last executing test programs: 5.374540364s ago: executing program 0 (id=5584): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x13, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xd01b}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x2a}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e24, 0x1, @mcast2, 0x5907}], 0x1c) syz_emit_ethernet(0x3e, &(0x7f00000000c0)=ANY=[@ANYRES8, @ANYRES8=0x0], 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000400)={'sit0\x00', &(0x7f00000004c0)={'gre0\x00', 0x0, 0x40, 0x40, 0x401, 0x9, {{0xf, 0x4, 0x2, 0xa, 0x3c, 0x67, 0x0, 0x20, 0x4, 0x0, @rand_addr=0x64010102, @multicast2, {[@noop, @ra={0x94, 0x4, 0x1}, @noop, @ssrr={0x89, 0x1f, 0x34, [@empty, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0xb}, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @rand_addr=0x64010100]}]}}}}}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000091"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x100000, 0xffffffffffffffff, 0x4}, 0x38) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) close(r5) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) ioctl$SIOCSIFHWADDR(r5, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="0003230c1100"}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000003ef0001800e000100636f6e6e6c696d69740000000c000280080001400000e41f08000340000001"], 0xd0}, 0x1, 0x60, 0x0, 0x60000800}, 0x4000024) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000480), r7) r8 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r9) ioctl$IOCTL_GET_NCIDEV_IDX(r8, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r11], 0x1c}}, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000100)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000140)=0x0) sendmsg$NFC_CMD_SE_IO(r7, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)={0x124, r10, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r12}, @NFC_ATTR_SE_APDU={0xf8, 0x19, "56d8821ad02a20305a8725c45e78940e3f6dde57d72ee1f4910a49d6a516878c22eda664c4541bcab04f30804f28b6cc7610bc75a5c0e76e1c98cd24074c61c0e5bfb27be9e13a970b23f1b4555d471d741a65278b75c72a09e927638c41a02453de7343c5ed40c593e77a8d5bb3be5d0ea07a988574670b4f8f73b293436e852e31a092222efff94ae6ae8c300ff6367959d93a88add0381bfc7b0d17a5bfd5732794ac993d304ef70a3eb43d257f2549785814f2f2aee83f6afaeaf6be411c1846673c49c15ce651b153991048bd4e325633875791e0497adf18231b117cd791fb4a6da8abea8110b3f821afae617989e3f6d3"}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r13}]}, 0x124}, 0x1, 0x0, 0x0, 0x1}, 0x4000) 4.250263518s ago: executing program 0 (id=5600): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x3, 0x6, &(0x7f0000000140)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x2, 0x92, &(0x7f0000000240)=""/146}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000080)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f00006b9000/0x4000)=nil, 0x4000, 0x4, 0x12, r1, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socket$key(0xf, 0x3, 0x2) socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) socket(0x10, 0x3, 0x0) socket$alg(0x26, 0x5, 0x0) pipe(&(0x7f00000001c0)) socket$packet(0x11, 0x2, 0x300) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r4 = openat$cgroup_devices(r3, &(0x7f0000000200)='devices.deny\x00', 0x2, 0x0) write$cgroup_devices(r4, &(0x7f0000000140)=ANY=[@ANYBLOB='c 75:*\twmm'], 0xa) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c91dabfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa6848038b6a0166c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43e8acc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) pipe(&(0x7f00000001c0)) socket(0x10, 0x4, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$pppl2tp(0x18, 0x1, 0x1) socket$unix(0x1, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="aeaa000000000000711013000000000095"], &(0x7f0000000480)='syzkaller\x00'}, 0x94) sendmsg$nl_route(r2, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="580000006900020028bd7000ffdbdf2500000000000000000800010002000000080001000200000008000100010000000800010002000000080001000200000008000100010000000800f50f020000000800010002000000"], 0x58}, 0x1, 0x0, 0x0, 0x44}, 0x800d0) socket$inet(0x2, 0x2, 0x0) 4.060006023s ago: executing program 0 (id=5602): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000000000000001"], 0x14}}, 0x0) read(r0, &(0x7f0000000080)=""/186, 0xba) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000044000701fcffff7c00000c0004"], 0x20}, 0x1, 0x0, 0x0, 0x4008180}, 0xc000) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000001c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x50) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r2, &(0x7f0000000040)="e8d22913", &(0x7f0000000240)=""/144}, 0x20) 3.679761829s ago: executing program 0 (id=5604): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r1, 0x1) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000700)={0x0, 0x8, 0x10}, &(0x7f0000000040)=0xc) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58) r3 = socket$packet(0x11, 0x3, 0x300) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48) setsockopt$packet_int(r3, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x0, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xc3}, {}, {0xe, 0xd}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0) r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0xa, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000003000000000000000000000085100000feffffff185a000008000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000000000000850000008600000095000000000000003eb3ea73d2baf85116411b992fc4589bbadb864f359774e31d3707059e0f39cea868f6890caab9d999434de37758f41aa249c41a8363fe3abbac5a38a6f6213f0de40cb2f07654a9926ec285ce8ea30fb9049510b3eb94fa1675fc0a81168c3f867434e250beb3ce76a7034a6256023412090314a41b15a7c60747a48d6728b3e981dbcdcf4e5a0e231ec01631182f3366804dd8dcdbcc4b31e5c3820cb7c9526d29138ae0b69a2255eb"], &(0x7f0000000680)='GPL\x00', 0x9, 0x11, &(0x7f00000007c0)=""/17, 0x40f00, 0x53, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000a40)={0x5, 0x9, 0x5, 0x4}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000d80)=[r4, r4, 0xffffffffffffffff], &(0x7f0000000dc0)=[{0x5, 0x5, 0x9, 0x1}, {0x3, 0x2, 0x7, 0x2}, {0x5, 0x4, 0x4, 0x7}, {0x3, 0x4, 0x0, 0x4}], 0x10, 0x5}, 0x94) bpf$PROG_BIND_MAP(0x1c, &(0x7f0000000140)={r6, 0xffffffffffffffff, 0x24}, 0xc) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000000)="0800d90700000000000000bd5656", 0xe) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) unshare(0x62040200) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000b40)=ANY=[@ANYBLOB="2485effff600e1ed7b5a0644e14e20b17f49c33c402a615bd01fa2f2731355131c0040d829c12604000000680000000000e7f01e8b03543e9f73850b8155ef1468e2865b6c16d88e7e73f5874703fb5b979158bdcdb4ca82deee9087c8f5dd745c5abfce45d0d8d536ae91ac8e4c9cd31c17ad6f3a3802fec73365a721e7aa9d18738433f3c5e2898b9da4d74d35228b5f9547a15424626633c9aa4481a1da479ee928508f5b491e2883aafe3a47c046", @ANYRES16=r8, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r9, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a80)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRESHEX=r6, @ANYBLOB="050000000000000000002e00000008000335dd459781cdeb9201a2ce980099265edaa4aca2e69198bf3b1d3c34e55744062691d073a7fee59f90d344cac65a4ff39d03e8ab62b524ff07fb16e2e4d488a2d4f5ac164f793d3841b7fc06b39ace71b68bce17996e322e", @ANYRES32=r9, @ANYBLOB="0a00340002020202020200000a00060008021100000000000800350000000000080026006c090000"], 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="500000000802110000000000000000000100010882848b960c12182400"/44], 0x2e) r10 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r10, &(0x7f0000000600)={&(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000640)="80", 0x26892}], 0x1}, 0xfc) sendmsg$inet(r10, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000240)="ad", 0x1}], 0x1}, 0x0) sendmsg$inet(r10, &(0x7f0000000500)={&(0x7f0000000080)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000200)="cd", 0x1}], 0x1}, 0x240448c4) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) 2.771526482s ago: executing program 3 (id=5611): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014001280090001007665746800000000040002800800200001"], 0x3c}}, 0x0) 2.364810052s ago: executing program 3 (id=5617): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0xf, &(0x7f0000001540)=@ringbuf={{0x18, 0x3, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x5, 0x0, 0xb, 0x2}, {}, {0x4}}, {}, [], {{0x7, 0x1, 0xb, 0x1, 0x9, 0x0, 0xffffffff}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='syzkaller\x00', 0x5, 0x1003, &(0x7f0000001e40)=""/4099, 0x0, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) 2.130426488s ago: executing program 3 (id=5619): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER_INTVL={0xc, 0x20, 0x33b9}, @IFLA_BR_MCAST_MEMBERSHIP_INTVL={0xc, 0x1f, 0xb9d1}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x4) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000240)={'gretap0\x00', {0x2, 0xce23, @initdev={0xac, 0x1e, 0x1, 0x0}}}) 2.026517729s ago: executing program 4 (id=5621): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0xf, &(0x7f0000001540)=@ringbuf={{0x18, 0x3, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x5, 0x0, 0xb, 0x2}, {}, {0x4}}, {}, [], {{0x7, 0x1, 0xb, 0x1, 0x9, 0x0, 0xf000000}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='syzkaller\x00', 0x5, 0x1003, &(0x7f0000001e40)=""/4099, 0x0, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) 1.879537819s ago: executing program 2 (id=5624): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="fc01000019000100000000000000000000000000000000000000ffff00000000ac141442000000000000000000006c0000000000000080000200000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b00000000000000000000000000000000000000000000000000000000000000000044010500ff010000000000000000000000000001000004d2330000000a000000000000000000000000000000000000000135000001003b00830000000500000007000000fe8000000000000000000000000000aa000004d63c0000000a000000ac1414bb00000000000000000000000002350000020007007f0000000000000004000000e0000001000000000000000000000000000004d56c00000002000000000000000000000000000000000000000000000004"], 0x1fc}}, 0x4000) 1.806443232s ago: executing program 3 (id=5625): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'tunl0\x00', 0x0}) r2 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r2, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=[@ip_retopts={{0x10, 0x110, 0xc}}], 0x10}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0xbc, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@TCA_STAB={0x74, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xd8, 0x4, 0x9, 0x1, 0x2, 0x5, 0x5, 0x1}}, {0x6, 0x2, [0x0]}}, {{0x1c, 0x1, {0xf, 0xe7, 0x472f, 0x4, 0x2, 0x2, 0x1, 0x2}}, {0x8, 0x2, [0x800, 0x80]}}, {{0x1c, 0x1, {0x5, 0x6, 0x7, 0x4, 0x1, 0xfffffff8, 0x6, 0x4}}, {0xc, 0x2, [0x8, 0x2, 0x10, 0x7]}}]}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x10, 0x9, 0x8, 0x0, 0x73f, 0x762e6eec}}, {0x4}}]}]}, 0xbc}}, 0x4800) r3 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r3, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001400add427321d470c45b45602067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) 1.7827813s ago: executing program 4 (id=5626): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x28, r1, 0x5, 0x70bd2c, 0x0, {{}, {@void, @val={0xc, 0x99, {0x6, 0x31}}}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x28}}, 0x0) close(0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="cc00ecd7ccbaded1d08e570000", @ANYRES16=r1, @ANYBLOB="050000000000fedbdf250f00000008000300", @ANYRES32=r2, @ANYBLOB="4a000e0080000000ffffffffffff080211000000ffffffffffff00000000000000000000070001000406f0027f0006a7060206002503018c08720603030303030371070000000000216800004c000e80420002006f28cae7e763e81067d4ceb813e7feb2a199aa4d55a1ab96f08a0f0e794136b12fef25420295cc1e507f98d439d24055b3819ebc8073730523a0a085ad760000040001000800a100c300000008000c006400000008000d0000000000"], 0xcc}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) syz_emit_ethernet(0x7e, &(0x7f0000000040)={@link_local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x503, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @mcast1, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8}]}]}}}}}}}, 0x0) r4 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010", @ANYRES8=0x0, @ANYRES8], 0x48}}, 0x0) sendmmsg$alg(r4, &(0x7f00000000c0), 0x492492492492627, 0x0) setsockopt$sock_int(r3, 0x1, 0x3e, &(0x7f00000000c0)=0x4, 0x4) bind$llc(r3, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x4, 0x1, 0x0, @local}, 0x10) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x480, @broadcast}}) socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r6, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000600)={0x54, r7, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xfffffee6, 0x8f, 0x1000000}, {0xc}}]}, 0x54}}, 0x0) r8 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r8, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) syz_emit_ethernet(0x0, 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(r8, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000000002000000e00000020000000000000000000000000000000000000000000000000000000000000000000000ffa40000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000002"], 0x110) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$cgroup_int(r9, &(0x7f0000000200), 0x12) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r9, 0x0) syz_init_net_socket$ax25(0x3, 0x2, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x5, &(0x7f0000000000)=0x9, 0x4) 1.662557284s ago: executing program 3 (id=5627): bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000096d132478102268d00", @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0xfffffffd}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df12c9f7b9a60000000000200000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 1.554396003s ago: executing program 2 (id=5628): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100), 0x34) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)='%+9llu \x00'}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x12, &(0x7f00000001c0)=@framed={{0x18, 0x8, 0x0, 0x0, 0x33}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, r2}, @generic={0x6a, 0x8, 0x0, 0x0, 0x10001}, @initr0={0x18, 0x0, 0x0, 0x0, 0x80002}, @exit, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x59, 0x0, 0x0, 0x4c}, 0x94) epoll_create(0x4) 1.553624213s ago: executing program 1 (id=5629): r0 = socket(0x21, 0x80000, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000700)={'bridge_slave_1\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32=r0], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, 0x2}, 0x94) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'team0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x100, 0x4000000, 0x0, {0x0, 0x48, 0x0, r5, 0x21eae}}, 0x20}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0) close(r8) socketpair$nbd(0x1, 0x1, 0x0, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r9 = socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_STATION(r8, &(0x7f0000007380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="f1e6ffffbfff000000001300000008000300", @ANYRES32=r12, @ANYBLOB="0500e40000000000060012000800000006003600090000000a00c200fb00"/44], 0x48}, 0x1, 0x0, 0x0, 0x200000d0}, 0x8050) sendmsg$kcm(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) r13 = socket$unix(0x1, 0x2, 0x0) r14 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r13, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r14, @ANYBLOB="010028b6296be141526b7e00000008000300", @ANYRES32=r15, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c6572300000000000000800050006000000"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) writev(r3, &(0x7f00000002c0), 0x2) 1.423355669s ago: executing program 3 (id=5630): socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') unshare(0x6a040000) socket(0x8, 0x3, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = accept$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) getpeername$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) setsockopt$sock_timeval(r0, 0x1, 0x43, &(0x7f0000000040)={r3, r4/1000+10000}, 0x10) 1.376350453s ago: executing program 2 (id=5631): r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="85000000a0000000"], &(0x7f0000000040)='GPL\x00', 0x8, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94) close(r0) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/net\x00') r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/net\x00') bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup=r2, 0x11, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40) syz_emit_ethernet(0x7e, &(0x7f0000000000)={@broadcast, @random="6c7621d7cc94", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "fec000", 0x48, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "98a350", 0x0, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2}, @private1, [@hopopts={0x11}], "fafb17c103001c193eb46558f48ce6b9"}}}}}}}, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@cgroup=r3, 0x24, 0x0, 0xffff, &(0x7f0000000000)=[0x0], 0x40e8, 0x0, 0x0, 0x0, 0x0}, 0x40) 1.25437064s ago: executing program 4 (id=5632): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20) ioctl$PPPIOCBRIDGECHAN(0xffffffffffffffff, 0x40047435, &(0x7f0000000300)=0xfc0000) setsockopt$RXRPC_SECURITY_KEYRING(r2, 0x110, 0x2, &(0x7f0000000180)='vxcan1\x00', 0x7) close(r4) sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)}, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r5, 0x84, 0x77, &(0x7f0000000200)=ANY=[@ANYRES32=0x0, @ANYBLOB="85aeb8ed68"], 0x8) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@ipv6_newroute={0x1c, 0x18, 0xffffffffffffffff, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xfe, 0x0, 0xfd, 0x9}}, 0x1c}}, 0x0) r7 = socket$inet6(0xa, 0x3, 0xff) r8 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r8, &(0x7f0000000000)={0xa, 0x4000, 0x0, @empty, 0x5}, 0x1c) writev(r8, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) sendmmsg$inet6(r7, &(0x7f00000000c0)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @private1}, 0x1c, 0x0}}], 0x1, 0x0) r9 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vxcan1\x00'}) setsockopt$RXRPC_SECURITY_KEY(r9, 0x110, 0x1, &(0x7f0000000100)='##\x00', 0x3) 1.12851488s ago: executing program 2 (id=5633): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="bc010000190001002abd700000000000e0000002000000000000000000000000ac1414bb00000000000000000000000000000000000000000a00200000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff00000004000080000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004010500ff010000000000000000000000000001000004d2330000000a000000000000000000000000000000000000000135000001003b00830000000500000007000000fe8000000000000000000000000000aa000004d63c"], 0x1bc}}, 0x4000) 1.086983228s ago: executing program 4 (id=5634): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'lo\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x4}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bind$packet(r0, &(0x7f0000000140)={0x11, 0x3, r2, 0x1, 0x5, 0x6, @local}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2}, 0x4) sendmmsg(r0, &(0x7f00000028c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4006000) 865.945784ms ago: executing program 4 (id=5635): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000130000000000000000000000fc00000000000000000000000000000000000000000000000000000000000000000000000000000000000010"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001030000000000000000fc0100000000000000000000000000003ed300000000000000000000000000fcffffff0000000000020010"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0) 865.284965ms ago: executing program 1 (id=5636): r0 = socket(0x15, 0x5, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r1) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000340)={'wpan1\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_DEV(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)={0x24, r3, 0x852dd6c070cd7e4d, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}]}, 0x24}, 0x4, 0x700000002000000}, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x10001, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="80000000", @ANYRES16=r6, @ANYBLOB="050027bd7000fedbdf250600000008000300", @ANYRES32=r7, @ANYBLOB="0800050006000000100017800400020004000600040002000c00178004000200040006001c001780040004000b0003"], 0x80}, 0x1, 0x0, 0x0, 0x40048}, 0x0) (async) r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r8, 0xc004743e, &(0x7f0000000140)=0x10000000) (async) r9 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r9, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x1}}, 0x10) r10 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r10, 0x10f, 0x87, &(0x7f00000001c0)={0x8000042, 0x3}, 0x10) (async) r11 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r11, &(0x7f0000000380)={&(0x7f0000000140)=@name={0x1e, 0x2, 0x3, {{0x42, 0x2}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4048044) r12 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0xc0200, 0x0) ioctl$PPPIOCNEWUNIT(r12, 0xc004743e, &(0x7f0000000100)=0x2) (async) close(r8) r13 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r13, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) (async) r14 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r14, 0x84, 0xc, &(0x7f0000000480)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r13, 0x84, 0x7b, &(0x7f0000000040)={r15, 0x2}, 0x8) (async) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000280)={r15, @in6={{0xa, 0x4e23, 0x6a, @private1, 0x61}}}, &(0x7f0000000000)=0x84) 864.292821ms ago: executing program 2 (id=5637): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f0000001140)=[{&(0x7f0000000740)="feb586450c3886e60b185b940a440bb5dc462354f1", 0x15}], 0x1}}], 0x1, 0x4004000) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="fc01000019000100000000000000000000000000000000000000ffff00000000ac14144200000000000000000000000000000000000080000200000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff00000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b00000000000000000000000000000000000000000000000000000000000000000044010500ff010000000000000000000000000001000004d2330000000a000000000000000000000000000000000000000135000001003b00830000000500000007000000fe8000000000000000000000000000aa000004d63c0000000a000000ac1414bb00000000000000000000000002350000020007007f0000000000000004000000e0000001000000000000000000000000000004d56c00000002000000000000000000000000000000000000000000000004030300040000000200000003000000fc000000000000000000000000000000000004d32b"], 0x1fc}}, 0x4000) 582.224179ms ago: executing program 2 (id=5638): syz_emit_ethernet(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x1, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x0, 0x3, {@ip4=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f00000001c0)=@ethtool_ringparam={0x4, 0x0, 0x45, 0xfffffffe, 0x8fc3, 0x1, 0x20000, 0x0, 0xf}}) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x1, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0x2}, {0x0, 0xa00, 0x40800000000000, 0x7fffffffffffffd}}}, 0xb8}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a0000000210001000000000004000000fc000000000000000000000000000001ff010000000000000001a8000000000100000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000050001100ff0200000000000000000000000000010a010100000000000000000000000000fc0000000000000000000000000000000a0101000000000000000000000000003c000000000000000a000a00"], 0xa0}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000500)={'tunl0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYBLOB="000000000000000028001280090001006970697000000000"], 0x48}, 0x1, 0x2}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$int_in(r6, 0x5452, &(0x7f00000000c0)=0x7) vmsplice(r6, &(0x7f0000001c80)=[{&(0x7f00000019c0)="547ca44de2e19cdc24892d4cacca39b43e828821258bfbbbf3ef3cb7330cd177875b067b8ca128ebec27e185b525a93b7db5a67994ad98e53c509e59bd0b6e9ccdeb87358d97d95c74c41f578420b45d99fdab496616e1571c291d17b8e25ca49058ec274c739bed572bbd5a1112f66678fc0e712ca843f49d68b1680a256253499aa5ba", 0x84}, {&(0x7f0000001a80)}], 0x2, 0x1) r7 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000005c0)=@generic={&(0x7f0000000580)='./file0\x00'}, 0x18) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x6, 0x4, &(0x7f0000000900)=ANY=[@ANYBLOB="180000000900000000000000040000003816e0ff0100000095000000000000005f0c4856099a61e9ed7448c7fb94a1661a0a4017aeb2d5d32ffad17c37c0"], &(0x7f00000002c0)='GPL\x00', 0x356f, 0x0, 0x0, 0x41100, 0x25, '\x00', r5, 0x25, r6, 0x8, &(0x7f0000000440)={0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000740)=[r7, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000780)=[{0x2, 0x1, 0xa, 0xa}, {0x2, 0x2, 0x3}, {0x5, 0x5, 0x6, 0x5}, {0x5, 0x2, 0x10}, {0x3, 0x1, 0x6}, {0x1, 0x4, 0x6, 0x3}, {0x3, 0x8, 0x2, 0x3}, {0x5, 0x4, 0x3, 0x8}, {0x4, 0x5, 0x2, 0x4}], 0x10, 0x72}, 0x94) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r9, @ANYBLOB="1f003300d00000000802110000010802110000"], 0x3c}}, 0x10) bind$qrtr(0xffffffffffffffff, &(0x7f0000000000), 0xc) 581.691435ms ago: executing program 1 (id=5639): r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) listen(r0, 0x0) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080), 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000003000083850000002d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x18) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a48500000004000000850000000f00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='percpu_alloc_percpu\x00', r3}, 0x10) unshare(0x22020400) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000070000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f00000004c0)=[{0x0, 0x1}, {&(0x7f00000003c0)="8e252f33", 0x4}], 0x2}}], 0x1, 0x24000054) 581.294763ms ago: executing program 4 (id=5640): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2400000070000100000000000000000007"], 0x24}}, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write(r1, &(0x7f00000002c0), 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, 0x0, 0x0) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r4, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}}, 0x4044004) recvmmsg(r5, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x10003}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000400)=""/180, 0xb4}, {&(0x7f0000000780)=""/260, 0x104}, {&(0x7f00000001c0)=""/33, 0x21}, {&(0x7f0000002900)=""/4114, 0x1012}, {&(0x7f0000000a40)=""/220, 0xdc}, {0x0}, {&(0x7f00000005c0)=""/146, 0x92}, {&(0x7f00000008c0)=""/234, 0xea}], 0x8}, 0x80000002}], 0x4, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_DISABLE_BEARER(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x2c, r7, 0x12b084226d2dad07, 0x0, 0x0, {{}, {}, {0x10, 0x13, @udp='udp:syz0\x00'}}}, 0x2c}}, 0x0) r8 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) r9 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000000c0)="1b0000001a007f029e", 0x9}, {&(0x7f0000000240)="6848b2796acd812dce3d01d190a3cab1e8ce", 0x12}], 0x2}, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000b40)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010d0000000000000000030000002800018014000280080003000f00000008000400060000000d0001007564703a73797a31000000003f3143e923c65dd507dd5c4f50cffa6201ce3c6beecf6de706e164f60f3ab033a2694eb98877b3f95f3b4d22e59c657e9346f0eae5bf4f296e5de9f2e93290b78c76dcc80acb428a426de4e5fe"], 0x3c}, 0x1, 0x0, 0x0, 0x851}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) 407.118855ms ago: executing program 0 (id=5641): bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x3, 0x4, &(0x7f00000003c0)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x95ff}, 0x94) 356.37664ms ago: executing program 1 (id=5642): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x23, &(0x7f0000000000), 0x4) sendmsg$inet(r2, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x20000000) recvmsg(r1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002940)=""/4098, 0x15}, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x10, 0x803, 0x0) r4 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r4, &(0x7f0000000080)={&(0x7f0000000000)=@llc={0x1a, 0x201, 0x8, 0xd, 0xff, 0xf9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0a000000000000001001000001000000dcfbff0000000000"], 0x18}, 0x840) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'pim6reg\x00', 0x6bf1c2d5adba8c32}) socket$kcm(0x2, 0xa, 0x2) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_inet_SIOCSIFDSTADDR(r6, 0x8919, &(0x7f0000000000)={'lo\x00', {0x2, 0x4e24, @loopback}}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000240)={'batadv0\x00', @link_local}) writev(r5, &(0x7f00000008c0)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f8864", 0x12}], 0x1) close(0x3) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848360000005e140602000000000e000a00100000000b8000001294", 0x2e}], 0x1}, 0x0) setsockopt$netrom_NETROM_T2(0xffffffffffffffff, 0x103, 0x2, &(0x7f0000000100)=0x5, 0x4) socket$unix(0x1, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="05000000070000000700000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES64=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r8, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) socket$inet_tcp(0x2, 0x1, 0x0) 210.600706ms ago: executing program 0 (id=5643): r0 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r0, &(0x7f0000001480)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x10000, 0x0) 123.000776ms ago: executing program 1 (id=5644): r0 = socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newtaction={0x7c, 0x30, 0x1, 0x0, 0x0, {}, [{0x68, 0x1, [@m_mpls={0x64, 0x1, 0x0, 0x0, {{0x9}, {0x38, 0x2, 0x0, 0x1, [@TCA_MPLS_TTL={0x5, 0x7, 0x6}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x9f, 0x10, 0x2, 0x88, 0x9c4}, 0x2}}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8847}, @TCA_MPLS_LABEL={0x8, 0x5, 0x199d2}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x7c}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0xd, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000fcffffff0000000080000000850000002a00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000020000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x59}, 0x94) r5 = openat$cgroup(0xffffffffffffffff, &(0x7f00000004c0)='syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r5, &(0x7f0000000580)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) sendmsg$tipc(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000000)="961797fd65ece1f1921d16c82587f2c32dc2558916e3cbc357568a1d603d8b3ec746dfa64ed5b700b7923962555a1a12c0e59b8b8e580c733ee1f3", 0x3b}, {&(0x7f0000000100)="8ee9c2f282f01f8d9aa8376924fac3aee3deba53102760bef264e5351a7a49d0d4a9f67c6c02240a654afb1daa2c571baf8b1162956b0f113101b3dc869f0012e4679cf2f070004faf8abad9afaca05bf05f8f2904470b720f36c1114499eefbfdc81490b4def4c54bd519223e44a188ae412ca8e6a387fee02e613cda6be92a700f109d808025082d7c008284f4dc9417622953922734089db326d1b57b63646ad8e1e232efabdf06cd88aa66d00faba54f3aab73680ecf2eb050fb3ce2f6f33d", 0xc1}, {&(0x7f0000000280)="921d656de043b10de2b8d8ed480f232dafba6e6b553eca13e3b509849a960bc3faf271b364877b45ce7d721438cb34887b2f4d94fcf8d28cf164720ade4aa5078515f02a9b6e6c4071829044ef996c74d2197234958a35773e5c4ce03bb26f2144adc1a2c4cf16a9deb6698b5c8fc8fb3f1894330094012b6c8c24f29e67", 0x7e}, {&(0x7f0000000200)="9906a148b5f4d14c0ef6b120b2bda57696d250be59135f6dd16f2f7ef1aea591e6f20f9e", 0x24}, {&(0x7f0000000300)="590ff65170f89504e91beef354fb9301dcd2bb5d240644f531960fa2779f2e0fbfc433940c5f45248e202111b4bed2bd13199848984a7e37ef04754a1fac4facacd701868c16fdd4c8d387ad73032d4c3013d353242ded3a615f2d9b0ce62e4191fe704c1134824a7a09d0e660ca42144d421b5c81b9e8cd70b8d87cfe422127bc87979d95d0cce1833c955f4de71ec2020ea6701d0332a246b285f01fd0826044010bf1f855004a9f503dd5de20969b99e0ea207f85b003713705542628a84b4063e43fa36874c5ab5a918d651b25a0c73ff3f5ca24d5a8a2", 0xd9}], 0x5, 0x0, 0x0, 0x4040}, 0x844) 0s ago: executing program 1 (id=5645): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x18, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082000000bf91000000000000b7020000000000008500000085000000b7000000000000009500"/104], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x331e5c6805043cda) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x20e, 0x0, 0x0, 0x0, 0x0, 0x31, 0x6000000000000000, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket(0x1a, 0x4, 0x4) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r6) sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000325598b1fd069f7d004100001c001700000000000000006574683a73797a6b616c6c657230193e00609c0409583350f263d099d7c55ecf17fcb862f02e1426be5362b2c5d8bef0e01a9a05ef12992659314497549e5a006fe520b1cc3a2e1aa4fccd0814c2e610aa", @ANYRESOCT=r3], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r8) socket$unix(0x1, 0x1, 0x0) ioctl$TUNSETTXFILTER(r4, 0x400454d1, &(0x7f0000000180)={0x1, 0x2, [@empty, @remote]}) ioctl$SIOCSIFHWADDR(r8, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='mmap_lock_acquire_returned\x00', r9, 0x0, 0x40000000000d}, 0x18) sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000000) r10 = socket$alg(0x26, 0x5, 0x0) bind$alg(r10, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r11 = accept4(r10, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) recvmmsg(r11, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): envswitch: netlink: Duplicate or invalid key (type 0). [ 449.895479][T17687] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 450.058030][T17674] netlink: 156 bytes leftover after parsing attributes in process `syz.2.3733'. [ 450.070919][T17697] wg1 speed is unknown, defaulting to 1000 [ 450.125249][T17697] lo speed is unknown, defaulting to 1000 [ 450.317328][T17706] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3742'. [ 450.397574][T17706] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3742'. [ 450.845332][T17717] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3745'. [ 451.135954][T17724] bridge0: port 1(syz_tun) entered blocking state [ 451.163066][T17724] bridge0: port 1(syz_tun) entered disabled state [ 451.191126][T17724] syz_tun: entered allmulticast mode [ 451.220345][T17724] syz_tun: entered promiscuous mode [ 451.228577][T17724] bridge0: port 1(syz_tun) entered blocking state [ 451.235468][T17724] bridge0: port 1(syz_tun) entered listening state [ 451.545348][T17733] openvswitch: netlink: Duplicate or invalid key (type 0). [ 451.578065][T17733] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 451.801723][T17737] netlink: 'syz.1.3751': attribute type 1 has an invalid length. [ 451.999280][T17747] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3756'. [ 452.016732][T17747] netlink: 'syz.4.3756': attribute type 7 has an invalid length. [ 452.066190][T17747] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3756'. [ 452.156262][T17754] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3759'. [ 452.358699][T17763] !: renamed from dummy0 (while UP) [ 452.402003][T17766] netlink: 'syz.3.3764': attribute type 10 has an invalid length. [ 452.452018][T17766] syz_tun: entered promiscuous mode [ 452.455650][T17769] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input8 [ 452.490590][T17766] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 452.828358][T17783] vlan2: entered promiscuous mode [ 452.977427][T17790] vlan2: entered promiscuous mode [ 453.113506][T17802] netlink: 'syz.4.3772': attribute type 1 has an invalid length. [ 453.196287][T17799] wg1 speed is unknown, defaulting to 1000 [ 453.249633][T17799] lo speed is unknown, defaulting to 1000 [ 453.529570][T17814] tipc: Failed to remove unknown binding: 66,1,1/0:4051487120/4051487122 [ 453.729562][T17820] netlink: 'syz.2.3779': attribute type 11 has an invalid length. [ 453.741316][T17821] netlink: 'syz.4.3781': attribute type 1 has an invalid length. [ 453.980011][T17835] FAULT_INJECTION: forcing a failure. [ 453.980011][T17835] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 454.031498][T17835] CPU: 0 UID: 0 PID: 17835 Comm: syz.0.3784 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) [ 454.031533][T17835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 454.031547][T17835] Call Trace: [ 454.031556][T17835] [ 454.031566][T17835] dump_stack_lvl+0x189/0x250 [ 454.031599][T17835] ? __pfx____ratelimit+0x10/0x10 [ 454.031626][T17835] ? __pfx_dump_stack_lvl+0x10/0x10 [ 454.031653][T17835] ? __pfx__printk+0x10/0x10 [ 454.031685][T17835] ? __might_fault+0xb0/0x130 [ 454.031729][T17835] should_fail_ex+0x414/0x560 [ 454.031761][T17835] _copy_from_user+0x2d/0xb0 [ 454.031783][T17835] ___sys_sendmsg+0x158/0x2a0 [ 454.031819][T17835] ? __pfx____sys_sendmsg+0x10/0x10 [ 454.031895][T17835] ? __fget_files+0x2a/0x420 [ 454.031927][T17835] ? __fget_files+0x3a0/0x420 [ 454.031973][T17835] __x64_sys_sendmsg+0x19b/0x260 [ 454.032010][T17835] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 454.032055][T17835] ? __pfx_ksys_write+0x10/0x10 [ 454.032093][T17835] ? rcu_is_watching+0x15/0xb0 [ 454.032123][T17835] ? do_syscall_64+0xbe/0x3b0 [ 454.032157][T17835] do_syscall_64+0xfa/0x3b0 [ 454.032183][T17835] ? lockdep_hardirqs_on+0x9c/0x150 [ 454.032210][T17835] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.032232][T17835] ? clear_bhb_loop+0x60/0xb0 [ 454.032259][T17835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.032280][T17835] RIP: 0033:0x7fe48cf8ebe9 [ 454.032298][T17835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.032317][T17835] RSP: 002b:00007fe48de02038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 454.032339][T17835] RAX: ffffffffffffffda RBX: 00007fe48d1b5fa0 RCX: 00007fe48cf8ebe9 [ 454.032354][T17835] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000004 [ 454.032367][T17835] RBP: 00007fe48de02090 R08: 0000000000000000 R09: 0000000000000000 [ 454.032380][T17835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 454.032392][T17835] R13: 00007fe48d1b6038 R14: 00007fe48d1b5fa0 R15: 00007ffc66f95df8 [ 454.032423][T17835] [ 454.399145][T17849] __nla_validate_parse: 7 callbacks suppressed [ 454.399165][T17849] netlink: 100 bytes leftover after parsing attributes in process `syz.0.3790'. [ 454.554864][T17857] netlink: 312 bytes leftover after parsing attributes in process `syz.1.3792'. [ 454.570051][T17855] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3795'. [ 454.578743][T17854] tipc: Enabled bearer , priority 0 [ 454.587013][T17854] syzkaller0: entered promiscuous mode [ 454.605795][T17854] syzkaller0: entered allmulticast mode [ 454.633658][T17859] netlink: 'syz.2.3796': attribute type 1 has an invalid length. [ 454.642406][T17861] netlink: 'syz.3.3794': attribute type 3 has an invalid length. [ 454.669750][T17854] tipc: Resetting bearer [ 454.717497][T17852] tipc: Resetting bearer [ 454.788783][T17852] tipc: Disabling bearer [ 454.940633][T17875] netlink: 'syz.0.3800': attribute type 1 has an invalid length. [ 455.075307][T17878] FAULT_INJECTION: forcing a failure. [ 455.075307][T17878] name failslab, interval 1, probability 0, space 0, times 0 [ 455.088203][T17878] CPU: 1 UID: 0 PID: 17878 Comm: syz.2.3802 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) [ 455.088234][T17878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 455.088247][T17878] Call Trace: [ 455.088256][T17878] [ 455.088265][T17878] dump_stack_lvl+0x189/0x250 [ 455.088297][T17878] ? __pfx____ratelimit+0x10/0x10 [ 455.088324][T17878] ? __pfx_dump_stack_lvl+0x10/0x10 [ 455.088351][T17878] ? __pfx__printk+0x10/0x10 [ 455.088388][T17878] ? __pfx___might_resched+0x10/0x10 [ 455.088414][T17878] should_fail_ex+0x414/0x560 [ 455.088444][T17878] should_failslab+0xa8/0x100 [ 455.088479][T17878] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 455.088509][T17878] ? __alloc_skb+0x112/0x2d0 [ 455.088542][T17878] __alloc_skb+0x112/0x2d0 [ 455.088575][T17878] netlink_sendmsg+0x5c6/0xb30 [ 455.088614][T17878] ? __pfx_netlink_sendmsg+0x10/0x10 [ 455.088646][T17878] ? aa_sock_msg_perm+0xf1/0x1d0 [ 455.088678][T17878] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 455.088701][T17878] ? __pfx_netlink_sendmsg+0x10/0x10 [ 455.088730][T17878] __sock_sendmsg+0x21c/0x270 [ 455.088770][T17878] ____sys_sendmsg+0x505/0x830 [ 455.088809][T17878] ? __pfx_____sys_sendmsg+0x10/0x10 [ 455.088852][T17878] ? import_iovec+0x74/0xa0 [ 455.088877][T17878] ___sys_sendmsg+0x21f/0x2a0 [ 455.088913][T17878] ? __pfx____sys_sendmsg+0x10/0x10 [ 455.088986][T17878] ? __fget_files+0x2a/0x420 [ 455.089018][T17878] ? __fget_files+0x3a0/0x420 [ 455.089062][T17878] __x64_sys_sendmsg+0x19b/0x260 [ 455.089096][T17878] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 455.089137][T17878] ? __pfx_ksys_write+0x10/0x10 [ 455.089165][T17878] ? rcu_is_watching+0x15/0xb0 [ 455.089193][T17878] ? do_syscall_64+0xbe/0x3b0 [ 455.089226][T17878] do_syscall_64+0xfa/0x3b0 [ 455.089252][T17878] ? lockdep_hardirqs_on+0x9c/0x150 [ 455.089277][T17878] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.089298][T17878] ? clear_bhb_loop+0x60/0xb0 [ 455.089326][T17878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.089346][T17878] RIP: 0033:0x7f4cf338ebe9 [ 455.089367][T17878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 455.089388][T17878] RSP: 002b:00007f4cf41c3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 455.089411][T17878] RAX: ffffffffffffffda RBX: 00007f4cf35b5fa0 RCX: 00007f4cf338ebe9 [ 455.089427][T17878] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000004 [ 455.089440][T17878] RBP: 00007f4cf41c3090 R08: 0000000000000000 R09: 0000000000000000 [ 455.089453][T17878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 455.089465][T17878] R13: 00007f4cf35b6038 R14: 00007f4cf35b5fa0 R15: 00007ffe439ba838 [ 455.089499][T17878] [ 455.389518][T17883] FAULT_INJECTION: forcing a failure. [ 455.389518][T17883] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 455.445107][T17883] CPU: 1 UID: 0 PID: 17883 Comm: syz.0.3805 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) [ 455.445141][T17883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 455.445155][T17883] Call Trace: [ 455.445164][T17883] [ 455.445174][T17883] dump_stack_lvl+0x189/0x250 [ 455.445207][T17883] ? __pfx____ratelimit+0x10/0x10 [ 455.445234][T17883] ? __pfx_dump_stack_lvl+0x10/0x10 [ 455.445261][T17883] ? __pfx__printk+0x10/0x10 [ 455.445305][T17883] should_fail_ex+0x414/0x560 [ 455.445337][T17883] _copy_to_user+0x31/0xb0 [ 455.445361][T17883] simple_read_from_buffer+0xe1/0x170 [ 455.445397][T17883] proc_fail_nth_read+0x1b3/0x220 [ 455.445425][T17883] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 455.445454][T17883] ? rw_verify_area+0x2a6/0x4d0 [ 455.445481][T17883] ? __lock_acquire+0xab9/0xd20 [ 455.445510][T17883] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 455.445538][T17883] vfs_read+0x200/0x980 [ 455.445565][T17883] ? fdget_pos+0x247/0x320 [ 455.445590][T17883] ? __pfx___mutex_lock+0x10/0x10 [ 455.445620][T17883] ? __pfx_vfs_read+0x10/0x10 [ 455.445651][T17883] ? __fget_files+0x2a/0x420 [ 455.445713][T17883] ? __fget_files+0x3a0/0x420 [ 455.445745][T17883] ? __fget_files+0x2a/0x420 [ 455.445796][T17883] ksys_read+0x145/0x250 [ 455.445833][T17883] ? __pfx_ksys_read+0x10/0x10 [ 455.445860][T17883] ? rcu_is_watching+0x15/0xb0 [ 455.445889][T17883] ? do_syscall_64+0xbe/0x3b0 [ 455.445922][T17883] do_syscall_64+0xfa/0x3b0 [ 455.445949][T17883] ? lockdep_hardirqs_on+0x9c/0x150 [ 455.445980][T17883] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.446003][T17883] ? clear_bhb_loop+0x60/0xb0 [ 455.446031][T17883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.446053][T17883] RIP: 0033:0x7fe48cf8d5fc [ 455.446072][T17883] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 455.446092][T17883] RSP: 002b:00007fe48de02030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 455.446118][T17883] RAX: ffffffffffffffda RBX: 00007fe48d1b5fa0 RCX: 00007fe48cf8d5fc [ 455.446134][T17883] RDX: 000000000000000f RSI: 00007fe48de020a0 RDI: 0000000000000004 [ 455.446147][T17883] RBP: 00007fe48de02090 R08: 0000000000000000 R09: 0000000000000000 [ 455.446159][T17883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 455.446172][T17883] R13: 00007fe48d1b6038 R14: 00007fe48d1b5fa0 R15: 00007ffc66f95df8 [ 455.446208][T17883] [ 455.839712][T17893] netlink: 'syz.4.3807': attribute type 1 has an invalid length. [ 455.991321][T17895] netlink: 'syz.3.3811': attribute type 3 has an invalid length. [ 455.999380][T17895] netlink: 'syz.3.3811': attribute type 4 has an invalid length. [ 456.176462][T17901] vlan4: entered promiscuous mode [ 456.319458][T17909] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3817'. [ 456.328788][T17909] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3817'. [ 456.452284][T17917] netlink: 'syz.2.3820': attribute type 10 has an invalid length. [ 456.513918][T17916] netlink: 'syz.1.3819': attribute type 10 has an invalid length. [ 456.556150][T17916] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3819'. [ 456.603438][T17916] dummy0: entered allmulticast mode [ 456.645452][T17923] netlink: 'syz.1.3819': attribute type 10 has an invalid length. [ 456.650625][T17916] bridge0: port 3(dummy0) entered blocking state [ 456.716437][T17916] bridge0: port 3(dummy0) entered disabled state [ 456.747032][T17916] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 456.800987][T17931] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3826'. [ 457.258652][T17957] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3832'. [ 457.374357][T17962] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3834'. [ 457.392888][T17962] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3834'. [ 457.407468][T14758] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 457.436846][T14758] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 457.465718][T14758] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 457.518388][T14758] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 457.602167][T14760] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 457.938255][T17987] tipc: Enabled bearer , priority 10 [ 458.205704][T17994] team0 (unregistering): Port device team_slave_0 removed [ 458.229293][T17994] team0 (unregistering): Port device team_slave_1 removed [ 458.252025][T17994] team0 (unregistering): Port device bond1 removed [ 458.315357][T17995] vlan2: entered promiscuous mode [ 458.759503][T18006] syzkaller1: entered promiscuous mode [ 458.765043][T18006] syzkaller1: entered allmulticast mode [ 459.016083][T18029] vlan0: entered promiscuous mode [ 459.782903][T18062] tipc: Enabled bearer , priority 0 [ 459.793463][T18061] __nla_validate_parse: 5 callbacks suppressed [ 459.793486][T18061] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3866'. [ 459.817252][T18062] syzkaller0: entered promiscuous mode [ 459.848892][T18062] syzkaller0: entered allmulticast mode [ 459.860949][T18061] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3866'. [ 459.963723][T18062] tipc: Resetting bearer [ 460.156225][T18074] netlink: 724 bytes leftover after parsing attributes in process `syz.4.3869'. [ 460.179948][T18074] netlink: 724 bytes leftover after parsing attributes in process `syz.4.3869'. [ 460.328125][T18084] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3873'. [ 460.372037][T18089] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3874'. [ 460.391295][T18089] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3874'. [ 460.568628][T18097] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3878'. [ 460.569474][T18098] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3877'. [ 460.614950][T18102] !: renamed from dummy0 (while UP) [ 460.725770][T18091] wg1 speed is unknown, defaulting to 1000 [ 460.780211][T18091] lo speed is unknown, defaulting to 1000 [ 460.828647][ T6013] tipc: Node number set to 3733670454 [ 460.872519][T18112] validate_nla: 5 callbacks suppressed [ 460.872539][T18112] netlink: 'syz.3.3880': attribute type 12 has an invalid length. [ 460.887347][T18112] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3880'. [ 461.507961][T18154] netlink: 'syz.0.3889': attribute type 4 has an invalid length. [ 462.037070][T18163] batadv0: entered promiscuous mode [ 462.094812][T18163] vlan2: entered promiscuous mode [ 462.248339][T18164] hsr0: entered promiscuous mode [ 462.748114][T18186] netlink: 'syz.3.3900': attribute type 1 has an invalid length. [ 463.021869][T18199] sctp: [Deprecated]: syz.3.3905 (pid 18199) Use of struct sctp_assoc_value in delayed_ack socket option. [ 463.021869][T18199] Use struct sctp_sack_info instead [ 463.180339][T18204] netlink: 'syz.2.3908': attribute type 3 has an invalid length. [ 463.548153][T18228] netlink: 'syz.2.3917': attribute type 5 has an invalid length. [ 463.693652][T18233] FAULT_INJECTION: forcing a failure. [ 463.693652][T18233] name failslab, interval 1, probability 0, space 0, times 0 [ 463.717342][T18233] CPU: 1 UID: 0 PID: 18233 Comm: syz.3.3918 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) [ 463.717377][T18233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 463.717391][T18233] Call Trace: [ 463.717399][T18233] [ 463.717417][T18233] dump_stack_lvl+0x189/0x250 [ 463.717451][T18233] ? __pfx____ratelimit+0x10/0x10 [ 463.717480][T18233] ? __pfx_dump_stack_lvl+0x10/0x10 [ 463.717507][T18233] ? __pfx__printk+0x10/0x10 [ 463.717545][T18233] ? __pfx___might_resched+0x10/0x10 [ 463.717565][T18233] ? fs_reclaim_acquire+0x7d/0x100 [ 463.717605][T18233] should_fail_ex+0x414/0x560 [ 463.717637][T18233] should_failslab+0xa8/0x100 [ 463.717672][T18233] __kmalloc_node_noprof+0xd1/0x4e0 [ 463.717701][T18233] ? qdisc_alloc+0x97/0xaa0 [ 463.717734][T18233] qdisc_alloc+0x97/0xaa0 [ 463.717777][T18233] qdisc_create_dflt+0x8e/0x4e0 [ 463.717808][T18233] taprio_init+0x3e5/0xbd0 [ 463.717850][T18233] ? __pfx_taprio_init+0x10/0x10 [ 463.717882][T18233] ? lockdep_rtnl_is_held+0x26/0x40 [ 463.717902][T18233] ? qdisc_lookup+0x36d/0x6d0 [ 463.717935][T18233] ? __pfx_taprio_init+0x10/0x10 [ 463.717963][T18233] qdisc_create+0x7ac/0xea0 [ 463.717997][T18233] tc_modify_qdisc+0x1538/0x20e0 [ 463.718040][T18233] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 463.718107][T18233] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 463.718128][T18233] rtnetlink_rcv_msg+0x779/0xb70 [ 463.718162][T18233] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 463.718190][T18233] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 463.718216][T18233] ? ref_tracker_free+0x63a/0x7d0 [ 463.718243][T18233] ? __asan_memcpy+0x40/0x70 [ 463.718268][T18233] ? __pfx_ref_tracker_free+0x10/0x10 [ 463.718292][T18233] ? __skb_clone+0x63/0x7a0 [ 463.718337][T18233] netlink_rcv_skb+0x208/0x470 [ 463.718367][T18233] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 463.718398][T18233] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 463.718441][T18233] ? netlink_deliver_tap+0x2e/0x1b0 [ 463.718479][T18233] netlink_unicast+0x82c/0x9e0 [ 463.718514][T18233] ? __pfx_netlink_unicast+0x10/0x10 [ 463.718542][T18233] ? netlink_sendmsg+0x642/0xb30 [ 463.718568][T18233] ? skb_put+0x11b/0x210 [ 463.718603][T18233] netlink_sendmsg+0x805/0xb30 [ 463.718643][T18233] ? __pfx_netlink_sendmsg+0x10/0x10 [ 463.718677][T18233] ? aa_sock_msg_perm+0xf1/0x1d0 [ 463.718709][T18233] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 463.718734][T18233] ? __pfx_netlink_sendmsg+0x10/0x10 [ 463.718765][T18233] __sock_sendmsg+0x21c/0x270 [ 463.718794][T18233] ____sys_sendmsg+0x505/0x830 [ 463.718834][T18233] ? __pfx_____sys_sendmsg+0x10/0x10 [ 463.718879][T18233] ? import_iovec+0x74/0xa0 [ 463.718904][T18233] ___sys_sendmsg+0x21f/0x2a0 [ 463.718941][T18233] ? __pfx____sys_sendmsg+0x10/0x10 [ 463.719018][T18233] ? __fget_files+0x2a/0x420 [ 463.719049][T18233] ? __fget_files+0x3a0/0x420 [ 463.719102][T18233] __x64_sys_sendmsg+0x19b/0x260 [ 463.719139][T18233] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 463.719184][T18233] ? __pfx_ksys_write+0x10/0x10 [ 463.719210][T18233] ? rcu_is_watching+0x15/0xb0 [ 463.719240][T18233] ? do_syscall_64+0xbe/0x3b0 [ 463.719273][T18233] do_syscall_64+0xfa/0x3b0 [ 463.719300][T18233] ? lockdep_hardirqs_on+0x9c/0x150 [ 463.719326][T18233] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.719349][T18233] ? clear_bhb_loop+0x60/0xb0 [ 463.719377][T18233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.719399][T18233] RIP: 0033:0x7fbab058ebe9 [ 463.719420][T18233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.719439][T18233] RSP: 002b:00007fbab14ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 463.719461][T18233] RAX: ffffffffffffffda RBX: 00007fbab07b5fa0 RCX: 00007fbab058ebe9 [ 463.719477][T18233] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000004 [ 463.719490][T18233] RBP: 00007fbab14ce090 R08: 0000000000000000 R09: 0000000000000000 [ 463.719504][T18233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 463.719516][T18233] R13: 00007fbab07b6038 R14: 00007fbab07b5fa0 R15: 00007ffdc1b300e8 [ 463.719551][T18233] [ 464.298367][T18239] tipc: Resetting bearer [ 464.304559][T18239] tipc: Resetting bearer [ 464.338226][T18240] tipc: Resetting bearer [ 464.537706][T18239] bond0: left allmulticast mode [ 464.544316][T18239] bond0: left promiscuous mode [ 464.560231][T18239] tipc: Resetting bearer [ 464.689857][T18270] netlink: 'syz.4.3930': attribute type 10 has an invalid length. [ 464.736783][T18270] bridge0: port 1(syz_tun) entered disabled state [ 464.770718][T18270] syz_tun: left allmulticast mode [ 464.776225][T18270] bridge0: port 1(syz_tun) entered disabled state [ 464.851699][T18276] __nla_validate_parse: 7 callbacks suppressed [ 464.851733][T18276] netlink: 312 bytes leftover after parsing attributes in process `syz.0.3931'. [ 464.897710][T18275] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3932'. [ 464.937018][T18275] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3932'. [ 465.139554][T18287] FAULT_INJECTION: forcing a failure. [ 465.139554][T18287] name failslab, interval 1, probability 0, space 0, times 0 [ 465.191104][T18287] CPU: 0 UID: 0 PID: 18287 Comm: syz.2.3936 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) [ 465.191138][T18287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 465.191152][T18287] Call Trace: [ 465.191160][T18287] [ 465.191170][T18287] dump_stack_lvl+0x189/0x250 [ 465.191204][T18287] ? __pfx____ratelimit+0x10/0x10 [ 465.191232][T18287] ? __pfx_dump_stack_lvl+0x10/0x10 [ 465.191259][T18287] ? __pfx__printk+0x10/0x10 [ 465.191297][T18287] ? __pfx___might_resched+0x10/0x10 [ 465.191318][T18287] ? fs_reclaim_acquire+0x7d/0x100 [ 465.191358][T18287] should_fail_ex+0x414/0x560 [ 465.191390][T18287] should_failslab+0xa8/0x100 [ 465.191424][T18287] __kmalloc_node_noprof+0xd1/0x4e0 [ 465.191454][T18287] ? qdisc_alloc+0x97/0xaa0 [ 465.191487][T18287] qdisc_alloc+0x97/0xaa0 [ 465.191525][T18287] qdisc_create_dflt+0x8e/0x4e0 [ 465.191558][T18287] taprio_init+0x3e5/0xbd0 [ 465.191606][T18287] ? __pfx_taprio_init+0x10/0x10 [ 465.191638][T18287] ? lockdep_rtnl_is_held+0x26/0x40 [ 465.191658][T18287] ? qdisc_lookup+0x36d/0x6d0 [ 465.191690][T18287] ? __pfx_taprio_init+0x10/0x10 [ 465.191718][T18287] qdisc_create+0x7ac/0xea0 [ 465.191753][T18287] tc_modify_qdisc+0x1538/0x20e0 [ 465.191796][T18287] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 465.191856][T18287] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 465.191878][T18287] rtnetlink_rcv_msg+0x779/0xb70 [ 465.191905][T18287] ? __lock_acquire+0xab9/0xd20 [ 465.191946][T18287] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 465.191974][T18287] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 465.192023][T18287] netlink_rcv_skb+0x208/0x470 [ 465.192049][T18287] ? __lock_acquire+0xab9/0xd20 [ 465.192081][T18287] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 465.192111][T18287] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 465.192154][T18287] ? netlink_deliver_tap+0x2e/0x1b0 [ 465.192192][T18287] netlink_unicast+0x82c/0x9e0 [ 465.192229][T18287] ? __pfx_netlink_unicast+0x10/0x10 [ 465.192256][T18287] ? netlink_sendmsg+0x642/0xb30 [ 465.192282][T18287] ? skb_put+0x11b/0x210 [ 465.192317][T18287] netlink_sendmsg+0x805/0xb30 [ 465.192358][T18287] ? __pfx_netlink_sendmsg+0x10/0x10 [ 465.192391][T18287] ? aa_sock_msg_perm+0xf1/0x1d0 [ 465.192424][T18287] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 465.192448][T18287] ? __pfx_netlink_sendmsg+0x10/0x10 [ 465.192479][T18287] __sock_sendmsg+0x21c/0x270 [ 465.192507][T18287] ____sys_sendmsg+0x505/0x830 [ 465.192546][T18287] ? __pfx_____sys_sendmsg+0x10/0x10 [ 465.192590][T18287] ? import_iovec+0x74/0xa0 [ 465.192617][T18287] ___sys_sendmsg+0x21f/0x2a0 [ 465.192653][T18287] ? __pfx____sys_sendmsg+0x10/0x10 [ 465.192731][T18287] ? __fget_files+0x2a/0x420 [ 465.192763][T18287] ? __fget_files+0x3a0/0x420 [ 465.192808][T18287] __x64_sys_sendmsg+0x19b/0x260 [ 465.192845][T18287] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 465.192890][T18287] ? __pfx_ksys_write+0x10/0x10 [ 465.192916][T18287] ? rcu_is_watching+0x15/0xb0 [ 465.192952][T18287] ? do_syscall_64+0xbe/0x3b0 [ 465.192986][T18287] do_syscall_64+0xfa/0x3b0 [ 465.193012][T18287] ? lockdep_hardirqs_on+0x9c/0x150 [ 465.193038][T18287] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.193061][T18287] ? clear_bhb_loop+0x60/0xb0 [ 465.193088][T18287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.193110][T18287] RIP: 0033:0x7f4cf338ebe9 [ 465.193130][T18287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 465.193149][T18287] RSP: 002b:00007f4cf41c3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 465.193172][T18287] RAX: ffffffffffffffda RBX: 00007f4cf35b5fa0 RCX: 00007f4cf338ebe9 [ 465.193188][T18287] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000004 [ 465.193202][T18287] RBP: 00007f4cf41c3090 R08: 0000000000000000 R09: 0000000000000000 [ 465.193215][T18287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 465.193228][T18287] R13: 00007f4cf35b6038 R14: 00007f4cf35b5fa0 R15: 00007ffe439ba838 [ 465.193264][T18287] [ 465.640586][T18293] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3939'. [ 465.650112][T18293] tipc: Enabling of bearer <*dp:sy{±> rejected, media not registered [ 465.868106][T18303] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3941'. [ 465.877290][T18303] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3941'. [ 465.989548][T18308] IPVS: set_ctl: invalid protocol: 137 172.20.20.187:20004 [ 466.032250][T18315] sch_tbf: burst 1440 is lower than device bond0 mtu (1514) ! [ 466.199555][T18308] nbd0: detected capacity change from 0 to 127 [ 466.213347][ T5187] block nbd0: Receive control failed (result -32) [ 466.349908][T18330] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3942'. [ 466.466402][ T6013] IPVS: starting estimator thread 0... [ 466.540732][T18316] _ÐZ`Ô€@ÿÿ: entered promiscuous mode [ 466.568265][T18336] IPVS: using max 29 ests per chain, 69600 per kthread [ 466.697575][T18341] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3948'. [ 466.899782][T18356] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3953'. [ 466.934431][T18356] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3953'. [ 466.962563][T18357] netlink: 'syz.4.3950': attribute type 5 has an invalid length. [ 466.998406][T18357] geneve2: entered promiscuous mode [ 467.013890][T18357] geneve2: entered allmulticast mode [ 467.066478][T18356] gretap0: entered promiscuous mode [ 467.076119][T14760] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 256 - 0 [ 467.116750][T14760] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 256 - 0 [ 467.155977][T14760] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 256 - 0 [ 467.203943][T14759] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 256 - 0 [ 467.302090][T18372] netlink: 'syz.3.3956': attribute type 1 has an invalid length. [ 468.107030][T18412] netlink: 'syz.1.3965': attribute type 11 has an invalid length. [ 468.207899][ T30] audit: type=1800 audit(1754678086.692:8): pid=18416 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3968" name=449D06 dev="tmpfs" ino=628 res=0 errno=0 [ 468.362437][T18425] netlink: 'syz.1.3971': attribute type 10 has an invalid length. [ 468.704385][T18446] bridge: RTM_NEWNEIGH with invalid state 0x0 [ 469.170614][T18453] netlink: 'syz.3.3978': attribute type 1 has an invalid length. [ 469.289599][T18464] sctp: [Deprecated]: syz.0.3981 (pid 18464) Use of struct sctp_assoc_value in delayed_ack socket option. [ 469.289599][T18464] Use struct sctp_sack_info instead [ 469.584452][T18482] netlink: 'syz.2.3987': attribute type 10 has an invalid length. [ 469.933893][T18477] hsr_slave_0: left promiscuous mode [ 469.945757][T18477] hsr_slave_1: left promiscuous mode [ 470.302655][T18492] __nla_validate_parse: 11 callbacks suppressed [ 470.302677][T18492] netlink: 312 bytes leftover after parsing attributes in process `syz.1.3992'. [ 470.322258][T18495] netlink: 'syz.3.3989': attribute type 142 has an invalid length. [ 470.462156][T18503] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3994'. [ 470.472740][T18503] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3994'. [ 470.583208][T18495] syzkaller0: entered promiscuous mode [ 470.595312][T18495] syzkaller0: entered allmulticast mode [ 471.569151][T18535] netlink: 'syz.1.4002': attribute type 1 has an invalid length. [ 472.828426][T18539] netlink: 'syz.4.4003': attribute type 10 has an invalid length. [ 473.194830][T18550] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4007'. [ 473.639880][T18566] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4012'. [ 474.302551][T14758] bond0 (unregistering): Released all slaves [ 474.477198][T14758] tipc: Disabling bearer [ 474.487862][T14758] tipc: Left network mode [ 474.810263][T18584] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4019'. [ 474.920251][T18587] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4020'. [ 474.984498][T18587] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4020'. [ 475.132456][T18596] netlink: 'syz.3.4024': attribute type 10 has an invalid length. [ 475.279449][T18601] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4025'. [ 475.289744][T18601] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 475.323544][T14758] hsr_slave_0: left promiscuous mode [ 475.330003][T18601] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 475.341012][T14758] hsr_slave_1: left promiscuous mode [ 475.363292][T14758] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 475.432879][T14758] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 475.653579][T18619] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4028'. [ 476.541622][T18598] lo speed is unknown, defaulting to 1000 [ 476.919098][T18645] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4037'. [ 476.931247][T18635] lo speed is unknown, defaulting to 1000 [ 476.932289][T18645] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4037'. [ 477.016911][T18645] can: request_module (can-proto-4) failed. [ 477.055484][T18650] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4039'. [ 477.075476][T18650] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4039'. [ 477.144177][T18652] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4040'. [ 477.154145][T18652] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4040'. [ 477.235967][T14758] IPVS: stop unused estimator thread 0... [ 477.291553][T18654] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4041'. [ 477.345172][T18657] netlink: 312 bytes leftover after parsing attributes in process `syz.4.4042'. [ 477.588258][T18665] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4045'. [ 477.602348][T18668] netem: invalid attributes len -16 [ 477.607971][T18668] netem: change failed [ 477.641611][T18665] syzkaller0: entered promiscuous mode [ 477.650026][T18665] syzkaller0: entered allmulticast mode [ 479.185753][T18735] vlan2: entered promiscuous mode [ 480.024741][T18764] netlink: 'syz.0.4080': attribute type 46 has an invalid length. [ 480.298246][T18770] vlan3: entered promiscuous mode [ 480.362811][T18787] netlink: 'syz.2.4088': attribute type 2 has an invalid length. [ 480.748942][T18795] lo speed is unknown, defaulting to 1000 [ 480.949038][T18808] __nla_validate_parse: 13 callbacks suppressed [ 480.949731][T18808] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4099'. [ 480.965249][T18808] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4099'. [ 481.165860][T18819] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4100'. [ 481.178196][T18819] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4100'. [ 481.689733][T18834] netlink: 'syz.1.4107': attribute type 1 has an invalid length. [ 482.027284][T18843] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4108'. [ 482.150044][T18837] lo speed is unknown, defaulting to 1000 [ 482.277509][T18848] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4110'. [ 482.305105][T18848] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4110'. [ 482.656389][T18865] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4117'. [ 482.777184][T18872] netlink: 648 bytes leftover after parsing attributes in process `syz.4.4120'. [ 482.871135][T18875] netlink: 'syz.0.4119': attribute type 10 has an invalid length. [ 482.936600][T18883] netlink: 'syz.2.4123': attribute type 10 has an invalid length. [ 483.104880][T18885] netlink: 'syz.4.4121': attribute type 1 has an invalid length. [ 483.365396][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 483.495368][T18899] netlink: 104 bytes leftover after parsing attributes in process `syz.3.4128'. [ 483.705250][T18909] FAULT_INJECTION: forcing a failure. [ 483.705250][T18909] name failslab, interval 1, probability 0, space 0, times 0 [ 483.737619][T18909] CPU: 0 UID: 0 PID: 18909 Comm: syz.4.4133 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) [ 483.737660][T18909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 483.737675][T18909] Call Trace: [ 483.737684][T18909] [ 483.737694][T18909] dump_stack_lvl+0x189/0x250 [ 483.737727][T18909] ? __pfx____ratelimit+0x10/0x10 [ 483.737759][T18909] ? __pfx_dump_stack_lvl+0x10/0x10 [ 483.737783][T18909] ? __pfx__printk+0x10/0x10 [ 483.737820][T18909] ? __pfx___might_resched+0x10/0x10 [ 483.737840][T18909] ? fs_reclaim_acquire+0x7d/0x100 [ 483.737879][T18909] should_fail_ex+0x414/0x560 [ 483.737910][T18909] should_failslab+0xa8/0x100 [ 483.737945][T18909] __kmalloc_noprof+0xcb/0x4f0 [ 483.737972][T18909] ? kfree+0x4d/0x440 [ 483.737996][T18909] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 483.738035][T18909] tomoyo_realpath_from_path+0xe3/0x5d0 [ 483.738070][T18909] ? tomoyo_domain+0xd9/0x130 [ 483.738110][T18909] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 483.738138][T18909] tomoyo_path_number_perm+0x1e8/0x5a0 [ 483.738169][T18909] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 483.738219][T18909] ? __lock_acquire+0xab9/0xd20 [ 483.738275][T18909] ? __fget_files+0x2a/0x420 [ 483.738312][T18909] ? __fget_files+0x2a/0x420 [ 483.738342][T18909] ? __fget_files+0x3a0/0x420 [ 483.738374][T18909] ? __fget_files+0x2a/0x420 [ 483.738412][T18909] security_file_ioctl+0xcb/0x2d0 [ 483.738442][T18909] __se_sys_ioctl+0x47/0x170 [ 483.738473][T18909] do_syscall_64+0xfa/0x3b0 [ 483.738500][T18909] ? lockdep_hardirqs_on+0x9c/0x150 [ 483.738528][T18909] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.738550][T18909] ? clear_bhb_loop+0x60/0xb0 [ 483.738578][T18909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.738601][T18909] RIP: 0033:0x7f357e18ebe9 [ 483.738621][T18909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 483.738641][T18909] RSP: 002b:00007f357f0d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 483.738671][T18909] RAX: ffffffffffffffda RBX: 00007f357e3b5fa0 RCX: 00007f357e18ebe9 [ 483.738688][T18909] RDX: 0000200000000180 RSI: 00000000000089e3 RDI: 0000000000000003 [ 483.738701][T18909] RBP: 00007f357f0d4090 R08: 0000000000000000 R09: 0000000000000000 [ 483.738714][T18909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 483.738727][T18909] R13: 00007f357e3b6038 R14: 00007f357e3b5fa0 R15: 00007ffca4861e08 [ 483.738763][T18909] [ 483.998823][T18911] netlink: 'syz.0.4134': attribute type 4 has an invalid length. [ 484.053447][T18909] ERROR: Out of memory at tomoyo_realpath_from_path. [ 484.146532][T18915] lo speed is unknown, defaulting to 1000 [ 484.177455][T18915] lo speed is unknown, defaulting to 1000 [ 484.188110][T18915] lo speed is unknown, defaulting to 1000 [ 484.522094][T18935] syzkaller1: entered promiscuous mode [ 484.570736][T18915] infiniband syz0: set down [ 484.575401][T18915] infiniband syz0: added lo [ 484.618932][T18935] syzkaller1: entered allmulticast mode [ 484.630084][T18915] RDS/IB: syz0: added [ 484.634265][T18915] smc: adding ib device syz0 with port count 1 [ 484.641541][ T9] lo speed is unknown, defaulting to 1000 [ 484.648562][T18915] smc: ib device syz0 port 1 has pnetid [ 484.654701][ T9] lo speed is unknown, defaulting to 1000 [ 484.663225][T18915] lo speed is unknown, defaulting to 1000 [ 484.673343][T18935] netlink: 'syz.4.4142': attribute type 21 has an invalid length. [ 485.097114][T18915] lo speed is unknown, defaulting to 1000 [ 485.141788][T18956] netlink: 'syz.1.4145': attribute type 1 has an invalid length. [ 485.771564][T18981] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode broadcast(3) [ 485.881906][T18915] lo speed is unknown, defaulting to 1000 [ 486.026495][T18993] __nla_validate_parse: 7 callbacks suppressed [ 486.026524][T18993] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4154'. [ 486.098976][T18993] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4154'. [ 486.184496][T18998] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4156'. [ 486.234395][T18989] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4153'. [ 486.234421][T18998] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4156'. [ 486.274780][T18989] tap0: tun_chr_ioctl cmd 1074025677 [ 486.294974][T18989] tap0: linktype set to 769 [ 486.776596][T18915] lo speed is unknown, defaulting to 1000 [ 487.146449][T19043] netlink: 104 bytes leftover after parsing attributes in process `syz.3.4166'. [ 487.576946][T19058] netlink: 'syz.4.4170': attribute type 10 has an invalid length. [ 487.717088][T18915] lo speed is unknown, defaulting to 1000 [ 487.815468][T19069] FAULT_INJECTION: forcing a failure. [ 487.815468][T19069] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 487.852691][T19069] CPU: 1 UID: 0 PID: 19069 Comm: syz.4.4171 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) [ 487.852724][T19069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 487.852738][T19069] Call Trace: [ 487.852746][T19069] [ 487.852755][T19069] dump_stack_lvl+0x189/0x250 [ 487.852788][T19069] ? __pfx____ratelimit+0x10/0x10 [ 487.852813][T19069] ? __pfx_dump_stack_lvl+0x10/0x10 [ 487.852840][T19069] ? __pfx__printk+0x10/0x10 [ 487.852885][T19069] should_fail_ex+0x414/0x560 [ 487.852916][T19069] _copy_to_user+0x31/0xb0 [ 487.852939][T19069] simple_read_from_buffer+0xe1/0x170 [ 487.852976][T19069] proc_fail_nth_read+0x1b3/0x220 [ 487.853005][T19069] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 487.853035][T19069] ? rw_verify_area+0x2a6/0x4d0 [ 487.853060][T19069] ? __lock_acquire+0xab9/0xd20 [ 487.853089][T19069] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 487.853116][T19069] vfs_read+0x200/0x980 [ 487.853143][T19067] tipc: Started in network mode [ 487.853143][T19069] ? fdget_pos+0x247/0x320 [ 487.853168][T19069] ? __pfx___mutex_lock+0x10/0x10 [ 487.853195][T19069] ? __pfx_vfs_read+0x10/0x10 [ 487.853226][T19069] ? __fget_files+0x2a/0x420 [ 487.853268][T19069] ? __fget_files+0x3a0/0x420 [ 487.853312][T19069] ? __fget_files+0x2a/0x420 [ 487.853374][T19069] ksys_read+0x145/0x250 [ 487.853406][T19069] ? __fget_files+0x3a0/0x420 [ 487.853444][T19069] ? __pfx_ksys_read+0x10/0x10 [ 487.853484][T19069] ? do_syscall_64+0xbe/0x3b0 [ 487.853523][T19069] do_syscall_64+0xfa/0x3b0 [ 487.853552][T19069] ? lockdep_hardirqs_on+0x9c/0x150 [ 487.853584][T19069] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.853608][T19069] ? clear_bhb_loop+0x60/0xb0 [ 487.853641][T19069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.853664][T19069] RIP: 0033:0x7f357e18d5fc [ 487.853689][T19069] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 487.853711][T19069] RSP: 002b:00007f357f0d4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 487.853737][T19069] RAX: ffffffffffffffda RBX: 00007f357e3b5fa0 RCX: 00007f357e18d5fc [ 487.853755][T19069] RDX: 000000000000000f RSI: 00007f357f0d40a0 RDI: 0000000000000006 [ 487.853769][T19069] RBP: 00007f357f0d4090 R08: 0000000000000000 R09: 0000000000000000 [ 487.853784][T19069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 487.853799][T19069] R13: 00007f357e3b6038 R14: 00007f357e3b5fa0 R15: 00007ffca4861e08 [ 487.853840][T19069] [ 488.128174][T19067] tipc: Node identity 9ad22733aac6, cluster identity 4711 [ 488.135528][T19067] tipc: Enabled bearer , priority 0 [ 488.188424][T19071] syzkaller0: entered promiscuous mode [ 488.212515][T19071] syzkaller0: entered allmulticast mode [ 488.247803][T19071] tipc: Resetting bearer [ 488.363122][T19082] netlink: 'syz.0.4176': attribute type 1 has an invalid length. [ 488.376860][T19066] tipc: Resetting bearer [ 488.385293][T19082] netlink: 'syz.0.4176': attribute type 1 has an invalid length. [ 488.413726][T19082] netlink: 15574 bytes leftover after parsing attributes in process `syz.0.4176'. [ 488.430991][T19087] netlink: 52 bytes leftover after parsing attributes in process `syz.0.4176'. [ 488.441171][T19066] tipc: Disabling bearer [ 488.529663][T18915] lo speed is unknown, defaulting to 1000 [ 488.820806][T19100] netlink: 'syz.1.4183': attribute type 11 has an invalid length. [ 488.821267][T19102] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4182'. [ 489.000394][T19095] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.073484][T19102] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4182'. [ 489.209498][T19095] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.266733][T18915] lo speed is unknown, defaulting to 1000 [ 489.367908][T19095] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.495390][T19095] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.698256][T14759] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.724896][T14759] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.764375][T14759] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.784787][T14758] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.913973][T19114] netlink: 'syz.0.4187': attribute type 1 has an invalid length. [ 490.656790][T19147] IPVS: set_ctl: invalid protocol: 137 172.20.20.187:20004 [ 491.226836][T19138] __nla_validate_parse: 8 callbacks suppressed [ 491.226856][T19138] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4196'. [ 491.366587][T19170] netlink: 312 bytes leftover after parsing attributes in process `syz.2.4204'. [ 491.556676][T19166] vlan3: entered promiscuous mode [ 492.202537][T19174] kthread_run failed with err -4 [ 492.216009][T19174] netlink: 'syz.4.4205': attribute type 3 has an invalid length. [ 492.425747][T19192] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4209'. [ 492.491227][T19195] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4210'. [ 492.500960][T19195] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4210'. [ 492.770094][T19206] netlink: 'syz.2.4215': attribute type 1 has an invalid length. [ 492.865358][T19211] netlink: 248 bytes leftover after parsing attributes in process `syz.3.4216'. [ 492.994359][T19221] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4218'. [ 493.060867][T19224] netlink: 104 bytes leftover after parsing attributes in process `syz.4.4219'. [ 493.305070][T19228] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4220'. [ 493.394497][T19236] lo speed is unknown, defaulting to 1000 [ 493.417629][T19236] lo speed is unknown, defaulting to 1000 [ 493.821093][T19250] netlink: 'syz.1.4225': attribute type 11 has an invalid length. [ 494.075270][T19260] netlink: 'syz.4.4228': attribute type 1 has an invalid length. [ 494.384397][T19271] syzkaller0: left promiscuous mode [ 494.401018][T19271] tipc: Resetting bearer [ 494.665416][T19281] netlink: 312 bytes leftover after parsing attributes in process `syz.4.4235'. [ 495.047726][T19296] netlink: 'syz.1.4240': attribute type 1 has an invalid length. [ 495.181077][T19305] netlink: 'syz.1.4244': attribute type 10 has an invalid length. [ 495.479082][T19317] netlink: 'syz.0.4247': attribute type 1 has an invalid length. [ 495.626836][T19324] netlink: 'syz.0.4247': attribute type 1 has an invalid length. [ 495.635515][T19317] 8021q: adding VLAN 0 to HW filter on device bond2 [ 495.869577][T19319] vlan3: entered allmulticast mode [ 495.874880][T19319] veth1: entered allmulticast mode [ 495.997289][T19317] veth11: entered promiscuous mode [ 496.127566][T19315] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 496.160381][T19335] lo speed is unknown, defaulting to 1000 [ 496.200207][T19335] lo speed is unknown, defaulting to 1000 [ 497.120517][T19364] netlink: 'syz.4.4261': attribute type 10 has an invalid length. [ 498.310395][T19378] __nla_validate_parse: 3 callbacks suppressed [ 498.310415][T19378] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4268'. [ 498.333944][T19378] netlink: 64 bytes leftover after parsing attributes in process `syz.2.4268'. [ 498.385919][T19378] tipc: Invalid UDP bearer configuration [ 498.385987][T19378] tipc: Enabling of bearer rejected, failed to enable media [ 498.721793][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 498.861289][T19412] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4274'. [ 499.006956][T19416] tipc: Enabled bearer , priority 0 [ 499.026158][T19416] syzkaller0: entered promiscuous mode [ 499.035447][T19416] syzkaller0: entered allmulticast mode [ 499.136338][T19415] tap0: tun_chr_ioctl cmd 1074025673 [ 499.160124][T19416] tipc: Resetting bearer [ 499.186673][T19415] tap0: tun_chr_ioctl cmd 1074025677 [ 499.209418][T19415] tap0: linktype set to 804 [ 499.259025][T19420] tap0: tun_chr_ioctl cmd 1074025677 [ 499.269559][T19420] tap0: linktype set to 804 [ 499.288685][T19414] tipc: Resetting bearer [ 499.317329][T19414] tipc: Disabling bearer [ 499.349020][T19426] lo speed is unknown, defaulting to 1000 [ 499.356915][T19426] lo speed is unknown, defaulting to 1000 [ 499.643773][T19435] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4281'. [ 499.819767][T19440] netlink: 'syz.1.4282': attribute type 1 has an invalid length. [ 500.016098][T19440] bond0: entered promiscuous mode [ 500.032051][T19440] 8021q: adding VLAN 0 to HW filter on device bond0 [ 500.167453][T19445] bond0: (slave bridge5): making interface the new active one [ 500.188636][T19445] bridge5: entered promiscuous mode [ 500.204659][T19445] bond0: (slave bridge5): Enslaving as an active interface with an up link [ 500.282601][T19460] netlink: 104 bytes leftover after parsing attributes in process `syz.3.4286'. [ 500.495824][T19464] netlink: 'syz.0.4287': attribute type 1 has an invalid length. [ 500.514830][T19467] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4289'. [ 500.527677][T19468] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4288'. [ 500.537151][T19467] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4289'. [ 501.053562][T19491] netlink: 5 bytes leftover after parsing attributes in process `syz.4.4294'. [ 501.095724][T19491] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 501.124184][T19488] netlink: 'syz.2.4293': attribute type 13 has an invalid length. [ 501.160741][T19488] 0ªî{X¹¦: refused to change device tx_queue_len [ 501.167521][T19493] netlink: 'syz.0.4295': attribute type 4 has an invalid length. [ 501.178141][T19488] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 501.211228][T19494] netlink: 'syz.0.4295': attribute type 4 has an invalid length. [ 501.254705][ T9] lo speed is unknown, defaulting to 1000 [ 501.268000][ T9] lo speed is unknown, defaulting to 1000 [ 501.271557][T19499] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4298'. [ 501.788990][T19526] openvswitch: netlink: Duplicate or invalid key (type 0). [ 501.807010][T19526] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 501.939775][T19531] netlink: 'syz.0.4309': attribute type 10 has an invalid length. [ 502.119922][T19544] bridge0: entered allmulticast mode [ 502.145613][T19546] pim6reg: entered allmulticast mode [ 502.794243][T19576] netlink: 'syz.4.4324': attribute type 10 has an invalid length. [ 502.818126][T19568] netlink: 'syz.2.4320': attribute type 1 has an invalid length. [ 503.102187][T19585] vlan2: entered allmulticast mode [ 503.656847][T19611] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 503.693243][T19615] __nla_validate_parse: 5 callbacks suppressed [ 503.693267][T19615] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4336'. [ 504.199315][T19641] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4341'. [ 504.221473][T19641] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4341'. [ 504.323844][T19646] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4344'. [ 504.358153][T19646] netlink: 64 bytes leftover after parsing attributes in process `syz.4.4344'. [ 504.378109][T19646] tipc: Invalid UDP bearer configuration [ 504.378174][T19646] tipc: Enabling of bearer rejected, failed to enable media [ 504.679646][T19670] netlink: 'syz.0.4352': attribute type 10 has an invalid length. [ 504.862880][T19677] openvswitch: netlink: Duplicate or invalid key (type 0). [ 504.893975][T19677] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 505.049596][T19690] lo speed is unknown, defaulting to 1000 [ 505.056819][T19690] lo speed is unknown, defaulting to 1000 [ 505.648565][T19703] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4360'. [ 505.657595][T19703] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4360'. [ 505.767114][T19710] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4363'. [ 505.776675][T19709] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4363'. [ 505.844832][T19715] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4366'. [ 505.936257][T19720] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048) [ 506.142024][T19727] openvswitch: netlink: Duplicate or invalid key (type 0). [ 506.166647][T19727] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 506.272728][T19729] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 506.798921][T19766] openvswitch: netlink: Duplicate or invalid key (type 0). [ 506.806328][T19766] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 506.884202][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 507.241223][T19780] vlan2: entered promiscuous mode [ 507.332441][T19790] tipc: Invalid UDP bearer configuration [ 507.332526][T19790] tipc: Enabling of bearer rejected, failed to enable media [ 507.384993][T19784] netlink: 'syz.4.4389': attribute type 1 has an invalid length. [ 507.476723][T19793] openvswitch: netlink: Duplicate or invalid key (type 0). [ 507.504456][T19793] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 507.662284][T19797] lo speed is unknown, defaulting to 1000 [ 507.677703][T19797] lo speed is unknown, defaulting to 1000 [ 507.832874][T19804] netlink: 'syz.1.4398': attribute type 1 has an invalid length. [ 508.414587][T19831] openvswitch: netlink: Duplicate or invalid key (type 0). [ 508.432302][T19831] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 508.609172][T19833] lo speed is unknown, defaulting to 1000 [ 508.652714][T19841] lo speed is unknown, defaulting to 1000 [ 508.952117][T19833] lo speed is unknown, defaulting to 1000 [ 509.065112][T19855] netlink: 'syz.3.4414': attribute type 1 has an invalid length. [ 509.480142][T19864] netlink: 'syz.3.4415': attribute type 10 has an invalid length. [ 509.592188][T19841] lo speed is unknown, defaulting to 1000 [ 510.053077][T19839] lo speed is unknown, defaulting to 1000 [ 510.062985][T19887] __nla_validate_parse: 21 callbacks suppressed [ 510.063006][T19887] netlink: 96 bytes leftover after parsing attributes in process `syz.4.4418'. [ 510.123992][T19885] netlink: 'syz.4.4418': attribute type 2 has an invalid length. [ 510.155204][T19885] netlink: 244 bytes leftover after parsing attributes in process `syz.4.4418'. [ 510.190613][T19885] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4418'. [ 510.275942][T19890] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4420'. [ 510.302155][T19890] nbd: couldn't find a device at index 64 [ 510.402378][T19892] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4421'. [ 510.437959][T19892] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4421'. [ 510.485134][T19894] netlink: 'syz.3.4422': attribute type 11 has an invalid length. [ 510.574168][T19839] lo speed is unknown, defaulting to 1000 [ 512.250272][T19924] syz_tun: left promiscuous mode [ 512.430339][T19943] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4436'. [ 512.443932][T19924] vlan1: left allmulticast mode [ 512.449349][T19924] veth0_vlan: left allmulticast mode [ 512.529268][T19924] vlan4: left promiscuous mode [ 512.552621][T19924] geneve2: left promiscuous mode [ 512.558062][T19924] geneve2: left allmulticast mode [ 512.792859][T14755] netdevsim netdevsim4 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 512.842917][T14755] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.857422][T14755] netdevsim netdevsim4 eth0: unset [1, 1] type 2 family 0 port 256 - 0 [ 512.882395][T14755] netdevsim netdevsim4 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 512.934422][T14755] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.953210][T14755] netdevsim netdevsim4 eth1: unset [1, 1] type 2 family 0 port 256 - 0 [ 512.974992][T14755] netdevsim netdevsim4 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 513.011003][T14755] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.038160][T14755] netdevsim netdevsim4 eth2: unset [1, 1] type 2 family 0 port 256 - 0 [ 513.149664][T14755] netdevsim netdevsim4 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 513.164257][T14755] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.182284][T14755] netdevsim netdevsim4 eth3: unset [1, 1] type 2 family 0 port 256 - 0 [ 513.496584][T19972] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4445'. [ 513.532572][T19972] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4445'. [ 513.718891][T19981] netlink: 248 bytes leftover after parsing attributes in process `syz.1.4448'. [ 514.201974][ T5867] Bluetooth: hci3: command 0x0406 tx timeout [ 514.577056][T20005] netlink: 'syz.0.4458': attribute type 1 has an invalid length. [ 514.631830][T20020] netlink: 'syz.1.4463': attribute type 2 has an invalid length. [ 514.675650][T20013] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 514.755808][T20020] k›*·]‘: entered promiscuous mode [ 514.825057][T20021] syz_tun: left promiscuous mode [ 514.845631][T20021] !: left allmulticast mode [ 514.862187][T20021] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 514.972032][T20013] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.015540][T20027] veth0_to_team: entered promiscuous mode [ 515.021777][T20027] veth0_to_team: entered allmulticast mode [ 515.116418][T20035] __nla_validate_parse: 4 callbacks suppressed [ 515.116437][T20035] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4469'. [ 515.171651][T20013] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.293714][T20013] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.415548][T20050] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4473'. [ 515.448285][T20050] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4473'. [ 515.470258][T14752] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.535215][T20060] netlink: 68 bytes leftover after parsing attributes in process `syz.2.4474'. [ 515.587352][T14752] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.644423][T14756] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.754158][T14754] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.768160][T20063] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4476'. [ 515.906776][T20070] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4480'. [ 515.956321][T20070] netlink: 'syz.2.4480': attribute type 1 has an invalid length. [ 516.253740][T20088] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4487'. [ 516.283835][T20088] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4487'. [ 516.891270][T20119] netlink: 'syz.1.4498': attribute type 11 has an invalid length. [ 517.032582][T20127] tipc: Enabled bearer , priority 0 [ 517.092868][T20133] netlink: 'syz.2.4505': attribute type 1 has an invalid length. [ 517.156033][T20127] syzkaller0: entered promiscuous mode [ 517.161770][T20127] syzkaller0: entered allmulticast mode [ 517.326013][T20135] bond2: (slave gretap0): making interface the new active one [ 517.384470][T20135] bond2: (slave gretap0): Enslaving as an active interface with an up link [ 517.421509][T20137] tipc: Resetting bearer [ 517.478028][T20125] tipc: Resetting bearer [ 517.482633][T20148] netlink: 312 bytes leftover after parsing attributes in process `syz.0.4506'. [ 517.731094][T20157] netlink: 'syz.2.4508': attribute type 1 has an invalid length. [ 517.816611][T20157] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4508'. [ 517.861512][T20155] netlink: 'syz.0.4509': attribute type 1 has an invalid length. [ 518.038243][T14054] tipc: Node number set to 806627123 [ 519.434071][T20125] tipc: Disabling bearer [ 519.452591][T20159] syzkaller0: entered promiscuous mode [ 519.459072][T20159] tipc: Resetting bearer [ 519.892213][T20193] netlink: 'syz.4.4522': attribute type 10 has an invalid length. [ 519.968596][T20186] bridge0: port 2(bridge_slave_1) entered disabled state [ 519.976430][T20186] bridge0: port 1(bridge_slave_0) entered disabled state [ 520.315091][T20208] netlink: 'syz.2.4524': attribute type 1 has an invalid length. [ 520.339306][T20186] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 520.374817][T20186] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 520.415063][T20186] hsr0: left promiscuous mode [ 520.549620][T19946] lo speed is unknown, defaulting to 1000 [ 520.555879][T19946] syz1: Port: 1 Link DOWN [ 520.569771][T14759] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.598060][T14759] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.635508][T14759] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.743010][T14759] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.850060][T20225] __nla_validate_parse: 4 callbacks suppressed [ 520.850082][T20225] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4529'. [ 520.875862][T20227] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4530'. [ 520.900962][T20225] netlink: 64 bytes leftover after parsing attributes in process `syz.2.4529'. [ 520.924068][T20231] raw_sendmsg: syz.4.4528 forgot to set AF_INET. Fix it! [ 520.935574][T20225] tipc: Invalid UDP bearer configuration [ 520.935636][T20225] tipc: Enabling of bearer rejected, failed to enable media [ 521.414969][T20241] netlink: 'syz.1.4535': attribute type 1 has an invalid length. [ 521.426614][T20250] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4537'. [ 521.452377][T20251] openvswitch: netlink: Duplicate or invalid key (type 0). [ 521.473749][T20250] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4537'. [ 521.504752][T20251] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 521.866279][T20254] netlink: 'syz.2.4539': attribute type 1 has an invalid length. [ 522.466789][T20292] netlink: 'syz.1.4549': attribute type 10 has an invalid length. [ 522.482665][T20292] syz_tun: entered promiscuous mode [ 522.705999][T20310] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4552'. [ 522.727942][T20310] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4552'. [ 523.022529][T20315] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4553'. [ 523.027293][T20318] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4555'. [ 523.061213][T20319] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.4554'. [ 523.080882][T20315] netlink: 'syz.3.4553': attribute type 15 has an invalid length. [ 523.144456][T14752] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 523.153941][T14752] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 523.165347][T20315] netlink: 'syz.3.4553': attribute type 15 has an invalid length. [ 523.173743][T14752] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 523.191981][T14752] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 523.314346][T20332] vlan2: entered promiscuous mode [ 523.455388][T20339] nbd: must specify at least one socket [ 523.500327][T20340] lo speed is unknown, defaulting to 1000 [ 523.527423][T20340] lo speed is unknown, defaulting to 1000 [ 524.497113][T20366] tipc: Invalid UDP bearer configuration [ 524.497182][T20366] tipc: Enabling of bearer rejected, failed to enable media [ 524.682906][T20370] netlink: 'syz.0.4572': attribute type 1 has an invalid length. [ 524.703767][T20369] netlink: 'syz.0.4572': attribute type 1 has an invalid length. [ 525.109920][T20388] tipc: Can't bind to reserved service type 2 [ 525.402802][T20406] tipc: Invalid UDP bearer configuration [ 525.402859][T20406] tipc: Enabling of bearer rejected, failed to enable media [ 525.528161][T20410] netlink: 'syz.1.4584': attribute type 1 has an invalid length. [ 525.576755][T20409] netlink: 'syz.4.4581': attribute type 1 has an invalid length. [ 525.868188][T20422] tipc: Enabling of bearer rejected, failed to enable media [ 525.969791][T20430] netlink: 'syz.2.4591': attribute type 31 has an invalid length. [ 526.076641][T20431] lo speed is unknown, defaulting to 1000 [ 526.140683][T20431] lo speed is unknown, defaulting to 1000 [ 526.262986][T20426] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 526.695471][T20449] netlink: 'syz.0.4598': attribute type 1 has an invalid length. [ 526.733219][T20451] __nla_validate_parse: 16 callbacks suppressed [ 526.733241][T20451] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4597'. [ 526.749826][T20451] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4597'. [ 526.905568][T20457] netlink: 'syz.0.4600': attribute type 10 has an invalid length. [ 527.033510][T20462] macvtap0: refused to change device tx_queue_len [ 527.049486][T20463] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4601'. [ 527.062387][T20463] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4601'. [ 527.239351][T20466] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4603'. [ 527.461260][T20476] netlink: 168 bytes leftover after parsing attributes in process `syz.3.4607'. [ 527.501760][T20482] netlink: 'syz.1.4610': attribute type 1 has an invalid length. [ 527.557640][T20486] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4611'. [ 527.561602][T20483] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4609'. [ 528.000531][T20511] lo speed is unknown, defaulting to 1000 [ 528.008657][T20511] lo speed is unknown, defaulting to 1000 [ 528.347002][T20525] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4620'. [ 528.460660][T20527] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4623'. [ 529.177240][T20555] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 529.547378][T20569] netlink: 'syz.3.4633': attribute type 10 has an invalid length. [ 530.945709][T20624] lo speed is unknown, defaulting to 1000 [ 530.988407][T20624] lo speed is unknown, defaulting to 1000 [ 531.009682][T20628] tipc: Bearer : already 2 bearers with priority 10 [ 531.037164][T20628] tipc: Bearer : trying with adjusted priority [ 531.044636][T20628] tipc: Invalid UDP bearer configuration [ 531.044693][T20628] tipc: Enabling of bearer rejected, failed to enable media [ 531.537612][T20654] netlink: 'syz.2.4653': attribute type 13 has an invalid length. [ 531.547247][T20654] netlink: 'syz.2.4653': attribute type 17 has an invalid length. [ 531.672877][T20654] 8021q: adding VLAN 0 to HW filter on device bond0 [ 531.712740][T20654] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 531.730067][T19945] lo speed is unknown, defaulting to 1000 [ 531.735993][T19945] syz0: Port: 1 Link ACTIVE [ 531.829568][T20661] vlan3: entered promiscuous mode [ 531.865244][T19946] lo speed is unknown, defaulting to 1000 [ 531.875412][T20655] lo speed is unknown, defaulting to 1000 [ 531.883481][T20655] lo speed is unknown, defaulting to 1000 [ 531.950391][T20665] netlink: 'syz.0.4657': attribute type 8 has an invalid length. [ 531.991074][T20665] 8021q: adding VLAN 0 to HW filter on device bond4 [ 532.481996][T20686] netlink: 'syz.4.4661': attribute type 13 has an invalid length. [ 532.500699][T20686] netlink: 'syz.4.4661': attribute type 17 has an invalid length. [ 532.915101][T20706] netlink: 'syz.1.4669': attribute type 11 has an invalid length. [ 533.020704][T20686] 8021q: adding VLAN 0 to HW filter on device bond0 [ 533.061593][T20686] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 533.245721][T20683] lo speed is unknown, defaulting to 1000 [ 533.336823][T20683] lo speed is unknown, defaulting to 1000 [ 533.463223][T20717] __nla_validate_parse: 5 callbacks suppressed [ 533.463247][T20717] netlink: 312 bytes leftover after parsing attributes in process `syz.2.4671'. [ 533.733237][T20729] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4675'. [ 533.763376][T20729] tipc: Bearer : already 2 bearers with priority 10 [ 533.773730][T20729] tipc: Bearer : trying with adjusted priority [ 533.781042][T20729] netlink: 64 bytes leftover after parsing attributes in process `syz.1.4675'. [ 533.790952][T20729] tipc: Invalid UDP bearer configuration [ 533.791028][T20729] tipc: Enabling of bearer rejected, failed to enable media [ 534.073557][T20736] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4679'. [ 534.094603][T20736] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4679'. [ 534.185682][T20738] netlink: 'syz.2.4680': attribute type 11 has an invalid length. [ 534.642889][T20754] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4686'. [ 534.652433][T20754] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4686'. [ 535.241606][T20778] netlink: 'syz.0.4692': attribute type 11 has an invalid length. [ 535.586715][T20792] netlink: 'syz.0.4694': attribute type 10 has an invalid length. [ 535.957654][T20810] netlink: 'syz.1.4704': attribute type 10 has an invalid length. [ 536.222854][T20827] netlink: 'syz.1.4709': attribute type 10 has an invalid length. [ 536.241886][T20827] netlink: 'syz.1.4709': attribute type 10 has an invalid length. [ 536.250420][T20827] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4709'. [ 536.291083][T20827] batadv0: entered allmulticast mode [ 536.296903][T20827] bridge0: port 3(batadv0) entered blocking state [ 536.322716][T20827] bridge0: port 3(batadv0) entered disabled state [ 536.500155][T20835] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4712'. [ 536.532044][T20835] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4712'. [ 536.580912][T20832] netlink: 'syz.0.4711': attribute type 1 has an invalid length. [ 536.699292][T20838] macvtap1: entered allmulticast mode [ 536.722532][T20838] mac80211_hwsim hwsim20 wlan0: entered allmulticast mode [ 536.734330][T14749] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 536.744125][T14749] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 536.765233][T20838] batman_adv: batadv0: Adding interface: macvtap1 [ 536.786481][T20838] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 536.823348][T20838] batman_adv: batadv0: Interface activated: macvtap1 [ 536.857206][T20842] bridge0: port 3(batadv0) entered disabled state [ 536.944586][T20842] bridge_slave_0: left allmulticast mode [ 537.023902][T20842] bridge_slave_0: left promiscuous mode [ 537.048321][T20842] bridge0: port 1(bridge_slave_0) entered disabled state [ 537.099483][T20842] bridge_slave_1: left allmulticast mode [ 537.115777][T20842] bridge_slave_1: left promiscuous mode [ 537.137695][T20842] bridge0: port 2(bridge_slave_1) entered disabled state [ 537.150363][T20842] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 537.159886][T20842] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 537.170793][T20842] bond0: (slave bridge5): Releasing backup interface [ 537.177869][T20842] bridge5: left promiscuous mode [ 537.817520][T20892] nbd: must specify an index to disconnect [ 538.099610][T20911] ieee802154 phy0 wpan0: encryption failed: -22 [ 538.391140][T20925] bridge0: port 1(veth0_to_bridge) entered blocking state [ 538.407457][T20925] bridge0: port 1(veth0_to_bridge) entered disabled state [ 538.425241][T20925] veth0_to_bridge: entered allmulticast mode [ 538.439819][T20925] veth0_to_bridge: entered promiscuous mode [ 538.509602][T20928] __nla_validate_parse: 16 callbacks suppressed [ 538.509623][T20928] netlink: 14 bytes leftover after parsing attributes in process `syz.3.4742'. [ 538.555574][T20922] smc: net device bond0 applied user defined pnetid SYZ2 [ 538.730019][T20940] netlink: 'syz.4.4748': attribute type 9 has an invalid length. [ 538.743999][T20940] netlink: 'syz.4.4748': attribute type 6 has an invalid length. [ 538.756890][T20942] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4745'. [ 538.767626][T20940] netlink: 'syz.4.4748': attribute type 7 has an invalid length. [ 538.776517][T20940] netlink: 'syz.4.4748': attribute type 8 has an invalid length. [ 538.852445][T20928] smc: removing net device bond0 with user defined pnetid SYZ2 [ 538.863438][T20928] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 538.876360][T20928] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 538.892008][T20928] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 538.913475][T20928] bond0 (unregistering): (slave syz_tun): Releasing backup interface [ 538.932616][T20928] bond0 (unregistering): Released all slaves [ 539.069107][T20938] lo speed is unknown, defaulting to 1000 [ 539.112834][T20938] lo speed is unknown, defaulting to 1000 [ 539.200670][T20956] vlan2: entered promiscuous mode [ 539.249424][T20960] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4754'. [ 539.392629][T20964] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4755'. [ 539.507272][T20974] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4755'. [ 540.375649][T21002] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4762'. [ 540.386640][T21002] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4762'. [ 540.550517][T21009] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 540.624314][T21012] netlink: 'syz.1.4765': attribute type 1 has an invalid length. [ 540.658061][T21012] netlink: 'syz.1.4765': attribute type 1 has an invalid length. [ 540.864806][T21023] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4771'. [ 540.951969][T21027] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4772'. [ 540.990953][T21027] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4772'. [ 541.414809][T21049] netlink: 'syz.4.4777': attribute type 16 has an invalid length. [ 541.427983][T21049] netlink: 'syz.4.4777': attribute type 17 has an invalid length. [ 541.473036][T21049] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 543.661415][T19939] IPVS: starting estimator thread 0... [ 543.664123][T21149] mac80211_hwsim hwsim20 wlan0: entered promiscuous mode [ 543.778242][T21152] IPVS: using max 24 ests per chain, 57600 per kthread [ 543.845638][T21157] netlink: 'syz.1.4810': attribute type 1 has an invalid length. [ 543.997210][T21173] __nla_validate_parse: 6 callbacks suppressed [ 543.997229][T21173] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4815'. [ 544.025387][T21173] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4815'. [ 544.393578][T21182] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4816'. [ 544.440277][T21186] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4820'. [ 544.515180][T21191] netlink: 'syz.2.4821': attribute type 3 has an invalid length. [ 544.750377][T21189] lo speed is unknown, defaulting to 1000 [ 544.782724][T21189] lo speed is unknown, defaulting to 1000 [ 544.905224][T21197] IPVS: set_ctl: invalid protocol: 136 224.0.0.1:20002 [ 545.365025][T21212] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4829'. [ 545.470614][T21212] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4829'. [ 545.732886][T21228] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4834'. [ 545.773019][T21228] tipc: Bearer : already 2 bearers with priority 10 [ 545.800948][T21228] tipc: Bearer : trying with adjusted priority [ 545.811891][T21228] netlink: 64 bytes leftover after parsing attributes in process `syz.1.4834'. [ 545.826247][T21228] tipc: Invalid UDP bearer configuration [ 545.826309][T21228] tipc: Enabling of bearer rejected, failed to enable media [ 546.000661][T21242] netlink: 312 bytes leftover after parsing attributes in process `syz.1.4840'. [ 546.250398][T21254] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4841'. [ 546.646000][T21247] lo speed is unknown, defaulting to 1000 [ 546.698828][T21247] lo speed is unknown, defaulting to 1000 [ 547.005851][T21289] netlink: 'syz.3.4849': attribute type 1 has an invalid length. [ 547.093707][T21289] smc: adding net device bond0 with user defined pnetid SYZ2 [ 547.104286][T21293] tipc: Invalid UDP bearer configuration [ 547.104344][T21293] tipc: Enabling of bearer rejected, failed to enable media [ 547.601023][T21313] netlink: 'syz.4.4856': attribute type 10 has an invalid length. [ 547.632513][T21313] syz_tun: entered promiscuous mode [ 547.866364][T21319] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode 802.3ad(4) [ 547.997254][T21327] tipc: Invalid UDP bearer configuration [ 547.997312][T21327] tipc: Enabling of bearer rejected, failed to enable media [ 548.553300][T21343] lo speed is unknown, defaulting to 1000 [ 548.572960][T21347] netlink: 'syz.2.4870': attribute type 30 has an invalid length. [ 548.695390][T21343] lo speed is unknown, defaulting to 1000 [ 548.941067][T21360] tipc: Bearer : already 2 bearers with priority 10 [ 548.959219][T21360] tipc: Bearer : trying with adjusted priority [ 548.997976][T21360] __nla_validate_parse: 11 callbacks suppressed [ 548.997996][T21360] netlink: 64 bytes leftover after parsing attributes in process `syz.1.4874'. [ 549.138309][T21360] tipc: Invalid UDP bearer configuration [ 549.138377][T21360] tipc: Enabling of bearer rejected, failed to enable media [ 549.471158][T21380] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4881'. [ 549.563733][T21383] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4881'. [ 549.808187][T21396] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4885'. [ 549.828396][T21396] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4885'. [ 550.129989][T21407] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4889'. [ 550.263847][T21409] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4889'. [ 550.278643][T21414] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4890'. [ 550.291064][T21414] netlink: 64 bytes leftover after parsing attributes in process `syz.2.4890'. [ 550.306145][T21414] tipc: Invalid UDP bearer configuration [ 550.306205][T21414] tipc: Enabling of bearer rejected, failed to enable media [ 550.321946][T21416] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4892'. [ 550.991312][T21444] IPVS: set_ctl: invalid protocol: 136 224.0.0.1:20002 [ 551.502867][T21468] sctp: [Deprecated]: syz.2.4911 (pid 21468) Use of struct sctp_assoc_value in delayed_ack socket option. [ 551.502867][T21468] Use struct sctp_sack_info instead [ 551.700606][T21468] netlink: 'syz.2.4911': attribute type 9 has an invalid length. [ 552.107884][T21481] IPVS: set_ctl: invalid protocol: 136 224.0.0.1:20002 [ 552.424898][T21491] netlink: 'syz.4.4922': attribute type 11 has an invalid length. [ 552.671527][T21510] netlink: 'syz.3.4930': attribute type 1 has an invalid length. [ 552.894264][T21515] netlink: 'syz.2.4929': attribute type 1 has an invalid length. [ 552.942267][T21520] IPVS: set_ctl: invalid protocol: 136 224.0.0.1:20002 [ 553.043093][T21522] vlan3: entered promiscuous mode [ 553.048752][T21522] bridge0: entered promiscuous mode [ 553.054259][T21522] vlan3: entered allmulticast mode [ 553.059752][T21522] bridge0: entered allmulticast mode [ 553.449079][T21530] netlink: 'syz.3.4936': attribute type 10 has an invalid length. [ 553.484640][T21533] netlink: 'syz.2.4937': attribute type 11 has an invalid length. [ 553.789528][T21545] IPVS: set_ctl: invalid protocol: 136 224.0.0.1:20002 [ 553.972981][T21553] lo speed is unknown, defaulting to 1000 [ 553.988213][T21553] lo speed is unknown, defaulting to 1000 [ 555.008453][T21585] __nla_validate_parse: 9 callbacks suppressed [ 555.008474][T21585] netlink: 312 bytes leftover after parsing attributes in process `syz.1.4955'. [ 555.437176][T21593] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4958'. [ 555.459135][T21595] IPVS: set_ctl: invalid protocol: 136 224.0.0.1:20002 [ 555.979134][T21618] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4964'. [ 556.109103][T21620] netlink: 'syz.0.4965': attribute type 1 has an invalid length. [ 556.295651][T21625] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4967'. [ 556.304839][T21625] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4967'. [ 556.369760][T21628] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4970'. [ 556.411376][T21628] netlink: 224 bytes leftover after parsing attributes in process `syz.4.4970'. [ 556.610723][T21643] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4973'. [ 556.938807][T21665] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.4980'. [ 556.970674][T21666] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.4980'. [ 556.980773][T21665] netlink: zone id is out of range [ 556.986068][T21666] netlink: zone id is out of range [ 557.016106][T21665] netlink: zone id is out of range [ 557.043504][T21666] netlink: zone id is out of range [ 557.049857][T21665] netlink: zone id is out of range [ 557.055133][T21666] netlink: zone id is out of range [ 557.062772][T21665] netlink: get zone limit has 8 unknown bytes [ 557.076089][T21666] netlink: get zone limit has 8 unknown bytes [ 557.326306][T21688] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 557.582290][T21701] IPVS: set_ctl: invalid protocol: 136 224.0.0.1:20002 [ 557.931389][T21721] netlink: 'syz.2.5001': attribute type 5 has an invalid length. [ 557.962309][T21721] geneve2: entered promiscuous mode [ 557.986088][T21721] geneve2: entered allmulticast mode [ 558.002123][T21726] netlink: 'syz.1.4997': attribute type 13 has an invalid length. [ 558.003255][T14746] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0 [ 558.020951][T14746] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0 [ 558.035337][T14746] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 256 - 0 [ 558.042824][T21726] netlink: 'syz.1.4997': attribute type 17 has an invalid length. [ 558.068941][T21729] netlink: 'syz.0.5003': attribute type 10 has an invalid length. [ 558.081762][T14746] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 256 - 0 [ 558.102845][T21730] netlink: 'syz.4.5002': attribute type 4 has an invalid length. [ 558.154119][T21734] netlink: 'syz.4.5002': attribute type 4 has an invalid length. [ 558.192237][T21726] syz_tun: left promiscuous mode [ 558.236086][T21726] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 558.468663][T21744] IPVS: set_ctl: invalid protocol: 136 224.0.0.1:20002 [ 559.469152][T21787] lo speed is unknown, defaulting to 1000 [ 559.550163][T21787] lo speed is unknown, defaulting to 1000 [ 559.597536][T21794] nbd: must specify a size in bytes for the device [ 559.848893][T21795] lo speed is unknown, defaulting to 1000 [ 560.074710][T21811] netlink: 'syz.2.5027': attribute type 10 has an invalid length. [ 560.329886][T21815] bond0: option mode: unable to set because the bond device is up [ 560.366153][T21795] lo speed is unknown, defaulting to 1000 [ 560.934131][T21839] __nla_validate_parse: 17 callbacks suppressed [ 560.934153][T21839] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5038'. [ 561.010485][T21844] netlink: 104 bytes leftover after parsing attributes in process `syz.2.5040'. [ 561.226126][T21853] netlink: 'syz.0.5042': attribute type 11 has an invalid length. [ 561.372219][T21860] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.5045'. [ 561.433183][T21862] netlink: 'syz.0.5047': attribute type 1 has an invalid length. [ 561.810843][T21877] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5053'. [ 561.864784][T21879] netlink: 176 bytes leftover after parsing attributes in process `syz.2.5052'. [ 561.995970][T21878] lo speed is unknown, defaulting to 1000 [ 562.007628][T21878] lo speed is unknown, defaulting to 1000 [ 562.862461][T21917] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5064'. [ 562.883593][T21917] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5064'. [ 564.141427][T21959] netlink: 312 bytes leftover after parsing attributes in process `syz.2.5078'. [ 564.159747][T21960] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5080'. [ 564.304429][T21967] RDS: rds_bind could not find a transport for ::ffff:172.30.1.3, load rds_tcp or rds_rdma? [ 564.468764][T21972] syz_tun: entered allmulticast mode [ 564.549526][T21977] IPVS: set_ctl: invalid protocol: 136 224.0.0.1:20002 [ 564.947240][T21993] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5091'. [ 565.111547][T21995] lo speed is unknown, defaulting to 1000 [ 565.150066][T21995] lo speed is unknown, defaulting to 1000 [ 565.287889][T22006] IPVS: set_ctl: invalid protocol: 136 224.0.0.1:20002 [ 565.745265][T22027] vlan3: entered promiscuous mode [ 565.941492][T22043] netlink: 'syz.4.5109': attribute type 1 has an invalid length. [ 566.134117][T22043] 8021q: adding VLAN 0 to HW filter on device bond1 [ 566.179273][T22048] bond1: (slave gretap1): making interface the new active one [ 566.190659][T22048] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 566.318892][T22065] __nla_validate_parse: 8 callbacks suppressed [ 566.318912][T22065] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5113'. [ 566.466029][T22072] netlink: 'syz.4.5114': attribute type 20 has an invalid length. [ 566.529177][T22075] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5116'. [ 566.555689][T22075] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5116'. [ 566.770297][T22082] netlink: 264 bytes leftover after parsing attributes in process `syz.1.5119'. [ 566.811532][T22082] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5119'. [ 566.851320][T22089] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5121'. [ 566.868513][T22089] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5121'. [ 566.901422][T22091] tipc: Enabling of bearer rejected, already enabled [ 567.098876][T22094] netlink: 'syz.3.5123': attribute type 1 has an invalid length. [ 567.198298][T22098] IPVS: set_ctl: invalid protocol: 0 127.0.0.1:20002 [ 567.264679][T22099] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5125'. [ 567.350540][T22099] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5125'. [ 567.537078][T22116] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5130'. [ 567.809396][T22136] tipc: Invalid UDP bearer configuration [ 567.809457][T22136] tipc: Enabling of bearer rejected, failed to enable media [ 568.124732][T22152] FAULT_INJECTION: forcing a failure. [ 568.124732][T22152] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 568.146633][T22152] CPU: 0 UID: 0 PID: 22152 Comm: syz.0.5144 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) [ 568.146682][T22152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 568.146703][T22152] Call Trace: [ 568.146712][T22152] [ 568.146721][T22152] dump_stack_lvl+0x189/0x250 [ 568.146755][T22152] ? __pfx____ratelimit+0x10/0x10 [ 568.146783][T22152] ? __pfx_dump_stack_lvl+0x10/0x10 [ 568.146818][T22152] ? __pfx__printk+0x10/0x10 [ 568.146849][T22152] ? __might_fault+0xb0/0x130 [ 568.146894][T22152] should_fail_ex+0x414/0x560 [ 568.146924][T22152] _copy_from_user+0x2d/0xb0 [ 568.146947][T22152] __sys_bpf+0x1ed/0x870 [ 568.146980][T22152] ? __pfx___sys_bpf+0x10/0x10 [ 568.147024][T22152] ? ksys_write+0x22a/0x250 [ 568.147056][T22152] ? __pfx_ksys_write+0x10/0x10 [ 568.147082][T22152] ? rcu_is_watching+0x15/0xb0 [ 568.147112][T22152] __x64_sys_bpf+0x7c/0x90 [ 568.147139][T22152] do_syscall_64+0xfa/0x3b0 [ 568.147167][T22152] ? lockdep_hardirqs_on+0x9c/0x150 [ 568.147192][T22152] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.147214][T22152] ? clear_bhb_loop+0x60/0xb0 [ 568.147240][T22152] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.147262][T22152] RIP: 0033:0x7fe48cf8ebe9 [ 568.147282][T22152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 568.147302][T22152] RSP: 002b:00007fe48de02038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 568.147325][T22152] RAX: ffffffffffffffda RBX: 00007fe48d1b5fa0 RCX: 00007fe48cf8ebe9 [ 568.147341][T22152] RDX: 0000000000000050 RSI: 0000200000000340 RDI: 000000000000000a [ 568.147354][T22152] RBP: 00007fe48de02090 R08: 0000000000000000 R09: 0000000000000000 [ 568.147367][T22152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 568.147379][T22152] R13: 00007fe48d1b6038 R14: 00007fe48d1b5fa0 R15: 00007ffc66f95df8 [ 568.147414][T22152] [ 568.357013][ T1303] aoe: packet could not be sent on bond0. consider increasing tx_queue_len [ 568.373204][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.521520][T22163] tipc: Invalid UDP bearer configuration [ 568.521575][T22163] tipc: Enabling of bearer rejected, failed to enable media [ 568.802949][T22182] bridge7: entered promiscuous mode [ 568.816058][T22182] bridge7: entered allmulticast mode [ 568.874442][T22177] lo speed is unknown, defaulting to 1000 [ 568.900934][T22177] lo speed is unknown, defaulting to 1000 [ 569.136534][T22193] FAULT_INJECTION: forcing a failure. [ 569.136534][T22193] name failslab, interval 1, probability 0, space 0, times 0 [ 569.175626][T22193] CPU: 1 UID: 0 PID: 22193 Comm: syz.3.5158 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) [ 569.175658][T22193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 569.175672][T22193] Call Trace: [ 569.175680][T22193] [ 569.175689][T22193] dump_stack_lvl+0x189/0x250 [ 569.175722][T22193] ? __pfx____ratelimit+0x10/0x10 [ 569.175750][T22193] ? __pfx_dump_stack_lvl+0x10/0x10 [ 569.175778][T22193] ? __pfx__printk+0x10/0x10 [ 569.175816][T22193] ? __pfx___might_resched+0x10/0x10 [ 569.175835][T22193] ? fs_reclaim_acquire+0x7d/0x100 [ 569.175875][T22193] should_fail_ex+0x414/0x560 [ 569.175906][T22193] should_failslab+0xa8/0x100 [ 569.175941][T22193] __kmalloc_noprof+0xcb/0x4f0 [ 569.175970][T22193] ? bpf_test_init+0xc2/0x170 [ 569.176002][T22193] bpf_test_init+0xc2/0x170 [ 569.176034][T22193] bpf_prog_test_run_xdp+0x37c/0x1000 [ 569.176082][T22193] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 569.176118][T22193] ? __fget_files+0x2a/0x420 [ 569.176159][T22193] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 569.176189][T22193] bpf_prog_test_run+0x2c7/0x340 [ 569.176226][T22193] __sys_bpf+0x581/0x870 [ 569.176258][T22193] ? __pfx___sys_bpf+0x10/0x10 [ 569.176303][T22193] ? ksys_write+0x22a/0x250 [ 569.176335][T22193] ? __pfx_ksys_write+0x10/0x10 [ 569.176361][T22193] ? rcu_is_watching+0x15/0xb0 [ 569.176393][T22193] __x64_sys_bpf+0x7c/0x90 [ 569.176420][T22193] do_syscall_64+0xfa/0x3b0 [ 569.176448][T22193] ? lockdep_hardirqs_on+0x9c/0x150 [ 569.176499][T22193] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.176522][T22193] ? clear_bhb_loop+0x60/0xb0 [ 569.176556][T22193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.176578][T22193] RIP: 0033:0x7fbab058ebe9 [ 569.176598][T22193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.176618][T22193] RSP: 002b:00007fbab14ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 569.176646][T22193] RAX: ffffffffffffffda RBX: 00007fbab07b5fa0 RCX: 00007fbab058ebe9 [ 569.176662][T22193] RDX: 0000000000000050 RSI: 0000200000000340 RDI: 000000000000000a [ 569.176676][T22193] RBP: 00007fbab14ce090 R08: 0000000000000000 R09: 0000000000000000 [ 569.176690][T22193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 569.176703][T22193] R13: 00007fbab07b6038 R14: 00007fbab07b5fa0 R15: 00007ffdc1b300e8 [ 569.176739][T22193] [ 569.964420][T22211] tipc: Invalid UDP bearer configuration [ 569.964482][T22211] tipc: Enabling of bearer rejected, failed to enable media [ 570.598911][T22241] FAULT_INJECTION: forcing a failure. [ 570.598911][T22241] name failslab, interval 1, probability 0, space 0, times 0 [ 570.640540][T22241] CPU: 1 UID: 0 PID: 22241 Comm: syz.0.5176 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) [ 570.640572][T22241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 570.640585][T22241] Call Trace: [ 570.640593][T22241] [ 570.640603][T22241] dump_stack_lvl+0x189/0x250 [ 570.640646][T22241] ? __pfx____ratelimit+0x10/0x10 [ 570.640675][T22241] ? __pfx_dump_stack_lvl+0x10/0x10 [ 570.640703][T22241] ? __pfx__printk+0x10/0x10 [ 570.640737][T22241] ? __pfx___might_resched+0x10/0x10 [ 570.640759][T22241] ? fs_reclaim_acquire+0x7d/0x100 [ 570.640801][T22241] should_fail_ex+0x414/0x560 [ 570.640834][T22241] should_failslab+0xa8/0x100 [ 570.640869][T22241] __kmalloc_noprof+0xcb/0x4f0 [ 570.640899][T22241] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 570.640931][T22241] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 570.640964][T22241] genl_family_rcv_msg_doit+0xb8/0x300 [ 570.640996][T22241] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 570.641029][T22241] ? apparmor_capable+0x137/0x1b0 [ 570.641056][T22241] ? bpf_lsm_capable+0x9/0x20 [ 570.641086][T22241] ? security_capable+0x7e/0x2e0 [ 570.641123][T22241] genl_rcv_msg+0x60e/0x790 [ 570.641153][T22241] ? __pfx_genl_rcv_msg+0x10/0x10 [ 570.641174][T22241] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 570.641208][T22241] ? __pfx_nl80211_set_mpath+0x10/0x10 [ 570.641231][T22241] ? __pfx_nl80211_post_doit+0x10/0x10 [ 570.641283][T22241] netlink_rcv_skb+0x208/0x470 [ 570.641311][T22241] ? __lock_acquire+0xab9/0xd20 [ 570.641345][T22241] ? __pfx_genl_rcv_msg+0x10/0x10 [ 570.641369][T22241] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 570.641421][T22241] ? down_read+0x1ad/0x2e0 [ 570.641456][T22241] genl_rcv+0x28/0x40 [ 570.641489][T22241] netlink_unicast+0x82c/0x9e0 [ 570.641526][T22241] ? __pfx_netlink_unicast+0x10/0x10 [ 570.641560][T22241] ? netlink_sendmsg+0x642/0xb30 [ 570.641587][T22241] ? skb_put+0x11b/0x210 [ 570.641629][T22241] netlink_sendmsg+0x805/0xb30 [ 570.641671][T22241] ? __pfx_netlink_sendmsg+0x10/0x10 [ 570.641713][T22241] ? __pfx_netlink_sendmsg+0x10/0x10 [ 570.641745][T22241] __sock_sendmsg+0x21c/0x270 [ 570.641777][T22241] ____sys_sendmsg+0x505/0x830 [ 570.641817][T22241] ? __pfx_____sys_sendmsg+0x10/0x10 [ 570.641863][T22241] ? import_iovec+0x74/0xa0 [ 570.641890][T22241] ___sys_sendmsg+0x21f/0x2a0 [ 570.641926][T22241] ? __pfx____sys_sendmsg+0x10/0x10 [ 570.641999][T22241] ? __fget_files+0x2a/0x420 [ 570.642031][T22241] ? __fget_files+0x3a0/0x420 [ 570.642076][T22241] __x64_sys_sendmsg+0x19b/0x260 [ 570.642112][T22241] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 570.642158][T22241] ? __pfx_ksys_write+0x10/0x10 [ 570.642185][T22241] ? rcu_is_watching+0x15/0xb0 [ 570.642215][T22241] ? do_syscall_64+0xbe/0x3b0 [ 570.642249][T22241] do_syscall_64+0xfa/0x3b0 [ 570.642277][T22241] ? lockdep_hardirqs_on+0x9c/0x150 [ 570.642304][T22241] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 570.642327][T22241] ? clear_bhb_loop+0x60/0xb0 [ 570.642360][T22241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 570.642383][T22241] RIP: 0033:0x7fe48cf8ebe9 [ 570.642404][T22241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 570.642425][T22241] RSP: 002b:00007fe48de02038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 570.642449][T22241] RAX: ffffffffffffffda RBX: 00007fe48d1b5fa0 RCX: 00007fe48cf8ebe9 [ 570.642465][T22241] RDX: 0000000004008040 RSI: 00002000000002c0 RDI: 0000000000000003 [ 570.642480][T22241] RBP: 00007fe48de02090 R08: 0000000000000000 R09: 0000000000000000 [ 570.642494][T22241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 570.642508][T22241] R13: 00007fe48d1b6038 R14: 00007fe48d1b5fa0 R15: 00007ffc66f95df8 [ 570.642544][T22241] [ 570.682675][T22245] tipc: Bearer : already 2 bearers with priority 10 [ 571.058088][T22245] tipc: Bearer : trying with adjusted priority [ 571.065611][T22245] tipc: Invalid UDP bearer configuration [ 571.065667][T22245] tipc: Enabling of bearer rejected, failed to enable media [ 571.348201][T22265] veth0_to_bridge: entered promiscuous mode [ 571.371287][T22265] __nla_validate_parse: 20 callbacks suppressed [ 571.371310][T22265] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5185'. [ 571.420225][T22265] netlink: 7 bytes leftover after parsing attributes in process `syz.4.5185'. [ 571.446972][T22263] vlan3: entered promiscuous mode [ 571.578676][T22265] veth0_to_bridge: left promiscuous mode [ 571.690076][T22279] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5194'. [ 571.718031][T22279] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5194'. [ 571.891963][T22293] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5196'. [ 571.903470][T22289] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5197'. [ 572.452163][T22324] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5209'. [ 572.471490][T22324] tipc: Bearer : already 2 bearers with priority 10 [ 572.488556][T22324] tipc: Bearer : trying with adjusted priority [ 572.506160][T22324] netlink: 64 bytes leftover after parsing attributes in process `syz.1.5209'. [ 572.526645][T22324] tipc: Invalid UDP bearer configuration [ 572.526709][T22324] tipc: Enabling of bearer rejected, failed to enable media [ 572.565865][T22320] lo speed is unknown, defaulting to 1000 [ 572.573968][T22320] lo speed is unknown, defaulting to 1000 [ 572.943921][T22337] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5215'. [ 573.063516][T22343] netlink: 312 bytes leftover after parsing attributes in process `syz.1.5217'. [ 573.279468][T22347] lo speed is unknown, defaulting to 1000 [ 573.299070][T22347] lo speed is unknown, defaulting to 1000 [ 573.486092][T22361] tipc: Invalid UDP bearer configuration [ 573.486158][T22361] tipc: Enabling of bearer rejected, failed to enable media [ 574.031181][T22370] siw: device registration error -23 [ 574.122859][T22379] lo speed is unknown, defaulting to 1000 [ 574.407436][T22379] lo speed is unknown, defaulting to 1000 [ 574.902889][T22399] netlink: 'syz.4.5235': attribute type 10 has an invalid length. [ 574.936400][T22382] lo speed is unknown, defaulting to 1000 [ 575.002757][T22382] lo speed is unknown, defaulting to 1000 [ 576.303488][T22440] netlink: 'syz.4.5248': attribute type 10 has an invalid length. [ 576.958529][T22452] netlink: 'syz.2.5252': attribute type 1 has an invalid length. [ 577.090953][T22465] __nla_validate_parse: 7 callbacks suppressed [ 577.090977][T22465] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5257'. [ 577.134058][T22465] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5257'. [ 577.176746][T22468] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5259'. [ 577.190266][T22469] bridge0: entered promiscuous mode [ 577.197078][T22469] vlan5: entered promiscuous mode [ 577.316757][T22478] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.5259'. [ 577.327395][T22476] FAULT_INJECTION: forcing a failure. [ 577.327395][T22476] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 577.373183][T22476] CPU: 1 UID: 0 PID: 22476 Comm: syz.0.5262 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) [ 577.373216][T22476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 577.373231][T22476] Call Trace: [ 577.373240][T22476] [ 577.373250][T22476] dump_stack_lvl+0x189/0x250 [ 577.373284][T22476] ? __pfx____ratelimit+0x10/0x10 [ 577.373313][T22476] ? __pfx_dump_stack_lvl+0x10/0x10 [ 577.373341][T22476] ? __pfx__printk+0x10/0x10 [ 577.373373][T22476] ? __might_fault+0xb0/0x130 [ 577.373418][T22476] should_fail_ex+0x414/0x560 [ 577.373450][T22476] _copy_from_user+0x2d/0xb0 [ 577.373474][T22476] kstrtouint_from_user+0xc4/0x170 [ 577.373508][T22476] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 577.373560][T22476] proc_fail_nth_write+0x88/0x200 [ 577.373586][T22476] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 577.373620][T22476] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 577.373649][T22476] vfs_write+0x27e/0xa90 [ 577.373690][T22476] ? __pfx_vfs_write+0x10/0x10 [ 577.373722][T22476] ? __fget_files+0x2a/0x420 [ 577.373762][T22476] ? __fget_files+0x3a0/0x420 [ 577.373794][T22476] ? __fget_files+0x2a/0x420 [ 577.373839][T22476] ksys_write+0x145/0x250 [ 577.373872][T22476] ? __pfx_ksys_write+0x10/0x10 [ 577.373899][T22476] ? rcu_is_watching+0x15/0xb0 [ 577.373929][T22476] ? do_syscall_64+0xbe/0x3b0 [ 577.373968][T22476] do_syscall_64+0xfa/0x3b0 [ 577.373995][T22476] ? lockdep_hardirqs_on+0x9c/0x150 [ 577.374023][T22476] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 577.374046][T22476] ? clear_bhb_loop+0x60/0xb0 [ 577.374074][T22476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 577.374096][T22476] RIP: 0033:0x7fe48cf8d69f [ 577.374117][T22476] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 577.374137][T22476] RSP: 002b:00007fe48de02030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 577.374166][T22476] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe48cf8d69f [ 577.374182][T22476] RDX: 0000000000000001 RSI: 00007fe48de020a0 RDI: 0000000000000004 [ 577.374197][T22476] RBP: 00007fe48de02090 R08: 0000000000000000 R09: 0000000000000000 [ 577.374211][T22476] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 577.374224][T22476] R13: 00007fe48d1b6038 R14: 00007fe48d1b5fa0 R15: 00007ffc66f95df8 [ 577.374261][T22476] [ 578.316939][T22515] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5275'. [ 578.330705][T22515] netlink: 64 bytes leftover after parsing attributes in process `syz.0.5275'. [ 578.340422][T22515] tipc: Invalid UDP bearer configuration [ 578.340465][T22515] tipc: Enabling of bearer rejected, failed to enable media [ 578.404822][T22501] sit0: left promiscuous mode [ 578.445662][T22501] syz_tun: left promiscuous mode [ 578.513195][T22525] netlink: 104 bytes leftover after parsing attributes in process `syz.4.5278'. [ 578.826349][T22501] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 578.877383][T22501] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 578.984462][T22501] vlan0: left promiscuous mode [ 579.133387][T22501] vlan2: left promiscuous mode [ 579.162566][T22541] netlink: 'syz.4.5284': attribute type 1 has an invalid length. [ 579.204198][T22518] @ÿþ€: renamed from veth0_vlan [ 579.231882][T14763] netdevsim netdevsim3 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 579.250508][T14763] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 579.378167][T14763] netdevsim netdevsim3 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 579.386580][T14763] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 579.423997][T14763] netdevsim netdevsim3 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 579.463317][T14763] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 579.564384][T22541] veth11: entered promiscuous mode [ 579.585146][T22557] netlink: 104 bytes leftover after parsing attributes in process `syz.2.5290'. [ 579.603246][T14763] netdevsim netdevsim3 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 579.617118][T14763] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 579.636124][T22555] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5288'. [ 579.659053][T22555] tipc: Bearer : already 2 bearers with priority 10 [ 579.698330][T22555] tipc: Bearer : trying with adjusted priority [ 579.709836][T22555] netlink: 64 bytes leftover after parsing attributes in process `syz.1.5288'. [ 579.735810][T22555] tipc: Invalid UDP bearer configuration [ 579.735873][T22555] tipc: Enabling of bearer rejected, failed to enable media [ 579.845925][T22564] nbd: must specify at least one socket [ 580.455522][T22597] nbd: must specify at least one socket [ 580.478553][T22598] tipc: Invalid UDP bearer configuration [ 580.478610][T22598] tipc: Enabling of bearer rejected, failed to enable media [ 580.827660][T22611] netlink: 'syz.2.5313': attribute type 1 has an invalid length. [ 580.981734][T22621] gretap2: entered promiscuous mode [ 580.987014][T22621] gretap2: entered allmulticast mode [ 582.144823][T22653] lo speed is unknown, defaulting to 1000 [ 582.220228][T22653] lo speed is unknown, defaulting to 1000 [ 582.608210][T22682] __nla_validate_parse: 9 callbacks suppressed [ 582.608231][T22682] netlink: 104 bytes leftover after parsing attributes in process `syz.2.5334'. [ 582.703431][T22680] bond0: option packets_per_slave: mode dependency failed, not supported in mode active-backup(1) [ 583.355341][T22712] netlink: 104 bytes leftover after parsing attributes in process `syz.2.5347'. [ 583.776199][T22731] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5355'. [ 583.796243][T22731] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5355'. [ 584.101353][T22749] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5362'. [ 584.218840][T22751] netlink: 104 bytes leftover after parsing attributes in process `syz.2.5363'. [ 584.312232][T22754] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 584.646818][T22768] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5369'. [ 584.678386][T22768] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5369'. [ 584.824530][T22776] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5372'. [ 584.844261][T22776] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5372'. [ 585.099412][T22784] netlink: 'syz.4.5375': attribute type 2 has an invalid length. [ 585.165882][T22784] netlink: 'syz.4.5375': attribute type 2 has an invalid length. [ 585.180494][T22784] netlink: 'syz.4.5375': attribute type 2 has an invalid length. [ 585.211794][T22784] netlink: 'syz.4.5375': attribute type 2 has an invalid length. [ 585.265462][T22784] netlink: 'syz.4.5375': attribute type 2 has an invalid length. [ 585.299492][T22784] netlink: 'syz.4.5375': attribute type 2 has an invalid length. [ 585.351357][T22784] netlink: 'syz.4.5375': attribute type 2 has an invalid length. [ 585.380585][T22784] netlink: 'syz.4.5375': attribute type 2 has an invalid length. [ 585.401563][T22784] netlink: 'syz.4.5375': attribute type 2 has an invalid length. [ 585.564809][T22805] tipc: Enabled bearer , priority 0 [ 585.612287][T22805] syzkaller0: entered promiscuous mode [ 585.623034][T22805] syzkaller0: entered allmulticast mode [ 585.701572][T22814] af_packet: tpacket_rcv: packet too big, clamped from 23188 to 3696. macoff=96 [ 585.751665][T22805] tipc: Resetting bearer [ 585.801844][T22804] tipc: Resetting bearer [ 585.872131][T22804] tipc: Disabling bearer [ 586.122201][T14752] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 586.132447][T14752] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 586.795872][T22854] lo speed is unknown, defaulting to 1000 [ 586.811877][T22854] lo speed is unknown, defaulting to 1000 [ 586.979253][T22869] FAULT_INJECTION: forcing a failure. [ 586.979253][T22869] name failslab, interval 1, probability 0, space 0, times 0 [ 587.086997][T22869] CPU: 0 UID: 0 PID: 22869 Comm: syz.0.5412 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) [ 587.087032][T22869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 587.087053][T22869] Call Trace: [ 587.087063][T22869] [ 587.087074][T22869] dump_stack_lvl+0x189/0x250 [ 587.087106][T22869] ? __pfx____ratelimit+0x10/0x10 [ 587.087135][T22869] ? __pfx_dump_stack_lvl+0x10/0x10 [ 587.087163][T22869] ? __pfx__printk+0x10/0x10 [ 587.087202][T22869] ? __pfx___might_resched+0x10/0x10 [ 587.087223][T22869] ? fs_reclaim_acquire+0x7d/0x100 [ 587.087263][T22869] should_fail_ex+0x414/0x560 [ 587.087296][T22869] should_failslab+0xa8/0x100 [ 587.087331][T22869] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 587.087363][T22869] ? __alloc_skb+0x112/0x2d0 [ 587.087407][T22869] __alloc_skb+0x112/0x2d0 [ 587.087443][T22869] netlink_ack+0x146/0xa50 [ 587.087470][T22869] ? __pfx_genl_rcv_msg+0x10/0x10 [ 587.087512][T22869] netlink_rcv_skb+0x28c/0x470 [ 587.087539][T22869] ? __lock_acquire+0xab9/0xd20 [ 587.087573][T22869] ? __pfx_genl_rcv_msg+0x10/0x10 [ 587.087597][T22869] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 587.087649][T22869] ? down_read+0x1ad/0x2e0 [ 587.087683][T22869] genl_rcv+0x28/0x40 [ 587.087719][T22869] netlink_unicast+0x82c/0x9e0 [ 587.087754][T22869] ? __pfx_netlink_unicast+0x10/0x10 [ 587.087782][T22869] ? netlink_sendmsg+0x642/0xb30 [ 587.087809][T22869] ? skb_put+0x11b/0x210 [ 587.087844][T22869] netlink_sendmsg+0x805/0xb30 [ 587.087885][T22869] ? __pfx_netlink_sendmsg+0x10/0x10 [ 587.087919][T22869] ? aa_sock_msg_perm+0xf1/0x1d0 [ 587.087952][T22869] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 587.087977][T22869] ? __pfx_netlink_sendmsg+0x10/0x10 [ 587.088009][T22869] __sock_sendmsg+0x21c/0x270 [ 587.088039][T22869] ____sys_sendmsg+0x505/0x830 [ 587.088088][T22869] ? __pfx_____sys_sendmsg+0x10/0x10 [ 587.088133][T22869] ? import_iovec+0x74/0xa0 [ 587.088159][T22869] ___sys_sendmsg+0x21f/0x2a0 [ 587.088196][T22869] ? __pfx____sys_sendmsg+0x10/0x10 [ 587.088273][T22869] ? __fget_files+0x2a/0x420 [ 587.088306][T22869] ? __fget_files+0x3a0/0x420 [ 587.088352][T22869] __x64_sys_sendmsg+0x19b/0x260 [ 587.088389][T22869] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 587.088434][T22869] ? __pfx_ksys_write+0x10/0x10 [ 587.088461][T22869] ? rcu_is_watching+0x15/0xb0 [ 587.088490][T22869] ? do_syscall_64+0xbe/0x3b0 [ 587.088524][T22869] do_syscall_64+0xfa/0x3b0 [ 587.088552][T22869] ? lockdep_hardirqs_on+0x9c/0x150 [ 587.088580][T22869] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 587.088604][T22869] ? clear_bhb_loop+0x60/0xb0 [ 587.088632][T22869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 587.088655][T22869] RIP: 0033:0x7fe48cf8ebe9 [ 587.088676][T22869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 587.088696][T22869] RSP: 002b:00007fe48de02038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 587.088720][T22869] RAX: ffffffffffffffda RBX: 00007fe48d1b5fa0 RCX: 00007fe48cf8ebe9 [ 587.088737][T22869] RDX: 0000000000008000 RSI: 0000200000000140 RDI: 0000000000000004 [ 587.088750][T22869] RBP: 00007fe48de02090 R08: 0000000000000000 R09: 0000000000000000 [ 587.088764][T22869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 587.088777][T22869] R13: 00007fe48d1b6038 R14: 00007fe48d1b5fa0 R15: 00007ffc66f95df8 [ 587.088813][T22869] [ 587.633913][T22883] validate_nla: 56 callbacks suppressed [ 587.633934][T22883] netlink: 'syz.0.5416': attribute type 3 has an invalid length. [ 587.647467][T22883] __nla_validate_parse: 10 callbacks suppressed [ 587.647487][T22883] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5416'. [ 587.768309][T22886] netlink: 148 bytes leftover after parsing attributes in process `syz.1.5417'. [ 587.867351][T22888] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5418'. [ 587.877527][T22888] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5418'. [ 588.110364][T22895] netlink: 104 bytes leftover after parsing attributes in process `syz.0.5421'. [ 588.312048][T14761] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 588.354893][T14761] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 588.844223][T22918] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5429'. [ 588.860470][T22914] netlink: 136 bytes leftover after parsing attributes in process `syz.4.5428'. [ 588.888198][T22918] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5429'. [ 589.207771][ T5187] Bluetooth: hci1: command tx timeout [ 589.808649][T22936] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5435'. [ 589.925757][T22941] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5435'. [ 589.956566][T22943] netlink: 'syz.3.5438': attribute type 1 has an invalid length. [ 589.998267][T22943] nbd: must specify at least one socket [ 591.906247][T23002] netlink: 'syz.2.5458': attribute type 1 has an invalid length. [ 592.035486][T23005] bridge0: port 1(vlan3) entered blocking state [ 592.044511][T23005] bridge0: port 1(vlan3) entered disabled state [ 592.053487][T23005] vlan3: entered allmulticast mode [ 592.113423][T23005] vlan3: left allmulticast mode [ 592.350376][T23013] tipc: Enabled bearer , priority 0 [ 592.357507][T23015] syzkaller0: entered promiscuous mode [ 592.401239][T23015] syzkaller0: entered allmulticast mode [ 592.540873][T23015] tipc: Resetting bearer [ 592.587605][T23015] tipc: Disabling bearer [ 593.006169][T23052] netlink: 'syz.4.5476': attribute type 1 has an invalid length. [ 593.009987][T23050] __nla_validate_parse: 9 callbacks suppressed [ 593.010010][T23050] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5475'. [ 593.066883][T23054] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5477'. [ 593.069805][T23056] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5475'. [ 593.076861][T23054] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5477'. [ 593.139109][T23057] netlink: 84 bytes leftover after parsing attributes in process `syz.1.5478'. [ 593.165633][T23057] nbd: must specify at least one socket [ 593.441247][T23074] netlink: 104 bytes leftover after parsing attributes in process `syz.4.5485'. [ 593.471919][T23072] bridge0: port 1(ipvlan2) entered blocking state [ 593.508301][T23072] bridge0: port 1(ipvlan2) entered disabled state [ 593.535098][T23072] ipvlan2: entered allmulticast mode [ 593.559313][T23072] bridge0: entered allmulticast mode [ 593.578590][T23072] ipvlan2: left allmulticast mode [ 593.595053][T23072] bridge0: left allmulticast mode [ 593.602810][T23078] netlink: 104 bytes leftover after parsing attributes in process `syz.0.5486'. [ 593.668438][T23082] netlink: 312 bytes leftover after parsing attributes in process `syz.1.5488'. [ 593.795715][T23091] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5490'. [ 593.807619][T23091] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5490'. [ 594.350542][T23123] netlink: 'syz.2.5503': attribute type 1 has an invalid length. [ 594.407110][T23126] netlink: 'syz.4.5504': attribute type 39 has an invalid length. [ 594.825626][T23144] FAULT_INJECTION: forcing a failure. [ 594.825626][T23144] name failslab, interval 1, probability 0, space 0, times 0 [ 594.863498][T23144] CPU: 1 UID: 0 PID: 23144 Comm: syz.0.5511 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) [ 594.863531][T23144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 594.863545][T23144] Call Trace: [ 594.863553][T23144] [ 594.863564][T23144] dump_stack_lvl+0x189/0x250 [ 594.863596][T23144] ? __pfx____ratelimit+0x10/0x10 [ 594.863623][T23144] ? __pfx_dump_stack_lvl+0x10/0x10 [ 594.863650][T23144] ? __pfx__printk+0x10/0x10 [ 594.863688][T23144] ? __pfx___might_resched+0x10/0x10 [ 594.863707][T23144] ? fs_reclaim_acquire+0x7d/0x100 [ 594.863746][T23144] should_fail_ex+0x414/0x560 [ 594.863778][T23144] should_failslab+0xa8/0x100 [ 594.863810][T23144] __kmalloc_noprof+0xcb/0x4f0 [ 594.863840][T23144] ? security_sk_alloc+0x52/0x390 [ 594.863868][T23144] security_sk_alloc+0x52/0x390 [ 594.863894][T23144] sk_prot_alloc+0x101/0x220 [ 594.863925][T23144] ? sk_alloc+0x24/0x370 [ 594.863957][T23144] sk_alloc+0x3a/0x370 [ 594.863986][T23144] ? bpf_ctx_init+0x167/0x1d0 [ 594.864016][T23144] bpf_prog_test_run_skb+0x2ed/0x1560 [ 594.864044][T23144] ? __fget_files+0x2a/0x420 [ 594.864093][T23144] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 594.864122][T23144] bpf_prog_test_run+0x2c7/0x340 [ 594.864164][T23144] __sys_bpf+0x581/0x870 [ 594.864195][T23144] ? __pfx___sys_bpf+0x10/0x10 [ 594.864240][T23144] ? ksys_write+0x22a/0x250 [ 594.864273][T23144] ? __pfx_ksys_write+0x10/0x10 [ 594.864299][T23144] ? rcu_is_watching+0x15/0xb0 [ 594.864331][T23144] __x64_sys_bpf+0x7c/0x90 [ 594.864359][T23144] do_syscall_64+0xfa/0x3b0 [ 594.864386][T23144] ? lockdep_hardirqs_on+0x9c/0x150 [ 594.864412][T23144] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.864436][T23144] ? clear_bhb_loop+0x60/0xb0 [ 594.864464][T23144] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.864494][T23144] RIP: 0033:0x7fe48cf8ebe9 [ 594.864515][T23144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 594.864537][T23144] RSP: 002b:00007fe48de02038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 594.864561][T23144] RAX: ffffffffffffffda RBX: 00007fe48d1b5fa0 RCX: 00007fe48cf8ebe9 [ 594.864577][T23144] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a [ 594.864593][T23144] RBP: 00007fe48de02090 R08: 0000000000000000 R09: 0000000000000000 [ 594.864606][T23144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 594.864620][T23144] R13: 00007fe48d1b6038 R14: 00007fe48d1b5fa0 R15: 00007ffc66f95df8 [ 594.864656][T23144] [ 595.158114][T23152] nbd: must specify at least one socket [ 595.352214][T23164] netlink: 'syz.1.5513': attribute type 1 has an invalid length. [ 595.669025][T23178] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input9 [ 595.926898][T23190] nbd: must specify at least one socket [ 596.205573][T23205] netlink: 'syz.4.5535': attribute type 39 has an invalid length. [ 597.242703][T23244] netlink: 'syz.3.5551': attribute type 1 has an invalid length. [ 597.833283][T23270] netlink: 'syz.0.5555': attribute type 1 has an invalid length. [ 597.833980][T23267] syz_tun (unregistering): left allmulticast mode [ 598.013709][T23279] __nla_validate_parse: 25 callbacks suppressed [ 598.013734][T23279] netlink: 68 bytes leftover after parsing attributes in process `syz.3.5557'. [ 598.242933][T23285] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5560'. [ 598.382971][T23287] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5562'. [ 598.396948][T23290] 0ªî{X¹¦: left allmulticast mode [ 598.402529][T23287] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5562'. [ 598.406963][T23288] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5562'. [ 598.427161][T23290] syz_tun: left promiscuous mode [ 598.504805][T23290] gretap0: left promiscuous mode [ 598.821896][T23308] tipc: Enabling of bearer rejected, already enabled [ 599.056133][T23319] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5574'. [ 599.076680][T23319] vlan3: entered promiscuous mode [ 599.084604][T23319] syz_tun: entered promiscuous mode [ 599.296416][T23330] netlink: 104 bytes leftover after parsing attributes in process `syz.4.5579'. [ 599.488933][T23339] netlink: 'syz.4.5582': attribute type 3 has an invalid length. [ 599.791207][T23362] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5586'. [ 599.818851][T23362] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5586'. [ 599.950593][T23370] lo speed is unknown, defaulting to 1000 [ 599.974525][T23370] lo speed is unknown, defaulting to 1000 [ 600.182690][T23412] netlink: 104 bytes leftover after parsing attributes in process `syz.2.5593'. [ 600.262098][T23428] Bluetooth: MGMT ver 1.23 [ 600.266168][T23427] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 601.089880][T23507] FAULT_INJECTION: forcing a failure. [ 601.089880][T23507] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 601.103639][T23507] CPU: 1 UID: 0 PID: 23507 Comm: syz.4.5603 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) [ 601.103669][T23507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 601.103682][T23507] Call Trace: [ 601.103689][T23507] [ 601.103698][T23507] dump_stack_lvl+0x189/0x250 [ 601.103727][T23507] ? __pfx____ratelimit+0x10/0x10 [ 601.103749][T23507] ? __pfx_dump_stack_lvl+0x10/0x10 [ 601.103771][T23507] ? __pfx__printk+0x10/0x10 [ 601.103813][T23507] should_fail_ex+0x414/0x560 [ 601.103840][T23507] _copy_to_user+0x31/0xb0 [ 601.103859][T23507] bpf_test_finish+0x56f/0x700 [ 601.103892][T23507] ? __pfx_bpf_test_finish+0x10/0x10 [ 601.103919][T23507] ? slab_build_skb+0x273/0x3e0 [ 601.103947][T23507] bpf_prog_test_run_skb+0xed5/0x1560 [ 601.103984][T23507] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 601.104008][T23507] bpf_prog_test_run+0x2c7/0x340 [ 601.104038][T23507] __sys_bpf+0x581/0x870 [ 601.104064][T23507] ? __pfx___sys_bpf+0x10/0x10 [ 601.104100][T23507] ? ksys_write+0x22a/0x250 [ 601.104126][T23507] ? __pfx_ksys_write+0x10/0x10 [ 601.104155][T23507] ? rcu_is_watching+0x15/0xb0 [ 601.104180][T23507] __x64_sys_bpf+0x7c/0x90 [ 601.104202][T23507] do_syscall_64+0xfa/0x3b0 [ 601.104225][T23507] ? lockdep_hardirqs_on+0x9c/0x150 [ 601.104249][T23507] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.104268][T23507] ? clear_bhb_loop+0x60/0xb0 [ 601.104292][T23507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.104313][T23507] RIP: 0033:0x7f357e18ebe9 [ 601.104333][T23507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 601.104349][T23507] RSP: 002b:00007f357f0d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 601.104368][T23507] RAX: ffffffffffffffda RBX: 00007f357e3b5fa0 RCX: 00007f357e18ebe9 [ 601.104382][T23507] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a [ 601.104394][T23507] RBP: 00007f357f0d4090 R08: 0000000000000000 R09: 0000000000000000 [ 601.104405][T23507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 601.104416][T23507] R13: 00007f357e3b6038 R14: 00007f357e3b5fa0 R15: 00007ffca4861e08 [ 601.104445][T23507] [ 601.526399][T23512] netlink: 'syz.0.5604': attribute type 13 has an invalid length. [ 601.563355][T23512] netlink: 'syz.0.5604': attribute type 17 has an invalid length. [ 601.896981][T23512] 8021q: adding VLAN 0 to HW filter on device bond0 [ 601.946594][T23512] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 601.983382][T19939] lo speed is unknown, defaulting to 1000 [ 601.993627][T19939] syz1: Port: 1 Link ACTIVE [ 602.132463][T23515] lo speed is unknown, defaulting to 1000 [ 602.219096][T23515] lo speed is unknown, defaulting to 1000 [ 602.984802][ T5187] Bluetooth: hci1: link tx timeout [ 602.991658][ T5187] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa [ 603.009386][ T5187] Bluetooth: hci1: link tx timeout [ 603.015053][ T5187] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 603.062981][T23559] bridge9: entered promiscuous mode [ 603.090827][T23559] bridge9: entered allmulticast mode [ 603.382861][T23579] __nla_validate_parse: 8 callbacks suppressed [ 603.382881][T23579] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5626'. [ 603.446435][T23579] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5626'. [ 603.685485][T23588] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5629'. [ 603.732326][T23588] netlink: 'syz.1.5629': attribute type 10 has an invalid length. [ 603.796848][T23596] lo speed is unknown, defaulting to 1000 [ 603.825404][T23596] lo speed is unknown, defaulting to 1000 [ 604.271574][T23608] netlink: 312 bytes leftover after parsing attributes in process `syz.4.5635'. [ 604.513815][T23620] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5640'. [ 604.734407][T23627] netlink: 'syz.1.5642': attribute type 10 has an invalid length. [ 605.038524][ T5187] Bluetooth: hci1: command 0x0406 tx timeout [ 605.090333][T20762] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN PTI [ 605.102377][T20762] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f] [ 605.110828][T20762] CPU: 1 UID: 0 PID: 20762 Comm: kbnepd bnep0 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) [ 605.122781][T20762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 605.133050][T20762] RIP: 0010:klist_del+0x49/0x110 [ 605.138054][T20762] Code: f6 49 89 dd 49 c1 ed 03 43 80 7c 25 00 00 74 08 48 89 df e8 d9 3f b4 f6 4c 8b 33 49 83 e6 fe 49 8d 7e 58 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 05 e8 bb 3f b4 f6 4d 8b 7e 58 4c 89 f7 e8 5f 74 [ 605.157871][T20762] RSP: 0018:ffffc900137e7768 EFLAGS: 00010202 [ 605.163957][T20762] RAX: 000000000000000b RBX: ffff88804e44e060 RCX: ffff88805ca21e00 [ 605.171941][T20762] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000058 [ 605.180008][T20762] RBP: ffffc900137e7890 R08: ffff888044f7e873 R09: 1ffff110089efd0e [ 605.188084][T20762] R10: dffffc0000000000 R11: ffffed10089efd0f R12: dffffc0000000000 [ 605.196168][T20762] R13: 1ffff11009c89c0c R14: 0000000000000000 R15: ffff88805c992750 [ 605.204577][T20762] FS: 0000000000000000(0000) GS:ffff888125d21000(0000) knlGS:0000000000000000 [ 605.213632][T20762] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 605.220430][T20762] CR2: 00007f7e47925de0 CR3: 0000000044294000 CR4: 00000000003526f0 [ 605.228454][T20762] Call Trace: [ 605.231769][T20762] [ 605.234743][T20762] device_del+0x280/0x8e0 [ 605.239202][T20762] ? _raw_spin_unlock_irq+0x2e/0x50 [ 605.244450][T20762] ? pm_runtime_set_memalloc_noio+0x1f4/0x260 [ 605.250660][T20762] ? __pfx_device_del+0x10/0x10 [ 605.255566][T20762] ? netdev_unregister_kobject+0x344/0x450 [ 605.261413][T20762] unregister_netdevice_many_notify+0x1a6b/0x1ff0 [ 605.267977][T20762] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 605.274833][T20762] ? rtnl_net_dev_lock+0x257/0x2f0 [ 605.279999][T20762] unregister_netdevice_queue+0x33c/0x380 [ 605.285761][T20762] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 605.292058][T20762] ? rtnl_net_dev_lock+0x36/0x2f0 [ 605.297110][T20762] ? rtnl_net_dev_lock+0x2de/0x2f0 [ 605.302248][T20762] unregister_netdev+0x1f/0x60 [ 605.307130][T20762] bnep_session+0x294d/0x2b40 [ 605.311916][T20762] ? rcu_is_watching+0x15/0xb0 [ 605.316918][T20762] ? trace_sched_exit_tp+0x36/0x110 [ 605.322183][T20762] ? __lock_acquire+0xab9/0xd20 [ 605.327086][T20762] ? __pfx_bnep_session+0x10/0x10 [ 605.332140][T20762] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 605.338052][T20762] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 605.344391][T20762] ? __pfx_woken_wake_function+0x10/0x10 [ 605.350040][T20762] ? __kthread_parkme+0x7b/0x200 [ 605.354989][T20762] ? __kthread_parkme+0x1a1/0x200 [ 605.360032][T20762] kthread+0x70e/0x8a0 [ 605.364195][T20762] ? __pfx_bnep_session+0x10/0x10 [ 605.369247][T20762] ? __pfx_kthread+0x10/0x10 [ 605.373860][T20762] ? _raw_spin_unlock_irq+0x23/0x50 [ 605.379075][T20762] ? lockdep_hardirqs_on+0x9c/0x150 [ 605.384282][T20762] ? __pfx_kthread+0x10/0x10 [ 605.388889][T20762] ret_from_fork+0x3fc/0x770 [ 605.393505][T20762] ? __pfx_ret_from_fork+0x10/0x10 [ 605.398663][T20762] ? __switch_to_asm+0x39/0x70 [ 605.403457][T20762] ? __switch_to_asm+0x33/0x70 [ 605.408241][T20762] ? __pfx_kthread+0x10/0x10 [ 605.412860][T20762] ret_from_fork_asm+0x1a/0x30 [ 605.417652][T20762] [ 605.420698][T20762] Modules linked in: [ 605.425508][T20762] ---[ end trace 0000000000000000 ]--- [ 605.432235][T20762] RIP: 0010:klist_del+0x49/0x110 [ 605.437258][T20762] Code: f6 49 89 dd 49 c1 ed 03 43 80 7c 25 00 00 74 08 48 89 df e8 d9 3f b4 f6 4c 8b 33 49 83 e6 fe 49 8d 7e 58 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 05 e8 bb 3f b4 f6 4d 8b 7e 58 4c 89 f7 e8 5f 74 [ 605.457126][T20762] RSP: 0018:ffffc900137e7768 EFLAGS: 00010202 [ 605.463397][T20762] RAX: 000000000000000b RBX: ffff88804e44e060 RCX: ffff88805ca21e00 [ 605.471930][T20762] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000058 [ 605.480061][T20762] RBP: ffffc900137e7890 R08: ffff888044f7e873 R09: 1ffff110089efd0e [ 605.488253][T20762] R10: dffffc0000000000 R11: ffffed10089efd0f R12: dffffc0000000000 [ 605.496265][T20762] R13: 1ffff11009c89c0c R14: 0000000000000000 R15: ffff88805c992750 [ 605.504320][T20762] FS: 0000000000000000(0000) GS:ffff888125d21000(0000) knlGS:0000000000000000 [ 605.513387][T20762] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 605.520064][T20762] CR2: 00007f7e47925de0 CR3: 000000000df36000 CR4: 00000000003526f0 [ 605.528180][T20762] Kernel panic - not syncing: Fatal exception [ 605.534664][T20762] Kernel Offset: disabled [ 605.539039][T20762] Rebooting in 86400 seconds..