last executing test programs: 5.344111161s ago: executing program 2 (id=2121): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') unshare(0x6a040000) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000004c0), 0xce, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x2000002, 0xe, 0x3d, &(0x7f00000005c0)="df12c9f7b9a6000000000000000096fc36dc2f8741d451f4117d2a7e856d7783dd24c267235638bc9848dc2a4802eb8368252950343416c0cc5e97c1ad38221bbee42fa6889347a1142eb02d2082edef45e3e6c986b5ac38b4da20680e38cfb2654edde484745f8540011d9bbb54745dfa48054f466adddae71c126e89108ffcd3397aeb659b430910aee5cf2cfb1b2ea381441c09a0d2edc5c3cfbc2e5a73945b148d5609de2360726517cd100704031259b829b7f8201a02fc0278a61d1dfbfa5d8840ddf3271e47444e87e3400b3f291c695dbc4ef710b0429828c87229b506bd7893194745c04adf82b656cbafa7d5c64ddf8e9beb0991b60cfff30cd024686fc44699e925d7e58f5756bde679da2a71755539a5f0f8304a7c378afdc42aecd4b881f1cd91a5f038e4a6981088d7307dbe16ba236ce0e69af08025e6188f8f0f920741aa719c6f5d848eaa760443e50bc849d6891481a26ce7cf06eb91553bdb6f27b7dac817", 0x0, 0x3, 0x0, 0x0, 0xfe25, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x2b) r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x20040001) socket$nl_generic(0x10, 0x3, 0x10) socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'erspan0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x50, 0x10, 0x405, 0x0, 0x0, {0x0, 0x0, 0x0, r6}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_FWMARK={0x8}, @IFLA_GRE_ERSPAN_VER={0x5}, @IFLA_GRE_ENCAP_TYPE={0x6}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x50}}, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r7, 0x0, 0x80, &(0x7f0000001d80)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000c0], 0x11, 0x0, &(0x7f00000000c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}]}, 0x108) 4.379847886s ago: executing program 4 (id=2132): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) r2 = socket(0x8, 0x3, 0x3) ioctl$sock_netrom_SIOCADDRT(r2, 0x6180, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) socketpair$tipc(0x1e, 0x1, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0x10, &(0x7f00000000c0)=[@in={0x2, 0x4e22, @local}]}, &(0x7f0000000280)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000540)={r3, @in6={{0xa, 0x4e21, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x2}}, 0x9, 0x8000}, &(0x7f0000000340)=0x90) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) connect$inet(r1, &(0x7f0000000380)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$kcm(0xa, 0x5, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000c80)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="05000000140009051fbd7000fddbdf25022028fd", @ANYRES32=r6], 0x18}, 0x1, 0x0, 0x0, 0x4040014}, 0x40) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x8916, &(0x7f0000000000)={r4}) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r8, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r8, &(0x7f0000000180)=ANY=[@ANYBLOB="0e00010002"], 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x1}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 3.337018134s ago: executing program 0 (id=2140): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000000)={@mcast2, 0x0}, &(0x7f0000000040)=0x14) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000000c0)={'ip6gre0\x00', r2, 0x2f, 0xb0, 0x0, 0x1, 0x30, @mcast2, @private2, 0x7, 0x0, 0x9, 0x4}}) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1, 0x400000}, 0xc) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r3, 0x1, 0x28, 0x0, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) r5 = accept4(r4, 0x0, 0x0, 0x800) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg$qrtr(r5, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000000a80)=""/77, 0x4d}], 0x1, 0x0, 0x0, 0x10000}, 0x38, 0x2) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={&(0x7f0000000300), 0xc, &(0x7f00000002c0)={&(0x7f0000001580)=@newtaction={0x18, 0x32, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x6011}, 0x80) syz_emit_ethernet(0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20000000800450000280000000000069078ac1414bbac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="1000000000000000"], 0x0) 3.336827209s ago: executing program 2 (id=2141): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'syz_tun\x00'}) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x3c, 0x28, 0x64, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0xffffff}}}}}, 0x0) 3.336246738s ago: executing program 3 (id=2142): r0 = socket(0xa, 0x5, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xc}}, [@NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x5}, @NFT_OBJECT_CT_TIMEOUT=@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}}, @NFT_MSG_DELCHAIN={0x14, 0x5, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x7}}, @NFT_MSG_DELRULE={0x28, 0x8, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x8}, [@NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x3}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x84}, 0x1, 0x0, 0x0, 0x5}, 0x40) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x4e24, 0x14, @loopback, 0xffff}], 0x1c) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x1a, 0x2, 0x9) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r3, &(0x7f0000000700)=[{{&(0x7f0000000340)={0xa, 0x4e23, 0xfffffff9, @loopback, 0x9}, 0x1c, &(0x7f00000004c0)}}, {{&(0x7f00000004c0)={0xa, 0x4e21, 0x786ba9af, @mcast1, 0x7}, 0x1c, &(0x7f00000006c0)=[{&(0x7f0000000580)="69b1cd1aa3b6b202915f0c2951725031cb90f8c0c68e6a62e5c9fe7f7b7f2d81acf1e3faaa1fccb4f3746804283c0f71c178f3f2f232c8b5f141f6cdb4607e7e08343a0de825412157fdc9b1ef59aa5126767d5568eefb4c274d539ead6f6f87cd926a6b970176e6e667c36d0dccd243494b01fc37dc56cdf4141d95", 0x7c}], 0x1, &(0x7f0000000800)=ANY=[], 0x88}}], 0x2, 0x2400c044) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f0000000040)='cgroup.max.descendants\x00', 0x2, 0x0) sendfile(r5, r7, 0x0, 0x970b) shutdown(r3, 0x1) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x8}, &(0x7f0000000040)=0xc) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58) r9 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r9, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) recvmmsg(r9, &(0x7f0000000480), 0x0, 0x0, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xc3}, {}, {0xe, 0xd}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000140)={'wlan0\x00'}) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r11, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000002040)={0x4c, r12, 0x1, 0x200000, 0x25dfdbff, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4084}, 0x20000010) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x0, 0x0, &(0x7f0000000680)='GPL\x00', 0x80000, 0x11, &(0x7f00000007c0)=""/17, 0x40f00, 0x53, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000a40)={0x0, 0xf, 0x5, 0x4}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000d80)=[0xffffffffffffffff, 0xffffffffffffffff, r4], &(0x7f0000000140), 0x10, 0x5}, 0x94) 3.164282477s ago: executing program 0 (id=2143): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) unshare(0x62040200) r2 = socket$netlink(0x10, 0x3, 0x4) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfd, 0x2ffffffff}, 0xc) close(0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000014) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="620ac4ff0000000071101900000000029500000000a70009"], &(0x7f0000000480)='GPL\x00'}, 0x80) write$tun(0xffffffffffffffff, 0x0, 0x3e) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000240)={@ipv4={'\x00', '\xff\xff', @multicast2}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x9, 0xefff, 0x2, 0x100, 0x2000040, 0x85000040}) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_inet_SIOCSIFPFLAGS(r2, 0x8934, &(0x7f0000000100)={'caif0\x00', 0x800}) ioctl$int_in(r4, 0x5452, &(0x7f0000000000)=0xf) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f0000000380)=[@in6={0xa, 0x0, 0x0, @remote, 0x3}], 0x1c) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x40000102) setsockopt(r4, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8) 3.151038143s ago: executing program 2 (id=2145): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0xffffffffffffff6a, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_FD={0x8}]}, 0x3c}}, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f00000007c0)=ANY=[@ANYBLOB="18020000d600000000000000000000008500000041000000850000000f00000095"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r6, 0x0, 0xe, 0x0, &(0x7f0000000300)="a9a69a77384ab250f4d03ce0dddb", 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}, {0x1c, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_REDIR_REG_PROTO_MIN={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x58, 0x10, 0x403, 0x300, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0xffe}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0xe, 0x8}}]}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x58}}, 0x8000) 2.928255129s ago: executing program 3 (id=2147): r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$kcm(0x2, 0xa, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0e000000040000000800000001"], 0x50) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1806000000000300000000000000c29c18120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2}, &(0x7f0000000280), &(0x7f00000002c0)=r4}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xe, 0x0, &(0x7f0000000000)="43227504000000b32415f73227b2", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r6 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaa3b1f00000000004325bdc988a8000081"], 0x18) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000d00)=0x205a, 0x4) recvfrom$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(r7, 0x0, 0x48a, &(0x7f0000000c40)={0xfffff800, 0x6, 0xfffffffd}, 0xc) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x4010, r1, 0x0) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r9, &(0x7f0000000000)=[{&(0x7f0000001800)='\x00', 0x1}], 0x1, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) readv(r8, &(0x7f0000000040)=[{&(0x7f0000000800)=""/228, 0xe4}], 0x1) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r9, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x3, 0x40, 0x7f, 0x1, 0x3}, &(0x7f00000000c0)=0x14) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r9, 0x84, 0x75, &(0x7f0000000100)={r10, 0x23eb}, 0x8) 2.716326105s ago: executing program 2 (id=2150): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02}) readv(r2, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000980)=""/4096, 0x1000}], 0x2) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$TUNSETVNETHDRSZ(r2, 0x400454d8, &(0x7f0000000100)=0x730) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="64000000f1cd7626186f3d5fe5c006557500d955fac16bc805b98125e0eb6f84d34cafc9d428a88a21ff43d91e28f988b3c4ec1c3a6ea04e4dfc38e91eb4bb945e1c3fc023f5cf7e99be4433e08cab0cbe6f55b6c242914941fabfce53af0e286904a17378438a69ca00dc1a27b0e5e60be3164d2298d64fa29eca6ee264996fc5395542670f42da4c6cd4fe549af9e1dab5d405288c53d117774a0fda33aae153f45c16702384a3203bbe9333ab283ddcf14a17ea59cd", @ANYRES16=r1, @ANYBLOB="010000000000fedbdf251700000008000300", @ANYRES32=r4, @ANYBLOB="4800308014000400403a050c5baee2004ef2b6d713459a7a280001801c00038006000300a1aa00000600010001000000080002000200000008000100000000000500020000000000"], 0x64}}, 0x0) 2.542105531s ago: executing program 1 (id=2152): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f00000001c0)=0x5e70, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @window={0x3, 0xfffe}, @sack_perm], 0x7) write(r0, &(0x7f0000000500)="199b439c8da53b12bca2de25627cd11e85a59fa230e5092d5bc83bbd04d75293d507aaee9cc1b926196b577b0037bc827544746a0310e007d1c34fb7ff405ebd1c62c806b456e4837b48cf0e36721d73b3731148837786dfb380abab7e8a2bd60580cadb22132a9a97a791157c4318e016ec0aba731df22f671355aa878736ac1820c753c93b22afe17c0471c972fa5eff", 0x91) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0) 2.488294433s ago: executing program 3 (id=2153): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x82, &(0x7f0000000040)='\x00\'\x00\x00\x00\x00\x00\x00', 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000240)={0x0, 0xa5d9}, 0x8) sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) (fail_nth: 11) 2.403370369s ago: executing program 1 (id=2154): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) writev(0xffffffffffffffff, 0x0, 0x0) close(0x4) r0 = gettid() syz_open_procfs$namespace(r0, &(0x7f0000000040)='ns/mnt\x00') r1 = syz_open_procfs$namespace(r0, &(0x7f0000000100)='ns/pid_for_children\x00') unshare(0x6a040000) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x9, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r4, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64"], 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x40000) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYRES16=r1, @ANYRES32=0x0, @ANYBLOB="0000000000100000180012800e0001007769726567756172640000000400028008000a00", @ANYRES32=r4], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0) 2.060981397s ago: executing program 3 (id=2155): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'syz_tun\x00'}) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x3c, 0x28, 0x64, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0xffffff}}}}}, 0x0) 1.911912933s ago: executing program 2 (id=2156): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x49, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x0, 0xc}, {0xffff, 0xfff1}, {0x0, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0) unshare(0x24060400) r8 = socket$netlink(0x10, 0x3, 0xb) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r8, 0x10e, 0x1, 0x0, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, 0x0, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r9 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$sock(r9, &(0x7f0000000cc0)=[{{&(0x7f0000000100)=@l2tp={0x2, 0x0, @broadcast, 0x3}, 0x80, 0x0}}, {{&(0x7f0000000700)=@in6={0xa, 0x4e20, 0x7, @dev={0xfe, 0x80, '\x00', 0x18}, 0x60}, 0x80, 0x0}}], 0x2, 0x48094) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) bind$pptp(0xffffffffffffffff, 0x0, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) socket(0x40000000015, 0x805, 0x0) bind$alg(r11, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(blowfish)\x00'}, 0x58) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000140)="2c385aa3", 0x4) r12 = accept4(r11, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r12) write$cgroup_int(r10, &(0x7f0000000000), 0xffffff6a) 1.911312782s ago: executing program 3 (id=2157): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000000)={0x0, 0x7, 0xf436, 0xa}, 0x10) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback={0x2000000}, 0x1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0) 1.810202066s ago: executing program 4 (id=2158): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) recvmmsg(r0, &(0x7f000000a1c0)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x8020, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r2, 0x80047213, &(0x7f0000000080)) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000040)) sendmsg$802154_dgram(r0, &(0x7f000000b8c0)={&(0x7f000000b800)={0x24, @long={0x3, 0xffff, {0xaaaaaaaaaaaa0102}}}, 0x14, &(0x7f000000b880)={0x0}, 0x1, 0x0, 0x0, 0x20000011}, 0x0) 1.425572958s ago: executing program 1 (id=2159): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="68000000100003042bbd74003f00000002000000", @ANYRES32=0x0, @ANYBLOB="a5fdad8800000000480012800b00010069703667726500003800028006000e0001000000060018000700000006000300a1000000040012"], 0x68}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0) 1.242119041s ago: executing program 1 (id=2160): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0xc, &(0x7f0000000240)=@framed={{0x18, 0x2, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x10000007}, [@call={0x85, 0x0, 0x0, 0x27}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x10}}]}, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000004c0)={'vcan0\x00', 0x0}) connect$can_bcm(r2, &(0x7f00000000c0)={0x1d, r3}, 0x10) sendmsg$NFNL_MSG_ACCT_GET(r1, 0x0, 0x48404) sendmsg$can_bcm(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="05000000460a"], 0x80}}, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000500)={0x0, 0x10}, &(0x7f0000000540)=0x8) setsockopt$inet_sctp_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000580)={r5, 0x0, 0x3, 0xca8, 0x5, 0x1}, 0x14) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[], 0x24}}, 0x0) sendmsg$can_bcm(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000014c0)=ANY=[@ANYBLOB="0500"], 0x48}, 0x1, 0x0, 0x0, 0x2004c870}, 0x4000000) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r8, 0x0, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)={0x2c, 0x0, 0x1, 0x0, 0x0, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}]}]}, 0x2c}}, 0x0) setsockopt$CAN_RAW_FILTER(r8, 0x65, 0x1, &(0x7f0000000040)=[{{0x3, 0x0, 0x1}, {0x3, 0x1, 0x0, 0x1}}, {{0x3, 0x1, 0x1}, {0x3, 0x0, 0x1}}], 0x10) sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r9, {0x1}, {0xffff, 0x6}, {0x1}}}, 0x24}}, 0x80) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001580)={r11, r12, 0x25, 0x2, @val=@netkit}, 0x1c) syz_emit_ethernet(0x36, &(0x7f0000001180)={@empty, @multicast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x0, 0x0, 0xff, @remote, @private0={0xfc, 0x0, '\x00', 0x1}}}}}, 0x0) 992.175364ms ago: executing program 1 (id=2161): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8) recvmmsg(r0, &(0x7f0000003040)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x2b, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 978.718034ms ago: executing program 3 (id=2162): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00080000000a00121b0000000000004000"/28], 0x50) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_UPDATE_FT_IES(r2, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="d0000000", @ANYRES16=0x0, @ANYBLOB="0004c81536dc7eec896c0000000000000000", @ANYRES32=0x0, @ANYBLOB="0c009900000000803a0000009d002a00710701010100ffba010301b03c040103ac1c8c18830209504af2c6e47bb7bebb809badebe0230fee2432e0d62d1a10001708000000000000000700010015000000080078000000ac751400000500e1536035c518766c427eebe7af8bbd8b6804470006006512080211000000080211000001080211000001831f001e01ffffffffffff050000000500000003000000ffffffffffff000000000000000600b10003000000"], 0xd0}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) recvmmsg(r2, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r3 = socket(0x2a, 0x2, 0x0) getsockname$packet(r3, 0x0, &(0x7f0000001480)) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_ZERO(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x14, r5, 0x1}, 0x14}}, 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r6, 0x0) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r7, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0xc}, 0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffb}]}, &(0x7f0000000140)=0x10) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r7, 0x84, 0x21, &(0x7f0000000000)=0xfffffffc, 0xffffffffffffff5d) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x2c, &(0x7f00000003c0)=[@in6={0xa, 0x4e20, 0x0, @private0}, @in={0x2, 0x4e20, @private=0xa010101}]}, &(0x7f0000000040)=0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000380)={'wlan0\x00'}) getsockopt$IP6T_SO_GET_INFO(r6, 0x29, 0x40, &(0x7f0000000400)={'raw\x00', 0x0, [0x7fff, 0xceb, 0x9, 0x10000, 0x5]}, &(0x7f0000000480)=0x54) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x85, &(0x7f00000004c0)={r8, @in={{0x2, 0xfffe, @empty}}, 0x0, 0x80}, 0x90) r9 = socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000580)=ANY=[@ANYBLOB="3caaaaaaaaaa0180c20000000800450000b00000000000119078000000000000000000004e22009c907801000000000000007b4b143b7461fd777b1c012bd14efb9f49fcdbad5c8c82b8a8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424dbcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b9649a3bfbc1f39cb307b3472eb9cdb042d2643fcbb2c5a57df67d544af6e8dafe090000000000000000000000009db621b3b3daad1f0021ccfca300971a248a064ff9514a3365fb"], 0x0) sendmsg$nl_generic(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a00000006000100"], 0x1c}}, 0x0) 971.813183ms ago: executing program 0 (id=2163): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f00000020c0)=[@in={0x2, 0x4e23, @private=0xa010103}], 0x10) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000200), 0x4) listen(r0, 0xfff) accept4(r0, &(0x7f0000000240)=@x25, 0x0, 0x800) 868.873462ms ago: executing program 4 (id=2164): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f00000001c0)=0x5e70, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @window={0x3, 0xfffe}, @sack_perm], 0x7) write(r0, &(0x7f0000000500)="199b439c8da53b12bca2de25627cd11e85a59fa230e5092d5bc83bbd04d75293d507aaee9cc1b926196b577b0037bc827544746a0310e007d1c34fb7ff405ebd1c62c806b456e4837b48cf0e36721d73b3731148837786dfb380abab7e8a2bd60580cadb22132a9a97a791157c4318e016ec0aba731df22f671355aa878736ac1820c753c93b22afe17c0471c972fa5eff", 0x91) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0) 774.279491ms ago: executing program 0 (id=2165): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x6, 0xf, 0x8, 0x41}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe5}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000004c0), 0xce, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df12c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (fail_nth: 2) 765.097797ms ago: executing program 4 (id=2166): r0 = socket(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @mcast2, 0x2}, 0x1c) 656.326875ms ago: executing program 2 (id=2167): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)={0x4c, r1, 0x1, 0x0, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_KEY={0x30, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "403a050c5baee2004ef2b6d713459a7a"}, @NL802154_KEY_ATTR_ID={0x10, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x4}, @NL802154_KEY_ID_ATTR_MODE={0x8}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5}]}]}, 0x4c}}, 0x0) 656.133442ms ago: executing program 4 (id=2168): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0}, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x11, &(0x7f0000000200)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x17}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8e8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000080)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xb, 0x0, &(0x7f0000000100)="b34715ecd04550d3abc89b", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 403.210403ms ago: executing program 0 (id=2169): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000007d40)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={r0}, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x3, 0x11, &(0x7f0000000600)=@framed={{0x18, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x87000000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f0000000080)='GPL\x00', 0x3, 0x0, 0x0, 0x1f00}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="b34715ecd04550d3abc89b6f7bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (fail_nth: 7) 57.820334ms ago: executing program 0 (id=2170): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001580)={r1, r2, 0x25, 0x2, @val=@netkit}, 0x1c) syz_emit_ethernet(0x11dc0, &(0x7f0000001180)={@local, @multicast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x0, 0x0, 0x0, @remote, @mcast2}}}}, 0x0) 273.004µs ago: executing program 1 (id=2171): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b70300000000ef00850000003300000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r1, r3, 0x25, 0x0, @val=@iter={0x0}}, 0x20) syz_emit_ethernet(0x1046, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd6000000010102b00fc020000000000000000000000000001fe8000000000000000000000000000aa6700000000000000210000001008907803ed107cf19d61f6b0b8ac14f2a2018e167180a1ba712ed95042cb787518cb2fbc69dbda64c42463cb34a8cec902c31c61a9130e86f75f493932"], 0x0) 0s ago: executing program 4 (id=2172): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r0, r1, 0x5, 0x0, @void}, 0x10) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r0, r1, 0x5, 0x0, @void}, 0x10) kernel console output (not intermixed with test programs): .330368][T10002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.330385][T10002] RIP: 0033:0x7f9ccdb8efc9 [ 171.330401][T10002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.330416][T10002] RSP: 002b:00007f9ccea56038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 171.330435][T10002] RAX: ffffffffffffffda RBX: 00007f9ccdde5fa0 RCX: 00007f9ccdb8efc9 [ 171.330448][T10002] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000003 [ 171.330459][T10002] RBP: 00007f9ccea56090 R08: 0000000000000000 R09: 0000000000000000 [ 171.330470][T10002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 171.330481][T10002] R13: 00007f9ccdde6038 R14: 00007f9ccdde5fa0 R15: 00007fff4b85f118 [ 171.330512][T10002] [ 171.651741][T10008] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 171.704934][T10014] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1709'. [ 171.731047][T10014] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1709'. [ 171.955882][T10025] vxcan1 speed is unknown, defaulting to 1000 [ 172.117054][T10040] FAULT_INJECTION: forcing a failure. [ 172.117054][T10040] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 172.147359][T10040] CPU: 1 UID: 0 PID: 10040 Comm: syz.0.1717 Not tainted syzkaller #0 PREEMPT(full) [ 172.147387][T10040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 172.147398][T10040] Call Trace: [ 172.147404][T10040] [ 172.147411][T10040] dump_stack_lvl+0x189/0x250 [ 172.147438][T10040] ? __pfx____ratelimit+0x10/0x10 [ 172.147457][T10040] ? __pfx_dump_stack_lvl+0x10/0x10 [ 172.147478][T10040] ? __pfx__printk+0x10/0x10 [ 172.147495][T10040] ? __might_fault+0xb0/0x130 [ 172.147531][T10040] should_fail_ex+0x414/0x560 [ 172.147567][T10040] _copy_from_iter+0x1de/0x1790 [ 172.147589][T10040] ? rcu_is_watching+0x15/0xb0 [ 172.147612][T10040] ? kmalloc_reserve+0xbd/0x290 [ 172.147637][T10040] ? __pfx__copy_from_iter+0x10/0x10 [ 172.147658][T10040] ? __build_skb_around+0x262/0x3f0 [ 172.147685][T10040] ? netlink_sendmsg+0x642/0xb30 [ 172.147701][T10040] ? skb_put+0x11b/0x210 [ 172.147720][T10040] netlink_sendmsg+0x6b2/0xb30 [ 172.147747][T10040] ? __pfx_netlink_sendmsg+0x10/0x10 [ 172.147767][T10040] ? aa_sock_msg_perm+0xf1/0x1d0 [ 172.147792][T10040] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 172.147808][T10040] ? __pfx_netlink_sendmsg+0x10/0x10 [ 172.147823][T10040] __sock_sendmsg+0x21c/0x270 [ 172.147848][T10040] ____sys_sendmsg+0x505/0x830 [ 172.147868][T10040] ? __pfx_____sys_sendmsg+0x10/0x10 [ 172.147894][T10040] ? import_iovec+0x74/0xa0 [ 172.147918][T10040] ___sys_sendmsg+0x21f/0x2a0 [ 172.147938][T10040] ? __pfx____sys_sendmsg+0x10/0x10 [ 172.147989][T10040] ? __fget_files+0x2a/0x420 [ 172.148005][T10040] ? __fget_files+0x3a0/0x420 [ 172.148033][T10040] __x64_sys_sendmsg+0x19b/0x260 [ 172.148052][T10040] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 172.148081][T10040] ? __pfx_ksys_write+0x10/0x10 [ 172.148108][T10040] ? do_syscall_64+0xbe/0xfa0 [ 172.148132][T10040] do_syscall_64+0xfa/0xfa0 [ 172.148150][T10040] ? lockdep_hardirqs_on+0x9c/0x150 [ 172.148171][T10040] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.148188][T10040] ? clear_bhb_loop+0x60/0xb0 [ 172.148209][T10040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.148226][T10040] RIP: 0033:0x7f5d5998efc9 [ 172.148242][T10040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.148257][T10040] RSP: 002b:00007f5d5a8d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 172.148277][T10040] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998efc9 [ 172.148289][T10040] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 172.148299][T10040] RBP: 00007f5d5a8d5090 R08: 0000000000000000 R09: 0000000000000000 [ 172.148310][T10040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 172.148319][T10040] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 172.148345][T10040] [ 172.785296][T10062] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1724'. [ 172.814151][T10061] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1724'. [ 172.866754][T10073] FAULT_INJECTION: forcing a failure. [ 172.866754][T10073] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 172.881094][T10073] CPU: 1 UID: 0 PID: 10073 Comm: syz.1.1727 Not tainted syzkaller #0 PREEMPT(full) [ 172.881119][T10073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 172.881129][T10073] Call Trace: [ 172.881136][T10073] [ 172.881144][T10073] dump_stack_lvl+0x189/0x250 [ 172.881172][T10073] ? __pfx____ratelimit+0x10/0x10 [ 172.881193][T10073] ? __pfx_dump_stack_lvl+0x10/0x10 [ 172.881215][T10073] ? __pfx__printk+0x10/0x10 [ 172.881233][T10073] ? __might_fault+0xb0/0x130 [ 172.881268][T10073] should_fail_ex+0x414/0x560 [ 172.881298][T10073] _copy_from_iter+0x1de/0x1790 [ 172.881323][T10073] ? rcu_is_watching+0x15/0xb0 [ 172.881347][T10073] ? kmalloc_reserve+0xbd/0x290 [ 172.881371][T10073] ? __pfx__copy_from_iter+0x10/0x10 [ 172.881392][T10073] ? __build_skb_around+0x262/0x3f0 [ 172.881428][T10073] ? netlink_sendmsg+0x642/0xb30 [ 172.881443][T10073] ? skb_put+0x11b/0x210 [ 172.881462][T10073] netlink_sendmsg+0x6b2/0xb30 [ 172.881488][T10073] ? __pfx_netlink_sendmsg+0x10/0x10 [ 172.881508][T10073] ? aa_sock_msg_perm+0xf1/0x1d0 [ 172.881534][T10073] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 172.881551][T10073] ? __pfx_netlink_sendmsg+0x10/0x10 [ 172.881567][T10073] __sock_sendmsg+0x21c/0x270 [ 172.881592][T10073] ____sys_sendmsg+0x505/0x830 [ 172.881615][T10073] ? __pfx_____sys_sendmsg+0x10/0x10 [ 172.881640][T10073] ? import_iovec+0x74/0xa0 [ 172.881663][T10073] ___sys_sendmsg+0x21f/0x2a0 [ 172.881683][T10073] ? __pfx____sys_sendmsg+0x10/0x10 [ 172.881736][T10073] ? __fget_files+0x2a/0x420 [ 172.881752][T10073] ? __fget_files+0x3a0/0x420 [ 172.881779][T10073] __x64_sys_sendmsg+0x19b/0x260 [ 172.881800][T10073] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 172.881827][T10073] ? __pfx_ksys_write+0x10/0x10 [ 172.881854][T10073] ? do_syscall_64+0xbe/0xfa0 [ 172.881879][T10073] do_syscall_64+0xfa/0xfa0 [ 172.881897][T10073] ? lockdep_hardirqs_on+0x9c/0x150 [ 172.881918][T10073] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.881937][T10073] ? clear_bhb_loop+0x60/0xb0 [ 172.881957][T10073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.881974][T10073] RIP: 0033:0x7f9ccdb8efc9 [ 172.881990][T10073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.882004][T10073] RSP: 002b:00007f9ccea56038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 172.882024][T10073] RAX: ffffffffffffffda RBX: 00007f9ccdde5fa0 RCX: 00007f9ccdb8efc9 [ 172.882038][T10073] RDX: 0000000000040040 RSI: 0000200000000880 RDI: 0000000000000003 [ 172.882050][T10073] RBP: 00007f9ccea56090 R08: 0000000000000000 R09: 0000000000000000 [ 172.882060][T10073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 172.882071][T10073] R13: 00007f9ccdde6038 R14: 00007f9ccdde5fa0 R15: 00007fff4b85f118 [ 172.882102][T10073] [ 173.956882][T10119] FAULT_INJECTION: forcing a failure. [ 173.956882][T10119] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 173.990300][T10119] CPU: 1 UID: 0 PID: 10119 Comm: syz.3.1741 Not tainted syzkaller #0 PREEMPT(full) [ 173.990325][T10119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 173.990336][T10119] Call Trace: [ 173.990344][T10119] [ 173.990352][T10119] dump_stack_lvl+0x189/0x250 [ 173.990379][T10119] ? __pfx____ratelimit+0x10/0x10 [ 173.990399][T10119] ? __pfx_dump_stack_lvl+0x10/0x10 [ 173.990422][T10119] ? __pfx__printk+0x10/0x10 [ 173.990453][T10119] should_fail_ex+0x414/0x560 [ 173.990483][T10119] _copy_to_user+0x31/0xb0 [ 173.990507][T10119] simple_read_from_buffer+0xe1/0x170 [ 173.990538][T10119] proc_fail_nth_read+0x1b3/0x220 [ 173.990570][T10119] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 173.990595][T10119] ? rw_verify_area+0x2a6/0x4d0 [ 173.990617][T10119] ? __lock_acquire+0xab9/0xd20 [ 173.990633][T10119] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 173.990656][T10119] vfs_read+0x200/0xa30 [ 173.990678][T10119] ? fdget_pos+0x247/0x320 [ 173.990698][T10119] ? __pfx___mutex_lock+0x10/0x10 [ 173.990721][T10119] ? __pfx_vfs_read+0x10/0x10 [ 173.990745][T10119] ? __fget_files+0x2a/0x420 [ 173.990767][T10119] ? __fget_files+0x3a0/0x420 [ 173.990782][T10119] ? __fget_files+0x2a/0x420 [ 173.990811][T10119] ksys_read+0x145/0x250 [ 173.990836][T10119] ? __pfx_ksys_read+0x10/0x10 [ 173.990863][T10119] ? do_syscall_64+0xbe/0xfa0 [ 173.990886][T10119] do_syscall_64+0xfa/0xfa0 [ 173.990905][T10119] ? lockdep_hardirqs_on+0x9c/0x150 [ 173.990924][T10119] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.990941][T10119] ? clear_bhb_loop+0x60/0xb0 [ 173.990962][T10119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.990979][T10119] RIP: 0033:0x7f8c0b58d9dc [ 173.990993][T10119] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 173.991009][T10119] RSP: 002b:00007f8c0c497030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 173.991028][T10119] RAX: ffffffffffffffda RBX: 00007f8c0b7e5fa0 RCX: 00007f8c0b58d9dc [ 173.991041][T10119] RDX: 000000000000000f RSI: 00007f8c0c4970a0 RDI: 0000000000000004 [ 173.991051][T10119] RBP: 00007f8c0c497090 R08: 0000000000000000 R09: 0000000000000000 [ 173.991062][T10119] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 173.991073][T10119] R13: 00007f8c0b7e6038 R14: 00007f8c0b7e5fa0 R15: 00007ffe93a31798 [ 173.991103][T10119] [ 174.906772][T10177] tipc: Enabling of bearer rejected, failed to enable media [ 175.104841][T10191] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 175.459197][T10215] FAULT_INJECTION: forcing a failure. [ 175.459197][T10215] name failslab, interval 1, probability 0, space 0, times 0 [ 175.472487][T10215] CPU: 1 UID: 0 PID: 10215 Comm: syz.0.1781 Not tainted syzkaller #0 PREEMPT(full) [ 175.472512][T10215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 175.472522][T10215] Call Trace: [ 175.472530][T10215] [ 175.472537][T10215] dump_stack_lvl+0x189/0x250 [ 175.472565][T10215] ? __pfx____ratelimit+0x10/0x10 [ 175.472586][T10215] ? __pfx_dump_stack_lvl+0x10/0x10 [ 175.472608][T10215] ? __pfx__printk+0x10/0x10 [ 175.472631][T10215] ? __pfx___might_resched+0x10/0x10 [ 175.472651][T10215] ? fs_reclaim_acquire+0x7d/0x100 [ 175.472681][T10215] should_fail_ex+0x414/0x560 [ 175.472711][T10215] should_failslab+0xa8/0x100 [ 175.472730][T10215] kmem_cache_alloc_node_noprof+0x77/0x710 [ 175.472754][T10215] ? __alloc_skb+0x112/0x2d0 [ 175.472777][T10215] ? netlink_autobind+0xdb/0x300 [ 175.472798][T10215] __alloc_skb+0x112/0x2d0 [ 175.472824][T10215] netlink_sendmsg+0x5c6/0xb30 [ 175.472848][T10215] ? __pfx_netlink_sendmsg+0x10/0x10 [ 175.472868][T10215] ? aa_sock_msg_perm+0xf1/0x1d0 [ 175.472894][T10215] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 175.472911][T10215] ? __pfx_netlink_sendmsg+0x10/0x10 [ 175.472928][T10215] __sock_sendmsg+0x21c/0x270 [ 175.472951][T10215] ____sys_sendmsg+0x505/0x830 [ 175.472975][T10215] ? __pfx_____sys_sendmsg+0x10/0x10 [ 175.473001][T10215] ? import_iovec+0x74/0xa0 [ 175.473024][T10215] ___sys_sendmsg+0x21f/0x2a0 [ 175.473045][T10215] ? __pfx____sys_sendmsg+0x10/0x10 [ 175.473096][T10215] ? __fget_files+0x2a/0x420 [ 175.473112][T10215] ? __fget_files+0x3a0/0x420 [ 175.473139][T10215] __x64_sys_sendmsg+0x19b/0x260 [ 175.473160][T10215] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 175.473186][T10215] ? __pfx_ksys_write+0x10/0x10 [ 175.473214][T10215] ? do_syscall_64+0xbe/0xfa0 [ 175.473237][T10215] do_syscall_64+0xfa/0xfa0 [ 175.473256][T10215] ? lockdep_hardirqs_on+0x9c/0x150 [ 175.473276][T10215] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.473294][T10215] ? clear_bhb_loop+0x60/0xb0 [ 175.473315][T10215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.473332][T10215] RIP: 0033:0x7f5d5998efc9 [ 175.473347][T10215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.473363][T10215] RSP: 002b:00007f5d5a8d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 175.473382][T10215] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998efc9 [ 175.473395][T10215] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000004 [ 175.473407][T10215] RBP: 00007f5d5a8d5090 R08: 0000000000000000 R09: 0000000000000000 [ 175.473426][T10215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 175.473437][T10215] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 175.473465][T10215] [ 175.859326][T10221] FAULT_INJECTION: forcing a failure. [ 175.859326][T10221] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 175.867014][T10224] FAULT_INJECTION: forcing a failure. [ 175.867014][T10224] name failslab, interval 1, probability 0, space 0, times 0 [ 175.886058][T10224] CPU: 1 UID: 0 PID: 10224 Comm: syz.4.1784 Not tainted syzkaller #0 PREEMPT(full) [ 175.886116][T10224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 175.886126][T10224] Call Trace: [ 175.886133][T10224] [ 175.886141][T10224] dump_stack_lvl+0x189/0x250 [ 175.886167][T10224] ? __pfx____ratelimit+0x10/0x10 [ 175.886186][T10224] ? __pfx_dump_stack_lvl+0x10/0x10 [ 175.886207][T10224] ? __pfx__printk+0x10/0x10 [ 175.886228][T10224] ? __pfx___might_resched+0x10/0x10 [ 175.886248][T10224] ? fs_reclaim_acquire+0x7d/0x100 [ 175.886275][T10224] should_fail_ex+0x414/0x560 [ 175.886304][T10224] should_failslab+0xa8/0x100 [ 175.886322][T10224] __kmalloc_noprof+0xcb/0x7f0 [ 175.886344][T10224] ? bpf_test_init+0x9f/0x150 [ 175.886371][T10224] bpf_test_init+0x9f/0x150 [ 175.886396][T10224] bpf_prog_test_run_xdp+0x503/0x10e0 [ 175.886433][T10224] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 175.886461][T10224] ? __fget_files+0x2a/0x420 [ 175.886483][T10224] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 175.886508][T10224] bpf_prog_test_run+0x2c7/0x340 [ 175.886531][T10224] __sys_bpf+0x562/0x860 [ 175.886549][T10224] ? __pfx___sys_bpf+0x10/0x10 [ 175.886578][T10224] ? ksys_write+0x22a/0x250 [ 175.886602][T10224] ? __pfx_ksys_write+0x10/0x10 [ 175.886629][T10224] __x64_sys_bpf+0x7c/0x90 [ 175.886654][T10224] do_syscall_64+0xfa/0xfa0 [ 175.886671][T10224] ? lockdep_hardirqs_on+0x9c/0x150 [ 175.886690][T10224] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.886707][T10224] ? clear_bhb_loop+0x60/0xb0 [ 175.886728][T10224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.886745][T10224] RIP: 0033:0x7f67e538efc9 [ 175.886761][T10224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.886775][T10224] RSP: 002b:00007f67e6282038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 175.886794][T10224] RAX: ffffffffffffffda RBX: 00007f67e55e5fa0 RCX: 00007f67e538efc9 [ 175.886807][T10224] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a [ 175.886818][T10224] RBP: 00007f67e6282090 R08: 0000000000000000 R09: 0000000000000000 [ 175.886829][T10224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 175.886839][T10224] R13: 00007f67e55e6038 R14: 00007f67e55e5fa0 R15: 00007ffe8db624b8 [ 175.886870][T10224] [ 175.895702][T10225] veth2: entered allmulticast mode [ 175.911182][T10221] CPU: 1 UID: 0 PID: 10221 Comm: syz.0.1786 Not tainted syzkaller #0 PREEMPT(full) [ 175.911205][T10221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 175.911215][T10221] Call Trace: [ 175.911222][T10221] [ 175.911230][T10221] dump_stack_lvl+0x189/0x250 [ 175.911257][T10221] ? __pfx____ratelimit+0x10/0x10 [ 175.911276][T10221] ? __pfx_dump_stack_lvl+0x10/0x10 [ 175.911298][T10221] ? __pfx__printk+0x10/0x10 [ 175.911326][T10221] should_fail_ex+0x414/0x560 [ 175.911355][T10221] _copy_to_user+0x31/0xb0 [ 175.911377][T10221] copy_to_sockptr+0x5e/0xa0 [ 175.911403][T10221] do_ip_getsockopt+0x1044/0x1b60 [ 175.911436][T10221] ? __pfx_do_ip_getsockopt+0x10/0x10 [ 175.911458][T10221] ? aa_label_sk_perm+0x4cd/0x630 [ 175.911489][T10221] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 175.911537][T10221] ? __lock_acquire+0xab9/0xd20 [ 175.911566][T10221] ip_getsockopt+0xbb/0x220 [ 175.911597][T10221] ? __pfx_ip_getsockopt+0x10/0x10 [ 175.911625][T10221] ? sock_common_getsockopt+0x2d/0xb0 [ 175.911644][T10221] ? raw_getsockopt+0xce/0x200 [ 175.911664][T10221] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 175.911687][T10221] do_sock_getsockopt+0x372/0x450 [ 175.911707][T10221] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 175.911723][T10221] ? do_syscall_64+0xa0/0xfa0 [ 175.911742][T10221] ? __fget_files+0x2a/0x420 [ 175.911758][T10221] ? __fget_files+0x3a0/0x420 [ 175.911773][T10221] ? __fget_files+0x2a/0x420 [ 175.911795][T10221] __x64_sys_getsockopt+0x1a5/0x250 [ 175.911811][T10221] ? do_syscall_64+0xa0/0xfa0 [ 175.911832][T10221] ? do_syscall_64+0xa0/0xfa0 [ 175.911855][T10221] do_syscall_64+0xfa/0xfa0 [ 175.911873][T10221] ? lockdep_hardirqs_on+0x9c/0x150 [ 175.911892][T10221] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.911909][T10221] ? clear_bhb_loop+0x60/0xb0 [ 175.911930][T10221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.911947][T10221] RIP: 0033:0x7f5d5998efc9 [ 175.911962][T10221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.911976][T10221] RSP: 002b:00007f5d5a8d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 175.911995][T10221] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998efc9 [ 175.912007][T10221] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000003 [ 175.912017][T10221] RBP: 00007f5d5a8d5090 R08: 00002000000012c0 R09: 0000000000000000 [ 175.912029][T10221] R10: 0000200000001280 R11: 0000000000000246 R12: 0000000000000001 [ 175.912040][T10221] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 175.912076][T10221] [ 176.176817][T10242] FAULT_INJECTION: forcing a failure. [ 176.176817][T10242] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 176.410125][T10242] CPU: 1 UID: 0 PID: 10242 Comm: syz.4.1789 Not tainted syzkaller #0 PREEMPT(full) [ 176.410150][T10242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 176.410160][T10242] Call Trace: [ 176.410167][T10242] [ 176.410175][T10242] dump_stack_lvl+0x189/0x250 [ 176.410202][T10242] ? __pfx____ratelimit+0x10/0x10 [ 176.410222][T10242] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.410244][T10242] ? __pfx__printk+0x10/0x10 [ 176.410262][T10242] ? __might_fault+0xb0/0x130 [ 176.410298][T10242] should_fail_ex+0x414/0x560 [ 176.410329][T10242] _copy_from_user+0x2d/0xb0 [ 176.410351][T10242] kstrtouint_from_user+0xc4/0x170 [ 176.410372][T10242] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 176.410406][T10242] proc_fail_nth_write+0x88/0x200 [ 176.410427][T10242] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 176.410451][T10242] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 176.410473][T10242] vfs_write+0x27e/0xb30 [ 176.410501][T10242] ? __pfx_vfs_write+0x10/0x10 [ 176.410522][T10242] ? __fget_files+0x2a/0x420 [ 176.410541][T10242] ? __fget_files+0x3a0/0x420 [ 176.410554][T10242] ? __fget_files+0x2a/0x420 [ 176.410577][T10242] ksys_write+0x145/0x250 [ 176.410600][T10242] ? __pfx_ksys_write+0x10/0x10 [ 176.410624][T10242] ? do_syscall_64+0xbe/0xfa0 [ 176.410646][T10242] do_syscall_64+0xfa/0xfa0 [ 176.410662][T10242] ? lockdep_hardirqs_on+0x9c/0x150 [ 176.410680][T10242] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.410695][T10242] ? clear_bhb_loop+0x60/0xb0 [ 176.410717][T10242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.410733][T10242] RIP: 0033:0x7f67e538da7f [ 176.410749][T10242] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 176.410764][T10242] RSP: 002b:00007f67e6240030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 176.410783][T10242] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f67e538da7f [ 176.410795][T10242] RDX: 0000000000000001 RSI: 00007f67e62400a0 RDI: 0000000000000004 [ 176.410806][T10242] RBP: 00007f67e6240090 R08: 0000000000000000 R09: 0000000000000000 [ 176.410816][T10242] R10: 000000000000003e R11: 0000000000000293 R12: 0000000000000001 [ 176.410827][T10242] R13: 00007f67e55e6218 R14: 00007f67e55e6180 R15: 00007ffe8db624b8 [ 176.410858][T10242] [ 178.231882][T10355] vlan2: entered allmulticast mode [ 178.256813][T10360] FAULT_INJECTION: forcing a failure. [ 178.256813][T10360] name failslab, interval 1, probability 0, space 0, times 0 [ 178.271133][T10360] CPU: 0 UID: 0 PID: 10360 Comm: syz.3.1840 Not tainted syzkaller #0 PREEMPT(full) [ 178.271156][T10360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 178.271166][T10360] Call Trace: [ 178.271173][T10360] [ 178.271180][T10360] dump_stack_lvl+0x189/0x250 [ 178.271208][T10360] ? __pfx____ratelimit+0x10/0x10 [ 178.271228][T10360] ? __pfx_dump_stack_lvl+0x10/0x10 [ 178.271249][T10360] ? __pfx__printk+0x10/0x10 [ 178.271273][T10360] ? __lock_acquire+0xab9/0xd20 [ 178.271302][T10360] should_fail_ex+0x414/0x560 [ 178.271332][T10360] should_failslab+0xa8/0x100 [ 178.271352][T10360] kmem_cache_alloc_noprof+0x74/0x6e0 [ 178.271376][T10360] ? skb_clone+0x212/0x3a0 [ 178.271401][T10360] skb_clone+0x212/0x3a0 [ 178.271423][T10360] __netlink_deliver_tap+0x404/0x850 [ 178.271461][T10360] ? netlink_deliver_tap+0x2e/0x1b0 [ 178.271487][T10360] netlink_deliver_tap+0x19c/0x1b0 [ 178.271513][T10360] netlink_unicast+0x7fa/0x9e0 [ 178.271546][T10360] ? __pfx_netlink_unicast+0x10/0x10 [ 178.271571][T10360] ? netlink_sendmsg+0x642/0xb30 [ 178.271586][T10360] ? skb_put+0x11b/0x210 [ 178.271606][T10360] netlink_sendmsg+0x805/0xb30 [ 178.271633][T10360] ? __pfx_netlink_sendmsg+0x10/0x10 [ 178.271654][T10360] ? aa_sock_msg_perm+0xf1/0x1d0 [ 178.271681][T10360] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 178.271698][T10360] ? __pfx_netlink_sendmsg+0x10/0x10 [ 178.271717][T10360] __sock_sendmsg+0x21c/0x270 [ 178.271742][T10360] ____sys_sendmsg+0x505/0x830 [ 178.271765][T10360] ? __pfx_____sys_sendmsg+0x10/0x10 [ 178.271793][T10360] ? import_iovec+0x74/0xa0 [ 178.271819][T10360] ___sys_sendmsg+0x21f/0x2a0 [ 178.271840][T10360] ? __pfx____sys_sendmsg+0x10/0x10 [ 178.271897][T10360] ? __fget_files+0x2a/0x420 [ 178.271913][T10360] ? __fget_files+0x3a0/0x420 [ 178.271941][T10360] __x64_sys_sendmsg+0x19b/0x260 [ 178.271963][T10360] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 178.271992][T10360] ? __pfx_ksys_write+0x10/0x10 [ 178.272026][T10360] ? do_syscall_64+0xbe/0xfa0 [ 178.272051][T10360] do_syscall_64+0xfa/0xfa0 [ 178.272070][T10360] ? lockdep_hardirqs_on+0x9c/0x150 [ 178.272091][T10360] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.272109][T10360] ? clear_bhb_loop+0x60/0xb0 [ 178.272130][T10360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.272148][T10360] RIP: 0033:0x7f8c0b58efc9 [ 178.272164][T10360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.272180][T10360] RSP: 002b:00007f8c0c497038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 178.272200][T10360] RAX: ffffffffffffffda RBX: 00007f8c0b7e5fa0 RCX: 00007f8c0b58efc9 [ 178.272214][T10360] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 178.272226][T10360] RBP: 00007f8c0c497090 R08: 0000000000000000 R09: 0000000000000000 [ 178.272237][T10360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 178.272247][T10360] R13: 00007f8c0b7e6038 R14: 00007f8c0b7e5fa0 R15: 00007ffe93a31798 [ 178.272280][T10360] [ 178.737355][T10371] syzkaller0: entered promiscuous mode [ 178.750602][T10371] syzkaller0: entered allmulticast mode [ 178.772705][T10378] netlink: 'syz.3.1847': attribute type 18 has an invalid length. [ 178.781746][T10378] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1847'. [ 178.813006][T10378] netlink: 'syz.3.1847': attribute type 18 has an invalid length. [ 178.813015][ T2986] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 178.813055][ T2986] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 178.821711][T10378] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1847'. [ 178.845289][ T2986] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 178.857222][ T2986] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 178.985204][T10391] FAULT_INJECTION: forcing a failure. [ 178.985204][T10391] name failslab, interval 1, probability 0, space 0, times 0 [ 178.999239][T10391] CPU: 1 UID: 0 PID: 10391 Comm: syz.0.1853 Not tainted syzkaller #0 PREEMPT(full) [ 178.999262][T10391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 178.999272][T10391] Call Trace: [ 178.999279][T10391] [ 178.999287][T10391] dump_stack_lvl+0x189/0x250 [ 178.999316][T10391] ? __pfx____ratelimit+0x10/0x10 [ 178.999336][T10391] ? __pfx_dump_stack_lvl+0x10/0x10 [ 178.999358][T10391] ? __pfx__printk+0x10/0x10 [ 178.999382][T10391] ? __pfx___might_resched+0x10/0x10 [ 178.999400][T10391] ? fs_reclaim_acquire+0x7d/0x100 [ 178.999428][T10391] should_fail_ex+0x414/0x560 [ 178.999457][T10391] should_failslab+0xa8/0x100 [ 178.999477][T10391] kmem_cache_alloc_noprof+0x74/0x6e0 [ 178.999500][T10391] ? alloc_empty_file+0x55/0x1d0 [ 178.999524][T10391] alloc_empty_file+0x55/0x1d0 [ 178.999544][T10391] alloc_file_pseudo+0x13d/0x210 [ 178.999566][T10391] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 178.999584][T10391] ? __local_bh_enable_ip+0x12d/0x1c0 [ 178.999615][T10391] anon_inode_getfile+0xc5/0x1a0 [ 178.999639][T10391] bpf_link_prime+0xfc/0x220 [ 178.999666][T10391] bpf_raw_tp_link_attach+0x49a/0x6c0 [ 178.999693][T10391] ? __pfx_bpf_raw_tp_link_attach+0x10/0x10 [ 178.999725][T10391] ? __fget_files+0x2a/0x420 [ 178.999749][T10391] bpf_raw_tracepoint_open+0x1b2/0x220 [ 178.999771][T10391] __sys_bpf+0x73e/0x860 [ 178.999789][T10391] ? __pfx___sys_bpf+0x10/0x10 [ 178.999802][T10391] ? bpf_trace_run2+0x322/0x4b0 [ 178.999852][T10391] __x64_sys_bpf+0x7c/0x90 [ 178.999874][T10391] do_syscall_64+0xfa/0xfa0 [ 178.999894][T10391] ? lockdep_hardirqs_on+0x9c/0x150 [ 178.999914][T10391] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.999932][T10391] ? clear_bhb_loop+0x60/0xb0 [ 178.999951][T10391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.999968][T10391] RIP: 0033:0x7f5d5998efc9 [ 178.999994][T10391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.000010][T10391] RSP: 002b:00007f5d5a8d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 179.000028][T10391] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998efc9 [ 179.000041][T10391] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 0000000000000011 [ 179.000052][T10391] RBP: 00007f5d5a8d5090 R08: 0000000000000000 R09: 0000000000000000 [ 179.000064][T10391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 179.000074][T10391] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 179.000105][T10391] [ 179.790502][T10429] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1870'. [ 179.918522][T10441] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 179.935126][T10443] FAULT_INJECTION: forcing a failure. [ 179.935126][T10443] name failslab, interval 1, probability 0, space 0, times 0 [ 179.948195][T10443] CPU: 0 UID: 0 PID: 10443 Comm: syz.2.1874 Not tainted syzkaller #0 PREEMPT(full) [ 179.948217][T10443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 179.948226][T10443] Call Trace: [ 179.948234][T10443] [ 179.948241][T10443] dump_stack_lvl+0x189/0x250 [ 179.948267][T10443] ? __pfx____ratelimit+0x10/0x10 [ 179.948287][T10443] ? __pfx_dump_stack_lvl+0x10/0x10 [ 179.948310][T10443] ? __pfx__printk+0x10/0x10 [ 179.948332][T10443] ? __lock_acquire+0xab9/0xd20 [ 179.948357][T10443] should_fail_ex+0x414/0x560 [ 179.948385][T10443] should_failslab+0xa8/0x100 [ 179.948403][T10443] kmem_cache_alloc_noprof+0x74/0x6e0 [ 179.948423][T10443] ? skb_clone+0x212/0x3a0 [ 179.948442][T10443] skb_clone+0x212/0x3a0 [ 179.948458][T10443] __netlink_deliver_tap+0x404/0x850 [ 179.948488][T10443] ? netlink_deliver_tap+0x2e/0x1b0 [ 179.948509][T10443] netlink_deliver_tap+0x19c/0x1b0 [ 179.948530][T10443] netlink_unicast+0x7fa/0x9e0 [ 179.948554][T10443] ? __pfx_netlink_unicast+0x10/0x10 [ 179.948574][T10443] ? netlink_sendmsg+0x642/0xb30 [ 179.948585][T10443] ? skb_put+0x11b/0x210 [ 179.948600][T10443] netlink_sendmsg+0x805/0xb30 [ 179.948629][T10443] ? __pfx_netlink_sendmsg+0x10/0x10 [ 179.948644][T10443] ? aa_sock_msg_perm+0xf1/0x1d0 [ 179.948665][T10443] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 179.948679][T10443] ? __pfx_netlink_sendmsg+0x10/0x10 [ 179.948696][T10443] __sock_sendmsg+0x21c/0x270 [ 179.948718][T10443] ____sys_sendmsg+0x505/0x830 [ 179.948737][T10443] ? __pfx_____sys_sendmsg+0x10/0x10 [ 179.948758][T10443] ? import_iovec+0x74/0xa0 [ 179.948778][T10443] ___sys_sendmsg+0x21f/0x2a0 [ 179.948794][T10443] ? __pfx____sys_sendmsg+0x10/0x10 [ 179.948835][T10443] ? __fget_files+0x2a/0x420 [ 179.948848][T10443] ? __fget_files+0x3a0/0x420 [ 179.948868][T10443] __x64_sys_sendmsg+0x19b/0x260 [ 179.948886][T10443] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 179.948907][T10443] ? __pfx_ksys_write+0x10/0x10 [ 179.948928][T10443] ? do_syscall_64+0xbe/0xfa0 [ 179.948947][T10443] do_syscall_64+0xfa/0xfa0 [ 179.948962][T10443] ? lockdep_hardirqs_on+0x9c/0x150 [ 179.948978][T10443] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.948991][T10443] ? clear_bhb_loop+0x60/0xb0 [ 179.949007][T10443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.949020][T10443] RIP: 0033:0x7f9654f8efc9 [ 179.949033][T10443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.949046][T10443] RSP: 002b:00007f9655e95038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 179.949061][T10443] RAX: ffffffffffffffda RBX: 00007f96551e5fa0 RCX: 00007f9654f8efc9 [ 179.949071][T10443] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000006 [ 179.949080][T10443] RBP: 00007f9655e95090 R08: 0000000000000000 R09: 0000000000000000 [ 179.949088][T10443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 179.949096][T10443] R13: 00007f96551e6038 R14: 00007f96551e5fa0 R15: 00007ffc7ed0bd78 [ 179.949120][T10443] [ 180.008274][T10446] syzkaller0: entered promiscuous mode [ 180.212145][T10453] netlink: 'syz.3.1875': attribute type 2 has an invalid length. [ 180.225352][T10446] syzkaller0: entered allmulticast mode [ 180.299528][T10453] !: entered promiscuous mode [ 180.388554][T10457] FAULT_INJECTION: forcing a failure. [ 180.388554][T10457] name failslab, interval 1, probability 0, space 0, times 0 [ 180.401547][T10457] CPU: 1 UID: 0 PID: 10457 Comm: syz.2.1878 Not tainted syzkaller #0 PREEMPT(full) [ 180.401572][T10457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 180.401586][T10457] Call Trace: [ 180.401594][T10457] [ 180.401602][T10457] dump_stack_lvl+0x189/0x250 [ 180.401639][T10457] ? __pfx____ratelimit+0x10/0x10 [ 180.401659][T10457] ? __pfx_dump_stack_lvl+0x10/0x10 [ 180.401682][T10457] ? __pfx__printk+0x10/0x10 [ 180.401705][T10457] ? __pfx___might_resched+0x10/0x10 [ 180.401730][T10457] should_fail_ex+0x414/0x560 [ 180.401760][T10457] should_failslab+0xa8/0x100 [ 180.401779][T10457] kmem_cache_alloc_noprof+0x74/0x6e0 [ 180.401811][T10457] ? security_file_alloc+0x34/0x330 [ 180.401837][T10457] security_file_alloc+0x34/0x330 [ 180.401860][T10457] init_file+0x93/0x2f0 [ 180.401882][T10457] alloc_empty_file+0x6e/0x1d0 [ 180.401903][T10457] alloc_file_pseudo+0x13d/0x210 [ 180.401921][T10457] ? security_inode_alloc+0x39/0x330 [ 180.401947][T10457] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 180.401965][T10457] ? evm_inode_alloc_security+0x40/0xb0 [ 180.401985][T10457] ? security_inode_alloc+0xd5/0x330 [ 180.402020][T10457] sock_alloc_file+0xb8/0x2e0 [ 180.402044][T10457] do_accept+0x34b/0x680 [ 180.402075][T10457] ? __pfx_do_accept+0x10/0x10 [ 180.402120][T10457] __sys_accept4+0x11c/0x1c0 [ 180.402147][T10457] ? __pfx___sys_accept4+0x10/0x10 [ 180.402169][T10457] ? ksys_write+0x22a/0x250 [ 180.402194][T10457] ? __pfx_ksys_write+0x10/0x10 [ 180.402222][T10457] __x64_sys_accept4+0x9a/0xb0 [ 180.402248][T10457] do_syscall_64+0xfa/0xfa0 [ 180.402267][T10457] ? lockdep_hardirqs_on+0x9c/0x150 [ 180.402288][T10457] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.402305][T10457] ? clear_bhb_loop+0x60/0xb0 [ 180.402324][T10457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.402341][T10457] RIP: 0033:0x7f9654f8efc9 [ 180.402361][T10457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.402376][T10457] RSP: 002b:00007f9655e74038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 180.402401][T10457] RAX: ffffffffffffffda RBX: 00007f96551e6090 RCX: 00007f9654f8efc9 [ 180.402414][T10457] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 180.402424][T10457] RBP: 00007f9655e74090 R08: 0000000000000000 R09: 0000000000000000 [ 180.402435][T10457] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001 [ 180.402446][T10457] R13: 00007f96551e6128 R14: 00007f96551e6090 R15: 00007ffc7ed0bd78 [ 180.402478][T10457] [ 180.796078][T10467] FAULT_INJECTION: forcing a failure. [ 180.796078][T10467] name failslab, interval 1, probability 0, space 0, times 0 [ 180.812144][T10467] CPU: 0 UID: 0 PID: 10467 Comm: syz.4.1883 Not tainted syzkaller #0 PREEMPT(full) [ 180.812168][T10467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 180.812179][T10467] Call Trace: [ 180.812187][T10467] [ 180.812194][T10467] dump_stack_lvl+0x189/0x250 [ 180.812223][T10467] ? __pfx____ratelimit+0x10/0x10 [ 180.812243][T10467] ? __pfx_dump_stack_lvl+0x10/0x10 [ 180.812266][T10467] ? __pfx__printk+0x10/0x10 [ 180.812291][T10467] ? __pfx___might_resched+0x10/0x10 [ 180.812315][T10467] should_fail_ex+0x414/0x560 [ 180.812345][T10467] should_failslab+0xa8/0x100 [ 180.812365][T10467] kmem_cache_alloc_node_noprof+0x77/0x710 [ 180.812389][T10467] ? __alloc_skb+0x112/0x2d0 [ 180.812419][T10467] __alloc_skb+0x112/0x2d0 [ 180.812447][T10467] netlink_ack+0x146/0xa50 [ 180.812470][T10467] ? __pfx_genl_rcv_msg+0x10/0x10 [ 180.812489][T10467] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 180.812506][T10467] ? __pfx_nl80211_post_doit+0x10/0x10 [ 180.812538][T10467] netlink_rcv_skb+0x28c/0x470 [ 180.812565][T10467] ? __lock_acquire+0xab9/0xd20 [ 180.812583][T10467] ? __pfx_genl_rcv_msg+0x10/0x10 [ 180.812605][T10467] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 180.812649][T10467] ? down_read+0x1ad/0x2e0 [ 180.812674][T10467] genl_rcv+0x28/0x40 [ 180.812692][T10467] netlink_unicast+0x82f/0x9e0 [ 180.812731][T10467] ? __pfx_netlink_unicast+0x10/0x10 [ 180.812756][T10467] ? netlink_sendmsg+0x642/0xb30 [ 180.812771][T10467] ? skb_put+0x11b/0x210 [ 180.812791][T10467] netlink_sendmsg+0x805/0xb30 [ 180.812816][T10467] ? __pfx_netlink_sendmsg+0x10/0x10 [ 180.812837][T10467] ? aa_sock_msg_perm+0xf1/0x1d0 [ 180.812863][T10467] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 180.812881][T10467] ? __pfx_netlink_sendmsg+0x10/0x10 [ 180.812899][T10467] __sock_sendmsg+0x21c/0x270 [ 180.812924][T10467] ____sys_sendmsg+0x505/0x830 [ 180.812952][T10467] ? __pfx_____sys_sendmsg+0x10/0x10 [ 180.812980][T10467] ? import_iovec+0x74/0xa0 [ 180.813006][T10467] ___sys_sendmsg+0x21f/0x2a0 [ 180.813027][T10467] ? __pfx____sys_sendmsg+0x10/0x10 [ 180.813087][T10467] ? __fget_files+0x2a/0x420 [ 180.813104][T10467] ? __fget_files+0x3a0/0x420 [ 180.813132][T10467] __x64_sys_sendmsg+0x19b/0x260 [ 180.813153][T10467] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 180.813182][T10467] ? __pfx_ksys_write+0x10/0x10 [ 180.813210][T10467] ? do_syscall_64+0xbe/0xfa0 [ 180.813235][T10467] do_syscall_64+0xfa/0xfa0 [ 180.813253][T10467] ? lockdep_hardirqs_on+0x9c/0x150 [ 180.813273][T10467] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.813291][T10467] ? clear_bhb_loop+0x60/0xb0 [ 180.813313][T10467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.813330][T10467] RIP: 0033:0x7f67e538efc9 [ 180.813347][T10467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.813363][T10467] RSP: 002b:00007f67e6282038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 180.813383][T10467] RAX: ffffffffffffffda RBX: 00007f67e55e5fa0 RCX: 00007f67e538efc9 [ 180.813396][T10467] RDX: 0000000000040040 RSI: 0000200000000100 RDI: 0000000000000003 [ 180.813408][T10467] RBP: 00007f67e6282090 R08: 0000000000000000 R09: 0000000000000000 [ 180.813420][T10467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 180.813430][T10467] R13: 00007f67e55e6038 R14: 00007f67e55e5fa0 R15: 00007ffe8db624b8 [ 180.813462][T10467] [ 181.235742][T10473] FAULT_INJECTION: forcing a failure. [ 181.235742][T10473] name failslab, interval 1, probability 0, space 0, times 0 [ 181.252123][T10473] CPU: 0 UID: 0 PID: 10473 Comm: syz.4.1885 Not tainted syzkaller #0 PREEMPT(full) [ 181.252148][T10473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 181.252160][T10473] Call Trace: [ 181.252166][T10473] [ 181.252174][T10473] dump_stack_lvl+0x189/0x250 [ 181.252202][T10473] ? __pfx____ratelimit+0x10/0x10 [ 181.252223][T10473] ? __pfx_dump_stack_lvl+0x10/0x10 [ 181.252245][T10473] ? __pfx__printk+0x10/0x10 [ 181.252270][T10473] ? __pfx___might_resched+0x10/0x10 [ 181.252288][T10473] ? fs_reclaim_acquire+0x7d/0x100 [ 181.252318][T10473] should_fail_ex+0x414/0x560 [ 181.252348][T10473] should_failslab+0xa8/0x100 [ 181.252368][T10473] __kmalloc_noprof+0xcb/0x7f0 [ 181.252390][T10473] ? security_sk_alloc+0x52/0x390 [ 181.252415][T10473] security_sk_alloc+0x52/0x390 [ 181.252436][T10473] sk_prot_alloc+0x101/0x220 [ 181.252453][T10473] ? sk_alloc+0x26/0x410 [ 181.252471][T10473] sk_alloc+0x39/0x410 [ 181.252486][T10473] ? bpf_ctx_init+0x167/0x1d0 [ 181.252514][T10473] bpf_prog_test_run_skb+0x313/0x1550 [ 181.252547][T10473] ? __fget_files+0x2a/0x420 [ 181.252570][T10473] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 181.252595][T10473] bpf_prog_test_run+0x2c7/0x340 [ 181.252618][T10473] __sys_bpf+0x562/0x860 [ 181.252637][T10473] ? __pfx___sys_bpf+0x10/0x10 [ 181.252677][T10473] ? ksys_write+0x22a/0x250 [ 181.252703][T10473] ? __pfx_ksys_write+0x10/0x10 [ 181.252730][T10473] __x64_sys_bpf+0x7c/0x90 [ 181.252756][T10473] do_syscall_64+0xfa/0xfa0 [ 181.252775][T10473] ? lockdep_hardirqs_on+0x9c/0x150 [ 181.252795][T10473] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.252812][T10473] ? clear_bhb_loop+0x60/0xb0 [ 181.252833][T10473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.252850][T10473] RIP: 0033:0x7f67e538efc9 [ 181.252864][T10473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.252879][T10473] RSP: 002b:00007f67e6282038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 181.252897][T10473] RAX: ffffffffffffffda RBX: 00007f67e55e5fa0 RCX: 00007f67e538efc9 [ 181.252909][T10473] RDX: 000000000000004c RSI: 0000200000000240 RDI: 000000000000000a [ 181.252920][T10473] RBP: 00007f67e6282090 R08: 0000000000000000 R09: 0000000000000000 [ 181.252931][T10473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 181.252941][T10473] R13: 00007f67e55e6038 R14: 00007f67e55e5fa0 R15: 00007ffe8db624b8 [ 181.252972][T10473] [ 181.757824][ T5826] Bluetooth: hci4: command 0x0405 tx timeout [ 181.794185][T10497] syzkaller0: entered promiscuous mode [ 181.799936][T10497] syzkaller0: entered allmulticast mode [ 182.464731][T10522] netlink: 172 bytes leftover after parsing attributes in process `syz.2.1906'. [ 182.474333][T10522] netlink: 172 bytes leftover after parsing attributes in process `syz.2.1906'. [ 182.489432][T10521] netlink: 172 bytes leftover after parsing attributes in process `syz.2.1906'. [ 182.503257][T10521] netlink: 172 bytes leftover after parsing attributes in process `syz.2.1906'. [ 182.519683][T10522] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1906'. [ 182.586513][T10522] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1906'. [ 182.607823][T10522] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1906'. [ 182.616715][T10522] netlink: 'syz.2.1906': attribute type 11 has an invalid length. [ 182.638072][T10521] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 182.720800][T10532] bond1: Unable to set peer notification delay as MII monitoring is disabled [ 182.738336][T10532] bond1 (unregistering): Released all slaves [ 182.775875][T10535] syzkaller0: entered promiscuous mode [ 182.781804][T10535] syzkaller0: entered allmulticast mode [ 182.983769][T10542] @ÿ: renamed from veth0_vlan (while UP) [ 183.957171][T10542] team0: No ports can be present during mode change [ 183.964905][T10552] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 184.142327][T10568] netlink: 'syz.4.1919': attribute type 13 has an invalid length. [ 184.167941][T10568] netlink: 'syz.4.1919': attribute type 17 has an invalid length. [ 184.361254][T10568] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.403105][T10568] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.420813][T10568] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 184.458216][T10588] FAULT_INJECTION: forcing a failure. [ 184.458216][T10588] name failslab, interval 1, probability 0, space 0, times 0 [ 184.482855][T10588] CPU: 0 UID: 0 PID: 10588 Comm: syz.2.1930 Not tainted syzkaller #0 PREEMPT(full) [ 184.482880][T10588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 184.482890][T10588] Call Trace: [ 184.482896][T10588] [ 184.482902][T10588] dump_stack_lvl+0x189/0x250 [ 184.482928][T10588] ? __pfx____ratelimit+0x10/0x10 [ 184.482949][T10588] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.482969][T10588] ? __pfx__printk+0x10/0x10 [ 184.482989][T10588] ? __pfx___might_resched+0x10/0x10 [ 184.483019][T10588] ? fs_reclaim_acquire+0x7d/0x100 [ 184.483048][T10588] should_fail_ex+0x414/0x560 [ 184.483078][T10588] should_failslab+0xa8/0x100 [ 184.483097][T10588] __kmalloc_cache_noprof+0x6f/0x6f0 [ 184.483121][T10588] ? kasan_save_track+0x4f/0x80 [ 184.483142][T10588] ? rtnl_newlink+0xfb/0x1c80 [ 184.483164][T10588] ? __kasan_save_free_info+0x46/0x50 [ 184.483182][T10588] ? __kasan_slab_free+0x5c/0x80 [ 184.483204][T10588] ? kmem_cache_free+0x19b/0x690 [ 184.483230][T10588] rtnl_newlink+0xfb/0x1c80 [ 184.483252][T10588] ? ____sys_sendmsg+0x505/0x830 [ 184.483267][T10588] ? ___sys_sendmsg+0x21f/0x2a0 [ 184.483282][T10588] ? __x64_sys_sendmsg+0x19b/0x260 [ 184.483297][T10588] ? do_syscall_64+0xfa/0xfa0 [ 184.483315][T10588] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.483342][T10588] ? __pfx_rtnl_newlink+0x10/0x10 [ 184.483395][T10588] ? kasan_quarantine_put+0xdd/0x220 [ 184.483418][T10588] ? lockdep_hardirqs_on+0x9c/0x150 [ 184.483443][T10588] ? nlmon_xmit+0xb0/0x100 [ 184.483461][T10588] ? kmem_cache_free+0x19b/0x690 [ 184.483493][T10588] ? __local_bh_enable_ip+0x12d/0x1c0 [ 184.483512][T10588] ? lockdep_hardirqs_on+0x9c/0x150 [ 184.483534][T10588] ? __local_bh_enable_ip+0x12d/0x1c0 [ 184.483551][T10588] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 184.483573][T10588] ? __dev_queue_xmit+0x284/0x3740 [ 184.483595][T10588] ? __dev_queue_xmit+0x284/0x3740 [ 184.483614][T10588] ? __dev_queue_xmit+0x1bfb/0x3740 [ 184.483641][T10588] ? __lock_acquire+0xab9/0xd20 [ 184.483683][T10588] ? __pfx_rtnl_newlink+0x10/0x10 [ 184.483706][T10588] rtnetlink_rcv_msg+0x7cf/0xb70 [ 184.483733][T10588] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 184.483756][T10588] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 184.483778][T10588] ? ref_tracker_free+0x63a/0x7d0 [ 184.483795][T10588] ? __asan_memcpy+0x40/0x70 [ 184.483816][T10588] ? __pfx_ref_tracker_free+0x10/0x10 [ 184.483843][T10588] netlink_rcv_skb+0x208/0x470 [ 184.483869][T10588] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 184.483894][T10588] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 184.483930][T10588] ? netlink_deliver_tap+0x2e/0x1b0 [ 184.483962][T10588] netlink_unicast+0x82f/0x9e0 [ 184.484002][T10588] ? __pfx_netlink_unicast+0x10/0x10 [ 184.484027][T10588] ? netlink_sendmsg+0x642/0xb30 [ 184.484041][T10588] ? skb_put+0x11b/0x210 [ 184.484066][T10588] netlink_sendmsg+0x805/0xb30 [ 184.484090][T10588] ? __pfx_netlink_sendmsg+0x10/0x10 [ 184.484110][T10588] ? aa_sock_msg_perm+0xf1/0x1d0 [ 184.484141][T10588] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 184.484158][T10588] ? __pfx_netlink_sendmsg+0x10/0x10 [ 184.484175][T10588] __sock_sendmsg+0x21c/0x270 [ 184.484200][T10588] ____sys_sendmsg+0x505/0x830 [ 184.484223][T10588] ? __pfx_____sys_sendmsg+0x10/0x10 [ 184.484250][T10588] ? import_iovec+0x74/0xa0 [ 184.484274][T10588] ___sys_sendmsg+0x21f/0x2a0 [ 184.484302][T10588] ? __pfx____sys_sendmsg+0x10/0x10 [ 184.484355][T10588] ? __fget_files+0x2a/0x420 [ 184.484371][T10588] ? __fget_files+0x3a0/0x420 [ 184.484398][T10588] __x64_sys_sendmsg+0x19b/0x260 [ 184.484419][T10588] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 184.484447][T10588] ? __pfx_ksys_write+0x10/0x10 [ 184.484474][T10588] ? do_syscall_64+0xbe/0xfa0 [ 184.484498][T10588] do_syscall_64+0xfa/0xfa0 [ 184.484517][T10588] ? lockdep_hardirqs_on+0x9c/0x150 [ 184.484537][T10588] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.484553][T10588] ? clear_bhb_loop+0x60/0xb0 [ 184.484574][T10588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.484592][T10588] RIP: 0033:0x7f9654f8efc9 [ 184.484613][T10588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.484629][T10588] RSP: 002b:00007f9655e95038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 184.484648][T10588] RAX: ffffffffffffffda RBX: 00007f96551e5fa0 RCX: 00007f9654f8efc9 [ 184.484662][T10588] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 184.484673][T10588] RBP: 00007f9655e95090 R08: 0000000000000000 R09: 0000000000000000 [ 184.484684][T10588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 184.484694][T10588] R13: 00007f96551e6038 R14: 00007f96551e5fa0 R15: 00007ffc7ed0bd78 [ 184.484725][T10588] [ 185.117722][T10585] wg1: entered promiscuous mode [ 185.131048][T10585] wg1: entered allmulticast mode [ 185.171528][T10571] vxcan1 speed is unknown, defaulting to 1000 [ 185.373476][T10584] vxcan1 speed is unknown, defaulting to 1000 [ 185.596287][T10613] netlink: 'syz.3.1940': attribute type 49 has an invalid length. [ 185.740906][T10619] FAULT_INJECTION: forcing a failure. [ 185.740906][T10619] name failslab, interval 1, probability 0, space 0, times 0 [ 185.764119][T10619] CPU: 0 UID: 0 PID: 10619 Comm: syz.2.1943 Not tainted syzkaller #0 PREEMPT(full) [ 185.764148][T10619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 185.764159][T10619] Call Trace: [ 185.764165][T10619] [ 185.764173][T10619] dump_stack_lvl+0x189/0x250 [ 185.764199][T10619] ? __pfx____ratelimit+0x10/0x10 [ 185.764220][T10619] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.764242][T10619] ? __pfx__printk+0x10/0x10 [ 185.764265][T10619] ? __pfx___might_resched+0x10/0x10 [ 185.764289][T10619] should_fail_ex+0x414/0x560 [ 185.764317][T10619] should_failslab+0xa8/0x100 [ 185.764338][T10619] kmem_cache_alloc_node_noprof+0x77/0x710 [ 185.764361][T10619] ? __alloc_skb+0x112/0x2d0 [ 185.764392][T10619] __alloc_skb+0x112/0x2d0 [ 185.764420][T10619] netlink_ack+0x146/0xa50 [ 185.764443][T10619] ? __pfx_genl_rcv_msg+0x10/0x10 [ 185.764463][T10619] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 185.764480][T10619] ? __pfx_nl80211_post_doit+0x10/0x10 [ 185.764499][T10619] ? __asan_memcpy+0x40/0x70 [ 185.764520][T10619] ? __pfx_ref_tracker_free+0x10/0x10 [ 185.764544][T10619] netlink_rcv_skb+0x28c/0x470 [ 185.764566][T10619] ? __lock_acquire+0xab9/0xd20 [ 185.764584][T10619] ? __pfx_genl_rcv_msg+0x10/0x10 [ 185.764606][T10619] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 185.764674][T10619] ? down_read+0x1ad/0x2e0 [ 185.764709][T10619] genl_rcv+0x28/0x40 [ 185.764727][T10619] netlink_unicast+0x82f/0x9e0 [ 185.764759][T10619] ? __pfx_netlink_unicast+0x10/0x10 [ 185.764785][T10619] ? netlink_sendmsg+0x642/0xb30 [ 185.764799][T10619] ? skb_put+0x11b/0x210 [ 185.764819][T10619] netlink_sendmsg+0x805/0xb30 [ 185.764847][T10619] ? __pfx_netlink_sendmsg+0x10/0x10 [ 185.764867][T10619] ? aa_sock_msg_perm+0xf1/0x1d0 [ 185.764891][T10619] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 185.764907][T10619] ? __pfx_netlink_sendmsg+0x10/0x10 [ 185.764923][T10619] __sock_sendmsg+0x21c/0x270 [ 185.764955][T10619] ____sys_sendmsg+0x505/0x830 [ 185.764979][T10619] ? __pfx_____sys_sendmsg+0x10/0x10 [ 185.765006][T10619] ? import_iovec+0x74/0xa0 [ 185.765032][T10619] ___sys_sendmsg+0x21f/0x2a0 [ 185.765053][T10619] ? __pfx____sys_sendmsg+0x10/0x10 [ 185.765110][T10619] ? __fget_files+0x2a/0x420 [ 185.765126][T10619] ? __fget_files+0x3a0/0x420 [ 185.765154][T10619] __x64_sys_sendmsg+0x19b/0x260 [ 185.765175][T10619] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 185.765203][T10619] ? __pfx_ksys_write+0x10/0x10 [ 185.765231][T10619] ? do_syscall_64+0xbe/0xfa0 [ 185.765255][T10619] do_syscall_64+0xfa/0xfa0 [ 185.765274][T10619] ? lockdep_hardirqs_on+0x9c/0x150 [ 185.765294][T10619] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.765311][T10619] ? clear_bhb_loop+0x60/0xb0 [ 185.765333][T10619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.765350][T10619] RIP: 0033:0x7f9654f8efc9 [ 185.765366][T10619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.765381][T10619] RSP: 002b:00007f9655e95038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 185.765401][T10619] RAX: ffffffffffffffda RBX: 00007f96551e5fa0 RCX: 00007f9654f8efc9 [ 185.765415][T10619] RDX: 0000000000040040 RSI: 0000200000000100 RDI: 0000000000000003 [ 185.765427][T10619] RBP: 00007f9655e95090 R08: 0000000000000000 R09: 0000000000000000 [ 185.765438][T10619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.765448][T10619] R13: 00007f96551e6038 R14: 00007f96551e5fa0 R15: 00007ffc7ed0bd78 [ 185.765481][T10619] [ 187.312453][T10649] vxcan1 speed is unknown, defaulting to 1000 [ 187.531937][T10657] netlink: 'syz.3.1956': attribute type 11 has an invalid length. [ 187.540025][T10657] __nla_validate_parse: 2 callbacks suppressed [ 187.540040][T10657] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1956'. [ 188.239012][T10690] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1967'. [ 188.252960][T10690] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1967'. [ 188.780935][T10714] FAULT_INJECTION: forcing a failure. [ 188.780935][T10714] name failslab, interval 1, probability 0, space 0, times 0 [ 188.783652][T10712] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1976'. [ 188.807798][T10714] CPU: 0 UID: 0 PID: 10714 Comm: syz.4.1979 Not tainted syzkaller #0 PREEMPT(full) [ 188.807824][T10714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 188.807835][T10714] Call Trace: [ 188.807846][T10714] [ 188.807854][T10714] dump_stack_lvl+0x189/0x250 [ 188.807881][T10714] ? __pfx____ratelimit+0x10/0x10 [ 188.807901][T10714] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.807924][T10714] ? __pfx__printk+0x10/0x10 [ 188.807948][T10714] ? __pfx___might_resched+0x10/0x10 [ 188.807973][T10714] should_fail_ex+0x414/0x560 [ 188.808004][T10714] should_failslab+0xa8/0x100 [ 188.808024][T10714] kmem_cache_alloc_node_noprof+0x77/0x710 [ 188.808047][T10714] ? __alloc_skb+0x112/0x2d0 [ 188.808078][T10714] __alloc_skb+0x112/0x2d0 [ 188.808106][T10714] netlink_ack+0x146/0xa50 [ 188.808128][T10714] ? __pfx_genl_rcv_msg+0x10/0x10 [ 188.808147][T10714] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 188.808165][T10714] ? __pfx_nl80211_post_doit+0x10/0x10 [ 188.808183][T10714] ? __asan_memcpy+0x40/0x70 [ 188.808205][T10714] ? __pfx_ref_tracker_free+0x10/0x10 [ 188.808230][T10714] netlink_rcv_skb+0x28c/0x470 [ 188.808252][T10714] ? __lock_acquire+0xab9/0xd20 [ 188.808271][T10714] ? __pfx_genl_rcv_msg+0x10/0x10 [ 188.808293][T10714] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 188.808338][T10714] ? down_read+0x1ad/0x2e0 [ 188.808364][T10714] genl_rcv+0x28/0x40 [ 188.808382][T10714] netlink_unicast+0x82f/0x9e0 [ 188.808415][T10714] ? __pfx_netlink_unicast+0x10/0x10 [ 188.808441][T10714] ? netlink_sendmsg+0x642/0xb30 [ 188.808455][T10714] ? skb_put+0x11b/0x210 [ 188.808476][T10714] netlink_sendmsg+0x805/0xb30 [ 188.808503][T10714] ? __pfx_netlink_sendmsg+0x10/0x10 [ 188.808524][T10714] ? aa_sock_msg_perm+0xf1/0x1d0 [ 188.808550][T10714] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 188.808567][T10714] ? __pfx_netlink_sendmsg+0x10/0x10 [ 188.808584][T10714] __sock_sendmsg+0x21c/0x270 [ 188.808609][T10714] ____sys_sendmsg+0x505/0x830 [ 188.808634][T10714] ? __pfx_____sys_sendmsg+0x10/0x10 [ 188.808662][T10714] ? import_iovec+0x74/0xa0 [ 188.808688][T10714] ___sys_sendmsg+0x21f/0x2a0 [ 188.808709][T10714] ? __pfx____sys_sendmsg+0x10/0x10 [ 188.808765][T10714] ? __fget_files+0x2a/0x420 [ 188.808786][T10714] ? __fget_files+0x3a0/0x420 [ 188.808814][T10714] __x64_sys_sendmsg+0x19b/0x260 [ 188.808836][T10714] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 188.808865][T10714] ? __pfx_ksys_write+0x10/0x10 [ 188.808892][T10714] ? do_syscall_64+0xbe/0xfa0 [ 188.808917][T10714] do_syscall_64+0xfa/0xfa0 [ 188.808936][T10714] ? lockdep_hardirqs_on+0x9c/0x150 [ 188.808957][T10714] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.808974][T10714] ? clear_bhb_loop+0x60/0xb0 [ 188.808997][T10714] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.809014][T10714] RIP: 0033:0x7f67e538efc9 [ 188.809032][T10714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.809047][T10714] RSP: 002b:00007f67e6282038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 188.809067][T10714] RAX: ffffffffffffffda RBX: 00007f67e55e5fa0 RCX: 00007f67e538efc9 [ 188.809081][T10714] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000003 [ 188.809092][T10714] RBP: 00007f67e6282090 R08: 0000000000000000 R09: 0000000000000000 [ 188.809104][T10714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 188.809115][T10714] R13: 00007f67e55e6038 R14: 00007f67e55e5fa0 R15: 00007ffe8db624b8 [ 188.809147][T10714] [ 189.323450][T10724] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1981'. [ 189.326317][T10718] vxcan1 speed is unknown, defaulting to 1000 [ 189.587608][T10735] Bluetooth: MGMT ver 1.23 [ 189.783715][T10740] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1986'. [ 189.792999][T10740] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 189.912097][T10740] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 190.460708][T10765] vxcan1 speed is unknown, defaulting to 1000 [ 190.634967][T10774] FAULT_INJECTION: forcing a failure. [ 190.634967][T10774] name failslab, interval 1, probability 0, space 0, times 0 [ 190.676937][T10774] CPU: 1 UID: 0 PID: 10774 Comm: syz.4.1997 Not tainted syzkaller #0 PREEMPT(full) [ 190.676965][T10774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 190.676975][T10774] Call Trace: [ 190.676983][T10774] [ 190.676990][T10774] dump_stack_lvl+0x189/0x250 [ 190.677018][T10774] ? __pfx____ratelimit+0x10/0x10 [ 190.677039][T10774] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.677061][T10774] ? __pfx__printk+0x10/0x10 [ 190.677086][T10774] ? __pfx___might_resched+0x10/0x10 [ 190.677103][T10774] ? fs_reclaim_acquire+0x7d/0x100 [ 190.677132][T10774] should_fail_ex+0x414/0x560 [ 190.677163][T10774] should_failslab+0xa8/0x100 [ 190.677183][T10774] kmem_cache_alloc_node_noprof+0x77/0x710 [ 190.677206][T10774] ? __alloc_skb+0x112/0x2d0 [ 190.677229][T10774] ? netlink_autobind+0xdb/0x300 [ 190.677252][T10774] __alloc_skb+0x112/0x2d0 [ 190.677280][T10774] netlink_sendmsg+0x5c6/0xb30 [ 190.677307][T10774] ? __pfx_netlink_sendmsg+0x10/0x10 [ 190.677327][T10774] ? aa_sock_msg_perm+0xf1/0x1d0 [ 190.677360][T10774] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 190.677380][T10774] ? __pfx_netlink_sendmsg+0x10/0x10 [ 190.677395][T10774] __sock_sendmsg+0x21c/0x270 [ 190.677419][T10774] ____sys_sendmsg+0x505/0x830 [ 190.677443][T10774] ? __pfx_____sys_sendmsg+0x10/0x10 [ 190.677468][T10774] ? import_iovec+0x74/0xa0 [ 190.677494][T10774] ___sys_sendmsg+0x21f/0x2a0 [ 190.677514][T10774] ? __pfx____sys_sendmsg+0x10/0x10 [ 190.677567][T10774] ? __fget_files+0x2a/0x420 [ 190.677582][T10774] ? __fget_files+0x3a0/0x420 [ 190.677610][T10774] __x64_sys_sendmsg+0x19b/0x260 [ 190.677629][T10774] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 190.677657][T10774] ? __pfx_ksys_write+0x10/0x10 [ 190.677684][T10774] ? do_syscall_64+0xbe/0xfa0 [ 190.677708][T10774] do_syscall_64+0xfa/0xfa0 [ 190.677726][T10774] ? lockdep_hardirqs_on+0x9c/0x150 [ 190.677747][T10774] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.677764][T10774] ? clear_bhb_loop+0x60/0xb0 [ 190.677786][T10774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.677803][T10774] RIP: 0033:0x7f67e538efc9 [ 190.677819][T10774] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 190.677835][T10774] RSP: 002b:00007f67e6282038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 190.677854][T10774] RAX: ffffffffffffffda RBX: 00007f67e55e5fa0 RCX: 00007f67e538efc9 [ 190.677868][T10774] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 190.677879][T10774] RBP: 00007f67e6282090 R08: 0000000000000000 R09: 0000000000000000 [ 190.677890][T10774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 190.677901][T10774] R13: 00007f67e55e6038 R14: 00007f67e55e5fa0 R15: 00007ffe8db624b8 [ 190.677932][T10774] [ 190.989180][T10767] vxcan1 speed is unknown, defaulting to 1000 [ 191.158980][T10781] FAULT_INJECTION: forcing a failure. [ 191.158980][T10781] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 191.172202][T10781] CPU: 1 UID: 0 PID: 10781 Comm: syz.4.2002 Not tainted syzkaller #0 PREEMPT(full) [ 191.172226][T10781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 191.172236][T10781] Call Trace: [ 191.172243][T10781] [ 191.172252][T10781] dump_stack_lvl+0x189/0x250 [ 191.172285][T10781] ? __pfx____ratelimit+0x10/0x10 [ 191.172306][T10781] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.172329][T10781] ? __pfx__printk+0x10/0x10 [ 191.172347][T10781] ? __might_fault+0xb0/0x130 [ 191.172383][T10781] should_fail_ex+0x414/0x560 [ 191.172412][T10781] _copy_from_iter+0x1de/0x1790 [ 191.172436][T10781] ? rcu_is_watching+0x15/0xb0 [ 191.172460][T10781] ? kmalloc_reserve+0xbd/0x290 [ 191.172485][T10781] ? __pfx__copy_from_iter+0x10/0x10 [ 191.172506][T10781] ? __build_skb_around+0x262/0x3f0 [ 191.172532][T10781] ? netlink_sendmsg+0x642/0xb30 [ 191.172547][T10781] ? skb_put+0x11b/0x210 [ 191.172567][T10781] netlink_sendmsg+0x6b2/0xb30 [ 191.172593][T10781] ? __pfx_netlink_sendmsg+0x10/0x10 [ 191.172613][T10781] ? aa_sock_msg_perm+0xf1/0x1d0 [ 191.172638][T10781] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 191.172655][T10781] ? __pfx_netlink_sendmsg+0x10/0x10 [ 191.172672][T10781] __sock_sendmsg+0x21c/0x270 [ 191.172697][T10781] sock_write_iter+0x279/0x360 [ 191.172720][T10781] ? __pfx_sock_write_iter+0x10/0x10 [ 191.172764][T10781] do_iter_readv_writev+0x623/0x8c0 [ 191.172795][T10781] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 191.172818][T10781] ? common_file_perm+0x1b5/0x230 [ 191.172846][T10781] ? bpf_lsm_file_permission+0x9/0x20 [ 191.172864][T10781] ? security_file_permission+0x75/0x290 [ 191.172885][T10781] ? rw_verify_area+0x255/0x4d0 [ 191.172912][T10781] vfs_writev+0x31a/0x960 [ 191.172934][T10781] ? __lock_acquire+0xab9/0xd20 [ 191.172954][T10781] ? __pfx_vfs_writev+0x10/0x10 [ 191.172988][T10781] ? __fget_files+0x2a/0x420 [ 191.173009][T10781] ? __fget_files+0x3a0/0x420 [ 191.173024][T10781] ? __fget_files+0x2a/0x420 [ 191.173050][T10781] do_writev+0x14d/0x2d0 [ 191.173070][T10781] ? __pfx_do_writev+0x10/0x10 [ 191.173092][T10781] ? do_syscall_64+0xbe/0xfa0 [ 191.173116][T10781] do_syscall_64+0xfa/0xfa0 [ 191.173135][T10781] ? lockdep_hardirqs_on+0x9c/0x150 [ 191.173156][T10781] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.173173][T10781] ? clear_bhb_loop+0x60/0xb0 [ 191.173195][T10781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.173211][T10781] RIP: 0033:0x7f67e538efc9 [ 191.173227][T10781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.173242][T10781] RSP: 002b:00007f67e6282038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 191.173262][T10781] RAX: ffffffffffffffda RBX: 00007f67e55e5fa0 RCX: 00007f67e538efc9 [ 191.173283][T10781] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003 [ 191.173294][T10781] RBP: 00007f67e6282090 R08: 0000000000000000 R09: 0000000000000000 [ 191.173306][T10781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 191.173316][T10781] R13: 00007f67e55e6038 R14: 00007f67e55e5fa0 R15: 00007ffe8db624b8 [ 191.173347][T10781] [ 191.488919][T10721] Bluetooth: hci1: command 0x0406 tx timeout [ 191.495446][T10721] Bluetooth: hci0: command 0x0c1a tx timeout [ 191.502506][T10721] Bluetooth: hci2: command 0x0406 tx timeout [ 191.508598][T10721] Bluetooth: hci3: command 0x0406 tx timeout [ 191.563106][T10784] vcan0: tx address claim with dlc 0 [ 192.800147][T10805] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2009'. [ 192.910406][T10799] vxcan1 speed is unknown, defaulting to 1000 [ 192.949564][T10806] bond2 (unregistering): Released all slaves [ 193.335846][T10819] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2010'. [ 193.433068][T10815] vxcan1 speed is unknown, defaulting to 1000 [ 193.614880][T10826] FAULT_INJECTION: forcing a failure. [ 193.614880][T10826] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 193.636247][T10826] CPU: 0 UID: 0 PID: 10826 Comm: syz.4.2016 Not tainted syzkaller #0 PREEMPT(full) [ 193.636271][T10826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 193.636282][T10826] Call Trace: [ 193.636290][T10826] [ 193.636298][T10826] dump_stack_lvl+0x189/0x250 [ 193.636325][T10826] ? __pfx____ratelimit+0x10/0x10 [ 193.636347][T10826] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.636370][T10826] ? __pfx__printk+0x10/0x10 [ 193.636401][T10826] should_fail_ex+0x414/0x560 [ 193.636430][T10826] _copy_from_user+0x2d/0xb0 [ 193.636453][T10826] __copy_msghdr+0x3c5/0x5b0 [ 193.636475][T10826] ___sys_sendmsg+0x1a5/0x2a0 [ 193.636496][T10826] ? __pfx____sys_sendmsg+0x10/0x10 [ 193.636550][T10826] ? __fget_files+0x2a/0x420 [ 193.636567][T10826] ? __fget_files+0x3a0/0x420 [ 193.636594][T10826] __sys_sendmmsg+0x227/0x430 [ 193.636618][T10826] ? __pfx___sys_sendmmsg+0x10/0x10 [ 193.636645][T10826] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 193.636686][T10826] ? ksys_write+0x22a/0x250 [ 193.636712][T10826] ? __pfx_ksys_write+0x10/0x10 [ 193.636740][T10826] __x64_sys_sendmmsg+0xa0/0xc0 [ 193.636760][T10826] do_syscall_64+0xfa/0xfa0 [ 193.636779][T10826] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.636799][T10826] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.636816][T10826] ? clear_bhb_loop+0x60/0xb0 [ 193.636837][T10826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.636855][T10826] RIP: 0033:0x7f67e538efc9 [ 193.636871][T10826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.636886][T10826] RSP: 002b:00007f67e6282038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 193.636906][T10826] RAX: ffffffffffffffda RBX: 00007f67e55e5fa0 RCX: 00007f67e538efc9 [ 193.636919][T10826] RDX: 0000000000000001 RSI: 0000200000000200 RDI: 0000000000000003 [ 193.636931][T10826] RBP: 00007f67e6282090 R08: 0000000000000000 R09: 0000000000000000 [ 193.636941][T10826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.636952][T10826] R13: 00007f67e55e6038 R14: 00007f67e55e5fa0 R15: 00007ffe8db624b8 [ 193.636982][T10826] [ 194.049138][T10832] tipc: Enabling of bearer rejected, failed to enable media [ 194.060500][T10832] syzkaller0: entered promiscuous mode [ 194.066126][T10832] syzkaller0: entered allmulticast mode [ 194.327005][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.576460][T10857] FAULT_INJECTION: forcing a failure. [ 194.576460][T10857] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 194.607544][T10857] CPU: 0 UID: 0 PID: 10857 Comm: syz.3.2028 Not tainted syzkaller #0 PREEMPT(full) [ 194.607567][T10857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 194.607576][T10857] Call Trace: [ 194.607583][T10857] [ 194.607591][T10857] dump_stack_lvl+0x189/0x250 [ 194.607618][T10857] ? __pfx____ratelimit+0x10/0x10 [ 194.607636][T10857] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.607658][T10857] ? __pfx__printk+0x10/0x10 [ 194.607674][T10857] ? __might_fault+0xb0/0x130 [ 194.607708][T10857] should_fail_ex+0x414/0x560 [ 194.607738][T10857] _copy_from_user+0x2d/0xb0 [ 194.607760][T10857] ___sys_sendmsg+0x158/0x2a0 [ 194.607783][T10857] ? __pfx____sys_sendmsg+0x10/0x10 [ 194.607837][T10857] ? __fget_files+0x2a/0x420 [ 194.607854][T10857] ? __fget_files+0x3a0/0x420 [ 194.607880][T10857] __sys_sendmmsg+0x227/0x430 [ 194.607904][T10857] ? __pfx___sys_sendmmsg+0x10/0x10 [ 194.607931][T10857] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 194.607972][T10857] ? ksys_write+0x22a/0x250 [ 194.607997][T10857] ? __pfx_ksys_write+0x10/0x10 [ 194.608025][T10857] __x64_sys_sendmmsg+0xa0/0xc0 [ 194.608043][T10857] do_syscall_64+0xfa/0xfa0 [ 194.608063][T10857] ? lockdep_hardirqs_on+0x9c/0x150 [ 194.608083][T10857] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.608101][T10857] ? clear_bhb_loop+0x60/0xb0 [ 194.608130][T10857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.608148][T10857] RIP: 0033:0x7f8c0b58efc9 [ 194.608164][T10857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 194.608178][T10857] RSP: 002b:00007f8c0c497038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 194.608198][T10857] RAX: ffffffffffffffda RBX: 00007f8c0b7e5fa0 RCX: 00007f8c0b58efc9 [ 194.608211][T10857] RDX: 0000000000000001 RSI: 00002000000016c0 RDI: 0000000000000003 [ 194.608223][T10857] RBP: 00007f8c0c497090 R08: 0000000000000000 R09: 0000000000000000 [ 194.608233][T10857] R10: 00000000000400c0 R11: 0000000000000246 R12: 0000000000000001 [ 194.608244][T10857] R13: 00007f8c0b7e6038 R14: 00007f8c0b7e5fa0 R15: 00007ffe93a31798 [ 194.608275][T10857] [ 194.989987][T10865] netlink: 'syz.3.2033': attribute type 49 has an invalid length. [ 195.024628][T10862] tun0: tun_chr_ioctl cmd 1074025681 [ 195.103526][T10870] tipc: Enabling of bearer rejected, failed to enable media [ 195.116530][T10872] FAULT_INJECTION: forcing a failure. [ 195.116530][T10872] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 195.121355][T10870] syzkaller0: entered promiscuous mode [ 195.135312][T10870] syzkaller0: entered allmulticast mode [ 195.151328][T10872] CPU: 0 UID: 0 PID: 10872 Comm: syz.1.2035 Not tainted syzkaller #0 PREEMPT(full) [ 195.151350][T10872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 195.151361][T10872] Call Trace: [ 195.151367][T10872] [ 195.151375][T10872] dump_stack_lvl+0x189/0x250 [ 195.151403][T10872] ? __pfx____ratelimit+0x10/0x10 [ 195.151424][T10872] ? __pfx_dump_stack_lvl+0x10/0x10 [ 195.151446][T10872] ? __pfx__printk+0x10/0x10 [ 195.151478][T10872] should_fail_ex+0x414/0x560 [ 195.151508][T10872] _copy_to_user+0x31/0xb0 [ 195.151532][T10872] simple_read_from_buffer+0xe1/0x170 [ 195.151563][T10872] proc_fail_nth_read+0x1b3/0x220 [ 195.151588][T10872] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 195.151612][T10872] ? rw_verify_area+0x2a6/0x4d0 [ 195.151634][T10872] ? __lock_acquire+0xab9/0xd20 [ 195.151650][T10872] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 195.151673][T10872] vfs_read+0x200/0xa30 [ 195.151695][T10872] ? fdget_pos+0x247/0x320 [ 195.151716][T10872] ? __pfx___mutex_lock+0x10/0x10 [ 195.151739][T10872] ? __pfx_vfs_read+0x10/0x10 [ 195.151763][T10872] ? __fget_files+0x2a/0x420 [ 195.151785][T10872] ? __fget_files+0x3a0/0x420 [ 195.151799][T10872] ? __fget_files+0x2a/0x420 [ 195.151825][T10872] ksys_read+0x145/0x250 [ 195.151849][T10872] ? __pfx_ksys_read+0x10/0x10 [ 195.151873][T10872] ? do_syscall_64+0xbe/0xfa0 [ 195.151896][T10872] do_syscall_64+0xfa/0xfa0 [ 195.151914][T10872] ? lockdep_hardirqs_on+0x9c/0x150 [ 195.151934][T10872] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.151951][T10872] ? clear_bhb_loop+0x60/0xb0 [ 195.151973][T10872] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.151990][T10872] RIP: 0033:0x7f9ccdb8d9dc [ 195.152006][T10872] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 195.152020][T10872] RSP: 002b:00007f9ccea56030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 195.152039][T10872] RAX: ffffffffffffffda RBX: 00007f9ccdde5fa0 RCX: 00007f9ccdb8d9dc [ 195.152058][T10872] RDX: 000000000000000f RSI: 00007f9ccea560a0 RDI: 0000000000000005 [ 195.152068][T10872] RBP: 00007f9ccea56090 R08: 0000000000000000 R09: 0000000000000000 [ 195.152079][T10872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 195.152090][T10872] R13: 00007f9ccdde6038 R14: 00007f9ccdde5fa0 R15: 00007fff4b85f118 [ 195.152122][T10872] [ 195.496718][T10884] FAULT_INJECTION: forcing a failure. [ 195.496718][T10884] name failslab, interval 1, probability 0, space 0, times 0 [ 195.536914][T10884] CPU: 1 UID: 0 PID: 10884 Comm: syz.4.2039 Not tainted syzkaller #0 PREEMPT(full) [ 195.536940][T10884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 195.536951][T10884] Call Trace: [ 195.536958][T10884] [ 195.536966][T10884] dump_stack_lvl+0x189/0x250 [ 195.536994][T10884] ? __pfx____ratelimit+0x10/0x10 [ 195.537013][T10884] ? __pfx_dump_stack_lvl+0x10/0x10 [ 195.537035][T10884] ? __pfx__printk+0x10/0x10 [ 195.537058][T10884] ? __pfx___might_resched+0x10/0x10 [ 195.537074][T10884] ? fs_reclaim_acquire+0x7d/0x100 [ 195.537104][T10884] should_fail_ex+0x414/0x560 [ 195.537134][T10884] should_failslab+0xa8/0x100 [ 195.537153][T10884] __kmalloc_cache_noprof+0x6f/0x6f0 [ 195.537178][T10884] ? sctp_association_new+0x89/0x25f0 [ 195.537209][T10884] sctp_association_new+0x89/0x25f0 [ 195.537236][T10884] ? sctp_has_association+0x1cd/0x1f0 [ 195.537251][T10884] ? sctp_has_association+0x2f/0x1f0 [ 195.537271][T10884] ? __ipv6_addr_type+0x247/0x2f0 [ 195.537293][T10884] sctp_connect_new_asoc+0x2c5/0x690 [ 195.537320][T10884] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 195.537345][T10884] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 195.537369][T10884] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 195.537393][T10884] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 195.537416][T10884] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 195.537433][T10884] ? security_sctp_bind_connect+0x7e/0x2e0 [ 195.537457][T10884] sctp_sendmsg+0x155c/0x2810 [ 195.537491][T10884] ? __pfx_sctp_sendmsg+0x10/0x10 [ 195.537514][T10884] ? aa_sk_perm+0x81e/0x950 [ 195.537541][T10884] ? __pfx_aa_sk_perm+0x10/0x10 [ 195.537567][T10884] ? sock_rps_record_flow+0x19/0x410 [ 195.537594][T10884] ? inet_sendmsg+0x2f4/0x370 [ 195.537616][T10884] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 195.537636][T10884] __sock_sendmsg+0x19c/0x270 [ 195.537662][T10884] __sys_sendto+0x3bd/0x520 [ 195.537689][T10884] ? __pfx___sys_sendto+0x10/0x10 [ 195.537711][T10884] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 195.537746][T10884] ? __fget_files+0x3a0/0x420 [ 195.537782][T10884] ? ksys_write+0x22a/0x250 [ 195.537807][T10884] ? __pfx_ksys_write+0x10/0x10 [ 195.537834][T10884] __x64_sys_sendto+0xde/0x100 [ 195.537860][T10884] do_syscall_64+0xfa/0xfa0 [ 195.537879][T10884] ? lockdep_hardirqs_on+0x9c/0x150 [ 195.537899][T10884] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.537915][T10884] ? clear_bhb_loop+0x60/0xb0 [ 195.537936][T10884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.537954][T10884] RIP: 0033:0x7f67e538efc9 [ 195.537970][T10884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.537984][T10884] RSP: 002b:00007f67e6282038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 195.538003][T10884] RAX: ffffffffffffffda RBX: 00007f67e55e5fa0 RCX: 00007f67e538efc9 [ 195.538017][T10884] RDX: 000000000000ffe0 RSI: 0000200000000100 RDI: 0000000000000003 [ 195.538027][T10884] RBP: 00007f67e6282090 R08: 0000200000000140 R09: 000000000000001c [ 195.538037][T10884] R10: 000000002000c851 R11: 0000000000000246 R12: 0000000000000001 [ 195.538048][T10884] R13: 00007f67e55e6038 R14: 00007f67e55e5fa0 R15: 00007ffe8db624b8 [ 195.538079][T10884] [ 196.563800][T10916] FAULT_INJECTION: forcing a failure. [ 196.563800][T10916] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 196.596083][T10916] CPU: 1 UID: 0 PID: 10916 Comm: syz.4.2049 Not tainted syzkaller #0 PREEMPT(full) [ 196.596110][T10916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 196.596121][T10916] Call Trace: [ 196.596129][T10916] [ 196.596137][T10916] dump_stack_lvl+0x189/0x250 [ 196.596164][T10916] ? __pfx____ratelimit+0x10/0x10 [ 196.596186][T10916] ? __pfx_dump_stack_lvl+0x10/0x10 [ 196.596209][T10916] ? __pfx__printk+0x10/0x10 [ 196.596228][T10916] ? __might_fault+0xb0/0x130 [ 196.596265][T10916] should_fail_ex+0x414/0x560 [ 196.596296][T10916] _copy_from_user+0x2d/0xb0 [ 196.596319][T10916] kstrtouint_from_user+0xc4/0x170 [ 196.596340][T10916] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 196.596377][T10916] proc_fail_nth_write+0x88/0x200 [ 196.596400][T10916] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 196.596428][T10916] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 196.596452][T10916] vfs_write+0x27e/0xb30 [ 196.596486][T10916] ? __pfx_vfs_write+0x10/0x10 [ 196.596512][T10916] ? __fget_files+0x2a/0x420 [ 196.596534][T10916] ? __fget_files+0x3a0/0x420 [ 196.596550][T10916] ? __fget_files+0x2a/0x420 [ 196.596576][T10916] ksys_write+0x145/0x250 [ 196.596603][T10916] ? __pfx_ksys_write+0x10/0x10 [ 196.596630][T10916] ? do_syscall_64+0xbe/0xfa0 [ 196.596655][T10916] do_syscall_64+0xfa/0xfa0 [ 196.596674][T10916] ? lockdep_hardirqs_on+0x9c/0x150 [ 196.596695][T10916] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.596713][T10916] ? clear_bhb_loop+0x60/0xb0 [ 196.596735][T10916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.596752][T10916] RIP: 0033:0x7f67e538da7f [ 196.596769][T10916] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 196.596785][T10916] RSP: 002b:00007f67e6282030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 196.596804][T10916] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f67e538da7f [ 196.596817][T10916] RDX: 0000000000000001 RSI: 00007f67e62820a0 RDI: 0000000000000004 [ 196.596828][T10916] RBP: 00007f67e6282090 R08: 0000000000000000 R09: 0000000000000014 [ 196.596840][T10916] R10: 0000000000000004 R11: 0000000000000293 R12: 0000000000000001 [ 196.596851][T10916] R13: 00007f67e55e6038 R14: 00007f67e55e5fa0 R15: 00007ffe8db624b8 [ 196.596955][T10916] [ 197.321536][T10927] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2053'. [ 197.469989][T10936] FAULT_INJECTION: forcing a failure. [ 197.469989][T10936] name failslab, interval 1, probability 0, space 0, times 0 [ 197.482830][T10936] CPU: 0 UID: 0 PID: 10936 Comm: syz.3.2055 Not tainted syzkaller #0 PREEMPT(full) [ 197.482854][T10936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 197.482864][T10936] Call Trace: [ 197.482871][T10936] [ 197.482879][T10936] dump_stack_lvl+0x189/0x250 [ 197.482919][T10936] ? __pfx____ratelimit+0x10/0x10 [ 197.482937][T10936] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.482958][T10936] ? __pfx__printk+0x10/0x10 [ 197.482974][T10936] ? stack_trace_save+0x9c/0xe0 [ 197.482997][T10936] ? stack_depot_save_flags+0x40/0x860 [ 197.483023][T10936] ? kasan_quarantine_put+0xdd/0x220 [ 197.483050][T10936] should_fail_ex+0x414/0x560 [ 197.483076][T10936] should_failslab+0xa8/0x100 [ 197.483094][T10936] kmem_cache_alloc_noprof+0x74/0x6e0 [ 197.483114][T10936] ? do_syscall_64+0xfa/0xfa0 [ 197.483132][T10936] ? dst_alloc+0x105/0x170 [ 197.483156][T10936] dst_alloc+0x105/0x170 [ 197.483178][T10936] ip_route_input_rcu+0x1ec2/0x30d0 [ 197.483211][T10936] ? __pfx_ip_route_input_rcu+0x10/0x10 [ 197.483249][T10936] ? ipt_do_table+0x13dd/0x1640 [ 197.483273][T10936] ? ip_route_input_noref+0x98/0x250 [ 197.483293][T10936] ip_route_input_noref+0x167/0x250 [ 197.483317][T10936] ? __pfx_ip_route_input_noref+0x10/0x10 [ 197.483345][T10936] ? ipt_do_table+0x2a3/0x1640 [ 197.483361][T10936] ? __pfx_ipt_do_table+0x10/0x10 [ 197.483381][T10936] ip_rcv_finish_core+0x5af/0x1c00 [ 197.483408][T10936] ip_rcv_finish+0x14c/0x2f0 [ 197.483427][T10936] NF_HOOK+0x30c/0x3a0 [ 197.483444][T10936] ? __pfx_ip_rcv_finish+0x10/0x10 [ 197.483458][T10936] ? NF_HOOK+0x9a/0x3a0 [ 197.483473][T10936] ? __pfx_NF_HOOK+0x10/0x10 [ 197.483486][T10936] ? ip_rcv_core+0x7f7/0xd00 [ 197.483503][T10936] ? __pfx_ip_rcv_finish+0x10/0x10 [ 197.483526][T10936] ? __pfx_ip_rcv+0x10/0x10 [ 197.483539][T10936] __netif_receive_skb+0x143/0x380 [ 197.483566][T10936] ? netif_receive_skb+0x115/0x790 [ 197.483586][T10936] netif_receive_skb+0x1cb/0x790 [ 197.483606][T10936] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 197.483623][T10936] ? __pfx_netif_receive_skb+0x10/0x10 [ 197.483646][T10936] ? tun_rx_batched+0x160/0x730 [ 197.483666][T10936] tun_rx_batched+0x1b9/0x730 [ 197.483682][T10936] ? __lock_acquire+0xab9/0xd20 [ 197.483702][T10936] ? __pfx_tun_rx_batched+0x10/0x10 [ 197.483723][T10936] ? tun_get_user+0x272f/0x3e90 [ 197.483761][T10936] tun_get_user+0x2b65/0x3e90 [ 197.483789][T10936] ? tun_get_user+0x6f6/0x3e90 [ 197.483809][T10936] ? tun_get_user+0x272f/0x3e90 [ 197.483832][T10936] ? aa_file_perm+0x44d/0x1550 [ 197.483847][T10936] ? __pfx_tun_get_user+0x10/0x10 [ 197.483875][T10936] ? __lock_acquire+0xab9/0xd20 [ 197.483896][T10936] ? ref_tracker_alloc+0x318/0x460 [ 197.483910][T10936] ? __lock_acquire+0xab9/0xd20 [ 197.483928][T10936] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 197.483950][T10936] ? tun_get+0x1c/0x2f0 [ 197.483974][T10936] ? tun_get+0x1c/0x2f0 [ 197.483991][T10936] ? tun_get+0x1c/0x2f0 [ 197.484013][T10936] tun_chr_write_iter+0x113/0x200 [ 197.484036][T10936] vfs_write+0x5c9/0xb30 [ 197.484063][T10936] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 197.484083][T10936] ? __pfx_vfs_write+0x10/0x10 [ 197.484115][T10936] ? __fget_files+0x2a/0x420 [ 197.484140][T10936] ksys_write+0x145/0x250 [ 197.484166][T10936] ? __pfx_ksys_write+0x10/0x10 [ 197.484192][T10936] ? do_syscall_64+0xbe/0xfa0 [ 197.484217][T10936] do_syscall_64+0xfa/0xfa0 [ 197.484235][T10936] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.484257][T10936] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.484275][T10936] ? clear_bhb_loop+0x60/0xb0 [ 197.484296][T10936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.484313][T10936] RIP: 0033:0x7f8c0b58da7f [ 197.484330][T10936] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 197.484345][T10936] RSP: 002b:00007f8c0c497000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 197.484364][T10936] RAX: ffffffffffffffda RBX: 00007f8c0b7e5fa0 RCX: 00007f8c0b58da7f [ 197.484377][T10936] RDX: 000000000000002e RSI: 0000200000000240 RDI: 00000000000000c8 [ 197.484389][T10936] RBP: 00007f8c0c497090 R08: 0000000000000000 R09: 0000000000000000 [ 197.484401][T10936] R10: 000000000000002e R11: 0000000000000293 R12: 0000000000000001 [ 197.484411][T10936] R13: 00007f8c0b7e6038 R14: 00007f8c0b7e5fa0 R15: 00007ffe93a31798 [ 197.484443][T10936] [ 197.485130][T10935] Bluetooth: MGMT ver 1.23 [ 197.489770][T10938] FAULT_INJECTION: forcing a failure. [ 197.489770][T10938] name failslab, interval 1, probability 0, space 0, times 0 [ 197.926299][T10938] CPU: 0 UID: 0 PID: 10938 Comm: syz.1.2057 Not tainted syzkaller #0 PREEMPT(full) [ 197.926323][T10938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 197.926334][T10938] Call Trace: [ 197.926343][T10938] [ 197.926351][T10938] dump_stack_lvl+0x189/0x250 [ 197.926377][T10938] ? __pfx____ratelimit+0x10/0x10 [ 197.926396][T10938] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.926417][T10938] ? __pfx__printk+0x10/0x10 [ 197.926436][T10938] ? __pfx___might_resched+0x10/0x10 [ 197.926455][T10938] ? fs_reclaim_acquire+0x7d/0x100 [ 197.926482][T10938] should_fail_ex+0x414/0x560 [ 197.926511][T10938] should_failslab+0xa8/0x100 [ 197.926529][T10938] __kmalloc_cache_noprof+0x6f/0x6f0 [ 197.926551][T10938] ? kasan_save_track+0x4f/0x80 [ 197.926572][T10938] ? rtnl_newlink+0xfb/0x1c80 [ 197.926593][T10938] ? __kasan_save_free_info+0x46/0x50 [ 197.926610][T10938] ? __kasan_slab_free+0x5c/0x80 [ 197.926630][T10938] ? kmem_cache_free+0x19b/0x690 [ 197.926663][T10938] rtnl_newlink+0xfb/0x1c80 [ 197.926684][T10938] ? ____sys_sendmsg+0x505/0x830 [ 197.926699][T10938] ? ___sys_sendmsg+0x21f/0x2a0 [ 197.926713][T10938] ? __x64_sys_sendmsg+0x19b/0x260 [ 197.926728][T10938] ? do_syscall_64+0xfa/0xfa0 [ 197.926746][T10938] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.926770][T10938] ? __pfx_rtnl_newlink+0x10/0x10 [ 197.926808][T10938] ? kasan_quarantine_put+0xdd/0x220 [ 197.926829][T10938] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.926852][T10938] ? nlmon_xmit+0xb0/0x100 [ 197.926869][T10938] ? kmem_cache_free+0x19b/0x690 [ 197.926897][T10938] ? __local_bh_enable_ip+0x12d/0x1c0 [ 197.926913][T10938] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.926933][T10938] ? __local_bh_enable_ip+0x12d/0x1c0 [ 197.926950][T10938] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 197.926970][T10938] ? __dev_queue_xmit+0x284/0x3740 [ 197.926992][T10938] ? __dev_queue_xmit+0x284/0x3740 [ 197.927008][T10938] ? __dev_queue_xmit+0x1bfb/0x3740 [ 197.927031][T10938] ? __lock_acquire+0xab9/0xd20 [ 197.927071][T10938] ? __pfx_rtnl_newlink+0x10/0x10 [ 197.927094][T10938] rtnetlink_rcv_msg+0x7cf/0xb70 [ 197.927121][T10938] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 197.927143][T10938] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 197.927164][T10938] ? ref_tracker_free+0x63a/0x7d0 [ 197.927181][T10938] ? __asan_memcpy+0x40/0x70 [ 197.927202][T10938] ? __pfx_ref_tracker_free+0x10/0x10 [ 197.927227][T10938] netlink_rcv_skb+0x208/0x470 [ 197.927250][T10938] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 197.927274][T10938] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 197.927309][T10938] ? netlink_deliver_tap+0x2e/0x1b0 [ 197.927340][T10938] netlink_unicast+0x82f/0x9e0 [ 197.927371][T10938] ? __pfx_netlink_unicast+0x10/0x10 [ 197.927392][T10938] ? netlink_sendmsg+0x642/0xb30 [ 197.927406][T10938] ? skb_put+0x11b/0x210 [ 197.927425][T10938] netlink_sendmsg+0x805/0xb30 [ 197.927447][T10938] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.927465][T10938] ? aa_sock_msg_perm+0xf1/0x1d0 [ 197.927491][T10938] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 197.927508][T10938] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.927525][T10938] __sock_sendmsg+0x21c/0x270 [ 197.927550][T10938] ____sys_sendmsg+0x505/0x830 [ 197.927573][T10938] ? __pfx_____sys_sendmsg+0x10/0x10 [ 197.927600][T10938] ? import_iovec+0x74/0xa0 [ 197.927621][T10938] ___sys_sendmsg+0x21f/0x2a0 [ 197.927650][T10938] ? __pfx____sys_sendmsg+0x10/0x10 [ 197.927704][T10938] ? __fget_files+0x2a/0x420 [ 197.927719][T10938] ? __fget_files+0x3a0/0x420 [ 197.927743][T10938] __x64_sys_sendmsg+0x19b/0x260 [ 197.927762][T10938] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 197.927789][T10938] ? __pfx_ksys_write+0x10/0x10 [ 197.927816][T10938] ? do_syscall_64+0xbe/0xfa0 [ 197.927840][T10938] do_syscall_64+0xfa/0xfa0 [ 197.927858][T10938] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.927875][T10938] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.927890][T10938] ? clear_bhb_loop+0x60/0xb0 [ 197.927909][T10938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.927924][T10938] RIP: 0033:0x7f9ccdb8efc9 [ 197.927940][T10938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.927954][T10938] RSP: 002b:00007f9ccea56038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 197.927972][T10938] RAX: ffffffffffffffda RBX: 00007f9ccdde5fa0 RCX: 00007f9ccdb8efc9 [ 197.927983][T10938] RDX: 0000000000004040 RSI: 0000200000000180 RDI: 0000000000000003 [ 197.927993][T10938] RBP: 00007f9ccea56090 R08: 0000000000000000 R09: 0000000000000000 [ 197.928003][T10938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 197.928013][T10938] R13: 00007f9ccdde6038 R14: 00007f9ccdde5fa0 R15: 00007fff4b85f118 [ 197.928042][T10938] [ 198.544886][T10949] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2060'. [ 198.584556][T10949] ip6gre3: entered promiscuous mode [ 198.715425][ T36] nci: nci_ntf_packet: unsupported ntf opcode 0xf3d [ 198.884649][T10974] FAULT_INJECTION: forcing a failure. [ 198.884649][T10974] name failslab, interval 1, probability 0, space 0, times 0 [ 198.898371][T10974] CPU: 0 UID: 0 PID: 10974 Comm: syz.0.2066 Not tainted syzkaller #0 PREEMPT(full) [ 198.898396][T10974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 198.898407][T10974] Call Trace: [ 198.898415][T10974] [ 198.898423][T10974] dump_stack_lvl+0x189/0x250 [ 198.898451][T10974] ? __pfx____ratelimit+0x10/0x10 [ 198.898472][T10974] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.898495][T10974] ? __pfx__printk+0x10/0x10 [ 198.898520][T10974] ? __pfx___might_resched+0x10/0x10 [ 198.898538][T10974] ? fs_reclaim_acquire+0x7d/0x100 [ 198.898568][T10974] should_fail_ex+0x414/0x560 [ 198.898597][T10974] should_failslab+0xa8/0x100 [ 198.898616][T10974] kmem_cache_alloc_node_noprof+0x77/0x710 [ 198.898640][T10974] ? __alloc_skb+0x112/0x2d0 [ 198.898663][T10974] ? netlink_autobind+0xdb/0x300 [ 198.898686][T10974] __alloc_skb+0x112/0x2d0 [ 198.898713][T10974] netlink_sendmsg+0x5c6/0xb30 [ 198.898740][T10974] ? __pfx_netlink_sendmsg+0x10/0x10 [ 198.898760][T10974] ? aa_sock_msg_perm+0xf1/0x1d0 [ 198.898787][T10974] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 198.898804][T10974] ? __pfx_netlink_sendmsg+0x10/0x10 [ 198.898822][T10974] __sock_sendmsg+0x21c/0x270 [ 198.898847][T10974] ____sys_sendmsg+0x505/0x830 [ 198.898872][T10974] ? __pfx_____sys_sendmsg+0x10/0x10 [ 198.898900][T10974] ? import_iovec+0x74/0xa0 [ 198.898925][T10974] ___sys_sendmsg+0x21f/0x2a0 [ 198.898945][T10974] ? __pfx____sys_sendmsg+0x10/0x10 [ 198.899001][T10974] ? __fget_files+0x2a/0x420 [ 198.899017][T10974] ? __fget_files+0x3a0/0x420 [ 198.899044][T10974] __x64_sys_sendmsg+0x19b/0x260 [ 198.899065][T10974] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 198.899093][T10974] ? __pfx_ksys_write+0x10/0x10 [ 198.899121][T10974] ? do_syscall_64+0xbe/0xfa0 [ 198.899145][T10974] do_syscall_64+0xfa/0xfa0 [ 198.899164][T10974] ? lockdep_hardirqs_on+0x9c/0x150 [ 198.899184][T10974] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.899202][T10974] ? clear_bhb_loop+0x60/0xb0 [ 198.899223][T10974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.899241][T10974] RIP: 0033:0x7f5d5998efc9 [ 198.899257][T10974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.899272][T10974] RSP: 002b:00007f5d5a893038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 198.899292][T10974] RAX: ffffffffffffffda RBX: 00007f5d59be6180 RCX: 00007f5d5998efc9 [ 198.899305][T10974] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000004 [ 198.899317][T10974] RBP: 00007f5d5a893090 R08: 0000000000000000 R09: 0000000000000000 [ 198.899328][T10974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 198.899370][T10974] R13: 00007f5d59be6218 R14: 00007f5d59be6180 R15: 00007ffd179ef078 [ 198.899402][T10974] [ 199.428830][T10979] FAULT_INJECTION: forcing a failure. [ 199.428830][T10979] name failslab, interval 1, probability 0, space 0, times 0 [ 199.461620][T10979] CPU: 0 UID: 0 PID: 10979 Comm: syz.2.2069 Not tainted syzkaller #0 PREEMPT(full) [ 199.461645][T10979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 199.461656][T10979] Call Trace: [ 199.461663][T10979] [ 199.461671][T10979] dump_stack_lvl+0x189/0x250 [ 199.461699][T10979] ? __pfx____ratelimit+0x10/0x10 [ 199.461719][T10979] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.461742][T10979] ? __pfx__printk+0x10/0x10 [ 199.461765][T10979] ? __pfx___might_resched+0x10/0x10 [ 199.461784][T10979] ? fs_reclaim_acquire+0x7d/0x100 [ 199.461814][T10979] should_fail_ex+0x414/0x560 [ 199.461842][T10979] should_failslab+0xa8/0x100 [ 199.461862][T10979] __kmalloc_node_track_caller_noprof+0xcd/0x800 [ 199.461886][T10979] ? __request_module+0x2d1/0x5e0 [ 199.461901][T10979] ? __kmalloc_cache_noprof+0x3d5/0x6f0 [ 199.461927][T10979] kstrdup+0x42/0x100 [ 199.461945][T10979] __request_module+0x2d1/0x5e0 [ 199.461968][T10979] ? __pfx___request_module+0x10/0x10 [ 199.461982][T10979] ? __up_read+0x280/0x680 [ 199.462005][T10979] ? __pfx___up_read+0x10/0x10 [ 199.462040][T10979] crypto_alg_mod_lookup+0xeb/0x5f0 [ 199.462065][T10979] crypto_add_alg+0x235/0x3b0 [ 199.462082][T10979] ? __pfx_crypto_add_alg+0x10/0x10 [ 199.462098][T10979] crypto_user_rcv_msg+0x47a/0x570 [ 199.462113][T10979] ? arch_stack_walk+0xfc/0x150 [ 199.462138][T10979] ? __pfx_crypto_user_rcv_msg+0x10/0x10 [ 199.462176][T10979] ? __pfx___mutex_trylock_common+0x10/0x10 [ 199.462199][T10979] ? rcu_is_watching+0x15/0xb0 [ 199.462219][T10979] ? trace_contention_end+0x39/0x120 [ 199.462239][T10979] ? __mutex_lock+0x335/0x1350 [ 199.462265][T10979] netlink_rcv_skb+0x208/0x470 [ 199.462300][T10979] ? __pfx_crypto_user_rcv_msg+0x10/0x10 [ 199.462318][T10979] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 199.462356][T10979] ? netlink_deliver_tap+0x2e/0x1b0 [ 199.462380][T10979] ? netlink_deliver_tap+0x2e/0x1b0 [ 199.462408][T10979] crypto_netlink_rcv+0x2a/0x40 [ 199.462424][T10979] netlink_unicast+0x82f/0x9e0 [ 199.462455][T10979] ? __pfx_netlink_unicast+0x10/0x10 [ 199.462480][T10979] ? netlink_sendmsg+0x642/0xb30 [ 199.462494][T10979] ? skb_put+0x11b/0x210 [ 199.462514][T10979] netlink_sendmsg+0x805/0xb30 [ 199.462538][T10979] ? __pfx_netlink_sendmsg+0x10/0x10 [ 199.462558][T10979] ? aa_sock_msg_perm+0xf1/0x1d0 [ 199.462586][T10979] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 199.462604][T10979] ? __pfx_netlink_sendmsg+0x10/0x10 [ 199.462621][T10979] __sock_sendmsg+0x21c/0x270 [ 199.462647][T10979] ____sys_sendmsg+0x505/0x830 [ 199.462669][T10979] ? __pfx_____sys_sendmsg+0x10/0x10 [ 199.462696][T10979] ? import_iovec+0x74/0xa0 [ 199.462721][T10979] ___sys_sendmsg+0x21f/0x2a0 [ 199.462742][T10979] ? __pfx____sys_sendmsg+0x10/0x10 [ 199.462797][T10979] ? __fget_files+0x2a/0x420 [ 199.462814][T10979] ? __fget_files+0x3a0/0x420 [ 199.462842][T10979] __x64_sys_sendmsg+0x19b/0x260 [ 199.462862][T10979] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 199.462890][T10979] ? __pfx_ksys_write+0x10/0x10 [ 199.462917][T10979] ? do_syscall_64+0xbe/0xfa0 [ 199.462942][T10979] do_syscall_64+0xfa/0xfa0 [ 199.462961][T10979] ? lockdep_hardirqs_on+0x9c/0x150 [ 199.462981][T10979] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.462999][T10979] ? clear_bhb_loop+0x60/0xb0 [ 199.463020][T10979] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.463037][T10979] RIP: 0033:0x7f9654f8efc9 [ 199.463052][T10979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.463066][T10979] RSP: 002b:00007f9655e95038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 199.463086][T10979] RAX: ffffffffffffffda RBX: 00007f96551e5fa0 RCX: 00007f9654f8efc9 [ 199.463099][T10979] RDX: 0000000000040040 RSI: 0000200000000880 RDI: 0000000000000003 [ 199.463111][T10979] RBP: 00007f9655e95090 R08: 0000000000000000 R09: 0000000000000000 [ 199.463122][T10979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 199.463133][T10979] R13: 00007f96551e6038 R14: 00007f96551e5fa0 R15: 00007ffc7ed0bd78 [ 199.463164][T10979] [ 199.931485][T10984] batadv1: entered promiscuous mode [ 199.936748][T10984] batadv1: entered allmulticast mode [ 199.995479][T10984] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 200.023607][T10994] netlink: 'syz.2.2074': attribute type 7 has an invalid length. [ 200.043660][T10996] netlink: 92 bytes leftover after parsing attributes in process `syz.3.2076'. [ 200.065362][T10996] xfrm1: entered allmulticast mode [ 200.292595][T11012] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2081'. [ 200.637721][ T52] Bluetooth: hci4: command 0x0405 tx timeout [ 200.736572][T11039] FAULT_INJECTION: forcing a failure. [ 200.736572][T11039] name failslab, interval 1, probability 0, space 0, times 0 [ 200.751699][T11039] CPU: 0 UID: 0 PID: 11039 Comm: syz.4.2091 Not tainted syzkaller #0 PREEMPT(full) [ 200.751723][T11039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 200.751735][T11039] Call Trace: [ 200.751742][T11039] [ 200.751750][T11039] dump_stack_lvl+0x189/0x250 [ 200.751778][T11039] ? __pfx____ratelimit+0x10/0x10 [ 200.751798][T11039] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.751821][T11039] ? __pfx__printk+0x10/0x10 [ 200.751845][T11039] ? __pfx___might_resched+0x10/0x10 [ 200.751863][T11039] ? fs_reclaim_acquire+0x7d/0x100 [ 200.751893][T11039] should_fail_ex+0x414/0x560 [ 200.751922][T11039] should_failslab+0xa8/0x100 [ 200.751941][T11039] __kmalloc_cache_noprof+0x6f/0x6f0 [ 200.751962][T11039] ? __pfx___mutex_lock+0x10/0x10 [ 200.751982][T11039] ? __inet_diag_dump_start+0x8b/0xbf0 [ 200.752006][T11039] ? netlink_lookup+0x30/0x200 [ 200.752033][T11039] __inet_diag_dump_start+0x8b/0xbf0 [ 200.752057][T11039] ? netlink_lookup+0x30/0x200 [ 200.752077][T11039] ? netlink_lookup+0x30/0x200 [ 200.752106][T11039] ? netlink_lookup+0x30/0x200 [ 200.752134][T11039] __netlink_dump_start+0x469/0x7e0 [ 200.752166][T11039] inet_diag_handler_cmd+0x1bf/0x290 [ 200.752193][T11039] ? __pfx_inet_diag_handler_cmd+0x10/0x10 [ 200.752216][T11039] ? __pfx_inet_diag_dump_start+0x10/0x10 [ 200.752236][T11039] ? __pfx_inet_diag_dump+0x10/0x10 [ 200.752256][T11039] ? __pfx_inet_diag_dump_done+0x10/0x10 [ 200.752280][T11039] ? sock_diag_lock_handler+0x19/0x290 [ 200.752304][T11039] ? sock_diag_lock_handler+0x19/0x290 [ 200.752332][T11039] sock_diag_rcv_msg+0x4cc/0x600 [ 200.752359][T11039] netlink_rcv_skb+0x208/0x470 [ 200.752383][T11039] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 200.752408][T11039] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 200.752443][T11039] ? netlink_deliver_tap+0x2e/0x1b0 [ 200.752476][T11039] netlink_unicast+0x82f/0x9e0 [ 200.752508][T11039] ? __pfx_netlink_unicast+0x10/0x10 [ 200.752533][T11039] ? netlink_sendmsg+0x642/0xb30 [ 200.752548][T11039] ? skb_put+0x11b/0x210 [ 200.752568][T11039] netlink_sendmsg+0x805/0xb30 [ 200.752594][T11039] ? __pfx_netlink_sendmsg+0x10/0x10 [ 200.752614][T11039] ? aa_sock_msg_perm+0xf1/0x1d0 [ 200.752640][T11039] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 200.752657][T11039] ? __pfx_netlink_sendmsg+0x10/0x10 [ 200.752674][T11039] __sock_sendmsg+0x21c/0x270 [ 200.752710][T11039] sock_write_iter+0x279/0x360 [ 200.752734][T11039] ? __pfx_sock_write_iter+0x10/0x10 [ 200.752777][T11039] do_iter_readv_writev+0x623/0x8c0 [ 200.752808][T11039] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 200.752831][T11039] ? common_file_perm+0x1b5/0x230 [ 200.752858][T11039] ? bpf_lsm_file_permission+0x9/0x20 [ 200.752876][T11039] ? security_file_permission+0x75/0x290 [ 200.752895][T11039] ? rw_verify_area+0x255/0x4d0 [ 200.752920][T11039] vfs_writev+0x31a/0x960 [ 200.752940][T11039] ? __lock_acquire+0xab9/0xd20 [ 200.752960][T11039] ? __pfx_vfs_writev+0x10/0x10 [ 200.752992][T11039] ? __fget_files+0x2a/0x420 [ 200.753013][T11039] ? __fget_files+0x3a0/0x420 [ 200.753028][T11039] ? __fget_files+0x2a/0x420 [ 200.753053][T11039] do_writev+0x14d/0x2d0 [ 200.753073][T11039] ? __pfx_do_writev+0x10/0x10 [ 200.753093][T11039] ? do_syscall_64+0xbe/0xfa0 [ 200.753125][T11039] do_syscall_64+0xfa/0xfa0 [ 200.753144][T11039] ? lockdep_hardirqs_on+0x9c/0x150 [ 200.753163][T11039] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.753180][T11039] ? clear_bhb_loop+0x60/0xb0 [ 200.753202][T11039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.753218][T11039] RIP: 0033:0x7f67e538efc9 [ 200.753234][T11039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.753248][T11039] RSP: 002b:00007f67e6282038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 200.753267][T11039] RAX: ffffffffffffffda RBX: 00007f67e55e5fa0 RCX: 00007f67e538efc9 [ 200.753279][T11039] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003 [ 200.753290][T11039] RBP: 00007f67e6282090 R08: 0000000000000000 R09: 0000000000000000 [ 200.753300][T11039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 200.753310][T11039] R13: 00007f67e55e6038 R14: 00007f67e55e5fa0 R15: 00007ffe8db624b8 [ 200.753338][T11039] [ 201.474409][T11050] vxcan1 speed is unknown, defaulting to 1000 [ 202.064631][T11084] FAULT_INJECTION: forcing a failure. [ 202.064631][T11084] name failslab, interval 1, probability 0, space 0, times 0 [ 202.081451][T11084] CPU: 0 UID: 0 PID: 11084 Comm: syz.1.2104 Not tainted syzkaller #0 PREEMPT(full) [ 202.081476][T11084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 202.081487][T11084] Call Trace: [ 202.081494][T11084] [ 202.081502][T11084] dump_stack_lvl+0x189/0x250 [ 202.081529][T11084] ? __pfx____ratelimit+0x10/0x10 [ 202.081550][T11084] ? __pfx_dump_stack_lvl+0x10/0x10 [ 202.081573][T11084] ? __pfx__printk+0x10/0x10 [ 202.081607][T11084] should_fail_ex+0x414/0x560 [ 202.081637][T11084] should_failslab+0xa8/0x100 [ 202.081657][T11084] __kmalloc_cache_noprof+0x6f/0x6f0 [ 202.081681][T11084] ? __sctp_v6_cmp_addr+0x1e6/0x510 [ 202.081702][T11084] ? sctp_add_bind_addr+0x8c/0x370 [ 202.081729][T11084] sctp_add_bind_addr+0x8c/0x370 [ 202.081755][T11084] sctp_copy_local_addr_list+0x30b/0x4e0 [ 202.081780][T11084] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 202.081801][T11084] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 202.081824][T11084] ? sctp_v6_is_any+0x64/0x80 [ 202.081846][T11084] ? sctp_copy_one_addr+0x93/0x360 [ 202.081870][T11084] sctp_bind_addr_copy+0xb3/0x3c0 [ 202.081892][T11084] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 202.081915][T11084] sctp_connect_new_asoc+0x2e0/0x690 [ 202.081944][T11084] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 202.081973][T11084] ? __local_bh_enable_ip+0x12d/0x1c0 [ 202.082000][T11084] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 202.082018][T11084] ? security_sctp_bind_connect+0x7e/0x2e0 [ 202.082043][T11084] sctp_sendmsg+0x155c/0x2810 [ 202.082080][T11084] ? __pfx_sctp_sendmsg+0x10/0x10 [ 202.082107][T11084] ? aa_sk_perm+0x81e/0x950 [ 202.082135][T11084] ? __pfx_aa_sk_perm+0x10/0x10 [ 202.082160][T11084] ? sock_rps_record_flow+0x19/0x410 [ 202.082192][T11084] ? inet_sendmsg+0x2f4/0x370 [ 202.082219][T11084] __sock_sendmsg+0x19c/0x270 [ 202.082243][T11084] __sys_sendto+0x3bd/0x520 [ 202.082270][T11084] ? __pfx___sys_sendto+0x10/0x10 [ 202.082292][T11084] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 202.082328][T11084] ? __fget_files+0x3a0/0x420 [ 202.082357][T11084] ? ksys_write+0x22a/0x250 [ 202.082382][T11084] ? __pfx_ksys_write+0x10/0x10 [ 202.082409][T11084] __x64_sys_sendto+0xde/0x100 [ 202.082438][T11084] do_syscall_64+0xfa/0xfa0 [ 202.082458][T11084] ? lockdep_hardirqs_on+0x9c/0x150 [ 202.082478][T11084] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.082496][T11084] ? clear_bhb_loop+0x60/0xb0 [ 202.082517][T11084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.082534][T11084] RIP: 0033:0x7f9ccdb8efc9 [ 202.082550][T11084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 202.082566][T11084] RSP: 002b:00007f9ccea56038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 202.082586][T11084] RAX: ffffffffffffffda RBX: 00007f9ccdde5fa0 RCX: 00007f9ccdb8efc9 [ 202.082600][T11084] RDX: 000000000000ffe0 RSI: 0000200000000100 RDI: 0000000000000003 [ 202.082612][T11084] RBP: 00007f9ccea56090 R08: 0000200000000140 R09: 000000000000001c [ 202.082624][T11084] R10: 000000002000c851 R11: 0000000000000246 R12: 0000000000000002 [ 202.082636][T11084] R13: 00007f9ccdde6038 R14: 00007f9ccdde5fa0 R15: 00007fff4b85f118 [ 202.082669][T11084] [ 202.616849][T11088] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2107'. [ 202.955635][ T36] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 202.966692][ T36] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 202.980837][T11109] tun0: tun_chr_ioctl cmd 1074025681 [ 202.996128][ T36] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 203.005118][ T36] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 203.075938][T11119] tipc: New replicast peer: 255.255.255.255 [ 203.084187][T11119] tipc: Enabled bearer , priority 10 [ 203.103176][T11119] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2113'. [ 203.122925][T11119] tipc: Disabling bearer [ 203.152798][T11119] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2113'. [ 203.176269][T11119] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2113'. [ 203.195936][T11129] FAULT_INJECTION: forcing a failure. [ 203.195936][T11129] name failslab, interval 1, probability 0, space 0, times 0 [ 203.221669][T11129] CPU: 1 UID: 0 PID: 11129 Comm: syz.1.2120 Not tainted syzkaller #0 PREEMPT(full) [ 203.221695][T11129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 203.221705][T11129] Call Trace: [ 203.221712][T11129] [ 203.221720][T11129] dump_stack_lvl+0x189/0x250 [ 203.221747][T11129] ? __pfx____ratelimit+0x10/0x10 [ 203.221764][T11129] ? __pfx_dump_stack_lvl+0x10/0x10 [ 203.221783][T11129] ? __pfx__printk+0x10/0x10 [ 203.221801][T11129] ? __pfx___might_resched+0x10/0x10 [ 203.221816][T11129] ? fs_reclaim_acquire+0x7d/0x100 [ 203.221856][T11129] should_fail_ex+0x414/0x560 [ 203.221880][T11129] should_failslab+0xa8/0x100 [ 203.221895][T11129] kmem_cache_alloc_node_noprof+0x77/0x710 [ 203.221914][T11129] ? __alloc_skb+0x112/0x2d0 [ 203.221932][T11129] ? netlink_autobind+0xdb/0x300 [ 203.221950][T11129] __alloc_skb+0x112/0x2d0 [ 203.221972][T11129] netlink_sendmsg+0x5c6/0xb30 [ 203.221992][T11129] ? __pfx_netlink_sendmsg+0x10/0x10 [ 203.222007][T11129] ? aa_sock_msg_perm+0xf1/0x1d0 [ 203.222035][T11129] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 203.222048][T11129] ? __pfx_netlink_sendmsg+0x10/0x10 [ 203.222062][T11129] __sock_sendmsg+0x21c/0x270 [ 203.222081][T11129] ____sys_sendmsg+0x505/0x830 [ 203.222100][T11129] ? __pfx_____sys_sendmsg+0x10/0x10 [ 203.222121][T11129] ? import_iovec+0x74/0xa0 [ 203.222141][T11129] ___sys_sendmsg+0x21f/0x2a0 [ 203.222156][T11129] ? __pfx____sys_sendmsg+0x10/0x10 [ 203.222197][T11129] ? __fget_files+0x2a/0x420 [ 203.222209][T11129] ? __fget_files+0x3a0/0x420 [ 203.222230][T11129] __x64_sys_sendmsg+0x19b/0x260 [ 203.222246][T11129] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 203.222267][T11129] ? __pfx_ksys_write+0x10/0x10 [ 203.222289][T11129] ? do_syscall_64+0xbe/0xfa0 [ 203.222308][T11129] do_syscall_64+0xfa/0xfa0 [ 203.222323][T11129] ? lockdep_hardirqs_on+0x9c/0x150 [ 203.222340][T11129] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.222358][T11129] ? clear_bhb_loop+0x60/0xb0 [ 203.222374][T11129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.222387][T11129] RIP: 0033:0x7f9ccdb8efc9 [ 203.222400][T11129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.222412][T11129] RSP: 002b:00007f9ccea35038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 203.222428][T11129] RAX: ffffffffffffffda RBX: 00007f9ccdde6090 RCX: 00007f9ccdb8efc9 [ 203.222438][T11129] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000004 [ 203.222447][T11129] RBP: 00007f9ccea35090 R08: 0000000000000000 R09: 0000000000000000 [ 203.222455][T11129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 203.222464][T11129] R13: 00007f9ccdde6128 R14: 00007f9ccdde6090 R15: 00007fff4b85f118 [ 203.222487][T11129] [ 203.636568][T11135] vxcan1 speed is unknown, defaulting to 1000 [ 203.773865][T11140] FAULT_INJECTION: forcing a failure. [ 203.773865][T11140] name failslab, interval 1, probability 0, space 0, times 0 [ 203.799922][T11140] CPU: 0 UID: 0 PID: 11140 Comm: syz.0.2124 Not tainted syzkaller #0 PREEMPT(full) [ 203.799955][T11140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 203.799967][T11140] Call Trace: [ 203.799974][T11140] [ 203.799982][T11140] dump_stack_lvl+0x189/0x250 [ 203.800010][T11140] ? __pfx____ratelimit+0x10/0x10 [ 203.800031][T11140] ? __pfx_dump_stack_lvl+0x10/0x10 [ 203.800054][T11140] ? __pfx__printk+0x10/0x10 [ 203.800079][T11140] ? __pfx___might_resched+0x10/0x10 [ 203.800097][T11140] ? fs_reclaim_acquire+0x7d/0x100 [ 203.800128][T11140] should_fail_ex+0x414/0x560 [ 203.800155][T11140] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 203.800176][T11140] should_failslab+0xa8/0x100 [ 203.800194][T11140] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 203.800218][T11140] kmem_cache_alloc_lru_noprof+0x79/0x6d0 [ 203.800242][T11140] ? alloc_inode+0x6a/0x1b0 [ 203.800266][T11140] ? __pfx_simple_start_creating+0x10/0x10 [ 203.800286][T11140] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 203.800308][T11140] alloc_inode+0x6a/0x1b0 [ 203.800335][T11140] new_inode+0x22/0x170 [ 203.800356][T11140] __debugfs_create_file+0x14d/0x4f0 [ 203.800386][T11140] debugfs_create_file_full+0x3f/0x60 [ 203.800414][T11140] ref_tracker_dir_debugfs+0x14e/0x270 [ 203.800433][T11140] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 203.800479][T11140] ? trace_kmalloc+0x1f/0xd0 [ 203.800499][T11140] ? __kvmalloc_node_noprof+0x5ed/0x910 [ 203.800529][T11140] ? __raw_spin_lock_init+0x45/0x100 [ 203.800555][T11140] alloc_netdev_mqs+0x272/0x11b0 [ 203.800575][T11140] ? __pfx_ip6gre_tunnel_setup+0x10/0x10 [ 203.800607][T11140] rtnl_create_link+0x31f/0xd10 [ 203.800635][T11140] rtnl_newlink_create+0x25c/0xb00 [ 203.800660][T11140] ? __lock_acquire+0xab9/0xd20 [ 203.800681][T11140] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 203.800761][T11140] ? __pfx___mutex_lock+0x10/0x10 [ 203.800803][T11140] ? ns_capable+0x8a/0xf0 [ 203.800826][T11140] rtnl_newlink+0x16e4/0x1c80 [ 203.800853][T11140] ? ____sys_sendmsg+0x505/0x830 [ 203.800892][T11140] ? __pfx_rtnl_newlink+0x10/0x10 [ 203.800935][T11140] ? kasan_quarantine_put+0xdd/0x220 [ 203.800957][T11140] ? lockdep_hardirqs_on+0x9c/0x150 [ 203.800991][T11140] ? nlmon_xmit+0xb0/0x100 [ 203.801009][T11140] ? kmem_cache_free+0x19b/0x690 [ 203.801041][T11140] ? __local_bh_enable_ip+0x12d/0x1c0 [ 203.801060][T11140] ? lockdep_hardirqs_on+0x9c/0x150 [ 203.801080][T11140] ? __local_bh_enable_ip+0x12d/0x1c0 [ 203.801097][T11140] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 203.801118][T11140] ? __dev_queue_xmit+0x284/0x3740 [ 203.801139][T11140] ? __dev_queue_xmit+0x284/0x3740 [ 203.801156][T11140] ? __dev_queue_xmit+0x1bfb/0x3740 [ 203.801183][T11140] ? __lock_acquire+0xab9/0xd20 [ 203.801225][T11140] ? __pfx_rtnl_newlink+0x10/0x10 [ 203.801247][T11140] rtnetlink_rcv_msg+0x7cf/0xb70 [ 203.801275][T11140] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 203.801298][T11140] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 203.801319][T11140] ? ref_tracker_free+0x63a/0x7d0 [ 203.801337][T11140] ? __asan_memcpy+0x40/0x70 [ 203.801358][T11140] ? __pfx_ref_tracker_free+0x10/0x10 [ 203.801387][T11140] netlink_rcv_skb+0x208/0x470 [ 203.801414][T11140] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 203.801439][T11140] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 203.801477][T11140] ? netlink_deliver_tap+0x2e/0x1b0 [ 203.801510][T11140] netlink_unicast+0x82f/0x9e0 [ 203.801543][T11140] ? __pfx_netlink_unicast+0x10/0x10 [ 203.801569][T11140] ? netlink_sendmsg+0x642/0xb30 [ 203.801584][T11140] ? skb_put+0x11b/0x210 [ 203.801604][T11140] netlink_sendmsg+0x805/0xb30 [ 203.801632][T11140] ? __pfx_netlink_sendmsg+0x10/0x10 [ 203.801653][T11140] ? aa_sock_msg_perm+0xf1/0x1d0 [ 203.801680][T11140] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 203.801697][T11140] ? __pfx_netlink_sendmsg+0x10/0x10 [ 203.801714][T11140] __sock_sendmsg+0x21c/0x270 [ 203.801737][T11140] ____sys_sendmsg+0x505/0x830 [ 203.801758][T11140] ? __pfx_____sys_sendmsg+0x10/0x10 [ 203.801783][T11140] ? import_iovec+0x74/0xa0 [ 203.801807][T11140] ___sys_sendmsg+0x21f/0x2a0 [ 203.801828][T11140] ? __pfx____sys_sendmsg+0x10/0x10 [ 203.801884][T11140] ? __fget_files+0x2a/0x420 [ 203.801900][T11140] ? __fget_files+0x3a0/0x420 [ 203.801926][T11140] __x64_sys_sendmsg+0x19b/0x260 [ 203.801947][T11140] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 203.801979][T11140] ? __pfx_ksys_write+0x10/0x10 [ 203.802007][T11140] ? do_syscall_64+0xbe/0xfa0 [ 203.802031][T11140] do_syscall_64+0xfa/0xfa0 [ 203.802050][T11140] ? lockdep_hardirqs_on+0x9c/0x150 [ 203.802069][T11140] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.802086][T11140] ? clear_bhb_loop+0x60/0xb0 [ 203.802107][T11140] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.802123][T11140] RIP: 0033:0x7f5d5998efc9 [ 203.802141][T11140] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.802155][T11140] RSP: 002b:00007f5d5a8d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 203.802173][T11140] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998efc9 [ 203.802186][T11140] RDX: 000000000000c010 RSI: 0000200000000200 RDI: 0000000000000003 [ 203.802198][T11140] RBP: 00007f5d5a8d5090 R08: 0000000000000000 R09: 0000000000000000 [ 203.802209][T11140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 203.802219][T11140] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 203.802249][T11140] [ 203.802381][T11140] debugfs: out of free dentries, can not create file 'netdev@ffff888032fc6618' [ 204.603488][T11174] FAULT_INJECTION: forcing a failure. [ 204.603488][T11174] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 204.679608][T11174] CPU: 1 UID: 0 PID: 11174 Comm: syz.3.2131 Not tainted syzkaller #0 PREEMPT(full) [ 204.679644][T11174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 204.679654][T11174] Call Trace: [ 204.679661][T11174] [ 204.679670][T11174] dump_stack_lvl+0x189/0x250 [ 204.679696][T11174] ? __pfx____ratelimit+0x10/0x10 [ 204.679716][T11174] ? __pfx_dump_stack_lvl+0x10/0x10 [ 204.679738][T11174] ? __pfx__printk+0x10/0x10 [ 204.679756][T11174] ? __might_fault+0xb0/0x130 [ 204.679789][T11174] should_fail_ex+0x414/0x560 [ 204.679818][T11174] _copy_from_iter+0x1de/0x1790 [ 204.679843][T11174] ? rcu_is_watching+0x15/0xb0 [ 204.679865][T11174] ? kmalloc_reserve+0xbd/0x290 [ 204.679890][T11174] ? __pfx__copy_from_iter+0x10/0x10 [ 204.679911][T11174] ? __build_skb_around+0x262/0x3f0 [ 204.679938][T11174] ? netlink_sendmsg+0x642/0xb30 [ 204.679953][T11174] ? skb_put+0x11b/0x210 [ 204.679972][T11174] netlink_sendmsg+0x6b2/0xb30 [ 204.679995][T11174] ? __pfx_netlink_sendmsg+0x10/0x10 [ 204.680015][T11174] ? aa_sock_msg_perm+0xf1/0x1d0 [ 204.680040][T11174] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 204.680057][T11174] ? __pfx_netlink_sendmsg+0x10/0x10 [ 204.680075][T11174] __sock_sendmsg+0x21c/0x270 [ 204.680099][T11174] ____sys_sendmsg+0x505/0x830 [ 204.680122][T11174] ? __pfx_____sys_sendmsg+0x10/0x10 [ 204.680149][T11174] ? import_iovec+0x74/0xa0 [ 204.680172][T11174] ___sys_sendmsg+0x21f/0x2a0 [ 204.680192][T11174] ? __pfx____sys_sendmsg+0x10/0x10 [ 204.680245][T11174] ? __fget_files+0x2a/0x420 [ 204.680260][T11174] ? __fget_files+0x3a0/0x420 [ 204.680287][T11174] __x64_sys_sendmsg+0x19b/0x260 [ 204.680308][T11174] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 204.680335][T11174] ? __pfx_ksys_write+0x10/0x10 [ 204.680364][T11174] ? do_syscall_64+0xbe/0xfa0 [ 204.680388][T11174] do_syscall_64+0xfa/0xfa0 [ 204.680406][T11174] ? lockdep_hardirqs_on+0x9c/0x150 [ 204.680426][T11174] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.680444][T11174] ? clear_bhb_loop+0x60/0xb0 [ 204.680464][T11174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.680480][T11174] RIP: 0033:0x7f8c0b58efc9 [ 204.680496][T11174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.680511][T11174] RSP: 002b:00007f8c0c455038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 204.680529][T11174] RAX: ffffffffffffffda RBX: 00007f8c0b7e6180 RCX: 00007f8c0b58efc9 [ 204.680542][T11174] RDX: 0000000020004804 RSI: 0000200000000000 RDI: 0000000000000003 [ 204.680554][T11174] RBP: 00007f8c0c455090 R08: 0000000000000000 R09: 0000000000000000 [ 204.680565][T11174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 204.680575][T11174] R13: 00007f8c0b7e6218 R14: 00007f8c0b7e6180 R15: 00007ffe93a31798 [ 204.680602][T11174] [ 204.778088][T11175] vxcan1 speed is unknown, defaulting to 1000 [ 205.326352][T11190] x_tables: ip_tables: osf match: only valid for protocol 6 [ 205.635934][T11199] netlink: 'syz.3.2142': attribute type 13 has an invalid length. [ 205.644073][T11199] netlink: 'syz.3.2142': attribute type 17 has an invalid length. [ 205.776251][T11206] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2145'. [ 205.802976][T11199] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 205.834214][T11211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2145'. [ 205.973741][T11206] 8021q: adding VLAN 0 to HW filter on device bond2 [ 206.015962][T11202] vxcan1 speed is unknown, defaulting to 1000 [ 206.027974][T11219] --map-set only usable from mangle table [ 206.265887][T11228] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2151'. [ 206.437337][T11233] FAULT_INJECTION: forcing a failure. [ 206.437337][T11233] name failslab, interval 1, probability 0, space 0, times 0 [ 206.452942][T11233] CPU: 0 UID: 0 PID: 11233 Comm: syz.3.2153 Not tainted syzkaller #0 PREEMPT(full) [ 206.452967][T11233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 206.452978][T11233] Call Trace: [ 206.452985][T11233] [ 206.452993][T11233] dump_stack_lvl+0x189/0x250 [ 206.453021][T11233] ? __pfx____ratelimit+0x10/0x10 [ 206.453041][T11233] ? __pfx_dump_stack_lvl+0x10/0x10 [ 206.453064][T11233] ? __pfx__printk+0x10/0x10 [ 206.453098][T11233] should_fail_ex+0x414/0x560 [ 206.453128][T11233] should_failslab+0xa8/0x100 [ 206.453148][T11233] __kmalloc_cache_noprof+0x6f/0x6f0 [ 206.453171][T11233] ? __sctp_v6_cmp_addr+0x1e6/0x510 [ 206.453192][T11233] ? sctp_add_bind_addr+0x8c/0x370 [ 206.453219][T11233] sctp_add_bind_addr+0x8c/0x370 [ 206.453244][T11233] sctp_copy_local_addr_list+0x30b/0x4e0 [ 206.453269][T11233] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 206.453290][T11233] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 206.453313][T11233] ? sctp_v6_is_any+0x64/0x80 [ 206.453336][T11233] ? sctp_copy_one_addr+0x93/0x360 [ 206.453360][T11233] sctp_bind_addr_copy+0xb3/0x3c0 [ 206.453382][T11233] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 206.453405][T11233] sctp_connect_new_asoc+0x2e0/0x690 [ 206.453441][T11233] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 206.453464][T11233] ? __local_bh_enable_ip+0x12d/0x1c0 [ 206.453491][T11233] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 206.453509][T11233] ? security_sctp_bind_connect+0x7e/0x2e0 [ 206.453533][T11233] sctp_sendmsg+0x155c/0x2810 [ 206.453570][T11233] ? __pfx_sctp_sendmsg+0x10/0x10 [ 206.453597][T11233] ? aa_sk_perm+0x81e/0x950 [ 206.453623][T11233] ? __pfx_aa_sk_perm+0x10/0x10 [ 206.453649][T11233] ? sock_rps_record_flow+0x19/0x410 [ 206.453683][T11233] ? inet_sendmsg+0x2f4/0x370 [ 206.453711][T11233] __sock_sendmsg+0x19c/0x270 [ 206.453735][T11233] __sys_sendto+0x3bd/0x520 [ 206.453760][T11233] ? __pfx___sys_sendto+0x10/0x10 [ 206.453782][T11233] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 206.453810][T11233] ? __fget_files+0x3a0/0x420 [ 206.453833][T11233] ? ksys_write+0x22a/0x250 [ 206.453857][T11233] ? __pfx_ksys_write+0x10/0x10 [ 206.453881][T11233] __x64_sys_sendto+0xde/0x100 [ 206.453909][T11233] do_syscall_64+0xfa/0xfa0 [ 206.453926][T11233] ? lockdep_hardirqs_on+0x9c/0x150 [ 206.453944][T11233] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.453961][T11233] ? clear_bhb_loop+0x60/0xb0 [ 206.453981][T11233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.453997][T11233] RIP: 0033:0x7f8c0b58efc9 [ 206.454013][T11233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 206.454028][T11233] RSP: 002b:00007f8c0c497038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 206.454046][T11233] RAX: ffffffffffffffda RBX: 00007f8c0b7e5fa0 RCX: 00007f8c0b58efc9 [ 206.454059][T11233] RDX: 000000000000ffe0 RSI: 0000200000000100 RDI: 0000000000000003 [ 206.454071][T11233] RBP: 00007f8c0c497090 R08: 0000200000000140 R09: 000000000000001c [ 206.454081][T11233] R10: 000000002000c851 R11: 0000000000000246 R12: 0000000000000002 [ 206.454092][T11233] R13: 00007f8c0b7e6038 R14: 00007f8c0b7e5fa0 R15: 00007ffe93a31798 [ 206.454123][T11233] [ 207.011070][T11240] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2154'. [ 207.019356][T11235] vxcan1 speed is unknown, defaulting to 1000 [ 207.473050][T11256] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2159'. [ 207.541066][T11256] ip6gre1: entered promiscuous mode [ 207.731103][T11258] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2160'. [ 208.148385][T11275] FAULT_INJECTION: forcing a failure. [ 208.148385][T11275] name failslab, interval 1, probability 0, space 0, times 0 [ 208.184621][T11275] CPU: 1 UID: 0 PID: 11275 Comm: syz.0.2165 Not tainted syzkaller #0 PREEMPT(full) [ 208.184647][T11275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 208.184658][T11275] Call Trace: [ 208.184666][T11275] [ 208.184674][T11275] dump_stack_lvl+0x189/0x250 [ 208.184701][T11275] ? __pfx____ratelimit+0x10/0x10 [ 208.184722][T11275] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.184746][T11275] ? __pfx__printk+0x10/0x10 [ 208.184767][T11275] ? __pfx___might_resched+0x10/0x10 [ 208.184786][T11275] ? fs_reclaim_acquire+0x7d/0x100 [ 208.184816][T11275] should_fail_ex+0x414/0x560 [ 208.184846][T11275] should_failslab+0xa8/0x100 [ 208.184865][T11275] __kmalloc_noprof+0xcb/0x7f0 [ 208.184888][T11275] ? bpf_test_init+0x9f/0x150 [ 208.184918][T11275] bpf_test_init+0x9f/0x150 [ 208.184950][T11275] bpf_prog_test_run_xdp+0x503/0x10e0 [ 208.184988][T11275] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 208.185018][T11275] ? __fget_files+0x2a/0x420 [ 208.185037][T11275] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 208.185063][T11275] bpf_prog_test_run+0x2c7/0x340 [ 208.185085][T11275] __sys_bpf+0x562/0x860 [ 208.185104][T11275] ? __pfx___sys_bpf+0x10/0x10 [ 208.185138][T11275] ? ksys_write+0x22a/0x250 [ 208.185163][T11275] ? __pfx_ksys_write+0x10/0x10 [ 208.185192][T11275] __x64_sys_bpf+0x7c/0x90 [ 208.185217][T11275] do_syscall_64+0xfa/0xfa0 [ 208.185235][T11275] ? lockdep_hardirqs_on+0x9c/0x150 [ 208.185255][T11275] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.185273][T11275] ? clear_bhb_loop+0x60/0xb0 [ 208.185294][T11275] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.185311][T11275] RIP: 0033:0x7f5d5998efc9 [ 208.185328][T11275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.185341][T11275] RSP: 002b:00007f5d5a8d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 208.185360][T11275] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998efc9 [ 208.185372][T11275] RDX: 0000000000000050 RSI: 0000200000000340 RDI: 000000000000000a [ 208.185384][T11275] RBP: 00007f5d5a8d5090 R08: 0000000000000000 R09: 0000000000000000 [ 208.185395][T11275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.185405][T11275] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 208.185441][T11275] [ 208.488759][T11279] FAULT_INJECTION: forcing a failure. [ 208.488759][T11279] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 208.503169][T11279] CPU: 0 UID: 0 PID: 11279 Comm: syz.0.2169 Not tainted syzkaller #0 PREEMPT(full) [ 208.503195][T11279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 208.503206][T11279] Call Trace: [ 208.503214][T11279] [ 208.503221][T11279] dump_stack_lvl+0x189/0x250 [ 208.503250][T11279] ? __pfx____ratelimit+0x10/0x10 [ 208.503270][T11279] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.503292][T11279] ? __pfx__printk+0x10/0x10 [ 208.503323][T11279] should_fail_ex+0x414/0x560 [ 208.503354][T11279] _copy_to_user+0x31/0xb0 [ 208.503377][T11279] bpf_test_finish+0x1ab/0x700 [ 208.503420][T11279] ? __pfx_bpf_test_finish+0x10/0x10 [ 208.503459][T11279] bpf_prog_test_run_skb+0xef8/0x1550 [ 208.503501][T11279] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 208.503527][T11279] bpf_prog_test_run+0x2c7/0x340 [ 208.503550][T11279] __sys_bpf+0x562/0x860 [ 208.503570][T11279] ? __pfx___sys_bpf+0x10/0x10 [ 208.503603][T11279] ? ksys_write+0x22a/0x250 [ 208.503629][T11279] ? __pfx_ksys_write+0x10/0x10 [ 208.503659][T11279] __x64_sys_bpf+0x7c/0x90 [ 208.503684][T11279] do_syscall_64+0xfa/0xfa0 [ 208.503703][T11279] ? lockdep_hardirqs_on+0x9c/0x150 [ 208.503724][T11279] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.503742][T11279] ? clear_bhb_loop+0x60/0xb0 [ 208.503763][T11279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.503780][T11279] RIP: 0033:0x7f5d5998efc9 [ 208.503797][T11279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.503812][T11279] RSP: 002b:00007f5d5a8d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 208.503848][T11279] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998efc9 [ 208.503862][T11279] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a [ 208.503874][T11279] RBP: 00007f5d5a8d5090 R08: 0000000000000000 R09: 0000000000000000 [ 208.503885][T11279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.503895][T11279] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 208.503931][T11279] [ 208.885286][T11286] BUG: Bad page state in process syz.0.2170 pfn:78807 [ 208.892257][T11286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078807a50 pfn:0x78807 [ 208.902389][T11286] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 208.909560][T11286] raw: 00fff00000000000 dead000000000040 ffff8880216ab000 0000000000000000 [ 208.918224][T11286] raw: ffff888078807a50 0000000000000001 00000000ffffffff 0000000000000000 [ 208.926829][T11286] page dumped because: page_pool leak [ 208.932265][T11286] page_owner tracks the page as allocated [ 208.938113][T11286] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11286, tgid 11285 (syz.0.2170), ts 208885141664, free_ts 208839636974 [ 208.955368][T11286] post_alloc_hook+0x240/0x2a0 [ 208.960214][T11286] get_page_from_freelist+0x2365/0x2440 [ 208.965772][T11286] __alloc_frozen_pages_noprof+0x181/0x370 [ 208.971658][T11286] alloc_pages_bulk_noprof+0x560/0x710 [ 208.977146][T11286] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 208.983284][T11286] skb_pp_cow_data+0xb47/0x13e0 [ 208.988204][T11286] do_xdp_generic+0x699/0x11a0 [ 208.992982][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 208.998779][T11286] __netif_receive_skb+0x72/0x380 [ 209.003819][T11286] netif_receive_skb+0x1cb/0x790 [ 209.008830][T11286] tun_rx_batched+0x1b9/0x730 [ 209.013517][T11286] tun_get_user+0x2b65/0x3e90 [ 209.018272][T11286] tun_chr_write_iter+0x113/0x200 [ 209.023321][T11286] vfs_write+0x5c9/0xb30 [ 209.027645][T11286] ksys_write+0x145/0x250 [ 209.031998][T11286] do_syscall_64+0xfa/0xfa0 [ 209.036523][T11286] page last free pid 11285 tgid 11285 stack trace: [ 209.043205][T11286] __free_frozen_pages+0xbc4/0xd30 [ 209.048381][T11286] __put_partials+0x146/0x170 [ 209.053086][T11286] put_cpu_partial+0x1f2/0x2e0 [ 209.057943][T11286] __slab_free+0x2b9/0x390 [ 209.061389][T11295] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2174'. [ 209.071323][T11286] qlist_free_all+0x97/0x140 [ 209.071362][T11286] kasan_quarantine_reduce+0x148/0x160 [ 209.071386][T11286] __kasan_slab_alloc+0x22/0x80 [ 209.071411][T11286] kmem_cache_alloc_noprof+0x367/0x6e0 [ 209.071434][T11286] getname_flags+0xb8/0x540 [ 209.071451][T11286] __x64_sys_symlinkat+0x7a/0xb0 [ 209.071474][T11286] do_syscall_64+0xfa/0xfa0 [ 209.071493][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.071511][T11286] Modules linked in: [ 209.071531][T11286] CPU: 0 UID: 0 PID: 11286 Comm: syz.0.2170 Not tainted syzkaller #0 PREEMPT(full) [ 209.071550][T11286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 209.071561][T11286] Call Trace: [ 209.071568][T11286] [ 209.071576][T11286] dump_stack_lvl+0x189/0x250 [ 209.071606][T11286] ? __pfx_dump_stack_lvl+0x10/0x10 [ 209.071629][T11286] ? __pfx_print_modules+0x10/0x10 [ 209.071663][T11286] bad_page+0x180/0x1c0 [ 209.071691][T11286] __free_frozen_pages+0xce2/0xd30 [ 209.071728][T11286] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 209.071769][T11286] bpf_xdp_adjust_tail+0x1d6/0x220 [ 209.071803][T11286] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 209.071820][T11286] bpf_prog_run_generic_xdp+0x606/0x13d0 [ 209.071868][T11286] do_xdp_generic+0x9f7/0x11a0 [ 209.071901][T11286] ? __pfx_do_xdp_generic+0x10/0x10 [ 209.071919][T11286] ? __skb_flow_dissect+0x5ef8/0x68b0 [ 209.071968][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 209.071996][T11286] ? __pfx___skb_flow_dissect+0x10/0x10 [ 209.072018][T11286] ? do_user_addr_fault+0xbbc/0x1380 [ 209.072043][T11286] ? do_user_addr_fault+0xc85/0x1380 [ 209.072071][T11286] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 209.072098][T11286] ? irqentry_exit+0x74/0x90 [ 209.072120][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 209.072146][T11286] ? __lock_acquire+0xab9/0xd20 [ 209.072170][T11286] ? netif_receive_skb+0x115/0x790 [ 209.072193][T11286] ? netif_receive_skb+0x115/0x790 [ 209.072219][T11286] __netif_receive_skb+0x72/0x380 [ 209.072240][T11286] ? _copy_from_iter+0x24f/0x1790 [ 209.072264][T11286] ? netif_receive_skb+0x115/0x790 [ 209.072284][T11286] netif_receive_skb+0x1cb/0x790 [ 209.072306][T11286] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 209.072325][T11286] ? __pfx_netif_receive_skb+0x10/0x10 [ 209.072353][T11286] ? tun_rx_batched+0x160/0x730 [ 209.072375][T11286] tun_rx_batched+0x1b9/0x730 [ 209.072395][T11286] ? __lock_acquire+0xab9/0xd20 [ 209.072416][T11286] ? __pfx_tun_rx_batched+0x10/0x10 [ 209.072440][T11286] ? tun_get_user+0x272f/0x3e90 [ 209.072473][T11286] tun_get_user+0x2b65/0x3e90 [ 209.072505][T11286] ? tun_get_user+0x272f/0x3e90 [ 209.072529][T11286] ? aa_file_perm+0x44d/0x1550 [ 209.072544][T11286] ? __pfx_tun_get_user+0x10/0x10 [ 209.072562][T11286] ? __futex_wait+0x34a/0x3d0 [ 209.072589][T11286] ? __pfx___futex_wait+0x10/0x10 [ 209.072614][T11286] ? ref_tracker_alloc+0x318/0x460 [ 209.072629][T11286] ? __lock_acquire+0xab9/0xd20 [ 209.072648][T11286] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 209.072670][T11286] ? tun_get+0x1c/0x2f0 [ 209.072695][T11286] ? tun_get+0x1c/0x2f0 [ 209.072714][T11286] ? tun_get+0x1c/0x2f0 [ 209.072738][T11286] tun_chr_write_iter+0x113/0x200 [ 209.072762][T11286] vfs_write+0x5c9/0xb30 [ 209.072790][T11286] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 209.072811][T11286] ? __pfx_vfs_write+0x10/0x10 [ 209.072844][T11286] ? __fget_files+0x2a/0x420 [ 209.072870][T11286] ksys_write+0x145/0x250 [ 209.072896][T11286] ? __pfx_ksys_write+0x10/0x10 [ 209.072923][T11286] ? do_syscall_64+0xbe/0xfa0 [ 209.072948][T11286] do_syscall_64+0xfa/0xfa0 [ 209.072967][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 209.072986][T11286] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.073004][T11286] ? clear_bhb_loop+0x60/0xb0 [ 209.073025][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.073043][T11286] RIP: 0033:0x7f5d5998da7f [ 209.073058][T11286] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 209.073080][T11286] RSP: 002b:00007f5d5a8d5000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 209.073099][T11286] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998da7f [ 209.073112][T11286] RDX: 0000000000011dc0 RSI: 0000200000001180 RDI: 00000000000000c8 [ 209.073125][T11286] RBP: 00007f5d59a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 209.073136][T11286] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 209.073147][T11286] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 209.073179][T11286] [ 209.073186][T11286] Disabling lock debugging due to kernel taint [ 209.444011][T11313] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2180'. [ 209.456341][T11286] BUG: Bad page state in process syz.0.2170 pfn:7881c [ 209.456362][T11286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807881cf00 pfn:0x7881c [ 209.456383][T11286] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 209.456405][T11286] raw: 00fff00000000000 dead000000000040 ffff8880216ab000 0000000000000000 [ 209.456420][T11286] raw: ffff88807881cf00 0000000000000001 00000000ffffffff 0000000000000000 [ 209.456430][T11286] page dumped because: page_pool leak [ 209.456439][T11286] page_owner tracks the page as allocated [ 209.456447][T11286] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11286, tgid 11285 (syz.0.2170), ts 208885123854, free_ts 208839651687 [ 209.456475][T11286] post_alloc_hook+0x240/0x2a0 [ 209.545393][T11317] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2181'. [ 209.547029][T11286] get_page_from_freelist+0x2365/0x2440 [ 209.611694][T11286] __alloc_frozen_pages_noprof+0x181/0x370 [ 209.617526][T11286] alloc_pages_bulk_noprof+0x560/0x710 [ 209.622982][T11286] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 209.629073][T11286] skb_pp_cow_data+0xb47/0x13e0 [ 209.633926][T11286] do_xdp_generic+0x699/0x11a0 [ 209.638706][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 209.644426][T11286] __netif_receive_skb+0x72/0x380 [ 209.649469][T11286] netif_receive_skb+0x1cb/0x790 [ 209.654403][T11286] tun_rx_batched+0x1b9/0x730 [ 209.659092][T11286] tun_get_user+0x2b65/0x3e90 [ 209.663762][T11286] tun_chr_write_iter+0x113/0x200 [ 209.668804][T11286] vfs_write+0x5c9/0xb30 [ 209.673043][T11286] ksys_write+0x145/0x250 [ 209.677359][T11286] do_syscall_64+0xfa/0xfa0 [ 209.681909][T11286] page last free pid 11285 tgid 11285 stack trace: [ 209.688443][T11286] __free_frozen_pages+0xbc4/0xd30 [ 209.693571][T11286] __put_partials+0x146/0x170 [ 209.698297][T11286] put_cpu_partial+0x1f2/0x2e0 [ 209.703060][T11286] __slab_free+0x2b9/0x390 [ 209.707505][T11286] qlist_free_all+0x97/0x140 [ 209.712108][T11286] kasan_quarantine_reduce+0x148/0x160 [ 209.717615][T11286] __kasan_slab_alloc+0x22/0x80 [ 209.722468][T11286] kmem_cache_alloc_noprof+0x367/0x6e0 [ 209.727951][T11286] getname_flags+0xb8/0x540 [ 209.732448][T11286] __x64_sys_symlinkat+0x7a/0xb0 [ 209.737413][T11286] do_syscall_64+0xfa/0xfa0 [ 209.741924][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.747832][T11286] Modules linked in: [ 209.751724][T11286] CPU: 0 UID: 0 PID: 11286 Comm: syz.0.2170 Tainted: G B syzkaller #0 PREEMPT(full) [ 209.751740][T11286] Tainted: [B]=BAD_PAGE [ 209.751744][T11286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 209.751751][T11286] Call Trace: [ 209.751755][T11286] [ 209.751760][T11286] dump_stack_lvl+0x189/0x250 [ 209.751777][T11286] ? __pfx_dump_stack_lvl+0x10/0x10 [ 209.751790][T11286] ? __pfx_print_modules+0x10/0x10 [ 209.751803][T11286] bad_page+0x180/0x1c0 [ 209.751816][T11286] __free_frozen_pages+0xce2/0xd30 [ 209.751831][T11286] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 209.751849][T11286] bpf_xdp_adjust_tail+0x1d6/0x220 [ 209.751865][T11286] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 209.751875][T11286] bpf_prog_run_generic_xdp+0x606/0x13d0 [ 209.751893][T11286] do_xdp_generic+0x9f7/0x11a0 [ 209.751906][T11286] ? __pfx_do_xdp_generic+0x10/0x10 [ 209.751917][T11286] ? __skb_flow_dissect+0x5ef8/0x68b0 [ 209.751933][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 209.751947][T11286] ? __pfx___skb_flow_dissect+0x10/0x10 [ 209.751957][T11286] ? do_user_addr_fault+0xbbc/0x1380 [ 209.751969][T11286] ? do_user_addr_fault+0xc85/0x1380 [ 209.751979][T11286] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 209.751992][T11286] ? irqentry_exit+0x74/0x90 [ 209.752003][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 209.752020][T11286] ? __lock_acquire+0xab9/0xd20 [ 209.752031][T11286] ? netif_receive_skb+0x115/0x790 [ 209.752043][T11286] ? netif_receive_skb+0x115/0x790 [ 209.752055][T11286] __netif_receive_skb+0x72/0x380 [ 209.752067][T11286] ? _copy_from_iter+0x24f/0x1790 [ 209.752079][T11286] ? netif_receive_skb+0x115/0x790 [ 209.752090][T11286] netif_receive_skb+0x1cb/0x790 [ 209.752101][T11286] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 209.752112][T11286] ? __pfx_netif_receive_skb+0x10/0x10 [ 209.752125][T11286] ? tun_rx_batched+0x160/0x730 [ 209.752137][T11286] tun_rx_batched+0x1b9/0x730 [ 209.752148][T11286] ? __lock_acquire+0xab9/0xd20 [ 209.752158][T11286] ? __pfx_tun_rx_batched+0x10/0x10 [ 209.752169][T11286] ? tun_get_user+0x272f/0x3e90 [ 209.752183][T11286] tun_get_user+0x2b65/0x3e90 [ 209.752196][T11286] ? tun_get_user+0x272f/0x3e90 [ 209.752207][T11286] ? aa_file_perm+0x44d/0x1550 [ 209.752216][T11286] ? __pfx_tun_get_user+0x10/0x10 [ 209.752225][T11286] ? __futex_wait+0x34a/0x3d0 [ 209.752237][T11286] ? __pfx___futex_wait+0x10/0x10 [ 209.752248][T11286] ? ref_tracker_alloc+0x318/0x460 [ 209.752257][T11286] ? __lock_acquire+0xab9/0xd20 [ 209.752269][T11286] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 209.752279][T11286] ? tun_get+0x1c/0x2f0 [ 209.752290][T11286] ? tun_get+0x1c/0x2f0 [ 209.752300][T11286] ? tun_get+0x1c/0x2f0 [ 209.752310][T11286] tun_chr_write_iter+0x113/0x200 [ 209.752322][T11286] vfs_write+0x5c9/0xb30 [ 209.752336][T11286] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 209.752347][T11286] ? __pfx_vfs_write+0x10/0x10 [ 209.752361][T11286] ? __fget_files+0x2a/0x420 [ 209.752372][T11286] ksys_write+0x145/0x250 [ 209.752386][T11286] ? __pfx_ksys_write+0x10/0x10 [ 209.752399][T11286] ? do_syscall_64+0xbe/0xfa0 [ 209.752419][T11286] do_syscall_64+0xfa/0xfa0 [ 209.752438][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 209.752458][T11286] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.752474][T11286] ? clear_bhb_loop+0x60/0xb0 [ 209.752484][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.752494][T11286] RIP: 0033:0x7f5d5998da7f [ 209.752503][T11286] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 209.752512][T11286] RSP: 002b:00007f5d5a8d5000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 209.752525][T11286] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998da7f [ 209.752532][T11286] RDX: 0000000000011dc0 RSI: 0000200000001180 RDI: 00000000000000c8 [ 209.752539][T11286] RBP: 00007f5d59a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 209.752546][T11286] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 209.752552][T11286] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 209.752563][T11286] [ 209.752570][T11286] BUG: Bad page state in process syz.0.2170 pfn:78806 [ 210.155994][T11286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078806f00 pfn:0x78806 [ 210.166087][T11286] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 210.173260][T11286] raw: 00fff00000000000 dead000000000040 ffff8880216ab000 0000000000000000 [ 210.181869][T11286] raw: ffff888078806f00 0000000000000001 00000000ffffffff 0000000000000000 [ 210.190472][T11286] page dumped because: page_pool leak [ 210.195820][T11286] page_owner tracks the page as allocated [ 210.201539][T11286] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11286, tgid 11285 (syz.0.2170), ts 208885105930, free_ts 208839666446 [ 210.218753][T11286] post_alloc_hook+0x240/0x2a0 [ 210.223591][T11286] get_page_from_freelist+0x2365/0x2440 [ 210.229158][T11286] __alloc_frozen_pages_noprof+0x181/0x370 [ 210.234961][T11286] alloc_pages_bulk_noprof+0x560/0x710 [ 210.240437][T11286] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 210.246503][T11286] skb_pp_cow_data+0xb47/0x13e0 [ 210.251369][T11286] do_xdp_generic+0x699/0x11a0 [ 210.256131][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 210.261869][T11286] __netif_receive_skb+0x72/0x380 [ 210.266894][T11286] netif_receive_skb+0x1cb/0x790 [ 210.271853][T11286] tun_rx_batched+0x1b9/0x730 [ 210.276578][T11286] tun_get_user+0x2b65/0x3e90 [ 210.281305][T11286] tun_chr_write_iter+0x113/0x200 [ 210.286325][T11286] vfs_write+0x5c9/0xb30 [ 210.290581][T11286] ksys_write+0x145/0x250 [ 210.294914][T11286] do_syscall_64+0xfa/0xfa0 [ 210.299438][T11286] page last free pid 11285 tgid 11285 stack trace: [ 210.305926][T11286] __free_frozen_pages+0xbc4/0xd30 [ 210.311064][T11286] __put_partials+0x146/0x170 [ 210.315736][T11286] put_cpu_partial+0x1f2/0x2e0 [ 210.320520][T11286] __slab_free+0x2b9/0x390 [ 210.324932][T11286] qlist_free_all+0x97/0x140 [ 210.329547][T11286] kasan_quarantine_reduce+0x148/0x160 [ 210.335012][T11286] __kasan_slab_alloc+0x22/0x80 [ 210.339884][T11286] kmem_cache_alloc_noprof+0x367/0x6e0 [ 210.345347][T11286] getname_flags+0xb8/0x540 [ 210.349986][T11286] __x64_sys_symlinkat+0x7a/0xb0 [ 210.354929][T11286] do_syscall_64+0xfa/0xfa0 [ 210.359460][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.365349][T11286] Modules linked in: [ 210.369262][T11286] CPU: 0 UID: 0 PID: 11286 Comm: syz.0.2170 Tainted: G B syzkaller #0 PREEMPT(full) [ 210.369288][T11286] Tainted: [B]=BAD_PAGE [ 210.369294][T11286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 210.369304][T11286] Call Trace: [ 210.369311][T11286] [ 210.369317][T11286] dump_stack_lvl+0x189/0x250 [ 210.369344][T11286] ? __pfx_dump_stack_lvl+0x10/0x10 [ 210.369366][T11286] ? __pfx_print_modules+0x10/0x10 [ 210.369389][T11286] bad_page+0x180/0x1c0 [ 210.369412][T11286] __free_frozen_pages+0xce2/0xd30 [ 210.369441][T11286] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 210.369472][T11286] bpf_xdp_adjust_tail+0x1d6/0x220 [ 210.369500][T11286] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 210.369516][T11286] bpf_prog_run_generic_xdp+0x606/0x13d0 [ 210.369548][T11286] do_xdp_generic+0x9f7/0x11a0 [ 210.369574][T11286] ? __pfx_do_xdp_generic+0x10/0x10 [ 210.369592][T11286] ? __skb_flow_dissect+0x5ef8/0x68b0 [ 210.369623][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 210.369648][T11286] ? __pfx___skb_flow_dissect+0x10/0x10 [ 210.369666][T11286] ? do_user_addr_fault+0xbbc/0x1380 [ 210.369687][T11286] ? do_user_addr_fault+0xc85/0x1380 [ 210.369706][T11286] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 210.369730][T11286] ? irqentry_exit+0x74/0x90 [ 210.369750][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 210.369773][T11286] ? __lock_acquire+0xab9/0xd20 [ 210.369793][T11286] ? netif_receive_skb+0x115/0x790 [ 210.369814][T11286] ? netif_receive_skb+0x115/0x790 [ 210.369832][T11286] __netif_receive_skb+0x72/0x380 [ 210.369852][T11286] ? _copy_from_iter+0x24f/0x1790 [ 210.369872][T11286] ? netif_receive_skb+0x115/0x790 [ 210.369893][T11286] netif_receive_skb+0x1cb/0x790 [ 210.369914][T11286] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 210.369934][T11286] ? __pfx_netif_receive_skb+0x10/0x10 [ 210.369957][T11286] ? tun_rx_batched+0x160/0x730 [ 210.369988][T11286] tun_rx_batched+0x1b9/0x730 [ 210.370007][T11286] ? __lock_acquire+0xab9/0xd20 [ 210.370026][T11286] ? __pfx_tun_rx_batched+0x10/0x10 [ 210.370047][T11286] ? tun_get_user+0x272f/0x3e90 [ 210.370072][T11286] tun_get_user+0x2b65/0x3e90 [ 210.370095][T11286] ? tun_get_user+0x272f/0x3e90 [ 210.370117][T11286] ? aa_file_perm+0x44d/0x1550 [ 210.370132][T11286] ? __pfx_tun_get_user+0x10/0x10 [ 210.370148][T11286] ? __futex_wait+0x34a/0x3d0 [ 210.370169][T11286] ? __pfx___futex_wait+0x10/0x10 [ 210.370190][T11286] ? ref_tracker_alloc+0x318/0x460 [ 210.370206][T11286] ? __lock_acquire+0xab9/0xd20 [ 210.370222][T11286] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 210.370240][T11286] ? tun_get+0x1c/0x2f0 [ 210.370261][T11286] ? tun_get+0x1c/0x2f0 [ 210.370279][T11286] ? tun_get+0x1c/0x2f0 [ 210.370299][T11286] tun_chr_write_iter+0x113/0x200 [ 210.370321][T11286] vfs_write+0x5c9/0xb30 [ 210.370346][T11286] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 210.370367][T11286] ? __pfx_vfs_write+0x10/0x10 [ 210.370395][T11286] ? __fget_files+0x2a/0x420 [ 210.370415][T11286] ksys_write+0x145/0x250 [ 210.370439][T11286] ? __pfx_ksys_write+0x10/0x10 [ 210.370463][T11286] ? do_syscall_64+0xbe/0xfa0 [ 210.370485][T11286] do_syscall_64+0xfa/0xfa0 [ 210.370505][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 210.370525][T11286] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.370542][T11286] ? clear_bhb_loop+0x60/0xb0 [ 210.370561][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.370579][T11286] RIP: 0033:0x7f5d5998da7f [ 210.370595][T11286] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 210.370610][T11286] RSP: 002b:00007f5d5a8d5000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 210.370629][T11286] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998da7f [ 210.370642][T11286] RDX: 0000000000011dc0 RSI: 0000200000001180 RDI: 00000000000000c8 [ 210.370655][T11286] RBP: 00007f5d59a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 210.370666][T11286] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 210.370677][T11286] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 210.370698][T11286] [ 210.370709][T11286] BUG: Bad page state in process syz.0.2170 pfn:57f1c [ 210.773968][T11286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888057f1cf00 pfn:0x57f1c [ 210.784064][T11286] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 210.791197][T11286] raw: 00fff00000000000 dead000000000040 ffff8880216ab000 0000000000000000 [ 210.799808][T11286] raw: ffff888057f1cf00 0000000000000001 00000000ffffffff 0000000000000000 [ 210.808395][T11286] page dumped because: page_pool leak [ 210.813748][T11286] page_owner tracks the page as allocated [ 210.819464][T11286] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11286, tgid 11285 (syz.0.2170), ts 208885089614, free_ts 208839681294 [ 210.836682][T11286] post_alloc_hook+0x240/0x2a0 [ 210.841467][T11286] get_page_from_freelist+0x2365/0x2440 [ 210.847035][T11286] __alloc_frozen_pages_noprof+0x181/0x370 [ 210.852881][T11286] alloc_pages_bulk_noprof+0x560/0x710 [ 210.858364][T11286] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 210.864416][T11286] skb_pp_cow_data+0xb47/0x13e0 [ 210.869284][T11286] do_xdp_generic+0x699/0x11a0 [ 210.874046][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 210.879800][T11286] __netif_receive_skb+0x72/0x380 [ 210.884836][T11286] netif_receive_skb+0x1cb/0x790 [ 210.889803][T11286] tun_rx_batched+0x1b9/0x730 [ 210.894487][T11286] tun_get_user+0x2b65/0x3e90 [ 210.899193][T11286] tun_chr_write_iter+0x113/0x200 [ 210.904214][T11286] vfs_write+0x5c9/0xb30 [ 210.908472][T11286] ksys_write+0x145/0x250 [ 210.912829][T11286] do_syscall_64+0xfa/0xfa0 [ 210.917413][T11286] page last free pid 11285 tgid 11285 stack trace: [ 210.923901][T11286] __free_frozen_pages+0xbc4/0xd30 [ 210.929034][T11286] __put_partials+0x146/0x170 [ 210.933706][T11286] put_cpu_partial+0x1f2/0x2e0 [ 210.938501][T11286] __slab_free+0x2b9/0x390 [ 210.942926][T11286] qlist_free_all+0x97/0x140 [ 210.947546][T11286] kasan_quarantine_reduce+0x148/0x160 [ 210.953008][T11286] __kasan_slab_alloc+0x22/0x80 [ 210.957884][T11286] kmem_cache_alloc_noprof+0x367/0x6e0 [ 210.963341][T11286] getname_flags+0xb8/0x540 [ 210.967880][T11286] __x64_sys_symlinkat+0x7a/0xb0 [ 210.972838][T11286] do_syscall_64+0xfa/0xfa0 [ 210.977324][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.983241][T11286] Modules linked in: [ 210.987144][T11286] CPU: 0 UID: 0 PID: 11286 Comm: syz.0.2170 Tainted: G B syzkaller #0 PREEMPT(full) [ 210.987169][T11286] Tainted: [B]=BAD_PAGE [ 210.987175][T11286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 210.987186][T11286] Call Trace: [ 210.987193][T11286] [ 210.987200][T11286] dump_stack_lvl+0x189/0x250 [ 210.987218][T11286] ? __pfx_dump_stack_lvl+0x10/0x10 [ 210.987231][T11286] ? __pfx_print_modules+0x10/0x10 [ 210.987244][T11286] bad_page+0x180/0x1c0 [ 210.987257][T11286] __free_frozen_pages+0xce2/0xd30 [ 210.987273][T11286] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 210.987290][T11286] bpf_xdp_adjust_tail+0x1d6/0x220 [ 210.987306][T11286] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 210.987315][T11286] bpf_prog_run_generic_xdp+0x606/0x13d0 [ 210.987333][T11286] do_xdp_generic+0x9f7/0x11a0 [ 210.987346][T11286] ? __pfx_do_xdp_generic+0x10/0x10 [ 210.987357][T11286] ? __skb_flow_dissect+0x5ef8/0x68b0 [ 210.987385][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 210.987409][T11286] ? __pfx___skb_flow_dissect+0x10/0x10 [ 210.987427][T11286] ? do_user_addr_fault+0xbbc/0x1380 [ 210.987445][T11286] ? do_user_addr_fault+0xc85/0x1380 [ 210.987464][T11286] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 210.987486][T11286] ? irqentry_exit+0x74/0x90 [ 210.987498][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 210.987510][T11286] ? __lock_acquire+0xab9/0xd20 [ 210.987521][T11286] ? netif_receive_skb+0x115/0x790 [ 210.987532][T11286] ? netif_receive_skb+0x115/0x790 [ 210.987544][T11286] __netif_receive_skb+0x72/0x380 [ 210.987556][T11286] ? _copy_from_iter+0x24f/0x1790 [ 210.987568][T11286] ? netif_receive_skb+0x115/0x790 [ 210.987579][T11286] netif_receive_skb+0x1cb/0x790 [ 210.987591][T11286] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 210.987602][T11286] ? __pfx_netif_receive_skb+0x10/0x10 [ 210.987615][T11286] ? tun_rx_batched+0x160/0x730 [ 210.987627][T11286] tun_rx_batched+0x1b9/0x730 [ 210.987638][T11286] ? __lock_acquire+0xab9/0xd20 [ 210.987648][T11286] ? __pfx_tun_rx_batched+0x10/0x10 [ 210.987660][T11286] ? tun_get_user+0x272f/0x3e90 [ 210.987673][T11286] tun_get_user+0x2b65/0x3e90 [ 210.987687][T11286] ? tun_get_user+0x272f/0x3e90 [ 210.987698][T11286] ? aa_file_perm+0x44d/0x1550 [ 210.987707][T11286] ? __pfx_tun_get_user+0x10/0x10 [ 210.987717][T11286] ? __futex_wait+0x34a/0x3d0 [ 210.987729][T11286] ? __pfx___futex_wait+0x10/0x10 [ 210.987740][T11286] ? ref_tracker_alloc+0x318/0x460 [ 210.987749][T11286] ? __lock_acquire+0xab9/0xd20 [ 210.987758][T11286] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 210.987768][T11286] ? tun_get+0x1c/0x2f0 [ 210.987779][T11286] ? tun_get+0x1c/0x2f0 [ 210.987789][T11286] ? tun_get+0x1c/0x2f0 [ 210.987799][T11286] tun_chr_write_iter+0x113/0x200 [ 210.987811][T11286] vfs_write+0x5c9/0xb30 [ 210.987825][T11286] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 210.987836][T11286] ? __pfx_vfs_write+0x10/0x10 [ 210.987851][T11286] ? __fget_files+0x2a/0x420 [ 210.987862][T11286] ksys_write+0x145/0x250 [ 210.987875][T11286] ? __pfx_ksys_write+0x10/0x10 [ 210.987889][T11286] ? do_syscall_64+0xbe/0xfa0 [ 210.987902][T11286] do_syscall_64+0xfa/0xfa0 [ 210.987912][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 210.987923][T11286] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.987933][T11286] ? clear_bhb_loop+0x60/0xb0 [ 210.987950][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.987959][T11286] RIP: 0033:0x7f5d5998da7f [ 210.987969][T11286] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 210.987978][T11286] RSP: 002b:00007f5d5a8d5000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 210.987990][T11286] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998da7f [ 210.987998][T11286] RDX: 0000000000011dc0 RSI: 0000200000001180 RDI: 00000000000000c8 [ 210.988005][T11286] RBP: 00007f5d59a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 210.988012][T11286] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 210.988018][T11286] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 210.988029][T11286] [ 211.383857][T11286] BUG: Bad page state in process syz.0.2170 pfn:5a9ec [ 211.390737][T11286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805a9ecf00 pfn:0x5a9ec [ 211.400817][T11286] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 211.408048][T11286] raw: 00fff00000000000 dead000000000040 ffff8880216ab000 0000000000000000 [ 211.416624][T11286] raw: ffff88805a9ecf00 0000000000000001 00000000ffffffff 0000000000000000 [ 211.425331][T11286] page dumped because: page_pool leak [ 211.430730][T11286] page_owner tracks the page as allocated [ 211.436429][T11286] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11286, tgid 11285 (syz.0.2170), ts 208885071861, free_ts 208839696100 [ 211.453642][T11286] post_alloc_hook+0x240/0x2a0 [ 211.458469][T11286] get_page_from_freelist+0x2365/0x2440 [ 211.464004][T11286] __alloc_frozen_pages_noprof+0x181/0x370 [ 211.469851][T11286] alloc_pages_bulk_noprof+0x560/0x710 [ 211.475306][T11286] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 211.481390][T11286] skb_pp_cow_data+0xb47/0x13e0 [ 211.486247][T11286] do_xdp_generic+0x699/0x11a0 [ 211.491028][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 211.496746][T11286] __netif_receive_skb+0x72/0x380 [ 211.501789][T11286] netif_receive_skb+0x1cb/0x790 [ 211.506732][T11286] tun_rx_batched+0x1b9/0x730 [ 211.511428][T11286] tun_get_user+0x2b65/0x3e90 [ 211.516102][T11286] tun_chr_write_iter+0x113/0x200 [ 211.521139][T11286] vfs_write+0x5c9/0xb30 [ 211.525385][T11286] ksys_write+0x145/0x250 [ 211.529733][T11286] do_syscall_64+0xfa/0xfa0 [ 211.534234][T11286] page last free pid 11285 tgid 11285 stack trace: [ 211.540743][T11286] __free_frozen_pages+0xbc4/0xd30 [ 211.545871][T11286] __put_partials+0x146/0x170 [ 211.550564][T11286] put_cpu_partial+0x1f2/0x2e0 [ 211.555324][T11286] __slab_free+0x2b9/0x390 [ 211.559756][T11286] qlist_free_all+0x97/0x140 [ 211.564353][T11286] kasan_quarantine_reduce+0x148/0x160 [ 211.569848][T11286] __kasan_slab_alloc+0x22/0x80 [ 211.574705][T11286] kmem_cache_alloc_noprof+0x367/0x6e0 [ 211.580185][T11286] getname_flags+0xb8/0x540 [ 211.584689][T11286] __x64_sys_symlinkat+0x7a/0xb0 [ 211.589643][T11286] do_syscall_64+0xfa/0xfa0 [ 211.594158][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.600153][T11286] Modules linked in: [ 211.604047][T11286] CPU: 0 UID: 0 PID: 11286 Comm: syz.0.2170 Tainted: G B syzkaller #0 PREEMPT(full) [ 211.604062][T11286] Tainted: [B]=BAD_PAGE [ 211.604066][T11286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 211.604073][T11286] Call Trace: [ 211.604077][T11286] [ 211.604081][T11286] dump_stack_lvl+0x189/0x250 [ 211.604098][T11286] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.604115][T11286] ? __pfx_print_modules+0x10/0x10 [ 211.604142][T11286] bad_page+0x180/0x1c0 [ 211.604162][T11286] __free_frozen_pages+0xce2/0xd30 [ 211.604188][T11286] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 211.604218][T11286] bpf_xdp_adjust_tail+0x1d6/0x220 [ 211.604237][T11286] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 211.604246][T11286] bpf_prog_run_generic_xdp+0x606/0x13d0 [ 211.604265][T11286] do_xdp_generic+0x9f7/0x11a0 [ 211.604278][T11286] ? __pfx_do_xdp_generic+0x10/0x10 [ 211.604289][T11286] ? __skb_flow_dissect+0x5ef8/0x68b0 [ 211.604305][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 211.604319][T11286] ? __pfx___skb_flow_dissect+0x10/0x10 [ 211.604329][T11286] ? do_user_addr_fault+0xbbc/0x1380 [ 211.604341][T11286] ? do_user_addr_fault+0xc85/0x1380 [ 211.604351][T11286] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 211.604364][T11286] ? irqentry_exit+0x74/0x90 [ 211.604376][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 211.604388][T11286] ? __lock_acquire+0xab9/0xd20 [ 211.604399][T11286] ? netif_receive_skb+0x115/0x790 [ 211.604410][T11286] ? netif_receive_skb+0x115/0x790 [ 211.604422][T11286] __netif_receive_skb+0x72/0x380 [ 211.604434][T11286] ? _copy_from_iter+0x24f/0x1790 [ 211.604446][T11286] ? netif_receive_skb+0x115/0x790 [ 211.604457][T11286] netif_receive_skb+0x1cb/0x790 [ 211.604468][T11286] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 211.604480][T11286] ? __pfx_netif_receive_skb+0x10/0x10 [ 211.604492][T11286] ? tun_rx_batched+0x160/0x730 [ 211.604504][T11286] tun_rx_batched+0x1b9/0x730 [ 211.604515][T11286] ? __lock_acquire+0xab9/0xd20 [ 211.604525][T11286] ? __pfx_tun_rx_batched+0x10/0x10 [ 211.604536][T11286] ? tun_get_user+0x272f/0x3e90 [ 211.604550][T11286] tun_get_user+0x2b65/0x3e90 [ 211.604563][T11286] ? tun_get_user+0x272f/0x3e90 [ 211.604574][T11286] ? aa_file_perm+0x44d/0x1550 [ 211.604583][T11286] ? __pfx_tun_get_user+0x10/0x10 [ 211.604592][T11286] ? __futex_wait+0x34a/0x3d0 [ 211.604604][T11286] ? __pfx___futex_wait+0x10/0x10 [ 211.604615][T11286] ? ref_tracker_alloc+0x318/0x460 [ 211.604624][T11286] ? __lock_acquire+0xab9/0xd20 [ 211.604633][T11286] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 211.604643][T11286] ? tun_get+0x1c/0x2f0 [ 211.604654][T11286] ? tun_get+0x1c/0x2f0 [ 211.604664][T11286] ? tun_get+0x1c/0x2f0 [ 211.604674][T11286] tun_chr_write_iter+0x113/0x200 [ 211.604686][T11286] vfs_write+0x5c9/0xb30 [ 211.604701][T11286] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 211.604711][T11286] ? __pfx_vfs_write+0x10/0x10 [ 211.604726][T11286] ? __fget_files+0x2a/0x420 [ 211.604737][T11286] ksys_write+0x145/0x250 [ 211.604751][T11286] ? __pfx_ksys_write+0x10/0x10 [ 211.604764][T11286] ? do_syscall_64+0xbe/0xfa0 [ 211.604777][T11286] do_syscall_64+0xfa/0xfa0 [ 211.604787][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 211.604804][T11286] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.604814][T11286] ? clear_bhb_loop+0x60/0xb0 [ 211.604825][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.604834][T11286] RIP: 0033:0x7f5d5998da7f [ 211.604844][T11286] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 211.604853][T11286] RSP: 002b:00007f5d5a8d5000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 211.604865][T11286] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998da7f [ 211.604873][T11286] RDX: 0000000000011dc0 RSI: 0000200000001180 RDI: 00000000000000c8 [ 211.604879][T11286] RBP: 00007f5d59a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 211.604886][T11286] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 211.604892][T11286] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 211.604903][T11286] [ 211.604910][T11286] BUG: Bad page state in process syz.0.2170 pfn:5a9ed [ 212.008351][T11286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805a9edf00 pfn:0x5a9ed [ 212.018448][T11286] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 212.025561][T11286] raw: 00fff00000000000 dead000000000040 ffff8880216ab000 0000000000000000 [ 212.034192][T11286] raw: ffff88805a9edf00 0000000000000001 00000000ffffffff 0000000000000000 [ 212.042785][T11286] page dumped because: page_pool leak [ 212.048168][T11286] page_owner tracks the page as allocated [ 212.053870][T11286] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11286, tgid 11285 (syz.0.2170), ts 208885054690, free_ts 208839711016 [ 212.071075][T11286] post_alloc_hook+0x240/0x2a0 [ 212.075847][T11286] get_page_from_freelist+0x2365/0x2440 [ 212.081413][T11286] __alloc_frozen_pages_noprof+0x181/0x370 [ 212.087219][T11286] alloc_pages_bulk_noprof+0x560/0x710 [ 212.092696][T11286] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 212.098786][T11286] skb_pp_cow_data+0xb47/0x13e0 [ 212.103625][T11286] do_xdp_generic+0x699/0x11a0 [ 212.108395][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 212.114113][T11286] __netif_receive_skb+0x72/0x380 [ 212.119157][T11286] netif_receive_skb+0x1cb/0x790 [ 212.124100][T11286] tun_rx_batched+0x1b9/0x730 [ 212.128812][T11286] tun_get_user+0x2b65/0x3e90 [ 212.133482][T11286] tun_chr_write_iter+0x113/0x200 [ 212.138517][T11286] vfs_write+0x5c9/0xb30 [ 212.142760][T11286] ksys_write+0x145/0x250 [ 212.147070][T11286] do_syscall_64+0xfa/0xfa0 [ 212.151585][T11286] page last free pid 11285 tgid 11285 stack trace: [ 212.158098][T11286] __free_frozen_pages+0xbc4/0xd30 [ 212.163193][T11286] __put_partials+0x146/0x170 [ 212.167876][T11286] put_cpu_partial+0x1f2/0x2e0 [ 212.172642][T11286] __slab_free+0x2b9/0x390 [ 212.177036][T11286] qlist_free_all+0x97/0x140 [ 212.181651][T11286] kasan_quarantine_reduce+0x148/0x160 [ 212.187113][T11286] __kasan_slab_alloc+0x22/0x80 [ 212.191986][T11286] kmem_cache_alloc_noprof+0x367/0x6e0 [ 212.197474][T11286] getname_flags+0xb8/0x540 [ 212.201969][T11286] __x64_sys_symlinkat+0x7a/0xb0 [ 212.206884][T11286] do_syscall_64+0xfa/0xfa0 [ 212.211399][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.217288][T11286] Modules linked in: [ 212.221202][T11286] CPU: 0 UID: 0 PID: 11286 Comm: syz.0.2170 Tainted: G B syzkaller #0 PREEMPT(full) [ 212.221227][T11286] Tainted: [B]=BAD_PAGE [ 212.221232][T11286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 212.221241][T11286] Call Trace: [ 212.221247][T11286] [ 212.221254][T11286] dump_stack_lvl+0x189/0x250 [ 212.221279][T11286] ? __pfx_dump_stack_lvl+0x10/0x10 [ 212.221301][T11286] ? __pfx_print_modules+0x10/0x10 [ 212.221327][T11286] bad_page+0x180/0x1c0 [ 212.221348][T11286] __free_frozen_pages+0xce2/0xd30 [ 212.221377][T11286] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 212.221407][T11286] bpf_xdp_adjust_tail+0x1d6/0x220 [ 212.221432][T11286] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 212.221447][T11286] bpf_prog_run_generic_xdp+0x606/0x13d0 [ 212.221479][T11286] do_xdp_generic+0x9f7/0x11a0 [ 212.221506][T11286] ? __pfx_do_xdp_generic+0x10/0x10 [ 212.221525][T11286] ? __skb_flow_dissect+0x5ef8/0x68b0 [ 212.221556][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 212.221582][T11286] ? __pfx___skb_flow_dissect+0x10/0x10 [ 212.221601][T11286] ? do_user_addr_fault+0xbbc/0x1380 [ 212.221622][T11286] ? do_user_addr_fault+0xc85/0x1380 [ 212.221642][T11286] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 212.221666][T11286] ? irqentry_exit+0x74/0x90 [ 212.221688][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 212.221711][T11286] ? __lock_acquire+0xab9/0xd20 [ 212.221732][T11286] ? netif_receive_skb+0x115/0x790 [ 212.221753][T11286] ? netif_receive_skb+0x115/0x790 [ 212.221776][T11286] __netif_receive_skb+0x72/0x380 [ 212.221810][T11286] ? _copy_from_iter+0x24f/0x1790 [ 212.221830][T11286] ? netif_receive_skb+0x115/0x790 [ 212.221848][T11286] netif_receive_skb+0x1cb/0x790 [ 212.221869][T11286] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 212.221888][T11286] ? __pfx_netif_receive_skb+0x10/0x10 [ 212.221912][T11286] ? tun_rx_batched+0x160/0x730 [ 212.221933][T11286] tun_rx_batched+0x1b9/0x730 [ 212.221953][T11286] ? __lock_acquire+0xab9/0xd20 [ 212.221972][T11286] ? __pfx_tun_rx_batched+0x10/0x10 [ 212.221993][T11286] ? tun_get_user+0x272f/0x3e90 [ 212.222019][T11286] tun_get_user+0x2b65/0x3e90 [ 212.222043][T11286] ? tun_get_user+0x272f/0x3e90 [ 212.222063][T11286] ? aa_file_perm+0x44d/0x1550 [ 212.222078][T11286] ? __pfx_tun_get_user+0x10/0x10 [ 212.222097][T11286] ? __futex_wait+0x34a/0x3d0 [ 212.222119][T11286] ? __pfx___futex_wait+0x10/0x10 [ 212.222139][T11286] ? ref_tracker_alloc+0x318/0x460 [ 212.222155][T11286] ? __lock_acquire+0xab9/0xd20 [ 212.222173][T11286] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 212.222191][T11286] ? tun_get+0x1c/0x2f0 [ 212.222212][T11286] ? tun_get+0x1c/0x2f0 [ 212.222230][T11286] ? tun_get+0x1c/0x2f0 [ 212.222250][T11286] tun_chr_write_iter+0x113/0x200 [ 212.222271][T11286] vfs_write+0x5c9/0xb30 [ 212.222296][T11286] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 212.222315][T11286] ? __pfx_vfs_write+0x10/0x10 [ 212.222343][T11286] ? __fget_files+0x2a/0x420 [ 212.222363][T11286] ksys_write+0x145/0x250 [ 212.222387][T11286] ? __pfx_ksys_write+0x10/0x10 [ 212.222411][T11286] ? do_syscall_64+0xbe/0xfa0 [ 212.222434][T11286] do_syscall_64+0xfa/0xfa0 [ 212.222453][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 212.222473][T11286] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.222492][T11286] ? clear_bhb_loop+0x60/0xb0 [ 212.222510][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.222526][T11286] RIP: 0033:0x7f5d5998da7f [ 212.222541][T11286] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 212.222557][T11286] RSP: 002b:00007f5d5a8d5000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 212.222576][T11286] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998da7f [ 212.222589][T11286] RDX: 0000000000011dc0 RSI: 0000200000001180 RDI: 00000000000000c8 [ 212.222601][T11286] RBP: 00007f5d59a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 212.222613][T11286] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 212.222624][T11286] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 212.222645][T11286] [ 212.222655][T11286] BUG: Bad page state in process syz.0.2170 pfn:58352 [ 212.626120][T11286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888058352fe0 pfn:0x58352 [ 212.636191][T11286] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 212.643320][T11286] raw: 00fff00000000000 dead000000000040 ffff8880216ab000 0000000000000000 [ 212.651913][T11286] raw: ffff888058352fe0 0000000000000001 00000000ffffffff 0000000000000000 [ 212.660520][T11286] page dumped because: page_pool leak [ 212.665870][T11286] page_owner tracks the page as allocated [ 212.671595][T11286] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11286, tgid 11285 (syz.0.2170), ts 208885037584, free_ts 208839868068 [ 212.688816][T11286] post_alloc_hook+0x240/0x2a0 [ 212.693572][T11286] get_page_from_freelist+0x2365/0x2440 [ 212.699139][T11286] __alloc_frozen_pages_noprof+0x181/0x370 [ 212.704956][T11286] alloc_pages_bulk_noprof+0x560/0x710 [ 212.710452][T11286] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 212.716524][T11286] skb_pp_cow_data+0xb47/0x13e0 [ 212.721402][T11286] do_xdp_generic+0x699/0x11a0 [ 212.726167][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 212.731913][T11286] __netif_receive_skb+0x72/0x380 [ 212.736938][T11286] netif_receive_skb+0x1cb/0x790 [ 212.741896][T11286] tun_rx_batched+0x1b9/0x730 [ 212.746574][T11286] tun_get_user+0x2b65/0x3e90 [ 212.751276][T11286] tun_chr_write_iter+0x113/0x200 [ 212.756299][T11286] vfs_write+0x5c9/0xb30 [ 212.760580][T11286] ksys_write+0x145/0x250 [ 212.764910][T11286] do_syscall_64+0xfa/0xfa0 [ 212.769428][T11286] page last free pid 11285 tgid 11285 stack trace: [ 212.775918][T11286] __free_frozen_pages+0xbc4/0xd30 [ 212.781055][T11286] __put_partials+0x146/0x170 [ 212.785726][T11286] put_cpu_partial+0x1f2/0x2e0 [ 212.790508][T11286] __slab_free+0x2b9/0x390 [ 212.794922][T11286] qlist_free_all+0x97/0x140 [ 212.799534][T11286] kasan_quarantine_reduce+0x148/0x160 [ 212.804995][T11286] __kasan_slab_alloc+0x22/0x80 [ 212.809864][T11286] kmem_cache_alloc_noprof+0x367/0x6e0 [ 212.815320][T11286] getname_flags+0xb8/0x540 [ 212.819838][T11286] __x64_sys_symlinkat+0x7a/0xb0 [ 212.824776][T11286] do_syscall_64+0xfa/0xfa0 [ 212.829300][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.835192][T11286] Modules linked in: [ 212.839106][T11286] CPU: 0 UID: 0 PID: 11286 Comm: syz.0.2170 Tainted: G B syzkaller #0 PREEMPT(full) [ 212.839131][T11286] Tainted: [B]=BAD_PAGE [ 212.839137][T11286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 212.839146][T11286] Call Trace: [ 212.839153][T11286] [ 212.839159][T11286] dump_stack_lvl+0x189/0x250 [ 212.839185][T11286] ? __pfx_dump_stack_lvl+0x10/0x10 [ 212.839208][T11286] ? __pfx_print_modules+0x10/0x10 [ 212.839233][T11286] bad_page+0x180/0x1c0 [ 212.839255][T11286] __free_frozen_pages+0xce2/0xd30 [ 212.839284][T11286] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 212.839315][T11286] bpf_xdp_adjust_tail+0x1d6/0x220 [ 212.839344][T11286] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 212.839359][T11286] bpf_prog_run_generic_xdp+0x606/0x13d0 [ 212.839392][T11286] do_xdp_generic+0x9f7/0x11a0 [ 212.839413][T11286] ? __pfx_do_xdp_generic+0x10/0x10 [ 212.839431][T11286] ? __skb_flow_dissect+0x5ef8/0x68b0 [ 212.839462][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 212.839486][T11286] ? __pfx___skb_flow_dissect+0x10/0x10 [ 212.839506][T11286] ? do_user_addr_fault+0xbbc/0x1380 [ 212.839527][T11286] ? do_user_addr_fault+0xc85/0x1380 [ 212.839546][T11286] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 212.839572][T11286] ? irqentry_exit+0x74/0x90 [ 212.839593][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 212.839616][T11286] ? __lock_acquire+0xab9/0xd20 [ 212.839636][T11286] ? netif_receive_skb+0x115/0x790 [ 212.839658][T11286] ? netif_receive_skb+0x115/0x790 [ 212.839688][T11286] __netif_receive_skb+0x72/0x380 [ 212.839708][T11286] ? _copy_from_iter+0x24f/0x1790 [ 212.839727][T11286] ? netif_receive_skb+0x115/0x790 [ 212.839748][T11286] netif_receive_skb+0x1cb/0x790 [ 212.839769][T11286] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 212.839788][T11286] ? __pfx_netif_receive_skb+0x10/0x10 [ 212.839813][T11286] ? tun_rx_batched+0x160/0x730 [ 212.839834][T11286] tun_rx_batched+0x1b9/0x730 [ 212.839854][T11286] ? __lock_acquire+0xab9/0xd20 [ 212.839872][T11286] ? __pfx_tun_rx_batched+0x10/0x10 [ 212.839894][T11286] ? tun_get_user+0x272f/0x3e90 [ 212.839918][T11286] tun_get_user+0x2b65/0x3e90 [ 212.839943][T11286] ? tun_get_user+0x272f/0x3e90 [ 212.839963][T11286] ? aa_file_perm+0x44d/0x1550 [ 212.839979][T11286] ? __pfx_tun_get_user+0x10/0x10 [ 212.839997][T11286] ? __futex_wait+0x34a/0x3d0 [ 212.840019][T11286] ? __pfx___futex_wait+0x10/0x10 [ 212.840040][T11286] ? ref_tracker_alloc+0x318/0x460 [ 212.840055][T11286] ? __lock_acquire+0xab9/0xd20 [ 212.840072][T11286] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 212.840091][T11286] ? tun_get+0x1c/0x2f0 [ 212.840112][T11286] ? tun_get+0x1c/0x2f0 [ 212.840129][T11286] ? tun_get+0x1c/0x2f0 [ 212.840149][T11286] tun_chr_write_iter+0x113/0x200 [ 212.840170][T11286] vfs_write+0x5c9/0xb30 [ 212.840195][T11286] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 212.840215][T11286] ? __pfx_vfs_write+0x10/0x10 [ 212.840242][T11286] ? __fget_files+0x2a/0x420 [ 212.840262][T11286] ksys_write+0x145/0x250 [ 212.840286][T11286] ? __pfx_ksys_write+0x10/0x10 [ 212.840311][T11286] ? do_syscall_64+0xbe/0xfa0 [ 212.840334][T11286] do_syscall_64+0xfa/0xfa0 [ 212.840354][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 212.840374][T11286] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.840392][T11286] ? clear_bhb_loop+0x60/0xb0 [ 212.840411][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.840428][T11286] RIP: 0033:0x7f5d5998da7f [ 212.840444][T11286] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 212.840459][T11286] RSP: 002b:00007f5d5a8d5000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 212.840478][T11286] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998da7f [ 212.840492][T11286] RDX: 0000000000011dc0 RSI: 0000200000001180 RDI: 00000000000000c8 [ 212.840504][T11286] RBP: 00007f5d59a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 212.840516][T11286] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 212.840527][T11286] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 212.840545][T11286] [ 212.840554][T11286] BUG: Bad page state in process syz.0.2170 pfn:5ae42 [ 213.243753][T11286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805ae42f00 pfn:0x5ae42 [ 213.253847][T11286] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 213.260980][T11286] raw: 00fff00000000000 dead000000000040 ffff8880216ab000 0000000000000000 [ 213.269583][T11286] raw: ffff88805ae42f00 0000000000000001 00000000ffffffff 0000000000000000 [ 213.278179][T11286] page dumped because: page_pool leak [ 213.283524][T11286] page_owner tracks the page as allocated [ 213.289248][T11286] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11286, tgid 11285 (syz.0.2170), ts 208885019664, free_ts 208839893825 [ 213.306464][T11286] post_alloc_hook+0x240/0x2a0 [ 213.311246][T11286] get_page_from_freelist+0x2365/0x2440 [ 213.316789][T11286] __alloc_frozen_pages_noprof+0x181/0x370 [ 213.322614][T11286] alloc_pages_bulk_noprof+0x560/0x710 [ 213.328089][T11286] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 213.334140][T11286] skb_pp_cow_data+0xb47/0x13e0 [ 213.339004][T11286] do_xdp_generic+0x699/0x11a0 [ 213.343763][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 213.349499][T11286] __netif_receive_skb+0x72/0x380 [ 213.354519][T11286] netif_receive_skb+0x1cb/0x790 [ 213.359501][T11286] tun_rx_batched+0x1b9/0x730 [ 213.364174][T11286] tun_get_user+0x2b65/0x3e90 [ 213.368879][T11286] tun_chr_write_iter+0x113/0x200 [ 213.373911][T11286] vfs_write+0x5c9/0xb30 [ 213.378180][T11286] ksys_write+0x145/0x250 [ 213.382511][T11286] do_syscall_64+0xfa/0xfa0 [ 213.386999][T11286] page last free pid 11285 tgid 11285 stack trace: [ 213.393512][T11286] __free_frozen_pages+0xbc4/0xd30 [ 213.398655][T11286] __put_partials+0x146/0x170 [ 213.403308][T11286] put_cpu_partial+0x1f2/0x2e0 [ 213.408088][T11286] __slab_free+0x2b9/0x390 [ 213.412504][T11286] qlist_free_all+0x97/0x140 [ 213.417071][T11286] kasan_quarantine_reduce+0x148/0x160 [ 213.422553][T11286] __kasan_slab_alloc+0x22/0x80 [ 213.427437][T11286] kmem_cache_alloc_noprof+0x367/0x6e0 [ 213.432894][T11286] getname_flags+0xb8/0x540 [ 213.437424][T11286] __x64_sys_symlinkat+0x7a/0xb0 [ 213.442361][T11286] do_syscall_64+0xfa/0xfa0 [ 213.446856][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.452789][T11286] Modules linked in: [ 213.456703][T11286] CPU: 0 UID: 0 PID: 11286 Comm: syz.0.2170 Tainted: G B syzkaller #0 PREEMPT(full) [ 213.456720][T11286] Tainted: [B]=BAD_PAGE [ 213.456724][T11286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 213.456730][T11286] Call Trace: [ 213.456735][T11286] [ 213.456739][T11286] dump_stack_lvl+0x189/0x250 [ 213.456757][T11286] ? __pfx_dump_stack_lvl+0x10/0x10 [ 213.456770][T11286] ? __pfx_print_modules+0x10/0x10 [ 213.456783][T11286] bad_page+0x180/0x1c0 [ 213.456795][T11286] __free_frozen_pages+0xce2/0xd30 [ 213.456811][T11286] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 213.456828][T11286] bpf_xdp_adjust_tail+0x1d6/0x220 [ 213.456844][T11286] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 213.456854][T11286] bpf_prog_run_generic_xdp+0x606/0x13d0 [ 213.456871][T11286] do_xdp_generic+0x9f7/0x11a0 [ 213.456885][T11286] ? __pfx_do_xdp_generic+0x10/0x10 [ 213.456895][T11286] ? __skb_flow_dissect+0x5ef8/0x68b0 [ 213.456912][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 213.456925][T11286] ? __pfx___skb_flow_dissect+0x10/0x10 [ 213.456936][T11286] ? do_user_addr_fault+0xbbc/0x1380 [ 213.456947][T11286] ? do_user_addr_fault+0xc85/0x1380 [ 213.456957][T11286] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 213.456970][T11286] ? irqentry_exit+0x74/0x90 [ 213.456983][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 213.456995][T11286] ? __lock_acquire+0xab9/0xd20 [ 213.457006][T11286] ? netif_receive_skb+0x115/0x790 [ 213.457018][T11286] ? netif_receive_skb+0x115/0x790 [ 213.457030][T11286] __netif_receive_skb+0x72/0x380 [ 213.457042][T11286] ? _copy_from_iter+0x24f/0x1790 [ 213.457053][T11286] ? netif_receive_skb+0x115/0x790 [ 213.457065][T11286] netif_receive_skb+0x1cb/0x790 [ 213.457076][T11286] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 213.457087][T11286] ? __pfx_netif_receive_skb+0x10/0x10 [ 213.457100][T11286] ? tun_rx_batched+0x160/0x730 [ 213.457112][T11286] tun_rx_batched+0x1b9/0x730 [ 213.457123][T11286] ? __lock_acquire+0xab9/0xd20 [ 213.457133][T11286] ? __pfx_tun_rx_batched+0x10/0x10 [ 213.457144][T11286] ? tun_get_user+0x272f/0x3e90 [ 213.457158][T11286] tun_get_user+0x2b65/0x3e90 [ 213.457171][T11286] ? tun_get_user+0x272f/0x3e90 [ 213.457182][T11286] ? aa_file_perm+0x44d/0x1550 [ 213.457190][T11286] ? __pfx_tun_get_user+0x10/0x10 [ 213.457200][T11286] ? __futex_wait+0x34a/0x3d0 [ 213.457212][T11286] ? __pfx___futex_wait+0x10/0x10 [ 213.457223][T11286] ? ref_tracker_alloc+0x318/0x460 [ 213.457232][T11286] ? __lock_acquire+0xab9/0xd20 [ 213.457242][T11286] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 213.457252][T11286] ? tun_get+0x1c/0x2f0 [ 213.457263][T11286] ? tun_get+0x1c/0x2f0 [ 213.457273][T11286] ? tun_get+0x1c/0x2f0 [ 213.457283][T11286] tun_chr_write_iter+0x113/0x200 [ 213.457294][T11286] vfs_write+0x5c9/0xb30 [ 213.457308][T11286] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 213.457319][T11286] ? __pfx_vfs_write+0x10/0x10 [ 213.457334][T11286] ? __fget_files+0x2a/0x420 [ 213.457344][T11286] ksys_write+0x145/0x250 [ 213.457358][T11286] ? __pfx_ksys_write+0x10/0x10 [ 213.457381][T11286] ? do_syscall_64+0xbe/0xfa0 [ 213.457401][T11286] do_syscall_64+0xfa/0xfa0 [ 213.457420][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 213.457437][T11286] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.457453][T11286] ? clear_bhb_loop+0x60/0xb0 [ 213.457472][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.457489][T11286] RIP: 0033:0x7f5d5998da7f [ 213.457503][T11286] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 213.457517][T11286] RSP: 002b:00007f5d5a8d5000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 213.457535][T11286] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998da7f [ 213.457549][T11286] RDX: 0000000000011dc0 RSI: 0000200000001180 RDI: 00000000000000c8 [ 213.457560][T11286] RBP: 00007f5d59a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 213.457566][T11286] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 213.457572][T11286] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 213.457584][T11286] [ 213.853354][T11286] BUG: Bad page state in process syz.0.2170 pfn:5ae43 [ 213.860225][T11286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805ae43f00 pfn:0x5ae43 [ 213.870297][T11286] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 213.877431][T11286] raw: 00fff00000000000 dead000000000040 ffff8880216ab000 0000000000000000 [ 213.886005][T11286] raw: ffff88805ae43f00 0000000000000001 00000000ffffffff 0000000000000000 [ 213.894588][T11286] page dumped because: page_pool leak [ 213.899959][T11286] page_owner tracks the page as allocated [ 213.905647][T11286] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11286, tgid 11285 (syz.0.2170), ts 208885002343, free_ts 208839908755 [ 213.922847][T11286] post_alloc_hook+0x240/0x2a0 [ 213.927635][T11286] get_page_from_freelist+0x2365/0x2440 [ 213.933158][T11286] __alloc_frozen_pages_noprof+0x181/0x370 [ 213.938960][T11286] alloc_pages_bulk_noprof+0x560/0x710 [ 213.944408][T11286] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 213.950483][T11286] skb_pp_cow_data+0xb47/0x13e0 [ 213.955340][T11286] do_xdp_generic+0x699/0x11a0 [ 213.960107][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 213.965824][T11286] __netif_receive_skb+0x72/0x380 [ 213.970854][T11286] netif_receive_skb+0x1cb/0x790 [ 213.975786][T11286] tun_rx_batched+0x1b9/0x730 [ 213.980468][T11286] tun_get_user+0x2b65/0x3e90 [ 213.985143][T11286] tun_chr_write_iter+0x113/0x200 [ 213.990174][T11286] vfs_write+0x5c9/0xb30 [ 213.994418][T11286] ksys_write+0x145/0x250 [ 213.998752][T11286] do_syscall_64+0xfa/0xfa0 [ 214.003251][T11286] page last free pid 11285 tgid 11285 stack trace: [ 214.009747][T11286] __free_frozen_pages+0xbc4/0xd30 [ 214.014860][T11286] __put_partials+0x146/0x170 [ 214.019553][T11286] put_cpu_partial+0x1f2/0x2e0 [ 214.024314][T11286] __slab_free+0x2b9/0x390 [ 214.028735][T11286] qlist_free_all+0x97/0x140 [ 214.033326][T11286] kasan_quarantine_reduce+0x148/0x160 [ 214.038805][T11286] __kasan_slab_alloc+0x22/0x80 [ 214.043657][T11286] kmem_cache_alloc_noprof+0x367/0x6e0 [ 214.049120][T11286] getname_flags+0xb8/0x540 [ 214.053618][T11286] __x64_sys_symlinkat+0x7a/0xb0 [ 214.058561][T11286] do_syscall_64+0xfa/0xfa0 [ 214.063059][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.068958][T11286] Modules linked in: [ 214.072853][T11286] CPU: 0 UID: 0 PID: 11286 Comm: syz.0.2170 Tainted: G B syzkaller #0 PREEMPT(full) [ 214.072870][T11286] Tainted: [B]=BAD_PAGE [ 214.072873][T11286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 214.072879][T11286] Call Trace: [ 214.072883][T11286] [ 214.072888][T11286] dump_stack_lvl+0x189/0x250 [ 214.072904][T11286] ? __pfx_dump_stack_lvl+0x10/0x10 [ 214.072917][T11286] ? __pfx_print_modules+0x10/0x10 [ 214.072930][T11286] bad_page+0x180/0x1c0 [ 214.072943][T11286] __free_frozen_pages+0xce2/0xd30 [ 214.072958][T11286] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 214.072975][T11286] bpf_xdp_adjust_tail+0x1d6/0x220 [ 214.072991][T11286] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 214.073000][T11286] bpf_prog_run_generic_xdp+0x606/0x13d0 [ 214.073018][T11286] do_xdp_generic+0x9f7/0x11a0 [ 214.073032][T11286] ? __pfx_do_xdp_generic+0x10/0x10 [ 214.073042][T11286] ? __skb_flow_dissect+0x5ef8/0x68b0 [ 214.073059][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 214.073073][T11286] ? __pfx___skb_flow_dissect+0x10/0x10 [ 214.073083][T11286] ? do_user_addr_fault+0xbbc/0x1380 [ 214.073094][T11286] ? do_user_addr_fault+0xc85/0x1380 [ 214.073104][T11286] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 214.073117][T11286] ? irqentry_exit+0x74/0x90 [ 214.073129][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 214.073141][T11286] ? __lock_acquire+0xab9/0xd20 [ 214.073152][T11286] ? netif_receive_skb+0x115/0x790 [ 214.073163][T11286] ? netif_receive_skb+0x115/0x790 [ 214.073175][T11286] __netif_receive_skb+0x72/0x380 [ 214.073187][T11286] ? _copy_from_iter+0x24f/0x1790 [ 214.073199][T11286] ? netif_receive_skb+0x115/0x790 [ 214.073210][T11286] netif_receive_skb+0x1cb/0x790 [ 214.073221][T11286] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 214.073233][T11286] ? __pfx_netif_receive_skb+0x10/0x10 [ 214.073245][T11286] ? tun_rx_batched+0x160/0x730 [ 214.073257][T11286] tun_rx_batched+0x1b9/0x730 [ 214.073268][T11286] ? __lock_acquire+0xab9/0xd20 [ 214.073278][T11286] ? __pfx_tun_rx_batched+0x10/0x10 [ 214.073289][T11286] ? tun_get_user+0x272f/0x3e90 [ 214.073303][T11286] tun_get_user+0x2b65/0x3e90 [ 214.073316][T11286] ? tun_get_user+0x272f/0x3e90 [ 214.073327][T11286] ? aa_file_perm+0x44d/0x1550 [ 214.073350][T11286] ? __pfx_tun_get_user+0x10/0x10 [ 214.073359][T11286] ? __futex_wait+0x34a/0x3d0 [ 214.073371][T11286] ? __pfx___futex_wait+0x10/0x10 [ 214.073382][T11286] ? ref_tracker_alloc+0x318/0x460 [ 214.073391][T11286] ? __lock_acquire+0xab9/0xd20 [ 214.073401][T11286] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 214.073411][T11286] ? tun_get+0x1c/0x2f0 [ 214.073422][T11286] ? tun_get+0x1c/0x2f0 [ 214.073431][T11286] ? tun_get+0x1c/0x2f0 [ 214.073442][T11286] tun_chr_write_iter+0x113/0x200 [ 214.073454][T11286] vfs_write+0x5c9/0xb30 [ 214.073468][T11286] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 214.073479][T11286] ? __pfx_vfs_write+0x10/0x10 [ 214.073497][T11286] ? __fget_files+0x2a/0x420 [ 214.073509][T11286] ksys_write+0x145/0x250 [ 214.073522][T11286] ? __pfx_ksys_write+0x10/0x10 [ 214.073535][T11286] ? do_syscall_64+0xbe/0xfa0 [ 214.073547][T11286] do_syscall_64+0xfa/0xfa0 [ 214.073558][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 214.073569][T11286] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.073579][T11286] ? clear_bhb_loop+0x60/0xb0 [ 214.073589][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.073599][T11286] RIP: 0033:0x7f5d5998da7f [ 214.073608][T11286] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 214.073617][T11286] RSP: 002b:00007f5d5a8d5000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 214.073629][T11286] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998da7f [ 214.073636][T11286] RDX: 0000000000011dc0 RSI: 0000200000001180 RDI: 00000000000000c8 [ 214.073643][T11286] RBP: 00007f5d59a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 214.073649][T11286] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 214.073656][T11286] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 214.073667][T11286] [ 214.073673][T11286] BUG: Bad page state in process syz.0.2170 pfn:5ae4e [ 214.476807][T11286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805ae4ef00 pfn:0x5ae4e [ 214.486890][T11286] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 214.494028][T11286] raw: 00fff00000000000 dead000000000040 ffff8880216ab000 0000000000000000 [ 214.502626][T11286] raw: ffff88805ae4ef00 0000000000000001 00000000ffffffff 0000000000000000 [ 214.511225][T11286] page dumped because: page_pool leak [ 214.516576][T11286] page_owner tracks the page as allocated [ 214.522310][T11286] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11286, tgid 11285 (syz.0.2170), ts 208884986322, free_ts 208839923295 [ 214.539573][T11286] post_alloc_hook+0x240/0x2a0 [ 214.544349][T11286] get_page_from_freelist+0x2365/0x2440 [ 214.549909][T11286] __alloc_frozen_pages_noprof+0x181/0x370 [ 214.555714][T11286] alloc_pages_bulk_noprof+0x560/0x710 [ 214.561191][T11286] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 214.567256][T11286] skb_pp_cow_data+0xb47/0x13e0 [ 214.572130][T11286] do_xdp_generic+0x699/0x11a0 [ 214.576891][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 214.582641][T11286] __netif_receive_skb+0x72/0x380 [ 214.587689][T11286] netif_receive_skb+0x1cb/0x790 [ 214.592605][T11286] tun_rx_batched+0x1b9/0x730 [ 214.597269][T11286] tun_get_user+0x2b65/0x3e90 [ 214.601953][T11286] tun_chr_write_iter+0x113/0x200 [ 214.606972][T11286] vfs_write+0x5c9/0xb30 [ 214.611230][T11286] ksys_write+0x145/0x250 [ 214.615557][T11286] do_syscall_64+0xfa/0xfa0 [ 214.620071][T11286] page last free pid 11285 tgid 11285 stack trace: [ 214.626559][T11286] __free_frozen_pages+0xbc4/0xd30 [ 214.631687][T11286] __put_partials+0x146/0x170 [ 214.636365][T11286] put_cpu_partial+0x1f2/0x2e0 [ 214.641178][T11286] __slab_free+0x2b9/0x390 [ 214.645612][T11286] qlist_free_all+0x97/0x140 [ 214.650235][T11286] kasan_quarantine_reduce+0x148/0x160 [ 214.655705][T11286] __kasan_slab_alloc+0x22/0x80 [ 214.660597][T11286] kmem_cache_alloc_noprof+0x367/0x6e0 [ 214.666069][T11286] getname_flags+0xb8/0x540 [ 214.670591][T11286] __x64_sys_symlinkat+0x7a/0xb0 [ 214.675532][T11286] do_syscall_64+0xfa/0xfa0 [ 214.680140][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.686034][T11286] Modules linked in: [ 214.689953][T11286] CPU: 0 UID: 0 PID: 11286 Comm: syz.0.2170 Tainted: G B syzkaller #0 PREEMPT(full) [ 214.689979][T11286] Tainted: [B]=BAD_PAGE [ 214.689984][T11286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 214.689995][T11286] Call Trace: [ 214.690001][T11286] [ 214.690008][T11286] dump_stack_lvl+0x189/0x250 [ 214.690034][T11286] ? __pfx_dump_stack_lvl+0x10/0x10 [ 214.690053][T11286] ? __pfx_print_modules+0x10/0x10 [ 214.690075][T11286] bad_page+0x180/0x1c0 [ 214.690096][T11286] __free_frozen_pages+0xce2/0xd30 [ 214.690126][T11286] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 214.690157][T11286] bpf_xdp_adjust_tail+0x1d6/0x220 [ 214.690186][T11286] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 214.690202][T11286] bpf_prog_run_generic_xdp+0x606/0x13d0 [ 214.690233][T11286] do_xdp_generic+0x9f7/0x11a0 [ 214.690257][T11286] ? __pfx_do_xdp_generic+0x10/0x10 [ 214.690276][T11286] ? __skb_flow_dissect+0x5ef8/0x68b0 [ 214.690306][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 214.690331][T11286] ? __pfx___skb_flow_dissect+0x10/0x10 [ 214.690350][T11286] ? do_user_addr_fault+0xbbc/0x1380 [ 214.690370][T11286] ? do_user_addr_fault+0xc85/0x1380 [ 214.690397][T11286] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 214.690421][T11286] ? irqentry_exit+0x74/0x90 [ 214.690442][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 214.690464][T11286] ? __lock_acquire+0xab9/0xd20 [ 214.690483][T11286] ? netif_receive_skb+0x115/0x790 [ 214.690502][T11286] ? netif_receive_skb+0x115/0x790 [ 214.690522][T11286] __netif_receive_skb+0x72/0x380 [ 214.690544][T11286] ? _copy_from_iter+0x24f/0x1790 [ 214.690565][T11286] ? netif_receive_skb+0x115/0x790 [ 214.690585][T11286] netif_receive_skb+0x1cb/0x790 [ 214.690606][T11286] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 214.690625][T11286] ? __pfx_netif_receive_skb+0x10/0x10 [ 214.690647][T11286] ? tun_rx_batched+0x160/0x730 [ 214.690668][T11286] tun_rx_batched+0x1b9/0x730 [ 214.690688][T11286] ? __lock_acquire+0xab9/0xd20 [ 214.690707][T11286] ? __pfx_tun_rx_batched+0x10/0x10 [ 214.690727][T11286] ? tun_get_user+0x272f/0x3e90 [ 214.690752][T11286] tun_get_user+0x2b65/0x3e90 [ 214.690775][T11286] ? tun_get_user+0x272f/0x3e90 [ 214.690796][T11286] ? aa_file_perm+0x44d/0x1550 [ 214.690811][T11286] ? __pfx_tun_get_user+0x10/0x10 [ 214.690828][T11286] ? __futex_wait+0x34a/0x3d0 [ 214.690850][T11286] ? __pfx___futex_wait+0x10/0x10 [ 214.690872][T11286] ? ref_tracker_alloc+0x318/0x460 [ 214.690888][T11286] ? __lock_acquire+0xab9/0xd20 [ 214.690906][T11286] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 214.690925][T11286] ? tun_get+0x1c/0x2f0 [ 214.690947][T11286] ? tun_get+0x1c/0x2f0 [ 214.690964][T11286] ? tun_get+0x1c/0x2f0 [ 214.690984][T11286] tun_chr_write_iter+0x113/0x200 [ 214.691003][T11286] vfs_write+0x5c9/0xb30 [ 214.691028][T11286] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 214.691048][T11286] ? __pfx_vfs_write+0x10/0x10 [ 214.691073][T11286] ? __fget_files+0x2a/0x420 [ 214.691093][T11286] ksys_write+0x145/0x250 [ 214.691117][T11286] ? __pfx_ksys_write+0x10/0x10 [ 214.691140][T11286] ? do_syscall_64+0xbe/0xfa0 [ 214.691163][T11286] do_syscall_64+0xfa/0xfa0 [ 214.691181][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 214.691200][T11286] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.691218][T11286] ? clear_bhb_loop+0x60/0xb0 [ 214.691237][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.691253][T11286] RIP: 0033:0x7f5d5998da7f [ 214.691269][T11286] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 214.691285][T11286] RSP: 002b:00007f5d5a8d5000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 214.691305][T11286] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998da7f [ 214.691318][T11286] RDX: 0000000000011dc0 RSI: 0000200000001180 RDI: 00000000000000c8 [ 214.691329][T11286] RBP: 00007f5d59a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 214.691341][T11286] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 214.691351][T11286] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 214.691372][T11286] [ 214.691382][T11286] BUG: Bad page state in process syz.0.2170 pfn:5ae4f [ 215.095769][T11286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805ae4ff00 pfn:0x5ae4f [ 215.105847][T11286] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 215.112975][T11286] raw: 00fff00000000000 dead000000000040 ffff8880216ab000 0000000000000000 [ 215.121570][T11286] raw: ffff88805ae4ff00 0000000000000001 00000000ffffffff 0000000000000000 [ 215.130163][T11286] page dumped because: page_pool leak [ 215.135510][T11286] page_owner tracks the page as allocated [ 215.141238][T11286] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11286, tgid 11285 (syz.0.2170), ts 208884968767, free_ts 208839938189 [ 215.158450][T11286] post_alloc_hook+0x240/0x2a0 [ 215.163202][T11286] get_page_from_freelist+0x2365/0x2440 [ 215.168759][T11286] __alloc_frozen_pages_noprof+0x181/0x370 [ 215.174562][T11286] alloc_pages_bulk_noprof+0x560/0x710 [ 215.180027][T11286] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 215.186090][T11286] skb_pp_cow_data+0xb47/0x13e0 [ 215.190957][T11286] do_xdp_generic+0x699/0x11a0 [ 215.195717][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 215.201453][T11286] __netif_receive_skb+0x72/0x380 [ 215.206471][T11286] netif_receive_skb+0x1cb/0x790 [ 215.211426][T11286] tun_rx_batched+0x1b9/0x730 [ 215.216101][T11286] tun_get_user+0x2b65/0x3e90 [ 215.220787][T11286] tun_chr_write_iter+0x113/0x200 [ 215.225803][T11286] vfs_write+0x5c9/0xb30 [ 215.230063][T11286] ksys_write+0x145/0x250 [ 215.234391][T11286] do_syscall_64+0xfa/0xfa0 [ 215.238903][T11286] page last free pid 11285 tgid 11285 stack trace: [ 215.245403][T11286] __free_frozen_pages+0xbc4/0xd30 [ 215.250532][T11286] __put_partials+0x146/0x170 [ 215.255211][T11286] put_cpu_partial+0x1f2/0x2e0 [ 215.259996][T11286] __slab_free+0x2b9/0x390 [ 215.264412][T11286] qlist_free_all+0x97/0x140 [ 215.269017][T11286] kasan_quarantine_reduce+0x148/0x160 [ 215.274475][T11286] __kasan_slab_alloc+0x22/0x80 [ 215.279340][T11286] kmem_cache_alloc_noprof+0x367/0x6e0 [ 215.284799][T11286] getname_flags+0xb8/0x540 [ 215.289325][T11286] __x64_sys_symlinkat+0x7a/0xb0 [ 215.294270][T11286] do_syscall_64+0xfa/0xfa0 [ 215.298788][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.304677][T11286] Modules linked in: [ 215.308596][T11286] CPU: 0 UID: 0 PID: 11286 Comm: syz.0.2170 Tainted: G B syzkaller #0 PREEMPT(full) [ 215.308622][T11286] Tainted: [B]=BAD_PAGE [ 215.308628][T11286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 215.308639][T11286] Call Trace: [ 215.308645][T11286] [ 215.308652][T11286] dump_stack_lvl+0x189/0x250 [ 215.308678][T11286] ? __pfx_dump_stack_lvl+0x10/0x10 [ 215.308702][T11286] ? __pfx_print_modules+0x10/0x10 [ 215.308727][T11286] bad_page+0x180/0x1c0 [ 215.308749][T11286] __free_frozen_pages+0xce2/0xd30 [ 215.308777][T11286] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 215.308808][T11286] bpf_xdp_adjust_tail+0x1d6/0x220 [ 215.308838][T11286] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 215.308853][T11286] bpf_prog_run_generic_xdp+0x606/0x13d0 [ 215.308883][T11286] do_xdp_generic+0x9f7/0x11a0 [ 215.308906][T11286] ? __pfx_do_xdp_generic+0x10/0x10 [ 215.308925][T11286] ? __skb_flow_dissect+0x5ef8/0x68b0 [ 215.308955][T11286] __netif_receive_skb_core+0x18f4/0x4380 [ 215.308981][T11286] ? __pfx___skb_flow_dissect+0x10/0x10 [ 215.309000][T11286] ? do_user_addr_fault+0xbbc/0x1380 [ 215.309022][T11286] ? do_user_addr_fault+0xc85/0x1380 [ 215.309041][T11286] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 215.309066][T11286] ? irqentry_exit+0x74/0x90 [ 215.309088][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 215.309111][T11286] ? __lock_acquire+0xab9/0xd20 [ 215.309131][T11286] ? netif_receive_skb+0x115/0x790 [ 215.309152][T11286] ? netif_receive_skb+0x115/0x790 [ 215.309174][T11286] __netif_receive_skb+0x72/0x380 [ 215.309195][T11286] ? _copy_from_iter+0x24f/0x1790 [ 215.309215][T11286] ? netif_receive_skb+0x115/0x790 [ 215.309236][T11286] netif_receive_skb+0x1cb/0x790 [ 215.309257][T11286] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 215.309277][T11286] ? __pfx_netif_receive_skb+0x10/0x10 [ 215.309301][T11286] ? tun_rx_batched+0x160/0x730 [ 215.309323][T11286] tun_rx_batched+0x1b9/0x730 [ 215.309343][T11286] ? __lock_acquire+0xab9/0xd20 [ 215.309361][T11286] ? __pfx_tun_rx_batched+0x10/0x10 [ 215.309393][T11286] ? tun_get_user+0x272f/0x3e90 [ 215.309418][T11286] tun_get_user+0x2b65/0x3e90 [ 215.309441][T11286] ? tun_get_user+0x272f/0x3e90 [ 215.309462][T11286] ? aa_file_perm+0x44d/0x1550 [ 215.309477][T11286] ? __pfx_tun_get_user+0x10/0x10 [ 215.309495][T11286] ? __futex_wait+0x34a/0x3d0 [ 215.309518][T11286] ? __pfx___futex_wait+0x10/0x10 [ 215.309538][T11286] ? ref_tracker_alloc+0x318/0x460 [ 215.309554][T11286] ? __lock_acquire+0xab9/0xd20 [ 215.309572][T11286] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 215.309590][T11286] ? tun_get+0x1c/0x2f0 [ 215.309611][T11286] ? tun_get+0x1c/0x2f0 [ 215.309629][T11286] ? tun_get+0x1c/0x2f0 [ 215.309648][T11286] tun_chr_write_iter+0x113/0x200 [ 215.309669][T11286] vfs_write+0x5c9/0xb30 [ 215.309695][T11286] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 215.309715][T11286] ? __pfx_vfs_write+0x10/0x10 [ 215.309741][T11286] ? __fget_files+0x2a/0x420 [ 215.309762][T11286] ksys_write+0x145/0x250 [ 215.309786][T11286] ? __pfx_ksys_write+0x10/0x10 [ 215.309811][T11286] ? do_syscall_64+0xbe/0xfa0 [ 215.309834][T11286] do_syscall_64+0xfa/0xfa0 [ 215.309853][T11286] ? lockdep_hardirqs_on+0x9c/0x150 [ 215.309873][T11286] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.309891][T11286] ? clear_bhb_loop+0x60/0xb0 [ 215.309910][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.309928][T11286] RIP: 0033:0x7f5d5998da7f [ 215.309943][T11286] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 215.309959][T11286] RSP: 002b:00007f5d5a8d5000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 215.309978][T11286] RAX: ffffffffffffffda RBX: 00007f5d59be5fa0 RCX: 00007f5d5998da7f [ 215.309993][T11286] RDX: 0000000000011dc0 RSI: 0000200000001180 RDI: 00000000000000c8 [ 215.310004][T11286] RBP: 00007f5d59a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 215.310016][T11286] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 215.310027][T11286] R13: 00007f5d59be6038 R14: 00007f5d59be5fa0 R15: 00007ffd179ef078 [ 215.310048][T11286]