db/0x16f0 [ 217.203463][ T9893] ? rcu_is_watching+0x15/0xb0 [ 217.203499][ T9893] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 217.203529][ T9893] ? __pfx__copy_from_iter+0x10/0x10 [ 217.203554][ T9893] ? __build_skb_around+0x257/0x3e0 [ 217.203590][ T9893] ? netlink_sendmsg+0x642/0xb30 [ 217.203620][ T9893] ? skb_put+0x11b/0x210 [ 217.203654][ T9893] netlink_sendmsg+0x6b2/0xb30 [ 217.203693][ T9893] ? __pfx_netlink_sendmsg+0x10/0x10 [ 217.203722][ T9893] ? aa_sock_msg_perm+0x94/0x160 [ 217.203751][ T9893] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 217.203769][ T9893] ? __pfx_netlink_sendmsg+0x10/0x10 [ 217.203795][ T9893] __sock_sendmsg+0x219/0x270 [ 217.203821][ T9893] ____sys_sendmsg+0x505/0x830 [ 217.203855][ T9893] ? __pfx_____sys_sendmsg+0x10/0x10 [ 217.203893][ T9893] ? import_iovec+0x74/0xa0 [ 217.203919][ T9893] ___sys_sendmsg+0x21f/0x2a0 [ 217.203939][ T9893] ? __pfx____sys_sendmsg+0x10/0x10 [ 217.203993][ T9893] ? __fget_files+0x2a/0x420 [ 217.204017][ T9893] ? __fget_files+0x3a0/0x420 [ 217.204053][ T9893] __x64_sys_sendmsg+0x19b/0x260 [ 217.204073][ T9893] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 217.204101][ T9893] ? __pfx_ksys_write+0x10/0x10 [ 217.204121][ T9893] ? rcu_is_watching+0x15/0xb0 [ 217.204150][ T9893] ? do_syscall_64+0xbe/0x3b0 [ 217.204180][ T9893] do_syscall_64+0xfa/0x3b0 [ 217.204203][ T9893] ? lockdep_hardirqs_on+0x9c/0x150 [ 217.204228][ T9893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.204247][ T9893] ? clear_bhb_loop+0x60/0xb0 [ 217.204269][ T9893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.204287][ T9893] RIP: 0033:0x7f185eb8e929 [ 217.204305][ T9893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.204322][ T9893] RSP: 002b:00007f185f987038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 217.204343][ T9893] RAX: ffffffffffffffda RBX: 00007f185edb5fa0 RCX: 00007f185eb8e929 [ 217.204358][ T9893] RDX: 0000000000004800 RSI: 0000200000000300 RDI: 0000000000000003 [ 217.204370][ T9893] RBP: 00007f185f987090 R08: 0000000000000000 R09: 0000000000000000 [ 217.204381][ T9893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 217.204392][ T9893] R13: 0000000000000000 R14: 00007f185edb5fa0 R15: 00007ffe05cbca78 [ 217.204422][ T9893] [ 217.845193][ T9911] __nla_validate_parse: 2 callbacks suppressed [ 217.845215][ T9911] netlink: 276 bytes leftover after parsing attributes in process `syz.4.1307'. [ 218.050434][ T9917] netlink: 192 bytes leftover after parsing attributes in process `syz.3.1311'. [ 218.544756][ T9930] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1316'. [ 218.696695][ T9933] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1318'. [ 218.782464][ T9934] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1317'. [ 218.826797][ T9936] xt_CT: No such helper "snmp" [ 218.847978][ T9938] xt_CT: No such helper "snmp" [ 218.966556][ T9934] xt_CT: You must specify a L4 protocol and not use inversions on it [ 219.747458][ T9969] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1327'. [ 219.834373][ T9972] FAULT_INJECTION: forcing a failure. [ 219.834373][ T9972] name failslab, interval 1, probability 0, space 0, times 0 [ 219.847235][ T9972] CPU: 0 UID: 0 PID: 9972 Comm: syz.1.1328 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 219.847263][ T9972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 219.847274][ T9972] Call Trace: [ 219.847282][ T9972] [ 219.847290][ T9972] dump_stack_lvl+0x189/0x250 [ 219.847320][ T9972] ? __pfx____ratelimit+0x10/0x10 [ 219.847346][ T9972] ? __pfx_dump_stack_lvl+0x10/0x10 [ 219.847369][ T9972] ? __pfx__printk+0x10/0x10 [ 219.847399][ T9972] ? __pfx___might_resched+0x10/0x10 [ 219.847426][ T9972] should_fail_ex+0x414/0x560 [ 219.847457][ T9972] should_failslab+0xa8/0x100 [ 219.847483][ T9972] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 219.847507][ T9972] ? ovs_nla_get_match+0x3b5/0x18c0 [ 219.847533][ T9972] ? __parse_vlan_from_nlattrs+0x1dc/0x12e0 [ 219.847557][ T9972] kmemdup_noprof+0x2b/0x70 [ 219.847587][ T9972] ovs_nla_get_match+0x3b5/0x18c0 [ 219.847613][ T9972] ? ___sys_sendmsg+0x21f/0x2a0 [ 219.847628][ T9972] ? __x64_sys_sendmsg+0x19b/0x260 [ 219.847653][ T9972] ? __pfx_ovs_nla_get_match+0x10/0x10 [ 219.847710][ T9972] ? __asan_memset+0x22/0x50 [ 219.847733][ T9972] ovs_flow_cmd_new+0x324/0xd80 [ 219.847756][ T9972] ? netlink_sendmsg+0x751/0xb30 [ 219.847790][ T9972] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 219.847869][ T9972] ? __nla_parse+0x40/0x60 [ 219.847891][ T9972] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 219.847918][ T9972] genl_family_rcv_msg_doit+0x215/0x300 [ 219.847944][ T9972] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 219.847979][ T9972] ? bpf_lsm_capable+0x9/0x20 [ 219.848002][ T9972] ? security_capable+0x7e/0x2e0 [ 219.848032][ T9972] genl_rcv_msg+0x60e/0x790 [ 219.848068][ T9972] ? __pfx_genl_rcv_msg+0x10/0x10 [ 219.848084][ T9972] ? ref_tracker_free+0x63a/0x7d0 [ 219.848100][ T9972] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 219.848125][ T9972] ? __pfx_ref_tracker_free+0x10/0x10 [ 219.848155][ T9972] netlink_rcv_skb+0x205/0x470 [ 219.848185][ T9972] ? __pfx_genl_rcv_msg+0x10/0x10 [ 219.848209][ T9972] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 219.848257][ T9972] ? down_read+0x1ad/0x2e0 [ 219.848292][ T9972] genl_rcv+0x28/0x40 [ 219.848310][ T9972] netlink_unicast+0x758/0x8d0 [ 219.848351][ T9972] netlink_sendmsg+0x805/0xb30 [ 219.848392][ T9972] ? __pfx_netlink_sendmsg+0x10/0x10 [ 219.848426][ T9972] ? aa_sock_msg_perm+0x94/0x160 [ 219.848460][ T9972] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 219.848478][ T9972] ? __pfx_netlink_sendmsg+0x10/0x10 [ 219.848504][ T9972] __sock_sendmsg+0x219/0x270 [ 219.848528][ T9972] ____sys_sendmsg+0x505/0x830 [ 219.848561][ T9972] ? __pfx_____sys_sendmsg+0x10/0x10 [ 219.848596][ T9972] ? import_iovec+0x74/0xa0 [ 219.848621][ T9972] ___sys_sendmsg+0x21f/0x2a0 [ 219.848640][ T9972] ? __pfx____sys_sendmsg+0x10/0x10 [ 219.848687][ T9972] ? __fget_files+0x2a/0x420 [ 219.848711][ T9972] ? __fget_files+0x3a0/0x420 [ 219.848743][ T9972] __x64_sys_sendmsg+0x19b/0x260 [ 219.848762][ T9972] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 219.848788][ T9972] ? __pfx_ksys_write+0x10/0x10 [ 219.848806][ T9972] ? rcu_is_watching+0x15/0xb0 [ 219.848831][ T9972] ? do_syscall_64+0xbe/0x3b0 [ 219.848859][ T9972] do_syscall_64+0xfa/0x3b0 [ 219.848882][ T9972] ? lockdep_hardirqs_on+0x9c/0x150 [ 219.848904][ T9972] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.848921][ T9972] ? clear_bhb_loop+0x60/0xb0 [ 219.848942][ T9972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.848959][ T9972] RIP: 0033:0x7f62dd38e929 [ 219.848975][ T9972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 219.848990][ T9972] RSP: 002b:00007f62db1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 219.849009][ T9972] RAX: ffffffffffffffda RBX: 00007f62dd5b5fa0 RCX: 00007f62dd38e929 [ 219.849022][ T9972] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000007 [ 219.849033][ T9972] RBP: 00007f62db1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 219.849049][ T9972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 219.849059][ T9972] R13: 0000000000000000 R14: 00007f62dd5b5fa0 R15: 00007fffc6c38398 [ 219.849086][ T9972] [ 220.459714][ T9983] netlink: 276 bytes leftover after parsing attributes in process `syz.4.1330'. [ 221.309609][T10007] netlink: 'syz.1.1336': attribute type 10 has an invalid length. [ 221.419004][T10007] team0: Device veth0_vlan failed to register rx_handler [ 222.048217][T10022] netlink: 'syz.3.1341': attribute type 1 has an invalid length. [ 222.053011][T10023] netlink: 'syz.3.1341': attribute type 1 has an invalid length. [ 222.066246][T10024] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1339'. [ 222.112953][T10026] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1341'. [ 222.171958][T10023] 8021q: adding VLAN 0 to HW filter on device bond4 [ 222.437713][T10035] netlink: 'syz.2.1345': attribute type 1 has an invalid length. [ 222.491195][T10035] bond4: entered promiscuous mode [ 222.504048][T10035] 8021q: adding VLAN 0 to HW filter on device bond4 [ 222.542382][T10037] 8021q: adding VLAN 0 to HW filter on device bond4 [ 222.557450][T10037] bond4: (slave vcan0): The slave device specified does not support setting the MAC address [ 222.580348][T10037] bond4: (slave vcan0): Setting fail_over_mac to active for active-backup mode [ 222.604554][T10037] bond4: (slave vcan0): making interface the new active one [ 222.612147][T10037] vcan0: entered promiscuous mode [ 222.620069][T10037] bond4: (slave vcan0): Enslaving as an active interface with an up link [ 222.987748][T10057] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1352'. [ 223.344641][T10070] xt_ipcomp: unknown flags F7 [ 223.640236][T10080] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1357'. [ 223.809564][T10087] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1359'. [ 224.098402][T10095] vlan2: entered allmulticast mode [ 224.116309][T10095] bond0: entered allmulticast mode [ 224.193367][T10099] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1364'. [ 224.203779][T10100] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1362'. [ 224.423996][T10102] netlink: 'syz.3.1360': attribute type 1 has an invalid length. [ 224.434633][T10102] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1360'. [ 224.448107][T10102] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1360'. [ 224.547451][T10109] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 224.565602][T10111] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1367'. [ 224.734621][T10115] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1370'. [ 224.874006][T10122] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1372'. [ 224.934933][T10126] FAULT_INJECTION: forcing a failure. [ 224.934933][T10126] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 224.983107][T10126] CPU: 1 UID: 0 PID: 10126 Comm: syz.4.1374 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 224.983140][T10126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 224.983154][T10126] Call Trace: [ 224.983162][T10126] [ 224.983170][T10126] dump_stack_lvl+0x189/0x250 [ 224.983201][T10126] ? __pfx____ratelimit+0x10/0x10 [ 224.983229][T10126] ? __pfx_dump_stack_lvl+0x10/0x10 [ 224.983254][T10126] ? __pfx__printk+0x10/0x10 [ 224.983284][T10126] ? __might_fault+0xb0/0x130 [ 224.983322][T10126] should_fail_ex+0x414/0x560 [ 224.983377][T10126] _copy_from_user+0x2d/0xb0 [ 224.983405][T10126] generic_map_update_batch+0x572/0x7f0 [ 224.983450][T10126] ? __pfx_generic_map_update_batch+0x10/0x10 [ 224.983481][T10126] ? __fget_files+0x2a/0x420 [ 224.983519][T10126] ? __pfx_generic_map_update_batch+0x10/0x10 [ 224.983547][T10126] bpf_map_do_batch+0x369/0x5f0 [ 224.983577][T10126] __sys_bpf+0x384/0x860 [ 224.983600][T10126] ? __pfx___sys_bpf+0x10/0x10 [ 224.983636][T10126] ? ksys_write+0x22a/0x250 [ 224.983672][T10126] ? __pfx_ksys_write+0x10/0x10 [ 224.983707][T10126] ? __task_pid_nr_ns+0x28/0x470 [ 224.983745][T10126] __x64_sys_bpf+0x7c/0x90 [ 224.983777][T10126] do_syscall_64+0xfa/0x3b0 [ 224.983804][T10126] ? lockdep_hardirqs_on+0x9c/0x150 [ 224.983832][T10126] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.983853][T10126] ? clear_bhb_loop+0x60/0xb0 [ 224.983878][T10126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.983898][T10126] RIP: 0033:0x7f18cf18e929 [ 224.983917][T10126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.983936][T10126] RSP: 002b:00007f18cffb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 224.983958][T10126] RAX: ffffffffffffffda RBX: 00007f18cf3b5fa0 RCX: 00007f18cf18e929 [ 224.983991][T10126] RDX: 0000000000000038 RSI: 0000200000000200 RDI: 000000000000001a [ 224.984005][T10126] RBP: 00007f18cffb4090 R08: 0000000000000000 R09: 0000000000000000 [ 224.984019][T10126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 224.984031][T10126] R13: 0000000000000000 R14: 00007f18cf3b5fa0 R15: 00007ffd49db55e8 [ 224.984066][T10126] [ 225.319411][T10133] 8021q: adding VLAN 0 to HW filter on device bond5 [ 225.330213][T10133] bond0: (slave bond5): Enslaving as an active interface with an up link [ 225.579483][T10153] netlink: 'syz.1.1383': attribute type 1 has an invalid length. [ 225.892859][T10172] bond0: (slave bond4): Releasing backup interface [ 226.713922][T10204] 8021q: adding VLAN 0 to HW filter on device bond1 [ 226.776129][T10208] 8021q: adding VLAN 0 to HW filter on device bond1 [ 226.796860][T10208] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 226.847055][T10208] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 226.972973][T10204] macvlan5: entered promiscuous mode [ 226.978347][T10204] macvlan5: entered allmulticast mode [ 227.001860][T10204] bond1: (slave macvlan5): Error -98 calling set_mac_address [ 227.040476][T10212] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 227.201943][T10222] FAULT_INJECTION: forcing a failure. [ 227.201943][T10222] name failslab, interval 1, probability 0, space 0, times 0 [ 227.219676][T10222] CPU: 0 UID: 0 PID: 10222 Comm: syz.1.1408 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 227.219711][T10222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 227.219726][T10222] Call Trace: [ 227.219735][T10222] [ 227.219744][T10222] dump_stack_lvl+0x189/0x250 [ 227.219777][T10222] ? __pfx____ratelimit+0x10/0x10 [ 227.219808][T10222] ? __pfx_dump_stack_lvl+0x10/0x10 [ 227.219835][T10222] ? __pfx__printk+0x10/0x10 [ 227.219880][T10222] should_fail_ex+0x414/0x560 [ 227.219917][T10222] should_failslab+0xa8/0x100 [ 227.219947][T10222] __kmalloc_cache_noprof+0x70/0x3d0 [ 227.219973][T10222] ? sctp_add_bind_addr+0x8c/0x370 [ 227.220004][T10222] sctp_add_bind_addr+0x8c/0x370 [ 227.220038][T10222] sctp_copy_local_addr_list+0x30b/0x4e0 [ 227.220082][T10222] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 227.220109][T10222] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 227.220140][T10222] ? sctp_v4_is_any+0x35/0x60 [ 227.220166][T10222] ? sctp_copy_one_addr+0x93/0x360 [ 227.220197][T10222] sctp_bind_addr_copy+0xb3/0x3c0 [ 227.220224][T10222] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 227.220252][T10222] sctp_connect_new_asoc+0x2e0/0x690 [ 227.220276][T10222] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 227.220305][T10222] ? __local_bh_enable_ip+0x12d/0x1c0 [ 227.220338][T10222] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 227.220381][T10222] ? security_sctp_bind_connect+0x7e/0x2e0 [ 227.220414][T10222] sctp_sendmsg+0x155c/0x2810 [ 227.220459][T10222] ? __pfx_sctp_sendmsg+0x10/0x10 [ 227.220504][T10222] ? aa_sk_perm+0x81e/0x950 [ 227.220541][T10222] ? __pfx_aa_sk_perm+0x10/0x10 [ 227.220574][T10222] ? sock_rps_record_flow+0x19/0x410 [ 227.220604][T10222] ? inet_sendmsg+0x2f4/0x370 [ 227.220634][T10222] __sock_sendmsg+0x19c/0x270 [ 227.220665][T10222] ____sys_sendmsg+0x52d/0x830 [ 227.220704][T10222] ? __pfx_____sys_sendmsg+0x10/0x10 [ 227.220748][T10222] ? import_iovec+0x74/0xa0 [ 227.220778][T10222] ___sys_sendmsg+0x21f/0x2a0 [ 227.220802][T10222] ? __pfx____sys_sendmsg+0x10/0x10 [ 227.220865][T10222] ? __fget_files+0x2a/0x420 [ 227.220894][T10222] ? __fget_files+0x3a0/0x420 [ 227.220936][T10222] __sys_sendmmsg+0x227/0x430 [ 227.220965][T10222] ? __pfx___sys_sendmmsg+0x10/0x10 [ 227.220983][T10222] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 227.221046][T10222] ? ksys_write+0x22a/0x250 [ 227.221075][T10222] ? __pfx_ksys_write+0x10/0x10 [ 227.221098][T10222] ? rcu_is_watching+0x15/0xb0 [ 227.221132][T10222] __x64_sys_sendmmsg+0xa0/0xc0 [ 227.221156][T10222] do_syscall_64+0xfa/0x3b0 [ 227.221186][T10222] ? lockdep_hardirqs_on+0x9c/0x150 [ 227.221215][T10222] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.221237][T10222] ? clear_bhb_loop+0x60/0xb0 [ 227.221265][T10222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.221291][T10222] RIP: 0033:0x7f62dd38e929 [ 227.221310][T10222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.221329][T10222] RSP: 002b:00007f62db1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 227.221352][T10222] RAX: ffffffffffffffda RBX: 00007f62dd5b5fa0 RCX: 00007f62dd38e929 [ 227.221368][T10222] RDX: 0000000000000001 RSI: 0000200000003f40 RDI: 0000000000000003 [ 227.221382][T10222] RBP: 00007f62db1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 227.221396][T10222] R10: 00000000200000d0 R11: 0000000000000246 R12: 0000000000000002 [ 227.221409][T10222] R13: 0000000000000000 R14: 00007f62dd5b5fa0 R15: 00007fffc6c38398 [ 227.221444][T10222] [ 227.754588][ C1] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 16 [ 228.004590][ C1] vcan0: j1939_tp_rxtimer: 0xffff88806ababc00: rx timeout, send abort [ 228.141229][T10249] __nla_validate_parse: 12 callbacks suppressed [ 228.141254][T10249] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1418'. [ 228.174703][T10251] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1419'. [ 228.512901][ C1] vcan0: j1939_tp_rxtimer: 0xffff88806ababc00: abort rx timeout. Force session deactivation [ 228.545309][T10267] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1426'. [ 228.795566][T10273] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1429'. [ 228.808738][T10273] 8021q: VLANs not supported on nlmon0 [ 228.868269][T10271] netlink: 212224 bytes leftover after parsing attributes in process `syz.3.1428'. [ 228.900494][T10271] netlink: 212224 bytes leftover after parsing attributes in process `syz.3.1428'. [ 228.915089][T10271] netlink: 308 bytes leftover after parsing attributes in process `syz.3.1428'. [ 228.960084][T10276] vlan2: entered promiscuous mode [ 228.966422][T10276] macvlan1: entered promiscuous mode [ 229.147111][T10290] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1435'. [ 229.157578][T10290] netlink: 'syz.4.1435': attribute type 7 has an invalid length. [ 229.166770][T10290] netlink: 'syz.4.1435': attribute type 8 has an invalid length. [ 229.179904][T10293] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1433'. [ 229.190534][T10290] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1435'. [ 230.905089][T10339] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 231.256693][T10351] erspan0: entered allmulticast mode [ 231.771161][T10364] vlan3: entered promiscuous mode [ 231.776553][T10364] bond0: entered promiscuous mode [ 231.784704][T10364] bond1: entered promiscuous mode [ 231.794486][T10364] bond5: entered promiscuous mode [ 231.802055][T10364] bond0: (slave vlan3): Opening slave failed [ 232.323723][T10395] FAULT_INJECTION: forcing a failure. [ 232.323723][T10395] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 232.347431][T10395] CPU: 1 UID: 0 PID: 10395 Comm: syz.0.1469 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 232.347468][T10395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 232.347481][T10395] Call Trace: [ 232.347491][T10395] [ 232.347500][T10395] dump_stack_lvl+0x189/0x250 [ 232.347534][T10395] ? __pfx____ratelimit+0x10/0x10 [ 232.347565][T10395] ? __pfx_dump_stack_lvl+0x10/0x10 [ 232.347590][T10395] ? __pfx__printk+0x10/0x10 [ 232.347620][T10395] ? __might_fault+0xb0/0x130 [ 232.347660][T10395] should_fail_ex+0x414/0x560 [ 232.347697][T10395] _copy_from_user+0x2d/0xb0 [ 232.347724][T10395] generic_map_update_batch+0x51b/0x7f0 [ 232.347770][T10395] ? __pfx_generic_map_update_batch+0x10/0x10 [ 232.347798][T10395] ? __fget_files+0x2a/0x420 [ 232.347835][T10395] ? __pfx_generic_map_update_batch+0x10/0x10 [ 232.347863][T10395] bpf_map_do_batch+0x369/0x5f0 [ 232.347893][T10395] __sys_bpf+0x384/0x860 [ 232.347915][T10395] ? __pfx___sys_bpf+0x10/0x10 [ 232.347950][T10395] ? ksys_write+0x22a/0x250 [ 232.347979][T10395] ? __pfx_ksys_write+0x10/0x10 [ 232.348002][T10395] ? rcu_is_watching+0x15/0xb0 [ 232.348036][T10395] __x64_sys_bpf+0x7c/0x90 [ 232.348086][T10395] do_syscall_64+0xfa/0x3b0 [ 232.348121][T10395] ? lockdep_hardirqs_on+0x9c/0x150 [ 232.348150][T10395] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.348172][T10395] ? clear_bhb_loop+0x60/0xb0 [ 232.348198][T10395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.348219][T10395] RIP: 0033:0x7fe20c98e929 [ 232.348238][T10395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.348257][T10395] RSP: 002b:00007fe20d765038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 232.348281][T10395] RAX: ffffffffffffffda RBX: 00007fe20cbb5fa0 RCX: 00007fe20c98e929 [ 232.348298][T10395] RDX: 0000000000000038 RSI: 0000200000000200 RDI: 000000000000001a [ 232.348310][T10395] RBP: 00007fe20d765090 R08: 0000000000000000 R09: 0000000000000000 [ 232.348333][T10395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 232.348346][T10395] R13: 0000000000000000 R14: 00007fe20cbb5fa0 R15: 00007ffeea107178 [ 232.348381][T10395] [ 232.933540][ T5860] Bluetooth: hci4: command 0x0405 tx timeout [ 233.863174][T10412] Cannot find add_set index 0 as target [ 234.029122][T10429] tc_dump_action: action bad kind [ 234.046364][T10429] __nla_validate_parse: 8 callbacks suppressed [ 234.046384][T10429] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1482'. [ 234.361666][T10443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1485'. [ 234.392141][T10443] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1485'. [ 234.399277][T10441] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 234.450790][T10449] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 234.535259][T10441] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 234.737523][T10456] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1489'. [ 234.849780][T10420] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 234.898263][T10465] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1491'. [ 234.988546][T10465] xt_CT: You must specify a L4 protocol and not use inversions on it [ 235.009512][T10470] FAULT_INJECTION: forcing a failure. [ 235.009512][T10470] name failslab, interval 1, probability 0, space 0, times 0 [ 235.032391][T10470] CPU: 0 UID: 0 PID: 10470 Comm: syz.4.1493 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 235.032425][T10470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 235.032439][T10470] Call Trace: [ 235.032448][T10470] [ 235.032457][T10470] dump_stack_lvl+0x189/0x250 [ 235.032488][T10470] ? __pfx____ratelimit+0x10/0x10 [ 235.032519][T10470] ? __pfx_dump_stack_lvl+0x10/0x10 [ 235.032546][T10470] ? __pfx__printk+0x10/0x10 [ 235.032592][T10470] should_fail_ex+0x414/0x560 [ 235.032631][T10470] should_failslab+0xa8/0x100 [ 235.032661][T10470] __kmalloc_cache_noprof+0x70/0x3d0 [ 235.032688][T10470] ? sctp_add_bind_addr+0x8c/0x370 [ 235.032720][T10470] sctp_add_bind_addr+0x8c/0x370 [ 235.032753][T10470] sctp_copy_local_addr_list+0x30b/0x4e0 [ 235.032784][T10470] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 235.032813][T10470] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 235.032868][T10470] ? sctp_v4_is_any+0x35/0x60 [ 235.032894][T10470] ? sctp_copy_one_addr+0x93/0x360 [ 235.032933][T10470] sctp_bind_addr_copy+0xb3/0x3c0 [ 235.032964][T10470] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 235.032994][T10470] sctp_connect_new_asoc+0x2e0/0x690 [ 235.033020][T10470] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 235.033050][T10470] ? __local_bh_enable_ip+0x12d/0x1c0 [ 235.033083][T10470] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 235.033105][T10470] ? security_sctp_bind_connect+0x7e/0x2e0 [ 235.033138][T10470] sctp_sendmsg+0x155c/0x2810 [ 235.033186][T10470] ? __pfx_sctp_sendmsg+0x10/0x10 [ 235.033225][T10470] ? aa_sk_perm+0x81e/0x950 [ 235.033260][T10470] ? __pfx_aa_sk_perm+0x10/0x10 [ 235.033292][T10470] ? sock_rps_record_flow+0x19/0x410 [ 235.033320][T10470] ? inet_sendmsg+0x2f4/0x370 [ 235.033347][T10470] __sock_sendmsg+0x19c/0x270 [ 235.033376][T10470] ____sys_sendmsg+0x52d/0x830 [ 235.033415][T10470] ? __pfx_____sys_sendmsg+0x10/0x10 [ 235.033463][T10470] ? import_iovec+0x74/0xa0 [ 235.033493][T10470] ___sys_sendmsg+0x21f/0x2a0 [ 235.033516][T10470] ? __pfx____sys_sendmsg+0x10/0x10 [ 235.033580][T10470] ? __fget_files+0x2a/0x420 [ 235.033609][T10470] ? __fget_files+0x3a0/0x420 [ 235.033652][T10470] __sys_sendmmsg+0x227/0x430 [ 235.033680][T10470] ? __pfx___sys_sendmmsg+0x10/0x10 [ 235.033697][T10470] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 235.033758][T10470] ? ksys_write+0x22a/0x250 [ 235.033787][T10470] ? __pfx_ksys_write+0x10/0x10 [ 235.033809][T10470] ? rcu_is_watching+0x15/0xb0 [ 235.033843][T10470] __x64_sys_sendmmsg+0xa0/0xc0 [ 235.033868][T10470] do_syscall_64+0xfa/0x3b0 [ 235.033896][T10470] ? lockdep_hardirqs_on+0x9c/0x150 [ 235.033932][T10470] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.033955][T10470] ? clear_bhb_loop+0x60/0xb0 [ 235.033981][T10470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.034001][T10470] RIP: 0033:0x7f18cf18e929 [ 235.034020][T10470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.034036][T10470] RSP: 002b:00007f18cffb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 235.034054][T10470] RAX: ffffffffffffffda RBX: 00007f18cf3b5fa0 RCX: 00007f18cf18e929 [ 235.034067][T10470] RDX: 0000000000000001 RSI: 0000200000003f40 RDI: 0000000000000005 [ 235.034078][T10470] RBP: 00007f18cffb4090 R08: 0000000000000000 R09: 0000000000000000 [ 235.034088][T10470] R10: 00000000200000d0 R11: 0000000000000246 R12: 0000000000000002 [ 235.034099][T10470] R13: 0000000000000000 R14: 00007f18cf3b5fa0 R15: 00007ffd49db55e8 [ 235.034126][T10470] [ 235.781158][T10489] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1499'. [ 235.969393][T10494] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1502'. [ 236.069120][T10506] netlink: 276 bytes leftover after parsing attributes in process `syz.4.1503'. [ 236.231158][T10510] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1505'. [ 236.489396][T10515] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1507'. [ 236.979542][ T5860] Bluetooth: hci4: link tx timeout [ 236.984945][ T5860] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 236.993144][ T5860] Bluetooth: hci4: link tx timeout [ 236.998775][ T5860] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 237.139441][T10535] vlan2: entered promiscuous mode [ 237.170374][T10535] batadv0: entered promiscuous mode [ 237.204613][T10543] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) ! [ 237.532349][T10549] xt_CT: No such helper "snmp_trap" [ 239.091874][ T51] Bluetooth: hci4: command 0x0405 tx timeout [ 239.734933][T10630] __nla_validate_parse: 5 callbacks suppressed [ 239.734956][T10630] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1547'. [ 240.071480][T10644] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1555'. [ 240.582062][T10670] netlink: 596 bytes leftover after parsing attributes in process `syz.4.1569'. [ 241.270510][T10707] netlink: 'syz.1.1584': attribute type 1 has an invalid length. [ 241.308088][T10707] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1584'. [ 242.211458][T10754] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1605'. [ 242.853290][ T5921] IPVS: starting estimator thread 0... [ 242.935679][T10787] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1617'. [ 242.963557][T10783] IPVS: using max 24 ests per chain, 57600 per kthread [ 243.725977][T10822] syzkaller0: entered promiscuous mode [ 243.751502][T10822] syzkaller0: entered allmulticast mode [ 243.870026][T10832] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1639'. [ 244.350645][T10853] netlink: 'syz.4.1648': attribute type 1 has an invalid length. [ 245.795830][T10907] delete_channel: no stack [ 245.853636][T10911] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1670'. [ 247.591061][T10977] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1699'. [ 247.635200][T10977] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1699'. [ 247.753256][T10984] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1704'. [ 247.793879][T10989] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 248.174039][T11009] xt_hashlimit: max too large, truncated to 1048576 [ 248.265028][T11014] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1717'. [ 249.113990][T11046] netlink: 14593 bytes leftover after parsing attributes in process `syz.0.1730'. [ 249.912799][T11072] netlink: 'syz.2.1740': attribute type 1 has an invalid length. [ 249.963070][T11072] netlink: 'syz.2.1740': attribute type 2 has an invalid length. [ 250.234263][T11079] netlink: 'syz.3.1743': attribute type 29 has an invalid length. [ 250.323028][T11086] netlink: 'syz.3.1743': attribute type 29 has an invalid length. [ 250.362794][T11079] netlink: 'syz.3.1743': attribute type 29 has an invalid length. [ 252.206781][T11172] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1787'. [ 254.024292][T11242] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1818'. [ 255.241195][T11286] netlink: 276 bytes leftover after parsing attributes in process `syz.0.1830'. [ 255.320870][T11283] geneve4: entered promiscuous mode [ 255.341985][T11283] geneve4: entered allmulticast mode [ 255.374472][T11261] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1826'. [ 255.413330][T11293] IPVS: set_ctl: invalid protocol: 43 172.30.1.3:20007 [ 255.478588][T11261] netlink: 'syz.4.1826': attribute type 12 has an invalid length. [ 255.553750][ T7951] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 255.592533][ T7951] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.164300][T11312] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1840'. [ 256.679066][T11331] netlink: 276 bytes leftover after parsing attributes in process `syz.4.1847'. [ 257.343297][T11347] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1855'. [ 257.894091][T11362] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1857'. [ 257.907163][T11362] vlan0: entered promiscuous mode [ 258.180444][T11375] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1865'. [ 258.200035][T11376] vlan3: entered allmulticast mode [ 258.216384][T11375] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1865'. [ 258.230444][T11376] bond0: entered allmulticast mode [ 258.237193][T11376] bond1: entered allmulticast mode [ 258.287485][T11376] bond5: entered allmulticast mode [ 258.303404][T11376] bond0: (slave vlan3): Opening slave failed [ 258.512750][T11383] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1866'. [ 258.557629][T11383] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1866'. [ 258.850535][T11396] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1874'. [ 258.973960][T11404] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1876'. [ 259.018269][T11404] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1876'. [ 259.258988][T11420] netlink: 276 bytes leftover after parsing attributes in process `syz.1.1879'. [ 260.262686][T11449] tun0: tun_chr_ioctl cmd 2148553947 [ 260.972592][T11476] tipc: Started in network mode [ 260.977700][T11476] tipc: Node identity f2b7e8804ce9, cluster identity 4711 [ 260.985193][T11476] tipc: Enabled bearer , priority 0 [ 261.002480][T11476] syzkaller0: entered promiscuous mode [ 261.008008][T11476] syzkaller0: entered allmulticast mode [ 261.092114][T11476] tipc: Resetting bearer [ 261.103630][T11475] tipc: Resetting bearer [ 261.146833][T11475] tipc: Disabling bearer [ 262.517032][T11517] Cannot find add_set index 0 as target [ 263.022247][T11523] 8021q: adding VLAN 0 to HW filter on device bond5 [ 263.075907][T11523] bond0: (slave bond5): Enslaving as an active interface with an up link [ 263.468463][T11541] Cannot find add_set index 2 as target [ 263.496811][T11542] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 263.797936][T11554] __nla_validate_parse: 3 callbacks suppressed [ 263.797956][T11554] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1933'. [ 264.577940][T11574] netlink: 'syz.2.1942': attribute type 2 has an invalid length. [ 264.587858][T11574] netlink: 'syz.2.1942': attribute type 8 has an invalid length. [ 264.597060][T11574] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1942'. [ 265.054259][T11592] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1948'. [ 265.100812][ T30] audit: type=1804 audit(1752126647.873:6): pid=11593 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1949" name="/newroot/413/cgroup.controllers" dev="tmpfs" ino=2115 res=1 errno=0 [ 265.161564][ T30] audit: type=1800 audit(1752126647.873:7): pid=11593 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1949" name="cgroup.controllers" dev="tmpfs" ino=2115 res=0 errno=0 [ 266.137098][T11622] netlink: 276 bytes leftover after parsing attributes in process `syz.2.1959'. [ 266.997805][T11661] netlink: 'syz.0.1974': attribute type 21 has an invalid length. [ 267.016976][T11661] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1974'. [ 267.048868][T11661] netlink: 'syz.0.1974': attribute type 4 has an invalid length. [ 267.066830][T11665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1972'. [ 267.095807][T11661] netlink: 'syz.0.1974': attribute type 5 has an invalid length. [ 267.096477][T11665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1972'. [ 267.109566][T11661] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1974'. [ 267.129173][T11662] ip_vti0: mtu less than device minimum [ 267.773367][T11699] FAULT_INJECTION: forcing a failure. [ 267.773367][T11699] name failslab, interval 1, probability 0, space 0, times 0 [ 267.807213][T11699] CPU: 0 UID: 0 PID: 11699 Comm: syz.3.1989 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 267.807245][T11699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 267.807259][T11699] Call Trace: [ 267.807267][T11699] [ 267.807277][T11699] dump_stack_lvl+0x189/0x250 [ 267.807308][T11699] ? __pfx____ratelimit+0x10/0x10 [ 267.807337][T11699] ? __pfx_dump_stack_lvl+0x10/0x10 [ 267.807380][T11699] ? __pfx__printk+0x10/0x10 [ 267.807427][T11699] should_fail_ex+0x414/0x560 [ 267.807466][T11699] should_failslab+0xa8/0x100 [ 267.807498][T11699] __kmalloc_cache_noprof+0x70/0x3d0 [ 267.807526][T11699] ? sctp_add_bind_addr+0x8c/0x370 [ 267.807561][T11699] sctp_add_bind_addr+0x8c/0x370 [ 267.807594][T11699] sctp_copy_local_addr_list+0x30b/0x4e0 [ 267.807627][T11699] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 267.807663][T11699] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 267.807697][T11699] ? sctp_v4_is_any+0x35/0x60 [ 267.807726][T11699] ? sctp_copy_one_addr+0x93/0x360 [ 267.807759][T11699] sctp_bind_addr_copy+0xb3/0x3c0 [ 267.807790][T11699] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 267.807819][T11699] sctp_connect_new_asoc+0x2e0/0x690 [ 267.807844][T11699] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 267.807877][T11699] ? __local_bh_enable_ip+0x12d/0x1c0 [ 267.807911][T11699] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 267.807934][T11699] ? security_sctp_bind_connect+0x7e/0x2e0 [ 267.807966][T11699] sctp_sendmsg+0x155c/0x2810 [ 267.808015][T11699] ? __pfx_sctp_sendmsg+0x10/0x10 [ 267.808053][T11699] ? aa_sk_perm+0x81e/0x950 [ 267.808089][T11699] ? __pfx_aa_sk_perm+0x10/0x10 [ 267.808124][T11699] ? sock_rps_record_flow+0x19/0x410 [ 267.808153][T11699] ? inet_sendmsg+0x2f4/0x370 [ 267.808183][T11699] __sock_sendmsg+0x19c/0x270 [ 267.808215][T11699] ____sys_sendmsg+0x52d/0x830 [ 267.808257][T11699] ? __pfx_____sys_sendmsg+0x10/0x10 [ 267.808303][T11699] ? import_iovec+0x74/0xa0 [ 267.808333][T11699] ___sys_sendmsg+0x21f/0x2a0 [ 267.808357][T11699] ? __pfx____sys_sendmsg+0x10/0x10 [ 267.808421][T11699] ? __fget_files+0x2a/0x420 [ 267.808451][T11699] ? __fget_files+0x3a0/0x420 [ 267.808493][T11699] __sys_sendmmsg+0x227/0x430 [ 267.808522][T11699] ? __pfx___sys_sendmmsg+0x10/0x10 [ 267.808540][T11699] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 267.808602][T11699] ? ksys_write+0x22a/0x250 [ 267.808631][T11699] ? __pfx_ksys_write+0x10/0x10 [ 267.808661][T11699] ? rcu_is_watching+0x15/0xb0 [ 267.808695][T11699] __x64_sys_sendmmsg+0xa0/0xc0 [ 267.808719][T11699] do_syscall_64+0xfa/0x3b0 [ 267.808748][T11699] ? lockdep_hardirqs_on+0x9c/0x150 [ 267.808777][T11699] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.808799][T11699] ? clear_bhb_loop+0x60/0xb0 [ 267.808826][T11699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.808847][T11699] RIP: 0033:0x7f185eb8e929 [ 267.808866][T11699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 267.808884][T11699] RSP: 002b:00007f185f987038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 267.808908][T11699] RAX: ffffffffffffffda RBX: 00007f185edb5fa0 RCX: 00007f185eb8e929 [ 267.808924][T11699] RDX: 0000000000000001 RSI: 0000200000003f40 RDI: 0000000000000003 [ 267.808938][T11699] RBP: 00007f185f987090 R08: 0000000000000000 R09: 0000000000000000 [ 267.808952][T11699] R10: 00000000200000d0 R11: 0000000000000246 R12: 0000000000000002 [ 267.808966][T11699] R13: 0000000000000000 R14: 00007f185edb5fa0 R15: 00007ffe05cbca78 [ 267.809001][T11699] [ 268.268187][T11707] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1993'. [ 268.278933][T11707] 8021q: VLANs not supported on nlmon0 [ 268.323696][T11708] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1990'. [ 268.473746][T11713] xt_CT: You must specify a L4 protocol and not use inversions on it [ 268.828828][T11735] __nla_validate_parse: 2 callbacks suppressed [ 268.828851][T11735] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2001'. [ 268.883546][T11735] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2001'. [ 268.968888][T11741] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2006'. [ 269.879362][T11784] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2026'. [ 270.197198][T11803] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2032'. [ 270.306449][T11808] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2030'. [ 270.323121][T11808] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2030'. [ 272.439134][T11882] netlink: 248 bytes leftover after parsing attributes in process `syz.2.2060'. [ 272.737122][T11899] FAULT_INJECTION: forcing a failure. [ 272.737122][T11899] name failslab, interval 1, probability 0, space 0, times 0 [ 272.750918][T11899] CPU: 1 UID: 0 PID: 11899 Comm: syz.1.2067 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 272.750951][T11899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 272.750966][T11899] Call Trace: [ 272.750975][T11899] [ 272.750984][T11899] dump_stack_lvl+0x189/0x250 [ 272.751016][T11899] ? __pfx____ratelimit+0x10/0x10 [ 272.751095][T11899] ? __pfx_dump_stack_lvl+0x10/0x10 [ 272.751123][T11899] ? __pfx__printk+0x10/0x10 [ 272.751159][T11899] ? __pfx___might_resched+0x10/0x10 [ 272.751184][T11899] ? fs_reclaim_acquire+0x7d/0x100 [ 272.751221][T11899] should_fail_ex+0x414/0x560 [ 272.751264][T11899] should_failslab+0xa8/0x100 [ 272.751295][T11899] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 272.751323][T11899] ? __alloc_skb+0x112/0x2d0 [ 272.751358][T11899] __alloc_skb+0x112/0x2d0 [ 272.751394][T11899] netlink_ack+0x146/0xa50 [ 272.751419][T11899] ? __pfx_genl_rcv_msg+0x10/0x10 [ 272.751439][T11899] ? ref_tracker_free+0x63a/0x7d0 [ 272.751462][T11899] ? __pfx_ref_tracker_free+0x10/0x10 [ 272.751495][T11899] netlink_rcv_skb+0x28c/0x470 [ 272.751524][T11899] ? __pfx_genl_rcv_msg+0x10/0x10 [ 272.751546][T11899] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 272.751594][T11899] ? down_read+0x1ad/0x2e0 [ 272.751628][T11899] genl_rcv+0x28/0x40 [ 272.751647][T11899] netlink_unicast+0x758/0x8d0 [ 272.751685][T11899] netlink_sendmsg+0x805/0xb30 [ 272.751725][T11899] ? __pfx_netlink_sendmsg+0x10/0x10 [ 272.751759][T11899] ? aa_sock_msg_perm+0x94/0x160 [ 272.751794][T11899] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 272.751814][T11899] ? __pfx_netlink_sendmsg+0x10/0x10 [ 272.751845][T11899] __sock_sendmsg+0x219/0x270 [ 272.751875][T11899] ____sys_sendmsg+0x505/0x830 [ 272.751916][T11899] ? __pfx_____sys_sendmsg+0x10/0x10 [ 272.751962][T11899] ? import_iovec+0x74/0xa0 [ 272.751992][T11899] ___sys_sendmsg+0x21f/0x2a0 [ 272.752016][T11899] ? __pfx____sys_sendmsg+0x10/0x10 [ 272.752088][T11899] ? __fget_files+0x2a/0x420 [ 272.752117][T11899] ? __fget_files+0x3a0/0x420 [ 272.752160][T11899] __x64_sys_sendmsg+0x19b/0x260 [ 272.752184][T11899] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 272.752217][T11899] ? __pfx_ksys_write+0x10/0x10 [ 272.752240][T11899] ? rcu_is_watching+0x15/0xb0 [ 272.752272][T11899] ? do_syscall_64+0xbe/0x3b0 [ 272.752307][T11899] do_syscall_64+0xfa/0x3b0 [ 272.752336][T11899] ? lockdep_hardirqs_on+0x9c/0x150 [ 272.752363][T11899] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.752385][T11899] ? clear_bhb_loop+0x60/0xb0 [ 272.752413][T11899] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.752433][T11899] RIP: 0033:0x7f62dd38e929 [ 272.752453][T11899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.752473][T11899] RSP: 002b:00007f62db1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 272.752496][T11899] RAX: ffffffffffffffda RBX: 00007f62dd5b5fa0 RCX: 00007f62dd38e929 [ 272.752512][T11899] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000007 [ 272.752526][T11899] RBP: 00007f62db1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 272.752539][T11899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 272.752551][T11899] R13: 0000000000000000 R14: 00007f62dd5b5fa0 R15: 00007fffc6c38398 [ 272.752586][T11899] [ 273.441795][T11917] netlink: 276 bytes leftover after parsing attributes in process `syz.1.2070'. [ 273.940170][T11936] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.2079'. [ 274.185274][T11941] IPVS: persistence engine module ip_vs_pe_ not found [ 274.248580][T11949] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2083'. [ 274.430621][T11955] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2085'. [ 275.087751][T11985] netlink: 276 bytes leftover after parsing attributes in process `syz.4.2094'. [ 275.118221][T11987] netlink: 276 bytes leftover after parsing attributes in process `syz.1.2095'. [ 275.328047][T11993] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2096'. [ 275.501697][T11996] netlink: 'syz.0.2098': attribute type 1 has an invalid length. [ 276.010541][T12017] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2104'. [ 276.035933][T12017] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2104'. [ 276.089771][T12024] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2108'. [ 276.127562][T12025] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.2107'. [ 277.519136][T12079] FAULT_INJECTION: forcing a failure. [ 277.519136][T12079] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 277.537993][T12079] CPU: 1 UID: 0 PID: 12079 Comm: syz.1.2131 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 277.538027][T12079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 277.538041][T12079] Call Trace: [ 277.538050][T12079] [ 277.538059][T12079] dump_stack_lvl+0x189/0x250 [ 277.538092][T12079] ? __pfx____ratelimit+0x10/0x10 [ 277.538122][T12079] ? __pfx_dump_stack_lvl+0x10/0x10 [ 277.538149][T12079] ? __pfx__printk+0x10/0x10 [ 277.538180][T12079] ? __might_fault+0xb0/0x130 [ 277.538220][T12079] should_fail_ex+0x414/0x560 [ 277.538258][T12079] _copy_from_user+0x2d/0xb0 [ 277.538286][T12079] generic_map_update_batch+0x51b/0x7f0 [ 277.538331][T12079] ? __pfx_generic_map_update_batch+0x10/0x10 [ 277.538361][T12079] ? __fget_files+0x2a/0x420 [ 277.538399][T12079] ? __pfx_generic_map_update_batch+0x10/0x10 [ 277.538428][T12079] bpf_map_do_batch+0x369/0x5f0 [ 277.538459][T12079] __sys_bpf+0x384/0x860 [ 277.538482][T12079] ? __pfx___sys_bpf+0x10/0x10 [ 277.538518][T12079] ? ksys_write+0x22a/0x250 [ 277.538547][T12079] ? __pfx_ksys_write+0x10/0x10 [ 277.538570][T12079] ? rcu_is_watching+0x15/0xb0 [ 277.538604][T12079] __x64_sys_bpf+0x7c/0x90 [ 277.538637][T12079] do_syscall_64+0xfa/0x3b0 [ 277.538678][T12079] ? lockdep_hardirqs_on+0x9c/0x150 [ 277.538707][T12079] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.538729][T12079] ? clear_bhb_loop+0x60/0xb0 [ 277.538755][T12079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.538777][T12079] RIP: 0033:0x7f62dd38e929 [ 277.538796][T12079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 277.538815][T12079] RSP: 002b:00007f62db1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 277.538838][T12079] RAX: ffffffffffffffda RBX: 00007f62dd5b5fa0 RCX: 00007f62dd38e929 [ 277.538854][T12079] RDX: 0000000000000038 RSI: 0000200000000200 RDI: 000000000000001a [ 277.538868][T12079] RBP: 00007f62db1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 277.538882][T12079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 277.538894][T12079] R13: 0000000000000000 R14: 00007f62dd5b5fa0 R15: 00007fffc6c38398 [ 277.538929][T12079] [ 278.382003][T12112] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 278.437997][T12114] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 278.920579][T12136] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 279.130181][T12144] netlink: 'syz.4.2156': attribute type 10 has an invalid length. [ 279.173247][T12145] __nla_validate_parse: 7 callbacks suppressed [ 279.173272][T12145] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2155'. [ 279.204670][T12144] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 279.223665][T12145] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2155'. [ 279.237979][T12144] batadv0: entered allmulticast mode [ 279.258225][T12144] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 279.296291][ T6730] srz1: Port: 1 Link ACTIVE [ 280.028258][T12170] 8021q: adding VLAN 0 to HW filter on device bond5 [ 280.039165][T12170] bond0: (slave bond5): Enslaving as an active interface with an up link [ 280.183485][T12180] netlink: 276 bytes leftover after parsing attributes in process `syz.4.2169'. [ 280.442039][ T5860] Bluetooth: hci0: command tx timeout [ 280.533195][T12191] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2175'. [ 280.749379][T12204] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2176'. [ 280.763624][T12204] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2176'. [ 280.806497][T12205] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2179'. [ 281.074611][T12217] netlink: 276 bytes leftover after parsing attributes in process `syz.0.2184'. [ 281.085845][T12219] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2185'. [ 281.689200][T12236] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.2190'. [ 282.844000][T12276] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 283.471608][T12308] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 284.380622][T12348] __nla_validate_parse: 8 callbacks suppressed [ 284.380643][T12348] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2235'. [ 284.416627][T12350] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 284.638058][T12358] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2240'. [ 284.749762][T12363] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2239'. [ 284.799388][T12365] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2243'. [ 284.872015][T12363] xt_CT: You must specify a L4 protocol and not use inversions on it [ 284.922951][ T5860] Bluetooth: hci0: command tx timeout [ 284.965524][T12375] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.2245'. [ 285.042274][T12377] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2246'. [ 285.052636][T12377] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2246'. [ 285.062394][T12377] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2246'. [ 285.099427][T12376] hsr0: left allmulticast mode [ 285.106328][T12376] hsr_slave_0: left allmulticast mode [ 285.113227][T12376] hsr_slave_1: left allmulticast mode [ 285.118746][T12376] hsr0: left promiscuous mode [ 285.187911][T12380] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2246'. [ 285.260850][T12382] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 285.522062][T12392] netlink: 276 bytes leftover after parsing attributes in process `syz.3.2249'. [ 286.585232][T12421] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 287.005400][T12437] xt_hashlimit: size too large, truncated to 1048576 [ 287.324157][ T51] Bluetooth: hci0: command tx timeout [ 287.349708][T12449] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 287.563987][T12455] 8021q: VLANs not supported on nlmon0 [ 288.109797][T12490] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 288.144067][T12492] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 288.188366][T12494] x_tables: duplicate underflow at hook 1 [ 289.401727][ T5860] Bluetooth: hci0: command tx timeout [ 289.539250][T12560] __nla_validate_parse: 6 callbacks suppressed [ 289.539268][T12560] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2317'. [ 289.683528][T12567] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2319'. [ 289.712068][T12567] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2319'. [ 290.194413][T12583] tipc: Started in network mode [ 290.216204][T12583] tipc: Node identity ac14142a, cluster identity 4711 [ 290.313125][T12583] tipc: Enabled bearer , priority 10 [ 290.331899][T12590] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2330'. [ 290.353464][T12588] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2328'. [ 290.377175][T12588] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2328'. [ 291.421491][ T6707] tipc: Node number set to 2886997034 [ 291.615816][T12641] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2352'. [ 291.638007][T12642] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2350'. [ 291.668183][T12642] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2350'. [ 292.794022][T12680] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2367'. [ 292.823467][T12683] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 292.830334][T12683] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 293.576998][T12718] dvmrp0: entered allmulticast mode [ 294.263400][T12743] FAULT_INJECTION: forcing a failure. [ 294.263400][T12743] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 294.295599][T12743] CPU: 1 UID: 0 PID: 12743 Comm: syz.0.2391 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 294.295634][T12743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 294.295648][T12743] Call Trace: [ 294.295656][T12743] [ 294.295666][T12743] dump_stack_lvl+0x189/0x250 [ 294.295699][T12743] ? __pfx____ratelimit+0x10/0x10 [ 294.295729][T12743] ? __pfx_dump_stack_lvl+0x10/0x10 [ 294.295756][T12743] ? __pfx__printk+0x10/0x10 [ 294.295787][T12743] ? __might_fault+0xb0/0x130 [ 294.295827][T12743] should_fail_ex+0x414/0x560 [ 294.295865][T12743] _copy_from_user+0x2d/0xb0 [ 294.295892][T12743] ___sys_sendmsg+0x158/0x2a0 [ 294.295915][T12743] ? __pfx____sys_sendmsg+0x10/0x10 [ 294.295972][T12743] ? __fget_files+0x2a/0x420 [ 294.296002][T12743] ? __fget_files+0x3a0/0x420 [ 294.296044][T12743] __x64_sys_sendmsg+0x19b/0x260 [ 294.296068][T12743] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 294.296100][T12743] ? __pfx_ksys_write+0x10/0x10 [ 294.296133][T12743] ? do_syscall_64+0xbe/0x3b0 [ 294.296169][T12743] do_syscall_64+0xfa/0x3b0 [ 294.296196][T12743] ? lockdep_hardirqs_on+0x9c/0x150 [ 294.296224][T12743] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.296245][T12743] ? clear_bhb_loop+0x60/0xb0 [ 294.296273][T12743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.296294][T12743] RIP: 0033:0x7fe20c98e929 [ 294.296315][T12743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 294.296334][T12743] RSP: 002b:00007fe20d765038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 294.296357][T12743] RAX: ffffffffffffffda RBX: 00007fe20cbb5fa0 RCX: 00007fe20c98e929 [ 294.296373][T12743] RDX: 0000000022044800 RSI: 0000200000000400 RDI: 0000000000000003 [ 294.296402][T12743] RBP: 00007fe20d765090 R08: 0000000000000000 R09: 0000000000000000 [ 294.296416][T12743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 294.296428][T12743] R13: 0000000000000000 R14: 00007fe20cbb5fa0 R15: 00007ffeea107178 [ 294.296462][T12743] [ 294.579530][T12748] __nla_validate_parse: 6 callbacks suppressed [ 294.579552][T12748] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2393'. [ 294.765913][T12760] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2398'. [ 294.776865][T12760] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2398'. [ 295.165977][T12773] vlan3: entered promiscuous mode [ 295.194643][T12773] vlan3: entered allmulticast mode [ 295.590024][T12795] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 295.728897][T12800] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2417'. [ 296.330371][T12834] bond6: entered promiscuous mode [ 296.336667][T12834] bond6: entered allmulticast mode [ 296.345886][T12834] 8021q: adding VLAN 0 to HW filter on device bond6 [ 297.072204][T12863] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 297.848073][T12896] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 299.437065][T12949] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2475'. [ 299.463940][T12949] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2475'. [ 299.653482][T12957] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2479'. [ 299.675941][T12957] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2479'. [ 299.966848][T12963] sctp: [Deprecated]: syz.4.2482 (pid 12963) Use of int in max_burst socket option. [ 299.966848][T12963] Use struct sctp_assoc_value instead [ 300.258899][T12980] FAULT_INJECTION: forcing a failure. [ 300.258899][T12980] name failslab, interval 1, probability 0, space 0, times 0 [ 300.274258][T12980] CPU: 0 UID: 0 PID: 12980 Comm: syz.0.2488 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 300.274292][T12980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 300.274306][T12980] Call Trace: [ 300.274315][T12980] [ 300.274324][T12980] dump_stack_lvl+0x189/0x250 [ 300.274358][T12980] ? __pfx____ratelimit+0x10/0x10 [ 300.274388][T12980] ? __pfx_dump_stack_lvl+0x10/0x10 [ 300.274414][T12980] ? __pfx__printk+0x10/0x10 [ 300.274461][T12980] should_fail_ex+0x414/0x560 [ 300.274500][T12980] should_failslab+0xa8/0x100 [ 300.274533][T12980] __kmalloc_cache_noprof+0x70/0x3d0 [ 300.274560][T12980] ? sctp_add_bind_addr+0x8c/0x370 [ 300.274594][T12980] sctp_add_bind_addr+0x8c/0x370 [ 300.274628][T12980] sctp_copy_local_addr_list+0x30b/0x4e0 [ 300.274661][T12980] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 300.274690][T12980] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 300.274724][T12980] ? sctp_v4_is_any+0x35/0x60 [ 300.274752][T12980] ? sctp_copy_one_addr+0x93/0x360 [ 300.274785][T12980] sctp_bind_addr_copy+0xb3/0x3c0 [ 300.274816][T12980] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 300.274844][T12980] sctp_connect_new_asoc+0x2e0/0x690 [ 300.274868][T12980] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 300.274900][T12980] ? __local_bh_enable_ip+0x12d/0x1c0 [ 300.274931][T12980] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 300.274952][T12980] ? security_sctp_bind_connect+0x7e/0x2e0 [ 300.274984][T12980] sctp_sendmsg+0x155c/0x2810 [ 300.275031][T12980] ? __pfx_sctp_sendmsg+0x10/0x10 [ 300.275077][T12980] ? aa_sk_perm+0x81e/0x950 [ 300.275114][T12980] ? __pfx_aa_sk_perm+0x10/0x10 [ 300.275147][T12980] ? sock_rps_record_flow+0x19/0x410 [ 300.275176][T12980] ? inet_sendmsg+0x2f4/0x370 [ 300.275205][T12980] __sock_sendmsg+0x19c/0x270 [ 300.275242][T12980] ____sys_sendmsg+0x52d/0x830 [ 300.275284][T12980] ? __pfx_____sys_sendmsg+0x10/0x10 [ 300.275330][T12980] ? import_iovec+0x74/0xa0 [ 300.275361][T12980] ___sys_sendmsg+0x21f/0x2a0 [ 300.275385][T12980] ? __pfx____sys_sendmsg+0x10/0x10 [ 300.275461][T12980] ? __fget_files+0x2a/0x420 [ 300.275490][T12980] ? __fget_files+0x3a0/0x420 [ 300.275530][T12980] __sys_sendmmsg+0x227/0x430 [ 300.275557][T12980] ? __pfx___sys_sendmmsg+0x10/0x10 [ 300.275574][T12980] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 300.275652][T12980] ? ksys_write+0x22a/0x250 [ 300.275681][T12980] ? __pfx_ksys_write+0x10/0x10 [ 300.275704][T12980] ? rcu_is_watching+0x15/0xb0 [ 300.275735][T12980] __x64_sys_sendmmsg+0xa0/0xc0 [ 300.275755][T12980] do_syscall_64+0xfa/0x3b0 [ 300.275778][T12980] ? lockdep_hardirqs_on+0x9c/0x150 [ 300.275805][T12980] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.275827][T12980] ? clear_bhb_loop+0x60/0xb0 [ 300.275853][T12980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.275874][T12980] RIP: 0033:0x7fe20c98e929 [ 300.275896][T12980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 300.275915][T12980] RSP: 002b:00007fe20d765038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 300.275938][T12980] RAX: ffffffffffffffda RBX: 00007fe20cbb5fa0 RCX: 00007fe20c98e929 [ 300.275955][T12980] RDX: 0000000000000001 RSI: 0000200000003f40 RDI: 0000000000000005 [ 300.275969][T12980] RBP: 00007fe20d765090 R08: 0000000000000000 R09: 0000000000000000 [ 300.275982][T12980] R10: 00000000200000d0 R11: 0000000000000246 R12: 0000000000000002 [ 300.275995][T12980] R13: 0000000000000000 R14: 00007fe20cbb5fa0 R15: 00007ffeea107178 [ 300.276031][T12980] [ 300.870217][T12991] bond0: (slave bond5): Releasing backup interface [ 300.929381][T12993] x_tables: duplicate underflow at hook 1 [ 301.034355][T12999] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.077629][T12999] netdevsim netdevsim4 eth3 (unregistering): unset [1, 1] type 2 family 0 port 56487 - 0 [ 301.164499][T13010] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2500'. [ 301.180110][T13010] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2500'. [ 301.228156][T12999] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.248522][T12999] netdevsim netdevsim4 eth2 (unregistering): unset [1, 1] type 2 family 0 port 56487 - 0 [ 301.332466][T12999] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.343729][T12999] netdevsim netdevsim4 eth1 (unregistering): unset [1, 1] type 2 family 0 port 56487 - 0 [ 301.418584][T12999] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.429928][T12999] netdevsim netdevsim4 eth0 (unregistering): unset [1, 1] type 2 family 0 port 56487 - 0 [ 301.528385][ T13] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 56487 - 0 [ 301.537620][ T13] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 301.557094][ T7955] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 56487 - 0 [ 301.576656][ T7955] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 301.599335][ T7955] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 56487 - 0 [ 301.617602][ T7955] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 301.636895][ T7955] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 56487 - 0 [ 301.650040][ T7955] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 302.425210][T13046] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2514'. [ 302.817098][T13058] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2519'. [ 302.832562][T13058] block nbd0: not configured, cannot reconfigure [ 304.235015][T13110] sctp: [Deprecated]: syz.0.2541 (pid 13110) Use of struct sctp_assoc_value in delayed_ack socket option. [ 304.235015][T13110] Use struct sctp_sack_info instead [ 304.284990][T13112] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2542'. [ 304.301065][T13112] 8021q: VLANs not supported on nlmon0 [ 304.322991][T13116] netlink: 'syz.4.2543': attribute type 2 has an invalid length. [ 304.344067][T13116] netlink: 244 bytes leftover after parsing attributes in process `syz.4.2543'. [ 305.001018][T13144] netlink: 248 bytes leftover after parsing attributes in process `syz.1.2557'. [ 305.425809][T13169] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2565'. [ 305.928800][T13192] netlink: 'syz.4.2576': attribute type 10 has an invalid length. [ 305.935851][T13185] netlink: 'syz.3.2573': attribute type 41 has an invalid length. [ 305.942364][T13192] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2576'. [ 305.954176][T13185] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2573'. [ 305.975025][T13192] bridge0: port 1(dummy0) entered blocking state [ 305.984013][T13192] bridge0: port 1(dummy0) entered disabled state [ 305.990690][T13192] dummy0: entered allmulticast mode [ 306.005606][T13192] dummy0: entered promiscuous mode [ 306.018493][T13192] bridge0: port 1(dummy0) entered blocking state [ 306.025214][T13192] bridge0: port 1(dummy0) entered forwarding state [ 306.212041][T13199] FAULT_INJECTION: forcing a failure. [ 306.212041][T13199] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 306.261394][T13199] CPU: 0 UID: 0 PID: 13199 Comm: syz.3.2578 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 306.261428][T13199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 306.261452][T13199] Call Trace: [ 306.261462][T13199] [ 306.261471][T13199] dump_stack_lvl+0x189/0x250 [ 306.261502][T13199] ? __pfx____ratelimit+0x10/0x10 [ 306.261533][T13199] ? __pfx_dump_stack_lvl+0x10/0x10 [ 306.261563][T13199] ? __pfx__printk+0x10/0x10 [ 306.261594][T13199] ? __might_fault+0xb0/0x130 [ 306.261656][T13199] should_fail_ex+0x414/0x560 [ 306.261695][T13199] _copy_from_user+0x2d/0xb0 [ 306.261722][T13199] ___sys_sendmsg+0x158/0x2a0 [ 306.261755][T13199] ? __pfx____sys_sendmsg+0x10/0x10 [ 306.261817][T13199] ? __fget_files+0x2a/0x420 [ 306.261847][T13199] ? __fget_files+0x3a0/0x420 [ 306.261887][T13199] __x64_sys_sendmsg+0x19b/0x260 [ 306.261910][T13199] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 306.261942][T13199] ? __pfx_ksys_write+0x10/0x10 [ 306.261966][T13199] ? rcu_is_watching+0x15/0xb0 [ 306.261998][T13199] ? do_syscall_64+0xbe/0x3b0 [ 306.262031][T13199] do_syscall_64+0xfa/0x3b0 [ 306.262059][T13199] ? lockdep_hardirqs_on+0x9c/0x150 [ 306.262086][T13199] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.262107][T13199] ? clear_bhb_loop+0x60/0xb0 [ 306.262135][T13199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.262156][T13199] RIP: 0033:0x7f185eb8e929 [ 306.262176][T13199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 306.262195][T13199] RSP: 002b:00007f185f987038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 306.262218][T13199] RAX: ffffffffffffffda RBX: 00007f185edb5fa0 RCX: 00007f185eb8e929 [ 306.262233][T13199] RDX: 0000000000048000 RSI: 0000200000000080 RDI: 0000000000000003 [ 306.262248][T13199] RBP: 00007f185f987090 R08: 0000000000000000 R09: 0000000000000000 [ 306.262261][T13199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 306.262274][T13199] R13: 0000000000000000 R14: 00007f185edb5fa0 R15: 00007ffe05cbca78 [ 306.262309][T13199] [ 306.476785][T13196] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2576'. [ 306.711069][T13207] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2582'. [ 307.121505][T13222] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 307.249214][T13228] FAULT_INJECTION: forcing a failure. [ 307.249214][T13228] name failslab, interval 1, probability 0, space 0, times 0 [ 307.341793][T13228] CPU: 0 UID: 0 PID: 13228 Comm: syz.0.2590 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 307.341828][T13228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 307.341842][T13228] Call Trace: [ 307.341850][T13228] [ 307.341860][T13228] dump_stack_lvl+0x189/0x250 [ 307.341893][T13228] ? __pfx____ratelimit+0x10/0x10 [ 307.341923][T13228] ? __pfx_dump_stack_lvl+0x10/0x10 [ 307.341950][T13228] ? __pfx__printk+0x10/0x10 [ 307.341988][T13228] ? __pfx___might_resched+0x10/0x10 [ 307.342014][T13228] ? fs_reclaim_acquire+0x7d/0x100 [ 307.342052][T13228] should_fail_ex+0x414/0x560 [ 307.342092][T13228] should_failslab+0xa8/0x100 [ 307.342122][T13228] __kmalloc_noprof+0xcb/0x4f0 [ 307.342147][T13228] ? kfree+0x4d/0x440 [ 307.342168][T13228] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 307.342196][T13228] tomoyo_realpath_from_path+0xe3/0x5d0 [ 307.342220][T13228] ? tomoyo_domain+0xd9/0x130 [ 307.342249][T13228] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 307.342280][T13228] tomoyo_path_number_perm+0x1e8/0x5a0 [ 307.342314][T13228] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 307.342362][T13228] ? __lock_acquire+0xab9/0xd20 [ 307.342408][T13228] ? __fget_files+0x2a/0x420 [ 307.342441][T13228] ? __fget_files+0x2a/0x420 [ 307.342469][T13228] ? __fget_files+0x3a0/0x420 [ 307.342496][T13228] ? __fget_files+0x2a/0x420 [ 307.342530][T13228] security_file_ioctl+0xcb/0x2d0 [ 307.342561][T13228] __se_sys_ioctl+0x47/0x170 [ 307.342588][T13228] do_syscall_64+0xfa/0x3b0 [ 307.342618][T13228] ? lockdep_hardirqs_on+0x9c/0x150 [ 307.342644][T13228] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.342673][T13228] ? clear_bhb_loop+0x60/0xb0 [ 307.342698][T13228] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.342719][T13228] RIP: 0033:0x7fe20c98e929 [ 307.342739][T13228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 307.342758][T13228] RSP: 002b:00007fe20d765038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 307.342779][T13228] RAX: ffffffffffffffda RBX: 00007fe20cbb5fa0 RCX: 00007fe20c98e929 [ 307.342794][T13228] RDX: 0000200000000500 RSI: 00000000400448dd RDI: 0000000000000005 [ 307.342807][T13228] RBP: 00007fe20d765090 R08: 0000000000000000 R09: 0000000000000000 [ 307.342820][T13228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 307.342833][T13228] R13: 0000000000000000 R14: 00007fe20cbb5fa0 R15: 00007ffeea107178 [ 307.342867][T13228] [ 307.342877][T13228] ERROR: Out of memory at tomoyo_realpath_from_path. [ 307.622222][T13228] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 308.155187][T13268] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2608'. [ 308.478806][T13280] macsec2: entered allmulticast mode [ 308.485600][T13280] macvlan0: entered allmulticast mode [ 308.500153][T13280] veth1_vlan: entered allmulticast mode [ 308.563388][T13280] macvlan0: left allmulticast mode [ 308.568579][T13280] veth1_vlan: left allmulticast mode [ 309.115480][T13308] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2621'. [ 309.156476][T13310] FAULT_INJECTION: forcing a failure. [ 309.156476][T13310] name failslab, interval 1, probability 0, space 0, times 0 [ 309.172373][ T51] Bluetooth: hci0: command tx timeout [ 309.192231][T13310] CPU: 0 UID: 0 PID: 13310 Comm: syz.2.2624 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 309.192265][T13310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 309.192279][T13310] Call Trace: [ 309.192287][T13310] [ 309.192307][T13310] dump_stack_lvl+0x189/0x250 [ 309.192340][T13310] ? __pfx____ratelimit+0x10/0x10 [ 309.192369][T13310] ? __pfx_dump_stack_lvl+0x10/0x10 [ 309.192396][T13310] ? __pfx__printk+0x10/0x10 [ 309.192433][T13310] ? __pfx___might_resched+0x10/0x10 [ 309.192462][T13310] should_fail_ex+0x414/0x560 [ 309.192498][T13310] should_failslab+0xa8/0x100 [ 309.192527][T13310] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 309.192554][T13310] ? __alloc_skb+0x112/0x2d0 [ 309.192587][T13310] __alloc_skb+0x112/0x2d0 [ 309.192620][T13310] netlink_sendmsg+0x5c6/0xb30 [ 309.192661][T13310] ? __pfx_netlink_sendmsg+0x10/0x10 [ 309.192694][T13310] ? aa_sock_msg_perm+0x94/0x160 [ 309.192728][T13310] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 309.192748][T13310] ? __pfx_netlink_sendmsg+0x10/0x10 [ 309.192778][T13310] __sock_sendmsg+0x219/0x270 [ 309.192802][T13310] ____sys_sendmsg+0x505/0x830 [ 309.192831][T13310] ? __pfx_____sys_sendmsg+0x10/0x10 [ 309.192869][T13310] ? import_iovec+0x74/0xa0 [ 309.192891][T13310] ___sys_sendmsg+0x21f/0x2a0 [ 309.192908][T13310] ? __pfx____sys_sendmsg+0x10/0x10 [ 309.192950][T13310] ? __fget_files+0x2a/0x420 [ 309.192971][T13310] ? __fget_files+0x3a0/0x420 [ 309.193000][T13310] __x64_sys_sendmsg+0x19b/0x260 [ 309.193017][T13310] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 309.193040][T13310] ? __pfx_ksys_write+0x10/0x10 [ 309.193056][T13310] ? rcu_is_watching+0x15/0xb0 [ 309.193079][T13310] ? do_syscall_64+0xbe/0x3b0 [ 309.193103][T13310] do_syscall_64+0xfa/0x3b0 [ 309.193124][T13310] ? lockdep_hardirqs_on+0x9c/0x150 [ 309.193145][T13310] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.193160][T13310] ? clear_bhb_loop+0x60/0xb0 [ 309.193179][T13310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.193193][T13310] RIP: 0033:0x7ffa7198e929 [ 309.193208][T13310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.193221][T13310] RSP: 002b:00007ffa7289f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 309.193238][T13310] RAX: ffffffffffffffda RBX: 00007ffa71bb5fa0 RCX: 00007ffa7198e929 [ 309.193249][T13310] RDX: 0000000022044800 RSI: 0000200000000400 RDI: 0000000000000003 [ 309.193260][T13310] RBP: 00007ffa7289f090 R08: 0000000000000000 R09: 0000000000000000 [ 309.193269][T13310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 309.193278][T13310] R13: 0000000000000000 R14: 00007ffa71bb5fa0 R15: 00007fffa93347e8 [ 309.193308][T13310] [ 309.587217][T13316] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2625'. [ 309.682361][T13316] dummy0: left allmulticast mode [ 309.687615][T13316] dummy0: left promiscuous mode [ 309.693311][T13316] bridge0: port 1(dummy0) entered disabled state [ 310.907162][T13343] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2636'. [ 310.946115][T13347] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 310.955947][T13343] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2636'. [ 311.040483][T13343] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2636'. [ 311.074245][T13343] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2636'. [ 311.520796][T13369] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2648'. [ 311.993542][T13394] FAULT_INJECTION: forcing a failure. [ 311.993542][T13394] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 312.022005][T13394] CPU: 0 UID: 0 PID: 13394 Comm: syz.4.2658 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 312.022041][T13394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 312.022054][T13394] Call Trace: [ 312.022063][T13394] [ 312.022073][T13394] dump_stack_lvl+0x189/0x250 [ 312.022104][T13394] ? __pfx____ratelimit+0x10/0x10 [ 312.022134][T13394] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.022161][T13394] ? __pfx__printk+0x10/0x10 [ 312.022192][T13394] ? __might_fault+0xb0/0x130 [ 312.022232][T13394] should_fail_ex+0x414/0x560 [ 312.022270][T13394] _copy_from_user+0x2d/0xb0 [ 312.022298][T13394] ___sys_sendmsg+0x158/0x2a0 [ 312.022322][T13394] ? __pfx____sys_sendmsg+0x10/0x10 [ 312.022392][T13394] ? __fget_files+0x2a/0x420 [ 312.022422][T13394] ? __fget_files+0x3a0/0x420 [ 312.022464][T13394] __x64_sys_sendmsg+0x19b/0x260 [ 312.022489][T13394] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 312.022521][T13394] ? __pfx_ksys_write+0x10/0x10 [ 312.022544][T13394] ? rcu_is_watching+0x15/0xb0 [ 312.022577][T13394] ? do_syscall_64+0xbe/0x3b0 [ 312.022612][T13394] do_syscall_64+0xfa/0x3b0 [ 312.022641][T13394] ? lockdep_hardirqs_on+0x9c/0x150 [ 312.022669][T13394] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.022691][T13394] ? clear_bhb_loop+0x60/0xb0 [ 312.022718][T13394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.022739][T13394] RIP: 0033:0x7f18cf18e929 [ 312.022760][T13394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.022779][T13394] RSP: 002b:00007f18cffb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 312.022802][T13394] RAX: ffffffffffffffda RBX: 00007f18cf3b5fa0 RCX: 00007f18cf18e929 [ 312.022818][T13394] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 312.022831][T13394] RBP: 00007f18cffb4090 R08: 0000000000000000 R09: 0000000000000000 [ 312.022845][T13394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 312.022857][T13394] R13: 0000000000000000 R14: 00007f18cf3b5fa0 R15: 00007ffd49db55e8 [ 312.022891][T13394] [ 312.283945][T13399] netlink: 9280 bytes leftover after parsing attributes in process `syz.1.2660'. [ 312.607781][T13407] netlink: 'syz.3.2663': attribute type 1 has an invalid length. [ 312.743320][ T7951] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.787524][T13410] FAULT_INJECTION: forcing a failure. [ 312.787524][T13410] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 312.806901][T13410] CPU: 0 UID: 0 PID: 13410 Comm: syz.0.2666 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 312.806934][T13410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 312.806948][T13410] Call Trace: [ 312.806957][T13410] [ 312.806966][T13410] dump_stack_lvl+0x189/0x250 [ 312.807019][T13410] ? __pfx____ratelimit+0x10/0x10 [ 312.807047][T13410] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.807071][T13410] ? __pfx__printk+0x10/0x10 [ 312.807100][T13410] ? __might_fault+0xb0/0x130 [ 312.807136][T13410] should_fail_ex+0x414/0x560 [ 312.807173][T13410] _copy_from_user+0x2d/0xb0 [ 312.807200][T13410] generic_map_update_batch+0x51b/0x7f0 [ 312.807241][T13410] ? __pfx_generic_map_update_batch+0x10/0x10 [ 312.807269][T13410] ? __fget_files+0x2a/0x420 [ 312.807312][T13410] ? __pfx_generic_map_update_batch+0x10/0x10 [ 312.807340][T13410] bpf_map_do_batch+0x369/0x5f0 [ 312.807370][T13410] __sys_bpf+0x384/0x860 [ 312.807392][T13410] ? __pfx___sys_bpf+0x10/0x10 [ 312.807426][T13410] ? ksys_write+0x22a/0x250 [ 312.807455][T13410] ? __pfx_ksys_write+0x10/0x10 [ 312.807476][T13410] ? rcu_is_watching+0x15/0xb0 [ 312.807508][T13410] __x64_sys_bpf+0x7c/0x90 [ 312.807540][T13410] do_syscall_64+0xfa/0x3b0 [ 312.807568][T13410] ? lockdep_hardirqs_on+0x9c/0x150 [ 312.807596][T13410] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.807617][T13410] ? clear_bhb_loop+0x60/0xb0 [ 312.807642][T13410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.807662][T13410] RIP: 0033:0x7fe20c98e929 [ 312.807679][T13410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.807698][T13410] RSP: 002b:00007fe20d765038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 312.807720][T13410] RAX: ffffffffffffffda RBX: 00007fe20cbb5fa0 RCX: 00007fe20c98e929 [ 312.807735][T13410] RDX: 0000000000000038 RSI: 0000200000000200 RDI: 000000000000001a [ 312.807748][T13410] RBP: 00007fe20d765090 R08: 0000000000000000 R09: 0000000000000000 [ 312.807761][T13410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 312.807773][T13410] R13: 0000000000000000 R14: 00007fe20cbb5fa0 R15: 00007ffeea107178 [ 312.807806][T13410] [ 313.035035][ T5850] Bluetooth: hci0: command tx timeout [ 313.068667][ T7951] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.224255][ T7951] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.349856][T13420] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 313.571663][ T7951] bond0: (slave netdevsim0): Releasing backup interface [ 313.623606][ T7951] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.707275][ T6707] syz1: Port: 1 Link DOWN [ 313.894757][T13447] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2678'. [ 313.927062][T13447] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2678'. [ 313.998889][T13447] gretap0: entered promiscuous mode [ 314.008473][T13447] gretap0: left promiscuous mode [ 314.169110][ T5860] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 314.181061][ T5860] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 314.194826][ T5860] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 314.204775][ T5860] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 314.214886][ T5860] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 314.669641][T13470] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2685'. [ 314.678905][T13470] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2685'. [ 315.052912][ T7951] bond0 (unregistering): Released all slaves [ 315.189294][ T7951] bond1 (unregistering): Released all slaves [ 315.298241][ T7951] bond2 (unregistering): (slave veth5): Releasing backup interface [ 315.308704][ T7951] bond2 (unregistering): Released all slaves [ 315.561141][ T7951] bond3 (unregistering): Released all slaves [ 315.774514][T13485] FAULT_INJECTION: forcing a failure. [ 315.774514][T13485] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 315.799093][ T7951] tipc: Disabling bearer [ 315.813154][ T7951] tipc: Left network mode [ 315.832764][T13485] CPU: 0 UID: 0 PID: 13485 Comm: syz.3.2693 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 315.832794][T13485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 315.832806][T13485] Call Trace: [ 315.832813][T13485] [ 315.832822][T13485] dump_stack_lvl+0x189/0x250 [ 315.832862][T13485] ? __pfx____ratelimit+0x10/0x10 [ 315.832888][T13485] ? __pfx_dump_stack_lvl+0x10/0x10 [ 315.832910][T13485] ? __pfx__printk+0x10/0x10 [ 315.832935][T13485] ? __might_fault+0xb0/0x130 [ 315.832969][T13485] should_fail_ex+0x414/0x560 [ 315.833002][T13485] _copy_from_user+0x2d/0xb0 [ 315.833025][T13485] arp_ioctl+0x138/0x450 [ 315.833049][T13485] ? __pfx_arp_ioctl+0x10/0x10 [ 315.833076][T13485] ? do_vfs_ioctl+0xf37/0x1990 [ 315.833108][T13485] inet_ioctl+0x36e/0x4c0 [ 315.833128][T13485] ? kasan_quarantine_put+0xdd/0x220 [ 315.833149][T13485] ? __pfx_inet_ioctl+0x10/0x10 [ 315.833189][T13485] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 315.833226][T13485] sock_do_ioctl+0xd9/0x300 [ 315.833250][T13485] ? __pfx_sock_do_ioctl+0x10/0x10 [ 315.833269][T13485] ? __lock_acquire+0xab9/0xd20 [ 315.833304][T13485] sock_ioctl+0x576/0x790 [ 315.833327][T13485] ? __pfx_sock_ioctl+0x10/0x10 [ 315.833347][T13485] ? __fget_files+0x2a/0x420 [ 315.833371][T13485] ? __fget_files+0x3a0/0x420 [ 315.833394][T13485] ? __fget_files+0x2a/0x420 [ 315.833422][T13485] ? bpf_lsm_file_ioctl+0x9/0x20 [ 315.833442][T13485] ? __pfx_sock_ioctl+0x10/0x10 [ 315.833462][T13485] __se_sys_ioctl+0xf9/0x170 [ 315.833485][T13485] do_syscall_64+0xfa/0x3b0 [ 315.833510][T13485] ? lockdep_hardirqs_on+0x9c/0x150 [ 315.833533][T13485] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.833551][T13485] ? clear_bhb_loop+0x60/0xb0 [ 315.833574][T13485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.833591][T13485] RIP: 0033:0x7f185eb8e929 [ 315.833608][T13485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.833624][T13485] RSP: 002b:00007f185f987038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 315.833645][T13485] RAX: ffffffffffffffda RBX: 00007f185edb5fa0 RCX: 00007f185eb8e929 [ 315.833658][T13485] RDX: 0000200000000000 RSI: 0000000000008955 RDI: 0000000000000003 [ 315.833670][T13485] RBP: 00007f185f987090 R08: 0000000000000000 R09: 0000000000000000 [ 315.833681][T13485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.833691][T13485] R13: 0000000000000000 R14: 00007f185edb5fa0 R15: 00007ffe05cbca78 [ 315.833721][T13485] [ 316.107251][T13488] __nla_validate_parse: 2 callbacks suppressed [ 316.107273][T13488] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2694'. [ 316.220928][T13494] macvlan1: entered promiscuous mode [ 316.228071][T13494] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 316.239261][T13494] hsr1: Slave B (macvlan1) is not up; please bring it up to get a fully working HSR network [ 316.250382][T13494] hsr1: entered promiscuous mode [ 316.287870][ T5860] Bluetooth: hci1: command tx timeout [ 316.337299][T13501] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2698'. [ 316.349346][T13501] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2698'. [ 316.551186][ T7951] hsr0: left allmulticast mode [ 316.557682][ T7951] veth1_macvtap: left promiscuous mode [ 316.563869][ T7951] veth0_macvtap: left promiscuous mode [ 316.570765][ T7951] veth1_vlan: left promiscuous mode [ 317.380550][T13533] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2709'. [ 317.620147][T13540] FAULT_INJECTION: forcing a failure. [ 317.620147][T13540] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 317.645786][T13540] CPU: 0 UID: 0 PID: 13540 Comm: syz.3.2711 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 317.645818][T13540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 317.645830][T13540] Call Trace: [ 317.645837][T13540] [ 317.645845][T13540] dump_stack_lvl+0x189/0x250 [ 317.645872][T13540] ? __pfx____ratelimit+0x10/0x10 [ 317.645896][T13540] ? __pfx_dump_stack_lvl+0x10/0x10 [ 317.645919][T13540] ? __pfx__printk+0x10/0x10 [ 317.645955][T13540] should_fail_ex+0x414/0x560 [ 317.645985][T13540] _copy_to_user+0x31/0xb0 [ 317.646009][T13540] simple_read_from_buffer+0xe1/0x170 [ 317.646036][T13540] proc_fail_nth_read+0x1df/0x250 [ 317.646065][T13540] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 317.646094][T13540] ? rw_verify_area+0x258/0x650 [ 317.646113][T13540] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 317.646139][T13540] vfs_read+0x200/0x980 [ 317.646164][T13540] ? __pfx___mutex_lock+0x10/0x10 [ 317.646189][T13540] ? __pfx_vfs_read+0x10/0x10 [ 317.646211][T13540] ? __fget_files+0x2a/0x420 [ 317.646238][T13540] ? __fget_files+0x3a0/0x420 [ 317.646261][T13540] ? __fget_files+0x2a/0x420 [ 317.646293][T13540] ksys_read+0x145/0x250 [ 317.646315][T13540] ? __pfx_ksys_read+0x10/0x10 [ 317.646340][T13540] ? do_syscall_64+0xbe/0x3b0 [ 317.646367][T13540] do_syscall_64+0xfa/0x3b0 [ 317.646390][T13540] ? lockdep_hardirqs_on+0x9c/0x150 [ 317.646412][T13540] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.646429][T13540] ? clear_bhb_loop+0x60/0xb0 [ 317.646450][T13540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.646467][T13540] RIP: 0033:0x7f185eb8d33c [ 317.646483][T13540] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 317.646498][T13540] RSP: 002b:00007f185f945030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 317.646516][T13540] RAX: ffffffffffffffda RBX: 00007f185edb6160 RCX: 00007f185eb8d33c [ 317.646529][T13540] RDX: 000000000000000f RSI: 00007f185f9450a0 RDI: 0000000000000005 [ 317.646540][T13540] RBP: 00007f185f945090 R08: 0000000000000000 R09: 0000000000000000 [ 317.646551][T13540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 317.646561][T13540] R13: 0000000000000001 R14: 00007f185edb6160 R15: 00007ffe05cbca78 [ 317.646588][T13540] [ 318.337423][T13517] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 318.366338][ T5860] Bluetooth: hci1: command tx timeout [ 318.441375][T13528] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2706'. [ 318.498768][T13454] chnl_net:caif_netlink_parms(): no params data found [ 318.539729][T13546] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 319.060902][T13454] bridge0: port 1(bridge_slave_0) entered blocking state [ 319.076834][T13454] bridge0: port 1(bridge_slave_0) entered disabled state [ 319.086994][T13454] bridge_slave_0: entered allmulticast mode [ 319.093926][T13556] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2717'. [ 319.096504][T13454] bridge_slave_0: entered promiscuous mode [ 319.114370][T13454] bridge0: port 2(bridge_slave_1) entered blocking state [ 319.123439][T13454] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.135488][T13454] bridge_slave_1: entered allmulticast mode [ 319.145038][T13454] bridge_slave_1: entered promiscuous mode [ 319.299080][T13577] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2721'. [ 319.314685][T13454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 319.337609][T13454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 319.372440][T13577] xt_CT: You must specify a L4 protocol and not use inversions on it [ 319.379989][T13576] netlink: 'syz.2.2720': attribute type 13 has an invalid length. [ 319.406632][T13576] netlink: 'syz.2.2720': attribute type 17 has an invalid length. [ 319.416565][T13576] netlink: 'syz.2.2720': attribute type 27 has an invalid length. [ 319.562928][T13454] team0: Port device team_slave_0 added [ 319.605151][T13454] team0: Port device team_slave_1 added [ 319.772238][T13454] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 319.789534][T13454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 319.823791][T13454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 319.849827][T13454] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 319.873693][T13454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 319.975124][T13454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 320.000515][T13595] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2727'. [ 320.053418][T13595] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2727'. [ 320.145545][T13454] hsr_slave_0: entered promiscuous mode [ 320.155479][T13454] hsr_slave_1: entered promiscuous mode [ 320.167625][T13454] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 320.179684][T13454] Cannot create hsr debugfs directory [ 320.336864][ T7951] IPVS: stop unused estimator thread 0... [ 320.356767][T13611] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2734'. [ 320.446742][ T5860] Bluetooth: hci1: command tx timeout [ 320.955377][T13622] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 321.477251][T13635] x_tables: duplicate underflow at hook 3 [ 321.652634][T13646] netlink: 'syz.3.2746': attribute type 10 has an invalid length. [ 321.743255][T13649] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2748'. [ 321.767360][T13649] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2748'. [ 321.797944][T13646] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 321.899912][T13646] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2746'. [ 321.961958][T13648] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2746'. [ 322.025814][T13658] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2751'. [ 322.062628][T13658] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2751'. [ 322.230195][T13454] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 322.278908][T13454] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 322.292339][T13454] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 322.313897][T13454] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 322.510127][T13677] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2756'. [ 322.524762][ T5860] Bluetooth: hci1: command tx timeout [ 322.612762][T13454] 8021q: adding VLAN 0 to HW filter on device bond0 [ 322.706024][T13685] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2758'. [ 322.768546][T13454] 8021q: adding VLAN 0 to HW filter on device team0 [ 322.771158][T13688] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2759'. [ 322.814311][ T7955] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.821563][ T7955] bridge0: port 1(bridge_slave_0) entered forwarding state [ 322.868814][ T7946] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.877057][ T7946] bridge0: port 2(bridge_slave_1) entered forwarding state [ 323.003003][ T5860] Bluetooth: hci0: command tx timeout [ 323.270200][T13700] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2762'. [ 323.499631][T13454] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 323.638422][T13454] veth0_vlan: entered promiscuous mode [ 323.672244][T13454] veth1_vlan: entered promiscuous mode [ 323.722417][T13454] veth0_macvtap: entered promiscuous mode [ 323.755238][T13454] veth1_macvtap: entered promiscuous mode [ 323.790439][T13454] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 323.831222][T13454] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 323.875246][ T64] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.885658][ T35] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.914045][ T35] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.927012][ T35] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.265040][T13726] gretap0: entered promiscuous mode [ 324.282935][T13726] gretap0: left promiscuous mode [ 324.318267][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 324.328841][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 324.419833][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 324.428744][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 324.513604][T13730] FAULT_INJECTION: forcing a failure. [ 324.513604][T13730] name failslab, interval 1, probability 0, space 0, times 0 [ 324.602549][T13730] CPU: 1 UID: 0 PID: 13730 Comm: syz.2.2772 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 324.602583][T13730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 324.602597][T13730] Call Trace: [ 324.602606][T13730] [ 324.602616][T13730] dump_stack_lvl+0x189/0x250 [ 324.602648][T13730] ? __pfx____ratelimit+0x10/0x10 [ 324.602679][T13730] ? __pfx_dump_stack_lvl+0x10/0x10 [ 324.602705][T13730] ? __pfx__printk+0x10/0x10 [ 324.602753][T13730] should_fail_ex+0x414/0x560 [ 324.602793][T13730] should_failslab+0xa8/0x100 [ 324.602824][T13730] __kmalloc_cache_noprof+0x70/0x3d0 [ 324.602852][T13730] ? sctp_add_bind_addr+0x8c/0x370 [ 324.602887][T13730] sctp_add_bind_addr+0x8c/0x370 [ 324.602922][T13730] sctp_copy_local_addr_list+0x30b/0x4e0 [ 324.602956][T13730] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 324.602985][T13730] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 324.603020][T13730] ? sctp_v4_is_any+0x35/0x60 [ 324.603049][T13730] ? sctp_copy_one_addr+0x93/0x360 [ 324.603082][T13730] sctp_bind_addr_copy+0xb3/0x3c0 [ 324.603113][T13730] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 324.603143][T13730] sctp_connect_new_asoc+0x2e0/0x690 [ 324.603169][T13730] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 324.603210][T13730] ? __local_bh_enable_ip+0x12d/0x1c0 [ 324.603245][T13730] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 324.603268][T13730] ? security_sctp_bind_connect+0x7e/0x2e0 [ 324.603302][T13730] sctp_sendmsg+0x155c/0x2810 [ 324.603350][T13730] ? __pfx_sctp_sendmsg+0x10/0x10 [ 324.603389][T13730] ? aa_sk_perm+0x81e/0x950 [ 324.603426][T13730] ? __pfx_aa_sk_perm+0x10/0x10 [ 324.603461][T13730] ? sock_rps_record_flow+0x19/0x410 [ 324.603491][T13730] ? inet_sendmsg+0x2f4/0x370 [ 324.603521][T13730] __sock_sendmsg+0x19c/0x270 [ 324.603553][T13730] ____sys_sendmsg+0x52d/0x830 [ 324.603595][T13730] ? __pfx_____sys_sendmsg+0x10/0x10 [ 324.603641][T13730] ? import_iovec+0x74/0xa0 [ 324.603672][T13730] ___sys_sendmsg+0x21f/0x2a0 [ 324.603695][T13730] ? __pfx____sys_sendmsg+0x10/0x10 [ 324.603759][T13730] ? __fget_files+0x2a/0x420 [ 324.603788][T13730] ? __fget_files+0x3a0/0x420 [ 324.603830][T13730] __sys_sendmmsg+0x227/0x430 [ 324.603857][T13730] ? __pfx___sys_sendmmsg+0x10/0x10 [ 324.603875][T13730] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 324.603938][T13730] ? ksys_write+0x22a/0x250 [ 324.603967][T13730] ? __pfx_ksys_write+0x10/0x10 [ 324.603990][T13730] ? rcu_is_watching+0x15/0xb0 [ 324.604023][T13730] __x64_sys_sendmmsg+0xa0/0xc0 [ 324.604047][T13730] do_syscall_64+0xfa/0x3b0 [ 324.604076][T13730] ? lockdep_hardirqs_on+0x9c/0x150 [ 324.604103][T13730] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.604126][T13730] ? clear_bhb_loop+0x60/0xb0 [ 324.604152][T13730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.604173][T13730] RIP: 0033:0x7ffa7198e929 [ 324.604193][T13730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 324.604222][T13730] RSP: 002b:00007ffa7289f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 324.604245][T13730] RAX: ffffffffffffffda RBX: 00007ffa71bb5fa0 RCX: 00007ffa7198e929 [ 324.604261][T13730] RDX: 0000000000000001 RSI: 0000200000003f40 RDI: 0000000000000003 [ 324.604274][T13730] RBP: 00007ffa7289f090 R08: 0000000000000000 R09: 0000000000000000 [ 324.604287][T13730] R10: 00000000200000d0 R11: 0000000000000246 R12: 0000000000000002 [ 324.604301][T13730] R13: 0000000000000000 R14: 00007ffa71bb5fa0 R15: 00007fffa93347e8 [ 324.604336][T13730] [ 325.436323][T13761] 8021q: adding VLAN 0 to HW filter on device bond6 [ 325.446159][T13761] bond6: entered promiscuous mode [ 325.451477][T13761] bond6: entered allmulticast mode [ 325.457169][T13761] bond0: (slave bond6): Enslaving as an active interface with an up link [ 325.468748][T13757] tipc: Enabled bearer , priority 0 [ 325.478720][T13757] syzkaller0: entered promiscuous mode [ 325.484851][T13757] syzkaller0: entered allmulticast mode [ 325.518121][T13757] tipc: Resetting bearer [ 325.544825][T13767] FAULT_INJECTION: forcing a failure. [ 325.544825][T13767] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 325.558842][T13767] CPU: 0 UID: 0 PID: 13767 Comm: syz.4.2787 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 325.558874][T13767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 325.558888][T13767] Call Trace: [ 325.558897][T13767] [ 325.558905][T13767] dump_stack_lvl+0x189/0x250 [ 325.558935][T13767] ? __pfx____ratelimit+0x10/0x10 [ 325.558963][T13767] ? __pfx_dump_stack_lvl+0x10/0x10 [ 325.558976][T13756] tipc: Resetting bearer [ 325.558988][T13767] ? __pfx__printk+0x10/0x10 [ 325.559017][T13767] ? __might_fault+0xb0/0x130 [ 325.559068][T13767] should_fail_ex+0x414/0x560 [ 325.559115][T13767] _copy_from_user+0x2d/0xb0 [ 325.559147][T13767] generic_map_update_batch+0x572/0x7f0 [ 325.559200][T13767] ? __pfx_generic_map_update_batch+0x10/0x10 [ 325.559233][T13767] ? __fget_files+0x2a/0x420 [ 325.559276][T13767] ? __pfx_generic_map_update_batch+0x10/0x10 [ 325.559308][T13767] bpf_map_do_batch+0x369/0x5f0 [ 325.559342][T13767] __sys_bpf+0x384/0x860 [ 325.559369][T13767] ? __pfx___sys_bpf+0x10/0x10 [ 325.559409][T13767] ? ksys_write+0x22a/0x250 [ 325.559443][T13767] ? __pfx_ksys_write+0x10/0x10 [ 325.559469][T13767] ? rcu_is_watching+0x15/0xb0 [ 325.559508][T13767] __x64_sys_bpf+0x7c/0x90 [ 325.559544][T13767] do_syscall_64+0xfa/0x3b0 [ 325.559577][T13767] ? lockdep_hardirqs_on+0x9c/0x150 [ 325.559608][T13767] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.559633][T13767] ? clear_bhb_loop+0x60/0xb0 [ 325.559663][T13767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.559687][T13767] RIP: 0033:0x7f18cf18e929 [ 325.559708][T13767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 325.559729][T13767] RSP: 002b:00007f18cffb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 325.559755][T13767] RAX: ffffffffffffffda RBX: 00007f18cf3b5fa0 RCX: 00007f18cf18e929 [ 325.559773][T13767] RDX: 0000000000000038 RSI: 0000200000000200 RDI: 000000000000001a [ 325.559789][T13767] RBP: 00007f18cffb4090 R08: 0000000000000000 R09: 0000000000000000 [ 325.559803][T13767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 325.559819][T13767] R13: 0000000000000000 R14: 00007f18cf3b5fa0 R15: 00007ffd49db55e8 [ 325.559857][T13767] [ 325.880721][T13756] tipc: Disabling bearer [ 326.405355][ T64] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.440821][T13795] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] SMP KASAN PTI [ 326.452771][T13795] KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] [ 326.461225][T13795] CPU: 1 UID: 0 PID: 13795 Comm: syz.2.2793 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 326.473320][T13795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 326.483410][T13795] RIP: 0010:qdisc_tree_reduce_backlog+0x223/0x480 [ 326.489960][T13795] Code: 89 ef e8 e0 0d ab f8 4d 89 ef 85 db 74 0d e8 64 8d 47 f8 4c 89 f5 e9 88 00 00 00 48 8b 6d 00 48 8d 45 20 48 89 c3 48 c1 eb 03 <42> 80 3c 33 00 48 89 04 24 74 0d 48 8b 3c 24 e8 a9 0d ab f8 48 8b [ 326.509618][T13795] RSP: 0018:ffffc90003d5efe8 EFLAGS: 00010202 [ 326.515708][T13795] RAX: 0000000000000020 RBX: 0000000000000004 RCX: 0000000000000002 [ 326.523690][T13795] RDX: ffff888028741e00 RSI: 0000000000000000 RDI: 0000000000000000 [ 326.531784][T13795] RBP: 0000000000000000 R08: ffff888028741e00 R09: 0000000000000002 [ 326.539867][T13795] R10: 00000000ffffffff R11: 0000000000000002 R12: 00000000000affe0 [ 326.547856][T13795] R13: ffff8880772a9800 R14: dffffc0000000000 R15: ffff8880772a9800 [ 326.556130][T13795] FS: 00007ffa7285d6c0(0000) GS:ffff888125d14000(0000) knlGS:0000000000000000 [ 326.565078][T13795] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 326.571764][T13795] CR2: 00007ffa7283afb8 CR3: 0000000030a60000 CR4: 00000000003526f0 [ 326.579747][T13795] Call Trace: [ 326.583120][T13795] [ 326.586057][T13795] ? qdisc_tree_reduce_backlog+0x3c/0x480 [ 326.591811][T13795] fq_change+0x1519/0x1f50 [ 326.596245][T13795] ? __pfx_fq_change+0x10/0x10 [ 326.601045][T13795] ? __hrtimer_setup+0x187/0x210 [ 326.605994][T13795] fq_init+0x699/0x960 [ 326.610082][T13795] ? __pfx_fq_init+0x10/0x10 [ 326.614675][T13795] ? lockdep_rtnl_is_held+0x26/0x40 [ 326.619878][T13795] ? qdisc_lookup+0x36d/0x6d0 [ 326.624560][T13795] ? __pfx_fq_init+0x10/0x10 [ 326.629154][T13795] qdisc_create+0x7a9/0xea0 [ 326.633672][T13795] tc_modify_qdisc+0x1426/0x2010 [ 326.638632][T13795] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 326.643938][T13795] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 326.649242][T13795] rtnetlink_rcv_msg+0x779/0xb70 [ 326.654205][T13795] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 326.659333][T13795] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 326.665017][T13795] netlink_rcv_skb+0x205/0x470 [ 326.669799][T13795] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 326.675274][T13795] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 326.680582][T13795] ? netlink_deliver_tap+0x2e/0x1b0 [ 326.685789][T13795] ? netlink_deliver_tap+0x2e/0x1b0 [ 326.691088][T13795] netlink_unicast+0x758/0x8d0 [ 326.696028][T13795] netlink_sendmsg+0x805/0xb30 [ 326.700840][T13795] ? __pfx_netlink_sendmsg+0x10/0x10 [ 326.706331][T13795] ? aa_sock_msg_perm+0x94/0x160 [ 326.711306][T13795] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 326.716599][T13795] ? __pfx_netlink_sendmsg+0x10/0x10 [ 326.721897][T13795] __sock_sendmsg+0x219/0x270 [ 326.726852][T13795] ____sys_sendmsg+0x505/0x830 [ 326.731637][T13795] ? __pfx_____sys_sendmsg+0x10/0x10 [ 326.736947][T13795] ? import_iovec+0x74/0xa0 [ 326.741465][T13795] ___sys_sendmsg+0x21f/0x2a0 [ 326.746154][T13795] ? __pfx____sys_sendmsg+0x10/0x10 [ 326.751379][T13795] ? __fget_files+0x2a/0x420 [ 326.756067][T13795] ? __fget_files+0x3a0/0x420 [ 326.760765][T13795] __x64_sys_sendmsg+0x19b/0x260 [ 326.765708][T13795] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 326.771181][T13795] ? do_user_addr_fault+0xc8a/0x1390 [ 326.776488][T13795] ? do_syscall_64+0xbe/0x3b0 [ 326.781211][T13795] do_syscall_64+0xfa/0x3b0 [ 326.785735][T13795] ? lockdep_hardirqs_on+0x9c/0x150 [ 326.790948][T13795] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.797027][T13795] ? clear_bhb_loop+0x60/0xb0 [ 326.801717][T13795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.807616][T13795] RIP: 0033:0x7ffa7198e929 [ 326.812041][T13795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 326.831657][T13795] RSP: 002b:00007ffa7285d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 326.840165][T13795] RAX: ffffffffffffffda RBX: 00007ffa71bb6160 RCX: 00007ffa7198e929 [ 326.848169][T13795] RDX: 0000000000004000 RSI: 0000200000000280 RDI: 0000000000000009 [ 326.856414][T13795] RBP: 00007ffa71a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 326.864389][T13795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 326.872362][T13795] R13: 0000000000000001 R14: 00007ffa71bb6160 R15: 00007fffa93347e8 [ 326.880349][T13795] [ 326.883375][T13795] Modules linked in: [ 326.887387][T13795] ---[ end trace 0000000000000000 ]--- [ 326.892992][T13795] RIP: 0010:qdisc_tree_reduce_backlog+0x223/0x480 [ 326.899450][T13795] Code: 89 ef e8 e0 0d ab f8 4d 89 ef 85 db 74 0d e8 64 8d 47 f8 4c 89 f5 e9 88 00 00 00 48 8b 6d 00 48 8d 45 20 48 89 c3 48 c1 eb 03 <42> 80 3c 33 00 48 89 04 24 74 0d 48 8b 3c 24 e8 a9 0d ab f8 48 8b [ 326.919129][T13795] RSP: 0018:ffffc90003d5efe8 EFLAGS: 00010202 [ 326.925291][T13795] RAX: 0000000000000020 RBX: 0000000000000004 RCX: 0000000000000002 [ 326.933321][T13795] RDX: ffff888028741e00 RSI: 0000000000000000 RDI: 0000000000000000 [ 326.941367][T13795] RBP: 0000000000000000 R08: ffff888028741e00 R09: 0000000000000002 [ 326.949370][T13795] R10: 00000000ffffffff R11: 0000000000000002 R12: 00000000000affe0 [ 326.957416][T13795] R13: ffff8880772a9800 R14: dffffc0000000000 R15: ffff8880772a9800 [ 326.965462][T13795] FS: 00007ffa7285d6c0(0000) GS:ffff888125d14000(0000) knlGS:0000000000000000 [ 326.974469][T13795] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 326.981099][T13795] CR2: 00007ffa7283afb8 CR3: 0000000030a60000 CR4: 00000000003526f0 [ 326.989165][T13795] Kernel panic - not syncing: Fatal exception in interrupt [ 326.996660][T13795] Kernel Offset: disabled [ 327.000990][T13795] Rebooting in 86400 seconds..