last executing test programs: 6.492898201s ago: executing program 4 (id=517): r0 = socket$inet_sctp(0x2, 0x1, 0x84) (async, rerun: 32) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x90, &(0x7f0000000600)=[@in6={0xa, 0x4e23, 0x90, @remote, 0x8}, @in6={0xa, 0x4e22, 0x792, @remote, 0x4c}, @in={0x2, 0x4e21, @local}, @in6={0xa, 0x4f22, 0x9, @empty}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x18}}, @in6={0xa, 0x4e22, 0x5, @mcast2, 0xffff0000}]}, &(0x7f00000002c0)=0x10) (async, rerun: 32) r2 = accept$packet(0xffffffffffffffff, &(0x7f0000000580)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000005c0)=0x14) close(r2) (async) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000500)={r1}, &(0x7f0000000540)=0x8) (async) r3 = socket$kcm(0x10, 0x2, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r4) socket$inet6_sctp(0xa, 0x1, 0x84) (async, rerun: 32) r5 = socket$packet(0x11, 0x3, 0x300) (rerun: 32) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4) (async, rerun: 32) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000feffffff850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @void, @value}, 0x94) (rerun: 32) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000400)=r6, 0x4) (async) sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="d80000001a0081044e81f782db4cb904021d0800fe0055a1150015000200142603600e12080005007a010401a8001600200002400400027c035c0461c1d67f6f94007134cf6efb8000a007a290457fffffffffffff0001bace8017cbec4c2ee5a7cef4090000001fb79164d322fe7c9f8775d3f2d5d0683f5aeb4edbb57a5025ccca9e00360db785262f3d40fad95667e006dcdf61951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a94100"/216, 0xd8}], 0x1}, 0x0) 5.994983822s ago: executing program 2 (id=523): socket$alg(0x26, 0x5, 0x0) r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) setsockopt$ax25_int(r0, 0x101, 0x1, &(0x7f0000000000), 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002cbd7000040000000500b600080009000200000008000c00a60a0000060001000500004008000b"], 0x40}, 0x1, 0x0, 0x0, 0xc100}, 0x4040) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r6, 0x325, 0x0, 0x0, {0x8}}, 0x14}}, 0x0) 5.810475794s ago: executing program 4 (id=526): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, 0x0, &(0x7f0000000280)) 5.732114467s ago: executing program 2 (id=528): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x4000) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = socket$netlink(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$netlink(0x10, 0x3, 0x2) unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$key(0xf, 0x3, 0x2) r5 = socket$nl_route(0x10, 0x3, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdirat$cgroup(r6, &(0x7f0000000080)='syz0\x00', 0x1ff) r7 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r7, &(0x7f0000000c40), 0x12) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="6000000010000104004000000101000000000000", @ANYRES32=0x0, @ANYBLOB="09000200010000002c0012800e0001006970366772657461700000009aff028014000700fc0100000000000000000000000000000a000100aa"], 0x60}, 0x1, 0x0, 0x0, 0x4014}, 0x0) vmsplice(r4, 0x0, 0x0, 0x0) socket(0x1, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) recvmmsg(r3, &(0x7f0000001f00)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x100, 0x0) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000fbdbdf25250000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000080), 0x8) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0xb, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="660a02fdf503de4761114c000000000085000000c9a1a17fc50614a875940d70"], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$inet6_udplite(0xa, 0x2, 0x88) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) 5.566955738s ago: executing program 4 (id=529): socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'ip6gre0\x00', &(0x7f0000000300)=@ethtool_rxnfc={0x2f, 0x2, 0x6, {0xe, @usr_ip6_spec={@empty, @dev={0xfe, 0x80, '\x00', 0x24}, 0xfffffff8, 0x3d, 0xe}, {0x0, @remote, 0xe, 0x4, [0x7, 0x6]}, @ah_ip4_spec={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x5}, {0x0, @broadcast, 0x208, 0x5, [0xf, 0x9]}, 0xff, 0x3}}}) socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="0000ffde00000000000000000000bbba3f5a841d96b9d2e5355d3e", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b300000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3d, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = socket$inet(0xa, 0x801, 0x84) connect$inet(r6, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r6, 0x8) r7 = accept4(r6, 0x0, 0x0, 0x80000) setsockopt(r7, 0x84, 0x7f, &(0x7f00000001c0)="020000000980ffff", 0x8) recvmmsg(r7, &(0x7f0000003dc0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000040)=""/94, 0x5e}], 0x1}, 0x5076}], 0x1, 0x20, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000040)={'syztnl0\x00', &(0x7f0000000200)={'sit0\x00', 0x0, 0x40, 0x7800, 0x7, 0x7, {{0x5, 0x4, 0x1, 0x8, 0x14, 0x64, 0x0, 0x1, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x15}}}}}) unshare(0x62040200) 3.059437615s ago: executing program 4 (id=552): socket(0x9, 0x1, 0xce) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020f00000d000000000000000000000001001400000000000400cfd55f9b000000000000000000000000000000000000000000000000000000000300050000000000020000007f0000010000000000000000030006000000000002000000ac1e0001000000000000"], 0x68}}, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) writev(r1, &(0x7f0000000240)=[{&(0x7f0000000480)="ff57a21153298e2a79b69f8af79af3060e173bf2567cb893908439ffca12031125282ea4375a2a338e4d10f57acf35e9d0440f3e6227b4bd5854fdc5f4b2ab63626b14c12d9cdfc5e60bc286b96f2643c47ee2b87ea2a047c77e63ffa8742c3301c8ad1d71bff5002f6e10f634d3a3e0ce20f1388485080014a100000000b26138", 0x81}], 0x1) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) r2 = socket$inet6(0xa, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b40000000000000071114c00000000008510000002000000850000008a00000095000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000000)=[@in6={0xa, 0x4e22, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}], 0x1c) socket$inet(0x2, 0x80001, 0x84) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f00000006c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000700)=0x14) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x109140, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32=r1, @ANYBLOB="589feb055667d2820d5b45dfc772acd8def0bccfd7ab7ed1ca17ad329c82fd607787d02842474033c212ce0dc58a17a477e856884dd15f9dfe5a8c4ee659407fd72445a071b78765f884eb951bea3270c616831e768f754fecaafc392eccd1ed082cc28495cdbe8cf2bd2141f9013c276ba468eff71e599ad175"], 0x0, 0x4000064, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0xce) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20014840}, 0xc010) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0}, 0x20) recvmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0xfffffffc, @loopback}, 0x1c) setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r4, &(0x7f00000000c0)="e9", 0x1, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000280)='veno\x00', 0x6) 2.983945024s ago: executing program 0 (id=553): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000380)={'wpan1\x00'}) syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), 0xffffffffffffffff) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'veth1\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646, 0xc3ffffff}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0) 2.531113663s ago: executing program 0 (id=558): unshare(0x22020600) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x26, &(0x7f0000000000), 0x4) getpeername$packet(r0, 0x0, &(0x7f0000000300)) 2.383749236s ago: executing program 0 (id=561): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x216, 0xc, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0x70000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @generic={0x66}, @initr0={0x18, 0x0, 0x0, 0x0, 0xfffffff8}, @exit, @alu={0x6, 0x0, 0x3, 0xa}]}, &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2.182819586s ago: executing program 0 (id=562): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000016c0)=ANY=[@ANYBLOB="900000001000370400000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="8b04040000000000700012800b00010067656e657665000060000280050004000100000014000700000000000000000000000800000000010800010002000000050009000100000005000c"], 0x90}}, 0xff000000) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@o_path={&(0x7f0000000000)='./file0\x00', 0x0, 0x10, r0}, 0x18) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r2, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000000), 0xffffff6a) sendfile(r2, r3, 0x0, 0xffffffff000) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)}, 0x20) getpeername$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0x14) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={0xffffffffffffffff, 0xe0, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000300)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x5f, &(0x7f0000000700)=[{}, {}], 0x10, 0x10, &(0x7f0000000780), &(0x7f00000007c0), 0x8, 0xdb, 0x8, 0x8, &(0x7f0000000800)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, r6, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x11, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@btf_id={0x18, 0x0, 0x3, 0x0, 0x4}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000004c0)='GPL\x00', 0x0, 0xb3, &(0x7f0000000500)=""/179, 0x40f00, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x4, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000600)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f0000000640)=[{0x3, 0x4, 0xc, 0x1}, {0x2, 0x3, 0x4, 0x5}, {0x5, 0x5, 0x9, 0x7}, {0x0, 0x5, 0x1, 0x8}, {0x0, 0x2, 0x10, 0x8}, {0x0, 0x3, 0x4}, {0x4, 0x2, 0x4, 0x3}, {0x5, 0x4, 0x3, 0x2}, {0x3, 0x2, 0x2, 0x6}, {0x3, 0x4, 0x0, 0xb}], 0x10, 0x7, @void, @value}, 0x94) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000140)=@newtaction={0x60, 0x30, 0xb, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_skbedit={0x48, 0x1, 0x0, 0x0, {{0xc}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0xffffff01, 0xfffffff1, 0x5, 0xff, 0xfffffffe}}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0xf5}}}}]}]}, 0x60}}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d00)={r3, 0xe0, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000940)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x6, &(0x7f0000000980)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xcb, &(0x7f0000000a00)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000a40), &(0x7f0000000b80), 0x8, 0xd0, 0x8, 0x8, &(0x7f0000000bc0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1c, 0x1f, &(0x7f0000000140)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @map_val={0x18, 0x9, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x400}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @generic={0x4, 0x4, 0x7, 0x6, 0x7}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4}, @tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x3}, @generic={0x7, 0x8, 0xb, 0x1, 0x8}], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x22, '\x00', r5, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x4, 0x2}, 0x8, 0x10, &(0x7f00000003c0)={0x2, 0x0, 0x2}, 0x10, r7, r8, 0x9, 0x0, &(0x7f00000007c0)=[{0x2, 0x1, 0x1, 0x9}, {0x1, 0x5, 0x9, 0xb}, {0x1, 0x1, 0x7, 0xc}, {0x4, 0x2, 0x5, 0xb}, {0x7e, 0x2, 0x4, 0x6}, {0x3, 0x2, 0x5, 0x8}, {0x0, 0x3, 0xa, 0x5}, {0x1, 0x3, 0x0, 0x1}, {0x4, 0x2, 0x3, 0x2}], 0x10, 0x3, @void, @value}, 0x94) 2.064645448s ago: executing program 2 (id=563): socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'ip6gre0\x00', &(0x7f0000000300)=@ethtool_rxnfc={0x2f, 0x2, 0x6, {0xe, @usr_ip6_spec={@empty, @dev={0xfe, 0x80, '\x00', 0x24}, 0xfffffff8, 0x3d, 0xe}, {0x0, @remote, 0xe, 0x4, [0x7, 0x6]}, @ah_ip4_spec={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x5}, {0x0, @broadcast, 0x208, 0x5, [0xf, 0x9]}, 0xff, 0x3}}}) socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="0000ffde00000000000000000000bbba3f5a841d96b9d2e5355d3e", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b300000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3d, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = socket$inet(0xa, 0x801, 0x84) connect$inet(r6, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r6, 0x8) r7 = accept4(r6, 0x0, 0x0, 0x80000) setsockopt(r7, 0x84, 0x7f, &(0x7f00000001c0)="020000000980ffff", 0x8) recvmmsg(r7, &(0x7f0000003dc0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000040)=""/94, 0x5e}], 0x1}, 0x5076}], 0x1, 0x20, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000040)={'syztnl0\x00', &(0x7f0000000200)={'sit0\x00', 0x0, 0x40, 0x7800, 0x7, 0x7, {{0x5, 0x4, 0x1, 0x8, 0x14, 0x64, 0x0, 0x1, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x15}}}}}) unshare(0x62040200) 1.839099417s ago: executing program 3 (id=566): ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'ip6gre0\x00', 0x0}) (async) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f00000002c0)={0x1f, 0x4, 0x2}, 0x6) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) unshare(0x600) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x11, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) (async) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=@getneigh={0x14, 0x1e, 0x1, 0x70bd2a, 0x25dfdbff, {}, [""]}, 0x14}}, 0x0) 1.821897122s ago: executing program 1 (id=567): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4) (async) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet6_mreq(r1, 0x29, 0x1, 0x0, &(0x7f0000000100)) sendmmsg$inet(r0, &(0x7f0000002b80)=[{{&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x24008042) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000001c0)) (async) setsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f0000000180)="87cb06355789e49ae7ff5e10ecbcb195262d30a5d371ede2873f3fc286e3efc7796dd73f3d872184ff13acef0ba4a2a810", 0x31) (async) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f00000001c0)=0x4, 0x4) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000d0ff00000000000000b0dc00851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) 1.495058218s ago: executing program 3 (id=568): unshare(0x22020600) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002d00010000000000fcdbdf250401f2800800180009ac0f"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) r1 = socket$l2tp6(0xa, 0x2, 0x73) connect$l2tp6(r1, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20) 1.494819739s ago: executing program 4 (id=569): r0 = syz_init_net_socket$ax25(0x3, 0x5, 0xc4) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000140)=[@in={0x2, 0x4e23, @remote}]}, &(0x7f0000000280)=0x10) getsockopt$inet6_int(r1, 0x29, 0x10, 0x0, &(0x7f0000000440)) accept4$ax25(r0, 0x0, 0x0, 0x800) 1.391690106s ago: executing program 1 (id=570): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_IP6TABLES={0x5, 0x25, 0x1}, @IFLA_BR_NF_CALL_ARPTABLES={0x5, 0x26, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x8044) 1.223463431s ago: executing program 3 (id=571): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002640)=@delchain={0x170, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x114, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0xf4, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1}}}}, @m_simple={0x90, 0x1e, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'bpf\x00'}]}, {0x5b, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bf7dae04880a34e7bf775010128401ec7b2a9ceab9c40c5f9bd00ceff17d69ca7a27324ef7a1ad28d4b3c6a826826e9c291c16ab3d13e1f337751959e47b"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_csum={0x30, 0x8, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x3}]}}, @TCA_RATE={0x6, 0x5, {0x6, 0x2}}, @filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_TO={0x8, 0x2, 0xca}]}}]}, 0x170}, 0x1, 0x0, 0x0, 0x81}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000300)={r2, 0x5}, 0x8) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 1.17890456s ago: executing program 1 (id=572): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000040)={0x4, 0x0, 0x9, 0x4, r2}, &(0x7f0000000080)=0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x38, r3, 0x1, 0x70bd25, 0x25dfdbfe, {0x39}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x4004810) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0xe8, 0x65, 0x2, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0x4}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}, @TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_CHAIN={0x8, 0xb, 0x20000000}, @TCA_RATE={0x6, 0x5, {0x6, 0x2}}, @filter_kind_options=@f_route={{0xa}, {0x94, 0x2, [@TCA_ROUTE4_POLICE={0x10, 0x5, [@TCA_POLICE_RATE64={0xc, 0x8, 0x6db}]}, @TCA_ROUTE4_TO={0x8, 0x2, 0xca}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x70, 0x6, [@m_csum={0x6c, 0x1a, 0x0, 0x0, {{0x9}, {0x4}, {0x3d, 0x6, "19381787a244e0c371b7435ddb940e959db279edf692ad52828ad9b613c52af941e9fa7b0f3562267385c1eb87fc4d956dd1e0e83cff90d71d"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0xe8}, 0x1, 0x0, 0x0, 0x81}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$tun(r4, &(0x7f0000000100)={@void, @void, @arp=@ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0xa, @remote, @private2={0xfc, 0x2, '\x00', 0x1}, @link_local, @mcast1}}, 0x34) r5 = socket(0x10, 0x803, 0x0) sendto(r5, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 1.047917533s ago: executing program 3 (id=573): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0900000004000000060000000a"], 0x48) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_DEL_DAEMON(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x14, r2, 0x73976972ba3f4b55, 0x0, 0x0, {0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x48, r2, 0x8, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x34, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x38}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x30, 0x21}}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'lc\x00'}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x801}, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) socket$alg(0x26, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) socket$nl_route(0x10, 0x3, 0x0) setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r3, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r5}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 1.004727357s ago: executing program 2 (id=574): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000a00)=@updpolicy={0x13c, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3000000}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}, 0x0, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x84, 0x5, [{{@in6=@dev={0xfe, 0x80, '\x00', 0x2e}, 0x4d5, 0x2b}, 0xa, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x4, 0x2, 0x7, 0x4, 0x7, 0x5b}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4d2, 0x1ae}, 0xa, @in=@local, 0x3506, 0x4, 0x1, 0x5, 0x200, 0x9, 0x5}]}]}, 0x13c}}, 0x0) 951.167572ms ago: executing program 0 (id=575): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000880)={0x2, 0x400000000000003, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, [@sadb_lifetime={0x4, 0x3, 0x0, 0xfffffffffffffffd, 0x7, 0xffffffffffffff80}, @sadb_address={0x5, 0x6, 0x6c, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private1}}, @sadb_lifetime={0x4, 0x4, 0x0, 0x7}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x6}, @sadb_address={0x5, 0x5, 0x0, 0x80, 0x0, @in6={0xa, 0x0, 0x0, @mcast1}}]}, 0xb0}}, 0x0) 950.831321ms ago: executing program 1 (id=576): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00000001c0)=@assoc_value={r1, 0x1ff}, 0x0) 829.320589ms ago: executing program 2 (id=577): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000001f80)={0x2c, 0x2, 0x3, 0xe0d, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x2c}}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0xd}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x4000) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket(0x25, 0x1, 0x0) close(r2) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e20, @multicast1}, 0x2, 0x1, 0x3, 0x7}}, 0x26) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000002c0)={{{@in=@loopback, @in=@initdev}}, {{@in6=@mcast1}, 0x0, @in=@multicast1}}, &(0x7f00000000c0)=0xe8) ioctl$BTRFS_IOC_START_SYNC(r2, 0x80089418, &(0x7f0000000100)) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) r7 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r7, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0xfffc, 0x1, 0x0, 0xfffffffd}, 0x1c) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="500000001000030400000000", @ANYRESHEX=r5, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100010000000c000200540a00001800000008000500", @ANYRES16=r6], 0x50}, 0x1, 0xba01, 0x0, 0x24008041}, 0x0) 766.753095ms ago: executing program 3 (id=578): r0 = socket(0x2, 0x80805, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000600)={'filter\x00', 0x7, 0x4, 0x3e0, 0x1f8, 0x0, 0x1f8, 0x2f8, 0x2f8, 0x2f8, 0x4, 0x0, {[{{@arp={@broadcast, @loopback, 0xff, 0x0, 0xe, 0xe, {@empty, {[0xff, 0x0, 0x0, 0x0, 0xff]}}, {@mac=@local, {[0x0, 0x0, 0x0, 0x0, 0xff, 0xff]}}, 0x6, 0xd2d2, 0x1, 0xf1, 0x7, 0x4, 'erspan0\x00', 'ip6erspan0\x00', {0xff}, {}, 0x0, 0x10}, 0xc0, 0x110, 0x0, {0x0, 0xf8010000}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@local, @empty, @multicast2, @empty}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@uncond, 0xc0, 0x100}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "5978efed183dc0423c17d42d1e973165116033be6e450c1b27937ff68f05"}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x430) 618.993681ms ago: executing program 1 (id=579): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x68, r3, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_FRAME={0x42, 0x33, @assoc_req={{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x10}, @device_b, @device_a, @initial, {0xc, 0x9}, @value=@ver_80211n={0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1}}, 0x2f20, 0x2, {}, @void, @val={0x2d, 0x1a, {0x80, 0x2, 0x2, 0x0, {0xf, 0x9, 0x0, 0x9, 0x0, 0x1, 0x1, 0x0, 0x1, 0x7ff8e88}, 0x8, 0x3, 0x5}}}}]}, 0x68}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 578.237345ms ago: executing program 3 (id=580): unshare(0x22020600) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) getpeername$packet(r0, 0x0, &(0x7f0000000300)) (fail_nth: 5) 522.279349ms ago: executing program 2 (id=581): unshare(0x22020600) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r0 = socket$l2tp6(0xa, 0x2, 0x73) connect$l2tp6(r0, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20) 426.866759ms ago: executing program 4 (id=582): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000380)={'wpan1\x00'}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r2, &(0x7f0000000b80)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="0000400029d2e1926ddca8d36ad47c1d36880ddfdcc68d94ed0f346f41d643dcaaca437e8fbf5115786164fb4e0b0000000000000055ff4c68f4068d8c5a4766b6de51b53eac679779ccc6a19afebd19a9300f436a13b186a9ed2e91215ab6a8ac40506c0a72b50a2eca803dc81801fa6488ee63711ebcf43547e60000c4656e9009ab029f3e867f78392c5575e96f02692ee603a744d15ff3934b84cf6f81a41ce5484ca8f5cd6b9fe78f39cdd1f62dc18ce6d8a2cfaa0f2c08e6f851f45f4afbebbe4678462fee2745c810bfd2ca9e77158e0849ec", @ANYRES16=r1, @ANYBLOB="010026bd7000ffdbdf250f0000000c00060002000000000000000c00060003000000000000000c000600020000000000000005000f000600000005000f000c00000005000f00010000000c00060002000000020000000c00060003000000000000000c0006000200000000000000"], 0x74}, 0x1, 0x0, 0x0, 0xc010}, 0x4) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) r3 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x31}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmmsg$alg(r3, &(0x7f0000000a00)=[{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000340)="791caab14f40c93e93c8b82f6aef816bffbb0b834c69662cd13d045a67c50f97fb865960c13779bd84a52c6414701da557", 0x31}, {&(0x7f00000004c0)="bc7ca2a23b4439456ee7a99394e3d7bf93d973d2e6fb8b8cc34c5c1ca9abc9781d2d0a68aa44e76fb26a31d54852fabb052fa4aea58a0ac57c33975e254ebd04f75d1a654f8eec3130659145f6ac33cbf2fa999249818b5229ffc5a8161b98d9c4ea5406eca7b4155c3ca5d73ca42855b34a0b48f21eaabd0eceddaa19ebe8e1179b638ce582c3711af7894055a8379f4a13e6dbf3e94e96f23660abe9bf29438a96793b91759d855fe6931248d7196a1996d7e6cd55a50e7acba7bab5f7c9dcb1488f441c22b3ae1517c78570433e68a36c47cecf6ded01d3775c", 0xdb}, {&(0x7f0000000680)="aa31a5e98e7d20e1de5af4bba6e000acba4374937d9443cc2f637725c4945e2a7f22e76d991fadf2d43bed631afabf16951d41ce09a44ff96bd4846c72e025c4cb340edd17a860483db1307f5f1c3d98d4cceff92319080636f670fa656a9d011de42fe156a0b598c34d27b371c6c10dbbbea81c6dd11a6ef437cf3c7d2ebbf569d4f32ed7cfb9c61debbcfc170039384ceedca9f245098511e0d59fb91e56fadee314877403621a7bede4c97c33c6b0e5193e90c7b5f50a0cde6abdb9c55b0a6c2f63", 0xc3}, {&(0x7f00000003c0)="5cfd6f5dccb0163befbf021e63b773b8e34256da782f24006e80e3426a408d21ad94a4fdcc356b84d70ea1ed6e3cc639e9cd90d05bcfe6c4bb43a5ffa563af159ca3aa914d9423c518c11db87b0fd0e8cfaf103bf98a26e84e2e69081ec426113a2f2a9162f5a722338855f256f3283de6dca03c", 0x74}, {&(0x7f0000000440)="1387b67e88469f4abf248977b50d0e9decfccf761a75d71baa71", 0x1a}, {&(0x7f0000000780)="a0b2eb5ed7491b20365625f4560c609ebb7f9261f0f662df1ba99eda45e1fcd8bd4458c862b4e8783b4abfa91553b3631f78d0111292b4fcad6700beca4552e0371819c1ab02b0691be6119d89f0f4c34b0675027150b6e313b835198e6ce0f7207c27a28183b4dd7659f61643e13c3c43fb03af728ed55e2afca3a6f5e74f985c92592c578798c608b7bd60609858b2171e0660a596d6968c76897f405851b2cba9e08470c0ef", 0xa7}, {&(0x7f00000008c0)="c8abbcac3eabc7e4103b6df2e3ef128b3ea2feea3a9cc7ad400c844104a74ff44a615e6c3470218d9c6fbf6798839ef6aaf467e03ea45d0ab05d19fc64073be53744609a8bb654cf548b57c51f22f48d6e1a2c118a4a2d6acadfb0a7001b0303553c8c4f736d634793eb0b928c8fb3b4ea69c18670d8c37f13f18c7019494db5c84bcc1a1de93cd83e17dff8d2294644ee0ea2812838cf9259f5d5ddc7c2dac40f600607f783609635575980cfa0633eff19a3c0e665bdb17112038e35e6c56958ebb151ba07ab9143e8af3d425cf9e42b10", 0xd2}], 0x7, &(0x7f00000009c0), 0x0, 0x4000804}], 0x1, 0x10) r5 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000d80)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000d40)={&(0x7f0000000d00)=@ipv4_getnexthop={0x20, 0x6a, 0x88d762acecfe8c53, 0x70bd25, 0x25dfdbfc, {}, [@NHA_FDB={0x4}, @NHA_FDB={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x200080c0}, 0x4000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) socket(0x10, 0x3, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000030400"/18, @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e64000000", @ANYRES32=r6], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r8, 0xc020f509, &(0x7f0000000180)={0xffffffffffffffff, 0x9, 0xfffffffffffffe00, 0xb}) r10 = socket(0x1, 0x803, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r12 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'veth1\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r13}, @IFLA_MASTER={0x8, 0xa, r11}]}, 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0) 355.66653ms ago: executing program 1 (id=583): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000020c0)=""/4083, 0xff3}, {&(0x7f0000000000)=""/95, 0x5f}, {&(0x7f0000002040)=""/107, 0x6b}, {&(0x7f0000001040)=""/4065, 0xfe1}, {&(0x7f0000000240)=""/240, 0xf0}, {&(0x7f0000000440)=""/86, 0x56}], 0x6}, 0x4) sendmsg$inet(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0) 0s ago: executing program 0 (id=584): socket$alg(0x26, 0x5, 0x0) setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x7, &(0x7f0000000040)=0x1ff, 0x4) setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x1, &(0x7f0000000000), 0x4) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002cbd7000040000000500b600080009000200000008000c00a60a0000060001000500004008000b"], 0x40}, 0x1, 0x0, 0x0, 0xc100}, 0x4040) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r5, 0x325, 0x0, 0x0, {0x8}}, 0x14}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.42' (ED25519) to the list of known hosts. [ 80.509524][ T5826] cgroup: Unknown subsys name 'net' [ 80.684611][ T5826] cgroup: Unknown subsys name 'cpuset' [ 80.694552][ T5826] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.334668][ T5826] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.827173][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.835544][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.843461][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.889620][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.897592][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.923672][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.931987][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.939929][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.952502][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.976888][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.999566][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.017446][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.027558][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.059139][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.066963][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.138762][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.147149][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.155312][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.163457][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.171789][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.215594][ T5845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.224151][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.232902][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.241095][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.250186][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 85.627287][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 85.761055][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 85.935978][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.944413][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.952298][ T5840] bridge_slave_0: entered allmulticast mode [ 85.960920][ T5840] bridge_slave_0: entered promiscuous mode [ 86.008371][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.015823][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.023289][ T5840] bridge_slave_1: entered allmulticast mode [ 86.031184][ T5840] bridge_slave_1: entered promiscuous mode [ 86.038283][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.045499][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.053379][ T5836] bridge_slave_0: entered allmulticast mode [ 86.061032][ T5836] bridge_slave_0: entered promiscuous mode [ 86.073056][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.080898][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.088087][ T5836] bridge_slave_1: entered allmulticast mode [ 86.095491][ T5836] bridge_slave_1: entered promiscuous mode [ 86.102210][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 86.271282][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.284439][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.302744][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.361217][ T5836] team0: Port device team_slave_0 added [ 86.376391][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.388336][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 86.418087][ T5836] team0: Port device team_slave_1 added [ 86.498768][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.505798][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.531927][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.571988][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 86.590705][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.597695][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.624387][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.651640][ T5840] team0: Port device team_slave_0 added [ 86.658017][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.665292][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.672710][ T5844] bridge_slave_0: entered allmulticast mode [ 86.680885][ T5844] bridge_slave_0: entered promiscuous mode [ 86.715936][ T5840] team0: Port device team_slave_1 added [ 86.737008][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.744593][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.751943][ T5844] bridge_slave_1: entered allmulticast mode [ 86.759529][ T5844] bridge_slave_1: entered promiscuous mode [ 86.874487][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.881677][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.908083][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.922845][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.936532][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.936747][ T5839] Bluetooth: hci0: command tx timeout [ 86.964997][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.976410][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.983734][ T5848] bridge_slave_0: entered allmulticast mode [ 86.995648][ T5848] bridge_slave_0: entered promiscuous mode [ 87.009150][ T5839] Bluetooth: hci1: command tx timeout [ 87.036018][ T5836] hsr_slave_0: entered promiscuous mode [ 87.047017][ T5836] hsr_slave_1: entered promiscuous mode [ 87.055002][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.066700][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.097561][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.160986][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.168325][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.175781][ T5839] Bluetooth: hci2: command tx timeout [ 87.176457][ T5848] bridge_slave_1: entered allmulticast mode [ 87.190104][ T5848] bridge_slave_1: entered promiscuous mode [ 87.249240][ T5839] Bluetooth: hci3: command tx timeout [ 87.251885][ T5844] team0: Port device team_slave_0 added [ 87.315291][ T5844] team0: Port device team_slave_1 added [ 87.329295][ T5839] Bluetooth: hci4: command tx timeout [ 87.420989][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.428258][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.437846][ T5851] bridge_slave_0: entered allmulticast mode [ 87.445715][ T5851] bridge_slave_0: entered promiscuous mode [ 87.455958][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.471405][ T5840] hsr_slave_0: entered promiscuous mode [ 87.477923][ T5840] hsr_slave_1: entered promiscuous mode [ 87.484211][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.492148][ T5840] Cannot create hsr debugfs directory [ 87.518502][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.528282][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.535741][ T5851] bridge_slave_1: entered allmulticast mode [ 87.543947][ T5851] bridge_slave_1: entered promiscuous mode [ 87.553737][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.586361][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.594019][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.620501][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.664536][ T5848] team0: Port device team_slave_0 added [ 87.692626][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.700162][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.726239][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.760669][ T5848] team0: Port device team_slave_1 added [ 87.788144][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.844025][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.918600][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.925735][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.952084][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.964463][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.972278][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.998845][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.039530][ T5851] team0: Port device team_slave_0 added [ 88.076871][ T5844] hsr_slave_0: entered promiscuous mode [ 88.083478][ T5844] hsr_slave_1: entered promiscuous mode [ 88.092277][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.100040][ T5844] Cannot create hsr debugfs directory [ 88.114380][ T5851] team0: Port device team_slave_1 added [ 88.240519][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.247556][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.274059][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.305427][ T5848] hsr_slave_0: entered promiscuous mode [ 88.312377][ T5848] hsr_slave_1: entered promiscuous mode [ 88.318562][ T5848] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.326317][ T5848] Cannot create hsr debugfs directory [ 88.342985][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.350140][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.376316][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.567843][ T5836] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.593547][ T5851] hsr_slave_0: entered promiscuous mode [ 88.600697][ T5851] hsr_slave_1: entered promiscuous mode [ 88.606831][ T5851] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.614859][ T5851] Cannot create hsr debugfs directory [ 88.632588][ T5836] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.674519][ T5836] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.741321][ T5836] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.868446][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.898667][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.910836][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.953726][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.010023][ T5839] Bluetooth: hci0: command tx timeout [ 89.086556][ T5844] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.099444][ T5839] Bluetooth: hci1: command tx timeout [ 89.113836][ T5844] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.127436][ T5844] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.165670][ T5844] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.250941][ T5848] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.264771][ T5839] Bluetooth: hci2: command tx timeout [ 89.285898][ T5848] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.297887][ T5848] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.311419][ T5848] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.329378][ T5839] Bluetooth: hci3: command tx timeout [ 89.393772][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.409877][ T5839] Bluetooth: hci4: command tx timeout [ 89.414638][ T5851] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 89.428108][ T5851] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 89.440362][ T5851] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 89.454651][ T5851] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 89.525563][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.538105][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.603281][ T1325] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.611124][ T1325] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.644097][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.662315][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.669591][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.714062][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.721269][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.755186][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.790329][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.797481][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.871518][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.912229][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.930557][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.937798][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.957360][ T5836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.984375][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.991659][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.004256][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.067453][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.111551][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.163450][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.170702][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.183372][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.190678][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.203822][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.211049][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.263288][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.270532][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.397065][ T5848] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.666205][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.701818][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.903544][ T5836] veth0_vlan: entered promiscuous mode [ 90.981631][ T5836] veth1_vlan: entered promiscuous mode [ 91.001992][ T5840] veth0_vlan: entered promiscuous mode [ 91.039738][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.060819][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.089834][ T5839] Bluetooth: hci0: command tx timeout [ 91.098261][ T5840] veth1_vlan: entered promiscuous mode [ 91.121254][ T5836] veth0_macvtap: entered promiscuous mode [ 91.147770][ T5836] veth1_macvtap: entered promiscuous mode [ 91.170424][ T5839] Bluetooth: hci1: command tx timeout [ 91.194837][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.216228][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.266989][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.285971][ T5836] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.295575][ T5836] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.308745][ T5836] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.318910][ T5836] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.331684][ T5839] Bluetooth: hci2: command tx timeout [ 91.366454][ T5844] veth0_vlan: entered promiscuous mode [ 91.382690][ T5840] veth0_macvtap: entered promiscuous mode [ 91.395993][ T5848] veth0_vlan: entered promiscuous mode [ 91.409214][ T5839] Bluetooth: hci3: command tx timeout [ 91.435293][ T5844] veth1_vlan: entered promiscuous mode [ 91.454184][ T5848] veth1_vlan: entered promiscuous mode [ 91.468757][ T5840] veth1_macvtap: entered promiscuous mode [ 91.489874][ T5839] Bluetooth: hci4: command tx timeout [ 91.583963][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.646460][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.666913][ T5840] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.676161][ T5840] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.686439][ T5840] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.695742][ T5840] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.723366][ T5844] veth0_macvtap: entered promiscuous mode [ 91.738032][ T5844] veth1_macvtap: entered promiscuous mode [ 91.748830][ T5848] veth0_macvtap: entered promiscuous mode [ 91.770750][ T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.779866][ T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.788672][ T5848] veth1_macvtap: entered promiscuous mode [ 91.849963][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.866439][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.918770][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.937802][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.956344][ T5844] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.965895][ T2997] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.966084][ T5844] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.985356][ T5844] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.987894][ T2997] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.995164][ T5844] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.025697][ T5848] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.035062][ T5848] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.044068][ T5848] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.054122][ T43] cfg80211: failed to load regulatory.db [ 92.056615][ T5848] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.072593][ T5851] veth0_vlan: entered promiscuous mode [ 92.157228][ T2997] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.165029][ T5851] veth1_vlan: entered promiscuous mode [ 92.183880][ T2997] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.192497][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 92.280661][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.288539][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.380761][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.395216][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.448480][ T5954] Illegal XDP return value 4294967294 on prog (id 2) dev N/A, expect packet loss! [ 92.478928][ T5851] veth0_macvtap: entered promiscuous mode [ 92.513453][ T2997] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.533522][ T5851] veth1_macvtap: entered promiscuous mode [ 92.553712][ T2997] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.620972][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.667413][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.717162][ T5958] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3'. [ 92.741370][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.777026][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.801685][ T5958] syz.2.3 uses obsolete (PF_INET,SOCK_PACKET) [ 92.810480][ T5851] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.819305][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.819325][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.857812][ T5851] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.867373][ T5851] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.876893][ T5851] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.076769][ T5963] netlink: 'syz.0.6': attribute type 16 has an invalid length. [ 93.124370][ T5963] netlink: 'syz.0.6': attribute type 17 has an invalid length. [ 93.169617][ T5839] Bluetooth: hci0: command tx timeout [ 93.235380][ T5963] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 93.260006][ T5839] Bluetooth: hci1: command tx timeout [ 93.409858][ T5839] Bluetooth: hci2: command tx timeout [ 93.492190][ T5839] Bluetooth: hci3: command tx timeout [ 93.570027][ T5839] Bluetooth: hci4: command tx timeout [ 93.611082][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.630010][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.893672][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.903169][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.909349][ T5985] netlink: 112 bytes leftover after parsing attributes in process `syz.0.10'. [ 94.017274][ T5988] netlink: 'syz.3.11': attribute type 1 has an invalid length. [ 94.028409][ T5988] netlink: 'syz.3.11': attribute type 2 has an invalid length. [ 94.984640][ T5988] netlink: 28 bytes leftover after parsing attributes in process `syz.3.11'. [ 95.014295][ T5994] netlink: 'syz.2.12': attribute type 16 has an invalid length. [ 95.028467][ T5994] netlink: 'syz.2.12': attribute type 17 has an invalid length. [ 95.068956][ T5994] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 95.694773][ T6008] Bluetooth: MGMT ver 1.23 [ 95.877883][ T6017] warning: `syz.3.17' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 96.437789][ T6033] netlink: 4 bytes leftover after parsing attributes in process `syz.4.21'. [ 96.799755][ T6006] infiniband syz!: set down [ 96.815821][ T6006] infiniband syz!: added team_slave_0 [ 96.825666][ T6047] Zero length message leads to an empty skb [ 96.839481][ T6006] syz!: rxe_create_cq: returned err = -12 [ 96.872964][ T6006] infiniband syz!: Couldn't create ib_mad CQ [ 96.897552][ T6006] infiniband syz!: Couldn't open port 1 [ 96.923433][ T6047] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.035784][ T6045] syzkaller0: entered promiscuous mode [ 97.054068][ T6045] syzkaller0: entered allmulticast mode [ 97.060425][ T6006] RDS/IB: syz!: added [ 97.070830][ T6047] netlink: 8 bytes leftover after parsing attributes in process `syz.4.24'. [ 97.070912][ T6006] smc: adding ib device syz! with port count 1 [ 97.128977][ T6006] smc: ib device syz! port 1 has pnetid [ 97.817393][ T6072] netlink: 'syz.1.26': attribute type 16 has an invalid length. [ 97.868558][ T6072] netlink: 'syz.1.26': attribute type 17 has an invalid length. [ 99.086415][ T6072] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 99.352189][ T6084] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 99.407257][ T6086] netlink: 'syz.4.29': attribute type 3 has an invalid length. [ 99.492343][ T6092] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 99.566548][ T6092] netlink: 52 bytes leftover after parsing attributes in process `syz.1.30'. [ 99.834541][ T6098] wireguard0: entered promiscuous mode [ 99.853605][ T6106] netlink: 40 bytes leftover after parsing attributes in process `syz.2.34'. [ 99.871502][ T6098] wireguard0: entered allmulticast mode [ 99.896498][ T6107] netlink: 'syz.4.33': attribute type 1 has an invalid length. [ 99.927727][ T6107] netlink: 'syz.4.33': attribute type 2 has an invalid length. [ 100.035773][ T6097] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.108410][ T6107] netlink: 28 bytes leftover after parsing attributes in process `syz.4.33'. [ 100.218702][ T6097] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.387076][ T6116] netlink: 'syz.4.35': attribute type 1 has an invalid length. [ 100.445498][ T6115] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 100.605283][ T6097] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.788012][ T6097] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.048008][ T6097] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.091206][ T6097] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.160994][ T6097] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.227197][ T6097] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.496451][ T6131] netlink: 14 bytes leftover after parsing attributes in process `syz.1.39'. [ 101.821402][ T6131] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 101.837635][ T6131] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 101.853661][ T6131] bond0 (unregistering): Released all slaves [ 102.228068][ T6146] netlink: 4 bytes leftover after parsing attributes in process `syz.1.45'. [ 102.252456][ T6146] netlink: 4 bytes leftover after parsing attributes in process `syz.1.45'. [ 102.329627][ T10] IPVS: starting estimator thread 0... [ 102.357407][ T6152] netlink: 'syz.4.48': attribute type 1 has an invalid length. [ 102.383159][ T6146] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.449435][ T6151] IPVS: using max 35 ests per chain, 84000 per kthread [ 102.510903][ T6146] bridge_slave_0 (unregistering): left allmulticast mode [ 102.556660][ T6146] bridge_slave_0 (unregistering): left promiscuous mode [ 102.567489][ T6149] netlink: 12 bytes leftover after parsing attributes in process `syz.0.47'. [ 102.570162][ T6146] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.898210][ T6167] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 102.940160][ T6171] netlink: 24 bytes leftover after parsing attributes in process `syz.4.55'. [ 103.047797][ T6175] netlink: 44 bytes leftover after parsing attributes in process `syz.2.56'. [ 103.300604][ T6184] FAULT_INJECTION: forcing a failure. [ 103.300604][ T6184] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 103.322729][ T6184] CPU: 1 UID: 0 PID: 6184 Comm: syz.2.61 Not tainted 6.16.0-rc1-syzkaller-00413-gfc4842cd0f11 #0 PREEMPT(full) [ 103.322759][ T6184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 103.322779][ T6184] Call Trace: [ 103.322787][ T6184] [ 103.322795][ T6184] dump_stack_lvl+0x189/0x250 [ 103.322840][ T6184] ? __pfx____ratelimit+0x10/0x10 [ 103.322872][ T6184] ? __pfx_dump_stack_lvl+0x10/0x10 [ 103.322904][ T6184] ? __pfx__printk+0x10/0x10 [ 103.322928][ T6184] ? fs_reclaim_acquire+0x7d/0x100 [ 103.322961][ T6184] should_fail_ex+0x414/0x560 [ 103.322992][ T6184] prepare_alloc_pages+0x213/0x610 [ 103.323024][ T6184] __alloc_frozen_pages_noprof+0x123/0x370 [ 103.323054][ T6184] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 103.323091][ T6184] ? policy_nodemask+0x27c/0x720 [ 103.323110][ T6184] ? __lock_acquire+0xab9/0xd20 [ 103.323143][ T6184] alloc_pages_mpol+0x232/0x4a0 [ 103.323171][ T6184] alloc_pages_noprof+0xa9/0x190 [ 103.323193][ T6184] __pud_alloc+0x3a/0x260 [ 103.323229][ T6184] __handle_mm_fault+0x3573/0x5620 [ 103.323269][ T6184] ? mt_find+0x46f/0x5f0 [ 103.323291][ T6184] ? mt_find+0x15c/0x5f0 [ 103.323313][ T6184] ? __pfx___handle_mm_fault+0x10/0x10 [ 103.323364][ T6184] ? find_vma+0xe7/0x160 [ 103.323383][ T6184] ? __pfx_find_vma+0x10/0x10 [ 103.323405][ T6184] handle_mm_fault+0x40a/0x8e0 [ 103.323449][ T6184] do_user_addr_fault+0x764/0x1390 [ 103.323492][ T6184] exc_page_fault+0x76/0xf0 [ 103.323520][ T6184] ? __might_fault+0xb0/0x130 [ 103.323541][ T6184] asm_exc_page_fault+0x26/0x30 [ 103.323560][ T6184] RIP: 0010:__get_user_4+0x14/0x20 [ 103.323587][ T6184] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca e9 40 f0 03 00 90 90 90 90 90 90 90 90 90 90 [ 103.323604][ T6184] RSP: 0018:ffffc9000b2ffd40 EFLAGS: 00050287 [ 103.323623][ T6184] RAX: 0000200000000300 RBX: 0000200000000300 RCX: a67a07724a2fd700 [ 103.323638][ T6184] RDX: 00007ffffffff000 RSI: ffffffff8db6fa5c RDI: ffffffff8be28300 [ 103.323652][ T6184] RBP: 000000000000000c R08: 0000000000000000 R09: ffffffff820c4de0 [ 103.323671][ T6184] R10: ffffc9000b2ffdc0 R11: ffffffff898c2250 R12: 1ffff9200165ffb4 [ 103.323686][ T6184] R13: 000000000000000c R14: 0000000000000000 R15: ffffc9000b2ffdc0 [ 103.323717][ T6184] ? __pfx_netlink_getname+0x10/0x10 [ 103.323740][ T6184] ? __might_fault+0xb0/0x130 [ 103.323765][ T6184] move_addr_to_user+0x4b/0x200 [ 103.323792][ T6184] __sys_getpeername+0x1c6/0x270 [ 103.323820][ T6184] ? __pfx___sys_getpeername+0x10/0x10 [ 103.323876][ T6184] ? __pfx_ksys_write+0x10/0x10 [ 103.323892][ T6184] ? rcu_is_watching+0x15/0xb0 [ 103.323931][ T6184] __x64_sys_getpeername+0x7b/0x90 [ 103.323959][ T6184] do_syscall_64+0xfa/0x3b0 [ 103.323977][ T6184] ? lockdep_hardirqs_on+0x9c/0x150 [ 103.324007][ T6184] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.324027][ T6184] ? clear_bhb_loop+0x60/0xb0 [ 103.324052][ T6184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.324071][ T6184] RIP: 0033:0x7fa5dcd8e929 [ 103.324094][ T6184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.324110][ T6184] RSP: 002b:00007fa5ddb56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000034 [ 103.324129][ T6184] RAX: ffffffffffffffda RBX: 00007fa5dcfb5fa0 RCX: 00007fa5dcd8e929 [ 103.324142][ T6184] RDX: 0000200000000300 RSI: 0000000000000000 RDI: 0000000000000003 [ 103.324155][ T6184] RBP: 00007fa5ddb56090 R08: 0000000000000000 R09: 0000000000000000 [ 103.324166][ T6184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.324177][ T6184] R13: 0000000000000000 R14: 00007fa5dcfb5fa0 R15: 00007ffddbbd87f8 [ 103.324213][ T6184] [ 103.787869][ T6189] netlink: 724 bytes leftover after parsing attributes in process `syz.0.64'. [ 103.971302][ T6195] netlink: 'syz.4.67': attribute type 8 has an invalid length. [ 104.102700][ T6201] FAULT_INJECTION: forcing a failure. [ 104.102700][ T6201] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 104.141040][ T6201] CPU: 1 UID: 0 PID: 6201 Comm: syz.2.68 Not tainted 6.16.0-rc1-syzkaller-00413-gfc4842cd0f11 #0 PREEMPT(full) [ 104.141069][ T6201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 104.141081][ T6201] Call Trace: [ 104.141089][ T6201] [ 104.141098][ T6201] dump_stack_lvl+0x189/0x250 [ 104.141136][ T6201] ? __pfx____ratelimit+0x10/0x10 [ 104.141168][ T6201] ? __pfx_dump_stack_lvl+0x10/0x10 [ 104.141200][ T6201] ? __pfx__printk+0x10/0x10 [ 104.141223][ T6201] ? __might_fault+0xb0/0x130 [ 104.141255][ T6201] should_fail_ex+0x414/0x560 [ 104.141286][ T6201] _copy_from_iter+0x1db/0x16f0 [ 104.141320][ T6201] ? sock_alloc_send_pskb+0x875/0x990 [ 104.141358][ T6201] ? __pfx__copy_from_iter+0x10/0x10 [ 104.141397][ T6201] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 104.141433][ T6201] skb_copy_datagram_from_iter+0xf5/0x720 [ 104.141469][ T6201] ? dev_get_by_index+0x22/0x2e0 [ 104.141488][ T6201] ? skb_put+0x11b/0x210 [ 104.141519][ T6201] packet_sendmsg+0x3abb/0x53f0 [ 104.141561][ T6201] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 104.141607][ T6201] ? __pfx___might_resched+0x10/0x10 [ 104.141638][ T6201] ? __lock_acquire+0xab9/0xd20 [ 104.141682][ T6201] ? __pfx_packet_sendmsg+0x10/0x10 [ 104.141707][ T6201] ? aa_sk_perm+0x81e/0x950 [ 104.141738][ T6201] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 104.141774][ T6201] ? __lock_acquire+0xab9/0xd20 [ 104.141800][ T6201] ? aa_sock_msg_perm+0x94/0x160 [ 104.141837][ T6201] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 104.141862][ T6201] ? __pfx_packet_sendmsg+0x10/0x10 [ 104.141891][ T6201] __sock_sendmsg+0x21c/0x270 [ 104.141916][ T6201] ____sys_sendmsg+0x52d/0x830 [ 104.141951][ T6201] ? __pfx_____sys_sendmsg+0x10/0x10 [ 104.141990][ T6201] ? import_iovec+0x74/0xa0 [ 104.142014][ T6201] ___sys_sendmsg+0x21f/0x2a0 [ 104.142046][ T6201] ? __pfx____sys_sendmsg+0x10/0x10 [ 104.142115][ T6201] ? __fget_files+0x2a/0x420 [ 104.142137][ T6201] ? __fget_files+0x3a0/0x420 [ 104.142170][ T6201] __sys_sendmmsg+0x227/0x430 [ 104.142205][ T6201] ? __pfx___sys_sendmmsg+0x10/0x10 [ 104.142231][ T6201] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 104.142277][ T6201] ? ksys_write+0x22a/0x250 [ 104.142298][ T6201] ? __pfx_ksys_write+0x10/0x10 [ 104.142314][ T6201] ? rcu_is_watching+0x15/0xb0 [ 104.142353][ T6201] __x64_sys_sendmmsg+0xa0/0xc0 [ 104.142385][ T6201] do_syscall_64+0xfa/0x3b0 [ 104.142404][ T6201] ? lockdep_hardirqs_on+0x9c/0x150 [ 104.142434][ T6201] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.142454][ T6201] ? clear_bhb_loop+0x60/0xb0 [ 104.142479][ T6201] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.142498][ T6201] RIP: 0033:0x7fa5dcd8e929 [ 104.142516][ T6201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.142532][ T6201] RSP: 002b:00007fa5ddb56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 104.142552][ T6201] RAX: ffffffffffffffda RBX: 00007fa5dcfb5fa0 RCX: 00007fa5dcd8e929 [ 104.142566][ T6201] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 0000000000000011 [ 104.142579][ T6201] RBP: 00007fa5ddb56090 R08: 0000000000000000 R09: 0000000000000000 [ 104.142590][ T6201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 104.142601][ T6201] R13: 0000000000000000 R14: 00007fa5dcfb5fa0 R15: 00007ffddbbd87f8 [ 104.142632][ T6201] [ 105.325704][ T6242] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 105.351783][ T6242] CPU: 1 UID: 0 PID: 6242 Comm: syz.3.85 Not tainted 6.16.0-rc1-syzkaller-00413-gfc4842cd0f11 #0 PREEMPT(full) [ 105.351813][ T6242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 105.351827][ T6242] Call Trace: [ 105.351834][ T6242] [ 105.351843][ T6242] dump_stack_lvl+0x189/0x250 [ 105.351885][ T6242] ? __pfx_dump_stack_lvl+0x10/0x10 [ 105.351918][ T6242] ? __pfx__printk+0x10/0x10 [ 105.351941][ T6242] ? kernfs_path_from_node+0x2c/0x260 [ 105.351966][ T6242] ? kernfs_path_from_node+0x2c/0x260 [ 105.351989][ T6242] ? kernfs_path_from_node+0x2c/0x260 [ 105.352015][ T6242] ? kernfs_path_from_node+0x22c/0x260 [ 105.352038][ T6242] ? kernfs_path_from_node+0x2c/0x260 [ 105.352065][ T6242] sysfs_warn_dup+0x8e/0xa0 [ 105.352088][ T6242] sysfs_do_create_link_sd+0xc0/0x110 [ 105.352115][ T6242] device_add_class_symlinks+0x1cf/0x240 [ 105.352142][ T6242] device_add+0x475/0xb50 [ 105.352168][ T6242] wiphy_register+0x199a/0x26b0 [ 105.352216][ T6242] ? __pfx_wiphy_register+0x10/0x10 [ 105.352238][ T6242] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 105.352271][ T6242] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 105.352303][ T6242] ieee80211_register_hw+0x33e1/0x4120 [ 105.352350][ T6242] ? ieee80211_register_hw+0x1441/0x4120 [ 105.352389][ T6242] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 105.352423][ T6242] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 105.352470][ T6242] ? __hrtimer_setup+0x187/0x210 [ 105.352499][ T6242] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 105.352530][ T6242] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 105.352587][ T6242] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 105.352609][ T6242] ? trace_kmalloc+0x1f/0xd0 [ 105.352625][ T6242] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 105.352645][ T6242] ? kstrndup+0xbf/0x160 [ 105.352681][ T6242] hwsim_new_radio_nl+0xea4/0x1b10 [ 105.352709][ T6242] ? __pfx___nla_validate_parse+0x10/0x10 [ 105.352756][ T6242] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 105.352794][ T6242] ? __nla_parse+0x40/0x60 [ 105.352828][ T6242] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 105.352871][ T6242] genl_family_rcv_msg_doit+0x212/0x300 [ 105.352911][ T6242] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 105.352958][ T6242] ? bpf_lsm_capable+0x9/0x20 [ 105.352975][ T6242] ? security_capable+0x7e/0x2e0 [ 105.353008][ T6242] genl_rcv_msg+0x60e/0x790 [ 105.353046][ T6242] ? __pfx_genl_rcv_msg+0x10/0x10 [ 105.353076][ T6242] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 105.353116][ T6242] netlink_rcv_skb+0x205/0x470 [ 105.353141][ T6242] ? __pfx_genl_rcv_msg+0x10/0x10 [ 105.353173][ T6242] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 105.353217][ T6242] ? down_read+0x1ad/0x2e0 [ 105.353241][ T6242] genl_rcv+0x28/0x40 [ 105.353269][ T6242] netlink_unicast+0x758/0x8d0 [ 105.353303][ T6242] netlink_sendmsg+0x805/0xb30 [ 105.353338][ T6242] ? __pfx_netlink_sendmsg+0x10/0x10 [ 105.353367][ T6242] ? aa_sock_msg_perm+0x94/0x160 [ 105.353394][ T6242] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 105.353420][ T6242] ? __pfx_netlink_sendmsg+0x10/0x10 [ 105.353450][ T6242] __sock_sendmsg+0x21c/0x270 [ 105.353476][ T6242] ____sys_sendmsg+0x505/0x830 [ 105.353511][ T6242] ? __pfx_____sys_sendmsg+0x10/0x10 [ 105.353551][ T6242] ? import_iovec+0x74/0xa0 [ 105.353575][ T6242] ___sys_sendmsg+0x21f/0x2a0 [ 105.353607][ T6242] ? __pfx____sys_sendmsg+0x10/0x10 [ 105.353679][ T6242] ? __fget_files+0x2a/0x420 [ 105.353701][ T6242] ? __fget_files+0x3a0/0x420 [ 105.353736][ T6242] __x64_sys_sendmsg+0x19b/0x260 [ 105.353768][ T6242] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 105.353811][ T6242] ? rcu_is_watching+0x15/0xb0 [ 105.353847][ T6242] ? do_syscall_64+0xbe/0x3b0 [ 105.353872][ T6242] do_syscall_64+0xfa/0x3b0 [ 105.353889][ T6242] ? lockdep_hardirqs_on+0x9c/0x150 [ 105.353919][ T6242] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.353938][ T6242] ? clear_bhb_loop+0x60/0xb0 [ 105.353982][ T6242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.354001][ T6242] RIP: 0033:0x7f45ad58e929 [ 105.354020][ T6242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.354037][ T6242] RSP: 002b:00007f45ae42c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 105.354058][ T6242] RAX: ffffffffffffffda RBX: 00007f45ad7b5fa0 RCX: 00007f45ad58e929 [ 105.354074][ T6242] RDX: 0000000000000020 RSI: 0000200000000040 RDI: 0000000000000004 [ 105.354086][ T6242] RBP: 00007f45ad610b39 R08: 0000000000000000 R09: 0000000000000000 [ 105.354098][ T6242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.354110][ T6242] R13: 0000000000000000 R14: 00007f45ad7b5fa0 R15: 00007ffd27004b08 [ 105.354144][ T6242] [ 106.457647][ T6276] __nla_validate_parse: 2 callbacks suppressed [ 106.457668][ T6276] netlink: 56 bytes leftover after parsing attributes in process `syz.0.93'. [ 106.480728][ T6273] netlink: 14 bytes leftover after parsing attributes in process `syz.2.91'. [ 106.675247][ T6273] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 106.703870][ T6273] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 106.731970][ T6273] bond0 (unregistering): Released all slaves [ 107.013396][ T6280] netlink: 32 bytes leftover after parsing attributes in process `syz.0.95'. [ 107.070809][ T6284] xt_TCPMSS: Only works on TCP SYN packets [ 107.272193][ T6289] netlink: 'syz.4.99': attribute type 1 has an invalid length. [ 107.312551][ T6289] netlink: 'syz.4.99': attribute type 2 has an invalid length. [ 107.356025][ T6289] netlink: 12 bytes leftover after parsing attributes in process `syz.4.99'. [ 107.472868][ T6289] netlink: 28 bytes leftover after parsing attributes in process `syz.4.99'. [ 107.518908][ T6298] netlink: 8 bytes leftover after parsing attributes in process `syz.0.102'. [ 107.873573][ T6309] xt_hashlimit: size too large, truncated to 1048576 [ 107.989675][ T6311] bridge1: entered promiscuous mode [ 107.994956][ T6311] bridge1: entered allmulticast mode [ 108.503449][ T6325] Cannot find del_set index 0 as target [ 108.683061][ T6332] netlink: 24 bytes leftover after parsing attributes in process `syz.1.116'. [ 108.862483][ T6337] netlink: 'syz.0.118': attribute type 1 has an invalid length. [ 108.873857][ T6337] netlink: 'syz.0.118': attribute type 2 has an invalid length. [ 108.921642][ T6337] netlink: 12 bytes leftover after parsing attributes in process `syz.0.118'. [ 109.033604][ T6337] netlink: 28 bytes leftover after parsing attributes in process `syz.0.118'. [ 109.544836][ T6357] netlink: 'syz.3.126': attribute type 5 has an invalid length. [ 109.574449][ T6359] netlink: 'syz.4.125': attribute type 1 has an invalid length. [ 109.647867][ T6359] netlink: 'syz.4.125': attribute type 2 has an invalid length. [ 109.695477][ T6364] netlink: 12 bytes leftover after parsing attributes in process `syz.4.125'. [ 110.632295][ T6408] netlink: 'syz.4.137': attribute type 16 has an invalid length. [ 110.640330][ T6408] netlink: 'syz.4.137': attribute type 17 has an invalid length. [ 110.747369][ T6408] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 111.027917][ T6415] netlink: 'syz.3.140': attribute type 1 has an invalid length. [ 111.608258][ T6431] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 111.816876][ T6435] bond0: entered promiscuous mode [ 111.827714][ T6435] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.870117][ T6441] bond0: (slave bridge2): making interface the new active one [ 111.877763][ T6441] bridge2: entered promiscuous mode [ 111.896231][ T6441] bond0: (slave bridge2): Enslaving as an active interface with an up link [ 111.955805][ T6444] veth1_to_bond: entered allmulticast mode [ 111.983273][ T6444] __nla_validate_parse: 4 callbacks suppressed [ 111.983292][ T6444] netlink: 4 bytes leftover after parsing attributes in process `syz.0.150'. [ 112.041148][ T6448] netlink: 40 bytes leftover after parsing attributes in process `syz.2.151'. [ 112.053133][ T6444] bond0: (slave bond_slave_1): Releasing backup interface [ 112.087380][ T6444] veth1_to_bond (unregistering): left allmulticast mode [ 112.388872][ T6452] netlink: 12 bytes leftover after parsing attributes in process `syz.0.152'. [ 112.687802][ T6462] validate_nla: 3 callbacks suppressed [ 112.687823][ T6462] netlink: 'syz.4.156': attribute type 1 has an invalid length. [ 112.705295][ T6462] netlink: 'syz.4.156': attribute type 2 has an invalid length. [ 112.781677][ T6462] netlink: 28 bytes leftover after parsing attributes in process `syz.4.156'. [ 112.822980][ T6466] netlink: 'syz.0.155': attribute type 16 has an invalid length. [ 112.831477][ T6466] netlink: 'syz.0.155': attribute type 17 has an invalid length. [ 112.851484][ T6466] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 112.882426][ T6465] netlink: 'syz.1.157': attribute type 1 has an invalid length. [ 113.153283][ T6472] trusted_key: syz.3.162 sent an empty control message without MSG_MORE. [ 113.644947][ T6486] netlink: 60 bytes leftover after parsing attributes in process `syz.2.160'. [ 113.697265][ T6483] netlink: 60 bytes leftover after parsing attributes in process `syz.2.160'. [ 113.756288][ T6487] syz.4.166: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 113.785267][ T6495] netlink: 'syz.1.169': attribute type 1 has an invalid length. [ 113.811066][ T6495] netlink: 'syz.1.169': attribute type 2 has an invalid length. [ 113.831143][ T6487] CPU: 0 UID: 0 PID: 6487 Comm: syz.4.166 Not tainted 6.16.0-rc1-syzkaller-00413-gfc4842cd0f11 #0 PREEMPT(full) [ 113.831171][ T6487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.831183][ T6487] Call Trace: [ 113.831190][ T6487] [ 113.831199][ T6487] dump_stack_lvl+0x189/0x250 [ 113.831239][ T6487] ? __pfx_dump_stack_lvl+0x10/0x10 [ 113.831269][ T6487] ? __pfx__printk+0x10/0x10 [ 113.831289][ T6487] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 113.831310][ T6487] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 113.831334][ T6487] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 113.831359][ T6487] warn_alloc+0x214/0x310 [ 113.831382][ T6487] ? stack_depot_save_flags+0x429/0x900 [ 113.831412][ T6487] ? __pfx_warn_alloc+0x10/0x10 [ 113.831454][ T6487] ? kasan_save_track+0x4f/0x80 [ 113.831486][ T6487] ? xskq_create+0x56/0x170 [ 113.831516][ T6487] ? xsk_init_queue+0xb0/0x110 [ 113.831542][ T6487] ? xsk_setsockopt+0x43f/0x710 [ 113.831567][ T6487] ? do_sock_setsockopt+0x25a/0x3e0 [ 113.831592][ T6487] ? __x64_sys_setsockopt+0x18b/0x220 [ 113.831617][ T6487] ? do_syscall_64+0xfa/0x3b0 [ 113.831635][ T6487] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.831674][ T6487] __vmalloc_node_range_noprof+0x125/0x12f0 [ 113.831732][ T6487] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 113.831762][ T6487] ? __kasan_kmalloc+0x93/0xb0 [ 113.831804][ T6487] vmalloc_user_noprof+0xad/0xf0 [ 113.831828][ T6487] ? xskq_create+0xbf/0x170 [ 113.831861][ T6487] xskq_create+0xbf/0x170 [ 113.831895][ T6487] xsk_init_queue+0xb0/0x110 [ 113.831928][ T6487] xsk_setsockopt+0x43f/0x710 [ 113.831962][ T6487] ? __pfx_xsk_setsockopt+0x10/0x10 [ 113.831991][ T6487] ? __lock_acquire+0xab9/0xd20 [ 113.832033][ T6487] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 113.832060][ T6487] ? __pfx_xsk_setsockopt+0x10/0x10 [ 113.832092][ T6487] do_sock_setsockopt+0x25a/0x3e0 [ 113.832123][ T6487] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 113.832158][ T6487] ? __fget_files+0x2a/0x420 [ 113.832190][ T6487] __x64_sys_setsockopt+0x18b/0x220 [ 113.832225][ T6487] do_syscall_64+0xfa/0x3b0 [ 113.832244][ T6487] ? lockdep_hardirqs_on+0x9c/0x150 [ 113.832277][ T6487] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.832298][ T6487] ? clear_bhb_loop+0x60/0xb0 [ 113.832325][ T6487] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.832345][ T6487] RIP: 0033:0x7f5960d8e929 [ 113.832364][ T6487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.832381][ T6487] RSP: 002b:00007f5961b84038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 113.832403][ T6487] RAX: ffffffffffffffda RBX: 00007f5960fb5fa0 RCX: 00007f5960d8e929 [ 113.832418][ T6487] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008 [ 113.832430][ T6487] RBP: 00007f5960e10b39 R08: 0000000000000004 R09: 0000000000000000 [ 113.832443][ T6487] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 113.832455][ T6487] R13: 0000000000000000 R14: 00007f5960fb5fa0 R15: 00007fff7199bf48 [ 113.832488][ T6487] [ 113.832509][ T6487] Mem-Info: [ 113.902487][ T6498] netlink: 28 bytes leftover after parsing attributes in process `syz.1.169'. [ 113.919525][ T6487] active_anon:5334 inactive_anon:0 isolated_anon:0 [ 113.919525][ T6487] active_file:1408 inactive_file:39830 isolated_file:0 [ 113.919525][ T6487] unevictable:768 dirty:276 writeback:0 [ 113.919525][ T6487] slab_reclaimable:10163 slab_unreclaimable:98008 [ 113.919525][ T6487] mapped:29407 shmem:1377 pagetables:1158 [ 113.919525][ T6487] sec_pagetables:0 bounce:0 [ 113.919525][ T6487] kernel_misc_reclaimable:0 [ 113.919525][ T6487] free:1330763 free_pcp:19384 free_cma:0 [ 113.919612][ T6487] Node 0 active_anon:21336kB inactive_anon:0kB active_file:5632kB inactive_file:159120kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:117628kB dirty:1100kB writeback:0kB shmem:3972kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11680kB pagetables:4496kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 114.320706][ T6487] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 114.415039][ T6508] netlink: 14 bytes leftover after parsing attributes in process `syz.0.174'. [ 114.448372][ T6487] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 114.563738][ T6487] lowmem_reserve[]: 0 2501 2502 2502 2502 [ 114.591416][ T6512] netlink: 4 bytes leftover after parsing attributes in process `syz.2.176'. [ 114.600811][ T6487] Node 0 DMA32 free:1399296kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:21384kB inactive_anon:0kB active_file:5632kB inactive_file:157280kB unevictable:1536kB writepending:120kB present:3129332kB managed:2561036kB mlocked:0kB bounce:0kB free_pcp:61432kB local_pcp:20824kB free_cma:0kB [ 114.647764][ T6487] lowmem_reserve[]: 0 0 1 1 1 [ 114.656881][ T6487] Node 0 Normal free:4kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1840kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 114.687410][ T6487] lowmem_reserve[]: 0 0 0 0 0 [ 114.692316][ T6487] Node 1 Normal free:3908200kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:15840kB local_pcp:5888kB free_cma:0kB [ 114.728130][ T6487] lowmem_reserve[]: 0 0 0 0 0 [ 114.734855][ T6518] netlink: 8 bytes leftover after parsing attributes in process `syz.2.176'. [ 114.744413][ T6512] openvswitch: netlink: nsh attr 8194 is out of range max 3 [ 114.752140][ T6512] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 114.762950][ T6518] openvswitch: netlink: nsh attr 8194 is out of range max 3 [ 114.772906][ T6487] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 114.787800][ T6518] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 114.789786][ T6487] Node 0 DMA32: 456*4kB (UM) 268*8kB (M) 122*16kB (UME) 155*32kB (UM) 70*64kB (UME) 14*128kB (UM) 17*256kB (UM) 13*512kB (ME) 9*1024kB (UME) 7*2048kB (UM) 329*4096kB (M) = 1399296kB [ 114.817138][ T6487] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 114.834232][ T6487] Node 1 Normal: 198*4kB (UME) 46*8kB (UME) 52*16kB (UME) 81*32kB (UME) 20*64kB (UME) 11*128kB (UME) 4*256kB (UM) 3*512kB (UM) 1*1024kB (M) 1*2048kB (U) 951*4096kB (ME) = 3908200kB [ 114.860149][ T6487] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 114.873576][ T6487] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 114.885105][ T6487] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 114.895223][ T6487] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 114.905954][ T6487] 42597 total pagecache pages [ 114.911197][ T6487] 0 pages in swap cache [ 114.915937][ T6487] Free swap = 124996kB [ 114.920942][ T6487] Total swap = 124996kB [ 114.925207][ T6487] 2097051 pages RAM [ 114.930349][ T6487] 0 pages HighMem/MovableOnly [ 114.935292][ T6487] 424686 pages reserved [ 114.940115][ T6487] 0 pages cma reserved [ 115.097772][ T6508] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 115.109895][ T6508] bond0 (unregistering): Released all slaves [ 115.186382][ T6517] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.356870][ T6533] netlink: 'syz.4.178': attribute type 16 has an invalid length. [ 115.374637][ T6533] netlink: 'syz.4.178': attribute type 17 has an invalid length. [ 115.422226][ T6519] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 115.519277][ T6533] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 115.606561][ T6542] netlink: 'syz.0.182': attribute type 8 has an invalid length. [ 117.185713][ T6597] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 118.187109][ T6618] __nla_validate_parse: 6 callbacks suppressed [ 118.187129][ T6618] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.207'. [ 118.214141][ T6619] netlink: 4 bytes leftover after parsing attributes in process `syz.4.208'. [ 118.590500][ T6626] ipt_ECN: cannot use operation on non-tcp rule [ 118.658834][ T6633] sctp: [Deprecated]: syz.1.215 (pid 6633) Use of struct sctp_assoc_value in delayed_ack socket option. [ 118.658834][ T6633] Use struct sctp_sack_info instead [ 118.765101][ T6639] syzkaller0: entered allmulticast mode [ 118.873020][ T6639] syzkaller0 (unregistering): left allmulticast mode [ 119.334557][ T6649] validate_nla: 2 callbacks suppressed [ 119.334577][ T6649] netlink: 'syz.3.218': attribute type 16 has an invalid length. [ 119.348653][ T6649] netlink: 'syz.3.218': attribute type 17 has an invalid length. [ 119.403900][ T6649] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 119.642368][ T6659] geneve1: entered promiscuous mode [ 119.654032][ T6659] geneve1: entered allmulticast mode [ 119.717852][ T6661] netlink: 60 bytes leftover after parsing attributes in process `syz.2.221'. [ 119.772890][ T6654] netlink: 60 bytes leftover after parsing attributes in process `syz.2.221'. [ 119.806741][ T6659] syz.1.223 (6659) used greatest stack depth: 19720 bytes left [ 119.978406][ T6667] netlink: 56 bytes leftover after parsing attributes in process `syz.1.225'. [ 120.012573][ T6664] netlink: 28 bytes leftover after parsing attributes in process `syz.0.224'. [ 120.044406][ T6664] netlink: 28 bytes leftover after parsing attributes in process `syz.0.224'. [ 120.660884][ T6690] netlink: 36 bytes leftover after parsing attributes in process `syz.0.233'. [ 121.068358][ T6701] netlink: 60 bytes leftover after parsing attributes in process `syz.0.236'. [ 121.119592][ T6700] netlink: 60 bytes leftover after parsing attributes in process `syz.0.236'. [ 121.315441][ T6710] netlink: 'syz.2.237': attribute type 16 has an invalid length. [ 121.323440][ T6710] netlink: 'syz.2.237': attribute type 17 has an invalid length. [ 121.341527][ T6710] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 121.626745][ T6716] sctp: [Deprecated]: syz.4.241 (pid 6716) Use of struct sctp_assoc_value in delayed_ack socket option. [ 121.626745][ T6716] Use struct sctp_sack_info instead [ 122.173276][ T6738] netlink: 'syz.0.248': attribute type 1 has an invalid length. [ 122.206464][ T6738] netlink: 'syz.0.248': attribute type 2 has an invalid length. [ 122.344501][ T6733] syz.1.247 (6733) used greatest stack depth: 17992 bytes left [ 122.592382][ T6752] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check. [ 122.632176][ T6758] sctp: [Deprecated]: syz.4.255 (pid 6758) Use of struct sctp_assoc_value in delayed_ack socket option. [ 122.632176][ T6758] Use struct sctp_sack_info instead [ 122.731835][ T6754] batadv1: entered promiscuous mode [ 122.836441][ T6761] team0: Device ip6tnl1 is of different type [ 123.100107][ T6771] netlink: 'syz.1.259': attribute type 16 has an invalid length. [ 123.108021][ T6771] netlink: 'syz.1.259': attribute type 17 has an invalid length. [ 123.144018][ T6771] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 123.346763][ T6782] netlink: 'syz.2.264': attribute type 1 has an invalid length. [ 123.356277][ T6783] __nla_validate_parse: 5 callbacks suppressed [ 123.356294][ T6783] netlink: 60 bytes leftover after parsing attributes in process `syz.3.262'. [ 123.357464][ T6782] netlink: 'syz.2.264': attribute type 2 has an invalid length. [ 123.365436][ T6777] netlink: 60 bytes leftover after parsing attributes in process `syz.3.262'. [ 123.448167][ T6782] netlink: 28 bytes leftover after parsing attributes in process `syz.2.264'. [ 123.457431][ T6786] netlink: 8 bytes leftover after parsing attributes in process `syz.0.265'. [ 123.457585][ T6786] netlink: 4 bytes leftover after parsing attributes in process `syz.0.265'. [ 123.572562][ T6788] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x1 [ 123.655581][ T6790] sctp: [Deprecated]: syz.0.267 (pid 6790) Use of struct sctp_assoc_value in delayed_ack socket option. [ 123.655581][ T6790] Use struct sctp_sack_info instead [ 123.804057][ T6793] pim6reg: entered allmulticast mode [ 123.937277][ T6801] netlink: 4 bytes leftover after parsing attributes in process `syz.0.270'. [ 124.420710][ T6801] bridge_slave_1: left allmulticast mode [ 124.445763][ T6801] bridge_slave_1: left promiscuous mode [ 124.452035][ T6801] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.476873][ T6801] bridge_slave_0: left allmulticast mode [ 124.499356][ T6801] bridge_slave_0: left promiscuous mode [ 124.512148][ T6801] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.771419][ T6826] netlink: 60 bytes leftover after parsing attributes in process `syz.4.276'. [ 124.789515][ T6825] netlink: 60 bytes leftover after parsing attributes in process `syz.4.276'. [ 124.936722][ T6829] netlink: 'syz.3.279': attribute type 1 has an invalid length. [ 124.944738][ T6829] netlink: 'syz.3.279': attribute type 2 has an invalid length. [ 125.097445][ T6835] sctp: [Deprecated]: syz.4.280 (pid 6835) Use of struct sctp_assoc_value in delayed_ack socket option. [ 125.097445][ T6835] Use struct sctp_sack_info instead [ 125.363751][ T6845] netlink: 'syz.3.281': attribute type 16 has an invalid length. [ 125.372703][ T6845] netlink: 'syz.3.281': attribute type 17 has an invalid length. [ 125.421642][ T6845] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 125.817991][ T6861] netlink: 4 bytes leftover after parsing attributes in process `syz.1.289'. [ 125.838794][ T6862] netlink: 60 bytes leftover after parsing attributes in process `syz.0.290'. [ 125.865466][ T6864] netlink: 'syz.4.291': attribute type 1 has an invalid length. [ 125.890214][ T5845] Bluetooth: hci2: command tx timeout [ 125.918442][ T6864] netlink: 'syz.4.291': attribute type 2 has an invalid length. [ 126.196599][ T6873] sctp: [Deprecated]: syz.3.295 (pid 6873) Use of struct sctp_assoc_value in delayed_ack socket option. [ 126.196599][ T6873] Use struct sctp_sack_info instead [ 127.111297][ T6900] netlink: 'syz.1.304': attribute type 1 has an invalid length. [ 127.171467][ T6900] netlink: 'syz.1.304': attribute type 2 has an invalid length. [ 127.265999][ T5845] Bluetooth: hci4: command 0x0405 tx timeout [ 127.301089][ T6907] netlink: 'syz.3.305': attribute type 16 has an invalid length. [ 127.326611][ T6907] netlink: 'syz.3.305': attribute type 17 has an invalid length. [ 127.393840][ T6907] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 128.324044][ T6929] FAULT_INJECTION: forcing a failure. [ 128.324044][ T6929] name failslab, interval 1, probability 0, space 0, times 0 [ 128.374438][ T6929] CPU: 0 UID: 0 PID: 6929 Comm: syz.0.313 Not tainted 6.16.0-rc1-syzkaller-00413-gfc4842cd0f11 #0 PREEMPT(full) [ 128.374468][ T6929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 128.374480][ T6929] Call Trace: [ 128.374488][ T6929] [ 128.374497][ T6929] dump_stack_lvl+0x189/0x250 [ 128.374534][ T6929] ? __pfx____ratelimit+0x10/0x10 [ 128.374566][ T6929] ? __pfx_dump_stack_lvl+0x10/0x10 [ 128.374598][ T6929] ? __pfx__printk+0x10/0x10 [ 128.374627][ T6929] ? __pfx___might_resched+0x10/0x10 [ 128.374658][ T6929] ? fs_reclaim_acquire+0x7d/0x100 [ 128.374687][ T6929] should_fail_ex+0x414/0x560 [ 128.374719][ T6929] should_failslab+0xa8/0x100 [ 128.374744][ T6929] kmem_cache_alloc_noprof+0x73/0x3c0 [ 128.374776][ T6929] ? __pmd_alloc+0xc6/0x3b0 [ 128.374811][ T6929] __pmd_alloc+0xc6/0x3b0 [ 128.374847][ T6929] __handle_mm_fault+0xa63/0x5620 [ 128.374887][ T6929] ? mt_find+0x46f/0x5f0 [ 128.374917][ T6929] ? __pfx___handle_mm_fault+0x10/0x10 [ 128.374968][ T6929] ? find_vma+0xe7/0x160 [ 128.374986][ T6929] ? __pfx_find_vma+0x10/0x10 [ 128.375010][ T6929] handle_mm_fault+0x40a/0x8e0 [ 128.375054][ T6929] do_user_addr_fault+0x764/0x1390 [ 128.375099][ T6929] exc_page_fault+0x76/0xf0 [ 128.375128][ T6929] ? __might_fault+0xb0/0x130 [ 128.375149][ T6929] asm_exc_page_fault+0x26/0x30 [ 128.375168][ T6929] RIP: 0010:__get_user_4+0x14/0x20 [ 128.375194][ T6929] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca e9 40 f0 03 00 90 90 90 90 90 90 90 90 90 90 [ 128.375216][ T6929] RSP: 0018:ffffc9000b467d40 EFLAGS: 00050287 [ 128.375235][ T6929] RAX: 0000200000000300 RBX: 0000200000000300 RCX: 29a370985ef93c00 [ 128.375249][ T6929] RDX: 00007ffffffff000 RSI: ffffffff8db6fa5c RDI: ffffffff8be28300 [ 128.375264][ T6929] RBP: 000000000000000c R08: 0000000000000000 R09: ffffffff820c4de0 [ 128.375276][ T6929] R10: ffffc9000b467dc0 R11: ffffffff898c2250 R12: 1ffff9200168cfb4 [ 128.375291][ T6929] R13: 000000000000000c R14: 0000000000000000 R15: ffffc9000b467dc0 [ 128.375309][ T6929] ? __pfx_netlink_getname+0x10/0x10 [ 128.375334][ T6929] ? __might_fault+0xb0/0x130 [ 128.375367][ T6929] move_addr_to_user+0x4b/0x200 [ 128.375402][ T6929] __sys_getpeername+0x1c6/0x270 [ 128.375431][ T6929] ? __pfx___sys_getpeername+0x10/0x10 [ 128.375473][ T6929] ? __pfx_ksys_write+0x10/0x10 [ 128.375489][ T6929] ? rcu_is_watching+0x15/0xb0 [ 128.375530][ T6929] __x64_sys_getpeername+0x7b/0x90 [ 128.375557][ T6929] do_syscall_64+0xfa/0x3b0 [ 128.375576][ T6929] ? lockdep_hardirqs_on+0x9c/0x150 [ 128.375607][ T6929] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.375626][ T6929] ? clear_bhb_loop+0x60/0xb0 [ 128.375652][ T6929] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.375671][ T6929] RIP: 0033:0x7fadf9b8e929 [ 128.375688][ T6929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.375704][ T6929] RSP: 002b:00007fadfaae3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000034 [ 128.375723][ T6929] RAX: ffffffffffffffda RBX: 00007fadf9db5fa0 RCX: 00007fadf9b8e929 [ 128.375737][ T6929] RDX: 0000200000000300 RSI: 0000000000000000 RDI: 0000000000000003 [ 128.375749][ T6929] RBP: 00007fadfaae3090 R08: 0000000000000000 R09: 0000000000000000 [ 128.375761][ T6929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.375772][ T6929] R13: 0000000000000000 R14: 00007fadf9db5fa0 R15: 00007ffec04ec858 [ 128.375805][ T6929] [ 128.799565][ T6936] sctp: [Deprecated]: syz.2.315 (pid 6936) Use of struct sctp_assoc_value in delayed_ack socket option. [ 128.799565][ T6936] Use struct sctp_sack_info instead [ 128.820443][ T6939] __nla_validate_parse: 3 callbacks suppressed [ 128.820463][ T6939] netlink: 60 bytes leftover after parsing attributes in process `syz.3.316'. [ 128.890663][ T6938] netlink: 60 bytes leftover after parsing attributes in process `syz.3.316'. [ 129.484492][ T6958] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 129.966469][ T6975] FAULT_INJECTION: forcing a failure. [ 129.966469][ T6975] name failslab, interval 1, probability 0, space 0, times 0 [ 129.979245][ T6975] CPU: 1 UID: 0 PID: 6975 Comm: syz.0.326 Not tainted 6.16.0-rc1-syzkaller-00413-gfc4842cd0f11 #0 PREEMPT(full) [ 129.979272][ T6975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.979285][ T6975] Call Trace: [ 129.979292][ T6975] [ 129.979300][ T6975] dump_stack_lvl+0x189/0x250 [ 129.979339][ T6975] ? __pfx____ratelimit+0x10/0x10 [ 129.979371][ T6975] ? __pfx_dump_stack_lvl+0x10/0x10 [ 129.979403][ T6975] ? __pfx__printk+0x10/0x10 [ 129.979429][ T6975] ? __lock_acquire+0xab9/0xd20 [ 129.979467][ T6975] should_fail_ex+0x414/0x560 [ 129.979505][ T6975] should_failslab+0xa8/0x100 [ 129.979529][ T6975] kmem_cache_alloc_noprof+0x73/0x3c0 [ 129.979562][ T6975] ? batadv_tt_local_event+0x53/0x650 [ 129.979595][ T6975] batadv_tt_local_event+0x53/0x650 [ 129.979623][ T6975] ? batadv_hash_add+0x4f2/0x640 [ 129.979680][ T6975] batadv_tt_local_add+0x3ac/0x1a90 [ 129.979733][ T6975] ? __pfx_batadv_tt_local_add+0x10/0x10 [ 129.979766][ T6975] ? batadv_get_vid+0x183/0x2b0 [ 129.979792][ T6975] batadv_interface_tx+0x7c0/0x14c0 [ 129.979827][ T6975] ? __pfx_batadv_interface_tx+0x10/0x10 [ 129.979849][ T6975] ? __pfx_validate_xmit_skb+0x10/0x10 [ 129.979891][ T6975] ? __dev_direct_xmit+0x31a/0x740 [ 129.979922][ T6975] __dev_direct_xmit+0x4a3/0x740 [ 129.979958][ T6975] ? __pfx___dev_direct_xmit+0x10/0x10 [ 129.979991][ T6975] ? netdev_pick_tx+0x7d5/0xc30 [ 129.980026][ T6975] ? netdev_pick_tx+0x4ed/0xc30 [ 129.980064][ T6975] packet_xmit+0x1b4/0x330 [ 129.980089][ T6975] packet_sendmsg+0x41b7/0x53f0 [ 129.980134][ T6975] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 129.980182][ T6975] ? __pfx___might_resched+0x10/0x10 [ 129.980244][ T6975] ? __pfx_packet_sendmsg+0x10/0x10 [ 129.980272][ T6975] ? aa_sk_perm+0x81e/0x950 [ 129.980304][ T6975] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 129.980342][ T6975] ? __lock_acquire+0xab9/0xd20 [ 129.980369][ T6975] ? aa_sock_msg_perm+0x94/0x160 [ 129.980399][ T6975] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 129.980426][ T6975] ? __pfx_packet_sendmsg+0x10/0x10 [ 129.980455][ T6975] __sock_sendmsg+0x21c/0x270 [ 129.980481][ T6975] ____sys_sendmsg+0x52d/0x830 [ 129.980526][ T6975] ? __pfx_____sys_sendmsg+0x10/0x10 [ 129.980566][ T6975] ? import_iovec+0x74/0xa0 [ 129.980592][ T6975] ___sys_sendmsg+0x21f/0x2a0 [ 129.980625][ T6975] ? __pfx____sys_sendmsg+0x10/0x10 [ 129.980696][ T6975] ? __fget_files+0x2a/0x420 [ 129.980719][ T6975] ? __fget_files+0x3a0/0x420 [ 129.980755][ T6975] __sys_sendmmsg+0x227/0x430 [ 129.980791][ T6975] ? __pfx___sys_sendmmsg+0x10/0x10 [ 129.980819][ T6975] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 129.980870][ T6975] ? ksys_write+0x22a/0x250 [ 129.980892][ T6975] ? __pfx_ksys_write+0x10/0x10 [ 129.980909][ T6975] ? rcu_is_watching+0x15/0xb0 [ 129.980948][ T6975] __x64_sys_sendmmsg+0xa0/0xc0 [ 129.980982][ T6975] do_syscall_64+0xfa/0x3b0 [ 129.981001][ T6975] ? lockdep_hardirqs_on+0x9c/0x150 [ 129.981032][ T6975] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.981053][ T6975] ? clear_bhb_loop+0x60/0xb0 [ 129.981078][ T6975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.981099][ T6975] RIP: 0033:0x7fadf9b8e929 [ 129.981118][ T6975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.981135][ T6975] RSP: 002b:00007fadfaae3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 129.981157][ T6975] RAX: ffffffffffffffda RBX: 00007fadf9db5fa0 RCX: 00007fadf9b8e929 [ 129.981173][ T6975] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 0000000000000011 [ 129.981186][ T6975] RBP: 00007fadfaae3090 R08: 0000000000000000 R09: 0000000000000000 [ 129.981199][ T6975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 129.981211][ T6975] R13: 0000000000000000 R14: 00007fadf9db5fa0 R15: 00007ffec04ec858 [ 129.981244][ T6975] [ 130.667658][ T6984] netlink: 60 bytes leftover after parsing attributes in process `syz.4.329'. [ 130.696002][ T6986] validate_nla: 4 callbacks suppressed [ 130.696022][ T6986] netlink: 'syz.2.331': attribute type 1 has an invalid length. [ 130.731341][ T6986] netlink: 'syz.2.331': attribute type 2 has an invalid length. [ 130.745930][ T6982] netlink: 60 bytes leftover after parsing attributes in process `syz.4.329'. [ 130.787085][ T6989] FAULT_INJECTION: forcing a failure. [ 130.787085][ T6989] name failslab, interval 1, probability 0, space 0, times 0 [ 130.839256][ T6989] CPU: 1 UID: 0 PID: 6989 Comm: syz.3.334 Not tainted 6.16.0-rc1-syzkaller-00413-gfc4842cd0f11 #0 PREEMPT(full) [ 130.839286][ T6989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 130.839298][ T6989] Call Trace: [ 130.839307][ T6989] [ 130.839316][ T6989] dump_stack_lvl+0x189/0x250 [ 130.839354][ T6989] ? __pfx____ratelimit+0x10/0x10 [ 130.839388][ T6989] ? __pfx_dump_stack_lvl+0x10/0x10 [ 130.839430][ T6989] ? __pfx__printk+0x10/0x10 [ 130.839461][ T6989] ? __pfx___might_resched+0x10/0x10 [ 130.839499][ T6989] should_fail_ex+0x414/0x560 [ 130.839532][ T6989] should_failslab+0xa8/0x100 [ 130.839557][ T6989] __kmalloc_noprof+0xcb/0x4f0 [ 130.839577][ T6989] ? sock_kmalloc+0xd6/0x160 [ 130.839614][ T6989] sock_kmalloc+0xd6/0x160 [ 130.839649][ T6989] af_alg_alloc_areq+0x8d/0x260 [ 130.839679][ T6989] skcipher_recvmsg+0x356/0x11c0 [ 130.839712][ T6989] ? aa_sk_perm+0x81e/0x950 [ 130.839751][ T6989] ? __pfx_skcipher_recvmsg+0x10/0x10 [ 130.839784][ T6989] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 130.839810][ T6989] ? security_socket_recvmsg+0x7e/0x2e0 [ 130.839842][ T6989] ? __pfx_skcipher_recvmsg+0x10/0x10 [ 130.839872][ T6989] sock_recvmsg+0x22c/0x270 [ 130.839900][ T6989] __sys_recvfrom+0x1f6/0x340 [ 130.839931][ T6989] ? __pfx___sys_recvfrom+0x10/0x10 [ 130.839972][ T6989] ? count_memcg_event_mm+0x21/0x260 [ 130.840018][ T6989] ? exc_page_fault+0x76/0xf0 [ 130.840054][ T6989] ? do_user_addr_fault+0xc8a/0x1390 [ 130.840087][ T6989] __x64_sys_recvfrom+0xde/0x100 [ 130.840117][ T6989] do_syscall_64+0xfa/0x3b0 [ 130.840136][ T6989] ? lockdep_hardirqs_on+0x9c/0x150 [ 130.840167][ T6989] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.840187][ T6989] ? clear_bhb_loop+0x60/0xb0 [ 130.840213][ T6989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.840233][ T6989] RIP: 0033:0x7f45ad5906f4 [ 130.840251][ T6989] Code: 89 4c 24 1c e8 ed 5f 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 60 02 00 48 8b 04 [ 130.840268][ T6989] RSP: 002b:00007f45ae42aed0 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 130.840289][ T6989] RAX: ffffffffffffffda RBX: 00007f45ae42afc0 RCX: 00007f45ad5906f4 [ 130.840304][ T6989] RDX: 0000000000001000 RSI: 00007f45ae42b010 RDI: 0000000000000004 [ 130.840317][ T6989] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 130.840329][ T6989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 130.840340][ T6989] R13: 00007f45ae42af68 R14: 00007f45ae42b010 R15: 0000000000000000 [ 130.840373][ T6989] [ 131.271106][ T7003] netlink: 380 bytes leftover after parsing attributes in process `syz.2.336'. [ 131.477568][ T7015] openvswitch: netlink: Message has 1 unknown bytes. [ 131.521556][ T7018] netlink: 'syz.1.340': attribute type 16 has an invalid length. [ 131.522202][ T7013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.341'. [ 131.529794][ T7018] netlink: 'syz.1.340': attribute type 17 has an invalid length. [ 131.588596][ T7018] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 131.853427][ T7027] sctp: [Deprecated]: syz.2.348 (pid 7027) Use of int in max_burst socket option deprecated. [ 131.853427][ T7027] Use struct sctp_assoc_value instead [ 131.894439][ T7028] netlink: 4 bytes leftover after parsing attributes in process `syz.0.347'. [ 131.913312][ T7029] netlink: 'syz.4.346': attribute type 1 has an invalid length. [ 131.953327][ T7029] netlink: 'syz.4.346': attribute type 2 has an invalid length. [ 131.968959][ T7035] netlink: 56 bytes leftover after parsing attributes in process `syz.3.349'. [ 132.090113][ T7039] Bluetooth: MGMT ver 1.23 [ 132.403482][ T7050] netlink: 8 bytes leftover after parsing attributes in process `syz.3.355'. [ 132.638883][ T7054] tipc: Started in network mode [ 132.645500][ T7054] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 132.660508][ T7054] tipc: Enabling of bearer rejected, failed to enable media [ 132.702967][ T7058] netlink: 8 bytes leftover after parsing attributes in process `syz.0.359'. [ 133.007439][ T7070] netlink: 'syz.0.363': attribute type 1 has an invalid length. [ 133.024266][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.038275][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.049240][ T7070] netlink: 'syz.0.363': attribute type 2 has an invalid length. [ 133.228320][ T7078] netlink: 'syz.2.364': attribute type 16 has an invalid length. [ 133.236550][ T7078] netlink: 'syz.2.364': attribute type 17 has an invalid length. [ 133.283336][ T7078] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 134.184255][ T7106] __nla_validate_parse: 3 callbacks suppressed [ 134.184274][ T7106] netlink: 104 bytes leftover after parsing attributes in process `syz.0.377'. [ 134.224150][ T7111] netlink: 60 bytes leftover after parsing attributes in process `syz.3.376'. [ 134.237833][ T7103] netlink: 60 bytes leftover after parsing attributes in process `syz.3.376'. [ 134.374678][ T7114] netlink: 12 bytes leftover after parsing attributes in process `syz.4.379'. [ 134.393564][ T7115] netlink: 52 bytes leftover after parsing attributes in process `syz.0.380'. [ 134.575004][ T7123] wireguard0: entered promiscuous mode [ 134.589395][ T7123] wireguard0: entered allmulticast mode [ 135.143490][ T7144] tipc: Started in network mode [ 135.148429][ T7144] tipc: Node identity fec0ffffffffffff0000000000000001, cluster identity 4711 [ 135.169307][ T7144] tipc: Enabling of bearer rejected, failed to enable media [ 135.220903][ T7146] netlink: 8 bytes leftover after parsing attributes in process `syz.3.388'. [ 135.238527][ T7127] syz.0.380: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 135.253106][ T7146] netlink: 4 bytes leftover after parsing attributes in process `syz.3.388'. [ 135.294486][ T7127] CPU: 1 UID: 0 PID: 7127 Comm: syz.0.380 Not tainted 6.16.0-rc1-syzkaller-00413-gfc4842cd0f11 #0 PREEMPT(full) [ 135.294517][ T7127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 135.294529][ T7127] Call Trace: [ 135.294536][ T7127] [ 135.294544][ T7127] dump_stack_lvl+0x189/0x250 [ 135.294581][ T7127] ? __pfx_dump_stack_lvl+0x10/0x10 [ 135.294611][ T7127] ? __pfx__printk+0x10/0x10 [ 135.294630][ T7127] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 135.294650][ T7127] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 135.294673][ T7127] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 135.294698][ T7127] warn_alloc+0x214/0x310 [ 135.294726][ T7127] ? __pfx_warn_alloc+0x10/0x10 [ 135.294756][ T7127] ? __get_vm_area_node+0x28f/0x300 [ 135.294776][ T7127] ? hash_ipmark_create+0x3e6/0x1080 [ 135.294798][ T7127] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 135.294819][ T7127] ? do_syscall_64+0xfa/0x3b0 [ 135.294867][ T7127] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 135.294893][ T7127] ? rcu_is_watching+0x15/0xb0 [ 135.294934][ T7127] ? hash_ipmark_create+0x3e6/0x1080 [ 135.294955][ T7127] ? hash_ipmark_create+0x3e6/0x1080 [ 135.294977][ T7127] __kvmalloc_node_noprof+0x3b8/0x5f0 [ 135.295001][ T7127] ? hash_ipmark_create+0x3e6/0x1080 [ 135.295022][ T7127] ? hash_ipmark_create+0x387/0x1080 [ 135.295048][ T7127] hash_ipmark_create+0x3e6/0x1080 [ 135.295087][ T7127] ? __nla_parse+0x40/0x60 [ 135.295118][ T7127] ? __pfx_hash_ipmark_create+0x10/0x10 [ 135.295142][ T7127] ip_set_create+0xa97/0x1940 [ 135.295177][ T7127] ? ip_set_create+0x4a2/0x1940 [ 135.295223][ T7127] ? __pfx_ip_set_create+0x10/0x10 [ 135.295300][ T7127] nfnetlink_rcv_msg+0xb4a/0x1130 [ 135.295336][ T7127] ? nfnetlink_rcv_msg+0x20d/0x1130 [ 135.295391][ T7127] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 135.295422][ T7127] ? kasan_save_free_info+0x46/0x50 [ 135.295506][ T7127] netlink_rcv_skb+0x205/0x470 [ 135.295533][ T7127] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 135.295568][ T7127] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 135.295608][ T7127] ? bpf_lsm_capable+0x9/0x20 [ 135.295627][ T7127] ? security_capable+0x7e/0x2e0 [ 135.295663][ T7127] nfnetlink_rcv+0x26a/0x2520 [ 135.295701][ T7127] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 135.295738][ T7127] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 135.295775][ T7127] ? __dev_queue_xmit+0x27e/0x3a70 [ 135.295809][ T7127] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.295844][ T7127] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 135.295877][ T7127] ? __pfx___dev_queue_xmit+0x10/0x10 [ 135.295933][ T7127] ? ref_tracker_free+0x63a/0x7d0 [ 135.295960][ T7127] ? __copy_skb_header+0xa7/0x550 [ 135.295994][ T7127] ? __pfx_ref_tracker_free+0x10/0x10 [ 135.296022][ T7127] ? __skb_clone+0x63/0x7a0 [ 135.296058][ T7127] ? __skb_clone+0x483/0x7a0 [ 135.296098][ T7127] ? skb_clone+0x246/0x3a0 [ 135.296134][ T7127] ? __netlink_deliver_tap+0x807/0x850 [ 135.296160][ T7127] ? netlink_deliver_tap+0x2e/0x1b0 [ 135.296193][ T7127] ? netlink_deliver_tap+0x2e/0x1b0 [ 135.296218][ T7127] ? netlink_deliver_tap+0x2e/0x1b0 [ 135.296250][ T7127] netlink_unicast+0x758/0x8d0 [ 135.296293][ T7127] netlink_sendmsg+0x805/0xb30 [ 135.296330][ T7127] ? __pfx_netlink_sendmsg+0x10/0x10 [ 135.296360][ T7127] ? aa_sock_msg_perm+0x94/0x160 [ 135.296390][ T7127] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 135.296417][ T7127] ? __pfx_netlink_sendmsg+0x10/0x10 [ 135.296445][ T7127] __sock_sendmsg+0x21c/0x270 [ 135.296471][ T7127] ____sys_sendmsg+0x505/0x830 [ 135.296508][ T7127] ? __pfx_____sys_sendmsg+0x10/0x10 [ 135.296550][ T7127] ? import_iovec+0x74/0xa0 [ 135.296576][ T7127] ___sys_sendmsg+0x21f/0x2a0 [ 135.296609][ T7127] ? __pfx____sys_sendmsg+0x10/0x10 [ 135.296682][ T7127] ? __fget_files+0x2a/0x420 [ 135.296704][ T7127] ? __fget_files+0x3a0/0x420 [ 135.296737][ T7127] __x64_sys_sendmsg+0x19b/0x260 [ 135.296770][ T7127] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 135.296811][ T7127] ? rcu_is_watching+0x15/0xb0 [ 135.296852][ T7127] ? do_syscall_64+0xbe/0x3b0 [ 135.296877][ T7127] do_syscall_64+0xfa/0x3b0 [ 135.296897][ T7127] ? lockdep_hardirqs_on+0x9c/0x150 [ 135.296936][ T7127] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.296957][ T7127] ? clear_bhb_loop+0x60/0xb0 [ 135.296985][ T7127] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.297005][ T7127] RIP: 0033:0x7fadf9b8e929 [ 135.297030][ T7127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.297049][ T7127] RSP: 002b:00007fadfaa80038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 135.297072][ T7127] RAX: ffffffffffffffda RBX: 00007fadf9db6240 RCX: 00007fadf9b8e929 [ 135.297087][ T7127] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 000000000000000c [ 135.297105][ T7127] RBP: 00007fadf9c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 135.297118][ T7127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 135.297130][ T7127] R13: 0000000000000000 R14: 00007fadf9db6240 R15: 00007ffec04ec858 [ 135.297164][ T7127] [ 135.784213][ T7127] Mem-Info: [ 135.788261][ T7127] active_anon:5357 inactive_anon:0 isolated_anon:0 [ 135.788261][ T7127] active_file:1464 inactive_file:39844 isolated_file:0 [ 135.788261][ T7127] unevictable:768 dirty:264 writeback:0 [ 135.788261][ T7127] slab_reclaimable:10100 slab_unreclaimable:99179 [ 135.788261][ T7127] mapped:30590 shmem:1363 pagetables:1139 [ 135.788261][ T7127] sec_pagetables:0 bounce:0 [ 135.788261][ T7127] kernel_misc_reclaimable:0 [ 135.788261][ T7127] free:1335170 free_pcp:12758 free_cma:0 [ 135.840022][ T7144] netlink: 4 bytes leftover after parsing attributes in process `syz.4.387'. [ 135.848871][ T7144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 135.876198][ T7127] Node 0 active_anon:21428kB inactive_anon:0kB active_file:5856kB inactive_file:159176kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:122260kB dirty:1048kB writeback:0kB shmem:3916kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11556kB pagetables:4520kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 135.919092][ T7149] xt_TPROXY: Can be used only with -p tcp or -p udp [ 135.946839][ T7150] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x1 [ 135.981149][ T7144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 136.041093][ T7127] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 136.074459][ T7127] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 136.103433][ T7127] lowmem_reserve[]: 0 2501 2502 2502 2502 [ 136.104830][ T7144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 136.127803][ T7127] Node 0 DMA32 free:1412988kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:21468kB inactive_anon:0kB active_file:5856kB inactive_file:157336kB unevictable:1536kB writepending:1048kB present:3129332kB managed:2561036kB mlocked:0kB bounce:0kB free_pcp:43516kB local_pcp:25884kB free_cma:0kB [ 136.190678][ T7153] netlink: 12 bytes leftover after parsing attributes in process `syz.3.392'. [ 136.198249][ T7144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 136.206975][ T7127] lowmem_reserve[]: 0 0 1 1 1 [ 136.233829][ T7127] Node 0 Normal free:4kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1840kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 136.263139][ T7127] lowmem_reserve[]: 0 0 0 0 0 [ 136.269715][ T7127] Node 1 Normal free:3908456kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:8kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:15616kB local_pcp:9728kB free_cma:0kB [ 136.301621][ T7127] lowmem_reserve[]: 0 0 0 0 0 [ 136.306545][ T7127] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 136.319602][ T7127] Node 0 DMA32: 507*4kB (ME) 334*8kB (ME) 182*16kB (UME) 162*32kB (UME) 120*64kB (UME) 45*128kB (UME) 13*256kB (UM) 22*512kB (UME) 10*1024kB (UME) 3*2048kB (UM) 331*4096kB (UM) = 1412988kB [ 136.328439][ T7157] netlink: 60 bytes leftover after parsing attributes in process `syz.1.391'. [ 136.338908][ T7127] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 136.361471][ T7127] Node 1 Normal: 198*4kB (UME) 46*8kB (UME) 52*16kB (UME) 83*32kB (UME) 23*64kB (UME) 11*128kB (UME) 4*256kB (UM) 3*512kB (UM) 1*1024kB (M) 1*2048kB (U) 951*4096kB (ME) = 3908456kB [ 136.449626][ T7127] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 136.511867][ T7127] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 136.536511][ T7163] xt_hashlimit: max too large, truncated to 1048576 [ 136.551367][ T7127] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 136.588175][ T7127] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 136.618786][ T7127] 42667 total pagecache pages [ 136.643708][ T7127] 0 pages in swap cache [ 136.681069][ T7127] Free swap = 124996kB [ 136.697588][ T7127] Total swap = 124996kB [ 136.713074][ T7127] 2097051 pages RAM [ 136.721540][ T7127] 0 pages HighMem/MovableOnly [ 136.735305][ T7127] 424686 pages reserved [ 136.747355][ T7127] 0 pages cma reserved [ 136.860466][ T7175] FAULT_INJECTION: forcing a failure. [ 136.860466][ T7175] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 136.886958][ T7175] CPU: 0 UID: 0 PID: 7175 Comm: syz.1.399 Not tainted 6.16.0-rc1-syzkaller-00413-gfc4842cd0f11 #0 PREEMPT(full) [ 136.886989][ T7175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 136.887002][ T7175] Call Trace: [ 136.887011][ T7175] [ 136.887020][ T7175] dump_stack_lvl+0x189/0x250 [ 136.887065][ T7175] ? __pfx____ratelimit+0x10/0x10 [ 136.887098][ T7175] ? __pfx_dump_stack_lvl+0x10/0x10 [ 136.887132][ T7175] ? __pfx__printk+0x10/0x10 [ 136.887156][ T7175] ? __might_fault+0xb0/0x130 [ 136.887189][ T7175] should_fail_ex+0x414/0x560 [ 136.887222][ T7175] _copy_from_iter+0x1db/0x16f0 [ 136.887258][ T7175] ? sock_alloc_send_pskb+0x875/0x990 [ 136.887298][ T7175] ? __pfx__copy_from_iter+0x10/0x10 [ 136.887339][ T7175] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 136.887376][ T7175] skb_copy_datagram_from_iter+0xf5/0x720 [ 136.887412][ T7175] ? sk_psock_verdict_data_ready+0xcb/0x390 [ 136.887440][ T7175] ? skb_put+0x11b/0x210 [ 136.887472][ T7175] unix_stream_sendmsg+0x5a1/0xc90 [ 136.887518][ T7175] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 136.887553][ T7175] ? aa_sock_msg_perm+0x94/0x160 [ 136.887582][ T7175] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 136.887610][ T7175] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 136.887638][ T7175] __sock_sendmsg+0x21c/0x270 [ 136.887665][ T7175] ____sys_sendmsg+0x505/0x830 [ 136.887702][ T7175] ? __pfx_____sys_sendmsg+0x10/0x10 [ 136.887742][ T7175] ? import_iovec+0x74/0xa0 [ 136.887767][ T7175] ___sys_sendmsg+0x21f/0x2a0 [ 136.887800][ T7175] ? __pfx____sys_sendmsg+0x10/0x10 [ 136.887872][ T7175] ? __fget_files+0x2a/0x420 [ 136.887903][ T7175] ? __fget_files+0x3a0/0x420 [ 136.887939][ T7175] __x64_sys_sendmsg+0x19b/0x260 [ 136.887973][ T7175] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 136.888015][ T7175] ? __pfx_ksys_write+0x10/0x10 [ 136.888032][ T7175] ? rcu_is_watching+0x15/0xb0 [ 136.888070][ T7175] ? do_syscall_64+0xbe/0x3b0 [ 136.888095][ T7175] do_syscall_64+0xfa/0x3b0 [ 136.888114][ T7175] ? lockdep_hardirqs_on+0x9c/0x150 [ 136.888146][ T7175] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.888167][ T7175] ? clear_bhb_loop+0x60/0xb0 [ 136.888193][ T7175] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.888214][ T7175] RIP: 0033:0x7f8ffc98e929 [ 136.888233][ T7175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.888250][ T7175] RSP: 002b:00007f8ffd865038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 136.888272][ T7175] RAX: ffffffffffffffda RBX: 00007f8ffcbb5fa0 RCX: 00007f8ffc98e929 [ 136.888287][ T7175] RDX: 0000000000000003 RSI: 0000200000000980 RDI: 0000000000000003 [ 136.888300][ T7175] RBP: 00007f8ffd865090 R08: 0000000000000000 R09: 0000000000000000 [ 136.888312][ T7175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 136.888324][ T7175] R13: 0000000000000000 R14: 00007f8ffcbb5fa0 R15: 00007ffe1c008b68 [ 136.888357][ T7175] [ 137.679258][ T7200] validate_nla: 1 callbacks suppressed [ 137.679279][ T7200] netlink: 'syz.4.407': attribute type 1 has an invalid length. [ 137.712011][ T7200] netlink: 'syz.4.407': attribute type 2 has an invalid length. [ 138.092934][ T7212] netlink: 'syz.1.411': attribute type 1 has an invalid length. [ 138.185288][ T7212] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.280731][ T7218] bond0: (slave vlan2): making interface the new active one [ 138.290592][ T7218] bond0: (slave vlan2): Enslaving as an active interface with an up link [ 138.372069][ T7226] netlink: 'syz.0.414': attribute type 16 has an invalid length. [ 138.379951][ T7226] netlink: 'syz.0.414': attribute type 17 has an invalid length. [ 138.499240][ T7226] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 138.525547][ T7230] netlink: 'syz.1.417': attribute type 1 has an invalid length. [ 138.580081][ T7230] netlink: 'syz.1.417': attribute type 2 has an invalid length. [ 139.326280][ T7247] __nla_validate_parse: 14 callbacks suppressed [ 139.326305][ T7247] netlink: 8 bytes leftover after parsing attributes in process `syz.3.422'. [ 139.401203][ T7249] netlink: 14 bytes leftover after parsing attributes in process `syz.0.423'. [ 139.649448][ T7258] netlink: 20 bytes leftover after parsing attributes in process `syz.3.426'. [ 139.913853][ T7264] netlink: 8 bytes leftover after parsing attributes in process `syz.1.428'. [ 140.117469][ C1] Unknown status report in ack skb [ 140.535574][ T7281] netlink: 'syz.3.433': attribute type 16 has an invalid length. [ 140.544183][ T7281] netlink: 'syz.3.433': attribute type 17 has an invalid length. [ 140.563059][ T7281] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 140.600742][ T7280] netlink: 24 bytes leftover after parsing attributes in process `syz.4.434'. [ 140.733750][ T7283] FAULT_INJECTION: forcing a failure. [ 140.733750][ T7283] name failslab, interval 1, probability 0, space 0, times 0 [ 140.746865][ T7283] CPU: 1 UID: 0 PID: 7283 Comm: syz.4.435 Not tainted 6.16.0-rc1-syzkaller-00413-gfc4842cd0f11 #0 PREEMPT(full) [ 140.746896][ T7283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 140.746908][ T7283] Call Trace: [ 140.746917][ T7283] [ 140.746925][ T7283] dump_stack_lvl+0x189/0x250 [ 140.746965][ T7283] ? __pfx____ratelimit+0x10/0x10 [ 140.746999][ T7283] ? __pfx_dump_stack_lvl+0x10/0x10 [ 140.747033][ T7283] ? __pfx__printk+0x10/0x10 [ 140.747063][ T7283] ? __pfx___might_resched+0x10/0x10 [ 140.747094][ T7283] ? fs_reclaim_acquire+0x7d/0x100 [ 140.747124][ T7283] should_fail_ex+0x414/0x560 [ 140.747156][ T7283] should_failslab+0xa8/0x100 [ 140.747181][ T7283] kmem_cache_alloc_noprof+0x73/0x3c0 [ 140.747214][ T7283] ? create_new_namespaces+0x31/0x720 [ 140.747250][ T7283] create_new_namespaces+0x31/0x720 [ 140.747280][ T7283] ? apparmor_capable+0x137/0x1b0 [ 140.747316][ T7283] ? bpf_lsm_capable+0x9/0x20 [ 140.747335][ T7283] ? security_capable+0x7e/0x2e0 [ 140.747370][ T7283] unshare_nsproxy_namespaces+0x11c/0x170 [ 140.747406][ T7283] ksys_unshare+0x4c8/0x8c0 [ 140.747446][ T7283] ? __pfx_ksys_unshare+0x10/0x10 [ 140.747470][ T7283] ? __pfx_ksys_write+0x10/0x10 [ 140.747487][ T7283] ? rcu_is_watching+0x15/0xb0 [ 140.747543][ T7283] __x64_sys_unshare+0x38/0x50 [ 140.747565][ T7283] do_syscall_64+0xfa/0x3b0 [ 140.747584][ T7283] ? lockdep_hardirqs_on+0x9c/0x150 [ 140.747615][ T7283] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.747635][ T7283] ? clear_bhb_loop+0x60/0xb0 [ 140.747660][ T7283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.747680][ T7283] RIP: 0033:0x7f5960d8e929 [ 140.747699][ T7283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.747716][ T7283] RSP: 002b:00007f5961b84038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 140.747738][ T7283] RAX: ffffffffffffffda RBX: 00007f5960fb5fa0 RCX: 00007f5960d8e929 [ 140.747756][ T7283] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000062040200 [ 140.747769][ T7283] RBP: 00007f5961b84090 R08: 0000000000000000 R09: 0000000000000000 [ 140.747781][ T7283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.747792][ T7283] R13: 0000000000000001 R14: 00007f5960fb5fa0 R15: 00007fff7199bf48 [ 140.747824][ T7283] [ 141.461675][ T7293] netlink: 12 bytes leftover after parsing attributes in process `syz.4.439'. [ 141.681695][ T7304] SET target dimension over the limit! [ 141.888268][ T7310] sctp: [Deprecated]: syz.4.446 (pid 7310) Use of struct sctp_assoc_value in delayed_ack socket option. [ 141.888268][ T7310] Use struct sctp_sack_info instead [ 142.079773][ T7317] netlink: 4 bytes leftover after parsing attributes in process `syz.1.448'. [ 142.599678][ T7328] netlink: 'syz.4.451': attribute type 16 has an invalid length. [ 142.622273][ T7328] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 143.910464][ T7337] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 143.950573][ T7337] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 144.242516][ T7337] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.279122][ T7337] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.289686][ T7337] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.298820][ T7337] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.643803][ T7365] netlink: 8 bytes leftover after parsing attributes in process `syz.3.458'. [ 144.687586][ T7367] sctp: [Deprecated]: syz.4.459 (pid 7367) Use of struct sctp_assoc_value in delayed_ack socket option. [ 144.687586][ T7367] Use struct sctp_sack_info instead [ 144.952313][ T7372] tipc: Started in network mode [ 144.969254][ T7372] tipc: Node identity ac14140f, cluster identity 4711 [ 144.976732][ T7372] tipc: New replicast peer: 255.255.255.255 [ 144.990652][ T7372] tipc: Enabled bearer , priority 10 [ 145.071805][ T7376] bridge_slave_0: left allmulticast mode [ 145.078091][ T7376] bridge_slave_0: left promiscuous mode [ 145.093198][ T7376] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.108182][ T7376] bridge_slave_1: left allmulticast mode [ 145.115194][ T7376] bridge_slave_1: left promiscuous mode [ 145.122135][ T7376] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.144293][ T7376] bond0: (slave bond_slave_0): Releasing backup interface [ 145.158217][ T7376] bond0: (slave bond_slave_1): Releasing backup interface [ 145.181718][ T7376] team0: Port device team_slave_0 removed [ 145.196912][ T7376] team0: Port device team_slave_1 removed [ 145.215030][ T7377] netlink: 12 bytes leftover after parsing attributes in process `syz.0.461'. [ 145.229434][ T7377] tipc: Disabling bearer [ 145.527384][ C0] Unknown status report in ack skb [ 145.729233][ T7397] netlink: 12 bytes leftover after parsing attributes in process `syz.4.468'. [ 145.762728][ T7391] validate_nla: 1 callbacks suppressed [ 145.762751][ T7391] netlink: 'syz.0.467': attribute type 13 has an invalid length. [ 145.789385][ T7391] netlink: 'syz.0.467': attribute type 17 has an invalid length. [ 146.089593][ T7391] 8021q: adding VLAN 0 to HW filter on device team0 [ 146.136033][ T7410] sctp: [Deprecated]: syz.1.473 (pid 7410) Use of struct sctp_assoc_value in delayed_ack socket option. [ 146.136033][ T7410] Use struct sctp_sack_info instead [ 146.184577][ T7391] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 146.221539][ T7400] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check. [ 146.274964][ T2958] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 146.551149][ T7415] veth1_to_bond: entered allmulticast mode [ 146.570402][ T7415] netlink: 4 bytes leftover after parsing attributes in process `syz.1.475'. [ 146.608569][ T7417] bridge_slave_0: left allmulticast mode [ 146.637150][ T7417] bridge_slave_0: left promiscuous mode [ 146.656896][ T7417] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.674971][ T7417] bridge_slave_1: left allmulticast mode [ 146.683536][ T7417] bridge_slave_1: left promiscuous mode [ 146.731366][ T7417] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.809699][ T7417] team0: Port device team_slave_0 removed [ 146.837644][ T7417] team0: Port device team_slave_1 removed [ 146.847460][ T7417] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 146.856937][ T7417] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 146.892971][ T7417] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 146.931394][ T7417] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 146.978486][ T7417] bond0: (slave bridge2): Releasing backup interface [ 146.992916][ T7417] bridge2: left promiscuous mode [ 147.003963][ T7432] netlink: 12 bytes leftover after parsing attributes in process `syz.3.482'. [ 147.103754][ T7415] veth1_to_bond (unregistering): left allmulticast mode [ 147.399835][ T7445] sctp: [Deprecated]: syz.4.486 (pid 7445) Use of struct sctp_assoc_value in delayed_ack socket option. [ 147.399835][ T7445] Use struct sctp_sack_info instead [ 147.588438][ T7450] netlink: 104 bytes leftover after parsing attributes in process `syz.1.488'. [ 147.845267][ T7457] netlink: 48 bytes leftover after parsing attributes in process `syz.1.491'. [ 148.112688][ T7465] netlink: 12 bytes leftover after parsing attributes in process `syz.4.494'. [ 148.291550][ T7471] sctp: [Deprecated]: syz.2.497 (pid 7471) Use of struct sctp_assoc_value in delayed_ack socket option. [ 148.291550][ T7471] Use struct sctp_sack_info instead [ 148.982933][ T7496] netlink: 12 bytes leftover after parsing attributes in process `syz.0.508'. [ 149.284378][ T7506] netlink: 11 bytes leftover after parsing attributes in process `syz.4.510'. [ 149.412312][ T7510] sctp: [Deprecated]: syz.0.512 (pid 7510) Use of struct sctp_assoc_value in delayed_ack socket option. [ 149.412312][ T7510] Use struct sctp_sack_info instead [ 149.464338][ T7359] IPVS: starting estimator thread 0... [ 149.609375][ T7511] IPVS: using max 24 ests per chain, 57600 per kthread [ 149.669418][ T7520] netlink: 'syz.0.516': attribute type 5 has an invalid length. [ 149.869941][ T7523] __nla_validate_parse: 3 callbacks suppressed [ 149.869963][ T7523] netlink: 188 bytes leftover after parsing attributes in process `syz.4.517'. [ 150.064255][ T7537] netlink: 'syz.3.521': attribute type 4 has an invalid length. [ 150.191791][ T7541] netlink: 12 bytes leftover after parsing attributes in process `syz.2.523'. [ 150.529233][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 150.666607][ T7547] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.674553][ T7547] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.876421][ T7547] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 150.915387][ T7547] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 151.057332][ T7558] netlink: 8 bytes leftover after parsing attributes in process `syz.2.528'. [ 151.067884][ T7558] netlink: 24 bytes leftover after parsing attributes in process `syz.2.528'. [ 151.097300][ T7547] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.106116][ T7547] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.115915][ T7547] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.124850][ T7547] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.189863][ T7567] netlink: 12 bytes leftover after parsing attributes in process `syz.2.528'. [ 151.506867][ T7569] netlink: 'syz.0.530': attribute type 1 has an invalid length. [ 151.593418][ T7577] netlink: 5 bytes leftover after parsing attributes in process `syz.3.533'. [ 151.627833][ T7569] bond0: entered promiscuous mode [ 151.648675][ T7569] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.663032][ T7577] 0ªX¹¦D: renamed from gretap0 [ 151.673681][ T7577] 0ªX¹¦D: entered allmulticast mode [ 151.697187][ T7577] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 151.736736][ T7580] netlink: 92 bytes leftover after parsing attributes in process `syz.1.534'. [ 151.934699][ T7584] netlink: 52 bytes leftover after parsing attributes in process `syz.3.536'. [ 151.976348][ T7586] ip6tnl1: entered promiscuous mode [ 151.999385][ T7586] ip6tnl1: entered allmulticast mode [ 152.006784][ T7586] team0: Device ip6tnl1 is of different type [ 152.068405][ T7589] netlink: 12 bytes leftover after parsing attributes in process `syz.0.538'. [ 152.354617][ T7601] netlink: 4 bytes leftover after parsing attributes in process `syz.0.541'. [ 152.698931][ T7611] netlink: 'syz.1.545': attribute type 3 has an invalid length. [ 152.775277][ T7613] netlink: 'syz.0.547': attribute type 9 has an invalid length. [ 153.147537][ T7624] netlink: 'syz.0.553': attribute type 1 has an invalid length. [ 153.336111][ T7624] 8021q: adding VLAN 0 to HW filter on device bond1 [ 153.355716][ T7631] vlan2: entered allmulticast mode [ 153.361069][ T7631] veth1: entered allmulticast mode [ 153.367766][ T7631] bond1: (slave vlan2): Opening slave failed [ 155.440854][ T7695] __nla_validate_parse: 3 callbacks suppressed [ 155.440873][ T7695] netlink: 48 bytes leftover after parsing attributes in process `syz.2.577'. [ 155.565927][ C1] Unknown status report in ack skb [ 155.605167][ T2942] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 155.648942][ T2942] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 155.688774][ T7704] FAULT_INJECTION: forcing a failure. [ 155.688774][ T7704] name failslab, interval 1, probability 0, space 0, times 0 [ 155.774532][ T7708] netlink: 'syz.4.582': attribute type 1 has an invalid length. [ 155.779183][ T7704] CPU: 1 UID: 0 PID: 7704 Comm: syz.3.580 Not tainted 6.16.0-rc1-syzkaller-00413-gfc4842cd0f11 #0 PREEMPT(full) [ 155.779219][ T7704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 155.779234][ T7704] Call Trace: [ 155.779244][ T7704] [ 155.779254][ T7704] dump_stack_lvl+0x189/0x250 [ 155.779299][ T7704] ? __pfx____ratelimit+0x10/0x10 [ 155.779338][ T7704] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.779376][ T7704] ? __pfx__printk+0x10/0x10 [ 155.779410][ T7704] ? __pfx___might_resched+0x10/0x10 [ 155.779446][ T7704] ? fs_reclaim_acquire+0x7d/0x100 [ 155.779481][ T7704] should_fail_ex+0x414/0x560 [ 155.779519][ T7704] should_failslab+0xa8/0x100 [ 155.779547][ T7704] kmem_cache_alloc_noprof+0x73/0x3c0 [ 155.779585][ T7704] ? ptlock_alloc+0x20/0x70 [ 155.779613][ T7704] ptlock_alloc+0x20/0x70 [ 155.779635][ T7704] pte_alloc_one+0x7d/0x170 [ 155.779675][ T7704] __handle_mm_fault+0x294d/0x5620 [ 155.779739][ T7704] ? __pfx___handle_mm_fault+0x10/0x10 [ 155.779799][ T7704] ? find_vma+0xe7/0x160 [ 155.779833][ T7704] ? __pfx_find_vma+0x10/0x10 [ 155.779861][ T7704] handle_mm_fault+0x40a/0x8e0 [ 155.779911][ T7704] do_user_addr_fault+0x764/0x1390 [ 155.779964][ T7704] exc_page_fault+0x76/0xf0 [ 155.779998][ T7704] ? __might_fault+0xb0/0x130 [ 155.780022][ T7704] asm_exc_page_fault+0x26/0x30 [ 155.780046][ T7704] RIP: 0010:__get_user_4+0x14/0x20 [ 155.780076][ T7704] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca e9 40 f0 03 00 90 90 90 90 90 90 90 90 90 90 [ 155.780095][ T7704] RSP: 0018:ffffc90004907d40 EFLAGS: 00050287 [ 155.780117][ T7704] RAX: 0000200000000300 RBX: 0000200000000300 RCX: 76b5c924ebb8c600 [ 155.780135][ T7704] RDX: 00007ffffffff000 RSI: ffffffff8db6fa5c RDI: ffffffff8be28300 [ 155.780152][ T7704] RBP: 000000000000000c R08: 0000000000000000 R09: ffffffff820c4de0 [ 155.780166][ T7704] R10: ffffc90004907dc0 R11: ffffffff898c2250 R12: 1ffff92000920fb4 [ 155.780195][ T7704] R13: 000000000000000c R14: 0000000000000000 R15: ffffc90004907dc0 [ 155.780216][ T7704] ? __pfx_netlink_getname+0x10/0x10 [ 155.780247][ T7704] ? __might_fault+0xb0/0x130 [ 155.780280][ T7704] move_addr_to_user+0x4b/0x200 [ 155.780314][ T7704] __sys_getpeername+0x1c6/0x270 [ 155.780349][ T7704] ? __pfx___sys_getpeername+0x10/0x10 [ 155.780396][ T7704] ? __pfx_ksys_write+0x10/0x10 [ 155.780415][ T7704] ? rcu_is_watching+0x15/0xb0 [ 155.780463][ T7704] __x64_sys_getpeername+0x7b/0x90 [ 155.780495][ T7704] do_syscall_64+0xfa/0x3b0 [ 155.780517][ T7704] ? lockdep_hardirqs_on+0x9c/0x150 [ 155.780553][ T7704] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.780577][ T7704] ? clear_bhb_loop+0x60/0xb0 [ 155.780606][ T7704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.780628][ T7704] RIP: 0033:0x7f45ad58e929 [ 155.780647][ T7704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.780666][ T7704] RSP: 002b:00007f45ae42c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000034 [ 155.780689][ T7704] RAX: ffffffffffffffda RBX: 00007f45ad7b5fa0 RCX: 00007f45ad58e929 [ 155.780706][ T7704] RDX: 0000200000000300 RSI: 0000000000000000 RDI: 0000000000000003 [ 155.780720][ T7704] RBP: 00007f45ae42c090 R08: 0000000000000000 R09: 0000000000000000 [ 155.780734][ T7704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.780747][ T7704] R13: 0000000000000000 R14: 00007f45ad7b5fa0 R15: 00007ffd27004b08 [ 155.780785][ T7704] [ 155.946919][ T7713] netlink: 28 bytes leftover after parsing attributes in process `syz.4.582'. [ 156.070594][ T7708] 8021q: adding VLAN 0 to HW filter on device bond1 [ 156.090460][ T12] ------------[ cut here ]------------ [ 156.160876][ T12] WARNING: CPU: 1 PID: 12 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x3ca/0x440 [ 156.170605][ T12] Modules linked in: [ 156.174775][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-rc1-syzkaller-00413-gfc4842cd0f11 #0 PREEMPT(full) [ 156.186853][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 156.192004][ T7716] netlink: 12 bytes leftover after parsing attributes in process `syz.0.584'. [ 156.197047][ T12] Workqueue: cfg80211 cfg80211_event_work [ 156.211767][ T12] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440 [ 156.217964][ T12] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d8 c3 a2 00 cc e8 22 39 fa f6 90 0f 0b 90 eb bd e8 17 39 fa f6 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 07 39 fa f6 90 0f 0b 90 e9 de fd [ 156.238093][ T12] RSP: 0018:ffffc900001178e0 EFLAGS: 00010293 [ 156.244648][ T12] RAX: ffffffff8ac625d9 RBX: dffffc0000000000 RCX: ffff88801cecda00 [ 156.252710][ T12] RDX: 0000000000000000 RSI: ffffffff8d982ba6 RDI: ffffffff8be28300 [ 156.260847][ T12] RBP: ffffc900001179b8 R08: ffffffff8fa10ff7 R09: 1ffffffff1f421fe [ 156.268872][ T12] R10: dffffc0000000000 R11: fffffbfff1f421ff R12: ffff88802d1ecd90 [ 156.276928][ T12] R13: 1ffff92000022f24 R14: ffff888055893338 R15: 0000000000000006 [ 156.284974][ T12] FS: 0000000000000000(0000) GS:ffff888125d52000(0000) knlGS:0000000000000000 [ 156.294208][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 156.300851][ T12] CR2: 00005555887ec5c8 CR3: 000000000df38000 CR4: 00000000003526f0 [ 156.308874][ T12] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 156.316943][ T12] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 156.325028][ T12] Call Trace: [ 156.328326][ T12] [ 156.331345][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 156.337058][ T12] ? __pfx___cfg80211_ibss_joined+0x10/0x10 [ 156.343448][ T12] ? cfg80211_event_work+0x24/0x60 [ 156.348702][ T12] ? __pfx___mutex_lock+0x10/0x10 [ 156.353850][ T12] cfg80211_process_wdev_events+0x38a/0x4f0 [ 156.359848][ T12] cfg80211_process_rdev_events+0xa1/0x110 [ 156.365698][ T12] cfg80211_event_work+0x2c/0x60 [ 156.370772][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 156.376544][ T12] process_scheduled_works+0xae1/0x17b0 [ 156.382245][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 156.388270][ T12] worker_thread+0x8a0/0xda0 [ 156.393003][ T12] kthread+0x70e/0x8a0 [ 156.397120][ T12] ? __pfx_worker_thread+0x10/0x10 [ 156.402325][ T12] ? __pfx_kthread+0x10/0x10 [ 156.406940][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 156.412279][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 156.417521][ T12] ? __pfx_kthread+0x10/0x10 [ 156.422198][ T12] ret_from_fork+0x3fc/0x770 [ 156.426842][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 156.432075][ T12] ? __switch_to_asm+0x39/0x70 [ 156.436882][ T12] ? __switch_to_asm+0x33/0x70 [ 156.442359][ T12] ? __pfx_kthread+0x10/0x10 [ 156.446985][ T12] ret_from_fork_asm+0x1a/0x30 [ 156.452494][ T12] [ 156.455560][ T12] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 156.462894][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-rc1-syzkaller-00413-gfc4842cd0f11 #0 PREEMPT(full) [ 156.474902][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 156.484981][ T12] Workqueue: cfg80211 cfg80211_event_work [ 156.490736][ T12] Call Trace: [ 156.494029][ T12] [ 156.496982][ T12] dump_stack_lvl+0x99/0x250 [ 156.501636][ T12] ? __asan_memcpy+0x40/0x70 [ 156.506277][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 156.511505][ T12] ? __pfx__printk+0x10/0x10 [ 156.516123][ T12] panic+0x2db/0x790 [ 156.520056][ T12] ? __pfx_panic+0x10/0x10 [ 156.524507][ T12] ? show_trace_log_lvl+0x4fb/0x550 [ 156.529747][ T12] ? ret_from_fork_asm+0x1a/0x30 [ 156.534733][ T12] __warn+0x31b/0x4b0 [ 156.538739][ T12] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 156.544306][ T12] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 156.549891][ T12] report_bug+0x2be/0x4f0 [ 156.554283][ T12] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 156.559850][ T12] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 156.565407][ T12] ? __cfg80211_ibss_joined+0x3cc/0x440 [ 156.571022][ T12] handle_bug+0x84/0x160 [ 156.575283][ T12] exc_invalid_op+0x1a/0x50 [ 156.579800][ T12] asm_exc_invalid_op+0x1a/0x20 [ 156.584660][ T12] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440 [ 156.590829][ T12] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d8 c3 a2 00 cc e8 22 39 fa f6 90 0f 0b 90 eb bd e8 17 39 fa f6 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 07 39 fa f6 90 0f 0b 90 e9 de fd [ 156.610458][ T12] RSP: 0018:ffffc900001178e0 EFLAGS: 00010293 [ 156.616553][ T12] RAX: ffffffff8ac625d9 RBX: dffffc0000000000 RCX: ffff88801cecda00 [ 156.624535][ T12] RDX: 0000000000000000 RSI: ffffffff8d982ba6 RDI: ffffffff8be28300 [ 156.632541][ T12] RBP: ffffc900001179b8 R08: ffffffff8fa10ff7 R09: 1ffffffff1f421fe [ 156.640522][ T12] R10: dffffc0000000000 R11: fffffbfff1f421ff R12: ffff88802d1ecd90 [ 156.648502][ T12] R13: 1ffff92000022f24 R14: ffff888055893338 R15: 0000000000000006 [ 156.656492][ T12] ? __cfg80211_ibss_joined+0x3c9/0x440 [ 156.662082][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 156.667332][ T12] ? __pfx___cfg80211_ibss_joined+0x10/0x10 [ 156.673248][ T12] ? cfg80211_event_work+0x24/0x60 [ 156.678381][ T12] ? __pfx___mutex_lock+0x10/0x10 [ 156.683418][ T12] cfg80211_process_wdev_events+0x38a/0x4f0 [ 156.689360][ T12] cfg80211_process_rdev_events+0xa1/0x110 [ 156.695199][ T12] cfg80211_event_work+0x2c/0x60 [ 156.700153][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 156.705895][ T12] process_scheduled_works+0xae1/0x17b0 [ 156.711493][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 156.717515][ T12] worker_thread+0x8a0/0xda0 [ 156.722146][ T12] kthread+0x70e/0x8a0 [ 156.726227][ T12] ? __pfx_worker_thread+0x10/0x10 [ 156.731384][ T12] ? __pfx_kthread+0x10/0x10 [ 156.736019][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 156.741246][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 156.746462][ T12] ? __pfx_kthread+0x10/0x10 [ 156.751068][ T12] ret_from_fork+0x3fc/0x770 [ 156.755683][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 156.760836][ T12] ? __switch_to_asm+0x39/0x70 [ 156.765709][ T12] ? __switch_to_asm+0x33/0x70 [ 156.770493][ T12] ? __pfx_kthread+0x10/0x10 [ 156.775111][ T12] ret_from_fork_asm+0x1a/0x30 [ 156.780011][ T12] [ 156.783364][ T12] Kernel Offset: disabled [ 156.787695][ T12] Rebooting in 86400 seconds..